-
linux-2.6 (2.6.32-48squeeze6) squeeze-security; urgency=high
[ Moritz Muehlenhoff ]
* CVE-2014-0196: Jiri Slaby discovered a race condition in the pty
layer, which could lead to denial of service or privilege escalation.
* CVE-2014-1737 / CVE-2014-1738: Matthew Daley discovered that
missing input sanitising in the FDRAWCMD ioctl and an information
leak could result in privilege escalation.
-- Moritz Muehlenhoff <email address hidden> Mon, 12 May 2014 19:38:43 -0600
-
linux-2.6 (2.6.32-48squeeze4) squeeze-security; urgency=high
[ Ian Campbell ]
* Fix regression in "xen: netback: shutdown the ring if it contains garbage
(CVE-2013-0216)" (Closes: #701744)
[ Moritz Muehlenhoff ]
* drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (CVE-2013-2164)
* ipv6: ip6_sk_dst_check() must not assume ipv6 dst (CVE-2013-2232)
* af_key: fix info leaks in notify messages (CVE-2013-2234)
* af_key: initialize satype in key_notify_policy_flush() (CVE-2013-2237)
* block: do not pass disk names as format strings (CVE-2013-2851)
* b43: stop format string leaking into error msgs (CVE-2013-2852)
* sctp: Use correct sideffect command in duplicate cookie handling
(CVE-2013-2206)
* kernel/signal.c: stop info leak via the tkill and the tgkill syscalls
(CVE-2013-2141)
* HID: validate HID report id size (CVE-2013-2888)
* HID: check for NULL field when setting values
* Information leak in openvz quota implementation (CVE-2013-2239)
[ dann frazier ]
* HID: pantherlord: validate output report details (CVE-2013-2892)
-- dann frazier <email address hidden> Mon, 23 Sep 2013 12:36:26 -0600
-
linux-2.6 (2.6.32-48) stable; urgency=low
* [s390] s390/time: fix sched_clock() overflow (Closes: #698382)
* Revert "time: Avoid making adjustments if we haven't accumulated
anything" (Closes: #699112, regression in 2.6.32.60)
* exec: Fix accounting of execv*() memory after vfork() (Closes: #700486)
* r8169: Fix bugs that can cause an interface to hang
(possible fix for: #617220, #642025)
- r8169: missing barriers.
- r8169: fix unsigned int wraparound with TSO
- r8169: remove the obsolete and incorrect AMD workaround
-- Ben Hutchings <email address hidden> Thu, 14 Feb 2013 14:11:58 +0000
-
linux-2.6 (2.6.32-46) stable; urgency=high
[ Bastian Blank ]
* [s390] Enable IUCV special message support. (closes: #671238)
[ Ben Hutchings ]
* linux-image: Relax version dependency on linux-base, to simplify
testing of bug fixes
* [x86] linux-image: Fix minimum version of lilo (Closes: #680467)
* [openvz] proc: Fix extreme memory use for /proc/self/mountinfo in
container, thanks to Andrew Vagin, Christoph Lechleitner (Closes: #655385)
* usb: Fix deadlock in hid_reset when Dell iDRAC is reset (Closes: #670398)
* drm: Apply changes deferred from 2.6.32.42+drm33.19:
- drm: implement helper functions for scanning lru list
- drm/i915: Implement fair lru eviction across both rings. (v2)
- drm/i915: Maintain LRU order of inactive objects upon access by CPU (v2)
- drm/i915/evict: Ensure we completely cleanup on failure
* Add drm changes from 2.6.32.46+drm33.20, 2.6.32.48+drm33.21,
2.6.32.56+drm33.22, 2.6.32.57+drm33.23, 2.6.32.58+drm33.24
(Closes: #681632) including:
- drm/radeon/kms: prefer high post dividers in legacy pll algo
(Closes: #575893)
- drm: mm: fix range restricted allocations (regression in 2.6.32-36)
- drm/i915: no lvds quirk for AOpen MP45
* [armel/kirkwood] ahci: Add JMicron 362 device IDs (Closes: #634180)
* tcp: Don't change unlocked socket state in tcp_v4_err(). (Closes: #685087)
* locks: fix checking of fcntl_setlease argument
* sfc: Fix maximum number of TSO segments and minimum TX queue size
(CVE-2012-3412)
[ Jonathan Nieder ]
* ath5k: initialize default noise floor
* ath5k: use noise calibration from madwifi hal (Closes: #611107)
* sky2: Add 'legacy_pme' option for PCI legacy power management
(Closes: #647560; works around regression introduced in 2.6.32-22)
[ dann frazier ]
* Avoid leap second deadlock and early hrtimer/futex expiration issue
(Closes: #679882)
* net: sock: validate data_len before allocating skb in
sock_alloc_send_pskb() (CVE-2012-2136)
* dl2k: Clean up rio_ioctl, add missing CAP_NET_ADMIN checks (CVE-2012-2313)
* hfsplus: Fix potential buffer overflows (CVE-2012-2319)
* hugetlb: fix resv_map leak in error path (CVE-2012-2390)
* mm: fix vma_resv_map() NULL pointer (CVE-2012-2390)
* cred: copy_process() should clear child->replacement_session_keyring
(CVE-2012-2745)
* udf: Fix buffer overflow when parsing sparing table (CVE-2012-3400)
* rds: set correct msg_namelen (CVE-2012-3430)
-- dann frazier <email address hidden> Sun, 23 Sep 2012 04:22:37 +0900
-
linux-2.6 (2.6.32-45) stable; urgency=high
* Avoid ABI change on some archs due to a new #include in the
fix for CVE-2012-2123.
-- dann frazier <email address hidden> Sat, 05 May 2012 11:39:28 -0600
-
linux-2.6 (2.6.32-41) stable; urgency=low
[ Ben Hutchings ]
* ipv6: make fragment identifications less predictable (CVE-2011-2699)
- fix NULL dereference in udp6_ufo_fragment (see #643817)
* Add longterm release 2.6.32.52:
- Revert "clockevents: Set noop handler in clockevents_exchange_device()",
included in stable update 2.6.32.50 (Closes: #653398)
* Add longterm release 2.6.32.53, including:
- cfq-iosched: fix cfq_cic_link() race confition
For the complete list of changes, see:
http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.53
and the bug report which this closes: #655049.
* Add longterm release 2.6.32.54, including:
- drivers/usb/class/cdc-acm.c: clear dangling pointer
- asix: fix infinite loop in rx_fixup()
- SCSI: scsi_dh: check queuedata pointer before proceeding further
- xfs: validate acl count; fix acl count validation (CVE-2012-0044)
For the complete list of changes, see:
http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.54
and the bug report which this closes: #655816.
* Refine the fix for CVE-2011-4127, based on mainline Linux:
- Do not restrict processes that have CAP_SYS_RAWIO
- Log a warning when an ioctl is forbidden (with rate-limiting,
and excluding CDROM_GET_CAPABILITY)
- Fix the ide-floppy and ub drivers
- Fix the ub driver properly (not included in Debian configurations)
[ Ian Campbell ]
* xen: Set XEN_MAX_DOMAIN_MEMORY to 70G for 64 bit domains. (Closes: #645052)
[ Jonathan Nieder ]
* [x86] ACPI: fix corrupt DSDT by enabling acpi=copy_dsdt automatically on
more known-bad Toshiba models (Closes: #598104)
[ Arnaud Patard ]
* [armel] Backport 88f6282 from mainline (Closes: #655316)
-- Ben Hutchings <email address hidden> Sun, 15 Jan 2012 03:37:31 +0000
-
linux-2.6 (2.6.32-38) stable; urgency=high
* Revert "ipv6: make fragment identifications less predictable"
(Closes: #643817). This reopens CVE-2011-2699.
-- Ben Hutchings <email address hidden> Sun, 02 Oct 2011 00:17:26 +0100
-
linux-2.6 (2.6.32-35) stable; urgency=high
[ Ben Hutchings ] * scsi: Add hpsa driver for HP Smart Array controllers - Disable binding to devices currently handled by cciss * scsi: Add pm8001 driver for PMC-Sierra SAS/SATA HBAs * bnx2i: Add support for BCM5771E * wl1251: Add support for PG11 chips * bnx2x: Add support for BCM84823 * ar9170usb: Add several additional USB device IDs * net: Add bna driver for Brocade Ethernet adapters * Add longterm release 2.6.32.40, including: - ubifs: Fix master node recovery - dasd: Correct device table (Closes: #607416) - udp: Fix bogus UFO packet generation (Closes: #626284) - pmcraid: Reject negative request size - af_unix: Only allow recv on connected seqpacket sockets. - usb: musb: core: set has_tt flag - NFS: nfs_wcc_update_inode() should set nfsi->attr_gencount (Closes: #617364) For the complete list of changes, see: http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.40 * USB: Prevent buggy hubs from crashing the USB stack (deferred from 2.6.32.29 due to regressions which were fixed in 2.6.32.40) * [x86] cpu: Set ARAT feature on some AMD processors (deferred from 2.6.32.39 due to apparent regression which was fixed in 2.6.32.40) * [armel] Implement accept4() system call (Closes: #625752) * Add longterm release 2.6.32.41, including: - cifs: check for bytes_remaining going to zero in CIFS_SessSetup For the complete list of changes, see: http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.41 * [x86] Do not enable ARAT feature on AMD processors below family 0x12 [ Ian Campbell ] * Remove lazy vunmap for non-Xen flavours too. (Closes: #613634) [ dann frazier ] * efi: corrupted GUID partition tables can cause kernel oops (CVE-2011-1577) * tunnels: fix netns vs proto registration ordering (CVE-2011-1768) * fs/partitions/ldm.c: fix oops caused by corrupted partition table (CVE-2011-1017) -- dann frazier <email address hidden> Sat, 11 Jun 2011 10:50:32 -0600
-
linux-2.6 (2.6.32-31) stable; urgency=low
[ Ian Campbell ] * xen: blkback: fix potential leak of kernel thread. (CVE-2010-3699) [ Moritz Muehlenhoff ] * rds: Fix rds_iovec page count overflow (CVE-2010-3865) [ Ben Hutchings ] * tty: Fix information leaks from SIOCGICOUNT handlers (CVE-2010-4075, CVE-2010-4076, CVE-2010-4077) * bonding: Ensure that we unshare skbs prior to calling pskb_may_pull (Closes: #610838) * r8169: Keep firmware in memory (Closes: #609538) * linux-base: Convert LILO entries for /boot/vmlinuz, /boot/vmlinuz.old (Closes: #613200) * aufs: Fix VM race leading to kernel panic (Closes: #607879) * rt2500usb: Fall back to SW encryption for TKIP+AES (Closes: #611390) * Add longterm 2.6.32.29: - SCSI: Fix medium error problems with some arrays which can cause data corruption - ptrace: Use safer wake up on ptrace_detach() - [x86] mm: Avoid possible bogus TLB entries by clearing prev mm_cpumask after switching mm - sched: Fix softirq time accounting - sched: Use group weight, idle cpu metrics to fix imbalances during idle - [openvz,vserver] Revert sched changes since they conflict * Revert "USB: Prevent buggy hubs from crashing the USB stack", included in longterm 2.6.32.29 and reported to cause a regression * virtio_net: Further fixes for out-of-memory conditions (Closes: #603835) - Fix OOM handling on TX - Add schedule check to napi_enable call * af_unix: Limit recursion level of passing sockets through sockets (variant of CVE-2010-4249) * iowarrior: Don't trust report_size for buffer size (CVE-2010-4656) * drm: Fix unsigned vs signed comparison issue in modeset ctl ioctl (CVE-2011-1013) * brcm80211: Fix suspend/resume in brcmsmac (Closes: #600769, #604802) * brcm80211: Fix race between scanning and calibration on SMP (Closes: 602444) * drm/i915: Overlay on gen2 can't address above 1G * drm/i915: Fix memory corruption with GM965 and >4GB RAM * ipv6: Silence privacy extensions initialization (Closes: #590653) * [x86] Enable VT6656, loading firmware from a separate file (requires firmware-linux-nonfree 0.28+squeeze1) (Closes: #568454) * usbfs: Show correct speed for SuperSpeed USB devices (Closes: #613531) * drm/i915: Add pipe A force quirk for some laptops (Closes: #608148) * psmouse/elantech: Fix detection and decoding for newer Elantech touchpads (Closes: #613335) [ dann frazier ] * xfs: Fix information leak using stale NFS handle (CVE-2010-2943) * CAN: Use inode instead of kernel address for /proc file (CVE-2010-4565) [ maximilian attems] * Update openvz patch to feoktistov (ipv6, checkpointing, stability, ipsec, nfs, ppp, tc, ve). (closes: #607041, #613501, #613170) * HID: add support for Acan FG-8100 barcode reader. (closes: #615888) * Add longterm 2.6.32.30: - nfsd: Memory corruption due to writing beyond the stat array - av7110: check for negative array offset (CVE-2011-0521) - cred: Fix get_task_cred() and task_state() to not resurrect dead credentials - cred: Fix kernel panic upon security_file_alloc() failure - cred: Fix BUG() upon security_cred_alloc_blank() failure - cred: Fix memory and refcount leaks upon security_prepare_creds() failure - dm/raid1: Fail writes if errors are not handled and log fails - GFS2: Fix bmap allocation corner-case bug - [s390] remove task_show_regs (CVE-2011-0710) - PM/hibernate: Return error code when alloc_image_page() fails - fs/partitions: Validate map_count in Mac partition tables (CVE-2011-1010) - ALSA: caiaq - Fix possible string-buffer overflow (CVE-2011-0712) - acer-wmi, asus_acpi, tc1100-wmi: Restrict write permissions on files in procfs/sysfs - [x86] usbip/vhci: Update reference count for usb_device - [x86] usbip/vhci: Give back URBs from in-flight unlink requests - [x86] usbip/vhci: Refuse to enqueue for dead connections - epoll: Prevent creating circular epoll structures - fs/partitions/ldm: Corrupted partition table can cause kernel oops - xhci: Avoid BUG() in interrupt context - xhci: Fix errors in the running total calculations in the TRB math - xhci: Fix an error in count_sg_trbs_needed() - x25: Do not reference freed memory * Add longterm 2.6.32.31. * Add longterm 2.6.32.32-rc1: - netxen: fix set mac addr. (closes: #616058) - [xen] do not release any memory under 1M in domain 0. (closes: #613823) - virtio: set pci bus master enable bit. (closes: #610360) - sctp: Fix oops when sending queued ASCONF chunks (CVE-2010-1173). - drm/ttm: Fix two race conditions + fix busy codepaths (closes: #591061) * Add Slovak translation by Slavko. (closes: #608684) * Add drm changes from 2.6.32.28+drm33.13: - drm/i915: Add dependency on CONFIG_TMPFS. - drm/i915/lvds: Add AOpen i915GMm-HFS to the list of false-positive LVDS. - drm/radeon/kms: add pll debugging output. - drm/radeon/kms: add quirk for Mac Radeon HD 2600 card. - drm/radeon/kms: fix s/r issues with bios scratch regs. - drm/radeon/kms: make the mac rv630 quirk generic. - drm/radeon: remove 0x4243 pci id. [ Aurelien Jarno ] * init: fix race between init and kthreadd, fixes a kernel panic on mips/5kc-malta. * mips/swarm: enable PATA drivers that have been lost during IDE -> PATA conversion. [ Martin Michlmayr ] * Orion: add support for Buffalo LS-CHL (Closes: #590105). * Kirkwood: initialize PCIE1 for QNAP TS-419P+ (Closes: #613499). [ Jurij Smakov ] * sparc: add sparc-console-handover.patch to address problems with console handover on sparc causing kernel to hang during boot on systems using atyfb driver. Thanks to Fabio M. Di Nitto <email address hidden> for the patch. (Closes: #602853) [ Bastian Blank ] * Add supportt for AMD Family 10h/11h CPU internal temperatur sensor. (closes: #614555) -- Ben Hutchings <email address hidden> Mon, 07 Mar 2011 01:54:53 +0000
-
linux-2.6 (2.6.32-30) unstable; urgency=high
[ Ben Hutchings ] * mpt2sas: Fix incorrect scsi_dma_map error checking (Closes: #606968) * Update Spanish debconf template translation (Omar Campagne, Javier Fernández-Sanguino) (Really closes: #600694) * intel-iommu: Force-disable IOMMU for iGFX on broken Cantiga revisions (Closes: #607095) * [powerpc] linux-base: Run ybin after updating yaboot.conf (Closes: #607284) * tehuti: Firmware filename is tehuti/bdx.bin * iwlwifi: Reduce a failure-prone memory allocation (Closes: #599345) * linux-base: Look for GRUB 1 configuration in both /boot/grub and /boot/boot/grub (Closes: #607863) * rt28x0: Add ieee80211_regdom module parameter mimicking cfg80211 as a workaround for incorrect region code in NVRAM (Closes: #594561) * btrfs: Require CAP_SYS_ADMIN for filesystem rebalance (Closes: #608185) * [x86] dell-laptop: Enable for some newer Dell models * r8169: Change RTL8111D/RTL8168D initialisation and firmware loading to match upstream version (Closes: #596390 with firmware-realtek 0.28) * Add stable 2.6.32.28: - NFS: Fix panic after nfs_umount() - usb-storage/libusual: Add support for Samsung YP-CP3 MP4 Player, thanks to Vitaly Kuznetsov (Closes: #555835) - bfa: Fix system crash when reading sysfs fc_host statistics (CVE-2010-4343) - IB/uverbs: Handle large number of entries in poll CQ (CVE-2010-4649) - orinoco: Fix TKIP countermeasure behaviour (CVE-2010-4648) - mm: Add security_file_mmap check to install_special_mapping (CVE-2010-4346) - sctp: Fix a race between ICMP protocol unreachable and connect() (CVE-2010-4526) - hvc_console: Fix race between hvc_close and hvc_remove (CVE-2010-2653) (previously applied as an isolated fix in 2.6.32-25) - fuse/cuse: Verify ioctl retries (CVE-2010-4650) * [powerpc] Restore device tree source files to linux-image packages (Closes: #609155) [ maximilian attems ] * [openvz] Reenable NF_CONNTRACK_IPV6. (closes: #580507) * cifs: fix another memleak, in cifs_root_iget. * b43: Fix warning at drivers/mmc/core/core.c:237 in mmc_wait_for_cmd. * drm/radeon/kms: MC vram map needs to be >= pci aperture size. * drm/radeon/kms: make sure blit addr masks are 64 bit. * drm/radeon/kms: fix handling of tex lookup disable in cs checker on r2xx. * drm/i915: Free hardware status page on unload when physically mapped. * drm/i915/overlay: Ensure that the reg_bo is in the GTT prior to writing. * drm/radeon/kms/atom: set sane defaults in atombios_get_encoder_mode(). * drm/radeon/kms: fix typos in disabled vbios code. * drm/radeon/kms: add workaround for dce3 ddc line vbios bug. * drm/radeon/kms: fix interlaced and doublescan handling. * drm/i915/sdvo: Always add a 30ms delay to make SDVO TV detection reliable. * wireless: b43: fix error path in SDIO. * drm/radeon/kms: don't apply 7xx HDP flush workaround on AGP. [ Ian Campbell ] * xen: backport TTM patches to use PCI API. Fixes PCIe GPU (specifically Radeon and Nouveau) on Xen (Closes: #601341). * xen: netback: drop SKBs which are GSO but do not have a partial checksum set (Closes: #608144). [ dann frazier ] * exec: make argv/envp memory visible to oom-killer (CVE-2010-4243) * irda: Fix information leak in IRLMP_ENUMDEVICES (CVE-2010-4529) * af_unix: limit unix_tot_inflight (CVE-2010-4249) [ Moritz Muehlenhoff ] * net: ax25: fix information leak to userland (CVE-2010-3875) * net: packet: fix information leak to userland (CVE-2010-3876) * net: tipc: fix information leak to userland (CVE-2010-3877) * inet_diag: Make sure we actually run the same bytecode we audited (CVE-2010-3880) * econet: Fix crash in aun_incoming() (CVE-2010-4342) -- Ben Hutchings <email address hidden> Tue, 11 Jan 2011 05:42:11 +0000
-
linux-2.6 (2.6.32-29) unstable; urgency=high
[ Ben Hutchings ] * megaraid_sas: Add support for 'entry-level' SAS controllers including the 9240 family (Closes: #604083) * tcp: Make TCP_MAXSEG minimum more correct (refinement of fix for CVE-2010-4165) * l2tp: Fix UDP socket reference count bugs in the pppol2tp driver (Closes: #604748) * USB: Retain device power/wakeup setting across reconfiguration; don't enable remote wakeup by default (Closes: #605246) * dm: Deal with merge_bvec_fn in component devices better (Closes: #604457) * Update Spanish debconf template translation (Aaron H Farias Martinez) (Closes: #600694) * perf: Use libiberty, not libbfd, for symbol demangling (Closes: #590226, #606050) * [x86] Add support for Fintek hardware watchdogs (Closes: #601187) - resource: Add shared I/O region support - hwmon: f71882fg: Use a muxed resource lock for the Super I/O port - watchdog: Add f71808e_wdt driver * bcm5974: Add reporting of multitouch events (Closes: #605450) * fusion: Set FUSION_MAX_SGE=128, the upstream default (Closes: #606096) * Add stable 2.6.32.27: - block: limit vec count in bio_kmalloc() and bio_alloc_map_data() - block: take care not to overflow when calculating total iov length - block: check for proper length of iov entries in blk_rq_map_user_iov() (CVE-2010-4163) - net: clear heap allocation for ETHTOOL_GRXCLSRLALL (CVE-2010-3861) - asus_oled: fix up some sysfs attribute permissions - ipc: initialize structure memory to zero for compat functions (CVE-2010-4073) - ipc/shm: fix information leak to userland (CVE-2010-4072) - ipc/sem: sys_semctl: fix kernel stack information leakage (CVE-2010-4083) - tty: prevent DOS in the flush_to_ldisc - [x86] KVM: VMX: Fix host userspace gsbase corruption (Closes: #604956) - KVM: VMX: fix vmx null pointer dereference on debug register access (CVE-2010-0435) - KVM: x86: fix information leak to userland (CVE-2010-3881) - firewire/cdev: fix information leak - firewire-core: fix an information leak - firewire-ohci: fix buffer overflow in AR split packet handling - bio: take care not overflow page count when mapping/copying user data (CVE-2010-4162) - sisusbvga: fix information leak to userland - iowarrior: fix information leak to userland - usb: core: fix information leak to userland - usb-storage/sierra_ms: fix sysfs file attribute - ueagle-atm: fix up some permissions on the sysfs files - cypress_cy7c63: fix up some sysfs attribute permissions - usbled: fix up some sysfs attribute permissions - trancevibrator: fix up a sysfs attribute permission - usbsevseg: fix up some sysfs attribute permissions - do_exit(): make sure that we run with get_fs() == USER_DS (CVE-2010-4258) - DECnet: don't leak uninitialized stack byte - perf_events: Fix perf_counter_mmap() hook in mprotect() (CVE-2010-4169) - frontier: fix up some sysfs attribute permissions - net/sched: fix kernel information leak in act_police - can-bcm: fix minor heap overflow (CVE-2010-3874) - ivtvfb: prevent reading uninitialized stack memory (CVE-2010-4079) - net/sched: fix some kernel information leaks * TTY: Fix error return from tty_ldisc_open() (regression in 2.6.32.27) * filter: make sure filters dont read uninitialized memory (CVE-2010-4158) * posix-cpu-timers: workaround to suppress the problems with mt exec (CVE-2010-4248) [ Ian Campbell ] * xen: disable ACPI NUMA for PV guests and allow IRQ desc allocation on any node (Closes: #603632) * xen: handle potential time discontinuity on resume (Closes: #602273) * xen: don't bother to stop other cpus on shutdown/reboot (Closes: #605448) * xen: Add cpu hotplug support to prevent crash while parsing ACPI processor tables (Closes: #602109) [ Martin Michlmayr ] * Kirkwood: Add support for 6282 based QNAP devices. -- Ben Hutchings <email address hidden> Fri, 10 Dec 2010 05:45:11 +0000
-
linux-2.6 (2.6.32-28) unstable; urgency=high
[ maximilian attems ] * ipc: initialize structure memory to zero for shmctl. * drm/i915: set DIDL using the ACPI video output device _ADR method return. * images: Nuke modules.devname on removal. (closes: #590607) * Newer Standards-Version 3.9.1 without changes. * drm/ttm: Clear the ghost cpu_writers flag on ttm_buffer_object_transfer. * [openvz] Update upstream patch to 2.6.32-dzhanibekov. * [openvz] ubc: Fix orphan count checks after merge. [ Martin Michlmayr ] * Update udlfb to 2.6.37: - udlfb: minor cleanups - udlfb: fix coding style issues - udlfb: fbdev character read and write support - udlfb: add DPMS support - udlfb: remove metrics_misc sysfs attribute - udlfb: revamp reference handling to insure successful shutdown - udlfb: enhance EDID and mode handling support - udlfb: fix big endian rendering error - udlfb: support for writing backup EDID to sysfs file - udlfb: add module options for console and fb_defio - udlfb: fix incorrect fb_defio implementation for multiple framebuffers - udlfb: fix checkpatch and style [ Ben Hutchings ] * Update debconf template translations: - Update Japanese (Nobuhiro Iwamatsu) (Closes: #602152) - Update Catalan (Jordi Mallach) (Closes: #602520) - Add Italian (Luca Bruno) (Closes: #602945) * sunrpc: Fix NFS client over TCP hangs due to packet loss (Closes: #589945) * brcm80211: Update to 2.6.37-rc1 * [powerpc] ALSA: Fix headphone and line-out detection on PowerMac G4 DA (Closes: #603419) * [x86] snd-hda-codec-cirrus: Add quirks for IMac 27", MacBookPro 5,5 and 7,1 * [x86] btusb: Add device IDs for MacBookPro 6,2 and 7,1 (Closes: #603651) * [x86] applesmc: Add support for iMac 9,1 and MacBookPro 2,2, 5,3, 5,4, 6,* and 7,* * [x86] applesmc, bcm5974, btusb, HID, mbp_nvidia_bl, snd-hda-codec-cirrus: Add support for MacBookAir 3,1 and 3,2 (Closes: #603395) * [x86] mbp_nvidia_bl: Add support for MacBookPro 7,1 * x25: Fix remote denial-of-service vulnerabilities: - x25 accesses fields beyond end of packet - memory corruption in X.25 facilities parsing (CVE-2010-3873) - Prevent crashing when parsing bad X.25 facilities (CVE-2010-4164) * tcp: Increase TCP_MAXSEG socket option minimum (CVE-2010-4165) * rds: Fix integer overflow in RDS cmsg handling * af_802154,decnet,econet,rds,x25: Disable auto-loading as mitigation against local exploits. These protocol modules are not widely used and can be explicitly loaded or aliased on systems where they are wanted. * atl1c: Add support for Atheros AR8151 and AR8152 (Closes: #599771) * Add stable 2.6.32.26: - synclink_cs: Fix information leak to userland - bluetooth: Fix missing NULL check - [x86] KVM: VMX: Fix host GDT.LIMIT corruption - [x86] KVM: Fix fs/gs reload oops with invalid ldt (CVE-2010-3698) - gdth: Fix integer overflow in ioctl (CVE-2010-4157) * [x86] KVM: SVM: Fix wrong intercept masks for KVM_{GET,SET}_VCPU_EVENTS on 32 bit, thanks to Philipp Matthias Hahn (Closes: #599507) [ dann frazier ] * [vserver] Update patch to 2.6.32.25-vs2.3.0.36.29.6 * add qlcnic driver * econet: Avoid stack overflow w/ large msgiovlen (CVE-2010-3848) * econet: disallow NULL remote addr for sendmsg() (CVE-2010-3849) * econet: Add mising CAP_NET_ADMIN check in SIOCSIFADDR (CVE-2010-3850) -- Ben Hutchings <email address hidden> Thu, 25 Nov 2010 01:20:50 +0000
-
linux-2.6 (2.6.32-27) unstable; urgency=high
* The "We'll Always Have Paris" release
[ Ben Hutchings ]
* rndis_host: Restrict fix for #576929 to specific devices
(Closes: #589403, #600660)
* Add stable 2.6.32.25:
- rme9652: prevent reading uninitialized stack memory
(CVE-2010-4080, CVE-2010-4081)
- ocfs2: Don't walk off the end of fast symlinks
- ip: fix truesize mismatch in ip fragmentation
- net: clear heap allocations for privileged ethtool actions
- execve: setup_arg_pages: diagnose excessive argument size
- execve: improve interactivity with large arguments
- execve: make responsive to SIGKILL with large arguments
- rose: Fix signedness issues wrt. digi count. (CVE-2010-3310)
- ALSA: prevent heap corruption in snd_ctl_new() (CVE-2010-3442)
- setup_arg_pages: diagnose excessive argument size (CVE-2010-3858)
* btrfs: add a "df" ioctl for btrfs (Closes: #600190)
* Update debconf template translations:
- Add Catalan (Jordi Mallach) (Closes: #601146)
- Add Brazilian Portugese (Flamarion Jorge) (Closes: #601102)
- Update Vietnamese (Clytie Siddall) (Closes: #601534)
* phonet: device notifier only runs on initial namespace
(Really closes: #597904)
* net/socket: Limit sendto()/recvfrom() length (CVE-2010-1187)
[ Ian Campbell ]
* xen: import additional fixes for disabling netfront smartpoll mode
(Closes: #600992).
[ dann frazier ]
* e1000e: Reset 82577/82578 PHY before first PHY register read
(Closes: #601017)
[ Martin Michlmayr ]
* Kirkwood: reset PCIe unit on boot
* Kirkwood: restrict the scope of the PCIe reset workaround
[ maximilian attems ]
* Update abi files, readd Xen as ABI stable.
* 2.6.33.stable-queue: drm/radeon: fix PCI ID 5657 to be an RV410.
* Add drm changes from 2.6.32.24+drm33.11:
- i915: return -EFAULT if copy_to_user fails.
- drm/i915: Prevent double dpms on
- drm: Only decouple the old_fb from the crtc is we call mode_set*
- drm/i915: Unset cursor if out-of-bounds upon mode change (v4)
- drm/i915,agp/intel: Add second set of PCI-IDs for B43
* net: Limit socket I/O iovec total length to INT_MAX. (CVE-2010-1187)
* numa: fix slab_node(MPOL_BIND).
-- maximilian attems <email address hidden> Sat, 30 Oct 2010 12:24:37 +0200
-
linux-2.6 (2.6.32-26) unstable; urgency=high
[ Ian Campbell ]
* xen: fix PVHVM hang at boot when Xen does not support vector callbacks.
* xen: fix race between PV drivers and xenstore initialisation which caused
breakage in drivers for both regular PV and PVHVM guests.
[ maximilian attems ]
* [openvz] Enable ioprio. (closes: #596772)
Thanks Daniel Hahler <email address hidden>
[ Ben Hutchings ]
* [x86] radeon: Add quirks to make HP nx6125 and dv5000 laptops resume
(Closes: #583968)
* dm-crypt: Add 'plain64' IV; this avoids watermarking attacks that are
possible with 'plain' IV on devices larger than 2TB (Closes: #600384)
* [x86] ahci,ata_generic: let ata_generic handle new MBP w/ MCP89
(Closes: #600305)
* debian/.../patches.py: Open files as needed, rather than all at once
(Closes: #600423)
* [openvz] printk: Handle global log buffer reallocation (Closes: #600299)
* debian/bin/test-patches: Restrict patches to featureset when building
with a featureset (thanks to Tim Small)
* sata_via: Delay on vt6420 when starting ATAPI DMA write (Closes: #488566)
* r6040: Fix various bugs in r6040_multicast_list() (Closes: #600155)
[ dann frazier ]
* Force enable DMA on MBP w/ MCP 7,1
* RDS sockets: remove unsafe kmap_atomic optimization (CVE-2010-3904)
* v4l: disable dangerous buggy compat function (CVE-2010-2963)
-- dann frazier <email address hidden> Tue, 19 Oct 2010 07:50:55 -0600
-
linux-2.6 (2.6.32-25) unstable; urgency=high
[ Ben Hutchings ]
* mmc: build fix: mmc_pm_notify is only available with CONFIG_PM=y
* Add stable 2.6.32.24 (trivial fix, already applied)
* ipg: Remove device claimed by dl2k from pci id table (Closes: #599021)
* linux-image: Include modules.order in image packages (Closes: #598518)
* [x86] isdn/i4l: Reenable ISDN4Linux drivers, but mark them as staging
(Closes: #588551)
- hisax: Disable device aliases that conflict with mISDN
* Update Danish debconf template translation (Joe Hansen) (Closes: #599457)
* [x86] KVM: SVM: Fix wrong intercept masks on 32 bit (Closes: #599507)
* e1000: fix Tx hangs by disabling 64-bit DMA (Closes: #518182)
* rt2x00: Fix calculation of required TX headroom (Closes: #599395)
* Add drm changes from 2.6.32.22+drm33.10:
- i915: Don't touch PORT_HOTPLUG_EN in intel_dp_detect()
- i915: Kill dangerous pending-flip debugging
- radeon: release AGP bridge at suspend
- radeon: initialize set_surface_reg for rs600 asic
* [x86] toshiba_acpi: Add full hotkey support (Closes: #599768)
[ Stephen R. Marenka ]
* m68k: fix missing io macros.
* m68k: modular swim on mac.
* m68k: never build staging drivers on m68k.
* m68k: build in rtc class on atari.
[ Ian Campbell ]
* xen: do not truncate machine address on gnttab_copy_grant_page hypercall
(Closes: #599089)
[ dann frazier ]
* drm/i915: Sanity check pread/pwrite (CVE-2010-2962)
* drm/i915: Rephrase pwrite bounds checking to avoid any potential overflow
* GFS2: Fix writing to non-page aligned gfs2_quota structures (CVE-2010-1436)
* hvc_console: Fix race between hvc_close and hvc_remove (CVE-2010-2653)
* net sched: fix some kernel memory leaks (CVE-2010-2942)
* niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL (CVE-2010-3084)
* rose: Fix signedness issues wrt. digi count (CVE-2010-3310)
* Fix pktcdvd ioctl dev_minor range check (CVE-2010-3437)
* ALSA: prevent heap corruption in snd_ctl_new() (CVE-2010-3442)
* net sched: fix kernel leak in act_police (CVE-2010-3477)
* sctp: Fix out-of-bounds reading in sctp_asoc_get_hmac() (CVE-2010-3705)
-- dann frazier <email address hidden> Thu, 14 Oct 2010 01:08:05 -0600
-
linux-2.6 (2.6.32-23) unstable; urgency=low
[ Ben Hutchings ]
* cgroupfs: create /sys/fs/cgroup to mount cgroupfs on (Closes: #595964)
* r8169: Fix MDIO timing (Closes: #583139; mistakenly reverted in 2.6.32-19)
* gro: Fix bogus gso_size on the first fraglist entry (Closes: #596802)
* vgaarb: Fix VGA arbiter to accept PCI domains other than 0 (from stable
2.6.32.12; mistakenly omitted in 2.6.32-12)
[ maximilian attems ]
* openvz: cfq-iosched: do not force idling for sync workload.
[ Stephen R. Marenka ]
* m68k: switch to generic siginfo layout.
* m68k: NPTL support.
[ dann frazier ]
* compat: Make compat_alloc_user_space() incorporate the access_ok()
(CVE-2010-3081)
* x86-64, compat (CVE-2010-3301):
- Retruncate rax after ia32 syscall entry tracing
- Test %rax for the syscall number, not %eax
* wireless extensions: fix kernel heap content leak (CVE-2010-2955)
* KEYS (CVE-2010-2960):
- Fix RCU no-lock warning in keyctl_session_to_parent()
- Fix bug in keyctl_session_to_parent() if parent has no session keyring
-- dann frazier <email address hidden> Fri, 17 Sep 2010 15:27:04 -0600
-
linux-2.6 (2.6.32-21) unstable; urgency=high
[ Ben Hutchings ]
* Add stable 2.6.32.19:
- ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files
(CVE-2010-2066)
- mm: keep a guard page below a grow-down stack segment (CVE-2010-2240)
(not applied to xen featureset)
- md/raid10: fix deadlock with unaligned read during resync
(Closes: #591415)
- Revert "sched, cputime: Introduce thread_group_times()" which would
result in an ABI change
* Add stable 2.6.32.20:
- Fix regressions introduced by original fix for CVE-2010-2240
* Add drm and other relevant changes from stable 2.6.34.4
* Add 'breaks' relation from image packages to boot loader packages that
do not install required hooks (Closes: #593683)
* [x86] i915: Blacklist i830, i845, i855 for KMS
(Closes: #568207, #582105, #593432, #593507)
[ Bastian Blank ]
* Update Xen patch.
- Notify Xen on crash.
- Several blktap fixes.
[ Ritesh Raj Sarraf ]
* Add .gnu_debuglink information into kernel modules (Closes: #555549)
[ Ian Campbell ]
* [x86/xen] temporarily remove stack guard page, it breaks the xen
toolstack.
[ Aurelien Jarno ]
* [mips,mipsel] Fix 64-bit atomics.
-- Ben Hutchings <email address hidden> Wed, 25 Aug 2010 01:06:18 +0100
-
linux-2.6 (2.6.32-20) unstable; urgency=low
[ Moritz Muehlenhoff ]
* Backport XVR1000 driver (Closes: #574243)
[ Ben Hutchings ]
* Add stable 2.6.32.18:
- CIFS: Fix compile error with __init in cifs_init_dns_resolver()
definition (FTBFS for most architectures)
- GFS2: rename causes kernel Oops (CVE-2010-2798)
- xfs: prevent swapext from operating on write-only files
(CVE-2010-2226)
* Update debconf template translations:
- Swedish (Martin Bagge) (Closes: #592045)
- German (Holger Wansing) (Closes: #592226)
* [i386/openvz-686] Remove AMD Geode LX and VIA C3 "Nehemiah" from the
list of supported processors; they do not implement PAE
* V4L/DVB: Add Elgato EyeTV Diversity to dibcom driver (Closes: #591710)
* [s390] dasd: use correct label location for diag fba disks
(Closes: #582281)
* Add drm changes from stable 2.6.34.2 (thanks to Stefan Bader) and
2.6.34.3
* drm/i915: disable FBC when more than one pipe is active
(Closes: #589077)
* IB/ipath: Fix probe failure path (Closes: #579393)
* ext4: fix freeze deadlock under IO (regression introduced in 2.6.32.17)
* xen: Completely disable use of XSAVE (Closes: #592428)
[ Martin Michlmayr ]
* [armel/orion5x] Add a missing #include to fix a build issue.
* [armel/kirkwood, armel/orion5x] Build-in support for more devices.
[ dann frazier ]
* can: add limit for nframes and clean up signed/unsigned variables
-- Ben Hutchings <email address hidden> Thu, 12 Aug 2010 03:26:39 +0100
-
linux-2.6 (2.6.32-18) unstable; urgency=low
[ Ben Hutchings ]
* iwlwifi: Allocate pages for RX buffers, reducing the probability of
allocation failure (Closes: #580124)
* postinst: Remove support for 'default' boot loaders. Warn users on
upgrade if the current configuration may rely on this.
* rt2860sta, rt2870sta: Apply changes from Linux 2.6.33 and 2.6.34
- rt2860sta: Fix WPA(2)PSK issue when group cipher of AP is WEP40
or WEP104 (Closes: #574766)
* rt3090sta: Replace with rt2860sta (Closes: #588863)
* [i386/686] Remove AMD K6 from the list of supported processors; it
does not implement the CMOV instruction
* drm/i915: Add 'reclaimable' to i915 self-reclaimable page allocations
(really closes: #534422, we hope)
* Revert "x86, paravirt: Add a global synchronization point for pvclock",
included in stable 2.6.32.16 (Closes: #588426)
* 3c59x: Fix call to mdio_sync() with the wrong argument (Closes: #589989)
[ Martin Michlmayr ]
* Add some patches from the Orion tree, including support for Marvell's
Armada 300 (88F6282):
- Kirkwood: update MPP definition.
- Kirkwood: fix HP t5325 after updating MPP definitions
- leds: leds-gpio: Change blink_set callback to be able to turn off
blinking
- net/phy/marvell: Expose IDs and flags in a .h and add dns323 LEDs
setup flag
- orion5x: Base support for DNS-323 rev C1
- orion5x: Fix soft-reset for some platforms
- mtd: orion/kirkwood: add RnB line support to orion mtd driver
- mtd: kirkwood: allow machines to register RnB callback
- Kirkwood: add support for rev A1 of the 88f6192 and 88f6180 chips
- Kirkwood: Add support for 88f6282
- PCI: add platform private data to pci_sys_data
- Kirkwood: add support for PCIe1
- Kirkwood: more factorization of the PCIe init code
[ maximilian attems ]
* sched: Fix over-scheduling bug.
-- Ben Hutchings <email address hidden> Fri, 23 Jul 2010 03:48:08 +0100
-
linux-2.6 (2.6.32-15) unstable; urgency=low
[ Ben Hutchings ]
* [hppa] Ignore ABI change caused by disabling CONFIG_IDE_TIMINGS
* [powerpc] Fix unnecessary ABI change
[ Bastian Blank ]
* xen: Fix crash in netback.
-- Ben Hutchings <email address hidden> Tue, 01 Jun 2010 01:31:05 +0100
-
linux-2.6 (2.6.32-9) unstable; urgency=high
[ Ben Hutchings ]
* Do not build obsolete lgs8gl5 driver
* [x86] Enable USB IP drivers (Closes: #568903)
* Ignore failure of lsusb when gathering information for bug reports
(Closes: #569725)
* macvlan: Add bridge, VEPA and private modes (Closes: #568756)
* [sparc] sunxvr500: Support Intergraph graphics chips again
(Closes: #508108)
* sfc: Apply fixes from 2.6.33
* ath9k: Add support for AR2427
* fs/exec.c: fix initial stack reservation (regression in 2.6.32.9)
[ maximilian attems]
* Postinst don't refercence k-p related manpage. (closes: #542208)
* Postinst only write kernel-img.conf for palo boxes.
* Enable VT_HW_CONSOLE_BINDING for unbinding efifb. (closes: #569314)
* hwmon: Add driver for VIA CPU core temperature.
* wireless: report reasonable bitrate for MCS rates through wext.
* efifb: fix framebuffer handoff. (bugzilla.k.o #15151)
* Add stable 2.6.32.9:
- drm/i915: Fix DDC on some systems by clearing BIOS GMBUS setup.
(closes: #567747)
- futex: Handle futex value corruption gracefully. (CVE-2010-0623)
- futex_lock_pi() key refcnt fix. (CVE-2010-0623)
- Staging: fix rtl8187se compilation errors with mac80211.
(closes: #566726)
* r8169 patch for rx length check errors. (CVE-2009-4537)
* vgaarb: fix incorrect dereference of userspace pointer.
* Bump ABI to 3.
* drm/i915: give up on 8xx lid status.
* vgaarb: fix "target=default" passing.
* drm/radeon: block ability for userspace app to trash 0 page and beyond.
(closes: #550562)
[ Bastian Blank ]
* Restrict access to sensitive SysRq keys by default.
* debian/rules.real: Install arch specific scripts.
[ Moritz Muehlenhoff ]
* Set source format to 1.0
[ Martin Michlmayr ]
* [armel/iop32x] Enable ARCH_IQ80321 and ARCH_IQ31244 (Thanks Arnaud
Patard).
* [armel/kirkwood] Disable MTD_NAND_VERIFY_WRITE to avoid errors
with ubifs on OpenRD (Thanks Gert Doering) (Closes: #570407)
* OpenRD-Base: allow SD/UART1 selection (Closes: #571019)
* D-Link DNS-323 revision A1: implement power LED (Closes: 503172).
-- maximilian attems <email address hidden> Wed, 24 Feb 2010 17:06:27 +0100
-
linux-2.6 (2.6.32-5) unstable; urgency=low
[ Ben Hutchings ]
* sfc: Apply fixes from 2.6.33-rc3
* ath5k: Fix eeprom checksum check for custom sized eeproms
(Closes: #563136)
[ maximilian attems ]
* topconfig unset USB_ISP1362_HCD FTBFS on armel and useless.
(closes: #564156)
* topconfig set PATA_ATP867X, PATA_RDC, SND_CS5535AUDIO, PM_RUNTIME,
ATA_VERBOSE_ERROR, RTC_DRV_WM831X, RTC_DRV_PCF2123, RTC_DRV_AB3100,
SND_HDA_PATCH_LOADER, DEVTMPFS (closes: #560040).
* [x86] set RTL8192E, TOPSTAR_LAPTOP, I2C_SCMI.
* Explicitly disable diverse staging drivers.
-- Ben Hutchings <email address hidden> Sun, 10 Jan 2010 03:22:23 +0000
-
linux-2.6 (2.6.30-8) unstable; urgency=low
[ Martin Michlmayr ]
* Disable SYS_HAS_EARLY_PRINTK on SGI IP22 to work around a hang
during bootup (Closes: #507557)
* module: workaround duplicate section names to fix a panic on
boot on hppa (Closes: #545229).
* Add stable release 2.6.30.8.
* [armel/kirkwood] Add Marvell OpenRD-Client support (Dhaval Vasa).
Thanks Stefan Kaltenbrunner.
-- Bastian Blank <email address hidden> Fri, 25 Sep 2009 23:47:56 +0200
-
linux-2.6 (2.6.30-6) unstable; urgency=high
[ Bastian Blank ]
* Set default low address space protection to default value.
[ dann frazier ]
* Make sock_sendpage() use kernel_sendpage() (CVE-2009-2692)
* flat: fix uninitialized ptr with shared libs
* [parisc] isa-eeprom - Fix loff_t usage
* do_sigaltstack: avoid copying 'stack_t' as a structure to user space
* posix-timers: Fix oops in clock_nanosleep() with CLOCK_MONOTONIC_RAW
-- Bastian Blank <email address hidden> Sat, 15 Aug 2009 15:50:02 +0200
-
linux-2.6 (2.6.30-5) unstable; urgency=high
[ maximilian attems ]
* Add stable release 2.6.30.4.
- cifs: fix regression with O_EXCL creates and optimize away lookup
(closes: #536426)
- ecryptfs: check tag 11 literal data buffer size (CVE-2009-2406)
- ecryptfs: check tag 3 package encrypted size (CVE-2009-2407)
* Ignore nf_conntrack ABI change.
* Revert to keep ABI:
- block: fix sg SG_DXFER_TO_FROM_DEV regression.
- sched_rt: Fix overload bug on rt group scheduling.
* [hppa]: Ignore any ABI (broke on 2.6.30.2).
-- maximilian attems <email address hidden> Mon, 03 Aug 2009 12:08:56 +0200
-
linux-2.6 (2.6.26-17) stable; urgency=high
* Revert "sata_nv: avoid link reset on controllers where it's broken"
due to regression. (closes: #533657)
-- dann frazier <email address hidden> Fri, 19 Jun 2009 23:03:53 -0600
-
linux-2.6 (2.6.26-15) stable; urgency=high
* Switch out mips/llseek regression fix for the less invasive one
that is more likely to be accepted upstream.
-- dann frazier <email address hidden> Wed, 25 Mar 2009 16:48:44 -0600
-
linux-2.6 (2.6.26-13) unstable; urgency=high
[ dann frazier ]
* [hppa] disable UP-optimized flush_tlb_mm, fixing thread-related
hangs. (closes: #478717)
* cciss: Add PCI ids for P711m and p712m
* Fix buffer underflow in the ib700wdt watchdog driver (CVE-2008-5702)
* [sparc] Enable CONFIG_FB_XVR500, CONFIG_FB_XVR2500 (Closes: #508108)
* [ia64] Add RTC class driver for EFI
* [hppa] Fix system crash while unwinding a userspace process
(CVE-2008-5395)
* Set a minimum timeout for SG_IO requests (CVE-2008-5700)
[ Bastian Blank ]
* Fix multicast in atl1e driver. (closes: #509097)
[ Moritz Muehlenhoff ]
* Fix speaker output on Toshiba P105 notebooks. (closes: #488063)
* uvc: Fix incomplete frame drop when switching to a variable
size format (closes: #508661)
* Allow booting Mach images in KVM (Closes: #498940)
* Add workaround for USB storage on Rockchip MP3 player (Closes: #505256)
* Enable w9968cf driver on all i386 images (Closes: #495698)
* Register DualPoint model found in Dell Latitude E6500 (Closes: #507958)
* Disable link tuning in rt2500usb driver. (Closes: #510607)
* Fix regressions in eata driver (Closes: #506835)
* Skip incompatible fbdev logos (Closes: #508173)
* Fix error path in PCI probing of Cyclades driver (Closes: #429011)
[ Martin Michlmayr ]
* V4L/DVB: Fix initialization of URB list (Thomas Reitmayr) to address
the oops reported at http://forum.qnap.com/viewtopic.php?f=147&t=10572
* Add some patches from the Linux/MIPS linux-2.6.26-stable tree:
- Fix potential DOS by untrusted user app (CVE-2008-5701)
- o32: Fix number of arguments to splice(2).
- 64-bit: vmsplice needs to use the compat wrapper for o32 and N32.
- Return ENOSYS from sys32_syscall on 64bit kernels like elsewhere.
- Use EI/DI for MIPS R2.
- MIPS64R2: Fix buggy __arch_swab64
- Add missing calls to plat_unmap_dma_mem.
- Only write c0_framemask on CPUs which have this register.
-- Bastian Blank <email address hidden> Sat, 10 Jan 2009 13:35:41 +0100