From 946e249bacf39254198225bd283f062adc6032d7 Mon Sep 17 00:00:00 2001 From: Tim Yamin Date: Sun, 19 Dec 2004 20:27:50 +0000 Subject: Adding SELinux fixes for the AF_UNIX patch; bug #72317. Also fixing security bug #73000. --- sys-kernel/win4lin-sources/ChangeLog | 11 +++- .../files/digest-win4lin-sources-2.6.9-r3 | 3 -- .../files/digest-win4lin-sources-2.6.9-r4 | 3 ++ .../win4lin-sources-2.6.9.AF_UNIX.SELinux.patch | 61 ++++++++++++++++++++++ .../win4lin-sources-2.6.9.CAN-2004-1151.patch | 35 +++++++++++++ .../win4lin-sources-2.6.9-r3.ebuild | 34 ------------ .../win4lin-sources-2.6.9-r4.ebuild | 36 +++++++++++++ 7 files changed, 145 insertions(+), 38 deletions(-) delete mode 100644 sys-kernel/win4lin-sources/files/digest-win4lin-sources-2.6.9-r3 create mode 100644 sys-kernel/win4lin-sources/files/digest-win4lin-sources-2.6.9-r4 create mode 100644 sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.AF_UNIX.SELinux.patch create mode 100644 sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1151.patch delete mode 100644 sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r3.ebuild create mode 100644 sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r4.ebuild (limited to 'sys-kernel') diff --git a/sys-kernel/win4lin-sources/ChangeLog b/sys-kernel/win4lin-sources/ChangeLog index 4b0b048b05f0..b2e78ccc17ed 100644 --- a/sys-kernel/win4lin-sources/ChangeLog +++ b/sys-kernel/win4lin-sources/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for sys-kernel/win4lin-sources # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/win4lin-sources/ChangeLog,v 1.45 2004/12/04 00:19:09 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/win4lin-sources/ChangeLog,v 1.46 2004/12/19 20:27:50 plasmaroo Exp $ + +*win4lin-sources-2.6.9-r4 (19 Dec 2004) + + 19 Dec 2004; -win4lin-sources-2.6.9-r3.ebuild, + +win4lin-sources-2.6.9-r4.ebuild, + +files/win4lin-sources-2.6.9.AF_UNIX.SELinux.patch, + +files/win4lin-sources-2.6.9.CAN-2004-1151.patch: + Adding SELinux fixes for the AF_UNIX patch; bug #72317. Also fixing security + bug #73000. *win4lin-sources-2.6.9-r3 (04 Dec 2004) diff --git a/sys-kernel/win4lin-sources/files/digest-win4lin-sources-2.6.9-r3 b/sys-kernel/win4lin-sources/files/digest-win4lin-sources-2.6.9-r3 deleted file mode 100644 index 12075686996a..000000000000 --- a/sys-kernel/win4lin-sources/files/digest-win4lin-sources-2.6.9-r3 +++ /dev/null @@ -1,3 +0,0 @@ -MD5 e921200f074ca97184e150ef5a4af825 linux-2.6.9.tar.bz2 36261440 -MD5 e7710f224fc986d041c5b5dd50e619ac mki-adapter26_1_3_8.patch 127088 -MD5 f5494c6878eb693f1fa61c2022574777 Kernel-Win4Lin3-2.6.9.patch 25139 diff --git a/sys-kernel/win4lin-sources/files/digest-win4lin-sources-2.6.9-r4 b/sys-kernel/win4lin-sources/files/digest-win4lin-sources-2.6.9-r4 new file mode 100644 index 000000000000..12075686996a --- /dev/null +++ b/sys-kernel/win4lin-sources/files/digest-win4lin-sources-2.6.9-r4 @@ -0,0 +1,3 @@ +MD5 e921200f074ca97184e150ef5a4af825 linux-2.6.9.tar.bz2 36261440 +MD5 e7710f224fc986d041c5b5dd50e619ac mki-adapter26_1_3_8.patch 127088 +MD5 f5494c6878eb693f1fa61c2022574777 Kernel-Win4Lin3-2.6.9.patch 25139 diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.AF_UNIX.SELinux.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.AF_UNIX.SELinux.patch new file mode 100644 index 000000000000..dbb8b2329a28 --- /dev/null +++ b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.AF_UNIX.SELinux.patch @@ -0,0 +1,61 @@ +--- a/net/unix/af_unix.c 2004-10-18 22:54:37.000000000 +0100 ++++ b/net/unix/af_unix.c 2004-12-19 18:33:12.000000000 +0000 +@@ -477,6 +477,8 @@ + struct msghdr *, size_t, int); + static int unix_dgram_connect(struct socket *, struct sockaddr *, + int, int); ++static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *, ++ struct msghdr *, size_t); + + static struct proto_ops unix_stream_ops = { + .family = PF_UNIX, +@@ -535,7 +537,7 @@ + .shutdown = unix_shutdown, + .setsockopt = sock_no_setsockopt, + .getsockopt = sock_no_getsockopt, +- .sendmsg = unix_dgram_sendmsg, ++ .sendmsg = unix_seqpacket_sendmsg, + .recvmsg = unix_dgram_recvmsg, + .mmap = sock_no_mmap, + .sendpage = sock_no_sendpage, +@@ -1365,9 +1367,11 @@ + if (other->sk_shutdown & RCV_SHUTDOWN) + goto out_unlock; + +- err = security_unix_may_send(sk->sk_socket, other->sk_socket); +- if (err) +- goto out_unlock; ++ if (sk->sk_type != SOCK_SEQPACKET) { ++ err = security_unix_may_send(sk->sk_socket, other->sk_socket); ++ if (err) ++ goto out_unlock; ++ } + + if (unix_peer(other) != sk && + (skb_queue_len(&other->sk_receive_queue) > +@@ -1517,6 +1521,25 @@ + return sent ? : err; + } + ++static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock, ++ struct msghdr *msg, size_t len) ++{ ++ int err; ++ struct sock *sk = sock->sk; ++ ++ err = sock_error(sk); ++ if (err) ++ return err; ++ ++ if (sk->sk_state != TCP_ESTABLISHED) ++ return -ENOTCONN; ++ ++ if (msg->msg_namelen) ++ msg->msg_namelen = 0; ++ ++ return unix_dgram_sendmsg(kiocb, sock, msg, len); ++} ++ + static void unix_copy_addr(struct msghdr *msg, struct sock *sk) + { + struct unix_sock *u = unix_sk(sk); diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1151.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1151.patch new file mode 100644 index 000000000000..fc4289e4f444 --- /dev/null +++ b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1151.patch @@ -0,0 +1,35 @@ +--- 1.74/arch/x86_64/ia32/sys_ia32.c 2004-12-19 10:58:02 -08:00 ++++ 1.75/arch/x86_64/ia32/sys_ia32.c 2004-12-19 10:58:02 -08:00 +@@ -525,11 +525,12 @@ + int sys32_ni_syscall(int call) + { + struct task_struct *me = current; +- static char lastcomm[8]; +- if (strcmp(lastcomm, me->comm)) { +- printk(KERN_INFO "IA32 syscall %d from %s not implemented\n", call, +- current->comm); +- strcpy(lastcomm, me->comm); ++ static char lastcomm[sizeof(me->comm)]; ++ ++ if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) { ++ printk(KERN_INFO "IA32 syscall %d from %s not implemented\n", ++ call, me->comm); ++ strncpy(lastcomm, me->comm, sizeof(lastcomm)); + } + return -ENOSYS; + } +@@ -1125,11 +1126,11 @@ + long sys32_vm86_warning(void) + { + struct task_struct *me = current; +- static char lastcomm[8]; +- if (strcmp(lastcomm, me->comm)) { ++ static char lastcomm[sizeof(me->comm)]; ++ if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) { + printk(KERN_INFO "%s: vm86 mode not supported on 64 bit kernel\n", + me->comm); +- strcpy(lastcomm, me->comm); ++ strncpy(lastcomm, me->comm, sizeof(lastcomm)); + } + return -ENOSYS; + } diff --git a/sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r3.ebuild b/sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r3.ebuild deleted file mode 100644 index 2dc82c7692e5..000000000000 --- a/sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r3.ebuild +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright 1999-2004 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r3.ebuild,v 1.1 2004/12/04 00:19:09 plasmaroo Exp $ - -ETYPE="sources" -inherit kernel-2 -detect_version - -MKI_VERSION='1_3_8' -UNIPATCH_LIST=" - ${DISTDIR}/Kernel-Win4Lin3-${OKV}.patch - ${DISTDIR}/mki-adapter26_${MKI_VERSION}.patch:1 - ${FILESDIR}/${P}.binfmt_elf.patch - ${FILESDIR}/${P}.binfmt_a.out.patch - ${FILESDIR}/${P}.smbfs.patch - ${FILESDIR}/${P}.AF_UNIX.patch - ${FILESDIR}/${P}.vma.patch" - -S=${WORKDIR}/linux-${KV} - -DESCRIPTION="Full sources for the 2.6 of the Linux kernel with the Win4Lin patches" -SRC_URI="mirror://kernel/linux/kernel/v2.6/linux-${OKV}.tar.bz2 - ftp://ftp.netraverse.com/pub/testing/kernel/patches/mki-adapter26_${MKI_VERSION}.patch - ftp://ftp.netraverse.com/pub/testing/kernel/patches/Kernel-Win4Lin3-${OKV}.patch" - -# Best to keep "~x86" until Win4Lin-5.1.10 is in the tree and stable; -# bug #55587. -KEYWORDS="~x86 -*" -SLOT="${KV}" - -K_EXTRAEINFO="If there are issues with this kernel, search http://bugs.gentoo.org/ for an -existing bug. Only create a new bug if you have not found one that matches -your issue. It is best to do an advanced search as the initial search has a -very low yield. Please assign your bugs to x86-kernel@gentoo.org." diff --git a/sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r4.ebuild b/sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r4.ebuild new file mode 100644 index 000000000000..a552cde4b666 --- /dev/null +++ b/sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r4.ebuild @@ -0,0 +1,36 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r4.ebuild,v 1.1 2004/12/19 20:27:50 plasmaroo Exp $ + +ETYPE="sources" +inherit kernel-2 +detect_version + +MKI_VERSION='1_3_8' +UNIPATCH_LIST=" + ${DISTDIR}/Kernel-Win4Lin3-${OKV}.patch + ${DISTDIR}/mki-adapter26_${MKI_VERSION}.patch:1 + ${FILESDIR}/${P}.binfmt_elf.patch + ${FILESDIR}/${P}.binfmt_a.out.patch + ${FILESDIR}/${P}.smbfs.patch + ${FILESDIR}/${P}.AF_UNIX.patch + ${FILESDIR}/${P}.AF_UNIX.SELinux.patch + ${FILESDIR}/${P}.CAN-2004-1151.patch + ${FILESDIR}/${P}.vma.patch" + +S=${WORKDIR}/linux-${KV} + +DESCRIPTION="Full sources for the 2.6 of the Linux kernel with the Win4Lin patches" +SRC_URI="mirror://kernel/linux/kernel/v2.6/linux-${OKV}.tar.bz2 + ftp://ftp.netraverse.com/pub/testing/kernel/patches/mki-adapter26_${MKI_VERSION}.patch + ftp://ftp.netraverse.com/pub/testing/kernel/patches/Kernel-Win4Lin3-${OKV}.patch" + +# Best to keep "~x86" until Win4Lin-5.1.10 is in the tree and stable; +# bug #55587. +KEYWORDS="~x86 -*" +SLOT="${KV}" + +K_EXTRAEINFO="If there are issues with this kernel, search http://bugs.gentoo.org/ for an +existing bug. Only create a new bug if you have not found one that matches +your issue. It is best to do an advanced search as the initial search has a +very low yield. Please assign your bugs to x86-kernel@gentoo.org." -- cgit v1.2.3-65-gdbad