Fixes CAN-2004-0816 and bug #68375

5 files changed, 50 insertions, 4 deletions

diff --git a/sys-kernel/rsbac-dev-sources/ChangeLog b/sys-kernel/rsbac-dev-sources/ChangeLog
index 899d7b0a7c31..ac7053f1025c 100644
--- a/sys-kernel/rsbac-dev-sources/ChangeLog
+++ b/sys-kernel/rsbac-dev-sources/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for sys-kernel/rsbac-dev-sources
 # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-dev-sources/ChangeLog,v 1.10 2004/08/10 10:01:50 kang Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-dev-sources/ChangeLog,v 1.11 2004/10/22 11:57:07 kang Exp $
+
+*rsbac-dev-sources-2.6.7-r6 (22 Oct 2004)
+
+  22 Oct 2004; Guillaume Destuynder <kang@gentoo.org>
+  +files/rsbac-dev-sources-CAN-2004-0816.patch,
+  -rsbac-dev-sources-2.6.7-r5.ebuild,
+  +rsbac-dev-sources-2.6.7-r6.ebuild:
+  Fixes CAN-2004-0816 and #68375
 
 *rsbac-dev-sources-2.6.7-r5 (10 Aug 2004)
 
diff --git a/sys-kernel/rsbac-dev-sources/Manifest b/sys-kernel/rsbac-dev-sources/Manifest
index bb06d9812679..886f5f574664 100644
--- a/sys-kernel/rsbac-dev-sources/Manifest
+++ b/sys-kernel/rsbac-dev-sources/Manifest
@@ -1,9 +1,11 @@
-MD5 88b554334ad28d58484ad533319afa51 rsbac-dev-sources-2.6.7-r5.ebuild 1588
 MD5 ed6fb50f79e8049f3f3576bb25c32747 metadata.xml 465
-MD5 4e5de45b9b197ac45cc378b7369b1741 ChangeLog 2870
+MD5 d6ae7f2b352064b7956830a85a2103f1 rsbac-dev-sources-2.6.7-r6.ebuild 1627
+MD5 5a71a1c6b952aea0262f412a5f33d278 ChangeLog 3125
 MD5 a869ab037c7e264df5f8e899864f08e9 files/rsbac-dev-sources-v1.2.3-3.patch 557
 MD5 6451bd210935a3978fd3a3edac673591 files/rsbac-dev-sources-iptables-dos.patch 389
 MD5 b6e38b41c8a79943df2ab2642149d06f files/rsbac-dev-sources-CAN-2004-0497.patch 2214
 MD5 f0e12ba218f53c2694a91259bdc2fdc7 files/rsbac-dev-sources-CAN-2004-0596.patch 494
 MD5 706d7794a822074aaf31502d7a7e48d3 files/2.6.7-cmdline.patch 455
 MD5 fd024d5229ee08ef90d6a532bdf99977 files/digest-rsbac-dev-sources-2.6.7-r5 281
+MD5 263a9f529a3b80e2c91340a73c0c5920 files/rsbac-dev-sources-CAN-2004-0816.patch 1445
+MD5 fd024d5229ee08ef90d6a532bdf99977 files/digest-rsbac-dev-sources-2.6.7-r6 281
diff --git a/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r5 b/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r6
index 354ef30ca678..354ef30ca678 100644
--- a/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r5
+++ b/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r6
diff --git a/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-CAN-2004-0816.patch b/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-CAN-2004-0816.patch
new file mode 100644
index 000000000000..92ffd3336a02
--- /dev/null
+++ b/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-CAN-2004-0816.patch
@@ -0,0 +1,35 @@
+Index: linux-2.6.5/net/ipv4/netfilter/ipt_LOG.c
+===================================================================
+--- linux-2.6.5.orig/net/ipv4/netfilter/ipt_LOG.c	2004-02-19 11:36:37.000000000 +0100
++++ linux-2.6.5/net/ipv4/netfilter/ipt_LOG.c	2004-09-24 15:48:54.000000000 +0200
+@@ -71,7 +71,7 @@
+ 		printk("FRAG:%u ", ntohs(iph.frag_off) & IP_OFFSET);
+ 
+ 	if ((info->logflags & IPT_LOG_IPOPT)
+-	    && iph.ihl * 4 != sizeof(struct iphdr)) {
++	    && iph.ihl * 4 > sizeof(struct iphdr)) {
+ 		unsigned char opt[4 * 15 - sizeof(struct iphdr)];
+ 		unsigned int i, optsize;
+ 
+@@ -138,7 +138,7 @@
+ 		printk("URGP=%u ", ntohs(tcph.urg_ptr));
+ 
+ 		if ((info->logflags & IPT_LOG_TCPOPT)
+-		    && tcph.doff * 4 != sizeof(struct tcphdr)) {
++		    && tcph.doff * 4 > sizeof(struct tcphdr)) {
+ 			unsigned char opt[4 * 15 - sizeof(struct tcphdr)];
+ 			unsigned int i, optsize;
+ 
+Index: linux-2.6.5/net/ipv6/netfilter/ip6t_LOG.c
+===================================================================
+--- linux-2.6.5.orig/net/ipv6/netfilter/ip6t_LOG.c	2004-09-24 15:47:00.000000000 +0200
++++ linux-2.6.5/net/ipv6/netfilter/ip6t_LOG.c	2004-09-24 15:48:35.000000000 +0200
+@@ -188,7 +188,7 @@
+ 		printk("URGP=%u ", ntohs(tcph->urg_ptr));
+ 
+ 		if ((info->logflags & IP6T_LOG_TCPOPT)
+-		    && tcph->doff * 4 != sizeof(struct tcphdr)) {
++		    && tcph->doff * 4 > sizeof(struct tcphdr)) {
+ 			unsigned int i;
+ 
+ 			/* Max length: 127 "OPT (" 15*4*2chars ") " */
diff --git a/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r5.ebuild b/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r6.ebuild
index 7daa7efae1b4..f981ae09c345 100644
--- a/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r5.ebuild
+++ b/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r6.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r5.ebuild,v 1.1 2004/08/10 10:01:50 kang Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r6.ebuild,v 1.1 2004/10/22 11:57:07 kang Exp $
 
 IUSE=""
 ETYPE="sources"
@@ -21,6 +21,7 @@ UNIPATCH_LIST="${FILESDIR}/${PN}-iptables-dos.patch
 	${FILESDIR}/${PN}-CAN-2004-0497.patch
 	${FILESDIR}/${PN}-CAN-2004-0596.patch
 	${FILESDIR}/${OKV}-cmdline.patch
+	${FILESDIR}/${PN}-CAN-2004-0816.patch
 	${DISTDIR}/linux-2.6.7-CAN-2004-0415.patch
 	${DISTDIR}/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2
 	${FILESDIR}/${PN}-v1.2.3-3.patch"