[kernel] r5261 - dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches
Author: horms Date: Thu Jan 5 08:01:42 2006 New Revision: 5261 Modified: dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/net-sdla-coverty.dpatch Log: net-sdla-coverty.dpatch was inadvertantly empty Modified: dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/net-sdla-coverty.dpatch == --- dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/net-sdla-coverty.dpatch (original) +++ dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/net-sdla-coverty.dpatch Thu Jan 5 08:01:42 2006 @@ -0,0 +1,23 @@ +--- a/drivers/net/wan/sdla.c 2006-01-05 07:56:21.0 + b/drivers/net/wan/sdla.c 2006-01-05 07:57:14.0 + +@@ -1306,6 +1306,8 @@ + + case SDLA_WRITEMEM: + case SDLA_READMEM: ++ if(!capable(CAP_SYS_RAWIO)) ++ return -EPERM; + return(sdla_xfer(dev, ifr-ifr_data, cmd == SDLA_READMEM)); + + case SDLA_START: +# This is a BitKeeper generated diff -Nru style patch. +# +# ChangeSet +# 2005/01/10 16:57:46-02:00 [EMAIL PROTECTED] +# Alan Cox: sdla_xfer lack of bounds checking, reported by Coverity (from 2.6.10-ac) +# +# drivers/net/wan/sdla.c +# 2005/01/10 16:56:45-02:00 [EMAIL PROTECTED] +2 -0 +# Alan Cox: sdla_xfer lack of bounds checking, reported by Coverity (from 2.6.10-ac) +# ,. +# +# Backported to Debian's 2.6.8 by Horms ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5262 - dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches
Author: horms Date: Thu Jan 5 08:04:23 2006 New Revision: 5262 Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/net-sdla-coverty.dpatch Log: net-sdla-coverty.dpatch was inadvertantly empty Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/net-sdla-coverty.dpatch == --- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/net-sdla-coverty.dpatch (original) +++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/net-sdla-coverty.dpatch Thu Jan 5 08:04:23 2006 @@ -0,0 +1,23 @@ +--- a/drivers/net/wan/sdla.c 2006-01-05 07:56:21.0 + b/drivers/net/wan/sdla.c 2006-01-05 07:57:14.0 + +@@ -1306,6 +1306,8 @@ + + case SDLA_WRITEMEM: + case SDLA_READMEM: ++ if(!capable(CAP_SYS_RAWIO)) ++ return -EPERM; + return(sdla_xfer(dev, ifr-ifr_data, cmd == SDLA_READMEM)); + + case SDLA_START: +# This is a BitKeeper generated diff -Nru style patch. +# +# ChangeSet +# 2005/01/10 16:57:46-02:00 [EMAIL PROTECTED] +# Alan Cox: sdla_xfer lack of bounds checking, reported by Coverity (from 2.6.10-ac) +# +# drivers/net/wan/sdla.c +# 2005/01/10 16:56:45-02:00 [EMAIL PROTECTED] +2 -0 +# Alan Cox: sdla_xfer lack of bounds checking, reported by Coverity (from 2.6.10-ac) +# ,. +# +# Backported to Debian's 2.6.8 by Horms ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5263 - in dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches/series
Author: horms Date: Thu Jan 5 08:13:24 2006 New Revision: 5263 Modified: dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-13 Log: * [SECURITY] Information leak in sdla From 2.6.6 See CVE-2004-2607 200_net_sdla_xfer_leak.diff Modified: dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog == --- dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog (original) +++ dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog Thu Jan 5 08:13:24 2006 @@ -23,7 +23,12 @@ See CVE-2005-3806 net-ipv6-flowlabel-refcnt.dpatch - -- Simon Horman [EMAIL PROTECTED] Thu, 5 Jan 2006 12:34:18 +0900 + * [SECURITY] Information leak in sdla +From 2.6.6 +See CVE-2004-2607 +200_net_sdla_xfer_leak.diff + + -- Simon Horman [EMAIL PROTECTED] Thu, 5 Jan 2006 17:09:08 +0900 kernel-source-2.4.27 (2.4.27-12) unstable; urgency=low Modified: dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-13 == --- dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-13 (original) +++ dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-13 Thu Jan 5 08:13:24 2006 @@ -1,3 +1,4 @@ + 196_sysctl-unregistration-oops.diff + 198_fs-lock-lease-log-spam.diff + 199_net-ipv6-flowlabel-refcnt.diff ++ 200_net_sdla_xfer_leak.diff ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5264 - dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches
Author: horms Date: Thu Jan 5 08:13:55 2006 New Revision: 5264 Added: dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/200_net_sdla_xfer_leak.diff Log: * [SECURITY] Information leak in sdla From 2.6.6 See CVE-2004-2607 200_net_sdla_xfer_leak.diff Added: dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/200_net_sdla_xfer_leak.diff == --- (empty file) +++ dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/200_net_sdla_xfer_leak.diff Thu Jan 5 08:13:55 2006 @@ -0,0 +1,52 @@ +From: Chris Wright [EMAIL PROTECTED] +Date: Mon, 19 Apr 2004 08:26:30 + (-0400) +Subject: [PATCH] wan sdla: fix probable security hole +X-Git-Tag: v2.6.6-rc2 +X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=98cd917c1ac348d5cd94beabecc3011dcaa0a0f2 + +[PATCH] wan sdla: fix probable security hole + + [BUG] minor + /home/kash/linux/linux-2.6.5/drivers/net/wan/sdla.c:1206:sdla_xfer: + ERROR:TAINT: 1201:1206:Passing unbounded user value (mem).len as arg 0 + to function kmalloc, which uses it unsafely in model + [SOURCE_MODEL=(lib,copy_from_user,user,taintscalar)] + [SINK_MODEL=(lib,kmalloc,user,trustingsink)] [MINOR] [PATH=] [Also + used at, line 1219 in argument 0 to function kmalloc] + static int sdla_xfer(struct net_device *dev, struct sdla_mem *info, int + read) + { + struct sdla_mem mem; + char*temp; + + Start --- + if(copy_from_user(mem, info, sizeof(mem))) + return -EFAULT; + + if (read) + { + Error --- + temp = kmalloc(mem.len, GFP_KERNEL); + if (!temp) + return(-ENOMEM); + sdla_read(dev, mem.addr, temp, mem.len); + +Hrm, I believe you could use this to read 128k of kernel memory. +sdla_read() takes len as a short, whereas mem.len is an int. So, +if mem.len == 0x2, the allocation could still succeed. When cast +to short, len will be 0x0, causing the read loop to copy nothing into +the buffer. At least it's protected by a capable() check. I don't +know what proper upper bound is for this hardware, or how much it's +used/cared about. Simple memset() is trivial fix. +--- + +--- a/drivers/net/wan/sdla.c b/drivers/net/wan/sdla.c +@@ -1206,6 +1206,7 @@ static int sdla_xfer(struct net_device * + temp = kmalloc(mem.len, GFP_KERNEL); + if (!temp) + return(-ENOMEM); ++ memset(temp, 0, mem.len); + sdla_read(dev, mem.addr, temp, mem.len); + if(copy_to_user(mem.data, temp, mem.len)) + { ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5266 - dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian
Author: horms Date: Thu Jan 5 08:15:01 2006 New Revision: 5266 Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Log: Fix SECURITY annotation of CVE-2005-3784 Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog == --- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog (original) +++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Thu Jan 5 08:15:01 2006 @@ -115,7 +115,7 @@ See CVE-2005-3806 * kernel-dont-reap-traced.dpatch -[PATCH] Don't auto-reap traced children; Local DoS +[SECURITY] Don't auto-reap traced children; Local DoS See CVE-2005-3784 * net-sdla-coverty.dpatch ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5267 - in dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series
Author: horms Date: Thu Jan 5 08:21:49 2006 New Revision: 5267 Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/199_net-ipv6-flowlabel-refcnt.diff - copied unchanged from r5250, dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/199_net-ipv6-flowlabel-refcnt.diff dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/200_net_sdla_xfer_leak.diff - copied unchanged from r5264, dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/200_net_sdla_xfer_leak.diff Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2 Log: * [SECURITY] Fix refcnt of struct ip6_flowlabel; Local DoS From 2.6.14 See CVE-2005-3806 net-ipv6-flowlabel-refcnt.dpatch * [SECURITY] Information leak in sdla From 2.6.6 See CVE-2004-2607 200_net_sdla_xfer_leak.diff Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog == --- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog (original) +++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog Thu Jan 5 08:21:49 2006 @@ -7,7 +7,7 @@ 178_fs_ext2_ext3_xattr-sharing.diff, included in 2.4.27-10sarge1 - [SECURITY] Fixes remote DoS when using ipt_recent on a 64 bit machine. See CAN-2005-2872 (See: #322237) - 179_net-ipv4-netfilter-ip_recent-last_pkts.diff, included in + 179_net-ipv4-netfilter-ip_recent-last_pkts.diff, included in 2.4.27-10sarge1 - [SECURITY] x86_64: 32 bit ltrace oops when tracing 64 bit executable http://lkml.org/lkml/2005/1/5/245 @@ -51,6 +51,16 @@ * [SECURITY] VFS: local denial-of-service with file leases. See CVE-2005-3857 198_fs-lock-lease-log-spam.diff + * [SECURITY] Fix refcnt of struct ip6_flowlabel; Local DoS +From 2.6.14 +See CVE-2005-3806 +net-ipv6-flowlabel-refcnt.dpatch + + * [SECURITY] Information leak in sdla +From 2.6.6 +See CVE-2004-2607 +200_net_sdla_xfer_leak.diff + [ dann frazier ] * [SECURITY] Fix infinite loop in udp_v6_get_port(). See CVE-2005-2973 195_net-ipv6-udp_v6_get_port-loop.diff Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2 == --- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2 (original) +++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2 Thu Jan 5 08:21:49 2006 @@ -12,3 +12,5 @@ + 198_fs-lock-lease-log-spam.diff + 150_private_fragment_queues-1.diff + 150_private_fragment_queues-2.diff ++ 199_net-ipv6-flowlabel-refcnt.diff ++ 200_net_sdla_xfer_leak.diff ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5269 - patch-tracking
Author: dannf Date: Thu Jan 5 08:50:03 2006 New Revision: 5269 Modified: patch-tracking/CVE-2005-0489 Log: not relevant for 2.4.27 or 2.6 Modified: patch-tracking/CVE-2005-0489 == --- patch-tracking/CVE-2005-0489(original) +++ patch-tracking/CVE-2005-0489Thu Jan 5 08:50:03 2006 @@ -5,12 +5,15 @@ potential memory access to free memory in /proc handling Notes: still marked **RESERVED** + But it looks like Joey used this patch for his kernel-source-2.4.18 update: + http://linux.bkbits.net:8080/linux-2.4/[EMAIL PROTECTED]|src/|src/fs|src/fs/proc|related/fs/proc/base.c + Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: -2.4.27-sarge-security: -2.6.8: +upstream: released (2.4.27-pre1) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.6.8: N/A 2.4.19-woody-security: pending (2.4.19-4.woody3) 2.4.18-woody-security: released (2.4.18-14.4) 2.4.17-woody-security: pending (2.4.17-1woody4) ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5274 - patch-tracking
Author: jmm-guest Date: Thu Jan 5 11:30:55 2006 New Revision: 5274 Modified: patch-tracking/CVE-2004-2013 Log: CVE-2004-2013 resolved wrt Sarge Modified: patch-tracking/CVE-2004-2013 == --- patch-tracking/CVE-2004-2013(original) +++ patch-tracking/CVE-2004-2013Thu Jan 5 11:30:55 2006 @@ -11,12 +11,15 @@ code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of memory. Notes: + jmm http://archives.neohapsis.com/archives/bugtraq/2004-05/0091.html + jmm The vulnerable socket option was removed entirely in 2.4.26 and 2.6.*, + jmm Woody could be affected, though Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: -2.4.27-sarge-security: -2.6.8: +upstream: released (2.4.26) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.6.8: N/A 2.4.19-woody-security: 2.4.18-woody-security: 2.4.17-woody-security: ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5282 - people/waldi/linux-2.6/debian
Author: waldi Date: Thu Jan 5 15:36:33 2006 New Revision: 5282 Modified: people/waldi/linux-2.6/debian/rules.real Log: debian/rules.real - Remove outdated comment about include_common_config. - Remove support for headers_dirs. Modified: people/waldi/linux-2.6/debian/rules.real == --- people/waldi/linux-2.6/debian/rules.real(original) +++ people/waldi/linux-2.6/debian/rules.realThu Jan 5 15:36:33 2006 @@ -61,9 +61,6 @@ setup_makeflags += CC=(CROSS_COMPILE)$(COMPILER) endif setup_env += MAKEFLAGS='$(setup_makeflags)' -ifndef headers_dirs - headers_dirs = $(DEB_HOST_ARCH) -endif # # Targets @@ -84,9 +81,6 @@ # the arch-independent config file (arch/config), # arch-specific config file (arch/$(karch)/config), # and subarch specific one (arch/$(karch)/$(subarch)/config). -# It is possible to avoid the inclusion of the arch-indep -# config file by setting include_common_config = no in the -# arch/$(karch)/Makefile.inc. # config_common = debian/arch/config debian/arch/$(ARCH)/config ifneq ($(SUBARCH),none) ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5283 - in people/waldi/linux-2.6/debian/arch: amd64 arm hppa powerpc sparc
Author: waldi Date: Thu Jan 5 15:38:05 2006 New Revision: 5283 Modified: people/waldi/linux-2.6/debian/arch/amd64/Makefile.inc people/waldi/linux-2.6/debian/arch/arm/Makefile.inc people/waldi/linux-2.6/debian/arch/hppa/Makefile.inc people/waldi/linux-2.6/debian/arch/powerpc/Makefile.inc people/waldi/linux-2.6/debian/arch/sparc/Makefile.inc Log: debian/arch/amd64/Makefile.inc, debian/arch/arm/Makefile.inc, debian/arch/hppa/Makefile.inc, debian/arch/powerpc/Makefile.inc, debian/arch/sparc/Makefile.inc: Remove not longer supported variables. Modified: people/waldi/linux-2.6/debian/arch/amd64/Makefile.inc == --- people/waldi/linux-2.6/debian/arch/amd64/Makefile.inc (original) +++ people/waldi/linux-2.6/debian/arch/amd64/Makefile.inc Thu Jan 5 15:38:05 2006 @@ -1,5 +1,3 @@ # # Variables # -headers_dirs = x86_64 - Modified: people/waldi/linux-2.6/debian/arch/arm/Makefile.inc == --- people/waldi/linux-2.6/debian/arch/arm/Makefile.inc (original) +++ people/waldi/linux-2.6/debian/arch/arm/Makefile.inc Thu Jan 5 15:38:05 2006 @@ -1,5 +1,3 @@ # # Variables # -include_common_config := no -default_config := footbridge Modified: people/waldi/linux-2.6/debian/arch/hppa/Makefile.inc == --- people/waldi/linux-2.6/debian/arch/hppa/Makefile.inc(original) +++ people/waldi/linux-2.6/debian/arch/hppa/Makefile.incThu Jan 5 15:38:05 2006 @@ -1,4 +1,3 @@ # # Variables # -headers_dirs = parisc Modified: people/waldi/linux-2.6/debian/arch/powerpc/Makefile.inc == --- people/waldi/linux-2.6/debian/arch/powerpc/Makefile.inc (original) +++ people/waldi/linux-2.6/debian/arch/powerpc/Makefile.inc Thu Jan 5 15:38:05 2006 @@ -1,4 +1,3 @@ # # Variables # -headers_dirs = ppc | ppc64 | m68k Modified: people/waldi/linux-2.6/debian/arch/sparc/Makefile.inc == --- people/waldi/linux-2.6/debian/arch/sparc/Makefile.inc (original) +++ people/waldi/linux-2.6/debian/arch/sparc/Makefile.inc Thu Jan 5 15:38:05 2006 @@ -1,7 +1,4 @@ # # Variables # -headers_dirs := sparc64 image_postproc = strip -R .comment -R .note -K sun4u_init -K _end -K _start arch/$(subst 32,,$(subst -smp,,$*))/boot/image -# image_prefix_flavours := sparc32 sparc32-smp -# image_prefix := sparc32 ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5289 - people/waldi/linux-nonfree-2.6/debian/bin
Author: waldi Date: Thu Jan 5 18:10:06 2006 New Revision: 5289 Removed: people/waldi/linux-nonfree-2.6/debian/bin/ Log: debian/bin: Remove. ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5290 - people/waldi/linux-nonfree-2.6/debian/templates
Author: waldi Date: Thu Jan 5 18:11:45 2006 New Revision: 5290 Modified: people/waldi/linux-nonfree-2.6/debian/templates/control.modules.in people/waldi/linux-nonfree-2.6/debian/templates/control.source.in Log: * debian/templates/control.modules.in: Fix subarch in package name. * debian/templates/control.source.in: Remove compiler settings from build deps. Modified: people/waldi/linux-nonfree-2.6/debian/templates/control.modules.in == --- people/waldi/linux-nonfree-2.6/debian/templates/control.modules.in (original) +++ people/waldi/linux-nonfree-2.6/debian/templates/control.modules.in Thu Jan 5 18:11:45 2006 @@ -1,4 +1,4 @@ -Package: [EMAIL PROTECTED]@@[EMAIL PROTECTED]@[EMAIL PROTECTED]@flavour@ +Package: [EMAIL PROTECTED]@[EMAIL PROTECTED]@@[EMAIL PROTECTED]@flavour@ Section: non-free/base Priority: optional Description: Non-free modules for the Linux kernel version @version@ Modified: people/waldi/linux-nonfree-2.6/debian/templates/control.source.in == --- people/waldi/linux-nonfree-2.6/debian/templates/control.source.in (original) +++ people/waldi/linux-nonfree-2.6/debian/templates/control.source.in Thu Jan 5 18:11:45 2006 @@ -4,4 +4,4 @@ Maintainer: Debian Kernel Team debian-kernel@lists.debian.org Uploaders: Andres Salomon [EMAIL PROTECTED], Bastian Blank [EMAIL PROTECTED] Standards-Version: 3.6.1.0 -Build-Depends: gcc (= 4:4.0) [!arm !sparc !alpha !m68k], gcc-3.3 [arm sparc alpha m68k], binutils-hppa64 [hppa], gcc-4.0-hppa64 [hppa], debhelper (= 4.1.0), module-init-tools +Build-Depends: debhelper (= 4.1.0), module-init-tools ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5291 - people/waldi/linux-nonfree-2.6/debian
Author: waldi Date: Thu Jan 5 18:12:08 2006 New Revision: 5291 Modified: people/waldi/linux-nonfree-2.6/debian/rules.real Log: linux-nonfree-2.6/debian/rules.real: Support subarch. Modified: people/waldi/linux-nonfree-2.6/debian/rules.real == --- people/waldi/linux-nonfree-2.6/debian/rules.real(original) +++ people/waldi/linux-nonfree-2.6/debian/rules.realThu Jan 5 18:12:08 2006 @@ -3,11 +3,13 @@ DEB_HOST_GNU_TYPE := $(shell dpkg-architecture -a$(ARCH) -qDEB_HOST_GNU_TYPE) DEB_BUILD_ARCH:= $(shell dpkg-architecture -a$(ARCH) -qDEB_BUILD_ARCH) -ifneq ($(SUBARCH),none) - KPGK_SUBARCH := $(SUBARCH)- +ifeq ($(SUBARCH),none) + LOCALVERSION := -$(FLAVOUR) +else + LOCALVERSION := -$(SUBARCH)-$(FLAVOUR) endif -HEADERS_DIR = /usr/src/linux-headers-$(KPGK_SUBARCH)$(UPSTREAM_VERSION)$(KPKG_ABINAME)-$(FLAVOUR) +HEADERS_DIR = /usr/src/linux-headers-$(UPSTREAM_VERSION)$(KPKG_ABINAME)$(LOCALVERSION) include debian/rules.defs @@ -75,7 +77,7 @@ dh_testdir dh_testroot dh_installdirs $(DH_OPTIONS) - cd $(DIR); env -u MAKEFLAGS ARCH=$(KERNEL_ARCH) make install DIR=/usr/src/linux-headers-$(KPGK_SUBARCH)$(UPSTREAM_VERSION)$(KPKG_ABINAME)-$(FLAVOUR) MODLIB=$(DEST_DIR) INSTALL_MOD_DIR=nonfree + cd $(DIR); env -u MAKEFLAGS ARCH=$(KERNEL_ARCH) make install DIR=$(HEADERS_DIR) MODLIB=$(DEST_DIR) INSTALL_MOD_DIR=nonfree dh_installdocs $(DH_OPTIONS) dh_installchangelogs $(DH_OPTIONS) $(MAKE) -f debian/rules.real install-base DH_OPTIONS=$(DH_OPTIONS) ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5292 - people/waldi/linux-nonfree-2.6/debian
Author: waldi Date: Thu Jan 5 18:12:29 2006 New Revision: 5292 Modified: people/waldi/linux-nonfree-2.6/debian/changelog Log: debian/changelog: Update. Modified: people/waldi/linux-nonfree-2.6/debian/changelog == --- people/waldi/linux-nonfree-2.6/debian/changelog (original) +++ people/waldi/linux-nonfree-2.6/debian/changelog Thu Jan 5 18:12:29 2006 @@ -1,6 +1,6 @@ -linux-nonfree-2.6 (2.6.13+2.6.14-rc5-1) UNRELEASED; urgency=low +linux-nonfree-2.6 (2.6.15-1) UNRELEASED; urgency=low * - -- Bastian Blank [EMAIL PROTECTED] Tue, 23 Aug 2005 22:29:33 +0200 + -- Bastian Blank [EMAIL PROTECTED] Thu, 05 Jan 2006 18:35:11 + ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
r5291 - svn:log
Author: waldi Revision: 5291 Property Name: svn:log New Property Value: debian/rules.real: Support subarch. ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5293 - people/waldi/linux-nonfree-2.6/debian/arch
Author: waldi Date: Thu Jan 5 18:14:19 2006 New Revision: 5293 Modified: people/waldi/linux-nonfree-2.6/debian/arch/kconfig Log: debian/arch/kconfig: Remove old options. Modified: people/waldi/linux-nonfree-2.6/debian/arch/kconfig == --- people/waldi/linux-nonfree-2.6/debian/arch/kconfig (original) +++ people/waldi/linux-nonfree-2.6/debian/arch/kconfig Thu Jan 5 18:14:19 2006 @@ -15,11 +15,5 @@ CONFIG_USB_SERIAL_KEYSPAN_USA19QI=y CONFIG_USB_SERIAL_KEYSPAN_USA49W=y CONFIG_USB_SERIAL_KEYSPAN_USA49WLC=y -CONFIG_SCSI_QLA21XX=m -CONFIG_SCSI_QLA22XX=m -CONFIG_SCSI_QLA2300=m -CONFIG_SCSI_QLA2322=m -CONFIG_SCSI_QLA6312=m -CONFIG_SCSI_QLA24XX=m CONFIG_USB_EMI62=m CONFIG_USB_DABUSB=m ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5300 - patch-tracking
Author: dannf Date: Fri Jan 6 04:29:30 2006 New Revision: 5300 Modified: patch-tracking/CVE-2003-0187 Log: doesn't affect 2.6 Modified: patch-tracking/CVE-2003-0187 == --- patch-tracking/CVE-2003-0187(original) +++ patch-tracking/CVE-2003-0187Fri Jan 6 04:29:30 2006 @@ -10,12 +10,14 @@ Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts. Notes: + This was fixed before 2.6.0: + http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED]|src/|src/include|src/include/linux|src/include/linux/netfilter_ipv4|related/include/linux/netfilter_ipv4/ip_conntrack.h Bugs: upstream: released (2.4.21) -linux-2.6: -2.6.8-sarge-security: +linux-2.6: N/A +2.6.8-sarge-security: N/A 2.4.27-sarge-security: N/A -2.6.8: +2.6.8: N/A 2.4.19-woody-security: N/A 2.4.18-woody-security: N/A 2.4.17-woody-security: N/A ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5301 - patch-tracking
Author: dannf Date: Fri Jan 6 05:32:38 2006 New Revision: 5301 Modified: patch-tracking/CVE-2003-0464 Log: include link to patch; note that this is N/A for 2.6 Modified: patch-tracking/CVE-2003-0464 == --- patch-tracking/CVE-2003-0464(original) +++ patch-tracking/CVE-2003-0464Fri Jan 6 05:32:38 2006 @@ -7,12 +7,19 @@ which could allow local users to bind to UDP ports that are used by privileged services such as nfsd. Notes: + I couldn't locate the patches RedHat SuSE used, but Connectiva apparently + just #if 0'd out the sock-sk-reuse = 1; line in svcsock.c:svc_create_socket. + Upstream didn't disable it altogether; just for UDP + http://linux.bkbits.net:8080/linux-2.4/[EMAIL PROTECTED]|src/|src/net|src/net/sunrpc|related/net/sunrpc/svcsock.c + I'm guessing this is a UDP-only problem, so that is probably the fix we want. + . + This fix was in before 2.6.0. Bugs: upstream: released (2.4.22-pre8) -linux-2.6: -2.6.8-sarge-security: +linux-2.6: N/A +2.6.8-sarge-security: N/A 2.4.27-sarge-security: N/A -2.6.8: +2.6.8: N/A 2.4.19-woody-security: 2.4.18-woody-security: 2.4.17-woody-security: ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5302 - patch-tracking
Author: dannf Date: Fri Jan 6 05:48:58 2006 New Revision: 5302 Modified: patch-tracking/CVE-2003-0467 Log: add patch links; mark N/A for 2.6 Modified: patch-tracking/CVE-2003-0467 == --- patch-tracking/CVE-2003-0467(original) +++ patch-tracking/CVE-2003-0467Fri Jan 6 05:48:58 2006 @@ -8,12 +8,16 @@ attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error. Notes: + http://linux.bkbits.net:8080/linux-2.4/[EMAIL PROTECTED]|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_helper.c + . + Looks like this was fixed before 2.6.0: + http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED]|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_helper.c Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: -2.4.27-sarge-security: -2.6.8: +upstream: released (2.4.21-rc1) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.6.8: N/A 2.4.19-woody-security: 2.4.18-woody-security: 2.4.17-woody-security: ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5303 - patch-tracking
Author: horms Date: Fri Jan 6 05:54:23 2006 New Revision: 5303 Added: patch-tracking/CVE-2006-0096 - copied, changed from r5273, patch-tracking/sdla_capability_check Removed: patch-tracking/sdla_capability_check Log: CVE-2006-0096 now has a name Copied: patch-tracking/CVE-2006-0096 (from r5273, patch-tracking/sdla_capability_check) == --- patch-tracking/sdla_capability_check(original) +++ patch-tracking/CVE-2006-0096Fri Jan 6 05:54:23 2006 @@ -1,4 +1,4 @@ -Candidate: needed +Candidate: CVE-2006-0096 References: http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=0f1d4813a4a65296e1131f320a60741732bc068f http://linux.bkbits.net:8080/linux-2.4/[EMAIL PROTECTED]|src/|src/drivers|src/drivers/net|src/drivers/net/wan|related/drivers/net/wan/sdla.c ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5304 - dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian
Author: horms Date: Fri Jan 6 05:57:53 2006 New Revision: 5304 Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog Log: * Errata for 2.4.27-8 [SECURITY] SDLA firmware upgrade should require CAP_SYS_RAWIO; Local privelage escalation. See CVE-2006-0096 This was incorrectly annotated in 2.4.27-8 as an overflow discovered using coverty, which is actually CVE-2004-2607 129_net_sdla_coverty.diff, included in 2.4.27-8 Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog == --- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog (original) +++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog Fri Jan 6 05:57:53 2006 @@ -14,6 +14,13 @@ http://linux.bkbits.net:8080/linux-2.4/[EMAIL PROTECTED] 184_arch-x86_64-ia32-ptrace32-oops.diff, included in 2.4.27-10sarge1 + * Errata for 2.4.27-8 +[SECURITY] SDLA firmware upgrade should require CAP_SYS_RAWIO; +Local privelage escalation. See CVE-2006-0096 +This was incorrectly annotated in 2.4.27-8 as an overflow +discovered using coverty, which is actually CVE-2004-2607 +129_net_sdla_coverty.diff, included in 2.4.27-8 + * [Security] Restrict socket policy loading to CAP_NET_ADMIN. See CAN-2005-2555. 185_net-sockglue-cap.diff @@ -78,8 +85,8 @@ * 150_private_fragment_queues-1.diff, 150_private_fragment_queues-2.diff: Keep fragment queues private to each user. See CAN-2005-0449 and http://oss.sgi.com/archives/netdev/2005-01/msg01048.html - - -- Simon Horman [EMAIL PROTECTED] Tue, 20 Dec 2005 11:05:02 +0900 + + -- Simon Horman [EMAIL PROTECTED] Fri, 6 Jan 2006 14:54:46 +0900 kernel-source-2.4.27 (2.4.27-10sarge1) stable-security; urgency=high ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5305 - dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian
Author: horms Date: Fri Jan 6 05:58:39 2006 New Revision: 5305 Modified: dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog Log: * Errata for 2.4.27-8 [SECURITY] SDLA firmware upgrade should require CAP_SYS_RAWIO; Local privelage escalation. See CVE-2006-0096 This was incorrectly annotated in 2.4.27-8 as an overflow discovered using coverty, which is actually CVE-2004-2607 129_net_sdla_coverty.diff, included in 2.4.27-8 Modified: dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog == --- dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog (original) +++ dists/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog Fri Jan 6 05:58:39 2006 @@ -10,6 +10,13 @@ See CVE-2005-3858. 189_ipv6-skb-leak.diff, included in 2.4.27-12 + * Errata for 2.4.27-8 +[SECURITY] SDLA firmware upgrade should require CAP_SYS_RAWIO; +Local privelage escalation. See CVE-2006-0096 +This was incorrectly annotated in 2.4.27-8 as an overflow +discovered using coverty, which is actually CVE-2004-2607 +129_net_sdla_coverty.diff, included in 2.4.27-8 + * [SECURITY] VFS: local denial-of-service with file leases. See CVE-2005-3857 198_fs-lock-lease-log-spam.diff @@ -28,7 +35,7 @@ See CVE-2004-2607 200_net_sdla_xfer_leak.diff - -- Simon Horman [EMAIL PROTECTED] Thu, 5 Jan 2006 17:09:08 +0900 + -- Simon Horman [EMAIL PROTECTED] Fri, 6 Jan 2006 14:58:06 +0900 kernel-source-2.4.27 (2.4.27-12) unstable; urgency=low ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5307 - dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian
Author: horms Date: Fri Jan 6 06:00:51 2006 New Revision: 5307 Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Log: Annotate CVE-2006-0096 Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog == --- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog (original) +++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Fri Jan 6 06:00:51 2006 @@ -120,7 +120,7 @@ * net-sdla-coverty.dpatch [SECURITY] SDLA firmware upgrade should require CAP_SYS_RAWIO; Local DoS -CVE-NOMATCH +CVE-2006-0096 [ dann frazier ] * mempolicy-check-mode.dpatch @@ -148,7 +148,7 @@ CHANGES ABI * - -- Simon Horman [EMAIL PROTECTED] Thu, 5 Jan 2006 16:36:17 +0900 + -- Simon Horman [EMAIL PROTECTED] Fri, 6 Jan 2006 15:00:28 +0900 kernel-source-2.6.8 (2.6.8-16sarge1) stable-security; urgency=high ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
[kernel] r5309 - in dists/trunk/linux-2.6/debian: . patches patches-debian
Author: luther Date: Fri Jan 6 07:58:54 2006 New Revision: 5309 Added: dists/trunk/linux-2.6/debian/patches/ - copied from r5308, dists/trunk/linux-2.6/debian/patches-debian/ Removed: dists/trunk/linux-2.6/debian/patches-debian/ Modified: dists/trunk/linux-2.6/debian/rules.real Log: Now that Bastian moved patches-arch under the arch directory, rename patches-debian to patches. Modified: dists/trunk/linux-2.6/debian/rules.real == --- dists/trunk/linux-2.6/debian/rules.real (original) +++ dists/trunk/linux-2.6/debian/rules.real Fri Jan 6 07:58:54 2006 @@ -106,7 +106,7 @@ rm -rf '$(DIR)' define patch_cmd -cd '$(DIR)'; python2.4 '$(CURDIR)/debian/bin/apply.py' --overwrite-home='$(CURDIR)/debian/patches-debian' --overwrite-source='$(SOURCE_VERSION)' --overwrite-revisions='$(REVISIONS)' +cd '$(DIR)'; python2.4 '$(CURDIR)/debian/bin/apply.py' --overwrite-home='$(CURDIR)/debian/patches' --overwrite-source='$(SOURCE_VERSION)' --overwrite-revisions='$(REVISIONS)' endef srcfiles := $(filter-out debian, $(wildcard *)) @@ -251,7 +251,7 @@ dh_testroot dh_clean -d -k $(DH_OPTIONS) dh_installdirs $(DH_OPTIONS) '$(pbase)/apply' '$(pbase)/debian' '$(pbase)/unpatch' - dh_install $(DH_OPTIONS) debian/patches-debian/* '$(pbase)/debian' + dh_install $(DH_OPTIONS) debian/patches/* '$(pbase)/debian' # Install the debian patches sed \ -e 's,@home@,$(pbase)/debian,' \ ___ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes