rpms/kernel/devel patch-2.6.27.4-rc3.bz2.sign, NONE, 1.1 .cvsignore, 1.950, 1.951 TODO, 1.26, 1.27 kernel.spec, 1.1080, 1.1081 linux-2.6-upstream-reverts.patch, 1.3, 1.4 sources, 1.912, 1.913 upstream, 1.824, 1.825 linux-2.6-x86-acpi-fix-resume-on-64-bit-UP-systems.patch, 1.1, NONE
Chuck Ebbert
cebbert at fedoraproject.org
Fri Oct 24 23:45:09 UTC 2008
- Previous message (by thread): rpms/rubygem-sqlite3-ruby/EL-5 import.log, NONE, 1.1 rubygem-sqlite3-ruby.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/gstreamer-plugins-good/devel .cvsignore, 1.12, 1.13 gst-plugins-good-0.10.9-libv4l.patch, 1.3, 1.4 gstreamer-plugins-good.spec, 1.76, 1.77 sources, 1.12, 1.13 gst-plugins-good-0.10.8-speex-nego.patch, 1.1, NONE gst-plugins-good-0.10.8-v4l2-progressive-fix.patch, 1.1, NONE gst-plugins-good-v4l2-new-kernel.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: cebbert
Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17163
Modified Files:
.cvsignore TODO kernel.spec linux-2.6-upstream-reverts.patch
sources upstream
Added Files:
patch-2.6.27.4-rc3.bz2.sign
Removed Files:
linux-2.6-x86-acpi-fix-resume-on-64-bit-UP-systems.patch
Log Message:
2.6.27.4-rc3
Dropped patches:
linux-2.6-x86-acpi-fix-resume-on-64-bit-UP-systems.patch
Upstream reverts:
ext-avoid-printk-floods-in-the-face-of-directory-corruption.patch
--- NEW FILE patch-2.6.27.4-rc3.bz2.sign ---
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: See http://www.kernel.org/signature.html for info
iD8DBQBJAkDwyGugalF9Dw4RAiisAJwN0OvZN53qvpeqt8tZd0IiB0g11wCeMo8k
cSSbHQCmMYDSrVB/JA1UHcQ=
=N5l1
-----END PGP SIGNATURE-----
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/.cvsignore,v
retrieving revision 1.950
retrieving revision 1.951
diff -u -r1.950 -r1.951
--- .cvsignore 22 Oct 2008 22:32:39 -0000 1.950
+++ .cvsignore 24 Oct 2008 23:44:38 -0000 1.951
@@ -5,3 +5,4 @@
kernel-2.6.27
linux-2.6.27.tar.bz2
patch-2.6.27.3.bz2
+patch-2.6.27.4-rc3.bz2
Index: TODO
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/TODO,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- TODO 21 Oct 2008 21:22:36 -0000 1.26
+++ TODO 24 Oct 2008 23:44:38 -0000 1.27
@@ -156,6 +156,10 @@
Don't let this interface get out 'til it's official (and
released) upstream.
+linux-2.6.27-ext-dir-corruption-fix.patch
+ in -stable, but reverted in upstream-reverts
+ (the ext4 patch queue won't apply if we get this patch from -stable)
+
linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch
In mainline and 2.6.26-stable queue but not 2.6.27-stable.
@@ -167,9 +171,6 @@
linux-2.6.27-sony-laptop-suspend-fix.patch
Submitted: http://marc.info/?l=linux-kernel&m=122419261829835&w=2
-linux-2.6-x86-acpi-fix-resume-on-64-bit-UP-systems.patch
- In x86/urgent, already requested for mainline and -stable
-
linux-2.6.27-drm-i915-fix-ioctl-security.patch
In -stable, reverted in upstream-reverts, reapplied after the drm patch.
The drm patch should be fixed up to not conflict with the upstream patch.
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/kernel.spec,v
retrieving revision 1.1080
retrieving revision 1.1081
diff -u -r1.1080 -r1.1081
--- kernel.spec 24 Oct 2008 01:59:54 -0000 1.1080
+++ kernel.spec 24 Oct 2008 23:44:38 -0000 1.1081
@@ -36,9 +36,9 @@
%if 0%{?released_kernel}
# Do we have a -stable update to apply?
-%define stable_update 3
+%define stable_update 4
# Is it a -stable RC?
-%define stable_rc 0
+%define stable_rc 3
# Set rpm version accordingly
%if 0%{?stable_update}
%define stablerev .%{stable_update}
@@ -590,7 +590,6 @@
Patch41: linux-2.6-sysrq-c.patch
Patch44: linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch
-Patch45: linux-2.6-x86-acpi-fix-resume-on-64-bit-UP-systems.patch
Patch140: linux-2.6-ps3-ehci-iso.patch
Patch141: linux-2.6-ps3-storage-alias.patch
@@ -1077,8 +1076,6 @@
# x86(-64)
# don't oops in get_wchan()
ApplyPatch linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch
-# fix resume on UP systems with SMP kernel
-ApplyPatch linux-2.6-x86-acpi-fix-resume-on-64-bit-UP-systems.patch
#
# PowerPC
@@ -1853,6 +1850,13 @@
%kernel_variant_files -k vmlinux %{with_kdump} kdump
%changelog
+* Fri Oct 24 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.27.4-45.rc3
+- 2.6.27.4-rc3
+ Dropped patches:
+ linux-2.6-x86-acpi-fix-resume-on-64-bit-UP-systems.patch
+ Upstream reverts:
+ ext-avoid-printk-floods-in-the-face-of-directory-corruption.patch
+
* Thu Oct 23 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.27.3-44
- Disable the snd-aw2 driver until upstream comes up with a fix.
linux-2.6-upstream-reverts.patch:
Index: linux-2.6-upstream-reverts.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/linux-2.6-upstream-reverts.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- linux-2.6-upstream-reverts.patch 18 Oct 2008 21:42:50 -0000 1.3
+++ linux-2.6-upstream-reverts.patch 24 Oct 2008 23:44:38 -0000 1.4
@@ -34,3 +34,250 @@
};
int i915_max_ioctl = DRM_ARRAY_SIZE(i915_ioctls);
+From sandeen at redhat.com Thu Oct 23 13:13:44 2008
+From: Eric Sandeen <sandeen at redhat.com>
+Date: Wed, 22 Oct 2008 10:11:52 -0500
+Subject: ext[234]: Avoid printk floods in the face of directory corruption (CVE-2008-3528)
+To: stable at kernel.org
+Cc: ext4 development <linux-ext4 at vger.kernel.org>
+Message-ID: <48FF42B8.3030606 at redhat.com>
+
+From: Eric Sandeen <sandeen at redhat.com>
+
+This is a trivial backport of the following upstream commits:
+
+- bd39597cbd42a784105a04010100e27267481c67 (ext2)
+- cdbf6dba28e8e6268c8420857696309470009fd9 (ext3)
+- 9d9f177572d9e4eba0f2e18523b44f90dd51fe74 (ext4)
+
+This addresses CVE-2008-3528
+
+ext[234]: Avoid printk floods in the face of directory corruption
+
+Note: some people thinks this represents a security bug, since it
+might make the system go away while it is printing a large number of
+console messages, especially if a serial console is involved. Hence,
+it has been assigned CVE-2008-3528, but it requires that the attacker
+either has physical access to your machine to insert a USB disk with a
+corrupted filesystem image (at which point why not just hit the power
+button), or is otherwise able to convince the system administrator to
+mount an arbitrary filesystem image (at which point why not just
+include a setuid shell or world-writable hard disk device file or some
+such). Me, I think they're just being silly. --tytso
+
+Signed-off-by: Eric Sandeen <sandeen at redhat.com>
+Signed-off-by: "Theodore Ts'o" <tytso at mit.edu>
+Cc: linux-ext4 at vger.kernel.org
+Cc: Eugene Teo <eugeneteo at kernel.sg>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+
+---
+ fs/ext2/dir.c | 60 +++++++++++++++++++++++++++++++++-------------------------
+ fs/ext3/dir.c | 10 ++++++---
+ fs/ext4/dir.c | 11 +++++++---
+ 3 files changed, 50 insertions(+), 31 deletions(-)
+
+--- a/fs/ext2/dir.c
++++ b/fs/ext2/dir.c
+@@ -103,7 +103,7 @@ static int ext2_commit_chunk(struct page
+ return err;
+ }
+
+-static void ext2_check_page(struct page *page)
++static void ext2_check_page(struct page *page, int quiet)
+ {
+ struct inode *dir = page->mapping->host;
+ struct super_block *sb = dir->i_sb;
+@@ -146,10 +146,10 @@ out:
+ /* Too bad, we had an error */
+
+ Ebadsize:
+- ext2_error(sb, "ext2_check_page",
+- "size of directory #%lu is not a multiple of chunk size",
+- dir->i_ino
+- );
++ if (!quiet)
++ ext2_error(sb, __func__,
++ "size of directory #%lu is not a multiple "
++ "of chunk size", dir->i_ino);
+ goto fail;
+ Eshort:
+ error = "rec_len is smaller than minimal";
+@@ -166,32 +166,36 @@ Espan:
+ Einumber:
+ error = "inode out of bounds";
+ bad_entry:
+- ext2_error (sb, "ext2_check_page", "bad entry in directory #%lu: %s - "
+- "offset=%lu, inode=%lu, rec_len=%d, name_len=%d",
+- dir->i_ino, error, (page->index<<PAGE_CACHE_SHIFT)+offs,
+- (unsigned long) le32_to_cpu(p->inode),
+- rec_len, p->name_len);
++ if (!quiet)
++ ext2_error(sb, __func__, "bad entry in directory #%lu: : %s - "
++ "offset=%lu, inode=%lu, rec_len=%d, name_len=%d",
++ dir->i_ino, error, (page->index<<PAGE_CACHE_SHIFT)+offs,
++ (unsigned long) le32_to_cpu(p->inode),
++ rec_len, p->name_len);
+ goto fail;
+ Eend:
+- p = (ext2_dirent *)(kaddr + offs);
+- ext2_error (sb, "ext2_check_page",
+- "entry in directory #%lu spans the page boundary"
+- "offset=%lu, inode=%lu",
+- dir->i_ino, (page->index<<PAGE_CACHE_SHIFT)+offs,
+- (unsigned long) le32_to_cpu(p->inode));
++ if (!quiet) {
++ p = (ext2_dirent *)(kaddr + offs);
++ ext2_error(sb, "ext2_check_page",
++ "entry in directory #%lu spans the page boundary"
++ "offset=%lu, inode=%lu",
++ dir->i_ino, (page->index<<PAGE_CACHE_SHIFT)+offs,
++ (unsigned long) le32_to_cpu(p->inode));
++ }
+ fail:
+ SetPageChecked(page);
+ SetPageError(page);
+ }
+
+-static struct page * ext2_get_page(struct inode *dir, unsigned long n)
++static struct page * ext2_get_page(struct inode *dir, unsigned long n,
++ int quiet)
+ {
+ struct address_space *mapping = dir->i_mapping;
+ struct page *page = read_mapping_page(mapping, n, NULL);
+ if (!IS_ERR(page)) {
+ kmap(page);
+ if (!PageChecked(page))
+- ext2_check_page(page);
++ ext2_check_page(page, quiet);
+ if (PageError(page))
+ goto fail;
+ }
+@@ -292,7 +296,7 @@ ext2_readdir (struct file * filp, void *
+ for ( ; n < npages; n++, offset = 0) {
+ char *kaddr, *limit;
+ ext2_dirent *de;
+- struct page *page = ext2_get_page(inode, n);
++ struct page *page = ext2_get_page(inode, n, 0);
+
+ if (IS_ERR(page)) {
+ ext2_error(sb, __func__,
+@@ -361,6 +365,7 @@ struct ext2_dir_entry_2 * ext2_find_entr
+ struct page *page = NULL;
+ struct ext2_inode_info *ei = EXT2_I(dir);
+ ext2_dirent * de;
++ int dir_has_error = 0;
+
+ if (npages == 0)
+ goto out;
+@@ -374,7 +379,7 @@ struct ext2_dir_entry_2 * ext2_find_entr
+ n = start;
+ do {
+ char *kaddr;
+- page = ext2_get_page(dir, n);
++ page = ext2_get_page(dir, n, dir_has_error);
+ if (!IS_ERR(page)) {
+ kaddr = page_address(page);
+ de = (ext2_dirent *) kaddr;
+@@ -391,7 +396,9 @@ struct ext2_dir_entry_2 * ext2_find_entr
+ de = ext2_next_entry(de);
+ }
+ ext2_put_page(page);
+- }
++ } else
++ dir_has_error = 1;
++
+ if (++n >= npages)
+ n = 0;
+ /* next page is past the blocks we've got */
+@@ -414,7 +421,7 @@ found:
+
+ struct ext2_dir_entry_2 * ext2_dotdot (struct inode *dir, struct page **p)
+ {
+- struct page *page = ext2_get_page(dir, 0);
++ struct page *page = ext2_get_page(dir, 0, 0);
+ ext2_dirent *de = NULL;
+
+ if (!IS_ERR(page)) {
+@@ -487,7 +494,7 @@ int ext2_add_link (struct dentry *dentry
+ for (n = 0; n <= npages; n++) {
+ char *dir_end;
+
+- page = ext2_get_page(dir, n);
++ page = ext2_get_page(dir, n, 0);
+ err = PTR_ERR(page);
+ if (IS_ERR(page))
+ goto out;
+@@ -655,14 +662,17 @@ int ext2_empty_dir (struct inode * inode
+ {
+ struct page *page = NULL;
+ unsigned long i, npages = dir_pages(inode);
++ int dir_has_error = 0;
+
+ for (i = 0; i < npages; i++) {
+ char *kaddr;
+ ext2_dirent * de;
+- page = ext2_get_page(inode, i);
++ page = ext2_get_page(inode, i, dir_has_error);
+
+- if (IS_ERR(page))
++ if (IS_ERR(page)) {
++ dir_has_error = 1;
+ continue;
++ }
+
+ kaddr = page_address(page);
+ de = (ext2_dirent *)kaddr;
+--- a/fs/ext3/dir.c
++++ b/fs/ext3/dir.c
+@@ -102,6 +102,7 @@ static int ext3_readdir(struct file * fi
+ int err;
+ struct inode *inode = filp->f_path.dentry->d_inode;
+ int ret = 0;
++ int dir_has_error = 0;
+
+ sb = inode->i_sb;
+
+@@ -148,9 +149,12 @@ static int ext3_readdir(struct file * fi
+ * of recovering data when there's a bad sector
+ */
+ if (!bh) {
+- ext3_error (sb, "ext3_readdir",
+- "directory #%lu contains a hole at offset %lu",
+- inode->i_ino, (unsigned long)filp->f_pos);
++ if (!dir_has_error) {
++ ext3_error(sb, __func__, "directory #%lu "
++ "contains a hole at offset %lld",
++ inode->i_ino, filp->f_pos);
++ dir_has_error = 1;
++ }
+ /* corrupt size? Maybe no more blocks to read */
+ if (filp->f_pos > inode->i_blocks << 9)
+ break;
+--- a/fs/ext4/dir.c
++++ b/fs/ext4/dir.c
+@@ -102,6 +102,7 @@ static int ext4_readdir(struct file * fi
+ int err;
+ struct inode *inode = filp->f_path.dentry->d_inode;
+ int ret = 0;
++ int dir_has_error = 0;
+
+ sb = inode->i_sb;
+
+@@ -148,9 +149,13 @@ static int ext4_readdir(struct file * fi
+ * of recovering data when there's a bad sector
+ */
+ if (!bh) {
+- ext4_error (sb, "ext4_readdir",
+- "directory #%lu contains a hole at offset %lu",
+- inode->i_ino, (unsigned long)filp->f_pos);
++ if (!dir_has_error) {
++ ext4_error(sb, __func__, "directory #%lu "
++ "contains a hole at offset %Lu",
++ inode->i_ino,
++ (unsigned long long) filp->f_pos);
++ dir_has_error = 1;
++ }
+ /* corrupt size? Maybe no more blocks to read */
+ if (filp->f_pos > inode->i_blocks << 9)
+ break;
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/sources,v
retrieving revision 1.912
retrieving revision 1.913
diff -u -r1.912 -r1.913
--- sources 22 Oct 2008 22:32:39 -0000 1.912
+++ sources 24 Oct 2008 23:44:38 -0000 1.913
@@ -1,2 +1,3 @@
b3e78977aa79d3754cb7f8143d7ddabd linux-2.6.27.tar.bz2
4f0dc89b4989619c616d40507b5f7f34 patch-2.6.27.3.bz2
+30a169832b0386d6888ec2c705f4ee84 patch-2.6.27.4-rc3.bz2
Index: upstream
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/upstream,v
retrieving revision 1.824
retrieving revision 1.825
diff -u -r1.824 -r1.825
--- upstream 22 Oct 2008 22:32:40 -0000 1.824
+++ upstream 24 Oct 2008 23:44:38 -0000 1.825
@@ -1,2 +1,3 @@
linux-2.6.27.tar.bz2
patch-2.6.27.3.bz2
+patch-2.6.27.4-rc3.bz2
--- linux-2.6-x86-acpi-fix-resume-on-64-bit-UP-systems.patch DELETED ---
- Previous message (by thread): rpms/rubygem-sqlite3-ruby/EL-5 import.log, NONE, 1.1 rubygem-sqlite3-ruby.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/gstreamer-plugins-good/devel .cvsignore, 1.12, 1.13 gst-plugins-good-0.10.9-libv4l.patch, 1.3, 1.4 gstreamer-plugins-good.spec, 1.76, 1.77 sources, 1.12, 1.13 gst-plugins-good-0.10.8-speex-nego.patch, 1.1, NONE gst-plugins-good-0.10.8-v4l2-progressive-fix.patch, 1.1, NONE gst-plugins-good-v4l2-new-kernel.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list