r2020 - in trunk/kernel/source: kernel-source-2.6.8-2.6.8/debian kernel-source-2.6.8-2.6.8/debian/patches kernel-source-2.6.8-2.6.8/debian/patches/series kernel-source-2.6.9-2.6.9/debian kernel-source-2.6.9-2.6.9/debian/patches kernel-source-2.6.9-2.6.9/debian/patches/series
Andres Salomon
dilinger-guest@haydn.debian.org
Wed, 22 Dec 2004 23:26:39 -0700
Author: dilinger-guest
Date: 2004-12-22 23:26:32 -0700 (Wed, 22 Dec 2004)
New Revision: 2020
Added:
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip-conntrack-ftp-leak.dpatch
trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/ip-conntrack-ftp-leak.dpatch
Modified:
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-11
trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog
trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-4
Log:
* [SECURITY] fix ip_conntrack_ftp leak;
https://lists.netfilter.org/pipermail/netfilter-devel/2004-December/017677.html
Thanks to Fabio M. Di Nitto for point this out (Andres Salomon).
I'll test this out later, along w/ the other pending security commits (*sigh*)
Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2004-12-23 04:37:44 UTC (rev 2019)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2004-12-23 06:26:32 UTC (rev 2020)
@@ -37,6 +37,10 @@
* [SECURITY] additional x86_64 buffer overflow fix; this time,
sys32_quotactl (Andres Salomon).
+
+ * [SECURITY] fix ip_conntrack_ftp leak;
+ https://lists.netfilter.org/pipermail/netfilter-devel/2004-December/017677.html
+ Thanks to Fabio M. Di Nitto for point this out (Andres Salomon).
-- dann frazier <dannf@debian.org> Fri, 03 Dec 2004 00:13:41 -0700
Added: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip-conntrack-ftp-leak.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip-conntrack-ftp-leak.dpatch 2004-12-23 04:37:44 UTC (rev 2019)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip-conntrack-ftp-leak.dpatch 2004-12-23 06:26:32 UTC (rev 2020)
@@ -0,0 +1,38 @@
+#! /bin/sh -e
+## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: Fix memory leak in ip_conntrack_ftp
+## DP: Patch author: Patrick McHardy <kaber@trash.net>
+## DP: Upstream status: backport
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2004/12/08 13:37:53-08:00 kaber@trash.net
+# [NETFILTER]: Fix memory leak in ip_conntrack_ftp
+#
+# Signed-off-by: Patrick McHardy <kaber@trash.net>
+# Signed-off-by: David S. Miller <davem@davemloft.net>
+#
+# net/ipv4/netfilter/ip_conntrack_ftp.c
+# 2004/12/08 13:37:32-08:00 kaber@trash.net +1 -0
+# [NETFILTER]: Fix memory leak in ip_conntrack_ftp
+#
+# Signed-off-by: Patrick McHardy <kaber@trash.net>
+# Signed-off-by: David S. Miller <davem@davemloft.net>
+#
+diff -Nru a/net/ipv4/netfilter/ip_conntrack_ftp.c b/net/ipv4/netfilter/ip_conntrack_ftp.c
+--- a/net/ipv4/netfilter/ip_conntrack_ftp.c 2004-12-22 22:18:44 -08:00
++++ b/net/ipv4/netfilter/ip_conntrack_ftp.c 2004-12-22 22:18:44 -08:00
+@@ -381,6 +381,7 @@
+ problem (DMZ machines opening holes to internal
+ networks, or the packet filter itself). */
+ if (!loose) {
++ ip_conntrack_expect_put(exp);
+ ret = NF_ACCEPT;
+ goto out;
+ }
Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-11
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-11 2004-12-23 04:37:44 UTC (rev 2019)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-11 2004-12-23 06:26:32 UTC (rev 2020)
@@ -10,3 +10,4 @@
+ binfmt-huge-vma-dos.dpatch
+ binfmt-huge-vma-dos2.dpatch
+ arch-x86_64-sys32_quotactl-overflow.dpatch
++ ip-conntrack-ftp-leak.dpatch
Modified: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog 2004-12-23 04:37:44 UTC (rev 2019)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog 2004-12-23 06:26:32 UTC (rev 2020)
@@ -43,6 +43,10 @@
* [SECURITY] additional x86_64 buffer overflow fix; this time,
sys32_quotactl (Andres Salomon).
+ * [SECURITY] fix ip_conntrack_ftp leak;
+ https://lists.netfilter.org/pipermail/netfilter-devel/2004-December/017677.html
+ Thanks to Fabio M. Di Nitto for this (Andres Salomon).
+
-- dann frazier <dannf@debian.org> Fri, 03 Dec 2004 09:26:52 -0700
kernel-source-2.6.9 (2.6.9-3) unstable; urgency=low
Added: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/ip-conntrack-ftp-leak.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/ip-conntrack-ftp-leak.dpatch 2004-12-23 04:37:44 UTC (rev 2019)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/ip-conntrack-ftp-leak.dpatch 2004-12-23 06:26:32 UTC (rev 2020)
@@ -0,0 +1,38 @@
+#! /bin/sh -e
+## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: Fix memory leak in ip_conntrack_ftp
+## DP: Patch author: Patrick McHardy <kaber@trash.net>
+## DP: Upstream status: backport
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2004/12/08 13:37:53-08:00 kaber@trash.net
+# [NETFILTER]: Fix memory leak in ip_conntrack_ftp
+#
+# Signed-off-by: Patrick McHardy <kaber@trash.net>
+# Signed-off-by: David S. Miller <davem@davemloft.net>
+#
+# net/ipv4/netfilter/ip_conntrack_ftp.c
+# 2004/12/08 13:37:32-08:00 kaber@trash.net +1 -0
+# [NETFILTER]: Fix memory leak in ip_conntrack_ftp
+#
+# Signed-off-by: Patrick McHardy <kaber@trash.net>
+# Signed-off-by: David S. Miller <davem@davemloft.net>
+#
+diff -Nru a/net/ipv4/netfilter/ip_conntrack_ftp.c b/net/ipv4/netfilter/ip_conntrack_ftp.c
+--- a/net/ipv4/netfilter/ip_conntrack_ftp.c 2004-12-22 22:18:44 -08:00
++++ b/net/ipv4/netfilter/ip_conntrack_ftp.c 2004-12-22 22:18:44 -08:00
+@@ -381,6 +381,7 @@
+ problem (DMZ machines opening holes to internal
+ networks, or the packet filter itself). */
+ if (!loose) {
++ ip_conntrack_expect_put(exp);
+ ret = NF_ACCEPT;
+ goto out;
+ }
Modified: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-4
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-4 2004-12-23 04:37:44 UTC (rev 2019)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-4 2004-12-23 06:26:32 UTC (rev 2020)
@@ -12,3 +12,4 @@
+ binfmt-huge-vma-dos.dpatch
+ binfmt-huge-vma-dos2.dpatch
+ arch-x86_64-sys32_quotactl-overflow.dpatch
++ ip-conntrack-ftp-leak.dpatch