[kernel] r22108 - dists/squeeze-security/linux-2.6/debian
Ben Hutchings
benh at moszumanska.debian.org
Sat Dec 6 05:12:49 UTC 2014
Author: benh
Date: Sat Dec 6 05:12:49 2014
New Revision: 22108
Log:
Clean-up change list for upstream stable updates 2.6.32.61..64
Delete lines for fixes we already had.
Add some Debian bug numbers that are references.
Modified:
dists/squeeze-security/linux-2.6/debian/changelog
Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog Sat Dec 6 04:37:30 2014 (r22107)
+++ dists/squeeze-security/linux-2.6/debian/changelog Sat Dec 6 05:12:49 2014 (r22108)
@@ -9,7 +9,6 @@
* The following upstream releases include many security fixes which
were already shipped in previous Debian releases.
* Add stable release 2.6.32.61:
- - Revert "pcdp: use early_ioremap/early_iounmap to access pcdp table"
- Revert "block: improve queue_should_plug() by looking at IO depths"
- 2.6.32.y: timekeeping: Fix nohz issue with commit
61b76840ddee647c0c223365378c3f394355b7d7
@@ -19,24 +18,6 @@
- tick: Cleanup NOHZ per cpu data on cpu down
- kbuild: Fix gcc -x syntax
- gen_init_cpio: avoid stack overflow when expanding
- - usermodehelper: introduce umh_complete(sub_info)
- - usermodehelper: implement UMH_KILLABLE
- - usermodehelper: ____call_usermodehelper() doesn't need do_exit()
- - kmod: introduce call_modprobe() helper
- - kmod: make __request_module() killable
- - exec: do not leave bprm->interp on stack
- - exec: use -ELOOP for max recursion depth
- - signal: always clear sa_restorer on execve
- - ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread
- - ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up()
- - ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL
- - ptrace: Fix ptrace when task is in task_is_stopped() state
- - kernel/signal.c: stop info leak via the tkill and the tgkill syscalls
- - signal: Define __ARCH_HAS_SA_RESTORER so we know whether to clear
- sa_restorer
- - kernel/signal.c: use __ARCH_HAS_SA_RESTORER instead of SA_RESTORER
- - wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED
- task
- coredump: prevent double-free on an error path in core dumper
- kernel/sys.c: call disable_nonboot_cpus() in kernel_restart()
- ring-buffer: Fix race between integrity check and readers
@@ -47,27 +28,23 @@
- Fix a dead loop in async_synchronize_full()
- tracing: Don't call page_to_pfn() if page is NULL
- tracing: Fix double free when function profile init failed
- - hugetlb: fix resv_map leak in error path
- - mm: fix vma_resv_map() NULL pointer
- mm: Fix PageHead when !CONFIG_PAGEFLAGS_EXTENDED
- mm: bugfix: set current->reclaim_state to NULL while returning from
kswapd()
- mm: fix invalidate_complete_page2() lock ordering
- mempolicy: fix a race in shared_policy_replace()
- ALSA: hda - More ALC663 fixes and support of compatible chips
- - ALSA: hda - Add a pin-fix for FSC Amilo Pi1505
+ (Closes: #688564)
+ - ALSA: hda - Add a pin-fix for FSC Amilo Pi1505 (Closes: #599582)
- ALSA: seq: Fix missing error handling in snd_seq_timer_open()
- ALSA: ac97 - Fix missing NULL check in snd_ac97_cvol_new()
- x86, ioapic: initialize nr_ioapic_registers early in mp_register_ioapic()
- - x86: Don't use the EFI reboot method by default
- x86, random: make ARCH_RANDOM prompt if EMBEDDED, not EXPERT
- x86/xen: don't assume %ds is usable in xen_iret for 32-bit PVOPS.
- - x86/msr: Add capabilities check
- x86/mm: Check if PUD is large when validating a kernel address
- x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates
- xen/bootup: allow read_tscp call for Xen PV guests.
- xen/bootup: allow {read|write}_cr8 pvops call.
- - KVM: x86: relax MSR_KVM_SYSTEM_TIME alignment check
- MCE: Fix vm86 handling for 32bit mce handler
- ACPI / cpuidle: Fix NULL pointer issues when cpuidle is disabled
- alpha: Add irongate_io to PCI bus resources
@@ -92,14 +69,8 @@
- scsi: use __uX types for headers exported to user space
- fix crash in scsi_dispatch_cmd()
- SCSI: bnx2i: Fixed NULL ptr deference for 1G bnx2 Linux iSCSI offload
- - keys: fix race with concurrent install_user_keyrings()
- crypto: cryptd - disable softirqs in cryptd_queue_worker to prevent data
corruption
- - xfrm_user: fix info leak in copy_to_user_state()
- - xfrm_user: fix info leak in copy_to_user_policy()
- - xfrm_user: fix info leak in copy_to_user_tmpl()
- - xfrm_user: return error pointer instead of NULL
- - xfrm_user: return error pointer instead of NULL #2
- r8169: correct settings of rtl8102e.
- r8169: remove the obsolete and incorrect AMD workaround
- r8169: Add support for D-Link 530T rev C1 (Kernel Bug 38862)
@@ -108,13 +79,6 @@
- tg3: Avoid null pointer dereference in tg3_interrupt in netconsole mode
- IPoIB: Fix use-after-free of multicast object
- telephony: ijx: buffer overflow in ixj_write_cid()
- - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid()
- - Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER)
- - Bluetooth: RFCOMM - Fix info leak via getsockname()
- - Bluetooth: RFCOMM - Fix missing msg_namelen update in
- rfcomm_sock_recvmsg()
- - Bluetooth: L2CAP - Fix info leak via getsockname()
- - Bluetooth: fix possible info leak in bt_sock_recvmsg()
- xhci: Make handover code more robust
- USB: EHCI: go back to using the system clock for QH unlinks
- USB: whiteheat: fix memory leak in error path
@@ -122,24 +86,19 @@
- USB: mos7840: fix urb leak at release
- USB: mos7840: fix port-device leak in error path
- USB: garmin_gps: fix memory leak on disconnect
- - USB: io_ti: Fix NULL dereference in chase_port()
- - USB: cdc-wdm: fix buffer overflow
- USB: serial: ftdi_sio: Handle the old_termios == 0 case e.g.
uart_resume_port()
- USB: ftdi_sio: Quiet sparse noise about using plain integer was NULL
pointer
- epoll: prevent missed events on EPOLL_CTL_MOD
- - fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check
- fs/fscache/stats.c: fix memory leak
- sysfs: sysfs_pathname/sysfs_add_one: Use strlcat() instead of strcat()
- - tmpfs: fix use-after-free of mempolicy object
- jbd: Delay discarding buffers in journal_unmap_buffer
- jbd: Fix assertion failure in commit code due to lacking transaction
credits
- jbd: Fix lock ordering bug in journal_unmap_buffer()
- ext4: Fix fs corruption when make_indexed_dir() fails
- ext4: don't dereference null pointer when make_indexed_dir() fails
- - ext4: Fix max file size and logical block counting of extent format file
- ext4: fix memory leak in ext4_xattr_set_acl()'s error path
- ext4: online defrag is not supported for journaled files
- ext4: always set i_op in ext4_mknod()
@@ -147,18 +106,11 @@
- ext4: lock i_mutex when truncating orphan inodes
- ext4: fix race in ext4_mb_add_n_trim()
- ext4: limit group search loop for non-extent files
- - ext4: make orphan functions be no-op in no-journal mode
- - ext4: avoid hang when mounting non-journal filesystems with orphan list
- udf: fix memory leak while allocating blocks during write
- - udf: avoid info leak on export
- udf: Fix bitmap overflow on large filesystems with small block size
- fs/cifs/cifs_dfs_ref.c: fix potential memory leakage
- - isofs: avoid info leak on export
- - fat: Fix stat->f_namelen
- - NLS: improve UTF8 -> UTF16 string conversion routine
- hfsplus: fix potential overflow in hfsplus_file_truncate()
- btrfs: use rcu_barrier() to wait for bdev puts at unmount
- - kernel panic when mount NFSv4
- nfsd4: fix oops on unusual readlike compound
- net/core: Fix potential memory leak in dev_set_alias()
- net: reduce net_rx_action() latency to 2 HZ
@@ -170,39 +122,21 @@
- net_sched: gact: Fix potential panic in tcf_gact().
- net: sched: integer overflow fix
- net: prevent setting ttl=0 via IP_TTL
- - net: fix divide by zero in tcp algorithm illinois
- net: guard tcp_set_keepalive() to tcp sockets
Fixes CVE-2012-6657
- - net: fix info leak in compat dev_ifconf()
- - inet: add RCU protection to inet->opt
- tcp: allow splice() to build full TSO packets
- tcp: fix MSG_SENDPAGE_NOTLAST logic
- tcp: preserve ACK clocking in TSO
- unix: fix a race condition in unix_release()
- - dcbnl: fix various netlink info leaks
- sctp: fix memory leak in sctp_datamsg_from_user() when copy from user
space fails
- net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree
- net: sctp: sctp_endpoint_free: zero out secret key data
- net: sctp: sctp_auth_key_put: use kzfree instead of kfree
- - ipv6: discard overlapping fragment
- - ipv6: make fragment identifications less predictable
- netfilter: nf_ct_ipv4: packets with wrong ihl are invalid
- ipvs: allow transmit of GRO aggregated skbs
- ipvs: IPv6 MTU checking cleanup and bugfix
- - ipvs: fix info leak in getsockopt(IP_VS_SO_GET_TIMEOUT)
- - atm: update msg_namelen in vcc_recvmsg()
- - atm: fix info leak via getsockname()
- - atm: fix info leak in getsockopt(SO_ATMPVC)
- - ax25: fix info leak via msg_name in ax25_recvmsg()
- isdnloop: fix and simplify isdnloop_init()
- - iucv: Fix missing msg_namelen update in iucv_sock_recvmsg()
- - llc: fix info leak via getsockname()
- - llc: Fix missing msg_namelen update in llc_ui_recvmsg()
- - rds: set correct msg_namelen
- - rose: fix info leak via msg_name in rose_recvmsg()
- - irda: Fix missing msg_namelen update in irda_recvmsg_dgram()
- - tipc: fix info leaks via msg_name in recv_msg/recv_stream
- mpt2sas: Send default descriptor for RAID pass through in mpt2ctl
- x86, ptrace: fix build breakage with gcc 4.7
* Add stable release 2.6.32.62:
@@ -211,25 +145,9 @@
- Revert "x86, ptrace: fix build breakage with gcc 4.7"
- x86, ptrace: fix build breakage with gcc 4.7 (second try)
- ipvs: fix CHECKSUM_PARTIAL for TCP, UDP
- - intel-iommu: Flush unmaps at domain_exit
- staging: comedi: ni_65xx: (bug fix) confine insn_bits to one subdevice
- kernel/kmod.c: check for NULL in call_usermodehelper_exec()
- cciss: fix info leak in cciss_ioctl32_passthru()
- - cpqarray: fix info leak in ida_locked_ioctl()
- - drivers/cdrom/cdrom.c: use kzalloc() for failing hardware
- - sctp: deal with multiple COOKIE_ECHO chunks
- - sctp: Use correct sideffect command in duplicate cookie handling
- - ipv6: ip6_sk_dst_check() must not assume ipv6 dst
- - af_key: fix info leaks in notify messages
- - af_key: initialize satype in key_notify_policy_flush()
- - block: do not pass disk names as format strings
- - b43: stop format string leaking into error msgs
- - HID: validate HID report id size
- - HID: zeroplus: validate output report details
- - HID: pantherlord: validate output report details
- - HID: LG: validate HID output report details
- - HID: check for NULL field when setting values
- - HID: provide a helper for validating hid reports
- crypto: api - Fix race condition in larval lookup
- ipv6: tcp: fix panic in SYN processing
- tcp: must unclone packets before mangling them
@@ -238,12 +156,10 @@
- proc connector: fix info leaks
- can: dev: fix nlmsg size calculation in can_get_size()
- net: vlan: fix nlmsg size calculation in vlan_get_size()
- - farsync: fix info leak in ioctl
- connector: use nlmsg_len() to check message length
- net: dst: provide accessor function to dst->xfrm
- sctp: Use software crc32 checksum when xfrm transform will happen.
- sctp: Perform software checksum if packet has to be fragmented.
- - wanxl: fix info leak in ioctl
- davinci_emac.c: Fix IFF_ALLMULTI setup
- resubmit bridge: fix message_age_timer calculation
- ipv6 mcast: use in6_dev_put in timer handlers instead of __in6_dev_put
@@ -273,23 +189,19 @@
- net: check net.core.somaxconn sysctl values
- tcp: cubic: fix bug in bictcp_acked()
- ipv6: don't stop backtracking in fib6_lookup_1 if subtree does not match
- - ipv6: remove max_addresses check from ipv6_create_tempaddr
- ipv6: drop packets with multiple fragmentation headers
- ipv6: Don't depend on per socket memory for neighbour discovery messages
- ICMPv6: treat dest unreachable codes 5 and 6 as EACCES, not EPROTO
- tipc: fix lockdep warning during bearer initialization
- - net: Fix "ip rule delete table 256"
+ - net: Fix "ip rule delete table 256" (Closes: #724783)
- ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
- random32: fix off-by-one in seeding requirement
- bonding: fix two race conditions in bond_store_updelay/downdelay
- isdnloop: use strlcpy() instead of strcpy()
- ipv4: fix possible seqlock deadlock
- - inet: prevent leakage of uninitialized memory to user in recv syscalls
- net: rework recvmsg handler msg_name and msg_namelen logic
- net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
sockaddr_storage)
- - inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
- functions
- net: clamp ->msg_namelen instead of returning an error
- ipv6: fix leaking uninitialized port number of offender sockaddr
- atm: idt77252: fix dev refcnt leak
@@ -302,8 +214,6 @@
- net: drop_monitor: fix the value of maxattr
- net: unix: allow bind to fail on mutex lock
- drivers/net/hamradio: Integer overflow in hdlcdrv_ioctl()
- - hamradio/yam: fix info leak in ioctl
- - rds: prevent dereference of a NULL device
- net: rose: restore old recvmsg behavior
- net: llc: fix use after free in llc_ui_recvmsg
- inet_diag: fix inet_diag_dump_icsk() timewait socket state logic
@@ -313,22 +223,13 @@
- net: sctp: fix sctp_connectx abi for ia32 emulation/compat mode
- virtio-net: alloc big buffers also when guest can receive UFO
- tg3: Don't check undefined error bits in RXBD
- - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
- net: sctp: fix skb leakage in COOKIE ECHO path of chunk->auth_chunk
- net: socket: error on a negative msg_namelen
- netlink: don't compare the nul-termination in nla_strcmp
- isdnloop: several buffer overflows
- - rds: prevent dereference of a NULL device in rds_iw_laddr_check
- isdnloop: Validate NUL-terminated strings from user.
- sctp: unbalanced rcu lock in ip_queue_xmit()
- - aacraid: prevent invalid pointer dereference
- - ipv6: udp packets following an UFO enqueued packet need also be handled by
- UFO
- - inet: fix possible memory corruption with UDP_CORK and UFO
- vm: add vm_iomap_memory() helper function
- - Fix a few incorrectly checked [io_]remap_pfn_range() calls
- - libertas: potential oops in debugfs
- - x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround
- gianfar: disable TX vlan based on kernel 2.6.x
- powernow-k6: set transition latency value so ondemand governor can be used
- powernow-k6: disable cache when changing frequency
@@ -337,31 +238,10 @@
- tcp: fix tcp_trim_head() to adjust segment count with skb MSS
- tcp_cubic: limit delayed_ack ratio to prevent divide error
- tcp_cubic: fix the range of delayed_ack
- - n_tty: Fix n_tty_write crash when echoing in raw mode
- - exec/ptrace: fix get_dumpable() incorrect tests
- - ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET
- pending data
- - dm snapshot: fix data corruption
- - crypto: ansi_cprng - Fix off by one error in non-block size request
- - uml: check length in exitcode_proc_write()
- - qeth: avoid buffer overflow in snmp ioctl
- - xfs: underflow bug in xfs_attrlist_by_handle()
- - aacraid: missing capable() check in compat ioctl
- - SELinux: Fix kernel BUG on empty security contexts.
- - s390: fix kernel crash due to linkage stack instructions
- - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
- - floppy: ignore kernel-only members in FDRAWCMD ioctl input
- - floppy: don't write kernel-only members to FDRAWCMD ioctl output
* Add stable release 2.6.32.63:
- ethtool: Report link-down while interface is down
- futex: Add another early deadlock detection check
- futex: Prevent attaching to kernel threads
- - futex-prevent-requeue-pi-on-same-futex.patch futex: Forbid uaddr == uaddr2
- in futex_requeue(..., requeue_pi=1)
- - futex: Validate atomic acquisition in futex_lock_pi_atomic()
- - futex: Always cleanup owner tid in unlock_pi
- - futex: Make lookup_pi_state more robust
- - auditsc: audit_krule mask accesses need bounds checking
- net: fix regression introduced in 2.6.32.62 by sysctl fixes
* Add stable release 2.6.32.64:
- x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508)
@@ -369,14 +249,6 @@
- x86_32, entry: Clean up sysenter_badsys declaration
- MIPS: Cleanup flags in syscall flags handlers.
- MIPS: asm: thread_info: Add _TIF_SECCOMP flag
- - fix autofs/afs/etc. magic mountpoint breakage
- - ALSA: control: Make sure that id->index does not overflow
- - ALSA: control: Handle numid overflow
- - sctp: Fix sk_ack_backlog wrap-around problem
- - mm: try_to_unmap_cluster() should lock_page() before mlocking
- - filter: prevent nla extensions to peek beyond the end of the message
- - ALSA: control: Protect user controls against concurrent access
- - ptrace,x86: force IRET path after a ptrace_stop()
- sym53c8xx_2: Set DID_REQUEUE return code when aborting squeue
- tcp: fix tcp_match_skb_to_sack() for unaligned SACK at end of an skb
- igmp: fix the problem when mc leave group
More information about the Kernel-svn-changes
mailing list