From 51aad2456a470aa613b92df47167294ec415c90e Mon Sep 17 00:00:00 2001 From: Tim Yamin Date: Fri, 20 May 2005 19:37:20 +0000 Subject: Security fixes - #81195, #81295, #82201. Package-Manager: portage-2.0.51.22 --- sys-kernel/gentoo-sources/ChangeLog | 10 +- sys-kernel/gentoo-sources/Manifest | 9 +- .../files/digest-gentoo-sources-2.4.28-r8 | 3 - .../files/digest-gentoo-sources-2.4.28-r9 | 3 + .../files/gentoo-sources-2.4.81195.patch | 373 +++++++++++++++++++++ .../files/gentoo-sources-2.4.81295.patch | 270 +++++++++++++++ .../files/gentoo-sources-2.4.82201.patch | 12 + .../gentoo-sources/gentoo-sources-2.4.28-r8.ebuild | 33 -- .../gentoo-sources/gentoo-sources-2.4.28-r9.ebuild | 36 ++ 9 files changed, 709 insertions(+), 40 deletions(-) delete mode 100644 sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.28-r8 create mode 100644 sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.28-r9 create mode 100644 sys-kernel/gentoo-sources/files/gentoo-sources-2.4.81195.patch create mode 100644 sys-kernel/gentoo-sources/files/gentoo-sources-2.4.81295.patch create mode 100644 sys-kernel/gentoo-sources/files/gentoo-sources-2.4.82201.patch delete mode 100644 sys-kernel/gentoo-sources/gentoo-sources-2.4.28-r8.ebuild create mode 100644 sys-kernel/gentoo-sources/gentoo-sources-2.4.28-r9.ebuild (limited to 'sys-kernel/gentoo-sources') diff --git a/sys-kernel/gentoo-sources/ChangeLog b/sys-kernel/gentoo-sources/ChangeLog index 6f8de0b71772..d850fc0fcfa7 100644 --- a/sys-kernel/gentoo-sources/ChangeLog +++ b/sys-kernel/gentoo-sources/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for sys-kernel/gentoo-sources # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/ChangeLog,v 1.144 2005/05/20 19:32:51 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/ChangeLog,v 1.145 2005/05/20 19:37:20 plasmaroo Exp $ + +*gentoo-sources-2.4.28-r9 (20 May 2005) + + 20 May 2005; -gentoo-sources-2.4.28-r8.ebuild, + +gentoo-sources-2.4.28-r9.ebuild, +files/gentoo-sources-2.4.81195.patch, + +files/gentoo-sources-2.4.81295.patch, + +files/gentoo-sources-2.4.82201.patch: + Security fixes - #81195, #81295, #82201. 20 May 2005; -gentoo-sources-2.4.25-r17.ebuild, -files/gentoo-sources-2.4.AF_UNIX.patch, diff --git a/sys-kernel/gentoo-sources/Manifest b/sys-kernel/gentoo-sources/Manifest index 425a9dcc9ebf..7628ebc9fbbf 100644 --- a/sys-kernel/gentoo-sources/Manifest +++ b/sys-kernel/gentoo-sources/Manifest @@ -1,15 +1,16 @@ -MD5 08feec4312c86d97a171062b2d0b2723 ChangeLog 39832 +MD5 f518e14acd9c5813a82ea2b96c991ad5 ChangeLog 40146 MD5 386b6b1084b1c4cabfad87fc8b603114 gentoo-sources-2.6.10-r6.ebuild 1607 MD5 cd14a3055fad29bf0256428a774ea70d gentoo-sources-2.6.7-r19.ebuild 1455 MD5 c1ee17378c95e5a55411ba392601942d gentoo-sources-2.6.11-r9.ebuild 1610 MD5 410c3afeb274354a7ce68257edc18012 metadata.xml 283 MD5 2d2150ca2b1b3db3d469a5a2356161fb gentoo-sources-2.6.9-r9.ebuild 1625 MD5 45bb97671264e772e7c5711ffd5e39be gentoo-sources-2.6.10-r7.ebuild 1620 -MD5 3229d029559913e76e4a92d8bacb5941 gentoo-sources-2.4.28-r8.ebuild 1307 MD5 1ec0f7ec45dce6f53d70a7df0fabe7a5 gentoo-sources-2.6.1-r2.ebuild 2235 MD5 16b31595b302b6eba105f3786457192d gentoo-sources-2.6.11-r8.ebuild 1620 +MD5 e935e807cb37104cc7670ccdc49fb975 gentoo-sources-2.4.28-r9.ebuild 1412 MD5 f1eccb6d2c06d2ecaf19e44477012f4d gentoo-sources-2.6.11-r7.ebuild 1624 MD5 0694ed26023de7664f6d3658f04c4bbe files/digest-gentoo-sources-2.6.7-r19 221 +MD5 3f8d2e3d28369e95a59804dbf9a9132b files/gentoo-sources-2.4.81195.patch 11448 MD5 d1ccc2047be533c992f67270a150a210 files/gentoo-sources-2.4.cmdlineLeak.patch 388 MD5 b63da6e1cbd38d159d722aa5debf0e73 files/digest-gentoo-sources-2.6.11-r7 224 MD5 bf7030a67c46e734e2a7ea9265a45191 files/gentoo-sources-2.4.brk-locked.patch 8859 @@ -17,15 +18,17 @@ MD5 3bdf00d5f80fe9dfbfe8220e076cd04c files/gentoo-sources-2.4.CAN-2004-0497.patc MD5 03fa0238a07d103d2ccb9c8b01f88326 files/digest-gentoo-sources-2.6.10-r6 224 MD5 82a228d6106b8994d8f43ab40647205b files/digest-gentoo-sources-2.6.11-r8 224 MD5 b9a94233e1457787352e5f85e3e3582d files/gentoo-sources-2.4.binfmt_a.out.patch 2009 +MD5 4120a11b06ed6042ad4cb29de19b011c files/gentoo-sources-2.4.81295.patch 8526 MD5 1cd653d48c2ece7fbb55c16134288362 files/digest-gentoo-sources-2.6.9-r9 221 MD5 1efe4024e443e60db5fd9b21b22fabd2 files/gentoo-sources-2.4.77666.patch 1724 MD5 792fa9165e5ae65d46ee206c7f7a4fc9 files/gentoo-sources-2.4.78363.patch 788 MD5 150fc6d514e8cb2b07a3a7b14b8d92ef files/digest-gentoo-sources-2.6.1-r2 138 -MD5 179bd3656f72932f69b0f860d23483cd files/digest-gentoo-sources-2.4.28-r8 226 MD5 ee806dc7db51b79562ec4b9b7b84023a files/digest-gentoo-sources-2.6.10-r7 224 MD5 1d78b90e495e432432e095ee47bbc2fc files/gentoo-sources-2.4.77094.patch 452 MD5 6ed89b8ac0b47a4c25d3a616ef9245cc files/gentoo-sources-2.4.vma.patch 11369 +MD5 6faf43bc1de5775e68cde4e6d2c2a76b files/gentoo-sources-2.4.82201.patch 480 MD5 8c35751caf824a9dacb02e80d6189b2e files/gentoo-sources-2.4.CAN-2004-1137.patch 1764 +MD5 179bd3656f72932f69b0f860d23483cd files/digest-gentoo-sources-2.4.28-r9 226 MD5 757ee1239c3f14645ccea3640d551e11 files/gentoo-sources-2.4.CAN-2004-1056.patch 11249 MD5 0f93b46ae17cbd0fc9b4d1cf5d704296 files/gentoo-sources-2.4.81106.patch 2243 MD5 29e531cdd3f2effce5e31a1f2afb5b5d files/gentoo-sources-2.4.28.brk-locked.patch 8912 diff --git a/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.28-r8 b/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.28-r8 deleted file mode 100644 index f231f9c88076..000000000000 --- a/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.28-r8 +++ /dev/null @@ -1,3 +0,0 @@ -MD5 ac7735000d185bc7778c08288760a8a3 linux-2.4.28.tar.bz2 31064046 -MD5 c115734967dea547bc09a266a75b04e4 gentoo-sources-2.4.28-r4.tar.bz2 999208 -MD5 5ea3dab67a9193d767327cf3b8ee8c27 ck-sources-2.4.28-CAN-2004-0814.patch 144998 diff --git a/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.28-r9 b/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.28-r9 new file mode 100644 index 000000000000..f231f9c88076 --- /dev/null +++ b/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.28-r9 @@ -0,0 +1,3 @@ +MD5 ac7735000d185bc7778c08288760a8a3 linux-2.4.28.tar.bz2 31064046 +MD5 c115734967dea547bc09a266a75b04e4 gentoo-sources-2.4.28-r4.tar.bz2 999208 +MD5 5ea3dab67a9193d767327cf3b8ee8c27 ck-sources-2.4.28-CAN-2004-0814.patch 144998 diff --git a/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.81195.patch b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.81195.patch new file mode 100644 index 000000000000..05228332304b --- /dev/null +++ b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.81195.patch @@ -0,0 +1,373 @@ +diff -Naru a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h +--- a/include/linux/netfilter_ipv4/ip_conntrack.h 2005-03-29 07:28:22 -08:00 ++++ b/include/linux/netfilter_ipv4/ip_conntrack.h 2005-03-29 07:28:22 -08:00 +@@ -249,10 +249,9 @@ + /* Call me when a conntrack is destroyed. */ + extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack); + +-extern int ip_ct_no_defrag; + /* Returns new sk_buff, or NULL */ + struct sk_buff * +-ip_ct_gather_frags(struct sk_buff *skb); ++ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user); + + /* Delete all conntracks which match. */ + extern void +diff -Naru a/include/net/ip.h b/include/net/ip.h +--- a/include/net/ip.h 2005-03-29 07:28:22 -08:00 ++++ b/include/net/ip.h 2005-03-29 07:28:22 -08:00 +@@ -227,9 +227,19 @@ + /* + * Functions provided by ip_fragment.o + */ +- +-struct sk_buff *ip_defrag(struct sk_buff *skb); +-extern void ipfrag_flush(void); ++ ++enum ip_defrag_users ++{ ++ IP_DEFRAG_LOCAL_DELIVER, ++ IP_DEFRAG_CALL_RA_CHAIN, ++ IP_DEFRAG_CONNTRACK_IN, ++ IP_DEFRAG_CONNTRACK_OUT, ++ IP_DEFRAG_NAT_OUT, ++ IP_DEFRAG_VS_OUT, ++ IP_DEFRAG_VS_FWD ++}; ++ ++struct sk_buff *ip_defrag(struct sk_buff *skb, u32 user); + extern int ip_frag_nqueues; + extern atomic_t ip_frag_mem; + +diff -Naru a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c +--- a/net/ipv4/ip_fragment.c 2005-03-29 07:28:22 -08:00 ++++ b/net/ipv4/ip_fragment.c 2005-03-29 07:28:22 -08:00 +@@ -72,6 +72,7 @@ + struct ipq { + struct ipq *next; /* linked list pointers */ + struct list_head lru_list; /* lru list member */ ++ u32 user; + u32 saddr; + u32 daddr; + u16 id; +@@ -242,13 +243,13 @@ + /* Memory limiting on fragments. Evictor trashes the oldest + * fragment queue until we are back under the threshold. + */ +-static void __ip_evictor(int threshold) ++static void ip_evictor(void) + { + struct ipq *qp; + struct list_head *tmp; + int work; + +- work = atomic_read(&ip_frag_mem) - threshold; ++ work = atomic_read(&ip_frag_mem) - sysctl_ipfrag_low_thresh; + if (work <= 0) + return; + +@@ -273,11 +274,6 @@ + } + } + +-static inline void ip_evictor(void) +-{ +- __ip_evictor(sysctl_ipfrag_low_thresh); +-} +- + /* + * Oops, a fragment queue timed out. Kill it and send an ICMP reply. + */ +@@ -324,7 +320,8 @@ + if(qp->id == qp_in->id && + qp->saddr == qp_in->saddr && + qp->daddr == qp_in->daddr && +- qp->protocol == qp_in->protocol) { ++ qp->protocol == qp_in->protocol && ++ qp->user == qp_in->user) { + atomic_inc(&qp->refcnt); + write_unlock(&ipfrag_lock); + qp_in->last_in |= COMPLETE; +@@ -351,7 +348,7 @@ + } + + /* Add an entry to the 'ipq' queue for a newly received IP datagram. */ +-static struct ipq *ip_frag_create(unsigned hash, struct iphdr *iph) ++static struct ipq *ip_frag_create(unsigned hash, struct iphdr *iph, u32 user) + { + struct ipq *qp; + +@@ -363,6 +360,7 @@ + qp->id = iph->id; + qp->saddr = iph->saddr; + qp->daddr = iph->daddr; ++ qp->user = user; + qp->len = 0; + qp->meat = 0; + qp->fragments = NULL; +@@ -385,7 +383,7 @@ + /* Find the correct entry in the "incomplete datagrams" queue for + * this IP datagram, and create new one, if nothing is found. + */ +-static inline struct ipq *ip_find(struct iphdr *iph) ++static inline struct ipq *ip_find(struct iphdr *iph, u32 user) + { + __u16 id = iph->id; + __u32 saddr = iph->saddr; +@@ -399,7 +397,8 @@ + if(qp->id == id && + qp->saddr == saddr && + qp->daddr == daddr && +- qp->protocol == protocol) { ++ qp->protocol == protocol && ++ qp->user == user) { + atomic_inc(&qp->refcnt); + read_unlock(&ipfrag_lock); + return qp; +@@ -407,7 +406,7 @@ + } + read_unlock(&ipfrag_lock); + +- return ip_frag_create(hash, iph); ++ return ip_frag_create(hash, iph, user); + } + + /* Add new segment to existing queue. */ +@@ -641,7 +640,7 @@ + } + + /* Process an incoming IP datagram fragment. */ +-struct sk_buff *ip_defrag(struct sk_buff *skb) ++struct sk_buff *ip_defrag(struct sk_buff *skb, u32 user) + { + struct iphdr *iph = skb->nh.iph; + struct ipq *qp; +@@ -656,7 +655,7 @@ + dev = skb->dev; + + /* Lookup (or create) queue header */ +- if ((qp = ip_find(iph)) != NULL) { ++ if ((qp = ip_find(iph, user)) != NULL) { + struct sk_buff *ret = NULL; + + spin_lock(&qp->lock); +@@ -686,9 +685,4 @@ + ipfrag_secret_timer.function = ipfrag_secret_rebuild; + ipfrag_secret_timer.expires = jiffies + sysctl_ipfrag_secret_interval; + add_timer(&ipfrag_secret_timer); +-} +- +-void ipfrag_flush(void) +-{ +- __ip_evictor(0); + } +diff -Naru a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c +--- a/net/ipv4/ip_input.c 2005-03-29 07:28:22 -08:00 ++++ b/net/ipv4/ip_input.c 2005-03-29 07:28:22 -08:00 +@@ -170,7 +170,7 @@ + && ((sk->bound_dev_if == 0) + || (sk->bound_dev_if == skb->dev->ifindex))) { + if (skb->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { +- skb = ip_defrag(skb); ++ skb = ip_defrag(skb, IP_DEFRAG_CALL_RA_CHAIN); + if (skb == NULL) { + read_unlock(&ip_ra_lock); + return 1; +@@ -291,7 +291,7 @@ + */ + + if (skb->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { +- skb = ip_defrag(skb); ++ skb = ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER); + if (!skb) + return 0; + } +diff -Naru a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c +--- a/net/ipv4/ipvs/ip_vs_core.c 2005-03-29 07:28:22 -08:00 ++++ b/net/ipv4/ipvs/ip_vs_core.c 2005-03-29 07:28:22 -08:00 +@@ -506,7 +506,7 @@ + + /* reassemble IP fragments, but will it happen in ICMP packets?? */ + if (skb->nh.iph->frag_off & __constant_htons(IP_MF|IP_OFFSET)) { +- skb = ip_defrag(skb); ++ skb = ip_defrag(skb, IP_DEFRAG_VS_OUT); + if (!skb) + return NF_STOLEN; + *skb_p = skb; +@@ -658,7 +658,7 @@ + + /* reassemble IP fragments */ + if (iph->frag_off & __constant_htons(IP_MF|IP_OFFSET)) { +- skb = ip_defrag(skb); ++ skb = ip_defrag(skb, IP_DEFRAG_VS_OUT); + if (!skb) + return NF_STOLEN; + iph = skb->nh.iph; +@@ -1164,7 +1164,7 @@ + return NF_ACCEPT; + + if (iph->frag_off & __constant_htons(IP_MF|IP_OFFSET)) { +- skb = ip_defrag(skb); ++ skb = ip_defrag(skb, IP_DEFRAG_VS_FWD); + if (!skb) + return NF_STOLEN; + *skb_p = skb; +diff -Naru a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c +--- a/net/ipv4/netfilter/ip_conntrack_core.c 2005-03-29 07:28:22 -08:00 ++++ b/net/ipv4/netfilter/ip_conntrack_core.c 2005-03-29 07:28:22 -08:00 +@@ -834,7 +834,10 @@ + + /* Gather fragments. */ + if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { +- *pskb = ip_ct_gather_frags(*pskb); ++ *pskb = ip_ct_gather_frags(*pskb, ++ hooknum == NF_IP_PRE_ROUTING ? ++ IP_DEFRAG_CONNTRACK_IN : ++ IP_DEFRAG_CONNTRACK_OUT); + if (!*pskb) + return NF_STOLEN; + } +@@ -1183,29 +1186,22 @@ + WRITE_UNLOCK(&ip_conntrack_lock); + } + +-int ip_ct_no_defrag; +- + /* Returns new sk_buff, or NULL */ + struct sk_buff * +-ip_ct_gather_frags(struct sk_buff *skb) ++ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user) + { + struct sock *sk = skb->sk; + #ifdef CONFIG_NETFILTER_DEBUG + unsigned int olddebug = skb->nf_debug; + #endif + +- if (unlikely(ip_ct_no_defrag)) { +- kfree_skb(skb); +- return NULL; +- } +- + if (sk) { + sock_hold(sk); + skb_orphan(skb); + } + + local_bh_disable(); +- skb = ip_defrag(skb); ++ skb = ip_defrag(skb, user); + local_bh_enable(); + + if (!skb) { +diff -Naru a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c +--- a/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-03-29 07:28:22 -08:00 ++++ b/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-03-29 07:28:22 -08:00 +@@ -393,13 +393,6 @@ + cleanup_inandlocalops: + nf_unregister_hook(&ip_conntrack_local_out_ops); + cleanup_inops: +- /* Frag queues may hold fragments with skb->dst == NULL */ +- ip_ct_no_defrag = 1; +- local_bh_disable(); +- br_write_lock(BR_NETPROTO_LOCK); +- br_write_unlock(BR_NETPROTO_LOCK); +- ipfrag_flush(); +- local_bh_enable(); + nf_unregister_hook(&ip_conntrack_in_ops); + cleanup_proc: + proc_net_remove("ip_conntrack"); +diff -Naru a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c +--- a/net/ipv4/netfilter/ip_nat_standalone.c 2005-03-29 07:28:22 -08:00 ++++ b/net/ipv4/netfilter/ip_nat_standalone.c 2005-03-29 07:28:22 -08:00 +@@ -201,7 +201,7 @@ + I'm starting to have nightmares about fragments. */ + + if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { +- *pskb = ip_ct_gather_frags(*pskb); ++ *pskb = ip_ct_gather_frags(*pskb, IP_DEFRAG_NAT_OUT); + + if (!*pskb) + return NF_STOLEN; +diff -Naru a/net/netsyms.c b/net/netsyms.c +--- a/net/netsyms.c 2005-03-29 07:28:22 -08:00 ++++ b/net/netsyms.c 2005-03-29 07:28:22 -08:00 +@@ -287,7 +287,6 @@ + EXPORT_SYMBOL(inetdev_by_index); + EXPORT_SYMBOL(in_dev_finish_destroy); + EXPORT_SYMBOL(ip_defrag); +-EXPORT_SYMBOL(ipfrag_flush); + + /* Route manipulation */ + EXPORT_SYMBOL(ip_rt_ioctl); +# This is a BitKeeper generated diff -Nru style patch. +# +# ChangeSet +# 2005/01/26 22:04:53-08:00 kaber@trash.net +# [IPV4]: Keep fragment queues private to each user. +# +# Signed-off-by: Patrick McHardy +# Signed-off-by: David S. Miller +# +# include/linux/netfilter_ipv4/ip_conntrack.h +# 2005/01/26 22:04:47-08:00 kaber@trash.net +1 -2 +# [IPV4]: Keep fragment queues private to each user. +# +# Signed-off-by: Patrick McHardy +# Signed-off-by: David S. Miller +# +# include/net/ip.h +# 2005/01/26 22:04:47-08:00 kaber@trash.net +13 -3 +# [IPV4]: Keep fragment queues private to each user. +# +# Signed-off-by: Patrick McHardy +# Signed-off-by: David S. Miller +# +# net/ipv4/ip_fragment.c +# 2005/01/26 22:04:47-08:00 kaber@trash.net +13 -19 +# [IPV4]: Keep fragment queues private to each user. +# +# Signed-off-by: Patrick McHardy +# Signed-off-by: David S. Miller +# +# net/ipv4/ip_input.c +# 2005/01/26 22:04:47-08:00 kaber@trash.net +2 -2 +# [IPV4]: Keep fragment queues private to each user. +# +# Signed-off-by: Patrick McHardy +# Signed-off-by: David S. Miller +# +# net/ipv4/ipvs/ip_vs_core.c +# 2005/01/26 22:04:47-08:00 kaber@trash.net +3 -3 +# [IPV4]: Keep fragment queues private to each user. +# +# Signed-off-by: Patrick McHardy +# Signed-off-by: David S. Miller +# +# net/ipv4/netfilter/ip_conntrack_core.c +# 2005/01/26 22:04:47-08:00 kaber@trash.net +6 -10 +# [IPV4]: Keep fragment queues private to each user. +# +# Signed-off-by: Patrick McHardy +# Signed-off-by: David S. Miller +# +# net/ipv4/netfilter/ip_conntrack_standalone.c +# 2005/01/26 22:04:48-08:00 kaber@trash.net +0 -7 +# [IPV4]: Keep fragment queues private to each user. +# +# Signed-off-by: Patrick McHardy +# Signed-off-by: David S. Miller +# +# net/ipv4/netfilter/ip_nat_standalone.c +# 2005/01/26 22:04:48-08:00 kaber@trash.net +1 -1 +# [IPV4]: Keep fragment queues private to each user. +# +# Signed-off-by: Patrick McHardy +# Signed-off-by: David S. Miller +# +# net/netsyms.c +# 2005/01/26 22:04:48-08:00 kaber@trash.net +0 -1 +# [IPV4]: Keep fragment queues private to each user. +# +# Signed-off-by: Patrick McHardy +# Signed-off-by: David S. Miller +# diff --git a/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.81295.patch b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.81295.patch new file mode 100644 index 000000000000..e14e7190e716 --- /dev/null +++ b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.81295.patch @@ -0,0 +1,270 @@ +diff -Naru a/arch/mips64/kernel/linux32.c b/arch/mips64/kernel/linux32.c +--- a/arch/mips64/kernel/linux32.c 2005-04-15 13:46:27 -07:00 ++++ b/arch/mips64/kernel/linux32.c 2005-04-15 13:46:27 -07:00 +@@ -1088,11 +1088,9 @@ + i--; + } + +- inode = file->f_dentry->d_inode; + /* VERIFY_WRITE actually means a read, as we write to user space */ +- retval = locks_verify_area((type == VERIFY_WRITE +- ? FLOCK_VERIFY_READ : FLOCK_VERIFY_WRITE), +- inode, file, file->f_pos, tot_len); ++ retval = rw_verify_area((type == VERIFY_WRITE ? READ : WRITE), ++ file, &file->f_pos, tot_len); + if (retval) { + if (iov != iovstack) + kfree(iov); +diff -Naru a/arch/parisc/kernel/sys_parisc32.c b/arch/parisc/kernel/sys_parisc32.c +--- a/arch/parisc/kernel/sys_parisc32.c 2005-04-15 13:46:27 -07:00 ++++ b/arch/parisc/kernel/sys_parisc32.c 2005-04-15 13:46:27 -07:00 +@@ -1671,11 +1671,9 @@ + i--; + } + +- inode = file->f_dentry->d_inode; + /* VERIFY_WRITE actually means a read, as we write to user space */ +- retval = locks_verify_area((type == VERIFY_WRITE +- ? FLOCK_VERIFY_READ : FLOCK_VERIFY_WRITE), +- inode, file, file->f_pos, tot_len); ++ retval = rw_verify_area((type == VERIFY_WRITE ? READ : WRITE), ++ file, &file->f_pos, tot_len); + if (retval) { + if (iov != iovstack) + kfree(iov); +diff -Naru a/arch/ppc64/kernel/sys_ppc32.c b/arch/ppc64/kernel/sys_ppc32.c +--- a/arch/ppc64/kernel/sys_ppc32.c 2005-04-15 13:46:27 -07:00 ++++ b/arch/ppc64/kernel/sys_ppc32.c 2005-04-15 13:46:27 -07:00 +@@ -183,11 +183,9 @@ + i--; + } + +- inode = file->f_dentry->d_inode; + /* VERIFY_WRITE actually means a read, as we write to user space */ +- retval = locks_verify_area((type == VERIFY_WRITE +- ? FLOCK_VERIFY_READ : FLOCK_VERIFY_WRITE), +- inode, file, file->f_pos, tot_len); ++ retval = rw_verify_area((type == VERIFY_WRITE ? READ : WRITE), ++ file, &file->f_pos, tot_len); + if (retval) { + if (iov != iovstack) + kfree(iov); +diff -Naru a/arch/s390x/kernel/linux32.c b/arch/s390x/kernel/linux32.c +--- a/arch/s390x/kernel/linux32.c 2005-04-15 13:46:27 -07:00 ++++ b/arch/s390x/kernel/linux32.c 2005-04-15 13:46:27 -07:00 +@@ -1108,7 +1108,6 @@ + unsigned long tot_len; + struct iovec iovstack[UIO_FASTIOV]; + struct iovec *iov=iovstack, *ivp; +- struct inode *inode; + long retval, i; + io_fn_t fn; + iov_fn_t fnv; +@@ -1145,11 +1144,9 @@ + i--; + } + +- inode = file->f_dentry->d_inode; + /* VERIFY_WRITE actually means a read, as we write to user space */ +- retval = locks_verify_area((type == VERIFY_WRITE +- ? FLOCK_VERIFY_READ : FLOCK_VERIFY_WRITE), +- inode, file, file->f_pos, tot_len); ++ retval = rw_verify_area((type == VERIFY_WRITE ? READ : WRITE), ++ file, &file->f_pos, tot_len); + if (retval) + goto out; + +diff -Naru a/arch/sparc64/kernel/sys_sparc32.c b/arch/sparc64/kernel/sys_sparc32.c +--- a/arch/sparc64/kernel/sys_sparc32.c 2005-04-15 13:46:27 -07:00 ++++ b/arch/sparc64/kernel/sys_sparc32.c 2005-04-15 13:46:27 -07:00 +@@ -1093,7 +1093,6 @@ + __kernel_ssize_t32 tot_len; + struct iovec iovstack[UIO_FASTIOV]; + struct iovec *iov=iovstack, *ivp; +- struct inode *inode; + long retval, i; + io_fn_t fn; + iov_fn_t fnv; +@@ -1140,11 +1139,9 @@ + i--; + } + +- inode = file->f_dentry->d_inode; + /* VERIFY_WRITE actually means a read, as we write to user space */ +- retval = locks_verify_area((type == VERIFY_WRITE +- ? FLOCK_VERIFY_READ : FLOCK_VERIFY_WRITE), +- inode, file, file->f_pos, tot_len); ++ retval = rw_verify_area((type == VERIFY_WRITE ? READ : WRITE), ++ file, &file->f_pos, tot_len); + if (retval) + goto out; + +diff -Naru a/fs/file_table.c b/fs/file_table.c +--- a/fs/file_table.c 2005-04-15 13:46:27 -07:00 ++++ b/fs/file_table.c 2005-04-15 13:46:27 -07:00 +@@ -46,6 +46,7 @@ + f->f_version = ++event; + f->f_uid = current->fsuid; + f->f_gid = current->fsgid; ++ f->f_maxcount = INT_MAX; + list_add(&f->f_list, &anon_list); + file_list_unlock(); + return f; +@@ -92,6 +92,8 @@ + filp->f_uid = current->fsuid; + filp->f_gid = current->fsgid; + filp->f_op = dentry->d_inode->i_fop; ++ filp->f_maxcount = INT_MAX; ++ + if (filp->f_op->open) + return filp->f_op->open(dentry->d_inode, filp); + else +diff -Naru a/fs/read_write.c b/fs/read_write.c +--- a/fs/read_write.c 2005-04-15 13:46:27 -07:00 ++++ b/fs/read_write.c 2005-04-15 13:46:27 -07:00 +@@ -40,6 +40,28 @@ + return -EISDIR; + } + ++int rw_verify_area(int read_write, struct file *file, loff_t *ppos, size_t count) ++{ ++ struct inode *inode; ++ loff_t pos; ++ ++ if (unlikely(count > file->f_maxcount)) ++ goto Einval; ++ ++ pos = *ppos; ++ ++ if (unlikely((pos < 0) || (loff_t) (pos + count) < 0)) ++ goto Einval; ++ ++ inode = file->f_dentry->d_inode; ++ if (inode->i_flock && MANDATORY_LOCK(inode)) ++ return locks_mandatory_area(read_write == READ ? FLOCK_VERIFY_READ : FLOCK_VERIFY_WRITE, inode, file, *ppos, count); ++ return 0; ++ ++Einval: ++ return -EINVAL; ++} ++ + loff_t generic_file_llseek(struct file *file, loff_t offset, int origin) + { + long long retval; +@@ -168,8 +190,8 @@ + file = fget(fd); + if (file) { + if (file->f_mode & FMODE_READ) { +- ret = locks_verify_area(FLOCK_VERIFY_READ, file->f_dentry->d_inode, +- file, file->f_pos, count); ++ ret = rw_verify_area(READ, file, &file->f_pos, count); ++ + if (!ret) { + ssize_t (*read)(struct file *, char *, size_t, loff_t *); + ret = -EINVAL; +@@ -193,9 +215,7 @@ + file = fget(fd); + if (file) { + if (file->f_mode & FMODE_WRITE) { +- struct inode *inode = file->f_dentry->d_inode; +- ret = locks_verify_area(FLOCK_VERIFY_WRITE, inode, file, +- file->f_pos, count); ++ ret = rw_verify_area(WRITE, file, &file->f_pos, count); + if (!ret) { + ssize_t (*write)(struct file *, const char *, size_t, loff_t *); + ret = -EINVAL; +@@ -224,7 +244,6 @@ + ssize_t ret, i; + io_fn_t fn; + iov_fn_t fnv; +- struct inode *inode; + + /* + * First get the "struct iovec" from user memory and +@@ -275,12 +294,11 @@ + goto out; + } + +- inode = file->f_dentry->d_inode; + /* VERIFY_WRITE actually means a read, as we write to user space */ +- ret = locks_verify_area((type == VERIFY_WRITE +- ? FLOCK_VERIFY_READ : FLOCK_VERIFY_WRITE), +- inode, file, file->f_pos, tot_len); +- if (ret) goto out; ++ ret = rw_verify_area((type == VERIFY_WRITE ? READ : WRITE), ++ file, &file->f_pos, tot_len); ++ if (ret) ++ goto out; + + fnv = (type == VERIFY_WRITE ? file->f_op->readv : file->f_op->writev); + if (fnv) { +@@ -383,8 +401,8 @@ + goto bad_file; + if (!(file->f_mode & FMODE_READ)) + goto out; +- ret = locks_verify_area(FLOCK_VERIFY_READ, file->f_dentry->d_inode, +- file, pos, count); ++ ret = rw_verify_area(READ, file, &pos, count); ++ + if (ret) + goto out; + ret = -EINVAL; +@@ -414,8 +432,8 @@ + goto bad_file; + if (!(file->f_mode & FMODE_WRITE)) + goto out; +- ret = locks_verify_area(FLOCK_VERIFY_WRITE, file->f_dentry->d_inode, +- file, pos, count); ++ ret = rw_verify_area(WRITE, file, &pos, count); ++ + if (ret) + goto out; + ret = -EINVAL; +diff -Naru a/include/linux/fs.h b/include/linux/fs.h +--- a/include/linux/fs.h 2005-04-15 13:46:27 -07:00 ++++ b/include/linux/fs.h 2005-04-15 13:46:27 -07:00 +@@ -576,6 +576,7 @@ + unsigned int f_uid, f_gid; + int f_error; + ++ size_t f_maxcount; + unsigned long f_version; + + /* needed for tty driver, and maybe others */ +@@ -1056,14 +1057,7 @@ + return 0; + } + +-static inline int locks_verify_area(int read_write, struct inode *inode, +- struct file *filp, loff_t offset, +- size_t count) +-{ +- if (inode->i_flock && MANDATORY_LOCK(inode)) +- return locks_mandatory_area(read_write, inode, filp, offset, count); +- return 0; +-} ++extern int rw_verify_area(int, struct file *, loff_t *, size_t); + + static inline int locks_verify_truncate(struct inode *inode, + struct file *filp, +diff -Naru a/mm/filemap.c b/mm/filemap.c +--- a/mm/filemap.c 2005-04-15 13:46:27 -07:00 ++++ b/mm/filemap.c 2005-04-15 13:46:27 -07:00 +@@ -1870,7 +1870,7 @@ + goto fput_in; + if (!in_inode->i_mapping->a_ops->readpage) + goto fput_in; +- retval = locks_verify_area(FLOCK_VERIFY_READ, in_inode, in_file, in_file->f_pos, count); ++ retval = rw_verify_area(READ, in_file, &in_file->f_pos, count); + if (retval) + goto fput_in; + +@@ -1887,7 +1887,7 @@ + if (!out_file->f_op || !out_file->f_op->write) + goto fput_out; + out_inode = out_file->f_dentry->d_inode; +- retval = locks_verify_area(FLOCK_VERIFY_WRITE, out_inode, out_file, out_file->f_pos, count); ++ retval = rw_verify_area(WRITE, out_file, &out_file->f_pos, count); + if (retval) + goto fput_out; + diff --git a/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.82201.patch b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.82201.patch new file mode 100644 index 000000000000..25f385893926 --- /dev/null +++ b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.82201.patch @@ -0,0 +1,12 @@ +diff -urN linux-2.5/drivers/net/ppp_async.c test/drivers/net/ppp_async.c +--- linux-2.5/drivers/net/ppp_async.c 2005-01-21 16:02:12.000000000 +1100 ++++ test/drivers/net/ppp_async.c 2005-02-25 10:38:05.000000000 +1100 +@@ -1000,7 +1000,7 @@ + data += 4; + dlen -= 4; + /* data[0] is code, data[1] is length */ +- while (dlen >= 2 && dlen >= data[1]) { ++ while (dlen >= 2 && dlen >= data[1] && data[1] >= 2) { + switch (data[0]) { + case LCP_MRU: + val = (data[2] << 8) + data[3]; diff --git a/sys-kernel/gentoo-sources/gentoo-sources-2.4.28-r8.ebuild b/sys-kernel/gentoo-sources/gentoo-sources-2.4.28-r8.ebuild deleted file mode 100644 index 66c53171954a..000000000000 --- a/sys-kernel/gentoo-sources/gentoo-sources-2.4.28-r8.ebuild +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.28-r8.ebuild,v 1.2 2005/03/13 22:44:44 plasmaroo Exp $ - -ETYPE="sources" -inherit kernel-2 -detect_version - -KEYWORDS="x86 -ppc" -IUSE='' - -UNIPATCH_STRICTORDER='Y' -UNIPATCH_LIST="${DISTDIR}/${PF/r8/r4}.tar.bz2 - ${DISTDIR}/ck-sources-${PV}-CAN-2004-0814.patch - ${FILESDIR}/${PN}-2.4.cmdlineLeak.patch - ${FILESDIR}/${PN}-2.4.binfmt_a.out.patch - ${FILESDIR}/${PN}-2.4.vma.patch - ${FILESDIR}/${PN}-2.4.CAN-2004-1016.patch - ${FILESDIR}/${PN}-2.4.CAN-2004-1056.patch - ${FILESDIR}/${PN}-2.4.CAN-2004-1137.patch - ${FILESDIR}/${PN}-2.4.77094.patch - ${FILESDIR}/${P}.brk-locked.patch - ${FILESDIR}/${PN}-2.4.77666.patch - ${FILESDIR}/${PN}-2.4.78362.patch - ${FILESDIR}/${PN}-2.4.78363.patch - ${FILESDIR}/${PN}-2.4.81106.patch - ${FILESDIR}/${P}.arpFix.patch - ${FILESDIR}/${P}.77181.patch - ${FILESDIR}/${PN}-2.4.PaX-84167.patch" - -DESCRIPTION="Full sources including the Gentoo patchset for the ${KV_MAJOR}.${KV_MINOR} kernel tree" -SRC_URI="${KERNEL_URI} http://dev.gentoo.org/~plasmaroo/patches/kernel/gentoo-sources/${PF/r8/r4}.tar.bz2 - http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/ck-sources-${PV}-CAN-2004-0814.patch" diff --git a/sys-kernel/gentoo-sources/gentoo-sources-2.4.28-r9.ebuild b/sys-kernel/gentoo-sources/gentoo-sources-2.4.28-r9.ebuild new file mode 100644 index 000000000000..ffaf690d4c59 --- /dev/null +++ b/sys-kernel/gentoo-sources/gentoo-sources-2.4.28-r9.ebuild @@ -0,0 +1,36 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.28-r9.ebuild,v 1.1 2005/05/20 19:37:20 plasmaroo Exp $ + +ETYPE="sources" +inherit kernel-2 +detect_version + +KEYWORDS="x86 -ppc" +IUSE='' + +UNIPATCH_STRICTORDER='Y' +UNIPATCH_LIST="${DISTDIR}/${PF/r9/r4}.tar.bz2 + ${DISTDIR}/ck-sources-${PV}-CAN-2004-0814.patch + ${FILESDIR}/${PN}-2.4.cmdlineLeak.patch + ${FILESDIR}/${PN}-2.4.binfmt_a.out.patch + ${FILESDIR}/${PN}-2.4.vma.patch + ${FILESDIR}/${PN}-2.4.CAN-2004-1016.patch + ${FILESDIR}/${PN}-2.4.CAN-2004-1056.patch + ${FILESDIR}/${PN}-2.4.CAN-2004-1137.patch + ${FILESDIR}/${PN}-2.4.77094.patch + ${FILESDIR}/${P}.brk-locked.patch + ${FILESDIR}/${PN}-2.4.77666.patch + ${FILESDIR}/${PN}-2.4.78362.patch + ${FILESDIR}/${PN}-2.4.78363.patch + ${FILESDIR}/${PN}-2.4.81106.patch + ${FILESDIR}/${P}.arpFix.patch + ${FILESDIR}/${P}.77181.patch + ${FILESDIR}/${PN}-2.4.PaX-84167.patch + ${FILESDIR}/${PN}-2.4.81195.patch + ${FILESDIR}/${PN}-2.4.81295.patch + ${FILESDIR}/${PN}-2.4.82201.patch" + +DESCRIPTION="Full sources including the Gentoo patchset for the ${KV_MAJOR}.${KV_MINOR} kernel tree" +SRC_URI="${KERNEL_URI} http://dev.gentoo.org/~plasmaroo/patches/kernel/gentoo-sources/${PF/r9/r4}.tar.bz2 + http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/ck-sources-${PV}-CAN-2004-0814.patch" -- cgit v1.2.3-65-gdbad