[kernel] r13819 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Jun 15 04:05:18 UTC 2009
Author: dannf
Date: Mon Jun 15 04:05:14 2009
New Revision: 13819
Log:
r8169: fix crash when large packets are received (CVE-2009-1389)
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch
- copied, changed from r13809, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/series/24etch3
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog Sun Jun 14 14:13:36 2009 (r13818)
+++ dists/etch-security/linux-2.6/debian/changelog Mon Jun 15 04:05:14 2009 (r13819)
@@ -1,6 +1,7 @@
linux-2.6 (2.6.18.dfsg.1-24etch3) UNRELEASED; urgency=high
* e1000: add missing length check to e1000 receive routine (CVE-2009-1385)
+ * r8169: fix crash when large packets are received (CVE-2009-1389)
-- dann frazier <dannf at debian.org> Sat, 06 Jun 2009 09:55:38 -0600
Copied and modified: dists/etch-security/linux-2.6/debian/patches/bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch (from r13809, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch)
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch Sat Jun 13 23:11:56 2009 (r13809, copy source)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch Mon Jun 15 04:05:14 2009 (r13819)
@@ -26,56 +26,25 @@
Tested-by: Michael Tokarev <mjt at tls.msk.ru>
Signed-off-by: David S. Miller <davem at davemloft.net>
-Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+Backported to Debian's 2.6.18 by dann frazier <dannf at debian.org>
-diff -urpN linux-source-2.6.26.orig/drivers/net/r8169.c linux-source-2.6.26/drivers/net/r8169.c
---- linux-source-2.6.26.orig/drivers/net/r8169.c 2009-05-11 12:06:52.000000000 -0600
-+++ linux-source-2.6.26/drivers/net/r8169.c 2009-06-09 08:44:34.000000000 -0600
-@@ -81,7 +81,6 @@ static const int multicast_filter_limit
+diff -urpN linux-source-2.6.18.orig/drivers/net/r8169.c linux-source-2.6.18/drivers/net/r8169.c
+--- linux-source-2.6.18.orig/drivers/net/r8169.c 2008-12-25 14:04:13.000000000 -0700
++++ linux-source-2.6.18/drivers/net/r8169.c 2009-06-14 19:12:19.000000000 -0600
+@@ -126,7 +126,6 @@ static const int multicast_filter_limit
#define RX_DMA_BURST 6 /* Maximum PCI burst, '6' is 1024 */
#define TX_DMA_BURST 6 /* Maximum PCI burst, '6' is 1024 */
- #define EarlyTxThld 0x3F /* 0x3F means NO early transmit */
+ #define EarlyTxThld 0x3F /* 0x3F means NO early transmit */
-#define RxPacketMaxSize 0x3FE8 /* 16K - 1 - ETH_HLEN - VLAN - CRC... */
#define SafeMtu 0x1c20 /* ... actually life sucks beyond ~7k */
#define InterFrameGap 0x03 /* 3 means InterFrameGap = the shortest one */
-@@ -1982,10 +1981,10 @@ static u16 rtl_rw_cpluscmd(void __iomem
- return cmd;
- }
+@@ -1875,7 +1874,7 @@ static void rtl8169_hw_start(struct net_
+ RTL_W8(EarlyTxThres, EarlyTxThld);
--static void rtl_set_rx_max_size(void __iomem *ioaddr)
-+static void rtl_set_rx_max_size(void __iomem *ioaddr, unsigned int rx_buf_sz)
- {
/* Low hurts. Let's disable the filtering. */
- RTL_W16(RxMaxSize, 16383);
-+ RTL_W16(RxMaxSize, rx_buf_sz);
- }
-
- static void rtl8169_set_magic_reg(void __iomem *ioaddr, unsigned mac_version)
-@@ -2032,7 +2031,7 @@ static void rtl_hw_start_8169(struct net
-
- RTL_W8(EarlyTxThres, EarlyTxThld);
-
-- rtl_set_rx_max_size(ioaddr);
-+ rtl_set_rx_max_size(ioaddr, tp->rx_buf_sz);
++ RTL_W16(RxMaxSize, tp->rx_buf_sz);
if ((tp->mac_version == RTL_GIGA_MAC_VER_01) ||
(tp->mac_version == RTL_GIGA_MAC_VER_02) ||
-@@ -2096,7 +2095,7 @@ static void rtl_hw_start_8168(struct net
-
- RTL_W8(EarlyTxThres, EarlyTxThld);
-
-- rtl_set_rx_max_size(ioaddr);
-+ rtl_set_rx_max_size(ioaddr, tp->rx_buf_sz);
-
- rtl_set_rx_tx_config_registers(tp);
-
-@@ -2150,7 +2149,7 @@ static void rtl_hw_start_8101(struct net
-
- RTL_W8(EarlyTxThres, EarlyTxThld);
-
-- rtl_set_rx_max_size(ioaddr);
-+ rtl_set_rx_max_size(ioaddr, tp->rx_buf_sz);
-
- tp->cp_cmd |= rtl_rw_cpluscmd(ioaddr) | PCIMulRW;
-
Modified: dists/etch-security/linux-2.6/debian/patches/series/24etch3
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/24etch3 Sun Jun 14 14:13:36 2009 (r13818)
+++ dists/etch-security/linux-2.6/debian/patches/series/24etch3 Mon Jun 15 04:05:14 2009 (r13819)
@@ -1 +1,2 @@
+ bugfix/all/e1000-add-missing-length-check-to-e1000-receive-routine.patch
++ bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch
More information about the Kernel-svn-changes
mailing list