r3904 - in trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series

Simon Horman horms at costa.debian.org
Tue Aug 16 04:57:40 UTC 2005 

Author: horms
Date: 2005-08-16 04:57:39 +0000 (Tue, 16 Aug 2005)
New Revision: 3904

Added:
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/183_zisofs.diff
Modified:
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11
Log:
    Check input buffer size in zisofs
    From 2.6.12.5


Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	2005-08-16 04:54:46 UTC (rev 3903)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	2005-08-16 04:57:39 UTC (rev 3904)
@@ -70,8 +70,12 @@
     http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
     http://bugs.gentoo.org/show_bug.cgi?id=94584
 
- -- Simon Horman <horms at debian.org>  Tue, 16 Aug 2005 13:53:08 +0900
+  * zisofs.dpatch
+    Check input buffer size in zisofs
+    From 2.6.12.5
 
+ -- Simon Horman <horms at debian.org>  Tue, 16 Aug 2005 13:56:29 +0900
+
 kernel-source-2.4.27 (2.4.27-10) unstable; urgency=low
 
   * 155_net-bluetooth-signdness-fix.diff:

Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/183_zisofs.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/183_zisofs.diff	2005-08-16 04:54:46 UTC (rev 3903)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/183_zisofs.diff	2005-08-16 04:57:39 UTC (rev 3904)
@@ -0,0 +1,99 @@
+From security-bounces at linux.kernel.org  Mon Jul 25 15:16:42 2005
+Date: Mon, 25 Jul 2005 23:16:13 +0100
+From: Tim Yamin <plasmaroo at gentoo.org>
+To: security at kernel.org
+Subject: [PATCH] Update in-kernel zlib routines (CAN-2005-2458, CAN-2005-2459)
+
+Fix outstanding security bugs in the Linux zlib implementations. See:
+
+a) http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
+CAN-2005-2458
+
+b) http://bugs.gentoo.org/show_bug.cgi?id=94584
+CAN-2005-2459
+
+Signed-off-by: Tim Yamin <plasmaroo at gentoo.org>
+Signed-off-by: Tavis Ormandy <taviso at gentoo.org>
+Signed-off-by: Chris Wright <chrisw at osdl.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+---
+ arch/ppc64/boot/zlib.c      |    3 ++-
+ lib/inflate.c               |   16 +++++++++-------
+ lib/zlib_inflate/inftrees.c |    2 +-
+ 3 files changed, 12 insertions(+), 9 deletions(-)
+
+Index: linux-2.6.12.y/lib/inflate.c
+===================================================================
+--- linux-2.6.12.y.orig/lib/inflate.c
++++ linux-2.6.12.y/lib/inflate.c
+@@ -326,7 +326,7 @@ DEBG("huft1 ");
+   {
+     *t = (struct huft *)NULL;
+     *m = 0;
+-    return 0;
++    return 2;
+   }
+ 
+ DEBG("huft2 ");
+@@ -374,6 +374,7 @@ DEBG("huft5 ");
+     if ((j = *p++) != 0)
+       v[x[j]++] = i;
+   } while (++i < n);
++  n = x[g];                   /* set n to length of v */
+ 
+ DEBG("h6 ");
+ 
+@@ -410,12 +411,13 @@ DEBG1("1 ");
+ DEBG1("2 ");
+           f -= a + 1;           /* deduct codes from patterns left */
+           xp = c + k;
+-          while (++j < z)       /* try smaller tables up to z bits */
+-          {
+-            if ((f <<= 1) <= *++xp)
+-              break;            /* enough codes to use up j bits */
+-            f -= *xp;           /* else deduct codes from patterns */
+-          }
++          if (j < z)
++            while (++j < z)       /* try smaller tables up to z bits */
++            {
++              if ((f <<= 1) <= *++xp)
++                break;            /* enough codes to use up j bits */
++              f -= *xp;           /* else deduct codes from patterns */
++            }
+         }
+ DEBG1("3 ");
+         z = 1 << j;             /* table entries for j-bit table */
+Index: linux-2.6.12.y/lib/zlib_inflate/inftrees.c
+===================================================================
+--- linux-2.6.12.y.orig/lib/zlib_inflate/inftrees.c
++++ linux-2.6.12.y/lib/zlib_inflate/inftrees.c
+@@ -141,7 +141,7 @@ static int huft_build(
+   {
+     *t = NULL;
+     *m = 0;
+-    return Z_OK;
++    return Z_DATA_ERROR;
+   }
+ 
+ 
+Index: linux-2.6.12.y/arch/ppc64/boot/zlib.c
+===================================================================
+--- linux-2.6.12.y.orig/arch/ppc64/boot/zlib.c
++++ linux-2.6.12.y/arch/ppc64/boot/zlib.c
+@@ -1307,7 +1307,7 @@ local int huft_build(
+   {
+     *t = (inflate_huft *)Z_NULL;
+     *m = 0;
+-    return Z_OK;
++    return Z_DATA_ERROR;
+   }
+ 
+ 
+@@ -1351,6 +1351,7 @@ local int huft_build(
+     if ((j = *p++) != 0)
+       v[x[j]++] = i;
+   } while (++i < n);
++  n = x[g];			/* set n to length of v */
+ 
+ 
+   /* Generate the Huffman codes and for each, make the table entries */

Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11	2005-08-16 04:54:46 UTC (rev 3903)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11	2005-08-16 04:57:39 UTC (rev 3904)
@@ -15,3 +15,4 @@
 + 180_fs-isofs-ignored-parameters.diff
 + 181_arch-x86_64-kernel-stack-faults.diff
 + 182_linux-zlib-fixes.diff
++ 183_zisofs.diff

More information about the Kernel-svn-changes mailing list