[kernel] r14188 - in dists/etch/linux-2.6: . debian debian/patches/bugfix/all debian/patches/bugfix/hppa debian/patches/series

Dann Frazier dannf at alioth.debian.org
Tue Aug 25 05:12:22 UTC 2009


Author: dannf
Date: Tue Aug 25 05:12:20 2009
New Revision: 14188

Log:
merge 2.6.18.dfsg.1-24etch4

Added:
   dists/etch/linux-2.6/debian/patches/bugfix/all/do_sigaltstack-avoid-copying-stack_t-as-a-structure-to-userspace.patch
      - copied unchanged from r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/bugfix/all/do_sigaltstack-avoid-copying-stack_t-as-a-structure-to-userspace.patch
   dists/etch/linux-2.6/debian/patches/bugfix/all/do_sigaltstack-small-cleanups.patch
      - copied unchanged from r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/bugfix/all/do_sigaltstack-small-cleanups.patch
   dists/etch/linux-2.6/debian/patches/bugfix/all/execve-must-clear-current-clear_child_tid.patch
      - copied unchanged from r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/bugfix/all/execve-must-clear-current-clear_child_tid.patch
   dists/etch/linux-2.6/debian/patches/bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch
      - copied unchanged from r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch
   dists/etch/linux-2.6/debian/patches/bugfix/all/udp-fix-MSG_PROBE-crash.patch
      - copied unchanged from r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/bugfix/all/udp-fix-MSG_PROBE-crash.patch
   dists/etch/linux-2.6/debian/patches/bugfix/hppa/isa-eeprom-fix-loff_t-usage.patch
      - copied unchanged from r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/bugfix/hppa/isa-eeprom-fix-loff_t-usage.patch
   dists/etch/linux-2.6/debian/patches/series/24etch4
      - copied unchanged from r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/series/24etch4
Modified:
   dists/etch/linux-2.6/   (props changed)
   dists/etch/linux-2.6/debian/changelog

Modified: dists/etch/linux-2.6/debian/changelog
==============================================================================
--- dists/etch/linux-2.6/debian/changelog	Tue Aug 25 05:09:35 2009	(r14187)
+++ dists/etch/linux-2.6/debian/changelog	Tue Aug 25 05:12:20 2009	(r14188)
@@ -1,6 +1,6 @@
 linux-2.6 (2.6.18.dfsg.1-27) UNRELEASED; urgency=high
 
-  * Merge changes from 2.6.18.dfsg.1-24etch3
+  * Merge changes from 2.6.18.dfsg.1-24etch[3,4]
 
  -- dann frazier <dannf at debian.org>  Sun, 16 Aug 2009 13:40:08 -0600
 
@@ -20,6 +20,18 @@
 
  -- dann fraizer <dannf at debian.org>  Mon, 18 May 2009 23:52:52 -0600
 
+linux-2.6 (2.6.18.dfsg.1-24etch4) oldstable-security; urgency=high
+
+  * [parisc] isa-eeprom - Fix loff_t usage (CVE-2009-2846)
+  * do_sigaltstack: avoid copying 'stack_t' as a structure to user space
+    (CVE-2009-2847)
+  * execve: must clear current->clear_child_tid (CVE-2009-2848)
+  * md: avoid dereferencing NULL pointer when accessing suspend_* sysfs
+    attributes (CVE-2009-2849)
+  * [UDP]: Fix MSG_PROBE crash (CVE-2009-2698)
+
+ -- dann frazier <dannf at debian.org>  Thu, 20 Aug 2009 15:00:41 -0600
+
 linux-2.6 (2.6.18.dfsg.1-24etch3) oldstable-security; urgency=high
 
   * e1000: add missing length check to e1000 receive routine (CVE-2009-1385)
@@ -30,7 +42,6 @@
 
  -- dann frazier <dannf at debian.org>  Sat, 15 Aug 2009 11:13:20 -0600
 
->>>>>>> .merge-right.r14121
 linux-2.6 (2.6.18.dfsg.1-24etch2) oldstable-security; urgency=high
 
   * Fix mips FTBFS due to a missed rename of the mips-specific

Copied: dists/etch/linux-2.6/debian/patches/bugfix/all/do_sigaltstack-avoid-copying-stack_t-as-a-structure-to-userspace.patch (from r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/bugfix/all/do_sigaltstack-avoid-copying-stack_t-as-a-structure-to-userspace.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch/linux-2.6/debian/patches/bugfix/all/do_sigaltstack-avoid-copying-stack_t-as-a-structure-to-userspace.patch	Tue Aug 25 05:12:20 2009	(r14188, copy of r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/bugfix/all/do_sigaltstack-avoid-copying-stack_t-as-a-structure-to-userspace.patch)
@@ -0,0 +1,61 @@
+commit 0083fc2c50e6c5127c2802ad323adf8143ab7856
+Author: Linus Torvalds <torvalds at linux-foundation.org>
+Date:   Sat Aug 1 10:34:56 2009 -0700
+
+    do_sigaltstack: avoid copying 'stack_t' as a structure to user space
+    
+    Ulrich Drepper correctly points out that there is generally padding in
+    the structure on 64-bit hosts, and that copying the structure from
+    kernel to user space can leak information from the kernel stack in those
+    padding bytes.
+    
+    Avoid the whole issue by just copying the three members one by one
+    instead, which also means that the function also can avoid the need for
+    a stack frame.  This also happens to match how we copy the new structure
+    from user space, so it all even makes sense.
+    
+    [ The obvious solution of adding a memset() generates horrid code, gcc
+      does really stupid things. ]
+    
+    Reported-by: Ulrich Drepper <drepper at redhat.com>
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+Adjusted to apply to Debian's 2.6.30 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.30.orig/kernel/signal.c linux-source-2.6.30/kernel/signal.c
+--- linux-source-2.6.30.orig/kernel/signal.c	2009-08-14 18:03:20.000000000 -0600
++++ linux-source-2.6.30/kernel/signal.c	2009-08-14 18:04:08.000000000 -0600
+@@ -2414,11 +2414,9 @@ do_sigaltstack (const stack_t __user *us
+ 	stack_t oss;
+ 	int error;
+ 
+-	if (uoss) {
+-		oss.ss_sp = (void __user *) current->sas_ss_sp;
+-		oss.ss_size = current->sas_ss_size;
+-		oss.ss_flags = sas_ss_flags(sp);
+-	}
++	oss.ss_sp = (void __user *) current->sas_ss_sp;
++	oss.ss_size = current->sas_ss_size;
++	oss.ss_flags = sas_ss_flags(sp);
+ 
+ 	if (uss) {
+ 		void __user *ss_sp;
+@@ -2461,13 +2459,16 @@ do_sigaltstack (const stack_t __user *us
+ 		current->sas_ss_size = ss_size;
+ 	}
+ 
++	error = 0;
+ 	if (uoss) {
+ 		error = -EFAULT;
+-		if (copy_to_user(uoss, &oss, sizeof(oss)))
++		if (!access_ok(VERIFY_WRITE, uoss, sizeof(*uoss)))
+ 			goto out;
++		error = __put_user(oss.ss_sp, &uoss->ss_sp) |
++			__put_user(oss.ss_size, &uoss->ss_size) |
++			__put_user(oss.ss_flags, &uoss->ss_flags);
+ 	}
+ 
+-	error = 0;
+ out:
+ 	return error;
+ }

Copied: dists/etch/linux-2.6/debian/patches/bugfix/all/do_sigaltstack-small-cleanups.patch (from r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/bugfix/all/do_sigaltstack-small-cleanups.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch/linux-2.6/debian/patches/bugfix/all/do_sigaltstack-small-cleanups.patch	Tue Aug 25 05:12:20 2009	(r14188, copy of r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/bugfix/all/do_sigaltstack-small-cleanups.patch)
@@ -0,0 +1,35 @@
+commit 0dd8486b5cfe8048e0613334659d9252ecd1b08a
+Author: Linus Torvalds <torvalds at linux-foundation.org>
+Date:   Sat Aug 1 11:18:56 2009 -0700
+
+    do_sigaltstack: small cleanups
+    
+    The previous commit ("do_sigaltstack: avoid copying 'stack_t' as a
+    structure to user space") fixed a real bug.  This one just cleans up the
+    copy from user space to that gcc can generate better code for it (and so
+    that it looks the same as the later copy back to user space).
+    
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+Adjusted to apply to Debian's 2.6.30 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.30.orig/kernel/signal.c linux-source-2.6.30/kernel/signal.c
+--- linux-source-2.6.30.orig/kernel/signal.c	2009-08-14 18:04:08.000000000 -0600
++++ linux-source-2.6.30/kernel/signal.c	2009-08-14 18:05:13.000000000 -0600
+@@ -2424,10 +2424,12 @@ do_sigaltstack (const stack_t __user *us
+ 		int ss_flags;
+ 
+ 		error = -EFAULT;
+-		if (!access_ok(VERIFY_READ, uss, sizeof(*uss))
+-		    || __get_user(ss_sp, &uss->ss_sp)
+-		    || __get_user(ss_flags, &uss->ss_flags)
+-		    || __get_user(ss_size, &uss->ss_size))
++		if (!access_ok(VERIFY_READ, uss, sizeof(*uss)))
++			goto out;
++		error = __get_user(ss_sp, &uss->ss_sp) |
++			__get_user(ss_flags, &uss->ss_flags) |
++			__get_user(ss_size, &uss->ss_size);
++		if (error)
+ 			goto out;
+ 
+ 		error = -EPERM;

Copied: dists/etch/linux-2.6/debian/patches/bugfix/all/execve-must-clear-current-clear_child_tid.patch (from r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/bugfix/all/execve-must-clear-current-clear_child_tid.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch/linux-2.6/debian/patches/bugfix/all/execve-must-clear-current-clear_child_tid.patch	Tue Aug 25 05:12:20 2009	(r14188, copy of r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/bugfix/all/execve-must-clear-current-clear_child_tid.patch)
@@ -0,0 +1,119 @@
+commit 9c8a8228d0827e0d91d28527209988f672f97d28
+Author: Eric Dumazet <eric.dumazet at gmail.com>
+Date:   Thu Aug 6 15:09:28 2009 -0700
+
+    execve: must clear current->clear_child_tid
+    
+    While looking at Jens Rosenboom bug report
+    (http://lkml.org/lkml/2009/7/27/35) about strange sys_futex call done from
+    a dying "ps" program, we found following problem.
+    
+    clone() syscall has special support for TID of created threads.  This
+    support includes two features.
+    
+    One (CLONE_CHILD_SETTID) is to set an integer into user memory with the
+    TID value.
+    
+    One (CLONE_CHILD_CLEARTID) is to clear this same integer once the created
+    thread dies.
+    
+    The integer location is a user provided pointer, provided at clone()
+    time.
+    
+    kernel keeps this pointer value into current->clear_child_tid.
+    
+    At execve() time, we should make sure kernel doesnt keep this user
+    provided pointer, as full user memory is replaced by a new one.
+    
+    As glibc fork() actually uses clone() syscall with CLONE_CHILD_SETTID and
+    CLONE_CHILD_CLEARTID set, chances are high that we might corrupt user
+    memory in forked processes.
+    
+    Following sequence could happen:
+    
+    1) bash (or any program) starts a new process, by a fork() call that
+       glibc maps to a clone( ...  CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID
+       ...) syscall
+    
+    2) When new process starts, its current->clear_child_tid is set to a
+       location that has a meaning only in bash (or initial program) context
+       (&THREAD_SELF->tid)
+    
+    3) This new process does the execve() syscall to start a new program.
+       current->clear_child_tid is left unchanged (a non NULL value)
+    
+    4) If this new program creates some threads, and initial thread exits,
+       kernel will attempt to clear the integer pointed by
+       current->clear_child_tid from mm_release() :
+    
+            if (tsk->clear_child_tid
+                && !(tsk->flags & PF_SIGNALED)
+                && atomic_read(&mm->mm_users) > 1) {
+                    u32 __user * tidptr = tsk->clear_child_tid;
+                    tsk->clear_child_tid = NULL;
+    
+                    /*
+                     * We don't check the error code - if userspace has
+                     * not set up a proper pointer then tough luck.
+                     */
+    << here >>      put_user(0, tidptr);
+                    sys_futex(tidptr, FUTEX_WAKE, 1, NULL, NULL, 0);
+            }
+    
+    5) OR : if new program is not multi-threaded, but spied by /proc/pid
+       users (ps command for example), mm_users > 1, and the exiting program
+       could corrupt 4 bytes in a persistent memory area (shm or memory mapped
+       file)
+    
+    If current->clear_child_tid points to a writeable portion of memory of the
+    new program, kernel happily and silently corrupts 4 bytes of memory, with
+    unexpected effects.
+    
+    Fix is straightforward and should not break any sane program.
+    
+    Reported-by: Jens Rosenboom <jens at mcbone.net>
+    Acked-by: Linus Torvalds <torvalds at linux-foundation.org>
+    Signed-off-by: Eric Dumazet <eric.dumazet at gmail.com>
+    Signed-off-by: Oleg Nesterov <oleg at redhat.com>
+    Cc: Peter Zijlstra <peterz at infradead.org>
+    Cc: Sonny Rao <sonnyrao at us.ibm.com>
+    Cc: Ingo Molnar <mingo at elte.hu>
+    Cc: Thomas Gleixner <tglx at linutronix.de>
+    Cc: Ulrich Drepper <drepper at redhat.com>
+    Cc: Oleg Nesterov <oleg at redhat.com>
+    Cc: <stable at kernel.org>
+    Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+Backported to Debian's 2.6.18 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.18.orig/kernel/fork.c linux-source-2.6.18/kernel/fork.c
+--- linux-source-2.6.18.orig/kernel/fork.c	2009-08-15 12:05:16.000000000 -0600
++++ linux-source-2.6.18/kernel/fork.c	2009-08-20 14:35:30.000000000 -0600
+@@ -439,16 +439,17 @@ void mm_release(struct task_struct *tsk,
+ 		tsk->vfork_done = NULL;
+ 		complete(vfork_done);
+ 	}
+-	if (tsk->clear_child_tid && atomic_read(&mm->mm_users) > 1) {
+-		u32 __user * tidptr = tsk->clear_child_tid;
++	if (tsk->clear_child_tid) {
++		if (atomic_read(&mm->mm_users) > 1) {
++			/*
++			 * We don't check the error code - if userspace has
++			 * not set up a proper pointer then tough luck.
++			 */
++			put_user(0, tsk->clear_child_tid);
++			sys_futex(tsk->clear_child_tid, FUTEX_WAKE,
++					1, NULL, NULL, 0);
++		}
+ 		tsk->clear_child_tid = NULL;
+-
+-		/*
+-		 * We don't check the error code - if userspace has
+-		 * not set up a proper pointer then tough luck.
+-		 */
+-		put_user(0, tidptr);
+-		sys_futex(tidptr, FUTEX_WAKE, 1, NULL, NULL, 0);
+ 	}
+ }
+ 

Copied: dists/etch/linux-2.6/debian/patches/bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch (from r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch/linux-2.6/debian/patches/bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch	Tue Aug 25 05:12:20 2009	(r14188, copy of r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch)
@@ -0,0 +1,39 @@
+commit b8d966efd9a46a9a35beac50cbff6e30565125ef
+Author: NeilBrown <neilb at suse.de>
+Date:   Wed Jul 1 11:14:04 2009 +1000
+
+    md: avoid dereferencing NULL pointer when accessing suspend_* sysfs attributes.
+    
+    If we try to modify one of the md/ sysfs files
+      suspend_lo or suspend_hi
+    when the array is not active, we dereference a NULL.
+    Protect against that.
+    
+    Cc: stable at kernel.org
+    Signed-off-by: NeilBrown <neilb at suse.de>
+
+Adjusted to apply to Debian's 2.6.18 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.18.orig/drivers/md/md.c linux-source-2.6.18/drivers/md/md.c
+--- linux-source-2.6.18.orig/drivers/md/md.c	2009-08-15 12:05:07.000000000 -0600
++++ linux-source-2.6.18/drivers/md/md.c	2009-08-20 15:02:27.000000000 -0600
+@@ -2772,7 +2772,8 @@ suspend_lo_store(mddev_t *mddev, const c
+ 	char *e;
+ 	unsigned long long new = simple_strtoull(buf, &e, 10);
+ 
+-	if (mddev->pers->quiesce == NULL)
++	if (mddev->pers == NULL || 
++	    mddev->pers->quiesce == NULL)
+ 		return -EINVAL;
+ 	if (buf == e || (*e && *e != '\n'))
+ 		return -EINVAL;
+@@ -2800,7 +2801,8 @@ suspend_hi_store(mddev_t *mddev, const c
+ 	char *e;
+ 	unsigned long long new = simple_strtoull(buf, &e, 10);
+ 
+-	if (mddev->pers->quiesce == NULL)
++	if (mddev->pers == NULL ||
++	    mddev->pers->quiesce == NULL)
+ 		return -EINVAL;
+ 	if (buf == e || (*e && *e != '\n'))
+ 		return -EINVAL;

Copied: dists/etch/linux-2.6/debian/patches/bugfix/all/udp-fix-MSG_PROBE-crash.patch (from r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/bugfix/all/udp-fix-MSG_PROBE-crash.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch/linux-2.6/debian/patches/bugfix/all/udp-fix-MSG_PROBE-crash.patch	Tue Aug 25 05:12:20 2009	(r14188, copy of r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/bugfix/all/udp-fix-MSG_PROBE-crash.patch)
@@ -0,0 +1,43 @@
+commit 1e0c14f49d6b393179f423abbac47f85618d3d46
+Author: Herbert Xu <herbert at gondor.apana.org.au>
+Date:   Tue Oct 3 14:35:49 2006 -0700
+
+    [UDP]: Fix MSG_PROBE crash
+    
+    UDP tracks corking status through the pending variable.  The
+    IP layer also tracks it through the socket write queue.  It
+    is possible for the two to get out of sync when MSG_PROBE is
+    used.
+    
+    This patch changes UDP to check the write queue to ensure
+    that the two stay in sync.
+    
+    Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
+index 6d6142f..865d752 100644
+--- a/net/ipv4/udp.c
++++ b/net/ipv4/udp.c
+@@ -675,6 +675,8 @@ do_append_data:
+ 		udp_flush_pending_frames(sk);
+ 	else if (!corkreq)
+ 		err = udp_push_pending_frames(sk, up);
++	else if (unlikely(skb_queue_empty(&sk->sk_write_queue)))
++		up->pending = 0;
+ 	release_sock(sk);
+ 
+ out:
+diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
+index 552ec0f..e0c3934 100644
+--- a/net/ipv6/udp.c
++++ b/net/ipv6/udp.c
+@@ -770,6 +770,8 @@ do_append_data:
+ 		udp_v6_flush_pending_frames(sk);
+ 	else if (!corkreq)
+ 		err = udp_v6_push_pending_frames(sk, up);
++	else if (unlikely(skb_queue_empty(&sk->sk_write_queue)))
++		up->pending = 0;
+ 
+ 	if (dst) {
+ 		if (connected) {

Copied: dists/etch/linux-2.6/debian/patches/bugfix/hppa/isa-eeprom-fix-loff_t-usage.patch (from r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/bugfix/hppa/isa-eeprom-fix-loff_t-usage.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch/linux-2.6/debian/patches/bugfix/hppa/isa-eeprom-fix-loff_t-usage.patch	Tue Aug 25 05:12:20 2009	(r14188, copy of r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/bugfix/hppa/isa-eeprom-fix-loff_t-usage.patch)
@@ -0,0 +1,28 @@
+commit 6b4dbcd86a9d464057fcc7abe4d0574093071fcc
+Author: Michael Buesch <mb at bu3sch.de>
+Date:   Mon Jul 20 22:58:44 2009 +0000
+
+    parisc: isa-eeprom - Fix loff_t usage
+    
+    loff_t is a signed type. If userspace passes a negative ppos, the "count"
+    range check is weakened. "count"s bigger than HPEE_MAX_LENGTH will pass the check.
+    Also, if ppos is negative, the readb(eisa_eeprom_addr + *ppos) will poke in random
+    memory.
+    
+    Signed-off-by: Michael Buesch <mb at bu3sch.de>
+    Cc: stable at kernel.org
+    Signed-off-by: Helge Deller <deller at gmx.de>
+
+diff --git a/drivers/parisc/eisa_eeprom.c b/drivers/parisc/eisa_eeprom.c
+index 685d94e..8c0b26e 100644
+--- a/drivers/parisc/eisa_eeprom.c
++++ b/drivers/parisc/eisa_eeprom.c
+@@ -55,7 +55,7 @@ static ssize_t eisa_eeprom_read(struct file * file,
+ 	ssize_t ret;
+ 	int i;
+ 	
+-	if (*ppos >= HPEE_MAX_LENGTH)
++	if (*ppos < 0 || *ppos >= HPEE_MAX_LENGTH)
+ 		return 0;
+ 	
+ 	count = *ppos + count < HPEE_MAX_LENGTH ? count : HPEE_MAX_LENGTH - *ppos;

Copied: dists/etch/linux-2.6/debian/patches/series/24etch4 (from r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/series/24etch4)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch/linux-2.6/debian/patches/series/24etch4	Tue Aug 25 05:12:20 2009	(r14188, copy of r14187, releases/linux-2.6/2.6.18.dfsg.1-24etch4/debian/patches/series/24etch4)
@@ -0,0 +1,6 @@
++ bugfix/hppa/isa-eeprom-fix-loff_t-usage.patch
++ bugfix/all/do_sigaltstack-avoid-copying-stack_t-as-a-structure-to-userspace.patch
++ bugfix/all/do_sigaltstack-small-cleanups.patch
++ bugfix/all/execve-must-clear-current-clear_child_tid.patch
++ bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch
++ bugfix/all/udp-fix-MSG_PROBE-crash.patch



More information about the Kernel-svn-changes mailing list