From f0f60dbf0cde494ec89c250a486e5d0d57827192 Mon Sep 17 00:00:00 2001 From: Andrew Ross Date: Sat, 16 Dec 2006 01:08:22 +0000 Subject: Fix security bug #157186 (CVE-2006-6333). svn path=/; revision=43 --- sys-kernel/xen-sources/Manifest | 11 ++++++ .../files/digest-xen-sources-2.6.16.28-r1 | 9 +++++ .../xen-sources-2.6.16.28-CVE-2006-6333.patch | 28 ++++++++++++++ .../xen-sources/xen-sources-2.6.16.28-r1.ebuild | 43 ++++++++++++++++++++++ 4 files changed, 91 insertions(+) create mode 100644 sys-kernel/xen-sources/files/digest-xen-sources-2.6.16.28-r1 create mode 100644 sys-kernel/xen-sources/files/xen-sources-2.6.16.28-CVE-2006-6333.patch create mode 100644 sys-kernel/xen-sources/xen-sources-2.6.16.28-r1.ebuild diff --git a/sys-kernel/xen-sources/Manifest b/sys-kernel/xen-sources/Manifest index c437a91..6990dce 100644 --- a/sys-kernel/xen-sources/Manifest +++ b/sys-kernel/xen-sources/Manifest @@ -2,6 +2,10 @@ AUX xen-sources-2.6.16.28-CVE-2006-3468.patch 3700 RMD160 6f4f016f1e858638482480 MD5 07597cf53abbd6bf2a90bba4c514a8fb files/xen-sources-2.6.16.28-CVE-2006-3468.patch 3700 RMD160 6f4f016f1e8586384824803228729490e15478c4 files/xen-sources-2.6.16.28-CVE-2006-3468.patch 3700 SHA256 235e7d34d6545480e6fa1e1e190860ed2c081d7890bb6532c0aad2d973084fdc files/xen-sources-2.6.16.28-CVE-2006-3468.patch 3700 +AUX xen-sources-2.6.16.28-CVE-2006-6333.patch 1070 RMD160 613f13d96b8fbfca43dc893ff90cf0f9c8745cf0 SHA1 40d742c69e50c3b85f83c64bcec3c13b6b00b264 SHA256 ff0c2e31316fd9f33fea8a40349733ce2e307838b78cf9a2c9a95495e185a855 +MD5 3a65727b79f61d986594734845f058a4 files/xen-sources-2.6.16.28-CVE-2006-6333.patch 1070 +RMD160 613f13d96b8fbfca43dc893ff90cf0f9c8745cf0 files/xen-sources-2.6.16.28-CVE-2006-6333.patch 1070 +SHA256 ff0c2e31316fd9f33fea8a40349733ce2e307838b78cf9a2c9a95495e185a855 files/xen-sources-2.6.16.28-CVE-2006-6333.patch 1070 DIST genpatches-2.6.18-6.base.tar.bz2 96657 RMD160 b5007a574bf4fd697a7a9e147b4c315b060272b6 SHA1 d3063c33a031ad167150c15d779aacf8e69bc62a SHA256 3e40d86ad7b529185fec2591720ca6de837ed0b03bd430de63e27590888b8e9a DIST linux-2.6.16.tar.bz2 40845005 RMD160 af5c2f55733fadd2fdf8b00da55e7b31d516d4e8 SHA1 bef21cd5063a648f33a99a26f4742dd05eb4dca2 SHA256 1200dcc7e60fcdaf68618dba991917a47e41e67099e8b22143976ec972e2cad7 DIST linux-2.6.18.tar.bz2 41863580 RMD160 f92283f956880676bfb1f1d5288325461e4e02e7 SHA1 178f7d5bb3af0978d42b37651b8753323c7129c2 SHA256 c95280ff6c5d2a17788f7cc582d23ae8a9a7ba3f202ec6e4238eaadfce7c163d @@ -10,6 +14,10 @@ DIST patch-2.6.16.29.bz2 86922 RMD160 9a20ca718ccf2b486f3825d5263840eb0467be49 S DIST xen-3.0.2-src.tgz 4933621 RMD160 34e4431a981891319f8a5ea0c3f604e7d8d7d7af SHA1 b7e797048b516f8b385afd3da9ae2eded1b8033a SHA256 f18ffab16a457fa721d11933c75f8288f6958c88c2669857c7c11d5107ba2951 DIST xen-3.0.3_0-src.tgz 5465968 RMD160 528020035ee32144b52bcdfccc8c44708b0196ea SHA1 9505ae3a5a42bc969836de81f501341409291f78 SHA256 7220bb4b0474e530559f558fcb4da8c88f1095c8e2f420602a26dfea5020443f DIST xen-sources-2.6.18.patch.bz2 533784 RMD160 5426e25bc239e0f4fb4be1fa5c49ff14a9d30530 SHA1 f84f682d48b9ca4f2f1b0df91b4eaf52dd1d0ef4 SHA256 9e58be16d90650966efa05d845bd5b0d88b900bf71ff932ccdf54e13fa984c3e +EBUILD xen-sources-2.6.16.28-r1.ebuild 1502 RMD160 9a65c57b5496966f712c15d3ada8140619639c99 SHA1 3c29096fb1f50b3a1f624a2de9ebac99ed5b8be9 SHA256 30c3dde698ce920d6ae7d9047220613cbbc4bf918ff07e78f1ef98895d1c3e7a +MD5 c408f1cbf8358a575522ca351c3adc36 xen-sources-2.6.16.28-r1.ebuild 1502 +RMD160 9a65c57b5496966f712c15d3ada8140619639c99 xen-sources-2.6.16.28-r1.ebuild 1502 +SHA256 30c3dde698ce920d6ae7d9047220613cbbc4bf918ff07e78f1ef98895d1c3e7a xen-sources-2.6.16.28-r1.ebuild 1502 EBUILD xen-sources-2.6.16.28.ebuild 1612 RMD160 e10fd59aae61b3c1c1d256053c166b47b7f575c7 SHA1 afad39fe7539a2796593edc95be1d498be995ff8 SHA256 1579641cae4d4e6cf4ce1c11f4b860b36d2b01ae81ea2ae64e49eb1decb7804c MD5 cdd1574a18b704893fa9dee6e63e59a9 xen-sources-2.6.16.28.ebuild 1612 RMD160 e10fd59aae61b3c1c1d256053c166b47b7f575c7 xen-sources-2.6.16.28.ebuild 1612 @@ -25,6 +33,9 @@ SHA256 747d51c438f3e69173765a33777104403f144c904261c64dc23370a29d67ba12 xen-sour MD5 577d28e423cb641a10a19426dd7d4b75 files/digest-xen-sources-2.6.16.28 717 RMD160 733fddcdf423e30d8e952092cf4d2d2b8ecae621 files/digest-xen-sources-2.6.16.28 717 SHA256 432b14d8eb07be2c7b17c028a5724598eae329997631a5bd3cee8251eec694bb files/digest-xen-sources-2.6.16.28 717 +MD5 577d28e423cb641a10a19426dd7d4b75 files/digest-xen-sources-2.6.16.28-r1 717 +RMD160 733fddcdf423e30d8e952092cf4d2d2b8ecae621 files/digest-xen-sources-2.6.16.28-r1 717 +SHA256 432b14d8eb07be2c7b17c028a5724598eae329997631a5bd3cee8251eec694bb files/digest-xen-sources-2.6.16.28-r1 717 MD5 e3dd60d0bb0cb4389169dd12b87fda93 files/digest-xen-sources-2.6.16.29 723 RMD160 d3d06eb72807564bbbcbd7758e836ec4731b0f09 files/digest-xen-sources-2.6.16.29 723 SHA256 f2ca6938f7cfb5fb8167c27707a6c3fd1bbe7b631ddc2e2f08a37f604c72412d files/digest-xen-sources-2.6.16.29 723 diff --git a/sys-kernel/xen-sources/files/digest-xen-sources-2.6.16.28-r1 b/sys-kernel/xen-sources/files/digest-xen-sources-2.6.16.28-r1 new file mode 100644 index 0000000..30347f3 --- /dev/null +++ b/sys-kernel/xen-sources/files/digest-xen-sources-2.6.16.28-r1 @@ -0,0 +1,9 @@ +MD5 9a91b2719949ff0856b40bc467fd47be linux-2.6.16.tar.bz2 40845005 +RMD160 af5c2f55733fadd2fdf8b00da55e7b31d516d4e8 linux-2.6.16.tar.bz2 40845005 +SHA256 1200dcc7e60fcdaf68618dba991917a47e41e67099e8b22143976ec972e2cad7 linux-2.6.16.tar.bz2 40845005 +MD5 736e7d741c0650c320c2b37bf6de3c0b patch-2.6.16.28.bz2 76693 +RMD160 5235c0b5f9665a279f5bf5d42f942cef215e822f patch-2.6.16.28.bz2 76693 +SHA256 6b05fd7121a86a5a6cfd0177200259eeb9a3d276a3cb16ba8cf2acdd747fa6be patch-2.6.16.28.bz2 76693 +MD5 544eab940a0734a55459d648e5c3b224 xen-3.0.2-src.tgz 4933621 +RMD160 34e4431a981891319f8a5ea0c3f604e7d8d7d7af xen-3.0.2-src.tgz 4933621 +SHA256 f18ffab16a457fa721d11933c75f8288f6958c88c2669857c7c11d5107ba2951 xen-3.0.2-src.tgz 4933621 diff --git a/sys-kernel/xen-sources/files/xen-sources-2.6.16.28-CVE-2006-6333.patch b/sys-kernel/xen-sources/files/xen-sources-2.6.16.28-CVE-2006-6333.patch new file mode 100644 index 0000000..66445ef --- /dev/null +++ b/sys-kernel/xen-sources/files/xen-sources-2.6.16.28-CVE-2006-6333.patch @@ -0,0 +1,28 @@ +From: Al Viro +Date: Mon, 4 Dec 2006 22:05:09 +0000 (+0000) +Subject: [PATCH] remote memory corruptor in ibmtr.c +X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ee28b0da1069ced1688aa9d0b7b378353b988321 + +[PATCH] remote memory corruptor in ibmtr.c + +ip_summed changes last summer had missed that one. As the result, +we have ip_summed interpreted as CHECKSUM_PARTIAL now. IOW, +->csum is interpreted as offset of checksum in the packet. net/core/* +will both read and modify the value as that offset, with obvious +reasons. At the very least it's a remote memory corruptor. + +Signed-off-by: Al Viro +Signed-off-by: Linus Torvalds +--- + +--- a/drivers/net/tokenring/ibmtr.c ++++ b/drivers/net/tokenring/ibmtr.c +@@ -1826,7 +1826,7 @@ static void tr_rx(struct net_device *dev + skb->protocol = tr_type_trans(skb, dev); + if (IPv4_p) { + skb->csum = chksum; +- skb->ip_summed = 1; ++ skb->ip_summed = CHECKSUM_COMPLETE; + } + netif_rx(skb); + dev->last_rx = jiffies; diff --git a/sys-kernel/xen-sources/xen-sources-2.6.16.28-r1.ebuild b/sys-kernel/xen-sources/xen-sources-2.6.16.28-r1.ebuild new file mode 100644 index 0000000..26bd921 --- /dev/null +++ b/sys-kernel/xen-sources/xen-sources-2.6.16.28-r1.ebuild @@ -0,0 +1,43 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +ETYPE="sources" +inherit kernel-2 eutils +detect_arch +detect_version +[ "${PR}" == "r0" ] && KV=${PV/_/-}-xen || KV=${PV/_/-}-xen-${PR} + +DESCRIPTION="Full sources for a dom0/domU Linux kernel to run under Xen" +HOMEPAGE="http://www.cl.cam.ac.uk/Research/SRG/netos/xen/index.html" +XEN_VERSION="3.0.2" +MY_P="xen-${XEN_VERSION}" +SRC_URI="${KERNEL_URI} mirror://kernel/linux/kernel/v${KV_MAJOR}.${KV_MINOR}/patch-${PV}.bz2 http://www.cl.cam.ac.uk/Research/SRG/netos/xen/downloads/xen-${XEN_VERSION}-src.tgz" + +KEYWORDS="~x86 ~amd64" +S="${WORKDIR}" +RESTRICT="nostrip" +XEN_KV=${KV_MAJOR}.${KV_MINOR}.${KV_PATCH} + +src_unpack() { + unpack ${A} + cd ${MY_P} + mv "${WORKDIR}"/patch-${PV} patches/linux-${XEN_KV}/linux-${PV}.patch \ + || die "failed to mv ${WORKDIR}/patch-${PV}" + sed -e 's:relative_lndir \([^(].*\):cp -dpPR \1/* .:' \ + -i linux-2.6-xen-sparse/mkbuildtree || die + + # No need to run oldconfig + sed -e 's:$(MAKE) -C $(LINUX_DIR) ARCH=$(LINUX_ARCH) oldconfig::' \ + -i buildconfigs/mk.linux-2.6-xen + + make LINUX_SRC_PATH=${DISTDIR} -f buildconfigs/mk.linux-2.6-xen \ + linux-${XEN_KV}-xen/include/linux/autoconf.h || die + mv linux-${XEN_KV}-xen "${WORKDIR}"/linux-${KV} || die + rm -rf "${WORKDIR}"/linux-${XEN_KV} || die + rm -rf "${WORKDIR}/${MY_P}" || die + + cd "${WORKDIR}"/linux-${KV} + epatch "${FILESDIR}/${P}"-CVE-2006-3468.patch + epatch "${FILESDIR}/${P}"-CVE-2006-6333.patch +} -- cgit v1.2.3-65-gdbad