fix i2c integer overflow vulnerability during the allocation of memory. bug #54164. PaX force randomization to always at least PAGE_SIZE big. Allows glibc to be compiled with binutils-2.15 and USE=hardened

author: Ned Ludd <solar@gentoo.org> 2004-06-17 14:52:48 +0000
committer: Ned Ludd <solar@gentoo.org> 2004-06-17 14:52:48 +0000
commit: ed826bf23901ce7dc1c4cbc1d317940be10299b0 (patch)
tree: a1bf432f804fa83726453823eaa054d54f4194d2 /sys-kernel/grsec-sources
parent: stable on x86. (diff)
download: historical-ed826bf23901ce7dc1c4cbc1d317940be10299b0.tar.gz
historical-ed826bf23901ce7dc1c4cbc1d317940be10299b0.tar.bz2
historical-ed826bf23901ce7dc1c4cbc1d317940be10299b0.zip
6 files changed, 49 insertions, 20 deletions
diff --git a/sys-kernel/grsec-sources/ChangeLog b/sys-kernel/grsec-sources/ChangeLog
index b106a20a71ea..4f404f8655da 100644
--- a/sys-kernel/grsec-sources/ChangeLog
+++ b/sys-kernel/grsec-sources/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for sys-kernel/grsec-sources
 # Copyright 2000-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.22 2004/06/15 17:03:18 solar Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.23 2004/06/17 14:52:48 solar Exp $
+
+*grsec-sources-2.4.26.2.0-r4 (17 Jun 2004)
+
+  17 Jun 2004; <solar@gentoo.org> grsec-sources-2.4.26.2.0-r2.ebuild,
+  grsec-sources-2.4.26.2.0-r4.ebuild, files/2.4.26-i2cproc_bus_read.patch,
+  files/2.4.26-pax-binfmt_elf-page-size.patch:
+  fix i2c integer overflow vulnerability during the allocation of memory. bug
+  #54164. PaX force randomization to always at least PAGE_SIZE big. Allows glibc
+  to be compiled with binutils-2.15 and USE=hardened
 
 *grsec-sources-2.4.26.2.0-r3 (15 Jun 2004)
 
diff --git a/sys-kernel/grsec-sources/Manifest b/sys-kernel/grsec-sources/Manifest
index 66b5ef2a12a1..e2a88922fa21 100644
--- a/sys-kernel/grsec-sources/Manifest
+++ b/sys-kernel/grsec-sources/Manifest
@@ -1,9 +1,11 @@
-MD5 e9e4228b4f1044ce22cac07989d15baf ChangeLog 4701
-MD5 55be93f702aaba60b28237ed053d0321 grsec-sources-2.4.26.2.0-r2.ebuild 3321
+MD5 184911b0310e8cc34f9cc3efe296e634 ChangeLog 5150
 MD5 570f1e3dd02711fa0b8137580ad1cec4 grsec-sources-2.4.26.2.0-r3.ebuild 2826
+MD5 b9eaa8d4a30d59e6d2f9d64cbd3563be grsec-sources-2.4.26.2.0-r4.ebuild 3066
 MD5 140d8af1d66f9f6cd030e7d9902f38d9 metadata.xml 478
-MD5 67eb43cb5340a7a671c2d375c0516888 files/digest-grsec-sources-2.4.26.2.0-r2 143
-MD5 3dac23b6e285462a7cda41505cc698e1 files/2.4.26-CAN-2004-0394.patch 319
+MD5 b293289df61d6f42ff54e4e0ceae53cf files/2.4.24-x86.config 2397
 MD5 c47b7075dd1e065b09bb08936c1901a1 files/2.4.26-signal-race.patch 365
+MD5 3dac23b6e285462a7cda41505cc698e1 files/2.4.26-CAN-2004-0394.patch 319
 MD5 67eb43cb5340a7a671c2d375c0516888 files/digest-grsec-sources-2.4.26.2.0-r3 143
-MD5 b293289df61d6f42ff54e4e0ceae53cf files/2.4.24-x86.config 2397
+MD5 9d8a823d0e0ada1ec1e84305d1698afa files/2.4.26-i2cproc_bus_read.patch 512
+MD5 36615aa14e3aed91008beeeb406693bf files/2.4.26-pax-binfmt_elf-page-size.patch 427
+MD5 67eb43cb5340a7a671c2d375c0516888 files/digest-grsec-sources-2.4.26.2.0-r4 143
diff --git a/sys-kernel/grsec-sources/files/2.4.26-i2cproc_bus_read.patch b/sys-kernel/grsec-sources/files/2.4.26-i2cproc_bus_read.patch
new file mode 100644
index 000000000000..2f7de0dbe5b3
--- /dev/null
+++ b/sys-kernel/grsec-sources/files/2.4.26-i2cproc_bus_read.patch
@@ -0,0 +1,12 @@
+diff -Nrup linux-2.4.26-grsec-2.0/drivers/i2c/i2c-core.c linux/drivers/i2c/i2c-core.c
+--- linux-2.4.26-grsec-2.0/drivers/i2c/i2c-core.c	2004-02-18 08:36:31.000000000 -0500
++++ linux/drivers/i2c/i2c-core.c	2004-06-17 10:27:36.000000000 -0400
+@@ -625,7 +625,7 @@ ssize_t i2cproc_bus_read(struct file * f
+ 	size_t len_total;
+ 	int order[I2C_CLIENT_MAX];
+ 
+-	if (count > 4000)
++	if ((count > 4000) || (count < 0))
+ 		return -EINVAL; 
+ 	len_total = file->f_pos + count;
+ 	/* Too bad if this gets longer (unlikely) */
diff --git a/sys-kernel/grsec-sources/files/2.4.26-pax-binfmt_elf-page-size.patch b/sys-kernel/grsec-sources/files/2.4.26-pax-binfmt_elf-page-size.patch
new file mode 100644
index 000000000000..09f39733e90a
--- /dev/null
+++ b/sys-kernel/grsec-sources/files/2.4.26-pax-binfmt_elf-page-size.patch
@@ -0,0 +1,11 @@
+--- linux-2.4.26-grsec-2.0/fs/binfmt_elf.c	2004-06-16 16:38:15.000000000 -0400
++++ linux/fs/binfmt_elf.c	2004-06-17 10:31:21.000000000 -0400
+@@ -1055,7 +1055,7 @@ static int load_elf_binary(struct linux_
+ #endif
+ 
+ 	if (current->flags & PF_PAX_RANDMMAP)
+-		elf_brk += pax_delta_mask(get_random_long(), 4, PAGE_SHIFT);
++		elf_brk += PAGE_SIZE + pax_delta_mask(get_random_long(), 4, PAGE_SHIFT);
+ #undef pax_delta_mask
+ #endif
+ 
diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.26.2.0-r2 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.26.2.0-r4
index 6952b0eafedc..6952b0eafedc 100644
--- a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.26.2.0-r2
+++ b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.26.2.0-r4
diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r2.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r4.ebuild
index 15bd9b72e771..a5bff8541039 100644
--- a/sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r2.ebuild
+++ b/sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r4.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r2.ebuild,v 1.2 2004/06/17 01:48:57 mr_bones_ Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.26.2.0-r4.ebuild,v 1.1 2004/06/17 14:52:48 solar Exp $
 
 # We control what versions of what we download based on the KEYWORDS we
 # are using for the various arches. Thus if we want grsec1 stable we run
@@ -8,7 +8,7 @@
 # grsec-2.0-preX which has alot more features.
 
 # the only thing that should ever differ in one of these 1.9.x ebuilds
-# and 2.x of the same kernel version is the KEYWORDS and header. 
+# and 2.x of the same kernel version is the KEYWORDS and header.
 # shame cvs symlinks don't exist
 
 ETYPE="sources"
@@ -26,8 +26,7 @@ KV="${OKV}${EXTRAVERSION}"
 PATCH_SRC_BASE="grsecurity-${PATCH_BASE}-${OKV}.patch.bz2"
 
 # hppa takes a special patch and usually has play catch up between
-# versions of this package we.
-
+# versions of this package.
 HPPA_SRC_URI=""
 if [ "${ARCH}" == "hppa" ]; then
 	PARISC_KERNEL_VERSION="pa1"
@@ -39,16 +38,6 @@ fi
 
 DESCRIPTION="Vanilla sources of the linux kernel with the grsecurity ${PATCH_BASE} patch"
 
-#DYSFUNCTIONAL_SRC_URI="hppa? ( $HPPA_SRC_URI ) \
-#	!hppa? ( http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch \
-#		http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch.sign ) \
-#	http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2"
-
-# grr... gotta love it when upstream changes a patch without rolling a revision number.
-#SRC_URI="http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch \
-#	http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch.sign  \
-#	http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2"
-
 SRC_URI="mirror://gentoo/grsecurity-${PATCH_BASE}-${OKV}.patch.bz2 \
 	http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2"
 
@@ -80,6 +69,12 @@ src_unpack() {
 
 	# fix format string problem in panic()
 	epatch ${FILESDIR}/2.4.26-CAN-2004-0394.patch
+	# Fix local DoS bug #53804
+	epatch ${FILESDIR}/2.4.26-signal-race.patch
+	# i2c integer overflow vulnerability during the allocation of memory
+	epatch ${FILESDIR}/2.4.26-i2cproc_bus_read.patch
+	# patch to force randomization to always at least PAGE_SIZE big.
+	epatch ${FILESDIR}/2.4.26-pax-binfmt_elf-page-size.patch
 
 	mkdir docs
 	touch docs/patches.txt
author	Ned Ludd <solar@gentoo.org>	2004-06-17 14:52:48 +0000
committer	Ned Ludd <solar@gentoo.org>	2004-06-17 14:52:48 +0000
commit	ed826bf23901ce7dc1c4cbc1d317940be10299b0 (patch)
tree	a1bf432f804fa83726453823eaa054d54f4194d2 /sys-kernel/grsec-sources
parent	stable on x86. (diff)
download	historical-ed826bf23901ce7dc1c4cbc1d317940be10299b0.tar.gz historical-ed826bf23901ce7dc1c4cbc1d317940be10299b0.tar.bz2 historical-ed826bf23901ce7dc1c4cbc1d317940be10299b0.zip