~ubuntu-branches/debian/lenny/linux-2.6/lenny : changes

~ubuntu-branches/debian/lenny/linux-2.6/lenny » Changes from revision 16

From Revision 16

Rev	Summary	Authors	Tags	Date
16	Revert: [powerpc] oprofile: Handle events that raise an exce... Revert: [powerpc] oprofile: Handle events that raise an exception without overflowing (CVE-2011-4347).	dann frazier	2.6.26-29	12 years ago
15	[ Ben Hutchings ] [ Ben Hutchings ] * dm,md: Deal with merge_bvec_fn in component devices better (Closes: #604457) * rt2x00: Fix memory leak after failing to insert RTS/CTS frame (Closes: #561890) [ dann frazier ] * Include selected backport from 2.6.27.58: - md: fix bug with re-adding of partially recovered device. * Include selected backports from 2.6.27.59: - NFS: fix the return value of nfs_file_fsync() - ptrace: use safer wake up on ptrace_detach() - [x86] mm: avoid possible bogus tlb entries by clearing prev mm_cpumask after switching mm - dm raid1: fail writes if errors are not handled and log fails - [x86] asus_acpi: world-writable procfs files - [x86] acer-wmi: world-writable sysfs threeg file - [x86] tc1100-wmi: world-writable sysfs wireless and jogdial files - NFSD: memory corruption due to writing beyond the stat array - ext2: Fix link count corruption under heavy link+rename load - virtio: set pci bus master enable bit - [s390] keyboard: integer underflow bug - ocfs2_connection_find() returns pointer to bad structure - libsas: fix runaway error handler problem - NFS: Fix "kernel BUG at fs/aio.c:554!" - md: fix regression with re-adding devices to arrays with no metadata - [x86] Flush TLB if PGD entry is changed in i386 PAE mode - ext3: skip orphan cleanup on rocompat fs - cciss: fix lost command issue * cifs: fix an oops that can occur when accessing filenames containing accented characters from a Windows ME server (Closes: #524438) * [hppa] Fix FTBFS caused by CVE-2011-2496 fix	dann frazier	2.6.26-27	12 years ago
14	* net sched: fix kernel leak in act_police (CVE-2010-3477) * net sched: fix kernel leak in act_police (CVE-2010-3477) * aio: check for multiplication overflow in do_io_submit (CVE-2010-3067) * cxgb3: prevent reading uninitialized stack memory (CVE-2010-3296) * eql: prevent reading uninitialized stack memory (CVE-2010-3297) * rose: Fix signedness issues wrt. digi count (CVE-2010-3310) * sctp: Do not reset the packet during sctp_packet_config() (CVE-2010-3432) * Fix pktcdvd ioctl dev_minor range check (CVE-2010-3437) * ALSA: prevent heap corruption in snd_ctl_new() (CVE-2010-3442) * thinkpad-acpi: lock down video output state access (CVE-2010-3448) * sctp: Fix out-of-bounds reading in sctp_asoc_get_hmac() (CVE-2010-3705) * setup_arg_pages: diagnose excessive argument size (CVE-2010-3858) * X.25: memory corruption in X.25 facilities parsing (CVE-2010-3873) * sys_semctl: fix kernel stack leakage (CVE-2010-4083) * ALSA: rme9652: prevent reading uninitialized stack memory (CVE-2010-4080, CVE-2010-4081) * V4L/DVB: ivtvfb: prevent reading uninitialized stack memory (CVE-2010-4079) * video/sis: prevent reading uninitialized stack memory (CVE-2010-4078) * X.25: Prevent crashing when parsing bad X.25 facilities (CVE-2010-4164) * v4l1: fix 32-bit compat microcode loading translation (CVE-2010-2963) * net: Mitigate overflow issues - Truncate recvfrom and sendto length to INT_MAX. - Limit socket I/O iovec total length to INT_MAX. - Resolves kernel heap overflow in the TIPC protcol (CVE-2010-3859) * net: ax25: fix information leak to userland (CVE-2010-3875) * can-bcm: fix minor heap overflow (CVE-2010-3874) * net: packet: fix information leak to userland (CVE-2010-3876) * net: tipc: fix information leak to userland (CVE-2010-3877) * inet_diag: Make sure we actually run the same bytecode we audited (CVE-2010-3880) * ipc: shm: fix information leak to userland (CVE-2010-4072) * ipc: initialize structure memory to zero for compat functions (CVE-2010-4073) * USB: serial/mos: prevent reading uninitialized stack memory (CVE-2010-4074) [SCSI] gdth: integer overflow in ioctl (CVE-2010-4157) * econet: Avoid stack overflow w/ large msgiovlen (CVE-2010-3848) * econet: disallow NULL remote addr for sendmsg() (CVE-2010-3849) * econet: Add mising CAP_NET_ADMIN check in SIOCSIFADDR (CVE-2010-3850)	dann frazier	2.6.26-26lenny1	13 years ago
13	[ Ben Hutchings ] [ Ben Hutchings ] * [alpha,s390,sparc] math-emu: correct test for downshifting fraction in _FP_FROM_INT() (Closes: #593193) * SCSI/mptsas: fix hangs caused by ATA pass-through (Closes: #594690) * xfs: prevent kernel crash due to corrupted inode log format (Closes: #550733) * r6040: Fix various bugs in r6040_multicast_list() (Closes: #600155)	dann frazier	2.6.26-26	13 years ago
12	[ Ben Hutchings ] [ Ben Hutchings ] * pid_ns: Ensure that child_reaper is always valid (Closes: #570350) * [xen] Fix deadlock in timer interrupt, thanks to Zdenek Salvet (Closes: #534880) * e1000e: Add support for 82567LM-4, 82567LM-3, 82567LF-3 and 82583V controllers (Closes: #512546) [ Moritz Muehlenhoff ] * parport: quickfix the proc registration bug (Closes: #588672); ignore ABI changes in parport and parport_pc [ dann frazier ] * Add guard page for stacks that grow up, an additional fix for CVE-2010-2240 * mm: make stack guard page logic use vm_prev pointer, an additional fix for CVE-2010-2240 * net sched: fix some kernel memory leaks (CVE-2010-2942) * jfs: don't allow os2 xattr namespace overlap with others (CVE-2010-2946)	dann frazier	2.6.26-25	13 years ago
11	[ Ben Hutchings ] [ Ben Hutchings ] * usbhid: Reduce the race condition between disconnect and ioctl (Closes: #511892) * r8169: Fix MDIO timing (Closes: #583139) * [x86] Restore automatic update of LILO on kernel installation, upgrade or removal (Closes: #505609)	dann frazier	2.6.26-24	13 years ago
10	[ Ben Hutchings ] [ Ben Hutchings ] * Fix false soft lockup reports for the nohz idle loop * nohz: Fix two bugs that can keep a processor idle and lead to a system hang (may fix #496917, #538158 and others) * usbmidi: Fix crash when device is disconnected (Closes: #513050) * r8169: Apply various upstream bug fixes * r8169: Add support for RTL8101e (v2), RTL8102e (v1,v2,v3), RTL8168c/8111c (v3,v4), RTL8168cp/8111cp (v2,v3), RTL8168d (v1) (Closes: #552465; may fix #516187) * Revert patch to sanitise <linux/socket.h>, which introduced different build failures * usbnet: Set link down initially for drivers that update link state (Closes: #444043) * atl1e: Remove broken implementation of TSO for TCP/IPv6 (Closes: #558426) and allow other hardware offloads to be disabled in case they are also buggy [ dann frazier ] * floppy: request and release only the ports we actually use (Closes: #332942) * igb: Add 82576 MAC support (Closes: #522922), backport by Ben Hutchings * [SCSI] gdth: Prevent negative offsets in ioctl (CVE-2009-3080) * NFSv4: Fix a problem whereby a buggy server can oops the kernel (CVE-2009-3726) * [SCSI] megaraid_sas: remove sysfs dbg_lvl world writeable permissions (CVE-2009-3889) * isdn: hfc_usb: Fix read buffer overflow (CVE-2009-4005) * fuse: prevent fuse_put_request on invalid pointer (CVE-2009-4021) * hpilo: new PCI ID (Closes: #559064) * Avoid /proc/$pid/maps visibility during initial setuid ELF loading (CVE-2009-2691) * hfs: fix a potential buffer overflow (CVE-2009-4020) * KVM: x86 emulator: limit instructions to 15 bytes (CVE-2009-4031) * firewire: ohci: handle receive packets with a data length of zero (CVE-2009-4138) * ext4: Avoid null pointer dereference when decoding EROFS w/o a journal (CVE-2009-4308) * s390: dasd diag - add support for read-only minidisks (Closes: #550898)	dann frazier	2.6.26-21	14 years ago
9	[ Moritz Muehlenhoff ] [ Moritz Muehlenhoff ] * Input: ALPS - add signature for Toshiba Satellite Pro M10 (Closes: #434722) [ dann frazier ] * aacraid: Fix regression w/ bigmem kernel (Closes: #537771) * [parisc] isa-eeprom - Fix loff_t usage (CVE-2009-2846) * do_sigaltstack: avoid copying 'stack_t' as a structure to user space (CVE-2009-2847) * execve: must clear current->clear_child_tid (CVE-2009-2848) * md: avoid dereferencing NULL pointer when accessing suspend_* sysfs attributes (CVE-2009-2849)	dann frazier	2.6.26-19	14 years ago
8	Revert "sata_nv: avoid link reset on controllers where it's ... Revert "sata_nv: avoid link reset on controllers where it's broken" due to regression. (closes: #533657)	dann frazier	2.6.26-17	14 years ago
7	Switch out mips/llseek regression fix for the less invasive ... Switch out mips/llseek regression fix for the less invasive one that is more likely to be accepted upstream.	dann frazier	2.6.26-15	15 years ago
6	[ dann frazier ] [ dann frazier ] * [hppa] disable UP-optimized flush_tlb_mm, fixing thread-related hangs. (closes: #478717) * cciss: Add PCI ids for P711m and p712m * Fix buffer underflow in the ib700wdt watchdog driver (CVE-2008-5702) * [sparc] Enable CONFIG_FB_XVR500, CONFIG_FB_XVR2500 (Closes: #508108) * [ia64] Add RTC class driver for EFI * [hppa] Fix system crash while unwinding a userspace process (CVE-2008-5395) * Set a minimum timeout for SG_IO requests (CVE-2008-5700) [ Bastian Blank ] * Fix multicast in atl1e driver. (closes: #509097) [ Moritz Muehlenhoff ] * Fix speaker output on Toshiba P105 notebooks. (closes: #488063) * uvc: Fix incomplete frame drop when switching to a variable size format (closes: #508661) * Allow booting Mach images in KVM (Closes: #498940) * Add workaround for USB storage on Rockchip MP3 player (Closes: #505256) * Enable w9968cf driver on all i386 images (Closes: #495698) * Register DualPoint model found in Dell Latitude E6500 (Closes: #507958) * Disable link tuning in rt2500usb driver. (Closes: #510607) * Fix regressions in eata driver (Closes: #506835) * Skip incompatible fbdev logos (Closes: #508173) * Fix error path in PCI probing of Cyclades driver (Closes: #429011) [ Martin Michlmayr ] * V4L/DVB: Fix initialization of URB list (Thomas Reitmayr) to address the oops reported at http://forum.qnap.com/viewtopic.php?f=147&t=10572 * Add some patches from the Linux/MIPS linux-2.6.26-stable tree: - Fix potential DOS by untrusted user app (CVE-2008-5701) - o32: Fix number of arguments to splice(2). - 64-bit: vmsplice needs to use the compat wrapper for o32 and N32. - Return ENOSYS from sys32_syscall on 64bit kernels like elsewhere. - Use EI/DI for MIPS R2. - MIPS64R2: Fix buggy __arch_swab64 - Add missing calls to plat_unmap_dma_mem. - Only write c0_framemask on CPUs which have this register.	Bastian Blank	2.6.26-13	15 years ago
5	[ Ian Campbell ] [ Ian Campbell ] * xen: fix ACPI processor throttling for when processor id is -1. (closes: #502849) [ dann frazier ] * Make sendmsg() block during UNIX garbage collection (CVE-2008-5300) * Fix race conditions between inotify removal and umount (CVE-2008-5182) * Fix DoS when calling svc_listen twice on the same socket while reading /proc/net/atm/vc (CVE-2008-5079) [ Bastian Blank ] [openvz, vserver] Fix descriptions. * [sparc] Enable Sun Logical Domains support. (closes: #501684) * Fix coexistence of pata_marvell and ahci. (closes: #507432) * [sparc] Support Intergraph graphics chips. (closes: #508108)	Bastian Blank	2.6.26-12	15 years ago
4	[ Bastian Blank ] [ Bastian Blank ] * [sparc] Reintroduce dummy PCI host controller to workaround broken X.org. * [sparc] Fix size checks in PCI maps. * Add stable release 2.6.26.8: - netfilter: restore lost ifdef guarding defrag exception - netfilter: snmp nat leaks memory in case of failure - netfilter: xt_iprange: fix range inversion match - ACPI: dock: avoid check _STA method - ACPI: video: fix brightness allocation - sparc64: Fix race in arch/sparc64/kernel/trampoline.S - math-emu: Fix signalling of underflow and inexact while packing result. - tcpv6: fix option space offsets with md5 - net: Fix netdev_run_todo dead-lock - scx200_i2c: Add missing class parameter - DVB: s5h1411: Power down s5h1411 when not in use - DVB: s5h1411: Perform s5h1411 soft reset after tuning - DVB: s5h1411: bugfix: Setting serial or parallel mode could destroy bits - V4L: pvrusb2: Keep MPEG PTSs from drifting away - ACPI: Always report a sync event after a lid state change - ALSA: use correct lock in snd_ctl_dev_disconnect() - file caps: always start with clear bprm->caps_* - libertas: fix buffer overrun - net: Fix recursive descent in __scm_destroy(). - SCSI: qla2xxx: Skip FDMI registration on ISP21xx/22xx parts. (Closes: #502552) - edac cell: fix incorrect edac_mode - ext[234]: Avoid printk floods in the face of directory corruption (CVE-2008-3528) - gpiolib: fix oops in gpio_get_value_cansleep() * Override ABI changes. * [xen] Update description. (closes: #505961) * Revert parts of 2.6.26.6 to fix resume breakage. (closes: #504167) - clockevents: prevent multiple init/shutdown - clockevents: broadcast fixup possible waiters [ dann frazier ] * Fix buffer overflow in hfsplus (CVE-2008-4933) * Fix BUG() in hfsplus (CVE-2008-4934) * Fix stack corruption in hfs (CVE-2008-5025) * Fix oops in tvaudio when controlling bass/treble (CVE-2008-5033) [ Martin Michlmayr ] * [arm/iop32x, arm/ixp4xx, arm/orion5x] Enable support for more partition tables, including MAC_PARTITION (requested by Benoît Knecht). * leds-pca9532: Fix memory leak and properly handle errors (Sven Wegener) * leds-pca9532: Move i2c work to a workqueque (Riku Voipio). (closes: #506116)	Bastian Blank	2.6.26-11	15 years ago
3	[ dann frazier ] [ dann frazier ] * sctp: Fix possible kernel panic in sctp_sf_abort_violation (CVE-2008-4618) [ Martin Michlmayr ] * DNS-323: add support for revision B1 machines (Matthew Palmer). * ext3/ext4: Add support for non-native signed/unsigned htree hash algorithms (Theodore Ts'o). (closes: #493957) * [arm/ixp4xx] Enable USB_ACM (closes: #504723). [ Bastian Blank ] * agp: Fix stolen memory counting on Intel G4X. (closes: #502606) * Add stable release 2.6.26.7: - security: avoid calling a NULL function pointer in drivers/video/tvaudio.c - DVB: au0828: add support for another USB id for Hauppauge HVR950Q - drm/i915: fix ioremap of a user address for non-root (CVE-2008-3831) - ACPI: Ignore _BQC object when registering backlight device - hwmon: (it87) Prevent power-off on Shuttle SN68PT - Check mapped ranges on sysfs resource files - x86: avoid dereferencing beyond stack + THREAD_SIZE - PCI: disable ASPM on pre-1.1 PCIe devices - PCI: disable ASPM per ACPI FADT setting - V4L/DVB (9053): fix buffer overflow in uvc-video - V4L/DVB (8617): uvcvideo: don't use stack-based buffers for USB transfers. - V4L/DVB (8498): uvcvideo: Return sensible min and max values when querying a boolean control. - V4L: zr36067: Fix RGBR pixel format - V4L: bttv: Prevent NULL pointer dereference in radio_open - libata: fix EH action overwriting in ata_eh_reset() - libata: always do follow-up SRST if hardreset returned -EAGAIN - fbcon_set_all_vcs: fix kernel crash when switching the rotated consoles - modules: fix module "notes" kobject leak - b43legacy: Fix failure in rate-adjustment mechanism - CIFS: make sure we have the right resume info before calling CIFSFindNext - sched_rt.c: resch needed in rt_rq_enqueue() for the root rt_rq - tty: Termios locking - sort out real_tty confusions and lock reads - x86, early_ioremap: fix fencepost error - x86: improve UP kernel when CPU-hotplug and SMP is enabled - x86: Reserve FIRST_DEVICE_VECTOR in used_vectors bitmap. * [xen] Remove pte file workaround. [ Ian Campbell ] * [xen] Disable usage of PAT. (closes: #503821)	Bastian Blank	2.6.26-10	15 years ago
2	[ dann frazier ] [ dann frazier ] * [x86] Fix broken LDT access in VMI (CVE-2008-4410) * ata: Fix off-by-one-error that causes errors when reading a block on the LBA28-LBA48 boundary * [s390] prevent ptrace padding area read/write in 31-bit mode (CVE-2008-1514) [ Bastian Blank ] * Fix generation of i386 Xen image information. * [i386] Restrict the usage of long NOPs. (closes: #464962) * Fix access to uninitialized user keyring. (closes: #500279) * [x86] Fix detection of non-PNP RTC devices. (closes: #499230)	Bastian Blank	2.6.26-8	15 years ago
1	Import upstream version 2.6.26 Import upstream version 2.6.26	Bastian Blank	upstream-2.6.26	15 years ago