Adding a fix for the 2.4 kNFSd security vulnerability and the 2.6 /dev/ptmx DoS, bug #62524. Also fixed CAN-2004-0814 for 2.4 and 2.6, bug #68421.

7 files changed, 92 insertions, 5 deletions

diff --git a/sys-kernel/uclinux-sources/ChangeLog b/sys-kernel/uclinux-sources/ChangeLog
index 250804f32f5d..6e153df729f7 100644
--- a/sys-kernel/uclinux-sources/ChangeLog
+++ b/sys-kernel/uclinux-sources/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for sys-kernel/uclinux-sources
 # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/ChangeLog,v 1.19 2004/10/21 18:26:55 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/ChangeLog,v 1.20 2004/11/09 19:27:14 plasmaroo Exp $
+
+*uclinux-sources-2.4.26_p0-r7 (09 Nov 2004)
+
+  09 Nov 2004; <plasmaroo@gentoo.org> -uclinux-sources-2.4.26_p0-r6.ebuild,
+  +uclinux-sources-2.4.26_p0-r7.ebuild, -uclinux-sources-2.6.7_p0-r6.ebuild,
+  +uclinux-sources-2.6.7_p0-r7.ebuild,
+  +files/uclinux-sources-2.4.26_p0.XDRWrapFix.patch,
+  +files/uclinux-sources-2.6.devPtmx.patch:
+  Adding a fix for the 2.4 kNFSd security vulnerability and the 2.6 /dev/ptmx
+  DoS, bug #62524. Also fixed CAN-2004-0814 for 2.4 and 2.6, bug #68421.
 
 *uclinux-sources-2.6.7_p0-r6 (21 Oct 2004)
 
diff --git a/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.4.26_p0-r6 b/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.4.26_p0-r7
index 756581fa999d..8629e7c2dfd9 100644
--- a/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.4.26_p0-r6
+++ b/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.4.26_p0-r7
@@ -1,3 +1,4 @@
 MD5 88d7aefa03c92739cb70298a0b486e2c linux-2.4.26.tar.bz2 30772389
 MD5 8c2a75543abe268ff71d59c85b7607ac uClinux-2.4.26-uc0.diff.gz 4062854
 MD5 dd070e146fc1938fef307386976eb87e uclinux-sources-2.4.26-CAN-2004-0415.patch 90160
+MD5 d4c051e7c6062704be85192e25e2f5b2 linux-2.4.26-CAN-2004-0814.patch 81508
diff --git a/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r6 b/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r7
index 2f8ad3b4942c..23b9296ce2d4 100644
--- a/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r6
+++ b/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r7
@@ -1,3 +1,4 @@
 MD5 a74671ea68b0e3c609e8785ed8497c14 linux-2.6.7.tar.bz2 35092228
 MD5 9f8265eee2179199a81e0a00268eb1a6 linux-2.6.7-uc0.patch.gz 184811
 MD5 52996b643afbd6ed9ba38b9483c2cac3 linux-2.6.7-CAN-2004-0415.patch 112612
+MD5 c9c9ed2f30afd3750287953184100529 linux-2.6.7-CAN-2004-0814.patch 129565
diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.XDRWrapFix.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.XDRWrapFix.patch
new file mode 100644
index 000000000000..9a336ab7876a
--- /dev/null
+++ b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.XDRWrapFix.patch
@@ -0,0 +1,48 @@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2004/08/16 14:50:04-03:00 neilb@cse.unsw.edu.au 
+#   [PATCH] Fixed possibly xdr parsing error if write size exceed 2^31
+#   
+#   xdr_argsize_check needs to cope with the possibility that the
+#   pointer has wrapped and could be below buf->base.
+#   
+#   Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
+#   
+#   ### Diffstat output
+#    ./fs/nfsd/nfs3xdr.c         |    2 +-
+#    ./include/linux/nfsd/xdr3.h |    2 +-
+#    2 files changed, 2 insertions(+), 2 deletions(-)
+# 
+# fs/nfsd/nfs3xdr.c
+#   2004/08/14 00:23:06-03:00 neilb@cse.unsw.edu.au +1 -1
+#   Fixed possibly xdr parsing error if write size exceed 2^31
+# 
+# include/linux/nfsd/xdr3.h
+#   2004/08/15 20:48:43-03:00 neilb@cse.unsw.edu.au +1 -1
+#   Fixed possibly xdr parsing error if write size exceed 2^31
+# 
+diff -Nru a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c
+--- a/fs/nfsd/nfs3xdr.c	2004-09-06 11:20:28 -07:00
++++ b/fs/nfsd/nfs3xdr.c	2004-09-06 11:20:28 -07:00
+@@ -273,7 +273,7 @@
+ {
+ 	struct svc_buf	*buf = &rqstp->rq_argbuf;
+ 
+-	return p - buf->base <= buf->buflen;
++	return p >= buf->base && p <= buf->base + buf->buflen ;
+ }
+ 
+ static inline int
+diff -Nru a/include/linux/nfsd/xdr3.h b/include/linux/nfsd/xdr3.h
+--- a/include/linux/nfsd/xdr3.h	2004-09-06 11:20:28 -07:00
++++ b/include/linux/nfsd/xdr3.h	2004-09-06 11:20:28 -07:00
+@@ -41,7 +41,7 @@
+ 	__u32			count;
+ 	int			stable;
+ 	__u8 *			data;
+-	int			len;
++	__u32			len;
+ };
+ 
+ struct nfsd3_createargs {
diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.devPtmx.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.devPtmx.patch
new file mode 100644
index 000000000000..2312a2bf5e3b
--- /dev/null
+++ b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.devPtmx.patch
@@ -0,0 +1,21 @@
+Index: linux-2.6.5/fs/devpts/inode.c
+===================================================================
+--- linux-2.6.5.orig/fs/devpts/inode.c
++++ linux-2.6.5/fs/devpts/inode.c
+@@ -178,9 +178,13 @@ struct tty_struct *devpts_get_tty(int nu
+ {
+ 	struct dentry *dentry = get_node(number);
+ 	struct tty_struct *tty;
+-
+-	tty = (IS_ERR(dentry) || !dentry->d_inode) ? NULL :
+-			dentry->d_inode->u.generic_ip;
++	
++	tty = NULL;
++	if (!IS_ERR(dentry)) {
++		if (dentry->d_inode)
++			tty = dentry->d_inode->u.generic_ip;
++		dput(dentry);
++	}
+ 
+ 	up(&devpts_root->d_inode->i_sem);
+ 
diff --git a/sys-kernel/uclinux-sources/uclinux-sources-2.4.26_p0-r6.ebuild b/sys-kernel/uclinux-sources/uclinux-sources-2.4.26_p0-r7.ebuild
index 6cf8c054eba1..67103cc3f15b 100644
--- a/sys-kernel/uclinux-sources/uclinux-sources-2.4.26_p0-r6.ebuild
+++ b/sys-kernel/uclinux-sources/uclinux-sources-2.4.26_p0-r7.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/uclinux-sources-2.4.26_p0-r6.ebuild,v 1.1 2004/08/10 00:21:58 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/uclinux-sources-2.4.26_p0-r7.ebuild,v 1.1 2004/11/09 19:27:14 plasmaroo Exp $
 
 IUSE=""
 
@@ -29,7 +29,8 @@ S=${WORKDIR}/linux-${KV}
 DESCRIPTION="uCLinux kernel patches for CPUs without MMUs"
 SRC_URI="mirror://kernel/v${MMV}/linux-${OKV}.tar.bz2
 	http://www.uclinux.org/pub/uClinux/uClinux-${MMV}.x/${MY_P/linux/${base}}.${patch}.gz
-	http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/${POV}-CAN-2004-0415.patch"
+	http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/${POV}-CAN-2004-0415.patch
+	http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-${OKV}-CAN-2004-0814.patch"
 
 HOMEPAGE="http://www.uclinux.org/"
 KEYWORDS="~x86 -ppc"
@@ -52,8 +53,10 @@ src_unpack() {
 	epatch ${FILESDIR}/${PN}.CAN-2004-0497.patch || die "Failed to add the CAN-2004-0497 patch!"
 	epatch ${FILESDIR}/${P}.CAN-2004-0535.patch || die "Failed to add the CAN-2004-0535 patch!"
 	epatch ${FILESDIR}/${P}.CAN-2004-0685.patch || die "Failed to add the CAN-2004-0685 patch!"
+	epatch ${DISTDIR}/linux-${OKV}-CAN-2004-0814.patch || die "Failed to add the CAN-2004-0814 patch!"
 	epatch ${FILESDIR}/${P}.FPULockup-53804.patch || die "Failed to apply FPU-lockup patch!"
 	epatch ${FILESDIR}/${P}.cmdlineLeak.patch || die "Failed to apply the /proc/cmdline patch!"
+	epatch ${FILESDIR}/${P}.XDRWrapFix.patch || die "Failed to apply the kNFSd XDR patch!"
 
 	kernel_universal_unpack
 	set ARCH=${MY_ARCH}
diff --git a/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r6.ebuild b/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r7.ebuild
index 45a52b61a43b..db82cb425c1d 100644
--- a/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r6.ebuild
+++ b/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r7.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r6.ebuild,v 1.1 2004/10/21 18:26:55 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r7.ebuild,v 1.1 2004/11/09 19:27:14 plasmaroo Exp $
 
 IUSE=""
 
@@ -28,7 +28,8 @@ S=${WORKDIR}/linux-${KV}
 DESCRIPTION="uCLinux kernel patches for CPUs without MMUs"
 SRC_URI="mirror://kernel/v${MMV}/linux-${OKV}.tar.bz2
 	http://www.uclinux.org/pub/uClinux/uClinux-${MMV}.x/${MY_P/linux/${base}}.${patch}.gz
-	http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-${OKV}-CAN-2004-0415.patch"
+	http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-${OKV}-CAN-2004-0415.patch
+	http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-${OKV}-CAN-2004-0814.patch"
 
 HOMEPAGE="http://www.uclinux.org/"
 KEYWORDS="~x86 -ppc"
@@ -43,10 +44,12 @@ src_unpack() {
 	epatch ${DISTDIR}/linux-${OKV}-CAN-2004-0415.patch || die "Failed to add the CAN-2004-0415 patch!"
 	epatch ${FILESDIR}/${PN}.CAN-2004-0497.patch || die "Failed to add the CAN-2004-0497 patch!"
 	epatch ${FILESDIR}/${PN}-2.6.CAN-2004-0596.patch || die "Failed to apply the CAN-2004-0596 security patch!"
+	epatch ${DISTDIR}/linux-${OKV}-CAN-2004-0814.patch || die "Failed to add the CAN-2004-0814 patch!"
 	epatch ${FILESDIR}/${PN}-2.6.IPTables-RDoS.patch || die "Failed to apply the IPTables RDoS security patch!"
 	epatch ${FILESDIR}/${PN}-2.6.ProcPerms.patch || die "Failed to apply the /proc permissions security patch!"
 	epatch ${FILESDIR}/${PN}-2.6.cmdlineLeak.patch || die "Failed to apply the /proc/cmdline patch!"
 	epatch ${FILESDIR}/${PN}-2.6.CAN-2004-0816.patch || die "Failed to apply the CAN-2004-0816 patch!"
+	epatch ${FILESDIR}/${PN}-2.6.devPtmx.patch || die "Failed to apply /dev/ptmx patch!"
 
 	set MY_ARCH=${ARCH}
 	unset ARCH