Security fixes (#72452).

5 files changed, 141 insertions, 1 deletions

diff --git a/sys-kernel/hppa-sources/ChangeLog b/sys-kernel/hppa-sources/ChangeLog
index 9e71d11612ed..cc6b9b4bd746 100644
--- a/sys-kernel/hppa-sources/ChangeLog
+++ b/sys-kernel/hppa-sources/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for sys-kernel/hppa-sources
 # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hppa-sources/ChangeLog,v 1.45 2004/11/24 17:04:12 gmsoft Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hppa-sources/ChangeLog,v 1.46 2004/12/08 17:32:53 gmsoft Exp $
+
+*hppa-sources-2.4.27_p4-r2 (08 Dec 2004)
+
+  08 Dec 2004; Guy Martin <gmsoft@gentoo.org> +files/CAN-2004-1074.patch,
+  +hppa-sources-2.4.27_p4-r2.ebuild:
+  Security fixes (#72452).
 
 *hppa-sources-2.4.27_p4-r1 (24 Nov 2004)
 
diff --git a/sys-kernel/hppa-sources/Manifest b/sys-kernel/hppa-sources/Manifest
index 5d2186f2fdaa..3ff663b102b0 100644
--- a/sys-kernel/hppa-sources/Manifest
+++ b/sys-kernel/hppa-sources/Manifest
@@ -5,6 +5,7 @@ MD5 ac36567dfb23d8bd364cbdb41d0a7b88 hppa-sources-2.4.26_p7.ebuild 2470
 MD5 d9c3c6e0ec38f69dcddba1cddb6a80dd hppa-sources-2.4.27_p4.ebuild 2077
 MD5 05ed5731534e9423f109cbec1aa7e993 metadata.xml 223
 MD5 0f58f60d72f0cd34f9d45369786a4c2b hppa-sources-2.4.27_p4-r1.ebuild 2419
+MD5 435053ae92008f4ace4274075ec8ae7f hppa-sources-2.4.27_p4-r2.ebuild 2482
 MD5 d4a740ae56c2049247083af387a22a85 files/CAN-2004-0394.patch 350
 MD5 dc18e982f8149588a291956481885a8c files/CAN-2004-0495-2.4-sparse.patch 17549
 MD5 3bdf00d5f80fe9dfbfe8220e076cd04c files/CAN-2004-0497.patch 707
@@ -21,3 +22,5 @@ MD5 1e1fe7bb98c80db4644f4b7fd7dd5d32 files/CAN-2004-0882-0883.patch 3434
 MD5 24c53f49954dab29cfc172d4a3ba1a31 files/binfmt_elf-loader-security.patch 1928
 MD5 c449f3e3ac5fd27c7771268cb03ee5ae files/digest-hppa-sources-2.4.27_p4-r1 302
 MD5 b0a1f80aff51d6601e8924329023b241 files/AF_UNIX-security.patch 515
+MD5 39df49f91309f3c7b23bf87194885f5d files/CAN-2004-1074.patch 1877
+MD5 c449f3e3ac5fd27c7771268cb03ee5ae files/digest-hppa-sources-2.4.27_p4-r2 302
diff --git a/sys-kernel/hppa-sources/files/CAN-2004-1074.patch b/sys-kernel/hppa-sources/files/CAN-2004-1074.patch
new file mode 100644
index 000000000000..11846801b90d
--- /dev/null
+++ b/sys-kernel/hppa-sources/files/CAN-2004-1074.patch
@@ -0,0 +1,63 @@
+diff -uNr linux-2.4.27-pa4-r2.orig/fs/binfmt_aout.c linux-2.4.27-pa4-r2/fs/binfmt_aout.c
+--- linux-2.4.27-pa4-r2.orig/fs/binfmt_aout.c	2004-12-08 18:24:03.899156592 +0100
++++ linux-2.4.27-pa4-r2/fs/binfmt_aout.c	2004-12-08 18:24:25.898812136 +0100
+@@ -39,13 +39,18 @@
+ 	NULL, THIS_MODULE, load_aout_binary, load_aout_library, aout_core_dump, PAGE_SIZE
+ };
+ 
+-static void set_brk(unsigned long start, unsigned long end)
++#define BAD_ADDR(x)	((unsigned long)(x) >= TASK_SIZE)
++
++static int set_brk(unsigned long start, unsigned long end)
+ {
+ 	start = PAGE_ALIGN(start);
+ 	end = PAGE_ALIGN(end);
+-	if (end <= start)
+-		return;
+-	do_brk(start, end - start);
++	if (end > start) {
++		unsigned long addr = do_brk(start, end - start);
++		if (BAD_ADDR(addr))
++			return addr;
++	}
++	return 0;
+ }
+ 
+ /*
+@@ -405,7 +410,11 @@
+ beyond_if:
+ 	set_binfmt(&aout_format);
+ 
+-	set_brk(current->mm->start_brk, current->mm->brk);
++	retval = set_brk(current->mm->start_brk, current->mm->brk);
++	if (retval < 0) {
++		send_sig(SIGKILL, current, 0);
++		return retval;
++	}
+ 
+ 	retval = setup_arg_pages(bprm); 
+ 	if (retval < 0) { 
+diff -uNr linux-2.4.27-pa4-r2.orig/fs/exec.c linux-2.4.27-pa4-r2/fs/exec.c
+--- linux-2.4.27-pa4-r2.orig/fs/exec.c	2004-12-08 18:24:03.808170424 +0100
++++ linux-2.4.27-pa4-r2/fs/exec.c	2004-12-08 18:26:20.552382144 +0100
+@@ -382,6 +382,7 @@
+ 	
+ 	down_write(&current->mm->mmap_sem);
+ 	{
++		struct vm_area_struct *vma;
+ 		mpnt->vm_mm = mm;
+ #ifdef ARCH_STACK_GROWSUP
+ 		mpnt->vm_start = stack_base;
+@@ -397,6 +398,12 @@
+ 		mpnt->vm_pgoff = 0;
+ 		mpnt->vm_file = NULL;
+ 		mpnt->vm_private_data = (void *) 0;
++		vma = find_vma(current->mm, mpnt->vm_start);
++		if (vma) {
++			up_write(&current->mm->mmap_sem);
++			kmem_cache_free(vm_area_cachep, mpnt);
++			return -ENOMEM;
++		}
+ 		insert_vm_struct(mm, mpnt);
+ 		mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
+ 	} 
diff --git a/sys-kernel/hppa-sources/files/digest-hppa-sources-2.4.27_p4-r2 b/sys-kernel/hppa-sources/files/digest-hppa-sources-2.4.27_p4-r2
new file mode 100644
index 000000000000..ed0632124e01
--- /dev/null
+++ b/sys-kernel/hppa-sources/files/digest-hppa-sources-2.4.27_p4-r2
@@ -0,0 +1,4 @@
+MD5 59a2e6fde1d110e2ffa20351ac8b4d9e linux-2.4.27.tar.bz2 30898453
+MD5 e6ee93aafa687932abd2c09fca43d4c3 patch-2.4.27-pa4.gz 727846
+MD5 010fe6b49e97365f12ce3f70376d5eb0 parisc-2.4.23-pa4-missing-ioctl-translations.diff 18091
+MD5 2758cec1dc37d4069a42fc7544599860 lasi-config-max-tag-queue-dep.patch 1455
diff --git a/sys-kernel/hppa-sources/hppa-sources-2.4.27_p4-r2.ebuild b/sys-kernel/hppa-sources/hppa-sources-2.4.27_p4-r2.ebuild
new file mode 100644
index 000000000000..de74da3b83ae
--- /dev/null
+++ b/sys-kernel/hppa-sources/hppa-sources-2.4.27_p4-r2.ebuild
@@ -0,0 +1,64 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hppa-sources/hppa-sources-2.4.27_p4-r2.ebuild,v 1.1 2004/12/08 17:32:53 gmsoft Exp $
+#OKV=original kernel version, KV=patched kernel version.  They can be the same.
+
+ETYPE="sources"
+inherit kernel eutils
+OKV="${PV/_p*/}"
+PATCH_LEVEL="${PV/${OKV}_p/}"
+EXTRAVERSION="-pa${PATCH_LEVEL}"
+[ ! "${PR}" = "r0" ] && EXTRAVERSION="${EXTRAVERSION}-${PR}"
+KV="${OKV}${EXTRAVERSION}"
+
+S=${WORKDIR}/linux-${KV}
+
+
+DESCRIPTION="Full sources for the Linux kernel with patch for hppa"
+SRC_URI="mirror://kernel/linux/kernel/v2.4/linux-${OKV}.tar.bz2 http://ftp.parisc-linux.org/cvs/linux-2.4/patch-${OKV}-pa${PATCH_LEVEL}.gz
+http://dev.gentoo.org/~gmsoft/patches/parisc-2.4.23-pa4-missing-ioctl-translations.diff http://dev.gentoo.org/~gmsoft/patches/lasi-config-max-tag-queue-dep.patch"
+HOMEPAGE="http://www.kernel.org/ http://www.gentoo.org/ http://parisc-linux.org"
+KEYWORDS="hppa -*"
+IUSE=""
+SLOT="${KV}"
+
+
+src_unpack() {
+	unpack linux-${OKV}.tar.bz2
+	mv ${WORKDIR}/linux-${OKV} ${WORKDIR}/linux-${KV}
+	cd ${S}
+
+	einfo Applying ${OKV}-pa${PATCH_LEVEL}.gz
+	zcat ${DISTDIR}/patch-${OKV}-pa${PATCH_LEVEL}.gz | patch -sp 1
+
+	DEFCONFIG="${S}/arch/parisc/defconfig"
+
+	# Tweaks the default configuration
+
+	# Enable stuff
+	for i in CONFIG_SERIAL_NONSTANDARD CONFIG_PDC_CONSOLE CONFIG_DEVFS_FS \
+		CONFIG_USB CONFIG_USB_OHCI CONFIG_USB_HID CONFIG_USB_HIDINPUT \
+		CONFIG_CRC32 CONFIG_BLK_STATS CONFIG_TMPFS
+	do
+		sed -i -e "s/^.*${i}\ .*$//" "${DEFCONFIG}"
+		echo "${i}=y" >> "${DEFCONFIG}"
+	done
+
+	# Disable stuff
+	for i in CONFIG_HOTPLUG CONFIG_PARPORT CONFIG_BLK_DEV_RAM CONFIG_MD \
+		CONFIG_CRYPTO CONFIG_DEVPTS_FS
+	do
+		sed -i -e "s/^.*${i}=.*$/# ${i} is not set/" "${DEFCONFIG}"
+	done
+
+	epatch ${DISTDIR}/parisc-2.4.23-pa4-missing-ioctl-translations.diff || die "Failed to patch missing ioctls translations!"
+	epatch ${DISTDIR}/lasi-config-max-tag-queue-dep.patch || die "Failed to patch lasi config max taq queue!"
+	epatch ${FILESDIR}/NFS-XDR-security.patch || die "Patch failed!"
+	epatch ${FILESDIR}/CAN-2004-0814.patch || die "Patch failed!"
+	epatch ${FILESDIR}/CAN-2004-1074.patch || die "Patch failed!"
+	epatch ${FILESDIR}/binfmt_elf-loader-security.patch || die "Patch failed!"
+	epatch ${FILESDIR}/CAN-2004-0882-0883.patch || die "Patch failed!"
+	epatch ${FILESDIR}/AF_UNIX-security.patch || die "Patch failed!"
+
+	kernel_universal_unpack
+}