From 2e1ba21067393c4e40b6a079ad9c70b9881ad48c Mon Sep 17 00:00:00 2001 From: Tim Yamin Date: Tue, 6 Jan 2004 15:49:08 +0000 Subject: Fixed headers and added patches to address the recent security vulnerabilities, see bugs #37317 and #37292 for details. --- .../files/ac-sources.CAN-2003-0985.patch | 13 ++ .../ac-sources/files/ac-sources.rtc_fix.patch | 180 +++++++++++++++++++++ 2 files changed, 193 insertions(+) create mode 100644 sys-kernel/ac-sources/files/ac-sources.CAN-2003-0985.patch create mode 100644 sys-kernel/ac-sources/files/ac-sources.rtc_fix.patch (limited to 'sys-kernel/ac-sources/files') diff --git a/sys-kernel/ac-sources/files/ac-sources.CAN-2003-0985.patch b/sys-kernel/ac-sources/files/ac-sources.CAN-2003-0985.patch new file mode 100644 index 000000000000..bacef69f02f8 --- /dev/null +++ b/sys-kernel/ac-sources/files/ac-sources.CAN-2003-0985.patch @@ -0,0 +1,13 @@ +--- linux/mm/mremap.c.orig 2004-01-05 17:01:21.382104120 +0000 ++++ linux/mm/mremap.c 2004-01-05 17:15:25.689749848 +0000 +@@ -315,6 +315,10 @@ + old_len = PAGE_ALIGN(old_len); + new_len = PAGE_ALIGN(new_len); + ++ /* Don't allow the degenerate cases */ ++ if (!(old_len | new_len)) ++ goto out; ++ + /* new_addr is only valid if MREMAP_FIXED is specified */ + if (flags & MREMAP_FIXED) { + if (new_addr & ~PAGE_MASK) diff --git a/sys-kernel/ac-sources/files/ac-sources.rtc_fix.patch b/sys-kernel/ac-sources/files/ac-sources.rtc_fix.patch new file mode 100644 index 000000000000..76a663c6e89d --- /dev/null +++ b/sys-kernel/ac-sources/files/ac-sources.rtc_fix.patch @@ -0,0 +1,180 @@ +diff -urN linux-2.4.23/arch/cris/drivers/ds1302.c linux-2.4.24/arch/cris/drivers/ds1302.c +--- linux-2.4.23/arch/cris/drivers/ds1302.c 2003-08-25 04:44:39.000000000 -0700 ++++ linux-2.4.24/arch/cris/drivers/ds1302.c 2004-01-05 05:53:56.000000000 -0800 +@@ -346,6 +346,7 @@ + { + struct rtc_time rtc_tm; + ++ memset(&rtc_tm, 0, sizeof (struct rtc_time)); + get_rtc_time(&rtc_tm); + if (copy_to_user((struct rtc_time*)arg, &rtc_tm, sizeof(struct rtc_time))) + return -EFAULT; +diff -urN linux-2.4.23/arch/cris/drivers/pcf8563.c linux-2.4.24/arch/cris/drivers/pcf8563.c +--- linux-2.4.23/arch/cris/drivers/pcf8563.c 2003-08-25 04:44:39.000000000 -0700 ++++ linux-2.4.24/arch/cris/drivers/pcf8563.c 2004-01-05 05:53:56.000000000 -0800 +@@ -220,6 +220,7 @@ + { + struct rtc_time tm; + ++ memset(&tm, 0, sizeof (struct rtc_time)); + get_rtc_time(&tm); + + if (copy_to_user((struct rtc_time *) arg, &tm, sizeof tm)) { +diff -urN linux-2.4.23/arch/m68k/bvme6000/rtc.c linux-2.4.24/arch/m68k/bvme6000/rtc.c +--- linux-2.4.23/arch/m68k/bvme6000/rtc.c 2003-06-13 07:51:31.000000000 -0700 ++++ linux-2.4.24/arch/m68k/bvme6000/rtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -54,6 +54,7 @@ + /* Ensure clock and real-time-mode-register are accessible */ + msr = rtc->msr & 0xc0; + rtc->msr = 0x40; ++ memset(&wtime, 0, sizeof(struct rtc_time)); + do { + wtime.tm_sec = BCD2BIN(rtc->bcd_sec); + wtime.tm_min = BCD2BIN(rtc->bcd_min); +diff -urN linux-2.4.23/arch/m68k/mvme16x/rtc.c linux-2.4.24/arch/m68k/mvme16x/rtc.c +--- linux-2.4.23/arch/m68k/mvme16x/rtc.c 2003-06-13 07:51:31.000000000 -0700 ++++ linux-2.4.24/arch/m68k/mvme16x/rtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -52,6 +52,7 @@ + cli(); + /* Ensure clock and real-time-mode-register are accessible */ + rtc->ctrl = RTC_READ; ++ memset(&wtime, 0, sizeof(struct rtc_time)); + wtime.tm_sec = BCD2BIN(rtc->bcd_sec); + wtime.tm_min = BCD2BIN(rtc->bcd_min); + wtime.tm_hour = BCD2BIN(rtc->bcd_hr); +diff -urN linux-2.4.23/arch/ppc64/kernel/rtc.c linux-2.4.24/arch/ppc64/kernel/rtc.c +--- linux-2.4.23/arch/ppc64/kernel/rtc.c 2003-06-13 07:51:32.000000000 -0700 ++++ linux-2.4.24/arch/ppc64/kernel/rtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -96,6 +96,7 @@ + switch (cmd) { + case RTC_RD_TIME: /* Read the time/date from RTC */ + { ++ memset(&wtime, 0, sizeof(struct rtc_time)); + ppc_md.get_rtc_time(&wtime); + break; + } +diff -urN linux-2.4.23/drivers/acorn/char/i2c.c linux-2.4.24/drivers/acorn/char/i2c.c +--- linux-2.4.23/drivers/acorn/char/i2c.c 2003-08-25 04:44:40.000000000 -0700 ++++ linux-2.4.24/drivers/acorn/char/i2c.c 2004-01-05 05:53:56.000000000 -0800 +@@ -166,6 +166,7 @@ + break; + + case RTC_RD_TIME: ++ memset(&rtctm, 0, sizeof(struct rtc_time)); + get_rtc_time(&rtc_raw, &year); + rtctm.tm_sec = rtc_raw.secs; + rtctm.tm_min = rtc_raw.mins; +diff -urN linux-2.4.23/drivers/char/ds1286.c linux-2.4.24/drivers/char/ds1286.c +--- linux-2.4.23/drivers/char/ds1286.c 2003-08-25 04:44:41.000000000 -0700 ++++ linux-2.4.24/drivers/char/ds1286.c 2004-01-05 05:53:56.000000000 -0800 +@@ -173,7 +173,7 @@ + * means "don't care" or "match all". Only the tm_hour, + * tm_min, and tm_sec values are filled in. + */ +- ++ memset(&wtime, 0, sizeof(struct rtc_time)); + ds1286_get_alm_time(&wtime); + break; + } +@@ -216,6 +216,7 @@ + } + case RTC_RD_TIME: /* Read the time/date from RTC */ + { ++ memset(&wtime, 0, sizeof(struct rtc_time)); + ds1286_get_time(&wtime); + break; + } +diff -urN linux-2.4.23/drivers/char/efirtc.c linux-2.4.24/drivers/char/efirtc.c +--- linux-2.4.23/drivers/char/efirtc.c 2003-06-13 07:51:32.000000000 -0700 ++++ linux-2.4.24/drivers/char/efirtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -118,6 +118,7 @@ + static void + convert_from_efi_time(efi_time_t *eft, struct rtc_time *wtime) + { ++ memset(wtime, 0, sizeof(struct rtc_time)); + wtime->tm_sec = eft->second; + wtime->tm_min = eft->minute; + wtime->tm_hour = eft->hour; +diff -urN linux-2.4.23/drivers/char/ip27-rtc.c linux-2.4.24/drivers/char/ip27-rtc.c +--- linux-2.4.23/drivers/char/ip27-rtc.c 2003-08-25 04:44:41.000000000 -0700 ++++ linux-2.4.24/drivers/char/ip27-rtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -83,6 +83,7 @@ + switch (cmd) { + case RTC_RD_TIME: /* Read the time/date from RTC */ + { ++ memset(&wtime, 0, sizeof(struct rtc_time)); + get_rtc_time(&wtime); + break; + } +diff -urN linux-2.4.23/drivers/char/mips_rtc.c linux-2.4.24/drivers/char/mips_rtc.c +--- linux-2.4.23/drivers/char/mips_rtc.c 2003-08-25 04:44:41.000000000 -0700 ++++ linux-2.4.24/drivers/char/mips_rtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -82,6 +82,7 @@ + + switch (cmd) { + case RTC_RD_TIME: /* Read the time/date from RTC */ ++ memset(&rtc_tm, 0, sizeof(struct rtc_time)); + curr_time = rtc_get_time(); + to_tm(curr_time, &rtc_tm); + rtc_tm.tm_year -= 1900; +diff -urN linux-2.4.23/drivers/char/rtc.c linux-2.4.24/drivers/char/rtc.c +--- linux-2.4.23/drivers/char/rtc.c 2003-11-28 10:26:20.000000000 -0800 ++++ linux-2.4.24/drivers/char/rtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -362,7 +362,7 @@ + * means "don't care" or "match all". Only the tm_hour, + * tm_min, and tm_sec values are filled in. + */ +- ++ memset(&wtime, 0, sizeof(struct rtc_time)); + get_rtc_alm_time(&wtime); + break; + } +@@ -406,6 +406,7 @@ + } + case RTC_RD_TIME: /* Read the time/date from RTC */ + { ++ memset(&wtime, 0, sizeof(struct rtc_time)); + get_rtc_time(&wtime); + break; + } +diff -urN linux-2.4.23/drivers/hil/hp_sdc_rtc.c linux-2.4.24/drivers/hil/hp_sdc_rtc.c +--- linux-2.4.23/drivers/hil/hp_sdc_rtc.c 2003-06-13 07:51:33.000000000 -0700 ++++ linux-2.4.24/drivers/hil/hp_sdc_rtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -561,6 +561,7 @@ + } + case RTC_ALM_READ: /* Read the present alarm time */ + { ++ memset(&ttime, 0, sizeof(struct timeval)); + if (hp_sdc_rtc_read_mt(&ttime)) return -EFAULT; + break; + } +@@ -609,6 +610,7 @@ + } + case RTC_RD_TIME: /* Read the time/date from RTC */ + { ++ memset(&wtime, 0, sizeof(struct rtc_time)); + if (hp_sdc_rtc_read_bbrtc(&wtime)) return -EFAULT; + break; + } +diff -urN linux-2.4.23/drivers/macintosh/rtc.c linux-2.4.24/drivers/macintosh/rtc.c +--- linux-2.4.23/drivers/macintosh/rtc.c 2002-02-25 11:37:58.000000000 -0800 ++++ linux-2.4.24/drivers/macintosh/rtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -64,6 +64,7 @@ + case RTC_RD_TIME: + if (ppc_md.get_rtc_time) + { ++ memset(&rtc_tm, 0, sizeof(struct rtc_time)); + get_rtc_time(&rtc_tm); + + if (copy_to_user((struct rtc_time*)arg, &rtc_tm, sizeof(struct rtc_time))) +diff -urN linux-2.4.23/drivers/sbus/char/rtc.c linux-2.4.24/drivers/sbus/char/rtc.c +--- linux-2.4.23/drivers/sbus/char/rtc.c 2001-10-10 23:42:47.000000000 -0700 ++++ linux-2.4.24/drivers/sbus/char/rtc.c 2004-01-05 05:53:56.000000000 -0800 +@@ -89,6 +89,7 @@ + switch (cmd) + { + case RTCGET: ++ memset(&rtc_tm, 0, sizeof(struct rtc_time)); + get_rtc_time(&rtc_tm); + + if (copy_to_user((struct rtc_time*)arg, &rtc_tm, sizeof(struct rtc_time))) -- cgit v1.2.3-65-gdbad