[kernel] r13038 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all/CVE-2009-0029 patches/series
Dann Frazier
dannf at alioth.debian.org
Sun Mar 8 23:38:41 UTC 2009
Author: dannf
Date: Sun Mar 8 23:38:40 2009
New Revision: 13038
Log:
sparc64 changes for CVE-2009-0029
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/sparc64-use-syscall-wrappers.patch
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/sparc64-wrap-arch-specific-syscalls.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/13lenny2
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog (original)
+++ dists/lenny-security/linux-2.6/debian/changelog Sun Mar 8 23:38:40 2009
@@ -1,6 +1,6 @@
linux-2.6 (2.6.26-13lenny2) UNRELEASED; urgency=high
- * Additional mips fixes for CVE-2009-0029.
+ * mips, sparc64: Additional fixes for CVE-2009-0029.
* skfp: Fix inverted capabilities check logic (CVE-2009-0675)
* ext4: initialize the new group descriptor when resizing
(CVE-2009-0745)
@@ -9,7 +9,7 @@
* ext4: Add sanity checks for the superblock before mounting the filesystem
(CVE-2009-0748)
- -- dann frazier <dannf at debian.org> Sun, 08 Mar 2009 15:01:45 -0600
+ -- dann frazier <dannf at debian.org> Sun, 08 Mar 2009 17:01:48 -0600
linux-2.6 (2.6.26-13lenny1) stable-security; urgency=high
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/sparc64-use-syscall-wrappers.patch
==============================================================================
--- (empty file)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/sparc64-use-syscall-wrappers.patch Sun Mar 8 23:38:40 2009
@@ -0,0 +1,25 @@
+commit 67605d6812691bbd2158d2f60259e0407611bc1b
+Author: Christian Borntraeger <borntraeger at de.ibm.com>
+Date: Mon Jan 19 20:21:49 2009 -0800
+
+ [CVE-2009-0029] sparc: Enable syscall wrappers for 64-bit
+
+ sparc64 needs sign-extended function parameters. We have to enable
+ the system call wrappers.
+
+ Signed-off-by: Christian Borntraeger <borntraeger at de.ibm.com>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN a/arch/sparc64/Kconfig b/arch/sparc64/Kconfig
+--- a/arch/sparc64/Kconfig 2008-07-13 15:51:29.000000000 -0600
++++ b/arch/sparc64/Kconfig 2009-03-08 16:19:57.000000000 -0600
+@@ -14,6 +14,7 @@ config SPARC64
+ select HAVE_IDE
+ select HAVE_LMB
+ select HAVE_ARCH_KGDB
++ select HAVE_SYSCALL_WRAPPERS
+
+ config GENERIC_TIME
+ bool
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/sparc64-wrap-arch-specific-syscalls.patch
==============================================================================
--- (empty file)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/sparc64-wrap-arch-specific-syscalls.patch Sun Mar 8 23:38:40 2009
@@ -0,0 +1,231 @@
+commit e42650196df34789c825fa83f8bb37a5d5e52c14
+Author: David S. Miller <davem at davemloft.net>
+Date: Mon Jan 19 21:11:27 2009 -0800
+
+ sparc64: Annotate sparc64 specific syscalls with SYSCALL_DEFINEx()
+
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN a/arch/sparc64/kernel/syscalls.S b/arch/sparc64/kernel/syscalls.S
+--- a/arch/sparc64/kernel/syscalls.S 2009-03-08 16:12:32.000000000 -0600
++++ b/arch/sparc64/kernel/syscalls.S 2009-03-08 16:27:44.000000000 -0600
+@@ -21,7 +21,7 @@ execve_merge:
+
+ .align 32
+ sys_sparc_pipe:
+- ba,pt %xcc, sparc_pipe
++ ba,pt %xcc, sys_sparc_pipe_real
+ add %sp, PTREGS_OFF, %o0
+ sys_nis_syscall:
+ ba,pt %xcc, c_sys_nis_syscall
+diff -urpN a/arch/sparc64/kernel/sys_sparc.c b/arch/sparc64/kernel/sys_sparc.c
+--- a/arch/sparc64/kernel/sys_sparc.c 2008-07-13 15:51:29.000000000 -0600
++++ b/arch/sparc64/kernel/sys_sparc.c 2009-03-08 16:27:01.000000000 -0600
+@@ -397,7 +397,7 @@ void arch_pick_mmap_layout(struct mm_str
+ }
+ }
+
+-asmlinkage unsigned long sparc_brk(unsigned long brk)
++SYSCALL_DEFINE1(sparc_brk, unsigned long, brk)
+ {
+ /* People could try to be nasty and use ta 0x6d in 32bit programs */
+ if (test_thread_flag(TIF_32BIT) && brk >= STACK_TOP32)
+@@ -413,7 +413,7 @@ asmlinkage unsigned long sparc_brk(unsig
+ * sys_pipe() is the normal C calling standard for creating
+ * a pipe. It's not the way unix traditionally does this, though.
+ */
+-asmlinkage long sparc_pipe(struct pt_regs *regs)
++SYSCALL_DEFINE1(sparc_pipe_real, struct pt_regs *, regs)
+ {
+ int fd[2];
+ int error;
+@@ -433,8 +433,8 @@ out:
+ * This is really horribly ugly.
+ */
+
+-asmlinkage long sys_ipc(unsigned int call, int first, unsigned long second,
+- unsigned long third, void __user *ptr, long fifth)
++SYSCALL_DEFINE6(ipc, unsigned int, call, int, first, unsigned long, second,
++ unsigned long, third, void __user *, ptr, long, fifth)
+ {
+ long err;
+
+@@ -517,7 +517,7 @@ out:
+ return err;
+ }
+
+-asmlinkage long sparc64_newuname(struct new_utsname __user *name)
++SYSCALL_DEFINE1(sparc64_newuname, struct new_utsname __user *, name)
+ {
+ int ret = sys_newuname(name);
+
+@@ -528,7 +528,7 @@ asmlinkage long sparc64_newuname(struct
+ return ret;
+ }
+
+-asmlinkage long sparc64_personality(unsigned long personality)
++SYSCALL_DEFINE1(sparc64_personality, unsigned long, personality)
+ {
+ int ret;
+
+@@ -562,9 +562,9 @@ int sparc64_mmap_check(unsigned long add
+ }
+
+ /* Linux version of mmap */
+-asmlinkage unsigned long sys_mmap(unsigned long addr, unsigned long len,
+- unsigned long prot, unsigned long flags, unsigned long fd,
+- unsigned long off)
++SYSCALL_DEFINE6(mmap, unsigned long, addr, unsigned long, len,
++ unsigned long, prot, unsigned long, flags, unsigned long, fd,
++ unsigned long, off)
+ {
+ struct file * file = NULL;
+ unsigned long retval = -EBADF;
+@@ -587,7 +587,7 @@ out:
+ return retval;
+ }
+
+-asmlinkage long sys64_munmap(unsigned long addr, size_t len)
++SYSCALL_DEFINE2(64_munmap, unsigned long, addr, size_t, len)
+ {
+ long ret;
+
+@@ -604,9 +604,9 @@ extern unsigned long do_mremap(unsigned
+ unsigned long old_len, unsigned long new_len,
+ unsigned long flags, unsigned long new_addr);
+
+-asmlinkage unsigned long sys64_mremap(unsigned long addr,
+- unsigned long old_len, unsigned long new_len,
+- unsigned long flags, unsigned long new_addr)
++SYSCALL_DEFINE5(64_mremap, unsigned long, addr, unsigned long, old_len,
++ unsigned long, new_len, unsigned long, flags,
++ unsigned long, new_addr)
+ {
+ unsigned long ret = -EINVAL;
+
+@@ -669,7 +669,7 @@ asmlinkage void sparc_breakpoint(struct
+
+ extern void check_pending(int signum);
+
+-asmlinkage long sys_getdomainname(char __user *name, int len)
++SYSCALL_DEFINE2(getdomainname, char __user *, name, int, len)
+ {
+ int nlen, err;
+
+@@ -692,11 +692,10 @@ out:
+ return err;
+ }
+
+-asmlinkage long sys_utrap_install(utrap_entry_t type,
+- utrap_handler_t new_p,
+- utrap_handler_t new_d,
+- utrap_handler_t __user *old_p,
+- utrap_handler_t __user *old_d)
++SYSCALL_DEFINE5(utrap_install, utrap_entry_t, type,
++ utrap_handler_t, new_p, utrap_handler_t, new_d,
++ utrap_handler_t __user *, old_p,
++ utrap_handler_t __user *, old_d)
+ {
+ if (type < UT_INSTRUCTION_EXCEPTION || type > UT_TRAP_INSTRUCTION_31)
+ return -EINVAL;
+@@ -762,11 +761,9 @@ asmlinkage long sparc_memory_ordering(un
+ return 0;
+ }
+
+-asmlinkage long sys_rt_sigaction(int sig,
+- const struct sigaction __user *act,
+- struct sigaction __user *oact,
+- void __user *restorer,
+- size_t sigsetsize)
++SYSCALL_DEFINE5(rt_sigaction, int, sig, const struct sigaction __user *, act,
++ struct sigaction __user *, oact, void __user *, restorer,
++ size_t, sigsetsize)
+ {
+ struct k_sigaction new_ka, old_ka;
+ int ret;
+@@ -806,7 +803,8 @@ asmlinkage void update_perfctrs(void)
+ reset_pic();
+ }
+
+-asmlinkage long sys_perfctr(int opcode, unsigned long arg0, unsigned long arg1, unsigned long arg2)
++SYSCALL_DEFINE4(perfctr, int, opcode, unsigned long, arg0,
++ unsigned long, arg1, unsigned long, arg2)
+ {
+ int err = 0;
+
+diff -urpN a/arch/sparc64/kernel/systbls.h b/arch/sparc64/kernel/systbls.h
+--- a/arch/sparc64/kernel/systbls.h 2008-07-13 15:51:29.000000000 -0600
++++ b/arch/sparc64/kernel/systbls.h 2009-03-08 16:33:16.000000000 -0600
+@@ -16,9 +16,6 @@ extern asmlinkage long sys_ipc(unsigned
+ void __user *ptr, long fifth);
+ extern asmlinkage long sparc64_newuname(struct new_utsname __user *name);
+ extern asmlinkage long sparc64_personality(unsigned long personality);
+-extern asmlinkage unsigned long sys_mmap(unsigned long addr, unsigned long len,
+- unsigned long prot, unsigned long flags,
+- unsigned long fd, unsigned long off);
+ extern asmlinkage long sys64_munmap(unsigned long addr, size_t len);
+ extern asmlinkage unsigned long sys64_mremap(unsigned long addr,
+ unsigned long old_len,
+diff -urpN a/arch/sparc64/kernel/systbls.S b/arch/sparc64/kernel/systbls.S
+--- a/arch/sparc64/kernel/systbls.S 2009-03-08 16:12:32.000000000 -0600
++++ b/arch/sparc64/kernel/systbls.S 2009-03-08 16:33:04.000000000 -0600
+@@ -21,7 +21,7 @@ sys_call_table32:
+ /*0*/ .word sys_restart_syscall, sys32_exit, sys_fork, sys_read, sys_write
+ /*5*/ .word sys32_open, sys_close, sys32_wait4, sys32_creat, sys_link
+ /*10*/ .word sys_unlink, sunos_execv, sys_chdir, sys32_chown16, sys32_mknod
+-/*15*/ .word sys_chmod, sys32_lchown16, sparc_brk, sys32_perfctr, sys32_lseek
++/*15*/ .word sys_chmod, sys32_lchown16, sys_sparc_brk, sys32_perfctr, sys32_lseek
+ /*20*/ .word sys_getpid, sys_capget, sys_capset, sys32_setuid16, sys32_getuid16
+ /*25*/ .word sys32_vmsplice, compat_sys_ptrace, sys_alarm, sys32_sigaltstack, sys32_pause
+ /*30*/ .word compat_sys_utime, sys_lchown, sys_fchown, sys32_access, sys32_nice
+@@ -55,8 +55,8 @@ sys_call_table32:
+ /*170*/ .word sys32_lsetxattr, sys32_fsetxattr, sys_getxattr, sys_lgetxattr, compat_sys_getdents
+ .word sys_setsid, sys_fchdir, sys32_fgetxattr, sys_listxattr, sys_llistxattr
+ /*180*/ .word sys32_flistxattr, sys_removexattr, sys_lremovexattr, compat_sys_sigpending, sys_ni_syscall
+- .word sys32_setpgid, sys32_fremovexattr, sys32_tkill, sys32_exit_group, sparc64_newuname
+-/*190*/ .word sys32_init_module, sparc64_personality, sys_remap_file_pages, sys32_epoll_create, sys32_epoll_ctl
++ .word sys32_setpgid, sys32_fremovexattr, sys32_tkill, sys32_exit_group, sys_sparc64_newuname
++/*190*/ .word sys32_init_module, sys_sparc64_personality, sys_remap_file_pages, sys32_epoll_create, sys32_epoll_ctl
+ .word sys32_epoll_wait, sys32_ioprio_set, sys_getppid, sys32_sigaction, sys_sgetmask
+ /*200*/ .word sys32_ssetmask, sys_sigsuspend, compat_sys_newlstat, sys_uselib, compat_sys_old_readdir
+ .word sys32_readahead, sys32_socketcall, sys32_syslog, sys32_lookup_dcookie, sys32_fadvise64
+@@ -94,7 +94,7 @@ sys_call_table:
+ /*0*/ .word sys_restart_syscall, sparc_exit, sys_fork, sys_read, sys_write
+ /*5*/ .word sys_open, sys_close, sys_wait4, sys_creat, sys_link
+ /*10*/ .word sys_unlink, sys_nis_syscall, sys_chdir, sys_chown, sys_mknod
+-/*15*/ .word sys_chmod, sys_lchown, sparc_brk, sys_perfctr, sys_lseek
++/*15*/ .word sys_chmod, sys_lchown, sys_sparc_brk, sys_perfctr, sys_lseek
+ /*20*/ .word sys_getpid, sys_capget, sys_capset, sys_setuid, sys_getuid
+ /*25*/ .word sys_vmsplice, sys_ptrace, sys_alarm, sys_sigaltstack, sys_nis_syscall
+ /*30*/ .word sys_utime, sys_nis_syscall, sys_nis_syscall, sys_access, sys_nice
+@@ -105,7 +105,7 @@ sys_call_table:
+ .word sys_reboot, sys_nis_syscall, sys_symlink, sys_readlink, sys_execve
+ /*60*/ .word sys_umask, sys_chroot, sys_newfstat, sys_fstat64, sys_getpagesize
+ .word sys_msync, sys_vfork, sys_pread64, sys_pwrite64, sys_nis_syscall
+-/*70*/ .word sys_nis_syscall, sys_mmap, sys_nis_syscall, sys64_munmap, sys_mprotect
++/*70*/ .word sys_nis_syscall, sys_mmap, sys_nis_syscall, sys_64_munmap, sys_mprotect
+ .word sys_madvise, sys_vhangup, sys_nis_syscall, sys_mincore, sys_getgroups
+ /*80*/ .word sys_setgroups, sys_getpgrp, sys_nis_syscall, sys_setitimer, sys_nis_syscall
+ .word sys_swapon, sys_getitimer, sys_nis_syscall, sys_sethostname, sys_nis_syscall
+@@ -128,8 +128,8 @@ sys_call_table:
+ /*170*/ .word sys_lsetxattr, sys_fsetxattr, sys_getxattr, sys_lgetxattr, sys_getdents
+ .word sys_setsid, sys_fchdir, sys_fgetxattr, sys_listxattr, sys_llistxattr
+ /*180*/ .word sys_flistxattr, sys_removexattr, sys_lremovexattr, sys_nis_syscall, sys_ni_syscall
+- .word sys_setpgid, sys_fremovexattr, sys_tkill, sys_exit_group, sparc64_newuname
+-/*190*/ .word sys_init_module, sparc64_personality, sys_remap_file_pages, sys_epoll_create, sys_epoll_ctl
++ .word sys_setpgid, sys_fremovexattr, sys_tkill, sys_exit_group, sys_sparc64_newuname
++/*190*/ .word sys_init_module, sys_sparc64_personality, sys_remap_file_pages, sys_epoll_create, sys_epoll_ctl
+ .word sys_epoll_wait, sys_ioprio_set, sys_getppid, sys_nis_syscall, sys_sgetmask
+ /*200*/ .word sys_ssetmask, sys_nis_syscall, sys_newlstat, sys_uselib, sys_nis_syscall
+ .word sys_readahead, sys_socketcall, sys_syslog, sys_lookup_dcookie, sys_fadvise64
+@@ -141,7 +141,7 @@ sys_call_table:
+ .word sys_fstatfs64, sys_llseek, sys_mlock, sys_munlock, sys_mlockall
+ /*240*/ .word sys_munlockall, sys_sched_setparam, sys_sched_getparam, sys_sched_setscheduler, sys_sched_getscheduler
+ .word sys_sched_yield, sys_sched_get_priority_max, sys_sched_get_priority_min, sys_sched_rr_get_interval, sys_nanosleep
+-/*250*/ .word sys64_mremap, sys_sysctl, sys_getsid, sys_fdatasync, sys_nfsservctl
++/*250*/ .word sys_64_mremap, sys_sysctl, sys_getsid, sys_fdatasync, sys_nfsservctl
+ .word sys_sync_file_range, sys_clock_settime, sys_clock_gettime, sys_clock_getres, sys_clock_nanosleep
+ /*260*/ .word sys_sched_getaffinity, sys_sched_setaffinity, sys_timer_settime, sys_timer_gettime, sys_timer_getoverrun
+ .word sys_timer_delete, sys_timer_create, sys_ni_syscall, sys_io_setup, sys_io_destroy
Modified: dists/lenny-security/linux-2.6/debian/patches/series/13lenny2
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/13lenny2 (original)
+++ dists/lenny-security/linux-2.6/debian/patches/series/13lenny2 Sun Mar 8 23:38:40 2009
@@ -7,3 +7,5 @@
+ bugfix/all/ext4-add-sanity-check-to-make_indexed_dir.patch
+ bugfix/all/ext4-only-use-i_size_high-for-regular-files.patch
+ bugfix/all/ext4-add-sanity-checks-for-the-superblock-before-mounting.patch
++ bugfix/all/CVE-2009-0029/sparc64-use-syscall-wrappers.patch
++ bugfix/all/CVE-2009-0029/sparc64-wrap-arch-specific-syscalls.patch
More information about the Kernel-svn-changes
mailing list