Fix possible buffer overflow (CVE-2006-2935), bug #139321

Package-Manager: portage-2.1-r2

5 files changed, 101 insertions, 5 deletions

diff --git a/sys-kernel/xen-sources/ChangeLog b/sys-kernel/xen-sources/ChangeLog
index 1d61a3f4533a..76c3b7a35781 100644
--- a/sys-kernel/xen-sources/ChangeLog
+++ b/sys-kernel/xen-sources/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-kernel/xen-sources
 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/xen-sources/ChangeLog,v 1.32 2006/08/15 11:30:13 aross Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/xen-sources/ChangeLog,v 1.33 2006/08/26 06:24:11 aross Exp $
+
+*xen-sources-2.6.16.26-r1 (26 Aug 2006)
+
+  26 Aug 2006; <aross@gentoo.org>
+  +files/xen-sources-2.6.16.26-CVE-2006-2935.patch,
+  +xen-sources-2.6.16.26-r1.ebuild:
+  Fix possible buffer overflow (CVE-2006-2935), bug #139321
 
   16 Aug 2006; Andrew Ross <aross@gentoo.org> metadata.xml:
   Add xen herd and remove chrb and agriffis as maintainers.
diff --git a/sys-kernel/xen-sources/Manifest b/sys-kernel/xen-sources/Manifest
index 41077117979d..e6c3f0a1a8ec 100644
--- a/sys-kernel/xen-sources/Manifest
+++ b/sys-kernel/xen-sources/Manifest
@@ -1,14 +1,22 @@
+AUX xen-sources-2.6.16.26-CVE-2006-2935.patch 987 RMD160 fd8896a08cbca676cc76ed713cd4e223d44ee0ba SHA1 fddc4204532f9a0e22e364bd4952b90e50de2ea3 SHA256 34eb3014c59ca234ff0ab0e22540fadb97f54d2cdca14743845820200a9245f3
+MD5 54151e6ebaffe8c0e120a81039a8ccda files/xen-sources-2.6.16.26-CVE-2006-2935.patch 987
+RMD160 fd8896a08cbca676cc76ed713cd4e223d44ee0ba files/xen-sources-2.6.16.26-CVE-2006-2935.patch 987
+SHA256 34eb3014c59ca234ff0ab0e22540fadb97f54d2cdca14743845820200a9245f3 files/xen-sources-2.6.16.26-CVE-2006-2935.patch 987
 DIST linux-2.6.16.tar.bz2 40845005 RMD160 af5c2f55733fadd2fdf8b00da55e7b31d516d4e8 SHA1 bef21cd5063a648f33a99a26f4742dd05eb4dca2 SHA256 1200dcc7e60fcdaf68618dba991917a47e41e67099e8b22143976ec972e2cad7
 DIST patch-2.6.16.26.bz2 59594 RMD160 4bf2a4db7aa6a3e04f381c2be9bd8ed2394dc1bf SHA1 bcdb7684626c2baa36b59ce594a05a0db3716593 SHA256 9439e071a4938aad379c514068cf3c6f100f49be209b5b6b1ab48f9aaf5ba0e0
 DIST xen-3.0.2-src.tgz 4933621 RMD160 34e4431a981891319f8a5ea0c3f604e7d8d7d7af SHA1 b7e797048b516f8b385afd3da9ae2eded1b8033a SHA256 f18ffab16a457fa721d11933c75f8288f6958c88c2669857c7c11d5107ba2951
+EBUILD xen-sources-2.6.16.26-r1.ebuild 1591 RMD160 017b57e94c079d9714136740042b6f85f78492c0 SHA1 de3bf8fb18f929defb3ffc896b6d6ede4f96a425 SHA256 670c516bf14b6c70232840efe7fe06d5300f9a2a57a22febe6224ad49fc72f80
+MD5 0509d037707611acd1b4f88babae4208 xen-sources-2.6.16.26-r1.ebuild 1591
+RMD160 017b57e94c079d9714136740042b6f85f78492c0 xen-sources-2.6.16.26-r1.ebuild 1591
+SHA256 670c516bf14b6c70232840efe7fe06d5300f9a2a57a22febe6224ad49fc72f80 xen-sources-2.6.16.26-r1.ebuild 1591
 EBUILD xen-sources-2.6.16.26.ebuild 1493 RMD160 c9af0104ef83a52f7e0ae743f0fc118e170e713e SHA1 ee0fc881c9898e0dfc77ec88c43ed8098881ecf6 SHA256 fa611f203c9427809f19215fc33663ea8a450b354149e5966422080d285fe513
 MD5 387804a4e1a8d611331f84f5ac48451b xen-sources-2.6.16.26.ebuild 1493
 RMD160 c9af0104ef83a52f7e0ae743f0fc118e170e713e xen-sources-2.6.16.26.ebuild 1493
 SHA256 fa611f203c9427809f19215fc33663ea8a450b354149e5966422080d285fe513 xen-sources-2.6.16.26.ebuild 1493
-MISC ChangeLog 5076 RMD160 bbe777ed0683b57bef177fda745bef594050274b SHA1 80fbfbcc615cda37026ae606009b365e53f9c278 SHA256 b7c619c03a53d65bd06d9ac99d668c7fea6a68eeeca4148730262ef978b3d679
-MD5 98cb4011f0150bbb2adbe4c2ea4e26b6 ChangeLog 5076
-RMD160 bbe777ed0683b57bef177fda745bef594050274b ChangeLog 5076
-SHA256 b7c619c03a53d65bd06d9ac99d668c7fea6a68eeeca4148730262ef978b3d679 ChangeLog 5076
+MISC ChangeLog 5300 RMD160 409bf5fcda0242500662d3019d516bb6a5d831e5 SHA1 453d59acdf6d1782dc630ad5aae314a1788208d4 SHA256 17ba3501d4972277ff1b26b3d14954be05befe1b603fe12b30ff781db99050c9
+MD5 c7e3802a606c96717392ae972ca5bfb4 ChangeLog 5300
+RMD160 409bf5fcda0242500662d3019d516bb6a5d831e5 ChangeLog 5300
+SHA256 17ba3501d4972277ff1b26b3d14954be05befe1b603fe12b30ff781db99050c9 ChangeLog 5300
 MISC metadata.xml 156 RMD160 bb062b1ba5554779dcfd0e73baf533ce9fbcdf68 SHA1 e6da014f2004758c7a806592ef9450489eebf593 SHA256 4a030777459245372bda9f7925f3a5ed3ef2b29b77e1a2971f3400ac2059b1e2
 MD5 559b4095659a2a2a489784de8a6ef95e metadata.xml 156
 RMD160 bb062b1ba5554779dcfd0e73baf533ce9fbcdf68 metadata.xml 156
@@ -16,3 +24,6 @@ SHA256 4a030777459245372bda9f7925f3a5ed3ef2b29b77e1a2971f3400ac2059b1e2 metadata
 MD5 4a35def291ade3b7fc27598438b74191 files/digest-xen-sources-2.6.16.26 717
 RMD160 a7397a617dd168b3415f792efb4f8459b8235e14 files/digest-xen-sources-2.6.16.26 717
 SHA256 2e376a6ddbbbc8c479d021719374dece65ad3c709984444f7d5f363a6a44fd05 files/digest-xen-sources-2.6.16.26 717
+MD5 4a35def291ade3b7fc27598438b74191 files/digest-xen-sources-2.6.16.26-r1 717
+RMD160 a7397a617dd168b3415f792efb4f8459b8235e14 files/digest-xen-sources-2.6.16.26-r1 717
+SHA256 2e376a6ddbbbc8c479d021719374dece65ad3c709984444f7d5f363a6a44fd05 files/digest-xen-sources-2.6.16.26-r1 717
diff --git a/sys-kernel/xen-sources/files/digest-xen-sources-2.6.16.26-r1 b/sys-kernel/xen-sources/files/digest-xen-sources-2.6.16.26-r1
new file mode 100644
index 000000000000..af033283d8f0
--- /dev/null
+++ b/sys-kernel/xen-sources/files/digest-xen-sources-2.6.16.26-r1
@@ -0,0 +1,9 @@
+MD5 9a91b2719949ff0856b40bc467fd47be linux-2.6.16.tar.bz2 40845005
+RMD160 af5c2f55733fadd2fdf8b00da55e7b31d516d4e8 linux-2.6.16.tar.bz2 40845005
+SHA256 1200dcc7e60fcdaf68618dba991917a47e41e67099e8b22143976ec972e2cad7 linux-2.6.16.tar.bz2 40845005
+MD5 7351957e10d4eddc0189a481a6c057ee patch-2.6.16.26.bz2 59594
+RMD160 4bf2a4db7aa6a3e04f381c2be9bd8ed2394dc1bf patch-2.6.16.26.bz2 59594
+SHA256 9439e071a4938aad379c514068cf3c6f100f49be209b5b6b1ab48f9aaf5ba0e0 patch-2.6.16.26.bz2 59594
+MD5 544eab940a0734a55459d648e5c3b224 xen-3.0.2-src.tgz 4933621
+RMD160 34e4431a981891319f8a5ea0c3f604e7d8d7d7af xen-3.0.2-src.tgz 4933621
+SHA256 f18ffab16a457fa721d11933c75f8288f6958c88c2669857c7c11d5107ba2951 xen-3.0.2-src.tgz 4933621
diff --git a/sys-kernel/xen-sources/files/xen-sources-2.6.16.26-CVE-2006-2935.patch b/sys-kernel/xen-sources/files/xen-sources-2.6.16.26-CVE-2006-2935.patch
new file mode 100644
index 000000000000..927d77d58dd3
--- /dev/null
+++ b/sys-kernel/xen-sources/files/xen-sources-2.6.16.26-CVE-2006-2935.patch
@@ -0,0 +1,28 @@
+From: Jens Axboe <axboe@suse.de>
+Date: Mon, 10 Jul 2006 11:44:08 +0000 (-0700)
+Subject: [PATCH] cdrom: fix bad cgc.buflen assignment
+X-Git-Tag: v2.6.18-rc2
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=454d6fbc48374be8f53b9bafaa86530cf8eb3bc1
+
+[PATCH] cdrom: fix bad cgc.buflen assignment
+
+The code really means to mask off the high bits, not assign 0xff.
+
+Signed-off-by: Jens Axboe <axboe@suse.de>
+Cc: Marcus Meissner <meissner@suse.de>
+Cc: <stable@kernel.org>
+Signed-off-by: Andrew Morton <akpm@osdl.org>
+Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+---
+
+--- a/drivers/cdrom/cdrom.c
++++ b/drivers/cdrom/cdrom.c
+@@ -1837,7 +1837,7 @@ static int dvd_read_bca(struct cdrom_dev
+ 	init_cdrom_command(&cgc, buf, sizeof(buf), CGC_DATA_READ);
+ 	cgc.cmd[0] = GPCMD_READ_DVD_STRUCTURE;
+ 	cgc.cmd[7] = s->type;
+-	cgc.cmd[9] = cgc.buflen = 0xff;
++	cgc.cmd[9] = cgc.buflen & 0xff;
+ 
+ 	if ((ret = cdo->generic_packet(cdi, &cgc)))
+ 		return ret;
diff --git a/sys-kernel/xen-sources/xen-sources-2.6.16.26-r1.ebuild b/sys-kernel/xen-sources/xen-sources-2.6.16.26-r1.ebuild
new file mode 100644
index 000000000000..4eb5705e47c6
--- /dev/null
+++ b/sys-kernel/xen-sources/xen-sources-2.6.16.26-r1.ebuild
@@ -0,0 +1,41 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/xen-sources/xen-sources-2.6.16.26-r1.ebuild,v 1.1 2006/08/26 06:24:11 aross Exp $
+
+ETYPE="sources"
+inherit kernel-2 eutils
+detect_arch
+detect_version
+[ "${PR}" == "r0" ] && KV=${PV/_/-}-xen || KV=${PV/_/-}-xen-${PR}
+
+DESCRIPTION="Full sources for a dom0/domU Linux kernel to run under Xen"
+HOMEPAGE="http://www.cl.cam.ac.uk/Research/SRG/netos/xen/index.html"
+#REV="8738"
+#MY_P="xen-3.0-testing-${REV}"
+XEN_VERSION="3.0.2"
+MY_P="xen-${XEN_VERSION}"
+#SRC_URI="${KERNEL_URI} mirror://gentoo/${MY_P}.tar.bz2"
+SRC_URI="${KERNEL_URI} mirror://kernel/linux/kernel/v${KV_MAJOR}.${KV_MINOR}/patch-${PV}.bz2 http://www.cl.cam.ac.uk/Research/SRG/netos/xen/downloads/xen-${XEN_VERSION}-src.tgz"
+
+KEYWORDS="~x86 ~amd64"
+DEPEND="~app-emulation/xen-${XEN_VERSION}"
+S="${WORKDIR}"
+RESTRICT="nostrip"
+XEN_KV=${KV_MAJOR}.${KV_MINOR}.${KV_PATCH}
+
+src_unpack() {
+	unpack ${A}
+	cd ${MY_P}
+	mv "${WORKDIR}"/patch-${PV} patches/linux-${XEN_KV}/linux-${PV}.patch \
+		|| die "failed to mv ${WORKDIR}/patch-${PV}"
+	sed -e 's:relative_lndir \([^(].*\):cp -dpPR \1/* .:' \
+		-i linux-2.6-xen-sparse/mkbuildtree || die
+	make LINUX_SRC_PATH=${DISTDIR} -f buildconfigs/mk.linux-2.6-xen \
+		linux-${XEN_KV}-xen/include/linux/autoconf.h || die
+	mv linux-${XEN_KV}-xen  ${WORKDIR}/linux-${KV} || die
+	rm -rf ${WORKDIR}/linux-${XEN_KV} || die
+	rm -rf ${WORKDIR}/${MY_P} || die
+
+	cd "${WORKDIR}/linux-${PV}-xen${PR:+-${PR}}"
+	epatch "${FILESDIR}/${P}-CVE-2006-2935.patch"
+}