[kernel] r4831 - in
dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian:
. patches patches/series
Simon Horman
horms at costa.debian.org
Wed Nov 16 06:45:31 UTC 2005
Author: horms
Date: Wed Nov 16 06:45:29 2005
New Revision: 4831
Added:
dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/196_net-bridge-if_del-panic.diff
dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/197_net-plip-invalid-ioctl.diff
Modified:
dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-12
Log:
* 196_net-bridge-if_del-panic.diff
Fix panic when non-existant bridge is deleted
(closes: #255406)
* 197_net-plip-invalid-ioctl.diff
Detect invalid ioctls in plip driver
(closes: #252187)
Modified: dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
--- dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog (original)
+++ dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog Wed Nov 16 06:45:29 2005
@@ -83,7 +83,15 @@
* 195_net-ipv6-udp_v6_get_port-loop.diff
[SECURITY] Fix infinite loop in udp_v6_get_port(). See CVE-2005-2973
- -- Simon Horman <horms at debian.org> Mon, 31 Oct 2005 18:43:51 +0900
+ * 196_net-bridge-if_del-panic.diff
+ Fix panic when non-existant bridge is deleted
+ (closes: #255406)
+
+ * 197_net-plip-invalid-ioctl.diff
+ Detect invalid ioctls in plip driver
+ (closes: #252187)
+
+ -- Simon Horman <horms at debian.org> Wed, 16 Nov 2005 14:56:28 +0900
kernel-source-2.4.27 (2.4.27-11) unstable; urgency=low
Added: dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/196_net-bridge-if_del-panic.diff
==============================================================================
--- (empty file)
+++ dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/196_net-bridge-if_del-panic.diff Wed Nov 16 06:45:29 2005
@@ -0,0 +1,43 @@
+# Date: Sun, 20 Jun 2004 19:56:26 +0200
+# From: Erich Schubert <erich at debian.org>
+# Changes: Rebackported from 2.6.14, Horms <horms at debian.org>
+# Reported: http://bugs.debian.org/255406
+# Security: No
+# Upstream: Forwarded to upstream
+
+Package: kernel-source-2.4.26
+Severity: normal
+
+Some time ago i found a kernel crash in 2.4.x and reported it to LKML.
+Unfortunately i never recieved a reply, and i didn't see it in recent
+pre-releases of the 2.4.x kernel.
+
+To verify your system is vulnerable (need bridge support):
+$ brctl addbr br0
+$ brctl addbr br1
+$ brctl addif br0 eth0
+$ brctl delif br1 eth0
+(note br1 in last line, not br0! Deleting from the wrong bridge triggers
+the kernel crash.)
+
+This is a 1:1 backport (100% copy&paste) from 2.6.5 of the fix.
+Verify yourself, grab the file from 2.6.5, go to the function, copy the
+code, paste it and the issue is done. Returns "einval" on invalid
+requests instead of causing an inconsistency and a panic.
+
+(fixed sometime in 2.5.x it seems; it might be worth looking at when
+this was fixed - it might contain other fixes, too.)
+
+--- a/net/bridge/br_if.c 2005-11-16 14:46:05.000000000 +0900
++++ b/net/bridge/br_if.c 2005-11-16 14:46:09.000000000 +0900
+@@ -246,6 +246,10 @@
+ int br_del_if(struct net_bridge *br, struct net_device *dev)
+ {
+ int retval;
++ struct net_bridge_port *p = dev->br_port;
++
++ if (!p || p->br != br)
++ return -EINVAL;
+
+ br_write_lock_bh(BR_NETPROTO_LOCK);
+ write_lock(&br->lock);
Added: dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/197_net-plip-invalid-ioctl.diff
==============================================================================
--- (empty file)
+++ dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/197_net-plip-invalid-ioctl.diff Wed Nov 16 06:45:29 2005
@@ -0,0 +1,20 @@
+# Date: Wed, 2 Jun 2004 09:29:20 +1000
+# From: Herbert Xu <herbert at gondor.apana.org.au>
+# Changes:
+# Reported: http://bugs.debian.org/252187
+# Security: No
+# Upstream: Fixed
+
+===== drivers/net/plip.c 1.20 vs edited =====
+--- 1.20/drivers/net/plip.c 2004-03-04 05:52:24 +11:00
++++ edited/drivers/net/plip.c 2004-06-02 09:21:05 +10:00
+@@ -1219,6 +1219,9 @@
+ struct net_local *nl = netdev_priv(dev);
+ struct plipconf *pc = (struct plipconf *) &rq->ifr_data;
+
++ if (cmd != SIOCDEVPLIP)
++ return -EOPNOTSUPP;
++
+ switch(pc->pcmd) {
+ case PLIP_GET_TIMEOUT:
+ pc->trigger = nl->trigger;
Modified: dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-12
==============================================================================
--- dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-12 (original)
+++ dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-12 Wed Nov 16 06:45:29 2005
@@ -11,3 +11,5 @@
+ 192_orinoco-info-leak.diff
+ 194_xfs-inode-race.diff
+ 195_net-ipv6-udp_v6_get_port-loop.diff
++ 196_net-bridge-if_del-panic.diff
++ 197_net-plip-invalid-ioctl.diff
More information about the Kernel-svn-changes
mailing list