Merges changes from sid up to 3.11.6-2
svn path=/dists/trunk/linux/; revision=20774
This commit is contained in:
commit
85d54e2cc1
|
@ -131,10 +131,12 @@ class Gencontrol(Base):
|
|||
|
||||
if self.version.linux_modifier is None:
|
||||
try:
|
||||
vars['abiname'] = '-%s' % self.config['abi', arch]['abiname']
|
||||
abiname_part = '-%s' % self.config['abi', arch]['abiname']
|
||||
except KeyError:
|
||||
vars['abiname'] = self.abiname
|
||||
makeflags['ABINAME'] = vars['abiname']
|
||||
abiname_part = self.abiname_part
|
||||
makeflags['ABINAME'] = vars['abiname'] = \
|
||||
self.version.linux_upstream + abiname_part
|
||||
makeflags['ABINAME_PART'] = abiname_part
|
||||
|
||||
if foreign_kernel:
|
||||
packages_headers_arch = []
|
||||
|
@ -178,8 +180,7 @@ class Gencontrol(Base):
|
|||
kw_env['KW_DEFCONFIG_DIR'] = installer_def_dir
|
||||
kw_env['KW_CONFIG_DIR'] = installer_arch_dir
|
||||
kw_proc = subprocess.Popen(
|
||||
['kernel-wedge', 'gen-control',
|
||||
self.abiname],
|
||||
['kernel-wedge', 'gen-control', vars['abiname']],
|
||||
stdout=subprocess.PIPE,
|
||||
env=kw_env)
|
||||
udeb_packages = read_control(kw_proc.stdout)
|
||||
|
@ -414,11 +415,11 @@ class Gencontrol(Base):
|
|||
if config_entry_image['type'] == 'plain':
|
||||
substitute_file('headers.plain.postinst',
|
||||
'debian/linux-headers-%s%s.postinst' %
|
||||
(self.abiname, vars['localversion']))
|
||||
(vars['abiname'], vars['localversion']))
|
||||
for name in ['postinst', 'postrm', 'preinst', 'prerm', 'templates']:
|
||||
substitute_file('image.plain.%s' % name,
|
||||
'debian/linux-image-%s%s.%s' %
|
||||
(self.abiname, vars['localversion'], name))
|
||||
(vars['abiname'], vars['localversion'], name))
|
||||
for path in glob.glob('debian/templates/po/*.po'):
|
||||
substitute_file('po/' + os.path.basename(path),
|
||||
'debian/po/' + os.path.basename(path),
|
||||
|
@ -426,7 +427,7 @@ class Gencontrol(Base):
|
|||
if build_debug:
|
||||
substitute_file('image-dbg.lintian-override',
|
||||
'debian/linux-image-%s%s-dbg.lintian-overrides' %
|
||||
(self.abiname, vars['localversion']))
|
||||
(vars['abiname'], vars['localversion']))
|
||||
|
||||
def merge_packages(self, packages, new, arch):
|
||||
for new_package in new:
|
||||
|
|
|
@ -15,6 +15,37 @@ linux (3.12~rc7-1~exp1) experimental; urgency=low
|
|||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Mon, 28 Oct 2013 04:12:20 +0000
|
||||
|
||||
linux (3.11.6-2) unstable; urgency=medium
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* [sh4] Reduce compiler version to gcc-4.7, as gcc-4.8 is not yet
|
||||
available
|
||||
* [ia64] Reduce compiler version to gcc-4.6, matching gcc-defaults
|
||||
(fixes FTBFS)
|
||||
* [armhf] Bump ABI to 1a, as enabling Xen and KVM support changes ABI
|
||||
* net: Fix infinite loop in in skb_flow_dissect() (CVE-2013-4348)
|
||||
* net: do not call sock_put() on TIMEWAIT sockets
|
||||
* l2tp: fix kernel panic when using IPv4-mapped IPv6 addresses
|
||||
* net: heap overflow in __audit_sockaddr()
|
||||
* proc connector: fix info leaks
|
||||
* bridge: update mdb expiration timer upon reports.
|
||||
* Revert "bridge: only expire the mdb entry when query is received"
|
||||
* unix_diag: fix info leak
|
||||
* be2net: pass if_id for v1 and V2 versions of TX_CREATE cmd
|
||||
* net: fix cipso packet validation when !NETLABEL
|
||||
* inet: fix possible memory corruption with UDP_CORK and UFO
|
||||
* [arm] 7851/1: check for number of arguments in syscall_get/set_arguments()
|
||||
* ext[34]: fix double put in tmpfile
|
||||
* dm snapshot: fix data corruption (CVE-2013-4299)
|
||||
* i2c: ismt: initialize DMA buffer
|
||||
* mm: fix BUG in __split_huge_page_pmd
|
||||
* writeback: fix negative bdi max pause
|
||||
|
||||
[ Aurelien Jarno ]
|
||||
* UAPI: include <asm/byteorder.h> in linux/raid/md_p.h.
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Fri, 01 Nov 2013 05:23:13 +0000
|
||||
|
||||
linux (3.11.6-1) unstable; urgency=low
|
||||
|
||||
* New upstream stable update:
|
||||
|
|
|
@ -3,6 +3,7 @@ flavours:
|
|||
itanium
|
||||
mckinley
|
||||
kernel-arch: ia64
|
||||
compiler: gcc-4.6
|
||||
|
||||
[image]
|
||||
bootloaders: elilo
|
||||
|
|
|
@ -3,6 +3,7 @@ flavours:
|
|||
sh7751r
|
||||
sh7785lcr
|
||||
kernel-arch: sh
|
||||
compiler: gcc-4.7
|
||||
|
||||
[image]
|
||||
suggests: fdutils
|
||||
|
|
|
@ -0,0 +1,82 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Thu, 31 Oct 2013 02:24:12 +0000
|
||||
Subject: net: Fix infinite loop in in skb_flow_dissect() (CVE-2013-4348)
|
||||
|
||||
Jason Wang <jasowang@redhat.com> writes:
|
||||
(via linux-distros@vs.openwall.org etc.)
|
||||
> There's a deadloop path in skb_flow_dissect():
|
||||
>
|
||||
> bool skb_flow_dissect(const struct sk_buff *skb, struct flow_keys *flow)
|
||||
> {
|
||||
> ..
|
||||
>
|
||||
> ip:
|
||||
> iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
|
||||
> if (!iph)
|
||||
> return false;
|
||||
>
|
||||
> if (ip_is_fragment(iph))
|
||||
> ip_proto = 0;
|
||||
> else
|
||||
> ip_proto = iph->protocol;
|
||||
> iph_to_flow_copy_addrs(flow, iph);
|
||||
> nhoff += iph->ihl * 4;
|
||||
> break;
|
||||
> ..
|
||||
>
|
||||
> Here the code does not check whether iph->ihl is zero which may cause
|
||||
> deadloop if a malicous IPIP packet whose ihl is zero. See the above
|
||||
> codes for IPIP. Since the pointer was not move ahead.
|
||||
>
|
||||
> ..
|
||||
> case IPPROTO_IPIP:
|
||||
> proto = htons(ETH_P_IP);
|
||||
> goto ip;
|
||||
> ..
|
||||
> }
|
||||
>
|
||||
> skb_flow_dissect() were used by several places:
|
||||
> - packet scheduler that want classify flows
|
||||
> - skb_get_rxhash() that will be used by RPS, vxlan, multiqueue
|
||||
> tap,macvtap packet fanout
|
||||
> - skb_probe_transport_header() which was used for probing transport
|
||||
> header for DODGY packets
|
||||
> - __skb_get_poff() which will be used by socket filter
|
||||
>
|
||||
> So this could be used to DOS both local and remote machine.
|
||||
>
|
||||
> I was able to
|
||||
>
|
||||
> - DOS the local host machine
|
||||
> - DOS the local host machine by run the reproducer in guest
|
||||
> - DOS one guest with RPS enabled by running the reproducer in another
|
||||
> guest in the same host.
|
||||
>
|
||||
> I believe it could be also used to DOS a remote machine, but I didn't try.
|
||||
>
|
||||
> The issue were introduced by commit
|
||||
> 0744dd00c1b1be99a25b62b1b48df440e82e57e0 (net: introduce
|
||||
> skb_flow_dissect()).
|
||||
>
|
||||
> The fix looks easy, just fail when iph->ihl is zero.
|
||||
|
||||
Accepting any positive value means we can still be made to loop nearly
|
||||
skb->len / 4 times in some cases. But all values < 5 are invalid, so
|
||||
let's reject them and reduce that to skb->len / 20.
|
||||
|
||||
We should probably set a constant limit on the loop count as well, but
|
||||
I'm not sure what the limit should be.
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
--- a/net/core/flow_dissector.c
|
||||
+++ b/net/core/flow_dissector.c
|
||||
@@ -40,7 +40,7 @@ again:
|
||||
struct iphdr _iph;
|
||||
ip:
|
||||
iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
|
||||
- if (!iph)
|
||||
+ if (!iph || iph->ihl < 5)
|
||||
return false;
|
||||
|
||||
if (ip_is_fragment(iph))
|
30
debian/patches/bugfix/all/UAPI-include-asm-byteorder.h-in-linux-raid-md_p.h.patch
vendored
Normal file
30
debian/patches/bugfix/all/UAPI-include-asm-byteorder.h-in-linux-raid-md_p.h.patch
vendored
Normal file
|
@ -0,0 +1,30 @@
|
|||
From: Aurelien Jarno <aurelien@aurel32.net>
|
||||
Date: Tue, 29 Oct 2013 11:55:17 +0100
|
||||
Subject: [PATCH] UAPI: include <asm/byteorder.h> in linux/raid/md_p.h
|
||||
Forwarded: http://comments.gmane.org/gmane.linux.kernel/1586604
|
||||
|
||||
linux/raid/md_p.h is using conditionals depending on endianess and fails
|
||||
with an error if neither of __BIG_ENDIAN, __LITTLE_ENDIAN or
|
||||
__BYTE_ORDER are defined, but it doesn't include any header which can
|
||||
define these constants. This make this header unusable alone.
|
||||
|
||||
This patch adds a #include <asm/byteorder.h> at the beginning of this
|
||||
header to make it usable alone. This is needed to compile klibc on MIPS.
|
||||
|
||||
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
||||
---
|
||||
include/uapi/linux/raid/md_p.h | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/include/uapi/linux/raid/md_p.h b/include/uapi/linux/raid/md_p.h
|
||||
index fe1a540..f7cf7f3 100644
|
||||
--- a/include/uapi/linux/raid/md_p.h
|
||||
+++ b/include/uapi/linux/raid/md_p.h
|
||||
@@ -16,6 +16,7 @@
|
||||
#define _MD_P_H
|
||||
|
||||
#include <linux/types.h>
|
||||
+#include <asm/byteorder.h>
|
||||
|
||||
/*
|
||||
* RAID superblock.
|
|
@ -74,3 +74,5 @@ bugfix/all/crypto-ansi_cprng-Fix-off-by-one-error-in-non-block-.patch
|
|||
features/all/mvsas-Recognise-device-subsystem-9485-9485-as-88SE94.patch
|
||||
bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch
|
||||
debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch
|
||||
bugfix/all/UAPI-include-asm-byteorder.h-in-linux-raid-md_p.h.patch
|
||||
bugfix/all/CVE-2013-4348.patch
|
||||
|
|
Loading…
Reference in New Issue