[Glibc-bsd-commits] r5941 - in branches/jessie/kfreebsd-10/debian: . patches

stevenc-guest at alioth.debian.org stevenc-guest at alioth.debian.org
Wed Mar 16 23:24:22 UTC 2016 

Author: stevenc-guest
Date: 2016-03-16 23:24:21 +0000 (Wed, 16 Mar 2016)
New Revision: 5941

Added:
   branches/jessie/kfreebsd-10/debian/patches/SA-16_10.linux.patch
Modified:
   branches/jessie/kfreebsd-10/debian/changelog
   branches/jessie/kfreebsd-10/debian/patches/series
Log:
Pick SVN r294904 from FreeBSD 10.1-RELEASE:
- SA-16:10: Fix Linux compatibility layer issetugid(2) system call
  vulnerability. (CVE-2016-1883) (Closes: #818423)


Modified: branches/jessie/kfreebsd-10/debian/changelog
===================================================================
--- branches/jessie/kfreebsd-10/debian/changelog	2016-03-13 13:25:05 UTC (rev 5940)
+++ branches/jessie/kfreebsd-10/debian/changelog	2016-03-16 23:24:21 UTC (rev 5941)
@@ -1,5 +1,13 @@
-kfreebsd-10 (10.1~svn274115-4+kbsd8u2) UNRELEASED; urgency=high
+kfreebsd-10 (10.1~svn274115-4+kbsd8u3) UNRELEASED; urgency=high
 
+  * Pick SVN r294904 from FreeBSD 10.1-RELEASE:
+    - SA-16:10: Fix Linux compatibility layer issetugid(2) system call
+      vulnerability. (CVE-2016-1883) (Closes: #818423)
+
+ -- Steven Chamberlain <steven at pyro.eu.org>  Wed, 16 Mar 2016 23:16:33 +0000
+
+kfreebsd-10 (10.1~svn274115-4+kbsd8u2) jessie-kfreebsd; urgency=high
+
   * Pick SVN r293894 from FreeBSD 10.1-RELEASE:
     - EN-16:02: Fix invalid TCP checksums with pf(4). (Closes: #811282)
     - SA-16:01: Fix SCTP ICMPv6 error message vulnerability.

Added: branches/jessie/kfreebsd-10/debian/patches/SA-16_10.linux.patch
===================================================================
--- branches/jessie/kfreebsd-10/debian/patches/SA-16_10.linux.patch	                        (rev 0)
+++ branches/jessie/kfreebsd-10/debian/patches/SA-16_10.linux.patch	2016-03-16 23:24:21 UTC (rev 5941)
@@ -0,0 +1,60 @@
+Description:
+ Fix Linux compatibility layer issetugid(2) system call
+ vulnerability. [SA-16:10]
+Origin: vendor
+Bug: https://www.freebsd.org/security/advisories/FreeBSD-SA-16:10.linux.asc
+Applied-Upstream: https://svnweb.freebsd.org/base?view=revision&revision=294904
+
+--- a/sys/amd64/linux32/linux32_sysvec.c
++++ b/sys/amd64/linux32/linux32_sysvec.c
+@@ -248,6 +248,7 @@
+ 	Elf32_Addr *base;
+ 	Elf32_Addr *pos, *uplatform;
+ 	struct linux32_ps_strings *arginfo;
++	int issetugid;
+ 
+ 	arginfo = (struct linux32_ps_strings *)LINUX32_PS_STRINGS;
+ 	uplatform = (Elf32_Addr *)((caddr_t)arginfo - linux_szplatform);
+@@ -258,6 +259,7 @@
+ 	args = (Elf32_Auxargs *)imgp->auxargs;
+ 	pos = base + (imgp->args->argc + imgp->args->envc + 2);
+ 
++	issetugid = imgp->proc->p_flag & P_SUGID ? 1 : 0;
+ 	AUXARGS_ENTRY_32(pos, LINUX_AT_HWCAP, cpu_feature);
+ 
+ 	/*
+@@ -277,7 +279,7 @@
+ 	AUXARGS_ENTRY_32(pos, AT_FLAGS, args->flags);
+ 	AUXARGS_ENTRY_32(pos, AT_ENTRY, args->entry);
+ 	AUXARGS_ENTRY_32(pos, AT_BASE, args->base);
+-	AUXARGS_ENTRY_32(pos, LINUX_AT_SECURE, 0);
++	AUXARGS_ENTRY_32(pos, LINUX_AT_SECURE, issetugid);
+ 	AUXARGS_ENTRY_32(pos, AT_UID, imgp->proc->p_ucred->cr_ruid);
+ 	AUXARGS_ENTRY_32(pos, AT_EUID, imgp->proc->p_ucred->cr_svuid);
+ 	AUXARGS_ENTRY_32(pos, AT_GID, imgp->proc->p_ucred->cr_rgid);
+--- a/sys/i386/linux/linux_sysvec.c
++++ b/sys/i386/linux/linux_sysvec.c
+@@ -244,11 +244,13 @@
+ 	Elf32_Addr *uplatform;
+ 	struct ps_strings *arginfo;
+ 	register_t *pos;
++	int issetugid;
+ 
+ 	KASSERT(curthread->td_proc == imgp->proc,
+ 	    ("unsafe elf_linux_fixup(), should be curproc"));
+ 
+ 	p = imgp->proc;
++	issetugid = imgp->proc->p_flag & P_SUGID ? 1 : 0;
+ 	arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings;
+ 	uplatform = (Elf32_Addr *)((caddr_t)arginfo - linux_szplatform);
+ 	args = (Elf32_Auxargs *)imgp->auxargs;
+@@ -273,7 +275,7 @@
+ 	AUXARGS_ENTRY(pos, AT_FLAGS, args->flags);
+ 	AUXARGS_ENTRY(pos, AT_ENTRY, args->entry);
+ 	AUXARGS_ENTRY(pos, AT_BASE, args->base);
+-	AUXARGS_ENTRY(pos, LINUX_AT_SECURE, 0);
++	AUXARGS_ENTRY(pos, LINUX_AT_SECURE, issetugid);
+ 	AUXARGS_ENTRY(pos, AT_UID, imgp->proc->p_ucred->cr_ruid);
+ 	AUXARGS_ENTRY(pos, AT_EUID, imgp->proc->p_ucred->cr_svuid);
+ 	AUXARGS_ENTRY(pos, AT_GID, imgp->proc->p_ucred->cr_rgid);
+

Modified: branches/jessie/kfreebsd-10/debian/patches/series
===================================================================
--- branches/jessie/kfreebsd-10/debian/patches/series	2016-03-13 13:25:05 UTC (rev 5940)
+++ branches/jessie/kfreebsd-10/debian/patches/series	2016-03-16 23:24:21 UTC (rev 5941)
@@ -53,3 +53,4 @@
 SA-16_03.linux.patch
 SA-16_04.linux.patch
 SA-16_05.tcp.patch
+SA-16_10.linux.patch

More information about the Glibc-bsd-commits mailing list