diff options
author | Tim Yamin <plasmaroo@gentoo.org> | 2004-08-09 22:45:11 +0000 |
---|---|---|
committer | Tim Yamin <plasmaroo@gentoo.org> | 2004-08-09 22:45:11 +0000 |
commit | 3079310236f32e99cf7a82cd388a9bd7f60d30e3 (patch) | |
tree | 7b62d9c6731304609a370b85bcd1594be955fa7e /sys-kernel | |
parent | Removing hostap package finally. hostap-driver supercedes it. (diff) | |
download | historical-3079310236f32e99cf7a82cd388a9bd7f60d30e3.tar.gz historical-3079310236f32e99cf7a82cd388a9bd7f60d30e3.tar.bz2 historical-3079310236f32e99cf7a82cd388a9bd7f60d30e3.zip |
Added a patch for the /proc/cmdline leak vulnerability; bug #59905.
Diffstat (limited to 'sys-kernel')
-rw-r--r-- | sys-kernel/aa-sources/ChangeLog | 7 | ||||
-rw-r--r-- | sys-kernel/aa-sources/Manifest | 8 | ||||
-rw-r--r-- | sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild | 3 | ||||
-rw-r--r-- | sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild | 5 | ||||
-rw-r--r-- | sys-kernel/aa-sources/files/aa-sources-2.4.23.cmdlineLeak.patch | 11 | ||||
-rw-r--r-- | sys-kernel/aa-sources/files/aa-sources-2.6.5.cmdlineLeak.patch | 24 |
6 files changed, 51 insertions, 7 deletions
diff --git a/sys-kernel/aa-sources/ChangeLog b/sys-kernel/aa-sources/ChangeLog index 297816f9382d..ef63991f080f 100644 --- a/sys-kernel/aa-sources/ChangeLog +++ b/sys-kernel/aa-sources/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for sys-kernel/aa-sources # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/ChangeLog,v 1.49 2004/08/08 15:43:53 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/ChangeLog,v 1.50 2004/08/09 22:45:11 plasmaroo Exp $ + + 09 Aug 2004; <plasmaroo@gentoo.org> aa-sources-2.4.23-r2.ebuild, + aa-sources-2.6.5-r5.ebuild, +files/aa-sources-2.4.23.cmdlineLeak.patch, + +files/aa-sources-2.6.5.cmdlineLeak.patch: + Added a patch for the /proc/cmdline leak vulnerability; bug #59905. 08 Aug 2004; <plasmaroo@gentoo.org> aa-sources-2.4.23-r2.ebuild, +files/aa-sources-2.4.23.CAN-2004-0685.patch: diff --git a/sys-kernel/aa-sources/Manifest b/sys-kernel/aa-sources/Manifest index b8883a604e2d..6d838828770b 100644 --- a/sys-kernel/aa-sources/Manifest +++ b/sys-kernel/aa-sources/Manifest @@ -1,13 +1,14 @@ -MD5 42aee3b292ee2fa07d99d81271615f61 ChangeLog 8104 +MD5 1ee344382cf5a838616a57d6387d761c ChangeLog 8361 MD5 399eb7607b8f1f3f597e93566b1bda7c metadata.xml 453 -MD5 97b045915bcc72a8fb0b16dc00b99073 aa-sources-2.6.5-r5.ebuild 1196 -MD5 4712f72b9facb54e790d307cd8cab1bd aa-sources-2.4.23-r2.ebuild 3970 +MD5 2db2b7ccb1ed17b5c0095f3d38ab8f75 aa-sources-2.6.5-r5.ebuild 1232 +MD5 bc631b940195181e5d3217d8874edd49 aa-sources-2.4.23-r2.ebuild 4063 MD5 60d25ff310fc6abfdce39ec9e47345af files/aa-sources-2.4.23.CAN-2004-0685.patch 2809 MD5 eaeda68a619caaddd5b8fdc5e7c39932 files/aa-sources-2.4.23.CAN-2004-0177.patch 384 MD5 c9da1bc82b906f6abc648c056e7bf662 files/aa-sources-2.4.23.FPULockup-53804.patch 354 MD5 de75cfa969ed092578d9ddda6c5be334 files/aa-sources-2.4.23.CAN-2004-0181.patch 1233 MD5 f73a63eb74340aedfd3d818f22aed72c files/digest-aa-sources-2.4.23-r2 207 MD5 39361f8d16b1fe5891aab62e92f8cd30 files/aa-sources-2.6.5.IPTables-RDoS.patch 390 +MD5 d1ccc2047be533c992f67270a150a210 files/aa-sources-2.4.23.cmdlineLeak.patch 388 MD5 6f4bba5dda7a99d77b1564f5489fef6e files/aa-sources-2.6.5.CAN-2004-0075.patch 1129 MD5 e2e2b545b6fcdcecf49e33798efa5b84 files/aa-sources-2.4.23.rtc_fix.patch 7073 MD5 e77a93fdf26f06cf3ea5080b27211725 files/aa-sources-2.4.23.CAN-2003-0985.patch 414 @@ -19,6 +20,7 @@ MD5 147fec50180ad91b6260fc7201dcb90f files/aa-sources-2.4.23.CAN-2004-0010.patch MD5 0f66013f643c79c97fda489618a4e2fd files/aa-sources-2.4.23.CAN-2004-0535.patch 476 MD5 a92712e41465c49670ef7a54c2d16040 files/aa-sources-2.6.5.CAN-2004-0229.patch 471 MD5 95708646470a95668e8789cd415844ed files/aa-sources.CAN-2004-0497.patch 846 +MD5 222e890035f4ad3152f0c2a625a9ea67 files/aa-sources-2.6.5.cmdlineLeak.patch 693 MD5 b738cb0120a32aa92cfcfdbd564dd21f files/aa-sources-2.6.5.ProcPerms.patch 1368 MD5 174438d215b70cad5ffb00ca8123c062 files/aa-sources-2.4.23.munmap.patch 837 MD5 d4a740ae56c2049247083af387a22a85 files/aa-sources-2.4.23.CAN-2004-0394.patch 350 diff --git a/sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild b/sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild index 606277fedbaf..d7f1fd89d034 100644 --- a/sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild +++ b/sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild,v 1.14 2004/08/08 15:14:54 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild,v 1.15 2004/08/09 22:45:11 plasmaroo Exp $ IUSE="" @@ -78,6 +78,7 @@ src_unpack() { epatch ${FILESDIR}/${P}.CAN-2004-0685.patch || die "Failed to add the CAN-2004-0535 patch!" epatch ${FILESDIR}/${P}.rtc_fix.patch || die "Failed to apply RTC patch!" epatch ${FILESDIR}/${P}.FPULockup-53804.patch || die "Failed to apply FPU-lockup patch!" + epatch ${FILESDIR}/${P}.cmdlineLeak.patch || die "Failed to apply the /proc/cmdline patch!" # The munmap() patch is already in aa2... kernel_universal_unpack diff --git a/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild b/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild index e9d27fe2486a..a6b5ca31043c 100644 --- a/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild +++ b/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild,v 1.11 2004/08/05 01:12:15 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild,v 1.12 2004/08/09 22:45:11 plasmaroo Exp $ ETYPE="sources" K_NOUSENAME="yes" @@ -21,7 +21,8 @@ UNIPATCH_LIST=" ${FILESDIR}/${P}.IPTables-RDoS.patch ${FILESDIR}/${P}.ProcPerms.patch ${FILESDIR}/${P}.CAN-2004-0596.patch - ${FILESDIR}/${P}.CAN-2004-0495-0496.patch" + ${FILESDIR}/${P}.CAN-2004-0495-0496.patch + ${FILESDIR}/${P}.cmdlineLeak.patch" K_PREPATCHED="yes" UNIPATCH_STRICTORDER="yes" diff --git a/sys-kernel/aa-sources/files/aa-sources-2.4.23.cmdlineLeak.patch b/sys-kernel/aa-sources/files/aa-sources-2.4.23.cmdlineLeak.patch new file mode 100644 index 000000000000..5f26f7f388f6 --- /dev/null +++ b/sys-kernel/aa-sources/files/aa-sources-2.4.23.cmdlineLeak.patch @@ -0,0 +1,11 @@ +--- linux-2.4/fs/proc/base.c 2004-04-15 07:09:32.000000000 +0100 ++++ linux-2.4/fs/proc/base.c.plasmaroo 2004-08-09 23:30:43.869195800 +0100 +@@ -187,7 +187,7 @@ static int proc_pid_cmdline(struct task_ + if (mm) + atomic_inc(&mm->mm_users); + task_unlock(task); +- if (mm) { ++ if (mm && mm->arg_end) { + int len = mm->arg_end - mm->arg_start; + if (len > PAGE_SIZE) + len = PAGE_SIZE; diff --git a/sys-kernel/aa-sources/files/aa-sources-2.6.5.cmdlineLeak.patch b/sys-kernel/aa-sources/files/aa-sources-2.6.5.cmdlineLeak.patch new file mode 100644 index 000000000000..bb80884c394e --- /dev/null +++ b/sys-kernel/aa-sources/files/aa-sources-2.6.5.cmdlineLeak.patch @@ -0,0 +1,24 @@ + +From: Roger Luethi <rl@hellgate.ch> + +If you win the race with a starting process, you can read its environment. + +Signed-off-by: Andrew Morton <akpm@osdl.org> +--- + + 25-akpm/fs/proc/base.c | 2 ++ + 1 files changed, 2 insertions(+) + +diff -puN fs/proc/base.c~proc_pid_cmdline-race-fix fs/proc/base.c +--- 25/fs/proc/base.c~proc_pid_cmdline-race-fix 2004-08-05 11:28:21.915442360 -0700 ++++ 25-akpm/fs/proc/base.c 2004-08-05 11:28:21.919441752 -0700 +@@ -340,6 +340,8 @@ static int proc_pid_cmdline(struct task_ + struct mm_struct *mm = get_task_mm(task); + if (!mm) + goto out; ++ if (!mm->arg_end) ++ goto out; /* Shh! No looking before we're done */ + + len = mm->arg_end - mm->arg_start; + +_ |