[Glibc-bsd-commits] r1673 - in trunk/kfreebsd-5/debian: . patches
Aurelien Jarno
aurel32 at costa.debian.org
Tue Oct 10 13:05:03 UTC 2006
Author: aurel32
Date: 2006-10-10 13:05:02 +0000 (Tue, 10 Oct 2006)
New Revision: 1673
Added:
trunk/kfreebsd-5/debian/README.Debian
trunk/kfreebsd-5/debian/patches/000_ppp.diff
Modified:
trunk/kfreebsd-5/debian/changelog
trunk/kfreebsd-5/debian/control
trunk/kfreebsd-5/debian/rules
Log:
* Urgency set to high as this fixes a security bug.
* Fix a buffer overflow in sppp (FreeBSD-SA-06:08.ppp / CVE-2006-4304).
* Added a README.Debian about security support.
* Bumped Standard-Version to 3.7.2 (no changes).
Added: trunk/kfreebsd-5/debian/README.Debian
===================================================================
--- trunk/kfreebsd-5/debian/README.Debian (rev 0)
+++ trunk/kfreebsd-5/debian/README.Debian 2006-10-10 13:05:02 UTC (rev 1673)
@@ -0,0 +1,7 @@
+README.Debian for kfreebsd-5
+----------------------------
+
+Please note that the security support may not be assured for kfreebsd-5
+until Debian GNU/kFreeBSD is an official port.
+
+-- GNU/kFreeBSD Maintainers <debian-bsd at lists.debian.org>
Modified: trunk/kfreebsd-5/debian/changelog
===================================================================
--- trunk/kfreebsd-5/debian/changelog 2006-10-09 19:10:00 UTC (rev 1672)
+++ trunk/kfreebsd-5/debian/changelog 2006-10-10 13:05:02 UTC (rev 1673)
@@ -1,8 +1,12 @@
-kfreebsd-5 (5.4-18) UNRELEASED; urgency=low
+kfreebsd-5 (5.4-18) unstable; urgency=high
* Disable /boot/loader.conf (provided in kfreebsd-loader now).
+ * Urgency set to high as this fixes a security bug.
+ * Fix a buffer overflow in sppp (FreeBSD-SA-06:08.ppp / CVE-2006-4304).
+ * Added a README.Debian about security support.
+ * Bumped Standard-Version to 3.7.2 (no changes).
- -- Robert Millan <rmh at aybabtu.com> Wed, 26 Apr 2006 19:33:05 +0200
+ -- Aurelien Jarno <aurel32 at debian.org> Tue, 10 Oct 2006 14:32:54 +0200
kfreebsd-5 (5.4-17) unstable; urgency=high
Modified: trunk/kfreebsd-5/debian/control
===================================================================
--- trunk/kfreebsd-5/debian/control 2006-10-09 19:10:00 UTC (rev 1672)
+++ trunk/kfreebsd-5/debian/control 2006-10-10 13:05:02 UTC (rev 1673)
@@ -3,9 +3,8 @@
Priority: optional
Maintainer: GNU/kFreeBSD Maintainers <debian-bsd at lists.debian.org>
Uploaders: Aurelien Jarno <aurel32 at debian.org>, Guillem Jover <guillem at debian.org>
-Build-Depends-Indep: debhelper (>= 4.1.0), bzip2, patchutils (>= 0.2.25)
Build-Depends: debhelper (>= 4.1.0), bzip2, patchutils (>= 0.2.25), dpkg (>= 1.13.9), freebsd5-buildutils (>= 5.4), libdb4.3-dev | libdb-dev, flex-old | flex, gcc-3.4
-Standards-Version: 3.6.2
+Standards-Version: 3.7.2
Package: kfreebsd-source-5.4
Architecture: all
Added: trunk/kfreebsd-5/debian/patches/000_ppp.diff
===================================================================
--- trunk/kfreebsd-5/debian/patches/000_ppp.diff (rev 0)
+++ trunk/kfreebsd-5/debian/patches/000_ppp.diff 2006-10-10 13:05:02 UTC (rev 1673)
@@ -0,0 +1,127 @@
+Index: sys/net/if_spppsubr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/net/if_spppsubr.c,v
+retrieving revision 1.124
+diff -u -I__FBSDID -r1.124 if_spppsubr.c
+--- sys/net/if_spppsubr.c 15 Jul 2006 02:49:35 -0000 1.124
++++ sys/net/if_spppsubr.c 21 Aug 2006 11:32:49 -0000
+@@ -2363,7 +2363,8 @@
+
+ /* pass 1: check for things that need to be rejected */
+ p = (void*) (h+1);
+- for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++ for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++ len-=p[1], p+=p[1]) {
+ if (debug)
+ log(-1, " %s ", sppp_lcp_opt_name(*p));
+ switch (*p) {
+@@ -2442,7 +2443,8 @@
+
+ p = (void*) (h+1);
+ len = origlen;
+- for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++ for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++ len-=p[1], p+=p[1]) {
+ if (debug)
+ log(-1, " %s ", sppp_lcp_opt_name(*p));
+ switch (*p) {
+@@ -2584,7 +2586,8 @@
+ SPP_ARGS(ifp));
+
+ p = (void*) (h+1);
+- for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++ for (; len >= 2 && p[1] >= 2 && len >= p[1];
++ len -= p[1], p += p[1]) {
+ if (debug)
+ log(-1, " %s ", sppp_lcp_opt_name(*p));
+ switch (*p) {
+@@ -2648,7 +2651,8 @@
+ SPP_ARGS(ifp));
+
+ p = (void*) (h+1);
+- for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++ for (; len >= 2 && p[1] >= 2 && len >= p[1];
++ len -= p[1], p += p[1]) {
+ if (debug)
+ log(-1, " %s ", sppp_lcp_opt_name(*p));
+ switch (*p) {
+@@ -3039,7 +3043,8 @@
+ log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ",
+ SPP_ARGS(ifp));
+ p = (void*) (h+1);
+- for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++ for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++ len-=p[1], p+=p[1]) {
+ if (debug)
+ log(-1, " %s ", sppp_ipcp_opt_name(*p));
+ switch (*p) {
+@@ -3108,7 +3113,8 @@
+ SPP_ARGS(ifp));
+ p = (void*) (h+1);
+ len = origlen;
+- for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++ for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++ len-=p[1], p+=p[1]) {
+ if (debug)
+ log(-1, " %s ", sppp_ipcp_opt_name(*p));
+ switch (*p) {
+@@ -3239,7 +3245,8 @@
+ SPP_ARGS(ifp));
+
+ p = (void*) (h+1);
+- for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++ for (; len >= 2 && p[1] >= 2 && len >= p[1];
++ len -= p[1], p += p[1]) {
+ if (debug)
+ log(-1, " %s ", sppp_ipcp_opt_name(*p));
+ switch (*p) {
+@@ -3285,7 +3292,8 @@
+ SPP_ARGS(ifp));
+
+ p = (void*) (h+1);
+- for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++ for (; len >= 2 && p[1] >= 2 && len >= p[1];
++ len -= p[1], p += p[1]) {
+ if (debug)
+ log(-1, " %s ", sppp_ipcp_opt_name(*p));
+ switch (*p) {
+@@ -3511,7 +3519,8 @@
+ SPP_ARGS(ifp));
+ p = (void*) (h+1);
+ ifidcount = 0;
+- for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++ for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++ len-=p[1], p+=p[1]) {
+ if (debug)
+ log(-1, " %s", sppp_ipv6cp_opt_name(*p));
+ switch (*p) {
+@@ -3561,7 +3570,8 @@
+ p = (void*) (h+1);
+ len = origlen;
+ type = CONF_ACK;
+- for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++ for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++ len-=p[1], p+=p[1]) {
+ if (debug)
+ log(-1, " %s", sppp_ipv6cp_opt_name(*p));
+ switch (*p) {
+@@ -3660,7 +3670,8 @@
+ SPP_ARGS(ifp));
+
+ p = (void*) (h+1);
+- for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++ for (; len >= 2 && p[1] >= 2 && len >= p[1];
++ len -= p[1], p += p[1]) {
+ if (debug)
+ log(-1, " %s", sppp_ipv6cp_opt_name(*p));
+ switch (*p) {
+@@ -3706,7 +3717,8 @@
+ SPP_ARGS(ifp));
+
+ p = (void*) (h+1);
+- for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++ for (; len >= 2 && p[1] >= 2 && len >= p[1];
++ len -= p[1], p += p[1]) {
+ if (debug)
+ log(-1, " %s", sppp_ipv6cp_opt_name(*p));
+ switch (*p) {
Modified: trunk/kfreebsd-5/debian/rules
===================================================================
--- trunk/kfreebsd-5/debian/rules 2006-10-09 19:10:00 UTC (rev 1672)
+++ trunk/kfreebsd-5/debian/rules 2006-10-10 13:05:02 UTC (rev 1673)
@@ -68,6 +68,12 @@
touch build-indep-stamp
+ifeq ($(os), kfreebsd)
+build: build-arch build-indep
+else
+build: build-indep
+endif
+
install-indep: install-indep-stamp
install-indep-stamp: build-indep
dh_testdir
More information about the Glibc-bsd-commits
mailing list