Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-kernel/hardened-sources
diff options
context:
space:
mode:
authorAndrea Luzzardi <scox@gentoo.org>2004-01-05 18:29:32 +0000
committerAndrea Luzzardi <scox@gentoo.org>2004-01-05 18:29:32 +0000
commitcd2d25d63cf1d5f523b535a3024816d21af50aae (patch)
treef85a42c8dcbecabe9a94596695b90d7e0ac623b4 /sys-kernel/hardened-sources
parentmremap fix (diff)
downloadhistorical-cd2d25d63cf1d5f523b535a3024816d21af50aae.tar.gz
historical-cd2d25d63cf1d5f523b535a3024816d21af50aae.tar.bz2
historical-cd2d25d63cf1d5f523b535a3024816d21af50aae.zip
mremap fix
Diffstat (limited to 'sys-kernel/hardened-sources')
-rw-r--r--sys-kernel/hardened-sources/Manifest16
-rw-r--r--sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.22-r22
-rw-r--r--sys-kernel/hardened-sources/files/mremap-CAN-2003-0985.patch13
-rw-r--r--sys-kernel/hardened-sources/hardened-sources-2.4.20-r2.ebuild4
-rw-r--r--sys-kernel/hardened-sources/hardened-sources-2.4.20-r3.ebuild4
-rw-r--r--sys-kernel/hardened-sources/hardened-sources-2.4.20-r4.ebuild4
-rw-r--r--sys-kernel/hardened-sources/hardened-sources-2.4.21.ebuild4
-rw-r--r--sys-kernel/hardened-sources/hardened-sources-2.4.22-r1.ebuild4
-rw-r--r--sys-kernel/hardened-sources/hardened-sources-2.4.22-r2.ebuild70
-rw-r--r--sys-kernel/hardened-sources/hardened-sources-2.4.22.ebuild4
10 files changed, 105 insertions, 20 deletions
diff --git a/sys-kernel/hardened-sources/Manifest b/sys-kernel/hardened-sources/Manifest
index 2c2f921f1018..ac3e7334463a 100644
--- a/sys-kernel/hardened-sources/Manifest
+++ b/sys-kernel/hardened-sources/Manifest
@@ -1,12 +1,12 @@
-MD5 e9c0aa77cea4cab0053913d6241e1a62 hardened-sources-2.4.20-r4.ebuild 2220
-MD5 8cb999656e1d3b855adb13a56f9e1d61 hardened-sources-2.4.22.ebuild 2274
-MD5 367791bf0b08214a53f717c80147ae79 hardened-sources-2.4.22-r2.ebuild 2252
-MD5 4e6ec0e040985b2bf3bd10c66e92eeda hardened-sources-2.4.20-r3.ebuild 2220
-MD5 5bd722c8fee20760ec3f679e0edc0053 hardened-sources-2.4.21.ebuild 2480
-MD5 e1fe735a0487bb61bb321dd3f0f9a230 hardened-sources-2.4.22-r1.ebuild 2287
-MD5 6f057f3b03bbddc87cb6afa454a94cb5 ChangeLog 5180
+MD5 62dbd590a0b10e7b60ff94e3f7a8e84d hardened-sources-2.4.20-r4.ebuild 2220
+MD5 bcb6f42455c668fd90f2aa1015c7ef49 hardened-sources-2.4.22.ebuild 2274
+MD5 4c0d5c7673ecfd6e83ebb2d31d9896c7 hardened-sources-2.4.22-r2.ebuild 2374
+MD5 992f0b2386fb616e6bab558c071d1c25 hardened-sources-2.4.20-r3.ebuild 2220
+MD5 6e9a60791f820fc7994d4f0137c96e0f hardened-sources-2.4.21.ebuild 2480
+MD5 6ecc735e601e6bb705ffb7d789738ef2 hardened-sources-2.4.22-r1.ebuild 2287
+MD5 3609527bd869c053e80137292a2e82df ChangeLog 5279
MD5 724c01628b1dd03c8bfe196f0ae31368 metadata.xml 558
-MD5 638b95442feba0a7c21a0088d4a65c14 hardened-sources-2.4.20-r2.ebuild 2302
+MD5 17a8a3d12f41f23a72b2e666777bf0cf hardened-sources-2.4.20-r2.ebuild 2302
MD5 d641cd49ae63ca2989672d2209691bb5 files/mremap-CAN-2003-0985.patch 414
MD5 e637c6fa41097ea2c4693d0766f2e1c5 files/do_brk_fix.patch 242
MD5 e8b051baa93e07c4185474fb0e94e3af files/digest-hardened-sources-2.4.20-r2 147
diff --git a/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.22-r2 b/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.22-r2
new file mode 100644
index 000000000000..ccfd14cb665f
--- /dev/null
+++ b/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.22-r2
@@ -0,0 +1,2 @@
+MD5 75dc85149b06ac9432106b8941eb9f7b linux-2.4.22.tar.bz2 29528612
+MD5 cb58e57bf9c2115eb71745761209df97 patches-2.4.22-hardened.tar.bz2 2592916
diff --git a/sys-kernel/hardened-sources/files/mremap-CAN-2003-0985.patch b/sys-kernel/hardened-sources/files/mremap-CAN-2003-0985.patch
new file mode 100644
index 000000000000..bacef69f02f8
--- /dev/null
+++ b/sys-kernel/hardened-sources/files/mremap-CAN-2003-0985.patch
@@ -0,0 +1,13 @@
+--- linux/mm/mremap.c.orig 2004-01-05 17:01:21.382104120 +0000
++++ linux/mm/mremap.c 2004-01-05 17:15:25.689749848 +0000
+@@ -315,6 +315,10 @@
+ old_len = PAGE_ALIGN(old_len);
+ new_len = PAGE_ALIGN(new_len);
+
++ /* Don't allow the degenerate cases */
++ if (!(old_len | new_len))
++ goto out;
++
+ /* new_addr is only valid if MREMAP_FIXED is specified */
+ if (flags & MREMAP_FIXED) {
+ if (new_addr & ~PAGE_MASK)
diff --git a/sys-kernel/hardened-sources/hardened-sources-2.4.20-r2.ebuild b/sys-kernel/hardened-sources/hardened-sources-2.4.20-r2.ebuild
index f51009e011ab..f823a3bd118a 100644
--- a/sys-kernel/hardened-sources/hardened-sources-2.4.20-r2.ebuild
+++ b/sys-kernel/hardened-sources/hardened-sources-2.4.20-r2.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Copyright 1999-2004 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.20-r2.ebuild,v 1.6 2003/12/02 03:33:44 iggy Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.20-r2.ebuild,v 1.7 2004/01/05 18:28:54 scox Exp $
IUSE="build selinux"
diff --git a/sys-kernel/hardened-sources/hardened-sources-2.4.20-r3.ebuild b/sys-kernel/hardened-sources/hardened-sources-2.4.20-r3.ebuild
index aaa46b8fa45e..86b7bc96ce58 100644
--- a/sys-kernel/hardened-sources/hardened-sources-2.4.20-r3.ebuild
+++ b/sys-kernel/hardened-sources/hardened-sources-2.4.20-r3.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Copyright 1999-2004 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.20-r3.ebuild,v 1.7 2003/12/02 03:33:44 iggy Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.20-r3.ebuild,v 1.8 2004/01/05 18:28:54 scox Exp $
IUSE="build selinux"
diff --git a/sys-kernel/hardened-sources/hardened-sources-2.4.20-r4.ebuild b/sys-kernel/hardened-sources/hardened-sources-2.4.20-r4.ebuild
index 3cfef053e6fb..162123cd9bb9 100644
--- a/sys-kernel/hardened-sources/hardened-sources-2.4.20-r4.ebuild
+++ b/sys-kernel/hardened-sources/hardened-sources-2.4.20-r4.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Copyright 1999-2004 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.20-r4.ebuild,v 1.5 2003/12/02 03:33:44 iggy Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.20-r4.ebuild,v 1.6 2004/01/05 18:28:54 scox Exp $
IUSE="build selinux"
diff --git a/sys-kernel/hardened-sources/hardened-sources-2.4.21.ebuild b/sys-kernel/hardened-sources/hardened-sources-2.4.21.ebuild
index 20348462fc57..7892d3f05810 100644
--- a/sys-kernel/hardened-sources/hardened-sources-2.4.21.ebuild
+++ b/sys-kernel/hardened-sources/hardened-sources-2.4.21.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Copyright 1999-2004 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.21.ebuild,v 1.2 2003/12/02 03:33:44 iggy Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.21.ebuild,v 1.3 2004/01/05 18:28:54 scox Exp $
IUSE="build selinux"
diff --git a/sys-kernel/hardened-sources/hardened-sources-2.4.22-r1.ebuild b/sys-kernel/hardened-sources/hardened-sources-2.4.22-r1.ebuild
index c28882262ac5..5e85827f659b 100644
--- a/sys-kernel/hardened-sources/hardened-sources-2.4.22-r1.ebuild
+++ b/sys-kernel/hardened-sources/hardened-sources-2.4.22-r1.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Copyright 1999-2004 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.22-r1.ebuild,v 1.2 2003/12/02 23:14:31 iggy Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.22-r1.ebuild,v 1.3 2004/01/05 18:28:54 scox Exp $
IUSE="build selinux"
diff --git a/sys-kernel/hardened-sources/hardened-sources-2.4.22-r2.ebuild b/sys-kernel/hardened-sources/hardened-sources-2.4.22-r2.ebuild
new file mode 100644
index 000000000000..2aff44043016
--- /dev/null
+++ b/sys-kernel/hardened-sources/hardened-sources-2.4.22-r2.ebuild
@@ -0,0 +1,70 @@
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.22-r2.ebuild,v 1.1 2004/01/05 18:28:54 scox Exp $
+
+IUSE="build selinux"
+
+# OKV=original kernel version, KV=patched kernel version. They can be the same.
+
+ETYPE="sources"
+
+inherit kernel || die
+
+OKV=2.4.22
+EXTRAVERSION=-hardened
+KV=${OKV}${EXTRAVERSION}
+S=${WORKDIR}/linux-${KV}
+DESCRIPTION="Special Security Hardened Gentoo Linux Kernel"
+SRC_URI="http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2
+ mirror://gentoo/patches-${KV}.tar.bz2"
+
+
+HOMEPAGE="http://www.kernel.org/ http://www.gentoo.org/proj/en/hardened/"
+KEYWORDS="~x86 ~ppc"
+SLOT="${KV}"
+
+src_unpack() {
+ unpack linux-${OKV}.tar.bz2 patches-${KV}.tar.bz2
+ mv linux-${OKV} linux-${KV} || die
+
+ cd ${KV}
+ # We can't use LSM/SELinux and GRSec in the same kernel. If USE=selinux, we will
+ # patch in LSM/SELinux and drop support for GRsec. Otherwise we will include GRSec.
+ if [ "`use selinux`" ]; then
+ einfo "Enabling SELinux support. This will drop GRSec2 support."
+ for file in *grsec*; do
+ einfo "Dropping ${file}.."
+ rm -f ${file}
+ done
+ else
+ einfo "Did not find \"selinux\" in use, building with GRSec2 support."
+ for file in *lsm* *selinux*; do
+ einfo "Dropping ${file}..."
+ rm -f ${file}
+ done
+ fi
+
+ kernel_src_unpack
+
+ cd ${S}
+ epatch ${FILESDIR}/do_brk_fix.patch || die "failed to patch for do_brk vuln"
+ epatch ${FILESDIR}/mremap-CAN-2003-0985.patch || die "failed to patch for mremap vuln"
+}
+
+pkg_postinst() {
+ einfo "This kernel contains LSM/SElinux or GRSecurity, and Systrace"
+ einfo "Also included are various other performance and security related patches"
+ einfo "If you experience problems with this kernel please report them by"
+ einfo "assigning bugs on bugs.gentoo.org to frogger@gentoo.org"
+ if [ "`use selinux`" ]; then
+ einfo ""
+ einfo "Warning! This kernel contains the new SELinux API and currently"
+ einfo "does not support ReiserFS. If you need ReiserFS support, and are"
+ einfo "using SELinux, then do not use this kernel."
+ einfo ""
+ einfo "The new SELinux API contains many changes from the previous API,"
+ einfo "including new userspace utilities. Please see "
+ einfo "http://www.gentoo.org/proj/en/hardened/selinux for more info."
+ fi
+}
+
diff --git a/sys-kernel/hardened-sources/hardened-sources-2.4.22.ebuild b/sys-kernel/hardened-sources/hardened-sources-2.4.22.ebuild
index 6954a122fdad..87f032bffae7 100644
--- a/sys-kernel/hardened-sources/hardened-sources-2.4.22.ebuild
+++ b/sys-kernel/hardened-sources/hardened-sources-2.4.22.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Copyright 1999-2004 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.22.ebuild,v 1.3 2003/12/02 03:33:44 iggy Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.22.ebuild,v 1.4 2004/01/05 18:28:54 scox Exp $
IUSE="build selinux"