r2020 - in trunk/kernel/source: kernel-source-2.6.8-2.6.8/debian kernel-source-2.6.8-2.6.8/debian/patches kernel-source-2.6.8-2.6.8/debian/patches/series kernel-source-2.6.9-2.6.9/debian kernel-source-2.6.9-2.6.9/debian/patches kernel-source-2.6.9-2.6.9/debian/patches/series

Andres Salomon dilinger-guest@haydn.debian.org
Wed, 22 Dec 2004 23:26:39 -0700 

Author: dilinger-guest
Date: 2004-12-22 23:26:32 -0700 (Wed, 22 Dec 2004)
New Revision: 2020

Added:
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip-conntrack-ftp-leak.dpatch
   trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/ip-conntrack-ftp-leak.dpatch
Modified:
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-11
   trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog
   trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-4
Log:
  * [SECURITY] fix ip_conntrack_ftp leak;
    https://lists.netfilter.org/pipermail/netfilter-devel/2004-December/017677.html
    Thanks to Fabio M. Di Nitto for point this out (Andres Salomon).

I'll test this out later, along w/ the other pending security commits (*sigh*)


Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	2004-12-23 04:37:44 UTC (rev 2019)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	2004-12-23 06:26:32 UTC (rev 2020)
@@ -37,6 +37,10 @@
 
   * [SECURITY] additional x86_64 buffer overflow fix; this time,
     sys32_quotactl (Andres Salomon).
+ 
+  * [SECURITY] fix ip_conntrack_ftp leak;
+    https://lists.netfilter.org/pipermail/netfilter-devel/2004-December/017677.html
+    Thanks to Fabio M. Di Nitto for point this out (Andres Salomon).
 
  -- dann frazier <dannf@debian.org>  Fri, 03 Dec 2004 00:13:41 -0700
 

Added: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip-conntrack-ftp-leak.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip-conntrack-ftp-leak.dpatch	2004-12-23 04:37:44 UTC (rev 2019)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip-conntrack-ftp-leak.dpatch	2004-12-23 06:26:32 UTC (rev 2020)
@@ -0,0 +1,38 @@
+#! /bin/sh -e
+## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: Fix memory leak in ip_conntrack_ftp
+## DP: Patch author: Patrick McHardy <kaber@trash.net>
+## DP: Upstream status: backport
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2004/12/08 13:37:53-08:00 kaber@trash.net 
+#   [NETFILTER]: Fix memory leak in ip_conntrack_ftp
+#   
+#   Signed-off-by: Patrick McHardy <kaber@trash.net>
+#   Signed-off-by: David S. Miller <davem@davemloft.net>
+# 
+# net/ipv4/netfilter/ip_conntrack_ftp.c
+#   2004/12/08 13:37:32-08:00 kaber@trash.net +1 -0
+#   [NETFILTER]: Fix memory leak in ip_conntrack_ftp
+#   
+#   Signed-off-by: Patrick McHardy <kaber@trash.net>
+#   Signed-off-by: David S. Miller <davem@davemloft.net>
+# 
+diff -Nru a/net/ipv4/netfilter/ip_conntrack_ftp.c b/net/ipv4/netfilter/ip_conntrack_ftp.c
+--- a/net/ipv4/netfilter/ip_conntrack_ftp.c	2004-12-22 22:18:44 -08:00
++++ b/net/ipv4/netfilter/ip_conntrack_ftp.c	2004-12-22 22:18:44 -08:00
+@@ -381,6 +381,7 @@
+ 		   problem (DMZ machines opening holes to internal
+ 		   networks, or the packet filter itself). */
+ 		if (!loose) {
++			ip_conntrack_expect_put(exp);
+ 			ret = NF_ACCEPT;
+ 			goto out;
+ 		}

Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-11
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-11	2004-12-23 04:37:44 UTC (rev 2019)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-11	2004-12-23 06:26:32 UTC (rev 2020)
@@ -10,3 +10,4 @@
 + binfmt-huge-vma-dos.dpatch
 + binfmt-huge-vma-dos2.dpatch
 + arch-x86_64-sys32_quotactl-overflow.dpatch
++ ip-conntrack-ftp-leak.dpatch 

Modified: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog	2004-12-23 04:37:44 UTC (rev 2019)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog	2004-12-23 06:26:32 UTC (rev 2020)
@@ -43,6 +43,10 @@
   * [SECURITY] additional x86_64 buffer overflow fix; this time,
     sys32_quotactl (Andres Salomon).
 
+  * [SECURITY] fix ip_conntrack_ftp leak;
+    https://lists.netfilter.org/pipermail/netfilter-devel/2004-December/017677.html
+    Thanks to Fabio M. Di Nitto for this (Andres Salomon).
+
  -- dann frazier <dannf@debian.org>  Fri, 03 Dec 2004 09:26:52 -0700
 
 kernel-source-2.6.9 (2.6.9-3) unstable; urgency=low

Added: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/ip-conntrack-ftp-leak.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/ip-conntrack-ftp-leak.dpatch	2004-12-23 04:37:44 UTC (rev 2019)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/ip-conntrack-ftp-leak.dpatch	2004-12-23 06:26:32 UTC (rev 2020)
@@ -0,0 +1,38 @@
+#! /bin/sh -e
+## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: Fix memory leak in ip_conntrack_ftp
+## DP: Patch author: Patrick McHardy <kaber@trash.net>
+## DP: Upstream status: backport
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2004/12/08 13:37:53-08:00 kaber@trash.net 
+#   [NETFILTER]: Fix memory leak in ip_conntrack_ftp
+#   
+#   Signed-off-by: Patrick McHardy <kaber@trash.net>
+#   Signed-off-by: David S. Miller <davem@davemloft.net>
+# 
+# net/ipv4/netfilter/ip_conntrack_ftp.c
+#   2004/12/08 13:37:32-08:00 kaber@trash.net +1 -0
+#   [NETFILTER]: Fix memory leak in ip_conntrack_ftp
+#   
+#   Signed-off-by: Patrick McHardy <kaber@trash.net>
+#   Signed-off-by: David S. Miller <davem@davemloft.net>
+# 
+diff -Nru a/net/ipv4/netfilter/ip_conntrack_ftp.c b/net/ipv4/netfilter/ip_conntrack_ftp.c
+--- a/net/ipv4/netfilter/ip_conntrack_ftp.c	2004-12-22 22:18:44 -08:00
++++ b/net/ipv4/netfilter/ip_conntrack_ftp.c	2004-12-22 22:18:44 -08:00
+@@ -381,6 +381,7 @@
+ 		   problem (DMZ machines opening holes to internal
+ 		   networks, or the packet filter itself). */
+ 		if (!loose) {
++			ip_conntrack_expect_put(exp);
+ 			ret = NF_ACCEPT;
+ 			goto out;
+ 		}

Modified: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-4
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-4	2004-12-23 04:37:44 UTC (rev 2019)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-4	2004-12-23 06:26:32 UTC (rev 2020)
@@ -12,3 +12,4 @@
 + binfmt-huge-vma-dos.dpatch
 + binfmt-huge-vma-dos2.dpatch
 + arch-x86_64-sys32_quotactl-overflow.dpatch
++ ip-conntrack-ftp-leak.dpatch