diff options
| author |   Guillaume Destuynder <kang@gentoo.org> | 2005-01-18 22:15:48 +0000 |
|---|---|---|
| committer | Guillaume Destuynder <kang@gentoo.org> | 2005-01-18 22:15:48 +0000 |
| commit | ce65dfd100b03067f11716a233a7b5985a1d3764 (patch) | |
| tree | e242b1a6af18c26dc502e99ac17bc71479b8bf37 /sys-kernel | |
| parent | bug 77805 (diff) | |
| download | historical-ce65dfd100b03067f11716a233a7b5985a1d3764.tar.gz historical-ce65dfd100b03067f11716a233a7b5985a1d3764.tar.bz2 historical-ce65dfd100b03067f11716a233a7b5985a1d3764.zip | |
Security issue: #75963 with LSM fixed. Fixed boudle EXTRAVERSION already
Diffstat (limited to 'sys-kernel')
23 files changed, 37 insertions, 1188 deletions
diff --git a/sys-kernel/rsbac-sources/ChangeLog b/sys-kernel/rsbac-sources/ChangeLog index 50132b0f36cb..361795869653 100644 --- a/sys-kernel/rsbac-sources/ChangeLog +++ b/sys-kernel/rsbac-sources/ChangeLog @@ -1,6 +1,31 @@ # ChangeLog for sys-kernel/rsbac-sources # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-sources/ChangeLog,v 1.22 2005/01/14 00:21:32 kang Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-sources/ChangeLog,v 1.23 2005/01/18 22:15:48 kang Exp $ + + 18 Jan 2005; Guillaume Destuynder <kang@gentoo.org> + -files/rsbac-bugfix-v1.2.3-6.diff, -files/rsbac-bugfix-v1.2.3-ao-01.diff, + -files/rsbac-bugfix-v1.2.3-kang-01.diff, + -files/rsbac-sources-2.6.7-62524-ptmx.patch, + -files/rsbac-sources-2.6.7-70681-binfmt.patch, + -files/rsbac-sources-2.6.7-AF_UNIX.patch, + -files/rsbac-sources-2.6.7-CAN-2004-0883.patch, + -files/rsbac-sources-2.6.7-dos_mem_disc1.patch, + -files/rsbac-sources-2.6.7-dos_mem_disc2.patch, + -files/rsbac-sources-CAN-2004-0497.patch, + -files/rsbac-sources-CAN-2004-0596.patch, + -files/rsbac-sources-CAN-2004-0816.patch, + -files/rsbac-sources-CAN-2004-1069.patch, + -files/rsbac-sources-iptables-dos.patch, -rsbac-sources-2.6.10.ebuild, + -rsbac-sources-2.6.7-r11.ebuild, -rsbac-sources-2.6.9.ebuild, + +rsbac-sources-2.6.10-r1.ebuild: + Security issue: #75963 with LSM fixed. Fixed boudle EXTRAVERSION already + present in newer rsbac patches. Stable x86. + + 18 Jan 2005; Guillaume Destuynder <kang@gentoo.org> + rsbac-sources-2.6.10.ebuild: + Security issue: #75963 with LSM fixed. Fixed boudle EXTRAVERSION already + present in newer rsbac patches. Stable x86.cvs add + rsbac-sources-2.6.10-r1.ebuild 14 Jan 2005; Guillaume Destuynder <kang@gentoo.org> rsbac-sources-2.4.28-r2.ebuild, rsbac-sources-2.6.10.ebuild: diff --git a/sys-kernel/rsbac-sources/Manifest b/sys-kernel/rsbac-sources/Manifest index 987e8e054d25..436c767e7526 100644 --- a/sys-kernel/rsbac-sources/Manifest +++ b/sys-kernel/rsbac-sources/Manifest @@ -1,9 +1,7 @@ MD5 fee9abc7797fef753c42454679bae9a7 metadata.xml 456 -MD5 2e6430f6994c795880314318b8ba02fb rsbac-sources-2.6.7-r11.ebuild 1918 -MD5 d4dcd5536cc304096310e85f410f20f2 rsbac-sources-2.6.9.ebuild 1473 -MD5 d5ae31adc3deb2599ff0aa4511ed781d rsbac-sources-2.6.10.ebuild 1673 -MD5 8cce3943b4bfdf917578ef708b25e915 ChangeLog 3947 MD5 f4de656d7c7ee79a6df605ad681c3278 rsbac-sources-2.4.28-r2.ebuild 1611 +MD5 7c67f1d87ea708150c95bb5e4de440a0 rsbac-sources-2.6.10-r1.ebuild 1615 +MD5 f80da56df43b7c274f75c3095fc883f3 ChangeLog 5127 MD5 328797650996e7330596351c56cb059e rsbac-sources-2.4.28-r1.ebuild 1452 MD5 a869ab037c7e264df5f8e899864f08e9 files/rsbac-sources-v1.2.3-3.patch 557 MD5 b9a94233e1457787352e5f85e3e3582d files/rsbac-sources-2.4.28-dos_mem_disc.patch 2009 @@ -13,21 +11,5 @@ MD5 c1c64783ddf4cce2b21b0b6f96f329d7 files/rsbac-sources-v1.2.3-4.patch 1018 MD5 ffea7c6daada6d0033ed3996d45fd7ca files/rsbac-sources-v1.2.3-5.patch 625 MD5 6197e52bf5742c3f61716fe6a681055c files/rsbac-sources-v1.2.3-6.patch 13068 MD5 665832a4660ee3c3d531dfc2568cc495 files/digest-rsbac-sources-2.4.28-r1 207 -MD5 ee9c2340e890a15d199f98f98e027466 files/digest-rsbac-sources-2.6.7-r11 281 -MD5 76e034360be9c90c736b2440f39349d7 files/digest-rsbac-sources-2.6.9 217 -MD5 6197e52bf5742c3f61716fe6a681055c files/rsbac-bugfix-v1.2.3-6.diff 13068 -MD5 97a40292e0b33025c43888a20190ef29 files/rsbac-bugfix-v1.2.3-ao-01.diff 1180 -MD5 b70bcb7c4896526b671f12695522cb0e files/rsbac-bugfix-v1.2.3-kang-01.diff 510 -MD5 452e04a312368605e145428c35bd0e05 files/rsbac-sources-2.6.7-62524-ptmx.patch 572 -MD5 accdbfc81ddc59d568ed845b5972f10a files/rsbac-sources-2.6.7-70681-binfmt.patch 2606 -MD5 530630d25910e6bd9376b63ea099655f files/rsbac-sources-2.6.7-AF_UNIX.patch 469 -MD5 7872d0af6e27fb6007833b113097bb34 files/rsbac-sources-2.6.7-CAN-2004-0883.patch 3357 -MD5 91dd923056c1af13054cb00fb0a8daa3 files/rsbac-sources-2.6.7-dos_mem_disc1.patch 1578 -MD5 632a66f683783bebc9c7b565284284d0 files/rsbac-sources-2.6.7-dos_mem_disc2.patch 7369 -MD5 b6e38b41c8a79943df2ab2642149d06f files/rsbac-sources-CAN-2004-0497.patch 2214 -MD5 f0e12ba218f53c2694a91259bdc2fdc7 files/rsbac-sources-CAN-2004-0596.patch 494 -MD5 263a9f529a3b80e2c91340a73c0c5920 files/rsbac-sources-CAN-2004-0816.patch 1445 -MD5 4d656fa3f3a47df751c0d78b64ed8353 files/rsbac-sources-CAN-2004-1069.patch 1761 -MD5 6451bd210935a3978fd3a3edac673591 files/rsbac-sources-iptables-dos.patch 389 -MD5 7f64a7f380b366f73204b42679f4bb2d files/digest-rsbac-sources-2.6.10 142 MD5 ec2ece59690dfeadf50fc0b726137b60 files/digest-rsbac-sources-2.4.28-r2 207 +MD5 bde788e15d428885ef8021a7af885f8c files/digest-rsbac-sources-2.6.10-r1 207 diff --git a/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.6.10 b/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.6.10 deleted file mode 100644 index 616a936770d2..000000000000 --- a/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.6.10 +++ /dev/null @@ -1,2 +0,0 @@ -MD5 cffcd2919d9c8ef793ce1ac07a440eda linux-2.6.10.tar.bz2 36533484 -MD5 e69d657b7fb6cdbb50b97eb5c08fc1a2 rsbac-patches-2.6-10.0.tar.bz2 140003 diff --git a/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.6.10-r1 b/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.6.10-r1 new file mode 100644 index 000000000000..3dc14de2ab34 --- /dev/null +++ b/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.6.10-r1 @@ -0,0 +1,3 @@ +MD5 cffcd2919d9c8ef793ce1ac07a440eda linux-2.6.10.tar.bz2 36533484 +MD5 f3759250e9c4bb5ccb773174fafe0ba7 rsbac-v1.2.3.tar.bz2 489127 +MD5 58054ffb217c5dac578c8105d9849c7c rsbac-patches-2.6-10.1.tar.bz2 140343 diff --git a/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.6.7-r11 b/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.6.7-r11 deleted file mode 100644 index 19b8dd9a9c31..000000000000 --- a/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.6.7-r11 +++ /dev/null @@ -1,4 +0,0 @@ -MD5 a74671ea68b0e3c609e8785ed8497c14 linux-2.6.7.tar.bz2 35092228 -MD5 f3759250e9c4bb5ccb773174fafe0ba7 rsbac-v1.2.3.tar.bz2 489127 -MD5 6a59fc81ca1786d6ed3185ecc98854de rsbac-patches-2.6-7.2.tar.bz2 109155 -MD5 52996b643afbd6ed9ba38b9483c2cac3 linux-2.6.7-CAN-2004-0415.patch 112612 diff --git a/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.6.9 b/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.6.9 deleted file mode 100644 index d7cf0cee2554..000000000000 --- a/sys-kernel/rsbac-sources/files/digest-rsbac-sources-2.6.9 +++ /dev/null @@ -1,3 +0,0 @@ -MD5 e921200f074ca97184e150ef5a4af825 linux-2.6.9.tar.bz2 36261440 -MD5 31cd1643f28771031a4b3781381021e6 rsbac-patches-2.6-9.0.tar.bz2 1040819 -MD5 52996b643afbd6ed9ba38b9483c2cac3 linux-2.6.7-CAN-2004-0415.patch 112612 diff --git a/sys-kernel/rsbac-sources/files/rsbac-bugfix-v1.2.3-6.diff b/sys-kernel/rsbac-sources/files/rsbac-bugfix-v1.2.3-6.diff deleted file mode 100644 index e87509f12cde..000000000000 --- a/sys-kernel/rsbac-sources/files/rsbac-bugfix-v1.2.3-6.diff +++ /dev/null @@ -1,339 +0,0 @@ -Index: linux-2.4.27-rsbac-v1.2.3/include/rsbac/aci_data_structures.h -=================================================================== ---- linux-2.4.27-rsbac-v1.2.3/include/rsbac/aci_data_structures.h (revision 16) -+++ linux-2.4.27-rsbac-v1.2.3/include/rsbac/aci_data_structures.h (working copy) -@@ -1134,7 +1134,7 @@ - #endif - - --#define RSBAC_USER_NR_ATTRIBUTES 28 -+#define RSBAC_USER_NR_ATTRIBUTES 24 - #define RSBAC_USER_ATTR_LIST { \ - A_pseudo, \ - A_log_user_based, \ -Index: linux-2.4.27-rsbac-v1.2.3/rsbac/help/syscalls.c -=================================================================== ---- linux-2.4.27-rsbac-v1.2.3/rsbac/help/syscalls.c (revision 16) -+++ linux-2.4.27-rsbac-v1.2.3/rsbac/help/syscalls.c (working copy) -@@ -1405,7 +1405,7 @@ - - int sys_rsbac_switch(enum rsbac_switch_target_t target, int value) - { --#ifdef CONFIG_RSBAC_SWITCH -+#if defined(CONFIG_RSBAC_SWITCH) || defined(CONFIG_RSBAC_SOFTMODE) - union rsbac_target_id_t rsbac_target_id; - union rsbac_attribute_value_t rsbac_attribute_value; - char * switch_name; -@@ -1509,6 +1509,7 @@ - case SOFTMODE: rsbac_softmode = value; - break; - #endif -+#ifdef CONFIG_RSBAC_SWITCH - #ifdef CONFIG_RSBAC_MAC - case MAC: rsbac_switch_mac = value; - break; -@@ -1557,6 +1558,7 @@ - case RES: rsbac_switch_res = value; - break; - #endif -+#endif /* SWITCH */ - default: - return (-RSBAC_EINVALIDMODULE); - } -Index: linux-2.4.27-rsbac-v1.2.3/rsbac/adf/jail/jail_syscalls.c -=================================================================== ---- linux-2.4.27-rsbac-v1.2.3/rsbac/adf/jail/jail_syscalls.c (revision 16) -+++ linux-2.4.27-rsbac-v1.2.3/rsbac/adf/jail/jail_syscalls.c (working copy) -@@ -41,8 +41,10 @@ - /* Externally visible functions */ - /************************************************* */ - -+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) - extern long sys_chroot(const char * filename); - extern long sys_chdir(const char * filename); -+#endif - - /* Create a jail for current process */ - /* Note: It is allowed to create jails within jails, but with restrictions */ -Index: linux-2.4.27-rsbac-v1.2.3/rsbac/adf/adf_main.c -=================================================================== ---- linux-2.4.27-rsbac-v1.2.3/rsbac/adf/adf_main.c (revision 16) -+++ linux-2.4.27-rsbac-v1.2.3/rsbac/adf/adf_main.c (working copy) -@@ -333,6 +333,14 @@ - && (sb_p->s_magic == PIPEFS_MAGIC) - ) - return DO_NOT_CARE; -+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) -+ /* No decision on pseudo sockfs */ -+ if( (target == T_FILE) -+ && (!RSBAC_MAJOR(tid.file.device)) -+ && (!RSBAC_MINOR(tid.file.device)) -+ ) -+ return DO_NOT_CARE; -+#endif - switch(request) - { - case R_GET_STATUS_DATA: -@@ -1008,6 +1016,7 @@ - rsbac_pid_t parent_pid = 0; - - /* Get owner's logging pseudo */ -+ i_tid.user = owner; - if (rsbac_get_attr(GEN,T_USER,i_tid,A_pseudo,&i_attr_val,FALSE)) - { - rsbac_ds_get_error("rsbac_adf_request()", A_pseudo); -@@ -2448,6 +2457,7 @@ - #endif /* SECDEL */ - - #ifdef CONFIG_RSBAC_SYM_REDIR -+EXPORT_SYMBOL(rsbac_symlink_redirect); - void rsbac_symlink_redirect(struct dentry * dentry_p, char * name) - { - int err; -Index: linux-2.4.27-rsbac-v1.2.3/rsbac/adf/adf_check.c -=================================================================== ---- linux-2.4.27-rsbac-v1.2.3/rsbac/adf/adf_check.c (revision 16) -+++ linux-2.4.27-rsbac-v1.2.3/rsbac/adf/adf_check.c (working copy) -@@ -439,6 +439,7 @@ - { - case T_DIR: - case T_SCD: -+ case T_IPC: - #ifdef CONFIG_RSBAC_RW - case T_FILE: - case T_FIFO: -Index: linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/rc_data_structures.c -=================================================================== ---- linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/rc_data_structures.c (revision 16) -+++ linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/rc_data_structures.c (working copy) -@@ -146,7 +146,7 @@ - off_t pos = 0; - off_t begin = 0; - -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - printk(KERN_WARNING "stats_rc_proc_info(): RSBAC not initialized\n"); - return(-RSBAC_ENOTINITIALIZED); -@@ -1540,7 +1540,7 @@ - - int rsbac_stats_rc(void) - { -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - printk(KERN_WARNING "rsbac_stats_rc(): RSBAC not initialized\n"); - return(-RSBAC_ENOTINITIALIZED); -Index: linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/aci_data_structures.c -=================================================================== ---- linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/aci_data_structures.c (revision 16) -+++ linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/aci_data_structures.c (working copy) -@@ -9504,10 +9504,11 @@ - /* All functions return 0, if no error occurred, and a negative error code */ - /* otherwise. The error codes are defined in rsbac_error.h. */ - -+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) - /* declare sys_kill */ - extern long sys_kill(int pid, int sig); -+#endif - -- - #ifdef CONFIG_RSBAC_INIT_DELAY - int rsbac_init(kdev_t root_dev) - #else -Index: linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/pm_data_structures.c -=================================================================== ---- linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/pm_data_structures.c (revision 16) -+++ linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/pm_data_structures.c (working copy) -@@ -90,7 +90,7 @@ - union rsbac_attribute_value_t rsbac_attribute_value; - #endif - -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - #ifdef CONFIG_RSBAC_RMSG - rsbac_printk(KERN_WARNING "stats_pm_proc_info(): RSBAC not initialized\n"); -@@ -1661,7 +1661,7 @@ - u_long all_member_count = 0; - u_long all_count = 0; - -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - #ifdef CONFIG_RSBAC_RMSG - rsbac_printk(KERN_WARNING "rsbac_stats_pm(): RSBAC not initialized\n"); -Index: linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/acl_data_structures.c -=================================================================== ---- linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/acl_data_structures.c (revision 16) -+++ linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/acl_data_structures.c (working copy) -@@ -539,7 +539,7 @@ - union rsbac_target_id_t rsbac_target_id; - union rsbac_attribute_value_t rsbac_attribute_value; - -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - #ifdef CONFIG_RSBAC_RMSG - rsbac_printk(KERN_WARNING "stats_acl_proc_info(): RSBAC not initialized\n"); -@@ -759,7 +759,7 @@ - union rsbac_target_id_t rsbac_target_id; - union rsbac_attribute_value_t rsbac_attribute_value; - -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - #ifdef CONFIG_RSBAC_RMSG - rsbac_printk(KERN_WARNING "acl_acllist_proc_info(): RSBAC not initialized\n"); -@@ -1697,7 +1697,7 @@ - union rsbac_target_id_t rsbac_target_id; - union rsbac_attribute_value_t rsbac_attribute_value; - -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - #ifdef CONFIG_RSBAC_RMSG - rsbac_printk(KERN_WARNING "acl_grouplist_proc_info(): RSBAC not initialized\n"); -@@ -3057,7 +3057,7 @@ - union rsbac_target_id_t rsbac_target_id; - union rsbac_attribute_value_t rsbac_attribute_value; - -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - printk(KERN_WARNING "rsbac_stats_acl(): RSBAC not initialized\n"); - return(-RSBAC_ENOTINITIALIZED); -Index: linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/mac_data_structures.c -=================================================================== ---- linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/mac_data_structures.c (revision 16) -+++ linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/mac_data_structures.c (working copy) -@@ -483,7 +483,7 @@ - union rsbac_target_id_t rsbac_target_id; - union rsbac_attribute_value_t rsbac_attribute_value; - -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - printk(KERN_WARNING "stats_mac_proc_info(): RSBAC not initialized\n"); - return(-RSBAC_ENOTINITIALIZED); -@@ -587,7 +587,7 @@ - union rsbac_target_id_t rsbac_target_id; - union rsbac_attribute_value_t rsbac_attribute_value; - -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - printk(KERN_WARNING "mac_trulist_proc_info(): RSBAC not initialized\n"); - return(-RSBAC_ENOTINITIALIZED); -@@ -1174,7 +1174,7 @@ - union rsbac_target_id_t rsbac_target_id; - union rsbac_attribute_value_t rsbac_attribute_value; - -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - #ifdef CONFIG_RSBAC_RMSG - rsbac_printk(KERN_WARNING "rsbac_stats_mac(): RSBAC not initialized\n"); -@@ -1771,7 +1771,7 @@ - struct rsbac_mac_device_list_item_t * device_p; - int err=0; - -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - printk(KERN_WARNING "rsbac_mac_copy_fp_truset(): RSBAC not initialized\n"); - return(-RSBAC_ENOTINITIALIZED); -@@ -1822,7 +1822,7 @@ - int rsbac_mac_copy_pp_truset(rsbac_pid_t old_p_set_id, - rsbac_pid_t new_p_set_id) - { -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - printk(KERN_WARNING "rsbac_mac_copy_pp_truset(): RSBAC not initialized\n"); - return(-RSBAC_ENOTINITIALIZED); -@@ -1850,7 +1850,7 @@ - struct rsbac_mac_device_list_item_t * device_p; - long count; - -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - printk(KERN_WARNING "rsbac_mac_get_f_trulist(): RSBAC not initialized\n"); - return(-RSBAC_ENOTINITIALIZED); -@@ -1904,7 +1904,7 @@ - rsbac_uid_t **trulist_p, - rsbac_time_t **ttllist_p) - { -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - printk(KERN_WARNING "rsbac_mac_get_p_trulist(): RSBAC not initialized\n"); - return(-RSBAC_ENOTINITIALIZED); -Index: linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/auth_data_structures.c -=================================================================== ---- linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/auth_data_structures.c (revision 16) -+++ linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/auth_data_structures.c (working copy) -@@ -770,7 +770,7 @@ - union rsbac_target_id_t rsbac_target_id; - union rsbac_attribute_value_t rsbac_attribute_value; - -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - printk(KERN_WARNING "stats_auth_proc_info(): RSBAC not initialized\n"); - return(-RSBAC_ENOTINITIALIZED); -@@ -940,7 +940,7 @@ - union rsbac_target_id_t rsbac_target_id; - union rsbac_attribute_value_t rsbac_attribute_value; - -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - printk(KERN_WARNING "auth_caplist_proc_info(): RSBAC not initialized\n"); - return(-RSBAC_ENOTINITIALIZED); -@@ -1908,7 +1908,7 @@ - union rsbac_target_id_t rsbac_target_id; - union rsbac_attribute_value_t rsbac_attribute_value; - -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - #ifdef CONFIG_RSBAC_RMSG - rsbac_printk(KERN_WARNING "rsbac_stats_auth(): RSBAC not initialized\n"); -@@ -2940,7 +2940,7 @@ - struct rsbac_auth_device_list_item_t * device_p; - int err=0; - -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - printk(KERN_WARNING "rsbac_auth_copy_fp_capset(): RSBAC not initialized\n"); - return(-RSBAC_ENOTINITIALIZED); -@@ -2991,7 +2991,7 @@ - int rsbac_auth_copy_pp_capset(rsbac_pid_t old_p_set_id, - rsbac_pid_t new_p_set_id) - { -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - printk(KERN_WARNING "rsbac_auth_copy_pp_capset(): RSBAC not initialized\n"); - return(-RSBAC_ENOTINITIALIZED); -@@ -3020,7 +3020,7 @@ - struct rsbac_auth_device_list_item_t * device_p; - long count; - -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - printk(KERN_WARNING "rsbac_auth_get_f_caplist(): RSBAC not initialized\n"); - return(-RSBAC_ENOTINITIALIZED); -@@ -3098,7 +3098,7 @@ - { - long count; - -- if (!rsbac_is_initialized) -+ if (!rsbac_is_initialized()) - { - printk(KERN_WARNING "rsbac_auth_get_p_caplist(): RSBAC not initialized\n"); - return(-RSBAC_ENOTINITIALIZED); diff --git a/sys-kernel/rsbac-sources/files/rsbac-bugfix-v1.2.3-ao-01.diff b/sys-kernel/rsbac-sources/files/rsbac-bugfix-v1.2.3-ao-01.diff deleted file mode 100644 index 47ef679afd71..000000000000 --- a/sys-kernel/rsbac-sources/files/rsbac-bugfix-v1.2.3-ao-01.diff +++ /dev/null @@ -1,37 +0,0 @@ - -Index: linux-2.6.9-rsbac-v1.2.3/include/rsbac/fs.h -=================================================================== ---- linux-2.6.9-rsbac-v1.2.3/include/rsbac/fs.h (revision 46) -+++ linux-2.6.9-rsbac-v1.2.3/include/rsbac/fs.h (working copy) -@@ -33,7 +33,9 @@ - - struct super_block * rsbac_get_super_block(kdev_t kdev); - -+#ifndef __fput - extern void __fput(struct file *); -+#endif - - #ifndef SHM_FS_MAGIC - #define SHM_FS_MAGIC 0x02011994 -Index: linux-2.6.9-rsbac-v1.2.3/rsbac/adf/reg/kproc_hide.c -=================================================================== ---- linux-2.6.9-rsbac-v1.2.3/rsbac/adf/reg/kproc_hide.c (revision 46) -+++ linux-2.6.9-rsbac-v1.2.3/rsbac/adf/reg/kproc_hide.c (working copy) -@@ -10,6 +10,8 @@ - #include <linux/kernel.h> - #include <linux/string.h> - #include <linux/fs.h> -+#include <linux/sched.h> -+#include <linux/file.h> - #include <rsbac/types.h> - #include <rsbac/reg.h> - #include <rsbac/adf.h> -@@ -17,8 +19,6 @@ - #include <rsbac/getname.h> - #include <rsbac/error.h> - #include <rsbac/proc_fs.h> --#include <linux/sched.h> --#include <linux/file.h> - - MODULE_AUTHOR("Michal Purzynski"); - MODULE_DESCRIPTION("RSBAC REG kproc_hide decision module"); diff --git a/sys-kernel/rsbac-sources/files/rsbac-bugfix-v1.2.3-kang-01.diff b/sys-kernel/rsbac-sources/files/rsbac-bugfix-v1.2.3-kang-01.diff deleted file mode 100644 index 570df3e3e236..000000000000 --- a/sys-kernel/rsbac-sources/files/rsbac-bugfix-v1.2.3-kang-01.diff +++ /dev/null @@ -1,12 +0,0 @@ ---- include/rsbac/aci.h.ori 2004-11-13 13:39:21.092404152 +0100 -+++ include/rsbac/aci.h 2004-11-13 13:42:13.402209080 +0100 -@@ -39,7 +39,7 @@ - extern void rsbac_off(void); - - /* For other kernel parts to check, whether RSBAC was initialized correctly */ --extern inline boolean rsbac_is_initialized(void); -+extern boolean rsbac_is_initialized(void); - - /* When mounting a device, its ACI must be read and added to the ACI lists. */ - extern int rsbac_mount(struct super_block * sb_p, struct dentry * d_covers); - diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-2.6.7-62524-ptmx.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-2.6.7-62524-ptmx.patch deleted file mode 100644 index 2312a2bf5e3b..000000000000 --- a/sys-kernel/rsbac-sources/files/rsbac-sources-2.6.7-62524-ptmx.patch +++ /dev/null @@ -1,21 +0,0 @@ -Index: linux-2.6.5/fs/devpts/inode.c -=================================================================== ---- linux-2.6.5.orig/fs/devpts/inode.c -+++ linux-2.6.5/fs/devpts/inode.c -@@ -178,9 +178,13 @@ struct tty_struct *devpts_get_tty(int nu - { - struct dentry *dentry = get_node(number); - struct tty_struct *tty; -- -- tty = (IS_ERR(dentry) || !dentry->d_inode) ? NULL : -- dentry->d_inode->u.generic_ip; -+ -+ tty = NULL; -+ if (!IS_ERR(dentry)) { -+ if (dentry->d_inode) -+ tty = dentry->d_inode->u.generic_ip; -+ dput(dentry); -+ } - - up(&devpts_root->d_inode->i_sem); - diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-2.6.7-70681-binfmt.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-2.6.7-70681-binfmt.patch deleted file mode 100644 index c0f90a5dfbd8..000000000000 --- a/sys-kernel/rsbac-sources/files/rsbac-sources-2.6.7-70681-binfmt.patch +++ /dev/null @@ -1,85 +0,0 @@ -diff -X /usr/src/dontdiff -urNp linux-2.6.7-gentoo-r16/fs/binfmt_elf.c linux-dsd/fs/binfmt_elf.c ---- linux-2.6.7-gentoo-r16/fs/binfmt_elf.c 2004-06-16 06:19:22.000000000 +0100 -+++ linux-dsd/fs/binfmt_elf.c 2004-11-24 16:24:00.301979976 +0000 -@@ -332,9 +332,12 @@ static unsigned long load_elf_interp(str - goto out; - - retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size); -- error = retval; -- if (retval < 0) -+ error = -EIO; -+ if (retval != size) { -+ if (retval < 0) -+ error = retval; - goto out_close; -+ } - - eppnt = elf_phdata; - for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) { -@@ -520,8 +523,11 @@ static int load_elf_binary(struct linux_ - goto out; - - retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *) elf_phdata, size); -- if (retval < 0) -+ if (retval != size) { -+ if (retval < 0) -+ retval = -EIO; - goto out_free_ph; -+ } - - files = current->files; /* Refcounted so ok */ - retval = unshare_files(); -@@ -558,7 +564,8 @@ static int load_elf_binary(struct linux_ - */ - - retval = -ENOMEM; -- if (elf_ppnt->p_filesz > PATH_MAX) -+ if (elf_ppnt->p_filesz > PATH_MAX || -+ elf_ppnt->p_filesz == 0) - goto out_free_file; - elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz, - GFP_KERNEL); -@@ -568,8 +575,16 @@ static int load_elf_binary(struct linux_ - retval = kernel_read(bprm->file, elf_ppnt->p_offset, - elf_interpreter, - elf_ppnt->p_filesz); -- if (retval < 0) -+ if (retval != elf_ppnt->p_filesz) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_interp; -+ } -+ /* make sure path is NULL terminated */ -+ retval = -EINVAL; -+ if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0') -+ goto out_free_interp; -+ - /* If the program interpreter is one of these two, - * then assume an iBCS2 image. Otherwise assume - * a native linux image. -@@ -604,8 +619,11 @@ static int load_elf_binary(struct linux_ - if (IS_ERR(interpreter)) - goto out_free_interp; - retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE); -- if (retval < 0) -+ if (retval != BINPRM_BUF_SIZE) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_dentry; -+ } - - /* Get the exec headers */ - interp_ex = *((struct exec *) bprm->buf); -@@ -757,8 +775,10 @@ static int load_elf_binary(struct linux_ - } - - error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags); -- if (BAD_ADDR(error)) -- continue; -+ if (BAD_ADDR(error)) { -+ send_sig(SIGKILL, current, 0); -+ goto out_free_dentry; -+ } - - if (!load_addr_set) { - load_addr_set = 1; diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-2.6.7-AF_UNIX.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-2.6.7-AF_UNIX.patch deleted file mode 100644 index a95e94fd9362..000000000000 --- a/sys-kernel/rsbac-sources/files/rsbac-sources-2.6.7-AF_UNIX.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- linux-2.6.9/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00 -+++ linux-2.6.9.plasmaroo/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00 -@@ -1535,9 +1535,11 @@ - - msg->msg_namelen = 0; - -+ down(&u->readsem); -+ - skb = skb_recv_datagram(sk, flags, noblock, &err); - if (!skb) -- goto out; -+ goto out_unlock; - - wake_up_interruptible(&u->peer_wait); - -@@ -1587,6 +1589,8 @@ - - out_free: - skb_free_datagram(sk,skb); -+out_unlock: -+ up(&u->readsem); - out: - return err; - } diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-2.6.7-CAN-2004-0883.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-2.6.7-CAN-2004-0883.patch deleted file mode 100644 index 74840e628699..000000000000 --- a/sys-kernel/rsbac-sources/files/rsbac-sources-2.6.7-CAN-2004-0883.patch +++ /dev/null @@ -1,93 +0,0 @@ -diff -urN linux-2.6.7-hardened-r14/fs/smbfs/proc.c linux-2.6.7-hardened-r15/fs/smbfs/proc.c ---- linux-2.6.7-hardened-r14/fs/smbfs/proc.c 2004-11-24 12:46:34.000000000 -0500 -+++ linux-2.6.7-hardened-r15/fs/smbfs/proc.c 2004-11-24 12:53:38.883511896 -0500 -@@ -1423,9 +1423,9 @@ - * So we must first calculate the amount of padding used by the server. - */ - data_off -= hdrlen; -- if (data_off > SMB_READX_MAX_PAD) { -- PARANOIA("offset is larger than max pad!\n"); -- PARANOIA("%d > %d\n", data_off, SMB_READX_MAX_PAD); -+ if (data_off > SMB_READX_MAX_PAD || data_off < 0) { -+ PARANOIA("offset is larger than SMB_READX_MAX_PAD or negative!\n"); -+ PARANOIA("%d > %d || %d < 0\n", data_off, SMB_READX_MAX_PAD, data_off); - req->rq_rlen = req->rq_bufsize + 1; - return; - } -diff -urN linux-2.6.7-hardened-r14/fs/smbfs/request.c linux-2.6.7-hardened-r15/fs/smbfs/request.c ---- linux-2.6.7-hardened-r14/fs/smbfs/request.c 2004-11-24 12:46:34.000000000 -0500 -+++ linux-2.6.7-hardened-r15/fs/smbfs/request.c 2004-11-24 12:53:38.885511592 -0500 -@@ -588,6 +588,10 @@ - data_count = WVAL(inbuf, smb_drcnt); - - /* Modify offset for the split header/buffer we use */ -+ if (data_offset < hdrlen) -+ goto out_bad_data; -+ if (parm_offset < hdrlen) -+ goto out_bad_parm; - data_offset -= hdrlen; - parm_offset -= hdrlen; - -@@ -607,6 +611,10 @@ - req->rq_lparm = parm_count; - req->rq_data = req->rq_buffer + data_offset; - req->rq_parm = req->rq_buffer + parm_offset; -+ if (parm_offset + parm_count > req->rq_rlen) -+ goto out_bad_parm; -+ if (data_offset + data_count > req->rq_rlen) -+ goto out_bad_data; - return 0; - } - -@@ -634,6 +642,7 @@ - req->rq_trans2buffer = smb_kmalloc(buf_len, GFP_NOFS); - if (!req->rq_trans2buffer) - goto out_no_mem; -+ memset(req->rq_trans2buffer, 0, buf_len); - - req->rq_parm = req->rq_trans2buffer; - req->rq_data = req->rq_trans2buffer + parm_tot; -@@ -643,8 +652,12 @@ - - if (parm_disp + parm_count > req->rq_total_parm) - goto out_bad_parm; -+ if (parm_offset + parm_count > req->rq_rlen) -+ goto out_bad_parm; - if (data_disp + data_count > req->rq_total_data) - goto out_bad_data; -+ if (data_offset + data_count > req->rq_rlen) -+ goto out_bad_data; - - inbuf = req->rq_buffer; - memcpy(req->rq_parm + parm_disp, inbuf + parm_offset, parm_count); -@@ -657,8 +670,11 @@ - * Check whether we've received all of the data. Note that - * we use the packet totals -- total lengths might shrink! - */ -- if (req->rq_ldata >= data_tot && req->rq_lparm >= parm_tot) -+ if (req->rq_ldata >= data_tot && req->rq_lparm >= parm_tot) { -+ req->rq_ldata = data_tot; -+ req->rq_lparm = parm_tot; - return 0; -+ } - return 1; - - out_too_long: -@@ -676,13 +692,13 @@ - req->rq_errno = -EIO; - goto out; - out_bad_parm: -- printk(KERN_ERR "smb_trans2: invalid parms, disp=%d, cnt=%d, tot=%d\n", -- parm_disp, parm_count, parm_tot); -+ printk(KERN_ERR "smb_trans2: invalid parms, disp=%d, cnt=%d, tot=%d, ofs=%d\n", -+ parm_disp, parm_count, parm_tot, parm_offset); - req->rq_errno = -EIO; - goto out; - out_bad_data: -- printk(KERN_ERR "smb_trans2: invalid data, disp=%d, cnt=%d, tot=%d\n", -- data_disp, data_count, data_tot); -+ printk(KERN_ERR "smb_trans2: invalid data, disp=%d, cnt=%d, tot=%d, ofs=%d\n", -+ data_disp, data_count, data_tot, data_offset); - req->rq_errno = -EIO; - out: - return req->rq_errno; diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-2.6.7-dos_mem_disc1.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-2.6.7-dos_mem_disc1.patch deleted file mode 100644 index 162eb7bbe6f1..000000000000 --- a/sys-kernel/rsbac-sources/files/rsbac-sources-2.6.7-dos_mem_disc1.patch +++ /dev/null @@ -1,61 +0,0 @@ ---- 1.143/fs/exec.c 2004-10-28 00:40:03 -07:00 -+++ edited/fs/exec.c 2004-11-11 19:24:54 -08:00 -@@ -413,6 +413,7 @@ - - down_write(&mm->mmap_sem); - { -+ struct vm_area_struct *vma; - mpnt->vm_mm = mm; - #ifdef CONFIG_STACK_GROWSUP - mpnt->vm_start = stack_base; -@@ -433,6 +434,12 @@ - mpnt->vm_flags = VM_STACK_FLAGS; - mpnt->vm_flags |= mm->def_flags; - mpnt->vm_page_prot = protection_map[mpnt->vm_flags & 0x7]; -+ vma = find_vma(mm, mpnt->vm_start); -+ if (vma) { -+ up_write(&mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return -ENOMEM; -+ } - insert_vm_struct(mm, mpnt); - mm->stack_vm = mm->total_vm = vma_pages(mpnt); - } ---- 1.25/fs/binfmt_aout.c 2004-10-18 22:26:36 -07:00 -+++ edited/fs/binfmt_aout.c 2004-11-11 22:28:58 -08:00 -@@ -43,13 +43,18 @@ - .min_coredump = PAGE_SIZE - }; - --static void set_brk(unsigned long start, unsigned long end) -+#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) -+ -+static int set_brk(unsigned long start, unsigned long end) - { - start = PAGE_ALIGN(start); - end = PAGE_ALIGN(end); -- if (end <= start) -- return; -- do_brk(start, end - start); -+ if (end > start) { -+ unsigned long addr = do_brk(start, end - start); -+ if (BAD_ADDR(addr)) -+ return addr; -+ } -+ return 0; - } - - /* -@@ -413,7 +418,11 @@ - beyond_if: - set_binfmt(&aout_format); - -- set_brk(current->mm->start_brk, current->mm->brk); -+ retval = set_brk(current->mm->start_brk, current->mm->brk); -+ if (retval < 0) { -+ send_sig(SIGKILL, current, 0); -+ return retval; -+ } - - retval = setup_arg_pages(bprm, EXSTACK_DEFAULT); - if (retval < 0) { diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-2.6.7-dos_mem_disc2.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-2.6.7-dos_mem_disc2.patch deleted file mode 100644 index 60baa63df5a7..000000000000 --- a/sys-kernel/rsbac-sources/files/rsbac-sources-2.6.7-dos_mem_disc2.patch +++ /dev/null @@ -1,183 +0,0 @@ -diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/arch/ia64/ia32/binfmt_elf32.c linux-dsd/arch/ia64/ia32/binfmt_elf32.c ---- linux-2.6.7-gentoo-r19/arch/ia64/ia32/binfmt_elf32.c 2004-12-02 23:32:15.424906248 +0000 -+++ linux-dsd/arch/ia64/ia32/binfmt_elf32.c 2004-12-02 23:35:26.813810712 +0000 -@@ -82,7 +82,11 @@ ia64_elf32_init (struct pt_regs *regs) - vma->vm_ops = &ia32_shared_page_vm_ops; - down_write(¤t->mm->mmap_sem); - { -- insert_vm_struct(current->mm, vma); -+ if (insert_vm_struct(current->mm, vma)) { -+ kmem_cache_free(vm_area_cachep, vma); -+ up_write(¤t->mm->mmap_sem); -+ return; -+ } - } - up_write(¤t->mm->mmap_sem); - } -@@ -101,7 +105,11 @@ ia64_elf32_init (struct pt_regs *regs) - vma->vm_flags = VM_READ|VM_WRITE|VM_MAYREAD|VM_MAYWRITE; - down_write(¤t->mm->mmap_sem); - { -- insert_vm_struct(current->mm, vma); -+ if (insert_vm_struct(current->mm, vma)) { -+ kmem_cache_free(vm_area_cachep, vma); -+ up_write(¤t->mm->mmap_sem); -+ return; -+ } - } - up_write(¤t->mm->mmap_sem); - } -@@ -149,7 +157,7 @@ ia32_setup_arg_pages (struct linux_binpr - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - - stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - mm->arg_start = bprm->p + stack_base; -@@ -182,8 +190,12 @@ ia32_setup_arg_pages (struct linux_binpr - else - mpnt->vm_flags = VM_STACK_FLAGS; - mpnt->vm_page_prot = (mpnt->vm_flags & VM_EXEC)? -- PAGE_COPY_EXEC: PAGE_COPY; -- insert_vm_struct(current->mm, mpnt); -+ PAGE_COPY_EXEC: PAGE_COPY; -+ if ((ret = insert_vm_struct(current->mm, mpnt))) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/arch/ia64/mm/init.c linux-dsd/arch/ia64/mm/init.c ---- linux-2.6.7-gentoo-r19/arch/ia64/mm/init.c 2004-12-02 23:32:15.425906096 +0000 -+++ linux-dsd/arch/ia64/mm/init.c 2004-12-02 23:36:46.937630040 +0000 -@@ -129,7 +129,13 @@ ia64_init_addr_space (void) - vma->vm_end = vma->vm_start + PAGE_SIZE; - vma->vm_page_prot = protection_map[VM_DATA_DEFAULT_FLAGS & 0x7]; - vma->vm_flags = VM_READ|VM_WRITE|VM_MAYREAD|VM_MAYWRITE|VM_GROWSUP; -- insert_vm_struct(current->mm, vma); -+ down_write(¤t->mm->mmap_sem); -+ if (insert_vm_struct(current->mm, vma)) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return; -+ } -+ up_write(¤t->mm->mmap_sem); - } - - /* map NaT-page at address zero to speed up speculative dereferencing of NULL: */ -@@ -141,7 +147,13 @@ ia64_init_addr_space (void) - vma->vm_end = PAGE_SIZE; - vma->vm_page_prot = __pgprot(pgprot_val(PAGE_READONLY) | _PAGE_MA_NAT); - vma->vm_flags = VM_READ | VM_MAYREAD | VM_IO | VM_RESERVED; -- insert_vm_struct(current->mm, vma); -+ down_write(¤t->mm->mmap_sem); -+ if (insert_vm_struct(current->mm, vma)) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return; -+ } -+ up_write(¤t->mm->mmap_sem); - } - } - } -diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/arch/s390/kernel/compat_exec.c linux-dsd/arch/s390/kernel/compat_exec.c ---- linux-2.6.7-gentoo-r19/arch/s390/kernel/compat_exec.c 2004-12-02 23:32:15.426905944 +0000 -+++ linux-dsd/arch/s390/kernel/compat_exec.c 2004-12-02 23:39:18.846536376 +0000 -@@ -39,7 +39,7 @@ int setup_arg_pages32(struct linux_binpr - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - - stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - mm->arg_start = bprm->p + stack_base; -@@ -68,7 +68,11 @@ int setup_arg_pages32(struct linux_binpr - /* executable stack setting would be applied here */ - mpnt->vm_page_prot = PAGE_COPY; - mpnt->vm_flags = VM_STACK_FLAGS; -- insert_vm_struct(mm, mpnt); -+ if ((ret = insert_vm_struct(mm, mpnt))) { -+ up_write(&mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/arch/x86_64/ia32/ia32_binfmt.c linux-dsd/arch/x86_64/ia32/ia32_binfmt.c ---- linux-2.6.7-gentoo-r19/arch/x86_64/ia32/ia32_binfmt.c 2004-12-02 23:32:15.427905792 +0000 -+++ linux-dsd/arch/x86_64/ia32/ia32_binfmt.c 2004-12-02 23:41:30.438531352 +0000 -@@ -330,7 +330,7 @@ int setup_arg_pages(struct linux_binprm - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - - stack_base = IA32_STACK_TOP - MAX_ARG_PAGES * PAGE_SIZE; - mm->arg_start = bprm->p + stack_base; -@@ -364,7 +364,11 @@ int setup_arg_pages(struct linux_binprm - mpnt->vm_flags = vm_stack_flags32; - mpnt->vm_page_prot = (mpnt->vm_flags & VM_EXEC) ? - PAGE_COPY_EXEC : PAGE_COPY; -- insert_vm_struct(mm, mpnt); -+ if ((ret = insert_vm_struct(mm, mpnt))) { -+ up_write(&mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/fs/exec.c linux-dsd/fs/exec.c ---- linux-2.6.7-gentoo-r19/fs/exec.c 2004-12-02 23:32:15.428905640 +0000 -+++ linux-dsd/fs/exec.c 2004-12-02 23:33:06.941074600 +0000 -@@ -342,7 +342,7 @@ int setup_arg_pages(struct linux_binprm - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - long arg_size; - - #ifdef CONFIG_STACK_GROWSUP -diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/include/linux/mm.h linux-dsd/include/linux/mm.h ---- linux-2.6.7-gentoo-r19/include/linux/mm.h 2004-12-02 23:32:15.430905336 +0000 -+++ linux-dsd/include/linux/mm.h 2004-12-02 23:33:06.942074448 +0000 -@@ -623,7 +623,7 @@ extern struct vm_area_struct *vma_merge( - extern struct anon_vma *find_mergeable_anon_vma(struct vm_area_struct *); - extern int split_vma(struct mm_struct *, - struct vm_area_struct *, unsigned long addr, int new_below); --extern void insert_vm_struct(struct mm_struct *, struct vm_area_struct *); -+extern int insert_vm_struct(struct mm_struct *, struct vm_area_struct *); - extern void __vma_link_rb(struct mm_struct *, struct vm_area_struct *, - struct rb_node **, struct rb_node *); - extern struct vm_area_struct *copy_vma(struct vm_area_struct **, -diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/mm/mmap.c linux-dsd/mm/mmap.c ---- linux-2.6.7-gentoo-r19/mm/mmap.c 2004-12-02 23:32:15.432905032 +0000 -+++ linux-dsd/mm/mmap.c 2004-12-02 23:33:06.944074144 +0000 -@@ -1722,7 +1722,7 @@ void exit_mmap(struct mm_struct *mm) - * and into the inode's i_mmap tree. If vm_file is non-NULL - * then i_mmap_lock is taken here. - */ --void insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) -+int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) - { - struct vm_area_struct * __vma, * prev; - struct rb_node ** rb_link, * rb_parent; -@@ -1745,8 +1745,9 @@ void insert_vm_struct(struct mm_struct * - } - __vma = find_vma_prepare(mm,vma->vm_start,&prev,&rb_link,&rb_parent); - if (__vma && __vma->vm_start < vma->vm_end) -- BUG(); -+ return -ENOMEM; - vma_link(mm, vma, prev, rb_link, rb_parent); -+ return 0; - } - - /* diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-CAN-2004-0497.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-CAN-2004-0497.patch deleted file mode 100644 index 1e4ba6f7601a..000000000000 --- a/sys-kernel/rsbac-sources/files/rsbac-sources-CAN-2004-0497.patch +++ /dev/null @@ -1,75 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/07/02 20:55:04-07:00 chrisw@osdl.org -# [PATCH] chown permission check fix for ATTR_GID -# -# SuSE discovered this problem with chown and ATTR_GID. Make sure user -# is authorized to change the group, CAN-2004-0497. -# -# fs/attr.c -# 2004/07/02 09:07:32-07:00 chrisw@osdl.org +2 -1 -# chown permission check fix for ATTR_GID -# -diff -Nru a/fs/attr.c b/fs/attr.c ---- a/fs/attr.c 2004-07-08 16:35:57 -07:00 -+++ b/fs/attr.c 2004-07-08 16:35:57 -07:00 -@@ -35,7 +35,8 @@ - - /* Make sure caller can chgrp. */ - if ((ia_valid & ATTR_GID) && -- (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid) && -+ (current->fsuid != inode->i_uid || -+ (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) && - !capable(CAP_CHOWN)) - goto error; - -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/07/02 18:48:26-07:00 chrisw@osdl.org -# [PATCH] check attr updates in /proc -# -# Any proc entry with default proc_file_inode_operations allow unauthorized -# attribute updates. This is very dangerous for proc entries that rely -# solely on file permissions for open/read/write. -# -# Signed-off-by: Chris Wright <chrisw@osdl.org> -# Signed-off-by: Linus Torvalds <torvalds@osdl.org> -# -# fs/proc/generic.c -# 2004/07/02 15:47:55-07:00 chrisw@osdl.org +14 -7 -# check attr updates in /proc -# -diff -Nru a/fs/proc/generic.c b/fs/proc/generic.c ---- a/fs/proc/generic.c 2004-07-08 17:03:20 -07:00 -+++ b/fs/proc/generic.c 2004-07-08 17:03:20 -07:00 -@@ -231,14 +231,21 @@ - static int proc_notify_change(struct dentry *dentry, struct iattr *iattr) - { - struct inode *inode = dentry->d_inode; -- int error = inode_setattr(inode, iattr); -- if (!error) { -- struct proc_dir_entry *de = PDE(inode); -- de->uid = inode->i_uid; -- de->gid = inode->i_gid; -- de->mode = inode->i_mode; -- } -+ struct proc_dir_entry *de = PDE(inode); -+ int error; - -+ error = inode_change_ok(inode, iattr); -+ if (error) -+ goto out; -+ -+ error = inode_setattr(inode, iattr); -+ if (error) -+ goto out; -+ -+ de->uid = inode->i_uid; -+ de->gid = inode->i_gid; -+ de->mode = inode->i_mode; -+out: - return error; - } - diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-CAN-2004-0596.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-CAN-2004-0596.patch deleted file mode 100644 index 8ea0f0488310..000000000000 --- a/sys-kernel/rsbac-sources/files/rsbac-sources-CAN-2004-0596.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- drivers/net/eql.c.ori 2004-07-22 12:46:56.103576048 +0200 -+++ drivers/net/eql.c 2004-07-22 12:46:59.068125368 +0200 -@@ -497,6 +497,8 @@ - slave_dev = dev_get_by_name(sc.slave_name); - - ret = -EINVAL; -+ if (!slave_dev) -+ return ret; - - spin_lock_bh(&eql->queue.lock); - if (eql_is_slave(slave_dev)) { -@@ -531,6 +533,8 @@ - slave_dev = dev_get_by_name(sc.slave_name); - - ret = -EINVAL; -+ if (!slave_dev) -+ return ret; - - spin_lock_bh(&eql->queue.lock); - if (eql_is_slave(slave_dev)) { diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-CAN-2004-0816.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-CAN-2004-0816.patch deleted file mode 100644 index 92ffd3336a02..000000000000 --- a/sys-kernel/rsbac-sources/files/rsbac-sources-CAN-2004-0816.patch +++ /dev/null @@ -1,35 +0,0 @@ -Index: linux-2.6.5/net/ipv4/netfilter/ipt_LOG.c -=================================================================== ---- linux-2.6.5.orig/net/ipv4/netfilter/ipt_LOG.c 2004-02-19 11:36:37.000000000 +0100 -+++ linux-2.6.5/net/ipv4/netfilter/ipt_LOG.c 2004-09-24 15:48:54.000000000 +0200 -@@ -71,7 +71,7 @@ - printk("FRAG:%u ", ntohs(iph.frag_off) & IP_OFFSET); - - if ((info->logflags & IPT_LOG_IPOPT) -- && iph.ihl * 4 != sizeof(struct iphdr)) { -+ && iph.ihl * 4 > sizeof(struct iphdr)) { - unsigned char opt[4 * 15 - sizeof(struct iphdr)]; - unsigned int i, optsize; - -@@ -138,7 +138,7 @@ - printk("URGP=%u ", ntohs(tcph.urg_ptr)); - - if ((info->logflags & IPT_LOG_TCPOPT) -- && tcph.doff * 4 != sizeof(struct tcphdr)) { -+ && tcph.doff * 4 > sizeof(struct tcphdr)) { - unsigned char opt[4 * 15 - sizeof(struct tcphdr)]; - unsigned int i, optsize; - -Index: linux-2.6.5/net/ipv6/netfilter/ip6t_LOG.c -=================================================================== ---- linux-2.6.5.orig/net/ipv6/netfilter/ip6t_LOG.c 2004-09-24 15:47:00.000000000 +0200 -+++ linux-2.6.5/net/ipv6/netfilter/ip6t_LOG.c 2004-09-24 15:48:35.000000000 +0200 -@@ -188,7 +188,7 @@ - printk("URGP=%u ", ntohs(tcph->urg_ptr)); - - if ((info->logflags & IP6T_LOG_TCPOPT) -- && tcph->doff * 4 != sizeof(struct tcphdr)) { -+ && tcph->doff * 4 > sizeof(struct tcphdr)) { - unsigned int i; - - /* Max length: 127 "OPT (" 15*4*2chars ") " */ diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-CAN-2004-1069.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-CAN-2004-1069.patch deleted file mode 100644 index dbb8b2329a28..000000000000 --- a/sys-kernel/rsbac-sources/files/rsbac-sources-CAN-2004-1069.patch +++ /dev/null @@ -1,61 +0,0 @@ ---- a/net/unix/af_unix.c 2004-10-18 22:54:37.000000000 +0100 -+++ b/net/unix/af_unix.c 2004-12-19 18:33:12.000000000 +0000 -@@ -477,6 +477,8 @@ - struct msghdr *, size_t, int); - static int unix_dgram_connect(struct socket *, struct sockaddr *, - int, int); -+static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *, -+ struct msghdr *, size_t); - - static struct proto_ops unix_stream_ops = { - .family = PF_UNIX, -@@ -535,7 +537,7 @@ - .shutdown = unix_shutdown, - .setsockopt = sock_no_setsockopt, - .getsockopt = sock_no_getsockopt, -- .sendmsg = unix_dgram_sendmsg, -+ .sendmsg = unix_seqpacket_sendmsg, - .recvmsg = unix_dgram_recvmsg, - .mmap = sock_no_mmap, - .sendpage = sock_no_sendpage, -@@ -1365,9 +1367,11 @@ - if (other->sk_shutdown & RCV_SHUTDOWN) - goto out_unlock; - -- err = security_unix_may_send(sk->sk_socket, other->sk_socket); -- if (err) -- goto out_unlock; -+ if (sk->sk_type != SOCK_SEQPACKET) { -+ err = security_unix_may_send(sk->sk_socket, other->sk_socket); -+ if (err) -+ goto out_unlock; -+ } - - if (unix_peer(other) != sk && - (skb_queue_len(&other->sk_receive_queue) > -@@ -1517,6 +1521,25 @@ - return sent ? : err; - } - -+static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock, -+ struct msghdr *msg, size_t len) -+{ -+ int err; -+ struct sock *sk = sock->sk; -+ -+ err = sock_error(sk); -+ if (err) -+ return err; -+ -+ if (sk->sk_state != TCP_ESTABLISHED) -+ return -ENOTCONN; -+ -+ if (msg->msg_namelen) -+ msg->msg_namelen = 0; -+ -+ return unix_dgram_sendmsg(kiocb, sock, msg, len); -+} -+ - static void unix_copy_addr(struct msghdr *msg, struct sock *sk) - { - struct unix_sock *u = unix_sk(sk); diff --git a/sys-kernel/rsbac-sources/files/rsbac-sources-iptables-dos.patch b/sys-kernel/rsbac-sources/files/rsbac-sources-iptables-dos.patch deleted file mode 100644 index 9eb1c3cd1667..000000000000 --- a/sys-kernel/rsbac-sources/files/rsbac-sources-iptables-dos.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- net/ipv4/netfilter/ip_tables.c.ski 2004-06-30 22:33:38.890839488 +0200 -+++ net/ipv4/netfilter/ip_tables.c 2004-06-30 22:34:27.547442560 +0200 -@@ -1458,7 +1458,7 @@ - int *hotdrop) - { - /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ -- char opt[60 - sizeof(struct tcphdr)]; -+ u_int8_t opt[60 - sizeof(struct tcphdr)]; - unsigned int i; - - duprintf("tcp_match: finding option\n"); diff --git a/sys-kernel/rsbac-sources/rsbac-sources-2.6.10.ebuild b/sys-kernel/rsbac-sources/rsbac-sources-2.6.10-r1.ebuild index 57001687e30b..8c3893a67b42 100644 --- a/sys-kernel/rsbac-sources/rsbac-sources-2.6.10.ebuild +++ b/sys-kernel/rsbac-sources/rsbac-sources-2.6.10-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-sources/rsbac-sources-2.6.10.ebuild,v 1.2 2005/01/14 00:21:32 kang Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-sources/rsbac-sources-2.6.10-r1.ebuild,v 1.1 2005/01/18 22:15:48 kang Exp $ IUSE="" ETYPE="sources" @@ -9,12 +9,12 @@ detect_version # rsbac RSBACV=1.2.3 -RSBAC_PRE_SRC="http://www.rsbac.org/download/pre/rsbac-${RSBACV}.tar.gz" -#RSBAC_SRC="http://rsbac.org/download/code/v${RSBACV}/rsbac-v${RSBACV}.tar.bz2" +#RSBAC_PRE_SRC="http://www.rsbac.org/download/pre/rsbac-${RSBACV}.tar.gz" +RSBAC_SRC="http://rsbac.org/download/code/v${RSBACV}/rsbac-v${RSBACV}.tar.bz2" CAN_SRC="" # rsbac kernel patches -RGPV=10.0 +RGPV=10.1 RGPV_SRC="http://dev.gentoo.org/~kang/rsbac/patches/1.2.3/2.6/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2" UNIPATCH_STRICTORDER="yes" @@ -25,14 +25,13 @@ HOMEPAGE="http://hardened.gentoo.org/rsbac/" DESCRIPTION="RSBAC hardened sources for the ${KV_MAJOR}.${KV_MINOR} kernel tree" SRC_URI="${KERNEL_URI} ${RSBAC_SRC} ${RGPV_SRC} ${CAN_SRC}" -KEYWORDS="~x86" +KEYWORDS="x86" src_unpack() { universal_unpack (cd ${WORKDIR}/linux-${KV}; unpack rsbac-v${RSBACV}.tar.bz2) unipatch "${UNIPATCH_LIST_DEFAULT} ${UNIPATCH_LIST}" - [ -z "${K_NOSETEXTRAVERSION}" ] && unpack_set_extraversion } pkg_postinst() { diff --git a/sys-kernel/rsbac-sources/rsbac-sources-2.6.7-r11.ebuild b/sys-kernel/rsbac-sources/rsbac-sources-2.6.7-r11.ebuild deleted file mode 100644 index 6021f7e0cce3..000000000000 --- a/sys-kernel/rsbac-sources/rsbac-sources-2.6.7-r11.ebuild +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-sources/rsbac-sources-2.6.7-r11.ebuild,v 1.1 2005/01/12 22:23:18 johnm Exp $ - -IUSE="" -ETYPE="sources" -inherit kernel-2 -detect_version - -# rsbac -RSBACV=1.2.3 -RSBAC_SRC="http://rsbac.org/download/code/v${RSBACV}/rsbac-v${RSBACV}.tar.bz2" -CAN_SRC="http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-2.6.7-CAN-2004-0415.patch" - -# rsbac kernel patches -RGPV=7.2 -RGPV_SRC="http://dev.gentoo.org/~kang/rsbac/patches/1.2.3/2.6/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2" - -UNIPATCH_STRICTORDER="yes" -UNIPATCH_LIST="${FILESDIR}/${PN}-iptables-dos.patch - ${FILESDIR}/${PN}-${OKV}-AF_UNIX.patch - ${FILESDIR}/${PN}-CAN-2004-1069.patch - ${FILESDIR}/${PN}-${OKV}-CAN-2004-0883.patch - ${FILESDIR}/${PN}-CAN-2004-0497.patch - ${FILESDIR}/${PN}-CAN-2004-0596.patch - ${FILESDIR}/${OKV}-cmdline.patch - ${FILESDIR}/${PN}-CAN-2004-0816.patch - ${FILESDIR}/${PN}-${OKV}-62524-ptmx.patch - ${DISTDIR}/linux-2.6.7-CAN-2004-0415.patch - ${DISTDIR}/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2 - ${FILESDIR}/${PN}-v1.2.3-3.patch - ${FILESDIR}/rsbac-bugfix-v1.2.3-*.diff - ${FILESDIR}/${PN}-${OKV}-dos_mem_disc*.patch" -UNIPATCH_DOCS="${WORKDIR}/patches/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}/0000_README" - -HOMEPAGE="http://hardened.gentoo.org/rsbac/" -DESCRIPTION="RSBAC hardened sources for the ${KV_MAJOR}.${KV_MINOR} kernel tree" - -SRC_URI="${KERNEL_URI} ${RSBAC_SRC} ${RGPV_SRC} ${CAN_SRC}" -KEYWORDS="x86" - - -src_unpack() { - universal_unpack - (cd ${WORKDIR}/linux-${KV}; unpack rsbac-v${RSBACV}.tar.bz2) - unipatch "${UNIPATCH_LIST_DEFAULT} ${UNIPATCH_LIST}" - [ -z "${K_NOSETEXTRAVERSION}" ] && unpack_set_extraversion -} - -pkg_postinst() { - postinst_sources - ewarn "Please configure and compile your RSBAC kernel before installing rsbac-admin tools" -} diff --git a/sys-kernel/rsbac-sources/rsbac-sources-2.6.9.ebuild b/sys-kernel/rsbac-sources/rsbac-sources-2.6.9.ebuild deleted file mode 100644 index a0957530521a..000000000000 --- a/sys-kernel/rsbac-sources/rsbac-sources-2.6.9.ebuild +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-sources/rsbac-sources-2.6.9.ebuild,v 1.1 2005/01/12 22:23:18 johnm Exp $ - -IUSE="" -ETYPE="sources" -inherit kernel-2 -detect_version - -# rsbac -RSBACV=1.2.4-pre3 -RSBAC_PRE_SRC="http://www.rsbac.org/download/pre/rsbac-${RSBACV}.tar.gz" -#RSBAC_SRC="http://rsbac.org/download/code/v${RSBACV}/rsbac-v${RSBACV}.tar.bz2" -CAN_SRC="http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-2.6.7-CAN-2004-0415.patch" - -# rsbac kernel patches -RGPV=9.0 -RGPV_SRC="http://dev.gentoo.org/~kang/rsbac/patches/1.2.4/2.6/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2" - -UNIPATCH_STRICTORDER="yes" -UNIPATCH_LIST="${DISTDIR}/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2" -UNIPATCH_DOCS="${WORKDIR}/patches/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}/0000_README" - -HOMEPAGE="http://hardened.gentoo.org/rsbac/" -DESCRIPTION="RSBAC hardened sources for the ${KV_MAJOR}.${KV_MINOR} kernel tree" - -SRC_URI="${KERNEL_URI} ${RSBAC_SRC} ${RGPV_SRC} ${CAN_SRC}" -KEYWORDS="~x86" - - -src_unpack() { - universal_unpack - (cd ${WORKDIR}/linux-${KV}; unpack rsbac-v${RSBACV}.tar.bz2) - unipatch "${UNIPATCH_LIST_DEFAULT} ${UNIPATCH_LIST}" - [ -z "${K_NOSETEXTRAVERSION}" ] && unpack_set_extraversion -} - -pkg_postinst() { - postinst_sources - ewarn "Please configure and compile your RSBAC kernel before installing rsbac-admin tools" -} |