diff options
10 files changed, 69 insertions, 95 deletions
diff --git a/sys-kernel/alpha-sources/ChangeLog b/sys-kernel/alpha-sources/ChangeLog index 8b1900b7f382..e4873552c0fa 100644 --- a/sys-kernel/alpha-sources/ChangeLog +++ b/sys-kernel/alpha-sources/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-kernel/alpha-sources # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/alpha-sources/ChangeLog,v 1.29 2004/06/24 22:55:21 agriffis Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/alpha-sources/ChangeLog,v 1.30 2004/07/09 14:13:59 plasmaroo Exp $ + +*alpha-sources-2.4.21-r9 (09 Jul 2004) + + 09 Jul 2004; <plasmaroo@gentoo.org> -alpha-sources-2.4.21-r7.ebuild, + -alpha-sources-2.4.21-r8.ebuild, +alpha-sources-2.4.21-r9.ebuild, + +files/alpha-sources.CAN-2004-0497.patch: + Patched for attribute vulnerabilities, bug #56479. *alpha-sources-2.4.21-r8 (24 Jun 2004) diff --git a/sys-kernel/alpha-sources/alpha-sources-2.4.21-r7.ebuild b/sys-kernel/alpha-sources/alpha-sources-2.4.21-r7.ebuild deleted file mode 100644 index a426499ccbcf..000000000000 --- a/sys-kernel/alpha-sources/alpha-sources-2.4.21-r7.ebuild +++ /dev/null @@ -1,86 +0,0 @@ -# Copyright 1999-2004 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/alpha-sources/alpha-sources-2.4.21-r7.ebuild,v 1.4 2004/06/24 22:55:21 agriffis Exp $ - -# OKV=original kernel version, KV=patched kernel version. They can be the same. - -IUSE="build crypt usagi" -ETYPE="sources" -inherit kernel eutils -OKV="`echo ${PV}|sed -e 's:^\([0-9]\+\.[0-9]\+\.[0-9]\+\).*:\1:'`" -EXTRAVERSION="-${PN/-*/}" -[ ! "${PR}" == "r0" ] && EXTRAVERSION="${EXTRAVERSION}-${PR}" -KV="${OKV}${EXTRAVERSION}" - -S=${WORKDIR}/linux-${KV} - -DESCRIPTION="Full sources for the Gentoo Linux Alpha kernel" -SRC_URI="mirror://kernel/linux/kernel/v2.4/linux-${OKV}.tar.bz2 - mirror://gentoo/patches-${KV/7/3}.tar.bz2" -SLOT="${KV}" -KEYWORDS="alpha -sparc -x86 -ppc -hppa -mips" - -src_unpack() { - unpack ${A} - mv linux-${OKV} linux-${KV} || die - cd ${WORKDIR}/${KV/7/1} - - # This is the crypt USE flag, keeps {USAGI/superfreeswan/patch-int/loop-jari} - if ! use crypt; then - einfo "No Cryptographic support, dropping patches..." - for file in 6* 8* ;do - einfo "Dropping ${file}..." - rm -f ${file} - done - else - einfo "Cryptographic patches will be applied" - fi - - # This is the usagi USE flag, keeps USAGI, drops - # {superfreeswan/patch-int/loop-jari} - # Using USAGI will also cause you to drop all iptables ipv6 - # patches. - if ! use usagi; then - einfo "Keeping {superfreeswan/patch-int/loop-jari} patches, dropping USAGI" - for file in 6* ;do - einfo "Dropping ${file}..." - rm -f ${file} - done - else - einfo "Keeping USAGI patch, dropping {superfreeswan/patch-int/loop-jari}" - for file in *.ipv6 8* ;do - einfo "Dropping ${file}..." - rm -f ${file} - done - fi - - kernel_src_unpack - - cd ${S} - epatch ${FILESDIR}/do_brk_fix.patch || die "Failed to patch the do_brk() vulnerability!" - epatch ${FILESDIR}/${PN}.CAN-2003-0985.patch || die "Failed to patch mremap() vulnerability!" - epatch ${FILESDIR}/${PN}.CAN-2004-0010.patch || die "Failed to add the CAN-2004-0010 patch!" - epatch ${FILESDIR}/${PN}.CAN-2004-0075.patch || die "Failed to add the CAN-2004-0075 patch!" - epatch ${FILESDIR}/${PN}.CAN-2004-0109.patch || die "Failed to patch CAN-2004-0109 vulnerability!" - epatch ${FILESDIR}/${PN}.CAN-2004-0133.patch || die "Failed to add the CAN-2004-0133 patch!" - epatch ${FILESDIR}/${PN}.CAN-2004-0177.patch || die "Failed to add the CAN-2004-0177 patch!" - epatch ${FILESDIR}/${PN}.CAN-2004-0178.patch || die "Failed to add the CAN-2004-0178 patch!" - epatch ${FILESDIR}/${PN}.CAN-2004-0181.patch || die "Failed to add the CAN-2004-0181 patch!" - epatch ${FILESDIR}/${PN}.CAN-2004-0394.patch || die "Failed to add the CAN-2004-0394 patch!" - epatch ${FILESDIR}/${PN}.CAN-2004-0427.patch || die "Failed to add the CAN-2004-0427 patch!" - epatch ${FILESDIR}/${PN}.rtc_fix.patch || die "Failed to patch RTC vulnerabilities!" - epatch ${FILESDIR}/${PN}.munmap.patch || die "Failed to apply munmap patch!" - - # Fix multi-line literal in include/asm-alpha/xor.h -- see bug 38354 - # If this script "dies" then that means it's no longer applicable. - mv include/asm-alpha/xor.h{,.multiline} - awk 'BEGIN { addnl=0; exitstatus=1 } - /^asm\("/ { addnl=1 } - /^"\)/ { addnl=0 } - addnl && !/\\n\\$/ { sub("$", " \\n\\", $0); exitstatus=0 } - { print } - END { exit exitstatus }' \ - <include/asm-alpha/xor.h.multiline >include/asm-alpha/xor.h - assert "awk script failed, probably doesn't apply to ${KV}" - rm -f include/asm-alpha/xor.h.multiline -} diff --git a/sys-kernel/alpha-sources/alpha-sources-2.4.21-r8.ebuild b/sys-kernel/alpha-sources/alpha-sources-2.4.21-r9.ebuild index 0e68c1d97182..3b658c20d0aa 100644 --- a/sys-kernel/alpha-sources/alpha-sources-2.4.21-r8.ebuild +++ b/sys-kernel/alpha-sources/alpha-sources-2.4.21-r9.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/alpha-sources/alpha-sources-2.4.21-r8.ebuild,v 1.2 2004/06/24 22:55:21 agriffis Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/alpha-sources/alpha-sources-2.4.21-r9.ebuild,v 1.1 2004/07/09 14:13:59 plasmaroo Exp $ # OKV=original kernel version, KV=patched kernel version. They can be the same. @@ -16,14 +16,14 @@ S=${WORKDIR}/linux-${KV} DESCRIPTION="Full sources for the Gentoo Linux Alpha kernel" SRC_URI="mirror://kernel/linux/kernel/v2.4/linux-${OKV}.tar.bz2 - mirror://gentoo/patches-${KV/8/3}.tar.bz2" + mirror://gentoo/patches-${KV/9/3}.tar.bz2" SLOT="${KV}" KEYWORDS="alpha -sparc -x86 -ppc -hppa -mips" src_unpack() { unpack ${A} mv linux-${OKV} linux-${KV} || die - cd ${WORKDIR}/${KV/8/1} + cd ${WORKDIR}/${KV/9/1} # This is the crypt USE flag, keeps {USAGI/superfreeswan/patch-int/loop-jari} if ! use crypt; then @@ -69,6 +69,7 @@ src_unpack() { epatch ${FILESDIR}/${PN}.CAN-2004-0394.patch || die "Failed to add the CAN-2004-0394 patch!" epatch ${FILESDIR}/${PN}.CAN-2004-0427.patch || die "Failed to add the CAN-2004-0427 patch!" epatch ${FILESDIR}/${PN}.CAN-2004-0495.patch || die "Failed to add the CAN-2004-0495 patch!" + epatch ${FILESDIR}/${PN}.CAN-2004-0497.patch || die "Failed to add the CAN-2004-0497 patch!" epatch ${FILESDIR}/${PN}.CAN-2004-0535.patch || die "Failed to add the CAN-2004-0535 patch!" epatch ${FILESDIR}/${PN}.rtc_fix.patch || die "Failed to patch RTC vulnerabilities!" epatch ${FILESDIR}/${PN}.munmap.patch || die "Failed to apply munmap patch!" diff --git a/sys-kernel/alpha-sources/files/alpha-sources.CAN-2004-0497.patch b/sys-kernel/alpha-sources/files/alpha-sources.CAN-2004-0497.patch new file mode 100644 index 000000000000..9503e9efe57b --- /dev/null +++ b/sys-kernel/alpha-sources/files/alpha-sources.CAN-2004-0497.patch @@ -0,0 +1,23 @@ +# ChangeSet +# +# fs/attr.c +# 2004/07/03 18:28:30-03:00 marcelo@logos.cnet +1 -0 +# Thomas Biege: Fix missing DAC check on sys_chown +# +# fs/attr.c +# 2004/07/03 19:28:29-03:00 marcelo@logos.cnet +1 -1 +# Add missing bracket to inode_change_ok() fix +# +diff -Nru a/fs/attr.c b.plasmaroo/fs/attr.c +--- a/fs/attr.c 2004-07-08 17:05:20 -07:00 ++++ b.plasmaroo/fs/attr.c 2004-07-08 17:05:20 -07:00 +@@ -35,7 +35,8 @@ + + /* Make sure caller can chgrp. */ + if ((ia_valid & ATTR_GID) && +- (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid) && ++ (current->fsuid != inode->i_uid || ++ (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) && + !capable(CAP_CHOWN)) + goto error; + diff --git a/sys-kernel/alpha-sources/files/digest-alpha-sources-2.4.21-r8 b/sys-kernel/alpha-sources/files/digest-alpha-sources-2.4.21-r8 deleted file mode 100644 index a17dcc489c19..000000000000 --- a/sys-kernel/alpha-sources/files/digest-alpha-sources-2.4.21-r8 +++ /dev/null @@ -1,2 +0,0 @@ -MD5 f51e12efa18bb828cf57d9d4a81b2fb1 linux-2.4.21.tar.bz2 28533733 -MD5 28094d6a3d68f228bda98af459ad1310 patches-2.4.21-alpha-r3.tar.bz2 1696825 diff --git a/sys-kernel/alpha-sources/files/digest-alpha-sources-2.4.21-r7 b/sys-kernel/alpha-sources/files/digest-alpha-sources-2.4.21-r9 index a17dcc489c19..a17dcc489c19 100644 --- a/sys-kernel/alpha-sources/files/digest-alpha-sources-2.4.21-r7 +++ b/sys-kernel/alpha-sources/files/digest-alpha-sources-2.4.21-r9 diff --git a/sys-kernel/compaq-sources/ChangeLog b/sys-kernel/compaq-sources/ChangeLog index 2980a2be6bf8..4028dfee5e43 100644 --- a/sys-kernel/compaq-sources/ChangeLog +++ b/sys-kernel/compaq-sources/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-kernel/compaq-sources # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/compaq-sources/ChangeLog,v 1.12 2004/06/26 15:39:51 squinky86 Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/compaq-sources/ChangeLog,v 1.13 2004/07/09 14:18:39 plasmaroo Exp $ + +*compaq-sources-2.4.9.32.7-r8 (09 Jul 2004) + + 09 Jul 2004; <plasmaroo@gentoo.org> -compaq-sources-2.4.9.32.7-r7.ebuild, + +compaq-sources-2.4.9.32.7-r8.ebuild, + +files/compaq-sources-2.4.9.32.7.CAN-2004-0497.patch: + Patched for attribute vulnerabilities, bug #56479. 26 Jun 2004; Jon Hood <squinky86@gentoo.org> compaq-sources-2.4.9.32.7-r7.ebuild: diff --git a/sys-kernel/compaq-sources/compaq-sources-2.4.9.32.7-r7.ebuild b/sys-kernel/compaq-sources/compaq-sources-2.4.9.32.7-r8.ebuild index 87d60dcf992a..64822a138d00 100644 --- a/sys-kernel/compaq-sources/compaq-sources-2.4.9.32.7-r7.ebuild +++ b/sys-kernel/compaq-sources/compaq-sources-2.4.9.32.7-r8.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/compaq-sources/compaq-sources-2.4.9.32.7-r7.ebuild,v 1.3 2004/06/26 15:39:51 squinky86 Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/compaq-sources/compaq-sources-2.4.9.32.7-r8.ebuild,v 1.1 2004/07/09 14:18:39 plasmaroo Exp $ ETYPE="sources" inherit kernel eutils @@ -31,7 +31,7 @@ src_unpack() { local kernel_rpm="kernel-source-${KV}.alpha.rpm" cd ${WORKDIR} - ebegin "Unpacking Distribution RPM..." + ebegin "Unpacking Distribution RPM" # agriffis' fast+efficient rpm extraction method from # the dev-lang/ccc ebuild. @@ -60,6 +60,7 @@ src_unpack() { epatch ${FILESDIR}/${P}.CAN-2004-0394.patch || die "Failed to add the CAN-2004-0394 patch!" epatch ${FILESDIR}/${P}.CAN-2004-0427.patch || die "Failed to add the CAN-2004-0427 patch!" epatch ${FILESDIR}/${P}.CAN-2004-0495.patch || die "Failed to add the CAN-2004-0495 patch!" + epatch ${FILESDIR}/${P}.CAN-2004-0497.patch || die "Failed to add the CAN-2004-0497 patch!" epatch ${FILESDIR}/${P}.do_brk.patch || die "Failed to patch do_brk() vulnerability!" epatch ${FILESDIR}/${P}.I2C_Limits.patch || die "Failed to patch the I2C i2cdev_ioctl() kmalloc() bug!" epatch ${FILESDIR}/${P}.rtc_fix.patch || die "Failed to patch RTC vulnerabilities!" diff --git a/sys-kernel/compaq-sources/files/compaq-sources-2.4.9.32.7.CAN-2004-0497.patch b/sys-kernel/compaq-sources/files/compaq-sources-2.4.9.32.7.CAN-2004-0497.patch new file mode 100644 index 000000000000..9503e9efe57b --- /dev/null +++ b/sys-kernel/compaq-sources/files/compaq-sources-2.4.9.32.7.CAN-2004-0497.patch @@ -0,0 +1,23 @@ +# ChangeSet +# +# fs/attr.c +# 2004/07/03 18:28:30-03:00 marcelo@logos.cnet +1 -0 +# Thomas Biege: Fix missing DAC check on sys_chown +# +# fs/attr.c +# 2004/07/03 19:28:29-03:00 marcelo@logos.cnet +1 -1 +# Add missing bracket to inode_change_ok() fix +# +diff -Nru a/fs/attr.c b.plasmaroo/fs/attr.c +--- a/fs/attr.c 2004-07-08 17:05:20 -07:00 ++++ b.plasmaroo/fs/attr.c 2004-07-08 17:05:20 -07:00 +@@ -35,7 +35,8 @@ + + /* Make sure caller can chgrp. */ + if ((ia_valid & ATTR_GID) && +- (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid) && ++ (current->fsuid != inode->i_uid || ++ (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) && + !capable(CAP_CHOWN)) + goto error; + diff --git a/sys-kernel/compaq-sources/files/digest-compaq-sources-2.4.9.32.7-r7 b/sys-kernel/compaq-sources/files/digest-compaq-sources-2.4.9.32.7-r8 index 96283e409fc6..96283e409fc6 100644 --- a/sys-kernel/compaq-sources/files/digest-compaq-sources-2.4.9.32.7-r7 +++ b/sys-kernel/compaq-sources/files/digest-compaq-sources-2.4.9.32.7-r8 |