[kernel] r13617 - in dists/lenny/linux-2.6: . debian debian/patches/bugfix debian/patches/bugfix/all debian/patches/bugfix/all/CVE-2009-0029 debian/patches/bugfix/ia64 debian/patches/bugfix/mips debian/patches/bugfix/parisc debian/patches/bugfix/x86 debian/patches/features/all/openvz debian/patches/features/all/vserver debian/patches/features/all/xen debian/patches/features/x86 debian/patches/series
Dann Frazier
dannf at alioth.debian.org
Fri May 15 21:06:37 UTC 2009
Author: dannf
Date: Fri May 15 21:06:35 2009
New Revision: 13617
Log:
merge 2.6.26-15lenny2
Added:
dists/lenny/linux-2.6/debian/patches/bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch
- copied unchanged from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch
dists/lenny/linux-2.6/debian/patches/bugfix/all/agp-zero-pages-before-sending-to-userspace.patch
- copied unchanged from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/agp-zero-pages-before-sending-to-userspace.patch
dists/lenny/linux-2.6/debian/patches/bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch
- copied unchanged from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch
dists/lenny/linux-2.6/debian/patches/bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch
- copied unchanged from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch
dists/lenny/linux-2.6/debian/patches/bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch
- copied unchanged from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch
dists/lenny/linux-2.6/debian/patches/bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch
- copied unchanged from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch
dists/lenny/linux-2.6/debian/patches/bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch
- copied unchanged from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch
dists/lenny/linux-2.6/debian/patches/bugfix/all/fix-off-by-2-error-in-console-selection.patch
- copied unchanged from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/fix-off-by-2-error-in-console-selection.patch
dists/lenny/linux-2.6/debian/patches/bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch
- copied unchanged from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch
dists/lenny/linux-2.6/debian/patches/bugfix/all/nfsd-drop-CAP_MKNOD-for-non-root.patch
- copied unchanged from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/nfsd-drop-CAP_MKNOD-for-non-root.patch
dists/lenny/linux-2.6/debian/patches/bugfix/all/seccomp-fix-32+64-syscall-hole.patch
- copied unchanged from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/seccomp-fix-32+64-syscall-hole.patch
dists/lenny/linux-2.6/debian/patches/bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch
- copied unchanged from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch
dists/lenny/linux-2.6/debian/patches/bugfix/all/unreached-code-in-selinux_ip_postroute_iptables_compat.patch
- copied unchanged from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/unreached-code-in-selinux_ip_postroute_iptables_compat.patch
dists/lenny/linux-2.6/debian/patches/bugfix/mips/implement-is_compat_task.patch
- copied unchanged from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/mips/implement-is_compat_task.patch
dists/lenny/linux-2.6/debian/patches/bugfix/x86/kvm-vmx-inhibit-EFER-access.patch
- copied unchanged from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/x86/kvm-vmx-inhibit-EFER-access.patch
dists/lenny/linux-2.6/debian/patches/bugfix/x86/syscall-audit-fix-32+64-syscall-hole.patch
- copied unchanged from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/x86/syscall-audit-fix-32+64-syscall-hole.patch
dists/lenny/linux-2.6/debian/patches/series/15lenny1
- copied unchanged from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/series/15lenny1
dists/lenny/linux-2.6/debian/patches/series/15lenny2
- copied unchanged from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/series/15lenny2
Modified:
dists/lenny/linux-2.6/ (props changed)
dists/lenny/linux-2.6/debian/changelog
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0001-Move-compat-system-call-declarations.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0002-Convert-all-system-calls-to-return-a.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0003-Rename-old_readdir-to-sys_old_readdi.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0004-Remove-__attribute__-weak-from-sy.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0004pre1-ia64-kill-sys32_pipe.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0005-Make-sys_pselect7-static.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0006-Make-sys_syslog-a-conditional-system.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0007-System-call-wrapper-infrastructure.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0008-powerpc-Enable-syscall-wrappers-for.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0009-s390-enable-system-call-wrappers.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0010-System-call-wrapper-special-cases.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0011-System-call-wrappers-part-01.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0012-System-call-wrappers-part-02.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0013-System-call-wrappers-part-03.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0014-System-call-wrappers-part-04.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0015-System-call-wrappers-part-05.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0016-System-call-wrappers-part-06.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0017-System-call-wrappers-part-07.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0018-System-call-wrappers-part-08.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0019-System-call-wrappers-part-09.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0020-System-call-wrappers-part-10.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0021-System-call-wrappers-part-11.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0022-System-call-wrappers-part-12.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0023-System-call-wrappers-part-13.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0024-System-call-wrappers-part-14.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0025-System-call-wrappers-part-15.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0026-System-call-wrappers-part-16.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0027-System-call-wrappers-part-17.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0028-System-call-wrappers-part-18.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0029-System-call-wrappers-part-19.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0030-System-call-wrappers-part-20.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0031-System-call-wrappers-part-21.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0032-System-call-wrappers-part-22.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0033-System-call-wrappers-part-23.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0034-System-call-wrappers-part-24.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0035-System-call-wrappers-part-25.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0036-System-call-wrappers-part-26.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0037-System-call-wrappers-part-27.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0038-System-call-wrappers-part-28.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0038pre1-missing-include.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0039-System-call-wrappers-part-29.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0040-System-call-wrappers-part-30.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0041-System-call-wrappers-part-31.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0042-System-call-wrappers-part-32.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0043-System-call-wrappers-part-33.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0044-s390-specific-system-call-wrappers.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/cciss-p711m,p712m-add-ids.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/hfs-fix-namelength-memory-corruption.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/hfsplus-check_read_mapping_page-return-value.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/all/hfsplus-fix-Buffer-overflow-with-a-corrupted-image.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/ia64/cpu0-early-access-per-cpu-vars.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/parisc/disable-up-optimized-flush_tlb_mm.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/wan-sbni_ioctl-cap-checks.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/x86/add-copy_user_handle_tail.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/x86/amd-opteron-tom2-mask-val-fix.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/x86/fix-broken-LDT-access-in-VMI.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/x86/fix-copy_user.patch (props changed)
dists/lenny/linux-2.6/debian/patches/bugfix/x86/i915-restrict-DRM_I915_HWS_ADDR.patch (props changed)
dists/lenny/linux-2.6/debian/patches/features/all/openvz/openvz.patch
dists/lenny/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.35.patch (contents, props changed)
dists/lenny/linux-2.6/debian/patches/features/all/xen/tip-x86.patch (props changed)
dists/lenny/linux-2.6/debian/patches/features/x86/drivers-hp_ilo.patch (props changed)
dists/lenny/linux-2.6/debian/patches/series/1 (props changed)
dists/lenny/linux-2.6/debian/patches/series/1-extra (props changed)
dists/lenny/linux-2.6/debian/patches/series/13lenny1 (props changed)
Modified: dists/lenny/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny/linux-2.6/debian/changelog Fri May 15 21:01:40 2009 (r13616)
+++ dists/lenny/linux-2.6/debian/changelog Fri May 15 21:06:35 2009 (r13617)
@@ -33,6 +33,35 @@
-- maximilian attems <maks at debian.org> Mon, 30 Mar 2009 17:11:49 +0200
+linux-2.6 (2.6.26-15lenny2) stable-security; urgency=high
+
+ * mips: implement is_compat_task macro, fixing FTBFS introduced
+ by CVE-2009-0835 fix.
+
+ -- dann frazier <dannf at debian.org> Mon, 11 May 2009 11:57:56 -0600
+
+linux-2.6 (2.6.26-15lenny1) stable-security; urgency=high
+
+ * copy_process: fix CLONE_PARENT && parent_exec_id interaction
+ (CVE-2009-0028)
+ * [amd64] syscall-audit: fix 32/64 syscall hole (CVE-2009-0834)
+ * seccomp: fix 32/64 syscall hole (CVE-2009-0835)
+ * shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM (CVE-2009-0859)
+ This issue does not effect pre-build Debian kernels.
+ * Fix an off-by-two memory error in console selection (CVE-2009-1046)
+ * nfsd: drop CAP_MKNOD for non-root (CVE-2009-1072)
+ * af_rose/x25: Sanity check the maximum user frame size (CVE-2009-1265)
+ * KVM: VMX: Don't allow uninhibited access to EFER on i386 (CVE-2009-1242)
+ * exit_notify: kill the wrong capable(CAP_KILL) check (CVE-2009-1337)
+ * Make 'kill sig -1' only apply to caller's namespace (CVE-2009-1338)
+ * cifs: Fix memory overwrite when saving nativeFileSystem field during mount
+ (CVE-2009-1439)
+ * agp: zero pages before sending to userspace (CVE-2009-1192)
+ * Fix unreached code in selinux_ip_postroute_iptables_compat()
+ (CVE-2009-1184)
+
+ -- dann frazier <dannf at debian.org> Mon, 04 May 2009 16:10:11 -0600
+
linux-2.6 (2.6.26-15) stable; urgency=high
* Switch out mips/llseek regression fix for the less invasive one
Copied: dists/lenny/linux-2.6/debian/patches/bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch (from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch Fri May 15 21:06:35 2009 (r13617, copy of r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch)
@@ -0,0 +1,61 @@
+commit 83e0bbcbe2145f160fbaa109b0439dae7f4a38a9
+Author: Alan Cox <alan at lxorguk.ukuu.org.uk>
+Date: Fri Mar 27 00:28:21 2009 -0700
+
+ af_rose/x25: Sanity check the maximum user frame size
+
+ Otherwise we can wrap the sizes and end up sending garbage.
+
+ Closes #10423
+
+ Signed-off-by: Alan Cox <alan at lxorguk.ukuu.org.uk>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/net/netrom/af_netrom.c linux-source-2.6.26/net/netrom/af_netrom.c
+--- linux-source-2.6.26.orig/net/netrom/af_netrom.c 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/net/netrom/af_netrom.c 2009-04-08 00:09:44.000000000 -0600
+@@ -1074,7 +1074,11 @@ static int nr_sendmsg(struct kiocb *iocb
+
+ SOCK_DEBUG(sk, "NET/ROM: sendto: Addresses built.\n");
+
+- /* Build a packet */
++ /* Build a packet - the conventional user limit is 236 bytes. We can
++ do ludicrously large NetROM frames but must not overflow */
++ if (len > 65536)
++ return -EMSGSIZE;
++
+ SOCK_DEBUG(sk, "NET/ROM: sendto: building packet.\n");
+ size = len + NR_NETWORK_LEN + NR_TRANSPORT_LEN;
+
+diff -urpN linux-source-2.6.26.orig/net/rose/af_rose.c linux-source-2.6.26/net/rose/af_rose.c
+--- linux-source-2.6.26.orig/net/rose/af_rose.c 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/net/rose/af_rose.c 2009-04-08 00:09:44.000000000 -0600
+@@ -1110,6 +1110,10 @@ static int rose_sendmsg(struct kiocb *io
+
+ /* Build a packet */
+ SOCK_DEBUG(sk, "ROSE: sendto: building packet.\n");
++ /* Sanity check the packet size */
++ if (len > 65535)
++ return -EMSGSIZE;
++
+ size = len + AX25_BPQ_HEADER_LEN + AX25_MAX_HEADER_LEN + ROSE_MIN_LEN;
+
+ if ((skb = sock_alloc_send_skb(sk, size, msg->msg_flags & MSG_DONTWAIT, &err)) == NULL)
+diff -urpN linux-source-2.6.26.orig/net/x25/af_x25.c linux-source-2.6.26/net/x25/af_x25.c
+--- linux-source-2.6.26.orig/net/x25/af_x25.c 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/net/x25/af_x25.c 2009-04-08 00:09:44.000000000 -0600
+@@ -1042,6 +1042,12 @@ static int x25_sendmsg(struct kiocb *ioc
+ sx25.sx25_addr = x25->dest_addr;
+ }
+
++ /* Sanity check the packet size */
++ if (len > 65535) {
++ rc = -EMSGSIZE;
++ goto out;
++ }
++
+ SOCK_DEBUG(sk, "x25_sendmsg: sendto: Addresses built.\n");
+
+ /* Build a packet */
Copied: dists/lenny/linux-2.6/debian/patches/bugfix/all/agp-zero-pages-before-sending-to-userspace.patch (from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/agp-zero-pages-before-sending-to-userspace.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/agp-zero-pages-before-sending-to-userspace.patch Fri May 15 21:06:35 2009 (r13617, copy of r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/agp-zero-pages-before-sending-to-userspace.patch)
@@ -0,0 +1,27 @@
+commit 59de2bebabc5027f93df999d59cc65df591c3e6e
+Author: Shaohua Li <shaohua.li at intel.com>
+Date: Mon Apr 20 10:08:35 2009 +1000
+
+ agp: zero pages before sending to userspace
+
+ AGP pages might be mapped into userspace finally, so the pages should be
+ set to zero before userspace can use it. Otherwise there is potential
+ information leakage.
+
+ Signed-off-by: Shaohua Li <shaohua.li at intel.com>
+ Signed-off-by: Dave Airlie <airlied at redhat.com>
+
+Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/drivers/char/agp/generic.c linux-source-2.6.26/drivers/char/agp/generic.c
+--- linux-source-2.6.26.orig/drivers/char/agp/generic.c 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/drivers/char/agp/generic.c 2009-04-27 21:32:00.000000000 -0600
+@@ -1182,7 +1182,7 @@ void *agp_generic_alloc_page(struct agp_
+ {
+ struct page * page;
+
+- page = alloc_page(GFP_KERNEL | GFP_DMA32);
++ page = alloc_page(GFP_KERNEL | GFP_DMA32 | __GFP_ZERO);
+ if (page == NULL)
+ return NULL;
+
Copied: dists/lenny/linux-2.6/debian/patches/bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch (from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch Fri May 15 21:06:35 2009 (r13617, copy of r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch)
@@ -0,0 +1,42 @@
+commit f083def68f84b04fe3f97312498911afce79609e
+Author: Jeff Layton <jlayton at redhat.com>
+Date: Thu Apr 16 11:21:52 2009 -0400
+
+ cifs: fix buffer size for tcon->nativeFileSystem field
+
+ The buffer for this was resized recently to fix a bug. It's still
+ possible however that a malicious server could overflow this field
+ by sending characters in it that are >2 bytes in the local charset.
+ Double the size of the buffer to account for this possibility.
+
+ Also get rid of some really strange and seemingly pointless NULL
+ termination. It's NULL terminating the string in the source buffer,
+ but by the time that happens, we've already copied the string.
+
+ Signed-off-by: Jeff Layton <jlayton at redhat.com>
+ Signed-off-by: Steve French <sfrench at us.ibm.com>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/fs/cifs/connect.c linux-source-2.6.26/fs/cifs/connect.c
+--- linux-source-2.6.26.orig/fs/cifs/connect.c 2009-04-20 21:58:14.000000000 -0600
++++ linux-source-2.6.26/fs/cifs/connect.c 2009-04-20 22:06:23.000000000 -0600
+@@ -3466,16 +3466,13 @@ CIFSTCon(unsigned int xid, struct cifsSe
+ BCC(smb_buffer_response)) {
+ kfree(tcon->nativeFileSystem);
+ tcon->nativeFileSystem =
+- kzalloc(2*(length + 1), GFP_KERNEL);
++ kzalloc((4 * length) + 2, GFP_KERNEL);
+ if (tcon->nativeFileSystem)
+ cifs_strfromUCS_le(
+ tcon->nativeFileSystem,
+ (__le16 *) bcc_ptr,
+ length, nls_codepage);
+- bcc_ptr += 2 * length;
+- bcc_ptr[0] = 0; /* null terminate the string */
+- bcc_ptr[1] = 0;
+- bcc_ptr += 2;
++ bcc_ptr += (2 * length) + 2;
+ }
+ /* else do not bother copying these information fields*/
+ } else {
Copied: dists/lenny/linux-2.6/debian/patches/bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch (from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch Fri May 15 21:06:35 2009 (r13617, copy of r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch)
@@ -0,0 +1,29 @@
+commit b363b3304bcf68c4541683b2eff70b29f0446a5b
+Author: Steve French <sfrench at us.ibm.com>
+Date: Wed Mar 18 05:57:22 2009 +0000
+
+ [CIFS] Fix memory overwrite when saving nativeFileSystem field during mount
+
+ CIFS can allocate a few bytes to little for the nativeFileSystem field
+ during tree connect response processing during mount. This can result
+ in a "Redzone overwritten" message to be logged.
+
+ Signed-off-by: Sridhar Vinay <vinaysridhar at in.ibm.com>
+ Acked-by: Shirish Pargaonkar <shirishp at us.ibm.com>
+ CC: Stable <stable at kernel.org>
+ Signed-off-by: Steve French <sfrench at us.ibm.com>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/fs/cifs/connect.c linux-source-2.6.26/fs/cifs/connect.c
+--- linux-source-2.6.26.orig/fs/cifs/connect.c 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/fs/cifs/connect.c 2009-04-20 21:58:14.000000000 -0600
+@@ -3466,7 +3466,7 @@ CIFSTCon(unsigned int xid, struct cifsSe
+ BCC(smb_buffer_response)) {
+ kfree(tcon->nativeFileSystem);
+ tcon->nativeFileSystem =
+- kzalloc(length + 2, GFP_KERNEL);
++ kzalloc(2*(length + 1), GFP_KERNEL);
+ if (tcon->nativeFileSystem)
+ cifs_strfromUCS_le(
+ tcon->nativeFileSystem,
Copied: dists/lenny/linux-2.6/debian/patches/bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch (from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch Fri May 15 21:06:35 2009 (r13617, copy of r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch)
@@ -0,0 +1,26 @@
+commit 22c9d52bc03b880045ab1081890a38f11b272ae7
+Author: Jeff Layton <jlayton at redhat.com>
+Date: Thu Apr 16 13:48:49 2009 -0400
+
+ cifs: remove unneeded bcc_ptr update in CIFSTCon
+
+ This pointer isn't used again after this point. It's also not updated in
+ the ascii case, so there's no need to update it here.
+
+ Pointed-out-by: Dave Kleikamp <shaggy at linux.vnet.ibm.com>
+ Signed-off-by: Jeff Layton <jlayton at redhat.com>
+ Signed-off-by: Steve French <sfrench at us.ibm.com>
+
+Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/fs/cifs/connect.c linux-source-2.6.26/fs/cifs/connect.c
+--- linux-source-2.6.26.orig/fs/cifs/connect.c 2009-04-20 22:23:20.000000000 -0600
++++ linux-source-2.6.26/fs/cifs/connect.c 2009-04-20 22:22:19.000000000 -0600
+@@ -3472,7 +3472,6 @@ CIFSTCon(unsigned int xid, struct cifsSe
+ tcon->nativeFileSystem,
+ (__le16 *) bcc_ptr,
+ length, nls_codepage);
+- bcc_ptr += (2 * length) + 2;
+ }
+ /* else do not bother copying these information fields*/
+ } else {
Copied: dists/lenny/linux-2.6/debian/patches/bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch (from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch Fri May 15 21:06:35 2009 (r13617, copy of r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch)
@@ -0,0 +1,52 @@
+commit 2d5516cbb9daf7d0e342a2e3b0fc6f8c39a81205
+Author: Oleg Nesterov <oleg at redhat.com>
+Date: Mon Mar 2 22:58:45 2009 +0100
+
+ copy_process: fix CLONE_PARENT && parent_exec_id interaction
+
+ CLONE_PARENT can fool the ->self_exec_id/parent_exec_id logic. If we
+ re-use the old parent, we must also re-use ->parent_exec_id to make
+ sure exit_notify() sees the right ->xxx_exec_id's when the CLONE_PARENT'ed
+ task exits.
+
+ Also, move down the "p->parent_exec_id = p->self_exec_id" thing, to place
+ two different cases together.
+
+ Signed-off-by: Oleg Nesterov <oleg at redhat.com>
+ Cc: Roland McGrath <roland at redhat.com>
+ Cc: Andrew Morton <akpm at linux-foundation.org>
+ Cc: David Howells <dhowells at redhat.com>
+ Cc: Serge E. Hallyn <serge at hallyn.com>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+diff -urpN linux-source-2.6.26.orig/kernel/fork.c linux-source-2.6.26/kernel/fork.c
+--- linux-source-2.6.26.orig/kernel/fork.c 2009-03-25 17:20:41.000000000 -0600
++++ linux-source-2.6.26/kernel/fork.c 2009-04-03 19:10:19.000000000 -0600
+@@ -1109,10 +1109,6 @@ static struct task_struct *copy_process(
+ #endif
+ clear_all_latency_tracing(p);
+
+- /* Our parent execution domain becomes current domain
+- These must match for thread signalling to apply */
+- p->parent_exec_id = p->self_exec_id;
+-
+ /* ok, now we should be set up.. */
+ p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 : (clone_flags & CSIGNAL);
+ p->pdeath_signal = 0;
+@@ -1152,10 +1148,13 @@ static struct task_struct *copy_process(
+ set_task_cpu(p, smp_processor_id());
+
+ /* CLONE_PARENT re-uses the old parent */
+- if (clone_flags & (CLONE_PARENT|CLONE_THREAD))
++ if (clone_flags & (CLONE_PARENT|CLONE_THREAD)) {
+ p->real_parent = current->real_parent;
+- else
++ p->parent_exec_id = current->parent_exec_id;
++ } else {
+ p->real_parent = current;
++ p->parent_exec_id = current->self_exec_id;
++ }
+ p->parent = p->real_parent;
+
+ spin_lock(¤t->sighand->siglock);
Copied: dists/lenny/linux-2.6/debian/patches/bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch (from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch Fri May 15 21:06:35 2009 (r13617, copy of r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch)
@@ -0,0 +1,31 @@
+commit 432870dab85a2f69dc417022646cb9a70acf7f94
+Author: Oleg Nesterov <oleg at redhat.com>
+Date: Mon Apr 6 16:16:02 2009 +0200
+
+ exit_notify: kill the wrong capable(CAP_KILL) check
+
+ The CAP_KILL check in exit_notify() looks just wrong, kill it.
+
+ Whatever logic we have to reset ->exit_signal, the malicious user
+ can bypass it if it execs the setuid application before exiting.
+
+ Signed-off-by: Oleg Nesterov <oleg at redhat.com>
+ Acked-by: Serge Hallyn <serue at us.ibm.com>
+ Acked-by: Roland McGrath <roland at redhat.com>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/kernel/exit.c linux-source-2.6.26/kernel/exit.c
+--- linux-source-2.6.26.orig/kernel/exit.c 2009-03-25 17:20:40.000000000 -0600
++++ linux-source-2.6.26/kernel/exit.c 2009-04-17 18:59:15.000000000 -0600
+@@ -868,8 +868,7 @@ static void exit_notify(struct task_stru
+ */
+ if (tsk->exit_signal != SIGCHLD && !task_detached(tsk) &&
+ (tsk->parent_exec_id != tsk->real_parent->self_exec_id ||
+- tsk->self_exec_id != tsk->parent_exec_id) &&
+- !capable(CAP_KILL))
++ tsk->self_exec_id != tsk->parent_exec_id))
+ tsk->exit_signal = SIGCHLD;
+
+ /* If something other than our normal parent is ptracing us, then
Copied: dists/lenny/linux-2.6/debian/patches/bugfix/all/fix-off-by-2-error-in-console-selection.patch (from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/fix-off-by-2-error-in-console-selection.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/fix-off-by-2-error-in-console-selection.patch Fri May 15 21:06:35 2009 (r13617, copy of r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/fix-off-by-2-error-in-console-selection.patch)
@@ -0,0 +1,35 @@
+commit 878b8619f711280fd05845e21956434b5e588cc4
+Author: Mikulas Patocka <mpatocka at redhat.com>
+Date: Fri Jan 30 15:27:14 2009 -0500
+
+ Fix memory corruption in console selection
+
+ Fix an off-by-two memory error in console selection.
+
+ The loop below goes from sel_start to sel_end (inclusive), so it writes
+ one more character. This one more character was added to the allocated
+ size (+1), but it was not multiplied by an UTF-8 multiplier.
+
+ This patch fixes a memory corruption when UTF-8 console is used and the
+ user selects a few characters, all of them 3-byte in UTF-8 (for example
+ a frame line).
+
+ When memory redzones are enabled, a redzone corruption is reported.
+ When they are not enabled, trashing of random memory occurs.
+
+ Signed-off-by: Mikulas Patocka <mpatocka at redhat.com>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/drivers/char/selection.c b/drivers/char/selection.c
+index f29fbe9..cb8ca56 100644
+--- a/drivers/char/selection.c
++++ b/drivers/char/selection.c
+@@ -268,7 +268,7 @@ int set_selection(const struct tiocl_selection __user *sel, struct tty_struct *t
+
+ /* Allocate a new buffer before freeing the old one ... */
+ multiplier = use_unicode ? 3 : 1; /* chars can take up to 3 bytes */
+- bp = kmalloc((sel_end-sel_start)/2*multiplier+1, GFP_KERNEL);
++ bp = kmalloc(((sel_end-sel_start)/2+1)*multiplier, GFP_KERNEL);
+ if (!bp) {
+ printk(KERN_WARNING "selection: kmalloc() failed\n");
+ clear_selection();
Copied: dists/lenny/linux-2.6/debian/patches/bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch (from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch Fri May 15 21:06:35 2009 (r13617, copy of r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch)
@@ -0,0 +1,36 @@
+commit d25141a818383b3c3b09f065698c544a7a0ec6e7
+Author: Sukadev Bhattiprolu <sukadev at linux.vnet.ibm.com>
+Date: Wed Oct 29 14:01:11 2008 -0700
+
+ 'kill sig -1' must only apply to caller's namespace
+
+ Currently "kill <sig> -1" kills processes in all namespaces and breaks the
+ isolation of namespaces. Earlier attempt to fix this was discussed at:
+
+ http://lkml.org/lkml/2008/7/23/148
+
+ As suggested by Oleg Nesterov in that thread, use "task_pid_vnr() > 1"
+ check since task_pid_vnr() returns 0 if process is outside the caller's
+ namespace.
+
+ Signed-off-by: Sukadev Bhattiprolu <sukadev at linux.vnet.ibm.com>
+ Acked-by: Eric W. Biederman <ebiederm at xmission.com>
+ Tested-by: Daniel Hokka Zakrisson <daniel at hozac.com>
+ Signed-off-by: Oleg Nesterov <oleg at redhat.com>
+ Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/kernel/signal.c b/kernel/signal.c
+index 105217d..4530fc6 100644
+--- a/kernel/signal.c
++++ b/kernel/signal.c
+@@ -1144,7 +1144,8 @@ static int kill_something_info(int sig, struct siginfo *info, pid_t pid)
+ struct task_struct * p;
+
+ for_each_process(p) {
+- if (p->pid > 1 && !same_thread_group(p, current)) {
++ if (task_pid_vnr(p) > 1 &&
++ !same_thread_group(p, current)) {
+ int err = group_send_sig_info(sig, info, p);
+ ++count;
+ if (err != -EPERM)
Copied: dists/lenny/linux-2.6/debian/patches/bugfix/all/nfsd-drop-CAP_MKNOD-for-non-root.patch (from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/nfsd-drop-CAP_MKNOD-for-non-root.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/nfsd-drop-CAP_MKNOD-for-non-root.patch Fri May 15 21:06:35 2009 (r13617, copy of r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/nfsd-drop-CAP_MKNOD-for-non-root.patch)
@@ -0,0 +1,36 @@
+commit 76a67ec6fb79ff3570dcb5342142c16098299911
+Author: J. Bruce Fields <bfields at citi.umich.edu>
+Date: Mon Mar 16 18:34:20 2009 -0400
+
+ nfsd: nfsd should drop CAP_MKNOD for non-root
+
+ Since creating a device node is normally an operation requiring special
+ privilege, Igor Zhbanov points out that it is surprising (to say the
+ least) that a client can, for example, create a device node on a
+ filesystem exported with root_squash.
+
+ So, make sure CAP_MKNOD is among the capabilities dropped when an nfsd
+ thread handles a request from a non-root user.
+
+ Reported-by: Igor Zhbanov <izh1979 at gmail.com>
+ Cc: stable at kernel.org
+ Signed-off-by: J. Bruce Fields <bfields at citi.umich.edu>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/include/linux/capability.h linux-source-2.6.26/include/linux/capability.h
+--- linux-source-2.6.26.orig/include/linux/capability.h 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/linux/capability.h 2009-04-05 19:17:27.000000000 -0600
+@@ -382,8 +382,10 @@ typedef struct kernel_cap_struct {
+ # define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }})
+ # define CAP_INIT_EFF_SET ((kernel_cap_t){{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }})
+ # define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0, CAP_FS_MASK_B1 } })
+-# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), \
+- CAP_FS_MASK_B1 } })
++# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
++ | CAP_TO_MASK(CAP_SYS_RESOURCE) \
++ | CAP_TO_MASK(CAP_MKNOD), \
++ CAP_FS_MASK_B1 } })
+
+ #endif /* _KERNEL_CAPABILITY_U32S != 2 */
+
Copied: dists/lenny/linux-2.6/debian/patches/bugfix/all/seccomp-fix-32+64-syscall-hole.patch (from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/seccomp-fix-32+64-syscall-hole.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/seccomp-fix-32+64-syscall-hole.patch Fri May 15 21:06:35 2009 (r13617, copy of r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/seccomp-fix-32+64-syscall-hole.patch)
@@ -0,0 +1,214 @@
+commit 5b1017404aea6d2e552e991b3fd814d839e9cd67
+Author: Roland McGrath <roland at redhat.com>
+Date: Fri Feb 27 23:25:54 2009 -0800
+
+ x86-64: seccomp: fix 32/64 syscall hole
+
+ On x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with
+ ljmp, and then use the "syscall" instruction to make a 64-bit system
+ call. A 64-bit process make a 32-bit system call with int $0x80.
+
+ In both these cases under CONFIG_SECCOMP=y, secure_computing() will use
+ the wrong system call number table. The fix is simple: test TS_COMPAT
+ instead of TIF_IA32. Here is an example exploit:
+
+ /* test case for seccomp circumvention on x86-64
+
+ There are two failure modes: compile with -m64 or compile with -m32.
+
+ The -m64 case is the worst one, because it does "chmod 777 ." (could
+ be any chmod call). The -m32 case demonstrates it was able to do
+ stat(), which can glean information but not harm anything directly.
+
+ A buggy kernel will let the test do something, print, and exit 1; a
+ fixed kernel will make it exit with SIGKILL before it does anything.
+ */
+
+ #define _GNU_SOURCE
+ #include <assert.h>
+ #include <inttypes.h>
+ #include <stdio.h>
+ #include <linux/prctl.h>
+ #include <sys/stat.h>
+ #include <unistd.h>
+ #include <asm/unistd.h>
+
+ int
+ main (int argc, char **argv)
+ {
+ char buf[100];
+ static const char dot[] = ".";
+ long ret;
+ unsigned st[24];
+
+ if (prctl (PR_SET_SECCOMP, 1, 0, 0, 0) != 0)
+ perror ("prctl(PR_SET_SECCOMP) -- not compiled into kernel?");
+
+ #ifdef __x86_64__
+ assert ((uintptr_t) dot < (1UL << 32));
+ asm ("int $0x80 # %0 <- %1(%2 %3)"
+ : "=a" (ret) : "0" (15), "b" (dot), "c" (0777));
+ ret = snprintf (buf, sizeof buf,
+ "result %ld (check mode on .!)\n", ret);
+ #elif defined __i386__
+ asm (".code32\n"
+ "pushl %%cs\n"
+ "pushl $2f\n"
+ "ljmpl $0x33, $1f\n"
+ ".code64\n"
+ "1: syscall # %0 <- %1(%2 %3)\n"
+ "lretl\n"
+ ".code32\n"
+ "2:"
+ : "=a" (ret) : "0" (4), "D" (dot), "S" (&st));
+ if (ret == 0)
+ ret = snprintf (buf, sizeof buf,
+ "stat . -> st_uid=%u\n", st[7]);
+ else
+ ret = snprintf (buf, sizeof buf, "result %ld\n", ret);
+ #else
+ # error "not this one"
+ #endif
+
+ write (1, buf, ret);
+
+ syscall (__NR_exit, 1);
+ return 2;
+ }
+
+ Signed-off-by: Roland McGrath <roland at redhat.com>
+ [ I don't know if anybody actually uses seccomp, but it's enabled in
+ at least both Fedora and SuSE kernels, so maybe somebody is. - Linus ]
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/include/asm-mips/seccomp.h linux-source-2.6.26/include/asm-mips/seccomp.h
+--- linux-source-2.6.26.orig/include/asm-mips/seccomp.h 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/asm-mips/seccomp.h 2009-04-04 11:43:34.000000000 -0600
+@@ -1,6 +1,5 @@
+ #ifndef __ASM_SECCOMP_H
+
+-#include <linux/thread_info.h>
+ #include <linux/unistd.h>
+
+ #define __NR_seccomp_read __NR_read
+diff -urpN linux-source-2.6.26.orig/include/asm-powerpc/compat.h linux-source-2.6.26/include/asm-powerpc/compat.h
+--- linux-source-2.6.26.orig/include/asm-powerpc/compat.h 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/asm-powerpc/compat.h 2009-04-04 11:43:34.000000000 -0600
+@@ -210,5 +210,10 @@ struct compat_shmid64_ds {
+ compat_ulong_t __unused6;
+ };
+
++static inline int is_compat_task(void)
++{
++ return test_thread_flag(TIF_32BIT);
++}
++
+ #endif /* __KERNEL__ */
+ #endif /* _ASM_POWERPC_COMPAT_H */
+diff -urpN linux-source-2.6.26.orig/include/asm-powerpc/seccomp.h linux-source-2.6.26/include/asm-powerpc/seccomp.h
+--- linux-source-2.6.26.orig/include/asm-powerpc/seccomp.h 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/asm-powerpc/seccomp.h 2009-04-04 11:43:33.000000000 -0600
+@@ -1,10 +1,6 @@
+ #ifndef _ASM_POWERPC_SECCOMP_H
+ #define _ASM_POWERPC_SECCOMP_H
+
+-#ifdef __KERNEL__
+-#include <linux/thread_info.h>
+-#endif
+-
+ #include <linux/unistd.h>
+
+ #define __NR_seccomp_read __NR_read
+diff -urpN linux-source-2.6.26.orig/include/asm-sparc64/compat.h linux-source-2.6.26/include/asm-sparc64/compat.h
+--- linux-source-2.6.26.orig/include/asm-sparc64/compat.h 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/asm-sparc64/compat.h 2009-04-04 11:43:32.000000000 -0600
+@@ -240,4 +240,9 @@ struct compat_shmid64_ds {
+ unsigned int __unused2;
+ };
+
++static inline int is_compat_task(void)
++{
++ return test_thread_flag(TIF_32BIT);
++}
++
+ #endif /* _ASM_SPARC64_COMPAT_H */
+diff -urpN linux-source-2.6.26.orig/include/asm-sparc64/seccomp.h linux-source-2.6.26/include/asm-sparc64/seccomp.h
+--- linux-source-2.6.26.orig/include/asm-sparc64/seccomp.h 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/asm-sparc64/seccomp.h 2009-04-04 11:42:11.000000000 -0600
+@@ -1,11 +1,5 @@
+ #ifndef _ASM_SECCOMP_H
+
+-#include <linux/thread_info.h> /* already defines TIF_32BIT */
+-
+-#ifndef TIF_32BIT
+-#error "unexpected TIF_32BIT on sparc64"
+-#endif
+-
+ #include <linux/unistd.h>
+
+ #define __NR_seccomp_read __NR_read
+diff -urpN linux-source-2.6.26.orig/include/asm-x86/seccomp_32.h linux-source-2.6.26/include/asm-x86/seccomp_32.h
+--- linux-source-2.6.26.orig/include/asm-x86/seccomp_32.h 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/asm-x86/seccomp_32.h 2009-04-04 11:42:29.000000000 -0600
+@@ -1,11 +1,5 @@
+ #ifndef _ASM_SECCOMP_H
+
+-#include <linux/thread_info.h>
+-
+-#ifdef TIF_32BIT
+-#error "unexpected TIF_32BIT on i386"
+-#endif
+-
+ #include <linux/unistd.h>
+
+ #define __NR_seccomp_read __NR_read
+diff -urpN linux-source-2.6.26.orig/include/asm-x86/seccomp_64.h linux-source-2.6.26/include/asm-x86/seccomp_64.h
+--- linux-source-2.6.26.orig/include/asm-x86/seccomp_64.h 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/asm-x86/seccomp_64.h 2009-04-04 11:42:47.000000000 -0600
+@@ -1,13 +1,5 @@
+ #ifndef _ASM_SECCOMP_H
+
+-#include <linux/thread_info.h>
+-
+-#ifdef TIF_32BIT
+-#error "unexpected TIF_32BIT on x86_64"
+-#else
+-#define TIF_32BIT TIF_IA32
+-#endif
+-
+ #include <linux/unistd.h>
+ #include <asm/ia32_unistd.h>
+
+diff -urpN linux-source-2.6.26.orig/kernel/seccomp.c linux-source-2.6.26/kernel/seccomp.c
+--- linux-source-2.6.26.orig/kernel/seccomp.c 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/kernel/seccomp.c 2009-04-04 11:43:28.000000000 -0600
+@@ -8,6 +8,7 @@
+
+ #include <linux/seccomp.h>
+ #include <linux/sched.h>
++#include <linux/compat.h>
+
+ /* #define SECCOMP_DEBUG 1 */
+ #define NR_SECCOMP_MODES 1
+@@ -22,7 +23,7 @@ static int mode1_syscalls[] = {
+ 0, /* null terminated */
+ };
+
+-#ifdef TIF_32BIT
++#ifdef CONFIG_COMPAT
+ static int mode1_syscalls_32[] = {
+ __NR_seccomp_read_32, __NR_seccomp_write_32, __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32,
+ 0, /* null terminated */
+@@ -37,8 +38,8 @@ void __secure_computing(int this_syscall
+ switch (mode) {
+ case 1:
+ syscall = mode1_syscalls;
+-#ifdef TIF_32BIT
+- if (test_thread_flag(TIF_32BIT))
++#ifdef CONFIG_COMPAT
++ if (is_compat_task())
+ syscall = mode1_syscalls_32;
+ #endif
+ do {
Copied: dists/lenny/linux-2.6/debian/patches/bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch (from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch Fri May 15 21:06:35 2009 (r13617, copy of r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch)
@@ -0,0 +1,46 @@
+commit a68e61e8ff2d46327a37b69056998b47745db6fa
+Author: Tony Battersby <tonyb at cybernetics.com>
+Date: Wed Feb 4 15:12:04 2009 -0800
+
+ shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM
+
+ shm_get_stat() assumes that the inode is a "struct shmem_inode_info",
+ which is incorrect for !CONFIG_SHMEM (see fs/ramfs/inode.c:
+ ramfs_get_inode() vs. mm/shmem.c: shmem_get_inode()).
+
+ This bad assumption can cause shmctl(SHM_INFO) to lockup when
+ shm_get_stat() tries to spin_lock(&info->lock). Users of !CONFIG_SHMEM
+ may encounter this lockup simply by invoking the 'ipcs' command.
+
+ Reported by Jiri Olsa back in February 2008:
+ http://lkml.org/lkml/2008/2/29/74
+
+ Signed-off-by: Tony Battersby <tonyb at cybernetics.com>
+ Cc: Jiri Kosina <jkosina at suse.cz>
+ Reported-by: Jiri Olsa <olsajiri at gmail.com>
+ Cc: Hugh Dickins <hugh at veritas.com>
+ Cc: <stable at kernel.org> [2.6.everything]
+ Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org
+
+diff -urpN linux-source-2.6.26.orig/ipc/shm.c linux-source-2.6.26/ipc/shm.c
+--- linux-source-2.6.26.orig/ipc/shm.c 2009-03-25 17:20:41.000000000 -0600
++++ linux-source-2.6.26/ipc/shm.c 2009-04-04 15:13:27.000000000 -0600
+@@ -579,11 +579,15 @@ static void shm_get_stat(struct ipc_name
+ struct address_space *mapping = inode->i_mapping;
+ *rss += (HPAGE_SIZE/PAGE_SIZE)*mapping->nrpages;
+ } else {
++#ifdef CONFIG_SHMEM
+ struct shmem_inode_info *info = SHMEM_I(inode);
+ spin_lock(&info->lock);
+ *rss += inode->i_mapping->nrpages;
+ *swp += info->swapped;
+ spin_unlock(&info->lock);
++#else
++ *rss += inode->i_mapping->nrpages;
++#endif
+ }
+
+ total++;
Copied: dists/lenny/linux-2.6/debian/patches/bugfix/all/unreached-code-in-selinux_ip_postroute_iptables_compat.patch (from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/unreached-code-in-selinux_ip_postroute_iptables_compat.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/unreached-code-in-selinux_ip_postroute_iptables_compat.patch Fri May 15 21:06:35 2009 (r13617, copy of r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/all/unreached-code-in-selinux_ip_postroute_iptables_compat.patch)
@@ -0,0 +1,31 @@
+commit 910c9e41186762de3717baaf392ab5ff0c454496
+Author: Eugene Teo <eteo at redhat.com>
+Date: Mon Apr 13 10:04:41 2009 +0800
+
+ unreached code in selinux_ip_postroute_iptables_compat() (CVE-2009-1184)
+
+ Not upstream in 2.6.30, as the function was removed there, making this a
+ non-issue.
+
+ Node and port send checks can skip in the compat_net=1 case. This bug
+ was introduced in commit effad8d.
+
+ Signed-off-by: Eugene Teo <eugeneteo at kernel.sg>
+ Reported-by: Dan Carpenter <error27 at gmail.com>
+ Acked-by: James Morris <jmorris at namei.org>
+ Acked-by: Paul Moore <paul.moore at hp.com>
+ Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/security/selinux/hooks.c linux-source-2.6.26/security/selinux/hooks.c
+--- linux-source-2.6.26.orig/security/selinux/hooks.c 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/security/selinux/hooks.c 2009-05-03 12:29:51.000000000 -0600
+@@ -4416,6 +4416,7 @@ static int selinux_ip_postroute_iptables
+ if (err)
+ return err;
+ err = avc_has_perm(sk_sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
++ if (err)
+ return err;
+
+ err = sel_netnode_sid(addrp, family, &node_sid);
Copied: dists/lenny/linux-2.6/debian/patches/bugfix/mips/implement-is_compat_task.patch (from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/mips/implement-is_compat_task.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/mips/implement-is_compat_task.patch Fri May 15 21:06:35 2009 (r13617, copy of r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/mips/implement-is_compat_task.patch)
@@ -0,0 +1,41 @@
+commit 4302e5d53b9166d45317e3ddf0a7a9dab3efd43b
+Author: Ralf Baechle <ralf at linux-mips.org>
+Date: Thu Mar 5 11:45:48 2009 +0100
+
+ MIPS: compat: Implement is_compat_task.
+
+ This is a build fix required after "x86-64: seccomp: fix 32/64 syscall
+ hole" (commit 5b1017404aea6d2e552e991b3fd814d839e9cd67). MIPS doesn't
+ have the issue that was fixed for x86-64 by that patch.
+
+ This also doesn't solve the N32 issue which is that N32 seccomp processes
+ will be treated as non-compat processes thus only have access to N64
+ syscalls.
+
+ Signed-off-by: Ralf Baechle <ralf at linux-mips.org>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/include/asm-mips/compat.h linux-source-2.6.26/include/asm-mips/compat.h
+--- linux-source-2.6.26.orig/include/asm-mips/compat.h 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/asm-mips/compat.h 2009-05-06 08:16:58.000000000 -0600
+@@ -3,6 +3,8 @@
+ /*
+ * Architecture specific compatibility types
+ */
++#include <linux/seccomp.h>
++#include <linux/thread_info.h>
+ #include <linux/types.h>
+ #include <asm/page.h>
+ #include <asm/ptrace.h>
+@@ -218,4 +220,9 @@ struct compat_shmid64_ds {
+ compat_ulong_t __unused2;
+ };
+
++static inline int is_compat_task(void)
++{
++ return test_thread_flag(TIF_32BIT);
++}
++
+ #endif /* _ASM_COMPAT_H */
Copied: dists/lenny/linux-2.6/debian/patches/bugfix/x86/kvm-vmx-inhibit-EFER-access.patch (from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/x86/kvm-vmx-inhibit-EFER-access.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/x86/kvm-vmx-inhibit-EFER-access.patch Fri May 15 21:06:35 2009 (r13617, copy of r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/x86/kvm-vmx-inhibit-EFER-access.patch)
@@ -0,0 +1,35 @@
+commit 16175a796d061833aacfbd9672235f2d2725df65
+Author: Avi Kivity <avi at redhat.com>
+Date: Mon Mar 23 22:13:44 2009 +0200
+
+ KVM: VMX: Don't allow uninhibited access to EFER on i386
+
+ vmx_set_msr() does not allow i386 guests to touch EFER, but they can still
+ do so through the default: label in the switch. If they set EFER_LME, they
+ can oops the host.
+
+ Fix by having EFER access through the normal channel (which will check for
+ EFER_LME) even on i386.
+
+ Reported-and-tested-by: Benjamin Gilbert <bgilbert at cs.cmu.edu>
+ Cc: stable at kernel.org
+ Signed-off-by: Avi Kivity <avi at redhat.com>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/arch/x86/kvm/vmx.c linux-source-2.6.26/arch/x86/kvm/vmx.c
+--- linux-source-2.6.26.orig/arch/x86/kvm/vmx.c 2009-03-25 17:20:38.000000000 -0600
++++ linux-source-2.6.26/arch/x86/kvm/vmx.c 2009-04-08 22:28:20.000000000 -0600
+@@ -890,11 +890,11 @@ static int vmx_set_msr(struct kvm_vcpu *
+ int ret = 0;
+
+ switch (msr_index) {
+-#ifdef CONFIG_X86_64
+ case MSR_EFER:
+ vmx_load_host_state(vmx);
+ ret = kvm_set_msr_common(vcpu, msr_index, data);
+ break;
++#ifdef CONFIG_X86_64
+ case MSR_FS_BASE:
+ vmcs_writel(GUEST_FS_BASE, data);
+ break;
Copied: dists/lenny/linux-2.6/debian/patches/bugfix/x86/syscall-audit-fix-32+64-syscall-hole.patch (from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/x86/syscall-audit-fix-32+64-syscall-hole.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/x86/syscall-audit-fix-32+64-syscall-hole.patch Fri May 15 21:06:35 2009 (r13617, copy of r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/bugfix/x86/syscall-audit-fix-32+64-syscall-hole.patch)
@@ -0,0 +1,33 @@
+commit ccbe495caa5e604b04d5a31d7459a6f6a76a756c
+Author: Roland McGrath <roland at redhat.com>
+Date: Fri Feb 27 19:03:24 2009 -0800
+
+ x86-64: syscall-audit: fix 32/64 syscall hole
+
+ On x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with
+ ljmp, and then use the "syscall" instruction to make a 64-bit system
+ call. A 64-bit process make a 32-bit system call with int $0x80.
+
+ In both these cases, audit_syscall_entry() will use the wrong system
+ call number table and the wrong system call argument registers. This
+ could be used to circumvent a syscall audit configuration that filters
+ based on the syscall numbers or argument details.
+
+ Signed-off-by: Roland McGrath <roland at redhat.com>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+Based on Eugene Teo's backport for RHEL5
+
+diff -urpN linux-source-2.6.26.orig/arch/x86/kernel/ptrace.c linux-source-2.6.26/arch/x86/kernel/ptrace.c
+--- linux-source-2.6.26.orig/arch/x86/kernel/ptrace.c 2009-03-25 17:20:38.000000000 -0600
++++ linux-source-2.6.26/arch/x86/kernel/ptrace.c 2009-04-04 11:09:01.000000000 -0600
+@@ -1491,7 +1491,7 @@ asmlinkage void syscall_trace_enter(stru
+ syscall_trace(regs);
+
+ if (unlikely(current->audit_context)) {
+- if (test_thread_flag(TIF_IA32)) {
++ if (is_compat_task()) {
+ audit_syscall_entry(AUDIT_ARCH_I386,
+ regs->orig_ax,
+ regs->bx, regs->cx,
Modified: dists/lenny/linux-2.6/debian/patches/features/all/openvz/openvz.patch
==============================================================================
--- dists/lenny/linux-2.6/debian/patches/features/all/openvz/openvz.patch Fri May 15 21:01:40 2009 (r13616)
+++ dists/lenny/linux-2.6/debian/patches/features/all/openvz/openvz.patch Fri May 15 21:06:35 2009 (r13617)
@@ -62133,15 +62133,15 @@
unlock_task_sighand(p, &flags);
}
}
-@@ -1144,7 +1183,7 @@ static int kill_something_info(int sig, struct siginfo *info, int pid)
+@@ -1144,7 +1183,7 @@ static int kill_something_info(int sig,
int retval = 0, count = 0;
struct task_struct * p;
- for_each_process(p) {
+ for_each_process_ve(p) {
- if (p->pid > 1 && !same_thread_group(p, current)) {
+ if (task_pid_vnr(p) > 1 &&
+ !same_thread_group(p, current)) {
int err = group_send_sig_info(sig, info, p);
- ++count;
@@ -1359,6 +1398,14 @@ void do_notify_parent(struct task_struct *tsk, int sig)
BUG_ON(!tsk->ptrace &&
(tsk->group_leader != tsk || !thread_group_empty(tsk)));
Modified: dists/lenny/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.35.patch
==============================================================================
--- dists/lenny/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.35.patch Fri May 15 21:01:40 2009 (r13616)
+++ dists/lenny/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.35.patch Fri May 15 21:06:35 2009 (r13617)
@@ -16725,13 +16725,14 @@
ret = -ESRCH;
goto out_unlock;
}
-@@ -1145,7 +1167,9 @@ static int kill_something_info(int sig,
+@@ -1145,8 +1167,9 @@ static int kill_something_info(int sig,
struct task_struct * p;
for_each_process(p) {
-- if (p->pid > 1 && !same_thread_group(p, current)) {
+- if (task_pid_vnr(p) > 1 &&
+- !same_thread_group(p, current)) {
+ if (vx_check(vx_task_xid(p), VS_ADMIN|VS_IDENT) &&
-+ p->pid > 1 && !same_thread_group(p, current) &&
++ task_pid_vnr(p) > 1 && !same_thread_group(p, current) &&
+ !vx_current_initpid(p->pid)) {
int err = group_send_sig_info(sig, info, p);
++count;
Copied: dists/lenny/linux-2.6/debian/patches/series/15lenny1 (from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/series/15lenny1)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/series/15lenny1 Fri May 15 21:06:35 2009 (r13617, copy of r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/series/15lenny1)
@@ -0,0 +1,15 @@
++ bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch
++ bugfix/x86/syscall-audit-fix-32+64-syscall-hole.patch
++ bugfix/all/seccomp-fix-32+64-syscall-hole.patch
++ bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch
++ bugfix/all/fix-off-by-2-error-in-console-selection.patch
++ bugfix/all/nfsd-drop-CAP_MKNOD-for-non-root.patch
++ bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch
++ bugfix/x86/kvm-vmx-inhibit-EFER-access.patch
++ bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch
++ bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch
++ bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch
++ bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch
++ bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch
++ bugfix/all/agp-zero-pages-before-sending-to-userspace.patch
++ bugfix/all/unreached-code-in-selinux_ip_postroute_iptables_compat.patch
Copied: dists/lenny/linux-2.6/debian/patches/series/15lenny2 (from r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/series/15lenny2)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/series/15lenny2 Fri May 15 21:06:35 2009 (r13617, copy of r13616, releases/linux-2.6/2.6.26-15lenny2/debian/patches/series/15lenny2)
@@ -0,0 +1 @@
++ bugfix/mips/implement-is_compat_task.patch
More information about the Kernel-svn-changes
mailing list