[kernel] r12091 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix patches/series

Dann Frazier dannf at alioth.debian.org
Mon Aug 18 01:23:30 UTC 2008 

Author: dannf
Date: Mon Aug 18 01:23:28 2008
New Revision: 12091

Log:
Fix regression introduced upstream by the fixes for CVE-2008-1673

Added:
   dists/etch-security/linux-2.6.24/debian/patches/bugfix/cifs-fix-compiler-warning.patch   (contents, props changed)
   dists/etch-security/linux-2.6.24/debian/patches/bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch
Modified:
   dists/etch-security/linux-2.6.24/debian/changelog
   dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.5

Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog	(original)
+++ dists/etch-security/linux-2.6.24/debian/changelog	Mon Aug 18 01:23:28 2008
@@ -4,8 +4,9 @@
   * Fix regression introduced upstream by the fix for CVE-2008-0598
   * Fix possible information leak in seq_oss_synth.c
     (CVE-2008-3272)
+  * Fix regression introduced upstream by the fixes for CVE-2008-1673
 
- -- dann frazier <dannf at debian.org>  Tue, 12 Aug 2008 02:41:51 -0600
+ -- dann frazier <dannf at debian.org>  Sun, 17 Aug 2008 19:12:39 -0600
 
 linux-2.6.24 (2.6.24-6~etchnhalf.4) stable; urgency=low
 

Added: dists/etch-security/linux-2.6.24/debian/patches/bugfix/cifs-fix-compiler-warning.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/cifs-fix-compiler-warning.patch	Mon Aug 18 01:23:28 2008
@@ -0,0 +1,21 @@
+commit 04e1e0cccade330ab3715ce59234f7e3b087e246
+Author: Jan Beulich <jbeulich at novell.com>
+Date:   Tue Jul 22 13:04:18 2008 +0000
+
+    [CIFS] Fix compiler warning on 64-bit
+    
+    Signed-off-by: Steve French <sfrench at us.ibm.com>
+
+diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c
+index f58e41d..4276546 100644
+--- a/fs/cifs/asn1.c
++++ b/fs/cifs/asn1.c
+@@ -400,7 +400,7 @@ asn1_oid_decode(struct asn1_ctx *ctx,
+ 	size = eoc - ctx->pointer + 1;
+ 
+ 	/* first subid actually encodes first two subids */
+-	if (size < 2 || size > ULONG_MAX/sizeof(unsigned long))
++	if (size < 2 || size > UINT_MAX/sizeof(unsigned long))
+ 		return 0;
+ 
+ 	*oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC);

Added: dists/etch-security/linux-2.6.24/debian/patches/bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch	Mon Aug 18 01:23:28 2008
@@ -0,0 +1,28 @@
+commit 252815b0cfe711001eff0327872209986b36d490
+Author: David Howells <dhowells at redhat.com>
+Date:   Wed Jul 9 15:06:45 2008 -0700
+
+    netfilter: nf_nat_snmp_basic: fix a range check in NAT for SNMP
+    
+    Fix a range check in netfilter IP NAT for SNMP to always use a big enough size
+    variable that the compiler won't moan about comparing it to ULONG_MAX/8 on a
+    64-bit platform.
+    
+    Signed-off-by: David Howells <dhowells at redhat.com>
+    Signed-off-by: Patrick McHardy <kaber at trash.net>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
+index 7750c97..ffeaffc 100644
+--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
++++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
+@@ -439,8 +439,8 @@ static unsigned char asn1_oid_decode(struct asn1_ctx *ctx,
+ 				     unsigned int *len)
+ {
+ 	unsigned long subid;
+-	unsigned int  size;
+ 	unsigned long *optr;
++	size_t size;
+ 
+ 	size = eoc - ctx->pointer + 1;
+ 

Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.5
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.5	(original)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.5	Mon Aug 18 01:23:28 2008
@@ -1,2 +1,4 @@
 + bugfix/x86-wrong-register-was-used-in-align-macro.patch
 + bugfix/sound-ensure-device-number-is-valid-in-snd_seq_oss_synth_make_info.patch
++ bugfix/cifs-fix-compiler-warning.patch
++ bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch

More information about the Kernel-svn-changes mailing list