rpms/kernel/F-9 kernel.spec, 1.844, 1.845 linux-2.6-upstream-reverts.patch, 1.14, 1.15 linux-2.6.27-ext-dir-corruption-fix.patch, 1.1, NONE

Chuck Ebbert cebbert at fedoraproject.org
Sun Nov 9 22:29:48 UTC 2008 

Author: cebbert

Update of /cvs/pkgs/rpms/kernel/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24370

Modified Files:
	kernel.spec linux-2.6-upstream-reverts.patch 
Removed Files:
	linux-2.6.27-ext-dir-corruption-fix.patch 
Log Message:
Fix up the CVE-2008-3528 patch so we get it from -stable.


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-9/kernel.spec,v
retrieving revision 1.844
retrieving revision 1.845
diff -u -r1.844 -r1.845
--- kernel.spec	9 Nov 2008 20:35:04 -0000	1.844
+++ kernel.spec	9 Nov 2008 22:29:17 -0000	1.845
@@ -706,8 +706,6 @@
 # ext4 fun - new & improved, now with less dev!
 Patch2900: linux-2.6.27-ext4-2.6.28-rc3-git6.patch
 Patch2901: linux-2.6.27-ext4-2.6.28-backport-fixups.patch
-# CVE-2008-3528
-Patch2902: linux-2.6.27-ext-dir-corruption-fix.patch
 
 # cciss sysfs links are broken
 Patch3000: linux-2.6-blk-cciss-fix-regression-sysfs-symlink-missing.patch
@@ -1272,10 +1270,6 @@
 ApplyPatch linux-2.6.27-ext4-2.6.28-rc3-git6.patch
 # Fixups for the upstream ext4 code to build cleanly in 2.6.27.
 ApplyPatch linux-2.6.27-ext4-2.6.28-backport-fixups.patch
-# CVE-2008-3528, ext-fs dir corruption
-# reverted from the 2.6.27.4 patch in upstream-reverts
-#  and applied here after the update
-ApplyPatch linux-2.6.27-ext-dir-corruption-fix.patch
 
 # linux1394 git patches
 ApplyPatch linux-2.6-firewire-git-update.patch
@@ -1891,6 +1885,9 @@
 %kernel_variant_files -a /%{image_install_path}/xen*-%{KVERREL}.xen -e /etc/ld.so.conf.d/kernelcap-%{KVERREL}.xen.conf %{with_xen} xen
 
 %changelog
+* Sun Nov 09 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.27.5-32
+- Fix up the CVE-2008-3528 patch so we get it from -stable.
+
 * Sun Nov 09 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.27.5-31
 - ext4 updates to 2.6.28-rc3
 

linux-2.6-upstream-reverts.patch:

Index: linux-2.6-upstream-reverts.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-9/linux-2.6-upstream-reverts.patch,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- linux-2.6-upstream-reverts.patch	7 Nov 2008 22:20:15 -0000	1.14
+++ linux-2.6-upstream-reverts.patch	9 Nov 2008 22:29:17 -0000	1.15
@@ -2,6 +2,9 @@
 From: Matthias Hopf <mhopf at suse.de>
 Date: Sat, 18 Oct 2008 07:18:05 +1000
 Subject: drm/i915: fix ioremap of a user address for non-root (CVE-2008-3831)
+Status: O
+Content-Length: 1367
+Lines: 30
 
 From: Matthias Hopf <mhopf at suse.de>
 
@@ -34,253 +37,11 @@
  };
  
  int i915_max_ioctl = DRM_ARRAY_SIZE(i915_ioctls);
-From sandeen at redhat.com  Thu Oct 23 13:13:44 2008
-From: Eric Sandeen <sandeen at redhat.com>
-Date: Wed, 22 Oct 2008 10:11:52 -0500
-Subject: ext[234]: Avoid printk floods in the face of directory corruption (CVE-2008-3528)
-To: stable at kernel.org
-Cc: ext4 development <linux-ext4 at vger.kernel.org>
-Message-ID: <48FF42B8.3030606 at redhat.com>
-
-From: Eric Sandeen <sandeen at redhat.com>
-
-This is a trivial backport of the following upstream commits:
-
-- bd39597cbd42a784105a04010100e27267481c67 (ext2)
-- cdbf6dba28e8e6268c8420857696309470009fd9 (ext3)
-- 9d9f177572d9e4eba0f2e18523b44f90dd51fe74 (ext4)
-
-This addresses CVE-2008-3528
-
-ext[234]: Avoid printk floods in the face of directory corruption
-
-Note: some people thinks this represents a security bug, since it
-might make the system go away while it is printing a large number of
-console messages, especially if a serial console is involved.  Hence,
-it has been assigned CVE-2008-3528, but it requires that the attacker
-either has physical access to your machine to insert a USB disk with a
-corrupted filesystem image (at which point why not just hit the power
-button), or is otherwise able to convince the system administrator to
-mount an arbitrary filesystem image (at which point why not just
-include a setuid shell or world-writable hard disk device file or some
-such).  Me, I think they're just being silly. --tytso
-
-Signed-off-by: Eric Sandeen <sandeen at redhat.com>
-Signed-off-by: "Theodore Ts'o" <tytso at mit.edu>
-Cc: linux-ext4 at vger.kernel.org
-Cc: Eugene Teo <eugeneteo at kernel.sg>
-Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+From cebbert at redhat.com  Mon Oct 27 13:55:39 2008
+Status: RO
+Content-Length: 324
+Lines: 7
 
----
- fs/ext2/dir.c |   60 +++++++++++++++++++++++++++++++++-------------------------
- fs/ext3/dir.c |   10 ++++++---
- fs/ext4/dir.c |   11 +++++++---
- 3 files changed, 50 insertions(+), 31 deletions(-)
-
---- a/fs/ext2/dir.c
-+++ b/fs/ext2/dir.c
-@@ -103,7 +103,7 @@ static int ext2_commit_chunk(struct page
- 	return err;
- }
- 
--static void ext2_check_page(struct page *page)
-+static void ext2_check_page(struct page *page, int quiet)
- {
- 	struct inode *dir = page->mapping->host;
- 	struct super_block *sb = dir->i_sb;
-@@ -146,10 +146,10 @@ out:
- 	/* Too bad, we had an error */
- 
- Ebadsize:
--	ext2_error(sb, "ext2_check_page",
--		"size of directory #%lu is not a multiple of chunk size",
--		dir->i_ino
--	);
-+	if (!quiet)
-+		ext2_error(sb, __func__,
-+			"size of directory #%lu is not a multiple "
-+			"of chunk size", dir->i_ino);
- 	goto fail;
- Eshort:
- 	error = "rec_len is smaller than minimal";
-@@ -166,32 +166,36 @@ Espan:
- Einumber:
- 	error = "inode out of bounds";
- bad_entry:
--	ext2_error (sb, "ext2_check_page", "bad entry in directory #%lu: %s - "
--		"offset=%lu, inode=%lu, rec_len=%d, name_len=%d",
--		dir->i_ino, error, (page->index<<PAGE_CACHE_SHIFT)+offs,
--		(unsigned long) le32_to_cpu(p->inode),
--		rec_len, p->name_len);
-+	if (!quiet)
-+		ext2_error(sb, __func__, "bad entry in directory #%lu: : %s - "
-+			"offset=%lu, inode=%lu, rec_len=%d, name_len=%d",
-+			dir->i_ino, error, (page->index<<PAGE_CACHE_SHIFT)+offs,
-+			(unsigned long) le32_to_cpu(p->inode),
-+			rec_len, p->name_len);
- 	goto fail;
- Eend:
--	p = (ext2_dirent *)(kaddr + offs);
--	ext2_error (sb, "ext2_check_page",
--		"entry in directory #%lu spans the page boundary"
--		"offset=%lu, inode=%lu",
--		dir->i_ino, (page->index<<PAGE_CACHE_SHIFT)+offs,
--		(unsigned long) le32_to_cpu(p->inode));
-+	if (!quiet) {
-+		p = (ext2_dirent *)(kaddr + offs);
-+		ext2_error(sb, "ext2_check_page",
-+			"entry in directory #%lu spans the page boundary"
-+			"offset=%lu, inode=%lu",
-+			dir->i_ino, (page->index<<PAGE_CACHE_SHIFT)+offs,
-+			(unsigned long) le32_to_cpu(p->inode));
-+	}
- fail:
- 	SetPageChecked(page);
- 	SetPageError(page);
- }
- 
--static struct page * ext2_get_page(struct inode *dir, unsigned long n)
-+static struct page * ext2_get_page(struct inode *dir, unsigned long n,
-+				   int quiet)
- {
- 	struct address_space *mapping = dir->i_mapping;
- 	struct page *page = read_mapping_page(mapping, n, NULL);
- 	if (!IS_ERR(page)) {
- 		kmap(page);
- 		if (!PageChecked(page))
--			ext2_check_page(page);
-+			ext2_check_page(page, quiet);
- 		if (PageError(page))
- 			goto fail;
- 	}
-@@ -292,7 +296,7 @@ ext2_readdir (struct file * filp, void *
- 	for ( ; n < npages; n++, offset = 0) {
- 		char *kaddr, *limit;
- 		ext2_dirent *de;
--		struct page *page = ext2_get_page(inode, n);
-+		struct page *page = ext2_get_page(inode, n, 0);
- 
- 		if (IS_ERR(page)) {
- 			ext2_error(sb, __func__,
-@@ -361,6 +365,7 @@ struct ext2_dir_entry_2 * ext2_find_entr
- 	struct page *page = NULL;
- 	struct ext2_inode_info *ei = EXT2_I(dir);
- 	ext2_dirent * de;
-+	int dir_has_error = 0;
- 
- 	if (npages == 0)
- 		goto out;
-@@ -374,7 +379,7 @@ struct ext2_dir_entry_2 * ext2_find_entr
- 	n = start;
- 	do {
- 		char *kaddr;
--		page = ext2_get_page(dir, n);
-+		page = ext2_get_page(dir, n, dir_has_error);
- 		if (!IS_ERR(page)) {
- 			kaddr = page_address(page);
- 			de = (ext2_dirent *) kaddr;
-@@ -391,7 +396,9 @@ struct ext2_dir_entry_2 * ext2_find_entr
- 				de = ext2_next_entry(de);
- 			}
- 			ext2_put_page(page);
--		}
-+		} else
-+			dir_has_error = 1;
-+
- 		if (++n >= npages)
- 			n = 0;
- 		/* next page is past the blocks we've got */
-@@ -414,7 +421,7 @@ found:
- 
- struct ext2_dir_entry_2 * ext2_dotdot (struct inode *dir, struct page **p)
- {
--	struct page *page = ext2_get_page(dir, 0);
-+	struct page *page = ext2_get_page(dir, 0, 0);
- 	ext2_dirent *de = NULL;
- 
- 	if (!IS_ERR(page)) {
-@@ -487,7 +494,7 @@ int ext2_add_link (struct dentry *dentry
- 	for (n = 0; n <= npages; n++) {
- 		char *dir_end;
- 
--		page = ext2_get_page(dir, n);
-+		page = ext2_get_page(dir, n, 0);
- 		err = PTR_ERR(page);
- 		if (IS_ERR(page))
- 			goto out;
-@@ -655,14 +662,17 @@ int ext2_empty_dir (struct inode * inode
- {
- 	struct page *page = NULL;
- 	unsigned long i, npages = dir_pages(inode);
-+	int dir_has_error = 0;
- 
- 	for (i = 0; i < npages; i++) {
- 		char *kaddr;
- 		ext2_dirent * de;
--		page = ext2_get_page(inode, i);
-+		page = ext2_get_page(inode, i, dir_has_error);
- 
--		if (IS_ERR(page))
-+		if (IS_ERR(page)) {
-+			dir_has_error = 1;
- 			continue;
-+		}
- 
- 		kaddr = page_address(page);
- 		de = (ext2_dirent *)kaddr;
---- a/fs/ext3/dir.c
-+++ b/fs/ext3/dir.c
-@@ -102,6 +102,7 @@ static int ext3_readdir(struct file * fi
- 	int err;
- 	struct inode *inode = filp->f_path.dentry->d_inode;
- 	int ret = 0;
-+	int dir_has_error = 0;
- 
- 	sb = inode->i_sb;
- 
-@@ -148,9 +149,12 @@ static int ext3_readdir(struct file * fi
- 		 * of recovering data when there's a bad sector
- 		 */
- 		if (!bh) {
--			ext3_error (sb, "ext3_readdir",
--				"directory #%lu contains a hole at offset %lu",
--				inode->i_ino, (unsigned long)filp->f_pos);
-+			if (!dir_has_error) {
-+				ext3_error(sb, __func__, "directory #%lu "
-+					"contains a hole at offset %lld",
-+					inode->i_ino, filp->f_pos);
-+				dir_has_error = 1;
-+			}
- 			/* corrupt size?  Maybe no more blocks to read */
- 			if (filp->f_pos > inode->i_blocks << 9)
- 				break;
---- a/fs/ext4/dir.c
-+++ b/fs/ext4/dir.c
-@@ -102,6 +102,7 @@ static int ext4_readdir(struct file * fi
- 	int err;
- 	struct inode *inode = filp->f_path.dentry->d_inode;
- 	int ret = 0;
-+	int dir_has_error = 0;
- 
- 	sb = inode->i_sb;
- 
-@@ -148,9 +149,13 @@ static int ext4_readdir(struct file * fi
- 		 * of recovering data when there's a bad sector
- 		 */
- 		if (!bh) {
--			ext4_error (sb, "ext4_readdir",
--				"directory #%lu contains a hole at offset %lu",
--				inode->i_ino, (unsigned long)filp->f_pos);
-+			if (!dir_has_error) {
-+				ext4_error(sb, __func__, "directory #%lu "
-+					   "contains a hole at offset %Lu",
-+					   inode->i_ino,
-+					   (unsigned long long) filp->f_pos);
-+				dir_has_error = 1;
-+			}
- 			/* corrupt size?  Maybe no more blocks to read */
- 			if (filp->f_pos > inode->i_blocks << 9)
- 				break;
 Revert these patches from the stable queue:
 firewire-fix-ioctl-return-code.patch
 firewire-fix-setting-tag-and-sy-in-iso-transmission.patch
@@ -297,6 +58,9 @@
 Cc: linux1394-devel at lists.sourceforge.net, linux-kernel at vger.kernel.org
 Message-ID: <tkrat.509dbd5216c80cfd at s5r6.in-berlin.de>
 Content-Disposition: INLINE
+Status: O
+Content-Length: 680
+Lines: 27
 
 
 From: Stefan Richter <stefanr at s5r6.in-berlin.de>
@@ -334,6 +98,9 @@
 Cc: linux1394-devel at lists.sourceforge.net, linux-kernel at vger.kernel.org
 Message-ID: <tkrat.c6c9e197bd5d3af2 at s5r6.in-berlin.de>
 Content-Disposition: INLINE
+Status: O
+Content-Length: 948
+Lines: 26
 
 From: Stefan Richter <stefanr at s5r6.in-berlin.de>
 
@@ -370,6 +137,9 @@
 Cc: linux1394-devel at lists.sourceforge.net, linux-kernel at vger.kernel.org
 Message-ID: <tkrat.e499a05eaa0ec529 at s5r6.in-berlin.de>
 Content-Disposition: INLINE
+Status: O
+Content-Length: 1050
+Lines: 36
 
 From: Jay Fenlason <fenlason at redhat.com>
 
@@ -416,6 +186,9 @@
 Cc: linux1394-devel at lists.sourceforge.net, linux-kernel at vger.kernel.org
 Message-ID: <tkrat.9bc21c3b6a97bebe at s5r6.in-berlin.de>
 Content-Disposition: INLINE
+Status: O
+Content-Length: 1597
+Lines: 40
 
 From: Stefan Richter <stefanr at s5r6.in-berlin.de>
 
@@ -465,6 +238,9 @@
 To: stable at kernel.org
 Cc: linux1394-devel at lists.sourceforge.net, linux-kernel at vger.kernel.org
 Message-ID: <tkrat.84265bc39337ceb3 at s5r6.in-berlin.de>
+Status: O
+Content-Length: 3223
+Lines: 95
 
 From: Jay Fenlason <fenlason at redhat.com>
 
@@ -570,6 +346,9 @@
 Cc: linux1394-devel at lists.sourceforge.net, linux-kernel at vger.kernel.org
 Message-ID: <tkrat.6faab57f3da8f9b9 at s5r6.in-berlin.de>
 Content-Disposition: INLINE
+Status: O
+Content-Length: 1058
+Lines: 31
 
 From: Jay Fenlason <fenlason at redhat.com>
 


--- linux-2.6.27-ext-dir-corruption-fix.patch DELETED ---

More information about the fedora-extras-commits mailing list