[kernel] r14485 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Wed Oct 28 06:04:02 UTC 2009 

Author: dannf
Date: Wed Oct 28 06:03:58 2009
New Revision: 14485

Log:
eCryptfs: Prevent lower dentry from going negative during unlink
(CVE-2009-2908)

Added:
   dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/ecryptfs-prevent-lower-dentry-from-going-negative-during-unlink.patch
      - copied, changed from r14470, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ecryptfs-prevent-lower-dentry-from-going-negative-during-unlink.patch
Modified:
   dists/etch-security/linux-2.6.24/debian/changelog
   dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4

Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog	Wed Oct 28 05:47:10 2009	(r14484)
+++ dists/etch-security/linux-2.6.24/debian/changelog	Wed Oct 28 06:03:58 2009	(r14485)
@@ -8,6 +8,8 @@
     attributes (CVE-2009-2849)
   * appletalk: Fix skb leak when ipddp interface is not loaded
     (CVE-2009-2903)
+  * eCryptfs: Prevent lower dentry from going negative during unlink
+    (CVE-2009-2908)
 
  -- dann frazier <dannf at debian.org>  Tue, 27 Oct 2009 22:41:25 -0600
 

Copied and modified: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/ecryptfs-prevent-lower-dentry-from-going-negative-during-unlink.patch (from r14470, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ecryptfs-prevent-lower-dentry-from-going-negative-during-unlink.patch)
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ecryptfs-prevent-lower-dentry-from-going-negative-during-unlink.patch	Wed Oct 28 01:27:56 2009	(r14470, copy source)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/ecryptfs-prevent-lower-dentry-from-going-negative-during-unlink.patch	Wed Oct 28 06:03:58 2009	(r14485)
@@ -30,23 +30,23 @@
     Cc: stable <stable at kernel.org>
     Signed-off-by: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
 
-Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org>
 
-diff -urpN linux-source-2.6.26.orig/fs/ecryptfs/inode.c linux-source-2.6.26/fs/ecryptfs/inode.c
---- linux-source-2.6.26.orig/fs/ecryptfs/inode.c	2009-08-18 23:15:12.000000000 -0600
-+++ linux-source-2.6.26/fs/ecryptfs/inode.c	2009-10-08 00:26:22.000000000 -0600
-@@ -422,6 +422,7 @@ static int ecryptfs_unlink(struct inode 
+diff -urpN linux-source-2.6.24.orig/fs/ecryptfs/inode.c linux-source-2.6.24/fs/ecryptfs/inode.c
+--- linux-source-2.6.24.orig/fs/ecryptfs/inode.c	2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/fs/ecryptfs/inode.c	2009-10-27 23:52:07.000000000 -0600
+@@ -428,6 +428,7 @@ static int ecryptfs_unlink(struct inode 
+ 	struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
  	struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir);
- 	struct dentry *lower_dir_dentry;
  
 +	dget(lower_dentry);
- 	lower_dir_dentry = lock_parent(lower_dentry);
+ 	lock_parent(lower_dentry);
  	rc = vfs_unlink(lower_dir_inode, lower_dentry);
  	if (rc) {
-@@ -435,6 +436,7 @@ static int ecryptfs_unlink(struct inode 
+@@ -441,6 +442,7 @@ static int ecryptfs_unlink(struct inode 
  	d_drop(dentry);
  out_unlock:
- 	unlock_dir(lower_dir_dentry);
+ 	unlock_parent(lower_dentry);
 +	dput(lower_dentry);
  	return rc;
  }

Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4	Wed Oct 28 05:47:10 2009	(r14484)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4	Wed Oct 28 06:03:58 2009	(r14485)
@@ -4,3 +4,4 @@
 + bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch
 + bugfix/all/appletalk-use-correct-returns-for-atalk_rcv.patch
 + bugfix/all/appletalk-fix-skb-leak-when-ipddp-interface-is-not-loaded.patch
++ bugfix/all/ecryptfs-prevent-lower-dentry-from-going-negative-during-unlink.patch

More information about the Kernel-svn-changes mailing list