From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Wed, 14 May 2014 06:41:30 +0000 (+0200)
Subject: xen-kernel: add patch for CVE_2014_0196.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ed51f88e6f14c83af271a646da7a425de50f8e0e;p=ipfire-2.x.git

xen-kernel: add patch for CVE_2014_0196.
---

diff --git a/lfs/linux2 b/lfs/linux2
index 76e31a9dd2..57e4b0b33d 100644
--- a/lfs/linux2
+++ b/lfs/linux2
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2013  IPFire Team <info@ipfire.org>                      #
+# Copyright (C) 2007-2014  IPFire Team <info@ipfire.org>                      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -34,7 +34,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 CFLAGS     =
 CXXFLAGS   =
 
-PAK_VER    = 29
+PAK_VER    = 30
 DEPS	   = ""
 
 # Normal build or XEN build.
@@ -163,6 +163,9 @@ endif
 	# Fix mv_cesa
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32-crypto-mv_cesa.patch
 
+	# Fix for CVE-2014-0196
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.61_CVE-2014-0196.patch
+
 ifeq "$(KCFG)" "-kirkwood"
 	# Add dreamplug,guruplug and icy 62x0  support on ARM-kirkwood
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.57-arm_kirkwood_setups.patch
diff --git a/make.sh b/make.sh
index 0e20908c31..d2200a9bed 100755
--- a/make.sh
+++ b/make.sh
@@ -32,7 +32,7 @@ SLOGAN="www.ipfire.org"						# Software slogan
 CONFIG_ROOT=/var/ipfire						# Configuration rootdir
 NICE=10								# Nice level
 MAX_RETRIES=1							# prefetch/check loop
-BUILD_IMAGES=1							# Build USB, Flash and Xen Images
+BUILD_IMAGES=0							# Build USB, Flash and Xen Images
 KVER=`grep --max-count=1 VER lfs/linux | awk '{ print $3 }'`
 MACHINE=`uname -m`
 GIT_TAG=$(git tag | tail -1)					# Git Tag
diff --git a/src/patches/linux-2.6.32.61_CVE-2014-0196.patch b/src/patches/linux-2.6.32.61_CVE-2014-0196.patch
new file mode 100644
index 0000000000..081c1342bc
--- /dev/null
+++ b/src/patches/linux-2.6.32.61_CVE-2014-0196.patch
@@ -0,0 +1,13 @@
+diff -Naur linux-2.6.32.61.org/drivers/char/n_tty.c linux-2.6.32.61/drivers/char/n_tty.c
+--- linux-2.6.32.61.org/drivers/char/n_tty.c	2013-06-10 11:43:48.000000000 +0200
++++ linux-2.6.32.61/drivers/char/n_tty.c	2014-05-13 16:10:01.906566307 +0200
+@@ -1969,7 +1969,9 @@
+ 				tty->ops->flush_chars(tty);
+ 		} else {
+ 			while (nr > 0) {
++				mutex_lock(&tty->output_lock);
+ 				c = tty->ops->write(tty, b, nr);
++				mutex_unlock(&tty->output_lock);
+ 				if (c < 0) {
+ 					retval = c;
+ 					goto break_out;