From 3ff0e916a49633e54c5440dedd0182a9ca27e0e2 Mon Sep 17 00:00:00 2001 From: Peter Volkov Date: Wed, 13 Feb 2008 08:41:16 +0000 Subject: Fixed security issue, bug 209460. Straight to stable. (Portage version: 2.1.3.19, RepoMan options: --force) --- sys-kernel/openvz-sources/ChangeLog | 9 ++++++- .../openvz-sources-2.6.18-ms-splice-access.patch | 25 ++++++++++++++++++ .../openvz-sources-2.6.18.028.053-r1.ebuild | 30 ++++++++++++++++++++++ 3 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 sys-kernel/openvz-sources/files/openvz-sources-2.6.18-ms-splice-access.patch create mode 100644 sys-kernel/openvz-sources/openvz-sources-2.6.18.028.053-r1.ebuild (limited to 'sys-kernel/openvz-sources') diff --git a/sys-kernel/openvz-sources/ChangeLog b/sys-kernel/openvz-sources/ChangeLog index daac549d7199..276d42e46d5b 100644 --- a/sys-kernel/openvz-sources/ChangeLog +++ b/sys-kernel/openvz-sources/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-kernel/openvz-sources # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/openvz-sources/ChangeLog,v 1.83 2008/01/30 08:09:29 pva Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/openvz-sources/ChangeLog,v 1.84 2008/02/13 08:41:15 pva Exp $ + +*openvz-sources-2.6.18.028.053-r1 (13 Feb 2008) + + 13 Feb 2008; + +files/openvz-sources-2.6.18-ms-splice-access.patch, + +openvz-sources-2.6.18.028.053-r1.ebuild: + Fixed security issue, bug 209460. Straight to stable. 30 Jan 2008; -openvz-sources-2.6.18.028.051.ebuild: clean old, vulneralble. diff --git a/sys-kernel/openvz-sources/files/openvz-sources-2.6.18-ms-splice-access.patch b/sys-kernel/openvz-sources/files/openvz-sources-2.6.18-ms-splice-access.patch new file mode 100644 index 000000000000..d323f0cc28cf --- /dev/null +++ b/sys-kernel/openvz-sources/files/openvz-sources-2.6.18-ms-splice-access.patch @@ -0,0 +1,25 @@ +https://bugs.gentoo.org/show_bug.cgi?id=209460 +http://bugzilla.openvz.org/show_bug.cgi?id=814 + +--- ./fs/splice.c.pipe 2008-01-28 18:56:37.000000000 +0300 ++++ ./fs/splice.c 2008-02-11 14:00:53.000000000 +0300 +@@ -1138,6 +1138,10 @@ static int get_iovec_page_array(const st + /* + * Get user address base and length for this iovec. + */ ++ error = -EFAULT; ++ if (!access_ok(VERIFY_READ, iov, sizeof(*iov))) ++ break; ++ + error = get_user(base, &iov->iov_base); + if (unlikely(error)) + break; +@@ -1151,7 +1155,7 @@ static int get_iovec_page_array(const st + if (unlikely(!len)) + break; + error = -EFAULT; +- if (unlikely(!base)) ++ if (!access_ok(VERIFY_READ, base, len)) + break; + + /* diff --git a/sys-kernel/openvz-sources/openvz-sources-2.6.18.028.053-r1.ebuild b/sys-kernel/openvz-sources/openvz-sources-2.6.18.028.053-r1.ebuild new file mode 100644 index 000000000000..c440159a02f9 --- /dev/null +++ b/sys-kernel/openvz-sources/openvz-sources-2.6.18.028.053-r1.ebuild @@ -0,0 +1,30 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/openvz-sources/openvz-sources-2.6.18.028.053-r1.ebuild,v 1.1 2008/02/13 08:41:15 pva Exp $ + +inherit versionator + +ETYPE="sources" + +CKV=$(get_version_component_range 1-3) +OKV=${OKV:-${CKV}} +KV_FULL=${CKV}-${PN/-*}-$(get_version_component_range 4).$(get_version_component_range 5) +OVZ_KERNEL="$(get_version_component_range 4)stab$(get_version_component_range 5)" +OVZ_REV="4" +EXTRAVERSION=-${OVZ_KERNEL} +KERNEL_URI="mirror://kernel/linux/kernel/v${KV_MAJOR}.${KV_MINOR}/linux-${OKV}.tar.bz2" + +inherit kernel-2 +detect_version + +KEYWORDS="amd64 ~ia64 ~ppc64 ~sparc x86" +IUSE="" + +DESCRIPTION="Full sources including OpenVZ patchset for the ${KV_MAJOR}.${KV_MINOR} kernel tree" +HOMEPAGE="http://www.openvz.org" +SRC_URI="${KERNEL_URI} ${ARCH_URI} + http://download.openvz.org/kernel/branches/${CKV}/${OVZ_KERNEL}.${OVZ_REV}/patches/patch-ovz${OVZ_KERNEL}.${OVZ_REV}-combined.gz" + +UNIPATCH_STRICTORDER=1 +UNIPATCH_LIST="${DISTDIR}/patch-ovz${OVZ_KERNEL}.${OVZ_REV}-combined.gz +${FILESDIR}/openvz-sources-2.6.18-ms-splice-access.patch" -- cgit v1.2.3-65-gdbad