[kernel] r10109 - dists/trunk/linux-2.6/debian/config/s390
Author: maks Date: Tue Jan 15 11:34:51 2008 New Revision: 10109 Log: s390: rm ref to old z90crypt driver got rm with 7561b974e0cbbdca1bb880b55200afd9a1a20737, replaced by new zcrypt. Modified: dists/trunk/linux-2.6/debian/config/s390/config Modified: dists/trunk/linux-2.6/debian/config/s390/config == --- dists/trunk/linux-2.6/debian/config/s390/config (original) +++ dists/trunk/linux-2.6/debian/config/s390/config Tue Jan 15 11:34:51 2008 @@ -123,7 +123,6 @@ # CONFIG_ATA_OVER_ETH is not set # CONFIG_DM_MULTIPATH_EMC is not set # CONFIG_WATCHDOG is not set -CONFIG_Z90CRYPT=m CONFIG_IPV6=y # CONFIG_ATM is not set # CONFIG_BRIDGE is not set ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r10108 - in dists/trunk/linux-2.6/debian/config: . amd64 i386
Author: maks Date: Tue Jan 15 11:34:44 2008 New Revision: 10108 Log: x86: RELOCATABLE is x86 arch specific, mv it over fix trying to assign nonexistent symbol RELOCATABLE Modified: dists/trunk/linux-2.6/debian/config/amd64/config dists/trunk/linux-2.6/debian/config/config dists/trunk/linux-2.6/debian/config/i386/config Modified: dists/trunk/linux-2.6/debian/config/amd64/config == --- dists/trunk/linux-2.6/debian/config/amd64/config(original) +++ dists/trunk/linux-2.6/debian/config/amd64/configTue Jan 15 11:34:44 2008 @@ -1311,6 +1311,7 @@ CONFIG_MMU=y CONFIG_MOUSE_PS2_SYNAPTICS=y CONFIG_PHYSICAL_ALIGN=0x20 +# CONFIG_RELOCATABLE is not set CONFIG_VIRT_TO_BUS=y CONFIG_BASE_FULL=y CONFIG_GENERIC_HWEIGHT=y Modified: dists/trunk/linux-2.6/debian/config/config == --- dists/trunk/linux-2.6/debian/config/config (original) +++ dists/trunk/linux-2.6/debian/config/config Tue Jan 15 11:34:44 2008 @@ -2065,7 +2065,6 @@ # CONFIG_USB_GADGET_S3C2410 is not set # CONFIG_USB_GADGET_M66592 is not set CONFIG_VGASTATE=m -# CONFIG_RELOCATABLE is not set # CONFIG_USB_PERSIST is not set CONFIG_TIMERFD=y # CONFIG_USB_GADGET_AMD5536UDC is not set Modified: dists/trunk/linux-2.6/debian/config/i386/config == --- dists/trunk/linux-2.6/debian/config/i386/config (original) +++ dists/trunk/linux-2.6/debian/config/i386/config Tue Jan 15 11:34:44 2008 @@ -1491,6 +1491,7 @@ CONFIG_CRYPTO_DEV_GEODE=m # CONFIG_FB_GEODE_GX_SET_FBSIZE is not set CONFIG_PHYSICAL_ALIGN=0x10 +# CONFIG_RELOCATABLE is not set # CONFIG_ARCH_HAS_ILOG2_U64 is not set CONFIG_KS0108=m CONFIG_KS0108_PORT=0x378 ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r10111 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series
Author: dannf Date: Tue Jan 15 23:46:19 2008 New Revision: 10111 Log: * bugfix/vfs-use-access-mode-flag.patch [SECURITY] Use the access mode flag instead of the open flag when testing access mode for a directory. See CVE-2008-0001 Added: dists/etch-security/linux-2.6/debian/patches/bugfix/vfs-use-access-mode-flag.patch Modified: dists/etch-security/linux-2.6/debian/changelog dists/etch-security/linux-2.6/debian/patches/series/17etch1 Modified: dists/etch-security/linux-2.6/debian/changelog == --- dists/etch-security/linux-2.6/debian/changelog (original) +++ dists/etch-security/linux-2.6/debian/changelog Tue Jan 15 23:46:19 2008 @@ -3,8 +3,12 @@ * bugfix/i4l-isdn_ioctl-mem-overrun.patch [SECURITY] Fix potential isdn ioctl memory overrun See CVE-2007-6151 + * bugfix/vfs-use-access-mode-flag.patch +[SECURITY] Use the access mode flag instead of the open flag when +testing access mode for a directory. +See CVE-2008-0001 - -- dann frazier [EMAIL PROTECTED] Sat, 05 Jan 2008 17:27:50 -0700 + -- dann frazier [EMAIL PROTECTED] Tue, 15 Jan 2008 16:44:15 -0700 linux-2.6 (2.6.18.dfsg.1-17) stable; urgency=high Added: dists/etch-security/linux-2.6/debian/patches/bugfix/vfs-use-access-mode-flag.patch == --- (empty file) +++ dists/etch-security/linux-2.6/debian/patches/bugfix/vfs-use-access-mode-flag.patch Tue Jan 15 23:46:19 2008 @@ -0,0 +1,52 @@ +From: Linus Torvalds [EMAIL PROTECTED] +Date: Sat, 12 Jan 2008 22:06:34 + (-0800) +Subject: Use access mode instead of open flags to determine needed permissions +X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=974a9f0b47da74e28f68b9c8645c3786aa5ace1a + +Use access mode instead of open flags to determine needed permissions + +Way back when (in commit 834f2a4a1554dc5b2598038b3fe8703defcbe467, aka +VFS: Allow the filesystem to return a full file pointer on open intent +to be exact), Trond changed the open logic to keep track of the original +flags to a file open, in order to pass down the the intent of a dentry +lookup to the low-level filesystem. + +However, when doing that reorganization, it changed the meaning of +namei_flags, and thus inadvertently changed the test of access mode for +directories (and RO filesystem) to use the wrong flag. So fix those +test back to use access mode (acc_mode) rather than the open flag +(flag). + +Issue noticed by Bill Roman at Datalight. + +Reported-and-tested-by: Bill Roman [EMAIL PROTECTED] +Acked-by: Trond Myklebust [EMAIL PROTECTED] +Acked-by: Al Viro [EMAIL PROTECTED] +Cc: Christoph Hellwig [EMAIL PROTECTED] +Cc: Andrew Morton [EMAIL PROTECTED] +Signed-off-by: Linus Torvalds [EMAIL PROTECTED] +--- + +Adjusted to apply to Debian's 2.6.18 by dann frazier [EMAIL PROTECTED] + +diff -urpN linux-source-2.6.18.orig/fs/namei.c linux-source-2.6.18/fs/namei.c +--- linux-source-2.6.18.orig/fs/namei.c2006-09-19 21:42:06.0 -0600 linux-source-2.6.18/fs/namei.c 2008-01-15 16:42:10.0 -0700 +@@ -1500,7 +1500,7 @@ int may_open(struct nameidata *nd, int a + if (S_ISLNK(inode-i_mode)) + return -ELOOP; + +- if (S_ISDIR(inode-i_mode) (flag FMODE_WRITE)) ++ if (S_ISDIR(inode-i_mode) (acc_mode MAY_WRITE)) + return -EISDIR; + + error = vfs_permission(nd, acc_mode); +@@ -1519,7 +1519,7 @@ int may_open(struct nameidata *nd, int a + return -EACCES; + + flag = ~O_TRUNC; +- } else if (IS_RDONLY(inode) (flag FMODE_WRITE)) ++ } else if (IS_RDONLY(inode) (acc_mode MAY_WRITE)) + return -EROFS; + /* +* An append-only file must be opened in append mode for writing. Modified: dists/etch-security/linux-2.6/debian/patches/series/17etch1 == --- dists/etch-security/linux-2.6/debian/patches/series/17etch1 (original) +++ dists/etch-security/linux-2.6/debian/patches/series/17etch1 Tue Jan 15 23:46:19 2008 @@ -1 +1,2 @@ + bugfix/i4l-isdn_ioctl-mem-overrun.patch ++ bugfix/vfs-use-access-mode-flag.patch ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r10112 - in dists/trunk/linux-2.6/debian/patches: bugfix/all series
Author: maks
Date: Wed Jan 16 00:02:30 2008
New Revision: 10112
Log:
update to 2.6.24-rc7-git8
Added:
dists/trunk/linux-2.6/debian/patches/bugfix/all/patch-2.6.24-rc7-git8
- copied, changed from r10109,
/dists/trunk/linux-2.6/debian/patches/bugfix/all/patch-2.6.24-rc7-git7
Removed:
dists/trunk/linux-2.6/debian/patches/bugfix/all/patch-2.6.24-rc7-git7
Modified:
dists/trunk/linux-2.6/debian/patches/series/1~experimental.1
Copied: dists/trunk/linux-2.6/debian/patches/bugfix/all/patch-2.6.24-rc7-git8
(from r10109,
/dists/trunk/linux-2.6/debian/patches/bugfix/all/patch-2.6.24-rc7-git7)
==
--- /dists/trunk/linux-2.6/debian/patches/bugfix/all/patch-2.6.24-rc7-git7
(original)
+++ dists/trunk/linux-2.6/debian/patches/bugfix/all/patch-2.6.24-rc7-git8
Wed Jan 16 00:02:30 2008
@@ -124,6 +124,77 @@
L:[EMAIL PROTECTED]
S:Supported
+diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
+index c4de2d4..3a75a0b 100644
+--- a/arch/arm/Kconfig
b/arch/arm/Kconfig
+@@ -1076,7 +1076,7 @@ endmenu
+
+ source fs/Kconfig
+
+-source kernel/Kconfig.instrumentation
++source arch/arm/Kconfig.instrumentation
+
+ source arch/arm/Kconfig.debug
+
+diff --git a/arch/arm/Kconfig.instrumentation
b/arch/arm/Kconfig.instrumentation
+new file mode 100644
+index 000..63b8c6d
+--- /dev/null
b/arch/arm/Kconfig.instrumentation
+@@ -0,0 +1,52 @@
++menuconfig INSTRUMENTATION
++ bool Instrumentation Support
++ default y
++ ---help---
++Say Y here to get to see options related to performance measurement,
++system-wide debugging, and testing. This option alone does not add any
++kernel code.
++
++If you say N, all options in this submenu will be skipped and
++disabled. If you're trying to debug the kernel itself, go see the
++Kernel Hacking menu.
++
++if INSTRUMENTATION
++
++config PROFILING
++ bool Profiling support (EXPERIMENTAL)
++ help
++Say Y here to enable the extended profiling support mechanisms used
++by profilers such as OProfile.
++
++config OPROFILE
++ tristate OProfile system profiling (EXPERIMENTAL)
++ depends on PROFILING !UML
++ help
++OProfile is a profiling system capable of profiling the
++whole system, include the kernel, kernel modules, libraries,
++and applications.
++
++If unsure, say N.
++
++config OPROFILE_ARMV6
++ bool
++ depends on OPROFILE CPU_V6 !SMP
++ default y
++ select OPROFILE_ARM11_CORE
++
++config OPROFILE_MPCORE
++ bool
++ depends on OPROFILE CPU_V6 SMP
++ default y
++ select OPROFILE_ARM11_CORE
++
++config OPROFILE_ARM11_CORE
++ bool
++
++config MARKERS
++ bool Activate markers
++ help
++Place an empty function call at each marker site. Can be
++dynamically changed for a probe function.
++
++endif # INSTRUMENTATION
diff --git a/arch/arm/mach-at91/board-ek.c b/arch/arm/mach-at91/board-ek.c
index d05b1b2..53a5ef9 100644
--- a/arch/arm/mach-at91/board-ek.c
@@ -1431,6 +1502,56 @@
return platform_device_register(uart8250_device);
}
+diff --git a/arch/powerpc/kernel/iommu.c b/arch/powerpc/kernel/iommu.c
+index 2d0c9ef..79a85d6 100644
+--- a/arch/powerpc/kernel/iommu.c
b/arch/powerpc/kernel/iommu.c
+@@ -278,6 +278,7 @@ int iommu_map_sg(struct iommu_table *tbl, struct
scatterlist *sglist,
+ unsigned long flags;
+ struct scatterlist *s, *outs, *segstart;
+ int outcount, incount, i;
++ unsigned int align;
+ unsigned long handle;
+
+ BUG_ON(direction == DMA_NONE);
+@@ -309,7 +310,12 @@ int iommu_map_sg(struct iommu_table *tbl, struct
scatterlist *sglist,
+ /* Allocate iommu entries for that segment */
+ vaddr = (unsigned long) sg_virt(s);
+ npages = iommu_num_pages(vaddr, slen);
+- entry = iommu_range_alloc(tbl, npages, handle, mask
IOMMU_PAGE_SHIFT, 0);
++ align = 0;
++ if (IOMMU_PAGE_SHIFT PAGE_SHIFT slen = PAGE_SIZE
++ (vaddr ~PAGE_MASK) == 0)
++ align = PAGE_SHIFT - IOMMU_PAGE_SHIFT;
++ entry = iommu_range_alloc(tbl, npages, handle,
++mask IOMMU_PAGE_SHIFT, align);
+
+ DBG( - vaddr: %lx, size: %lx\n, vaddr, slen);
+
+@@ -572,7 +578,7 @@ dma_addr_t iommu_map_single(struct iommu_table *tbl, void
*vaddr,
+ {
+ dma_addr_t dma_handle = DMA_ERROR_CODE;
+ unsigned long uaddr;
+- unsigned int npages;
++ unsigned int npages, align;
+
+ BUG_ON(direction == DMA_NONE);
+
+@@ -580,8 +586,13 @@ dma_addr_t iommu_map_single(struct iommu_table *tbl, void
*vaddr,
+ npages = iommu_num_pages(uaddr, size);
+
+ if (tbl) {
++ align = 0;
++ if (IOMMU_PAGE_SHIFT PAGE_SHIFT size =
[kernel] r10113 - dists/etch/linux-2.6.23
Author: dannf Date: Wed Jan 16 01:43:34 2008 New Revision: 10113 Log: forego 2.6.23 for etchnahalf Removed: dists/etch/linux-2.6.23/ ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r10114 - dists/lenny
Author: dannf Date: Wed Jan 16 01:56:00 2008 New Revision: 10114 Log: remove obsolete lenny tree Removed: dists/lenny/ ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r10118 - releases/linux-2.6/2.6.22-5
Author: dannf Date: Wed Jan 16 02:07:18 2008 New Revision: 10118 Log: retroactively tag 2.6.22-5 Added: releases/linux-2.6/2.6.22-5/ - copied from r9638, /dists/sid/linux-2.6/ ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r10120 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series
Author: dannf
Date: Wed Jan 16 06:38:09 2008
New Revision: 10120
Log:
* bugfix/fat-move-ioctl-compat-code.patch, bugfix/fat-fix-compat-ioctls.patch
[SECURITY][ABI Changer] Fix kernel_dirent corruption in the compat layer
for fat ioctls
See CVE-2007-2878
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/fat-fix-compat-ioctls.patch
dists/etch-security/linux-2.6/debian/patches/bugfix/fat-move-ioctl-compat-code.patch
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/series/17etch1
Modified: dists/etch-security/linux-2.6/debian/changelog
==
--- dists/etch-security/linux-2.6/debian/changelog (original)
+++ dists/etch-security/linux-2.6/debian/changelog Wed Jan 16 06:38:09 2008
@@ -7,6 +7,10 @@
[SECURITY] Use the access mode flag instead of the open flag when
testing access mode for a directory.
See CVE-2008-0001
+ * bugfix/fat-move-ioctl-compat-code.patch, bugfix/fat-fix-compat-ioctls.patch
+[SECURITY][ABI Changer] Fix kernel_dirent corruption in the compat layer
+for fat ioctls
+See CVE-2007-2878
-- dann frazier [EMAIL PROTECTED] Tue, 15 Jan 2008 16:44:15 -0700
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/fat-fix-compat-ioctls.patch
==
--- (empty file)
+++
dists/etch-security/linux-2.6/debian/patches/bugfix/fat-fix-compat-ioctls.patch
Wed Jan 16 06:38:09 2008
@@ -0,0 +1,311 @@
+From: OGAWA Hirofumi [EMAIL PROTECTED]
+Date: Tue, 8 May 2007 07:31:28 + (-0700)
+Subject: fat: fix VFAT compat ioctls on 64-bit systems
+X-Git-Tag: v2.6.22-rc1~614
+X-Git-Url:
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=c483bab099cb89e92b7cad94a52fcdaf37e56657
+
+fat: fix VFAT compat ioctls on 64-bit systems
+
+If you compile and run the below test case in an msdos or vfat directory on
+an x86-64 system with -m32 you'll get garbage in the kernel_dirent struct
+followed by a SIGSEGV.
+
+The patch fixes this.
+
+Reported and initial fix by Bart Oldeman
+
+#include sys/types.h
+#include sys/ioctl.h
+#include dirent.h
+#include stdio.h
+#include unistd.h
+#include fcntl.h
+struct kernel_dirent {
+ longd_ino;
+ long d_off;
+ unsigned short d_reclen;
+ chard_name[256]; /* We must not include limits.h! */
+};
+#define VFAT_IOCTL_READDIR_BOTH _IOR('r', 1, struct kernel_dirent [2])
+#define VFAT_IOCTL_READDIR_SHORT _IOR('r', 2, struct kernel_dirent [2])
+
+int main(void)
+{
+ int fd = open(., O_RDONLY);
+ struct kernel_dirent de[2];
+
+ while (1) {
+ int i = ioctl(fd, VFAT_IOCTL_READDIR_BOTH, (long)de);
+ if (i == -1) break;
+ if (de[0].d_reclen == 0) break;
+ printf(SFN: reclen=%2d off=%d ino=%d, %-12s,
+ de[0].d_reclen, de[0].d_off, de[0].d_ino, de[0].d_name);
+ if (de[1].d_reclen)
+ printf(\tLFN: reclen=%2d off=%d ino=%d, %s,
+ de[1].d_reclen, de[1].d_off, de[1].d_ino, de[1].d_name);
+ printf(\n);
+ }
+ return 0;
+}
+
+Signed-off-by: Bart Oldeman [EMAIL PROTECTED]
+Signed-off-by: OGAWA Hirofumi [EMAIL PROTECTED]
+Cc: [EMAIL PROTECTED]
+Signed-off-by: Andrew Morton [EMAIL PROTECTED]
+Signed-off-by: Linus Torvalds [EMAIL PROTECTED]
+---
+
+Backported to Debian's 2.6.18 by dann frazier [EMAIL PROTECTED]
+
+diff -urpN linux-source-2.6.18.orig/fs/fat/dir.c
linux-source-2.6.18/fs/fat/dir.c
+--- linux-source-2.6.18.orig/fs/fat/dir.c 2007-06-22 21:48:00.0
-0600
linux-source-2.6.18/fs/fat/dir.c 2007-06-22 21:48:42.0 -0600
+@@ -422,7 +422,7 @@ EODir:
+ EXPORT_SYMBOL_GPL(fat_search_long);
+
+ struct fat_ioctl_filldir_callback {
+- struct dirent __user *dirent;
++ void __user *dirent;
+ int result;
+ /* for dir ioctl */
+ const char *longname;
+@@ -647,62 +647,85 @@ static int fat_readdir(struct file *filp
+ return __fat_readdir(inode, filp, dirent, filldir, 0, 0);
+ }
+
+-static int fat_ioctl_filldir(void *__buf, const char *name, int name_len,
+- loff_t offset, ino_t ino, unsigned int d_type)
++#define FAT_IOCTL_FILLDIR_FUNC(func, dirent_type)\
++static int func(void *__buf, const char *name, int name_len, \
++ loff_t offset, ino_t ino, unsigned int d_type) \
++{\
++ struct fat_ioctl_filldir_callback *buf = __buf;\
++ struct dirent_type __user *d1 = buf-dirent; \
++ struct dirent_type __user *d2 = d1 + 1;\
++
[kernel] r10121 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series
Author: dannf
Date: Wed Jan 16 07:02:02 2008
New Revision: 10121
Log:
* bugfix/proc-snd-page-alloc-mem-leak.patch
[SECURITY] Fix an issue in the alsa subsystem that allows a local user
to read potentially sensitive kernel memory from the proc filesystem
See CVE-2007-4571
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/proc-snd-page-alloc-mem-leak.patch
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/series/17etch1
Modified: dists/etch-security/linux-2.6/debian/changelog
==
--- dists/etch-security/linux-2.6/debian/changelog (original)
+++ dists/etch-security/linux-2.6/debian/changelog Wed Jan 16 07:02:02 2008
@@ -11,6 +11,10 @@
[SECURITY][ABI Changer] Fix kernel_dirent corruption in the compat layer
for fat ioctls
See CVE-2007-2878
+ * bugfix/proc-snd-page-alloc-mem-leak.patch
+[SECURITY] Fix an issue in the alsa subsystem that allows a local user
+to read potentially sensitive kernel memory from the proc filesystem
+See CVE-2007-4571
-- dann frazier [EMAIL PROTECTED] Tue, 15 Jan 2008 16:44:15 -0700
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/proc-snd-page-alloc-mem-leak.patch
==
--- (empty file)
+++
dists/etch-security/linux-2.6/debian/patches/bugfix/proc-snd-page-alloc-mem-leak.patch
Wed Jan 16 07:02:02 2008
@@ -0,0 +1,169 @@
+From: Takashi Iwai [EMAIL PROTECTED]
+Date: Mon, 17 Sep 2007 19:55:10 + (+0200)
+Subject: Convert snd-page-alloc proc file to use seq_file
+X-Git-Tag: v2.6.23-rc8~3
+X-Git-Url:
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=ccec6e2c4a74adf76ed4e2478091a311b1806212;hp=7bae705ef2c2daac1993de03e5be93b5c300fc5e
+
+Convert snd-page-alloc proc file to use seq_file
+
+Use seq_file for the proc file read/write of snd-page-alloc module.
+This automatically fixes bugs in the old proc code.
+
+Signed-off-by: Takashi Iwai [EMAIL PROTECTED]
+Signed-off-by: Linus Torvalds [EMAIL PROTECTED]
+---
+
+Backported to Debian's 2.6.18 by dann frazier [EMAIL PROTECTED]
+
+diff -urpN linux-source-2.6.18.orig/sound/core/memalloc.c
linux-source-2.6.18/sound/core/memalloc.c
+--- linux-source-2.6.18.orig/sound/core/memalloc.c 2006-09-19
21:42:06.0 -0600
linux-source-2.6.18/sound/core/memalloc.c 2007-09-25 17:53:01.0
-0600
+@@ -27,6 +27,7 @@
+ #include linux/pci.h
+ #include linux/slab.h
+ #include linux/mm.h
++#include linux/seq_file.h
+ #include asm/uaccess.h
+ #include linux/dma-mapping.h
+ #include linux/moduleparam.h
+@@ -483,10 +484,8 @@ static void free_all_reserved_pages(void
+ #define SND_MEM_PROC_FILE driver/snd-page-alloc
+ static struct proc_dir_entry *snd_mem_proc;
+
+-static int snd_mem_proc_read(char *page, char **start, off_t off,
+- int count, int *eof, void *data)
++static int snd_mem_proc_read(struct seq_file *seq, void *offset)
+ {
+- int len = 0;
+ long pages = snd_allocated_pages (PAGE_SHIFT-12);
+ struct list_head *p;
+ struct snd_mem_list *mem;
+@@ -494,44 +493,47 @@ static int snd_mem_proc_read(char *page,
+ static char *types[] = { UNKNOWN, CONT, DEV, DEV-SG, SBUS };
+
+ mutex_lock(list_mutex);
+- len += snprintf(page + len, count - len,
+- pages : %li bytes (%li pages per %likB)\n,
+- pages * PAGE_SIZE, pages, PAGE_SIZE / 1024);
++ seq_printf(seq, pages : %li bytes (%li pages per %likB)\n,
++ pages * PAGE_SIZE, pages, PAGE_SIZE / 1024);
+ devno = 0;
+ list_for_each(p, mem_list_head) {
+ mem = list_entry(p, struct snd_mem_list, list);
+ devno++;
+- len += snprintf(page + len, count - len,
+- buffer %d : ID %08x : type %s\n,
+- devno, mem-id, types[mem-buffer.dev.type]);
+- len += snprintf(page + len, count - len,
+-addr = 0x%lx, size = %d bytes\n,
+- (unsigned long)mem-buffer.addr,
(int)mem-buffer.bytes);
++ seq_printf(seq, buffer %d : ID %08x : type %s\n,
++ devno, mem-id, types[mem-buffer.dev.type]);
++ seq_printf(seq, addr = 0x%lx, size = %d bytes\n,
++ (unsigned long)mem-buffer.addr,
++ (int)mem-buffer.bytes);
+ }
+ mutex_unlock(list_mutex);
+- return len;
++ return 0;
++}
++
++static int snd_mem_proc_open(struct inode *inode, struct file *file)
++{
++ return single_open(file, snd_mem_proc_read, NULL);
+ }
+
+ /* FIXME: for pci only - other bus? */
+ #ifdef CONFIG_PCI
+ #define gettoken(bufp) strsep(bufp, \t\n)
+
+-static int snd_mem_proc_write(struct file
[kernel] r10122 - dists/etch-security/linux-2.6/debian
Author: dannf Date: Wed Jan 16 07:03:51 2008 New Revision: 10122 Log: mark abi changer Modified: dists/etch-security/linux-2.6/debian/changelog Modified: dists/etch-security/linux-2.6/debian/changelog == --- dists/etch-security/linux-2.6/debian/changelog (original) +++ dists/etch-security/linux-2.6/debian/changelog Wed Jan 16 07:03:51 2008 @@ -12,8 +12,9 @@ for fat ioctls See CVE-2007-2878 * bugfix/proc-snd-page-alloc-mem-leak.patch -[SECURITY] Fix an issue in the alsa subsystem that allows a local user -to read potentially sensitive kernel memory from the proc filesystem +[SECURITY][ABI Changer] Fix an issue in the alsa subsystem that allows a +local user to read potentially sensitive kernel memory from the proc +filesystem See CVE-2007-4571 -- dann frazier [EMAIL PROTECTED] Tue, 15 Jan 2008 16:44:15 -0700 ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r10123 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series
Author: dannf Date: Wed Jan 16 07:37:12 2008 New Revision: 10123 Log: * bugfix/do_brk-security-hook.patch Add security checks to do_brk() to prevent unprivileged users from accessing low memory pages See CVE-2007-6434 Added: dists/etch-security/linux-2.6/debian/patches/bugfix/do_brk-security-hook.patch Modified: dists/etch-security/linux-2.6/debian/changelog dists/etch-security/linux-2.6/debian/patches/series/17etch1 Modified: dists/etch-security/linux-2.6/debian/changelog == --- dists/etch-security/linux-2.6/debian/changelog (original) +++ dists/etch-security/linux-2.6/debian/changelog Wed Jan 16 07:37:12 2008 @@ -16,8 +16,12 @@ local user to read potentially sensitive kernel memory from the proc filesystem See CVE-2007-4571 + * bugfix/do_brk-security-hook.patch +Add security checks to do_brk() to prevent unprivileged users from +accessing low memory pages +See CVE-2007-6434 - -- dann frazier [EMAIL PROTECTED] Tue, 15 Jan 2008 16:44:15 -0700 + -- dann frazier [EMAIL PROTECTED] Wed, 16 Jan 2008 00:31:52 -0700 linux-2.6 (2.6.18.dfsg.1-17) stable; urgency=high Added: dists/etch-security/linux-2.6/debian/patches/bugfix/do_brk-security-hook.patch == --- (empty file) +++ dists/etch-security/linux-2.6/debian/patches/bugfix/do_brk-security-hook.patch Wed Jan 16 07:37:12 2008 @@ -0,0 +1,34 @@ +commit ecaf18c15aac8bb9bed7b7aa0e382fe252e275d5 +Author: Eric Paris [EMAIL PROTECTED] +Date: Tue Dec 4 23:45:31 2007 -0800 + +VM/Security: add security hook to do_brk + +Given a specifically crafted binary do_brk() can be used to get low pages +available in userspace virtual memory and can thus be used to circumvent +the mmap_min_addr low memory protection. Add security checks in do_brk(). + +Signed-off-by: Eric Paris [EMAIL PROTECTED] +Acked-by: Alan Cox [EMAIL PROTECTED] +Cc: Stephen Smalley [EMAIL PROTECTED] +Cc: James Morris [EMAIL PROTECTED] +Cc: Chris Wright [EMAIL PROTECTED] +Signed-off-by: Andrew Morton [EMAIL PROTECTED] +Signed-off-by: Linus Torvalds [EMAIL PROTECTED] + +Adjusted to apply to Debian's 2.6.18 by dann frazier [EMAIL PROTECTED] + +diff -urpN linux-source-2.6.18.orig/mm/mmap.c linux-source-2.6.18/mm/mmap.c +--- linux-source-2.6.18.orig/mm/mmap.c 2008-01-15 16:46:27.0 -0700 linux-source-2.6.18/mm/mmap.c 2008-01-16 00:28:42.0 -0700 +@@ -1883,6 +1883,10 @@ unsigned long do_brk(unsigned long addr, + if ((addr + len) TASK_SIZE || (addr + len) addr) + return -EINVAL; + ++ error = security_file_mmap(0, 0, 0, 0, addr, 1); ++ if (error) ++ return error; ++ + flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm-def_flags; + + error = arch_mmap_check(addr, len, flags); Modified: dists/etch-security/linux-2.6/debian/patches/series/17etch1 == --- dists/etch-security/linux-2.6/debian/patches/series/17etch1 (original) +++ dists/etch-security/linux-2.6/debian/patches/series/17etch1 Wed Jan 16 07:37:12 2008 @@ -3,3 +3,4 @@ + bugfix/fat-move-ioctl-compat-code.patch + bugfix/fat-fix-compat-ioctls.patch + bugfix/proc-snd-page-alloc-mem-leak.patch ++ bugfix/do_brk-security-hook.patch ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
