[kernel] r17033 - in dists/trunk: firmware-free/debian/bin firmware-nonfree/debian/bin tgt/debian tgt/debian/patches
Ben Hutchings
benh at alioth.debian.org
Wed Mar 9 04:17:05 UTC 2011
Author: benh
Date: Wed Mar 9 04:17:01 2011
New Revision: 17033
Log:
Split check_upstream.py into separate scripts for free and non-free
Added:
dists/trunk/firmware-free/debian/bin/check_upstream.py (contents, props changed)
dists/trunk/tgt/debian/patches/CVE-2011-0001
Modified:
dists/trunk/firmware-nonfree/debian/bin/check_upstream.py
dists/trunk/tgt/debian/changelog
dists/trunk/tgt/debian/patches/series
Added: dists/trunk/firmware-free/debian/bin/check_upstream.py
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/trunk/firmware-free/debian/bin/check_upstream.py Wed Mar 9 04:17:01 2011 (r17033)
@@ -0,0 +1,56 @@
+#!/usr/bin/python
+
+import errno, filecmp, glob, os.path, re, sys
+rules_defs = dict((match.group(1), match.group(2))
+ for line in file('debian/rules.defs')
+ for match in [re.match(r'(\w+)\s*:=\s*(.*)\n', line)])
+sys.path.append('/usr/share/linux-support-%s/lib/python' %
+ rules_defs['KERNELVERSION'])
+from debian_linux.firmware import FirmwareWhence
+
+def main(source_dir, dest_dirs):
+ for section in FirmwareWhence(open(os.path.join(source_dir, 'WHENCE'))):
+ if re.search(r'^BSD\b'
+ r'|^GPLv2 or OpenIB\.org BSD\b'
+ r'|\bPermission\s+is\s+hereby\s+granted\s+for\s+the\s+'
+ r'distribution\s+of\s+this\s+firmware\s+(?:data|image)\b'
+ r'(?!\s+as\s+part\s+of)'
+ r'|\bRedistribution\s+and\s+use\s+in(?:\s+source\s+and)?'
+ r'\s+binary\s+forms\b'
+ r'|\bPermission\s+is\s+hereby\s+granted\b[^.]+\sto'
+ r'\s+deal\s+in\s+the\s+Software\s+without'
+ r'\s+restriction\b'
+ r'|\bredistributable\s+in\s+binary\s+form\b'
+ r'|^GPL(?:v2|\+)?\b',
+ section.licence):
+ # Suitable for main if source is available or binary is
+ # preferred form for modification
+ for file_info in section.files.values():
+ if file_info.source or file_info.binary.endswith('.cis'):
+ update_file(source_dir, dest_dirs, file_info.binary)
+
+def update_file(source_dir, dest_dirs, filename):
+ source_file = os.path.join(source_dir, filename)
+ if not os.path.isfile(source_file):
+ return
+ for dest_dir in dest_dirs:
+ for dest_file in ([os.path.join(dest_dir, filename)] +
+ glob.glob(os.path.join(dest_dir, filename + '-*'))):
+ if os.path.isfile(dest_file):
+ if not filecmp.cmp(source_file, dest_file, True):
+ print '%s: changed' % filename
+ return
+ print '%s: could be added' % filename
+
+if __name__ == '__main__':
+ if len(sys.argv) < 3:
+ print >>sys.stderr, '''\
+Usage: %s <linux-firmware-dir> <dest-dir>...
+
+Report changes or additions in linux-firmware.git that may be suitable
+for inclusion in firmware-free.
+
+Specify the per-package subdirectories as <dest-dir>...
+''' % sys.argv[0]
+ sys.exit(2)
+ main(sys.argv[1], sys.argv[2:])
Modified: dists/trunk/firmware-nonfree/debian/bin/check_upstream.py
==============================================================================
--- dists/trunk/firmware-nonfree/debian/bin/check_upstream.py Wed Mar 9 04:13:40 2011 (r17032)
+++ dists/trunk/firmware-nonfree/debian/bin/check_upstream.py Wed Mar 9 04:17:01 2011 (r17033)
@@ -8,7 +8,7 @@
rules_defs['KERNELVERSION'])
from debian_linux.firmware import FirmwareWhence
-def main(for_main, source_dir, dest_dirs):
+def main(source_dir, dest_dirs):
for section in FirmwareWhence(open(os.path.join(source_dir, 'WHENCE'))):
if re.search(r'^BSD\b'
r'|^GPLv2 or OpenIB\.org BSD\b'
@@ -22,22 +22,22 @@
r'\s+restriction\b'
r'|\bredistributable\s+in\s+binary\s+form\b',
section.licence):
- # Suitable for main or non-free depending on source availability
+ # Suitable for main if source is available; non-free otherwise
+ maybe_free = True
pass
elif re.match(r'^(?:D|Red)istributable\b', section.licence):
# Only suitable for non-free
- if for_main:
- continue
+ pass
elif re.match(r'^GPL(?:v2|\+)?\b', section.licence):
- # Only suitable for main; source must be available
- if not for_main:
- continue
+ # Suitable for main if source is available; not distributable
+ # otherwise
+ continue
else:
# Probably not distributable
continue
for file_info in section.files.values():
- if (file_info.source or file_info.binary.endswith('.cis') or
- not for_main):
+ if not (maybe_free and
+ (file_info.source or file_info.binary.endswith('.cis'))):
update_file(source_dir, dest_dirs, file_info.binary)
def update_file(source_dir, dest_dirs, filename):
@@ -54,23 +54,14 @@
print '%s: could be added' % filename
if __name__ == '__main__':
- for_main = False
- i = 1
- if len(sys.argv) > i and sys.argv[i] == '--main':
- for_main = True
- i += 1
- if len(sys.argv) < i + 2:
+ if len(sys.argv) < 3:
print >>sys.stderr, '''\
-Usage: %s [--main] <linux-firmware-dir> <dest-dir>...
+Usage: %s <linux-firmware-dir> <dest-dir>...
Report changes or additions in linux-firmware.git that may be suitable
-for inclusion in firmware-nonfree or linux-2.6.
-
-For firmware-nonfree, specify the per-package subdirectories as
-<dest-dir>...
+for inclusion in firmware-nonfree.
-For linux-2.6, use the '--main' option and specify the
-debian/build/build-firmware/firmware directory as <dest-dir>.
+Specify the per-package subdirectories as <dest-dir>...
''' % sys.argv[0]
sys.exit(2)
- main(for_main, sys.argv[i], sys.argv[i + 1 :])
+ main(sys.argv[1], sys.argv[2:])
Modified: dists/trunk/tgt/debian/changelog
==============================================================================
--- dists/trunk/tgt/debian/changelog Wed Mar 9 04:13:40 2011 (r17032)
+++ dists/trunk/tgt/debian/changelog Wed Mar 9 04:17:01 2011 (r17033)
@@ -1,3 +1,9 @@
+tgt (1:1.0.4-2squeeze1) stable-security; urgency=high
+
+ * iscsi: fix buffer overflow before login (CVE-2011-0001)
+
+ -- Ben Hutchings <ben at decadent.org.uk> Mon, 24 Jan 2011 20:21:11 +1000
+
tgt (1:1.0.4-2) unstable; urgency=low
* Fix bashism in tgt-admin, thanks to Chris Cheney (Closes: #589716)
Added: dists/trunk/tgt/debian/patches/CVE-2011-0001
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/trunk/tgt/debian/patches/CVE-2011-0001 Wed Mar 9 04:17:01 2011 (r17033)
@@ -0,0 +1,49 @@
+From 462f9a1ec81e607c5ae40bf108df9f7d1672685f Mon Sep 17 00:00:00 2001
+From: FUJITA Tomonori <fujita.tomonori at lab.ntt.co.jp>
+Date: Mon, 17 Jan 2011 17:25:45 +0900
+Subject: [PATCH] iscsi: fix buffer overflow before login
+
+Needs to check if the received data isn't larger than
+INCOMING_BUFSIZE.
+
+Signed-off-by: FUJITA Tomonori <fujita.tomonori at lab.ntt.co.jp>
+---
+ usr/iscsi/iscsid.c | 15 +++++++++++++++
+ 1 files changed, 15 insertions(+), 0 deletions(-)
+
+diff --git a/usr/iscsi/iscsid.c b/usr/iscsi/iscsid.c
+index f739a12..abb6429 100644
+--- a/usr/iscsi/iscsid.c
++++ b/usr/iscsi/iscsid.c
+@@ -1979,6 +1979,13 @@ again:
+ conn->req.ahssize = conn->req.bhs.hlength * 4;
+ conn->req.datasize = ntoh24(conn->req.bhs.dlength);
+ conn->rx_size = conn->req.ahssize;
++
++ if (conn->state != STATE_SCSI &&
++ conn->req.ahssize > INCOMING_BUFSIZE) {
++ conn->state = STATE_CLOSE;
++ return;
++ }
++
+ if (conn->rx_size) {
+ conn->rx_buffer = conn->req.ahs;
+ conn->rx_iostate = IOSTATE_RX_AHS;
+@@ -2031,6 +2038,14 @@ again:
+ if (conn->rx_size) {
+ conn->rx_iostate = IOSTATE_RX_DATA;
+ conn->rx_buffer = conn->req.data;
++
++ if (conn->state != STATE_SCSI) {
++ if (conn->req.ahssize + conn->rx_size >
++ INCOMING_BUFSIZE) {
++ conn->state = STATE_CLOSE;
++ return;
++ }
++ }
+ } else {
+ conn->rx_iostate = IOSTATE_RX_END;
+ break;
+--
+1.7.1
+
Modified: dists/trunk/tgt/debian/patches/series
==============================================================================
--- dists/trunk/tgt/debian/patches/series Wed Mar 9 04:13:40 2011 (r17032)
+++ dists/trunk/tgt/debian/patches/series Wed Mar 9 04:17:01 2011 (r17033)
@@ -1,3 +1,4 @@
make-tgt-setup-lun-executable
conf-makefile
fix-tgt-admin-bashism
+CVE-2011-0001
More information about the Kernel-svn-changes
mailing list