Oops, fix for bug #154327 too

(Portage version: 2.1.2_rc4-r4)
author: Daniel Gryniewicz <dang@gentoo.org> 2007-01-03 04:32:05 +0000
committer: Daniel Gryniewicz <dang@gentoo.org> 2007-01-03 04:32:05 +0000
commit: c946aee19c510c86402697d0158c7f28b0a1aebf (patch)
tree: cfadf5a8f28efa6450dd8d8662b9c012e69a0592 /sys-kernel/usermode-sources
parent: Include more headers to kill off implicit function prototypes. (diff)
download: gentoo-2-c946aee19c510c86402697d0158c7f28b0a1aebf.tar.gz
gentoo-2-c946aee19c510c86402697d0158c7f28b0a1aebf.tar.bz2
gentoo-2-c946aee19c510c86402697d0158c7f28b0a1aebf.zip
3 files changed, 118 insertions, 3 deletions
diff --git a/sys-kernel/usermode-sources/ChangeLog b/sys-kernel/usermode-sources/ChangeLog
index 528616f6f6ce..b3950b14793b 100644
--- a/sys-kernel/usermode-sources/ChangeLog
+++ b/sys-kernel/usermode-sources/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for sys-kernel/usermode-sources
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/ChangeLog,v 1.85 2007/01/03 03:59:08 dang Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/ChangeLog,v 1.86 2007/01/03 04:32:05 dang Exp $
+
+  03 Jan 2007; Daniel Gryniewicz <dang@gentoo.org>
+  +files/usermode-sources-2.6.18-r1-CVE-2006-4572.patch,
+  usermode-sources-2.6.18-r1.ebuild:
+  Oops, fix for bug #154327 too
 
 *usermode-sources-2.6.18-r1 (03 Jan 2007)
 
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.6.18-r1-CVE-2006-4572.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.6.18-r1-CVE-2006-4572.patch
new file mode 100644
index 000000000000..633b37586e00
--- /dev/null
+++ b/sys-kernel/usermode-sources/files/usermode-sources-2.6.18-r1-CVE-2006-4572.patch
@@ -0,0 +1,109 @@
+diff --exclude-from=/home/dang/.diffrc -up -ruN linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6_tables.c linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6_tables.c
+--- linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6_tables.c	2007-01-02 21:03:01.000000000 -0500
++++ linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6_tables.c	2007-01-02 23:02:56.000000000 -0500
+@@ -1445,6 +1445,9 @@ static void __exit ip6_tables_fini(void)
+  * If target header is found, its offset is set in *offset and return protocol
+  * number. Otherwise, return -1.
+  *
++ * If the first fragment doesn't contain the final protocol header or
++ * NEXTHDR_NONE it is considered invalid.
++ *
+  * Note that non-1st fragment is special case that "the protocol number
+  * of last header" is "next header" field in Fragment header. In this case,
+  * *offset is meaningless and fragment offset is stored in *fragoff if fragoff
+@@ -1468,12 +1471,12 @@ int ipv6_find_hdr(const struct sk_buff *
+ 		if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE) {
+ 			if (target < 0)
+ 				break;
+-			return -1;
++			return -ENOENT;
+ 		}
+ 
+ 		hp = skb_header_pointer(skb, start, sizeof(_hdr), &_hdr);
+ 		if (hp == NULL)
+-			return -1;
++			return -EBADMSG;
+ 		if (nexthdr == NEXTHDR_FRAGMENT) {
+ 			unsigned short _frag_off, *fp;
+ 			fp = skb_header_pointer(skb,
+@@ -1482,7 +1485,7 @@ int ipv6_find_hdr(const struct sk_buff *
+ 						sizeof(_frag_off),
+ 						&_frag_off);
+ 			if (fp == NULL)
+-				return -1;
++				return -EBADMSG;
+ 
+ 			_frag_off = ntohs(*fp) & ~0x7;
+ 			if (_frag_off) {
+@@ -1493,7 +1496,7 @@ int ipv6_find_hdr(const struct sk_buff *
+ 						*fragoff = _frag_off;
+ 					return hp->nexthdr;
+ 				}
+-				return -1;
++				return -ENOENT;
+ 			}
+ 			hdrlen = 8;
+ 		} else if (nexthdr == NEXTHDR_AUTH)
+diff --exclude-from=/home/dang/.diffrc -up -ruN linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6t_ah.c linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6t_ah.c
+--- linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6t_ah.c	2006-09-19 23:42:06.000000000 -0400
++++ linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6t_ah.c	2007-01-02 23:03:50.000000000 -0500
+@@ -54,9 +54,14 @@ match(const struct sk_buff *skb,
+ 	const struct ip6t_ah *ahinfo = matchinfo;
+ 	unsigned int ptr;
+ 	unsigned int hdrlen = 0;
+-
+-	if (ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL) < 0)
+-		return 0;
++	int err;
++  
++	err = ipv6_find_hdr(skb, &amp;ptr, NEXTHDR_AUTH, NULL);
++	if (err &lt; 0) {
++		if (err != -ENOENT)
++			*hotdrop = 1;
++  		return 0;
++	}
+ 
+ 	ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
+ 	if (ah == NULL) {
+diff --exclude-from=/home/dang/.diffrc -up -ruN linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6t_frag.c linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6t_frag.c
+--- linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6t_frag.c	2006-09-19 23:42:06.000000000 -0400
++++ linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6t_frag.c	2007-01-02 23:04:29.000000000 -0500
+@@ -52,9 +52,14 @@ match(const struct sk_buff *skb,
+ 	struct frag_hdr _frag, *fh;
+ 	const struct ip6t_frag *fraginfo = matchinfo;
+ 	unsigned int ptr;
+-
+-	if (ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL) < 0)
+-		return 0;
++	int err;
++  
++	err = ipv6_find_hdr(skb, &amp;ptr, NEXTHDR_FRAGMENT, NULL);
++	if (err &lt; 0) {
++		if (err != -ENOENT)
++			*hotdrop = 1;
++  		return 0;
++	}
+ 
+ 	fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);
+ 	if (fh == NULL) {
+diff --exclude-from=/home/dang/.diffrc -up -ruN linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6t_rt.c linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6t_rt.c
+--- linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6t_rt.c	2006-09-19 23:42:06.000000000 -0400
++++ linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6t_rt.c	2007-01-02 23:04:53.000000000 -0500
+@@ -58,9 +58,14 @@ match(const struct sk_buff *skb,
+ 	unsigned int hdrlen = 0;
+ 	unsigned int ret = 0;
+ 	struct in6_addr *ap, _addr;
+-
+-	if (ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL) < 0)
+-		return 0;
++	int err;
++  
++	err = ipv6_find_hdr(skb, &amp;ptr, NEXTHDR_ROUTING, NULL);
++	if (err &lt; 0) {
++		if (err != -ENOENT)
++			*hotdrop = 1;
++  		return 0;
++	}
+ 
+ 	rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route);
+ 	if (rh == NULL) {
diff --git a/sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild b/sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild
index 958c701b336c..2f2440221e63 100644
--- a/sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild
+++ b/sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild,v 1.1 2007/01/03 03:59:08 dang Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild,v 1.2 2007/01/03 04:32:05 dang Exp $
 
 ETYPE="sources"
 K_WANT_GENPATCHES="base"
@@ -10,7 +10,8 @@ detect_version
 
 UML_VER="uml-2.6.18.1-bb2"
 UNIPATCH_LIST="${FILESDIR}/uml-2.6.18-genpatches-8-prep.patch
-	${DISTDIR}/${UML_VER}.patch.bz2"
+	${DISTDIR}/${UML_VER}.patch.bz2
+	${FILESDIR}/${PF}-CVE-2006-4572.patch"
 UNIPATCH_STRICTORDER="yes"
 
 DESCRIPTION="Full sources for the User Mode Linux kernel"
author	Daniel Gryniewicz <dang@gentoo.org>	2007-01-03 04:32:05 +0000
committer	Daniel Gryniewicz <dang@gentoo.org>	2007-01-03 04:32:05 +0000
commit	c946aee19c510c86402697d0158c7f28b0a1aebf (patch)
tree	cfadf5a8f28efa6450dd8d8662b9c012e69a0592 /sys-kernel/usermode-sources
parent	Include more headers to kill off implicit function prototypes. (diff)
download	gentoo-2-c946aee19c510c86402697d0158c7f28b0a1aebf.tar.gz gentoo-2-c946aee19c510c86402697d0158c7f28b0a1aebf.tar.bz2 gentoo-2-c946aee19c510c86402697d0158c7f28b0a1aebf.zip