Fix CVE-2006-6333 (bug #157186).

Package-Manager: portage-2.1.1-r2
author: Andrew Ross <aross@gentoo.org> 2006-12-16 03:55:01 +0000
committer: Andrew Ross <aross@gentoo.org> 2006-12-16 03:55:01 +0000
commit: 0736dcefed1beceef5a42de6085c015c1df28b0c (patch)
tree: 5871153c72d1db2cd4f32abc5a422ea09e02d6b8 /sys-kernel
parent: Remove due to CVE-2006-3745 (bug #144820), which doesn't affect 2.6.16.28 (diff)
download: historical-0736dcefed1beceef5a42de6085c015c1df28b0c.tar.gz
historical-0736dcefed1beceef5a42de6085c015c1df28b0c.tar.bz2
historical-0736dcefed1beceef5a42de6085c015c1df28b0c.zip
5 files changed, 106 insertions, 8 deletions
diff --git a/sys-kernel/xen-sources/ChangeLog b/sys-kernel/xen-sources/ChangeLog
index eaf51cee3963..32fd570db7d6 100644
--- a/sys-kernel/xen-sources/ChangeLog
+++ b/sys-kernel/xen-sources/ChangeLog
@@ -1,15 +1,22 @@
 # ChangeLog for sys-kernel/xen-sources
 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/xen-sources/ChangeLog,v 1.35 2006/12/16 03:32:41 aross Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/xen-sources/ChangeLog,v 1.36 2006/12/16 03:55:01 aross Exp $
 
-  16 Dec 2006; <aross@gentoo.org>
+*xen-sources-2.6.16.28-r1 (16 Dec 2006)
+
+  16 Dec 2006; Andrew Ross <aross@gentoo.org>
+  +files/xen-sources-2.6.16.28-CVE-2006-6333.patch,
+  +xen-sources-2.6.16.28-r1.ebuild:
+  Fix CVE-2006-6333 (bug #157186).
+
+  16 Dec 2006; Andrew Ross <aross@gentoo.org>
   -files/xen-sources-2.6.16.26-CVE-2006-2935.patch,
   -xen-sources-2.6.16.26.ebuild, -xen-sources-2.6.16.26-r1.ebuild:
   Remove due to CVE-2006-3745 (bug #144820), which doesn't affect 2.6.16.28
 
 *xen-sources-2.6.16.28 (10 Sep 2006)
 
-  10 Sep 2006; <aross@gentoo.org>
+  10 Sep 2006; Andrew Ross <aross@gentoo.org>
   +files/xen-sources-2.6.16.28-CVE-2006-3468.patch,
   +xen-sources-2.6.16.28.ebuild:
   Version bump to fix bugs #143538 (CVE-2006-4145), #139641 (CVE-2006-2936), and
@@ -17,7 +24,7 @@
 
 *xen-sources-2.6.16.26-r1 (26 Aug 2006)
 
-  26 Aug 2006; <aross@gentoo.org>
+  26 Aug 2006; Andrew Ross <aross@gentoo.org>
   +files/xen-sources-2.6.16.26-CVE-2006-2935.patch,
   +xen-sources-2.6.16.26-r1.ebuild:
   Fix possible buffer overflow (CVE-2006-2935), bug #139321
diff --git a/sys-kernel/xen-sources/Manifest b/sys-kernel/xen-sources/Manifest
index c8300c20c0ed..44c3c95465c1 100644
--- a/sys-kernel/xen-sources/Manifest
+++ b/sys-kernel/xen-sources/Manifest
@@ -2,17 +2,25 @@ AUX xen-sources-2.6.16.28-CVE-2006-3468.patch 3700 RMD160 6f4f016f1e858638482480
 MD5 07597cf53abbd6bf2a90bba4c514a8fb files/xen-sources-2.6.16.28-CVE-2006-3468.patch 3700
 RMD160 6f4f016f1e8586384824803228729490e15478c4 files/xen-sources-2.6.16.28-CVE-2006-3468.patch 3700
 SHA256 235e7d34d6545480e6fa1e1e190860ed2c081d7890bb6532c0aad2d973084fdc files/xen-sources-2.6.16.28-CVE-2006-3468.patch 3700
+AUX xen-sources-2.6.16.28-CVE-2006-6333.patch 1070 RMD160 613f13d96b8fbfca43dc893ff90cf0f9c8745cf0 SHA1 40d742c69e50c3b85f83c64bcec3c13b6b00b264 SHA256 ff0c2e31316fd9f33fea8a40349733ce2e307838b78cf9a2c9a95495e185a855
+MD5 3a65727b79f61d986594734845f058a4 files/xen-sources-2.6.16.28-CVE-2006-6333.patch 1070
+RMD160 613f13d96b8fbfca43dc893ff90cf0f9c8745cf0 files/xen-sources-2.6.16.28-CVE-2006-6333.patch 1070
+SHA256 ff0c2e31316fd9f33fea8a40349733ce2e307838b78cf9a2c9a95495e185a855 files/xen-sources-2.6.16.28-CVE-2006-6333.patch 1070
 DIST linux-2.6.16.tar.bz2 40845005 RMD160 af5c2f55733fadd2fdf8b00da55e7b31d516d4e8 SHA1 bef21cd5063a648f33a99a26f4742dd05eb4dca2 SHA256 1200dcc7e60fcdaf68618dba991917a47e41e67099e8b22143976ec972e2cad7
 DIST patch-2.6.16.28.bz2 76693 RMD160 5235c0b5f9665a279f5bf5d42f942cef215e822f SHA1 7b1d450cf300ec6788919e4b5601389e258d28cc SHA256 6b05fd7121a86a5a6cfd0177200259eeb9a3d276a3cb16ba8cf2acdd747fa6be
 DIST xen-3.0.2-src.tgz 4933621 RMD160 34e4431a981891319f8a5ea0c3f604e7d8d7d7af SHA1 b7e797048b516f8b385afd3da9ae2eded1b8033a SHA256 f18ffab16a457fa721d11933c75f8288f6958c88c2669857c7c11d5107ba2951
+EBUILD xen-sources-2.6.16.28-r1.ebuild 1617 RMD160 6f916500b3f8b0127d57fced94c8fbbc515e3374 SHA1 7f9f57a0a7b9c0d1c629e7d086bfcef21496e4f9 SHA256 72332a391cff4553dc0f4da8d85f3204b310ab5660d46181f0d3349501bc99d9
+MD5 29d2470766f3717e27ef32f61422fe23 xen-sources-2.6.16.28-r1.ebuild 1617
+RMD160 6f916500b3f8b0127d57fced94c8fbbc515e3374 xen-sources-2.6.16.28-r1.ebuild 1617
+SHA256 72332a391cff4553dc0f4da8d85f3204b310ab5660d46181f0d3349501bc99d9 xen-sources-2.6.16.28-r1.ebuild 1617
 EBUILD xen-sources-2.6.16.28.ebuild 1612 RMD160 e10fd59aae61b3c1c1d256053c166b47b7f575c7 SHA1 afad39fe7539a2796593edc95be1d498be995ff8 SHA256 1579641cae4d4e6cf4ce1c11f4b860b36d2b01ae81ea2ae64e49eb1decb7804c
 MD5 cdd1574a18b704893fa9dee6e63e59a9 xen-sources-2.6.16.28.ebuild 1612
 RMD160 e10fd59aae61b3c1c1d256053c166b47b7f575c7 xen-sources-2.6.16.28.ebuild 1612
 SHA256 1579641cae4d4e6cf4ce1c11f4b860b36d2b01ae81ea2ae64e49eb1decb7804c xen-sources-2.6.16.28.ebuild 1612
-MISC ChangeLog 5796 RMD160 ca8d20607c38d30aabd2eb1085d9ccedfab53356 SHA1 178798eac9cb439af8e88db66a1af061af9ab535 SHA256 7d8bd2b1486c102981f629f1d0cb32611a94007a5f68d28ff97942c38d98b336
-MD5 d40410edb6d651751deb6580f7035eff ChangeLog 5796
-RMD160 ca8d20607c38d30aabd2eb1085d9ccedfab53356 ChangeLog 5796
-SHA256 7d8bd2b1486c102981f629f1d0cb32611a94007a5f68d28ff97942c38d98b336 ChangeLog 5796
+MISC ChangeLog 6043 RMD160 bbcfb377cc5666cc3ea865e42567c9fdd82a34f9 SHA1 b57d2dadc0f795bb859b7ba0b0daac25ffb82118 SHA256 b0474c2ccd1f27707a3fd06fdf6e2f6e639bee6265b5b9fe7ff469b3ba6c11d3
+MD5 a1197d40eb0160070c369790e263592d ChangeLog 6043
+RMD160 bbcfb377cc5666cc3ea865e42567c9fdd82a34f9 ChangeLog 6043
+SHA256 b0474c2ccd1f27707a3fd06fdf6e2f6e639bee6265b5b9fe7ff469b3ba6c11d3 ChangeLog 6043
 MISC metadata.xml 156 RMD160 bb062b1ba5554779dcfd0e73baf533ce9fbcdf68 SHA1 e6da014f2004758c7a806592ef9450489eebf593 SHA256 4a030777459245372bda9f7925f3a5ed3ef2b29b77e1a2971f3400ac2059b1e2
 MD5 559b4095659a2a2a489784de8a6ef95e metadata.xml 156
 RMD160 bb062b1ba5554779dcfd0e73baf533ce9fbcdf68 metadata.xml 156
@@ -20,3 +28,6 @@ SHA256 4a030777459245372bda9f7925f3a5ed3ef2b29b77e1a2971f3400ac2059b1e2 metadata
 MD5 577d28e423cb641a10a19426dd7d4b75 files/digest-xen-sources-2.6.16.28 717
 RMD160 733fddcdf423e30d8e952092cf4d2d2b8ecae621 files/digest-xen-sources-2.6.16.28 717
 SHA256 432b14d8eb07be2c7b17c028a5724598eae329997631a5bd3cee8251eec694bb files/digest-xen-sources-2.6.16.28 717
+MD5 577d28e423cb641a10a19426dd7d4b75 files/digest-xen-sources-2.6.16.28-r1 717
+RMD160 733fddcdf423e30d8e952092cf4d2d2b8ecae621 files/digest-xen-sources-2.6.16.28-r1 717
+SHA256 432b14d8eb07be2c7b17c028a5724598eae329997631a5bd3cee8251eec694bb files/digest-xen-sources-2.6.16.28-r1 717
diff --git a/sys-kernel/xen-sources/files/digest-xen-sources-2.6.16.28-r1 b/sys-kernel/xen-sources/files/digest-xen-sources-2.6.16.28-r1
new file mode 100644
index 000000000000..30347f3d6d5e
--- /dev/null
+++ b/sys-kernel/xen-sources/files/digest-xen-sources-2.6.16.28-r1
@@ -0,0 +1,9 @@
+MD5 9a91b2719949ff0856b40bc467fd47be linux-2.6.16.tar.bz2 40845005
+RMD160 af5c2f55733fadd2fdf8b00da55e7b31d516d4e8 linux-2.6.16.tar.bz2 40845005
+SHA256 1200dcc7e60fcdaf68618dba991917a47e41e67099e8b22143976ec972e2cad7 linux-2.6.16.tar.bz2 40845005
+MD5 736e7d741c0650c320c2b37bf6de3c0b patch-2.6.16.28.bz2 76693
+RMD160 5235c0b5f9665a279f5bf5d42f942cef215e822f patch-2.6.16.28.bz2 76693
+SHA256 6b05fd7121a86a5a6cfd0177200259eeb9a3d276a3cb16ba8cf2acdd747fa6be patch-2.6.16.28.bz2 76693
+MD5 544eab940a0734a55459d648e5c3b224 xen-3.0.2-src.tgz 4933621
+RMD160 34e4431a981891319f8a5ea0c3f604e7d8d7d7af xen-3.0.2-src.tgz 4933621
+SHA256 f18ffab16a457fa721d11933c75f8288f6958c88c2669857c7c11d5107ba2951 xen-3.0.2-src.tgz 4933621
diff --git a/sys-kernel/xen-sources/files/xen-sources-2.6.16.28-CVE-2006-6333.patch b/sys-kernel/xen-sources/files/xen-sources-2.6.16.28-CVE-2006-6333.patch
new file mode 100644
index 000000000000..66445efea449
--- /dev/null
+++ b/sys-kernel/xen-sources/files/xen-sources-2.6.16.28-CVE-2006-6333.patch
@@ -0,0 +1,28 @@
+From: Al Viro <viro@hera.kernel.org>
+Date: Mon, 4 Dec 2006 22:05:09 +0000 (+0000)
+Subject: [PATCH] remote memory corruptor in ibmtr.c
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ee28b0da1069ced1688aa9d0b7b378353b988321
+
+[PATCH] remote memory corruptor in ibmtr.c
+
+ip_summed changes last summer had missed that one.  As the result,
+we have ip_summed interpreted as CHECKSUM_PARTIAL now.  IOW,
+->csum is interpreted as offset of checksum in the packet.  net/core/*
+will both read and modify the value as that offset, with obvious
+reasons.  At the very least it's a remote memory corruptor.
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+---
+
+--- a/drivers/net/tokenring/ibmtr.c
++++ b/drivers/net/tokenring/ibmtr.c
+@@ -1826,7 +1826,7 @@ static void tr_rx(struct net_device *dev
+ 	skb->protocol = tr_type_trans(skb, dev);
+ 	if (IPv4_p) {
+ 		skb->csum = chksum;
+-		skb->ip_summed = 1;
++		skb->ip_summed = CHECKSUM_COMPLETE;
+ 	}
+ 	netif_rx(skb);
+ 	dev->last_rx = jiffies;
diff --git a/sys-kernel/xen-sources/xen-sources-2.6.16.28-r1.ebuild b/sys-kernel/xen-sources/xen-sources-2.6.16.28-r1.ebuild
new file mode 100644
index 000000000000..fb30f6258a2b
--- /dev/null
+++ b/sys-kernel/xen-sources/xen-sources-2.6.16.28-r1.ebuild
@@ -0,0 +1,43 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/xen-sources/xen-sources-2.6.16.28-r1.ebuild,v 1.1 2006/12/16 03:55:01 aross Exp $
+
+ETYPE="sources"
+inherit kernel-2 eutils
+detect_arch
+detect_version
+[ "${PR}" == "r0" ] && KV=${PV/_/-}-xen || KV=${PV/_/-}-xen-${PR}
+
+DESCRIPTION="Full sources for a dom0/domU Linux kernel to run under Xen"
+HOMEPAGE="http://www.cl.cam.ac.uk/Research/SRG/netos/xen/index.html"
+XEN_VERSION="3.0.2"
+MY_P="xen-${XEN_VERSION}"
+SRC_URI="${KERNEL_URI} mirror://kernel/linux/kernel/v${KV_MAJOR}.${KV_MINOR}/patch-${PV}.bz2 http://www.cl.cam.ac.uk/Research/SRG/netos/xen/downloads/xen-${XEN_VERSION}-src.tgz"
+
+KEYWORDS="~x86 ~amd64"
+S="${WORKDIR}"
+RESTRICT="nostrip"
+XEN_KV=${KV_MAJOR}.${KV_MINOR}.${KV_PATCH}
+
+src_unpack() {
+	unpack ${A}
+	cd ${MY_P}
+	mv "${WORKDIR}"/patch-${PV} patches/linux-${XEN_KV}/linux-${PV}.patch \
+		|| die "failed to mv ${WORKDIR}/patch-${PV}"
+	sed -e 's:relative_lndir \([^(].*\):cp -dpPR \1/* .:' \
+		-i linux-2.6-xen-sparse/mkbuildtree || die
+
+	# No need to run oldconfig
+	sed -e 's:$(MAKE) -C $(LINUX_DIR) ARCH=$(LINUX_ARCH) oldconfig::' \
+		-i buildconfigs/mk.linux-2.6-xen
+
+	make LINUX_SRC_PATH=${DISTDIR} -f buildconfigs/mk.linux-2.6-xen \
+		linux-${XEN_KV}-xen/include/linux/autoconf.h || die
+	mv linux-${XEN_KV}-xen "${WORKDIR}"/linux-${KV} || die
+	rm -rf "${WORKDIR}"/linux-${XEN_KV} || die
+	rm -rf "${WORKDIR}/${MY_P}" || die
+
+	cd "${WORKDIR}"/linux-${KV}
+	epatch "${FILESDIR}/${P}"-CVE-2006-3468.patch
+	epatch "${FILESDIR}/${P}"-CVE-2006-6333.patch
+}
author	Andrew Ross <aross@gentoo.org>	2006-12-16 03:55:01 +0000
committer	Andrew Ross <aross@gentoo.org>	2006-12-16 03:55:01 +0000
commit	0736dcefed1beceef5a42de6085c015c1df28b0c (patch)
tree	5871153c72d1db2cd4f32abc5a422ea09e02d6b8 /sys-kernel
parent	Remove due to CVE-2006-3745 (bug #144820), which doesn't affect 2.6.16.28 (diff)
download	historical-0736dcefed1beceef5a42de6085c015c1df28b0c.tar.gz historical-0736dcefed1beceef5a42de6085c015c1df28b0c.tar.bz2 historical-0736dcefed1beceef5a42de6085c015c1df28b0c.zip