[git.ipfire.org] IPFire 2.x development tree branch, master, updated. de686e49e2a7c12c4b3c46931ecd9d9635565357

[git.ipfire.org] IPFire 2.x development tree branch, master, updated. de686e49e2a7c12c4b3c46931ecd9d9635565357

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 3634 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, master has been updated
       via  de686e49e2a7c12c4b3c46931ecd9d9635565357 (commit)
      from  b69659af02d65f982a2d8fd443f02950593d28fe (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit de686e49e2a7c12c4b3c46931ecd9d9635565357
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Tue Mar 8 09:59:43 2022 +0000

    linux: Fix for CVE-2022-0847 aka Dirty Pipe
    
    https://dirtypipe.cm4all.com
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 lfs/linux                                   |  3 ++
 src/patches/kernel-5.15-CVE-2022-0847.patch | 46 +++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 src/patches/kernel-5.15-CVE-2022-0847.patch

Difference in files:
diff --git a/lfs/linux b/lfs/linux
index 7a7236eab..0f8f2c184 100644
--- a/lfs/linux
+++ b/lfs/linux
@@ -141,6 +141,9 @@ ifeq "$(BUILD_ARCH)" "aarch64"
 endif
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-3.14.79-amba-fix.patch
 
+	# Fix for CVE-2022-0847 aka Dirty Pipe
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel-5.15-CVE-2022-0847.patch
+
 ifeq "$(KCFG)" "-headers"
 	# Install the header files
 	cd $(DIR_APP) && make ARCH=$(HEADERS_ARCH) $(EXTRAMAKE) headers
diff --git a/src/patches/kernel-5.15-CVE-2022-0847.patch b/src/patches/kernel-5.15-CVE-2022-0847.patch
new file mode 100644
index 000000000..5279916c2
--- /dev/null
+++ b/src/patches/kernel-5.15-CVE-2022-0847.patch
@@ -0,0 +1,46 @@
+From 114e9f141822e6977633d322c1b03e89bd209932 Mon Sep 17 00:00:00 2001
+From: Max Kellermann <max.kellermann(a)ionos.com>
+Date: Mon, 21 Feb 2022 11:03:13 +0100
+Subject: [PATCH] lib/iov_iter: initialize "flags" in new pipe_buffer
+
+commit 9d2231c5d74e13b2a0546fee6737ee4446017903 upstream.
+
+The functions copy_page_to_iter_pipe() and push_pipe() can both
+allocate a new pipe_buffer, but the "flags" member initializer is
+missing.
+
+Fixes: 241699cd72a8 ("new iov_iter flavour: pipe-backed")
+To: Alexander Viro <viro(a)zeniv.linux.org.uk>
+To: linux-fsdevel(a)vger.kernel.org
+To: linux-kernel(a)vger.kernel.org
+Cc: stable(a)vger.kernel.org
+Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com>
+Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
+---
+ lib/iov_iter.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/iov_iter.c b/lib/iov_iter.c
+index 60b5e6edfbaa..c5b2f0f4b8a8 100644
+--- a/lib/iov_iter.c
++++ b/lib/iov_iter.c
+@@ -416,6 +416,7 @@ static size_t copy_page_to_iter_pipe(struct page *page, size_t offset, size_t by
+ 		return 0;
+ 
+ 	buf->ops = &page_cache_pipe_buf_ops;
++	buf->flags = 0;
+ 	get_page(page);
+ 	buf->page = page;
+ 	buf->offset = offset;
+@@ -532,6 +533,7 @@ static size_t push_pipe(struct iov_iter *i, size_t size,
+ 			break;
+ 
+ 		buf->ops = &default_pipe_buf_ops;
++		buf->flags = 0;
+ 		buf->page = page;
+ 		buf->offset = 0;
+ 		buf->len = min_t(ssize_t, left, PAGE_SIZE);
+-- 
+2.30.2
+


hooks/post-receive
--
IPFire 2.x development tree