[kernel] r5664 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series

Dann Frazier dannf at costa.debian.org
Wed Feb 1 05:48:16 UTC 2006 

Author: dannf
Date: Wed Feb  1 05:48:13 2006
New Revision: 5664

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/sparc64-clock-settime.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2
Log:

* sparc64-clock-settime.dpatch
  [SECURITY] Remove unnecessary sign-extension in compat_sys_clock_settime,
  fixing a DoS vulnerability on sparc systems.
  See CVE-2006-0482

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Wed Feb  1 05:48:13 2006
@@ -1,4 +1,4 @@
-kernel-source-2.6.8 (2.6.8-16sarge2) UNRELEASED; urgency=low
+kernel-source-2.6.8 (2.6.8-16sarge2) stable-security; urgency=high
 
   [ Simon Horman ]
   * net-sockglue-cap.dpatch
@@ -173,8 +173,13 @@
   * sysctl-buffer-overflow.dpatch:
     [SECURITY] Fix a potential overflow in sysctl buffer termination code.
     See CVE-2005-4618
+  
+  * sparc64-clock-settime.dpatch
+    [SECURITY] Remove unnecessary sign-extension in compat_sys_clock_settime,
+    fixing a DoS vulnerability on sparc systems.
+    See CVE-2006-0482
 
- -- dann frazier <dannf at debian.org>  Mon, 16 Jan 2006 15:52:11 -0700
+ -- dann frazier <dannf at debian.org>  Tue, 31 Jan 2006 22:45:22 -0700
 
 kernel-source-2.6.8 (2.6.8-16sarge1) stable-security; urgency=high
 

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2	Wed Feb  1 05:48:13 2006
@@ -32,3 +32,4 @@
 + io_edgeport_overflow.dpatch
 + mqueue-double-increment.dpatch
 + sysctl-buffer-overflow.dpatch
++ sparc64-clock-settime.dpatch

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/sparc64-clock-settime.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/sparc64-clock-settime.dpatch	Wed Feb  1 05:48:13 2006
@@ -0,0 +1,23 @@
+diff -urN kernel-source-2.6.8-2.6.8.orig/arch/sparc64/kernel/sys32.S kernel-source-2.6.8-2.6.8/arch/sparc64/kernel/sys32.S
+--- kernel-source-2.6.8-2.6.8.orig/arch/sparc64/kernel/sys32.S	2006-01-31 22:37:41.000000000 -0700
++++ kernel-source-2.6.8-2.6.8/arch/sparc64/kernel/sys32.S	2006-01-31 22:38:59.000000000 -0700
+@@ -84,7 +84,6 @@
+ SIGN2(sys32_bdflush, sys_bdflush, %o0, %o1)
+ SIGN1(sys32_mlockall, sys_mlockall, %o0)
+ SIGN1(sys32_nfsservctl, compat_sys_nfsservctl, %o0)
+-SIGN1(sys32_clock_settime, compat_clock_settime, %o1)
+ SIGN1(sys32_clock_nanosleep, compat_clock_nanosleep, %o1)
+ SIGN1(sys32_timer_settime, compat_timer_settime, %o1)
+ SIGN1(sys32_io_submit, compat_sys_io_submit, %o1)
+diff -urN kernel-source-2.6.8-2.6.8.orig/arch/sparc64/kernel/systbls.S kernel-source-2.6.8-2.6.8/arch/sparc64/kernel/systbls.S
+--- kernel-source-2.6.8-2.6.8.orig/arch/sparc64/kernel/systbls.S	2004-08-13 23:36:56.000000000 -0600
++++ kernel-source-2.6.8-2.6.8/arch/sparc64/kernel/systbls.S	2006-01-31 22:41:14.000000000 -0700
+@@ -71,7 +71,7 @@
+ /*240*/	.word sys_munlockall, sys32_sched_setparam, sys32_sched_getparam, sys32_sched_setscheduler, sys32_sched_getscheduler
+ 	.word sys_sched_yield, sys32_sched_get_priority_max, sys32_sched_get_priority_min, sys32_sched_rr_get_interval, compat_sys_nanosleep
+ /*250*/	.word sys32_mremap, sys32_sysctl, sys32_getsid, sys_fdatasync, sys32_nfsservctl
+-	.word sys_ni_syscall, sys32_clock_settime, compat_clock_gettime, compat_clock_getres, sys32_clock_nanosleep
++	.word sys_ni_syscall, compat_sys_clock_settime, compat_sys_clock_gettime, compat_sys_clock_getres, sys32_clock_nanosleep
+ /*260*/	.word compat_sys_sched_getaffinity, compat_sys_sched_setaffinity, sys32_timer_settime, compat_timer_gettime, sys_timer_getoverrun
+ 	.word sys_timer_delete, sys32_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy
+ /*270*/	.word sys32_io_submit, sys_io_cancel, compat_sys_io_getevents, sys32_mq_open, sys_mq_unlink

More information about the Kernel-svn-changes mailing list