debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

Merges changes from sid up to 3.11.6-2 

svn path=/dists/trunk/linux/; revision=20774
This commit is contained in:
Ben Hutchings 2013-11-02 20:55:30 +00:00
parent d98e00eda6 b08f6d30b9
commit 85d54e2cc1
7 changed files with 156 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
debian/bin/gencontrol.py vendored
View File

@ -131,10 +131,12 @@ class Gencontrol(Base):
if self.version.linux_modifier is None:
try:
vars['abiname'] = '-%s' % self.config['abi', arch]['abiname']
abiname_part = '-%s' % self.config['abi', arch]['abiname']
except KeyError:
vars['abiname'] = self.abiname
makeflags['ABINAME'] = vars['abiname']
abiname_part = self.abiname_part
makeflags['ABINAME'] = vars['abiname'] = \
self.version.linux_upstream + abiname_part
makeflags['ABINAME_PART'] = abiname_part
if foreign_kernel:
packages_headers_arch = []
@ -178,8 +180,7 @@ class Gencontrol(Base):
kw_env['KW_DEFCONFIG_DIR'] = installer_def_dir
kw_env['KW_CONFIG_DIR'] = installer_arch_dir
kw_proc = subprocess.Popen(
['kernel-wedge', 'gen-control',
self.abiname],
['kernel-wedge', 'gen-control', vars['abiname']],
stdout=subprocess.PIPE,
env=kw_env)
udeb_packages = read_control(kw_proc.stdout)
@ -414,11 +415,11 @@ class Gencontrol(Base):
if config_entry_image['type'] == 'plain':
substitute_file('headers.plain.postinst',
'debian/linux-headers-%s%s.postinst' %
(self.abiname, vars['localversion']))
(vars['abiname'], vars['localversion']))
for name in ['postinst', 'postrm', 'preinst', 'prerm', 'templates']:
substitute_file('image.plain.%s' % name,
'debian/linux-image-%s%s.%s' %
(self.abiname, vars['localversion'], name))
(vars['abiname'], vars['localversion'], name))
for path in glob.glob('debian/templates/po/*.po'):
substitute_file('po/' + os.path.basename(path),
'debian/po/' + os.path.basename(path),
@ -426,7 +427,7 @@ class Gencontrol(Base):
if build_debug:
substitute_file('image-dbg.lintian-override',
'debian/linux-image-%s%s-dbg.lintian-overrides' %
(self.abiname, vars['localversion']))
(vars['abiname'], vars['localversion']))
def merge_packages(self, packages, new, arch):
for new_package in new:

31
debian/changelog vendored
View File

@ -15,6 +15,37 @@ linux (3.12~rc7-1~exp1) experimental; urgency=low
-- Ben Hutchings <ben@decadent.org.uk> Mon, 28 Oct 2013 04:12:20 +0000
linux (3.11.6-2) unstable; urgency=medium
[ Ben Hutchings ]
* [sh4] Reduce compiler version to gcc-4.7, as gcc-4.8 is not yet
available
* [ia64] Reduce compiler version to gcc-4.6, matching gcc-defaults
(fixes FTBFS)
* [armhf] Bump ABI to 1a, as enabling Xen and KVM support changes ABI
* net: Fix infinite loop in in skb_flow_dissect() (CVE-2013-4348)
* net: do not call sock_put() on TIMEWAIT sockets
* l2tp: fix kernel panic when using IPv4-mapped IPv6 addresses
* net: heap overflow in __audit_sockaddr()
* proc connector: fix info leaks
* bridge: update mdb expiration timer upon reports.
* Revert "bridge: only expire the mdb entry when query is received"
* unix_diag: fix info leak
* be2net: pass if_id for v1 and V2 versions of TX_CREATE cmd
* net: fix cipso packet validation when !NETLABEL
* inet: fix possible memory corruption with UDP_CORK and UFO
* [arm] 7851/1: check for number of arguments in syscall_get/set_arguments()
* ext[34]: fix double put in tmpfile
* dm snapshot: fix data corruption (CVE-2013-4299)
* i2c: ismt: initialize DMA buffer
* mm: fix BUG in __split_huge_page_pmd
* writeback: fix negative bdi max pause
[ Aurelien Jarno ]
* UAPI: include <asm/byteorder.h> in linux/raid/md_p.h.
-- Ben Hutchings <ben@decadent.org.uk> Fri, 01 Nov 2013 05:23:13 +0000
linux (3.11.6-1) unstable; urgency=low
* New upstream stable update:

1
debian/config/ia64/defines vendored
View File

@ -3,6 +3,7 @@ flavours:
itanium
mckinley
kernel-arch: ia64
compiler: gcc-4.6
[image]
bootloaders: elilo

1
debian/config/sh4/defines vendored
View File

@ -3,6 +3,7 @@ flavours:
sh7751r
sh7785lcr
kernel-arch: sh
compiler: gcc-4.7
[image]
suggests: fdutils

82
debian/patches/bugfix/all/CVE-2013-4348.patch vendored Normal file
View File

@ -0,0 +1,82 @@
From: Ben Hutchings <ben@decadent.org.uk>
Date: Thu, 31 Oct 2013 02:24:12 +0000
Subject: net: Fix infinite loop in in skb_flow_dissect() (CVE-2013-4348)
Jason Wang <jasowang@redhat.com> writes:
(via linux-distros@vs.openwall.org etc.)
> There's a deadloop path in skb_flow_dissect():
>
> bool skb_flow_dissect(const struct sk_buff *skb, struct flow_keys *flow)
> {
> ..
>
> ip:
> iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
> if (!iph)
> return false;
>
> if (ip_is_fragment(iph))
> ip_proto = 0;
> else
> ip_proto = iph->protocol;
> iph_to_flow_copy_addrs(flow, iph);
> nhoff += iph->ihl * 4;
> break;
> ..
>
> Here the code does not check whether iph->ihl is zero which may cause
> deadloop if a malicous IPIP packet whose ihl is zero. See the above
> codes for IPIP. Since the pointer was not move ahead.
>
> ..
> case IPPROTO_IPIP:
> proto = htons(ETH_P_IP);
> goto ip;
> ..
> }
>
> skb_flow_dissect() were used by several places:
> - packet scheduler that want classify flows
> - skb_get_rxhash() that will be used by RPS, vxlan, multiqueue
> tap,macvtap packet fanout
> - skb_probe_transport_header() which was used for probing transport
> header for DODGY packets
> - __skb_get_poff() which will be used by socket filter
>
> So this could be used to DOS both local and remote machine.
>
> I was able to
>
> - DOS the local host machine
> - DOS the local host machine by run the reproducer in guest
> - DOS one guest with RPS enabled by running the reproducer in another
> guest in the same host.
>
> I believe it could be also used to DOS a remote machine, but I didn't try.
>
> The issue were introduced by commit
> 0744dd00c1b1be99a25b62b1b48df440e82e57e0 (net: introduce
> skb_flow_dissect()).
>
> The fix looks easy, just fail when iph->ihl is zero.
Accepting any positive value means we can still be made to loop nearly
skb->len / 4 times in some cases. But all values < 5 are invalid, so
let's reject them and reduce that to skb->len / 20.
We should probably set a constant limit on the loop count as well, but
I'm not sure what the limit should be.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -40,7 +40,7 @@ again:
struct iphdr _iph;
ip:
iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
- if (!iph)
+ if (!iph || iph->ihl < 5)
return false;
if (ip_is_fragment(iph))

30
debian/patches/bugfix/all/UAPI-include-asm-byteorder.h-in-linux-raid-md_p.h.patch vendored Normal file
View File

@ -0,0 +1,30 @@
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Tue, 29 Oct 2013 11:55:17 +0100
Subject: [PATCH] UAPI: include <asm/byteorder.h> in linux/raid/md_p.h
Forwarded: http://comments.gmane.org/gmane.linux.kernel/1586604
linux/raid/md_p.h is using conditionals depending on endianess and fails
with an error if neither of __BIG_ENDIAN, __LITTLE_ENDIAN or
__BYTE_ORDER are defined, but it doesn't include any header which can
define these constants. This make this header unusable alone.
This patch adds a #include <asm/byteorder.h> at the beginning of this
header to make it usable alone. This is needed to compile klibc on MIPS.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
---
include/uapi/linux/raid/md_p.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/uapi/linux/raid/md_p.h b/include/uapi/linux/raid/md_p.h
index fe1a540..f7cf7f3 100644
--- a/include/uapi/linux/raid/md_p.h
+++ b/include/uapi/linux/raid/md_p.h
@@ -16,6 +16,7 @@
#define _MD_P_H
#include <linux/types.h>
+#include <asm/byteorder.h>
/*
* RAID superblock.

2
debian/patches/series vendored
View File

@ -74,3 +74,5 @@ bugfix/all/crypto-ansi_cprng-Fix-off-by-one-error-in-non-block-.patch
features/all/mvsas-Recognise-device-subsystem-9485-9485-as-88SE94.patch
bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch
debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch
bugfix/all/UAPI-include-asm-byteorder.h-in-linux-raid-md_p.h.patch
bugfix/all/CVE-2013-4348.patch