[kernel] r14105 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Fri Aug 14 20:46:54 UTC 2009 

Author: dannf
Date: Fri Aug 14 20:46:52 2009
New Revision: 14105

Log:
Make sock_sendpage() use kernel_sendpage() (CVE-2009-2692)

Added:
   dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/make-sock_sendpage-use-kernel_sendpage.patch
      - copied unchanged from r14104, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/make-sock_sendpage-use-kernel_sendpage.patch
   dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch3
Modified:
   dists/etch-security/linux-2.6.24/debian/changelog

Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog	Fri Aug 14 18:41:01 2009	(r14104)
+++ dists/etch-security/linux-2.6.24/debian/changelog	Fri Aug 14 20:46:52 2009	(r14105)
@@ -1,3 +1,9 @@
+linux-2.6.24 (2.6.24-6~etchnhalf.8etch3) UNRELEASED; urgency=high
+
+  * Make sock_sendpage() use kernel_sendpage() (CVE-2009-2692)
+
+ -- dann frazier <dannf at debian.org>  Fri, 14 Aug 2009 14:28:13 -0600
+
 linux-2.6.24 (2.6.24-6~etchnhalf.8etch2) oldstable-security; urgency=high
 
   * e1000: add missing length check to e1000 receive routine (CVE-2009-1385)

Copied: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/make-sock_sendpage-use-kernel_sendpage.patch (from r14104, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/make-sock_sendpage-use-kernel_sendpage.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/make-sock_sendpage-use-kernel_sendpage.patch	Fri Aug 14 20:46:52 2009	(r14105, copy of r14104, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/make-sock_sendpage-use-kernel_sendpage.patch)
@@ -0,0 +1,34 @@
+commit e694958388c50148389b0e9b9e9e8945cf0f1b98
+Author: Linus Torvalds <torvalds at linux-foundation.org>
+Date:   Thu Aug 13 08:28:36 2009 -0700
+
+    Make sock_sendpage() use kernel_sendpage()
+    
+    kernel_sendpage() does the proper default case handling for when the
+    socket doesn't have a native sendpage implementation.
+    
+    Now, arguably this might be something that we could instead solve by
+    just specifying that all protocols should do it themselves at the
+    protocol level, but we really only care about the common protocols.
+    Does anybody really care about sendpage on something like Appletalk? Not
+    likely.
+    
+    Acked-by: David S. Miller <davem at davemloft.net>
+    Acked-by: Julien TINNES <julien at cr0.org>
+    Acked-by: Tavis Ormandy <taviso at sdf.lonestar.org>
+    Cc: stable at kernel.org
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/net/socket.c b/net/socket.c
+index 791d71a..6d47165 100644
+--- a/net/socket.c
++++ b/net/socket.c
+@@ -736,7 +736,7 @@ static ssize_t sock_sendpage(struct file *file, struct page *page,
+ 	if (more)
+ 		flags |= MSG_MORE;
+ 
+-	return sock->ops->sendpage(sock, page, offset, size, flags);
++	return kernel_sendpage(sock, page, offset, size, flags);
+ }
+ 
+ static ssize_t sock_splice_read(struct file *file, loff_t *ppos,

Added: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch3
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch3	Fri Aug 14 20:46:52 2009	(r14105)
@@ -0,0 +1 @@
++ bugfix/all/make-sock_sendpage-use-kernel_sendpage.patch

More information about the Kernel-svn-changes mailing list