[kernel] r19806 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/all patches/debian patches/features/all/openvz patches/series

Thu Feb 14 06:57:50 UTC 2013

Author: dannf
Date: Thu Feb 14 06:57:50 2013
New Revision: 19806

Log:
Back out CVE-2012-3352 fix for now; it needs more work

Deleted:
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/inet-add-RCU-protection-to-inet-opt.patch
   dists/squeeze-security/linux-2.6/debian/patches/debian/inet-Avoid-ABI-change-from-fix-for-CVE-2012-3552.patch
Modified:
   dists/squeeze-security/linux-2.6/debian/changelog
   dists/squeeze-security/linux-2.6/debian/patches/features/all/openvz/openvz.patch
   dists/squeeze-security/linux-2.6/debian/patches/series/46squeeze1

Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================

--- dists/squeeze-security/linux-2.6/debian/changelog	Thu Feb 14 06:53:25 2013	(r19805)
+++ dists/squeeze-security/linux-2.6/debian/changelog	Thu Feb 14 06:57:50 2013	(r19806)
@@ -1,7 +1,6 @@
 linux-2.6 (2.6.32-46squeeze1) UNRELEASED; urgency=high
 
   * kmod: make __request_module() killable (CVE-2012-4398)
-  * inet: add RCU protection to inet->opt (CVE-2012-3552)
   * net: fix divide by zero in tcp algorithm illinois (CVE-2012-4565)
   * exec: do not leave bprm->interp on stack (CVE-2012-4530)
   * exec: use -ELOOP for max recursion depth (CVE-2012-4530)

Modified: dists/squeeze-security/linux-2.6/debian/patches/features/all/openvz/openvz.patch
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/features/all/openvz/openvz.patch	Thu Feb 14 06:53:25 2013	(r19805)
+++ dists/squeeze-security/linux-2.6/debian/patches/features/all/openvz/openvz.patch	Thu Feb 14 06:57:50 2013	(r19806)
@@ -84039,15 +84039,15 @@
 index 2ef9026..0c9b367 100644
 --- a/net/ipv4/ip_output.c
 +++ b/net/ipv4/ip_output.c
-@@ -1374,12 +1374,13 @@ void ip_send_reply(struct sock *sk, stru
- 	struct inet_sock *inet = inet_sk(sk);
- 	struct ip_options_data replyopts;
+@@ -1369,12 +1369,13 @@ void ip_send_reply(struct sock *sk, struct sk_buff *skb, struct ip_reply_arg *ar
+ 		char			data[40];
+ 	} replyopts;
  	struct ipcm_cookie ipc;
 -	__be32 daddr;
 +	__be32 saddr, daddr;
  	struct rtable *rt = skb_rtable(skb);
  
- 	if (ip_options_echo(&replyopts.opt.opt, skb))
+ 	if (ip_options_echo(&replyopts.opt, skb))
  		return;
  
 +	saddr = ip_hdr(skb)->daddr;
@@ -86096,9 +86096,9 @@
  
 +static int skb_header_size(struct sock *sk, int tcp_hlen)
 +{
-+	struct ip_options_rcu *inet = inet_sk(sk)->inet_opt;
++	struct ip_options *opt = inet_sk(sk)->opt;
 +	return tcp_hlen + sizeof(struct iphdr) +
-+		(inet ? inet->opt.optlen : 0)	+ ETH_HLEN /* For hard header */;
++		(opt ? opt->optlen : 0)	+ ETH_HLEN /* For hard header */;
 +}
 +
  /* This routine actually transmits TCP packets queued in by

Modified: dists/squeeze-security/linux-2.6/debian/patches/series/46squeeze1
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/46squeeze1	Thu Feb 14 06:53:25 2013	(r19805)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/46squeeze1	Thu Feb 14 06:57:50 2013	(r19806)
@@ -3,8 +3,6 @@
 + bugfix/all/usermodehelper-____call_usermodehelper-doesnt-need-do_exit.patch
 + bugfix/all/kmod-introduce-call_modprobe-helper.patch
 + bugfix/all/kmod-make-__request_module-killable.patch
-+ bugfix/all/inet-add-RCU-protection-to-inet-opt.patch
-+ debian/inet-Avoid-ABI-change-from-fix-for-CVE-2012-3552.patch
 + bugfix/all/net-fix-divide-by-zero-in-tcp-algorithm-illinois.patch
 + bugfix/all/exec-do-not-leave-bprm-interp-on-stack.patch
 + bugfix/all/exec-use-ELOOP-for-max-recursion-depth.patch

