[kernel] r10128 - in dists/etch-security/linux-2.6/debian: . patches/features/all/vserver
Dann Frazier
dannf at alioth.debian.org
Thu Jan 17 18:34:03 UTC 2008
Author: dannf
Date: Thu Jan 17 18:33:50 2008
New Revision: 10128
Log:
hack vs2.0.2.2-rc9.patch so it will apply on top of the fix for CVE-2008-0001
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/features/all/vserver/vs2.0.2.2-rc9.patch
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog (original)
+++ dists/etch-security/linux-2.6/debian/changelog Thu Jan 17 18:33:50 2008
@@ -5,7 +5,8 @@
See CVE-2007-6151
* bugfix/vfs-use-access-mode-flag.patch
[SECURITY] Use the access mode flag instead of the open flag when
- testing access mode for a directory.
+ testing access mode for a directory. Modify
+ features/all/vserver/vs2.0.2.2-rc9.patch to apply on top of this
See CVE-2008-0001
* bugfix/fat-move-ioctl-compat-code.patch, bugfix/fat-fix-compat-ioctls.patch
[SECURITY][ABI Changer] Fix kernel_dirent corruption in the compat layer
@@ -17,7 +18,7 @@
filesystem
See CVE-2007-4571
- -- dann frazier <dannf at debian.org> Tue, 15 Jan 2008 16:44:15 -0700
+ -- dann frazier <dannf at debian.org> Thu, 17 Jan 2008 11:31:48 -0700
linux-2.6 (2.6.18.dfsg.1-17) stable; urgency=high
Modified: dists/etch-security/linux-2.6/debian/patches/features/all/vserver/vs2.0.2.2-rc9.patch
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/features/all/vserver/vs2.0.2.2-rc9.patch (original)
+++ dists/etch-security/linux-2.6/debian/patches/features/all/vserver/vs2.0.2.2-rc9.patch Thu Jan 17 18:33:50 2008
@@ -4775,9 +4775,9 @@
return -EACCES;
flag &= ~O_TRUNC;
-- } else if (IS_RDONLY(inode) && (flag & FMODE_WRITE))
+- } else if (IS_RDONLY(inode) && (acc_mode & MAY_WRITE))
+ } else if ((IS_RDONLY(inode) || MNT_IS_RDONLY(nd->mnt))
-+ && (flag & FMODE_WRITE))
++ && (acc_mode & MAY_WRITE))
return -EROFS;
/*
* An append-only file must be opened in append mode for writing.
More information about the Kernel-svn-changes
mailing list