[kernel] r15078 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Mon Feb 1 04:43:15 UTC 2010 

Author: dannf
Date: Mon Feb  1 04:43:12 2010
New Revision: 15078

Log:
firewire: ohci: handle receive packets with a data length of zero
(CVE-2009-4138)

Added:
   dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/firewire-ohci-handle-receive-packets-with-a-data-length-of-zero.patch
      - copied, changed from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/firewire-ohci-handle-receive-packets-with-a-data-length-of-zero.patch
Modified:
   dists/etch-security/linux-2.6.24/debian/changelog
   dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2

Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog	Mon Feb  1 04:41:34 2010	(r15077)
+++ dists/etch-security/linux-2.6.24/debian/changelog	Mon Feb  1 04:43:12 2010	(r15078)
@@ -12,6 +12,8 @@
   * isdn: hfc_usb: Fix read buffer overflow (CVE-2009-4005)
   * hfs: fix a potential buffer overflow (CVE-2009-4020)
   * fuse: prevent fuse_put_request on invalid pointer (CVE-2009-4021)
+  * firewire: ohci: handle receive packets with a data length of zero
+    (CVE-2009-4138)
 
  -- dann frazier <dannf at debian.org>  Sun, 31 Jan 2010 17:17:52 -0700
 

Copied and modified: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/firewire-ohci-handle-receive-packets-with-a-data-length-of-zero.patch (from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/firewire-ohci-handle-receive-packets-with-a-data-length-of-zero.patch)
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/bugfix/all/firewire-ohci-handle-receive-packets-with-a-data-length-of-zero.patch	Sun Jan 31 21:26:06 2010	(r15068, copy source)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/firewire-ohci-handle-receive-packets-with-a-data-length-of-zero.patch	Mon Feb  1 04:43:12 2010	(r15078)
@@ -14,12 +14,12 @@
     Signed-off-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
     Cc: stable at kernel.org
 
-Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+Backported to Debian's 2.6.24 by dann frazier <dannf at debian.org>
 
-diff -urpN linux-source-2.6.26.orig/drivers/firewire/fw-ohci.c linux-source-2.6.26/drivers/firewire/fw-ohci.c
---- linux-source-2.6.26.orig/drivers/firewire/fw-ohci.c	2008-07-13 15:51:29.000000000 -0600
-+++ linux-source-2.6.26/drivers/firewire/fw-ohci.c	2009-12-24 00:20:17.000000000 -0700
-@@ -2142,6 +2142,13 @@ ohci_queue_iso_receive_dualbuffer(struct
+diff -urpN linux-source-2.6.24.orig/drivers/firewire/fw-ohci.c linux-source-2.6.24/drivers/firewire/fw-ohci.c
+--- linux-source-2.6.24.orig/drivers/firewire/fw-ohci.c	2010-01-31 21:39:11.000000000 -0700
++++ linux-source-2.6.24/drivers/firewire/fw-ohci.c	2010-01-31 21:42:10.000000000 -0700
+@@ -1872,6 +1872,13 @@ ohci_queue_iso_receive_dualbuffer(struct
  	page     = payload >> PAGE_SHIFT;
  	offset   = payload & ~PAGE_MASK;
  	rest     = p->payload_length;
@@ -33,7 +33,7 @@
  
  	/* FIXME: make packet-per-buffer/dual-buffer a context option */
  	while (rest > 0) {
-@@ -2195,7 +2202,7 @@ ohci_queue_iso_receive_packet_per_buffer
+@@ -1925,7 +1932,7 @@ ohci_queue_iso_receive_packet_per_buffer
  					 unsigned long payload)
  {
  	struct iso_context *ctx = container_of(base, struct iso_context, base);
@@ -42,7 +42,7 @@
  	struct fw_iso_packet *p = packet;
  	dma_addr_t d_bus, page_bus;
  	u32 z, header_z, rest;
-@@ -2233,8 +2240,9 @@ ohci_queue_iso_receive_packet_per_buffer
+@@ -1963,8 +1970,9 @@ ohci_queue_iso_receive_packet_per_buffer
  		d->data_address = cpu_to_le32(d_bus + (z * sizeof(*d)));
  
  		rest = payload_per_buffer;

Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2	Mon Feb  1 04:41:34 2010	(r15077)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2	Mon Feb  1 04:43:12 2010	(r15078)
@@ -11,3 +11,4 @@
 + bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch
 + bugfix/all/hfs-fix-a-potential-buffer-overflow.patch
 + bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch
++ bugfix/all/firewire-ohci-handle-receive-packets-with-a-data-length-of-zero.patch

More information about the Kernel-svn-changes mailing list