[kernel] r19452 - in dists/trunk/linux: . debian debian/config debian/installer/modules debian/patches debian/patches/bugfix/all debian/patches/debian
Ben Hutchings
benh at alioth.debian.org
Mon Oct 22 13:47:04 UTC 2012
Author: benh
Date: Mon Oct 22 13:47:03 2012
New Revision: 19452
Log:
Merge changes from sid up to 3.2.32
Added:
dists/trunk/linux/debian/patches/bugfix/all/SUNRPC-Set-alloc_slot-for-backchannel-tcp-ops.patch
- copied, changed from r19450, dists/sid/linux/debian/patches/bugfix/all/SUNRPC-Set-alloc_slot-for-backchannel-tcp-ops.patch
dists/trunk/linux/debian/patches/bugfix/all/kernel-sys.c-fix-stack-memory-content-leak-via-UNAME.patch
- copied unchanged from r19450, dists/sid/linux/debian/patches/bugfix/all/kernel-sys.c-fix-stack-memory-content-leak-via-UNAME.patch
dists/trunk/linux/debian/patches/bugfix/all/use-clamp_t-in-UNAME26-fix.patch
- copied unchanged from r19450, dists/sid/linux/debian/patches/bugfix/all/use-clamp_t-in-UNAME26-fix.patch
dists/trunk/linux/debian/patches/debian/iwlwifi-do-not-request-unreleased-firmware.patch
- copied, changed from r19450, dists/sid/linux/debian/patches/debian/iwlwifi-do-not-request-unreleased-firmware.patch
Modified:
dists/trunk/linux/ (props changed)
dists/trunk/linux/debian/changelog
dists/trunk/linux/debian/config/config
dists/trunk/linux/debian/installer/modules/input-modules
dists/trunk/linux/debian/patches/series
Modified: dists/trunk/linux/debian/changelog
==============================================================================
--- dists/trunk/linux/debian/changelog Mon Oct 22 13:37:07 2012 (r19451)
+++ dists/trunk/linux/debian/changelog Mon Oct 22 13:47:03 2012 (r19452)
@@ -176,6 +176,110 @@
-- Ben Hutchings <ben at decadent.org.uk> Sun, 04 Mar 2012 20:27:42 +0000
+linux (3.2.32-1) unstable; urgency=low
+
+ * New upstream stable update:
+ http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.31
+ - target: Fix ->data_length re-assignment bug with SCSI overflow
+ - hpsa: fix handling of protocol error
+ - cifs: fix return value in cifsConvertToUTF16
+ - asix: Support DLink DUB-E100 H/W Ver C1 (Closes: #687567)
+ - dj: memory scribble in logi_dj
+ - dm: handle requests beyond end of device instead of using BUG_ON
+ - md/raid10: fix "enough" function for detecting if array is failed.
+ - libata: Prevent interface errors with Seagate FreeAgent GoFlex
+ - vfs: dcache: fix deadlock in tree traversal
+ - Revert "drm/radeon: rework pll selection (v3)" (regression in 3.2.30)
+ - HID: hidraw: don't deallocate memory when it is in use
+ - xfrm: Workaround incompatibility of ESN and async crypto
+ - xfrm_user: fix various information leaks
+ - xfrm_user: ensure user supplied esn replay window is valid
+ - net: guard tcp_set_keepalive() to tcp sockets
+ - ipv4: raw: fix icmp_filter()
+ - ipv6: raw: fix icmpv6_filter()
+ - ipv6: mip6: fix mip6_mh_filter()
+ - netrom: copy_datagram_iovec can fail
+ http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.32
+ - mtd: nand: Use the mirror BBT descriptor when reading its version
+ - TTY: ttyprintk, don't touch behind tty->write_buf
+ - n_gsm: fix various serious bugs
+ - hpsa: Use LUN reset instead of target reset
+ - staging: comedi: don't dereference user memory for INSN_INTTRIG
+ - ext4: fix potential deadlock in ext4_nonda_switch()
+ - staging: comedi: fix memory leak for saved channel list
+ - scsi_remove_target: fix softlockup regression on hot remove
+ (Closes: #690990)
+ - usb: host: xhci: Fix Null pointer dereferencing with 71c731a for
+ non-x86 systems (regression in 3.2.30)
+ - ext4: online defrag is not supported for journaled files
+ - staging: comedi: s626: don't dereference insn->data
+ - serial: pl011: handle corruption at high clock speeds
+ - ext4: always set i_op in ext4_mknod()
+ - ext4: fix fdatasync() for files with only i_size changes
+ - [x86] drm/i915: use adjusted_mode instead of mode for checking the
+ 6bpc force flag (regression in 3.2.29)
+ - staging: comedi: jr3_pci: fix iomem dereference
+ - JFFS2: don't fail on bitflips in OOB
+ - mtd: nandsim: bugfix: fail if overridesize is too big
+ - pnfsblock: fix partial page buffer wirte
+ - target/file: Re-enable optional fd_buffered_io=1 operation
+ - iscsit: remove incorrect unlock in iscsit_build_sendtargets_resp
+ - rapidio/rionet: fix multicast packet transmit logic
+ - ALSA: aloop - add locking to timer access
+ - [armhf/omap] counter: add locking to read_persistent_clock
+ - mm: fix invalidate_complete_page2() lock ordering
+ - mm: thp: fix pmd_present for split_huge_page and PROT_NONE with THP
+ - mm: hugetlb: fix pgoff computation when unmapping page from vma
+ - hugetlb: do not use vma_hugecache_offset() for vma_prio_tree_foreach
+ - [x86] firewire: cdev: fix user memory corruption (i386 userland on
+ amd64 kernel)
+ - udf: fix retun value on error path in udf_load_logicalvol
+ - eCryptfs: Unlink lower inode when ecryptfs_create() fails
+ - eCryptfs: Initialize empty lower files when opening them
+ - eCryptfs: Revert to a writethrough cache model
+ - eCryptfs: Write out all dirty pages just before releasing the lower file
+ - eCryptfs: Call lower ->flush() from ecryptfs_flush()
+ - mempolicy: remove mempolicy sharing
+ - mempolicy: fix a race in shared_policy_replace()
+ - mempolicy: fix refcount leak in mpol_set_shared_policy()
+ - mempolicy: fix a memory corruption by refcount imbalance in
+ alloc_pages_vma()
+ - hpsa: dial down lockup detection during firmware flash
+ - netfilter: nf_ct_ipv4: packets with wrong ihl are invalid
+ - netfilter: nf_nat_sip: fix incorrect handling of EBUSY for RTCP
+ expectation
+ - netfilter: nf_ct_expect: fix possible access to uninitialized timer
+ - ipvs: fix oops on NAT reply in br_nf context
+
+ [ Ben Hutchings ]
+ * codel: refine one condition to avoid a nul rec_inv_sqrt
+ * [mips,mipsel] Ignore NFS/SunRPC ABI changes in 3.2.30 (fixes FTBFS)
+ * tg3: Fix TSO CAP for 5704 devs w / ASF enabled
+ * SUNRPC: Set alloc_slot for backchannel tcp ops (regression in 3.2.30)
+ * iwlwifi: Do not request unreleased firmware for IWL6000 (Closes: #689416)
+ * aufs: Update to aufs3.2-20120827:
+ - Fix statfs() values when different block sizes are in use
+ * udeb: Add hid-logitech-dj to input-modules (Closes: #661379)
+ * connector: Make CONNECTOR built-in; enable PROC_EVENTS (Closes: #588200)
+ * e1000e: Change wthresh to 1 to avoid possible Tx stalls
+ * [x86] efi: Build EFI stub with EFI-appropriate options
+ * [rt] Update to 3.2.32-rt48:
+ - random: Make add_interrupt_randomness() work on rt
+ - softirq: Init softirq local lock after per cpu section is set up
+ - mm: slab: Fix potential deadlock
+ - mm: page_alloc: Use local_lock_on() instead of plain spinlock
+ - rt: rwsem/rwlock: lockdep annotations
+ - sched: Better debug output for might sleep
+ - stomp_machine: Use mutex_trylock when called from inactive cpu
+ * [x86] storvsc: Account for in-transit packets in the RESET path
+ * fs: handle failed audit_log_start properly
+ * fs: prevent use after free in auditing when symlink following was denied
+ * kernel/sys.c: fix stack memory content leak via UNAME26 (CVE-2012-0957)
+ * ALSA: hda: Fix oops caused by "Fix internal mic for Lenovo Ideapad U300s"
+ in 3.2.32
+
+ -- Ben Hutchings <ben at decadent.org.uk> Mon, 22 Oct 2012 06:25:37 +0100
+
linux (3.2.30-1) unstable; urgency=low
* New upstream stable update:
Modified: dists/trunk/linux/debian/config/config
==============================================================================
--- dists/trunk/linux/debian/config/config Mon Oct 22 13:37:07 2012 (r19451)
+++ dists/trunk/linux/debian/config/config Mon Oct 22 13:47:03 2012 (r19452)
@@ -288,7 +288,8 @@
##
## file: drivers/connector/Kconfig
##
-CONFIG_CONNECTOR=m
+CONFIG_CONNECTOR=y
+CONFIG_PROC_EVENTS=y
##
## file: drivers/cpufreq/Kconfig
Modified: dists/trunk/linux/debian/installer/modules/input-modules
==============================================================================
--- dists/trunk/linux/debian/installer/modules/input-modules Mon Oct 22 13:37:07 2012 (r19451)
+++ dists/trunk/linux/debian/installer/modules/input-modules Mon Oct 22 13:47:03 2012 (r19452)
@@ -4,6 +4,7 @@
hid-belkin ?
hid-microsoft ?
hid-logitech ?
+hid-logitech-dj
hid-monterey ?
hid-sunplus ?
hid-cherry ?
Copied and modified: dists/trunk/linux/debian/patches/bugfix/all/SUNRPC-Set-alloc_slot-for-backchannel-tcp-ops.patch (from r19450, dists/sid/linux/debian/patches/bugfix/all/SUNRPC-Set-alloc_slot-for-backchannel-tcp-ops.patch)
==============================================================================
--- dists/sid/linux/debian/patches/bugfix/all/SUNRPC-Set-alloc_slot-for-backchannel-tcp-ops.patch Mon Oct 22 13:12:16 2012 (r19450, copy source)
+++ dists/trunk/linux/debian/patches/bugfix/all/SUNRPC-Set-alloc_slot-for-backchannel-tcp-ops.patch Mon Oct 22 13:47:03 2012 (r19452)
@@ -27,18 +27,19 @@
Signed-off-by: Bryan Schumaker <bjschuma at netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust at netapp.com>
-[bwh: Backported to 3.2: adjust context]
---
net/sunrpc/xprtsock.c | 1 +
1 file changed, 1 insertion(+)
+diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
+index d1988cf..97f8918 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
-@@ -2477,6 +2477,7 @@ static struct rpc_xprt_ops xs_tcp_ops =
+@@ -2539,6 +2539,7 @@ static struct rpc_xprt_ops xs_tcp_ops = {
static struct rpc_xprt_ops bc_tcp_ops = {
.reserve_xprt = xprt_reserve_xprt,
.release_xprt = xprt_release_xprt,
+ .alloc_slot = xprt_alloc_slot,
+ .rpcbind = xs_local_rpcbind,
.buf_alloc = bc_malloc,
.buf_free = bc_free,
- .send_request = bc_send_request,
Copied: dists/trunk/linux/debian/patches/bugfix/all/kernel-sys.c-fix-stack-memory-content-leak-via-UNAME.patch (from r19450, dists/sid/linux/debian/patches/bugfix/all/kernel-sys.c-fix-stack-memory-content-leak-via-UNAME.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/trunk/linux/debian/patches/bugfix/all/kernel-sys.c-fix-stack-memory-content-leak-via-UNAME.patch Mon Oct 22 13:47:03 2012 (r19452, copy of r19450, dists/sid/linux/debian/patches/bugfix/all/kernel-sys.c-fix-stack-memory-content-leak-via-UNAME.patch)
@@ -0,0 +1,60 @@
+From: Kees Cook <keescook at chromium.org>
+Date: Fri, 19 Oct 2012 13:56:51 -0700
+Subject: [1/2] kernel/sys.c: fix stack memory content leak via UNAME26
+
+commit 2702b1526c7278c4d65d78de209a465d4de2885e upstream.
+
+Calling uname() with the UNAME26 personality set allows a leak of kernel
+stack contents. This fixes it by defensively calculating the length of
+copy_to_user() call, making the len argument unsigned, and initializing
+the stack buffer to zero (now technically unneeded, but hey, overkill).
+
+CVE-2012-0957
+
+Reported-by: PaX Team <pageexec at freemail.hu>
+Signed-off-by: Kees Cook <keescook at chromium.org>
+Cc: Andi Kleen <ak at linux.intel.com>
+Cc: PaX Team <pageexec at freemail.hu>
+Cc: Brad Spengler <spender at grsecurity.net>
+Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+---
+ kernel/sys.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/kernel/sys.c b/kernel/sys.c
+index c5cb5b9..01865c6 100644
+--- a/kernel/sys.c
++++ b/kernel/sys.c
+@@ -1265,15 +1265,16 @@ DECLARE_RWSEM(uts_sem);
+ * Work around broken programs that cannot handle "Linux 3.0".
+ * Instead we map 3.x to 2.6.40+x, so e.g. 3.0 would be 2.6.40
+ */
+-static int override_release(char __user *release, int len)
++static int override_release(char __user *release, size_t len)
+ {
+ int ret = 0;
+- char buf[65];
+
+ if (current->personality & UNAME26) {
+- char *rest = UTS_RELEASE;
++ const char *rest = UTS_RELEASE;
++ char buf[65] = { 0 };
+ int ndots = 0;
+ unsigned v;
++ size_t copy;
+
+ while (*rest) {
+ if (*rest == '.' && ++ndots >= 3)
+@@ -1283,8 +1284,9 @@ static int override_release(char __user *release, int len)
+ rest++;
+ }
+ v = ((LINUX_VERSION_CODE >> 8) & 0xff) + 40;
+- snprintf(buf, len, "2.6.%u%s", v, rest);
+- ret = copy_to_user(release, buf, len);
++ copy = min(sizeof(buf), max_t(size_t, 1, len));
++ copy = scnprintf(buf, copy, "2.6.%u%s", v, rest);
++ ret = copy_to_user(release, buf, copy + 1);
+ }
+ return ret;
+ }
Copied: dists/trunk/linux/debian/patches/bugfix/all/use-clamp_t-in-UNAME26-fix.patch (from r19450, dists/sid/linux/debian/patches/bugfix/all/use-clamp_t-in-UNAME26-fix.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/trunk/linux/debian/patches/bugfix/all/use-clamp_t-in-UNAME26-fix.patch Mon Oct 22 13:47:03 2012 (r19452, copy of r19450, dists/sid/linux/debian/patches/bugfix/all/use-clamp_t-in-UNAME26-fix.patch)
@@ -0,0 +1,32 @@
+From: Kees Cook <keescook at chromium.org>
+Date: Fri, 19 Oct 2012 18:45:53 -0700
+Subject: [2/2] use clamp_t in UNAME26 fix
+
+commit 31fd84b95eb211d5db460a1dda85e004800a7b52 upstream.
+
+The min/max call needed to have explicit types on some architectures
+(e.g. mn10300). Use clamp_t instead to avoid the warning:
+
+ kernel/sys.c: In function 'override_release':
+ kernel/sys.c:1287:10: warning: comparison of distinct pointer types lacks a cast [enabled by default]
+
+Reported-by: Fengguang Wu <fengguang.wu at intel.com>
+Signed-off-by: Kees Cook <keescook at chromium.org>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+---
+ kernel/sys.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/kernel/sys.c b/kernel/sys.c
+index 01865c6..e6e0ece 100644
+--- a/kernel/sys.c
++++ b/kernel/sys.c
+@@ -1284,7 +1284,7 @@ static int override_release(char __user *release, size_t len)
+ rest++;
+ }
+ v = ((LINUX_VERSION_CODE >> 8) & 0xff) + 40;
+- copy = min(sizeof(buf), max_t(size_t, 1, len));
++ copy = clamp_t(size_t, len, 1, sizeof(buf));
+ copy = scnprintf(buf, copy, "2.6.%u%s", v, rest);
+ ret = copy_to_user(release, buf, copy + 1);
+ }
Copied and modified: dists/trunk/linux/debian/patches/debian/iwlwifi-do-not-request-unreleased-firmware.patch (from r19450, dists/sid/linux/debian/patches/debian/iwlwifi-do-not-request-unreleased-firmware.patch)
==============================================================================
--- dists/sid/linux/debian/patches/debian/iwlwifi-do-not-request-unreleased-firmware.patch Mon Oct 22 13:12:16 2012 (r19450, copy source)
+++ dists/trunk/linux/debian/patches/debian/iwlwifi-do-not-request-unreleased-firmware.patch Mon Oct 22 13:47:03 2012 (r19452)
@@ -12,10 +12,10 @@
not easy to detect that this particular failure is harmless. So stop
requesting the unreleased firmware.
---- a/drivers/net/wireless/iwlwifi/iwl-6000.c
-+++ b/drivers/net/wireless/iwlwifi/iwl-6000.c
-@@ -46,7 +46,7 @@
- #include "iwl-cfg.h"
+--- a/drivers/net/wireless/iwlwifi/pcie/6000.c
++++ b/drivers/net/wireless/iwlwifi/pcie/6000.c
+@@ -32,7 +32,7 @@
+ #include "dvm/commands.h" /* needed for BT for now */
/* Highest firmware API version supported */
-#define IWL6000_UCODE_API_MAX 6
Modified: dists/trunk/linux/debian/patches/series
==============================================================================
--- dists/trunk/linux/debian/patches/series Mon Oct 22 13:37:07 2012 (r19451)
+++ dists/trunk/linux/debian/patches/series Mon Oct 22 13:47:03 2012 (r19452)
@@ -45,3 +45,7 @@
bugfix/alpha/alpha-use-large-data-model.diff
bugfix/all/speakup-lower-default-software-speech-rate.patch
+bugfix/all/SUNRPC-Set-alloc_slot-for-backchannel-tcp-ops.patch
+debian/iwlwifi-do-not-request-unreleased-firmware.patch
+bugfix/all/kernel-sys.c-fix-stack-memory-content-leak-via-UNAME.patch
+bugfix/all/use-clamp_t-in-UNAME26-fix.patch
More information about the Kernel-svn-changes
mailing list