diff options
| author | Bastian Blank <waldi@debian.org> | 2006-07-15 19:49:32 +0000 |
|---|---|---|
| committer | Bastian Blank <waldi@debian.org> | 2006-07-15 19:49:32 +0000 |
| commit | 533d12fe9de6ff54301cc791f102fc45011f6413 (patch) | |
| tree | 7585d30268a0f35d9cf02abd6c38cde5f88714ae | |
| parent | 2af11163d037b41ffd47079364993bcd123a0500 (diff) | |
| download | kernel_replicant_linux-533d12fe9de6ff54301cc791f102fc45011f6413.tar.gz kernel_replicant_linux-533d12fe9de6ff54301cc791f102fc45011f6413.tar.bz2 kernel_replicant_linux-533d12fe9de6ff54301cc791f102fc45011f6413.zip | |
* Add stable release 2.6.17.5.
* Add stable release 2.6.17.6.
* debian/changelog: Update.
* debian/patches/series/4
- Add 2.6.17.5.
- Add 2.6.17.6.
* debian/patches/2.6.17.5, debian/patches/2.6.17.6: Add.
svn path=/dists/trunk/linux-2.6/; revision=7029
| -rw-r--r-- | debian/changelog | 11 | ||||
| -rw-r--r-- | debian/patches/2.6.17.5 | 12 | ||||
| -rw-r--r-- | debian/patches/2.6.17.6 | 22 | ||||
| -rw-r--r-- | debian/patches/series/4 | 2 |
4 files changed, 45 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog index 2c49f51978c9..18badd25bfbf 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +linux-2.6 (2.6.17-4) UNRELEASED; urgency=low + + * Add stable release 2.6.17.5: + - Fix nasty /proc vulnerability (CVE-2006-3626) + * Add stable release 2.6.17.6: + - Relax /proc fix a bit + + -- Bastian Blank <waldi@debian.org> Sat, 15 Jul 2006 21:46:05 +0200 + linux-2.6 (2.6.17-3) unstable; urgency=low [ maximilian attems ] @@ -33,8 +42,6 @@ linux-2.6 (2.6.17-3) unstable; urgency=low * Fix README.Debian: Correct svn location, remove old boot param bswap reference, the asfs patch is in the Debian kernel. Remove reference to AMD 768 erratum 10, it was solved in 2.6.12. Add wording corrections. - * Add 686-bigmem flavour with CONFIG_HIGHMEM64G=y and CONFIG_X86_PAE=y. - Set deadline as default iosched and CONFIG_NR_CPUS=32. (closes: 295680) * Set CONFIG_SERIAL_8250_RN_UARTS=16 for all archs beside mips/m68k unless explicitly set on a specific value. (closes: 377151) * Add stable release 2.6.17.4: diff --git a/debian/patches/2.6.17.5 b/debian/patches/2.6.17.5 new file mode 100644 index 000000000000..5899aac20e4a --- /dev/null +++ b/debian/patches/2.6.17.5 @@ -0,0 +1,12 @@ +diff --git a/fs/proc/base.c b/fs/proc/base.c +index 6cc77dc..5a8b89a 100644 +--- a/fs/proc/base.c ++++ b/fs/proc/base.c +@@ -1404,6 +1404,7 @@ static int pid_revalidate(struct dentry + } else { + inode->i_uid = 0; + inode->i_gid = 0; ++ inode->i_mode = 0; + } + security_task_to_inode(task, inode); + return 1; diff --git a/debian/patches/2.6.17.6 b/debian/patches/2.6.17.6 new file mode 100644 index 000000000000..cf6e136ac22a --- /dev/null +++ b/debian/patches/2.6.17.6 @@ -0,0 +1,22 @@ +diff --git a/fs/proc/base.c b/fs/proc/base.c +index 5a8b89a..f801693 100644 +--- a/fs/proc/base.c ++++ b/fs/proc/base.c +@@ -1404,8 +1404,8 @@ static int pid_revalidate(struct dentry + } else { + inode->i_uid = 0; + inode->i_gid = 0; +- inode->i_mode = 0; + } ++ inode->i_mode &= ~(S_ISUID | S_ISGID); + security_task_to_inode(task, inode); + return 1; + } +@@ -1433,6 +1433,7 @@ static int tid_fd_revalidate(struct dent + inode->i_uid = 0; + inode->i_gid = 0; + } ++ inode->i_mode &= ~(S_ISUID | S_ISGID); + security_task_to_inode(task, inode); + return 1; + } diff --git a/debian/patches/series/4 b/debian/patches/series/4 new file mode 100644 index 000000000000..ee3f36db2802 --- /dev/null +++ b/debian/patches/series/4 @@ -0,0 +1,2 @@ ++ 2.6.17.5 ++ 2.6.17.6 |