[kernel] r10109 - dists/trunk/linux-2.6/debian/config/s390
Author: maks Date: Tue Jan 15 11:34:51 2008 New Revision: 10109 Log: s390: rm ref to old z90crypt driver got rm with 7561b974e0cbbdca1bb880b55200afd9a1a20737, replaced by new zcrypt. Modified: dists/trunk/linux-2.6/debian/config/s390/config Modified: dists/trunk/linux-2.6/debian/config/s390/config == --- dists/trunk/linux-2.6/debian/config/s390/config (original) +++ dists/trunk/linux-2.6/debian/config/s390/config Tue Jan 15 11:34:51 2008 @@ -123,7 +123,6 @@ # CONFIG_ATA_OVER_ETH is not set # CONFIG_DM_MULTIPATH_EMC is not set # CONFIG_WATCHDOG is not set -CONFIG_Z90CRYPT=m CONFIG_IPV6=y # CONFIG_ATM is not set # CONFIG_BRIDGE is not set ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r10108 - in dists/trunk/linux-2.6/debian/config: . amd64 i386
Author: maks Date: Tue Jan 15 11:34:44 2008 New Revision: 10108 Log: x86: RELOCATABLE is x86 arch specific, mv it over fix trying to assign nonexistent symbol RELOCATABLE Modified: dists/trunk/linux-2.6/debian/config/amd64/config dists/trunk/linux-2.6/debian/config/config dists/trunk/linux-2.6/debian/config/i386/config Modified: dists/trunk/linux-2.6/debian/config/amd64/config == --- dists/trunk/linux-2.6/debian/config/amd64/config(original) +++ dists/trunk/linux-2.6/debian/config/amd64/configTue Jan 15 11:34:44 2008 @@ -1311,6 +1311,7 @@ CONFIG_MMU=y CONFIG_MOUSE_PS2_SYNAPTICS=y CONFIG_PHYSICAL_ALIGN=0x20 +# CONFIG_RELOCATABLE is not set CONFIG_VIRT_TO_BUS=y CONFIG_BASE_FULL=y CONFIG_GENERIC_HWEIGHT=y Modified: dists/trunk/linux-2.6/debian/config/config == --- dists/trunk/linux-2.6/debian/config/config (original) +++ dists/trunk/linux-2.6/debian/config/config Tue Jan 15 11:34:44 2008 @@ -2065,7 +2065,6 @@ # CONFIG_USB_GADGET_S3C2410 is not set # CONFIG_USB_GADGET_M66592 is not set CONFIG_VGASTATE=m -# CONFIG_RELOCATABLE is not set # CONFIG_USB_PERSIST is not set CONFIG_TIMERFD=y # CONFIG_USB_GADGET_AMD5536UDC is not set Modified: dists/trunk/linux-2.6/debian/config/i386/config == --- dists/trunk/linux-2.6/debian/config/i386/config (original) +++ dists/trunk/linux-2.6/debian/config/i386/config Tue Jan 15 11:34:44 2008 @@ -1491,6 +1491,7 @@ CONFIG_CRYPTO_DEV_GEODE=m # CONFIG_FB_GEODE_GX_SET_FBSIZE is not set CONFIG_PHYSICAL_ALIGN=0x10 +# CONFIG_RELOCATABLE is not set # CONFIG_ARCH_HAS_ILOG2_U64 is not set CONFIG_KS0108=m CONFIG_KS0108_PORT=0x378 ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r10111 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series
Author: dannf Date: Tue Jan 15 23:46:19 2008 New Revision: 10111 Log: * bugfix/vfs-use-access-mode-flag.patch [SECURITY] Use the access mode flag instead of the open flag when testing access mode for a directory. See CVE-2008-0001 Added: dists/etch-security/linux-2.6/debian/patches/bugfix/vfs-use-access-mode-flag.patch Modified: dists/etch-security/linux-2.6/debian/changelog dists/etch-security/linux-2.6/debian/patches/series/17etch1 Modified: dists/etch-security/linux-2.6/debian/changelog == --- dists/etch-security/linux-2.6/debian/changelog (original) +++ dists/etch-security/linux-2.6/debian/changelog Tue Jan 15 23:46:19 2008 @@ -3,8 +3,12 @@ * bugfix/i4l-isdn_ioctl-mem-overrun.patch [SECURITY] Fix potential isdn ioctl memory overrun See CVE-2007-6151 + * bugfix/vfs-use-access-mode-flag.patch +[SECURITY] Use the access mode flag instead of the open flag when +testing access mode for a directory. +See CVE-2008-0001 - -- dann frazier [EMAIL PROTECTED] Sat, 05 Jan 2008 17:27:50 -0700 + -- dann frazier [EMAIL PROTECTED] Tue, 15 Jan 2008 16:44:15 -0700 linux-2.6 (2.6.18.dfsg.1-17) stable; urgency=high Added: dists/etch-security/linux-2.6/debian/patches/bugfix/vfs-use-access-mode-flag.patch == --- (empty file) +++ dists/etch-security/linux-2.6/debian/patches/bugfix/vfs-use-access-mode-flag.patch Tue Jan 15 23:46:19 2008 @@ -0,0 +1,52 @@ +From: Linus Torvalds [EMAIL PROTECTED] +Date: Sat, 12 Jan 2008 22:06:34 + (-0800) +Subject: Use access mode instead of open flags to determine needed permissions +X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=974a9f0b47da74e28f68b9c8645c3786aa5ace1a + +Use access mode instead of open flags to determine needed permissions + +Way back when (in commit 834f2a4a1554dc5b2598038b3fe8703defcbe467, aka +VFS: Allow the filesystem to return a full file pointer on open intent +to be exact), Trond changed the open logic to keep track of the original +flags to a file open, in order to pass down the the intent of a dentry +lookup to the low-level filesystem. + +However, when doing that reorganization, it changed the meaning of +namei_flags, and thus inadvertently changed the test of access mode for +directories (and RO filesystem) to use the wrong flag. So fix those +test back to use access mode (acc_mode) rather than the open flag +(flag). + +Issue noticed by Bill Roman at Datalight. + +Reported-and-tested-by: Bill Roman [EMAIL PROTECTED] +Acked-by: Trond Myklebust [EMAIL PROTECTED] +Acked-by: Al Viro [EMAIL PROTECTED] +Cc: Christoph Hellwig [EMAIL PROTECTED] +Cc: Andrew Morton [EMAIL PROTECTED] +Signed-off-by: Linus Torvalds [EMAIL PROTECTED] +--- + +Adjusted to apply to Debian's 2.6.18 by dann frazier [EMAIL PROTECTED] + +diff -urpN linux-source-2.6.18.orig/fs/namei.c linux-source-2.6.18/fs/namei.c +--- linux-source-2.6.18.orig/fs/namei.c2006-09-19 21:42:06.0 -0600 linux-source-2.6.18/fs/namei.c 2008-01-15 16:42:10.0 -0700 +@@ -1500,7 +1500,7 @@ int may_open(struct nameidata *nd, int a + if (S_ISLNK(inode-i_mode)) + return -ELOOP; + +- if (S_ISDIR(inode-i_mode) (flag FMODE_WRITE)) ++ if (S_ISDIR(inode-i_mode) (acc_mode MAY_WRITE)) + return -EISDIR; + + error = vfs_permission(nd, acc_mode); +@@ -1519,7 +1519,7 @@ int may_open(struct nameidata *nd, int a + return -EACCES; + + flag = ~O_TRUNC; +- } else if (IS_RDONLY(inode) (flag FMODE_WRITE)) ++ } else if (IS_RDONLY(inode) (acc_mode MAY_WRITE)) + return -EROFS; + /* +* An append-only file must be opened in append mode for writing. Modified: dists/etch-security/linux-2.6/debian/patches/series/17etch1 == --- dists/etch-security/linux-2.6/debian/patches/series/17etch1 (original) +++ dists/etch-security/linux-2.6/debian/patches/series/17etch1 Tue Jan 15 23:46:19 2008 @@ -1 +1,2 @@ + bugfix/i4l-isdn_ioctl-mem-overrun.patch ++ bugfix/vfs-use-access-mode-flag.patch ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r10112 - in dists/trunk/linux-2.6/debian/patches: bugfix/all series
Author: maks Date: Wed Jan 16 00:02:30 2008 New Revision: 10112 Log: update to 2.6.24-rc7-git8 Added: dists/trunk/linux-2.6/debian/patches/bugfix/all/patch-2.6.24-rc7-git8 - copied, changed from r10109, /dists/trunk/linux-2.6/debian/patches/bugfix/all/patch-2.6.24-rc7-git7 Removed: dists/trunk/linux-2.6/debian/patches/bugfix/all/patch-2.6.24-rc7-git7 Modified: dists/trunk/linux-2.6/debian/patches/series/1~experimental.1 Copied: dists/trunk/linux-2.6/debian/patches/bugfix/all/patch-2.6.24-rc7-git8 (from r10109, /dists/trunk/linux-2.6/debian/patches/bugfix/all/patch-2.6.24-rc7-git7) == --- /dists/trunk/linux-2.6/debian/patches/bugfix/all/patch-2.6.24-rc7-git7 (original) +++ dists/trunk/linux-2.6/debian/patches/bugfix/all/patch-2.6.24-rc7-git8 Wed Jan 16 00:02:30 2008 @@ -124,6 +124,77 @@ L:[EMAIL PROTECTED] S:Supported +diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig +index c4de2d4..3a75a0b 100644 +--- a/arch/arm/Kconfig b/arch/arm/Kconfig +@@ -1076,7 +1076,7 @@ endmenu + + source fs/Kconfig + +-source kernel/Kconfig.instrumentation ++source arch/arm/Kconfig.instrumentation + + source arch/arm/Kconfig.debug + +diff --git a/arch/arm/Kconfig.instrumentation b/arch/arm/Kconfig.instrumentation +new file mode 100644 +index 000..63b8c6d +--- /dev/null b/arch/arm/Kconfig.instrumentation +@@ -0,0 +1,52 @@ ++menuconfig INSTRUMENTATION ++ bool Instrumentation Support ++ default y ++ ---help--- ++Say Y here to get to see options related to performance measurement, ++system-wide debugging, and testing. This option alone does not add any ++kernel code. ++ ++If you say N, all options in this submenu will be skipped and ++disabled. If you're trying to debug the kernel itself, go see the ++Kernel Hacking menu. ++ ++if INSTRUMENTATION ++ ++config PROFILING ++ bool Profiling support (EXPERIMENTAL) ++ help ++Say Y here to enable the extended profiling support mechanisms used ++by profilers such as OProfile. ++ ++config OPROFILE ++ tristate OProfile system profiling (EXPERIMENTAL) ++ depends on PROFILING !UML ++ help ++OProfile is a profiling system capable of profiling the ++whole system, include the kernel, kernel modules, libraries, ++and applications. ++ ++If unsure, say N. ++ ++config OPROFILE_ARMV6 ++ bool ++ depends on OPROFILE CPU_V6 !SMP ++ default y ++ select OPROFILE_ARM11_CORE ++ ++config OPROFILE_MPCORE ++ bool ++ depends on OPROFILE CPU_V6 SMP ++ default y ++ select OPROFILE_ARM11_CORE ++ ++config OPROFILE_ARM11_CORE ++ bool ++ ++config MARKERS ++ bool Activate markers ++ help ++Place an empty function call at each marker site. Can be ++dynamically changed for a probe function. ++ ++endif # INSTRUMENTATION diff --git a/arch/arm/mach-at91/board-ek.c b/arch/arm/mach-at91/board-ek.c index d05b1b2..53a5ef9 100644 --- a/arch/arm/mach-at91/board-ek.c @@ -1431,6 +1502,56 @@ return platform_device_register(uart8250_device); } +diff --git a/arch/powerpc/kernel/iommu.c b/arch/powerpc/kernel/iommu.c +index 2d0c9ef..79a85d6 100644 +--- a/arch/powerpc/kernel/iommu.c b/arch/powerpc/kernel/iommu.c +@@ -278,6 +278,7 @@ int iommu_map_sg(struct iommu_table *tbl, struct scatterlist *sglist, + unsigned long flags; + struct scatterlist *s, *outs, *segstart; + int outcount, incount, i; ++ unsigned int align; + unsigned long handle; + + BUG_ON(direction == DMA_NONE); +@@ -309,7 +310,12 @@ int iommu_map_sg(struct iommu_table *tbl, struct scatterlist *sglist, + /* Allocate iommu entries for that segment */ + vaddr = (unsigned long) sg_virt(s); + npages = iommu_num_pages(vaddr, slen); +- entry = iommu_range_alloc(tbl, npages, handle, mask IOMMU_PAGE_SHIFT, 0); ++ align = 0; ++ if (IOMMU_PAGE_SHIFT PAGE_SHIFT slen = PAGE_SIZE ++ (vaddr ~PAGE_MASK) == 0) ++ align = PAGE_SHIFT - IOMMU_PAGE_SHIFT; ++ entry = iommu_range_alloc(tbl, npages, handle, ++mask IOMMU_PAGE_SHIFT, align); + + DBG( - vaddr: %lx, size: %lx\n, vaddr, slen); + +@@ -572,7 +578,7 @@ dma_addr_t iommu_map_single(struct iommu_table *tbl, void *vaddr, + { + dma_addr_t dma_handle = DMA_ERROR_CODE; + unsigned long uaddr; +- unsigned int npages; ++ unsigned int npages, align; + + BUG_ON(direction == DMA_NONE); + +@@ -580,8 +586,13 @@ dma_addr_t iommu_map_single(struct iommu_table *tbl, void *vaddr, + npages = iommu_num_pages(uaddr, size); + + if (tbl) { ++ align = 0; ++ if (IOMMU_PAGE_SHIFT PAGE_SHIFT size =
[kernel] r10113 - dists/etch/linux-2.6.23
Author: dannf Date: Wed Jan 16 01:43:34 2008 New Revision: 10113 Log: forego 2.6.23 for etchnahalf Removed: dists/etch/linux-2.6.23/ ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r10114 - dists/lenny
Author: dannf Date: Wed Jan 16 01:56:00 2008 New Revision: 10114 Log: remove obsolete lenny tree Removed: dists/lenny/ ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r10118 - releases/linux-2.6/2.6.22-5
Author: dannf Date: Wed Jan 16 02:07:18 2008 New Revision: 10118 Log: retroactively tag 2.6.22-5 Added: releases/linux-2.6/2.6.22-5/ - copied from r9638, /dists/sid/linux-2.6/ ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r10120 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series
Author: dannf Date: Wed Jan 16 06:38:09 2008 New Revision: 10120 Log: * bugfix/fat-move-ioctl-compat-code.patch, bugfix/fat-fix-compat-ioctls.patch [SECURITY][ABI Changer] Fix kernel_dirent corruption in the compat layer for fat ioctls See CVE-2007-2878 Added: dists/etch-security/linux-2.6/debian/patches/bugfix/fat-fix-compat-ioctls.patch dists/etch-security/linux-2.6/debian/patches/bugfix/fat-move-ioctl-compat-code.patch Modified: dists/etch-security/linux-2.6/debian/changelog dists/etch-security/linux-2.6/debian/patches/series/17etch1 Modified: dists/etch-security/linux-2.6/debian/changelog == --- dists/etch-security/linux-2.6/debian/changelog (original) +++ dists/etch-security/linux-2.6/debian/changelog Wed Jan 16 06:38:09 2008 @@ -7,6 +7,10 @@ [SECURITY] Use the access mode flag instead of the open flag when testing access mode for a directory. See CVE-2008-0001 + * bugfix/fat-move-ioctl-compat-code.patch, bugfix/fat-fix-compat-ioctls.patch +[SECURITY][ABI Changer] Fix kernel_dirent corruption in the compat layer +for fat ioctls +See CVE-2007-2878 -- dann frazier [EMAIL PROTECTED] Tue, 15 Jan 2008 16:44:15 -0700 Added: dists/etch-security/linux-2.6/debian/patches/bugfix/fat-fix-compat-ioctls.patch == --- (empty file) +++ dists/etch-security/linux-2.6/debian/patches/bugfix/fat-fix-compat-ioctls.patch Wed Jan 16 06:38:09 2008 @@ -0,0 +1,311 @@ +From: OGAWA Hirofumi [EMAIL PROTECTED] +Date: Tue, 8 May 2007 07:31:28 + (-0700) +Subject: fat: fix VFAT compat ioctls on 64-bit systems +X-Git-Tag: v2.6.22-rc1~614 +X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=c483bab099cb89e92b7cad94a52fcdaf37e56657 + +fat: fix VFAT compat ioctls on 64-bit systems + +If you compile and run the below test case in an msdos or vfat directory on +an x86-64 system with -m32 you'll get garbage in the kernel_dirent struct +followed by a SIGSEGV. + +The patch fixes this. + +Reported and initial fix by Bart Oldeman + +#include sys/types.h +#include sys/ioctl.h +#include dirent.h +#include stdio.h +#include unistd.h +#include fcntl.h +struct kernel_dirent { + longd_ino; + long d_off; + unsigned short d_reclen; + chard_name[256]; /* We must not include limits.h! */ +}; +#define VFAT_IOCTL_READDIR_BOTH _IOR('r', 1, struct kernel_dirent [2]) +#define VFAT_IOCTL_READDIR_SHORT _IOR('r', 2, struct kernel_dirent [2]) + +int main(void) +{ + int fd = open(., O_RDONLY); + struct kernel_dirent de[2]; + + while (1) { + int i = ioctl(fd, VFAT_IOCTL_READDIR_BOTH, (long)de); + if (i == -1) break; + if (de[0].d_reclen == 0) break; + printf(SFN: reclen=%2d off=%d ino=%d, %-12s, + de[0].d_reclen, de[0].d_off, de[0].d_ino, de[0].d_name); + if (de[1].d_reclen) + printf(\tLFN: reclen=%2d off=%d ino=%d, %s, + de[1].d_reclen, de[1].d_off, de[1].d_ino, de[1].d_name); + printf(\n); + } + return 0; +} + +Signed-off-by: Bart Oldeman [EMAIL PROTECTED] +Signed-off-by: OGAWA Hirofumi [EMAIL PROTECTED] +Cc: [EMAIL PROTECTED] +Signed-off-by: Andrew Morton [EMAIL PROTECTED] +Signed-off-by: Linus Torvalds [EMAIL PROTECTED] +--- + +Backported to Debian's 2.6.18 by dann frazier [EMAIL PROTECTED] + +diff -urpN linux-source-2.6.18.orig/fs/fat/dir.c linux-source-2.6.18/fs/fat/dir.c +--- linux-source-2.6.18.orig/fs/fat/dir.c 2007-06-22 21:48:00.0 -0600 linux-source-2.6.18/fs/fat/dir.c 2007-06-22 21:48:42.0 -0600 +@@ -422,7 +422,7 @@ EODir: + EXPORT_SYMBOL_GPL(fat_search_long); + + struct fat_ioctl_filldir_callback { +- struct dirent __user *dirent; ++ void __user *dirent; + int result; + /* for dir ioctl */ + const char *longname; +@@ -647,62 +647,85 @@ static int fat_readdir(struct file *filp + return __fat_readdir(inode, filp, dirent, filldir, 0, 0); + } + +-static int fat_ioctl_filldir(void *__buf, const char *name, int name_len, +- loff_t offset, ino_t ino, unsigned int d_type) ++#define FAT_IOCTL_FILLDIR_FUNC(func, dirent_type)\ ++static int func(void *__buf, const char *name, int name_len, \ ++ loff_t offset, ino_t ino, unsigned int d_type) \ ++{\ ++ struct fat_ioctl_filldir_callback *buf = __buf;\ ++ struct dirent_type __user *d1 = buf-dirent; \ ++ struct dirent_type __user *d2 = d1 + 1;\ ++
[kernel] r10121 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series
Author: dannf Date: Wed Jan 16 07:02:02 2008 New Revision: 10121 Log: * bugfix/proc-snd-page-alloc-mem-leak.patch [SECURITY] Fix an issue in the alsa subsystem that allows a local user to read potentially sensitive kernel memory from the proc filesystem See CVE-2007-4571 Added: dists/etch-security/linux-2.6/debian/patches/bugfix/proc-snd-page-alloc-mem-leak.patch Modified: dists/etch-security/linux-2.6/debian/changelog dists/etch-security/linux-2.6/debian/patches/series/17etch1 Modified: dists/etch-security/linux-2.6/debian/changelog == --- dists/etch-security/linux-2.6/debian/changelog (original) +++ dists/etch-security/linux-2.6/debian/changelog Wed Jan 16 07:02:02 2008 @@ -11,6 +11,10 @@ [SECURITY][ABI Changer] Fix kernel_dirent corruption in the compat layer for fat ioctls See CVE-2007-2878 + * bugfix/proc-snd-page-alloc-mem-leak.patch +[SECURITY] Fix an issue in the alsa subsystem that allows a local user +to read potentially sensitive kernel memory from the proc filesystem +See CVE-2007-4571 -- dann frazier [EMAIL PROTECTED] Tue, 15 Jan 2008 16:44:15 -0700 Added: dists/etch-security/linux-2.6/debian/patches/bugfix/proc-snd-page-alloc-mem-leak.patch == --- (empty file) +++ dists/etch-security/linux-2.6/debian/patches/bugfix/proc-snd-page-alloc-mem-leak.patch Wed Jan 16 07:02:02 2008 @@ -0,0 +1,169 @@ +From: Takashi Iwai [EMAIL PROTECTED] +Date: Mon, 17 Sep 2007 19:55:10 + (+0200) +Subject: Convert snd-page-alloc proc file to use seq_file +X-Git-Tag: v2.6.23-rc8~3 +X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=ccec6e2c4a74adf76ed4e2478091a311b1806212;hp=7bae705ef2c2daac1993de03e5be93b5c300fc5e + +Convert snd-page-alloc proc file to use seq_file + +Use seq_file for the proc file read/write of snd-page-alloc module. +This automatically fixes bugs in the old proc code. + +Signed-off-by: Takashi Iwai [EMAIL PROTECTED] +Signed-off-by: Linus Torvalds [EMAIL PROTECTED] +--- + +Backported to Debian's 2.6.18 by dann frazier [EMAIL PROTECTED] + +diff -urpN linux-source-2.6.18.orig/sound/core/memalloc.c linux-source-2.6.18/sound/core/memalloc.c +--- linux-source-2.6.18.orig/sound/core/memalloc.c 2006-09-19 21:42:06.0 -0600 linux-source-2.6.18/sound/core/memalloc.c 2007-09-25 17:53:01.0 -0600 +@@ -27,6 +27,7 @@ + #include linux/pci.h + #include linux/slab.h + #include linux/mm.h ++#include linux/seq_file.h + #include asm/uaccess.h + #include linux/dma-mapping.h + #include linux/moduleparam.h +@@ -483,10 +484,8 @@ static void free_all_reserved_pages(void + #define SND_MEM_PROC_FILE driver/snd-page-alloc + static struct proc_dir_entry *snd_mem_proc; + +-static int snd_mem_proc_read(char *page, char **start, off_t off, +- int count, int *eof, void *data) ++static int snd_mem_proc_read(struct seq_file *seq, void *offset) + { +- int len = 0; + long pages = snd_allocated_pages (PAGE_SHIFT-12); + struct list_head *p; + struct snd_mem_list *mem; +@@ -494,44 +493,47 @@ static int snd_mem_proc_read(char *page, + static char *types[] = { UNKNOWN, CONT, DEV, DEV-SG, SBUS }; + + mutex_lock(list_mutex); +- len += snprintf(page + len, count - len, +- pages : %li bytes (%li pages per %likB)\n, +- pages * PAGE_SIZE, pages, PAGE_SIZE / 1024); ++ seq_printf(seq, pages : %li bytes (%li pages per %likB)\n, ++ pages * PAGE_SIZE, pages, PAGE_SIZE / 1024); + devno = 0; + list_for_each(p, mem_list_head) { + mem = list_entry(p, struct snd_mem_list, list); + devno++; +- len += snprintf(page + len, count - len, +- buffer %d : ID %08x : type %s\n, +- devno, mem-id, types[mem-buffer.dev.type]); +- len += snprintf(page + len, count - len, +-addr = 0x%lx, size = %d bytes\n, +- (unsigned long)mem-buffer.addr, (int)mem-buffer.bytes); ++ seq_printf(seq, buffer %d : ID %08x : type %s\n, ++ devno, mem-id, types[mem-buffer.dev.type]); ++ seq_printf(seq, addr = 0x%lx, size = %d bytes\n, ++ (unsigned long)mem-buffer.addr, ++ (int)mem-buffer.bytes); + } + mutex_unlock(list_mutex); +- return len; ++ return 0; ++} ++ ++static int snd_mem_proc_open(struct inode *inode, struct file *file) ++{ ++ return single_open(file, snd_mem_proc_read, NULL); + } + + /* FIXME: for pci only - other bus? */ + #ifdef CONFIG_PCI + #define gettoken(bufp) strsep(bufp, \t\n) + +-static int snd_mem_proc_write(struct file
[kernel] r10122 - dists/etch-security/linux-2.6/debian
Author: dannf Date: Wed Jan 16 07:03:51 2008 New Revision: 10122 Log: mark abi changer Modified: dists/etch-security/linux-2.6/debian/changelog Modified: dists/etch-security/linux-2.6/debian/changelog == --- dists/etch-security/linux-2.6/debian/changelog (original) +++ dists/etch-security/linux-2.6/debian/changelog Wed Jan 16 07:03:51 2008 @@ -12,8 +12,9 @@ for fat ioctls See CVE-2007-2878 * bugfix/proc-snd-page-alloc-mem-leak.patch -[SECURITY] Fix an issue in the alsa subsystem that allows a local user -to read potentially sensitive kernel memory from the proc filesystem +[SECURITY][ABI Changer] Fix an issue in the alsa subsystem that allows a +local user to read potentially sensitive kernel memory from the proc +filesystem See CVE-2007-4571 -- dann frazier [EMAIL PROTECTED] Tue, 15 Jan 2008 16:44:15 -0700 ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r10123 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series
Author: dannf Date: Wed Jan 16 07:37:12 2008 New Revision: 10123 Log: * bugfix/do_brk-security-hook.patch Add security checks to do_brk() to prevent unprivileged users from accessing low memory pages See CVE-2007-6434 Added: dists/etch-security/linux-2.6/debian/patches/bugfix/do_brk-security-hook.patch Modified: dists/etch-security/linux-2.6/debian/changelog dists/etch-security/linux-2.6/debian/patches/series/17etch1 Modified: dists/etch-security/linux-2.6/debian/changelog == --- dists/etch-security/linux-2.6/debian/changelog (original) +++ dists/etch-security/linux-2.6/debian/changelog Wed Jan 16 07:37:12 2008 @@ -16,8 +16,12 @@ local user to read potentially sensitive kernel memory from the proc filesystem See CVE-2007-4571 + * bugfix/do_brk-security-hook.patch +Add security checks to do_brk() to prevent unprivileged users from +accessing low memory pages +See CVE-2007-6434 - -- dann frazier [EMAIL PROTECTED] Tue, 15 Jan 2008 16:44:15 -0700 + -- dann frazier [EMAIL PROTECTED] Wed, 16 Jan 2008 00:31:52 -0700 linux-2.6 (2.6.18.dfsg.1-17) stable; urgency=high Added: dists/etch-security/linux-2.6/debian/patches/bugfix/do_brk-security-hook.patch == --- (empty file) +++ dists/etch-security/linux-2.6/debian/patches/bugfix/do_brk-security-hook.patch Wed Jan 16 07:37:12 2008 @@ -0,0 +1,34 @@ +commit ecaf18c15aac8bb9bed7b7aa0e382fe252e275d5 +Author: Eric Paris [EMAIL PROTECTED] +Date: Tue Dec 4 23:45:31 2007 -0800 + +VM/Security: add security hook to do_brk + +Given a specifically crafted binary do_brk() can be used to get low pages +available in userspace virtual memory and can thus be used to circumvent +the mmap_min_addr low memory protection. Add security checks in do_brk(). + +Signed-off-by: Eric Paris [EMAIL PROTECTED] +Acked-by: Alan Cox [EMAIL PROTECTED] +Cc: Stephen Smalley [EMAIL PROTECTED] +Cc: James Morris [EMAIL PROTECTED] +Cc: Chris Wright [EMAIL PROTECTED] +Signed-off-by: Andrew Morton [EMAIL PROTECTED] +Signed-off-by: Linus Torvalds [EMAIL PROTECTED] + +Adjusted to apply to Debian's 2.6.18 by dann frazier [EMAIL PROTECTED] + +diff -urpN linux-source-2.6.18.orig/mm/mmap.c linux-source-2.6.18/mm/mmap.c +--- linux-source-2.6.18.orig/mm/mmap.c 2008-01-15 16:46:27.0 -0700 linux-source-2.6.18/mm/mmap.c 2008-01-16 00:28:42.0 -0700 +@@ -1883,6 +1883,10 @@ unsigned long do_brk(unsigned long addr, + if ((addr + len) TASK_SIZE || (addr + len) addr) + return -EINVAL; + ++ error = security_file_mmap(0, 0, 0, 0, addr, 1); ++ if (error) ++ return error; ++ + flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm-def_flags; + + error = arch_mmap_check(addr, len, flags); Modified: dists/etch-security/linux-2.6/debian/patches/series/17etch1 == --- dists/etch-security/linux-2.6/debian/patches/series/17etch1 (original) +++ dists/etch-security/linux-2.6/debian/patches/series/17etch1 Wed Jan 16 07:37:12 2008 @@ -3,3 +3,4 @@ + bugfix/fat-move-ioctl-compat-code.patch + bugfix/fat-fix-compat-ioctls.patch + bugfix/proc-snd-page-alloc-mem-leak.patch ++ bugfix/do_brk-security-hook.patch ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes