diff options
| author |   Ned Ludd <solar@gentoo.org> | 2004-11-11 19:27:12 +0000 |
|---|---|---|
| committer | Ned Ludd <solar@gentoo.org> | 2004-11-11 19:27:12 +0000 |
| commit | 406f19de8ba9664bc74b3fb7bb9d2d14dbf6996e (patch) | |
| tree | 325545df1401a450a891c1a877e3e69ad1813937 | |
| parent | ~alpha keyword. (diff) | |
| download | historical-406f19de8ba9664bc74b3fb7bb9d2d14dbf6996e.tar.gz historical-406f19de8ba9664bc74b3fb7bb9d2d14dbf6996e.tar.bz2 historical-406f19de8ba9664bc74b3fb7bb9d2d14dbf6996e.zip | |
security bump again fixes tty io DoS - CAN-2004-0814 and binfmt_elf (CAN-???)
| -rw-r--r-- | sys-kernel/grsec-sources/ChangeLog | 7 | ||||
| -rw-r--r-- | sys-kernel/grsec-sources/Manifest | 26 | ||||
| -rw-r--r-- | sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1-r3 | 5 | ||||
| -rw-r--r-- | sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r3.ebuild | 80 |
4 files changed, 110 insertions, 8 deletions
diff --git a/sys-kernel/grsec-sources/ChangeLog b/sys-kernel/grsec-sources/ChangeLog index 37fdf385a890..a0f433e03340 100644 --- a/sys-kernel/grsec-sources/ChangeLog +++ b/sys-kernel/grsec-sources/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for sys-kernel/grsec-sources # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.32 2004/11/10 08:46:04 solar Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.33 2004/11/11 19:27:12 solar Exp $ + +*grsec-sources-2.4.27.2.0.1-r3 (11 Nov 2004) + + 11 Nov 2004; <solar@gentoo.org> +grsec-sources-2.4.27.2.0.1-r3.ebuild: + security bump again fixes tty io DoS - CAN-2004-0814 and binfmt_elf (CAN-???) *grsec-sources-2.4.27.2.0.1-r2 (10 Nov 2004) diff --git a/sys-kernel/grsec-sources/Manifest b/sys-kernel/grsec-sources/Manifest index 5ab7eb389566..864bfd935e2b 100644 --- a/sys-kernel/grsec-sources/Manifest +++ b/sys-kernel/grsec-sources/Manifest @@ -1,12 +1,24 @@ -MD5 1f53cebaf51ee0fb7879595a189deb64 ChangeLog 7050 +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +MD5 e3da257ee159ab53c6344a57ffc2b4aa grsec-sources-2.4.27.2.0.1-r3.ebuild 2770 MD5 10f710c7e977489e49a135879de8e62d grsec-sources-2.4.27.2.0.1-r2.ebuild 2538 +MD5 ef3f536d7a5ac0fe9588fab760f569c4 ChangeLog 7250 MD5 140d8af1d66f9f6cd030e7d9902f38d9 metadata.xml 478 -MD5 8de19d3c0628653407c25bbcbd00383a files/digest-grsec-sources-2.4.27.2.0.1-r2 214 -MD5 3dac23b6e285462a7cda41505cc698e1 files/2.4.26-CAN-2004-0394.patch 319 MD5 c47b7075dd1e065b09bb08936c1901a1 files/2.4.26-signal-race.patch 365 -MD5 d1ccc2047be533c992f67270a150a210 files/2.4.27-cmdline-race.patch 388 -MD5 b293289df61d6f42ff54e4e0ceae53cf files/2.4.24-x86.config 2397 +MD5 3bdf00d5f80fe9dfbfe8220e076cd04c files/openmosix-sources.CAN-2004-0497.patch 707 +MD5 3dac23b6e285462a7cda41505cc698e1 files/2.4.26-CAN-2004-0394.patch 319 +MD5 8de19d3c0628653407c25bbcbd00383a files/digest-grsec-sources-2.4.27.2.0.1-r2 214 +MD5 cb14de0f36cf9ca447b5d641ab5863bb files/digest-grsec-sources-2.4.27.2.0.1-r3 387 MD5 36615aa14e3aed91008beeeb406693bf files/2.4.26-pax-binfmt_elf-page-size.patch 427 -MD5 dc18e982f8149588a291956481885a8c files/gentoo-sources-2.4.CAN-2004-0495.patch 17549 +MD5 b293289df61d6f42ff54e4e0ceae53cf files/2.4.24-x86.config 2397 MD5 0f66013f643c79c97fda489618a4e2fd files/gentoo-sources-2.4.CAN-2004-0535.patch 476 -MD5 3bdf00d5f80fe9dfbfe8220e076cd04c files/openmosix-sources.CAN-2004-0497.patch 707 +MD5 dc18e982f8149588a291956481885a8c files/gentoo-sources-2.4.CAN-2004-0495.patch 17549 +MD5 d1ccc2047be533c992f67270a150a210 files/2.4.27-cmdline-race.patch 388 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (GNU/Linux) + +iD8DBQFBk70O94CCfB4KcwwRAiHcAJ4xc/CPmBzQykA5XwD0zFiomrw79QCfeZ6S +dfi015YJJRBl6riX8YgCCAc= +=glbY +-----END PGP SIGNATURE----- diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1-r3 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1-r3 new file mode 100644 index 000000000000..26f3b239ab72 --- /dev/null +++ b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1-r3 @@ -0,0 +1,5 @@ +MD5 3431156a47f26a1306f69de009941c63 grsecurity-2.0.1-2.4.27.patch 638046 +MD5 59a2e6fde1d110e2ffa20351ac8b4d9e linux-2.4.27.tar.bz2 30898453 +MD5 5bbbb2201b338ebb74f0bf650b639475 linux-2.4.27-nfs3-xdr.patch.bz2 746 +MD5 22860b67a043f4f2d601eab21fb3cfaf grsec-sources-2.4.27-CAN-2004-0814.patch.bz2 18441 +MD5 824589336b5796dc569662c44f1f696f gentoo-sources-2.4.27-binfmt_elf.patch.bz2 1052 diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r3.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r3.ebuild new file mode 100644 index 000000000000..b7d814bb503b --- /dev/null +++ b/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r3.ebuild @@ -0,0 +1,80 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r3.ebuild,v 1.1 2004/11/11 19:27:12 solar Exp $ + +# We control what versions of what we download based on the KEYWORDS we +# are using for the various arches. Thus if we want grsec1 stable we run +# the with "arch" ACCEPT_KEYWORDS or ~arch and we will get the +# grsec-2.0-preX which has alot more features. + +# the only thing that should ever differ in one of these 1.9.x ebuilds +# and 2.x of the same kernel version is the KEYWORDS and header. +# shame cvs symlinks don't exist + +ETYPE="sources" +IUSE="" + +inherit eutils kernel + +[ "$OKV" == "" ] && OKV="2.4.27" + +PATCH_BASE="${PV/${OKV}./}" +PATCH_BASE="${PATCH_BASE/_/-}" +EXTRAVERSION="-grsec-${PATCH_BASE}" +KV="${OKV}${EXTRAVERSION}" + +PATCH_SRC_BASE="grsecurity-${PATCH_BASE}-${OKV}.patch" +DESCRIPTION="Vanilla sources of the linux kernel with the grsecurity ${PATCH_BASE} patch" +CAN_PATCHES=" \ + mirror://gentoo/linux-2.4.27-nfs3-xdr.patch.bz2 \ + mirror://gentoo/grsec-sources-2.4.27-CAN-2004-0814.patch.bz2 \ + mirror://gentoo/gentoo-sources-2.4.27-binfmt_elf.patch.bz2" +SRC_URI="http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch \ + http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2 ${CAN_PATCHES}" + +HOMEPAGE="http://www.kernel.org/ http://www.grsecurity.net" +KEYWORDS="x86 sparc ppc alpha amd64 -hppa" + +SLOT="${KV}" +S="${WORKDIR}/linux-${KV}" + +src_unpack() { + unpack linux-"${OKV}".tar.bz2 || die "unable to unpack the kernel" + mv linux-"${OKV}" linux-"${KV}" || die "unable to move the kernel" + cd linux-"${KV}" || die "unable to cd into the kernel source tree" + + patch_grsec_kernel + + mkdir -p docs + touch docs/patches.txt + kernel_universal_unpack +} + +patch_grsec_kernel() { + # users are often confused by what settings should be set. + # so we provide an example of what a P4 desktop would look like. + cp ${FILESDIR}/2.4.24-x86.config gentoo-grsec-custom-example-2.4.2x-x86.config + + [ -f "${DISTDIR}/${PATCH_SRC_BASE}" ] || die "File ${PATCH_SRC_BASE} does not exist?" + ebegin "Patching the kernel with ${PATCH_SRC_BASE}" + cat ${DISTDIR}/${PATCH_SRC_BASE} | patch -g0 -p1 --quiet + [ $? == 0 ] || die "failed patching with ${PATCH_SRC_BASE}" + eend 0 + + # fix format string problem in panic() + epatch ${FILESDIR}/2.4.26-CAN-2004-0394.patch + + # Potential security issue in /proc/cmdline bug 59905 + epatch ${FILESDIR}/2.4.27-cmdline-race.patch + + # remote denial-of-service. bug 62524 + epatch ${DISTDIR}/linux-2.4.27-nfs3-xdr.patch.bz2 + + # tty io fixes. + epatch ${DISTDIR}/grsec-sources-2.4.27-CAN-2004-0814.patch.bz2 + + # binfmt_elf + epatch ${DISTDIR}/gentoo-sources-2.4.27-binfmt_elf.patch.bz2 + return 0 +} + |