[kernel] r10153 - in dists/etch/linux-2.6.22/debian: . patches/bugfix patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Jan 21 00:13:16 UTC 2008
Author: dannf
Date: Mon Jan 21 00:13:16 2008
New Revision: 10153
Log:
* Add stable release 2.6.22.13
- wait_task_stopped: Check p->exit_state instead of TASK_TRACED
(CVE-2007-5500)
- TCP: Make sure write_queue_from does not begin with NULL ptr
(CVE-2007-5501)
Added:
dists/etch/linux-2.6.22/debian/patches/bugfix/2.6.22.13
Modified:
dists/etch/linux-2.6.22/debian/changelog
dists/etch/linux-2.6.22/debian/patches/series/1~etchnahalf.1
Modified: dists/etch/linux-2.6.22/debian/changelog
==============================================================================
--- dists/etch/linux-2.6.22/debian/changelog (original)
+++ dists/etch/linux-2.6.22/debian/changelog Mon Jan 21 00:13:16 2008
@@ -1,8 +1,13 @@
linux-2.6.22 (2.6.22-1~etchnahalf.1) UNRELEASED; urgency=low
* Create linux-2.6.22 package from linux-2.6_2.6.22-6, targeting etch
+ * Add stable release 2.6.22.13
+ - wait_task_stopped: Check p->exit_state instead of TASK_TRACED
+ (CVE-2007-5500)
+ - TCP: Make sure write_queue_from does not begin with NULL ptr
+ (CVE-2007-5501)
- -- dann frazier <dannf at debian.org> Thu, 17 Jan 2008 13:10:36 -0700
+ -- dann frazier <dannf at debian.org> Sun, 20 Jan 2008 16:58:43 -0700
linux-2.6 (2.6.22-6) unstable; urgency=low
Added: dists/etch/linux-2.6.22/debian/patches/bugfix/2.6.22.13
==============================================================================
--- (empty file)
+++ dists/etch/linux-2.6.22/debian/patches/bugfix/2.6.22.13 Mon Jan 21 00:13:16 2008
@@ -0,0 +1,37 @@
+diff --git a/kernel/exit.c b/kernel/exit.c
+index 5c8ecba..e3adc46 100644
+--- a/kernel/exit.c
++++ b/kernel/exit.c
+@@ -1336,8 +1336,7 @@ static int wait_task_stopped(struct task_struct *p, int delayed_group_leader,
+ int why = (p->ptrace & PT_PTRACED) ? CLD_TRAPPED : CLD_STOPPED;
+
+ exit_code = p->exit_code;
+- if (unlikely(!exit_code) ||
+- unlikely(p->state & TASK_TRACED))
++ if (unlikely(!exit_code) || unlikely(p->exit_state))
+ goto bail_ref;
+ return wait_noreap_copyout(p, pid, uid,
+ why, (exit_code << 8) | 0x7f,
+diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
+index e33fb3d..2e1d8e7 100644
+--- a/net/ipv4/tcp_input.c
++++ b/net/ipv4/tcp_input.c
+@@ -994,6 +994,9 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_
+ if (before(TCP_SKB_CB(ack_skb)->ack_seq, prior_snd_una - tp->max_window))
+ return 0;
+
++ if (!tp->packets_out)
++ goto out;
++
+ /* SACK fastpath:
+ * if the only SACK change is the increase of the end_seq of
+ * the first block then only apply that SACK block
+@@ -1262,6 +1265,8 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_
+ (!tp->frto_highmark || after(tp->snd_una, tp->frto_highmark)))
+ tcp_update_reordering(sk, ((tp->fackets_out + 1) - reord), 0);
+
++out:
++
+ #if FASTRETRANS_DEBUG > 0
+ BUG_TRAP((int)tp->sacked_out >= 0);
+ BUG_TRAP((int)tp->lost_out >= 0);
Modified: dists/etch/linux-2.6.22/debian/patches/series/1~etchnahalf.1
==============================================================================
--- dists/etch/linux-2.6.22/debian/patches/series/1~etchnahalf.1 (original)
+++ dists/etch/linux-2.6.22/debian/patches/series/1~etchnahalf.1 Mon Jan 21 00:13:16 2008
@@ -60,3 +60,4 @@
+ bugfix/2.6.22.11
- bugfix/all/fix-some-cases-of-missed-ipv6-dad.patch
+ bugfix/2.6.22.12-rc1
++ bugfix/2.6.22.13
More information about the Kernel-svn-changes
mailing list