[kernel] r13819 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Mon Jun 15 04:05:18 UTC 2009 

Author: dannf
Date: Mon Jun 15 04:05:14 2009
New Revision: 13819

Log:
r8169: fix crash when large packets are received (CVE-2009-1389)

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch
      - copied, changed from r13809, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/24etch3

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	Sun Jun 14 14:13:36 2009	(r13818)
+++ dists/etch-security/linux-2.6/debian/changelog	Mon Jun 15 04:05:14 2009	(r13819)
@@ -1,6 +1,7 @@
 linux-2.6 (2.6.18.dfsg.1-24etch3) UNRELEASED; urgency=high
 
   * e1000: add missing length check to e1000 receive routine (CVE-2009-1385)
+  * r8169: fix crash when large packets are received (CVE-2009-1389)
 
  -- dann frazier <dannf at debian.org>  Sat, 06 Jun 2009 09:55:38 -0600
 

Copied and modified: dists/etch-security/linux-2.6/debian/patches/bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch (from r13809, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch)
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch	Sat Jun 13 23:11:56 2009	(r13809, copy source)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch	Mon Jun 15 04:05:14 2009	(r13819)
@@ -26,56 +26,25 @@
     Tested-by: Michael Tokarev <mjt at tls.msk.ru>
     Signed-off-by: David S. Miller <davem at davemloft.net>
 
-Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+Backported to Debian's 2.6.18 by dann frazier <dannf at debian.org>
 
-diff -urpN linux-source-2.6.26.orig/drivers/net/r8169.c linux-source-2.6.26/drivers/net/r8169.c
---- linux-source-2.6.26.orig/drivers/net/r8169.c	2009-05-11 12:06:52.000000000 -0600
-+++ linux-source-2.6.26/drivers/net/r8169.c	2009-06-09 08:44:34.000000000 -0600
-@@ -81,7 +81,6 @@ static const int multicast_filter_limit 
+diff -urpN linux-source-2.6.18.orig/drivers/net/r8169.c linux-source-2.6.18/drivers/net/r8169.c
+--- linux-source-2.6.18.orig/drivers/net/r8169.c	2008-12-25 14:04:13.000000000 -0700
++++ linux-source-2.6.18/drivers/net/r8169.c	2009-06-14 19:12:19.000000000 -0600
+@@ -126,7 +126,6 @@ static const int multicast_filter_limit 
  #define RX_DMA_BURST	6	/* Maximum PCI burst, '6' is 1024 */
  #define TX_DMA_BURST	6	/* Maximum PCI burst, '6' is 1024 */
- #define EarlyTxThld	0x3F	/* 0x3F means NO early transmit */
+ #define EarlyTxThld 	0x3F	/* 0x3F means NO early transmit */
 -#define RxPacketMaxSize	0x3FE8	/* 16K - 1 - ETH_HLEN - VLAN - CRC... */
  #define SafeMtu		0x1c20	/* ... actually life sucks beyond ~7k */
  #define InterFrameGap	0x03	/* 3 means InterFrameGap = the shortest one */
  
-@@ -1982,10 +1981,10 @@ static u16 rtl_rw_cpluscmd(void __iomem 
- 	return cmd;
- }
+@@ -1875,7 +1874,7 @@ static void rtl8169_hw_start(struct net_
+ 	RTL_W8(EarlyTxThres, EarlyTxThld);
  
--static void rtl_set_rx_max_size(void __iomem *ioaddr)
-+static void rtl_set_rx_max_size(void __iomem *ioaddr, unsigned int rx_buf_sz)
- {
  	/* Low hurts. Let's disable the filtering. */
 -	RTL_W16(RxMaxSize, 16383);
-+	RTL_W16(RxMaxSize, rx_buf_sz);
- }
- 
- static void rtl8169_set_magic_reg(void __iomem *ioaddr, unsigned mac_version)
-@@ -2032,7 +2031,7 @@ static void rtl_hw_start_8169(struct net
- 
- 	RTL_W8(EarlyTxThres, EarlyTxThld);
- 
--	rtl_set_rx_max_size(ioaddr);
-+	rtl_set_rx_max_size(ioaddr, tp->rx_buf_sz);
++	RTL_W16(RxMaxSize, tp->rx_buf_sz);
  
  	if ((tp->mac_version == RTL_GIGA_MAC_VER_01) ||
  	    (tp->mac_version == RTL_GIGA_MAC_VER_02) ||
-@@ -2096,7 +2095,7 @@ static void rtl_hw_start_8168(struct net
- 
- 	RTL_W8(EarlyTxThres, EarlyTxThld);
- 
--	rtl_set_rx_max_size(ioaddr);
-+	rtl_set_rx_max_size(ioaddr, tp->rx_buf_sz);
- 
- 	rtl_set_rx_tx_config_registers(tp);
- 
-@@ -2150,7 +2149,7 @@ static void rtl_hw_start_8101(struct net
- 
- 	RTL_W8(EarlyTxThres, EarlyTxThld);
- 
--	rtl_set_rx_max_size(ioaddr);
-+	rtl_set_rx_max_size(ioaddr, tp->rx_buf_sz);
- 
- 	tp->cp_cmd |= rtl_rw_cpluscmd(ioaddr) | PCIMulRW;
- 

Modified: dists/etch-security/linux-2.6/debian/patches/series/24etch3
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/24etch3	Sun Jun 14 14:13:36 2009	(r13818)
+++ dists/etch-security/linux-2.6/debian/patches/series/24etch3	Mon Jun 15 04:05:14 2009	(r13819)
@@ -1 +1,2 @@
 + bugfix/all/e1000-add-missing-length-check-to-e1000-receive-routine.patch
++ bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch

More information about the Kernel-svn-changes mailing list