diff options
author | Tim Yamin <plasmaroo@gentoo.org> | 2005-01-09 11:18:40 +0000 |
---|---|---|
committer | Tim Yamin <plasmaroo@gentoo.org> | 2005-01-09 11:18:40 +0000 |
commit | 2fea1cb5d4af773082a89c09d7982ca1d70c0e99 (patch) | |
tree | 9a9ca6f3752a943effce823f48f3c7f2b963c07e /sys-kernel/uclinux-sources | |
parent | Stable on amd64. (Manifest recommit) (diff) | |
download | gentoo-2-2fea1cb5d4af773082a89c09d7982ca1d70c0e99.tar.gz gentoo-2-2fea1cb5d4af773082a89c09d7982ca1d70c0e99.tar.bz2 gentoo-2-2fea1cb5d4af773082a89c09d7982ca1d70c0e99.zip |
Security bump for bug #75963.
Diffstat (limited to 'sys-kernel/uclinux-sources')
-rw-r--r-- | sys-kernel/uclinux-sources/ChangeLog | 9 | ||||
-rw-r--r-- | sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r14 (renamed from sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r13) | 0 | ||||
-rw-r--r-- | sys-kernel/uclinux-sources/files/uclinux-sources-2.6.75963.patch | 32 | ||||
-rw-r--r-- | sys-kernel/uclinux-sources/files/uclinux-sources-2.6.77094.patch | 77 | ||||
-rw-r--r-- | sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r14.ebuild (renamed from sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r13.ebuild) | 5 |
5 files changed, 120 insertions, 3 deletions
diff --git a/sys-kernel/uclinux-sources/ChangeLog b/sys-kernel/uclinux-sources/ChangeLog index 53b9981420c2..079489b79b0f 100644 --- a/sys-kernel/uclinux-sources/ChangeLog +++ b/sys-kernel/uclinux-sources/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-kernel/uclinux-sources # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/ChangeLog,v 1.28 2005/01/09 10:59:22 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/ChangeLog,v 1.29 2005/01/09 11:18:40 plasmaroo Exp $ + +*uclinux-sources-2.6.7_p0-r14 (09 Jan 2005) + + 09 Jan 2005; <plasmaroo@gentoo.org> -uclinux-sources-2.6.7_p0-r13.ebuild, + +uclinux-sources-2.6.7_p0-r14.ebuild, + +files/uclinux-sources-2.6.75963.patch: + Security bump for bug #75963. *uclinux-sources-2.4.26_p0-r12 (09 Jan 2005) diff --git a/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r13 b/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r14 index 5e42e7666435..5e42e7666435 100644 --- a/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r13 +++ b/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r14 diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.75963.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.75963.patch new file mode 100644 index 000000000000..80390f13bd73 --- /dev/null +++ b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.75963.patch @@ -0,0 +1,32 @@ +--- linux-2.6.10/security/dummy.c 2004-12-24 21:34:26.000000000 +0000 ++++ linux-2.6.10.plasmaroo/security/dummy.c 2005-01-07 20:13:50.763073872 +0000 +@@ -74,11 +74,8 @@ + + static int dummy_capable (struct task_struct *tsk, int cap) + { +- if (cap_is_fs_cap (cap) ? tsk->fsuid == 0 : tsk->euid == 0) +- /* capability granted */ ++ if (cap_raised (tsk->cap_effective, cap)) + return 0; +- +- /* capability denied */ + return -EPERM; + } + +@@ -191,6 +188,8 @@ + + current->suid = current->euid = current->fsuid = bprm->e_uid; + current->sgid = current->egid = current->fsgid = bprm->e_gid; ++ ++ dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); + } + + static int dummy_bprm_set_security (struct linux_binprm *bprm) +@@ -550,6 +549,7 @@ + + static int dummy_task_post_setuid (uid_t id0, uid_t id1, uid_t id2, int flags) + { ++ dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); + return 0; + } + diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.77094.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.77094.patch new file mode 100644 index 000000000000..903c85628833 --- /dev/null +++ b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.77094.patch @@ -0,0 +1,77 @@ +diff -urNp linux-2.6.10/drivers/char/moxa.c linux-2.6.10-new/drivers/char/moxa.c +--- linux-2.6.10/drivers/char/moxa.c 2005-01-07 10:51:23 -0500 ++++ linux-2.6.10-new/drivers/char/moxa.c 2005-01-07 10:51:33 -0500 +@@ -1668,6 +1668,8 @@ int MoxaDriverIoctl(unsigned int cmd, un + return -EFAULT; + if(dltmp.cardno < 0 || dltmp.cardno >= MAX_BOARDS) + return -EINVAL; ++ if(dltmp.len < 0 || dltmp.len > sizeof(moxaBuff)) ++ return -EINVAL; + + switch(cmd) + { +@@ -2822,8 +2824,6 @@ static int moxaload320b(int cardno, unsi + void __iomem *baseAddr; + int i; + +- if(len > sizeof(moxaBuff)) +- return -EINVAL; + if(copy_from_user(moxaBuff, tmp, len)) + return -EFAULT; + baseAddr = moxaBaseAddr[cardno]; +diff -urNp linux-2.6.10/drivers/block/scsi_ioctl.c linux-2.6.10-new/drivers/block/scsi_ioctl.c +--- linux-2.6.10/drivers/block/scsi_ioctl.c 2005-01-07 10:51:24 -0500 ++++ linux-2.6.10-new/drivers/block/scsi_ioctl.c 2005-01-07 10:51:33 -0500 +@@ -339,7 +339,8 @@ static int sg_scsi_ioctl(struct file *fi + struct gendisk *bd_disk, Scsi_Ioctl_Command __user *sic) + { + struct request *rq; +- int err, in_len, out_len, bytes, opcode, cmdlen; ++ unsigned int in_len, out_len, bytes, opcode, cmdlen; ++ int err; + char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE]; + + /* +diff -urNp linux-2.6.10/drivers/char/random.c linux-2.6.10-new/drivers/char/random.c +--- linux-2.6.10/drivers/char/random.c 2005-01-07 10:51:23 -0500 ++++ linux-2.6.10-new/drivers/char/random.c 2005-01-07 10:51:33 -0500 +@@ -1912,7 +1912,7 @@ static int poolsize_strategy(ctl_table * + void __user *oldval, size_t __user *oldlenp, + void __user *newval, size_t newlen, void **context) + { +- int len; ++ size_t len; + + sysctl_poolsize = random_state->poolinfo.POOLBYTES; + +diff -urNp linux-2.6.10/mm/mmap.c linux-2.6.10-new/mm/mmap.c +--- linux-2.6.10/mm/mmap.c 2004-12-24 22:35:00.000000000 +0100 ++++ linux-2.6.10-new/mm/mmap.c 2004-12-27 16:37:47.000000000 +0100 +@@ -1360,6 +1360,13 @@ int expand_stack(struct vm_area_struct * + vm_unacct_memory(grow); + return -ENOMEM; + } ++ if ((vma->vm_flags & VM_LOCKED) && !capable(CAP_IPC_LOCK) && ++ ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) > ++ current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) { ++ anon_vma_unlock(vma); ++ vm_unacct_memory(grow); ++ return -ENOMEM; ++ } + vma->vm_end = address; + vma->vm_mm->total_vm += grow; + if (vma->vm_flags & VM_LOCKED) +@@ -1422,6 +1429,13 @@ int expand_stack(struct vm_area_struct * + vm_unacct_memory(grow); + return -ENOMEM; + } ++ if ((vma->vm_flags & VM_LOCKED) && !capable(CAP_IPC_LOCK) && ++ ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) > ++ current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) { ++ anon_vma_unlock(vma); ++ vm_unacct_memory(grow); ++ return -ENOMEM; ++ } + vma->vm_start = address; + vma->vm_pgoff -= grow; + vma->vm_mm->total_vm += grow; diff --git a/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r13.ebuild b/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r14.ebuild index cf16545b22d7..4e19d56c3872 100644 --- a/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r13.ebuild +++ b/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r14.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r13.ebuild,v 1.1 2005/01/09 10:59:22 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r14.ebuild,v 1.1 2005/01/09 11:18:40 plasmaroo Exp $ IUSE="" @@ -60,8 +60,9 @@ src_unpack() { epatch ${FILESDIR}/${PN}-2.6.CAN-2004-1056.patch || die "Failed to apply the CAN-2004-1056 patch!" epatch ${FILESDIR}/${PN}-2.6.CAN-2004-1137.patch || die "Failed to apply the CAN-2004-1137 patch!" epatch ${FILESDIR}/${PN}-2.6.CAN-2004-1151.patch || die "Failed to apply the CAN-2004-1151 patch!" - epatch ${FILESDIR}/${PN}.77094.patch || die "Failed to apply bug #77094 patch!" + epatch ${FILESDIR}/${PN}-2.6.77094.patch || die "Failed to apply bug #77094 patch!" epatch ${FILESDIR}/${PN}-2.6.brk-locked.patch || die "Failed to apply do_brk_locked() patch!" + epatch ${FILESDIR}/${PN}-2.6.75963.patch || die "Failed to apply bug #75963 patch!" set MY_ARCH=${ARCH} unset ARCH |