[kernel] r12090 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series

Dann Frazier dannf at alioth.debian.org
Mon Aug 18 01:22:45 UTC 2008 

Author: dannf
Date: Mon Aug 18 01:22:43 2008
New Revision: 12090

Log:
bugfix/cifs-fix-compiler-warning.patch
bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch
Fix regression introduced upstream by the fixes for CVE-2008-1673

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/cifs-fix-compiler-warning.patch
   dists/etch-security/linux-2.6/debian/patches/bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/22etch2

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	(original)
+++ dists/etch-security/linux-2.6/debian/changelog	Mon Aug 18 01:22:43 2008
@@ -8,8 +8,11 @@
   * bugfix/vfs-fix-lookup-on-deleted-directory.patch
     Fix potential memory leak in lookup path
     See CVE-2008-3275
+  * bugfix/cifs-fix-compiler-warning.patch
+    bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch
+    Fix regression introduced upstream by the fixes for CVE-2008-1673
 
- -- dann frazier <dannf at debian.org>  Fri, 15 Aug 2008 14:00:29 -0600
+ -- dann frazier <dannf at debian.org>  Sun, 17 Aug 2008 18:56:12 -0600
 
 linux-2.6 (2.6.18.dfsg.1-22etch1) stable-security; urgency=high
 

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/cifs-fix-compiler-warning.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/cifs-fix-compiler-warning.patch	Mon Aug 18 01:22:43 2008
@@ -0,0 +1,21 @@
+commit 04e1e0cccade330ab3715ce59234f7e3b087e246
+Author: Jan Beulich <jbeulich at novell.com>
+Date:   Tue Jul 22 13:04:18 2008 +0000
+
+    [CIFS] Fix compiler warning on 64-bit
+    
+    Signed-off-by: Steve French <sfrench at us.ibm.com>
+
+diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c
+index f58e41d..4276546 100644
+--- a/fs/cifs/asn1.c
++++ b/fs/cifs/asn1.c
+@@ -400,7 +400,7 @@ asn1_oid_decode(struct asn1_ctx *ctx,
+ 	size = eoc - ctx->pointer + 1;
+ 
+ 	/* first subid actually encodes first two subids */
+-	if (size < 2 || size > ULONG_MAX/sizeof(unsigned long))
++	if (size < 2 || size > UINT_MAX/sizeof(unsigned long))
+ 		return 0;
+ 
+ 	*oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC);

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch	Mon Aug 18 01:22:43 2008
@@ -0,0 +1,27 @@
+commit 252815b0cfe711001eff0327872209986b36d490
+Author: David Howells <dhowells at redhat.com>
+Date:   Wed Jul 9 15:06:45 2008 -0700
+
+    netfilter: nf_nat_snmp_basic: fix a range check in NAT for SNMP
+    
+    Fix a range check in netfilter IP NAT for SNMP to always use a big enough size
+    variable that the compiler won't moan about comparing it to ULONG_MAX/8 on a
+    64-bit platform.
+    
+    Signed-off-by: David Howells <dhowells at redhat.com>
+    Signed-off-by: Patrick McHardy <kaber at trash.net>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff -urpN linux-source-2.6.18.orig/net/ipv4/netfilter/ip_nat_snmp_basic.c linux-source-2.6.18/net/ipv4/netfilter/ip_nat_snmp_basic.c
+--- linux-source-2.6.18.orig/net/ipv4/netfilter/ip_nat_snmp_basic.c	2008-06-16 16:25:21.000000000 -0600
++++ linux-source-2.6.18/net/ipv4/netfilter/ip_nat_snmp_basic.c	2008-08-17 19:03:41.000000000 -0600
+@@ -442,8 +442,8 @@ static unsigned char asn1_oid_decode(str
+                                      unsigned int *len)
+ {
+ 	unsigned long subid;
+-	unsigned int  size;
+ 	unsigned long *optr;
++	size_t size;
+ 	
+ 	size = eoc - ctx->pointer + 1;
+ 

Modified: dists/etch-security/linux-2.6/debian/patches/series/22etch2
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/22etch2	(original)
+++ dists/etch-security/linux-2.6/debian/patches/series/22etch2	Mon Aug 18 01:22:43 2008
@@ -1,3 +1,5 @@
 + bugfix/x86-wrong-register-was-used-in-align-macro.patch
 + bugfix/sound-ensure-device-number-is-valid-in-snd_seq_oss_synth_make_info.patch
 + bugfix/vfs-fix-lookup-on-deleted-directory.patch
++ bugfix/cifs-fix-compiler-warning.patch
++ bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch

More information about the Kernel-svn-changes mailing list