RSBAC JAIL Security fix (#55698 and rsbac.org)

5 files changed, 38 insertions, 21 deletions

diff --git a/sys-kernel/rsbac-sources/ChangeLog b/sys-kernel/rsbac-sources/ChangeLog
index 342285735a60..b556eb281d47 100644
--- a/sys-kernel/rsbac-sources/ChangeLog
+++ b/sys-kernel/rsbac-sources/ChangeLog
@@ -1,17 +1,25 @@
 # ChangeLog for sys-kernel/rsbac-sources
 # Copyright 2000-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-sources/ChangeLog,v 1.9 2004/06/30 11:42:15 kang Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-sources/ChangeLog,v 1.10 2004/06/30 18:54:52 kang Exp $
 
-*rsbac-sources-2.4.26 (24 Jun 2004)
+*rsbac-sources-2.4.26-r2 (30 Jun 2004)
 
-  29 Jun 2004; Guillaume Destuynder <kang@gentoo.org>:
-  -rsbac-sources-2.4.26.ebuild
-  +rsbac-sources-2.4.26-r1.ebuild
-  +files/rsbac-sources-2.4.CAN-2004-0495.patch
-  +files/ rsbac-sources-2.4.CAN-2004-0535.patch
+  30 Jun 2004; Guillaume Destuynder <kang@gentoo.org>:
+  +files/rsbac-sources-v1.2.3-3.patch,
+  +rsbac-sources-2.4.26-r2.ebuild:
+  JAIL Security fix, see http://rsbac.org/download/bugfixes/
+
+*rsbac-sources-2.4.26-r1 (29 Jun 2004)
 
+  29 Jun 2004; Guillaume Destuynder <kang@gentoo.org>:
+  -rsbac-sources-2.4.26.ebuild,
+  +rsbac-sources-2.4.26-r1.ebuild,
+  +files/rsbac-sources-2.4.CAN-2004-0495.patch,
+  +files/ rsbac-sources-2.4.CAN-2004-0535.patch:
   Security bump with fixes for 2.4.26
 
+*rsbac-sources-2.4.26 (24 Jun 2004)
+
   24 Jun 2004; Guillaume Destuynder <kang@gentoo.org>:
   Initial import.  Ebuild submitted by zhware <zhware@gentoo.org>
   Added 1.2.3-1 security bugfixe from rsbac.org
diff --git a/sys-kernel/rsbac-sources/Manifest b/sys-kernel/rsbac-sources/Manifest
index e5674c46041b..d7dd8fd4e0e3 100644
--- a/sys-kernel/rsbac-sources/Manifest
+++ b/sys-kernel/rsbac-sources/Manifest
@@ -1,18 +1,11 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
 MD5 fee9abc7797fef753c42454679bae9a7 metadata.xml 456
 MD5 0da12f900fa66c34a72182db28a0fa75 rsbac-sources-2.4.26-r1.ebuild 1326
+MD5 df01365e198651561e506a5967ee3e99 rsbac-sources-2.4.26-r2.ebuild 1362
+MD5 7033a296632e0d7e99a4fbdc8c72e09d ChangeLog 962
 MD5 6d506c130dcc9ffb170ebc2472c1fbdc rsbac-sources-2.4.26.ebuild 1237
-MD5 90fab63a76abd44a4b325ff68d8061c7 ChangeLog 688
 MD5 0f66013f643c79c97fda489618a4e2fd files/rsbac-sources-2.4.CAN-2004-0535.patch 476
 MD5 dc18e982f8149588a291956481885a8c files/rsbac-sources-2.4.CAN-2004-0495.patch 17549
 MD5 6f7531a1113b6ecc54c506b918d40e95 files/digest-rsbac-sources-2.4.26-r1 207
 MD5 6f7531a1113b6ecc54c506b918d40e95 files/digest-rsbac-sources-2.4.26 207
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.2.4 (GNU/Linux)
-
-iD8DBQFA4qgUJUNS2Y9cV5ERAsIFAJ9xSt/RvEYz2MqTxaJXnE2q1V6CGgCeLN2n
-lQK3d/bLMmKuQH1ABuLUSh8=
-=vtoG
------END PGP SIGNATURE-----
+MD5 a869ab037c7e264df5f8e899864f08e9 files/rsbac-sources-v1.2.3-3.patch 557
+MD5 6f7531a1113b6ecc54c506b918d40e95 files/digest-rsbac-sources-2.4.26-r2 207
diff --git a/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.4.26-r2 b/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.4.26-r2
new file mode 100644
index 000000000000..2d70a2ab07f6
--- /dev/null
+++ b/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.4.26-r2
@@ -0,0 +1,3 @@
+MD5 88d7aefa03c92739cb70298a0b486e2c linux-2.4.26.tar.bz2 30772389
+MD5 f3759250e9c4bb5ccb773174fafe0ba7 rsbac-v1.2.3.tar.bz2 489127
+MD5 26604fdd9cc696510c65b5db124c7527 rsbac-patches-2.4-26.7.tar.bz2 294589
diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-v1.2.3-3.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-v1.2.3-3.patch
new file mode 100644
index 000000000000..90484797584c
--- /dev/null
+++ b/sys-kernel/rsbac-sources/files/rsbac-sources-v1.2.3-3.patch
@@ -0,0 +1,10 @@
+--- linux-2.4.26-rsbac-v1.2.3/rsbac/adf/jail/jail_main.c.sik	2004-06-08 11:37:30.000000000 +0200
++++ linux-2.4.26-rsbac-v1.2.3/rsbac/adf/jail/jail_main.c	2004-06-30 09:27:42.000000000 +0200
+@@ -396,6 +396,7 @@
+                   if(   (attr == A_create_data)
+                      && (   S_ISCHR(attr_val.create_data.mode)
+                          || S_ISBLK(attr_val.create_data.mode)
++                         || (attr_val.create_data.mode & (S_ISUID | S_ISGID))
+                         )
+                     )
+                     return NOT_GRANTED;
diff --git a/sys-kernel/rsbac-sources/rsbac-sources-2.4.26.ebuild b/sys-kernel/rsbac-sources/rsbac-sources-2.4.26-r2.ebuild
index 12c976778a3d..f1cb311c2e62 100644
--- a/sys-kernel/rsbac-sources/rsbac-sources-2.4.26.ebuild
+++ b/sys-kernel/rsbac-sources/rsbac-sources-2.4.26-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-sources/rsbac-sources-2.4.26.ebuild,v 1.1 2004/06/26 20:54:14 kang Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-sources/rsbac-sources-2.4.26-r2.ebuild,v 1.1 2004/06/30 18:54:52 kang Exp $
 
 IUSE=""
 ETYPE="sources"
@@ -16,11 +16,14 @@ RGPV=26.7
 RGPV_SRC="mirror://rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2 http://dev.gentoo.org/~zhware/rsbac/v${RSBACV}/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2"
 
 UNIPATCH_STRICTORDER="yes"
-UNIPATCH_LIST="${DISTDIR}/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2"
+UNIPATCH_LIST="	${FILESDIR}/${PN}-2.4.CAN-2004-0495.patch
+	${FILESDIR}/${PN}-2.4.CAN-2004-0535.patch
+	${DISTDIR}/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2
+	${FILESDIR}/${PN}-v1.2.3-3.patch"
 UNIPATCH_DOCS="${WORKDIR}/patches/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}/0000_README"
 
 HOMEPAGE="http://hardened.gentoo.org/rsbac"
-DESCRIPTION="RSBAC patched sources for the ${KV_MAJOR}.${KV_MINOR} kernel tree"
+DESCRIPTION="RSBAC hardened sources for the ${KV_MAJOR}.${KV_MINOR} kernel tree"
 
 SRC_URI="${KERNEL_URI} ${RSBAC_SRC} ${RGPV_SRC}"
 KEYWORDS="~x86"