security bump - file offset pointer handling vulnerability - bug 59378

author: Ned Ludd <solar@gentoo.org> 2004-08-04 18:41:10 +0000
committer: Ned Ludd <solar@gentoo.org> 2004-08-04 18:41:10 +0000
commit: ab4e43b12a41c0a80156b839f371d30410a36b32 (patch)
tree: 1242a01748394f61716269a8c578dbbeff0b8785 /sys-kernel
parent: version bump (Manifest recommit) (diff)
download: gentoo-2-ab4e43b12a41c0a80156b839f371d30410a36b32.tar.gz
gentoo-2-ab4e43b12a41c0a80156b839f371d30410a36b32.tar.bz2
gentoo-2-ab4e43b12a41c0a80156b839f371d30410a36b32.zip
4 files changed, 113 insertions, 1 deletions
diff --git a/sys-kernel/grsec-sources/ChangeLog b/sys-kernel/grsec-sources/ChangeLog
index 3fda38c4d346..ed42ba41949d 100644
--- a/sys-kernel/grsec-sources/ChangeLog
+++ b/sys-kernel/grsec-sources/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for sys-kernel/grsec-sources
 # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.28 2004/07/11 13:15:04 solar Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.29 2004/08/04 18:41:10 solar Exp $
+
+*grsec-sources-2.4.26.2.0-r7 (04 Aug 2004)
+
+  04 Aug 2004; <solar@gentoo.org> grsec-sources-2.4.26.2.0-r7.ebuild:
+  security bump - file offset pointer handling vulnerability - bug 59378
 
   11 Jul 2004; <solar@gentoo.org> grsec-sources-2.4.26.2.0-r6.ebuild,
   files/2.4.26-fchown-attr.patch, files/openmosix-sources.CAN-2004-0497.patch:
diff --git a/sys-kernel/grsec-sources/Manifest b/sys-kernel/grsec-sources/Manifest
index 6bae547f18f8..4336ccbcb158 100644
--- a/sys-kernel/grsec-sources/Manifest
+++ b/sys-kernel/grsec-sources/Manifest
@@ -1,3 +1,4 @@
+MD5 35c69972568fbb9bced7de0d47425338 grsec-sources-2.4.26.2.0-r7.ebuild 3568
 MD5 b969d312ac4266769ab295c44748ffc4 grsec-sources-2.4.26.2.0-r4.ebuild 3065
 MD5 22d142953a39883a2c9c839978510f9d grsec-sources-2.4.26.2.0-r6.ebuild 3331
 MD5 ea8807d44eed01d93f651bd7254e3a83 grsec-sources-2.4.26.2.0-r3.ebuild 2817
@@ -16,3 +17,4 @@ MD5 67eb43cb5340a7a671c2d375c0516888 files/digest-grsec-sources-2.4.26.2.0-r3 14
 MD5 67eb43cb5340a7a671c2d375c0516888 files/digest-grsec-sources-2.4.26.2.0-r4 143
 MD5 67eb43cb5340a7a671c2d375c0516888 files/digest-grsec-sources-2.4.26.2.0-r5 143
 MD5 67eb43cb5340a7a671c2d375c0516888 files/digest-grsec-sources-2.4.26.2.0-r6 143
+MD5 2dc3a7f7f036e87ce4af63af31989311 files/digest-grsec-sources-2.4.26.2.0-r7 219
diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.26.2.0-r7 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.26.2.0-r7
new file mode 100644
index 000000000000..fcb8a32fc613
--- /dev/null
+++ b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.26.2.0-r7
@@ -0,0 +1,3 @@
+MD5 9a6adfd65720201d600bf05e884cd78a grsecurity-2.0-2.4.26.patch.bz2 104358
+MD5 88d7aefa03c92739cb70298a0b486e2c linux-2.4.26.tar.bz2 30772389
+MD5 8f8f2412aacf9a01b5549bf2a9a3bff8 linux-2.4.26-CAN-2004-0415.patch 90145
diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r7.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r7.ebuild
new file mode 100644
index 000000000000..afca710722bc
--- /dev/null
+++ b/sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r7.ebuild
@@ -0,0 +1,102 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r7.ebuild,v 1.1 2004/08/04 18:41:10 solar Exp $
+
+# We control what versions of what we download based on the KEYWORDS we
+# are using for the various arches. Thus if we want grsec1 stable we run
+# the with "arch" ACCEPT_KEYWORDS or ~arch and we will get the
+# grsec-2.0-preX which has alot more features.
+
+# the only thing that should ever differ in one of these 1.9.x ebuilds
+# and 2.x of the same kernel version is the KEYWORDS and header.
+# shame cvs symlinks don't exist
+
+ETYPE="sources"
+IUSE=""
+
+inherit eutils kernel
+
+[ "$OKV" == "" ] && OKV="2.4.26"
+
+PATCH_BASE="${PV/${OKV}./}"
+PATCH_BASE="${PATCH_BASE/_/-}"
+EXTRAVERSION="-grsec-${PATCH_BASE}"
+KV="${OKV}${EXTRAVERSION}"
+
+PATCH_SRC_BASE="grsecurity-${PATCH_BASE}-${OKV}.patch.bz2"
+
+# hppa takes a special patch and usually has play catch up between
+# versions of this package.
+HPPA_SRC_URI=""
+if [ "${ARCH}" == "hppa" ]; then
+	PARISC_KERNEL_VERSION="pa1"
+	KV="${OKV}-${PARISC_KERNEL_VERSION}${EXTRAVERSION}"
+	HPPA_PATCH_SRC_BASE="parisc-linux-${OKV}-${PARISC_KERNEL_VERSION}${EXTRAVERSION}.gz"
+	HPPA_SRC_URI="mirror://gentoo/${HPPA_PATCH_SRC_BASE} http://dev.gentoo.org/~pappy/gentoo-x86/sys-kernel/grsec-sources/${HPPA_PATCH_SRC_BASE}"
+	PATCH_SRC_BASE="${HPPA_PATCH_SRC_BASE}"
+fi
+
+DESCRIPTION="Vanilla sources of the linux kernel with the grsecurity ${PATCH_BASE} patch"
+
+CAN_PATCHES="http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-2.4.26-CAN-2004-0415.patch"
+
+SRC_URI="mirror://gentoo/grsecurity-${PATCH_BASE}-${OKV}.patch.bz2 \
+	http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2 ${CAN_PATCHES}"
+
+
+HOMEPAGE="http://www.kernel.org/ http://www.grsecurity.net"
+
+KEYWORDS="x86 sparc ppc alpha amd64 -hppa"
+
+SLOT="${KV}"
+S="${WORKDIR}/linux-${KV}"
+
+src_unpack() {
+	unpack linux-"${OKV}".tar.bz2 || die "unable to unpack the kernel"
+	mv linux-"${OKV}" linux-"${KV}" || die "unable to move the kernel"
+	cd linux-"${KV}" || die "unable to cd into the kernel source tree"
+
+	patch_grsec_kernel
+
+	mkdir docs
+	touch docs/patches.txt
+	kernel_universal_unpack
+
+}
+
+patch_grsec_kernel() {
+	# users are often confused by what settings should be set.
+	# so we provide an  example of what a P4 desktop would look like.
+	cp ${FILESDIR}/2.4.24-x86.config gentoo-grsec-custom-example-2.4.24-x86.config
+
+
+	[ -f "${DISTDIR}/${PATCH_SRC_BASE}" ] || die "File ${PATCH_SRC_BASE} does not exist?"
+	ebegin "Patching the kernel with ${PATCH_SRC_BASE}"
+	case "${ARCH}" in
+		hppa)	zcat ${DISTDIR}/${PATCH_SRC_BASE} | patch -g0 -p1 --quiet ;;
+		*)	bzcat  ${DISTDIR}/${PATCH_SRC_BASE} | patch -g0 -p1 --quiet ;;
+	esac
+	[ $? == 0 ] || die "failed patching with ${PATCH_SRC_BASE}"
+	eend 0
+
+	# fix format string problem in panic()
+	epatch ${FILESDIR}/2.4.26-CAN-2004-0394.patch
+	# Fix local DoS bug #53804
+	epatch ${FILESDIR}/2.4.26-signal-race.patch
+
+	# i2c integer overflow vulnerability during the allocation of memory
+	#epatch ${FILESDIR}/2.4.26-i2cproc_bus_read.patch
+
+	# patch to force randomization to always at least PAGE_SIZE big.
+	epatch ${FILESDIR}/2.4.26-pax-binfmt_elf-page-size.patch
+
+	epatch ${FILESDIR}/gentoo-sources-2.4.CAN-2004-0495.patch
+	epatch ${FILESDIR}/gentoo-sources-2.4.CAN-2004-0535.patch
+
+	# Bug 56479 - fchown-attr
+	epatch ${FILESDIR}/openmosix-sources.CAN-2004-0497.patch
+
+	# file offset pointer handling vulnerability - Bug 59378
+	epatch ${DISTDIR}/linux-2.4.26-CAN-2004-0415.patch
+}
+
author	Ned Ludd <solar@gentoo.org>	2004-08-04 18:41:10 +0000
committer	Ned Ludd <solar@gentoo.org>	2004-08-04 18:41:10 +0000
commit	ab4e43b12a41c0a80156b839f371d30410a36b32 (patch)
tree	1242a01748394f61716269a8c578dbbeff0b8785 /sys-kernel
parent	version bump (Manifest recommit) (diff)
download	gentoo-2-ab4e43b12a41c0a80156b839f371d30410a36b32.tar.gz gentoo-2-ab4e43b12a41c0a80156b839f371d30410a36b32.tar.bz2 gentoo-2-ab4e43b12a41c0a80156b839f371d30410a36b32.zip