[Glibc-bsd-commits] r4835 - in trunk/kfreebsd-9.1/debian: . patches

Steven Chamberlain stevenc-guest at alioth.debian.org
Mon Jul 29 19:44:45 UTC 2013 

Author: stevenc-guest
Date: 2013-07-29 19:44:45 +0000 (Mon, 29 Jul 2013)
New Revision: 4835

Added:
   trunk/kfreebsd-9.1/debian/patches/SA-13_08.nfsserver.patch
Modified:
   trunk/kfreebsd-9.1/debian/changelog
   trunk/kfreebsd-9.1/debian/patches/series
Log:
Pick SVN 253693 from FreeBSD 9-STABLE to fix SA-13:08 / CVE-2013-4851:
Incorrect privilege validation in the NFS server (Closes: #717958)


Modified: trunk/kfreebsd-9.1/debian/changelog
===================================================================
--- trunk/kfreebsd-9.1/debian/changelog	2013-07-29 19:30:57 UTC (rev 4834)
+++ trunk/kfreebsd-9.1/debian/changelog	2013-07-29 19:44:45 UTC (rev 4835)
@@ -1,10 +1,14 @@
-kfreebsd-9 (9.1-4) UNRELEASED; urgency=low
+kfreebsd-9 (9.1-4) UNRELEASED; urgency=high
 
   [ Petr Salinger ]
   * switch back to gcc-4.6
     reenable 901_disable_optimization_2.diff
     Closes: #718250.
 
+  [ Steven Chamberlain ]
+  * Pick SVN 253693 from FreeBSD 9-STABLE to fix SA-13:08 / CVE-2013-4851:
+    Incorrect privilege validation in the NFS server (Closes: #717958)
+
  -- Robert Millan <rmh at debian.org>  Mon, 29 Jul 2013 21:50:20 +0200
 
 kfreebsd-9 (9.1-3) unstable; urgency=low

Added: trunk/kfreebsd-9.1/debian/patches/SA-13_08.nfsserver.patch
===================================================================
--- trunk/kfreebsd-9.1/debian/patches/SA-13_08.nfsserver.patch	                        (rev 0)
+++ trunk/kfreebsd-9.1/debian/patches/SA-13_08.nfsserver.patch	2013-07-29 19:44:45 UTC (rev 4835)
@@ -0,0 +1,23 @@
+Description:
+ Fix a bug that allows remote client bypass the normal
+ access checks when when -network or -host restrictions
+ are used at the same time with -mapall. [13:08]
+ (CVE-2013-4851)
+Origin: vendor, http://security.FreeBSD.org/patches/SA-13:08/nfsserver.patch
+Bug: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:08.nfsserver.asc
+Bug-Debian: http://bugs.debian.org/717958
+Applied-Upstream: http://svnweb.freebsd.org/base?view=revision&revision=253693
+
+Index: kfreebsd-9-9.0/sys/kern/vfs_export.c
+===================================================================
+--- kfreebsd-9-9.0.orig/sys/kern/vfs_export.c	2009-09-28 19:07:16.000000000 +0100
++++ kfreebsd-9-9.0/sys/kern/vfs_export.c	2013-07-28 18:13:25.223547283 +0100
+@@ -208,7 +208,7 @@
+ 	np->netc_anon = crget();
+ 	np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
+ 	crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
+-	    np->netc_anon->cr_groups);
++	    argp->ex_anon.cr_groups);
+ 	np->netc_anon->cr_prison = &prison0;
+ 	prison_hold(np->netc_anon->cr_prison);
+ 	np->netc_numsecflavors = argp->ex_numsecflavors;

Modified: trunk/kfreebsd-9.1/debian/patches/series
===================================================================
--- trunk/kfreebsd-9.1/debian/patches/series	2013-07-29 19:30:57 UTC (rev 4834)
+++ trunk/kfreebsd-9.1/debian/patches/series	2013-07-29 19:44:45 UTC (rev 4835)
@@ -1,6 +1,7 @@
 # Patches from (or merged in) upstream
 SA-13_05.nfsserver.patch
 SA-13_06.mmap.patch
+SA-13_08.nfsserver.patch
 
 000_cpuclockid2_zombie.diff
 000_cpuclockid2_syscall.diff

More information about the Glibc-bsd-commits mailing list