[kernel] r10128 - in dists/etch-security/linux-2.6/debian: . patches/features/all/vserver

Dann Frazier dannf at alioth.debian.org
Thu Jan 17 18:34:03 UTC 2008 

Author: dannf
Date: Thu Jan 17 18:33:50 2008
New Revision: 10128

Log:
hack vs2.0.2.2-rc9.patch so it will apply on top of the fix for CVE-2008-0001

Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/features/all/vserver/vs2.0.2.2-rc9.patch

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	(original)
+++ dists/etch-security/linux-2.6/debian/changelog	Thu Jan 17 18:33:50 2008
@@ -5,7 +5,8 @@
     See CVE-2007-6151
   * bugfix/vfs-use-access-mode-flag.patch
     [SECURITY] Use the access mode flag instead of the open flag when
-    testing access mode for a directory.
+    testing access mode for a directory. Modify
+    features/all/vserver/vs2.0.2.2-rc9.patch to apply on top of this
     See CVE-2008-0001
   * bugfix/fat-move-ioctl-compat-code.patch, bugfix/fat-fix-compat-ioctls.patch
     [SECURITY][ABI Changer] Fix kernel_dirent corruption in the compat layer
@@ -17,7 +18,7 @@
     filesystem
     See CVE-2007-4571
 
- -- dann frazier <dannf at debian.org>  Tue, 15 Jan 2008 16:44:15 -0700
+ -- dann frazier <dannf at debian.org>  Thu, 17 Jan 2008 11:31:48 -0700
 
 linux-2.6 (2.6.18.dfsg.1-17) stable; urgency=high
 

Modified: dists/etch-security/linux-2.6/debian/patches/features/all/vserver/vs2.0.2.2-rc9.patch
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/features/all/vserver/vs2.0.2.2-rc9.patch	(original)
+++ dists/etch-security/linux-2.6/debian/patches/features/all/vserver/vs2.0.2.2-rc9.patch	Thu Jan 17 18:33:50 2008
@@ -4775,9 +4775,9 @@
  			return -EACCES;
  
  		flag &= ~O_TRUNC;
--	} else if (IS_RDONLY(inode) && (flag & FMODE_WRITE))
+-	} else if (IS_RDONLY(inode) && (acc_mode & MAY_WRITE))
 +	} else if ((IS_RDONLY(inode) || MNT_IS_RDONLY(nd->mnt))
-+		&& (flag & FMODE_WRITE))
++		&& (acc_mode & MAY_WRITE))
  		return -EROFS;
  	/*
  	 * An append-only file must be opened in append mode for writing.

More information about the Kernel-svn-changes mailing list