summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Gryniewicz <dang@gentoo.org>2007-01-03 04:32:05 +0000
committerDaniel Gryniewicz <dang@gentoo.org>2007-01-03 04:32:05 +0000
commit068d78e25b44a31ca47cff82bb9685e47fd07d72 (patch)
tree55ea737ad89859ded39af6c373fe34974e4f53e8 /sys-kernel
parentInclude more headers to kill off implicit function prototypes. (diff)
downloadhistorical-068d78e25b44a31ca47cff82bb9685e47fd07d72.tar.gz
historical-068d78e25b44a31ca47cff82bb9685e47fd07d72.tar.bz2
historical-068d78e25b44a31ca47cff82bb9685e47fd07d72.zip
Oops, fix for bug #154327 too
Package-Manager: portage-2.1.2_rc4-r4
Diffstat (limited to 'sys-kernel')
-rw-r--r--sys-kernel/usermode-sources/ChangeLog7
-rw-r--r--sys-kernel/usermode-sources/Manifest26
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.6.18-r1-CVE-2006-4572.patch109
-rw-r--r--sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild5
4 files changed, 133 insertions, 14 deletions
diff --git a/sys-kernel/usermode-sources/ChangeLog b/sys-kernel/usermode-sources/ChangeLog
index 528616f6f6ce..b3950b14793b 100644
--- a/sys-kernel/usermode-sources/ChangeLog
+++ b/sys-kernel/usermode-sources/ChangeLog
@@ -1,6 +1,11 @@
# ChangeLog for sys-kernel/usermode-sources
# Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/ChangeLog,v 1.85 2007/01/03 03:59:08 dang Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/ChangeLog,v 1.86 2007/01/03 04:32:05 dang Exp $
+
+ 03 Jan 2007; Daniel Gryniewicz <dang@gentoo.org>
+ +files/usermode-sources-2.6.18-r1-CVE-2006-4572.patch,
+ usermode-sources-2.6.18-r1.ebuild:
+ Oops, fix for bug #154327 too
*usermode-sources-2.6.18-r1 (03 Jan 2007)
diff --git a/sys-kernel/usermode-sources/Manifest b/sys-kernel/usermode-sources/Manifest
index 954b5a652490..206d5cce02d5 100644
--- a/sys-kernel/usermode-sources/Manifest
+++ b/sys-kernel/usermode-sources/Manifest
@@ -21,6 +21,10 @@ AUX usermode-sources-2.6.16-CVE-2006-4145.patch 3586 RMD160 ccf1179aeab055f2e408
MD5 4b3491d14a0b79b71f9a3029718df69d files/usermode-sources-2.6.16-CVE-2006-4145.patch 3586
RMD160 ccf1179aeab055f2e408225bc0e2026fb3ce7328 files/usermode-sources-2.6.16-CVE-2006-4145.patch 3586
SHA256 e9c50befb4e9157cabc94f76c9ca0a7e80422d82d4c3280d8f852673f669adf1 files/usermode-sources-2.6.16-CVE-2006-4145.patch 3586
+AUX usermode-sources-2.6.18-r1-CVE-2006-4572.patch 4192 RMD160 5522cf0607475788bc40bf3d23140fb9ea80149d SHA1 4ab0dabda3c086565bbca2680ca11ea1e2b1be95 SHA256 dc6efb9d1617e109945c36b8dac7c14eb7df43b6f3bbdeebcaa1b7067c3fd781
+MD5 a8ae4d41e9513925ba02e10813f68c79 files/usermode-sources-2.6.18-r1-CVE-2006-4572.patch 4192
+RMD160 5522cf0607475788bc40bf3d23140fb9ea80149d files/usermode-sources-2.6.18-r1-CVE-2006-4572.patch 4192
+SHA256 dc6efb9d1617e109945c36b8dac7c14eb7df43b6f3bbdeebcaa1b7067c3fd781 files/usermode-sources-2.6.18-r1-CVE-2006-4572.patch 4192
DIST genpatches-2.6.16-13.base.tar.bz2 98287 RMD160 55e01ae4090fdbb65c2033d7df3f6d667bcd874f SHA1 0d5bc13616264f0e58c67337dafe72e92a7b7025 SHA256 3bfa570f10939a838a3d460563f30b429d227e9f5b4cd0bd6b448a22bdb63858
DIST genpatches-2.6.16-15.base.tar.bz2 98632 RMD160 46e8cfcae8fea262d7599c2e4d3e7fbc8af239b2 SHA1 e0f253ad01a4da388675af4b90223289d9bcd578 SHA256 fb78f2a4d32d1770a34d9ee254686a6a12102fa99c1bb73e9c282ab5f82dddaa
DIST genpatches-2.6.18-1.base.tar.bz2 2397 RMD160 1b02d9e5adba7a9a17f85691f312ee2c870c9a48 SHA1 790186d9d44c358d05489cdff417beab03124708 SHA256 e87db440591d48f74b8d50f47bde55a1652c969626befa94aba48cee57aa5da8
@@ -42,18 +46,18 @@ EBUILD usermode-sources-2.6.16-r5.ebuild 1048 RMD160 3d16510ec77d98dd389df63a222
MD5 e1d1ee47b1cc11e17ad384ad6ce293bc usermode-sources-2.6.16-r5.ebuild 1048
RMD160 3d16510ec77d98dd389df63a222c55e0e84298b3 usermode-sources-2.6.16-r5.ebuild 1048
SHA256 c41f8ca0d95b147c26cab5158c58744a345ed14610052956a4b54895bdc9ee18 usermode-sources-2.6.16-r5.ebuild 1048
-EBUILD usermode-sources-2.6.18-r1.ebuild 970 RMD160 3418d148ecfff79f3a3d5279d9190e4fd144284d SHA1 5383316b0f3b722078a0592993011d8a51fc3f90 SHA256 e6fe8e9d0544ef6f2d97cf82437a6d5328e1d2593e2eb390585869db60b97672
-MD5 ad5c249aaf59e69b64129fc97aeaa140 usermode-sources-2.6.18-r1.ebuild 970
-RMD160 3418d148ecfff79f3a3d5279d9190e4fd144284d usermode-sources-2.6.18-r1.ebuild 970
-SHA256 e6fe8e9d0544ef6f2d97cf82437a6d5328e1d2593e2eb390585869db60b97672 usermode-sources-2.6.18-r1.ebuild 970
+EBUILD usermode-sources-2.6.18-r1.ebuild 1009 RMD160 e0bac77c7776dfbaa506767af62d2e213cb746f3 SHA1 fc8650dd9ebbebf0909aeb1a3068a3d3571a7e7e SHA256 b2429ddd86eeab6168edd80c446ba1beb0d5cec7371dbb7033ae1b4d22e5f490
+MD5 7baf7387a1b63224d1a3befe7e3970dd usermode-sources-2.6.18-r1.ebuild 1009
+RMD160 e0bac77c7776dfbaa506767af62d2e213cb746f3 usermode-sources-2.6.18-r1.ebuild 1009
+SHA256 b2429ddd86eeab6168edd80c446ba1beb0d5cec7371dbb7033ae1b4d22e5f490 usermode-sources-2.6.18-r1.ebuild 1009
EBUILD usermode-sources-2.6.18.ebuild 919 RMD160 2d409c33d4e75ada220c339ddb887ac6cdae521c SHA1 47bcb8a03fce0c8bf006728e578c73111e358858 SHA256 a936b615f74f3af610e5bbb43eeec34b74bb088a6433e744bf935c9ac1df5cf2
MD5 80ad0f13a00939853185c632c423fd4c usermode-sources-2.6.18.ebuild 919
RMD160 2d409c33d4e75ada220c339ddb887ac6cdae521c usermode-sources-2.6.18.ebuild 919
SHA256 a936b615f74f3af610e5bbb43eeec34b74bb088a6433e744bf935c9ac1df5cf2 usermode-sources-2.6.18.ebuild 919
-MISC ChangeLog 23737 RMD160 d5147ee802d0e63b0b5ee51877fe22a684bb6bb8 SHA1 29f84175a92e781a9355b3bbbf16650f6cd6ba0e SHA256 54da62f19f6dbf48b5ea7c27a63f164e9dda639bb5a90c5be2d6f2af24c161c6
-MD5 1ac69f46fe24da890862892b3f6f3352 ChangeLog 23737
-RMD160 d5147ee802d0e63b0b5ee51877fe22a684bb6bb8 ChangeLog 23737
-SHA256 54da62f19f6dbf48b5ea7c27a63f164e9dda639bb5a90c5be2d6f2af24c161c6 ChangeLog 23737
+MISC ChangeLog 23915 RMD160 3e0546eb02ce0bf8ab273741fac273d854dc5a86 SHA1 14f94632732a0023a7e10b8671dedd4719d5bc24 SHA256 64f245e96a8463cc022f957d1dc4ee932f3e32522be5400bf58ac3fc2a237b9a
+MD5 e89e45d56526a7214432a7dfe29e6d5f ChangeLog 23915
+RMD160 3e0546eb02ce0bf8ab273741fac273d854dc5a86 ChangeLog 23915
+SHA256 64f245e96a8463cc022f957d1dc4ee932f3e32522be5400bf58ac3fc2a237b9a ChangeLog 23915
MISC metadata.xml 250 RMD160 9657d63a141d387fa3a42ef4087ee0ed3757cf67 SHA1 7a59aecd3ddaed1b49f15c552a7893929b5155ed SHA256 c1aa14289c2eb84cdf6c739f3d48b122a09d4c99de38bd22ae558ac47be0cf90
MD5 5811f74eb87a97c082114675db0ef41b metadata.xml 250
RMD160 9657d63a141d387fa3a42ef4087ee0ed3757cf67 metadata.xml 250
@@ -76,7 +80,7 @@ SHA256 f3424bc44e5d7f5e8b016bfb117b6bb2fea5d20d7cc997cdce3012b1baa6c6f1 files/di
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.1 (GNU/Linux)
-iD8DBQFFmyn0omPajV0RnrERAoEYAJ9K4UfDSSA0cpuKYAAmMF1gsvtrpQCeK0+G
-iauSIVOBLy+YTs0rNMJ7adA=
-=NIi0
+iD8DBQFFmzGjomPajV0RnrERAtckAJ9iHmVYBNkaInctZOEC1/2YjT7xkACaAla4
+tW8r7oPBjIkCWesimiqrzJc=
+=e5Fw
-----END PGP SIGNATURE-----
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.6.18-r1-CVE-2006-4572.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.6.18-r1-CVE-2006-4572.patch
new file mode 100644
index 000000000000..633b37586e00
--- /dev/null
+++ b/sys-kernel/usermode-sources/files/usermode-sources-2.6.18-r1-CVE-2006-4572.patch
@@ -0,0 +1,109 @@
+diff --exclude-from=/home/dang/.diffrc -up -ruN linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6_tables.c linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6_tables.c
+--- linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6_tables.c 2007-01-02 21:03:01.000000000 -0500
++++ linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6_tables.c 2007-01-02 23:02:56.000000000 -0500
+@@ -1445,6 +1445,9 @@ static void __exit ip6_tables_fini(void)
+ * If target header is found, its offset is set in *offset and return protocol
+ * number. Otherwise, return -1.
+ *
++ * If the first fragment doesn't contain the final protocol header or
++ * NEXTHDR_NONE it is considered invalid.
++ *
+ * Note that non-1st fragment is special case that "the protocol number
+ * of last header" is "next header" field in Fragment header. In this case,
+ * *offset is meaningless and fragment offset is stored in *fragoff if fragoff
+@@ -1468,12 +1471,12 @@ int ipv6_find_hdr(const struct sk_buff *
+ if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE) {
+ if (target < 0)
+ break;
+- return -1;
++ return -ENOENT;
+ }
+
+ hp = skb_header_pointer(skb, start, sizeof(_hdr), &_hdr);
+ if (hp == NULL)
+- return -1;
++ return -EBADMSG;
+ if (nexthdr == NEXTHDR_FRAGMENT) {
+ unsigned short _frag_off, *fp;
+ fp = skb_header_pointer(skb,
+@@ -1482,7 +1485,7 @@ int ipv6_find_hdr(const struct sk_buff *
+ sizeof(_frag_off),
+ &_frag_off);
+ if (fp == NULL)
+- return -1;
++ return -EBADMSG;
+
+ _frag_off = ntohs(*fp) & ~0x7;
+ if (_frag_off) {
+@@ -1493,7 +1496,7 @@ int ipv6_find_hdr(const struct sk_buff *
+ *fragoff = _frag_off;
+ return hp->nexthdr;
+ }
+- return -1;
++ return -ENOENT;
+ }
+ hdrlen = 8;
+ } else if (nexthdr == NEXTHDR_AUTH)
+diff --exclude-from=/home/dang/.diffrc -up -ruN linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6t_ah.c linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6t_ah.c
+--- linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6t_ah.c 2006-09-19 23:42:06.000000000 -0400
++++ linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6t_ah.c 2007-01-02 23:03:50.000000000 -0500
+@@ -54,9 +54,14 @@ match(const struct sk_buff *skb,
+ const struct ip6t_ah *ahinfo = matchinfo;
+ unsigned int ptr;
+ unsigned int hdrlen = 0;
+-
+- if (ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL) < 0)
+- return 0;
++ int err;
++
++ err = ipv6_find_hdr(skb, &amp;ptr, NEXTHDR_AUTH, NULL);
++ if (err &lt; 0) {
++ if (err != -ENOENT)
++ *hotdrop = 1;
++ return 0;
++ }
+
+ ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
+ if (ah == NULL) {
+diff --exclude-from=/home/dang/.diffrc -up -ruN linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6t_frag.c linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6t_frag.c
+--- linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6t_frag.c 2006-09-19 23:42:06.000000000 -0400
++++ linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6t_frag.c 2007-01-02 23:04:29.000000000 -0500
+@@ -52,9 +52,14 @@ match(const struct sk_buff *skb,
+ struct frag_hdr _frag, *fh;
+ const struct ip6t_frag *fraginfo = matchinfo;
+ unsigned int ptr;
+-
+- if (ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL) < 0)
+- return 0;
++ int err;
++
++ err = ipv6_find_hdr(skb, &amp;ptr, NEXTHDR_FRAGMENT, NULL);
++ if (err &lt; 0) {
++ if (err != -ENOENT)
++ *hotdrop = 1;
++ return 0;
++ }
+
+ fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);
+ if (fh == NULL) {
+diff --exclude-from=/home/dang/.diffrc -up -ruN linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6t_rt.c linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6t_rt.c
+--- linux-2.6.18-usermode-r1.orig/net/ipv6/netfilter/ip6t_rt.c 2006-09-19 23:42:06.000000000 -0400
++++ linux-2.6.18-usermode-r1/net/ipv6/netfilter/ip6t_rt.c 2007-01-02 23:04:53.000000000 -0500
+@@ -58,9 +58,14 @@ match(const struct sk_buff *skb,
+ unsigned int hdrlen = 0;
+ unsigned int ret = 0;
+ struct in6_addr *ap, _addr;
+-
+- if (ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL) < 0)
+- return 0;
++ int err;
++
++ err = ipv6_find_hdr(skb, &amp;ptr, NEXTHDR_ROUTING, NULL);
++ if (err &lt; 0) {
++ if (err != -ENOENT)
++ *hotdrop = 1;
++ return 0;
++ }
+
+ rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route);
+ if (rh == NULL) {
diff --git a/sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild b/sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild
index 958c701b336c..2f2440221e63 100644
--- a/sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild
+++ b/sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild,v 1.1 2007/01/03 03:59:08 dang Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/usermode-sources-2.6.18-r1.ebuild,v 1.2 2007/01/03 04:32:05 dang Exp $
ETYPE="sources"
K_WANT_GENPATCHES="base"
@@ -10,7 +10,8 @@ detect_version
UML_VER="uml-2.6.18.1-bb2"
UNIPATCH_LIST="${FILESDIR}/uml-2.6.18-genpatches-8-prep.patch
- ${DISTDIR}/${UML_VER}.patch.bz2"
+ ${DISTDIR}/${UML_VER}.patch.bz2
+ ${FILESDIR}/${PF}-CVE-2006-4572.patch"
UNIPATCH_STRICTORDER="yes"
DESCRIPTION="Full sources for the User Mode Linux kernel"