Version bump for the AF_UNIX and a.out security vulnerabilities; bugs #72452 and #72317.

author: Tim Yamin <plasmaroo@gentoo.org> 2004-11-27 20:04:10 +0000
committer: Tim Yamin <plasmaroo@gentoo.org> 2004-11-27 20:04:10 +0000
commit: dd3ac4fc827dad6acbc56eca57508e5d3d061398 (patch)
tree: db2b83fa8386e85f9c629ebf3ebd7e300508b7cb /sys-kernel
parent: Added libtool DEP per comment in bug #66013. (diff)
download: historical-dd3ac4fc827dad6acbc56eca57508e5d3d061398.tar.gz
historical-dd3ac4fc827dad6acbc56eca57508e5d3d061398.tar.bz2
historical-dd3ac4fc827dad6acbc56eca57508e5d3d061398.zip
9 files changed, 186 insertions, 18 deletions
diff --git a/sys-kernel/usermode-sources/ChangeLog b/sys-kernel/usermode-sources/ChangeLog
index 273888a602c6..342dcf1f5fe2 100644
--- a/sys-kernel/usermode-sources/ChangeLog
+++ b/sys-kernel/usermode-sources/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for sys-kernel/usermode-sources
 # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/ChangeLog,v 1.52 2004/11/26 16:27:19 dsd Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/ChangeLog,v 1.53 2004/11/27 20:04:10 plasmaroo Exp $
+
+*usermode-sources-2.6.8.1-r5 (27 Nov 2004)
+
+  27 Nov 2004; <plasmaroo@gentoo.org> +usermode-sources-2.4.26-r10.ebuild,
+  -usermode-sources-2.4.26-r9.ebuild, -usermode-sources-2.6.8.1-r4.ebuild,
+  +usermode-sources-2.6.8.1-r5.ebuild,
+  +files/usermode-sources-2.4.binfmt_a.out.patch,
+  +files/usermode-sources-2.6.binfmt_a.out.patch,
+  +files/usermode-sources.AF_UNIX.patch:
+  Version bump for the AF_UNIX and a.out security vulnerabilities; bugs #72452
+  and #72317.
 
   26 Nov 2004; Daniel Drake <dsd@gentoo.org>
   usermode-sources-2.4.26-r9.ebuild, usermode-sources-2.6.8.1-r4.ebuild:
diff --git a/sys-kernel/usermode-sources/Manifest b/sys-kernel/usermode-sources/Manifest
index 608b4952bd10..bee43434c81c 100644
--- a/sys-kernel/usermode-sources/Manifest
+++ b/sys-kernel/usermode-sources/Manifest
@@ -1,20 +1,23 @@
-MD5 048fae91d93121008e7a6ceaa7d3cd51 usermode-sources-2.4.26-r9.ebuild 1797
-MD5 830ba0e46cfc4df8f58445dcb3727291 ChangeLog 14083
+MD5 c8e0fdef4d30261ec7c47cbf8be79752 usermode-sources-2.6.8.1-r5.ebuild 1063
+MD5 ba20c272e2dab8eecb1a916366bd6011 ChangeLog 14557
+MD5 19e3506068443dc2783e651d4bfb4b47 usermode-sources-2.4.26-r10.ebuild 1879
 MD5 a76f13cb946fc2720c04b189616da2de metadata.xml 159
-MD5 c49eefac1395494c36bdbc4adb7d858e usermode-sources-2.6.8.1-r4.ebuild 982
-MD5 60d25ff310fc6abfdce39ec9e47345af files/usermode-sources-2.4.CAN-2004-0685.patch 2809
+MD5 d1ccc2047be533c992f67270a150a210 files/usermode-sources-2.4.cmdlineLeak.patch 388
+MD5 dc18e982f8149588a291956481885a8c files/usermode-sources-2.4.CAN-2004-0495.patch 17549
+MD5 b0a1f80aff51d6601e8924329023b241 files/usermode-sources.AF_UNIX.patch 515
+MD5 b9a94233e1457787352e5f85e3e3582d files/usermode-sources-2.4.binfmt_a.out.patch 2009
+MD5 054d55975dd07c5a434e0ccfcf26f682 files/digest-usermode-sources-2.4.26-r10 297
+MD5 d4a740ae56c2049247083af387a22a85 files/usermode-sources-2.4.26.CAN-2004-0394.patch 350
+MD5 915e8d7a0618736caa44d96968015467 files/usermode-sources-2.4.binfmt_elf.patch 2346
 MD5 1e1fe7bb98c80db4644f4b7fd7dd5d32 files/usermode-sources-2.4.smbfs.patch 3434
+MD5 025c80544aef14ce3a49024d791c5596 files/usermode-sources-2.6.binfmt_a.out.patch 1763
 MD5 a9991d6324d7404ed99e79be6e44e9de files/usermode-sources-2.6.binfmt_elf.patch 2348
-MD5 054d55975dd07c5a434e0ccfcf26f682 files/digest-usermode-sources-2.4.26-r9 297
-MD5 c9da1bc82b906f6abc648c056e7bf662 files/usermode-sources-2.4.FPULockup-53804.patch 354
-MD5 915e8d7a0618736caa44d96968015467 files/usermode-sources-2.4.binfmt_elf.patch 2346
-MD5 d4a740ae56c2049247083af387a22a85 files/usermode-sources-2.4.26.CAN-2004-0394.patch 350
-MD5 2b3ddb8b8b15f8da35ade38544b57857 files/usermode-sources-2.4.XDRWrapFix.patch 1499
-MD5 452e04a312368605e145428c35bd0e05 files/usermode-sources-2.6.devPtmx.patch 572
+MD5 60d25ff310fc6abfdce39ec9e47345af files/usermode-sources-2.4.CAN-2004-0685.patch 2809
 MD5 0f66013f643c79c97fda489618a4e2fd files/usermode-sources-2.4.CAN-2004-0535.patch 476
-MD5 dc18e982f8149588a291956481885a8c files/usermode-sources-2.4.CAN-2004-0495.patch 17549
-MD5 5748125eb42554148c90a042a7454065 files/digest-usermode-sources-2.6.8.1-r4 214
+MD5 5748125eb42554148c90a042a7454065 files/digest-usermode-sources-2.6.8.1-r5 214
 MD5 8165de5e2ab6e0d3263ea35ce856fd1b files/usermode-sources-2.6.smbfs.patch 3309
 MD5 c2510fe1891f5a9effb12c2196922206 files/usermode-sources-2.6.cmdlineLeak.patch 281
-MD5 d1ccc2047be533c992f67270a150a210 files/usermode-sources-2.4.cmdlineLeak.patch 388
 MD5 95708646470a95668e8789cd415844ed files/usermode-sources.CAN-2004-0497.patch 846
+MD5 452e04a312368605e145428c35bd0e05 files/usermode-sources-2.6.devPtmx.patch 572
+MD5 2b3ddb8b8b15f8da35ade38544b57857 files/usermode-sources-2.4.XDRWrapFix.patch 1499
+MD5 c9da1bc82b906f6abc648c056e7bf662 files/usermode-sources-2.4.FPULockup-53804.patch 354
diff --git a/sys-kernel/usermode-sources/files/digest-usermode-sources-2.4.26-r9 b/sys-kernel/usermode-sources/files/digest-usermode-sources-2.4.26-r10
index 9e29fc732ec2..9e29fc732ec2 100644
--- a/sys-kernel/usermode-sources/files/digest-usermode-sources-2.4.26-r9
+++ b/sys-kernel/usermode-sources/files/digest-usermode-sources-2.4.26-r10
diff --git a/sys-kernel/usermode-sources/files/digest-usermode-sources-2.6.8.1-r4 b/sys-kernel/usermode-sources/files/digest-usermode-sources-2.6.8.1-r5
index 39318607e58d..39318607e58d 100644
--- a/sys-kernel/usermode-sources/files/digest-usermode-sources-2.6.8.1-r4
+++ b/sys-kernel/usermode-sources/files/digest-usermode-sources-2.6.8.1-r5
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.binfmt_a.out.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.binfmt_a.out.patch
new file mode 100644
index 000000000000..4644ae28bce4
--- /dev/null
+++ b/sys-kernel/usermode-sources/files/usermode-sources-2.4.binfmt_a.out.patch
@@ -0,0 +1,63 @@
+diff -Nru linux-2.4.28/fs/exec.c linux-2.4.28.plasmaroo/fs/exec.c
+--- linux-2.4.28/fs/exec.c	2004-04-15 10:44:45 -07:00
++++ linux-2.4.28.plasmaroo/fs/exec.c	2004-11-12 12:02:40 -08:00
+@@ -342,6 +342,7 @@ int setup_arg_pages(struct linux_binprm 
+ 	
+ 	down_write(&current->mm->mmap_sem);
+ 	{
++		struct vm_area_struct *vma;
+ 		mpnt->vm_mm = current->mm;
+ 		mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p;
+ 		mpnt->vm_end = STACK_TOP;
+@@ -351,6 +352,12 @@ int setup_arg_pages(struct linux_binprm 
+ 		mpnt->vm_pgoff = 0;
+ 		mpnt->vm_file = NULL;
+ 		mpnt->vm_private_data = (void *) 0;
++		vma = find_vma(current->mm, mpnt->vm_start);
++		if (vma) {
++			up_write(&current->mm->mmap_sem);
++			kmem_cache_free(vm_area_cachep, mpnt);
++			return -ENOMEM;
++		}
+ 		insert_vm_struct(current->mm, mpnt);
+ 		current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
+ 	} 
+diff -Nru linux-2.4.28/fs/exec.c linux-2.4.28.plasmaroo/fs/exec.c
+--- linux-2.4.28/fs/binfmt_aout.c	2002-02-04 23:54:04 -08:00
++++ linux-2.4.28.plasmaroo/fs/binfmt_aout.c	2004-11-12 11:55:14 -08:00
+@@ -39,13 +39,18 @@ static struct linux_binfmt aout_format =
+ 	NULL, THIS_MODULE, load_aout_binary, load_aout_library, aout_core_dump, PAGE_SIZE
+ };
+ 
+-static void set_brk(unsigned long start, unsigned long end)
++#define BAD_ADDR(x)	((unsigned long)(x) >= TASK_SIZE)
++
++static int set_brk(unsigned long start, unsigned long end)
+ {
+ 	start = PAGE_ALIGN(start);
+ 	end = PAGE_ALIGN(end);
+-	if (end <= start)
+-		return;
+-	do_brk(start, end - start);
++	if (end > start) {
++		unsigned long addr = do_brk(start, end - start);
++		if (BAD_ADDR(addr))
++			return addr;
++	}
++	return 0;
+ }
+ 
+ /*
+@@ -405,7 +410,11 @@ static int load_aout_binary(struct linux
+ beyond_if:
+ 	set_binfmt(&aout_format);
+ 
+-	set_brk(current->mm->start_brk, current->mm->brk);
++	retval = set_brk(current->mm->start_brk, current->mm->brk);
++	if (retval < 0) {
++		send_sig(SIGKILL, current, 0);
++		return retval;
++	}
+ 
+ 	retval = setup_arg_pages(bprm); 
+ 	if (retval < 0) { 
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.6.binfmt_a.out.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.6.binfmt_a.out.patch
new file mode 100644
index 000000000000..89665ce8db42
--- /dev/null
+++ b/sys-kernel/usermode-sources/files/usermode-sources-2.6.binfmt_a.out.patch
@@ -0,0 +1,63 @@
+diff -Nru linux-2.6.9/fs/exec.c linux-2.6.9.plasmaroo/fs/exec.c
+--- linux-2.6.9/fs/exec.c	2004-11-27 08:30:03 -08:00
++++ linux-2.6.9.plasmaroo/fs/exec.c	2004-11-27 08:30:03 -08:00
+@@ -413,6 +413,7 @@
+ 
+ 	down_write(&mm->mmap_sem);
+ 	{
++		struct vm_area_struct *vma;
+ 		mpnt->vm_mm = mm;
+ #ifdef CONFIG_STACK_GROWSUP
+ 		mpnt->vm_start = stack_base;
+@@ -433,6 +434,12 @@
+ 			mpnt->vm_flags = VM_STACK_FLAGS;
+ 		mpnt->vm_flags |= mm->def_flags;
+ 		mpnt->vm_page_prot = protection_map[mpnt->vm_flags & 0x7];
++		vma = find_vma(mm, mpnt->vm_start);
++		if (vma) {
++			up_write(&mm->mmap_sem);
++			kmem_cache_free(vm_area_cachep, mpnt);
++			return -ENOMEM;
++		}
+ 		insert_vm_struct(mm, mpnt);
+ 		mm->stack_vm = mm->total_vm = vma_pages(mpnt);
+ 	}
+diff -Nru linux-2.6.9/fs/binfmt_aout.c linux-2.6.9.plasmaroo/fs/binfmt_aout.c
+--- linux-2.6.9/fs/binfmt_aout.c	2004-11-27 08:31:43 -08:00
++++ linux-2.6.9.plasmaroo/fs/binfmt_aout.c	2004-11-27 08:31:43 -08:00
+@@ -43,13 +43,18 @@
+ 	.min_coredump	= PAGE_SIZE
+ };
+ 
+-static void set_brk(unsigned long start, unsigned long end)
++#define BAD_ADDR(x)	((unsigned long)(x) >= TASK_SIZE)
++
++static int set_brk(unsigned long start, unsigned long end)
+ {
+ 	start = PAGE_ALIGN(start);
+ 	end = PAGE_ALIGN(end);
+-	if (end <= start)
+-		return;
+-	do_brk(start, end - start);
++	if (end > start) {
++		unsigned long addr = do_brk(start, end - start);
++		if (BAD_ADDR(addr))
++			return addr;
++	}
++	return 0;
+ }
+ 
+ /*
+@@ -413,7 +418,11 @@
+ beyond_if:
+ 	set_binfmt(&aout_format);
+ 
+-	set_brk(current->mm->start_brk, current->mm->brk);
++	retval = set_brk(current->mm->start_brk, current->mm->brk);
++	if (retval < 0) {
++		send_sig(SIGKILL, current, 0);
++		return retval;
++	}
+ 
+ 	retval = setup_arg_pages(bprm, EXSTACK_DEFAULT);
+ 	if (retval < 0) { 
diff --git a/sys-kernel/usermode-sources/files/usermode-sources.AF_UNIX.patch b/sys-kernel/usermode-sources/files/usermode-sources.AF_UNIX.patch
new file mode 100644
index 000000000000..6ced78404a2d
--- /dev/null
+++ b/sys-kernel/usermode-sources/files/usermode-sources.AF_UNIX.patch
@@ -0,0 +1,24 @@
+--- linux-2.4.27/net/unix/af_unix.c	2004-11-24 08:23:21 -08:00
++++ linux-2.4.28/net/unix/af_unix.c	2004-11-24 08:23:21 -08:00
+@@ -1403,9 +1403,11 @@
+ 
+ 	msg->msg_namelen = 0;
+ 
++	down(&sk->protinfo.af_unix.readsem);
++
+ 	skb = skb_recv_datagram(sk, flags, noblock, &err);
+ 	if (!skb)
+-		goto out;
++		goto out_unlock;
+ 
+ 	wake_up_interruptible(&sk->protinfo.af_unix.peer_wait);
+ 
+@@ -1449,6 +1451,8 @@
+ 
+ out_free:
+ 	skb_free_datagram(sk,skb);
++out_unlock:
++	up(&sk->protinfo.af_unix.readsem);
+ out:
+ 	return err;
+ }
diff --git a/sys-kernel/usermode-sources/usermode-sources-2.4.26-r9.ebuild b/sys-kernel/usermode-sources/usermode-sources-2.4.26-r10.ebuild
index ca263554e755..29b7ccc808bb 100644
--- a/sys-kernel/usermode-sources/usermode-sources-2.4.26-r9.ebuild
+++ b/sys-kernel/usermode-sources/usermode-sources-2.4.26-r10.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/usermode-sources-2.4.26-r9.ebuild,v 1.2 2004/11/26 16:27:19 dsd Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/usermode-sources-2.4.26-r10.ebuild,v 1.1 2004/11/27 20:04:10 plasmaroo Exp $
 
 ETYPE="sources"
 inherit kernel-2
@@ -39,7 +39,9 @@ UNIPATCH_LIST="${DISTDIR}/${UML_PATCH}.bz2
 	${FILESDIR}/${PN}-2.4.cmdlineLeak.patch
 	${FILESDIR}/${PN}-2.4.XDRWrapFix.patch
 	${FILESDIR}/${PN}-2.4.binfmt_elf.patch
-	${FILESDIR}/${PN}-2.4.smbfs.patch"
+	${FILESDIR}/${PN}-2.4.smbfs.patch
+	${FILESDIR}/${PN}-2.4.binfmt_a.out.patch
+	${FILESDIR}/${PN}.AF_UNIX.patch"
 
 src_install() {
 	kernel-2_src_install
diff --git a/sys-kernel/usermode-sources/usermode-sources-2.6.8.1-r4.ebuild b/sys-kernel/usermode-sources/usermode-sources-2.6.8.1-r5.ebuild
index e789df0be4e7..f3041f8fb52b 100644
--- a/sys-kernel/usermode-sources/usermode-sources-2.6.8.1-r4.ebuild
+++ b/sys-kernel/usermode-sources/usermode-sources-2.6.8.1-r5.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/usermode-sources-2.6.8.1-r4.ebuild,v 1.2 2004/11/26 16:27:19 dsd Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/usermode-sources-2.6.8.1-r5.ebuild,v 1.1 2004/11/27 20:04:10 plasmaroo Exp $
 
 K_NOUSENAME="yes"
 ETYPE="sources"
@@ -14,7 +14,9 @@ UNIPATCH_LIST="${DISTDIR}/${UML_PATCH}.bz2
 	${FILESDIR}/${PN}-2.6.cmdlineLeak.patch
 	${FILESDIR}/${PN}-2.6.devPtmx.patch
 	${FILESDIR}/${PN}-2.6.binfmt_elf.patch
-	${FILESDIR}/${PN}-2.6.smbfs.patch"
+	${FILESDIR}/${PN}-2.6.smbfs.patch
+	${FILESDIR}/${PN}-2.6.binfmt_a.out.patch
+	${FILESDIR}/${PN}.AF_UNIX.patch"
 
 DESCRIPTION="Full (vanilla) sources for the User Mode Linux kernel"
 SRC_URI="mirror://kernel/linux/kernel/v2.6/linux-${PV}.tar.bz2
author	Tim Yamin <plasmaroo@gentoo.org>	2004-11-27 20:04:10 +0000
committer	Tim Yamin <plasmaroo@gentoo.org>	2004-11-27 20:04:10 +0000
commit	dd3ac4fc827dad6acbc56eca57508e5d3d061398 (patch)
tree	db2b83fa8386e85f9c629ebf3ebd7e300508b7cb /sys-kernel
parent	Added libtool DEP per comment in bug #66013. (diff)
download	historical-dd3ac4fc827dad6acbc56eca57508e5d3d061398.tar.gz historical-dd3ac4fc827dad6acbc56eca57508e5d3d061398.tar.bz2 historical-dd3ac4fc827dad6acbc56eca57508e5d3d061398.zip