Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-0.7.git;a=commitdiff;h=6c295cc15aea7dc2101d438ce5987d8a571ecc7d
commit 6c295cc15aea7dc2101d438ce5987d8a571ecc7d Author: Miklos Vajna <[EMAIL PROTECTED]> Date: Tue Mar 4 10:27:24 2008 +0100 kernel-2.6.22-7sayshell6-i686 - update to patchlevel '.19' - closes #2834 diff --git a/source/base/kernel/29eb51101c02df517ca64ec472d7501127ad1da8.patch b/source/base/kernel/29eb51101c02df517ca64ec472d7501127ad1da8.patch deleted file mode 100644 index f670643..0000000 --- a/source/base/kernel/29eb51101c02df517ca64ec472d7501127ad1da8.patch +++ /dev/null @@ -1,86 +0,0 @@ -From: Roland McGrath <[EMAIL PROTECTED]> -Date: Mon, 16 Jul 2007 08:03:16 +0000 (-0700) -Subject: Handle bogus %cs selector in single-step instruction decoding -X-Git-Tag: v2.6.23-rc1~492 -X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=29eb51101c02df517ca64ec472d7501127ad1da8 - -Handle bogus %cs selector in single-step instruction decoding - -The code for LDT segment selectors was not robust in the face of a bogus -selector set in %cs via ptrace before the single-step was done. - -Signed-off-by: Roland McGrath <[EMAIL PROTECTED]> -Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]> ---- - -diff --git a/arch/i386/kernel/ptrace.c b/arch/i386/kernel/ptrace.c -index 1c075f5..0c8f00e 100644 ---- a/arch/i386/kernel/ptrace.c -+++ b/arch/i386/kernel/ptrace.c -@@ -164,14 +164,22 @@ static unsigned long convert_eip_to_linear(struct task_struct *child, struct pt_ - u32 *desc; - unsigned long base; - -- down(&child->mm->context.sem); -- desc = child->mm->context.ldt + (seg & ~7); -- base = (desc[0] >> 16) | ((desc[1] & 0xff) << 16) | (desc[1] & 0xff000000); -+ seg &= ~7UL; - -- /* 16-bit code segment? */ -- if (!((desc[1] >> 22) & 1)) -- addr &= 0xffff; -- addr += base; -+ down(&child->mm->context.sem); -+ if (unlikely((seg >> 3) >= child->mm->context.size)) -+ addr = -1L; /* bogus selector, access would fault */ -+ else { -+ desc = child->mm->context.ldt + seg; -+ base = ((desc[0] >> 16) | -+ ((desc[1] & 0xff) << 16) | -+ (desc[1] & 0xff000000)); -+ -+ /* 16-bit code segment? */ -+ if (!((desc[1] >> 22) & 1)) -+ addr &= 0xffff; -+ addr += base; -+ } - up(&child->mm->context.sem); - } - return addr; -diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c -index fa6775e..e83cc67 100644 ---- a/arch/x86_64/kernel/ptrace.c -+++ b/arch/x86_64/kernel/ptrace.c -@@ -102,16 +102,25 @@ unsigned long convert_rip_to_linear(struct task_struct *child, struct pt_regs *r - u32 *desc; - unsigned long base; - -- down(&child->mm->context.sem); -- desc = child->mm->context.ldt + (seg & ~7); -- base = (desc[0] >> 16) | ((desc[1] & 0xff) << 16) | (desc[1] & 0xff000000); -+ seg &= ~7UL; - -- /* 16-bit code segment? */ -- if (!((desc[1] >> 22) & 1)) -- addr &= 0xffff; -- addr += base; -+ down(&child->mm->context.sem); -+ if (unlikely((seg >> 3) >= child->mm->context.size)) -+ addr = -1L; /* bogus selector, access would fault */ -+ else { -+ desc = child->mm->context.ldt + seg; -+ base = ((desc[0] >> 16) | -+ ((desc[1] & 0xff) << 16) | -+ (desc[1] & 0xff000000)); -+ -+ /* 16-bit code segment? */ -+ if (!((desc[1] >> 22) & 1)) -+ addr &= 0xffff; -+ addr += base; -+ } - up(&child->mm->context.sem); - } -+ - return addr; - } - diff --git a/source/base/kernel/CVE-2007-6206.diff b/source/base/kernel/CVE-2007-6206.diff deleted file mode 100644 index cd6b4e5..0000000 --- a/source/base/kernel/CVE-2007-6206.diff +++ /dev/null @@ -1,37 +0,0 @@ -From: Ingo Molnar <[EMAIL PROTECTED]> -Date: Wed, 28 Nov 2007 12:59:18 +0000 (+0100) -Subject: vfs: coredumping fix -X-Git-Tag: v2.6.24-rc4~82 -X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=c46f739dd39db3b07ab5deb4e3ec81e1c04a91af - -vfs: coredumping fix - -fix: http://bugzilla.kernel.org/show_bug.cgi?id=3043 - -only allow coredumping to the same uid that the coredumping -task runs under. - -Signed-off-by: Ingo Molnar <[EMAIL PROTECTED]> -Acked-by: Alan Cox <[EMAIL PROTECTED]> -Acked-by: Christoph Hellwig <[EMAIL PROTECTED]> -Acked-by: Al Viro <[EMAIL PROTECTED]> -Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]> ---- - -diff --git a/fs/exec.c b/fs/exec.c -index 4ccaaa4..282240a 100644 ---- a/fs/exec.c -+++ b/fs/exec.c -@@ -1780,6 +1780,12 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) - but keep the previous behaviour for now. */ - if (!ispipe && !S_ISREG(inode->i_mode)) - goto close_fail; -+ /* -+ * Dont allow local users get cute and trick others to coredump -+ * into their pre-created files: -+ */ -+ if (inode->i_uid != current->fsuid) -+ goto close_fail; - if (!file->f_op) - goto close_fail; - if (!file->f_op->write) diff --git a/source/base/kernel/FrugalBuild b/source/base/kernel/FrugalBuild index 263e637..60b72bb 100644 --- a/source/base/kernel/FrugalBuild +++ b/source/base/kernel/FrugalBuild @@ -2,11 +2,8 @@ # Maintainer: VMiklos <[EMAIL PROTECTED]> _F_kernel_patches=(aacraid.diff pxa27x.diff CVE-2007-3843.diff \ - 29eb51101c02df517ca64ec472d7501127ad1da8.patch \ - a10d9a71bafd3a283da240d2868e71346d2aef6f.patch \ - CVE-2007-6206.diff \ CVE-2008-0009-10.diff) Finclude kernel # you can safely bump this. on the first bump you MUST rebuild all the external # kernel modules so that they will have >=-styled deps instead of the = ones -pkgrel=7sayshell5 +pkgrel=7sayshell6 diff --git a/source/base/kernel/a10d9a71bafd3a283da240d2868e71346d2aef6f.patch b/source/base/kernel/a10d9a71bafd3a283da240d2868e71346d2aef6f.patch deleted file mode 100644 index b033800..0000000 --- a/source/base/kernel/a10d9a71bafd3a283da240d2868e71346d2aef6f.patch +++ /dev/null @@ -1,64 +0,0 @@ -From: Peter Zijlstra <[EMAIL PROTECTED]> -Date: Wed, 18 Jul 2007 18:59:22 +0000 (+0200) -Subject: i386: fixup TRACE_IRQ breakage -X-Git-Tag: v2.6.23-rc1~491 -X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=a10d9a71bafd3a283da240d2868e71346d2aef6f - -i386: fixup TRACE_IRQ breakage - -The TRACE_IRQS_ON function in iret_exc: calls a C function without -ensuring that the segments are set properly. Move the trace function and -the enabling of interrupt into the C stub. - -Signed-off-by: Peter Zijlstra <[EMAIL PROTECTED]> -Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]> ---- - -diff --git a/arch/i386/kernel/entry.S b/arch/i386/kernel/entry.S -index 32980b8..a714d6b 100644 ---- a/arch/i386/kernel/entry.S -+++ b/arch/i386/kernel/entry.S -@@ -409,8 +409,6 @@ restore_nocheck_notrace: - 1: INTERRUPT_RETURN - .section .fixup,"ax" - iret_exc: -- TRACE_IRQS_ON -- ENABLE_INTERRUPTS(CLBR_NONE) - pushl $0 # no error code - pushl $do_iret_error - jmp error_code -diff --git a/arch/i386/kernel/traps.c b/arch/i386/kernel/traps.c -index 18c1c28..d32fd4b 100644 ---- a/arch/i386/kernel/traps.c -+++ b/arch/i386/kernel/traps.c -@@ -518,10 +518,12 @@ fastcall void do_##name(struct pt_regs * regs, long error_code) \ - do_trap(trapnr, signr, str, 0, regs, error_code, NULL); \ - } - --#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr) \ -+#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr, irq) \ - fastcall void do_##name(struct pt_regs * regs, long error_code) \ - { \ - siginfo_t info; \ -+ if (irq) \ -+ local_irq_enable(); \ - info.si_signo = signr; \ - info.si_errno = 0; \ - info.si_code = sicode; \ -@@ -561,13 +563,13 @@ DO_VM86_ERROR( 3, SIGTRAP, "int3", int3) - #endif - DO_VM86_ERROR( 4, SIGSEGV, "overflow", overflow) - DO_VM86_ERROR( 5, SIGSEGV, "bounds", bounds) --DO_ERROR_INFO( 6, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN, regs->eip) -+DO_ERROR_INFO( 6, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN, regs->eip, 0) - DO_ERROR( 9, SIGFPE, "coprocessor segment overrun", coprocessor_segment_overrun) - DO_ERROR(10, SIGSEGV, "invalid TSS", invalid_TSS) - DO_ERROR(11, SIGBUS, "segment not present", segment_not_present) - DO_ERROR(12, SIGBUS, "stack segment", stack_segment) --DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0) --DO_ERROR_INFO(32, SIGSEGV, "iret exception", iret_error, ILL_BADSTK, 0) -+DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0, 0) -+DO_ERROR_INFO(32, SIGSEGV, "iret exception", iret_error, ILL_BADSTK, 0, 1) - - fastcall void __kprobes do_general_protection(struct pt_regs * regs, - long error_code) diff --git a/source/include/kernel-version.sh b/source/include/kernel-version.sh index 307b296..3d7ae20 100644 --- a/source/include/kernel-version.sh +++ b/source/include/kernel-version.sh @@ -18,4 +18,4 @@ # don't touch these! _F_kernelver_ver=2.6.22 _F_kernelver_rel=6 -_F_kernelver_stable=16 +_F_kernelver_stable=19 _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
