[kernel] r17463 - in dists/squeeze/linux-2.6: . debian debian/patches/bugfix/all debian/patches/bugfix/arm debian/patches/series
Ben Hutchings
benh at alioth.debian.org
Fri May 20 00:16:33 UTC 2011
Author: benh
Date: Fri May 20 00:16:15 2011
New Revision: 17463
Log:
Merge 2.6.32-34squeeze1
Added:
dists/squeeze/linux-2.6/debian/patches/bugfix/all/cifs-check-for-NULL-session-password.patch
- copied unchanged from r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/cifs-check-for-NULL-session-password.patch
dists/squeeze/linux-2.6/debian/patches/bugfix/all/cifs-clean-up-cifs_find_smb_ses.patch
- copied unchanged from r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/cifs-clean-up-cifs_find_smb_ses.patch
dists/squeeze/linux-2.6/debian/patches/bugfix/all/cifs-fix-NULL-pointer-dereference-in-cifs_find_smb_ses.patch
- copied unchanged from r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/cifs-fix-NULL-pointer-dereference-in-cifs_find_smb_ses.patch
dists/squeeze/linux-2.6/debian/patches/bugfix/all/dccp-handle-invalid-feature-options-length.patch
- copied unchanged from r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/dccp-handle-invalid-feature-options-length.patch
dists/squeeze/linux-2.6/debian/patches/bugfix/all/gre-fix-netns-vs-proto-registration-ordering.patch
- copied unchanged from r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/gre-fix-netns-vs-proto-registration-ordering.patch
dists/squeeze/linux-2.6/debian/patches/bugfix/all/validate-size-of-efi-guid-partition-entries.patch
- copied unchanged from r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/validate-size-of-efi-guid-partition-entries.patch
dists/squeeze/linux-2.6/debian/patches/bugfix/arm/prevent-heap-corruption-in-OABI-semtimedop.patch
- copied unchanged from r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/arm/prevent-heap-corruption-in-OABI-semtimedop.patch
dists/squeeze/linux-2.6/debian/patches/series/34squeeze1
- copied unchanged from r17462, dists/squeeze-security/linux-2.6/debian/patches/series/34squeeze1
Modified:
dists/squeeze/linux-2.6/ (props changed)
dists/squeeze/linux-2.6/debian/changelog
dists/squeeze/linux-2.6/debian/patches/series/35
Modified: dists/squeeze/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze/linux-2.6/debian/changelog Thu May 19 13:35:46 2011 (r17462)
+++ dists/squeeze/linux-2.6/debian/changelog Fri May 20 00:16:15 2011 (r17463)
@@ -16,7 +16,6 @@
- [hppa] slub: Disable use with DISCONTIGMEM && !NUMA
- pmcraid: Reject negative request size
- af_unix: Only allow recv on connected seqpacket sockets.
- - [armel] Prevent heap corruption in OABI semtimedop
- usb: musb: core: set has_tt flag
- NFS: nfs_wcc_update_inode() should set nfsi->attr_gencount
(Closes: #617364)
@@ -34,6 +33,19 @@
-- Ben Hutchings <ben at decadent.org.uk> Wed, 04 May 2011 01:44:34 +0100
+linux-2.6 (2.6.32-34squeeze1) stable-security; urgency=high
+
+ * Validate size of EFI GUID partition entries (CVE-2011-1776)
+ * [cifs] fix session reuse issue (CVE-2011-1585):
+ - cifs: clean up cifs_find_smb_ses
+ - cifs: fix NULL pointer dereference in cifs_find_smb_ses
+ - cifs: check for NULL session password
+ * gre: fix netns vs proto registration ordering (CVE-2011-1767)
+ * dccp: handle invalid feature options length (CVE-2011-1770)
+ * [arm] 6891/1: prevent heap corruption in OABI semtimedop (CVE-2011-1759)
+
+ -- dann frazier <dannf at debian.org> Wed, 18 May 2011 00:18:23 -0600
+
linux-2.6 (2.6.32-34) stable; urgency=high
[ Ian Campbell ]
Copied: dists/squeeze/linux-2.6/debian/patches/bugfix/all/cifs-check-for-NULL-session-password.patch (from r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/cifs-check-for-NULL-session-password.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/cifs-check-for-NULL-session-password.patch Fri May 20 00:16:15 2011 (r17463, copy of r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/cifs-check-for-NULL-session-password.patch)
@@ -0,0 +1,24 @@
+commit 24e6cf92fde1f140d8eb0bf7cd24c2c78149b6b2
+Author: Jeff Layton <jlayton at redhat.com>
+Date: Mon Aug 23 11:38:04 2010 -0400
+
+ cifs: check for NULL session password
+
+ It's possible for a cifsSesInfo struct to have a NULL password, so we
+ need to check for that prior to running strncmp on it.
+
+ Signed-off-by: Jeff Layton <jlayton at redhat.com>
+ Signed-off-by: Steve French <sfrench at us.ibm.com>
+
+diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
+index 18af707..ec0ea4a 100644
+--- a/fs/cifs/connect.c
++++ b/fs/cifs/connect.c
+@@ -1673,6 +1673,7 @@ cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb_vol *vol)
+ MAX_USERNAME_SIZE))
+ continue;
+ if (strlen(vol->username) != 0 &&
++ ses->password != NULL &&
+ strncmp(ses->password,
+ vol->password ? vol->password : "",
+ MAX_PASSWORD_SIZE))
Copied: dists/squeeze/linux-2.6/debian/patches/bugfix/all/cifs-clean-up-cifs_find_smb_ses.patch (from r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/cifs-clean-up-cifs_find_smb_ses.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/cifs-clean-up-cifs_find_smb_ses.patch Fri May 20 00:16:15 2011 (r17463, copy of r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/cifs-clean-up-cifs_find_smb_ses.patch)
@@ -0,0 +1,84 @@
+commit 4ff67b720c02c36e54d55b88c2931879b7db1cd2
+Author: Jeff Layton <jlayton at redhat.com>
+Date: Tue Jul 6 20:43:02 2010 -0400
+
+ cifs: clean up cifs_find_smb_ses (try #2)
+
+ This patch replaces the earlier patch by the same name. The only
+ difference is that MAX_PASSWORD_SIZE has been increased to attempt to
+ match the limits that windows enforces.
+
+ Do a better job of matching sessions by authtype. Matching by username
+ for a Kerberos session is incorrect, and anonymous sessions need special
+ handling.
+
+ Also, in the case where we do match by username, we also need to match
+ by password. That ensures that someone else doesn't "borrow" an existing
+ session without needing to know the password.
+
+ Finally, passwords can be longer than 16 bytes. Bump MAX_PASSWORD_SIZE
+ to 512 to match the size that the userspace mount helper allows.
+
+ Signed-off-by: Jeff Layton <jlayton at redhat.com>
+ Signed-off-by: Steve French <sfrench at us.ibm.com>
+ [dannf: backported to Debian's 2.6.32]
+
+diff -urpN linux-source-2.6.32.orig/fs/cifs/cifsglob.h linux-source-2.6.32/fs/cifs/cifsglob.h
+--- linux-source-2.6.32.orig/fs/cifs/cifsglob.h 2011-05-03 09:28:59.000000000 -0600
++++ linux-source-2.6.32/fs/cifs/cifsglob.h 2011-05-17 00:55:12.683573674 -0600
+@@ -33,7 +33,7 @@
+ #define MAX_SHARE_SIZE 64 /* used to be 20, this should still be enough */
+ #define MAX_USERNAME_SIZE 32 /* 32 is to allow for 15 char names + null
+ termination then *2 for unicode versions */
+-#define MAX_PASSWORD_SIZE 16
++#define MAX_PASSWORD_SIZE 512 /* max for windows seems to be 256 wide chars */
+
+ #define CIFS_MIN_RCV_POOL 4
+
+diff -urpN linux-source-2.6.32.orig/fs/cifs/connect.c linux-source-2.6.32/fs/cifs/connect.c
+--- linux-source-2.6.32.orig/fs/cifs/connect.c 2011-05-03 09:29:09.000000000 -0600
++++ linux-source-2.6.32/fs/cifs/connect.c 2011-05-17 00:57:32.409046666 -0600
+@@ -1587,17 +1587,27 @@ out_err:
+ }
+
+ static struct cifsSesInfo *
+-cifs_find_smb_ses(struct TCP_Server_Info *server, char *username)
++cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb_vol *vol)
+ {
+- struct list_head *tmp;
+ struct cifsSesInfo *ses;
+
+ write_lock(&cifs_tcp_ses_lock);
+- list_for_each(tmp, &server->smb_ses_list) {
+- ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
+- if (strncmp(ses->userName, username, MAX_USERNAME_SIZE))
+- continue;
+-
++ list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
++ switch (server->secType) {
++ case Kerberos:
++ if (vol->linux_uid != ses->linux_uid)
++ continue;
++ break;
++ default:
++ /* anything else takes username/password */
++ if (strncmp(ses->userName, vol->username,
++ MAX_USERNAME_SIZE))
++ continue;
++ if (strlen(vol->username) != 0 &&
++ strncmp(ses->password, vol->password,
++ MAX_PASSWORD_SIZE))
++ continue;
++ }
+ ++ses->ses_count;
+ write_unlock(&cifs_tcp_ses_lock);
+ return ses;
+@@ -2356,7 +2366,7 @@ try_mount_again:
+ goto out;
+ }
+
+- pSesInfo = cifs_find_smb_ses(srvTcp, volume_info->username);
++ pSesInfo = cifs_find_smb_ses(srvTcp, volume_info);
+ if (pSesInfo) {
+ cFYI(1, ("Existing smb sess found (status=%d)",
+ pSesInfo->status));
Copied: dists/squeeze/linux-2.6/debian/patches/bugfix/all/cifs-fix-NULL-pointer-dereference-in-cifs_find_smb_ses.patch (from r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/cifs-fix-NULL-pointer-dereference-in-cifs_find_smb_ses.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/cifs-fix-NULL-pointer-dereference-in-cifs_find_smb_ses.patch Fri May 20 00:16:15 2011 (r17463, copy of r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/cifs-fix-NULL-pointer-dereference-in-cifs_find_smb_ses.patch)
@@ -0,0 +1,29 @@
+commit fc87a40677bbe0937e2ff0642c7e83c9a4813f3d
+Author: Jeff Layton <jlayton at redhat.com>
+Date: Wed Aug 18 13:13:39 2010 -0400
+
+ cifs: fix NULL pointer dereference in cifs_find_smb_ses
+
+ cifs_find_smb_ses assumes that the vol->password field is a valid
+ pointer, but that's only the case if a password was passed in via
+ the options string. It's possible that one won't be if there is
+ no mount helper on the box.
+
+ Reported-by: diabel <gacek-2004 at wp.pl>
+ Signed-off-by: Jeff Layton <jlayton at redhat.com>
+ Signed-off-by: Steve French <sfrench at us.ibm.com>
+
+diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
+index 95c2ea6..446e248 100644
+--- a/fs/cifs/connect.c
++++ b/fs/cifs/connect.c
+@@ -1673,7 +1673,8 @@ cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb_vol *vol)
+ MAX_USERNAME_SIZE))
+ continue;
+ if (strlen(vol->username) != 0 &&
+- strncmp(ses->password, vol->password,
++ strncmp(ses->password,
++ vol->password ? vol->password : "",
+ MAX_PASSWORD_SIZE))
+ continue;
+ }
Copied: dists/squeeze/linux-2.6/debian/patches/bugfix/all/dccp-handle-invalid-feature-options-length.patch (from r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/dccp-handle-invalid-feature-options-length.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/dccp-handle-invalid-feature-options-length.patch Fri May 20 00:16:15 2011 (r17463, copy of r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/dccp-handle-invalid-feature-options-length.patch)
@@ -0,0 +1,30 @@
+commit a294865978b701e4d0d90135672749531b9a900d
+Author: Dan Rosenberg <drosenberg at vsecurity.com>
+Date: Fri May 6 03:27:18 2011 +0000
+
+ dccp: handle invalid feature options length
+
+ A length of zero (after subtracting two for the type and len fields) for
+ the DCCPO_{CHANGE,CONFIRM}_{L,R} options will cause an underflow due to
+ the subtraction. The subsequent code may read past the end of the
+ options value buffer when parsing. I'm unsure of what the consequences
+ of this might be, but it's probably not good.
+
+ Signed-off-by: Dan Rosenberg <drosenberg at vsecurity.com>
+ Cc: stable at kernel.org
+ Acked-by: Gerrit Renker <gerrit at erg.abdn.ac.uk>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/dccp/options.c b/net/dccp/options.c
+index f06ffcf..4b2ab65 100644
+--- a/net/dccp/options.c
++++ b/net/dccp/options.c
+@@ -123,6 +123,8 @@ int dccp_parse_options(struct sock *sk, struct dccp_request_sock *dreq,
+ case DCCPO_CHANGE_L ... DCCPO_CONFIRM_R:
+ if (pkt_type == DCCP_PKT_DATA) /* RFC 4340, 6 */
+ break;
++ if (len == 0)
++ goto out_invalid_option;
+ rc = dccp_feat_parse_options(sk, dreq, mandatory, opt,
+ *value, value + 1, len - 1);
+ if (rc)
Copied: dists/squeeze/linux-2.6/debian/patches/bugfix/all/gre-fix-netns-vs-proto-registration-ordering.patch (from r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/gre-fix-netns-vs-proto-registration-ordering.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/gre-fix-netns-vs-proto-registration-ordering.patch Fri May 20 00:16:15 2011 (r17463, copy of r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/gre-fix-netns-vs-proto-registration-ordering.patch)
@@ -0,0 +1,65 @@
+commit c2892f02712e9516d72841d5c019ed6916329794
+Author: Alexey Dobriyan <adobriyan at gmail.com>
+Date: Tue Feb 16 07:57:44 2010 +0000
+
+ gre: fix netns vs proto registration ordering
+
+ GRE protocol receive hook can be called right after protocol addition is done.
+ If netns stuff is not yet initialized, we're going to oops in
+ net_generic().
+
+ This is remotely oopsable if ip_gre is compiled as module and packet
+ comes at unfortunate moment of module loading.
+
+ Signed-off-by: Alexey Dobriyan <adobriyan at gmail.com>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+ [dannf: backported to Debian's 2.6.32]
+
+diff -urpN linux-source-2.6.32.orig/net/ipv4/ip_gre.c linux-source-2.6.32/net/ipv4/ip_gre.c
+--- linux-source-2.6.32.orig/net/ipv4/ip_gre.c 2011-05-03 09:29:08.000000000 -0600
++++ linux-source-2.6.32/net/ipv4/ip_gre.c 2011-05-17 01:27:46.115601639 -0600
+@@ -1665,14 +1665,15 @@ static int __init ipgre_init(void)
+
+ printk(KERN_INFO "GRE over IPv4 tunneling driver\n");
+
+- if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) {
+- printk(KERN_INFO "ipgre init: can't add protocol\n");
+- return -EAGAIN;
+- }
+-
+ err = register_pernet_gen_device(&ipgre_net_id, &ipgre_net_ops);
+ if (err < 0)
+- goto gen_device_failed;
++ return err;
++
++ err = inet_add_protocol(&ipgre_protocol, IPPROTO_GRE);
++ if (err < 0) {
++ printk(KERN_INFO "ipgre init: can't add protocol\n");
++ goto add_proto_failed;
++ }
+
+ err = rtnl_link_register(&ipgre_link_ops);
+ if (err < 0)
+@@ -1688,9 +1689,9 @@ out:
+ tap_ops_failed:
+ rtnl_link_unregister(&ipgre_link_ops);
+ rtnl_link_failed:
+- unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+-gen_device_failed:
+ inet_del_protocol(&ipgre_protocol, IPPROTO_GRE);
++add_proto_failed:
++ unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+ goto out;
+ }
+
+@@ -1698,9 +1699,9 @@ static void __exit ipgre_fini(void)
+ {
+ rtnl_link_unregister(&ipgre_tap_ops);
+ rtnl_link_unregister(&ipgre_link_ops);
+- unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+ if (inet_del_protocol(&ipgre_protocol, IPPROTO_GRE) < 0)
+ printk(KERN_INFO "ipgre close: can't remove protocol\n");
++ unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+ }
+
+ module_init(ipgre_init);
Copied: dists/squeeze/linux-2.6/debian/patches/bugfix/all/validate-size-of-efi-guid-partition-entries.patch (from r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/validate-size-of-efi-guid-partition-entries.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/validate-size-of-efi-guid-partition-entries.patch Fri May 20 00:16:15 2011 (r17463, copy of r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/validate-size-of-efi-guid-partition-entries.patch)
@@ -0,0 +1,29 @@
+commit fa039d5f6b126fbd65eefa05db2f67e44df8f121
+Author: Timo Warns <Warns at pre-sense.de>
+Date: Fri May 6 13:47:35 2011 +0200
+
+ Validate size of EFI GUID partition entries.
+
+ Otherwise corrupted EFI partition tables can cause total confusion.
+
+ Signed-off-by: Timo Warns <warns at pre-sense.de>
+ Cc: stable at kernel.org
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+ [dannf: backported to Debian's 2.6.32]
+
+diff -urpN linux-source-2.6.32.orig/fs/partitions/efi.c linux-source-2.6.32/fs/partitions/efi.c
+--- linux-source-2.6.32.orig/fs/partitions/efi.c 2011-05-03 09:28:49.000000000 -0600
++++ linux-source-2.6.32/fs/partitions/efi.c 2011-05-17 00:36:47.701635525 -0600
+@@ -349,6 +349,12 @@ is_gpt_valid(struct block_device *bdev,
+ goto fail;
+ }
+
++ /* Check that sizeof_partition_entry has the correct value */
++ if (le32_to_cpu((*gpt)->sizeof_partition_entry) != sizeof(gpt_entry)) {
++ pr_debug("GUID Partitition Entry Size check failed.\n");
++ goto fail;
++ }
++
+ if (!(*ptes = alloc_read_gpt_entries(bdev, *gpt)))
+ goto fail;
+
Copied: dists/squeeze/linux-2.6/debian/patches/bugfix/arm/prevent-heap-corruption-in-OABI-semtimedop.patch (from r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/arm/prevent-heap-corruption-in-OABI-semtimedop.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/arm/prevent-heap-corruption-in-OABI-semtimedop.patch Fri May 20 00:16:15 2011 (r17463, copy of r17462, dists/squeeze-security/linux-2.6/debian/patches/bugfix/arm/prevent-heap-corruption-in-OABI-semtimedop.patch)
@@ -0,0 +1,29 @@
+commit 0f22072ab50cac7983f9660d33974b45184da4f9
+Author: Dan Rosenberg <drosenberg at vsecurity.com>
+Date: Fri Apr 29 15:48:07 2011 +0100
+
+ ARM: 6891/1: prevent heap corruption in OABI semtimedop
+
+ When CONFIG_OABI_COMPAT is set, the wrapper for semtimedop does not
+ bound the nsops argument. A sufficiently large value will cause an
+ integer overflow in allocation size, followed by copying too much data
+ into the allocated buffer. Fix this by restricting nsops to SEMOPM.
+ Untested.
+
+ Cc: stable at kernel.org
+ Signed-off-by: Dan Rosenberg <drosenberg at vsecurity.com>
+ Signed-off-by: Russell King <rmk+kernel at arm.linux.org.uk>
+
+diff --git a/arch/arm/kernel/sys_oabi-compat.c b/arch/arm/kernel/sys_oabi-compat.c
+index 4ad8da1..af0aaeb 100644
+--- a/arch/arm/kernel/sys_oabi-compat.c
++++ b/arch/arm/kernel/sys_oabi-compat.c
+@@ -311,7 +311,7 @@ asmlinkage long sys_oabi_semtimedop(int semid,
+ long err;
+ int i;
+
+- if (nsops < 1)
++ if (nsops < 1 || nsops > SEMOPM)
+ return -EINVAL;
+ sops = kmalloc(sizeof(*sops) * nsops, GFP_KERNEL);
+ if (!sops)
Copied: dists/squeeze/linux-2.6/debian/patches/series/34squeeze1 (from r17462, dists/squeeze-security/linux-2.6/debian/patches/series/34squeeze1)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/series/34squeeze1 Fri May 20 00:16:15 2011 (r17463, copy of r17462, dists/squeeze-security/linux-2.6/debian/patches/series/34squeeze1)
@@ -0,0 +1,7 @@
++ bugfix/all/validate-size-of-efi-guid-partition-entries.patch
++ bugfix/all/cifs-clean-up-cifs_find_smb_ses.patch
++ bugfix/all/cifs-fix-NULL-pointer-dereference-in-cifs_find_smb_ses.patch
++ bugfix/all/cifs-check-for-NULL-session-password.patch
++ bugfix/all/gre-fix-netns-vs-proto-registration-ordering.patch
++ bugfix/all/dccp-handle-invalid-feature-options-length.patch
++ bugfix/arm/prevent-heap-corruption-in-OABI-semtimedop.patch
Modified: dists/squeeze/linux-2.6/debian/patches/series/35
==============================================================================
--- dists/squeeze/linux-2.6/debian/patches/series/35 Thu May 19 13:35:46 2011 (r17462)
+++ dists/squeeze/linux-2.6/debian/patches/series/35 Fri May 20 00:16:15 2011 (r17463)
@@ -143,6 +143,7 @@
- debian/revert-amd-deep-c-changes-in-2.6.32.39.patch
- bugfix/all/revert-USB-prevent-buggy-hubs-from-crashing-the-USB.patch
# Revert changes included in 2.6.32.40
+- bugfix/arm/prevent-heap-corruption-in-OABI-semtimedop.patch
- bugfix/all/agp-fix-OOM-and-buffer-overflow.patch
- bugfix/all/agp-fix-arbitrary-kernel-memory-writes.patch
- bugfix/all/can-add-missing-socket-check-in-can+raw-release.patch
More information about the Kernel-svn-changes
mailing list