[kernel] r14573 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series

[Dann Frazier]

Author: dannf
Date: Thu Nov  5 03:08:44 2009
New Revision: 14573

Log:
random: make get_random_int() more random (CVE-2009-3238)

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/all/random-make-get_random_int-more-random.patch
      - copied, changed from r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/random-make-get_random_int-more-random.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/26etch1

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	Thu Nov  5 02:47:04 2009	(r14572)
+++ dists/etch-security/linux-2.6/debian/changelog	Thu Nov  5 03:08:44 2009	(r14573)
@@ -6,6 +6,7 @@
   * net: fix information leak due to uninitialized structures in
     getname functions (CVE-2009-3002)
   * tc: Fix uninitialized kernel memory leak (CVE-2009-3228)
+  * random: make get_random_int() more random (CVE-2009-3238)
 
  -- dann frazier <dannf at debian.org>  Tue, 15 Sep 2009 22:19:58 -0600
 

Copied and modified: dists/etch-security/linux-2.6/debian/patches/bugfix/all/random-make-get_random_int-more-random.patch (from r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/random-make-get_random_int-more-random.patch)
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/random-make-get_random_int-more-random.patch	Thu Nov  5 01:54:49 2009	(r14564, copy source)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/random-make-get_random_int-more-random.patch	Thu Nov  5 03:08:44 2009	(r14573)
@@ -31,15 +31,21 @@
     Signed-off-by: Ingo Molnar <mingo at elte.hu>
     Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
 
-diff --git a/drivers/char/random.c b/drivers/char/random.c
-index f824ef8..b2ced39 100644
---- a/drivers/char/random.c
-+++ b/drivers/char/random.c
-@@ -1665,15 +1665,20 @@ EXPORT_SYMBOL(secure_dccp_sequence_number);
-  * value is not cryptographically secure but for several uses the cost of
-  * depleting entropy is too high
-  */
+Backported to Debian's 2.6.18 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.18.orig/drivers/char/random.c linux-source-2.6.18/drivers/char/random.c
+--- linux-source-2.6.18.orig/drivers/char/random.c	2009-08-15 12:05:11.000000000 -0600
++++ linux-source-2.6.18/drivers/char/random.c	2009-11-04 19:47:12.000000000 -0700
+@@ -1636,6 +1636,7 @@ EXPORT_SYMBOL(secure_dccp_sequence_numbe
+ #endif /* CONFIG_INET */
+ 
+ 
 +DEFINE_PER_CPU(__u32 [4], get_random_int_hash);
+ /*
+  * Get a random word for internal kernel use only. Similar to urandom but
+  * with the goal of minimal entropy pool depletion. As a result, the random
+@@ -1644,13 +1645,17 @@ EXPORT_SYMBOL(secure_dccp_sequence_numbe
+  */
  unsigned int get_random_int(void)
  {
 -	/*
@@ -48,7 +54,7 @@
 -	 * drain on it), and uses halfMD4Transform within the second. We
 -	 * also mix it with jiffies and the PID:
 -	 */
--	return secure_ip_id((__force __be32)(current->pid + jiffies));
+-	return secure_ip_id(current->pid + jiffies);
 +	struct keydata *keyptr;
 +	__u32 *hash = get_cpu_var(get_random_int_hash);
 +	int ret;

Modified: dists/etch-security/linux-2.6/debian/patches/series/26etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/26etch1	Thu Nov  5 02:47:04 2009	(r14572)
+++ dists/etch-security/linux-2.6/debian/patches/series/26etch1	Thu Nov  5 03:08:44 2009	(r14573)
@@ -6,3 +6,4 @@
 + bugfix/all/econet-fix-econet_getname-leak.patch
 + bugfix/all/netrom-fix-nr_getname-leak.patch
 + bugfix/all/tc-fix-pad-leak.patch
++ bugfix/all/random-make-get_random_int-more-random.patch