r3880 - in trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series

Simon Horman horms at costa.debian.org
Mon Aug 15 09:34:43 UTC 2005 

Author: horms
Date: 2005-08-15 09:34:41 +0000 (Mon, 15 Aug 2005)
New Revision: 3880

Added:
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/linux-zlib-fixes.dpatch
Modified:
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17
Log:
  * linux-zlib-fixes.dpatch
    [Security] Fix security bugs in the Linux zlib implementations.
    See CAN-2005-2458, CAN-2005-2459
    http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
    http://bugs.gentoo.org/show_bug.cgi?id=94584


Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	2005-08-15 09:24:22 UTC (rev 3879)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	2005-08-15 09:34:41 UTC (rev 3880)
@@ -188,8 +188,14 @@
     [Security, x86_64] Disable exception stack for stack faults
     See CAN-2005-1767
 
- -- Simon Horman <horms at debian.org>  Mon, 15 Aug 2005 15:13:53 +0900
+  * linux-zlib-fixes.dpatch
+    [Security] Fix security bugs in the Linux zlib implementations.
+    See CAN-2005-2458, CAN-2005-2459
+    http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
+    http://bugs.gentoo.org/show_bug.cgi?id=94584
 
+ -- Simon Horman <horms at debian.org>  Mon, 15 Aug 2005 18:31:47 +0900
+
 kernel-source-2.6.8 (2.6.8-16) unstable; urgency=low
 
   * smbfs-overrun.dpatch:

Added: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/linux-zlib-fixes.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/linux-zlib-fixes.dpatch	2005-08-15 09:24:22 UTC (rev 3879)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/linux-zlib-fixes.dpatch	2005-08-15 09:34:41 UTC (rev 3880)
@@ -0,0 +1,99 @@
+From security-bounces at linux.kernel.org  Mon Jul 25 15:16:42 2005
+Date: Mon, 25 Jul 2005 23:16:13 +0100
+From: Tim Yamin <plasmaroo at gentoo.org>
+To: security at kernel.org
+Subject: [PATCH] Update in-kernel zlib routines (CAN-2005-2458, CAN-2005-2459)
+
+Fix outstanding security bugs in the Linux zlib implementations. See:
+
+a) http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
+CAN-2005-2458
+
+b) http://bugs.gentoo.org/show_bug.cgi?id=94584
+CAN-2005-2459
+
+Signed-off-by: Tim Yamin <plasmaroo at gentoo.org>
+Signed-off-by: Tavis Ormandy <taviso at gentoo.org>
+Signed-off-by: Chris Wright <chrisw at osdl.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+---
+ arch/ppc64/boot/zlib.c      |    3 ++-
+ lib/inflate.c               |   16 +++++++++-------
+ lib/zlib_inflate/inftrees.c |    2 +-
+ 3 files changed, 12 insertions(+), 9 deletions(-)
+
+Index: linux-2.6.12.y/lib/inflate.c
+===================================================================
+--- linux-2.6.12.y.orig/lib/inflate.c
++++ linux-2.6.12.y/lib/inflate.c
+@@ -326,7 +326,7 @@ DEBG("huft1 ");
+   {
+     *t = (struct huft *)NULL;
+     *m = 0;
+-    return 0;
++    return 2;
+   }
+ 
+ DEBG("huft2 ");
+@@ -374,6 +374,7 @@ DEBG("huft5 ");
+     if ((j = *p++) != 0)
+       v[x[j]++] = i;
+   } while (++i < n);
++  n = x[g];                   /* set n to length of v */
+ 
+ DEBG("h6 ");
+ 
+@@ -410,12 +411,13 @@ DEBG1("1 ");
+ DEBG1("2 ");
+           f -= a + 1;           /* deduct codes from patterns left */
+           xp = c + k;
+-          while (++j < z)       /* try smaller tables up to z bits */
+-          {
+-            if ((f <<= 1) <= *++xp)
+-              break;            /* enough codes to use up j bits */
+-            f -= *xp;           /* else deduct codes from patterns */
+-          }
++          if (j < z)
++            while (++j < z)       /* try smaller tables up to z bits */
++            {
++              if ((f <<= 1) <= *++xp)
++                break;            /* enough codes to use up j bits */
++              f -= *xp;           /* else deduct codes from patterns */
++            }
+         }
+ DEBG1("3 ");
+         z = 1 << j;             /* table entries for j-bit table */
+Index: linux-2.6.12.y/lib/zlib_inflate/inftrees.c
+===================================================================
+--- linux-2.6.12.y.orig/lib/zlib_inflate/inftrees.c
++++ linux-2.6.12.y/lib/zlib_inflate/inftrees.c
+@@ -141,7 +141,7 @@ static int huft_build(
+   {
+     *t = NULL;
+     *m = 0;
+-    return Z_OK;
++    return Z_DATA_ERROR;
+   }
+ 
+ 
+Index: linux-2.6.12.y/arch/ppc64/boot/zlib.c
+===================================================================
+--- linux-2.6.12.y.orig/arch/ppc64/boot/zlib.c
++++ linux-2.6.12.y/arch/ppc64/boot/zlib.c
+@@ -1307,7 +1307,7 @@ local int huft_build(
+   {
+     *t = (inflate_huft *)Z_NULL;
+     *m = 0;
+-    return Z_OK;
++    return Z_DATA_ERROR;
+   }
+ 
+ 
+@@ -1351,6 +1351,7 @@ local int huft_build(
+     if ((j = *p++) != 0)
+       v[x[j]++] = i;
+   } while (++i < n);
++  n = x[g];			/* set n to length of v */
+ 
+ 
+   /* Generate the Huffman codes and for each, make the table entries */

Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17	2005-08-15 09:24:22 UTC (rev 3879)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17	2005-08-15 09:34:41 UTC (rev 3880)
@@ -50,3 +50,4 @@
 + arch-x86_64-private-tss.dpatch
 + arch-x86_64-nmi.dpatch
 + arch-x86_64-kernel-stack-faults.dpatch
++ linux-zlib-fixes.dpatch

More information about the Kernel-svn-changes mailing list