diff options
author | Tim Yamin <plasmaroo@gentoo.org> | 2004-10-21 18:10:11 +0000 |
---|---|---|
committer | Tim Yamin <plasmaroo@gentoo.org> | 2004-10-21 18:10:11 +0000 |
commit | af8aba0f44c27c5f61ab3f6263470ed7d9b73f3b (patch) | |
tree | dfb5326397a817dc742fffcbc2382d7cd1088964 /sys-kernel/aa-sources | |
parent | force min versions of cvs (diff) | |
download | historical-af8aba0f44c27c5f61ab3f6263470ed7d9b73f3b.tar.gz historical-af8aba0f44c27c5f61ab3f6263470ed7d9b73f3b.tar.bz2 historical-af8aba0f44c27c5f61ab3f6263470ed7d9b73f3b.zip |
Added a patch to address CAN-2004-0816; bug #68375.
Diffstat (limited to 'sys-kernel/aa-sources')
-rw-r--r-- | sys-kernel/aa-sources/ChangeLog | 6 | ||||
-rw-r--r-- | sys-kernel/aa-sources/Manifest | 5 | ||||
-rw-r--r-- | sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild | 5 | ||||
-rw-r--r-- | sys-kernel/aa-sources/files/aa-sources-2.6.5.CAN-2004-0816.patch | 43 |
4 files changed, 54 insertions, 5 deletions
diff --git a/sys-kernel/aa-sources/ChangeLog b/sys-kernel/aa-sources/ChangeLog index d967c9cac14f..a4de129c71b8 100644 --- a/sys-kernel/aa-sources/ChangeLog +++ b/sys-kernel/aa-sources/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for sys-kernel/aa-sources # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/ChangeLog,v 1.51 2004/10/02 19:54:15 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/ChangeLog,v 1.52 2004/10/21 18:10:10 plasmaroo Exp $ + + 21 Oct 2004; <plasmaroo@gentoo.org> aa-sources-2.6.5-r5.ebuild, + +files/aa-sources-2.6.5.CAN-2004-0816.patch: + Added a patch to address CAN-2004-0816; bug #68375. 02 Oct 2004; <plasmaroo@gentoo.org>: Push an updated CAN-2004-0415 patch to the mirrors, bug #65482. diff --git a/sys-kernel/aa-sources/Manifest b/sys-kernel/aa-sources/Manifest index 39b836c7088a..f544e55b8b9d 100644 --- a/sys-kernel/aa-sources/Manifest +++ b/sys-kernel/aa-sources/Manifest @@ -1,6 +1,6 @@ -MD5 fa2361c43faacfaa66b0db4ec0d82758 ChangeLog 8467 +MD5 b2ece2c731fadb0884cf77357b008030 ChangeLog 8635 MD5 399eb7607b8f1f3f597e93566b1bda7c metadata.xml 453 -MD5 2db2b7ccb1ed17b5c0095f3d38ab8f75 aa-sources-2.6.5-r5.ebuild 1232 +MD5 f12484a011b847811a4043f950691aba aa-sources-2.6.5-r5.ebuild 1270 MD5 bc631b940195181e5d3217d8874edd49 aa-sources-2.4.23-r2.ebuild 4063 MD5 60d25ff310fc6abfdce39ec9e47345af files/aa-sources-2.4.23.CAN-2004-0685.patch 2809 MD5 eaeda68a619caaddd5b8fdc5e7c39932 files/aa-sources-2.4.23.CAN-2004-0177.patch 384 @@ -33,5 +33,6 @@ MD5 21f3a4f186017d925067335e24db36a1 files/aa-sources-2.4.23.CAN-2004-0109.patch MD5 eb70acb35ba13daa4b1fda53cb61fc01 files/aa-sources-2.6.5.CAN-2004-0495-0496.patch 23861 MD5 ac42024b6e6ee1e2165914db4b22a61c files/aa-sources-2.4.23.CAN-2004-0178.patch 424 MD5 fcfb3fc100621b77d191f86b66dd810a files/aa-sources-2.4.22-ide-scsi-missing-sym-fix.patch 465 +MD5 aa595005721b58929ee55e2e8f4b6ba0 files/aa-sources-2.6.5.CAN-2004-0816.patch 1693 MD5 c460ea130cb4ae84a5063ba044e3ce72 files/aa-sources-2.4.23.CAN-2004-0427.patch 460 MD5 e637c6fa41097ea2c4693d0766f2e1c5 files/do_brk_fix.patch 242 diff --git a/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild b/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild index a6b5ca31043c..ec26aa038d6d 100644 --- a/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild +++ b/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild,v 1.12 2004/08/09 22:45:11 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild,v 1.13 2004/10/21 18:10:10 plasmaroo Exp $ ETYPE="sources" K_NOUSENAME="yes" @@ -22,7 +22,8 @@ UNIPATCH_LIST=" ${FILESDIR}/${P}.ProcPerms.patch ${FILESDIR}/${P}.CAN-2004-0596.patch ${FILESDIR}/${P}.CAN-2004-0495-0496.patch - ${FILESDIR}/${P}.cmdlineLeak.patch" + ${FILESDIR}/${P}.cmdlineLeak.patch + ${FILESDIR}/${P}.CAN-2004-0816.patch" K_PREPATCHED="yes" UNIPATCH_STRICTORDER="yes" diff --git a/sys-kernel/aa-sources/files/aa-sources-2.6.5.CAN-2004-0816.patch b/sys-kernel/aa-sources/files/aa-sources-2.6.5.CAN-2004-0816.patch new file mode 100644 index 000000000000..13a9ea2f5aa4 --- /dev/null +++ b/sys-kernel/aa-sources/files/aa-sources-2.6.5.CAN-2004-0816.patch @@ -0,0 +1,43 @@ +Subject: Prevent ICMP crash in netfilter logging +From: Olaf Kirch <okir@suse.de> +References: 46016 + +This patch fixes a remotely triggerable crash in the netfilter code +when looking at ICMP unreachables. It dies when trying to copy +BIGNUM bytes... + +Index: linux-2.6.5/net/ipv4/netfilter/ipt_LOG.c +=================================================================== +--- linux-2.6.5.orig/net/ipv4/netfilter/ipt_LOG.c 2004-02-19 11:36:37.000000000 +0100 ++++ linux-2.6.5/net/ipv4/netfilter/ipt_LOG.c 2004-09-24 15:48:54.000000000 +0200 +@@ -71,7 +71,7 @@ + printk("FRAG:%u ", ntohs(iph.frag_off) & IP_OFFSET); + + if ((info->logflags & IPT_LOG_IPOPT) +- && iph.ihl * 4 != sizeof(struct iphdr)) { ++ && iph.ihl * 4 > sizeof(struct iphdr)) { + unsigned char opt[4 * 15 - sizeof(struct iphdr)]; + unsigned int i, optsize; + +@@ -138,7 +138,7 @@ + printk("URGP=%u ", ntohs(tcph.urg_ptr)); + + if ((info->logflags & IPT_LOG_TCPOPT) +- && tcph.doff * 4 != sizeof(struct tcphdr)) { ++ && tcph.doff * 4 > sizeof(struct tcphdr)) { + unsigned char opt[4 * 15 - sizeof(struct tcphdr)]; + unsigned int i, optsize; + +Index: linux-2.6.5/net/ipv6/netfilter/ip6t_LOG.c +=================================================================== +--- linux-2.6.5.orig/net/ipv6/netfilter/ip6t_LOG.c 2004-09-24 15:47:00.000000000 +0200 ++++ linux-2.6.5/net/ipv6/netfilter/ip6t_LOG.c 2004-09-24 15:48:35.000000000 +0200 +@@ -188,7 +188,7 @@ + printk("URGP=%u ", ntohs(tcph->urg_ptr)); + + if ((info->logflags & IP6T_LOG_TCPOPT) +- && tcph->doff * 4 != sizeof(struct tcphdr)) { ++ && tcph->doff * 4 > sizeof(struct tcphdr)) { + unsigned int i; + + /* Max length: 127 "OPT (" 15*4*2chars ") " */ |