From 22e5f5bf64eba5c65674eeb3a8167de2854dbe0e Mon Sep 17 00:00:00 2001 From: root Date: Thu, 2 Feb 2012 23:14:44 +0000 Subject: Thu Feb 2 23:14:44 UTC 2012 --- libre/crosstool-ng/PKGBUILD | 4 +- libre/filesystem/PKGBUILD | 22 +- libre/filesystem/filesystem.install | 3 - libre/filesystem/issue | 1 - libre/filesystem/modprobe.d.usb-load-ehci-first | 4 +- libre/initscripts/PKGBUILD | 4 +- libre/linux-libre/CVE-2012-0056.patch | 268 ++++++++++++++++++++++++ libre/linux-libre/PKGBUILD | 6 +- libre/linux-libre/linux-libre.install | 2 +- libre/pacman/PKGBUILD | 5 +- libre/pacman/rePKGBUILD | 2 +- 11 files changed, 293 insertions(+), 28 deletions(-) create mode 100644 libre/linux-libre/CVE-2012-0056.patch (limited to 'libre') diff --git a/libre/crosstool-ng/PKGBUILD b/libre/crosstool-ng/PKGBUILD index 8843af016..5341fa6f5 100644 --- a/libre/crosstool-ng/PKGBUILD +++ b/libre/crosstool-ng/PKGBUILD @@ -2,7 +2,7 @@ # Maintainer (Parabola): fauno pkgname=crosstool-ng -pkgver=1.13.0 +pkgver=1.13.2 pkgrel=1 pkgdesc="A versatile cross toolchain generator (eglibc addons patch)" arch=('i686' 'x86_64') @@ -26,4 +26,4 @@ package() { cd $srcdir/$pkgname-$pkgver make DESTDIR=$pkgdir install } -md5sums=('55fba9f37b9f9ed0aeb6c50fbd8b6429') +md5sums=('749cf70568ad07d1b13fdcd25b163553') diff --git a/libre/filesystem/PKGBUILD b/libre/filesystem/PKGBUILD index ea1e0e4f9..733d34aa3 100644 --- a/libre/filesystem/PKGBUILD +++ b/libre/filesystem/PKGBUILD @@ -1,10 +1,10 @@ -# $Id: PKGBUILD 140217 2011-10-09 23:32:13Z dreisner $ +# $Id: PKGBUILD 147201 2012-01-24 06:36:12Z bisson $ # Maintainer: Tom Gundersen # Maintainer (Parabola): fauno pkgname=filesystem -pkgver=2011.10 -pkgrel=1 +pkgver=2011.12 +pkgrel=2 pkgdesc='Base filesystem for Parabola' arch=('any') license=('GPL') @@ -19,7 +19,7 @@ source=('group' 'issue' 'nsswitch.conf' 'securetty' 'host.conf' 'ld.so.conf' 'passwd' 'shadow' 'fstab' 'crypttab' 'hosts' 'motd' 'resolv.conf' 'shells' 'gshadow' 'profile' 'modprobe.d.usb-load-ehci-first') md5sums=('772fe869b921698cc3e6fde73c4ac85a' - '140787c0dc6f3f1272cfd381b92b0155' + '6be47d893fd49b2e4a8c0e811b350861' '13753e4e0964f3652b0cc60a28528bdf' '4c4540eeb748bf1f71d631b8c1dcf0b3' 'f28150d4c0b22a017be51b9f7f9977ed' @@ -34,7 +34,7 @@ md5sums=('772fe869b921698cc3e6fde73c4ac85a' '22518e922891f9359f971f4f5b4e793c' 'd2dc4e39dbdea75b107f91789e3274ab' 'f3b6ae7db8adffaaa4bffc6099dcbd50' - '8098ffd9fbf890468d3198277596b85a') + 'a8a962370cd0128465d514e6a1f74130') package() { cd ${srcdir} @@ -56,6 +56,7 @@ package() { for f in fstab group host.conf hosts issue ld.so.conf motd nsswitch.conf passwd resolv.conf securetty shells profile; do install -m644 ${srcdir}/${f} ${pkgdir}/etc/ done + ln -s /proc/self/mounts ${pkgdir}/etc/mtab for f in gshadow shadow crypttab; do install -m600 ${srcdir}/${f} ${pkgdir}/etc/ done @@ -63,16 +64,15 @@ package() { install -D -m644 ${srcdir}/modprobe.d.usb-load-ehci-first ${pkgdir}/lib/modprobe.d/usb-load-ehci-first.conf # setup /var - for d in cache/man local opt run log/old lib/misc empty; do + for d in cache/man local opt log/old lib/misc empty; do install -d -m755 ${pkgdir}/var/${d} done - install -d -m1777 ${pkgdir}/var/{lock,tmp,spool/mail} + install -d -m1777 ${pkgdir}/var/{tmp,spool/mail} # allow setgid games to write scores install -d -m775 -g games ${pkgdir}/var/games - ln -s spool/mail ${pkgdir}/var/mail - # prevent pacman from removing directory (FS#16886) - touch ${pkgdir}/var/empty/.keep - + ln -s /var/spool/mail ${pkgdir}/var/mail + ln -s /run ${pkgdir}/var/run + ln -s /run/lock ${pkgdir}/var/lock # # setup /usr hierarchy diff --git a/libre/filesystem/filesystem.install b/libre/filesystem/filesystem.install index 640cd5c1d..0ecc27e65 100644 --- a/libre/filesystem/filesystem.install +++ b/libre/filesystem/filesystem.install @@ -1,9 +1,6 @@ post_install() { [ -f var/log/lastlog ] || : >var/log/lastlog [ -f var/log/wtmp ] || : >var/log/wtmp - [ -f var/run/utmp ] || : >var/run/utmp - chown root:20 var/run/utmp - chmod 664 var/run/utmp [ -f var/log/btmp ] || (: >var/log/btmp && bin/chmod 600 var/log/btmp) # workaround for bug #7194 # readded due to bug #9465 diff --git a/libre/filesystem/issue b/libre/filesystem/issue index 323abdbf7..b001c55dd 100644 --- a/libre/filesystem/issue +++ b/libre/filesystem/issue @@ -1,3 +1,2 @@ - Parabola GNU/Linux-libre \r (\n) (\l) diff --git a/libre/filesystem/modprobe.d.usb-load-ehci-first b/libre/filesystem/modprobe.d.usb-load-ehci-first index 3b5db0e7a..947379411 100644 --- a/libre/filesystem/modprobe.d.usb-load-ehci-first +++ b/libre/filesystem/modprobe.d.usb-load-ehci-first @@ -1,2 +1,2 @@ -install ohci_hcd /sbin/modprobe ehci_hcd ; /sbin/modprobe --ignore-install ohci_hcd $CMDLINE_OPTS -install uhci_hcd /sbin/modprobe ehci_hcd ; /sbin/modprobe --ignore-install uhci_hcd $CMDLINE_OPTS +softdep ohci_hcd pre: ehci_hcd +softdep uhci_hcd pre: ehci_hcd diff --git a/libre/initscripts/PKGBUILD b/libre/initscripts/PKGBUILD index 9ce6cd8ae..f8b70de29 100644 --- a/libre/initscripts/PKGBUILD +++ b/libre/initscripts/PKGBUILD @@ -4,7 +4,7 @@ # Maintainer (Parabola): Nicolas Reynolds pkgname=initscripts -pkgver=2011.12.14 +pkgver=2012.02.1 pkgrel=1 pkgdesc="System initialization/bootup scripts (Parabola branding)" arch=('any') @@ -28,5 +28,5 @@ package() { make DESTDIR=${pkgdir} install install -D -m644 ${srcdir}/wireless.conf.d ${pkgdir}/etc/conf.d/wireless } -md5sums=('55f010509c91d2a236df49a82af48b4b' +md5sums=('db7506749d240cbe1e5988d3a81d72a9' '027576534885b8d5dded9be546057b12') diff --git a/libre/linux-libre/CVE-2012-0056.patch b/libre/linux-libre/CVE-2012-0056.patch new file mode 100644 index 000000000..6a83fef1c --- /dev/null +++ b/libre/linux-libre/CVE-2012-0056.patch @@ -0,0 +1,268 @@ +From e268337dfe26dfc7efd422a804dbb27977a3cccc Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Tue, 17 Jan 2012 15:21:19 -0800 +Subject: [PATCH] proc: clean up and fix /proc//mem handling +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +Jüri Aedla reported that the /proc//mem handling really isn't very +robust, and it also doesn't match the permission checking of any of the +other related files. + +This changes it to do the permission checks at open time, and instead of +tracking the process, it tracks the VM at the time of the open. That +simplifies the code a lot, but does mean that if you hold the file +descriptor open over an execve(), you'll continue to read from the _old_ +VM. + +That is different from our previous behavior, but much simpler. If +somebody actually finds a load where this matters, we'll need to revert +this commit. + +I suspect that nobody will ever notice - because the process mapping +addresses will also have changed as part of the execve. So you cannot +actually usefully access the fd across a VM change simply because all +the offsets for IO would have changed too. + +Reported-by: Jüri Aedla +Cc: Al Viro +Signed-off-by: Linus Torvalds +--- + fs/proc/base.c | 145 +++++++++++++++----------------------------------------- + 1 files changed, 39 insertions(+), 106 deletions(-) + +diff --git a/fs/proc/base.c b/fs/proc/base.c +index 5485a53..662ddf2 100644 +--- a/fs/proc/base.c ++++ b/fs/proc/base.c +@@ -198,65 +198,7 @@ static int proc_root_link(struct dentry *dentry, struct path *path) + return result; + } + +-static struct mm_struct *__check_mem_permission(struct task_struct *task) +-{ +- struct mm_struct *mm; +- +- mm = get_task_mm(task); +- if (!mm) +- return ERR_PTR(-EINVAL); +- +- /* +- * A task can always look at itself, in case it chooses +- * to use system calls instead of load instructions. +- */ +- if (task == current) +- return mm; +- +- /* +- * If current is actively ptrace'ing, and would also be +- * permitted to freshly attach with ptrace now, permit it. +- */ +- if (task_is_stopped_or_traced(task)) { +- int match; +- rcu_read_lock(); +- match = (ptrace_parent(task) == current); +- rcu_read_unlock(); +- if (match && ptrace_may_access(task, PTRACE_MODE_ATTACH)) +- return mm; +- } +- +- /* +- * No one else is allowed. +- */ +- mmput(mm); +- return ERR_PTR(-EPERM); +-} +- +-/* +- * If current may access user memory in @task return a reference to the +- * corresponding mm, otherwise ERR_PTR. +- */ +-static struct mm_struct *check_mem_permission(struct task_struct *task) +-{ +- struct mm_struct *mm; +- int err; +- +- /* +- * Avoid racing if task exec's as we might get a new mm but validate +- * against old credentials. +- */ +- err = mutex_lock_killable(&task->signal->cred_guard_mutex); +- if (err) +- return ERR_PTR(err); +- +- mm = __check_mem_permission(task); +- mutex_unlock(&task->signal->cred_guard_mutex); +- +- return mm; +-} +- +-struct mm_struct *mm_for_maps(struct task_struct *task) ++static struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) + { + struct mm_struct *mm; + int err; +@@ -267,7 +209,7 @@ struct mm_struct *mm_for_maps(struct task_struct *task) + + mm = get_task_mm(task); + if (mm && mm != current->mm && +- !ptrace_may_access(task, PTRACE_MODE_READ)) { ++ !ptrace_may_access(task, mode)) { + mmput(mm); + mm = ERR_PTR(-EACCES); + } +@@ -276,6 +218,11 @@ struct mm_struct *mm_for_maps(struct task_struct *task) + return mm; + } + ++struct mm_struct *mm_for_maps(struct task_struct *task) ++{ ++ return mm_access(task, PTRACE_MODE_READ); ++} ++ + static int proc_pid_cmdline(struct task_struct *task, char * buffer) + { + int res = 0; +@@ -752,38 +699,39 @@ static const struct file_operations proc_single_file_operations = { + + static int mem_open(struct inode* inode, struct file* file) + { +- file->private_data = (void*)((long)current->self_exec_id); ++ struct task_struct *task = get_proc_task(file->f_path.dentry->d_inode); ++ struct mm_struct *mm; ++ ++ if (!task) ++ return -ESRCH; ++ ++ mm = mm_access(task, PTRACE_MODE_ATTACH); ++ put_task_struct(task); ++ ++ if (IS_ERR(mm)) ++ return PTR_ERR(mm); ++ + /* OK to pass negative loff_t, we can catch out-of-range */ + file->f_mode |= FMODE_UNSIGNED_OFFSET; ++ file->private_data = mm; ++ + return 0; + } + + static ssize_t mem_read(struct file * file, char __user * buf, + size_t count, loff_t *ppos) + { +- struct task_struct *task = get_proc_task(file->f_path.dentry->d_inode); ++ int ret; + char *page; + unsigned long src = *ppos; +- int ret = -ESRCH; +- struct mm_struct *mm; ++ struct mm_struct *mm = file->private_data; + +- if (!task) +- goto out_no_task; ++ if (!mm) ++ return 0; + +- ret = -ENOMEM; + page = (char *)__get_free_page(GFP_TEMPORARY); + if (!page) +- goto out; +- +- mm = check_mem_permission(task); +- ret = PTR_ERR(mm); +- if (IS_ERR(mm)) +- goto out_free; +- +- ret = -EIO; +- +- if (file->private_data != (void*)((long)current->self_exec_id)) +- goto out_put; ++ return -ENOMEM; + + ret = 0; + +@@ -810,13 +758,7 @@ static ssize_t mem_read(struct file * file, char __user * buf, + } + *ppos = src; + +-out_put: +- mmput(mm); +-out_free: + free_page((unsigned long) page); +-out: +- put_task_struct(task); +-out_no_task: + return ret; + } + +@@ -825,27 +767,15 @@ static ssize_t mem_write(struct file * file, const char __user *buf, + { + int copied; + char *page; +- struct task_struct *task = get_proc_task(file->f_path.dentry->d_inode); + unsigned long dst = *ppos; +- struct mm_struct *mm; ++ struct mm_struct *mm = file->private_data; + +- copied = -ESRCH; +- if (!task) +- goto out_no_task; ++ if (!mm) ++ return 0; + +- copied = -ENOMEM; + page = (char *)__get_free_page(GFP_TEMPORARY); + if (!page) +- goto out_task; +- +- mm = check_mem_permission(task); +- copied = PTR_ERR(mm); +- if (IS_ERR(mm)) +- goto out_free; +- +- copied = -EIO; +- if (file->private_data != (void *)((long)current->self_exec_id)) +- goto out_mm; ++ return -ENOMEM; + + copied = 0; + while (count > 0) { +@@ -869,13 +799,7 @@ static ssize_t mem_write(struct file * file, const char __user *buf, + } + *ppos = dst; + +-out_mm: +- mmput(mm); +-out_free: + free_page((unsigned long) page); +-out_task: +- put_task_struct(task); +-out_no_task: + return copied; + } + +@@ -895,11 +819,20 @@ loff_t mem_lseek(struct file *file, loff_t offset, int orig) + return file->f_pos; + } + ++static int mem_release(struct inode *inode, struct file *file) ++{ ++ struct mm_struct *mm = file->private_data; ++ ++ mmput(mm); ++ return 0; ++} ++ + static const struct file_operations proc_mem_operations = { + .llseek = mem_lseek, + .read = mem_read, + .write = mem_write, + .open = mem_open, ++ .release = mem_release, + }; + + static ssize_t environ_read(struct file *file, char __user *buf, +-- +1.7.6.5 + diff --git a/libre/linux-libre/PKGBUILD b/libre/linux-libre/PKGBUILD index 3bd2c7fe6..bc6b67c12 100644 --- a/libre/linux-libre/PKGBUILD +++ b/libre/linux-libre/PKGBUILD @@ -9,7 +9,7 @@ pkgname=('linux-libre' 'linux-libre-headers' 'linux-libre-docs') # Build stock - # pkgname=linux-custom # Build kernel with a different name _kernelname=${pkgname#linux-libre} _basekernel=3.2 -pkgver=${_basekernel}.1 +pkgver=${_basekernel}.2 pkgrel=1 arch=('i686' 'x86_64' 'mips64el') url="http://linux-libre.fsfla.org/" @@ -341,8 +341,8 @@ package_linux-libre-docs() { rm -f "${pkgdir}/usr/src/linux-${_kernver}/Documentation/DocBook/Makefile" } md5sums=('27c641c4f6785fc647cdd3e44963a55c' - '6e0c99536652e7deb71acbadc980b586' - 'fb12372c5c7bc4e5328b38953616c7a5' + '39d471f90b754fd60529166cd37e5e0d' + '5c654bfed9005675317794c492bd2d8c' '92f62a90c1df8d74704a510d28146c52' '576ba68b171efd4a3333736c30f334ef' 'a8a3843046926eb7ab81312cd438c5c5' diff --git a/libre/linux-libre/linux-libre.install b/libre/linux-libre/linux-libre.install index f08840c94..6dc0e247d 100644 --- a/libre/linux-libre/linux-libre.install +++ b/libre/linux-libre/linux-libre.install @@ -2,7 +2,7 @@ # arg 2: the old package version KERNEL_NAME= -KERNEL_VERSION=3.2.1-1-LIBRE +KERNEL_VERSION=3.2.2-1-LIBRE post_install () { # updating module dependencies diff --git a/libre/pacman/PKGBUILD b/libre/pacman/PKGBUILD index 00ed5e69c..00faf0842 100644 --- a/libre/pacman/PKGBUILD +++ b/libre/pacman/PKGBUILD @@ -1,11 +1,11 @@ # vim: set ts=2 sw=2 et: -# $Id: PKGBUILD 145836 2012-01-02 19:39:43Z dreisner $ +# $Id: PKGBUILD 146568 2012-01-13 16:47:02Z dreisner $ # Maintainer: Dan McGee # Maintainer: Dave Reisner pkgname=pacman pkgver=4.0.1 -pkgrel=3 +pkgrel=4 pkgdesc="A library-based package manager with dependency support" arch=('i686' 'x86_64' 'mips64el') url="http://www.archlinux.org/pacman/" @@ -13,6 +13,7 @@ license=('GPL') groups=('base') depends=('bash' 'glibc>=2.15' 'libarchive>=3.0.2' 'curl>=7.19.4' 'gpgme' 'pacman-mirrorlist') +makedepends=('asciidoc') optdepends=('fakeroot: for makepkg usage as normal user') backup=(etc/pacman.conf etc/makepkg.conf) install=pacman.install diff --git a/libre/pacman/rePKGBUILD b/libre/pacman/rePKGBUILD index 3648f2a18..3967b90ab 100644 --- a/libre/pacman/rePKGBUILD +++ b/libre/pacman/rePKGBUILD @@ -2,7 +2,7 @@ source PKGBUILD CARCH=x86_64 unset build package md5sums source -_repo=testing +_repo=core source=(PKGBUILD ftp://ftp.archlinux.org/${_repo}/os/${CARCH}/${pkgname%-libre}-$pkgver-$pkgrel-$CARCH$PKGEXT # files for pkg modifications -- cgit v1.2.3-54-g00ecf