r2627 - trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches

Sven Luther luther@costa.debian.org
Sat, 05 Mar 2005 22:28:13 +0100 

Author: luther
Date: 2005-03-05 22:28:13 +0100 (Sat, 05 Mar 2005)
New Revision: 2627

Removed:
   trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/029-random_poolsize_overflow.dpatch
Modified:
   trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/TODO
Log:
removed 029-random_poolsize_overflow as the sizectl got removed in 2.6.11 - thanks to trippeh.


Deleted: trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/029-random_poolsize_overflow.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/029-random_poolsize_overflow.dpatch	2005-03-05 21:13:57 UTC (rev 2626)
+++ trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/029-random_poolsize_overflow.dpatch	2005-03-05 21:28:13 UTC (rev 2627)
@@ -1,55 +0,0 @@
-#! /bin/sh -e
-## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Description: [SECURITY] check user-supplied length before copy_from_user
-## DP: Patch author: Andres Salomon <dilinger@voxel.net>
-## DP: Upstream status: not yet submitted
-
-. $(dirname $0)/DPATCH
-
-@DPATCH@
-Revision: linux-drivers-char--ps-int-overflow--0--patch-1
-Archive: dilinger@voxel.net--2005-public
-Creator: Andres Salomon <dilinger@voxel.net>
-Date: Fri Jan  7 17:45:21 EST 2005
-Standard-date: 2005-01-07 22:45:21 GMT
-Modified-files: random.c
-New-patches: dilinger@voxel.net--2005-public/linux-drivers-char--ps-int-overflow--0--patch-1
-Summary: integer overflow fix for poolsize_strategy()
-Keywords: 
-
-Pointed out by Brad Spengler here:
-http://seclists.org/lists/fulldisclosure/2005/Jan/0270.html
-
-The fix is simple; we're passed a size_t (generally an unsigned int
-or unsigned long, depending on arch); copy_from_user expects an
-unsigned long.  We can simply cast it to an unsigned long; table->maxlen
-guarantees that we'll always have a small amount, anyways.
-
-
-* modified files
-
---- orig/drivers/char/random.c
-+++ mod/drivers/char/random.c
-@@ -1906,7 +1906,7 @@
- 			     void __user *oldval, size_t __user *oldlenp,
- 			     void __user *newval, size_t newlen, void **context)
- {
--	int	len;
-+	unsigned long len;
- 	
- 	sysctl_poolsize = random_state->poolinfo.POOLBYTES;
- 
-@@ -1916,7 +1916,7 @@
- 	 * write case happens twice; it's harmless).
- 	 */
- 	if (newval && newlen) {
--		len = newlen;
-+		len = (unsigned long) newlen;
- 		if (len > table->maxlen)
- 			len = table->maxlen;
- 		if (copy_from_user(table->data, newval, len))
-
-
-

Modified: trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/TODO
===================================================================
--- trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/TODO	2005-03-05 21:13:57 UTC (rev 2626)
+++ trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/TODO	2005-03-05 21:28:13 UTC (rev 2627)
@@ -9,7 +9,6 @@
 # + drm-locking-fixes.dpatch			# FAILED
 # + ia64-generic-no-smp.dpatch			# FAILED
 # + ia64-generic-no-smp-1-to-2.dpatch		# FAILED
-# + 029-random_poolsize_overflow.dpatch		# FAILED
 # + 030-moxa_user_copy_checking.dpatch		# FAILED
 # + drivers-ide-__devinit.dpatch		# FAILED