rpms/kernel/F-10 TODO, 1.43, 1.44 kernel.spec, 1.1126, 1.1127 linux-2.6-upstream-reverts.patch, 1.5, 1.6 linux-2.6.27-ext-dir-corruption-fix.patch, 1.1, NONE
Chuck Ebbert
cebbert at fedoraproject.org
Sun Nov 9 22:38:51 UTC 2008
Author: cebbert
Update of /cvs/pkgs/rpms/kernel/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25746
Modified Files:
TODO kernel.spec linux-2.6-upstream-reverts.patch
Removed Files:
linux-2.6.27-ext-dir-corruption-fix.patch
Log Message:
Fix up the CVE-2008-3528 patch so we get it from -stable.
Index: TODO
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-10/TODO,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- TODO 6 Nov 2008 20:41:46 -0000 1.43
+++ TODO 9 Nov 2008 22:38:19 -0000 1.44
@@ -12,17 +12,9 @@
Nouveau DRM driver.
Won't go upstream until ABI confirmed.
-linux-2.6-acpi-clear-wake-status.patch
-linux-2.6-input-dell-keyboard-keyup.patch
- Upstream in 2.6.28-rc, sent to -stable
-
linux-2.6-eeepc-laptop-update.patch
Upstream but slightly different (commit a195dcdc)
-linux-2.6-acpi-ignore-reset_reg_sup.patch
- Fixes reboot after suspend/resume (https://bugzilla.redhat.com/show_bug.cgi?id=461228)
- Upstream in .28rc1, sent to stable
-
linux-2.6-at76.patch
linux-2.6-iwl3945-ibss-tsf-fix.patch
linux-2.6-iwlagn-downgrade-BUG_ON-in-interrupt.patch
@@ -132,7 +124,6 @@
linux-2.6-silence-noise.patch
linux-2.6-amd64-yes-i-know-you-live.patch
linux-2.6.27-pci-hush-allocation-failures.patch
-linux-2.6.27-acpi-ec-drizzle.patch
Fedora local 'hush' patches. (Some will go upstream next time)
linux-2.6-selinux-mprotect-checks.patch
@@ -152,29 +143,11 @@
DEBUG_SHIRQ causes an oops.
Needs testing, if it works, it'll go upstream soon.
-linux-2.6.27-ext4-stable-patch-queue.patch
+linux-2.6.27-ext4-2.6.28-backport-fixups.patch
+linux-2.6.27-ext4-2.6.28-rc3-git6.patch
EXT4 bits for 2.6.28
Eric looks after this stuff.
-linux-2.6.27-fs-disable-fiemap.patch
- Don't let this interface get out 'til it's official (and
- released) upstream.
-
-linux-2.6.27-ext-dir-corruption-fix.patch
- in -stable, but reverted in upstream-reverts
- (the ext4 patch queue won't apply if we get this patch from -stable)
-
-linux-2.6.27-delay-ext4-free-block-cap-check.patch
- In the ext4 queue, will be upstream (for bug #467216)
-
-linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch
- In mainline and 2.6.26-stable, submitted for 2.6.27-stable.
-
-linux-2.6-rtc-cmos-look-for-pnp-rtc-first.patch
-linux-2.6-x86-register-platform-rtc-if-pnp-doesnt-describe-it.patch
- Fix broken RTC on systems that don't expose it via PnP.
- Submitted for -stable
-
linux-2.6.27-sony-laptop-suspend-fix.patch
Submitted: http://marc.info/?l=linux-kernel&m=122419261829835&w=2
@@ -182,23 +155,8 @@
In -stable, reverted in upstream-reverts, reapplied after the drm patch.
The drm patch should be fixed up to not conflict with the upstream patch.
-linux-2.6-libata-pata_it821x-fix-lba48-on-raid-volumes.patch
- upstream, sent for -stable
-
-linux-2.6-usb-storage-unusual-devs-jmicron-ata-bridge.patch
- sent for stable
-
-linux-2.6-net-tcp-option-ordering.patch
- Backport of fd6149d332973bafa50f03ddb0ea9513e67f4517 from .28
-
-linux-2.6-sched-features-disable-hrtick.patch
-linux-2.6-sched_clock-prevent-scd-clock-from-moving-backwards
- Scheduler patches from 2.6.28, sent to -stable
-
-linux-2.6-r8169-fix-RxMissed-register-access.patch
-linux-2.6-r8169-wake-up-the-phy-of-the-8168.patch
- Selected patches from the r8169 2.6.28 driver.
- Should go to stable after confirming they fix reported bugs.
+linux-2.6-netdev-r8169-2.6.28.patch
+ Update the r8169 driver to 2.6.28-rc3
linux-2.6-olpc-speaker-out.patch
Enables speaker output by default on OLPC, going to get review from
@@ -219,4 +177,3 @@
linux-2.6-alsa-ac97-whitelist-AD1981B.patch
https://bugzilla.redhat.com/show_bug.cgi?id=441087
should be pushed upstream
-
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-10/kernel.spec,v
retrieving revision 1.1126
retrieving revision 1.1127
diff -u -r1.1126 -r1.1127
--- kernel.spec 9 Nov 2008 20:41:21 -0000 1.1126
+++ kernel.spec 9 Nov 2008 22:38:20 -0000 1.1127
@@ -715,8 +715,6 @@
# ext4 fun - new & improved, now with less dev!
Patch2900: linux-2.6.27-ext4-2.6.28-rc3-git6.patch
Patch2901: linux-2.6.27-ext4-2.6.28-backport-fixups.patch
-# CVE-2008-3528
-Patch2902: linux-2.6.27-ext-dir-corruption-fix.patch
# cciss sysfs links are broken
Patch3000: linux-2.6-blk-cciss-fix-regression-sysfs-symlink-missing.patch
@@ -1144,10 +1142,6 @@
ApplyPatch linux-2.6.27-ext4-2.6.28-rc3-git6.patch
# Fixups for the upstream ext4 code to build cleanly in 2.6.27.
ApplyPatch linux-2.6.27-ext4-2.6.28-backport-fixups.patch
-# CVE-2008-3528, ext-fs dir corruption
-# reverted from the 2.6.27.4 patch in upstream-reverts
-# and applied here after the update
-ApplyPatch linux-2.6.27-ext-dir-corruption-fix.patch
# xfs
@@ -1898,6 +1892,9 @@
%kernel_variant_files -k vmlinux %{with_kdump} kdump
%changelog
+* Sun Nov 09 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.27.5-91
+- Fix up the CVE-2008-3528 patch so we get it from -stable.
+
* Sun Nov 09 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.27.5-90
- ext4 updates to 2.6.28-rc3
linux-2.6-upstream-reverts.patch:
Index: linux-2.6-upstream-reverts.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-10/linux-2.6-upstream-reverts.patch,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- linux-2.6-upstream-reverts.patch 7 Nov 2008 23:05:01 -0000 1.5
+++ linux-2.6-upstream-reverts.patch 9 Nov 2008 22:38:20 -0000 1.6
@@ -2,6 +2,9 @@
From: Matthias Hopf <mhopf at suse.de>
Date: Sat, 18 Oct 2008 07:18:05 +1000
Subject: drm/i915: fix ioremap of a user address for non-root (CVE-2008-3831)
+Status: O
+Content-Length: 1367
+Lines: 30
From: Matthias Hopf <mhopf at suse.de>
@@ -34,253 +37,11 @@
};
int i915_max_ioctl = DRM_ARRAY_SIZE(i915_ioctls);
-From sandeen at redhat.com Thu Oct 23 13:13:44 2008
-From: Eric Sandeen <sandeen at redhat.com>
-Date: Wed, 22 Oct 2008 10:11:52 -0500
-Subject: ext[234]: Avoid printk floods in the face of directory corruption (CVE-2008-3528)
-To: stable at kernel.org
-Cc: ext4 development <linux-ext4 at vger.kernel.org>
-Message-ID: <48FF42B8.3030606 at redhat.com>
-
-From: Eric Sandeen <sandeen at redhat.com>
-
-This is a trivial backport of the following upstream commits:
-
-- bd39597cbd42a784105a04010100e27267481c67 (ext2)
-- cdbf6dba28e8e6268c8420857696309470009fd9 (ext3)
-- 9d9f177572d9e4eba0f2e18523b44f90dd51fe74 (ext4)
-
-This addresses CVE-2008-3528
-
-ext[234]: Avoid printk floods in the face of directory corruption
-
-Note: some people thinks this represents a security bug, since it
-might make the system go away while it is printing a large number of
-console messages, especially if a serial console is involved. Hence,
-it has been assigned CVE-2008-3528, but it requires that the attacker
-either has physical access to your machine to insert a USB disk with a
-corrupted filesystem image (at which point why not just hit the power
-button), or is otherwise able to convince the system administrator to
-mount an arbitrary filesystem image (at which point why not just
-include a setuid shell or world-writable hard disk device file or some
-such). Me, I think they're just being silly. --tytso
-
-Signed-off-by: Eric Sandeen <sandeen at redhat.com>
-Signed-off-by: "Theodore Ts'o" <tytso at mit.edu>
-Cc: linux-ext4 at vger.kernel.org
-Cc: Eugene Teo <eugeneteo at kernel.sg>
-Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+From cebbert at redhat.com Mon Oct 27 13:55:39 2008
+Status: RO
+Content-Length: 324
+Lines: 7
----
- fs/ext2/dir.c | 60 +++++++++++++++++++++++++++++++++-------------------------
- fs/ext3/dir.c | 10 ++++++---
- fs/ext4/dir.c | 11 +++++++---
- 3 files changed, 50 insertions(+), 31 deletions(-)
-
---- a/fs/ext2/dir.c
-+++ b/fs/ext2/dir.c
-@@ -103,7 +103,7 @@ static int ext2_commit_chunk(struct page
- return err;
- }
-
--static void ext2_check_page(struct page *page)
-+static void ext2_check_page(struct page *page, int quiet)
- {
- struct inode *dir = page->mapping->host;
- struct super_block *sb = dir->i_sb;
-@@ -146,10 +146,10 @@ out:
- /* Too bad, we had an error */
-
- Ebadsize:
-- ext2_error(sb, "ext2_check_page",
-- "size of directory #%lu is not a multiple of chunk size",
-- dir->i_ino
-- );
-+ if (!quiet)
-+ ext2_error(sb, __func__,
-+ "size of directory #%lu is not a multiple "
-+ "of chunk size", dir->i_ino);
- goto fail;
- Eshort:
- error = "rec_len is smaller than minimal";
-@@ -166,32 +166,36 @@ Espan:
- Einumber:
- error = "inode out of bounds";
- bad_entry:
-- ext2_error (sb, "ext2_check_page", "bad entry in directory #%lu: %s - "
-- "offset=%lu, inode=%lu, rec_len=%d, name_len=%d",
-- dir->i_ino, error, (page->index<<PAGE_CACHE_SHIFT)+offs,
-- (unsigned long) le32_to_cpu(p->inode),
-- rec_len, p->name_len);
-+ if (!quiet)
-+ ext2_error(sb, __func__, "bad entry in directory #%lu: : %s - "
-+ "offset=%lu, inode=%lu, rec_len=%d, name_len=%d",
-+ dir->i_ino, error, (page->index<<PAGE_CACHE_SHIFT)+offs,
-+ (unsigned long) le32_to_cpu(p->inode),
-+ rec_len, p->name_len);
- goto fail;
- Eend:
-- p = (ext2_dirent *)(kaddr + offs);
-- ext2_error (sb, "ext2_check_page",
-- "entry in directory #%lu spans the page boundary"
-- "offset=%lu, inode=%lu",
-- dir->i_ino, (page->index<<PAGE_CACHE_SHIFT)+offs,
-- (unsigned long) le32_to_cpu(p->inode));
-+ if (!quiet) {
-+ p = (ext2_dirent *)(kaddr + offs);
-+ ext2_error(sb, "ext2_check_page",
-+ "entry in directory #%lu spans the page boundary"
-+ "offset=%lu, inode=%lu",
-+ dir->i_ino, (page->index<<PAGE_CACHE_SHIFT)+offs,
-+ (unsigned long) le32_to_cpu(p->inode));
-+ }
- fail:
- SetPageChecked(page);
- SetPageError(page);
- }
-
--static struct page * ext2_get_page(struct inode *dir, unsigned long n)
-+static struct page * ext2_get_page(struct inode *dir, unsigned long n,
-+ int quiet)
- {
- struct address_space *mapping = dir->i_mapping;
- struct page *page = read_mapping_page(mapping, n, NULL);
- if (!IS_ERR(page)) {
- kmap(page);
- if (!PageChecked(page))
-- ext2_check_page(page);
-+ ext2_check_page(page, quiet);
- if (PageError(page))
- goto fail;
- }
-@@ -292,7 +296,7 @@ ext2_readdir (struct file * filp, void *
- for ( ; n < npages; n++, offset = 0) {
- char *kaddr, *limit;
- ext2_dirent *de;
-- struct page *page = ext2_get_page(inode, n);
-+ struct page *page = ext2_get_page(inode, n, 0);
-
- if (IS_ERR(page)) {
- ext2_error(sb, __func__,
-@@ -361,6 +365,7 @@ struct ext2_dir_entry_2 * ext2_find_entr
- struct page *page = NULL;
- struct ext2_inode_info *ei = EXT2_I(dir);
- ext2_dirent * de;
-+ int dir_has_error = 0;
-
- if (npages == 0)
- goto out;
-@@ -374,7 +379,7 @@ struct ext2_dir_entry_2 * ext2_find_entr
- n = start;
- do {
- char *kaddr;
-- page = ext2_get_page(dir, n);
-+ page = ext2_get_page(dir, n, dir_has_error);
- if (!IS_ERR(page)) {
- kaddr = page_address(page);
- de = (ext2_dirent *) kaddr;
-@@ -391,7 +396,9 @@ struct ext2_dir_entry_2 * ext2_find_entr
- de = ext2_next_entry(de);
- }
- ext2_put_page(page);
-- }
-+ } else
-+ dir_has_error = 1;
-+
- if (++n >= npages)
- n = 0;
- /* next page is past the blocks we've got */
-@@ -414,7 +421,7 @@ found:
-
- struct ext2_dir_entry_2 * ext2_dotdot (struct inode *dir, struct page **p)
- {
-- struct page *page = ext2_get_page(dir, 0);
-+ struct page *page = ext2_get_page(dir, 0, 0);
- ext2_dirent *de = NULL;
-
- if (!IS_ERR(page)) {
-@@ -487,7 +494,7 @@ int ext2_add_link (struct dentry *dentry
- for (n = 0; n <= npages; n++) {
- char *dir_end;
-
-- page = ext2_get_page(dir, n);
-+ page = ext2_get_page(dir, n, 0);
- err = PTR_ERR(page);
- if (IS_ERR(page))
- goto out;
-@@ -655,14 +662,17 @@ int ext2_empty_dir (struct inode * inode
- {
- struct page *page = NULL;
- unsigned long i, npages = dir_pages(inode);
-+ int dir_has_error = 0;
-
- for (i = 0; i < npages; i++) {
- char *kaddr;
- ext2_dirent * de;
-- page = ext2_get_page(inode, i);
-+ page = ext2_get_page(inode, i, dir_has_error);
-
-- if (IS_ERR(page))
-+ if (IS_ERR(page)) {
-+ dir_has_error = 1;
- continue;
-+ }
-
- kaddr = page_address(page);
- de = (ext2_dirent *)kaddr;
---- a/fs/ext3/dir.c
-+++ b/fs/ext3/dir.c
-@@ -102,6 +102,7 @@ static int ext3_readdir(struct file * fi
- int err;
- struct inode *inode = filp->f_path.dentry->d_inode;
- int ret = 0;
-+ int dir_has_error = 0;
-
- sb = inode->i_sb;
-
-@@ -148,9 +149,12 @@ static int ext3_readdir(struct file * fi
- * of recovering data when there's a bad sector
- */
- if (!bh) {
-- ext3_error (sb, "ext3_readdir",
-- "directory #%lu contains a hole at offset %lu",
-- inode->i_ino, (unsigned long)filp->f_pos);
-+ if (!dir_has_error) {
-+ ext3_error(sb, __func__, "directory #%lu "
-+ "contains a hole at offset %lld",
-+ inode->i_ino, filp->f_pos);
-+ dir_has_error = 1;
-+ }
- /* corrupt size? Maybe no more blocks to read */
- if (filp->f_pos > inode->i_blocks << 9)
- break;
---- a/fs/ext4/dir.c
-+++ b/fs/ext4/dir.c
-@@ -102,6 +102,7 @@ static int ext4_readdir(struct file * fi
- int err;
- struct inode *inode = filp->f_path.dentry->d_inode;
- int ret = 0;
-+ int dir_has_error = 0;
-
- sb = inode->i_sb;
-
-@@ -148,9 +149,13 @@ static int ext4_readdir(struct file * fi
- * of recovering data when there's a bad sector
- */
- if (!bh) {
-- ext4_error (sb, "ext4_readdir",
-- "directory #%lu contains a hole at offset %lu",
-- inode->i_ino, (unsigned long)filp->f_pos);
-+ if (!dir_has_error) {
-+ ext4_error(sb, __func__, "directory #%lu "
-+ "contains a hole at offset %Lu",
-+ inode->i_ino,
-+ (unsigned long long) filp->f_pos);
-+ dir_has_error = 1;
-+ }
- /* corrupt size? Maybe no more blocks to read */
- if (filp->f_pos > inode->i_blocks << 9)
- break;
Revert these patches from the stable queue:
firewire-fix-ioctl-return-code.patch
firewire-fix-setting-tag-and-sy-in-iso-transmission.patch
@@ -297,6 +58,9 @@
Cc: linux1394-devel at lists.sourceforge.net, linux-kernel at vger.kernel.org
Message-ID: <tkrat.509dbd5216c80cfd at s5r6.in-berlin.de>
Content-Disposition: INLINE
+Status: O
+Content-Length: 680
+Lines: 27
From: Stefan Richter <stefanr at s5r6.in-berlin.de>
@@ -334,6 +98,9 @@
Cc: linux1394-devel at lists.sourceforge.net, linux-kernel at vger.kernel.org
Message-ID: <tkrat.c6c9e197bd5d3af2 at s5r6.in-berlin.de>
Content-Disposition: INLINE
+Status: O
+Content-Length: 948
+Lines: 26
From: Stefan Richter <stefanr at s5r6.in-berlin.de>
@@ -370,6 +137,9 @@
Cc: linux1394-devel at lists.sourceforge.net, linux-kernel at vger.kernel.org
Message-ID: <tkrat.e499a05eaa0ec529 at s5r6.in-berlin.de>
Content-Disposition: INLINE
+Status: O
+Content-Length: 1050
+Lines: 36
From: Jay Fenlason <fenlason at redhat.com>
@@ -416,6 +186,9 @@
Cc: linux1394-devel at lists.sourceforge.net, linux-kernel at vger.kernel.org
Message-ID: <tkrat.9bc21c3b6a97bebe at s5r6.in-berlin.de>
Content-Disposition: INLINE
+Status: O
+Content-Length: 1597
+Lines: 40
From: Stefan Richter <stefanr at s5r6.in-berlin.de>
@@ -465,6 +238,9 @@
To: stable at kernel.org
Cc: linux1394-devel at lists.sourceforge.net, linux-kernel at vger.kernel.org
Message-ID: <tkrat.84265bc39337ceb3 at s5r6.in-berlin.de>
+Status: O
+Content-Length: 3223
+Lines: 95
From: Jay Fenlason <fenlason at redhat.com>
@@ -570,6 +346,9 @@
Cc: linux1394-devel at lists.sourceforge.net, linux-kernel at vger.kernel.org
Message-ID: <tkrat.6faab57f3da8f9b9 at s5r6.in-berlin.de>
Content-Disposition: INLINE
+Status: O
+Content-Length: 1058
+Lines: 31
From: Jay Fenlason <fenlason at redhat.com>
--- linux-2.6.27-ext-dir-corruption-fix.patch DELETED ---
More information about the scm-commits
mailing list