r2003 - in trunk/kernel/source: kernel-source-2.6.8-2.6.8/debian kernel-source-2.6.8-2.6.8/debian/patches kernel-source-2.6.8-2.6.8/debian/patches/series kernel-source-2.6.9-2.6.9/debian kernel-source-2.6.9-2.6.9/debian/patches kernel-source-2.6.9-2.6.9/debian/patches/series
Andres Salomon
dilinger-guest@haydn.debian.org
Thu, 16 Dec 2004 00:22:22 -0700
Author: dilinger-guest
Date: 2004-12-16 00:21:29 -0700 (Thu, 16 Dec 2004)
New Revision: 2003
Added:
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/scm_send-dos-fix2.dpatch
trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/scm_send-dos-fix2.dpatch
Modified:
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-11
trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog
trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-4
Log:
* [SECURITY] additional scm_send fix (thanks to Andre Tomt for pointing
this out) (Andres Salomon).
Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2004-12-16 05:34:11 UTC (rev 2002)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2004-12-16 07:21:29 UTC (rev 2003)
@@ -28,6 +28,9 @@
* [SECURITY] igmp remotely exploitable bugfix
(http://www.isec.pl/vulnerabilities/isec-0018-igmp.txt) (Andres Salomon).
+ * [SECURITY] additional scm_send fix (thanks to Andre Tomt for pointing
+ this out) (Andres Salomon).
+
-- dann frazier <dannf@debian.org> Fri, 03 Dec 2004 00:13:41 -0700
kernel-source-2.6.8 (2.6.8-10) unstable; urgency=high
Added: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/scm_send-dos-fix2.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/scm_send-dos-fix2.dpatch 2004-12-16 05:34:11 UTC (rev 2002)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/scm_send-dos-fix2.dpatch 2004-12-16 07:21:29 UTC (rev 2003)
@@ -0,0 +1,52 @@
+#! /bin/sh -e
+## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: [SECURITY] CMSG compat code needs signedness fixes too.
+## DP: Patch author: David S. Miller <davem@davemloft.net>
+## DP: Upstream status: backport
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2004/12/08 13:03:03-08:00 davem@nuts.davemloft.net
+# [NET]: CMSG compat code needs signedness fixes too.
+#
+# Signed-off-by: David S. Miller <davem@davemloft.net>
+#
+# net/compat.c
+# 2004/12/08 13:02:32-08:00 davem@nuts.davemloft.net +7 -5
+# [NET]: CMSG compat code needs signedness fixes too.
+#
+diff -Nru a/net/compat.c b/net/compat.c
+--- a/net/compat.c 2004-12-15 23:12:20 -08:00
++++ b/net/compat.c 2004-12-15 23:12:20 -08:00
+@@ -124,6 +124,12 @@
+ (struct compat_cmsghdr __user *)((msg)->msg_control) : \
+ (struct compat_cmsghdr __user *)NULL)
+
++#define CMSG_COMPAT_OK(ucmlen, ucmsg, mhdr) \
++ ((ucmlen) >= sizeof(struct cmsghdr) && \
++ (ucmlen) <= (unsigned long) \
++ ((mhdr)->msg_controllen - \
++ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
++
+ static inline struct compat_cmsghdr __user *cmsg_compat_nxthdr(struct msghdr *msg,
+ struct compat_cmsghdr __user *cmsg, int cmsg_len)
+ {
+@@ -154,11 +160,7 @@
+ return -EFAULT;
+
+ /* Catch bogons. */
+- if(CMSG_COMPAT_ALIGN(ucmlen) <
+- CMSG_COMPAT_ALIGN(sizeof(struct compat_cmsghdr)))
+- return -EINVAL;
+- if((unsigned long)(((char __user *)ucmsg - (char __user *)kmsg->msg_control)
+- + ucmlen) > kmsg->msg_controllen)
++ if (!CMSG_COMPAT_OK(ucmlen, ucmsg, kmsg))
+ return -EINVAL;
+
+ tmp = ((ucmlen - CMSG_COMPAT_ALIGN(sizeof(*ucmsg))) +
Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-11
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-11 2004-12-16 05:34:11 UTC (rev 2002)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-11 2004-12-16 07:21:29 UTC (rev 2003)
@@ -6,3 +6,4 @@
+ arch-x86_64-sys32_ni-overflow.dpatch
+ scm_send-dos-fix.dpatch
+ igmp-src-list-fix.dpatch
++ scm_send-dos-fix2.dpatch
Modified: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog 2004-12-16 05:34:11 UTC (rev 2002)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog 2004-12-16 07:21:29 UTC (rev 2003)
@@ -33,6 +33,9 @@
* [SECURITY] igmp remotely exploitable bugfix
(http://www.isec.pl/vulnerabilities/isec-0018-igmp.txt) (Andres Salomon).
+ * [SECURITY] additional scm_send fix (thanks to Andre Tomt for pointing
+ this out) (Andres Salomon).
+
-- dann frazier <dannf@debian.org> Fri, 03 Dec 2004 09:26:52 -0700
kernel-source-2.6.9 (2.6.9-3) unstable; urgency=low
Added: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/scm_send-dos-fix2.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/scm_send-dos-fix2.dpatch 2004-12-16 05:34:11 UTC (rev 2002)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/scm_send-dos-fix2.dpatch 2004-12-16 07:21:29 UTC (rev 2003)
@@ -0,0 +1,52 @@
+#! /bin/sh -e
+## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: [SECURITY] CMSG compat code needs signedness fixes too.
+## DP: Patch author: David S. Miller <davem@davemloft.net>
+## DP: Upstream status: backport
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2004/12/08 13:03:03-08:00 davem@nuts.davemloft.net
+# [NET]: CMSG compat code needs signedness fixes too.
+#
+# Signed-off-by: David S. Miller <davem@davemloft.net>
+#
+# net/compat.c
+# 2004/12/08 13:02:32-08:00 davem@nuts.davemloft.net +7 -5
+# [NET]: CMSG compat code needs signedness fixes too.
+#
+diff -Nru a/net/compat.c b/net/compat.c
+--- a/net/compat.c 2004-12-15 23:12:20 -08:00
++++ b/net/compat.c 2004-12-15 23:12:20 -08:00
+@@ -124,6 +124,12 @@
+ (struct compat_cmsghdr __user *)((msg)->msg_control) : \
+ (struct compat_cmsghdr __user *)NULL)
+
++#define CMSG_COMPAT_OK(ucmlen, ucmsg, mhdr) \
++ ((ucmlen) >= sizeof(struct cmsghdr) && \
++ (ucmlen) <= (unsigned long) \
++ ((mhdr)->msg_controllen - \
++ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
++
+ static inline struct compat_cmsghdr __user *cmsg_compat_nxthdr(struct msghdr *msg,
+ struct compat_cmsghdr __user *cmsg, int cmsg_len)
+ {
+@@ -154,11 +160,7 @@
+ return -EFAULT;
+
+ /* Catch bogons. */
+- if(CMSG_COMPAT_ALIGN(ucmlen) <
+- CMSG_COMPAT_ALIGN(sizeof(struct compat_cmsghdr)))
+- return -EINVAL;
+- if((unsigned long)(((char __user *)ucmsg - (char __user *)kmsg->msg_control)
+- + ucmlen) > kmsg->msg_controllen)
++ if (!CMSG_COMPAT_OK(ucmlen, ucmsg, kmsg))
+ return -EINVAL;
+
+ tmp = ((ucmlen - CMSG_COMPAT_ALIGN(sizeof(*ucmsg))) +
Modified: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-4
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-4 2004-12-16 05:34:11 UTC (rev 2002)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-4 2004-12-16 07:21:29 UTC (rev 2003)
@@ -8,3 +8,4 @@
+ fs-partitions-check.dpatch
+ scm_send-dos-fix.dpatch
+ igmp-src-list-fix.dpatch
++ scm_send-dos-fix2.dpatch