diff options
Diffstat (limited to 'sys-kernel/grsec-sources')
16 files changed, 22 insertions, 1085 deletions
diff --git a/sys-kernel/grsec-sources/ChangeLog b/sys-kernel/grsec-sources/ChangeLog index 71c201815ba4..1d6efbb98c2b 100644 --- a/sys-kernel/grsec-sources/ChangeLog +++ b/sys-kernel/grsec-sources/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for sys-kernel/grsec-sources # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.54 2005/04/28 21:22:14 gustavoz Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.55 2005/04/29 12:36:37 solar Exp $ + + 29 Apr 2005; <solar@gentoo.org> -files/2.4.26-CAN-2004-0394.patch, + -files/2.4.27-cmdline-race.patch, -files/2.4.28-binfmt_a.out.patch, + -files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch, + -files/2.4.28-uselib4pax.patch, -files/2.4.29-CAN-2005-0001.patch, + -files/CAN-2004-1016.patch, -files/CAN-2004-1074.patch, + -files/CAN-2004-1335.patch, -files/gentoo-sources-2.4.CAN-2004-1137.patch, + -grsec-sources-2.4.29.2.1.3.ebuild, -grsec-sources-2.4.29.2.1.4.ebuild: + - ebuild and filesdir cleanup. This is the last planned grsec-sources, see + http://marc.theaimsgroup.com/?l=gentoo-hardened&m=111419177808622&w=2 for more + info 28 Apr 2005; Gustavo Zacarias <gustavoz@gentoo.org> grsec-sources-2.4.30.2.1.5.ebuild: diff --git a/sys-kernel/grsec-sources/Manifest b/sys-kernel/grsec-sources/Manifest index 3b3f2e78a606..c043ba36b647 100644 --- a/sys-kernel/grsec-sources/Manifest +++ b/sys-kernel/grsec-sources/Manifest @@ -1,31 +1,19 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -MD5 416d756b4496f062d49cb748c6410fb4 ChangeLog 11730 -MD5 0b2ea9b53b5d526e39afbdc5040ff07a metadata.xml 487 MD5 a7207fc0f80889ad23137af4c81bee97 grsec-sources-2.4.30.2.1.5.ebuild 1589 -MD5 2a4a5d00823f2d2950ca3b89f8a7e06a grsec-sources-2.4.29.2.1.3.ebuild 1858 -MD5 70696d6b8d7907edbe5b8fbb5def5e37 grsec-sources-2.4.29.2.1.4.ebuild 1903 -MD5 b293289df61d6f42ff54e4e0ceae53cf files/2.4.24-x86.config 2397 -MD5 3dac23b6e285462a7cda41505cc698e1 files/2.4.26-CAN-2004-0394.patch 319 -MD5 4a0215139f9aebfe2cc2747743763f08 files/2.4.28-binfmt_a.out.patch 1887 -MD5 6aa8f7a7c2d55734389b53d3bcf78570 files/CAN-2004-1016.patch 2835 -MD5 d1ccc2047be533c992f67270a150a210 files/2.4.27-cmdline-race.patch 388 +MD5 79a9a050f20a8d4de550993d73cc43c8 ChangeLog 12363 +MD5 0b2ea9b53b5d526e39afbdc5040ff07a metadata.xml 487 +MD5 0adbefda5e0d752b23dd2f930e6f6bbf files/linux-2.4.28-random-poolsize.patch 452 MD5 2c122c506c654e3af5e7053232319eaa files/digest-grsec-sources-2.4.30.2.1.5 234 -MD5 9860d0e9e59d561a5573648f80547f7e files/CAN-2004-1335.patch 788 MD5 757ee1239c3f14645ccea3640d551e11 files/CAN-2004-1056.patch 11249 -MD5 4263daf594b58ea0c0b59e87afe3a7c9 files/CAN-2004-1074.patch 11121 -MD5 a0c6a4f388d0481b6e25bb12f71da868 files/digest-grsec-sources-2.4.29.2.1.3 231 -MD5 29e531cdd3f2effce5e31a1f2afb5b5d files/2.4.28-uselib4pax.patch 8912 -MD5 153b1ba98912172f66892de96a7d0bb4 files/digest-grsec-sources-2.4.29.2.1.4 235 -MD5 8c35751caf824a9dacb02e80d6189b2e files/gentoo-sources-2.4.CAN-2004-1137.patch 1764 -MD5 0adbefda5e0d752b23dd2f930e6f6bbf files/linux-2.4.28-random-poolsize.patch 452 -MD5 1efe4024e443e60db5fd9b21b22fabd2 files/2.4.29-CAN-2005-0001.patch 1724 -MD5 b1f723b1661a3fcbe79e921ddfe40584 files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch 1202 +MD5 b293289df61d6f42ff54e4e0ceae53cf files/2.4.24-x86.config 2397 -----BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.1-ecc0.1.6 (GNU/Linux) +Version: GnuPG v1.4.0 (GNU/Linux) -iD8DBQFCcVQJKRy60XGEcJIRAivBAJ0Tv1yR46ney43A8eFOZVSjOcpMGgCfWlzl -kkTDeCO9d1i8/f9KFk9HCgI= -=RGUq +iQCVAwUBQnIqFZ4WFLgrx1GWAQLUnwP+Lld0nDFVeeDapAu0uO43OECmXz6i8nv4 +6zM9vSGyZGI3ack5mxjXhMn//M1tNbqoaaGDWIv8gYG/x3jQq/1ZDg7DvZPdD5eq +MDx99KgJH7vR/QWZPSq2HSnfdjOIQ83deW1fUISKpVDp3VFYqOhofo/TDEF7dABb +Q3SO6FkXkyE= +=ksre -----END PGP SIGNATURE----- diff --git a/sys-kernel/grsec-sources/files/2.4.26-CAN-2004-0394.patch b/sys-kernel/grsec-sources/files/2.4.26-CAN-2004-0394.patch deleted file mode 100644 index 7b12ecbccce1..000000000000 --- a/sys-kernel/grsec-sources/files/2.4.26-CAN-2004-0394.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- linux/kernel/panic.c Tue Mar 30 15:37:18 2004 -+++ linux/kernel/panic.c Mon May 17 18:44:01 2004 -@@ -51,7 +51,7 @@ - - bust_spinlocks(1); - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - printk(KERN_EMERG "Kernel panic: %s\n",buf); - if (in_interrupt()) diff --git a/sys-kernel/grsec-sources/files/2.4.27-cmdline-race.patch b/sys-kernel/grsec-sources/files/2.4.27-cmdline-race.patch deleted file mode 100644 index 5f26f7f388f6..000000000000 --- a/sys-kernel/grsec-sources/files/2.4.27-cmdline-race.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- linux-2.4/fs/proc/base.c 2004-04-15 07:09:32.000000000 +0100 -+++ linux-2.4/fs/proc/base.c.plasmaroo 2004-08-09 23:30:43.869195800 +0100 -@@ -187,7 +187,7 @@ static int proc_pid_cmdline(struct task_ - if (mm) - atomic_inc(&mm->mm_users); - task_unlock(task); -- if (mm) { -+ if (mm && mm->arg_end) { - int len = mm->arg_end - mm->arg_start; - if (len > PAGE_SIZE) - len = PAGE_SIZE; diff --git a/sys-kernel/grsec-sources/files/2.4.28-binfmt_a.out.patch b/sys-kernel/grsec-sources/files/2.4.28-binfmt_a.out.patch deleted file mode 100644 index 16e06c44b5b4..000000000000 --- a/sys-kernel/grsec-sources/files/2.4.28-binfmt_a.out.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -Nru linux-2.4.28/fs/binfmt_aout.c linux-2.4.28-hardened/fs/binfmt_aout.c ---- linux-2.4.28/fs/binfmt_aout.c 2004-11-28 15:44:03.000000000 -0500 -+++ linux-2.4.28-hardened/fs/binfmt_aout.c 2004-11-28 16:05:16.000000000 -0500 -@@ -39,13 +39,18 @@ - NULL, THIS_MODULE, load_aout_binary, load_aout_library, aout_core_dump, PAGE_SIZE - }; - --static void set_brk(unsigned long start, unsigned long end) -+#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) -+ -+static int set_brk(unsigned long start, unsigned long end) - { - start = PAGE_ALIGN(start); - end = PAGE_ALIGN(end); -- if (end <= start) -- return; -- do_brk(start, end - start); -+ if (end > start) { -+ unsigned long addr = do_brk(start, end - start); -+ if (BAD_ADDR(addr)) -+ return addr; -+ } -+ return 0; - } - - /* -@@ -429,7 +434,11 @@ - beyond_if: - set_binfmt(&aout_format); - -- set_brk(current->mm->start_brk, current->mm->brk); -+ retval = set_brk(current->mm->start_brk, current->mm->brk); -+ if (retval < 0) { -+ send_sig(SIGKILL, current, 0); -+ return retval; -+ } - - retval = setup_arg_pages(bprm); - if (retval < 0) { -diff -Nru linux-2.4.28/fs/exec.c linux-2.4.28-hardened/fs/exec.c ---- linux-2.4.28/fs/exec.c 2004-11-28 15:44:03.000000000 -0500 -+++ linux-2.4.28-hardened/fs/exec.c 2004-11-28 16:05:16.000000000 -0500 -@@ -387,6 +387,7 @@ - - down_write(¤t->mm->mmap_sem); - { -+ struct vm_area_struct *vma; - mpnt->vm_mm = current->mm; - mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p; - mpnt->vm_end = STACK_TOP; -@@ -401,6 +402,12 @@ - mpnt->vm_pgoff = 0; - mpnt->vm_file = NULL; - mpnt->vm_private_data = (void *) 0; -+ vma = find_vma(current->mm, mpnt->vm_start); -+ if (vma) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return -ENOMEM; -+ } - insert_vm_struct(current->mm, mpnt); - current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - diff --git a/sys-kernel/grsec-sources/files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch b/sys-kernel/grsec-sources/files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch deleted file mode 100644 index baf4907aba34..000000000000 --- a/sys-kernel/grsec-sources/files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch +++ /dev/null @@ -1,44 +0,0 @@ ---- mm/mmap.c.orig 2005-03-05 13:29:06.000000000 -0500 -+++ mm/mmap.c 2005-03-05 13:33:51.000000000 -0500 -@@ -1014,7 +1014,7 @@ - * we just free'd - but there's no telling how much before. - */ - static void free_pgtables(struct mm_struct * mm, struct vm_area_struct *prev, -- unsigned long start, unsigned long end) -+ struct vm_area_struct *mpnt, unsigned long start, unsigned long end) - { - unsigned long first = start & PGDIR_MASK; - unsigned long last = end + PGDIR_SIZE - 1; -@@ -1046,6 +1046,14 @@ - break; - } - no_mmaps: -+ while (mpnt && first < last) { -+ if ((mpnt->vm_end > first) &&(last > mpnt->vm_start)) { -+ first = mpnt->vm_end + PGDIR_SIZE - 1; -+ last = mpnt->vm_start; -+ } -+ mpnt = mpnt->vm_next; -+ } -+ - if (last < first) - return; - /* -@@ -1106,7 +1114,7 @@ - extra = unmap_vma(mm, addr, len, mpnt, extra); - } - -- free_pgtables(mm, prev, addr, addr+len); -+ free_pgtables(mm, prev, NULL, addr, addr+len); - - return extra; - } -@@ -1130,7 +1138,7 @@ - find_vma_prev(mm, mpnt->vm_start, &prev); - extra_m = unmap_vma(mm, addr_m, len, mpnt, extra_m); - -- free_pgtables(mm, prev, start, end); -+ free_pgtables(mm, prev, free_m, start, end); - } - - return extra_m; diff --git a/sys-kernel/grsec-sources/files/2.4.28-uselib4pax.patch b/sys-kernel/grsec-sources/files/2.4.28-uselib4pax.patch deleted file mode 100644 index c275b0b1649e..000000000000 --- a/sys-kernel/grsec-sources/files/2.4.28-uselib4pax.patch +++ /dev/null @@ -1,265 +0,0 @@ -diff -ur linux-2.4.28-gentoo-r4/arch/mips/kernel/irixelf.c linux-2.4.28-gentoo-r5/arch/mips/kernel/irixelf.c ---- linux-2.4.28-gentoo-r4/arch/mips/kernel/irixelf.c 2005-01-07 20:33:12.000000000 +0000 -+++ linux-2.4.28-gentoo-r5/arch/mips/kernel/irixelf.c 2005-01-07 20:20:32.000000000 +0000 -@@ -130,7 +130,7 @@ - end = PAGE_ALIGN(end); - if (end <= start) - return; -- do_brk(start, end - start); -+ do_brk_locked(start, end - start); - } - - -@@ -379,7 +379,7 @@ - - /* Map the last of the bss segment */ - if (last_bss > len) { -- do_brk(len, (last_bss - len)); -+ do_brk_locked(len, (last_bss - len)); - } - kfree(elf_phdata); - -@@ -567,7 +567,7 @@ - unsigned long v; - struct prda *pp; - -- v = do_brk (PRDA_ADDRESS, PAGE_SIZE); -+ v = do_brk_locked (PRDA_ADDRESS, PAGE_SIZE); - - if (v < 0) - return; -@@ -859,7 +859,7 @@ - len = (elf_phdata->p_filesz + elf_phdata->p_vaddr+ 0xfff) & 0xfffff000; - bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; - if (bss > len) -- do_brk(len, bss-len); -+ do_brk_locked(len, bss-len); - kfree(elf_phdata); - return 0; - } -diff -ur linux-2.4.28-gentoo-r4/arch/sparc64/kernel/binfmt_aout32.c linux-2.4.28-gentoo-r5/arch/sparc64/kernel/binfmt_aout32.c ---- linux-2.4.28-gentoo-r4/arch/sparc64/kernel/binfmt_aout32.c 2005-01-07 20:33:12.000000000 +0000 -+++ linux-2.4.28-gentoo-r5/arch/sparc64/kernel/binfmt_aout32.c 2005-01-07 20:20:32.000000000 +0000 -@@ -49,7 +49,7 @@ - end = PAGE_ALIGN(end); - if (end <= start) - return; -- do_brk(start, end - start); -+ do_brk_locked(start, end - start); - } - - /* -@@ -246,10 +246,10 @@ - if (N_MAGIC(ex) == NMAGIC) { - loff_t pos = fd_offset; - /* Fuck me plenty... */ -- error = do_brk(N_TXTADDR(ex), ex.a_text); -+ error = do_brk_locked(N_TXTADDR(ex), ex.a_text); - bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), - ex.a_text, &pos); -- error = do_brk(N_DATADDR(ex), ex.a_data); -+ error = do_brk_locked(N_DATADDR(ex), ex.a_data); - bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex), - ex.a_data, &pos); - goto beyond_if; -@@ -257,7 +257,7 @@ - - if (N_MAGIC(ex) == OMAGIC) { - loff_t pos = fd_offset; -- do_brk(N_TXTADDR(ex) & PAGE_MASK, -+ do_brk_locked(N_TXTADDR(ex) & PAGE_MASK, - ex.a_text+ex.a_data + PAGE_SIZE - 1); - bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), - ex.a_text+ex.a_data, &pos); -@@ -272,7 +272,7 @@ - - if (!bprm->file->f_op->mmap) { - loff_t pos = fd_offset; -- do_brk(0, ex.a_text+ex.a_data); -+ do_brk_locked(0, ex.a_text+ex.a_data); - bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex), - ex.a_text+ex.a_data, &pos); - goto beyond_if; -@@ -388,7 +388,7 @@ - len = PAGE_ALIGN(ex.a_text + ex.a_data); - bss = ex.a_text + ex.a_data + ex.a_bss; - if (bss > len) { -- error = do_brk(start_addr + len, bss - len); -+ error = do_brk_locked(start_addr + len, bss - len); - retval = error; - if (error != start_addr + len) - goto out; -diff -ur linux-2.4.28-gentoo-r4/fs/binfmt_aout.c linux-2.4.28-gentoo-r5/fs/binfmt_aout.c ---- linux-2.4.28-gentoo-r4/fs/binfmt_aout.c 2005-01-07 20:33:12.000000000 +0000 -+++ linux-2.4.28-gentoo-r5/fs/binfmt_aout.c 2005-01-07 20:20:32.000000000 +0000 -@@ -46,7 +46,7 @@ - start = PAGE_ALIGN(start); - end = PAGE_ALIGN(end); - if (end > start) { -- unsigned long addr = do_brk(start, end - start); -+ unsigned long addr = do_brk_locked(start, end - start); - if (BAD_ADDR(addr)) - return addr; - } -@@ -341,10 +341,10 @@ - loff_t pos = fd_offset; - /* Fuck me plenty... */ - /* <AOL></AOL> */ -- error = do_brk(N_TXTADDR(ex), ex.a_text); -+ error = do_brk_locked(N_TXTADDR(ex), ex.a_text); - bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), - ex.a_text, &pos); -- error = do_brk(N_DATADDR(ex), ex.a_data); -+ error = do_brk_locked(N_DATADDR(ex), ex.a_data); - bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex), - ex.a_data, &pos); - goto beyond_if; -@@ -365,7 +365,7 @@ - map_size = ex.a_text+ex.a_data; - #endif - -- error = do_brk(text_addr & PAGE_MASK, map_size); -+ error = do_brk_locked(text_addr & PAGE_MASK, map_size); - if (error != (text_addr & PAGE_MASK)) { - send_sig(SIGKILL, current, 0); - return error; -@@ -399,7 +399,7 @@ - - if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { - loff_t pos = fd_offset; -- do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); -+ do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data); - bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex), - ex.a_text+ex.a_data, &pos); - flush_icache_range((unsigned long) N_TXTADDR(ex), -@@ -500,7 +500,7 @@ - error_time = jiffies; - } - -- do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss); -+ do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss); - - file->f_op->read(file, (char *)start_addr, - ex.a_text + ex.a_data, &pos); -@@ -524,7 +524,7 @@ - len = PAGE_ALIGN(ex.a_text + ex.a_data); - bss = ex.a_text + ex.a_data + ex.a_bss; - if (bss > len) { -- error = do_brk(start_addr + len, bss - len); -+ error = do_brk_locked(start_addr + len, bss - len); - retval = error; - if (error != start_addr + len) - goto out; -diff -ur linux-2.4.28-gentoo-r4/fs/binfmt_elf.c linux-2.4.28-gentoo-r5/fs/binfmt_elf.c ---- linux-2.4.28-gentoo-r4/fs/binfmt_elf.c 2005-01-07 20:33:12.000000000 +0000 -+++ linux-2.4.28-gentoo-r5/fs/binfmt_elf.c 2005-01-07 20:20:46.000000000 +0000 -@@ -88,6 +88,7 @@ static void set_brk(unsigned long start, - end = ELF_PAGEALIGN(end); - if (end <= start) - return; -+ down_write(¤t->mm->mmap_sem); - do_brk(start, end - start); - - #ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC -@@ -95,6 +96,7 @@ static void set_brk(unsigned long start, - __do_mmap_pgoff(NULL, ELF_PAGEALIGN(start + current->mm->delta_exec), 0UL, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_FIXED | MAP_MIRROR, start); - #endif - -+ up_write(¤t->mm->mmap_sem); - } - - -@@ -295,7 +297,9 @@ static unsigned long load_elf_interp(str - */ - if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr)) - goto out; -- if (interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr)) -+ -+ if (interp_elf_ex->e_phnum < 1 || -+ interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr)) - goto out; - - /* Now read in all of the header information */ -@@ -370,7 +370,7 @@ - - /* Map the last of the bss segment */ - if (last_bss > elf_bss) -- do_brk(elf_bss, last_bss - elf_bss); -+ do_brk_locked(elf_bss, last_bss - elf_bss); - - *interp_load_addr = load_addr; - error = ((unsigned long) interp_elf_ex->e_entry) + load_addr; -@@ -407,7 +407,7 @@ - goto out; - } - -- do_brk(0, text_data); -+ do_brk_locked(0, text_data); - if (!interpreter->f_op || !interpreter->f_op->read) - goto out; - if (interpreter->f_op->read(interpreter, addr, text_data, &offset) < 0) -@@ -415,7 +415,7 @@ - flush_icache_range((unsigned long)addr, - (unsigned long)addr + text_data); - -- do_brk(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), -+ do_brk_locked(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), - interp_ex->a_bss); - elf_entry = interp_ex->a_entry; - -@@ -1271,7 +1271,7 @@ - len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1); - bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; - if (bss > len) -- do_brk(len, bss - len); -+ do_brk_locked(len, bss - len); - error = 0; - - out_free_ph: -diff -ur linux-2.4.28-gentoo-r4/include/linux/mm.h linux-2.4.28-gentoo-r5/include/linux/mm.h ---- linux-2.4.28-gentoo-r4/include/linux/mm.h 2005-01-07 20:33:12.000000000 +0000 -+++ linux-2.4.28-gentoo-r5/include/linux/mm.h 2005-01-07 20:20:32.000000000 +0000 -@@ -601,6 +601,7 @@ - extern int do_munmap(struct mm_struct *, unsigned long, size_t); - - extern unsigned long do_brk(unsigned long, unsigned long); -+extern unsigned long do_brk_locked(unsigned long, unsigned long); - - static inline void __vma_unlink(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct * prev) - { -diff -ur linux-2.4.28-gentoo-r4/kernel/ksyms.c linux-2.4.28-gentoo-r5/kernel/ksyms.c ---- linux-2.4.28-gentoo-r4/kernel/ksyms.c 2005-01-07 20:33:12.000000000 +0000 -+++ linux-2.4.28-gentoo-r5/kernel/ksyms.c 2005-01-07 20:20:32.000000000 +0000 -@@ -90,6 +90,7 @@ - EXPORT_SYMBOL(__do_mmap_pgoff); - EXPORT_SYMBOL(do_munmap); - EXPORT_SYMBOL(do_brk); -+EXPORT_SYMBOL(do_brk_locked); - EXPORT_SYMBOL(exit_mm); - EXPORT_SYMBOL(exit_files); - EXPORT_SYMBOL(exit_fs); -diff -ur linux-2.4.28-gentoo-r4/mm/mmap.c linux-2.4.28-gentoo-r5/mm/mmap.c ---- linux-2.4.28-gentoo-r4/mm/mmap.c 2005-01-07 20:33:12.000000000 +0000 -+++ linux-2.4.28-gentoo-r5/mm/mmap.c 2005-01-07 20:20:32.000000000 +0000 -@@ -1401,6 +1401,21 @@ - return addr; - } - -+/* locking version of do_brk. */ -+unsigned long do_brk_locked(unsigned long addr, unsigned long len) -+{ -+ unsigned long ret; -+ -+ down_write(¤t->mm->mmap_sem); -+ ret = do_brk(addr, len); -+ up_write(¤t->mm->mmap_sem); -+ -+ return ret; -+} -+ -+ -+ -+ - /* Build the RB tree corresponding to the VMA list. */ - void build_mmap_rb(struct mm_struct * mm) - { diff --git a/sys-kernel/grsec-sources/files/2.4.29-CAN-2005-0001.patch b/sys-kernel/grsec-sources/files/2.4.29-CAN-2005-0001.patch deleted file mode 100644 index 6b687788f912..000000000000 --- a/sys-kernel/grsec-sources/files/2.4.29-CAN-2005-0001.patch +++ /dev/null @@ -1,44 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2005/01/12 09:14:50-02:00 marcelo.tosatti@cyclades.com -# [PATCH] Fix expand_stack() SMP race -# -# Description: Fix expand_stack() SMP race -# -# Two threads sharing the same VMA can race in expand_stack, resulting in incorrect VMA -# size accounting and possibly a "uncovered-by-VMA" pte leak. -# -# Fix is to check if the stack has already been expanded after acquiring a lock which -# guarantees exclusivity (page_table_lock in v2.4 and vma_anon lock in v2.6). -# -# include/linux/mm.h -# 2005/01/07 14:51:21-02:00 marcelo.tosatti@cyclades.com +10 -3 -# Fix expand_stack() SMP race -# -diff -Nru a/include/linux/mm.h b/include/linux/mm.h ---- a/include/linux/mm.h 2005-01-13 04:59:30 -08:00 -+++ b/include/linux/mm.h 2005-01-13 04:59:30 -08:00 -@@ -648,12 +648,19 @@ - unsigned long grow; - - /* -- * vma->vm_start/vm_end cannot change under us because the caller is required -- * to hold the mmap_sem in write mode. We need to get the spinlock only -- * before relocating the vma range ourself. -+ * vma->vm_start/vm_end cannot change under us because the caller -+ * is required to hold the mmap_sem in read mode. We need the -+ * page_table_lock lock to serialize against concurrent expand_stacks. - */ - address &= PAGE_MASK; - spin_lock(&vma->vm_mm->page_table_lock); -+ -+ /* already expanded while we were spinning? */ -+ if (vma->vm_start <= address) { -+ spin_unlock(&vma->vm_mm->page_table_lock); -+ return 0; -+ } -+ - grow = (vma->vm_start - address) >> PAGE_SHIFT; - if (vma->vm_end - address > current->rlim[RLIMIT_STACK].rlim_cur || - ((vma->vm_mm->total_vm + grow) << PAGE_SHIFT) > current->rlim[RLIMIT_AS].rlim_cur) { diff --git a/sys-kernel/grsec-sources/files/CAN-2004-1016.patch b/sys-kernel/grsec-sources/files/CAN-2004-1016.patch deleted file mode 100644 index aa25ac95ed61..000000000000 --- a/sys-kernel/grsec-sources/files/CAN-2004-1016.patch +++ /dev/null @@ -1,75 +0,0 @@ -===== include/linux/socket.h 1.12 vs edited ===== ---- 1.12/include/linux/socket.h 2004-09-09 06:40:01 +10:00 -+++ edited/include/linux/socket.h 2004-11-27 11:53:40 +11:00 -@@ -90,6 +90,10 @@ - (struct cmsghdr *)(ctl) : \ - (struct cmsghdr *)NULL) - #define CMSG_FIRSTHDR(msg) __CMSG_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen) -+#define CMSG_OK(mhdr, cmsg) ((cmsg)->cmsg_len >= sizeof(struct cmsghdr) && \ -+ (cmsg)->cmsg_len <= (unsigned long) \ -+ ((mhdr)->msg_controllen - \ -+ ((char *)(cmsg) - (char *)(mhdr)->msg_control))) - - /* - * This mess will go away with glibc -===== net/core/scm.c 1.10 vs edited ===== ---- 1.10/net/core/scm.c 2004-05-31 05:08:14 +10:00 -+++ edited/net/core/scm.c 2004-11-27 11:48:55 +11:00 -@@ -127,9 +127,7 @@ - for too short ancillary data object at all! Oops. - OK, let's add it... - */ -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) -+ if (!CMSG_OK(msg, cmsg)) - goto error; - - if (cmsg->cmsg_level != SOL_SOCKET) -===== net/ipv4/ip_sockglue.c 1.26 vs edited ===== ---- 1.26/net/ipv4/ip_sockglue.c 2004-07-01 06:10:53 +10:00 -+++ edited/net/ipv4/ip_sockglue.c 2004-11-27 11:49:45 +11:00 -@@ -146,11 +146,8 @@ - struct cmsghdr *cmsg; - - for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) - return -EINVAL; -- } - if (cmsg->cmsg_level != SOL_IP) - continue; - switch (cmsg->cmsg_type) { -===== net/ipv6/datagram.c 1.20 vs edited ===== ---- 1.20/net/ipv6/datagram.c 2004-11-10 17:57:03 +11:00 -+++ edited/net/ipv6/datagram.c 2004-11-27 11:51:15 +11:00 -@@ -427,9 +427,7 @@ - int addr_type; - struct net_device *dev = NULL; - -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) { - err = -EINVAL; - goto exit_f; - } -===== net/sctp/socket.c 1.129 vs edited ===== ---- 1.129/net/sctp/socket.c 2004-11-19 08:43:18 +11:00 -+++ edited/net/sctp/socket.c 2004-11-27 11:52:11 +11:00 -@@ -4098,12 +4098,8 @@ - for (cmsg = CMSG_FIRSTHDR(msg); - cmsg != NULL; - cmsg = CMSG_NXTHDR((struct msghdr*)msg, cmsg)) { -- /* Check for minimum length. The SCM code has this check. */ -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) - return -EINVAL; -- } - - /* Should we parse this header or ignore? */ - if (cmsg->cmsg_level != IPPROTO_SCTP) diff --git a/sys-kernel/grsec-sources/files/CAN-2004-1074.patch b/sys-kernel/grsec-sources/files/CAN-2004-1074.patch deleted file mode 100644 index 57fe2f42bfc0..000000000000 --- a/sys-kernel/grsec-sources/files/CAN-2004-1074.patch +++ /dev/null @@ -1,352 +0,0 @@ -diff -Nru linux-2.4.28/arch/ia64/ia32/binfmt_elf32.c linux-2.4.28-hardened/arch/ia64/ia32/binfmt_elf32.c ---- linux-2.4.28/arch/ia64/ia32/binfmt_elf32.c 2004-12-21 20:59:35.000000000 -0500 -+++ linux-2.4.28-hardened/arch/ia64/ia32/binfmt_elf32.c 2004-12-21 21:07:11.095515536 -0500 -@@ -105,7 +105,11 @@ - vma->vm_private_data = NULL; - down_write(¤t->mm->mmap_sem); - { -- insert_vm_struct(current->mm, vma); -+ if (insert_vm_struct(current->mm, vma)) { -+ kmem_cache_free(vm_area_cachep, vma); -+ up_write(¤t->mm->mmap_sem); -+ return; -+ } - } - up_write(¤t->mm->mmap_sem); - } -@@ -127,7 +131,11 @@ - vma->vm_private_data = NULL; - down_write(¤t->mm->mmap_sem); - { -- insert_vm_struct(current->mm, vma); -+ if (insert_vm_struct(current->mm, vma)) { -+ kmem_cache_free(vm_area_cachep, vma); -+ up_write(¤t->mm->mmap_sem); -+ return; -+ } - } - up_write(¤t->mm->mmap_sem); - } -@@ -174,7 +182,7 @@ - { - unsigned long stack_base; - struct vm_area_struct *mpnt; -- int i; -+ int i, ret; - - stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - -@@ -205,7 +213,11 @@ - mpnt->vm_pgoff = 0; - mpnt->vm_file = NULL; - mpnt->vm_private_data = 0; -- insert_vm_struct(current->mm, mpnt); -+ if ((ret = insert_vm_struct(current->mm, mpnt))) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -Nru linux-2.4.28/arch/ia64/kernel/perfmon.c linux-2.4.28-hardened/arch/ia64/kernel/perfmon.c ---- linux-2.4.28/arch/ia64/kernel/perfmon.c 2004-12-21 20:47:22.000000000 -0500 -+++ linux-2.4.28-hardened/arch/ia64/kernel/perfmon.c 2004-12-21 21:07:11.102514472 -0500 -@@ -967,7 +967,8 @@ - * now insert the vma in the vm list for the process, must be - * done with mmap lock held - */ -- insert_vm_struct(mm, vma); -+ if(insert_vm_struct(mm, vma)) /* Handle -ENOMEM et al. */ -+ goto error; - - mm->total_vm += size >> PAGE_SHIFT; - -diff -Nru linux-2.4.28/arch/ia64/mm/init.c linux-2.4.28-hardened/arch/ia64/mm/init.c ---- linux-2.4.28/arch/ia64/mm/init.c 2004-12-21 20:59:35.000000000 -0500 -+++ linux-2.4.28-hardened/arch/ia64/mm/init.c 2004-12-21 21:07:11.104514168 -0500 -@@ -105,7 +105,13 @@ - vma->vm_pgoff = 0; - vma->vm_file = NULL; - vma->vm_private_data = NULL; -- insert_vm_struct(current->mm, vma); -+ down_write(¤t->mm->mmap_sem); -+ if (insert_vm_struct(current->mm, vma)) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return; -+ } -+ up_write(¤t->mm->mmap_sem); - } - - /* map NaT-page at address zero to speed up speculative dereferencing of NULL: */ -@@ -117,7 +123,13 @@ - vma->vm_end = PAGE_SIZE; - vma->vm_page_prot = __pgprot(pgprot_val(PAGE_READONLY) | _PAGE_MA_NAT); - vma->vm_flags = VM_READ | VM_MAYREAD | VM_IO | VM_RESERVED; -- insert_vm_struct(current->mm, vma); -+ down_write(¤t->mm->mmap_sem); -+ if (insert_vm_struct(current->mm, vma)) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return; -+ } -+ up_write(¤t->mm->mmap_sem); - } - } - } -diff -Nru linux-2.4.28/arch/ppc/mm/fault.c linux-2.4.28-hardened/arch/ppc/mm/fault.c ---- linux-2.4.28/arch/ppc/mm/fault.c 2004-12-21 20:57:02.000000000 -0500 -+++ linux-2.4.28-hardened/arch/ppc/mm/fault.c 2004-12-21 21:07:11.107513712 -0500 -@@ -83,8 +83,10 @@ - nopage: pax_syscall_nopage, - }; - --static void pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) -+static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) - { -+ int ret; -+ - vma->vm_mm = current->mm; - vma->vm_start = addr; - vma->vm_end = addr + PAGE_SIZE; -@@ -94,8 +96,15 @@ - vma->vm_pgoff = 0UL; - vma->vm_file = NULL; - vma->vm_private_data = NULL; -- insert_vm_struct(current->mm, vma); -+ ret = insert_vm_struct(current->mm, vma); -+ if(ret != 0) -+ { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return ret; -+ } - ++current->mm->total_vm; -+ return 0; - } - #endif - -@@ -333,7 +342,8 @@ - return 1; - } - -- pax_insert_vma(vma, call_syscall); -+ if(pax_insert_vma(vma, call_syscall)) -+ return 1; /* VMA overlapping attempt; bye bye! */ - current->mm->call_syscall = call_syscall; - up_write(¤t->mm->mmap_sem); - -@@ -377,7 +387,8 @@ - return 1; - } - -- pax_insert_vma(vma, call_syscall); -+ if(pax_insert_vma(vma, call_syscall)) -+ return 1; /* VMA overlapping attempt; bye bye! */ - current->mm->call_syscall = call_syscall; - up_write(¤t->mm->mmap_sem); - -diff -Nru linux-2.4.28/arch/s390x/kernel/exec32.c linux-2.4.28-hardened/arch/s390x/kernel/exec32.c ---- linux-2.4.28/arch/s390x/kernel/exec32.c 2004-12-21 20:59:35.000000000 -0500 -+++ linux-2.4.28-hardened/arch/s390x/kernel/exec32.c 2004-12-21 21:07:11.109513408 -0500 -@@ -41,7 +41,7 @@ - { - unsigned long stack_base; - struct vm_area_struct *mpnt; -- int i; -+ int i, ret; - - stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - -@@ -65,7 +65,11 @@ - mpnt->vm_pgoff = 0; - mpnt->vm_file = NULL; - mpnt->vm_private_data = (void *) 0; -- insert_vm_struct(current->mm, mpnt); -+ if ((ret = insert_vm_struct(current->mm, mpnt))) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -Nru linux-2.4.28/arch/sparc/mm/fault.c linux-2.4.28-hardened/arch/sparc/mm/fault.c ---- linux-2.4.28/arch/sparc/mm/fault.c 2004-12-21 20:57:02.000000000 -0500 -+++ linux-2.4.28-hardened/arch/sparc/mm/fault.c 2004-12-21 21:07:11.111513104 -0500 -@@ -250,8 +250,10 @@ - nopage: pax_emuplt_nopage, - }; - --static void pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) -+static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) - { -+ int ret; -+ - vma->vm_mm = current->mm; - vma->vm_start = addr; - vma->vm_end = addr + PAGE_SIZE; -@@ -261,8 +263,15 @@ - vma->vm_pgoff = 0UL; - vma->vm_file = NULL; - vma->vm_private_data = NULL; -- insert_vm_struct(current->mm, vma); -+ ret = insert_vm_struct(current->mm, vma); -+ if(ret != 0) -+ { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return ret; -+ } - ++current->mm->total_vm; -+ return 0; - } - - /* -@@ -423,7 +432,8 @@ - return 1; - } - -- pax_insert_vma(vma, call_dl_resolve); -+ if(pax_insert_vma(vma, call_dl_resolve)) -+ return 1; /* VMA overlapping attempt; bye bye! */ - current->mm->call_dl_resolve = call_dl_resolve; - up_write(¤t->mm->mmap_sem); - -diff -Nru linux-2.4.28/arch/sparc64/mm/fault.c linux-2.4.28-hardened/arch/sparc64/mm/fault.c ---- linux-2.4.28/arch/sparc64/mm/fault.c 2004-12-21 20:57:02.000000000 -0500 -+++ linux-2.4.28-hardened/arch/sparc64/mm/fault.c 2004-12-21 21:07:11.117512192 -0500 -@@ -338,8 +338,10 @@ - nopage: pax_emuplt_nopage, - }; - --static void pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) -+static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) - { -+ int ret; -+ - vma->vm_mm = current->mm; - vma->vm_start = addr; - vma->vm_end = addr + PAGE_SIZE; -@@ -349,8 +351,15 @@ - vma->vm_pgoff = 0UL; - vma->vm_file = NULL; - vma->vm_private_data = NULL; -- insert_vm_struct(current->mm, vma); -+ ret = insert_vm_struct(current->mm, vma); -+ if(ret != 0) -+ { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return ret; -+ } - ++current->mm->total_vm; -+ return 0; - } - #endif - -@@ -633,7 +642,8 @@ - return 1; - } - -- pax_insert_vma(vma, call_dl_resolve); -+ if(pax_insert_vma(vma, call_dl_resolve)) -+ return 1; /* VMA overlapping attempt; bye bye! */ - current->mm->call_dl_resolve = call_dl_resolve; - up_write(¤t->mm->mmap_sem); - -diff -Nru linux-2.4.28/arch/x86_64/ia32/ia32_binfmt.c linux-2.4.28-hardened/arch/x86_64/ia32/ia32_binfmt.c ---- linux-2.4.28/arch/x86_64/ia32/ia32_binfmt.c 2004-12-21 20:59:35.000000000 -0500 -+++ linux-2.4.28-hardened/arch/x86_64/ia32/ia32_binfmt.c 2004-12-21 21:07:11.122511432 -0500 -@@ -243,7 +243,7 @@ - { - unsigned long stack_base; - struct vm_area_struct *mpnt; -- int i; -+ int i, ret; - - stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - -@@ -274,7 +274,11 @@ - mpnt->vm_pgoff = 0; - mpnt->vm_file = NULL; - mpnt->vm_private_data = (void *) 0; -- insert_vm_struct(current->mm, mpnt); -+ if ((ret = insert_vm_struct(current->mm, mpnt))) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -Nru linux-2.4.28/include/linux/mm.h linux-2.4.28-hardened/include/linux/mm.h ---- linux-2.4.28/include/linux/mm.h 2004-12-21 20:59:35.000000000 -0500 -+++ linux-2.4.28-hardened/include/linux/mm.h 2004-12-21 21:07:11.000000000 -0500 -@@ -568,7 +568,7 @@ - /* mmap.c */ - extern void lock_vma_mappings(struct vm_area_struct *); - extern void unlock_vma_mappings(struct vm_area_struct *); --extern void insert_vm_struct(struct mm_struct *, struct vm_area_struct *); -+extern int insert_vm_struct(struct mm_struct *, struct vm_area_struct *); - extern void __insert_vm_struct(struct mm_struct *, struct vm_area_struct *); - extern void build_mmap_rb(struct mm_struct *); - extern void exit_mmap(struct mm_struct *); -diff -Nru linux-2.4.28/mm/mmap.c linux-2.4.28-hardened/mm/mmap.c ---- linux-2.4.28/mm/mmap.c 2004-12-21 20:59:35.000000000 -0500 -+++ linux-2.4.28-hardened/mm/mmap.c 2004-12-21 21:07:11.000000000 -0500 -@@ -1478,14 +1478,15 @@ - validate_mm(mm); - } - --void insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) -+int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) - { - struct vm_area_struct * __vma, * prev; - rb_node_t ** rb_link, * rb_parent; - - __vma = find_vma_prepare(mm, vma->vm_start, &prev, &rb_link, &rb_parent); - if (__vma && __vma->vm_start < vma->vm_end) -- BUG(); -+ return -ENOMEM; - vma_link(mm, vma, prev, rb_link, rb_parent); - validate_mm(mm); -+ return 0; - } ---- linux-2.4.28-grsec/fs/exec.c 2004-12-24 15:27:42.000000000 -0500 -+++ linux-2.4.28-grsec-2.0.2/fs/exec.c 2004-12-24 15:47:07.208307624 -0500 -@@ -358,7 +358,7 @@ - { - unsigned long stack_base; - struct vm_area_struct *mpnt; -- int i; -+ int i, ret; - - #ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC - struct vm_area_struct *mpnt_m = NULL; -@@ -387,7 +387,6 @@ - - down_write(¤t->mm->mmap_sem); - { -- struct vm_area_struct *vma; - mpnt->vm_mm = current->mm; - mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p; - mpnt->vm_end = STACK_TOP; -@@ -402,13 +401,11 @@ - mpnt->vm_pgoff = 0; - mpnt->vm_file = NULL; - mpnt->vm_private_data = (void *) 0; -- vma = find_vma(current->mm, mpnt->vm_start); -- if (vma) { -- up_write(¤t->mm->mmap_sem); -+ if ((ret = insert_vm_struct(current->mm, mpnt))) { -+ up_write(¤t->mm->mmap_sem); - kmem_cache_free(vm_area_cachep, mpnt); -- return -ENOMEM; -+ return ret; - } -- insert_vm_struct(current->mm, mpnt); - current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - - #ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC diff --git a/sys-kernel/grsec-sources/files/CAN-2004-1335.patch b/sys-kernel/grsec-sources/files/CAN-2004-1335.patch deleted file mode 100644 index ab7e90d3d78f..000000000000 --- a/sys-kernel/grsec-sources/files/CAN-2004-1335.patch +++ /dev/null @@ -1,29 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/12/08 12:39:15-08:00 davem@nuts.davemloft.net -# [IPV4]: Do not leak IP options. -# -# If the user makes ip_cmsg_send call ip_options_get -# multiple times, we leak kmalloced IP options data. -# -# Noticed by Georgi Guninski. -# -# Signed-off-by: David S. Miller <davem@davemloft.net> -# -# net/ipv4/ip_options.c -# 2004/12/08 12:38:09-08:00 davem@nuts.davemloft.net +2 -0 -# [IPV4]: Do not leak IP options. -# -diff -Nru a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c ---- a/net/ipv4/ip_options.c 2005-01-31 08:43:48 -08:00 -+++ b/net/ipv4/ip_options.c 2005-01-31 08:43:48 -08:00 -@@ -515,6 +515,8 @@ - kfree(opt); - return -EINVAL; - } -+ if (*optp) -+ kfree(*optp); - *optp = opt; - return 0; - } diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.29.2.1.3 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.29.2.1.3 deleted file mode 100644 index 745a24117790..000000000000 --- a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.29.2.1.3 +++ /dev/null @@ -1,3 +0,0 @@ -MD5 e3b17d72fc976ddc9fa7de02d964db26 grsecurity-2.1.3-2.4.29-200503070900.patch 687300 -MD5 fcf8b6bb620467f27b657c1c4a60bbff linux-2.4.29.tar.bz2 31124710 -MD5 3fa09a0d8ea8def546b840bde027d61b linux-2.4.28-CAN-2004-0814.patch 145009 diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.29.2.1.4 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.29.2.1.4 deleted file mode 100644 index ade5217e1816..000000000000 --- a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.29.2.1.4 +++ /dev/null @@ -1,3 +0,0 @@ -MD5 4edf716f2bf9a127a3682ad72f6abe3d grsecurity-2.1.4-2.4.29-200503212012.patch.bz2 116852 -MD5 fcf8b6bb620467f27b657c1c4a60bbff linux-2.4.29.tar.bz2 31124710 -MD5 3fa09a0d8ea8def546b840bde027d61b linux-2.4.28-CAN-2004-0814.patch 145009 diff --git a/sys-kernel/grsec-sources/files/gentoo-sources-2.4.CAN-2004-1137.patch b/sys-kernel/grsec-sources/files/gentoo-sources-2.4.CAN-2004-1137.patch deleted file mode 100644 index 161806ce79d7..000000000000 --- a/sys-kernel/grsec-sources/files/gentoo-sources-2.4.CAN-2004-1137.patch +++ /dev/null @@ -1,59 +0,0 @@ ---- linux-2.4.28-orig/net/ipv4/igmp.c 2004-08-08 01:26:06.000000000 +0200 -+++ linux-2.4.28/net/ipv4/igmp.c 2004-12-15 22:12:48.000000000 +0100 -@@ -1757,12 +1757,12 @@ - goto done; - rv = !0; - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr, -+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, - sizeof(__u32)); -- if (rv >= 0) -+ if (rv == 0) - break; - } -- if (!rv) /* source not found */ -+ if (rv) /* source not found */ - goto done; - - /* update the interface filter */ -@@ -1804,9 +1804,9 @@ - } - rv = 1; /* > 0 for insert logic below if sl_count is 0 */ - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr, -+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, - sizeof(__u32)); -- if (rv >= 0) -+ if (rv == 0) - break; - } - if (rv == 0) /* address already there is an error */ ---- linux-2.4.28-orig/net/ipv6/mcast.c 2004-11-17 12:54:22.000000000 +0100 -+++ linux-2.4.28/net/ipv6/mcast.c 2004-12-15 22:14:07.000000000 +0100 -@@ -386,12 +386,12 @@ - goto done; - rv = !0; - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, group, -+ rv = memcmp(&psl->sl_addr[i], source, - sizeof(struct in6_addr)); -- if (rv >= 0) -+ if (rv == 0) - break; - } -- if (!rv) /* source not found */ -+ if (rv) /* source not found */ - goto done; - - /* update the interface filter */ -@@ -432,8 +432,8 @@ - } - rv = 1; /* > 0 for insert logic below if sl_count is 0 */ - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, group, sizeof(struct in6_addr)); -- if (rv >= 0) -+ rv = memcmp(&psl->sl_addr[i], source, sizeof(struct in6_addr)); -+ if (rv == 0) - break; - } - if (rv == 0) /* address already there is an error */ diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.29.2.1.3.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.29.2.1.3.ebuild deleted file mode 100644 index 6336439d53a8..000000000000 --- a/sys-kernel/grsec-sources/grsec-sources-2.4.29.2.1.3.ebuild +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.29.2.1.3.ebuild,v 1.3 2005/04/12 12:24:07 solar Exp $ - -ETYPE="sources" -UNIPATCH_STRICTORDER="yes" -CKV=2.4.29 -MY_PV=2.1.3 -inherit kernel-2 -detect_version - -OKV="${KV_MAJOR}.${KV_MINOR}.${KV_PATCH/.*/}" -PATCH_BASE="${PV/${OKV}./}" -PATCH_BASE="${PATCH_BASE/_/-}" -EXTRAVERSION="-grsec-${PATCH_BASE}" -PATCH_STAMP=200503070900 -KV_FULL="${OKV}${EXTRAVERSION}" -PATCH_SRC_BASE="grsecurity-${PATCH_BASE}-${OKV}-${PATCH_STAMP}.patch" -DESCRIPTION="Vanilla sources of the linux kernel with the grsecurity ${PATCH_BASE} patch" -SRC_URI="http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}-${PATCH_STAMP}.patch \ - http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2 \ - http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-2.4.28-CAN-2004-0814.patch" - -HOMEPAGE="http://www.kernel.org/ http://www.grsecurity.net" -KEYWORDS="x86 sparc ppc alpha amd64 -hppa" -RESTRICT="buildpkg" -IUSE="" -RDEPEND="" -UNIPATCH_STRICTORDER="yes" -UNIPATCH_LIST="${DISTDIR}/${PATCH_SRC_BASE} \ - ${FILESDIR}/CAN-2004-1056.patch \ - ${FILESDIR}/linux-2.4.28-random-poolsize.patch" - - -# ${FILESDIR}/CAN-2004-1335.patch -# ${FILESDIR}/2.4.29-CAN-2005-0001.patch -# ${FILESDIR}/2.4.27-cmdline-race.patch -# ${FILESDIR}/2.4.28-uselib4pax.patch -# ${DISTDIR}/linux-2.4.28-CAN-2004-0814.patch -# ${FILESDIR}/CAN-2004-1074.patch -# ${FILESDIR}/CAN-2004-1016.patch -# ${FILESDIR}/2.4.28-binfmt_a.out.patch -# ${FILESDIR}/gentoo-sources-2.4.CAN-2004-1137.patch - -src_unpack() { - kernel-2_src_unpack - - # users are often confused by what settings should be set. - # so we provide an example of what a P4 desktop would look like. - cp ${FILESDIR}/2.4.24-x86.config gentoo-grsec-custom-example-2.4.2x-x86.config -} diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.29.2.1.4.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.29.2.1.4.ebuild deleted file mode 100644 index 51919842cc96..000000000000 --- a/sys-kernel/grsec-sources/grsec-sources-2.4.29.2.1.4.ebuild +++ /dev/null @@ -1,52 +0,0 @@ -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.29.2.1.4.ebuild,v 1.2 2005/04/12 12:24:07 solar Exp $ - -ETYPE="sources" -UNIPATCH_STRICTORDER="yes" -CKV=2.4.29 -MY_PV=2.1.4 -inherit kernel-2 -detect_version - -OKV="${KV_MAJOR}.${KV_MINOR}.${KV_PATCH/.*/}" -PATCH_BASE="${PV/${OKV}./}" -PATCH_BASE="${PATCH_BASE/_/-}" -EXTRAVERSION="-grsec-${PATCH_BASE}" -PATCH_STAMP=200503212012 -KV_FULL="${OKV}${EXTRAVERSION}" -PATCH_SRC_BASE="grsecurity-${PATCH_BASE}-${OKV}-${PATCH_STAMP}.patch.bz2" -DESCRIPTION="Vanilla sources of the linux kernel with the grsecurity ${PATCH_BASE} patch" -SRC_URI="http://grsecurity.net/${PATCH_SRC_BASE} \ - http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2 \ - http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-2.4.28-CAN-2004-0814.patch" -#SRC_URI="http://grsecurity.net/~spender/${PATCH_SRC_BASE} ${SRC_URI}" - -HOMEPAGE="http://www.kernel.org/ http://www.grsecurity.net" -KEYWORDS="~x86 ~sparc ~ppc ~alpha ~amd64 -hppa" -RESTRICT="buildpkg" -IUSE="" -RDEPEND="" -UNIPATCH_STRICTORDER="yes" -UNIPATCH_LIST="${DISTDIR}/${PATCH_SRC_BASE} \ - ${FILESDIR}/CAN-2004-1056.patch \ - ${FILESDIR}/linux-2.4.28-random-poolsize.patch" - - -# ${FILESDIR}/CAN-2004-1335.patch -# ${FILESDIR}/2.4.29-CAN-2005-0001.patch -# ${FILESDIR}/2.4.27-cmdline-race.patch -# ${FILESDIR}/2.4.28-uselib4pax.patch -# ${DISTDIR}/linux-2.4.28-CAN-2004-0814.patch -# ${FILESDIR}/CAN-2004-1074.patch -# ${FILESDIR}/CAN-2004-1016.patch -# ${FILESDIR}/2.4.28-binfmt_a.out.patch -# ${FILESDIR}/gentoo-sources-2.4.CAN-2004-1137.patch - -src_unpack() { - kernel-2_src_unpack - - # users are often confused by what settings should be set. - # so we provide an example of what a P4 desktop would look like. - cp ${FILESDIR}/2.4.24-x86.config gentoo-grsec-custom-example-2.4.2x-x86.config -} |