Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.0.git;a=commitdiff;h=2ee891a45edc91b4a28d7682bbc98681e0f2e5b9
commit 2ee891a45edc91b4a28d7682bbc98681e0f2e5b9 Author: Miklos Vajna <[email protected]> Date: Fri Aug 14 10:00:02 2009 +0200 kernel-2.6.28-6anacreon3-i686 - add CVE-2009-2692.patch - also increment CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR to 4096 to avoid further similar problems diff --git a/source/base/kernel/CVE-2009-2692.patch b/source/base/kernel/CVE-2009-2692.patch new file mode 100644 index 0000000..b3f5867 --- /dev/null +++ b/source/base/kernel/CVE-2009-2692.patch @@ -0,0 +1,39 @@ +From e694958388c50148389b0e9b9e9e8945cf0f1b98 Mon Sep 17 00:00:00 2001 +From: Linus Torvalds <[email protected]> +Date: Thu, 13 Aug 2009 08:28:36 -0700 +Subject: [PATCH] Make sock_sendpage() use kernel_sendpage() + +kernel_sendpage() does the proper default case handling for when the +socket doesn't have a native sendpage implementation. + +Now, arguably this might be something that we could instead solve by +just specifying that all protocols should do it themselves at the +protocol level, but we really only care about the common protocols. +Does anybody really care about sendpage on something like Appletalk? Not +likely. + +Acked-by: David S. Miller <[email protected]> +Acked-by: Julien TINNES <[email protected]> +Acked-by: Tavis Ormandy <[email protected]> +Cc: [email protected] +Signed-off-by: Linus Torvalds <[email protected]> +--- + net/socket.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/net/socket.c b/net/socket.c +index 791d71a..6d47165 100644 +--- a/net/socket.c ++++ b/net/socket.c +@@ -736,7 +736,7 @@ static ssize_t sock_sendpage(struct file *file, struct page *page, + if (more) + flags |= MSG_MORE; + +- return sock->ops->sendpage(sock, page, offset, size, flags); ++ return kernel_sendpage(sock, page, offset, size, flags); + } + + static ssize_t sock_splice_read(struct file *file, loff_t *ppos, +-- +1.6.4 + diff --git a/source/base/kernel/FrugalBuild b/source/base/kernel/FrugalBuild index 3d0a30b..114d915 100644 --- a/source/base/kernel/FrugalBuild +++ b/source/base/kernel/FrugalBuild @@ -2,9 +2,10 @@ # Maintainer: Miklos Vajna <[email protected]> _F_kernel_patches=(kernel-2.6.28-KVM-gfxboot.patch intel_iommu_default_to_off.patch \ - jbd2.patch CVE-2009-1895.patch CVE-2009-2406.patch CVE-2009-2407.patch) + jbd2.patch CVE-2009-1895.patch CVE-2009-2406.patch CVE-2009-2407.patch \ + CVE-2009-2692.patch) ## NOTE: gfxboot.patch will 'probably' never go upstream , however without ## it one is unable to install FW with KVM. The patch only affects KVM mode and ## nothing else.. Finclude kernel -pkgrel=6anacreon2 +pkgrel=6anacreon3 diff --git a/source/base/kernel/config.i686 b/source/base/kernel/config.i686 index e0fe179..3ae2cb4 100644 --- a/source/base/kernel/config.i686 +++ b/source/base/kernel/config.i686 @@ -4161,7 +4161,7 @@ CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_NETWORK_XFRM is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set # CONFIG_SECURITY_ROOTPLUG is not set -CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0 +CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=4096 # CONFIG_SECURITY_SELINUX is not set # CONFIG_SECURITY_SMACK is not set CONFIG_XOR_BLOCKS=y diff --git a/source/base/kernel/config.ppc b/source/base/kernel/config.ppc index 1ccf205..d12752a 100644 --- a/source/base/kernel/config.ppc +++ b/source/base/kernel/config.ppc @@ -2218,7 +2218,7 @@ CONFIG_SECURITYFS=y # CONFIG_SECURITY_NETWORK is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set # CONFIG_SECURITY_ROOTPLUG is not set -CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0 +CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=4096 CONFIG_XOR_BLOCKS=m CONFIG_ASYNC_CORE=m CONFIG_ASYNC_MEMCPY=m diff --git a/source/base/kernel/config.x86_64 b/source/base/kernel/config.x86_64 index bfef928..d86b96f 100644 --- a/source/base/kernel/config.x86_64 +++ b/source/base/kernel/config.x86_64 @@ -3911,7 +3911,7 @@ CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_NETWORK_XFRM is not set # CONFIG_SECURITY_FILE_CAPABILITIES is not set # CONFIG_SECURITY_ROOTPLUG is not set -CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0 +CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=4096 # CONFIG_SECURITY_SELINUX is not set # CONFIG_SECURITY_SMACK is not set CONFIG_XOR_BLOCKS=y _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
