[kernel] r18008 - in dists: squeeze-security/linux-2.6/debian squeeze-security/linux-2.6/debian/patches/bugfix/all squeeze-security/linux-2.6/debian/patches/series squeeze/linux-2.6/debian squeeze/linux-2.6/debian/patches/bugfix/all squeeze/linux-2.6/debian/patches/series

Dann Frazier dannf at alioth.debian.org
Thu Aug 25 05:07:57 UTC 2011 

Author: dannf
Date: Thu Aug 25 05:07:55 2011
New Revision: 18008

Log:
move fix for CVE-2011-2905 to security branch

Added:
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/perf-do-not-look-at-.-config-for-configuration.patch
Deleted:
   dists/squeeze/linux-2.6/debian/patches/bugfix/all/perf-do-not-look-at-.-config-for-configuration.patch
Modified:
   dists/squeeze-security/linux-2.6/debian/changelog
   dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1
   dists/squeeze/linux-2.6/debian/changelog
   dists/squeeze/linux-2.6/debian/patches/series/36

Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog	Thu Aug 25 05:01:30 2011	(r18007)
+++ dists/squeeze-security/linux-2.6/debian/changelog	Thu Aug 25 05:07:55 2011	(r18008)
@@ -22,6 +22,10 @@
   * si4713-i2c: avoid potential buffer overflow on si4713 (CVE-2011-2700)
   * Switch to MD5 for sequence number generation (CVE-2011-3188)
 
+  [ Jonathan Nieder ]
+  * perf: do not look at ./config for configuration (Closes: #632923)
+    (CVE-2011-2905)
+
  -- dann frazier <dannf at debian.org>  Mon, 15 Aug 2011 00:04:12 -0600
 
 linux-2.6 (2.6.32-35) stable; urgency=high

Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/perf-do-not-look-at-.-config-for-configuration.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/perf-do-not-look-at-.-config-for-configuration.patch	Thu Aug 25 05:07:55 2011	(r18008)
@@ -0,0 +1,51 @@
+Date: Fri, 5 Aug 2011 18:58:38 +0200
+From: Jonathan Nieder <jrnieder at gmail.com>
+Subject: [PATCH] perf: do not look at ./config for configuration
+
+In addition to /etc/perfconfig and $HOME/.perfconfig, perf looks for
+configuration in the file ./config, imitating git which looks at
+$GIT_DIR/config.  If ./config is not a perf configuration file, it
+fails, or worse, treats it as a configuration file and changes
+behavior in some unexpected way.
+
+"config" is not an unusual name for a file to be lying around and perf
+does not have a private directory dedicated for its own use, so let's
+just stop looking for configuration in the cwd.  Callers needing
+context-sensitive configuration can use the PERF_CONFIG environment
+variable.
+
+Requested-by: Christian Ohm <chr.ohm at gmx.net>
+Signed-off-by: Jonathan Nieder <jrnieder at gmail.com>
+---
+ tools/perf/util/config.c |    7 -------
+ 1 files changed, 0 insertions(+), 7 deletions(-)
+
+diff --git a/tools/perf/util/config.c b/tools/perf/util/config.c
+index e02d78ca..6c86eca8 100644
+--- a/tools/perf/util/config.c
++++ b/tools/perf/util/config.c
+@@ -399,7 +399,6 @@ static int perf_config_global(void)
+ int perf_config(config_fn_t fn, void *data)
+ {
+ 	int ret = 0, found = 0;
+-	char *repo_config = NULL;
+ 	const char *home = NULL;
+ 
+ 	/* Setting $PERF_CONFIG makes perf read _only_ the given config file. */
+@@ -421,12 +420,6 @@ int perf_config(config_fn_t fn, void *data)
+ 		free(user_config);
+ 	}
+ 
+-	repo_config = perf_pathdup("config");
+-	if (!access(repo_config, R_OK)) {
+-		ret += perf_config_from_file(fn, repo_config, data);
+-		found += 1;
+-	}
+-	free(repo_config);
+ 	if (found == 0)
+ 		return -1;
+ 	return ret;
+-- 
+1.7.6
+
+

Modified: dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1	Thu Aug 25 05:01:30 2011	(r18007)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1	Thu Aug 25 05:07:55 2011	(r18008)
@@ -24,3 +24,4 @@
 + bugfix/all/cifs-fix-possible-memory-corruption-in-CIFSFindNext.patch
 + bugfix/all/befs-validate-length-of-long-symbolic-links.patch
 + bugfix/all/perf-remove-the-nmi-parameter-from-the-swevent-and-overflow-interface.patch
++ bugfix/all/perf-do-not-look-at-.-config-for-configuration.patch

Modified: dists/squeeze/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze/linux-2.6/debian/changelog	Thu Aug 25 05:01:30 2011	(r18007)
+++ dists/squeeze/linux-2.6/debian/changelog	Thu Aug 25 05:07:55 2011	(r18008)
@@ -68,10 +68,6 @@
   * atm: br2864: sent packets truncated in VC routed mode (Closes: #638656)
   * Remove net device features from bug reports (Closes: #638956)
 
-  [ Jonathan Nieder ]
-  * perf: do not look at ./config for configuration (Closes: #632923)
-    (CVE-2011-2905)
-
  -- maximilian attems <maks at debian.org>  Sat, 25 Jun 2011 10:22:27 +0200
 
 linux-2.6 (2.6.32-35) stable; urgency=high

Modified: dists/squeeze/linux-2.6/debian/patches/series/36
==============================================================================
--- dists/squeeze/linux-2.6/debian/patches/series/36	Thu Aug 25 05:01:30 2011	(r18007)
+++ dists/squeeze/linux-2.6/debian/patches/series/36	Thu Aug 25 05:07:55 2011	(r18008)
@@ -15,7 +15,6 @@
 + bugfix/all/drm-i915-Add-a-no-lvds-quirk-for-the-Asus-EeeBox-PC-.patch
 + bugfix/all/drm-radeon-kms-fix-for-radeon-on-systems-4GB-without.patch
 + bugfix/all/stable/2.6.32.43.patch
-+ bugfix/all/perf-do-not-look-at-.-config-for-configuration.patch
 
 # Networking
 + features/all/net-Add-netdev_alloc_skb_ip_align-helper.patch

More information about the Kernel-svn-changes mailing list