Apply fix for CAN-2004-0109, ISO vuln.

author: Brandon Hale <tseng@gentoo.org> 2004-04-15 14:31:13 +0000
committer: Brandon Hale <tseng@gentoo.org> 2004-04-15 14:31:13 +0000
commit: c5a361349f4773be0a2924f7c99c7cdb51c395ad (patch)
tree: 9303afa630e0662f27be4b7608b47611d5c80f24 /sys-kernel
parent: New release, bug fixes, and cleanups. (diff)
download: historical-c5a361349f4773be0a2924f7c99c7cdb51c395ad.tar.gz
historical-c5a361349f4773be0a2924f7c99c7cdb51c395ad.tar.bz2
historical-c5a361349f4773be0a2924f7c99c7cdb51c395ad.zip
5 files changed, 128 insertions, 5 deletions
diff --git a/sys-kernel/hardened-dev-sources/ChangeLog b/sys-kernel/hardened-dev-sources/ChangeLog
index ddbde4a2ae06..2271331fc474 100644
--- a/sys-kernel/hardened-dev-sources/ChangeLog
+++ b/sys-kernel/hardened-dev-sources/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-kernel/hardened-dev-sources
 # Copyright 2000-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-dev-sources/ChangeLog,v 1.8 2004/04/14 07:14:07 aliz Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-dev-sources/ChangeLog,v 1.9 2004/04/15 14:31:12 tseng Exp $
+
+*hardened-dev-sources-2.6.4-r4 (15 Apr 2004)
+
+  15 Apr 2004; Brandon Hale <tseng@gentoo.org>
+  +files/hardened-dev-sources-2.6.5.CAN-2004-0109.patch,
+  +hardened-dev-sources-2.6.4-r4.ebuild:
+  Apply fix for CAN-2004-0109, ISO vuln.
 
   14 Apr 2004; Daniel Ahlberg <aliz@gentoo.org>
   hardened-dev-sources-2.6.4.ebuild:
diff --git a/sys-kernel/hardened-dev-sources/Manifest b/sys-kernel/hardened-dev-sources/Manifest
index 15a0814ae2c6..104883d6009d 100644
--- a/sys-kernel/hardened-dev-sources/Manifest
+++ b/sys-kernel/hardened-dev-sources/Manifest
@@ -1,10 +1,13 @@
-MD5 d02e916db759fb440fc0b22b05b3687a hardened-dev-sources-2.6.4.ebuild 2078
-MD5 9086a491c85a16614e67c99e02f66b1e hardened-dev-sources-2.6.4-r1.ebuild 811
+MD5 cca6149a8af600ab8cbcba8404729d93 ChangeLog 1673
 MD5 dadc88ae55a3c7f03209834ce0710e57 hardened-dev-sources-2.6.4-r3.ebuild 811
+MD5 d02e916db759fb440fc0b22b05b3687a hardened-dev-sources-2.6.4.ebuild 2078
 MD5 6bdd2fd666c7cca955818c4bd165ca0a hardened-dev-sources-2.6.4-r2.ebuild 817
-MD5 56168c1daa09283f9d5e0c0f96856379 ChangeLog 1439
 MD5 de5b07a3f71eb09cdf9e729748a84eb0 metadata.xml 391
+MD5 404d5d5b3cf5c13aa571b9c2be3b73de hardened-dev-sources-2.6.4-r4.ebuild 871
+MD5 9086a491c85a16614e67c99e02f66b1e hardened-dev-sources-2.6.4-r1.ebuild 811
+MD5 c962459db4e7e6aedd9b2d00e1376d2a files/digest-hardened-dev-sources-2.6.4-r3 143
 MD5 822686917ab044df33569163f077d42d files/digest-hardened-dev-sources-2.6.4 601
 MD5 f242943dab84b035b7d398b17dadd6fa files/digest-hardened-dev-sources-2.6.4-r1 143
 MD5 70b9cabdb112ec7252131893a7a011f5 files/digest-hardened-dev-sources-2.6.4-r2 143
-MD5 c962459db4e7e6aedd9b2d00e1376d2a files/digest-hardened-dev-sources-2.6.4-r3 143
+MD5 c962459db4e7e6aedd9b2d00e1376d2a files/digest-hardened-dev-sources-2.6.4-r4 143
+MD5 31ec7b4310dd7be3e34aab0204f9b1e8 files/hardened-dev-sources-2.6.5.CAN-2004-0109.patch 2072
diff --git a/sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.4-r4 b/sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.4-r4
new file mode 100644
index 000000000000..3280e1b7477b
--- /dev/null
+++ b/sys-kernel/hardened-dev-sources/files/digest-hardened-dev-sources-2.6.4-r4
@@ -0,0 +1,2 @@
+MD5 335f06eba1e5372ba38a0d2b253629bd linux-2.6.4.tar.bz2 34386912
+MD5 01081881da272023077bbd07a425a538 hardened-patches-2.6-4.4.tar.bz2 126398
diff --git a/sys-kernel/hardened-dev-sources/files/hardened-dev-sources-2.6.5.CAN-2004-0109.patch b/sys-kernel/hardened-dev-sources/files/hardened-dev-sources-2.6.5.CAN-2004-0109.patch
new file mode 100644
index 000000000000..d7726c2e5aaf
--- /dev/null
+++ b/sys-kernel/hardened-dev-sources/files/hardened-dev-sources-2.6.5.CAN-2004-0109.patch
@@ -0,0 +1,88 @@
+--- linux/fs/isofs/rock.c.orig
++++ linux/fs/isofs/rock.c
+@@ -14,6 +14,7 @@
+ #include <linux/slab.h>
+ #include <linux/pagemap.h>
+ #include <linux/smp_lock.h>
+ #include <linux/buffer_head.h>
++#include <asm/page.h>
+ 
+ #include "rock.h"
+@@ -419,7 +420,7 @@ int parse_rock_ridge_inode_internal(stru
+   return 0;
+ }
+ 
+-static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr)
++static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit)
+ {
+ 	int slen;
+ 	int rootflag;
+@@ -431,16 +432,25 @@ static char *get_symlink_chunk(char *rpn
+ 		rootflag = 0;
+ 		switch (slp->flags & ~1) {
+ 		case 0:
++			if (slp->len > plimit - rpnt)
++				return NULL;
+ 			memcpy(rpnt, slp->text, slp->len);
+ 			rpnt+=slp->len;
+ 			break;
++		case 2:
++			if (rpnt >= plimit)
++				return NULL;
++			*rpnt++='.';
++			break;
+ 		case 4:
++			if (2 > plimit - rpnt)
++				return NULL;
+ 			*rpnt++='.';
+-			/* fallthru */
+-		case 2:
+ 			*rpnt++='.';
+ 			break;
+ 		case 8:
++			if (rpnt >= plimit)
++				return NULL;
+ 			rootflag = 1;
+ 			*rpnt++='/';
+ 			break;
+@@ -457,17 +467,23 @@ static char *get_symlink_chunk(char *rpn
+ 			 * If there is another SL record, and this component
+ 			 * record isn't continued, then add a slash.
+ 			 */
+-			if ((!rootflag) && (rr->u.SL.flags & 1) && !(oldslp->flags & 1))
++			if ((!rootflag) && (rr->u.SL.flags & 1) &&
++			    !(oldslp->flags & 1)) {
++				if (rpnt >= plimit)
++					return NULL;
+ 				*rpnt++='/';
++			}
+ 			break;
+ 		}
+ 
+ 		/*
+ 		 * If this component record isn't continued, then append a '/'.
+ 		 */
+-		if (!rootflag && !(oldslp->flags & 1))
++		if (!rootflag && !(oldslp->flags & 1)) {
++			if (rpnt >= plimit)
++				return NULL;
+ 			*rpnt++='/';
+-
++		}
+ 	}
+ return rpnt;
+ }
+@@ -548,7 +564,10 @@ static int rock_ridge_symlink_readpage(s
+ 			CHECK_SP(goto out);
+ 			break;
+ 		case SIG('S', 'L'):
+-			rpnt = get_symlink_chunk(rpnt, rr);
++			rpnt = get_symlink_chunk(rpnt, rr,
++						 link + (PAGE_SIZE - 1));
++			if (rpnt == NULL)
++				goto out;
+ 			break;
+ 		case SIG('C', 'E'):
+ 			/* This tells is if there is a continuation record */
+
+
diff --git a/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.4-r4.ebuild b/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.4-r4.ebuild
new file mode 100644
index 000000000000..f93d0b503115
--- /dev/null
+++ b/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.4-r4.ebuild
@@ -0,0 +1,23 @@
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-dev-sources/hardened-dev-sources-2.6.4-r4.ebuild,v 1.1 2004/04/15 14:31:12 tseng Exp $
+
+ETYPE="sources"
+inherit kernel-2
+detect_version
+
+#version of hardened gentoo patchset
+HGPV=4.4
+HGPV_SRC="mirror://gentoo/hardened-patches-${KV_MAJOR}.${KV_MINOR}-${HGPV}.tar.bz2"
+
+UNIPATCH_LIST="${DISTDIR}/hardened-patches-${KV_MAJOR}.${KV_MINOR}-${HGPV}.tar.bz2 	${FILESDIR}/hardened-dev-sources-2.6.5.CAN-2004-0109.patch"
+UNIPATCH_DOCS="${WORKDIR}/patches/hardened-patches-${KV_MAJOR}.${KV_MINOR}-${HGPV}/0000_README"
+
+DESCRIPTION="Hardened sources for the ${KV_MAJOR}.${KV_MINOR} kernel tree"
+
+SRC_URI="${KERNEL_URI} ${HGPV_SRC}"
+KEYWORDS="~x86 ~ppc ~sparc ~alpha -hppa"
+
+pkg_postinst() {
+	postinst_sources
+}
author	Brandon Hale <tseng@gentoo.org>	2004-04-15 14:31:13 +0000
committer	Brandon Hale <tseng@gentoo.org>	2004-04-15 14:31:13 +0000
commit	c5a361349f4773be0a2924f7c99c7cdb51c395ad (patch)
tree	9303afa630e0662f27be4b7608b47611d5c80f24 /sys-kernel
parent	New release, bug fixes, and cleanups. (diff)
download	historical-c5a361349f4773be0a2924f7c99c7cdb51c395ad.tar.gz historical-c5a361349f4773be0a2924f7c99c7cdb51c395ad.tar.bz2 historical-c5a361349f4773be0a2924f7c99c7cdb51c395ad.zip