Added patches for the CAN-2004-0010, CAN-2004-0177 and CAN-2004-0178 vulnerabilities.

7 files changed, 243 insertions, 8 deletions

diff --git a/sys-kernel/pac-sources/ChangeLog b/sys-kernel/pac-sources/ChangeLog
index 23adbe7a8190..a00abc9955af 100644
--- a/sys-kernel/pac-sources/ChangeLog
+++ b/sys-kernel/pac-sources/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for sys-kernel/pac-sources
 # Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/pac-sources/ChangeLog,v 1.5 2004/04/15 09:33:16 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/pac-sources/ChangeLog,v 1.6 2004/04/17 12:02:54 plasmaroo Exp $
+
+*pac-sources-2.4.23-r5 (17 Apr 2004)
+
+  17 Apr 2004; <plasmaroo@gentoo.org> +files/pac-sources.CAN-2004-0010.patch,
+  +files/pac-sources.CAN-2004-0177.patch,
+  +files/pac-sources.CAN-2004-0178.patch, -pac-sources-2.4.23-r4.ebuild,
+  +pac-sources-2.4.23-r5.ebuild:
+  Added patches for the CAN-2004-0010, CAN-2004-0177 and CAN-2004-0178
+  vulnerabilities. Old revision removed.
 
 *pac-sources-2.4.23-r4 (15 Apr 2004)
 
diff --git a/sys-kernel/pac-sources/Manifest b/sys-kernel/pac-sources/Manifest
index ae744666220f..d5a68095175f 100644
--- a/sys-kernel/pac-sources/Manifest
+++ b/sys-kernel/pac-sources/Manifest
@@ -1,8 +1,11 @@
-MD5 6066b99ffab2c44d6212f3c754e60576 ChangeLog 1241
-MD5 c5d02fcb936ee1529b40f140981cfcd1 pac-sources-2.4.23-r4.ebuild 2371
+MD5 03ccc4ea84520445c68e5593ea2ca16e ChangeLog 1618
 MD5 daa14c3311aff54352fca02cadfd84a4 metadata.xml 409
-MD5 6229e77dde1f21dc58f51f1dbb668c0d files/digest-pac-sources-2.4.23-r4 134
+MD5 aaa62593201403e8cf632f6d36a336d5 pac-sources-2.4.23-r5.ebuild 2652
 MD5 21f3a4f186017d925067335e24db36a1 files/pac-sources.CAN-2004-0109.patch 1877
 MD5 e77a93fdf26f06cf3ea5080b27211725 files/pac-sources.CAN-2003-0985.patch 414
+MD5 147fec50180ad91b6260fc7201dcb90f files/pac-sources.CAN-2004-0010.patch 6050
+MD5 6229e77dde1f21dc58f51f1dbb668c0d files/digest-pac-sources-2.4.23-r5 134
+MD5 ac42024b6e6ee1e2165914db4b22a61c files/pac-sources.CAN-2004-0178.patch 424
 MD5 032ff70c5895cc1a2dfbe2a58ebde1f7 files/pac-sources.munmap.patch 819
 MD5 e2e2b545b6fcdcecf49e33798efa5b84 files/pac-sources.rtc_fix.patch 7073
+MD5 eaeda68a619caaddd5b8fdc5e7c39932 files/pac-sources.CAN-2004-0177.patch 384
diff --git a/sys-kernel/pac-sources/files/digest-pac-sources-2.4.23-r4 b/sys-kernel/pac-sources/files/digest-pac-sources-2.4.23-r5
index 75e05aae1086..75e05aae1086 100644
--- a/sys-kernel/pac-sources/files/digest-pac-sources-2.4.23-r4
+++ b/sys-kernel/pac-sources/files/digest-pac-sources-2.4.23-r5
diff --git a/sys-kernel/pac-sources/files/pac-sources.CAN-2004-0010.patch b/sys-kernel/pac-sources/files/pac-sources.CAN-2004-0010.patch
new file mode 100644
index 000000000000..6b4b1cefa49e
--- /dev/null
+++ b/sys-kernel/pac-sources/files/pac-sources.CAN-2004-0010.patch
@@ -0,0 +1,200 @@
+diff -urN linux-2.4.25-pre6/fs/ncpfs/dir.c linux-2.4.25-pre7/fs/ncpfs/dir.c
+--- linux-2.4.25-pre6/fs/ncpfs/dir.c	2002-11-28 15:53:15.000000000 -0800
++++ linux-2.4.25-pre7/fs/ncpfs/dir.c	2004-01-23 10:53:26.000000000 -0800
+@@ -266,8 +266,8 @@
+ 	struct ncp_server *server;
+ 	struct inode *dir = dentry->d_parent->d_inode;
+ 	struct ncp_entry_info finfo;
+-	int res, val = 0, len = dentry->d_name.len + 1;
+-	__u8 __name[len];
++	int res, val = 0, len;
++	__u8 __name[NCP_MAXPATHLEN + 1];
+ 
+ 	if (!dentry->d_inode || !dir)
+ 		goto finished;
+@@ -291,14 +291,15 @@
+ 		dentry->d_parent->d_name.name, dentry->d_name.name,
+ 		NCP_GET_AGE(dentry));
+ 
++	len = sizeof(__name);
+ 	if (ncp_is_server_root(dir)) {
+ 		res = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+-						len-1, 1);
++						dentry->d_name.len, 1);
+ 		if (!res)
+ 			res = ncp_lookup_volume(server, __name, &(finfo.i));
+ 	} else {
+ 		res = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+-						len-1, !ncp_preserve_case(dir));
++						dentry->d_name.len, !ncp_preserve_case(dir));
+ 		if (!res)
+ 			res = ncp_obtain_info(server, dir, __name, &(finfo.i));
+ 	}
+@@ -548,9 +549,9 @@
+ 	int valid = 0;
+ 	int hashed = 0;
+ 	ino_t ino = 0;
+-	__u8 __name[256];
++	__u8 __name[NCP_MAXPATHLEN + 1];
+ 
+-	qname.len = 256;
++	qname.len = sizeof(__name);
+ 	if (ncp_vol2io(NCP_SERVER(inode), __name, &qname.len,
+ 			entry->i.entryName, entry->i.nameLen,
+ 			!ncp_preserve_entry_case(inode, entry->i.NSCreator)))
+@@ -705,16 +706,19 @@
+ {
+ 	struct ncp_server* server = NCP_SBP(sb);
+ 	struct nw_info_struct i;
+-	int result, len = strlen(server->m.mounted_vol) + 1;
+-	__u8 __name[len];
++	int result;
+ 
+ 	if (ncp_single_volume(server)) {
++		int len;
+ 		struct dentry* dent;
++		__u8 __name[NCP_MAXPATHLEN + 1];
+ 
+-		result = -ENOENT;
+-		if (ncp_io2vol(server, __name, &len, server->m.mounted_vol,
+-								len-1, 1))
++		len = sizeof(__name);
++		result = ncp_io2vol(server, __name, &len, server->m.mounted_vol,
++				    strlen(server->m.mounted_vol), 1);
++		if (result)
+ 			goto out;
++		result = -ENOENT;
+ 		if (ncp_lookup_volume(server, __name, &i)) {
+ 			PPRINTK("ncp_conn_logged_in: %s not found\n",
+ 				server->m.mounted_vol);
+@@ -745,8 +749,8 @@
+ 	struct ncp_server *server = NCP_SERVER(dir);
+ 	struct inode *inode = NULL;
+ 	struct ncp_entry_info finfo;
+-	int error, res, len = dentry->d_name.len + 1;
+-	__u8 __name[len];
++	int error, res, len;
++	__u8 __name[NCP_MAXPATHLEN + 1];
+ 
+ 	error = -EIO;
+ 	if (!ncp_conn_valid(server))
+@@ -755,14 +759,15 @@
+ 	PPRINTK("ncp_lookup: server lookup for %s/%s\n",
+ 		dentry->d_parent->d_name.name, dentry->d_name.name);
+ 
++	len = sizeof(__name);
+ 	if (ncp_is_server_root(dir)) {
+ 		res = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+-						len-1, 1);
++				 dentry->d_name.len, 1);
+ 		if (!res)
+ 			res = ncp_lookup_volume(server, __name, &(finfo.i));
+ 	} else {
+ 		res = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+-						len-1, !ncp_preserve_case(dir));
++				 dentry->d_name.len, !ncp_preserve_case(dir));
+ 		if (!res)
+ 			res = ncp_obtain_info(server, dir, __name, &(finfo.i));
+ 	}
+@@ -825,9 +830,9 @@
+ {
+ 	struct ncp_server *server = NCP_SERVER(dir);
+ 	struct ncp_entry_info finfo;
+-	int error, result, len = dentry->d_name.len + 1;
++	int error, result, len;
+ 	int opmode;
+-	__u8 __name[len];
++	__u8 __name[NCP_MAXPATHLEN + 1];
+ 	
+ 	PPRINTK("ncp_create_new: creating %s/%s, mode=%x\n",
+ 		dentry->d_parent->d_name.name, dentry->d_name.name, mode);
+@@ -836,8 +841,9 @@
+ 		goto out;
+ 
+ 	ncp_age_dentry(server, dentry);
++	len = sizeof(__name);
+ 	error = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+-						len-1, !ncp_preserve_case(dir));
++			   dentry->d_name.len, !ncp_preserve_case(dir));
+ 	if (error)
+ 		goto out;
+ 
+@@ -880,8 +886,8 @@
+ {
+ 	struct ncp_entry_info finfo;
+ 	struct ncp_server *server = NCP_SERVER(dir);
+-	int error, len = dentry->d_name.len + 1;
+-	__u8 __name[len];
++	int error, len;
++	__u8 __name[NCP_MAXPATHLEN + 1];
+ 
+ 	DPRINTK("ncp_mkdir: making %s/%s\n",
+ 		dentry->d_parent->d_name.name, dentry->d_name.name);
+@@ -890,8 +896,9 @@
+ 		goto out;
+ 
+ 	ncp_age_dentry(server, dentry);
++	len = sizeof(__name);
+ 	error = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+-						len-1, !ncp_preserve_case(dir));
++			   dentry->d_name.len, !ncp_preserve_case(dir));
+ 	if (error)
+ 		goto out;
+ 
+@@ -909,8 +916,8 @@
+ static int ncp_rmdir(struct inode *dir, struct dentry *dentry)
+ {
+ 	struct ncp_server *server = NCP_SERVER(dir);
+-	int error, result, len = dentry->d_name.len + 1;
+-	__u8 __name[len];
++	int error, result, len;
++	__u8 __name[NCP_MAXPATHLEN + 1];
+ 
+ 	DPRINTK("ncp_rmdir: removing %s/%s\n",
+ 		dentry->d_parent->d_name.name, dentry->d_name.name);
+@@ -923,8 +930,9 @@
+ 	if (!d_unhashed(dentry))
+ 		goto out;
+ 
++	len = sizeof(__name);
+ 	error = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+-						len-1, !ncp_preserve_case(dir));
++			   dentry->d_name.len, !ncp_preserve_case(dir));
+ 	if (error)
+ 		goto out;
+ 
+@@ -1022,9 +1030,8 @@
+ {
+ 	struct ncp_server *server = NCP_SERVER(old_dir);
+ 	int error;
+-	int old_len = old_dentry->d_name.len + 1;
+-	int new_len = new_dentry->d_name.len + 1;
+-	__u8 __old_name[old_len], __new_name[new_len];
++	int old_len, new_len;
++	__u8 __old_name[NCP_MAXPATHLEN + 1], __new_name[NCP_MAXPATHLEN + 1];
+ 
+ 	DPRINTK("ncp_rename: %s/%s to %s/%s\n",
+ 		old_dentry->d_parent->d_name.name, old_dentry->d_name.name,
+@@ -1037,15 +1044,17 @@
+ 	ncp_age_dentry(server, old_dentry);
+ 	ncp_age_dentry(server, new_dentry);
+ 
++	old_len = sizeof(__old_name);
+ 	error = ncp_io2vol(server, __old_name, &old_len,
+-					old_dentry->d_name.name, old_len-1,
+-					!ncp_preserve_case(old_dir));
++			   old_dentry->d_name.name, old_dentry->d_name.len,
++			   !ncp_preserve_case(old_dir));
+ 	if (error)
+ 		goto out;
+ 
++	new_len = sizeof(__new_name);
+ 	error = ncp_io2vol(server, __new_name, &new_len,
+-					new_dentry->d_name.name, new_len-1,
+-					!ncp_preserve_case(new_dir));
++			   new_dentry->d_name.name, new_dentry->d_name.len,
++			   !ncp_preserve_case(new_dir));
+ 	if (error)
+ 		goto out;
+ 
+
diff --git a/sys-kernel/pac-sources/files/pac-sources.CAN-2004-0177.patch b/sys-kernel/pac-sources/files/pac-sources.CAN-2004-0177.patch
new file mode 100644
index 000000000000..da6b7e190685
--- /dev/null
+++ b/sys-kernel/pac-sources/files/pac-sources.CAN-2004-0177.patch
@@ -0,0 +1,10 @@
+--- linux-2.4.26-pre3/fs/jbd/journal.c	2004-02-18 05:36:31.000000000 -0800
++++ linux-2.4.26-pre4/fs/jbd/journal.c	2004-03-16 09:59:36.000000000 -0800
+@@ -671,6 +671,7 @@
+ 
+ 	bh = getblk(journal->j_dev, blocknr, journal->j_blocksize);
+ 	lock_buffer(bh);
++	memset(bh->b_data, 0, journal->j_blocksize);
+ 	BUFFER_TRACE(bh, "return this buffer");
+ 	return journal_add_journal_head(bh);
+ }
diff --git a/sys-kernel/pac-sources/files/pac-sources.CAN-2004-0178.patch b/sys-kernel/pac-sources/files/pac-sources.CAN-2004-0178.patch
new file mode 100644
index 000000000000..19e57268c2fa
--- /dev/null
+++ b/sys-kernel/pac-sources/files/pac-sources.CAN-2004-0178.patch
@@ -0,0 +1,11 @@
+--- linux-2.4.26-pre2/drivers/sound/sb_audio.c	2002-02-25 11:38:06.000000000 -0800
++++ linux-2.4.26-pre3/drivers/sound/sb_audio.c	2004-03-13 07:43:23.000000000 -0800
+@@ -879,7 +879,7 @@
+ 			c -= locallen; p += locallen;
+ 		}
+ 		/* used = ( samples * 16 bits size ) */
+-		*used = len << 1;
++		*used =  max_in  > ( max_out << 1) ? (max_out << 1) : max_in;
+ 		/* returned = ( samples * 8 bits size ) */
+ 		*returned = len;
+ 	}
diff --git a/sys-kernel/pac-sources/pac-sources-2.4.23-r4.ebuild b/sys-kernel/pac-sources/pac-sources-2.4.23-r5.ebuild
index cf04f7382e71..bbeef010c47d 100644
--- a/sys-kernel/pac-sources/pac-sources-2.4.23-r4.ebuild
+++ b/sys-kernel/pac-sources/pac-sources-2.4.23-r5.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/pac-sources/pac-sources-2.4.23-r4.ebuild,v 1.2 2004/04/15 10:03:51 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/pac-sources/pac-sources-2.4.23-r5.ebuild,v 1.1 2004/04/17 12:02:54 plasmaroo Exp $
 
 IUSE="build"
 
@@ -57,10 +57,12 @@ src_unpack() {
 	fi
 
 	bzcat ${DISTDIR}/patch-${KV}.bz2|patch -p1 || die "-pac patch failed"
-	epatch ${FILESDIR}/${PN}.CAN-2003-0985.patch || die "Failed to patch mremap() vulnerability!"
-	epatch ${FILESDIR}/${PN}.CAN-2004-0109.patch || die "Failed to patch CAN-2004-0109 vulnerability!"
 	epatch ${FILESDIR}/${PN}.munmap.patch || die "Failed to apply munmap patch!"
 	epatch ${FILESDIR}/${PN}.rtc_fix.patch || die "Failed to patch RTC vulnerabilities!"
-
+	epatch ${FILESDIR}/${PN}.CAN-2003-0985.patch || die "Failed to patch mremap() vulnerability!"
+	epatch ${FILESDIR}/${PN}.CAN-2004-0010.patch || die "Failed to add the CAN-2004-0010 patch!"
+	epatch ${FILESDIR}/${PN}.CAN-2004-0109.patch || die "Failed to patch CAN-2004-0109 vulnerability!"
+	epatch ${FILESDIR}/${PN}.CAN-2004-0177.patch || die "Failed to add the CAN-2004-0177 patch!"
+	epatch ${FILESDIR}/${PN}.CAN-2004-0178.patch || die "Failed to add the CAN-2004-0178 patch!"
 	kernel_universal_unpack
 }