[kernel] r10540 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series

Dann Frazier dannf at alioth.debian.org
Thu Feb 14 04:22:45 UTC 2008 

Author: dannf
Date: Thu Feb 14 04:22:44 2008
New Revision: 10540

Log:
* powerpc-chrp-null-deref.dpatch
  [SECURITY][powerpc] Fix NULL pointer dereference if get_property
  fails on the subarchitecture
  See CVE-2007-6694

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/powerpc-chrp-null-deref.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Thu Feb 14 04:22:44 2008
@@ -61,8 +61,12 @@
     If userspace still has the device open it can result, the driver would
     wait for the device to close, blocking the USB subsystem.
     See CVE-2007-5093
+  * powerpc-chrp-null-deref.dpatch
+    [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+    fails on the subarchitecture
+    See CVE-2007-6694
 
- -- dann frazier <dannf at debian.org>  Wed, 13 Feb 2008 20:20:12 -0700
+ -- dann frazier <dannf at debian.org>  Wed, 13 Feb 2008 21:18:45 -0700
 
 kernel-source-2.6.8 (2.6.8-17) oldstable; urgency=high
 

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/powerpc-chrp-null-deref.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/powerpc-chrp-null-deref.dpatch	Thu Feb 14 04:22:44 2008
@@ -0,0 +1,49 @@
+commit 9ac71d00398674aaec664f30559f0a21d963862f
+Author: Cyrill Gorcunov <gorcunov at gmail.com>
+Date:   Fri Nov 23 16:43:04 2007 +1100
+
+    [POWERPC] CHRP: Fix possible NULL pointer dereference
+    
+    This fixes a possible NULL pointer dereference inside of strncmp() if
+    of_get_property() fails.
+    
+    Signed-off-by: Cyrill Gorcunov <gorcunov at gmail.com>
+    Signed-off-by: Paul Mackerras <paulus at samba.org>
+
+Backported to Debian's 2.6.8 by dann frazier <dannf at debian.org>
+
+diff -urpN kernel-source-2.6.8.orig/arch/ppc/platforms/chrp_setup.c kernel-source-2.6.8/arch/ppc/platforms/chrp_setup.c
+--- kernel-source-2.6.8.orig/arch/ppc/platforms/chrp_setup.c	2007-05-26 02:54:38.000000000 -0600
++++ kernel-source-2.6.8/arch/ppc/platforms/chrp_setup.c	2008-02-13 20:40:08.000000000 -0700
+@@ -117,7 +117,7 @@ chrp_show_cpuinfo(struct seq_file *m)
+ 	seq_printf(m, "machine\t\t: CHRP %s\n", model);
+ 
+ 	/* longtrail (goldengate) stuff */
+-	if (!strncmp(model, "IBM,LongTrail", 13)) {
++	if (model && !strncmp(model, "IBM,LongTrail", 13)) {
+ 		/* VLSI VAS96011/12 `Golden Gate 2' */
+ 		/* Memory banks */
+ 		sdramen = (in_le32((unsigned *)(gg2_pci_config_base+
+@@ -206,14 +206,20 @@ static void __init sio_fixup_irq(const c
+ static void __init sio_init(void)
+ {
+ 	struct device_node *root;
++	const char *model;
+ 
+-	if ((root = find_path_device("/")) &&
+-	    !strncmp(get_property(root, "model", NULL), "IBM,LongTrail", 13)) {
++	root = find_path_device("/");
++	if (!root)
++		return;
++
++	model = get_property(root, "model", NULL);
++	if (model && !strncmp(model, "IBM,LongTrail", 13)) {
+ 		/* logical device 0 (KBC/Keyboard) */
+ 		sio_fixup_irq("keyboard", 0, 1, 2);
+ 		/* select logical device 1 (KBC/Mouse) */
+ 		sio_fixup_irq("mouse", 1, 12, 2);
+ 	}
++
+ }
+ 
+ void pegasos_set_l2cr(void)

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1	Thu Feb 14 04:22:44 2008
@@ -16,3 +16,4 @@
 + hugetlb-prio_tree-unit-fix.dpatch
 + amd64-zero-extend-32bit-ptrace.dpatch
 + usb-pwc-disconnect-block.dpatch
++ powerpc-chrp-null-deref.dpatch

More information about the Kernel-svn-changes mailing list