[Glibc-bsd-commits] r2312 - in trunk/kfreebsd-6/debian: . patches
aurel32 at alioth.debian.org
aurel32 at alioth.debian.org
Thu Sep 4 09:42:17 UTC 2008
Author: aurel32
Date: 2008-09-04 09:42:17 +0000 (Thu, 04 Sep 2008)
New Revision: 2312
Added:
trunk/kfreebsd-6/debian/patches/000_amd64.diff
trunk/kfreebsd-6/debian/patches/000_icmp6.diff
trunk/kfreebsd-6/debian/patches/000_nmount.diff
Modified:
trunk/kfreebsd-6/debian/changelog
trunk/kfreebsd-6/debian/patches/series
Log:
* Fix amd64 swapgs local privilege escalation
(FreeBSD-SA-08:07.amd64 / CVE-2008-3890).
* Fix nmount(2) local arbitrary code execution
(FreeBSD-SA-08:08.nmount / CVE-2008-3531).
* Fix remote kernel panics on IPv6 connections
(FreeBSD-SA-08:09.icmp6 /CVE-2008-3530).
Modified: trunk/kfreebsd-6/debian/changelog
===================================================================
--- trunk/kfreebsd-6/debian/changelog 2008-09-01 10:38:03 UTC (rev 2311)
+++ trunk/kfreebsd-6/debian/changelog 2008-09-04 09:42:17 UTC (rev 2312)
@@ -1,3 +1,14 @@
+kfreebsd-6 (6.3-7) unstable; urgency=high
+
+ * Fix amd64 swapgs local privilege escalation
+ (FreeBSD-SA-08:07.amd64 / CVE-2008-3890).
+ * Fix nmount(2) local arbitrary code execution
+ (FreeBSD-SA-08:08.nmount / CVE-2008-3531).
+ * Fix remote kernel panics on IPv6 connections
+ (FreeBSD-SA-08:09.icmp6 /CVE-2008-3530).
+
+ -- Aurelien Jarno <aurel32 at debian.org> Thu, 04 Sep 2008 11:36:54 +0200
+
kfreebsd-6 (6.3-6) unstable; urgency=low
[ Petr Salinger ]
Added: trunk/kfreebsd-6/debian/patches/000_amd64.diff
===================================================================
--- trunk/kfreebsd-6/debian/patches/000_amd64.diff (rev 0)
+++ trunk/kfreebsd-6/debian/patches/000_amd64.diff 2008-09-04 09:42:17 UTC (rev 2312)
@@ -0,0 +1,25 @@
+Index: src/sys/amd64/amd64/exception.S
+===================================================================
+RCS file: /home/ncvs/src/sys/amd64/amd64/exception.S,v
+retrieving revision 1.132
+retrieving revision 1.133
+diff -u -d -r1.132 -r1.133
+--- src/sys/amd64/amd64/exception.S 24 May 2008 06:32:26 -0000 1.132
++++ src/sys/amd64/amd64/exception.S 18 Aug 2008 08:47:27 -0000 1.133
+@@ -636,13 +636,10 @@
+ .globl doreti_iret_fault
+ doreti_iret_fault:
+ subq $TF_RIP,%rsp /* space including tf_err, tf_trapno */
+- testb $SEL_RPL_MASK,TF_CS(%rsp) /* Did we come from kernel? */
+- jz 1f /* already running with kernel GS.base */
+- swapgs
+-1: testl $PSL_I,TF_RFLAGS(%rsp)
+- jz 2f
++ testl $PSL_I,TF_RFLAGS(%rsp)
++ jz 1f
+ sti
+-2: movq %rdi,TF_RDI(%rsp)
++1: movq %rdi,TF_RDI(%rsp)
+ movq %rsi,TF_RSI(%rsp)
+ movq %rdx,TF_RDX(%rsp)
+ movq %rcx,TF_RCX(%rsp)
Added: trunk/kfreebsd-6/debian/patches/000_icmp6.diff
===================================================================
--- trunk/kfreebsd-6/debian/patches/000_icmp6.diff (rev 0)
+++ trunk/kfreebsd-6/debian/patches/000_icmp6.diff 2008-09-04 09:42:17 UTC (rev 2312)
@@ -0,0 +1,23 @@
+Index: src/sys/netinet6/icmp6.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet6/icmp6.c,v
+retrieving revision 1.80.2.4
+diff -u -p -r1.80.2.4 icmp6.c
+--- src/sys/netinet6/icmp6.c 31 Aug 2008 21:54:24 -0000 1.80.2.4
++++ src/sys/netinet6/icmp6.c 1 Sep 2008 23:03:44 -0000
+@@ -1117,6 +1117,15 @@ icmp6_mtudisc_update(struct ip6ctlparam
+ if (!validated)
+ return;
+
++ /*
++ * In case the suggested mtu is less than IPV6_MMTU, we
++ * only need to remember that it was for above mentioned
++ * "alwaysfrag" case.
++ * Try to be as close to the spec as possible.
++ */
++ if (mtu < IPV6_MMTU)
++ mtu = IPV6_MMTU - 8;
++
+ bzero(&inc, sizeof(inc));
+ inc.inc_flags = 1; /* IPv6 */
+ inc.inc6_faddr = *dst;
Added: trunk/kfreebsd-6/debian/patches/000_nmount.diff
===================================================================
--- trunk/kfreebsd-6/debian/patches/000_nmount.diff (rev 0)
+++ trunk/kfreebsd-6/debian/patches/000_nmount.diff 2008-09-04 09:42:17 UTC (rev 2312)
@@ -0,0 +1,17 @@
+Index: src/sys/kern/vfs_mount.c
+===================================================================
+RCS file: /usr/ncvs/src/sys/kern/vfs_mount.c,v
+retrieving revision 1.265.2.3
+diff -u -r1.265.2.3 vfs_mount.c
+--- src/sys/kern/vfs_mount.c 6 Apr 2008 10:02:20 -0000 1.265.2.3
++++ src/sys/kern/vfs_mount.c 17 Jul 2008 15:39:37 -0000
+@@ -1830,7 +1830,8 @@
+ }
+ if (*t != NULL)
+ continue;
+- sprintf(errmsg, "mount option <%s> is unknown", p);
++ snprintf(errmsg, sizeof(errmsg),
++ "mount option <%s> is unknown", p);
+ printf("%s\n", errmsg);
+ ret = EINVAL;
+ }
Modified: trunk/kfreebsd-6/debian/patches/series
===================================================================
--- trunk/kfreebsd-6/debian/patches/series 2008-09-01 10:38:03 UTC (rev 2311)
+++ trunk/kfreebsd-6/debian/patches/series 2008-09-04 09:42:17 UTC (rev 2312)
@@ -1,5 +1,8 @@
000_sendfile.diff -p1
000_nfe.diff -p1
+000_amd64.diff -p1
+000_icmp6.diff -p1
+000_nmount.diff -p1
001_misc.diff -p1
003_glibc_dev_aicasm.diff -p1
004_xargs.diff -p1
More information about the Glibc-bsd-commits
mailing list