r3653 - in trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series

Simon Horman horms at costa.debian.org
Mon Aug 1 06:41:31 UTC 2005 

Author: horms
Date: 2005-08-01 06:41:27 +0000 (Mon, 01 Aug 2005)
New Revision: 3653

Added:
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/170_Makefile.gcc-3.3.diff
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/171_arch-ia64-x86_64-execve-overflow.diff
Modified:
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/control
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/142_acpi_skip_timer_override-4.diff
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11
Log:
* 169_arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch
   [Security, x86_64] Fix canonical checking for segment registers in ptrace
   See CAN-2005-0756
 
* Makefile-gcc-3.3.dpatch, control
  Build with gcc-3.3, as gcc-4.0, now the dedault in unstable,
  fails to build this source. Upstream has stated that they
  have no intention making the 2.4 kernel compile with gcc-4

* 171_arch-ia64-x86_64-execve-overflow.diff
  [Security, ia64, x86_64] Fix overflow in 32bit execve
  See CAN-2005-1768



Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	2005-08-01 05:52:16 UTC (rev 3652)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	2005-08-01 06:41:27 UTC (rev 3653)
@@ -9,13 +9,28 @@
     can lead to a local DoS.
     See CAN-2005-0757. (closes: #311164). (Simon Horman)
 
-  * 169_arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch,
-    169_arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch
-    This works around an AMD Erratum by checking if the ptrace RIP is canonical.
-    See CAN-2005-0756 and CAN-2005-1762 (Simon Horman)
+  * 169_arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch
+    [Security, x86_64] This works around an AMD Erratum by
+    checking if the ptrace RIP is canonical.
+    See CAN-2005-1762
+    (Simon Horman)
 
- -- Simon Horman <horms at debian.org>  Fri, 29 Jul 2005 13:33:58 +0900
+  * 169_arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch
+     [Security, x86_64] Fix canonical checking for segment registers in ptrace
+     See CAN-2005-0756
+     (Simon Horman)
 
+  * Makefile-gcc-3.3.dpatch, control
+    Build with gcc-3.3, as gcc-4.0, now the dedault in unstable,
+    fails to build this source. Upstream has stated that they
+    have no intention making the 2.4 kernel compile with gcc-4
+
+  * 171_arch-ia64-x86_64-execve-overflow.diff
+    [Security, ia64, x86_64] Fix overflow in 32bit execve
+    See CAN-2005-1768 (Simon Horman)
+
+ -- Simon Horman <horms at debian.org>  Mon,  1 Aug 2005 15:38:17 +0900
+
 kernel-source-2.4.27 (2.4.27-10) unstable; urgency=low
 
   * 155_net-bluetooth-signdness-fix.diff:

Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/control
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/control	2005-08-01 05:52:16 UTC (rev 3652)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/control	2005-08-01 06:41:27 UTC (rev 3653)
@@ -12,7 +12,7 @@
 Priority: optional
 Provides: kernel-source, kernel-source-2.4
 Depends: binutils, bzip2, coreutils | fileutils (>= 4.0)
-Recommends: libc6-dev | libc-dev, gcc, make
+Recommends: libc6-dev | libc-dev, gcc-3.3, make
 Suggests: libncurses5-dev | libncurses-dev, tk8.4-dev | tk-dev, kernel-package
 Description: Linux kernel source for version 2.4.27 with Debian patches
  This package provides the source code for the Linux kernel version 2.4.27 with

Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/142_acpi_skip_timer_override-4.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/142_acpi_skip_timer_override-4.diff	2005-08-01 05:52:16 UTC (rev 3652)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/142_acpi_skip_timer_override-4.diff	2005-08-01 06:41:27 UTC (rev 3653)
@@ -8,18 +8,17 @@
 #
 ===== arch/i386/kernel/earlyquirk.c 1.1 vs 1.2 =====
 --- a/arch/i386/kernel/Makefile	2005-03-24 15:47:08.391718540 +0900
-+++ b/arch/i386/kernel/Makefile.noedit	2005-03-24 15:46:56.433281792 +0900
++++ b/arch/i386/kernel/Makefile	2005-03-24 15:46:56.433281792 +0900
 @@ -36,11 +36,11 @@
  obj-$(CONFIG_X86_CPUID)		+= cpuid.o
  obj-$(CONFIG_MICROCODE)		+= microcode.o
  obj-$(CONFIG_APM)		+= apm.o
--obj-$(CONFIG_ACPI_BOOT)		+= acpi.o earlyquirk.o
-+obj-$(CONFIG_ACPI_BOOT)		+= acpi.o
++obj-$(CONFIG_ACPI_BOOT)		+= acpi.o earlyquirk.o
+-obj-$(CONFIG_ACPI_BOOT)		+= acpi.o
  obj-$(CONFIG_ACPI_SLEEP)	+= acpi_wakeup.o
  obj-$(CONFIG_SMP)		+= smp.o smpboot.o trampoline.o
  obj-$(CONFIG_X86_LOCAL_APIC)	+= mpparse.o apic.o nmi.o
--obj-$(CONFIG_X86_IO_APIC)	+= io_apic.o
-+obj-$(CONFIG_X86_IO_APIC)	+= io_apic.o earlyquirk.o
+ obj-$(CONFIG_X86_IO_APIC)	+= io_apic.o
  obj-$(CONFIG_X86_VISWS_APIC)	+= visws_apic.o
  obj-$(CONFIG_CPU_EMU486)	+= emu.o
  obj-$(CONFIG_EDD)             	+= edd.o

Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/170_Makefile.gcc-3.3.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/170_Makefile.gcc-3.3.diff	2005-08-01 05:52:16 UTC (rev 3652)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/170_Makefile.gcc-3.3.diff	2005-08-01 06:41:27 UTC (rev 3653)
@@ -0,0 +1,20 @@
+--- a/Makefile	2005-07-29 19:34:52.000000000 +0900
++++ b/Makefile	2005-07-29 19:35:08.000000000 +0900
+@@ -16,7 +16,7 @@
+ HPATH   	= $(TOPDIR)/include
+ FINDHPATH	= $(HPATH)/asm $(HPATH)/linux $(HPATH)/scsi $(HPATH)/net $(HPATH)/math-emu
+ 
+-HOSTCC  	= gcc
++HOSTCC  	= gcc-3.3
+ HOSTCFLAGS	= -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer
+ 
+ CROSS_COMPILE 	=
+@@ -27,7 +27,7 @@
+ 
+ AS		= $(CROSS_COMPILE)as
+ LD		= $(CROSS_COMPILE)ld
+-CC		= $(CROSS_COMPILE)gcc
++CC		= $(CROSS_COMPILE)gcc-3.3
+ CPP		= $(CC) -E
+ AR		= $(CROSS_COMPILE)ar
+ NM		= $(CROSS_COMPILE)nm

Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/171_arch-ia64-x86_64-execve-overflow.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/171_arch-ia64-x86_64-execve-overflow.diff	2005-08-01 05:52:16 UTC (rev 3652)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/171_arch-ia64-x86_64-execve-overflow.diff	2005-08-01 06:41:27 UTC (rev 3653)
@@ -0,0 +1,136 @@
+commit 1e483bdd0ac8852a53e32e09059df9788619b3e8
+tree 29e6ef82f987734d97da57af63a5f0410c21996c
+parent bb6c40830e2f66b33c22275829a730ed078e430a
+author Andi Kleen <ak at suse.de> 1119964612 +0200
+committer Marcelo Tosatti <marcelo.tosatti at cyclades.com> 1120052986 -0300
+
+[PATCH] Fix buffer overflow in x86-64/ia64 32bit execve
+
+Fix buffer overflow in x86-64/ia64 32bit execve
+
+Originally noted by Ilja van Sprundel
+
+I fixed it for both x86-64 and IA64. Other architectures
+are not affected.
+
+Signed-off-by: Andi Kleen <ak at suse.de>
+
+I:100644 100644 d398d537c16b1a744e4bf76136d19d1d80c25099 acfa7e6bb6307923a3c6738b0c498d99c8ce890a M	arch/ia64/ia32/sys_ia32.c
+I:100644 100644 0c43987ce7ab3032b96036c7d9d22b81a22a151f 3692043ab57ab273234a2af15dc2d01560f3297a M	arch/x86_64/ia32/sys_ia32.c
+
+Key:
+S: Skipped
+I: Included Included verbatim
+D: Deleted  Manually deleted by subsequent user edit
+R: Revised  Manually revised by subsequent user edit
+
+diff --git a/arch/ia64/ia32/sys_ia32.c b/arch/ia64/ia32/sys_ia32.c
+--- a/arch/ia64/ia32/sys_ia32.c
++++ b/arch/ia64/ia32/sys_ia32.c
+@@ -94,7 +94,7 @@ asmlinkage unsigned long sys_brk(unsigne
+ static DECLARE_MUTEX(ia32_mmap_sem);
+ 
+ static int
+-nargs (unsigned int arg, char **ap)
++nargs (unsigned int arg, char **ap, int max)
+ {
+ 	unsigned int addr;
+ 	int n, err;
+@@ -107,6 +107,8 @@ nargs (unsigned int arg, char **ap)
+ 		err = get_user(addr, (unsigned int *)A(arg));
+ 		if (err)
+ 			return err;
++		if (n > max)
++			return -E2BIG;
+ 		if (ap)
+ 			*ap++ = (char *) A(addr);
+ 		arg += sizeof(unsigned int);
+@@ -128,10 +130,11 @@ sys32_execve (char *filename, unsigned i
+ 	int na, ne, len;
+ 	long r;
+ 
+-	na = nargs(argv, NULL);
++	/* Allocates upto 2x MAX_ARG_PAGES */
++	na = nargs(argv, NULL, (MAX_ARG_PAGES*PAGE_SIZE) / sizeof(char *) - 1);
+ 	if (na < 0)
+ 		return na;
+-	ne = nargs(envp, NULL);
++	ne = nargs(envp, NULL, (MAX_ARG_PAGES*PAGE_SIZE) / sizeof(char *) - 1 );
+ 	if (ne < 0)
+ 		return ne;
+ 	len = (na + ne + 2) * sizeof(*av);
+@@ -143,10 +146,10 @@ sys32_execve (char *filename, unsigned i
+ 	av[na] = NULL;
+ 	ae[ne] = NULL;
+ 
+-	r = nargs(argv, av);
++	r = nargs(argv, av, na);
+ 	if (r < 0)
+ 		goto out;
+-	r = nargs(envp, ae);
++	r = nargs(envp, ae, ne);
+ 	if (r < 0)
+ 		goto out;
+ 
+diff --git a/arch/x86_64/ia32/sys_ia32.c b/arch/x86_64/ia32/sys_ia32.c
+--- a/arch/x86_64/ia32/sys_ia32.c
++++ b/arch/x86_64/ia32/sys_ia32.c
+@@ -2200,7 +2200,7 @@ asmlinkage long sys32_ustat(dev_t dev, s
+ 	return ret;
+ } 
+ 
+-static int nargs(u32 src, char **dst) 
++static int nargs(u32 src, char **dst, int max) 
+ { 
+ 	int cnt;
+ 	u32 val; 
+@@ -2210,13 +2210,13 @@ static int nargs(u32 src, char **dst) 
+ 		int ret = get_user(val, (__u32 *)(u64)src); 
+ 		if (ret)
+ 			return ret;
++		if (cnt > max)
++			return -E2BIG; 
+ 		if (dst)
+ 			dst[cnt] = (char *)(u64)val; 
+ 		cnt++;
+ 		src += 4;
+-		if (cnt >= (MAX_ARG_PAGES * PAGE_SIZE) / sizeof(char *))
+-			return -E2BIG; 
+-	} while(val); 
++		} while(val); 
+ 	if (dst)
+ 		dst[cnt-1] = 0; 
+ 	return cnt; 
+@@ -2230,13 +2230,14 @@ asmlinkage long sys32_execve(char *name,
+ 	int ret;
+ 	unsigned sz = 0; 
+ 	
++	/* Can actually allocate 2*MAX_ARG_PAGES */
+ 	if (argv) {
+-	na = nargs(argv, NULL); 
++	na = nargs(argv, NULL, (MAX_ARG_PAGES * PAGE_SIZE)/sizeof(char*) - 1); 
+ 	if (na < 0) 
+ 		return -EFAULT; 
+ 	} 	
+ 	if (envp) { 
+-	ne = nargs(envp, NULL); 
++	ne = nargs(envp, NULL, (MAX_ARG_PAGES * PAGE_SIZE)/sizeof(char*) - 1); 
+ 	if (ne < 0) 
+ 		return -EFAULT; 
+ 	}
+@@ -2252,13 +2253,13 @@ asmlinkage long sys32_execve(char *name,
+ 	} 
+ 	
+ 	if (argv) { 
+-	ret = nargs(argv, buf);
++	ret = nargs(argv, buf, na);
+ 	if (ret < 0)
+ 		goto free;
+ 	}
+ 
+ 	if (envp) { 
+-	ret = nargs(envp, buf + na); 
++	ret = nargs(envp, buf + na, ne); 
+ 	if (ret < 0)
+ 		goto free; 
+ 	}

Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11	2005-08-01 05:52:16 UTC (rev 3652)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11	2005-08-01 06:41:27 UTC (rev 3653)
@@ -2,3 +2,5 @@
 + 168_fs_ext3_64bit_offset.diff
 + 169_arch-x86_64-kernel-ptrace-canonical-rip-1.diff
 + 169_arch-x86_64-kernel-ptrace-canonical-rip-2.diff
++ 170_Makefile.gcc-3.3.diff
++ 171_arch-ia64-x86_64-execve-overflow.diff

More information about the Kernel-svn-changes mailing list