--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: kfreebsd-9/9.0-9
- From: Christoph Egger <christoph@debian.org>
- Date: Sat, 24 Nov 2012 00:16:18 +0100
- Message-id: <20121123231618.66793.38761.reportbug@hel.hosts.sieglitzhof.net>
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package kfreebsd-9
Same security update as for -8
I can revert the other change, though it's usefull to have in the
source for our users
unblock kfreebsd-9/9.0-9
dpkg-source: warning: extracting unsigned source package (/home/christoph/debian/kfreebsd-9_9.0-9.dsc)
diff -Nru kfreebsd-9-9.0/debian/changelog kfreebsd-9-9.0/debian/changelog
--- kfreebsd-9-9.0/debian/changelog 2012-10-29 12:10:41.000000000 -0700
+++ kfreebsd-9-9.0/debian/changelog 2012-11-23 13:59:41.000000000 -0800
@@ -1,9 +1,19 @@
-kfreebsd-9 (9.0-8) unstable; urgency=low
+kfreebsd-9 (9.0-9) unstable; urgency=medium
- * Build source package on a kfreebsd system
- * This should bring back the udebs lost in -7
+ * Apply patch for SA-12:08 / CVE-2012-4576:
+ memory access without proper validation in linux compat system
+ (Closes: #694097)
+ * Touch conf/DEBIAN to avoid build failures in case someone wants to build the
+ kernel with firmware included.
+
+ -- Christoph Egger <christoph@debian.org> Fri, 23 Nov 2012 13:45:15 -0800
- -- Christoph Egger <christoph@debian.org> Mon, 29 Oct 2012 12:04:47 -0700
+kfreebsd-9 (9.0-8) unstable; urgency=low
+
+ * Build source package on a kfreebsd system
+ * This should bring back the udebs lost in -7
+
+ -- Christoph Egger <christoph@debian.org> Mon, 29 Oct 2012 12:04:47 -0700
kfreebsd-9 (9.0-7) unstable; urgency=medium
diff -Nru kfreebsd-9-9.0/debian/patches/SA-12_08.linux.patch kfreebsd-9-9.0/debian/patches/SA-12_08.linux.patch
--- kfreebsd-9-9.0/debian/patches/SA-12_08.linux.patch 1969-12-31 16:00:00.000000000 -0800
+++ kfreebsd-9-9.0/debian/patches/SA-12_08.linux.patch 2012-11-23 13:48:51.000000000 -0800
@@ -0,0 +1,16 @@
+Index: sys/compat/linux/linux_ioctl.c
+===================================================================
+--- a/sys/compat/linux/linux_ioctl.c (revision 242578)
++++ b/sys/compat/linux/linux_ioctl.c (working copy)
+@@ -2260,8 +2260,9 @@ again:
+
+ ifc.ifc_len = valid_len;
+ sbuf_finish(sb);
+- memcpy(PTRIN(ifc.ifc_buf), sbuf_data(sb), ifc.ifc_len);
+- error = copyout(&ifc, uifc, sizeof(ifc));
++ error = copyout(sbuf_data(sb), PTRIN(ifc.ifc_buf), ifc.ifc_len);
++ if (error == 0)
++ error = copyout(&ifc, uifc, sizeof(ifc));
+ sbuf_delete(sb);
+ CURVNET_RESTORE();
+
diff -Nru kfreebsd-9-9.0/debian/patches/series kfreebsd-9-9.0/debian/patches/series
--- kfreebsd-9-9.0/debian/patches/series 2012-10-29 12:03:47.000000000 -0700
+++ kfreebsd-9-9.0/debian/patches/series 2012-11-23 13:44:03.000000000 -0800
@@ -7,6 +7,7 @@
fix_VOP_VPTOCNP_bypass_for_nullfs.diff
pf_counter_initialization_SVN236364.diff
svn239447_SCTP_DoS.patch
+SA-12_08.linux.patch
# Other patches that might or might not be mergeable
001_misc.diff
diff -Nru kfreebsd-9-9.0/debian/rules kfreebsd-9-9.0/debian/rules
--- kfreebsd-9-9.0/debian/rules 2012-10-29 12:03:47.000000000 -0700
+++ kfreebsd-9-9.0/debian/rules 2012-11-23 13:58:59.000000000 -0800
@@ -179,6 +179,11 @@
# Configure the kernel
cp debian/arch/$(cpu)/$*.config $(FLAVOR_DIR)-$*/sys/$(kfreebsd_cpu)/conf/
ln -sf $*.config $(FLAVOR_DIR)-$*/sys/$(kfreebsd_cpu)/conf/$(configfile)
+ # this file is generated by 999_firmware.patch. However, pretending
+ # someone wants to build a custom kernel with firmware included this
+ # yields to a build failure if the file does not exist. It can be empty,
+ # however.
+ touch $(FLAVOR_DIR)-$*/sys/$(kfreebsd_cpu)/conf/DEBIAN
cd $(FLAVOR_DIR)-$*/sys/$(kfreebsd_cpu)/conf \
&& config $(configfile)
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: kfreebsd-amd64 (x86_64)
Kernel: kFreeBSD 9.0-2-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
On 2012-12-09 13:19, Cyril Brulebois wrote:
> Niels Thykier <niels@thykier.net> (24/11/2012):
>> Ack from release, now just waiting for d-i approval.
>
> Interesting output in 'd'…
>
> Anyway, d-i ack, with apologies for the delay.
>
> Mraw,
> KiBi.
Unblocked, thanks.
~Niels
--- End Message ---