r2546 - in trunk/kernel/source: kernel-source-2.6.10-2.6.10/debian kernel-source-2.6.10-2.6.10/debian/patches kernel-source-2.6.10-2.6.10/debian/patches/series kernel-source-2.6.8-2.6.8/debian kernel-source-2.6.8-2.6.8/debian/patches kernel-source-2.6.8-2.6.8/debian/patches/series

Simon Horman horms@costa.debian.org
Thu, 24 Feb 2005 11:07:28 +0100 

Author: horms
Date: 2005-02-24 11:07:27 +0100 (Thu, 24 Feb 2005)
New Revision: 2546

Added:
   trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/outs.dpatch
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/outs.dpatch
Modified:
   trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/changelog
   trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/series/2.6.10-6
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-9
Log:
[CAN-2005-0204]: AMD64, allows local users to write to
+privileged IO ports via OUTS instruction: Micah Anderson

Modified: trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/changelog	2005-02-24 07:11:10 UTC (rev 2545)
+++ trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/changelog	2005-02-24 10:07:27 UTC (rev 2546)
@@ -26,16 +26,19 @@
     [CAN-2005-0178] fix setsid() race that could lead to a denial of service.
     (Joshua Kwan, Simon Horman)
 
-  * ipv4-fragment-queues.dpatch, ipv4-fragment-queues-2.dpatch: 
-    fix potential information leak by making fragment queues private. 
+  * ipv4-fragment-queues.dpatch, ipv4-fragment-queues-2.dpatch:
+    fix potential information leak by making fragment queues private.
     (Joshua Kwan, Simon Horman)
 
   * amd64-noexec32-backport.dpatch: enable executable stack and executable 
     heap for all 32bit programs on amd64, except if noexec32=on is specified. 
     (Frederik Schüler)
 
- -- Frederik Schüler <fschueler@gmx.net>  Thu, 24 Feb 2005 00:37:56 +0100
+  * outs.dpatch: [CAN-2005-0204]: AMD64, allows local users to write to
+    privileged IO ports via OUTS instruction. (Simon Horman)
 
+ -- Simon Horman <horms@debian.org>  Thu, 24 Feb 2005 18:57:22 +0900
+
 kernel-source-2.6.10 (2.6.10-5) unstable; urgency=low
 
   * Change $((exp) | exp) to $( (exp) | exp), so things work with dash

Added: trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/outs.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/outs.dpatch	2005-02-24 07:11:10 UTC (rev 2545)
+++ trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/outs.dpatch	2005-02-24 10:07:27 UTC (rev 2546)
@@ -0,0 +1,24 @@
+#! /bin/sh -e 
+## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: [CAN-2005-0204]: AMD64, allows local users to write to privileged IO ports via OUTS instruction
+## DP: Patch author: Suresh Siddha (suresh.b.siddha@intel.com)
+## DP: Upstream status: unknown
+## DP: URL: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=146244
+## DP: Patch source: Micah Anderson <micah@riseup.net> (debian-kernel)
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+--- linux-2.6.9/include/asm-x86_64/desc.h	2005-01-30 20:08:12.799247944 -0800
++++ linux-2.6.9/include/asm-x86_64/desc.h	2005-01-30 20:08:12.799247944 -0800
+@@ -128,7 +128,7 @@
+ { 
+ 	set_tssldt_descriptor(&cpu_gdt_table[cpu][GDT_ENTRY_TSS], (unsigned long)addr, 
+ 			      DESC_TSS,
+-			      sizeof(struct tss_struct) - 1);
++			      IO_BITMAP_OFFSET + IO_BITMAP_BYTES + 7);
+ } 
+ 
+ static inline void set_ldt_desc(unsigned cpu, void *addr, int size)

Modified: trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/series/2.6.10-6
===================================================================
--- trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/series/2.6.10-6	2005-02-24 07:11:10 UTC (rev 2545)
+++ trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/series/2.6.10-6	2005-02-24 10:07:27 UTC (rev 2546)
@@ -8,3 +8,4 @@
 + ipv4-fragment-queues-2.dpatch
 + nls-table-overflow.dpatch
 + amd64-noexec32-backport.dpatch 
++ outs.dpatch

Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	2005-02-24 07:11:10 UTC (rev 2545)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	2005-02-24 10:07:27 UTC (rev 2546)
@@ -38,7 +38,7 @@
   * proc-cmdline-mmput-leak.dpatch: [CAN-2004-1058] fix race that could
     allow user processes to read environment data from processes in the
     middle of spawning. (Joshua Kwan)
-  
+
   * 025-track_dummy_capability.dpatch, 027-track_dummy_capability.dpatch:
     [CAN-2004-1337] The dummy capabilities module wasn't keeping track of
     processes capabilities; so, when a capabilities module was loaded,
@@ -48,8 +48,12 @@
   * setsid-race.dpatch: [CAN-2005-0178] fix setsid() race that could lead
     to a denial of service. (Joshua Kwan)
 
- -- Joshua Kwan <joshk@triplehelix.org>  Thu, 17 Feb 2005 15:15:00 -0800
+  * outs.dpatch: [CAN-2005-0204] AMD64, allows local users to write to
+    privileged IO ports via OUTS instruction. 
+    (Simon Horman) (closes: #296700)
 
+ -- Simon Horman <horms@debian.org>  Thu, 24 Feb 2005 18:57:06 +0900
+
 kernel-source-2.6.8 (2.6.8-13) unstable; urgency=high
 
   * add more USB card reader blacklist entries.  Patch from Fedora via

Added: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/outs.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/outs.dpatch	2005-02-24 07:11:10 UTC (rev 2545)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/outs.dpatch	2005-02-24 10:07:27 UTC (rev 2546)
@@ -0,0 +1,24 @@
+#! /bin/sh -e 
+## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: [CAN-2005-0204]: AMD64, allows local users to write to privileged IO ports via OUTS instruction
+## DP: Patch author: Suresh Siddha (suresh.b.siddha@intel.com)
+## DP: Upstream status: unknown
+## DP: URL: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=146244
+## DP: Patch source: Micah Anderson <micah@riseup.net> (debian-kernel)
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+--- a/include/asm-x86_64/desc.h	2005-02-24 18:41:36.000000000 +0900
++++ b/include/asm-x86_64/desc.h	2005-02-24 18:40:12.000000000 +0900
+@@ -128,7 +128,7 @@
+ { 
+ 	set_tssldt_descriptor(&cpu_gdt_table[cpu][GDT_ENTRY_TSS], (unsigned long)addr, 
+ 			      DESC_TSS,
+-			      sizeof(struct tss_struct)); 
++			      IO_BITMAP_OFFSET + IO_BITMAP_BYTES + 7);
+ } 
+ 
+ static inline void set_ldt_desc(unsigned cpu, void *addr, int size)

Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-9
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-9	2005-02-24 07:11:10 UTC (rev 2545)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-9	2005-02-24 10:07:27 UTC (rev 2546)
@@ -26,3 +26,4 @@
 + sparc32-initrd-memcpy.dpatch
 + sparc64-sunsab-break-fix.dpatch
 + fs-partitions-check.dpatch
++ outs.dpatch