Added patches to address the security vulnerabilities in bugs #37292 and #37317.

7 files changed, 98 insertions, 7 deletions

diff --git a/sys-kernel/compaq-sources/ChangeLog b/sys-kernel/compaq-sources/ChangeLog
index 5c80cdc10f40..e3c39fe1cf0e 100644
--- a/sys-kernel/compaq-sources/ChangeLog
+++ b/sys-kernel/compaq-sources/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-kernel/compaq-sources
 # Copyright 2000-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/compaq-sources/ChangeLog,v 1.1 2003/05/13 18:49:07 taviso Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/compaq-sources/ChangeLog,v 1.2 2004/01/06 18:27:04 plasmaroo Exp $
+
+  06 Jan 2004; <plasmaroo@gentoo.org> compaq-sources-2.4.9.32.7-r1.ebuild,
+  files/compaq-sources-2.4.9.32.7.CAN-2003-0985.patch,
+  files/compaq-sources-2.4.9.32.7.do_brk.patch,
+  files/compaq-sources-2.4.9.32.7.rtc_fix.patch:
+  Added patches to address the security vulnerabilities in bugs #37292 and
+  #37317.
 
 *compaq-sources-2.4.9.32.7 (13 May 2003)
 
diff --git a/sys-kernel/compaq-sources/Manifest b/sys-kernel/compaq-sources/Manifest
index 2126be02cc0e..2aaa41cff651 100644
--- a/sys-kernel/compaq-sources/Manifest
+++ b/sys-kernel/compaq-sources/Manifest
@@ -1,4 +1,7 @@
-MD5 8e85daaa5bd9b2f1156e7f625c310672 ChangeLog 406
-MD5 b96c7e5fc11cec67f2157c30263e2732 compaq-sources-2.4.9.32.7.ebuild 2410
+MD5 4747458b4b45373dbcac1ed259119c5f ChangeLog 722
 MD5 fa89a9407fb524aa495fff27051ef881 metadata.xml 684
-MD5 0d92b769cd5933ba7bc76182379575a9 files/digest-compaq-sources-2.4.9.32.7 80
+MD5 8c360e0f91e15aad9cf3536e5c4fcb67 compaq-sources-2.4.9.32.7-r1.ebuild 2694
+MD5 e637c6fa41097ea2c4693d0766f2e1c5 files/compaq-sources-2.4.9.32.7.do_brk.patch 242
+MD5 2c8a6f5232ae153c016cd241881b0719 files/compaq-sources-2.4.9.32.7.rtc_fix.patch 2152
+MD5 0d92b769cd5933ba7bc76182379575a9 files/digest-compaq-sources-2.4.9.32.7-r1 80
+MD5 d641cd49ae63ca2989672d2209691bb5 files/compaq-sources-2.4.9.32.7.CAN-2003-0985.patch 414
diff --git a/sys-kernel/compaq-sources/compaq-sources-2.4.9.32.7.ebuild b/sys-kernel/compaq-sources/compaq-sources-2.4.9.32.7-r1.ebuild
index 708e3c181dad..206dc43e30cf 100644
--- a/sys-kernel/compaq-sources/compaq-sources-2.4.9.32.7.ebuild
+++ b/sys-kernel/compaq-sources/compaq-sources-2.4.9.32.7-r1.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Copyright 1999-2004 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/compaq-sources/compaq-sources-2.4.9.32.7.ebuild,v 1.2 2003/09/07 07:26:00 msterret Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/compaq-sources/compaq-sources-2.4.9.32.7-r1.ebuild,v 1.1 2004/01/06 18:27:04 plasmaroo Exp $
 
 ETYPE="sources"
 inherit kernel
@@ -50,6 +50,11 @@ src_unpack() {
 	sed -i 's#\(extern\) \(unsigned long irq_err_count;\)#\1 volatile \2#' arch/alpha/kernel/irq_alpha.c
 	sed -i 's#/DISCARD/ : { \*(.text.exit)#/DISCARD/ : {#' arch/alpha/vmlinux.lds.in
 
+	# Security patches
+	epatch ${FILESDIR}/${P}.do_brk.patch || die "Failed to patch do_brk() vulnerability!"
+	epatch ${FILESDIR}/${P}.CAN-2003-0985.patch || die "Failed to patch mremap() vulnerability!"
+	epatch ${FILESDIR}/${P}.rtc_fix.patch || die "Failed to patch RTC vulnerabilities!"
+
 	# hand it over to the eclass...
 	kernel_universal_unpack
 }
@@ -65,5 +70,4 @@ pkg_postinst () {
 	einfo
 	ewarn "DO NOT Report issues with this kernel to Red Hat or Compaq, use"
 	ewarn "the Gentoo Linux bugzilla at http://bugs.gentoo.org/"
-	einfo
 }
diff --git a/sys-kernel/compaq-sources/files/compaq-sources-2.4.9.32.7.CAN-2003-0985.patch b/sys-kernel/compaq-sources/files/compaq-sources-2.4.9.32.7.CAN-2003-0985.patch
new file mode 100644
index 000000000000..bacef69f02f8
--- /dev/null
+++ b/sys-kernel/compaq-sources/files/compaq-sources-2.4.9.32.7.CAN-2003-0985.patch
@@ -0,0 +1,13 @@
+--- linux/mm/mremap.c.orig	2004-01-05 17:01:21.382104120 +0000
++++ linux/mm/mremap.c	2004-01-05 17:15:25.689749848 +0000
+@@ -315,6 +315,10 @@
+ 	old_len = PAGE_ALIGN(old_len);
+ 	new_len = PAGE_ALIGN(new_len);
+ 
++	/* Don't allow the degenerate cases */
++	if (!(old_len | new_len))
++		goto out;
++
+ 	/* new_addr is only valid if MREMAP_FIXED is specified */
+ 	if (flags & MREMAP_FIXED) {
+ 		if (new_addr & ~PAGE_MASK)
diff --git a/sys-kernel/compaq-sources/files/compaq-sources-2.4.9.32.7.do_brk.patch b/sys-kernel/compaq-sources/files/compaq-sources-2.4.9.32.7.do_brk.patch
new file mode 100644
index 000000000000..fef1f1e981e2
--- /dev/null
+++ b/sys-kernel/compaq-sources/files/compaq-sources-2.4.9.32.7.do_brk.patch
@@ -0,0 +1,12 @@
+--- a/mm/mmap.c Fri Sep 12 06:44:06 2003
++++ b/mm/mmap.c Thu Oct  2 01:18:19 2003
+@@ -1041,6 +1041,9 @@
+	if (!len)
+		return addr;
+ 
++ 	if ((addr + len) > TASK_SIZE || (addr + len) < addr)
++ 		return -EINVAL;
++ 
+	/*
+	 * mlock MCL_FUTURE?
+	 */
diff --git a/sys-kernel/compaq-sources/files/compaq-sources-2.4.9.32.7.rtc_fix.patch b/sys-kernel/compaq-sources/files/compaq-sources-2.4.9.32.7.rtc_fix.patch
new file mode 100644
index 000000000000..2f16ffa02743
--- /dev/null
+++ b/sys-kernel/compaq-sources/files/compaq-sources-2.4.9.32.7.rtc_fix.patch
@@ -0,0 +1,52 @@
+diff -ur linux-2.4.20-wolk4.9s/drivers/char/efirtc.c linux-2.4.20-wolk4.9s.plasmaroo/drivers/char/efirtc.c
+--- linux-2.4.20-wolk4.9s/drivers/char/efirtc.c	2004-01-05 23:33:45.000000000 +0000
++++ linux-2.4.20-wolk4.9s.plasmaroo/drivers/char/efirtc.c	2004-01-05 23:47:53.000000000 +0000
+@@ -118,6 +118,7 @@
+ static void
+ convert_from_efi_time(efi_time_t *eft, struct rtc_time *wtime)
+ {
++	memset(wtime, 0, sizeof(struct rtc_time));
+ 	wtime->tm_sec  = eft->second;
+ 	wtime->tm_min  = eft->minute;
+ 	wtime->tm_hour = eft->hour;
+diff -ur linux-2.4.20-wolk4.9s/drivers/char/rtc.c linux-2.4.20-wolk4.9s.plasmaroo/drivers/char/rtc.c
+--- linux-2.4.20-wolk4.9s/drivers/char/rtc.c	2004-01-05 23:33:45.000000000 +0000
++++ linux-2.4.20-wolk4.9s.plasmaroo/drivers/char/rtc.c	2004-01-05 23:52:43.000000000 +0000
+@@ -370,6 +370,7 @@
+ 		 * tm_min, and tm_sec values are filled in.
+ 		 */
+ 
++		memset(&wtime, 0, sizeof(struct rtc_time));
+ 		get_rtc_alm_time(&wtime);
+ 		break; 
+ 	}
+@@ -417,6 +418,7 @@
+ 	}
+ 	case RTC_RD_TIME:	/* Read the time/date from RTC	*/
+ 	{
++		memset(&wtime, 0, sizeof(struct rtc_time));
+ 		get_rtc_time(&wtime);
+ 		break;
+ 	}
+diff -ur linux-2.4.20-wolk4.9s/drivers/macintosh/rtc.c linux-2.4.20-wolk4.9s.plasmaroo/drivers/macintosh/rtc.c
+--- linux-2.4.20-wolk4.9s/drivers/macintosh/rtc.c	2004-01-05 23:33:45.000000000 +0000
++++ linux-2.4.20-wolk4.9s.plasmaroo/drivers/macintosh/rtc.c	2004-01-05 23:54:15.000000000 +0000
+@@ -64,6 +64,7 @@
+ 	case RTC_RD_TIME:
+ 		if (ppc_md.get_rtc_time)
+ 		{
++			memset(&rtc_tm, 0, sizeof(struct rtc_time));
+ 			get_rtc_time(&rtc_tm);
+ 
+ 			if (copy_to_user((struct rtc_time*)arg, &rtc_tm, sizeof(struct rtc_time)))
+diff -ur linux-2.4.20-wolk4.9s/drivers/sbus/char/rtc.c linux-2.4.20-wolk4.9s.plasmaroo/drivers/sbus/char/rtc.c
+--- linux-2.4.20-wolk4.9s/drivers/sbus/char/rtc.c	2004-01-05 23:33:45.000000000 +0000
++++ linux-2.4.20-wolk4.9s.plasmaroo/drivers/sbus/char/rtc.c	2004-01-05 23:54:43.000000000 +0000
+@@ -89,6 +89,7 @@
+ 	switch (cmd)
+ 	{
+ 	case RTCGET:
++		memset(&rtc_tm, 0, sizeof(struct rtc_time));
+ 		get_rtc_time(&rtc_tm);
+ 
+ 		if (copy_to_user((struct rtc_time*)arg, &rtc_tm, sizeof(struct rtc_time)))
diff --git a/sys-kernel/compaq-sources/files/digest-compaq-sources-2.4.9.32.7 b/sys-kernel/compaq-sources/files/digest-compaq-sources-2.4.9.32.7-r1
index 7b0d58783ef3..7b0d58783ef3 100644
--- a/sys-kernel/compaq-sources/files/digest-compaq-sources-2.4.9.32.7
+++ b/sys-kernel/compaq-sources/files/digest-compaq-sources-2.4.9.32.7-r1