On Wed, Jun 29, 2005 at 11:14:20AM +0900, Horms wrote: > On Tue, Jun 28, 2005 at 10:36:15PM +0200, Frederik Schueler wrote: > > Hello, > > > > I would like to start preparing a seurity update for kernel-source-2.6.8 > > in sarge, wich released with version 2.6.8-16. > > > > In sarge-security we have an old 2.6.15sarge1 wich never got released. > > > > Does anyone object if I update those sources to the revision in sarge, > > and we start building 2.6.8-16sarge1 from it? > > > > I already got some patches from the ubuntu 2.6.8 kernel package addressing > > the following 5 issues: > > > > CAN-2005-0756 > > CAN-2005-1265 > > CAN-2005-1762 > > CAN-2005-1763 > > CAN-2005-1765 > > > > and these 3 still need to be addressed: > > > > CAN-2005-1764 > > CAN-2005-0449 #295949 > > CAN-2005-0356 #310804 > > > > > > if nobody objects, I would like to commit my changes. > > Hi, > > I have been thinking of making some updates too. > So far I have just been trolling the 2.6.11.X and 2.6.12.X patch sets. > This is primarily intented as a base for rc1 rather than a security > update, as almost none of the fixes are security related. > > I think the best thing to do would be for you to go ahead and > start a 2.6.8-16sarge1 in cvs. I will then grab those patches > and put them into what I am working on for 2.6.8-17. > > We also need to think about 2.4.27, but I was planning to do that > after 2.6.8 is in the bag.
First up, appologies to Frederik for duplicting his work to some extent. I really was working on this before I got his message. I hope what I have done is useful to the security update, and in turn I hope his patches can be used in the r1 update. I have gone ahead and put all of my changes in SVN, the changelog below. The one outstanding problem is that the fix from 2.6.11.X that fixes CAN-2005-1265 breaks the build and seems to require an ABI fix to make it build. I haven't been through the Ubuntu tree yet, and I have to head out now, but I am interested to see what solution they have. In any case, I am running a build of what is in SVN now and will take a look at what wheels have fallen off in the morning. Finally, as per my anotation of #310804, I don't believe that Linux is vulnerable to CAN-2005-0356. -- Horms * [SECURITY] arch-x86_64-kernel-ptrace-boundary-check.dpatch Don't allow accesses below register frame in ptrace See CAN-2005-0756. (Simon Horman) * arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch, arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch This works around an AMD Erratum by checking if the ptrace RIP is canonical. (Simon Horman) * [SECURITY] arch-x86_64-kernel-smp-boot-race.dpatch Keep interrupts disabled during smp bootup This avoids a race that breaks SMP bootup on some machines. (Simon Horman) * [SECURITY] arch-x86_64-mm-ioremap-page-lookup.dpatch Don't look up struct page pointer of physical address in iounmap as it may be in a memory hole not mapped in mem_map and that causes the hash lookup to go off to nirvana. (Simon Horman) * drivers-media-vidio-bttv-vc100xp-detect.dpatch Allow Leadtek WinFast VC100 XP cards to work. (Simon Horman) * [SECURITY] fs-exec-ptrace-core-exec-race.dpatch Fix race between core dumping and exec with shared mm (Simon Horman) * [SECURITY] fs-exec-ptrace-deadlock.dpatch Fix coredump_wait deadlock with ptracer & tracee on shared mm (Simon Horman) * [SECURITY] fs-exec-posix-timers-leak-1.dpatch, fs-exec-posix-timers-leak-2.dpatch Make exec clean up posix timers. (Simon Horman) * [SECURITY] fs-exec-reparent-timers.dpatch Make sure we re-parent itimers. If subthread exec's with timer pending, signal is delivered to old group-leader and can panic kernel. See CAN-2005-1913. (Simon Horman) * fs-hfs-oops-and-leak.dpatch Fix a leak in HFS and HFS Fix an oops that occurs when an attempt is made to mount a non-hfs filesystem as HFS. (Simon Horman) * fs-jbd-checkpoint-assertion.dpatch Fix possible false assertion failure in log_do_checkpoint(). We might fail to detect that we actually made a progress when cleaning up the checkpoint lists if we don't retry after writing something to disk. (Simon Horman) # Ommitted as it seems to require an update to struct_mm, which # would be an ABI change. As it stands it breaks the build. # Looking for a better solution, according to Frederik Schueler # he has one from Ubuntu. More anon #* [SECURITY] mm-mmap-range-test.dpatch # Make sure get_unmapped_area sanity tests are done regardless of # wheater MAP_FIXED is set or not. # See CAN-2005-1265 # (Simon Horman) * mm-rmap-out-of-bounds-pte.dpatch Stop try_to_unmap_cluster() passing out-of-bounds pte to pte_unmap() (Simon Horman) * [SECURITY] net-bridge-netfilter-etables-smp-race.dpatch The patch below fixes an smp race that happens on such systems under heavy load. (Simon Horman) * net-bridge-mangle-oops.dpatch Fix oops when mangling and brouting and tcpdumping packets Needed for net-bridge-forwarding-poison.dpatch (Simon Horman) * [SECURITY] net-bridge-forwarding-poison.dpatch Avoid poisoning of the bridge forwarding table by frames that have been dropped by filtering. This prevents spoofed source addresses on hostile side of bridge from causing packet leakage, a small but possible security risk. (Simon Horman) * net-ipv4-netfilter-ip_queue-deadlock.dpatch Fix deadlock with ip_queue and tcp local input path. (Simon Horman) * [SECURITY] net-rose-ndigis-verify.dpatch Verify ndigis argument of a new route. (Simon Horman) * sound-usb-usbaudio-unplug-oops.dpatch Prevent oops & dead keyboard on usb unplugging while the device is being used. (Simon Horman) * net-ipv4-ipvs-conn_tab-race.dpatch Fix race condition on p_vs_conn_tab list modification -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
