[kernel] r12571 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series

Wed Jan 14 05:09:25 UTC 2009

Author: dannf
Date: Wed Jan 14 05:09:14 2009
New Revision: 12571

Log:
* sctp: Fix memory overflow (CVE-2009-0065)
* nfs: Fix fcntl/close race (CVE-2008-4307)

Added:
   dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch
Modified:
   dists/etch-security/linux-2.6.24/debian/changelog
   dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.7etch1

Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================

--- dists/etch-security/linux-2.6.24/debian/changelog	(original)
+++ dists/etch-security/linux-2.6.24/debian/changelog	Wed Jan 14 05:09:14 2009
@@ -5,9 +5,10 @@
   * Fix buffer underflow in the ib700wdt watchdog driver (CVE-2008-5702)
   * Set a minimum timeout for SG_IO requests (CVE-2008-5700)
   * [mips] Fix potential DOS by untrusted user app (CVE-2008-5701)
-  * sctp: fix memory overflow (CVE-2009-0065)
+  * sctp: Fix memory overflow (CVE-2009-0065)
+  * nfs: Fix fcntl/close race (CVE-2008-4307)
 
- -- dann frazier <dannf at debian.org>  Mon, 12 Jan 2009 23:01:24 -0700
+ -- dann frazier <dannf at debian.org>  Tue, 13 Jan 2009 21:56:46 -0700
 
 linux-2.6.24 (2.6.24-6~etchnhalf.7) stable-security; urgency=high
 

Added: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch	Wed Jan 14 05:09:14 2009
@@ -0,0 +1,36 @@
+commit c4d7c402b788b73dc24f1e54a57f89d3dc5eb7bc
+Author: Trond Myklebust <Trond.Myklebust at netapp.com>
+Date:   Tue Apr 1 20:26:52 2008 -0400
+
+    NFS: Remove the buggy lock-if-signalled case from do_setlk()
+    
+    Both NLM and NFSv4 should be able to clean up adequately in the case where
+    the user interrupts the RPC call...
+    
+    Signed-off-by: Trond Myklebust <Trond.Myklebust at netapp.com>
+
+Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.24.orig/fs/nfs/file.c linux-source-2.6.24/fs/nfs/file.c
+--- linux-source-2.6.24.orig/fs/nfs/file.c	2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/fs/nfs/file.c	2009-01-13 21:52:35.000000000 -0700
+@@ -578,17 +578,9 @@ static int do_setlk(struct file *filp, i
+ 
+ 	lock_kernel();
+ 	/* Use local locking if mounted with "-onolock" */
+-	if (!(NFS_SERVER(inode)->flags & NFS_MOUNT_NONLM)) {
++	if (!(NFS_SERVER(inode)->flags & NFS_MOUNT_NONLM))
+ 		status = NFS_PROTO(inode)->lock(filp, cmd, fl);
+-		/* If we were signalled we still need to ensure that
+-		 * we clean up any state on the server. We therefore
+-		 * record the lock call as having succeeded in order to
+-		 * ensure that locks_remove_posix() cleans it out when
+-		 * the process exits.
+-		 */
+-		if (status == -EINTR || status == -ERESTARTSYS)
+-			do_vfs_lock(filp, fl);
+-	} else
++	else
+ 		status = do_vfs_lock(filp, fl);
+ 	unlock_kernel();
+ 	if (status < 0)

Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.7etch1
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.7etch1	(original)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.7etch1	Wed Jan 14 05:09:14 2009
@@ -3,3 +3,4 @@
 + bugfix/all/enforce-minimum-SG_IO-timeout.patch
 + bugfix/mips/fix-potential-dos.patch
 + bugfix/all/sctp-avoid-memory-overflow.patch
++ bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch

