rpms/kernel/F-11 disable-stackprotector-all.patch, NONE, 1.1 kernel.spec, 1.1773, 1.1774
Chuck Ebbert
cebbert at fedoraproject.org
Sun Oct 25 10:45:34 UTC 2009
Author: cebbert
Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32349
Modified Files:
kernel.spec
Added Files:
disable-stackprotector-all.patch
Log Message:
Disable the stack protector on functions that don't have onstack arrays.
disable-stackprotector-all.patch:
Kconfig | 4 ----
Makefile | 1 -
2 files changed, 5 deletions(-)
--- NEW FILE disable-stackprotector-all.patch ---
diff -up linux-2.6.31.noarch/arch/x86/Kconfig.dave linux-2.6.31.noarch/arch/x86/Kconfig
--- linux-2.6.31.noarch/arch/x86/Kconfig.dave 2009-09-09 18:13:59.000000000 -0400
+++ linux-2.6.31.noarch/arch/x86/Kconfig 2009-10-23 17:04:30.000000000 -0400
@@ -1444,12 +1444,8 @@ config SECCOMP
If unsure, say Y. Only embedded should say N here.
-config CC_STACKPROTECTOR_ALL
- bool
-
config CC_STACKPROTECTOR
bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
- select CC_STACKPROTECTOR_ALL
---help---
This option turns on the -fstack-protector GCC feature. This
feature puts, at the beginning of functions, a canary value on
diff -up linux-2.6.31.noarch/arch/x86/Makefile.dave linux-2.6.31.noarch/arch/x86/Makefile
--- linux-2.6.31.noarch/arch/x86/Makefile.dave 2009-09-09 18:13:59.000000000 -0400
+++ linux-2.6.31.noarch/arch/x86/Makefile 2009-10-23 17:04:30.000000000 -0400
@@ -74,7 +74,6 @@ ifdef CONFIG_CC_STACKPROTECTOR
cc_has_sp := $(srctree)/scripts/gcc-x86_$(BITS)-has-stack-protector.sh
ifeq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC)),y)
stackp-y := -fstack-protector
- stackp-$(CONFIG_CC_STACKPROTECTOR_ALL) += -fstack-protector-all
KBUILD_CFLAGS += $(stackp-y)
else
$(warning stack protector enabled but no compiler support)
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1773
retrieving revision 1.1774
diff -u -p -r1.1773 -r1.1774
--- kernel.spec 23 Oct 2009 13:41:37 -0000 1.1773
+++ kernel.spec 25 Oct 2009 10:45:32 -0000 1.1774
@@ -807,6 +807,7 @@ Patch15900: ax25-fix-possible-oops-in-ax
# netlink security fix (CVE-2009-3612)
Patch16000: netlink-fix-typo-in-initialization.patch
+# Fix huge wakeup latencies
Patch16200: sched-update-the-clock-of-runqueue-select-task-rq-selected.patch
# fix mouse and keyboard detection (#522126)
@@ -825,6 +826,9 @@ Patch16420: keys-get_instantiation_keyri
# Fix overflow in KVM cpuid code
Patch16430: kvm-prevent-overflow-in-kvm-get-supported-cpuid.patch
+# disable the stackprotector on fns that don't have onstack arrays
+Patch16440: disable-stackprotector-all.patch
+
%endif
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1548,6 +1552,9 @@ ApplyPatch keys-get_instantiation_keyrin
# Fix overflow in KVM cpuid code
ApplyPatch kvm-prevent-overflow-in-kvm-get-supported-cpuid.patch
+# disable the stackprotector on fns that don't have onstack arrays
+ApplyPatch disable-stackprotector-all.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2136,8 +2143,11 @@ fi
# and build.
%changelog
+* Sun Oct 25 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-95
+- Disable the stack protector on functions that don't have onstack arrays.
+
* Thu Oct 22 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-94
-- Fix overflow in KVM cpuid code.
+- Fix overflow in KVM cpuid code. (CVE-2009-3638)
* Thu Oct 22 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-93
- Fix exploitable oops in keyring code (CVE-2009-3624)
@@ -2148,10 +2158,10 @@ fi
* Mon Oct 19 2009 Kyle McMartin <kyle at redhat.com>
- af_unix-fix-deadlock-connecting-to-shutdown-socket.patch: fix for
- rhbz#529626 local DoS.
+ rhbz#529626 local DoS. (CVE-2009-3621)
* Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-90
-- Fix null deref in r128 (F10#487546)
+- Fix null deref in r128 (F10#487546) (CVE-2009-3620)
* Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-89
- Keyboard and mouse fixes from 2.6.32 (#522126)
More information about the fedora-extras-commits
mailing list