CVE-2006-3468: which patch to use?

From: Adrian Bunk
Date: Sun Aug 20 2006 - 15:25:12 EST

While going through patches for 2.6.16.x, I stumbled over the following
regarding the "NFS export of ext2/ext3" security vulnerabilities (the
ext3 one is CVE-2006-3468, I don't whether there's a number for the
ext2 one):

There are three patches available:

The first two patches are except for a s/ext2/ext3/ identical.

The two ext3 patches fix the same issue in slightly different ways.

It seems there was already some agreement that the first of the two ext3
patches should be preferred due to being more the same as the ext2 patch
(see [1] and followups).

But the only patch that is applied in 2.6.18-rc4 (and in is
the ext3 patch that is _not_ identical to the ext2 one.

Is it the correct solution to revert this ext3 patch in both 2.6.18-rc
and 2.6.17 and to apply the other two patches?


BTW: I've attached all three patches.



"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed