[kernel] r9593 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series

Bastian Blank waldi at alioth.debian.org
Tue Oct 2 08:53:13 UTC 2007 

Author: waldi
Date: Tue Oct  2 08:53:12 2007
New Revision: 9593

Log:
* debian/changelog: Update.
* debian/patches/bugfix/amd64-zero-extend-32bit-ptrace-xen.patch:
  Adopt for xen changes.
* debian/patches/series/13etch4-extra: Add.


Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/amd64-zero-extend-32bit-ptrace-xen.patch
      - copied, changed from r9545, /dists/etch-security/linux-2.6/debian/patches/bugfix/amd64-zero-extend-32bit-ptrace.patch
   dists/etch-security/linux-2.6/debian/patches/series/13etch4-extra
Modified:
   dists/etch-security/linux-2.6/debian/changelog

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	(original)
+++ dists/etch-security/linux-2.6/debian/changelog	Tue Oct  2 08:53:12 2007
@@ -1,3 +1,12 @@
+linux-2.6 (2.6.18.dfsg.1-13etch4) UNRELEASED; urgency=low
+
+  * bugfix/amd64-zero-extend-32bit-ptrace-xen.patch
+    [SECURITY] Zero extend all registers after ptrace in 32-bit entry path
+    in the Xen kernels.
+    See CVE-2007-4573
+
+ -- Bastian Blank <waldi at debian.org>  Tue, 02 Oct 2007 10:44:28 +0200
+
 linux-2.6 (2.6.18.dfsg.1-13etch3) stable-security; urgency=high
 
   * bugfix/ptrace-handle-bogus-selector.patch,

Copied: dists/etch-security/linux-2.6/debian/patches/bugfix/amd64-zero-extend-32bit-ptrace-xen.patch (from r9545, /dists/etch-security/linux-2.6/debian/patches/bugfix/amd64-zero-extend-32bit-ptrace.patch)
==============================================================================
--- /dists/etch-security/linux-2.6/debian/patches/bugfix/amd64-zero-extend-32bit-ptrace.patch	(original)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/amd64-zero-extend-32bit-ptrace-xen.patch	Tue Oct  2 08:53:12 2007
@@ -1,34 +1,10 @@
-From: Andi Kleen <ak at suse.de>
-Date: Fri, 21 Sep 2007 14:16:18 +0000 (+0200)
-Subject: x86_64: Zero extend all registers after ptrace in 32bit entry path.
-X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=176df2457ef6207156ca1a40991c54ca01fef567
+Adjusted to apply to Debian's 2.6.18 Xen
 
-x86_64: Zero extend all registers after ptrace in 32bit entry path.
-
-Strictly it's only needed for eax.
-
-It actually does a little more than strictly needed -- the other registers
-are already zero extended.
-
-Also remove the now unnecessary and non functional compat task check
-in ptrace.
-
-This is CVE-2007-4573
-
-Found by Wojciech Purczynski
-
-Signed-off-by: Andi Kleen <ak at suse.de>
-Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
----
-
-Adjusted to apply to Debian's 2.6.18 by dann frazier <dannf at debian.org>
-
-diff -urpN linux-source-2.6.18.orig/arch/x86_64/ia32/ia32entry.S linux-source-2.6.18/arch/x86_64/ia32/ia32entry.S
---- linux-source-2.6.18.orig/arch/x86_64/ia32/ia32entry.S	2006-09-19 21:42:06.000000000 -0600
-+++ linux-source-2.6.18/arch/x86_64/ia32/ia32entry.S	2007-09-25 00:10:16.089100799 -0600
+--- linux-source-2.6.18.orig/arch/x86_64/ia32/ia32entry-xen.S	2006-09-19 21:42:06.000000000 -0600
++++ linux-source-2.6.18/arch/x86_64/ia32/ia32entry-xen.S	2007-09-25 00:10:16.089100799 -0600
 @@ -38,6 +38,18 @@
- 	movq	%rax,R8(%rsp)
- 	.endm
+ #define __sti		sti	
+ #endif			
  
 +	.macro LOAD_ARGS32 offset
 +	movl \offset(%rsp),%r11d
@@ -72,17 +48,3 @@
  	RESTORE_REST
  	jmp ia32_do_syscall
  END(ia32_syscall)
-diff -urpN linux-source-2.6.18.orig/arch/x86_64/kernel/ptrace.c linux-source-2.6.18/arch/x86_64/kernel/ptrace.c
---- linux-source-2.6.18.orig/arch/x86_64/kernel/ptrace.c	2006-09-19 21:42:06.000000000 -0600
-+++ linux-source-2.6.18/arch/x86_64/kernel/ptrace.c	2007-09-25 00:10:16.089100799 -0600
-@@ -223,10 +223,6 @@ static int putreg(struct task_struct *ch
- {
- 	unsigned long tmp; 
- 	
--	/* Some code in the 64bit emulation may not be 64bit clean.
--	   Don't take any chances. */
--	if (test_tsk_thread_flag(child, TIF_IA32))
--		value &= 0xffffffff;
- 	switch (regno) {
- 		case offsetof(struct user_regs_struct,fs):
- 			if (value && (value & 3) != 3)

Added: dists/etch-security/linux-2.6/debian/patches/series/13etch4-extra
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/series/13etch4-extra	Tue Oct  2 08:53:12 2007
@@ -0,0 +1 @@
++ bugfix/amd64-zero-extend-32bit-ptrace-xen.patch *_xen *_xen-vserver

More information about the Kernel-svn-changes mailing list