diff options
author | Andrew Ross <aross@gentoo.org> | 2006-08-26 06:24:11 +0000 |
---|---|---|
committer | Andrew Ross <aross@gentoo.org> | 2006-08-26 06:24:11 +0000 |
commit | 7d3b61c81cf24fa3e03a1a74abfc3911b3e64d48 (patch) | |
tree | 0d6a7d751e8a387e5c6a960de83e4496b5be5779 /sys-kernel | |
parent | add sather and hspell to pmask for treecleaners (diff) | |
download | gentoo-2-7d3b61c81cf24fa3e03a1a74abfc3911b3e64d48.tar.gz gentoo-2-7d3b61c81cf24fa3e03a1a74abfc3911b3e64d48.tar.bz2 gentoo-2-7d3b61c81cf24fa3e03a1a74abfc3911b3e64d48.zip |
Fix possible buffer overflow (CVE-2006-2935), bug #139321
(Portage version: 2.1-r2)
Diffstat (limited to 'sys-kernel')
4 files changed, 86 insertions, 1 deletions
diff --git a/sys-kernel/xen-sources/ChangeLog b/sys-kernel/xen-sources/ChangeLog index 1d61a3f4533a..76c3b7a35781 100644 --- a/sys-kernel/xen-sources/ChangeLog +++ b/sys-kernel/xen-sources/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-kernel/xen-sources # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/xen-sources/ChangeLog,v 1.32 2006/08/15 11:30:13 aross Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/xen-sources/ChangeLog,v 1.33 2006/08/26 06:24:11 aross Exp $ + +*xen-sources-2.6.16.26-r1 (26 Aug 2006) + + 26 Aug 2006; <aross@gentoo.org> + +files/xen-sources-2.6.16.26-CVE-2006-2935.patch, + +xen-sources-2.6.16.26-r1.ebuild: + Fix possible buffer overflow (CVE-2006-2935), bug #139321 16 Aug 2006; Andrew Ross <aross@gentoo.org> metadata.xml: Add xen herd and remove chrb and agriffis as maintainers. diff --git a/sys-kernel/xen-sources/files/digest-xen-sources-2.6.16.26-r1 b/sys-kernel/xen-sources/files/digest-xen-sources-2.6.16.26-r1 new file mode 100644 index 000000000000..af033283d8f0 --- /dev/null +++ b/sys-kernel/xen-sources/files/digest-xen-sources-2.6.16.26-r1 @@ -0,0 +1,9 @@ +MD5 9a91b2719949ff0856b40bc467fd47be linux-2.6.16.tar.bz2 40845005 +RMD160 af5c2f55733fadd2fdf8b00da55e7b31d516d4e8 linux-2.6.16.tar.bz2 40845005 +SHA256 1200dcc7e60fcdaf68618dba991917a47e41e67099e8b22143976ec972e2cad7 linux-2.6.16.tar.bz2 40845005 +MD5 7351957e10d4eddc0189a481a6c057ee patch-2.6.16.26.bz2 59594 +RMD160 4bf2a4db7aa6a3e04f381c2be9bd8ed2394dc1bf patch-2.6.16.26.bz2 59594 +SHA256 9439e071a4938aad379c514068cf3c6f100f49be209b5b6b1ab48f9aaf5ba0e0 patch-2.6.16.26.bz2 59594 +MD5 544eab940a0734a55459d648e5c3b224 xen-3.0.2-src.tgz 4933621 +RMD160 34e4431a981891319f8a5ea0c3f604e7d8d7d7af xen-3.0.2-src.tgz 4933621 +SHA256 f18ffab16a457fa721d11933c75f8288f6958c88c2669857c7c11d5107ba2951 xen-3.0.2-src.tgz 4933621 diff --git a/sys-kernel/xen-sources/files/xen-sources-2.6.16.26-CVE-2006-2935.patch b/sys-kernel/xen-sources/files/xen-sources-2.6.16.26-CVE-2006-2935.patch new file mode 100644 index 000000000000..927d77d58dd3 --- /dev/null +++ b/sys-kernel/xen-sources/files/xen-sources-2.6.16.26-CVE-2006-2935.patch @@ -0,0 +1,28 @@ +From: Jens Axboe <axboe@suse.de> +Date: Mon, 10 Jul 2006 11:44:08 +0000 (-0700) +Subject: [PATCH] cdrom: fix bad cgc.buflen assignment +X-Git-Tag: v2.6.18-rc2 +X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=454d6fbc48374be8f53b9bafaa86530cf8eb3bc1 + +[PATCH] cdrom: fix bad cgc.buflen assignment + +The code really means to mask off the high bits, not assign 0xff. + +Signed-off-by: Jens Axboe <axboe@suse.de> +Cc: Marcus Meissner <meissner@suse.de> +Cc: <stable@kernel.org> +Signed-off-by: Andrew Morton <akpm@osdl.org> +Signed-off-by: Linus Torvalds <torvalds@osdl.org> +--- + +--- a/drivers/cdrom/cdrom.c ++++ b/drivers/cdrom/cdrom.c +@@ -1837,7 +1837,7 @@ static int dvd_read_bca(struct cdrom_dev + init_cdrom_command(&cgc, buf, sizeof(buf), CGC_DATA_READ); + cgc.cmd[0] = GPCMD_READ_DVD_STRUCTURE; + cgc.cmd[7] = s->type; +- cgc.cmd[9] = cgc.buflen = 0xff; ++ cgc.cmd[9] = cgc.buflen & 0xff; + + if ((ret = cdo->generic_packet(cdi, &cgc))) + return ret; diff --git a/sys-kernel/xen-sources/xen-sources-2.6.16.26-r1.ebuild b/sys-kernel/xen-sources/xen-sources-2.6.16.26-r1.ebuild new file mode 100644 index 000000000000..4eb5705e47c6 --- /dev/null +++ b/sys-kernel/xen-sources/xen-sources-2.6.16.26-r1.ebuild @@ -0,0 +1,41 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/xen-sources/xen-sources-2.6.16.26-r1.ebuild,v 1.1 2006/08/26 06:24:11 aross Exp $ + +ETYPE="sources" +inherit kernel-2 eutils +detect_arch +detect_version +[ "${PR}" == "r0" ] && KV=${PV/_/-}-xen || KV=${PV/_/-}-xen-${PR} + +DESCRIPTION="Full sources for a dom0/domU Linux kernel to run under Xen" +HOMEPAGE="http://www.cl.cam.ac.uk/Research/SRG/netos/xen/index.html" +#REV="8738" +#MY_P="xen-3.0-testing-${REV}" +XEN_VERSION="3.0.2" +MY_P="xen-${XEN_VERSION}" +#SRC_URI="${KERNEL_URI} mirror://gentoo/${MY_P}.tar.bz2" +SRC_URI="${KERNEL_URI} mirror://kernel/linux/kernel/v${KV_MAJOR}.${KV_MINOR}/patch-${PV}.bz2 http://www.cl.cam.ac.uk/Research/SRG/netos/xen/downloads/xen-${XEN_VERSION}-src.tgz" + +KEYWORDS="~x86 ~amd64" +DEPEND="~app-emulation/xen-${XEN_VERSION}" +S="${WORKDIR}" +RESTRICT="nostrip" +XEN_KV=${KV_MAJOR}.${KV_MINOR}.${KV_PATCH} + +src_unpack() { + unpack ${A} + cd ${MY_P} + mv "${WORKDIR}"/patch-${PV} patches/linux-${XEN_KV}/linux-${PV}.patch \ + || die "failed to mv ${WORKDIR}/patch-${PV}" + sed -e 's:relative_lndir \([^(].*\):cp -dpPR \1/* .:' \ + -i linux-2.6-xen-sparse/mkbuildtree || die + make LINUX_SRC_PATH=${DISTDIR} -f buildconfigs/mk.linux-2.6-xen \ + linux-${XEN_KV}-xen/include/linux/autoconf.h || die + mv linux-${XEN_KV}-xen ${WORKDIR}/linux-${KV} || die + rm -rf ${WORKDIR}/linux-${XEN_KV} || die + rm -rf ${WORKDIR}/${MY_P} || die + + cd "${WORKDIR}/linux-${PV}-xen${PR:+-${PR}}" + epatch "${FILESDIR}/${P}-CVE-2006-2935.patch" +} |