series

Dann Frazier Wed, 13 Feb 2008 21:55:19 -0800

Author: dannf
Date: Thu Feb 14 04:22:44 2008
New Revision: 10540

Log:
* powerpc-chrp-null-deref.dpatch
  [SECURITY][powerpc] Fix NULL pointer dereference if get_property
  fails on the subarchitecture
  See CVE-2007-6694


Added:
   
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/powerpc-chrp-null-deref.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1

Modified: 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog   
    (original)
+++ 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog   
    Thu Feb 14 04:22:44 2008
@@ -61,8 +61,12 @@
     If userspace still has the device open it can result, the driver would
     wait for the device to close, blocking the USB subsystem.
     See CVE-2007-5093
+  * powerpc-chrp-null-deref.dpatch
+    [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+    fails on the subarchitecture
+    See CVE-2007-6694
 
- -- dann frazier <[EMAIL PROTECTED]>  Wed, 13 Feb 2008 20:20:12 -0700
+ -- dann frazier <[EMAIL PROTECTED]>  Wed, 13 Feb 2008 21:18:45 -0700
 
 kernel-source-2.6.8 (2.6.8-17) oldstable; urgency=high
 

Added: 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/powerpc-chrp-null-deref.dpatch
==============================================================================
--- (empty file)
+++ 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/powerpc-chrp-null-deref.dpatch
  Thu Feb 14 04:22:44 2008
@@ -0,0 +1,49 @@
+commit 9ac71d00398674aaec664f30559f0a21d963862f
+Author: Cyrill Gorcunov <[EMAIL PROTECTED]>
+Date:   Fri Nov 23 16:43:04 2007 +1100
+
+    [POWERPC] CHRP: Fix possible NULL pointer dereference
+    
+    This fixes a possible NULL pointer dereference inside of strncmp() if
+    of_get_property() fails.
+    
+    Signed-off-by: Cyrill Gorcunov <[EMAIL PROTECTED]>
+    Signed-off-by: Paul Mackerras <[EMAIL PROTECTED]>
+
+Backported to Debian's 2.6.8 by dann frazier <[EMAIL PROTECTED]>
+
+diff -urpN kernel-source-2.6.8.orig/arch/ppc/platforms/chrp_setup.c 
kernel-source-2.6.8/arch/ppc/platforms/chrp_setup.c
+--- kernel-source-2.6.8.orig/arch/ppc/platforms/chrp_setup.c   2007-05-26 
02:54:38.000000000 -0600
++++ kernel-source-2.6.8/arch/ppc/platforms/chrp_setup.c        2008-02-13 
20:40:08.000000000 -0700
+@@ -117,7 +117,7 @@ chrp_show_cpuinfo(struct seq_file *m)
+       seq_printf(m, "machine\t\t: CHRP %s\n", model);
+ 
+       /* longtrail (goldengate) stuff */
+-      if (!strncmp(model, "IBM,LongTrail", 13)) {
++      if (model && !strncmp(model, "IBM,LongTrail", 13)) {
+               /* VLSI VAS96011/12 `Golden Gate 2' */
+               /* Memory banks */
+               sdramen = (in_le32((unsigned *)(gg2_pci_config_base+
+@@ -206,14 +206,20 @@ static void __init sio_fixup_irq(const c
+ static void __init sio_init(void)
+ {
+       struct device_node *root;
++      const char *model;
+ 
+-      if ((root = find_path_device("/")) &&
+-          !strncmp(get_property(root, "model", NULL), "IBM,LongTrail", 13)) {
++      root = find_path_device("/");
++      if (!root)
++              return;
++
++      model = get_property(root, "model", NULL);
++      if (model && !strncmp(model, "IBM,LongTrail", 13)) {
+               /* logical device 0 (KBC/Keyboard) */
+               sio_fixup_irq("keyboard", 0, 1, 2);
+               /* select logical device 1 (KBC/Mouse) */
+               sio_fixup_irq("mouse", 1, 12, 2);
+       }
++
+ }
+ 
+ void pegasos_set_l2cr(void)

Modified: 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1
==============================================================================
--- 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1
   (original)
+++ 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1
   Thu Feb 14 04:22:44 2008
@@ -16,3 +16,4 @@
 + hugetlb-prio_tree-unit-fix.dpatch
 + amd64-zero-extend-32bit-ptrace.dpatch
 + usb-pwc-disconnect-block.dpatch
++ powerpc-chrp-null-deref.dpatch

_______________________________________________
Kernel-svn-changes mailing list
Kernel-svn-changes@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes

[kernel] r10540 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series

Reply via email to