[kernel] r12879 - in dists/etch-security/linux-2.6/debian/patches: bugfix/all/CVE-2009-0029 series

Dann Frazier dannf at alioth.debian.org
Fri Feb 20 06:22:56 UTC 2009 

Author: dannf
Date: Fri Feb 20 06:22:55 2009
New Revision: 12879

Log:
add some Kconfig infrastructure to define the HAVE_SYSCALL_WRAPPERS config option

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0007pre1-create-arch-kconfig.patch   (contents, props changed)
Modified:
   dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0007-System-call-wrapper-infrastructure.patch
   dists/etch-security/linux-2.6/debian/patches/series/24etch1

Modified: dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0007-System-call-wrapper-infrastructure.patch
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0007-System-call-wrapper-infrastructure.patch	(original)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0007-System-call-wrapper-infrastructure.patch	Fri Feb 20 06:22:55 2009
@@ -95,3 +95,13 @@
  asmlinkage long sys_time(time_t __user *tloc);
  asmlinkage long sys_stime(time_t __user *tptr);
  asmlinkage long sys_gettimeofday(struct timeval __user *tv,
+diff -urpN linux-source-2.6.24.orig/arch/Kconfig linux-source-2.6.24/arch/Kconfig
+--- linux-source-2.6.24.orig/arch/Kconfig	2009-02-16 14:02:39.000000000 -0700
++++ linux-source-2.6.24/arch/Kconfig	2009-02-16 14:03:15.000000000 -0700
+@@ -1,3 +1,6 @@
+ #
+ # General architecture dependent options
+ #
++
++config HAVE_SYSCALL_WRAPPERS
++	bool

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0007pre1-create-arch-kconfig.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0007pre1-create-arch-kconfig.patch	Fri Feb 20 06:22:55 2009
@@ -0,0 +1,118 @@
+commit fb32e03fdc170251a381449a8d9b82cf7e811a6f
+Author: Mathieu Desnoyers <mathieu.desnoyers at polymtl.ca>
+Date:   Sat Feb 2 15:10:33 2008 -0500
+
+    Create arch/Kconfig
+    
+    Puts the content of arch/Kconfig in the "General setup" menu.
+    
+    Linus:
+    
+    > Should it come with a re-duplication of it's content into each
+    > architecture, which was the case previously ? The oprofile and kprobes
+    > menu entries were litteraly cut and pasted from one architecture to
+    > another. Should we put its content in init/Kconfig then ?
+    
+    I don't think it's a good idea to go back to making it per-architecture,
+    although that extensive "depends on <list-of-archiectures-here>" might
+    indicate that there certainly is room for cleanup there.
+    
+    And I don't think it's wrong keeping it in kernel/Kconfig.xyz per se, I
+    just think it's wrong to (a) lump the code together when it really doesn't
+    necessarily need to and (b) show it to users as some kind of choice that
+    is tied together (whether it then has common code or not).
+    
+    On the per-architecture side, I do think it would be better to *not* have
+    internal architecture knowledge in a generic file, and as such a line like
+    
+            depends on X86_32 || IA64 || PPC || S390 || SPARC64 || X86_64 || AVR32
+    
+    really shouldn't exist in a file like kernel/Kconfig.instrumentation.
+    
+    It would be much better to do
+    
+            depends on ARCH_SUPPORTS_KPROBES
+    
+    in that generic file, and then architectures that do support it would just
+    have a
+    
+            bool ARCH_SUPPORTS_KPROBES
+                    default y
+    
+    in *their* architecture files. That would seem to be much more logical,
+    and is readable both for arch maintainers *and* for people who have no
+    clue - and don't care - about which architecture is supposed to support
+    which interface...
+    
+    Sam Ravnborg:
+    
+    Stuff it into a new file: arch/Kconfig
+    We can then extend this file to include all the 'trailing'
+    Kconfig things that are anyway equal for all ARCHs.
+    
+    But it should be kept clean - so if we introduce such a file
+    then we should use ARCH_HAS_whatever in the arch specific Kconfig
+    files to enable stuff that is not shared.
+    
+    [...]
+    
+    The above suggestion is actually not exactly the best way to do it...
+    First the naming..
+    A quick grep shows following usage today (in Kconfig files)
+    ARCH_HAS        51
+    ARCH_SUPPORTS   4
+    HAVE_ARCH       7
+    
+    ARCH_HAS is the clear winner.
+    
+    In the common Kconfig file do:
+    
+    config FOO
+            depends on ARCH_HAS_FOO
+            bool "bla bla"
+    
+    config ARCH_HAS_FOO
+            def_bool n
+    
+    In the arch specific Kconfig file in a suitable place do:
+    
+    config SUITABLE_OPTION
+            select ARCH_HAS_FOO
+    
+    The naming of ARCH_HAS_ is fixed and shall be:
+    ARCH_HAS_<config option it will enable>
+    
+    Only a single line added pr. architecture.
+    And we will end up with a (maybe even commented) list of trivial selects.
+    
+    - Yet another update :
+    
+    Moving to HAVE_* now.
+    
+    Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at polymtl.ca>
+    Cc: Jeff Dike <jdike at addtoit.com>
+    Cc: David Howells <dhowells at redhat.com>
+    Cc: Ananth N Mavinakayanahalli <ananth at in.ibm.com>
+    Signed-off-by: Sam Ravnborg <sam at ravnborg.org>
+
+Adjusted to apply to Debian's 2.6.18 by dann frazier <dannf at hp.com>
+
+diff -urpN linux-source-2.6.18.orig/arch/Kconfig linux-source-2.6.18/arch/Kconfig
+--- linux-source-2.6.18.orig/arch/Kconfig	1969-12-31 17:00:00.000000000 -0700
++++ linux-source-2.6.18/arch/Kconfig	2009-02-16 14:07:36.000000000 -0700
+@@ -0,0 +1,3 @@
++#
++# General architecture dependent options
++#
+diff -urpN linux-source-2.6.18.orig/init/Kconfig linux-source-2.6.18/init/Kconfig
+--- linux-source-2.6.18.orig/init/Kconfig	2008-12-25 14:04:12.000000000 -0700
++++ linux-source-2.6.18/init/Kconfig	2009-02-16 14:07:36.000000000 -0700
+@@ -409,6 +409,8 @@ config VM_EVENT_COUNTERS
+ 	  option allows the disabling of the VM event counters.
+ 	  /proc/vmstat will only show page counts.
+ 
++source "arch/Kconfig"
++
+ endmenu		# General setup
+ 
+ config RT_MUTEXES

Modified: dists/etch-security/linux-2.6/debian/patches/series/24etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/24etch1	(original)
+++ dists/etch-security/linux-2.6/debian/patches/series/24etch1	Fri Feb 20 06:22:55 2009
@@ -10,6 +10,7 @@
 + bugfix/all/CVE-2009-0029/0004-Remove-__attribute__-weak-from-sy.patch
 + bugfix/all/CVE-2009-0029/0005-Make-sys_pselect7-static.patch
 + bugfix/all/CVE-2009-0029/0006-Make-sys_syslog-a-conditional-system.patch
++ bugfix/all/CVE-2009-0029/0007pre1-create-arch-kconfig.patch
 + bugfix/all/CVE-2009-0029/0007-System-call-wrapper-infrastructure.patch
 + bugfix/all/CVE-2009-0029/0008-powerpc-Enable-syscall-wrappers-for.patch
 + bugfix/all/CVE-2009-0029/0009-s390-enable-system-call-wrappers.patch

More information about the Kernel-svn-changes mailing list