summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Gryniewicz <dang@gentoo.org>2007-01-03 04:32:05 +0000
committerDaniel Gryniewicz <dang@gentoo.org>2007-01-03 04:32:05 +0000
commitc946aee19c510c86402697d0158c7f28b0a1aebf (patch)
treecfadf5a8f28efa6450dd8d8662b9c012e69a0592 /sys-kernel/usermode-sources
parentInclude more headers to kill off implicit function prototypes. (diff)
downloadgentoo-2-c946aee19c510c86402697d0158c7f28b0a1aebf.tar.gz
gentoo-2-c946aee19c510c86402697d0158c7f28b0a1aebf.tar.bz2
gentoo-2-c946aee19c510c86402697d0158c7f28b0a1aebf.zip
Oops, fix for bug #154327 too
(Portage version: 2.1.2_rc4-r4)
Diffstat (limited to 'sys-kernel/usermode-sources')
-rw-r--r--sys-kernel/usermode-sources/ChangeLog7
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.6.18-r1-CVE-2006-4572.patch109
-rw-r--r--sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild5
3 files changed, 118 insertions, 3 deletions
diff --git a/sys-kernel/usermode-sources/ChangeLog b/sys-kernel/usermode-sources/ChangeLog
index 528616f6f6ce..b3950b14793b 100644
--- a/sys-kernel/usermode-sources/ChangeLog
+++ b/sys-kernel/usermode-sources/ChangeLog
@@ -1,6 +1,11 @@
# ChangeLog for sys-kernel/usermode-sources
# Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/ChangeLog,v 1.85 2007/01/03 03:59:08 dang Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/ChangeLog,v 1.86 2007/01/03 04:32:05 dang Exp $
+
+ 03 Jan 2007; Daniel Gryniewicz <dang@gentoo.org>
+ +files/usermode-sources-2.6.18-r1-CVE-2006-4572.patch,
+ usermode-sources-2.6.18-r1.ebuild:
+ Oops, fix for bug #154327 too
*usermode-sources-2.6.18-r1 (03 Jan 2007)
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.6.18-r1-CVE-2006-4572.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.6.18-r1-CVE-2006-4572.patch
new file mode 100644
index 000000000000..633b37586e00
--- /dev/null
+++ b/sys-kernel/usermode-sources/files/usermode-sources-2.6.18-r1-CVE-2006-4572.patch
@@ -0,0 +1,109 @@
+diff --exclude-from=/home/dang/.diffrc -up -ruN linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6_tables.c linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6_tables.c
+--- linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6_tables.c 2007-01-02 21:03:01.000000000 -0500
++++ linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6_tables.c 2007-01-02 23:02:56.000000000 -0500
+@@ -1445,6 +1445,9 @@ static void __exit ip6_tables_fini(void)
+ * If target header is found, its offset is set in *offset and return protocol
+ * number. Otherwise, return -1.
+ *
++ * If the first fragment doesn't contain the final protocol header or
++ * NEXTHDR_NONE it is considered invalid.
++ *
+ * Note that non-1st fragment is special case that "the protocol number
+ * of last header" is "next header" field in Fragment header. In this case,
+ * *offset is meaningless and fragment offset is stored in *fragoff if fragoff
+@@ -1468,12 +1471,12 @@ int ipv6_find_hdr(const struct sk_buff *
+ if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE) {
+ if (target < 0)
+ break;
+- return -1;
++ return -ENOENT;
+ }
+
+ hp = skb_header_pointer(skb, start, sizeof(_hdr), &_hdr);
+ if (hp == NULL)
+- return -1;
++ return -EBADMSG;
+ if (nexthdr == NEXTHDR_FRAGMENT) {
+ unsigned short _frag_off, *fp;
+ fp = skb_header_pointer(skb,
+@@ -1482,7 +1485,7 @@ int ipv6_find_hdr(const struct sk_buff *
+ sizeof(_frag_off),
+ &_frag_off);
+ if (fp == NULL)
+- return -1;
++ return -EBADMSG;
+
+ _frag_off = ntohs(*fp) & ~0x7;
+ if (_frag_off) {
+@@ -1493,7 +1496,7 @@ int ipv6_find_hdr(const struct sk_buff *
+ *fragoff = _frag_off;
+ return hp->nexthdr;
+ }
+- return -1;
++ return -ENOENT;
+ }
+ hdrlen = 8;
+ } else if (nexthdr == NEXTHDR_AUTH)
+diff --exclude-from=/home/dang/.diffrc -up -ruN linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6t_ah.c linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6t_ah.c
+--- linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6t_ah.c 2006-09-19 23:42:06.000000000 -0400
++++ linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6t_ah.c 2007-01-02 23:03:50.000000000 -0500
+@@ -54,9 +54,14 @@ match(const struct sk_buff *skb,
+ const struct ip6t_ah *ahinfo = matchinfo;
+ unsigned int ptr;
+ unsigned int hdrlen = 0;
+-
+- if (ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL) < 0)
+- return 0;
++ int err;
++
++ err = ipv6_find_hdr(skb, &amp;ptr, NEXTHDR_AUTH, NULL);
++ if (err &lt; 0) {
++ if (err != -ENOENT)
++ *hotdrop = 1;
++ return 0;
++ }
+
+ ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
+ if (ah == NULL) {
+diff --exclude-from=/home/dang/.diffrc -up -ruN linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6t_frag.c linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6t_frag.c
+--- linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6t_frag.c 2006-09-19 23:42:06.000000000 -0400
++++ linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6t_frag.c 2007-01-02 23:04:29.000000000 -0500
+@@ -52,9 +52,14 @@ match(const struct sk_buff *skb,
+ struct frag_hdr _frag, *fh;
+ const struct ip6t_frag *fraginfo = matchinfo;
+ unsigned int ptr;
+-
+- if (ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL) < 0)
+- return 0;
++ int err;
++
++ err = ipv6_find_hdr(skb, &amp;ptr, NEXTHDR_FRAGMENT, NULL);
++ if (err &lt; 0) {
++ if (err != -ENOENT)
++ *hotdrop = 1;
++ return 0;
++ }
+
+ fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);
+ if (fh == NULL) {
+diff --exclude-from=/home/dang/.diffrc -up -ruN linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6t_rt.c linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6t_rt.c
+--- linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6t_rt.c 2006-09-19 23:42:06.000000000 -0400
++++ linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6t_rt.c 2007-01-02 23:04:53.000000000 -0500
+@@ -58,9 +58,14 @@ match(const struct sk_buff *skb,
+ unsigned int hdrlen = 0;
+ unsigned int ret = 0;
+ struct in6_addr *ap, _addr;
+-
+- if (ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL) < 0)
+- return 0;
++ int err;
++
++ err = ipv6_find_hdr(skb, &amp;ptr, NEXTHDR_ROUTING, NULL);
++ if (err &lt; 0) {
++ if (err != -ENOENT)
++ *hotdrop = 1;
++ return 0;
++ }
+
+ rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route);
+ if (rh == NULL) {
diff --git a/sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild b/sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild
index 958c701b336c..2f2440221e63 100644
--- a/sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild
+++ b/sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild,v 1.1 2007/01/03 03:59:08 dang Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild,v 1.2 2007/01/03 04:32:05 dang Exp $
ETYPE="sources"
K_WANT_GENPATCHES="base"
@@ -10,7 +10,8 @@ detect_version
UML_VER="uml-2.6.18.1-bb2"
UNIPATCH_LIST="${FILESDIR}/uml-2.6.18-genpatches-8-prep.patch
- ${DISTDIR}/${UML_VER}.patch.bz2"
+ ${DISTDIR}/${UML_VER}.patch.bz2
+ ${FILESDIR}/${PF}-CVE-2006-4572.patch"
UNIPATCH_STRICTORDER="yes"
DESCRIPTION="Full sources for the User Mode Linux kernel"