[Glibc-bsd-commits] r5776 - in branches/jessie/kfreebsd-10/debian: . patches
stevenc-guest at alioth.debian.org
stevenc-guest at alioth.debian.org
Wed Sep 16 16:14:19 UTC 2015
Author: stevenc-guest
Date: 2015-09-16 16:14:19 +0000 (Wed, 16 Sep 2015)
New Revision: 5776
Added:
branches/jessie/kfreebsd-10/debian/patches/EN-15_14.ixgbe.patch
branches/jessie/kfreebsd-10/debian/patches/SA-15_21.amd64.patch
Modified:
branches/jessie/kfreebsd-10/debian/changelog
branches/jessie/kfreebsd-10/debian/patches/series
Log:
Pick SVN r287146 from FreeBSD 10.1-RELEASE:
- SA-15:21: Fix local privilege escalation in IRET handler.
(CVE-2015-5675) (Closes: #796996)
- EN-15:14: Disabled ixgbe(4) flow-director support, due to an
implementation bug.
Modified: branches/jessie/kfreebsd-10/debian/changelog
===================================================================
--- branches/jessie/kfreebsd-10/debian/changelog 2015-09-16 15:45:46 UTC (rev 5775)
+++ branches/jessie/kfreebsd-10/debian/changelog 2015-09-16 16:14:19 UTC (rev 5776)
@@ -1,4 +1,4 @@
-kfreebsd-10 (10.1~svn274115-4+kbsd8u1) UNRELEASED; urgency=medium
+kfreebsd-10 (10.1~svn274115-4+kbsd8u1) UNRELEASED; urgency=high
* Create tarballs of upstream source, and of the kfreebsd-source
binary-indep package, using a reproducible stable file order.
@@ -6,9 +6,14 @@
* In the kfreebsd-source binary-indep package, clamp timestamps
to be no later than the last debian/changelog entry.
(Closes: #788238)
- * Pick SVN r282873 from FreeBSD 10.1-RELEASE to fix:
+ * Pick SVN r282873 from FreeBSD 10.1-RELEASE:
- EN-15:05: Fix deadlock on reboot with UFS tuned with SU+J.
(Closes: #786619)
+ * Pick SVN r287146 from FreeBSD 10.1-RELEASE:
+ - SA-15:21: Fix local privilege escalation in IRET handler.
+ (CVE-2015-5675) (Closes: #796996)
+ - EN-15:14: Disabled ixgbe(4) flow-director support, due to an
+ implementation bug.
-- Steven Chamberlain <steven at pyro.eu.org> Sat, 23 May 2015 14:57:14 +0100
Added: branches/jessie/kfreebsd-10/debian/patches/EN-15_14.ixgbe.patch
===================================================================
--- branches/jessie/kfreebsd-10/debian/patches/EN-15_14.ixgbe.patch (rev 0)
+++ branches/jessie/kfreebsd-10/debian/patches/EN-15_14.ixgbe.patch 2015-09-16 16:14:19 UTC (rev 5776)
@@ -0,0 +1,28 @@
+Description:
+ Disabled ixgbe(4) flow-director support. [EN-15:14]
+Origin: vendor
+Bug: https://www.freebsd.org/security/advisories/FreeBSD-EN-15:14.ixgbe.asc
+Applied-Upstream: https://svnweb.freebsd.org/base?view=revision&revision=287146
+
+--- a/sys/conf/files
++++ b/sys/conf/files
+@@ -1704,7 +1704,7 @@
+ dev/ixgb/ixgb_ee.c optional ixgb
+ dev/ixgb/ixgb_hw.c optional ixgb
+ dev/ixgbe/ixgbe.c optional ixgbe inet \
+- compile-with "${NORMAL_C} -I$S/dev/ixgbe -DSMP -DIXGBE_FDIR"
++ compile-with "${NORMAL_C} -I$S/dev/ixgbe -DSMP"
+ dev/ixgbe/ixv.c optional ixgbe inet \
+ compile-with "${NORMAL_C} -I$S/dev/ixgbe"
+ dev/ixgbe/ixgbe_phy.c optional ixgbe inet \
+--- a/sys/modules/ixgbe/Makefile
++++ b/sys/modules/ixgbe/Makefile
+@@ -12,7 +12,7 @@
+ SRCS += ixgbe_common.c ixgbe_api.c ixgbe_phy.c ixgbe_mbx.c ixgbe_vf.c
+ SRCS += ixgbe_dcb.c ixgbe_dcb_82598.c ixgbe_dcb_82599.c
+ SRCS += ixgbe_82599.c ixgbe_82598.c ixgbe_x540.c
+-CFLAGS+= -I${.CURDIR}/../../dev/ixgbe -DSMP -DIXGBE_FDIR
++CFLAGS+= -I${.CURDIR}/../../dev/ixgbe -DSMP
+
+ .if !defined(KERNBUILDDIR)
+ .if ${MK_INET_SUPPORT} != "no"
Added: branches/jessie/kfreebsd-10/debian/patches/SA-15_21.amd64.patch
===================================================================
--- branches/jessie/kfreebsd-10/debian/patches/SA-15_21.amd64.patch (rev 0)
+++ branches/jessie/kfreebsd-10/debian/patches/SA-15_21.amd64.patch 2015-09-16 16:14:19 UTC (rev 5776)
@@ -0,0 +1,56 @@
+Description:
+ Fix local privilege escalation in IRET handler. [SA-15:21]
+ (CVE-2015-5675)
+Origin: vendor, https://security.FreeBSD.org/patches/SA-15:21/amd64.patch
+Bug: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:21.amd64.asc
+Bug-Debian: https://bugs.debian.org/796996
+Applied-Upstream: https://svnweb.freebsd.org/base?view=revision&revision=287146
+
+--- a/sys/amd64/amd64/exception.S
++++ b/sys/amd64/amd64/exception.S
+@@ -154,9 +154,13 @@
+ IDTVEC(tss)
+ TRAP_ERR(T_TSSFLT)
+ IDTVEC(missing)
+- TRAP_ERR(T_SEGNPFLT)
++ subq $TF_ERR,%rsp
++ movl $T_SEGNPFLT,TF_TRAPNO(%rsp)
++ jmp prot_addrf
+ IDTVEC(stk)
+- TRAP_ERR(T_STKFLT)
++ subq $TF_ERR,%rsp
++ movl $T_STKFLT,TF_TRAPNO(%rsp)
++ jmp prot_addrf
+ IDTVEC(align)
+ TRAP_ERR(T_ALIGNFLT)
+
+@@ -319,6 +323,7 @@
+ IDTVEC(prot)
+ subq $TF_ERR,%rsp
+ movl $T_PROTFLT,TF_TRAPNO(%rsp)
++prot_addrf:
+ movq $0,TF_ADDR(%rsp)
+ movq %rdi,TF_RDI(%rsp) /* free up a GP register */
+ leaq doreti_iret(%rip),%rdi
+--- a/sys/amd64/amd64/machdep.c
++++ b/sys/amd64/amd64/machdep.c
+@@ -433,6 +433,7 @@
+ regs->tf_rflags &= ~(PSL_T | PSL_D);
+ regs->tf_cs = _ucodesel;
+ regs->tf_ds = _udatasel;
++ regs->tf_ss = _udatasel;
+ regs->tf_es = _udatasel;
+ regs->tf_fs = _ufssel;
+ regs->tf_gs = _ugssel;
+--- a/sys/amd64/amd64/trap.c
++++ b/sys/amd64/amd64/trap.c
+@@ -457,8 +457,6 @@
+ goto out;
+
+ case T_STKFLT: /* stack fault */
+- break;
+-
+ case T_PROTFLT: /* general protection fault */
+ case T_SEGNPFLT: /* segment not present fault */
+ if (td->td_intr_nesting_level != 0)
+
Modified: branches/jessie/kfreebsd-10/debian/patches/series
===================================================================
--- branches/jessie/kfreebsd-10/debian/patches/series 2015-09-16 15:45:46 UTC (rev 5775)
+++ branches/jessie/kfreebsd-10/debian/patches/series 2015-09-16 16:14:19 UTC (rev 5776)
@@ -44,3 +44,5 @@
EN-15_01.vt.patch
SA-15_09.ipv6.patch
EN-15_05.ufs.patch
+EN-15_14.ixgbe.patch
+SA-15_21.amd64.patch
More information about the Glibc-bsd-commits
mailing list