r2782 - in trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series
Simon Horman
horms@costa.debian.org
Tue, 22 Mar 2005 10:30:44 +0100
Author: horms
Date: 2005-03-22 10:30:43 +0100 (Tue, 22 Mar 2005)
New Revision: 2782
Added:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/146_ip6_copy_metadata_leak.diff
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/147_ip_copy_metadata_leak.diff
Modified:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9
Log:
Do not leak dst entries in ip_copy_metadata()
+ See CAN-2005-0210.
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2005-03-22 07:28:57 UTC (rev 2781)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2005-03-22 09:30:43 UTC (rev 2782)
@@ -9,7 +9,7 @@
* Updated apply script so it can handle point versions
(Simon Horman)
- * 134_skb_reset_ip_summed.diff: [CAN-2005-0209] resolve checksumming
+ * 134_skb_reset_ip_summed.diff: [CAN-2005-0209] resolve checksumming
exploit in fragmented packet forwarding (Joshua Kwan)
* 135_fix_ip_options_leak.diff: [CAN-2004-1335] fix leak of IP options
@@ -42,20 +42,24 @@
(Simon Horman)
* 143_outs.diff:
- [SECURITY]: AMD64, allows local users to write to privileged
+ [SECURITY]: AMD64, allows local users to write to privileged
IO ports via OUTS instruction (CAN-2005-0204) (Simon Horman)
(see: #296700)
- * 144_sparc64-sb1500-clock-2.4.diff by David Miller: enable recognition
+ * 144_sparc64-sb1500-clock-2.4.diff by David Miller: enable recognition
of the clock chip on SunBlade 1500, it won't boot otherwise.
(Jurij Smakov).
- * 145_insert_vm_struct-no-BUG.patch:
- [SECURITY] make insert_vm_struct return an error rather than BUG().
+ * 145_insert_vm_struct-no-BUG.patch:
+ [SECURITY] make insert_vm_struct return an error rather than BUG().
See CAN-2005-0003. (dann frazier)
- -- dann frazier <dannf@debian.org> Tue, 15 Mar 2005 18:15:10 -0700
+ * 146_ip6_copy_metadata_leak.diff 147_ip_copy_metadata_leak.diff:
+ [SECURITY] Do not leak dst entries in ip_copy_metadata()
+ See CAN-2005-0210. (Simon Horman)
+ -- Simon Horman <horms@debian.org> Tue, 22 Mar 2005 16:46:35 +0900
+
kernel-source-2.4.27 (2.4.27-8) unstable; urgency=high
* add dh_fixperms to the build targets to kernel-patch-debian-2.4.27
Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/146_ip6_copy_metadata_leak.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/146_ip6_copy_metadata_leak.diff 2005-03-22 07:28:57 UTC (rev 2781)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/146_ip6_copy_metadata_leak.diff 2005-03-22 09:30:43 UTC (rev 2782)
@@ -0,0 +1,52 @@
+# origin: yoshfuji (BitKeeper)
+# cset: 1.1982.1.5 (2.6) key=41fdb84aBJklcjU85o1N1_dsch6HBw
+# URL: http://linux.bkbits.net:8080/linux-2.6/cset@41fdb84aBJklcjU85o1N1_dsch6HBw
+# inclusion: upstream
+# descrition: [IPV6]: Fix ip6_copy_metadata potential dst leak too.
+# revision date: Tue, 22 Mar 2005 16:44:08 +0900
+#
+# S rset: ChangeSet|1.1982.1.4..1.1982.1.5
+# I rset: net/ipv6/ip6_output.c|1.82..1.83
+#
+# Key:
+# S: Skipped ChangeSet file only
+# O: Original Followed by Updated
+# U: Updated Included with updated range of versions
+# I: Included Included verbatim
+# E: Excluded Excluded on request from user
+# D: Deleted Manually deleted by subsequent user edit
+# R: Revised Manually revised by subsequent user edit
+#
+#
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2005/01/30 20:47:06-08:00 yoshfuji@linux-ipv6.org
+# [IPV6]: Fix ip6_copy_metadata potential dst leak too.
+#
+# Same fix as per ipv4 ip_copy_metadata().
+#
+# Signed-off-by: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
+# Signed-off-by: David S. Miller <davem@davemloft.net>
+#
+# net/ipv6/ip6_output.c
+# 2005/01/30 20:46:45-08:00 yoshfuji@linux-ipv6.org +1 -0
+# [IPV6]: Fix ip6_copy_metadata potential dst leak too.
+#
+# Same fix as per ipv4 ip_copy_metadata().
+#
+# Signed-off-by: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
+# Signed-off-by: David S. Miller <davem@davemloft.net>
+#
+#
+===== net/ipv6/ip6_output.c 1.82 vs 1.83 =====
+--- 1.82/net/ipv6/ip6_output.c 2005-01-25 09:40:10 +09:00
++++ 1.83/net/ipv6/ip6_output.c 2005-01-31 13:46:45 +09:00
+@@ -463,6 +463,7 @@ static void ip6_copy_metadata(struct sk_
+ to->priority = from->priority;
+ to->protocol = from->protocol;
+ to->security = from->security;
++ dst_release(to->dst);
+ to->dst = dst_clone(from->dst);
+ to->dev = from->dev;
+
Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/147_ip_copy_metadata_leak.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/147_ip_copy_metadata_leak.diff 2005-03-22 07:28:57 UTC (rev 2781)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/147_ip_copy_metadata_leak.diff 2005-03-22 09:30:43 UTC (rev 2782)
@@ -0,0 +1,58 @@
+# origin: kaber (BitKeeper)
+# cset: 1.1982.1.4 (2.6) key=41fd96c39V0t4MxKFxE1aZn2f4b5UA
+# URL: http://linux.bkbits.net:8080/linux-2.6/cset@41fd96c39V0t4MxKFxE1aZn2f4b5UA
+# inclusion: upstream
+# descrition: [IPV4]: Do not leak dst entries in ip_copy_metadata().
+# revision date: Tue, 22 Mar 2005 16:43:57 +0900
+#
+# S rset: ChangeSet|1.1982.1.3..1.1982.1.4
+# I rset: net/ipv4/ip_output.c|1.74..1.74.1.1
+#
+# Key:
+# S: Skipped ChangeSet file only
+# O: Original Followed by Updated
+# U: Updated Included with updated range of versions
+# I: Included Included verbatim
+# E: Excluded Excluded on request from user
+# D: Deleted Manually deleted by subsequent user edit
+# R: Revised Manually revised by subsequent user edit
+#
+#
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2005/01/30 18:24:03-08:00 kaber@trash.net
+# [IPV4]: Do not leak dst entries in ip_copy_metadata().
+#
+# Netfilter conntrack can defragment locally generated
+# packets before they hit ip_fragment(). In this case
+# the fragments have skb->dst set already, so we have to
+# release that existing reference before overwriting
+# skb->dst.
+#
+# Signed-off-by: David S. Miller <davem@davemloft.net>
+#
+# net/ipv4/ip_output.c
+# 2005/01/30 18:23:28-08:00 kaber@trash.net +1 -0
+# [IPV4]: Do not leak dst entries in ip_copy_metadata().
+#
+# Netfilter conntrack can defragment locally generated
+# packets before they hit ip_fragment(). In this case
+# the fragments have skb->dst set already, so we have to
+# release that existing reference before overwriting
+# skb->dst.
+#
+# Signed-off-by: David S. Miller <davem@davemloft.net>
+#
+#
+===== net/ipv4/ip_output.c 1.74 vs 1.74.1.1 =====
+--- 1.74/net/ipv4/ip_output.c 2005-01-25 09:40:10 +09:00
++++ 1.74.1.1/net/ipv4/ip_output.c 2005-01-31 11:23:28 +09:00
+@@ -389,6 +389,7 @@ static void ip_copy_metadata(struct sk_b
+ to->priority = from->priority;
+ to->protocol = from->protocol;
+ to->security = from->security;
++ dst_release(to->dst);
+ to->dst = dst_clone(from->dst);
+ to->dev = from->dev;
+
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9 2005-03-22 07:28:57 UTC (rev 2781)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9 2005-03-22 09:30:43 UTC (rev 2782)
@@ -11,3 +11,5 @@
+ 143_outs.diff
+ 144_sparc64-sb1500-clock-2.4.diff
+ 145_insert_vm_struct-no-BUG.diff
++ 146_ip6_copy_metadata_leak.diff
++ 147_ip_copy_metadata_leak.diff