Added the patch for the mremap/munmap vulnerability. Bug #42024.

6 files changed, 109 insertions, 14 deletions

diff --git a/sys-kernel/gs-sources/ChangeLog b/sys-kernel/gs-sources/ChangeLog
index cbb60a480a9a..69fad5076e6a 100644
--- a/sys-kernel/gs-sources/ChangeLog
+++ b/sys-kernel/gs-sources/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for sys-kernel/gs-sources
-# Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gs-sources/ChangeLog,v 1.33 2004/01/24 05:27:37 livewire Exp $
+# Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gs-sources/ChangeLog,v 1.34 2004/02/18 19:56:45 plasmaroo Exp $
+
+*gs-sources-2.4.25_pre7-r2 (18 Feb 2004)
+
+  18 Feb 2004; <plasmaroo@gentoo.org> gs-sources-2.4.25_pre7-r2.ebuild,
+  files/gs-sources.munmap.patch:
+  Added the patch for the mremap/munmap vulnerability. Bug #42024.
 
 *gs-sources-2.4.25_pre7-r1 (24 Jan 2004)
 
diff --git a/sys-kernel/gs-sources/Manifest b/sys-kernel/gs-sources/Manifest
index bcc5cab1d7dc..f285b87cacbe 100644
--- a/sys-kernel/gs-sources/Manifest
+++ b/sys-kernel/gs-sources/Manifest
@@ -1,18 +1,21 @@
+MD5 eadacda7aaad84518a0b742f43c0221e ChangeLog 6473
+MD5 8f73a28502c8d6379b63319faf853169 gs-sources-2.4.25_pre7-r2.ebuild 2045
 MD5 0b55d7ced9b928c9807df53ba3bd844f gs-sources-2.4.23_pre8-r2.ebuild 2197
+MD5 f7f093c841a07dcb1b6fbd9cf21e9b7c gs-sources-2.4.25_pre7-r1.ebuild 1957
+MD5 4df72e65b139d3e4c18bec81f3a561df metadata.xml 227
+MD5 e4fa233bf2ec7980c3bbf34e3447916c gs-sources-2.4.25_pre6.ebuild 1950
 MD5 f8446bbc2165fc60adcc98d46b4a4a78 gs-sources-2.4.25_pre7.ebuild 1951
-MD5 56af532cdd48de955492ed2b19f0ea59 gs-sources-2.4.25_pre7-r1.ebuild 1957
-MD5 6bf6dee493cfb64f284ccd4d4fa49897 ChangeLog 6257
 MD5 185dc4dd817ed6c8909bd8709d990784 gs-sources-2.4.23_pre8-r1.ebuild 2011
-MD5 e4fa233bf2ec7980c3bbf34e3447916c gs-sources-2.4.25_pre6.ebuild 1950
-MD5 4df72e65b139d3e4c18bec81f3a561df metadata.xml 227
-MD5 453c6a41c6c505e5f04c3885f54278c7 files/gs-sources-2.4.23_pre8-af_irda.patch 701
-MD5 968253d8d1e89885c1931bc599aac380 files/digest-gs-sources-2.4.25_pre6 144
-MD5 8f9a994ab4629eb140948142fad4a42a files/digest-gs-sources-2.4.25_pre7 144
+MD5 a56ba93e6d5df0f6298e9fc3b517424b files/digest-gs-sources-2.4.23_pre8-r1 144
+MD5 302215db36238af65fd57bd22db6d7ed files/digest-gs-sources-2.4.25_pre7-r1 147
+MD5 517fc1b71501382d041ce0bdfe304511 files/00_3.5-useraddress.patch 7247
+MD5 174438d215b70cad5ffb00ca8123c062 files/gs-sources.munmap.patch 837
 MD5 e2e2b545b6fcdcecf49e33798efa5b84 files/gs-sources.rtc_fix.patch 7073
+MD5 8f9a994ab4629eb140948142fad4a42a files/digest-gs-sources-2.4.25_pre7 144
 MD5 a3ec1083055b245758b2262dd2245145 files/pci.ids.patch 3376
 MD5 e77a93fdf26f06cf3ea5080b27211725 files/gs-sources.CAN-2003-0985.patch 414
-MD5 a56ba93e6d5df0f6298e9fc3b517424b files/digest-gs-sources-2.4.23_pre8-r1 144
+MD5 453c6a41c6c505e5f04c3885f54278c7 files/gs-sources-2.4.23_pre8-af_irda.patch 701
+MD5 302215db36238af65fd57bd22db6d7ed files/digest-gs-sources-2.4.25_pre7-r2 147
 MD5 a56ba93e6d5df0f6298e9fc3b517424b files/digest-gs-sources-2.4.23_pre8-r2 144
+MD5 968253d8d1e89885c1931bc599aac380 files/digest-gs-sources-2.4.25_pre6 144
 MD5 e637c6fa41097ea2c4693d0766f2e1c5 files/do_brk_fix.patch 242
-MD5 302215db36238af65fd57bd22db6d7ed files/digest-gs-sources-2.4.25_pre7-r1 147
-MD5 517fc1b71501382d041ce0bdfe304511 files/00_3.5-useraddress.patch 7247
diff --git a/sys-kernel/gs-sources/files/digest-gs-sources-2.4.25_pre7-r2 b/sys-kernel/gs-sources/files/digest-gs-sources-2.4.25_pre7-r2
new file mode 100644
index 000000000000..f55b28665921
--- /dev/null
+++ b/sys-kernel/gs-sources/files/digest-gs-sources-2.4.25_pre7-r2
@@ -0,0 +1,2 @@
+MD5 1e055c42921b2396a559d84df4c3d9aa linux-2.4.24.tar.bz2 29837818
+MD5 b495ed667a518227f82e76229b9f23e6 patches-2.4.25_pre7-gss-r1.tar.bz2 2475971
diff --git a/sys-kernel/gs-sources/files/gs-sources.munmap.patch b/sys-kernel/gs-sources/files/gs-sources.munmap.patch
new file mode 100644
index 000000000000..e120b35b7adb
--- /dev/null
+++ b/sys-kernel/gs-sources/files/gs-sources.munmap.patch
@@ -0,0 +1,27 @@
+diff -ur linux-2.4.25-rc3/mm/mremap.c linux-2.4.25-rc4/mm/mremap.c
+--- linux-2.4.25-rc3/mm/mremap.c	2004-02-18 13:56:01.000000000 +0000
++++ linux-2.4.25-rc4/mm/mremap.c	2004-02-18 13:49:08.000000000 +0000
+@@ -258,16 +258,20 @@
+ 		if ((addr <= new_addr) && (addr+old_len) > new_addr)
+ 			goto out;
+ 
+-		do_munmap(current->mm, new_addr, new_len);
++		ret = do_munmap(current->mm, new_addr, new_len);
++		if (ret && new_len)
++			goto out;
+ 	}
+ 
+ 	/*
+ 	 * Always allow a shrinking remap: that just unmaps
+ 	 * the unnecessary pages..
+ 	 */
+-	ret = addr;
+ 	if (old_len >= new_len) {
+-		do_munmap(current->mm, addr+new_len, old_len - new_len);
++		ret = do_munmap(current->mm, addr+new_len, old_len - new_len);
++		if (ret && old_len != new_len)
++			goto out;
++		ret = addr;
+ 		if (!(flags & MREMAP_FIXED) || (new_addr == addr))
+ 			goto out;
+ 	}
diff --git a/sys-kernel/gs-sources/gs-sources-2.4.25_pre7-r1.ebuild b/sys-kernel/gs-sources/gs-sources-2.4.25_pre7-r1.ebuild
index 01e81eceb4e4..1aadbdfb2a0d 100644
--- a/sys-kernel/gs-sources/gs-sources-2.4.25_pre7-r1.ebuild
+++ b/sys-kernel/gs-sources/gs-sources-2.4.25_pre7-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gs-sources/gs-sources-2.4.25_pre7-r1.ebuild,v 1.1 2004/01/24 05:27:37 livewire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gs-sources/gs-sources-2.4.25_pre7-r1.ebuild,v 1.2 2004/02/18 19:56:45 plasmaroo Exp $
 
 IUSE="build crypt"
 
@@ -32,7 +32,7 @@ DESCRIPTION="This kernel stays up to date with current kernel -pres,
 	superfreeswan,preempt, and various hw fixes."
 SRC_URI="mirror://kernel/linux/kernel/v2.4/linux-${OKV}.tar.bz2
 	 mirror://gentoo/patches-${KV}.tar.bz2"
-KEYWORDS="~x86 -ppc -sparc "
+KEYWORDS="x86 -ppc -sparc "
 SLOT="${KV}"
 
 src_unpack() {
diff --git a/sys-kernel/gs-sources/gs-sources-2.4.25_pre7-r2.ebuild b/sys-kernel/gs-sources/gs-sources-2.4.25_pre7-r2.ebuild
new file mode 100644
index 000000000000..7897face0359
--- /dev/null
+++ b/sys-kernel/gs-sources/gs-sources-2.4.25_pre7-r2.ebuild
@@ -0,0 +1,57 @@
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gs-sources/gs-sources-2.4.25_pre7-r2.ebuild,v 1.1 2004/02/18 19:56:45 plasmaroo Exp $
+
+IUSE="build crypt"
+
+# OKV=original kernel version, KV=patched kernel version.  They can be the same.
+
+# Kernel ebuilds using the kernel.eclass can remove any patch that you
+# do not want to apply by simply setting the KERNEL_EXCLUDE shell
+# variable to the string you want to exclude (for instance
+# KERNEL_EXCLUDE="evms" would not patch any patches whose names match
+# *evms*).  Kernels are only tested in the default configuration, but
+# this may be useful if you know that a particular patch is causing a
+# conflict with a patch you personally want to apply, or some other
+# similar situation.
+
+ETYPE="sources"
+
+inherit kernel
+PROVIDE="virtual/linux-sources virtual/winkernel"
+OKV=2.4.24
+EXTRAVERSION=_pre7-gss-r2
+KV=2.4.25_pre7-gss-r2
+S=${WORKDIR}/linux-${KV}
+
+# Documentation on the patches contained in this kernel will be installed
+# to /usr/share/doc/gs-sources-${PV}/patches.txt.gz
+
+DESCRIPTION="This kernel stays up to date with current kernel -pres,
+	with recent acpi,evms,win4lin,futexes,aic79xx,
+	superfreeswan,preempt, and various hw fixes."
+SRC_URI="mirror://kernel/linux/kernel/v2.4/linux-${OKV}.tar.bz2
+	 mirror://gentoo/patches-${KV/r2/r1}.tar.bz2"
+KEYWORDS="x86 -ppc -sparc"
+SLOT="${KV}"
+
+src_unpack() {
+	unpack ${A}
+	mv linux-${OKV} linux-${KV} || die
+	cd ${KV/r2/r1} || die
+	# Kill patches we aren't suppposed to use, don't worry about
+	# failures, if they aren't there that is a good thing!
+	# This is the ratified crypt USE flag, enables IPSEC and patch-int
+	if [ -z "`use crypt`" ]; then
+		einfo "No Cryptographic support, dropping patches..."
+		for file in 8*;do
+			einfo "Dropping ${file}..."
+			rm -f ${file}
+		done
+	else
+		einfo "Cryptographic support enabled..."
+	fi
+
+	kernel_src_unpack
+	epatch ${FILESDIR}/${PN}.munmap.patch || die "Failed to apply munmap patch!"
+}