[WBEL-devel] RHSA-2003:419-01 kernel packages

Jan-Frode Myklebust janfrode@parallab.uib.no
Wed, 7 Jan 2004 20:20:11 +0100 

--rS8CxjVDS/+yyDmU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, Jan 05, 2004 at 02:37:45PM -0600, John Morris wrote:
> On 5 Jan 2004, Jason Dixon wrote:
> 
> > Haven't seen anything on whitebox-announce.  Anyone working on this
> > update?
> 
> Still waiting to see it show on updates.redhat.com. Unless someone points 
> out an alternate source of SRPMS I'm stuck with what is available.
> 

Ubelievable.. still no updated kernel for the RedHat flaggship
product. 

Here's a patched kernel-2.4.21-4.0.1.EL srpm with only this do_mremap fix. 

	ftp://ftp.ii.uib.no/pub/janfrode/WBEL/kernel-2.4.21-4.0.1.EL2.src.rpm

There's also i686-binaries there.

Instructions if somebody else want to build this from trusted sources:

	rpm -ivh kernel-2.4.21-4.0.1.EL.src.rpm
	cd /usr/src/redhat/SPECS
	patch < /path/to/attached/kernel-2.4.spec.mremap-patch
	cp /path/to/attached/linux-2.4.21-mremap-fix.patch /usr/src/redhat/SOURCES
	rpmbuild -ba --target=i686 kernel-2.4.spec


   -jf

--rS8CxjVDS/+yyDmU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="linux-2.4.21-mremap-fix.patch"

diff -urNp linux/mm/mremap.c linux-2.4.21/mm/mremap.c
--- linux/mm/mremap.c
+++ linux-2.4.21/mm/mremap.c
@@ -306,6 +306,14 @@ unsigned long do_mremap(unsigned long ad
 
 		if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len)
 			goto out;
+		/*
+		 * Allow new_len == 0 only if new_addr == addr
+		 * to preserve truncation in place (that was working
+		 * safe and some app may depend on it).
+		 */
+		if (unlikely(!new_len && new_addr != addr))
+			goto out;
+
 
 		/* Check if the location we're moving into overlaps the
 		 * old location at all, and fail if it does.

--rS8CxjVDS/+yyDmU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="kernel-2.4.spec.mremap-patch"

--- kernel-2.4.spec.org	2004-01-07 13:55:59.000000000 +0100
+++ kernel-2.4.spec	2004-01-07 13:57:52.000000000 +0100
@@ -19,7 +19,7 @@
 # that the kernel isn't the stock RHL kernel, for example by
 # adding some text to the end of the version number.
 #
-%define release 4.0.1.EL
+%define release 4.0.1.EL2
 %define sublevel 21
 %define kversion 2.4.%{sublevel}
 # /usr/src/%{kslnk} -> /usr/src/linux-%{KVERREL}
@@ -512,6 +512,9 @@
 # snip out some luxury code when CONFIG_SMALL is on, for -BOOT kernel
 Patch10040: linux-2.4.21-config-small.patch
 
+# Fix mremap-bug
+Patch10050: linux-2.4.21-mremap-fix.patch
+
 # END OF PATCH DEFINITIONS
 
 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1449,6 +1452,8 @@
 # snip out some luxury code when CONFIG_SMALL is on, for -BOOT kernel
 %patch10040 -p1
 
+%patch10050 -p1
+
 # END OF PATCH APPLICATIONS
 
 cp %{SOURCE10} Documentation/
@@ -1997,6 +2002,9 @@
 %endif
 
 %changelog
+* Wed Jan  7 2004 Jan-Frode Myklebust <janfrode@parallab.uib.no> kernel-2.4.21-4.0.1.EL2
+- Added the do_mremap-securityfix.
+
 * Fri Oct 17 2003 Ernie Petrides <petrides@redhat.com> kernel-2.4.21-4.0.1.EL
 - errata #1: increase usable amd64 address space for 32-bit apps (Jim Paradis)
 

--rS8CxjVDS/+yyDmU--