[Glibc-bsd-commits] r3479 - in trunk/kfreebsd-8/debian: . patches

Sat Jun 25 10:19:39 UTC 2011

Author: rmh
Date: 2011-06-25 10:19:39 +0000 (Sat, 25 Jun 2011)
New Revision: 3479

Added:
   trunk/kfreebsd-8/debian/patches/000_net80211_disclosure.diff
Modified:
   trunk/kfreebsd-8/debian/changelog
   trunk/kfreebsd-8/debian/patches/series
Log:
  * Fix net802.11 stack kernel memory disclosure (CVE-2011-2480).
    (Closes: #631160)
    - 000_net80211_disclosure.diff

Modified: trunk/kfreebsd-8/debian/changelog
===================================================================

--- trunk/kfreebsd-8/debian/changelog	2011-06-25 10:16:30 UTC (rev 3478)
+++ trunk/kfreebsd-8/debian/changelog	2011-06-25 10:19:39 UTC (rev 3479)
@@ -1,3 +1,11 @@
+kfreebsd-8 (8.2-3) unstable; urgency=medium
+
+  * Fix net802.11 stack kernel memory disclosure (CVE-2011-2480).
+    (Closes: #631160)
+    - 000_net80211_disclosure.diff
+
+ -- Robert Millan <rmh at debian.org>  Fri, 24 Jun 2011 16:24:58 +0200
+
 kfreebsd-8 (8.2-2) unstable; urgency=low
 
   [ Guillem Jover ]
@@ -12,7 +20,7 @@
   * Add lintian override for "embedded-library" (zlib.ko).
   * Automatically propagate GCC version dependency to debian/control.
   * Add "(meta-package)" to Description of meta-packages to make lintian happy.
-  * Add myself to Uploaders
+  * Add myself to Uploaders.
   * Build by GCC 4.6.  (Closes: #594288)
   * Add conf/kern.mk, conf/kmod.mk, kern/vnode_if.src, and
     tools/vnode_if.awk to kfreebsd-headers-8.2-1.  (Closes: #630509)

Added: trunk/kfreebsd-8/debian/patches/000_net80211_disclosure.diff
===================================================================
--- trunk/kfreebsd-8/debian/patches/000_net80211_disclosure.diff	                        (rev 0)
+++ trunk/kfreebsd-8/debian/patches/000_net80211_disclosure.diff	2011-06-25 10:19:39 UTC (rev 3479)
@@ -0,0 +1,79 @@
+--- a/sys/net80211/ieee80211_acl.c
++++ b/sys/net80211/ieee80211_acl.c
+@@ -77,7 +77,7 @@
+ struct aclstate {
+ 	acl_lock_t		as_lock;
+ 	int			as_policy;
+-	int			as_nacls;
++	uint32_t		as_nacls;
+ 	TAILQ_HEAD(, acl)	as_list;	/* list of all ACL's */
+ 	LIST_HEAD(, acl)	as_hash[ACL_HASHSIZE];
+ 	struct ieee80211vap	*as_vap;
+@@ -289,7 +289,8 @@
+ 	struct aclstate *as = vap->iv_as;
+ 	struct acl *acl;
+ 	struct ieee80211req_maclist *ap;
+-	int error, space, i;
++	int error;
++	uint32_t i, space;
+ 
+ 	switch (ireq->i_val) {
+ 	case IEEE80211_MACCMD_POLICY:
+--- a/sys/net80211/ieee80211_ioctl.c
++++ b/sys/net80211/ieee80211_ioctl.c
+@@ -141,7 +141,7 @@
+ ieee80211_ioctl_getchaninfo(struct ieee80211vap *vap, struct ieee80211req *ireq)
+ {
+ 	struct ieee80211com *ic = vap->iv_ic;
+-	int space;
++	uint32_t space;
+ 
+ 	space = __offsetof(struct ieee80211req_chaninfo,
+ 			ic_chans[ic->ic_nchans]);
+@@ -205,7 +205,7 @@
+ {
+ 	struct ieee80211_node *ni;
+ 	uint8_t macaddr[IEEE80211_ADDR_LEN];
+-	const int off = __offsetof(struct ieee80211req_sta_stats, is_stats);
++	const size_t off = __offsetof(struct ieee80211req_sta_stats, is_stats);
+ 	int error;
+ 
+ 	if (ireq->i_len < off)
+@@ -321,7 +321,7 @@
+ 	if (req.space > ireq->i_len)
+ 		req.space = ireq->i_len;
+ 	if (req.space > 0) {
+-		size_t space;
++		uint32_t space;
+ 		void *p;
+ 
+ 		space = req.space;
+@@ -456,7 +456,7 @@
+ 
+ static __noinline int
+ getstainfo_common(struct ieee80211vap *vap, struct ieee80211req *ireq,
+-	struct ieee80211_node *ni, int off)
++	struct ieee80211_node *ni, size_t off)
+ {
+ 	struct ieee80211com *ic = vap->iv_ic;
+ 	struct stainforeq req;
+@@ -501,7 +501,7 @@
+ ieee80211_ioctl_getstainfo(struct ieee80211vap *vap, struct ieee80211req *ireq)
+ {
+ 	uint8_t macaddr[IEEE80211_ADDR_LEN];
+-	const int off = __offsetof(struct ieee80211req_sta_req, info);
++	const size_t off = __offsetof(struct ieee80211req_sta_req, info);
+ 	struct ieee80211_node *ni;
+ 	int error;
+ 
+--- a/sys/net80211/ieee80211_ioctl.h
++++ b/sys/net80211/ieee80211_ioctl.h
+@@ -578,7 +578,7 @@
+ 	char		i_name[IFNAMSIZ];	/* if_name, e.g. "wi0" */
+ 	uint16_t	i_type;			/* req type */
+ 	int16_t		i_val;			/* Index or simple value */
+-	int16_t		i_len;			/* Index or simple value */
++	uint16_t	i_len;			/* Index or simple value */
+ 	void		*i_data;		/* Extra data */
+ };
+ #define	SIOCS80211		 _IOW('i', 234, struct ieee80211req)

Modified: trunk/kfreebsd-8/debian/patches/series
===================================================================
--- trunk/kfreebsd-8/debian/patches/series	2011-06-25 10:16:30 UTC (rev 3478)
+++ trunk/kfreebsd-8/debian/patches/series	2011-06-25 10:19:39 UTC (rev 3479)
@@ -1,6 +1,7 @@
 000_coda.diff
 000_t_delta_warning.diff
 000_msk_backport_from_HEAD.diff
+000_net80211_disclosure.diff
 001_misc.diff
 003_glibc_dev_aicasm.diff
 004_xargs.diff


