[Glibc-bsd-commits] r4835 - in trunk/kfreebsd-9.1/debian: . patches
Steven Chamberlain
stevenc-guest at alioth.debian.org
Mon Jul 29 19:44:45 UTC 2013
Author: stevenc-guest
Date: 2013-07-29 19:44:45 +0000 (Mon, 29 Jul 2013)
New Revision: 4835
Added:
trunk/kfreebsd-9.1/debian/patches/SA-13_08.nfsserver.patch
Modified:
trunk/kfreebsd-9.1/debian/changelog
trunk/kfreebsd-9.1/debian/patches/series
Log:
Pick SVN 253693 from FreeBSD 9-STABLE to fix SA-13:08 / CVE-2013-4851:
Incorrect privilege validation in the NFS server (Closes: #717958)
Modified: trunk/kfreebsd-9.1/debian/changelog
===================================================================
--- trunk/kfreebsd-9.1/debian/changelog 2013-07-29 19:30:57 UTC (rev 4834)
+++ trunk/kfreebsd-9.1/debian/changelog 2013-07-29 19:44:45 UTC (rev 4835)
@@ -1,10 +1,14 @@
-kfreebsd-9 (9.1-4) UNRELEASED; urgency=low
+kfreebsd-9 (9.1-4) UNRELEASED; urgency=high
[ Petr Salinger ]
* switch back to gcc-4.6
reenable 901_disable_optimization_2.diff
Closes: #718250.
+ [ Steven Chamberlain ]
+ * Pick SVN 253693 from FreeBSD 9-STABLE to fix SA-13:08 / CVE-2013-4851:
+ Incorrect privilege validation in the NFS server (Closes: #717958)
+
-- Robert Millan <rmh at debian.org> Mon, 29 Jul 2013 21:50:20 +0200
kfreebsd-9 (9.1-3) unstable; urgency=low
Added: trunk/kfreebsd-9.1/debian/patches/SA-13_08.nfsserver.patch
===================================================================
--- trunk/kfreebsd-9.1/debian/patches/SA-13_08.nfsserver.patch (rev 0)
+++ trunk/kfreebsd-9.1/debian/patches/SA-13_08.nfsserver.patch 2013-07-29 19:44:45 UTC (rev 4835)
@@ -0,0 +1,23 @@
+Description:
+ Fix a bug that allows remote client bypass the normal
+ access checks when when -network or -host restrictions
+ are used at the same time with -mapall. [13:08]
+ (CVE-2013-4851)
+Origin: vendor, http://security.FreeBSD.org/patches/SA-13:08/nfsserver.patch
+Bug: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:08.nfsserver.asc
+Bug-Debian: http://bugs.debian.org/717958
+Applied-Upstream: http://svnweb.freebsd.org/base?view=revision&revision=253693
+
+Index: kfreebsd-9-9.0/sys/kern/vfs_export.c
+===================================================================
+--- kfreebsd-9-9.0.orig/sys/kern/vfs_export.c 2009-09-28 19:07:16.000000000 +0100
++++ kfreebsd-9-9.0/sys/kern/vfs_export.c 2013-07-28 18:13:25.223547283 +0100
+@@ -208,7 +208,7 @@
+ np->netc_anon = crget();
+ np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
+ crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
+- np->netc_anon->cr_groups);
++ argp->ex_anon.cr_groups);
+ np->netc_anon->cr_prison = &prison0;
+ prison_hold(np->netc_anon->cr_prison);
+ np->netc_numsecflavors = argp->ex_numsecflavors;
Modified: trunk/kfreebsd-9.1/debian/patches/series
===================================================================
--- trunk/kfreebsd-9.1/debian/patches/series 2013-07-29 19:30:57 UTC (rev 4834)
+++ trunk/kfreebsd-9.1/debian/patches/series 2013-07-29 19:44:45 UTC (rev 4835)
@@ -1,6 +1,7 @@
# Patches from (or merged in) upstream
SA-13_05.nfsserver.patch
SA-13_06.mmap.patch
+SA-13_08.nfsserver.patch
000_cpuclockid2_zombie.diff
000_cpuclockid2_syscall.diff
More information about the Glibc-bsd-commits
mailing list