[kernel] r19806 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/all patches/debian patches/features/all/openvz patches/series
Dann Frazier
dannf at alioth.debian.org
Thu Feb 14 06:57:50 UTC 2013
Author: dannf
Date: Thu Feb 14 06:57:50 2013
New Revision: 19806
Log:
Back out CVE-2012-3352 fix for now; it needs more work
Deleted:
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/inet-add-RCU-protection-to-inet-opt.patch
dists/squeeze-security/linux-2.6/debian/patches/debian/inet-Avoid-ABI-change-from-fix-for-CVE-2012-3552.patch
Modified:
dists/squeeze-security/linux-2.6/debian/changelog
dists/squeeze-security/linux-2.6/debian/patches/features/all/openvz/openvz.patch
dists/squeeze-security/linux-2.6/debian/patches/series/46squeeze1
Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog Thu Feb 14 06:53:25 2013 (r19805)
+++ dists/squeeze-security/linux-2.6/debian/changelog Thu Feb 14 06:57:50 2013 (r19806)
@@ -1,7 +1,6 @@
linux-2.6 (2.6.32-46squeeze1) UNRELEASED; urgency=high
* kmod: make __request_module() killable (CVE-2012-4398)
- * inet: add RCU protection to inet->opt (CVE-2012-3552)
* net: fix divide by zero in tcp algorithm illinois (CVE-2012-4565)
* exec: do not leave bprm->interp on stack (CVE-2012-4530)
* exec: use -ELOOP for max recursion depth (CVE-2012-4530)
Modified: dists/squeeze-security/linux-2.6/debian/patches/features/all/openvz/openvz.patch
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/features/all/openvz/openvz.patch Thu Feb 14 06:53:25 2013 (r19805)
+++ dists/squeeze-security/linux-2.6/debian/patches/features/all/openvz/openvz.patch Thu Feb 14 06:57:50 2013 (r19806)
@@ -84039,15 +84039,15 @@
index 2ef9026..0c9b367 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
-@@ -1374,12 +1374,13 @@ void ip_send_reply(struct sock *sk, stru
- struct inet_sock *inet = inet_sk(sk);
- struct ip_options_data replyopts;
+@@ -1369,12 +1369,13 @@ void ip_send_reply(struct sock *sk, struct sk_buff *skb, struct ip_reply_arg *ar
+ char data[40];
+ } replyopts;
struct ipcm_cookie ipc;
- __be32 daddr;
+ __be32 saddr, daddr;
struct rtable *rt = skb_rtable(skb);
- if (ip_options_echo(&replyopts.opt.opt, skb))
+ if (ip_options_echo(&replyopts.opt, skb))
return;
+ saddr = ip_hdr(skb)->daddr;
@@ -86096,9 +86096,9 @@
+static int skb_header_size(struct sock *sk, int tcp_hlen)
+{
-+ struct ip_options_rcu *inet = inet_sk(sk)->inet_opt;
++ struct ip_options *opt = inet_sk(sk)->opt;
+ return tcp_hlen + sizeof(struct iphdr) +
-+ (inet ? inet->opt.optlen : 0) + ETH_HLEN /* For hard header */;
++ (opt ? opt->optlen : 0) + ETH_HLEN /* For hard header */;
+}
+
/* This routine actually transmits TCP packets queued in by
Modified: dists/squeeze-security/linux-2.6/debian/patches/series/46squeeze1
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/46squeeze1 Thu Feb 14 06:53:25 2013 (r19805)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/46squeeze1 Thu Feb 14 06:57:50 2013 (r19806)
@@ -3,8 +3,6 @@
+ bugfix/all/usermodehelper-____call_usermodehelper-doesnt-need-do_exit.patch
+ bugfix/all/kmod-introduce-call_modprobe-helper.patch
+ bugfix/all/kmod-make-__request_module-killable.patch
-+ bugfix/all/inet-add-RCU-protection-to-inet-opt.patch
-+ debian/inet-Avoid-ABI-change-from-fix-for-CVE-2012-3552.patch
+ bugfix/all/net-fix-divide-by-zero-in-tcp-algorithm-illinois.patch
+ bugfix/all/exec-do-not-leave-bprm-interp-on-stack.patch
+ bugfix/all/exec-use-ELOOP-for-max-recursion-depth.patch
More information about the Kernel-svn-changes
mailing list