rpms/kernel/F-11 disable-stackprotector-all.patch, NONE, 1.1 kernel.spec, 1.1773, 1.1774

Chuck Ebbert cebbert at fedoraproject.org
Sun Oct 25 10:45:34 UTC 2009 

Author: cebbert

Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32349

Modified Files:
	kernel.spec 
Added Files:
	disable-stackprotector-all.patch 
Log Message:
Disable the stack protector on functions that don't have onstack arrays.

disable-stackprotector-all.patch:
 Kconfig  |    4 ----
 Makefile |    1 -
 2 files changed, 5 deletions(-)

--- NEW FILE disable-stackprotector-all.patch ---
diff -up linux-2.6.31.noarch/arch/x86/Kconfig.dave linux-2.6.31.noarch/arch/x86/Kconfig
--- linux-2.6.31.noarch/arch/x86/Kconfig.dave	2009-09-09 18:13:59.000000000 -0400
+++ linux-2.6.31.noarch/arch/x86/Kconfig	2009-10-23 17:04:30.000000000 -0400
@@ -1444,12 +1444,8 @@ config SECCOMP
 
 	  If unsure, say Y. Only embedded should say N here.
 
-config CC_STACKPROTECTOR_ALL
-	bool
-
 config CC_STACKPROTECTOR
 	bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
-	select CC_STACKPROTECTOR_ALL
 	---help---
 	  This option turns on the -fstack-protector GCC feature. This
 	  feature puts, at the beginning of functions, a canary value on
diff -up linux-2.6.31.noarch/arch/x86/Makefile.dave linux-2.6.31.noarch/arch/x86/Makefile
--- linux-2.6.31.noarch/arch/x86/Makefile.dave	2009-09-09 18:13:59.000000000 -0400
+++ linux-2.6.31.noarch/arch/x86/Makefile	2009-10-23 17:04:30.000000000 -0400
@@ -74,7 +74,6 @@ ifdef CONFIG_CC_STACKPROTECTOR
 	cc_has_sp := $(srctree)/scripts/gcc-x86_$(BITS)-has-stack-protector.sh
         ifeq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC)),y)
                 stackp-y := -fstack-protector
-                stackp-$(CONFIG_CC_STACKPROTECTOR_ALL) += -fstack-protector-all
                 KBUILD_CFLAGS += $(stackp-y)
         else
                 $(warning stack protector enabled but no compiler support)


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1773
retrieving revision 1.1774
diff -u -p -r1.1773 -r1.1774
--- kernel.spec	23 Oct 2009 13:41:37 -0000	1.1773
+++ kernel.spec	25 Oct 2009 10:45:32 -0000	1.1774
@@ -807,6 +807,7 @@ Patch15900: ax25-fix-possible-oops-in-ax
 # netlink security fix (CVE-2009-3612)
 Patch16000: netlink-fix-typo-in-initialization.patch
 
+# Fix huge wakeup latencies
 Patch16200: sched-update-the-clock-of-runqueue-select-task-rq-selected.patch
 
 # fix mouse and keyboard detection (#522126)
@@ -825,6 +826,9 @@ Patch16420: keys-get_instantiation_keyri
 # Fix overflow in KVM cpuid code
 Patch16430: kvm-prevent-overflow-in-kvm-get-supported-cpuid.patch
 
+# disable the stackprotector on fns that don't have onstack arrays
+Patch16440: disable-stackprotector-all.patch
+
 %endif
 
 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1548,6 +1552,9 @@ ApplyPatch keys-get_instantiation_keyrin
 # Fix overflow in KVM cpuid code
 ApplyPatch kvm-prevent-overflow-in-kvm-get-supported-cpuid.patch
 
+# disable the stackprotector on fns that don't have onstack arrays
+ApplyPatch disable-stackprotector-all.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2136,8 +2143,11 @@ fi
 # and build.
 
 %changelog
+* Sun Oct 25 2009 Chuck Ebbert <cebbert at redhat.com>  2.6.30.9-95
+- Disable the stack protector on functions that don't have onstack arrays.
+
 * Thu Oct 22 2009 Chuck Ebbert <cebbert at redhat.com>  2.6.30.9-94
-- Fix overflow in KVM cpuid code.
+- Fix overflow in KVM cpuid code. (CVE-2009-3638)
 
 * Thu Oct 22 2009 Chuck Ebbert <cebbert at redhat.com>  2.6.30.9-93
 - Fix exploitable oops in keyring code (CVE-2009-3624)
@@ -2148,10 +2158,10 @@ fi
 
 * Mon Oct 19 2009 Kyle McMartin <kyle at redhat.com>
 - af_unix-fix-deadlock-connecting-to-shutdown-socket.patch: fix for
-  rhbz#529626 local DoS.
+  rhbz#529626 local DoS. (CVE-2009-3621)
 
 * Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com>  2.6.30.9-90
-- Fix null deref in r128 (F10#487546)
+- Fix null deref in r128 (F10#487546) (CVE-2009-3620)
 
 * Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-89
 - Keyboard and mouse fixes from 2.6.32 (#522126)

More information about the fedora-extras-commits mailing list