Version bump; updates binfmt_elf patch (bug #70681) and adds the smbfs security patch (bug #65877).

author: Tim Yamin <plasmaroo@gentoo.org> 2004-11-19 21:09:47 +0000
committer: Tim Yamin <plasmaroo@gentoo.org> 2004-11-19 21:09:47 +0000
commit: 79b981f8578a47e9990a7117e55bd341d6e352fd (patch)
tree: a69e1b355e3bae5bb0c6f9782725e45f16c5fdad /sys-kernel
parent: new toy to play with (diff)
download: historical-79b981f8578a47e9990a7117e55bd341d6e352fd.tar.gz
historical-79b981f8578a47e9990a7117e55bd341d6e352fd.tar.bz2
historical-79b981f8578a47e9990a7117e55bd341d6e352fd.zip
6 files changed, 116 insertions, 15 deletions
diff --git a/sys-kernel/alpha-sources/ChangeLog b/sys-kernel/alpha-sources/ChangeLog
index 57ded2fceead..4adf8c21f9d1 100644
--- a/sys-kernel/alpha-sources/ChangeLog
+++ b/sys-kernel/alpha-sources/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for sys-kernel/alpha-sources
 # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/alpha-sources/ChangeLog,v 1.36 2004/11/12 18:31:39 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/alpha-sources/ChangeLog,v 1.37 2004/11/19 21:09:47 plasmaroo Exp $
+
+*alpha-sources-2.4.21-r15 (19 Nov 2004)
+
+  19 Nov 2004; <plasmaroo@gentoo.org> -alpha-sources-2.4.21-r14.ebuild,
+  +alpha-sources-2.4.21-r15.ebuild, files/alpha-sources.binfmt_elf.patch,
+  +files/alpha-sources.smbfs.patch:
+  Version bump; updates binfmt_elf patch (bug #70681) and adds the smbfs
+  security patch (bug #65877).
 
 *alpha-sources-2.4.21-r14 (12 Nov 2004)
 
diff --git a/sys-kernel/alpha-sources/Manifest b/sys-kernel/alpha-sources/Manifest
index 35969ae0d1c6..130cf6e39689 100644
--- a/sys-kernel/alpha-sources/Manifest
+++ b/sys-kernel/alpha-sources/Manifest
@@ -1,5 +1,5 @@
-MD5 2d18fd45db74d15f3f719eafbdc36dc1 ChangeLog 6613
-MD5 acf4d60bca773511e337619ddf769b5f alpha-sources-2.4.21-r14.ebuild 4530
+MD5 86bc0a14ff3ad62e193d735552847695 ChangeLog 6941
+MD5 4440624a9efb94861c5b60fa30ec78cf alpha-sources-2.4.21-r15.ebuild 4608
 MD5 2b3ddb8b8b15f8da35ade38544b57857 files/alpha-sources.XDRWrapFix.patch 1499
 MD5 5bf9836a632a861728d33f9736bb7431 files/alpha-sources.CAN-2004-0133.patch 427
 MD5 d1ccc2047be533c992f67270a150a210 files/alpha-sources.cmdlineLeak.patch 388
@@ -8,13 +8,14 @@ MD5 9c816c892d6e3d3f0b7b77d3d503ab10 files/alpha-sources.CAN-2004-0075.patch 634
 MD5 d4a740ae56c2049247083af387a22a85 files/alpha-sources.CAN-2004-0394.patch 350
 MD5 147fec50180ad91b6260fc7201dcb90f files/alpha-sources.CAN-2004-0010.patch 6050
 MD5 dc18e982f8149588a291956481885a8c files/alpha-sources.CAN-2004-0495.patch 17549
-MD5 0e1133313a767762ef7315d6f6c99b4e files/alpha-sources.binfmt_elf.patch 2184
+MD5 fce867333f0c9d905d426396371bc9b4 files/alpha-sources.binfmt_elf.patch 2511
 MD5 a61e57d5483a06f20da339d91f98fbb8 files/alpha-sources.rtc_fix.patch 6769
-MD5 76cc0c8530da5b9d8f6db7182df4d591 files/digest-alpha-sources-2.4.21-r14 304
+MD5 76cc0c8530da5b9d8f6db7182df4d591 files/digest-alpha-sources-2.4.21-r15 304
 MD5 174438d215b70cad5ffb00ca8123c062 files/alpha-sources.munmap.patch 837
 MD5 60d25ff310fc6abfdce39ec9e47345af files/alpha-sources.CAN-2004-0685.patch 2809
 MD5 3bdf00d5f80fe9dfbfe8220e076cd04c files/alpha-sources.CAN-2004-0497.patch 707
 MD5 e77a93fdf26f06cf3ea5080b27211725 files/alpha-sources.CAN-2003-0985.patch 414
+MD5 9971231cef0a944990e47a3c1e4b717c files/alpha-sources.smbfs.patch 2790
 MD5 de75cfa969ed092578d9ddda6c5be334 files/alpha-sources.CAN-2004-0181.patch 1233
 MD5 eaeda68a619caaddd5b8fdc5e7c39932 files/alpha-sources.CAN-2004-0177.patch 384
 MD5 21f3a4f186017d925067335e24db36a1 files/alpha-sources.CAN-2004-0109.patch 1877
diff --git a/sys-kernel/alpha-sources/alpha-sources-2.4.21-r14.ebuild b/sys-kernel/alpha-sources/alpha-sources-2.4.21-r15.ebuild
index 3ecb4391a351..476d584bb101 100644
--- a/sys-kernel/alpha-sources/alpha-sources-2.4.21-r14.ebuild
+++ b/sys-kernel/alpha-sources/alpha-sources-2.4.21-r15.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/alpha-sources/alpha-sources-2.4.21-r14.ebuild,v 1.1 2004/11/12 18:31:39 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/alpha-sources/alpha-sources-2.4.21-r15.ebuild,v 1.1 2004/11/19 21:09:47 plasmaroo Exp $
 
 # OKV=original kernel version, KV=patched kernel version.  They can be the same.
 
@@ -16,7 +16,7 @@ S=${WORKDIR}/linux-${KV}
 
 DESCRIPTION="Full sources for the Gentoo Linux Alpha kernel"
 SRC_URI="mirror://kernel/linux/kernel/v2.4/linux-${OKV}.tar.bz2
-	mirror://gentoo/patches-${KV/14/3}.tar.bz2
+	mirror://gentoo/patches-${KV/15/3}.tar.bz2
 	http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-${OKV}-CAN-2004-0415.patch
 	http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/${P}-CAN-2004-0814.patch"
 SLOT="${KV}"
@@ -25,7 +25,7 @@ KEYWORDS="alpha -sparc -x86 -ppc -hppa -mips"
 src_unpack() {
 	unpack ${A}
 	mv linux-${OKV} linux-${KV} || die
-	cd ${WORKDIR}/${KV/14/1}
+	cd ${WORKDIR}/${KV/15/1}
 
 	# This is the crypt USE flag, keeps {USAGI/superfreeswan/patch-int/loop-jari}
 	if ! use crypt; then
@@ -81,6 +81,7 @@ src_unpack() {
 	epatch ${FILESDIR}/${PN}.cmdlineLeak.patch || die "Failed to apply the /proc/cmdline patch!"
 	epatch ${FILESDIR}/${PN}.XDRWrapFix.patch || die "Failed to apply the kNFSd XDR fix!"
 	epatch ${FILESDIR}/${PN}.binfmt_elf.patch || die "Failed to apply the binfmt_elf fix!"
+	epatch ${FILESDIR}/${PN}.smbfs.patch || die "Failed to apply the SMBFS fix!"
 
 	# Fix multi-line literal in include/asm-alpha/xor.h -- see bug 38354
 	# If this script "dies" then that means it's no longer applicable.
diff --git a/sys-kernel/alpha-sources/files/alpha-sources.binfmt_elf.patch b/sys-kernel/alpha-sources/files/alpha-sources.binfmt_elf.patch
index f4fae35286a3..f0b319bca0fb 100644
--- a/sys-kernel/alpha-sources/files/alpha-sources.binfmt_elf.patch
+++ b/sys-kernel/alpha-sources/files/alpha-sources.binfmt_elf.patch
@@ -1,6 +1,6 @@
-diff -ur linux-2.4.21/fs/binfmt_elf.c linux-2.4.21-plasmaroo/fs/binfmt_elf.c
+diff -ur linux-2.4.21/fs/binfmt_elf.c linux-2.4.21.plasmaroo/fs/binfmt_elf.c
 --- linux-2.4.21/fs/binfmt_elf.c	2004-08-14 18:15:42.000000000 +0100
-+++ linux-2.4.21-plasmaroo/fs/binfmt_elf.c	2004-11-12 18:09:38.000000000 +0000
++++ linux-2.4.21.plasmaroo/fs/binfmt_elf.c	2004-11-19 20:48:27.314422552 +0000
 @@ -299,9 +299,12 @@
  		goto out;
  
@@ -29,7 +29,17 @@ diff -ur linux-2.4.21/fs/binfmt_elf.c linux-2.4.21-plasmaroo/fs/binfmt_elf.c
  
  	retval = get_unused_fd();
  	if (retval < 0)
-@@ -509,8 +515,14 @@
+@@ -499,7 +505,8 @@
+ 			 */
+ 
+ 			retval = -ENOMEM;
+-			if (elf_ppnt->p_filesz > PATH_MAX)
++			if (elf_ppnt->p_filesz > PATH_MAX || 
++			    elf_ppnt->p_filesz == 0)
+ 				goto out_free_file;
+ 			elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz,
+ 							   GFP_KERNEL);
+@@ -509,8 +516,16 @@
  			retval = kernel_read(bprm->file, elf_ppnt->p_offset,
  					   elf_interpreter,
  					   elf_ppnt->p_filesz);
@@ -37,15 +47,17 @@ diff -ur linux-2.4.21/fs/binfmt_elf.c linux-2.4.21-plasmaroo/fs/binfmt_elf.c
 +			if (retval != elf_ppnt->p_filesz) {
 +				if (retval >= 0)
 +					retval = -EIO;
- 				goto out_free_interp;
++				goto out_free_interp;
 +			}
 +			/* make sure path is NULL terminated */
-+			elf_interpreter[elf_ppnt->p_filesz - 1] = '\0';
++			retval = -EINVAL;
++			if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
+ 				goto out_free_interp;
 +
  			/* If the program interpreter is one of these two,
  			 * then assume an iBCS2 image. Otherwise assume
  			 * a native linux image.
-@@ -529,8 +541,11 @@
+@@ -529,8 +544,11 @@
  			if (IS_ERR(interpreter))
  				goto out_free_interp;
  			retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE);
@@ -82,4 +94,3 @@ diff -ur linux-2.4.21/fs/binfmt_elf.c linux-2.4.21-plasmaroo/fs/binfmt_elf.c
  		}
  
  		if (!load_addr_set) {
-
diff --git a/sys-kernel/alpha-sources/files/alpha-sources.smbfs.patch b/sys-kernel/alpha-sources/files/alpha-sources.smbfs.patch
new file mode 100644
index 000000000000..1d93802f03be
--- /dev/null
+++ b/sys-kernel/alpha-sources/files/alpha-sources.smbfs.patch
@@ -0,0 +1,80 @@
+diff -ur linux-2.4.20/fs/smbfs/proc.c linux-2.4.20.plasmaroo/fs/smbfs/proc.c
+--- linux-2.4.20/fs/smbfs/proc.c	2004-08-14 18:15:42.000000000 +0100
++++ linux-2.4.20.plasmaroo/fs/smbfs/proc.c	2004-11-19 20:48:37.429884768 +0000
+@@ -1197,10 +1197,12 @@
+ 	data_len = WVAL(buf, 1);
+ 
+ 	/* we can NOT simply trust the data_len given by the server ... */
+-	if (data_len > server->packet_size - (buf+3 - server->packet)) {
+-		printk(KERN_ERR "smb_proc_read: invalid data length!! "
+-		       "%d > %d - (%p - %p)\n",
+-		       data_len, server->packet_size, buf+3, server->packet);
++	if (data_len > count ||
++		(buf+3 - server->packet) + data_len > server->packet_size) {
++		printk(KERN_ERR "smb_proc_read: invalid data length/offset!! "
++		       "%d > %d || (%p - %p) + %d > %d\n",
++		       data_len, count,
++		       buf+3, server->packet, data_len, server->packet_size);
+ 		result = -EIO;
+ 		goto out;
+ 	}
+diff -ur linux-2.4.20/fs/smbfs/sock.c linux-2.4.20.plasmaroo/fs/smbfs/sock.c
+--- linux-2.4.20/fs/smbfs/sock.c	2004-08-14 18:15:42.000000000 +0100
++++ linux-2.4.20.plasmaroo/fs/smbfs/sock.c	2004-11-19 20:48:37.431884464 +0000
+@@ -571,7 +571,11 @@
+ 					parm_disp, parm_offset, parm_count,
+ 					data_disp, data_offset, data_count);
+ 				*parm  = base + parm_offset;
++				if (*parm - inbuf + parm_tot > server->packet_size)
++					goto out_bad_parm;
+ 				*data  = base + data_offset;
++				if (*data - inbuf + data_tot > server->packet_size)
++					goto out_bad_data;
+ 				goto success;
+ 			}
+ 
+@@ -591,6 +595,8 @@
+ 			rcv_buf = smb_vmalloc(buf_len);
+ 			if (!rcv_buf)
+ 				goto out_no_mem;
++			memset(rcv_buf, 0, buf_len);
++			
+ 			*parm = rcv_buf;
+ 			*data = rcv_buf + total_p;
+ 		} else if (data_tot > total_d || parm_tot > total_p)
+@@ -598,8 +604,12 @@
+ 
+ 		if (parm_disp + parm_count > total_p)
+ 			goto out_bad_parm;
++		if (parm_offset + parm_count > server->packet_size)	
++			goto out_bad_parm;
+ 		if (data_disp + data_count > total_d)
+ 			goto out_bad_data;
++		if (data_offset + data_count > server->packet_size)	
++			goto out_bad_data;
+ 		memcpy(*parm + parm_disp, base + parm_offset, parm_count);
+ 		memcpy(*data + data_disp, base + data_offset, data_count);
+ 
+@@ -610,8 +620,11 @@
+ 		 * Check whether we've received all of the data. Note that
+ 		 * we use the packet totals -- total lengths might shrink!
+ 		 */
+-		if (data_len >= data_tot && parm_len >= parm_tot)
++		if (data_len >= data_tot && parm_len >= parm_tot) {
++			data_len = data_tot;
++			parm_len = parm_tot;
+ 			break;
++		}
+ 	}
+ 
+ 	/*
+@@ -625,6 +638,9 @@
+ 		server->packet = rcv_buf;
+ 		rcv_buf = inbuf;
+ 	} else {
++		if (parm_len + data_len > buf_len)
++			goto out_data_grew;
++
+ 		PARANOIA("copying data, old size=%d, new size=%u\n",
+ 			 server->packet_size, buf_len);
+ 		memcpy(inbuf, rcv_buf, parm_len + data_len);
diff --git a/sys-kernel/alpha-sources/files/digest-alpha-sources-2.4.21-r14 b/sys-kernel/alpha-sources/files/digest-alpha-sources-2.4.21-r15
index d1abbfcbcf8a..d1abbfcbcf8a 100644
--- a/sys-kernel/alpha-sources/files/digest-alpha-sources-2.4.21-r14
+++ b/sys-kernel/alpha-sources/files/digest-alpha-sources-2.4.21-r15
author	Tim Yamin <plasmaroo@gentoo.org>	2004-11-19 21:09:47 +0000
committer	Tim Yamin <plasmaroo@gentoo.org>	2004-11-19 21:09:47 +0000
commit	79b981f8578a47e9990a7117e55bd341d6e352fd (patch)
tree	a69e1b355e3bae5bb0c6f9782725e45f16c5fdad /sys-kernel
parent	new toy to play with (diff)
download	historical-79b981f8578a47e9990a7117e55bd341d6e352fd.tar.gz historical-79b981f8578a47e9990a7117e55bd341d6e352fd.tar.bz2 historical-79b981f8578a47e9990a7117e55bd341d6e352fd.zip