[kernel] r14573 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Thu Nov 5 03:08:46 UTC 2009
Author: dannf
Date: Thu Nov 5 03:08:44 2009
New Revision: 14573
Log:
random: make get_random_int() more random (CVE-2009-3238)
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/all/random-make-get_random_int-more-random.patch
- copied, changed from r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/random-make-get_random_int-more-random.patch
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/series/26etch1
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog Thu Nov 5 02:47:04 2009 (r14572)
+++ dists/etch-security/linux-2.6/debian/changelog Thu Nov 5 03:08:44 2009 (r14573)
@@ -6,6 +6,7 @@
* net: fix information leak due to uninitialized structures in
getname functions (CVE-2009-3002)
* tc: Fix uninitialized kernel memory leak (CVE-2009-3228)
+ * random: make get_random_int() more random (CVE-2009-3238)
-- dann frazier <dannf at debian.org> Tue, 15 Sep 2009 22:19:58 -0600
Copied and modified: dists/etch-security/linux-2.6/debian/patches/bugfix/all/random-make-get_random_int-more-random.patch (from r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/random-make-get_random_int-more-random.patch)
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/random-make-get_random_int-more-random.patch Thu Nov 5 01:54:49 2009 (r14564, copy source)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/random-make-get_random_int-more-random.patch Thu Nov 5 03:08:44 2009 (r14573)
@@ -31,15 +31,21 @@
Signed-off-by: Ingo Molnar <mingo at elte.hu>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
-diff --git a/drivers/char/random.c b/drivers/char/random.c
-index f824ef8..b2ced39 100644
---- a/drivers/char/random.c
-+++ b/drivers/char/random.c
-@@ -1665,15 +1665,20 @@ EXPORT_SYMBOL(secure_dccp_sequence_number);
- * value is not cryptographically secure but for several uses the cost of
- * depleting entropy is too high
- */
+Backported to Debian's 2.6.18 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.18.orig/drivers/char/random.c linux-source-2.6.18/drivers/char/random.c
+--- linux-source-2.6.18.orig/drivers/char/random.c 2009-08-15 12:05:11.000000000 -0600
++++ linux-source-2.6.18/drivers/char/random.c 2009-11-04 19:47:12.000000000 -0700
+@@ -1636,6 +1636,7 @@ EXPORT_SYMBOL(secure_dccp_sequence_numbe
+ #endif /* CONFIG_INET */
+
+
+DEFINE_PER_CPU(__u32 [4], get_random_int_hash);
+ /*
+ * Get a random word for internal kernel use only. Similar to urandom but
+ * with the goal of minimal entropy pool depletion. As a result, the random
+@@ -1644,13 +1645,17 @@ EXPORT_SYMBOL(secure_dccp_sequence_numbe
+ */
unsigned int get_random_int(void)
{
- /*
@@ -48,7 +54,7 @@
- * drain on it), and uses halfMD4Transform within the second. We
- * also mix it with jiffies and the PID:
- */
-- return secure_ip_id((__force __be32)(current->pid + jiffies));
+- return secure_ip_id(current->pid + jiffies);
+ struct keydata *keyptr;
+ __u32 *hash = get_cpu_var(get_random_int_hash);
+ int ret;
Modified: dists/etch-security/linux-2.6/debian/patches/series/26etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/26etch1 Thu Nov 5 02:47:04 2009 (r14572)
+++ dists/etch-security/linux-2.6/debian/patches/series/26etch1 Thu Nov 5 03:08:44 2009 (r14573)
@@ -6,3 +6,4 @@
+ bugfix/all/econet-fix-econet_getname-leak.patch
+ bugfix/all/netrom-fix-nr_getname-leak.patch
+ bugfix/all/tc-fix-pad-leak.patch
++ bugfix/all/random-make-get_random_int-more-random.patch
More information about the Kernel-svn-changes
mailing list