Bumped and patched for the mremap() and RTC vulnerabilities, see bugs #37292 and #37317 for details.

author: Tim Yamin <plasmaroo@gentoo.org> 2004-01-06 16:41:28 +0000
committer: Tim Yamin <plasmaroo@gentoo.org> 2004-01-06 16:41:28 +0000
commit: 93476859b1e185f138a231cbc4920db3453dd14c (patch)
tree: a25d0cfa07f6164e2a3f15683ab1f518cc14ab61 /sys-kernel/arm-sources
parent: Adding amd64 keyword. Closing #34232 (diff)
download: gentoo-2-93476859b1e185f138a231cbc4920db3453dd14c.tar.gz
gentoo-2-93476859b1e185f138a231cbc4920db3453dd14c.tar.bz2
gentoo-2-93476859b1e185f138a231cbc4920db3453dd14c.zip
8 files changed, 256 insertions, 10 deletions
diff --git a/sys-kernel/arm-sources/ChangeLog b/sys-kernel/arm-sources/ChangeLog
index 86ec4e1bd897..4e3d96c2fc78 100644
--- a/sys-kernel/arm-sources/ChangeLog
+++ b/sys-kernel/arm-sources/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for sys-kernel/arm-sources
 # Copyright 2000-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/arm-sources/ChangeLog,v 1.6 2003/12/04 22:34:58 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/arm-sources/ChangeLog,v 1.7 2004/01/06 16:41:17 plasmaroo Exp $
+
+*arm-sources-2.4.19-r2 (06 Jan 2004)
+
+  06 Jan 2004; <plasmaroo@gentoo.org> arm-sources-2.4.19-r1.ebuild,
+  arm-sources-2.4.19-r2.ebuild, arm-sources-2.4.19.ebuild,
+  files/arm-sources.CAN-2003-0985.patch, files/arm-sources.rtc_fix.patch:
+  Added patches to address the security vulnerabilities in bugs #37292 and
+  #37317.
 
   01 Dec 2003; Brian Jackson <iggy@gentoo.org> arm-sources-2.4.19-r1.ebuild,
   arm-sources-2.4.19.ebuild, files/do_brk_fix.patch:
diff --git a/sys-kernel/arm-sources/Manifest b/sys-kernel/arm-sources/Manifest
index eeabd76a82d1..867c32291f92 100644
--- a/sys-kernel/arm-sources/Manifest
+++ b/sys-kernel/arm-sources/Manifest
@@ -1,6 +1,10 @@
-MD5 81c30248eb995ba664c6233674723b4a ChangeLog 976
-MD5 777c36355b09b484279ab92bff034552 arm-sources-2.4.19.ebuild 2820
-MD5 44565ed2f0b3a9efba652b40f6a03d5f arm-sources-2.4.19-r1.ebuild 2814
+MD5 530a2bd50e477498e5d456be33961ec1 ChangeLog 1301
+MD5 1e0df810339cafd42c401f864fe8930a arm-sources-2.4.19.ebuild 3018
+MD5 056f44cbab6ba6d83fafcf6a0ce77a20 arm-sources-2.4.19-r2.ebuild 3012
+MD5 559a795a05dd6502989e4aaf2c4ce478 arm-sources-2.4.19-r1.ebuild 3012
+MD5 743cdcd431f3c90329566414ad61ef0a files/digest-arm-sources-2.4.19-r2 202
 MD5 eb2614e8b4b71676d6db17377a956d2c files/digest-arm-sources-2.4.19 202
 MD5 743cdcd431f3c90329566414ad61ef0a files/digest-arm-sources-2.4.19-r1 202
+MD5 d641cd49ae63ca2989672d2209691bb5 files/arm-sources.CAN-2003-0985.patch 414
+MD5 df40eece807d039cba79f477e80ebda2 files/arm-sources.rtc_fix.patch 4974
 MD5 e637c6fa41097ea2c4693d0766f2e1c5 files/do_brk_fix.patch 242
diff --git a/sys-kernel/arm-sources/arm-sources-2.4.19-r1.ebuild b/sys-kernel/arm-sources/arm-sources-2.4.19-r1.ebuild
index f9f16f10bdc5..089a6458cef9 100644
--- a/sys-kernel/arm-sources/arm-sources-2.4.19-r1.ebuild
+++ b/sys-kernel/arm-sources/arm-sources-2.4.19-r1.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Copyright 1999-2004 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/arm-sources/arm-sources-2.4.19-r1.ebuild,v 1.5 2003/12/02 03:26:57 iggy Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/arm-sources/arm-sources-2.4.19-r1.ebuild,v 1.6 2004/01/06 16:41:17 plasmaroo Exp $
 #OKV=original kernel version, KV=patched kernel version.  They can be the same.
 
 IUSE=""
@@ -90,7 +90,9 @@ src_unpack() {
 	[ -n "${SUBARCH_KERNEL_PATCH}" ] && \
 		{ epatch "${WORKDIR}/${SUBARCH_KERNEL_PATCH}" || die; }
 
-	epatch ${FILESDIR}/do_brk_fix.patch || die "failed to patch for do_brk vuln"
+	epatch ${FILESDIR}/do_brk_fix.patch || die "Failed to patch the do_brk() vulnerability!"
+	epatch ${FILESDIR}/${PN}.CAN-2003-0985.patch || die "Failed to patch mremap() vulnerability!"
+	epatch ${FILESDIR}/${PN}.rtc_fix.patch || die "Failed to patch RTC vulnerabilities!"
 
 	kernel_universal_unpack
 }
diff --git a/sys-kernel/arm-sources/arm-sources-2.4.19-r2.ebuild b/sys-kernel/arm-sources/arm-sources-2.4.19-r2.ebuild
new file mode 100644
index 000000000000..1975eaf0601c
--- /dev/null
+++ b/sys-kernel/arm-sources/arm-sources-2.4.19-r2.ebuild
@@ -0,0 +1,99 @@
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/arm-sources/arm-sources-2.4.19-r2.ebuild,v 1.1 2004/01/06 16:41:17 plasmaroo Exp $
+#OKV=original kernel version, KV=patched kernel version.  They can be the same.
+
+IUSE=""
+DEPEND=""
+LICENSE="GPL-2"
+
+ETYPE="sources"
+inherit kernel
+
+#####
+# move to arm profile
+
+# this specifies the main ARM kernel patch level
+ARM_PATCH_SUFFIX="-rmk7"
+
+######
+# move to ${PORTDIR}/subarch.eclass
+#  then move to ${PORTDIR}/profiles/profile-arm-1.4/netwinder/subarch.conf
+
+# this specifies the SUBARCH kernel patch level and download location
+#  currently, only netwinder supported
+SUBARCH_KERNEL_SUFFIX="-nw1"
+SUBARCH_KERNEL_URLBASE="\
+	ftp://ftp.netwinder.org/users/r/ralphs/kernel/beta"
+SUBARCH_KERNEL_HOMEPAGE="http://www.netwinder.org/"
+
+#####
+
+# set the kernel version now
+OKV=2.4.19
+EXTRAVERSION="${ARM_PATCH_SUFFIX}${SUBARCH_KERNEL_SUFFIX}"
+KV="${OKV}${EXTRAVERSION}"
+
+S=${WORKDIR}/linux-${KV}
+
+# this is the main rmk ARM Kernel Patch
+ARM_KERNEL_PATCH="patch-${OKV}${ARM_PATCH_SUFFIX}"
+# this is the kernel patch for SUBARCH
+[ -n "${SUBARCH_KERNEL_SUFFIX}" ] && \
+	SUBARCH_KERNEL_PATCH="${ARM_KERNEL_PATCH}${SUBARCH_KERNEL_SUFFIX}" || \
+	SUBARCH_KERNEL_PATCH=""
+
+# What's in this kernel?
+# INCLUDED:
+#   stock 2.4.19 kernel sources
+#   rmk patches for armlinux support
+
+DESCRIPTION="Full sources for the ARM/Linux kernel"
+SRC_URI="mirror://kernel/linux/kernel/v2.4/linux-${OKV}.tar.bz2 \
+	ftp://ftp.arm.linux.org.uk/pub/armlinux/source/kernel-patches/v2.4/${ARM_KERNEL_PATCH}.bz2"
+HOMEPAGE="http://www.arm.linux.org.uk/ \
+		http://www.kernel.org/ \
+		http://www.gentoo.org/"
+
+# now fix up SRC_URI and HOMEPAGE
+if [ -n "${SUBARCH_KERNEL_PATCH}" ]; then
+	if [ -n "${SUBARCH_KERNEL_URLBASE}" ]; then
+		SRC_URI="${SRC_URI} \
+			${SUBARCH_KERNEL_URLBASE}/${SUBARCH_KERNEL_PATCH}.gz"
+	else
+		die "${SUBARCH}: ${SUBARCH_KERNEL_PATCH} does not have a URLBASE"
+	fi
+fi
+if [ -n "${SUBARCH_KERNEL_HOMEPAGE}" ]; then
+	HOMEPAGE="${SUBARCH_KERNEL_HOMEPAGE} ${HOMEPAGE}"
+fi
+
+
+KEYWORDS="arm -hppa -x86 -ppc -sparc -alpha -mips"
+SLOT="${KV}"
+
+src_unpack() {
+	# base vanilla source
+	unpack "linux-${OKV}.tar.bz2" || die
+	mv "${WORKDIR}/linux-${OKV}" "${WORKDIR}/linux-${KV}"
+
+	# plus the Russell M. King kernel patches
+	unpack "${ARM_KERNEL_PATCH}.bz2" || die
+
+	# plus an optional SUBARCH kernel patch
+	[ -n "${SUBARCH_KERNEL_PATCH}" ] && \
+		{ unpack "${SUBARCH_KERNEL_PATCH}.gz" || die; }
+
+	# do the actual patching
+	cd ${S} || die
+	epatch "${WORKDIR}/${ARM_KERNEL_PATCH}" || die
+	[ -n "${SUBARCH_KERNEL_PATCH}" ] && \
+		{ epatch "${WORKDIR}/${SUBARCH_KERNEL_PATCH}" || die; }
+
+	epatch ${FILESDIR}/do_brk_fix.patch || die "Failed to patch the do_brk() vulnerability!"
+	epatch ${FILESDIR}/${PN}.CAN-2003-0985.patch || die "Failed to patch mremap() vulnerability!"
+	epatch ${FILESDIR}/${PN}.rtc_fix.patch || die "Failed to patch RTC vulnerabilities!"
+
+	kernel_universal_unpack
+}
+
diff --git a/sys-kernel/arm-sources/arm-sources-2.4.19.ebuild b/sys-kernel/arm-sources/arm-sources-2.4.19.ebuild
index 20eaea30897f..9ea9c316d198 100644
--- a/sys-kernel/arm-sources/arm-sources-2.4.19.ebuild
+++ b/sys-kernel/arm-sources/arm-sources-2.4.19.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Copyright 1999-2004 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/arm-sources/arm-sources-2.4.19.ebuild,v 1.8 2003/12/02 03:26:57 iggy Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/arm-sources/arm-sources-2.4.19.ebuild,v 1.9 2004/01/06 16:41:17 plasmaroo Exp $
 #OKV=original kernel version, KV=patched kernel version.  They can be the same.
 
 IUSE=""
@@ -90,7 +90,9 @@ src_unpack() {
 	[ -n "${SUBARCH_KERNEL_PATCH}" ] && \
 		{ epatch "${WORKDIR}/${SUBARCH_KERNEL_PATCH}" || die; }
 
-	epatch ${FILESDIR}/do_brk_fix.patch || die "failed to patch for do_brk vuln"
+	epatch ${FILESDIR}/do_brk_fix.patch || die "Failed to patch the do_brk() vulnerability!"
+	epatch ${FILESDIR}/${PN}.CAN-2003-0985.patch || die "Failed to patch mremap() vulnerability!"
+	epatch ${FILESDIR}/${PN}.rtc_fix.patch || die "Failed to patch RTC vulnerabilities!"
 
 	kernel_universal_unpack
 }
diff --git a/sys-kernel/arm-sources/files/arm-sources.CAN-2003-0985.patch b/sys-kernel/arm-sources/files/arm-sources.CAN-2003-0985.patch
new file mode 100644
index 000000000000..bacef69f02f8
--- /dev/null
+++ b/sys-kernel/arm-sources/files/arm-sources.CAN-2003-0985.patch
@@ -0,0 +1,13 @@
+--- linux/mm/mremap.c.orig	2004-01-05 17:01:21.382104120 +0000
++++ linux/mm/mremap.c	2004-01-05 17:15:25.689749848 +0000
+@@ -315,6 +315,10 @@
+ 	old_len = PAGE_ALIGN(old_len);
+ 	new_len = PAGE_ALIGN(new_len);
+ 
++	/* Don't allow the degenerate cases */
++	if (!(old_len | new_len))
++		goto out;
++
+ 	/* new_addr is only valid if MREMAP_FIXED is specified */
+ 	if (flags & MREMAP_FIXED) {
+ 		if (new_addr & ~PAGE_MASK)
diff --git a/sys-kernel/arm-sources/files/arm-sources.rtc_fix.patch b/sys-kernel/arm-sources/files/arm-sources.rtc_fix.patch
new file mode 100644
index 000000000000..00937f83623f
--- /dev/null
+++ b/sys-kernel/arm-sources/files/arm-sources.rtc_fix.patch
@@ -0,0 +1,115 @@
+diff -ur linux-2.4.20-wolk4.9s/arch/cris/drivers/ds1302.c linux-2.4.20-wolk4.9s.plasmaroo/arch/cris/drivers/ds1302.c
+--- linux-2.4.20-wolk4.9s/arch/cris/drivers/ds1302.c	2004-01-05 23:33:45.000000000 +0000
++++ linux-2.4.20-wolk4.9s.plasmaroo/arch/cris/drivers/ds1302.c	2004-01-05 23:41:44.000000000 +0000
+@@ -315,6 +315,7 @@
+ 		{
+ 			struct rtc_time rtc_tm;
+ 						
++			memset(&rtc_tm, 0, sizeof (struct rtc_time));
+ 			get_rtc_time(&rtc_tm);						
+ 			if (copy_to_user((struct rtc_time*)arg, &rtc_tm, sizeof(struct rtc_time)))
+ 				return -EFAULT;	
+diff -ur linux-2.4.20-wolk4.9s/arch/m68k/bvme6000/rtc.c linux-2.4.20-wolk4.9s.plasmaroo/arch/m68k/bvme6000/rtc.c
+--- linux-2.4.20-wolk4.9s/arch/m68k/bvme6000/rtc.c	2004-01-05 23:33:45.000000000 +0000
++++ linux-2.4.20-wolk4.9s.plasmaroo/arch/m68k/bvme6000/rtc.c	2004-01-05 23:43:15.000000000 +0000
+@@ -54,6 +54,7 @@
+ 		/* Ensure clock and real-time-mode-register are accessible */
+ 		msr = rtc->msr & 0xc0;
+ 		rtc->msr = 0x40;
++		memset(&wtime, 0, sizeof (struct rtc_time));
+ 		do {
+ 			wtime.tm_sec =  BCD2BIN(rtc->bcd_sec);
+ 			wtime.tm_min =  BCD2BIN(rtc->bcd_min);
+diff -ur linux-2.4.20-wolk4.9s/arch/m68k/mvme16x/rtc.c linux-2.4.20-wolk4.9s.plasmaroo/arch/m68k/mvme16x/rtc.c
+--- linux-2.4.20-wolk4.9s/arch/m68k/mvme16x/rtc.c	2004-01-05 23:33:45.000000000 +0000
++++ linux-2.4.20-wolk4.9s.plasmaroo/arch/m68k/mvme16x/rtc.c	2004-01-05 23:44:02.000000000 +0000
+@@ -52,6 +52,7 @@
+ 		cli();
+ 		/* Ensure clock and real-time-mode-register are accessible */
+ 		rtc->ctrl = RTC_READ;
++		memset(&wtime, 0, sizeof (struct rtc_time));
+ 		wtime.tm_sec =  BCD2BIN(rtc->bcd_sec);
+ 		wtime.tm_min =  BCD2BIN(rtc->bcd_min);
+ 		wtime.tm_hour = BCD2BIN(rtc->bcd_hr);
+diff -ur linux-2.4.20-wolk4.9s/arch/ppc64/kernel/rtc.c linux-2.4.20-wolk4.9s.plasmaroo/arch/ppc64/kernel/rtc.c
+--- linux-2.4.20-wolk4.9s/arch/ppc64/kernel/rtc.c	2004-01-05 23:33:45.000000000 +0000
++++ linux-2.4.20-wolk4.9s.plasmaroo/arch/ppc64/kernel/rtc.c	2004-01-05 23:44:34.000000000 +0000
+@@ -96,6 +96,7 @@
+ 	switch (cmd) {
+ 	case RTC_RD_TIME:	/* Read the time/date from RTC	*/
+ 	{
++		memset(&wtime, 0, sizeof(struct rtc_time));
+ 		ppc_md.get_rtc_time(&wtime);
+ 		break;
+ 	}
+diff -ur linux-2.4.20-wolk4.9s/drivers/char/efirtc.c linux-2.4.20-wolk4.9s.plasmaroo/drivers/char/efirtc.c
+--- linux-2.4.20-wolk4.9s/drivers/char/efirtc.c	2004-01-05 23:33:45.000000000 +0000
++++ linux-2.4.20-wolk4.9s.plasmaroo/drivers/char/efirtc.c	2004-01-05 23:47:53.000000000 +0000
+@@ -118,6 +118,7 @@
+ static void
+ convert_from_efi_time(efi_time_t *eft, struct rtc_time *wtime)
+ {
++	memset(wtime, 0, sizeof(struct rtc_time));
+ 	wtime->tm_sec  = eft->second;
+ 	wtime->tm_min  = eft->minute;
+ 	wtime->tm_hour = eft->hour;
+diff -ur linux-2.4.20-wolk4.9s/drivers/char/rtc.c linux-2.4.20-wolk4.9s.plasmaroo/drivers/char/rtc.c
+--- linux-2.4.20-wolk4.9s/drivers/char/rtc.c	2004-01-05 23:33:45.000000000 +0000
++++ linux-2.4.20-wolk4.9s.plasmaroo/drivers/char/rtc.c	2004-01-05 23:52:43.000000000 +0000
+@@ -370,6 +370,7 @@
+ 		 * tm_min, and tm_sec values are filled in.
+ 		 */
+ 
++		memset(&wtime, 0, sizeof(struct rtc_time));
+ 		get_rtc_alm_time(&wtime);
+ 		break; 
+ 	}
+@@ -417,6 +418,7 @@
+ 	}
+ 	case RTC_RD_TIME:	/* Read the time/date from RTC	*/
+ 	{
++		memset(&wtime, 0, sizeof(struct rtc_time));
+ 		get_rtc_time(&wtime);
+ 		break;
+ 	}
+diff -ur linux-2.4.20-wolk4.9s/drivers/macintosh/rtc.c linux-2.4.20-wolk4.9s.plasmaroo/drivers/macintosh/rtc.c
+--- linux-2.4.20-wolk4.9s/drivers/macintosh/rtc.c	2004-01-05 23:33:45.000000000 +0000
++++ linux-2.4.20-wolk4.9s.plasmaroo/drivers/macintosh/rtc.c	2004-01-05 23:54:15.000000000 +0000
+@@ -64,6 +64,7 @@
+ 	case RTC_RD_TIME:
+ 		if (ppc_md.get_rtc_time)
+ 		{
++			memset(&rtc_tm, 0, sizeof(struct rtc_time));
+ 			get_rtc_time(&rtc_tm);
+ 
+ 			if (copy_to_user((struct rtc_time*)arg, &rtc_tm, sizeof(struct rtc_time)))
+diff -ur linux-2.4.20-wolk4.9s/drivers/sbus/char/rtc.c linux-2.4.20-wolk4.9s.plasmaroo/drivers/sbus/char/rtc.c
+--- linux-2.4.20-wolk4.9s/drivers/sbus/char/rtc.c	2004-01-05 23:33:45.000000000 +0000
++++ linux-2.4.20-wolk4.9s.plasmaroo/drivers/sbus/char/rtc.c	2004-01-05 23:54:43.000000000 +0000
+@@ -89,6 +89,7 @@
+ 	switch (cmd)
+ 	{
+ 	case RTCGET:
++		memset(&rtc_tm, 0, sizeof(struct rtc_time));
+ 		get_rtc_time(&rtc_tm);
+ 
+ 		if (copy_to_user((struct rtc_time*)arg, &rtc_tm, sizeof(struct rtc_time)))
+diff -ur linux-2.4.20-wolk4.9s/drivers/sgi/char/ds1286.c linux-2.4.20-wolk4.9s.plasmaroo/drivers/sgi/char/ds1286.c
+--- linux-2.4.20-wolk4.9s/drivers/sgi/char/ds1286.c	2004-01-05 23:33:45.000000000 +0000
++++ linux-2.4.20-wolk4.9s.plasmaroo/drivers/sgi/char/ds1286.c	2004-01-05 23:47:25.000000000 +0000
+@@ -174,6 +174,7 @@
+ 		 * tm_min, and tm_sec values are filled in.
+ 		 */
+ 
++		memset(&wtime, 0, sizeof(struct rtc_time));
+ 		ds1286_get_alm_time(&wtime);
+ 		break;
+ 	}
+@@ -216,6 +217,7 @@
+ 	}
+ 	case RTC_RD_TIME:	/* Read the time/date from RTC	*/
+ 	{
++		memset(&wtime, 0, sizeof(struct rtc_time));
+ 		ds1286_get_time(&wtime);
+ 		break;
+ 	}
diff --git a/sys-kernel/arm-sources/files/digest-arm-sources-2.4.19-r2 b/sys-kernel/arm-sources/files/digest-arm-sources-2.4.19-r2
new file mode 100644
index 000000000000..31d2ffde25c1
--- /dev/null
+++ b/sys-kernel/arm-sources/files/digest-arm-sources-2.4.19-r2
@@ -0,0 +1,3 @@
+MD5 2bb60b7594a416f2c593923ce446160b linux-2.4.19.tar.bz2 26042494
+MD5 b26f59309f1d4816e9cc5205d65aed5f patch-2.4.19-rmk7.bz2 651606
+MD5 db313e16191e97e8e8e8224a8c94685c patch-2.4.19-rmk7-nw1.gz 167115
author	Tim Yamin <plasmaroo@gentoo.org>	2004-01-06 16:41:28 +0000
committer	Tim Yamin <plasmaroo@gentoo.org>	2004-01-06 16:41:28 +0000
commit	93476859b1e185f138a231cbc4920db3453dd14c (patch)
tree	a25d0cfa07f6164e2a3f15683ab1f518cc14ab61 /sys-kernel/arm-sources
parent	Adding amd64 keyword. Closing #34232 (diff)
download	gentoo-2-93476859b1e185f138a231cbc4920db3453dd14c.tar.gz gentoo-2-93476859b1e185f138a231cbc4920db3453dd14c.tar.bz2 gentoo-2-93476859b1e185f138a231cbc4920db3453dd14c.zip