r4428 - dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian
dists/sid/linux-2.6/debian
dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian
dists/trunk/linux-2.6/debian people/horms/2.6.13.build
people/horms/patch_notes/2.6-stable people/horms/patch_notes/cve
Simon Horman
horms at costa.debian.org
Wed Oct 12 09:50:47 UTC 2005
Author: horms
Date: 2005-10-12 09:50:44 +0000 (Wed, 12 Oct 2005)
New Revision: 4428
Added:
people/horms/2.6.13.build/2.6.13.prepare.experimental
people/horms/patch_notes/cve/CAN-2005-3179
people/horms/patch_notes/cve/CAN-2005-3180
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sid/linux-2.6/debian/changelog
dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
dists/trunk/linux-2.6/debian/changelog
people/horms/2.6.13.build/2.6.13.build
people/horms/patch_notes/2.6-stable/2.6.13.4
Log:
Annotate CAN-2005-3179 and CAN-2005-3180
Modified: dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2005-10-12 06:09:40 UTC (rev 4427)
+++ dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2005-10-12 09:50:44 UTC (rev 4428)
@@ -318,6 +318,7 @@
* orinoco-info-leak.dpatch
[SECURITY] orinoco: Information leakage due to incorrect padding
+ See CAN-2005-3180
From 2.6.13.4
* fix-sparc64-fpu-register-corruption.dpatch
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2005-10-12 06:09:40 UTC (rev 4427)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2005-10-12 09:50:44 UTC (rev 4428)
@@ -77,6 +77,7 @@
* orinoco-info-leak.patch
[SECURITY] orinoco: Information leakage due to incorrect padding
+ See CAN-2005-3180
From 2.6.13.4
* plug-names_cache-memleak.dpatch
Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2005-10-12 06:09:40 UTC (rev 4427)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2005-10-12 09:50:44 UTC (rev 4428)
@@ -28,9 +28,12 @@
* 192_orinoco-info-leak.diff
[SECURITY] orinoco: Information leakage due to incorrect padding
+ See CAN-2005-3180
+ From 2.6.13.4
* 193_plug-names_cache-memleak.diff
[SECURITY] Avoid 'names_cache' memory leak with CONFIG_AUDITSYSCALL
+ From 2.6.13.4
-- Simon Horman <horms at debian.org> Tue, 11 Oct 2005 19:45:57 +0900
Modified: dists/sid/linux-2.6/debian/changelog
===================================================================
--- dists/sid/linux-2.6/debian/changelog 2005-10-12 06:09:40 UTC (rev 4427)
+++ dists/sid/linux-2.6/debian/changelog 2005-10-12 09:50:44 UTC (rev 4428)
@@ -11,9 +11,11 @@
- ieee1394/sbp2: fixes for hot-unplug and module unloading
ieee1394-sbp2-fixes-for-hot-unplug-and-module-unloading.patch
- [SECURITY] orinoco: Information leakage due to incorrect padding
+ See CAN-2005-3180
orinoco-info-leak.patch
- [SECURITY] Fix drm 'debug' sysfs permissions
drm-module_param-permissions-fix.patch
+ See CAN-2005-3179
- [SPARC64]: Fix userland FPU state corruption.
fix-sparc64-fpu-register-corruption.patch
- [SECURITY] Avoid 'names_cache' memory leak with CONFIG_AUDITSYSCALL
Modified: dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2005-10-12 06:09:40 UTC (rev 4427)
+++ dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2005-10-12 09:50:44 UTC (rev 4428)
@@ -72,9 +72,12 @@
* 192_orinoco-info-leak.diff
[SECURITY] orinoco: Information leakage due to incorrect padding
+ See CAN-2005-3180
+ From 2.6.13.4
* 193_plug-names_cache-memleak.diff
[SECURITY] Avoid 'names_cache' memory leak with CONFIG_AUDITSYSCALL
+ From 2.6.13.4
-- Simon Horman <horms at debian.org> Tue, 11 Oct 2005 19:46:58 +0900
Modified: dists/trunk/linux-2.6/debian/changelog
===================================================================
--- dists/trunk/linux-2.6/debian/changelog 2005-10-12 06:09:40 UTC (rev 4427)
+++ dists/trunk/linux-2.6/debian/changelog 2005-10-12 09:50:44 UTC (rev 4428)
@@ -29,12 +29,15 @@
* deactivate FB_RIVA on all architectures.
* deactivate BLK_DEV_IDESCSI on all architectures.
* Added patch-2.6.13.4:
- - key: plug request_key_auth memleak (CAN-2005-3119)
+ - [SECURITY] key: plug request_key_auth memleak
+ See CAN-2005-3119
- [SECURITY] Fix drm 'debug' sysfs permissions
+ See CAN-2005-3179
- [SECURITY] Avoid 'names_cache' memory leak with CONFIG_AUDITSYSCALL
- [SPARC64] Fix userland FPU state corruption.
- BIC coding bug in Linux 2.6.13
- - [SECURITY] orinoco: Information leakage due to incorrect padding
+ - [SECURITY] orinoco: Information leakage due to incorrect padding
+ See CAN-2005-3180
- ieee1394/sbp2: fixes for hot-unplug and module unloading
-- Simon Horman <horms at debian.org> Tue, 11 Oct 2005 19:50:55 +0900
Modified: people/horms/2.6.13.build/2.6.13.build
===================================================================
--- people/horms/2.6.13.build/2.6.13.build 2005-10-12 06:09:40 UTC (rev 4427)
+++ people/horms/2.6.13.build/2.6.13.build 2005-10-12 09:50:44 UTC (rev 4428)
@@ -9,20 +9,21 @@
SVN_BASE="$HOME/work/debian-kernel/svn/kernel"
SVN_TRUNK="$SVN_BASE/dists/trunk"
-#NPROC code borrowed from VA Linux Systems Kernel RPM
-if [ "$OSTYPE" = "linux-gnu" -a -x /usr/bin/getconf ] ; then
- NRPROC=$(/usr/bin/getconf _NPROCESSORS_ONLN)
- if [ $NRPROC -eq 0 ] ; then
- NRPROC=1
- fi
-else
- NRPROC=1
-fi
-NRPROC=`expr $NRPROC + 1`
+##NPROC code borrowed from VA Linux Systems Kernel RPM
+#if [ "$OSTYPE" = "linux-gnu" -a -x /usr/bin/getconf ] ; then
+# NRPROC=$(/usr/bin/getconf _NPROCESSORS_ONLN)
+# if [ $NRPROC -eq 0 ] ; then
+# NRPROC=1
+# fi
+#else
+# NRPROC=1
+#fi
+#NRPROC=`expr $NRPROC + 1`
+#export CONCURRENCY_LEVEL=$NRPROC
## Make options
unset MAKE
-export CONCURRENCY_LEVEL=$NRPROC
+unset CONCURRENCY_LEVEL
export CCACHE_HARDLINK
## Locale options
@@ -30,5 +31,5 @@
unset LANG
unset LANGUAGE
-( cd "$BUILD_BASE/linux-2.6-$VERSION/" &&
- dpkg-buildpackage -B -us -uc -rfakeroot 2>&1 | tee ../build.log; )
+( cd "$BUILD_BASE/linux-2.6-$VERSION/" && ./debian/rules clean &&
+ dpkg-buildpackage -us -uc -rfakeroot 2>&1 | tee ../build.log; )
Copied: people/horms/2.6.13.build/2.6.13.prepare.experimental (from rev 4317, people/horms/2.6.13.build/2.6.13.prepare)
===================================================================
--- people/horms/2.6.13.build/2.6.13.prepare 2005-10-06 10:25:01 UTC (rev 4317)
+++ people/horms/2.6.13.build/2.6.13.prepare.experimental 2005-10-12 09:50:44 UTC (rev 4428)
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+set -e
+
+VERSION="2.6.13"
+DEBVERSION="1"
+BUILD_BASE="$HOME/tmp/debian-kernel-test/linux-$VERSION"
+DOWNLOAD_URL="http://mirror.local.valinux.co.jp/debian/pool/main/l/linux-2.6/"
+SVN_BASE="$HOME/work/debian-kernel/svn/kernel"
+SVN_TRUNK="$SVN_BASE/dists/trunk"
+
+rm -rf "$BUILD_BASE"
+mkdir -p "$BUILD_BASE"
+cd "$BUILD_BASE"
+
+wget -q "${DOWNLOAD_URL}/linux-2.6_${VERSION}.orig.tar.gz" \
+ "${DOWNLOAD_URL}/linux-2.6_${VERSION}.orig.tar.gz" \
+
+rsync -qav --exclude .svn/ "$SVN_TRUNK/linux-2.6/" ./
+make -s -f debian/rules debian/control >& /dev/null || true
+make -s -f debian/rules debian/control >& /dev/null || true
+make -s -f debian/rules debian/control
+
+echo
+echo "Tree is in \"$BUILD_BASE/linux-2.6-$VERSION/\""
+echo
+echo "To add Debian patches run the following in the root of the tree: "
+echo " home=\"./debian/patches-debian\" \/"
+echo " override_version=\"$VERSION-$DEBVERSION\" \/"
+echo " sh ./debian/bin/apply"
+echo
+echo "To remove Debian patches run the following in the root of the tree: "
+echo " home=\"./debian/patches-debian\" \/"
+echo " override_version=\"$VERSION\" \/"
+echo " sh ./debian/bin/apply"
+echo
+echo "To build the package, make sure that Debian packages are not applied"
+echo "and run the following in the root of the tree:"
+echo " dpkg-buildpackage -us -uc -rfakeroot"
+echo
Modified: people/horms/patch_notes/2.6-stable/2.6.13.4
===================================================================
--- people/horms/patch_notes/2.6-stable/2.6.13.4 2005-10-12 06:09:40 UTC (rev 4427)
+++ people/horms/patch_notes/2.6-stable/2.6.13.4 2005-10-12 09:50:44 UTC (rev 4428)
@@ -15,7 +15,7 @@
* [SECURITY] orinoco: Information leakage due to incorrect padding
orinoco-info-leak.patch
- Security: Yes; Should request CVE
+ Security: Yes; CAN-2005-3180
2.6.13: applied
2.6.12: added to svn; orinoco-info-leak.patch
2.6.8-sarge: added to svn; backported; orinoco-info-leak.dpatch
@@ -37,7 +37,7 @@
* [SECURITY] Fix drm 'debug' sysfs permissions
drm-module_param-permissions-fix.patch
- Security: Yes; Should request CVE
+ Security: Yes; CAN-2005-3179
2.6.13: applied
2.6.12: added to svn; drm-module_param-permissions-fix.patch
2.6.8-sarge: not vulnerable
Added: people/horms/patch_notes/cve/CAN-2005-3179
===================================================================
--- people/horms/patch_notes/cve/CAN-2005-3179 2005-10-12 06:09:40 UTC (rev 4427)
+++ people/horms/patch_notes/cve/CAN-2005-3179 2005-10-12 09:50:44 UTC (rev 4428)
@@ -0,0 +1,24 @@
+> > From: Dave Jones <davej at redhat.com>
+> >
+> > Please consider for next 2.6.13, it is a minor security issue allowing
+> > users to turn on drm debugging when they shouldn't...
+
+======================================================
+Candidate: CAN-2005-3179
+URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3179
+Reference: CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=d7067d7d1f92cba14963a430cfbd53098cbbc8fd
+Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=107893
+
+drm.c in Linux kernel 2.6.13 and earlier creates a debug file in sysfs
+with world-readable and world-writable permissions, which allows local
+users to enable DRM debugging and obtain sensitive information.
+
+Notes from Horms
+upstream: 2.6.13.4
+2.6.13: applied
+2.6.12: added to svn; drm-module_param-permissions-fix.patch
+2.6.8-sarge: not vulnerable
+2.6.8-sarge-security: not vulnerable
+2.4.27-sid/sarge: not vulnerable
+2.4.27-sarge-security: not vulnerable
+
Added: people/horms/patch_notes/cve/CAN-2005-3180
===================================================================
--- people/horms/patch_notes/cve/CAN-2005-3180 2005-10-12 06:09:40 UTC (rev 4427)
+++ people/horms/patch_notes/cve/CAN-2005-3180 2005-10-12 09:50:44 UTC (rev 4428)
@@ -0,0 +1,26 @@
+> > From: Pavel Roskin <proski at gnu.org>
+> >
+> > The orinoco driver can send uninitialized data exposing random pieces of
+> > the system memory. This happens because data is not padded with zeroes
+> > when its length needs to be increased.
+
+======================================================
+Candidate: CAN-2005-3180
+URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3180
+Reference: CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=feecb2ffde28639e60ede769c6f817dc536c677b
+
+The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does
+not properly clear memory from a previously used packet whose length
+is increased, which allows remote attackers to obtain sensitive
+information.
+
+Notes from Horms
+upstream: 2.6.13.4
+2.6.13: applied
+2.6.12: added to svn; orinoco-info-leak.patch
+2.6.8-sarge: added to svn; backported; orinoco-info-leak.dpatch
+2.6.8-sarge-security: added to svn; backported; orinoco-info-leak.dpatch
+2.4.27-sid/sarge: added to svn; backported; 192_orinoco-info-leak.diff
+2.4.27-sarge-security: added to svn; backported; 192_orinoco-info-leak.diff
+
+
More information about the Kernel-svn-changes
mailing list