[kernel] r5364 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series

Dann Frazier dannf at costa.debian.org
Sun Jan 8 22:45:31 UTC 2006 

Author: dannf
Date: Sun Jan  8 22:45:30 2006
New Revision: 5364

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/async-urb-delivery-oops-2.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2
Log:
add second part of the fix


Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Sun Jan  8 22:45:30 2006
@@ -152,7 +152,7 @@
     a local DoS (crash).
     See CVE-2005-3783
 
-  * async-urb-delivery-oops.dpatch:
+  * async-urb-delivery-oops.dpatch, async-urb-delivery-oops-2.dpatch:
     [SECURITY] Fix oops that can result from a process terminating before
     an issued URB request completes.
     See CVE-2005-3055

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/async-urb-delivery-oops-2.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/async-urb-delivery-oops-2.dpatch	Sun Jan  8 22:45:30 2006
@@ -0,0 +1,55 @@
+From: Linus Torvalds <torvalds at g5.osdl.org>
+Date: Mon, 10 Oct 2005 23:31:30 +0000 (-0700)
+Subject: Use the new "kill_proc_info_as_uid()" for USB disconnect too
+X-Git-Tag: v2.6.14-rc4
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d7dd8a72ab8d305fbe1c4bb571e0633eba3a8d23
+
+Use the new "kill_proc_info_as_uid()" for USB disconnect too
+
+All the same issues - we can't just save the pointer to the thread, we
+must save the pid/uid/euid combination.
+
+Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+Backported to 2.6.8 by dann frazier <dannf at debian.org>
+
+diff -urN kernel-source-2.6.8-2.6.8.orig/drivers/usb/core/devio.c kernel-source-2.6.8-2.6.8/drivers/usb/core/devio.c
+--- kernel-source-2.6.8-2.6.8.orig/drivers/usb/core/devio.c	2006-01-08 15:24:29.000000000 -0700
++++ kernel-source-2.6.8-2.6.8/drivers/usb/core/devio.c	2006-01-08 15:26:00.000000000 -0700
+@@ -500,7 +500,9 @@
+ 	INIT_LIST_HEAD(&ps->async_completed);
+ 	init_waitqueue_head(&ps->wait);
+ 	ps->discsignr = 0;
+-	ps->disctask = current;
++	ps->disc_pid = current->pid;
++	ps->disc_uid = current->uid;
++	ps->disc_euid = current->euid;
+ 	ps->disccontext = NULL;
+ 	ps->ifclaimed = 0;
+ 	wmb();
+diff -urN kernel-source-2.6.8-2.6.8.orig/drivers/usb/core/inode.c kernel-source-2.6.8-2.6.8/drivers/usb/core/inode.c
+--- kernel-source-2.6.8-2.6.8.orig/drivers/usb/core/inode.c	2004-08-13 23:36:14.000000000 -0600
++++ kernel-source-2.6.8-2.6.8/drivers/usb/core/inode.c	2006-01-08 15:26:00.000000000 -0700
+@@ -820,7 +820,7 @@
+ 			sinfo.si_errno = EPIPE;
+ 			sinfo.si_code = SI_ASYNCIO;
+ 			sinfo.si_addr = ds->disccontext;
+-			send_sig_info(ds->discsignr, &sinfo, ds->disctask);
++			kill_proc_info_as_uid(ds->discsignr, &sinfo, ds->disc_pid, ds->disc_uid, ds->disc_euid);
+ 		}
+ 	}
+ 	usbfs_update_special();
+diff -urN kernel-source-2.6.8-2.6.8.orig/include/linux/usbdevice_fs.h kernel-source-2.6.8-2.6.8/include/linux/usbdevice_fs.h
+--- kernel-source-2.6.8-2.6.8.orig/include/linux/usbdevice_fs.h	2004-08-13 23:36:32.000000000 -0600
++++ kernel-source-2.6.8-2.6.8/include/linux/usbdevice_fs.h	2006-01-08 15:35:11.000000000 -0700
+@@ -161,7 +161,8 @@
+ 	struct list_head async_completed;
+ 	wait_queue_head_t wait;     /* wake up if a request completed */
+ 	unsigned int discsignr;
+-	struct task_struct *disctask;
++	pid_t disc_pid;
++	uid_t disc_uid, disc_euid;
+ 	void __user *disccontext;
+ 	unsigned long ifclaimed;
+ };

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2	Sun Jan  8 22:45:30 2006
@@ -27,3 +27,4 @@
 + net-sdla-coverty.dpatch
 + ptrace-fix_self-attach_rule.dpatch
 + async-urb-delivery-oops.dpatch
++ async-urb-delivery-oops-2.dpatch

More information about the Kernel-svn-changes mailing list