diff options
author | Andrea Luzzardi <scox@gentoo.org> | 2004-06-22 21:31:44 +0000 |
---|---|---|
committer | Andrea Luzzardi <scox@gentoo.org> | 2004-06-22 21:31:44 +0000 |
commit | a01449330f6c5d6331db7d9a9ed3fdfbb97972c0 (patch) | |
tree | a13a10c40fa23a6842b60ac2a54d9e8739a95ed5 /sys-kernel/hardened-sources | |
parent | inherit to top; filter-flags into src_compile; error messages; IUSE; tidy (diff) | |
download | historical-a01449330f6c5d6331db7d9a9ed3fdfbb97972c0.tar.gz historical-a01449330f6c5d6331db7d9a9ed3fdfbb97972c0.tar.bz2 historical-a01449330f6c5d6331db7d9a9ed3fdfbb97972c0.zip |
2.4.26-r1 version bump, fix for the CAN-2004-0394 issue and bug #53804. Marked 2.4.26-r1 as stable. Removed 2.4.26 and 2.4.24-r3.
Diffstat (limited to 'sys-kernel/hardened-sources')
14 files changed, 47 insertions, 422 deletions
diff --git a/sys-kernel/hardened-sources/ChangeLog b/sys-kernel/hardened-sources/ChangeLog index 366c38394357..4fa0a4d1ebbd 100644 --- a/sys-kernel/hardened-sources/ChangeLog +++ b/sys-kernel/hardened-sources/ChangeLog @@ -1,7 +1,20 @@ # ChangeLog for sys-kernel/hardened-sources # Copyright 2000-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.27 2004/05/30 23:53:42 pvdabeel Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.28 2004/06/22 21:31:44 scox Exp $ + +*hardened-sources-2.4.26-r1 (22 June 2004) + + 22 June 2004; Andrea Luzzardi <scox@gentoo.org> + +hardened-sources-2.4.26-r1.ebuild, + +files/2.4.26-CAN-2004-0394.patch, + +files/2.4.26-signal-race.patch, + -hardened-sources-2.4.26.ebuild, + -hardened-sources-2.4.24-r3.ebuild: + Version bump for the CAN-2004-0394 issue and bug #53804 + Marked 2.4.26-r1 as stable, removed 2.4.26 and 2.4.24-r3 + + 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org> hardened-sources-2.4.24-r3.ebuild, hardened-sources-2.4.26.ebuild: Masked hardened-sources-2.4.26.ebuild broken for ppc diff --git a/sys-kernel/hardened-sources/Manifest b/sys-kernel/hardened-sources/Manifest index d7b503bacbad..d3356c02543f 100644 --- a/sys-kernel/hardened-sources/Manifest +++ b/sys-kernel/hardened-sources/Manifest @@ -1,12 +1,6 @@ -MD5 d7fbebb9ada77e5e981ba62a7f0a084b ChangeLog 7402 -MD5 17e63dc0794aa425a10b05b575b47f67 hardened-sources-2.4.24-r3.ebuild 2106 +MD5 290f1a921e56084d4dc67f256facfe1c hardened-sources-2.4.26-r1.ebuild 1039 +MD5 2ad88b078c94c23df0f1e5661db37162 ChangeLog 7799 MD5 0a473e60c059cb41c96a6bbcbff84769 metadata.xml 459 -MD5 5a45816414b12d7214a373fdc1354167 hardened-sources-2.4.26.ebuild 1012 -MD5 737445e3f88d572bf45412ef8b8875cd files/digest-hardened-sources-2.4.24-r3 321 -MD5 147fec50180ad91b6260fc7201dcb90f files/hardened-sources-2.4.24.CAN-2004-0010.patch 6050 -MD5 21f3a4f186017d925067335e24db36a1 files/hardened-sources-2.4.24.CAN-2004-0109.patch 1877 -MD5 eaeda68a619caaddd5b8fdc5e7c39932 files/hardened-sources-2.4.24.CAN-2004-0177.patch 384 -MD5 ac42024b6e6ee1e2165914db4b22a61c files/hardened-sources-2.4.24.CAN-2004-0178.patch 424 -MD5 174438d215b70cad5ffb00ca8123c062 files/hardened-sources-2.4.24.munmap.patch 837 -MD5 e77a93fdf26f06cf3ea5080b27211725 files/mremap-CAN-2003-0985.patch 414 -MD5 5909f277c9e29d7d8eb744e84d74b034 files/digest-hardened-sources-2.4.26 145 +MD5 5fd02bd0257e7bad717354021bcba268 files/2.4.26-signal-race.patch 469 +MD5 8850fb5244d9d10736d95a85f3c5b3f1 files/2.4.26-CAN-2004-0394.patch 448 +MD5 5909f277c9e29d7d8eb744e84d74b034 files/digest-hardened-sources-2.4.26-r1 145 diff --git a/sys-kernel/hardened-sources/files/2.4.26-CAN-2004-0394.patch b/sys-kernel/hardened-sources/files/2.4.26-CAN-2004-0394.patch new file mode 100644 index 000000000000..f2e421dc7861 --- /dev/null +++ b/sys-kernel/hardened-sources/files/2.4.26-CAN-2004-0394.patch @@ -0,0 +1,12 @@ +diff -urN linux-2.4.26-hardened/kernel/panic.c linux-2.4.26-can/kernel/panic.c +--- linux-2.4.26-hardened/kernel/panic.c 2003-11-28 19:26:21.000000000 +0100 ++++ linux-2.4.26-can/kernel/panic.c 2004-06-22 22:40:11.000000000 +0200 +@@ -59,7 +59,7 @@ + + bust_spinlocks(1); + va_start(args, fmt); +- vsprintf(buf, fmt, args); ++ vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + printk(KERN_EMERG "Kernel panic: %s\n",buf); + if (in_interrupt()) diff --git a/sys-kernel/hardened-sources/files/2.4.26-signal-race.patch b/sys-kernel/hardened-sources/files/2.4.26-signal-race.patch new file mode 100644 index 000000000000..62b6aa0676b5 --- /dev/null +++ b/sys-kernel/hardened-sources/files/2.4.26-signal-race.patch @@ -0,0 +1,12 @@ +diff -urN linux-2.4.26-hardened/include/asm-i386/i387.h linux-2.4.26-can/include/asm-i386/i387.h +--- linux-2.4.26-hardened/include/asm-i386/i387.h 2002-08-03 02:39:45.000000000 +0200 ++++ linux-2.4.26-can/include/asm-i386/i387.h 2004-06-22 22:47:47.849208728 +0200 +@@ -34,7 +34,7 @@ + + #define clear_fpu( tsk ) do { \ + if ( tsk->flags & PF_USEDFPU ) { \ +- asm volatile("fwait"); \ ++ asm volatile("fnclex; fwait"); \ + tsk->flags &= ~PF_USEDFPU; \ + stts(); \ + } \ diff --git a/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.24-r3 b/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.24-r3 deleted file mode 100644 index a73070900096..000000000000 --- a/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.24-r3 +++ /dev/null @@ -1,4 +0,0 @@ -MD5 1e055c42921b2396a559d84df4c3d9aa linux-2.4.24.tar.bz2 29837818 -MD5 ecf37e9bd868f2fa3fc581569ab724e0 hardened-sources-2.4.24-base.patch.bz2 1670068 -MD5 d8a2e8fff78e272378e5c8d13b344550 hardened-sources-2.4.24-selinux.patch.bz2 219034 -MD5 9f581b1bedf236bec48b43127ee79b33 hardened-sources-2.4.24-grsec.patch.bz2 100207 diff --git a/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.26 b/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.26-r1 index d371ec8cd2e0..d371ec8cd2e0 100644 --- a/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.26 +++ b/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.26-r1 diff --git a/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.CAN-2004-0010.patch b/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.CAN-2004-0010.patch deleted file mode 100644 index 6b4b1cefa49e..000000000000 --- a/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.CAN-2004-0010.patch +++ /dev/null @@ -1,200 +0,0 @@ -diff -urN linux-2.4.25-pre6/fs/ncpfs/dir.c linux-2.4.25-pre7/fs/ncpfs/dir.c ---- linux-2.4.25-pre6/fs/ncpfs/dir.c 2002-11-28 15:53:15.000000000 -0800 -+++ linux-2.4.25-pre7/fs/ncpfs/dir.c 2004-01-23 10:53:26.000000000 -0800 -@@ -266,8 +266,8 @@ - struct ncp_server *server; - struct inode *dir = dentry->d_parent->d_inode; - struct ncp_entry_info finfo; -- int res, val = 0, len = dentry->d_name.len + 1; -- __u8 __name[len]; -+ int res, val = 0, len; -+ __u8 __name[NCP_MAXPATHLEN + 1]; - - if (!dentry->d_inode || !dir) - goto finished; -@@ -291,14 +291,15 @@ - dentry->d_parent->d_name.name, dentry->d_name.name, - NCP_GET_AGE(dentry)); - -+ len = sizeof(__name); - if (ncp_is_server_root(dir)) { - res = ncp_io2vol(server, __name, &len, dentry->d_name.name, -- len-1, 1); -+ dentry->d_name.len, 1); - if (!res) - res = ncp_lookup_volume(server, __name, &(finfo.i)); - } else { - res = ncp_io2vol(server, __name, &len, dentry->d_name.name, -- len-1, !ncp_preserve_case(dir)); -+ dentry->d_name.len, !ncp_preserve_case(dir)); - if (!res) - res = ncp_obtain_info(server, dir, __name, &(finfo.i)); - } -@@ -548,9 +549,9 @@ - int valid = 0; - int hashed = 0; - ino_t ino = 0; -- __u8 __name[256]; -+ __u8 __name[NCP_MAXPATHLEN + 1]; - -- qname.len = 256; -+ qname.len = sizeof(__name); - if (ncp_vol2io(NCP_SERVER(inode), __name, &qname.len, - entry->i.entryName, entry->i.nameLen, - !ncp_preserve_entry_case(inode, entry->i.NSCreator))) -@@ -705,16 +706,19 @@ - { - struct ncp_server* server = NCP_SBP(sb); - struct nw_info_struct i; -- int result, len = strlen(server->m.mounted_vol) + 1; -- __u8 __name[len]; -+ int result; - - if (ncp_single_volume(server)) { -+ int len; - struct dentry* dent; -+ __u8 __name[NCP_MAXPATHLEN + 1]; - -- result = -ENOENT; -- if (ncp_io2vol(server, __name, &len, server->m.mounted_vol, -- len-1, 1)) -+ len = sizeof(__name); -+ result = ncp_io2vol(server, __name, &len, server->m.mounted_vol, -+ strlen(server->m.mounted_vol), 1); -+ if (result) - goto out; -+ result = -ENOENT; - if (ncp_lookup_volume(server, __name, &i)) { - PPRINTK("ncp_conn_logged_in: %s not found\n", - server->m.mounted_vol); -@@ -745,8 +749,8 @@ - struct ncp_server *server = NCP_SERVER(dir); - struct inode *inode = NULL; - struct ncp_entry_info finfo; -- int error, res, len = dentry->d_name.len + 1; -- __u8 __name[len]; -+ int error, res, len; -+ __u8 __name[NCP_MAXPATHLEN + 1]; - - error = -EIO; - if (!ncp_conn_valid(server)) -@@ -755,14 +759,15 @@ - PPRINTK("ncp_lookup: server lookup for %s/%s\n", - dentry->d_parent->d_name.name, dentry->d_name.name); - -+ len = sizeof(__name); - if (ncp_is_server_root(dir)) { - res = ncp_io2vol(server, __name, &len, dentry->d_name.name, -- len-1, 1); -+ dentry->d_name.len, 1); - if (!res) - res = ncp_lookup_volume(server, __name, &(finfo.i)); - } else { - res = ncp_io2vol(server, __name, &len, dentry->d_name.name, -- len-1, !ncp_preserve_case(dir)); -+ dentry->d_name.len, !ncp_preserve_case(dir)); - if (!res) - res = ncp_obtain_info(server, dir, __name, &(finfo.i)); - } -@@ -825,9 +830,9 @@ - { - struct ncp_server *server = NCP_SERVER(dir); - struct ncp_entry_info finfo; -- int error, result, len = dentry->d_name.len + 1; -+ int error, result, len; - int opmode; -- __u8 __name[len]; -+ __u8 __name[NCP_MAXPATHLEN + 1]; - - PPRINTK("ncp_create_new: creating %s/%s, mode=%x\n", - dentry->d_parent->d_name.name, dentry->d_name.name, mode); -@@ -836,8 +841,9 @@ - goto out; - - ncp_age_dentry(server, dentry); -+ len = sizeof(__name); - error = ncp_io2vol(server, __name, &len, dentry->d_name.name, -- len-1, !ncp_preserve_case(dir)); -+ dentry->d_name.len, !ncp_preserve_case(dir)); - if (error) - goto out; - -@@ -880,8 +886,8 @@ - { - struct ncp_entry_info finfo; - struct ncp_server *server = NCP_SERVER(dir); -- int error, len = dentry->d_name.len + 1; -- __u8 __name[len]; -+ int error, len; -+ __u8 __name[NCP_MAXPATHLEN + 1]; - - DPRINTK("ncp_mkdir: making %s/%s\n", - dentry->d_parent->d_name.name, dentry->d_name.name); -@@ -890,8 +896,9 @@ - goto out; - - ncp_age_dentry(server, dentry); -+ len = sizeof(__name); - error = ncp_io2vol(server, __name, &len, dentry->d_name.name, -- len-1, !ncp_preserve_case(dir)); -+ dentry->d_name.len, !ncp_preserve_case(dir)); - if (error) - goto out; - -@@ -909,8 +916,8 @@ - static int ncp_rmdir(struct inode *dir, struct dentry *dentry) - { - struct ncp_server *server = NCP_SERVER(dir); -- int error, result, len = dentry->d_name.len + 1; -- __u8 __name[len]; -+ int error, result, len; -+ __u8 __name[NCP_MAXPATHLEN + 1]; - - DPRINTK("ncp_rmdir: removing %s/%s\n", - dentry->d_parent->d_name.name, dentry->d_name.name); -@@ -923,8 +930,9 @@ - if (!d_unhashed(dentry)) - goto out; - -+ len = sizeof(__name); - error = ncp_io2vol(server, __name, &len, dentry->d_name.name, -- len-1, !ncp_preserve_case(dir)); -+ dentry->d_name.len, !ncp_preserve_case(dir)); - if (error) - goto out; - -@@ -1022,9 +1030,8 @@ - { - struct ncp_server *server = NCP_SERVER(old_dir); - int error; -- int old_len = old_dentry->d_name.len + 1; -- int new_len = new_dentry->d_name.len + 1; -- __u8 __old_name[old_len], __new_name[new_len]; -+ int old_len, new_len; -+ __u8 __old_name[NCP_MAXPATHLEN + 1], __new_name[NCP_MAXPATHLEN + 1]; - - DPRINTK("ncp_rename: %s/%s to %s/%s\n", - old_dentry->d_parent->d_name.name, old_dentry->d_name.name, -@@ -1037,15 +1044,17 @@ - ncp_age_dentry(server, old_dentry); - ncp_age_dentry(server, new_dentry); - -+ old_len = sizeof(__old_name); - error = ncp_io2vol(server, __old_name, &old_len, -- old_dentry->d_name.name, old_len-1, -- !ncp_preserve_case(old_dir)); -+ old_dentry->d_name.name, old_dentry->d_name.len, -+ !ncp_preserve_case(old_dir)); - if (error) - goto out; - -+ new_len = sizeof(__new_name); - error = ncp_io2vol(server, __new_name, &new_len, -- new_dentry->d_name.name, new_len-1, -- !ncp_preserve_case(new_dir)); -+ new_dentry->d_name.name, new_dentry->d_name.len, -+ !ncp_preserve_case(new_dir)); - if (error) - goto out; - - diff --git a/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.CAN-2004-0109.patch b/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.CAN-2004-0109.patch deleted file mode 100644 index d02b51c57fc6..000000000000 --- a/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.CAN-2004-0109.patch +++ /dev/null @@ -1,87 +0,0 @@ ---- linux/fs/isofs/rock.c.orig -+++ linux/fs/isofs/rock.c -@@ -14,6 +14,7 @@ - #include <linux/slab.h> - #include <linux/pagemap.h> - #include <linux/smp_lock.h> -+#include <asm/page.h> - - #include "rock.h" - -@@ -419,7 +420,7 @@ - return 0; - } - --static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr) -+static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit) - { - int slen; - int rootflag; -@@ -431,16 +432,25 @@ - rootflag = 0; - switch (slp->flags & ~1) { - case 0: -+ if (slp->len > plimit - rpnt) -+ return NULL; - memcpy(rpnt, slp->text, slp->len); - rpnt+=slp->len; - break; -+ case 2: -+ if (rpnt >= plimit) -+ return NULL; -+ *rpnt++='.'; -+ break; - case 4: -+ if (2 > plimit - rpnt) -+ return NULL; - *rpnt++='.'; -- /* fallthru */ -- case 2: - *rpnt++='.'; - break; - case 8: -+ if (rpnt >= plimit) -+ return NULL; - rootflag = 1; - *rpnt++='/'; - break; -@@ -457,17 +467,23 @@ - * If there is another SL record, and this component - * record isn't continued, then add a slash. - */ -- if ((!rootflag) && (rr->u.SL.flags & 1) && !(oldslp->flags & 1)) -+ if ((!rootflag) && (rr->u.SL.flags & 1) && -+ !(oldslp->flags & 1)) { -+ if (rpnt >= plimit) -+ return NULL; - *rpnt++='/'; -+ } - break; - } - - /* - * If this component record isn't continued, then append a '/'. - */ -- if (!rootflag && !(oldslp->flags & 1)) -+ if (!rootflag && !(oldslp->flags & 1)) { -+ if (rpnt >= plimit) -+ return NULL; - *rpnt++='/'; -- -+ } - } - return rpnt; - } -@@ -548,7 +564,10 @@ - CHECK_SP(goto out); - break; - case SIG('S', 'L'): -- rpnt = get_symlink_chunk(rpnt, rr); -+ rpnt = get_symlink_chunk(rpnt, rr, -+ link + (PAGE_SIZE - 1)); -+ if (rpnt == NULL) -+ goto out; - break; - case SIG('C', 'E'): - /* This tells is if there is a continuation record */ - diff --git a/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.CAN-2004-0177.patch b/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.CAN-2004-0177.patch deleted file mode 100644 index da6b7e190685..000000000000 --- a/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.CAN-2004-0177.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- linux-2.4.26-pre3/fs/jbd/journal.c 2004-02-18 05:36:31.000000000 -0800 -+++ linux-2.4.26-pre4/fs/jbd/journal.c 2004-03-16 09:59:36.000000000 -0800 -@@ -671,6 +671,7 @@ - - bh = getblk(journal->j_dev, blocknr, journal->j_blocksize); - lock_buffer(bh); -+ memset(bh->b_data, 0, journal->j_blocksize); - BUFFER_TRACE(bh, "return this buffer"); - return journal_add_journal_head(bh); - } diff --git a/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.CAN-2004-0178.patch b/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.CAN-2004-0178.patch deleted file mode 100644 index 19e57268c2fa..000000000000 --- a/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.CAN-2004-0178.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- linux-2.4.26-pre2/drivers/sound/sb_audio.c 2002-02-25 11:38:06.000000000 -0800 -+++ linux-2.4.26-pre3/drivers/sound/sb_audio.c 2004-03-13 07:43:23.000000000 -0800 -@@ -879,7 +879,7 @@ - c -= locallen; p += locallen; - } - /* used = ( samples * 16 bits size ) */ -- *used = len << 1; -+ *used = max_in > ( max_out << 1) ? (max_out << 1) : max_in; - /* returned = ( samples * 8 bits size ) */ - *returned = len; - } diff --git a/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.munmap.patch b/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.munmap.patch deleted file mode 100644 index e120b35b7adb..000000000000 --- a/sys-kernel/hardened-sources/files/hardened-sources-2.4.24.munmap.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -ur linux-2.4.25-rc3/mm/mremap.c linux-2.4.25-rc4/mm/mremap.c ---- linux-2.4.25-rc3/mm/mremap.c 2004-02-18 13:56:01.000000000 +0000 -+++ linux-2.4.25-rc4/mm/mremap.c 2004-02-18 13:49:08.000000000 +0000 -@@ -258,16 +258,20 @@ - if ((addr <= new_addr) && (addr+old_len) > new_addr) - goto out; - -- do_munmap(current->mm, new_addr, new_len); -+ ret = do_munmap(current->mm, new_addr, new_len); -+ if (ret && new_len) -+ goto out; - } - - /* - * Always allow a shrinking remap: that just unmaps - * the unnecessary pages.. - */ -- ret = addr; - if (old_len >= new_len) { -- do_munmap(current->mm, addr+new_len, old_len - new_len); -+ ret = do_munmap(current->mm, addr+new_len, old_len - new_len); -+ if (ret && old_len != new_len) -+ goto out; -+ ret = addr; - if (!(flags & MREMAP_FIXED) || (new_addr == addr)) - goto out; - } diff --git a/sys-kernel/hardened-sources/files/mremap-CAN-2003-0985.patch b/sys-kernel/hardened-sources/files/mremap-CAN-2003-0985.patch deleted file mode 100644 index dacf6ed810f9..000000000000 --- a/sys-kernel/hardened-sources/files/mremap-CAN-2003-0985.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- linux/mm/mremap.c.orig 2004-01-05 17:01:21.382104120 +0000 -+++ linux/mm/mremap.c 2004-01-05 17:15:25.689749848 +0000 -@@ -315,6 +315,10 @@ - old_len = PAGE_ALIGN(old_len); - new_len = PAGE_ALIGN(new_len); - -+ /* Don't allow the degenerate cases */ -+ if (!old_len || !new_len) -+ goto out; -+ - /* new_addr is only valid if MREMAP_FIXED is specified */ - if (flags & MREMAP_FIXED) { - if (new_addr & ~PAGE_MASK) diff --git a/sys-kernel/hardened-sources/hardened-sources-2.4.24-r3.ebuild b/sys-kernel/hardened-sources/hardened-sources-2.4.24-r3.ebuild deleted file mode 100644 index 09a74d94b5e9..000000000000 --- a/sys-kernel/hardened-sources/hardened-sources-2.4.24-r3.ebuild +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright 1999-2004 Gentoo Technologies, Inc. -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.24-r3.ebuild,v 1.2 2004/05/30 23:53:42 pvdabeel Exp $ - -IUSE="selinux" -ETYPE="sources" - -inherit kernel eutils - -OKV="`echo ${PV}|sed -e 's:^\([0-9]\+\.[0-9]\+\.[0-9]\+\).*:\1:'`" -EXTRAVERSION="-${PN/-*/}-${PR}" -KV=${OKV}${EXTRAVERSION} - -S=${WORKDIR}/linux-${KV} -DESCRIPTION="Special Security Hardened Gentoo Linux Kernel" - -BASE_URI="http://dev.gentoo.org/~scox/kernels/v2.4" -SRC_URI="mirror://kernel/linux/kernel/v2.4/linux-${OKV}.tar.bz2 - ${BASE_URI}/hardened-sources-${OKV}-base.patch.bz2 - selinux? ( ${BASE_URI}/hardened-sources-${OKV}-selinux.patch.bz2 ) - !selinux? ( ${BASE_URI}/hardened-sources-${OKV}-grsec.patch.bz2 )" - -HOMEPAGE="http://www.gentoo.org/proj/en/hardened/" -KEYWORDS="x86 -ppc" -SLOT="${KV}" - -src_unpack() { - unpack ${A} - - mv linux-${OKV} linux-${KV} || die - cd linux-${KV} - - bzcat ${DISTDIR}/hardened-sources-${OKV}-base.patch.bz2 | patch -p1 - if [ "`use selinux`" ]; then - bzcat ${DISTDIR}/hardened-sources-${OKV}-selinux.patch.bz2 | patch -p1 - else - bzcat ${DISTDIR}/hardened-sources-${OKV}-grsec.patch.bz2 | patch -p1 - fi - - epatch ${FILESDIR}/${P}.munmap.patch || die "Failed to apply munmap patch!" - epatch ${FILESDIR}/${P}.CAN-2004-0010.patch || die "Failed to add the CAN-2004-0010 patch!" - epatch ${FILESDIR}/${P}.CAN-2004-0109.patch || die "Failed to patch CAN-2004-0109 vulnerability!" - epatch ${FILESDIR}/${P}.CAN-2004-0177.patch || die "Failed to add the CAN-2004-0177 patch!" - epatch ${FILESDIR}/${P}.CAN-2004-0178.patch || die "Failed to add the CAN-2004-0178 patch!" - kernel_src_unpack -} - -pkg_postinst() { - einfo "This kernel contains LSM/SElinux or GRSecurity" - einfo "Also included are various other security related patches." - echo - einfo "If there are issues with this kernel, search http://bugs.gentoo.org/ for an" - einfo "existing bug. Only create a new bug if you have not found one that matches" - einfo "your issue. Please assign your bugs to scox@gentoo.org." -} diff --git a/sys-kernel/hardened-sources/hardened-sources-2.4.26.ebuild b/sys-kernel/hardened-sources/hardened-sources-2.4.26-r1.ebuild index 35f3f40bd69b..28a6765d547d 100644 --- a/sys-kernel/hardened-sources/hardened-sources-2.4.26.ebuild +++ b/sys-kernel/hardened-sources/hardened-sources-2.4.26-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.26.ebuild,v 1.2 2004/05/30 23:53:42 pvdabeel Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.26-r1.ebuild,v 1.1 2004/06/22 21:31:44 scox Exp $ IUSE="selinux" ETYPE="sources" @@ -21,13 +21,14 @@ else UNIPATCH_EXCLUDE="13" fi -UNIPATCH_LIST="${DISTDIR}/hardened-patches-${KV_MAJOR}.${KV_MINOR}-${HGPV}.tar.bz2" +UNIPATCH_LIST="${DISTDIR}/hardened-patches-${KV_MAJOR}.${KV_MINOR}-${HGPV}.tar.bz2 + ${FILESDIR}/${OKV}*.patch" UNIPATCH_DOCS="${WORKDIR}/patches/hardened-patches-${KV_MAJOR}.${KV_MINOR}-${HGPV}/0000_README" DESCRIPTION="Hardened sources for the ${KV_MAJOR}.${KV_MINOR} kernel tree" SRC_URI="${KERNEL_URI} ${HGPV_SRC}" -KEYWORDS="~x86 -ppc" +KEYWORDS="x86 -ppc" pkg_postinst() { postinst_sources |