rpms/kernel/devel linux-2.6-upstream-reverts.patch, 1.2, 1.3 patch-2.6.27.2.bz2.sign, NONE, 1.1 patch-2.6.27.3-rc1.bz2.sign, NONE, 1.1 .cvsignore, 1.948, 1.949 TODO, 1.24, 1.25 kernel.spec, 1.1062, 1.1063 linux-2.6-usb-ehci-hcd-respect-nousb.patch, 1.1, 1.2 sources, 1.910, 1.911 upstream, 1.822, 1.823 patch-2.6.27.1.bz2.sign, 1.1, NONE patch-2.6.27.2-rc1.bz2.sign, 1.1, NONE
Chuck Ebbert
cebbert at fedoraproject.org
Sat Oct 18 21:42:52 UTC 2008
- Previous message (by thread): rpms/gnash/devel gnash-0.8.4-port-to-kde4.patch, NONE, 1.1 gnash.spec, 1.36, 1.37 gnash-0.8.3-port-to-kde4.patch, 1.4, NONE
- Next message (by thread): rpms/kdebase-workspace/F-10 kdebase-workspace-4.1.2-panel-autohide-866998.patch, NONE, 1.1 kdebase-workspace-4.1.2-panel-autohide-871058.patch, NONE, 1.1 kdebase-workspace-4.1.2-panel-autohide-coords.patch, NONE, 1.1 kdebase-workspace.spec, 1.129, 1.130
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: cebbert
Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30767
Modified Files:
.cvsignore TODO kernel.spec
linux-2.6-usb-ehci-hcd-respect-nousb.patch sources upstream
Added Files:
linux-2.6-upstream-reverts.patch patch-2.6.27.2.bz2.sign
patch-2.6.27.3-rc1.bz2.sign
Removed Files:
patch-2.6.27.1.bz2.sign patch-2.6.27.2-rc1.bz2.sign
Log Message:
Linux 2.6.27.3-rc1
Dropped patches:
linux-2.6.27-xfs-remount-fix.patch
linux-2.6-upstream-reverts.patch:
Index: linux-2.6-upstream-reverts.patch
===================================================================
RCS file: linux-2.6-upstream-reverts.patch
diff -N linux-2.6-upstream-reverts.patch
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ linux-2.6-upstream-reverts.patch 18 Oct 2008 21:42:50 -0000 1.3
@@ -0,0 +1,36 @@
+From 4b40893918203ee1a1f6a114316c2a19c072e9bd Mon Sep 17 00:00:00 2001
+From: Matthias Hopf <mhopf at suse.de>
+Date: Sat, 18 Oct 2008 07:18:05 +1000
+Subject: drm/i915: fix ioremap of a user address for non-root (CVE-2008-3831)
+
+From: Matthias Hopf <mhopf at suse.de>
+
+commit 4b40893918203ee1a1f6a114316c2a19c072e9bd upstream
+
+Olaf Kirch noticed that the i915_set_status_page() function of the i915
+kernel driver calls ioremap with an address offset that is supplied by
+userspace via ioctl. The function zeroes the mapped memory via memset
+and tells the hardware about the address. Turns out that access to that
+ioctl is not restricted to root so users could probably exploit that to
+do nasty things. We haven't tried to write actual exploit code though.
+
+It only affects the Intel G33 series and newer.
+
+Signed-off-by: Dave Airlie <airlied at redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+
+---
+ drivers/gpu/drm/i915/i915_dma.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/i915/i915_dma.c
++++ b/drivers/gpu/drm/i915/i915_dma.c
+@@ -836,7 +836,7 @@ struct drm_ioctl_desc i915_ioctls[] = {
+ DRM_IOCTL_DEF(DRM_I915_SET_VBLANK_PIPE, i915_vblank_pipe_set, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY ),
+ DRM_IOCTL_DEF(DRM_I915_GET_VBLANK_PIPE, i915_vblank_pipe_get, DRM_AUTH ),
+ DRM_IOCTL_DEF(DRM_I915_VBLANK_SWAP, i915_vblank_swap, DRM_AUTH),
+- DRM_IOCTL_DEF(DRM_I915_HWS_ADDR, i915_set_status_page, DRM_AUTH),
++ DRM_IOCTL_DEF(DRM_I915_HWS_ADDR, i915_set_status_page, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY),
+ };
+
+ int i915_max_ioctl = DRM_ARRAY_SIZE(i915_ioctls);
--- NEW FILE patch-2.6.27.2.bz2.sign ---
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: See http://www.kernel.org/signature.html for info
iD8DBQBI+ioJyGugalF9Dw4RAqZ2AJ4jQh8lcSIz3AAzY4dXWlJ48AA+5ACdEfjv
j8k2MuSj3BzJwvJ15+/Wan0=
=DoP0
-----END PGP SIGNATURE-----
--- NEW FILE patch-2.6.27.3-rc1.bz2.sign ---
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: See http://www.kernel.org/signature.html for info
iD8DBQBI+i50yGugalF9Dw4RAr5gAJ4jk3MT9WJuZdF0/oT0Rr6jsDBXSgCdFpgf
UCg0MKfVlz37m4ZdtAdywNc=
=FxXS
-----END PGP SIGNATURE-----
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/.cvsignore,v
retrieving revision 1.948
retrieving revision 1.949
diff -u -r1.948 -r1.949
--- .cvsignore 16 Oct 2008 23:55:38 -0000 1.948
+++ .cvsignore 18 Oct 2008 21:42:50 -0000 1.949
@@ -4,5 +4,5 @@
temp-*
kernel-2.6.27
linux-2.6.27.tar.bz2
-patch-2.6.27.1.bz2
-patch-2.6.27.2-rc1.bz2
+patch-2.6.27.2.bz2
+patch-2.6.27.3-rc1.bz2
Index: TODO
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/TODO,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- TODO 18 Oct 2008 01:10:29 -0000 1.24
+++ TODO 18 Oct 2008 21:42:50 -0000 1.25
@@ -158,9 +158,6 @@
linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch
In mainline and 2.6.26-stable queue but not 2.6.27-stable.
-linux-2.6.27-xfs-remount-fix.patch
- Root remount problem fix, now upstream, sent for -stable
-
linux-2.6-rtc-cmos-look-for-pnp-rtc-first.patch
linux-2.6-x86-register-platform-rtc-if-pnp-doesnt-describe-it.patch
Fix broken RTC on systems that don't expose it via PnP.
@@ -173,5 +170,5 @@
In x86/urgent, already requested for mainline and -stable
linux-2.6.27-drm-i915-fix-ioctl-security.patch
- Upstream (4b40893918203ee1a1f6a114316c2a19c072e9bd)
- Fixes CVE-2008-3831, queued for 2.6.2[567]-stable
+ In -stable, reverted in upstream-reverts, reapplied after the drm patch.
+ The drm patch should be fixed up to not conflict with the upstream patch.
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/kernel.spec,v
retrieving revision 1.1062
retrieving revision 1.1063
diff -u -r1.1062 -r1.1063
--- kernel.spec 18 Oct 2008 01:10:29 -0000 1.1062
+++ kernel.spec 18 Oct 2008 21:42:50 -0000 1.1063
@@ -32,7 +32,7 @@
%if 0%{?released_kernel}
# Do we have a -stable update to apply?
-%define stable_update 2
+%define stable_update 3
# Is it a -stable RC?
%define stable_rc 1
# Set rpm version accordingly
@@ -570,6 +570,8 @@
%if !%{nopatches}
+# revert upstream patches we get via other methods
+Patch09: linux-2.6-upstream-reverts.patch
# Git trees.
Patch10: git-cpufreq.patch
@@ -690,9 +692,6 @@
Patch2900: linux-2.6.27-ext4-stable-patch-queue.patch
Patch2901: linux-2.6.27-fs-disable-fiemap.patch
-# Fix for xfs remount problems
-Patch2903: linux-2.6.27-xfs-remount-fix.patch
-
# cciss sysfs links are broken
Patch3000: linux-2.6-blk-cciss-fix-regression-sysfs-symlink-missing.patch
@@ -1046,6 +1045,12 @@
%if !%{nopatches}
+# revert patches from upstream that conflict or that we get via other means
+C=$(wc -l $RPM_SOURCE_DIR/linux-2.6-upstream-reverts.patch | awk '{print $1}')
+if [ "$C" -gt 10 ]; then
+ApplyPatch linux-2.6-upstream-reverts.patch -R
+fi
+
ApplyPatch git-cpufreq.patch
ApplyPatch linux-2.6-hotfixes.patch
@@ -1110,7 +1115,6 @@
ApplyPatch linux-2.6.27-fs-disable-fiemap.patch
# xfs
-ApplyPatch linux-2.6.27-xfs-remount-fix.patch
# USB
ApplyPatch linux-2.6-usb-ehci-hcd-respect-nousb.patch
@@ -1836,6 +1840,11 @@
%kernel_variant_files -k vmlinux %{with_kdump} kdump
%changelog
+* Fri Oct 17 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.27.3-27.rc1
+- Linux 2.6.27.3-rc1
+ Dropped patches:
+ linux-2.6.27-xfs-remount-fix.patch
+
* Fri Oct 17 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.27.2-26.rc1
- Fix resume on x86_64 UP systems with SMP kernel.
linux-2.6-usb-ehci-hcd-respect-nousb.patch:
Index: linux-2.6-usb-ehci-hcd-respect-nousb.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/linux-2.6-usb-ehci-hcd-respect-nousb.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- linux-2.6-usb-ehci-hcd-respect-nousb.patch 23 Jan 2008 19:26:34 -0000 1.1
+++ linux-2.6-usb-ehci-hcd-respect-nousb.patch 18 Oct 2008 21:42:50 -0000 1.2
@@ -15,6 +15,6 @@
+ if (usb_disabled())
+ return -ENODEV;
+
- pr_debug("%s: block sizes: qh %Zd qtd %Zd itd %Zd sitd %Zd\n",
- hcd_name,
- sizeof(struct ehci_qh), sizeof(struct ehci_qtd),
+ set_bit(USB_EHCI_LOADED, &usb_hcds_loaded);
+ if (test_bit(USB_UHCI_LOADED, &usb_hcds_loaded) ||
+ test_bit(USB_OHCI_LOADED, &usb_hcds_loaded))
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/sources,v
retrieving revision 1.910
retrieving revision 1.911
diff -u -r1.910 -r1.911
--- sources 16 Oct 2008 23:55:38 -0000 1.910
+++ sources 18 Oct 2008 21:42:50 -0000 1.911
@@ -1,3 +1,3 @@
b3e78977aa79d3754cb7f8143d7ddabd linux-2.6.27.tar.bz2
-f2ede3425df6c18f2978d256be7eb5de patch-2.6.27.1.bz2
-12bd190a883c21aa6ffe76628f6b44d9 patch-2.6.27.2-rc1.bz2
+9d4c3a044f04c4a35be09a6501b0ef30 patch-2.6.27.2.bz2
+430fcbf4c34bffa0a8acf518e32ea852 patch-2.6.27.3-rc1.bz2
Index: upstream
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/upstream,v
retrieving revision 1.822
retrieving revision 1.823
diff -u -r1.822 -r1.823
--- upstream 16 Oct 2008 23:55:38 -0000 1.822
+++ upstream 18 Oct 2008 21:42:50 -0000 1.823
@@ -1,3 +1,3 @@
linux-2.6.27.tar.bz2
-patch-2.6.27.1.bz2
-patch-2.6.27.2-rc1.bz2
+patch-2.6.27.2.bz2
+patch-2.6.27.3-rc1.bz2
--- patch-2.6.27.1.bz2.sign DELETED ---
--- patch-2.6.27.2-rc1.bz2.sign DELETED ---
- Previous message (by thread): rpms/gnash/devel gnash-0.8.4-port-to-kde4.patch, NONE, 1.1 gnash.spec, 1.36, 1.37 gnash-0.8.3-port-to-kde4.patch, 1.4, NONE
- Next message (by thread): rpms/kdebase-workspace/F-10 kdebase-workspace-4.1.2-panel-autohide-866998.patch, NONE, 1.1 kdebase-workspace-4.1.2-panel-autohide-871058.patch, NONE, 1.1 kdebase-workspace-4.1.2-panel-autohide-coords.patch, NONE, 1.1 kdebase-workspace.spec, 1.129, 1.130
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list