Package: src:linux-2.6
Version: 2.6.32-39
Severity: important
[Actually based on 2.6.32.47-rc1, with the 1 definitely incorrect change
removed.]
USB: ftdi_sio: add Calao reference board support
USB: ftdi_sio: add PID for Sony Ericsson Urban
USB: ftdi_sio: Support TI/Luminary Micro Stellaris BD-ICDI Board
Hardware support.
USB: EHCI: Do not rely on PORT_SUSPEND to stop USB resuming in ehci_bus_resume().
Looks like it fixes suspend/resume for USB devices attached to some
systems.
rt2x00: do not drop usb dev reference counter on suspend
Fixes potential crash on resume with rt2x00 USB devices.
atm: br2684: Fix oops due to skb->dev being NULL
This neglected driver is still broken...
sparc: Allow handling signals when stack is corrupted.
It sounds like a user task on sparc that somehow corrupts its stack
pointer cannot be debugged because any signal will kill the process
immediately. The code change is large and looks like it would cause an
ABI change, so I am minded to revert it.
sparc: fix array bounds error setting up PCIC NMI trap
Trivial fix for compiler warning; should have no effect.
Fix broken backport for IPv6 tunnels
Fixes regression in ip6_tunnel in 2.6.32.44. We already avoided that
regression
(bugfix/all/tunnels-fix-netns-vs-proto-registration-ordering-regression-fix.patch)
though we missed a failure path which this change also fixes.
net: Fix IPv6 GSO type checks in Intel ethernet drivers
ipv6: Add GSO support on forwarding path
Already applied in 2.6.32-39.
Revert "x86, hotplug: Use mwait to offline a processor, fix the legacy case"
Already applied in 2.6.32-36.
GRO: fix merging a paged skb after non-paged skbs
Fixes TCP receive failure when using the sfc driver.
xen-blkfront: fix data size for xenbus_gather in blkfront_connect
Appears to fix a protocol error that results in incorrect configuration
for block devices in a 64-bit Xen domU.
md/linear: avoid corrupting structure while waiting for rcu_free to complete.
Appears to fix a potential crash or data corruption during
reconfiguration of an md-linear device.
powerpc/mpic: Fix problem that affinity is not updated
Fixes IRQ affinity setting on powerpc. This regressed in Linux 2.6.31;
it was effectively deferred until the next attempt to change affinity.
powerpc/pci: Check devices status property when scanning OF tree
Fixes PCI enumeration to skip devices that are disabled(?) by the
firmware and therefore not accessible. If such a device is treated as
present, this will result in errors. I suspect that the errors would be
harmless but would result in a lot of noise in the kernel log.
xen: x86_32: do not enable iterrupts when returning from exception in interrupt context
Fixes potential deadlock or (less likely) crash or data corruption on
32-bit Xen domU.
xen/smp: Warn user why they keel over - nosmp or noapic and what to use instead.
Fixes #637308.
ARM: davinci: da850 EVM: read mac address from SPI flash
No effect; we don't support this platform.
md: Fix handling for devices from 2TB to 4TB in 0.90 metadata.
Fixes regression in support for old md (software RAID) arrays in this
size range. I'm not sure whether this could cause data corruption or
whether the device would fail to start.
net/9p: fix client code to fail more gracefully on protocol error
Fixes crash on protocol error, i.e. remote denial-of-service.
fs/9p: Fid is not valid after a failed clunk.
Not sure what this fixes but I would suspect another remote DoS.
net/9p: Fix the msize calculation.
I can't see how this is a serious bug, but it seems reasonable.
irda: fix smsc-ircc2 section mismatch warning
I think this fixes a potential crash if the driver is built-in.
[SCSI] qla2xxx: Correct inadvertent loop state transitions during port-update handling.
Appears to fix some sort of random driver hang.
e1000: Fix driver to be used on PA RISC C8000 workstations
Hardware support.
ASoC: Fix reporting of partial jack updates
ASoC: wm8940: Properly set codec->dapm.bias_level
ASoC: ak4642: fixup cache register table
ASoC: ak4535: fixup cache register table
No effect; ASoC is not enabled in any supported configuration.
ALSA: HDA: Cirrus - fix "Surround Speaker" volume control name
Cosmetic but safe.
cifs: fix possible memory corruption in CIFSFindNext
CVE-2011-3191, already fixed in 2.6.32-35squeeze1.
b43: Fix beacon problem in ad-hoc mode
Sounds like ad-hoc mode is just broken in this driver. Simple fix.
wireless: Reset beacon_found while updating regulatory
This fixes a failure to follow the correct wireless regulations. I
think it would mostly affect people travelling without restarting the
system.
USB: PL2303: correctly handle baudrates above 115200
Hardware support, I suppose.
ASIX: Add AX88772B USB ID
Hardware support.
hvc_console: Improve tty/console put_chars handling
Fixes lost console output on powerpc pSeries systems.
TPM: Call tpm_transmit with correct size
Fixes CVE-2011-1161; I don't know what the impact of that is.
TPM: Zero buffer after copying to userspace
Fixes CVE-2011-1162; possible information leak (but only in combination
with other bugs).
libiscsi_tcp: fix LLD data allocation
Looks like this fixes a potential use of freed memory, i.e. data
corruption.
cnic: Improve NETDEV_UP event handling
Fixes unreliable probing of these iSCSI devices (hardware support?).
ALSA: hda/realtek - Avoid bogus HP-pin assignment
Not sure what the impact is, but I think that speaker output can be
wrongly muted.
[SCSI] 3w-9xxx: fix iommu_iova leak
Fixes resource leak in an error case in this driver.
[SCSI] aacraid: reset should disable MSI interrupt
Fixes interrupt control for this SCSI controller when it is reset.
Leaving the interrupt enabled is definitely incorrect (provokes a
WARNING) and might lead to a crash.
[SCSI] libsas: fix failure to revalidate domain for anything but the first expander child.
This appears to fix a bug in device discovery for external SAS devices
that change state, which I think includes hotplug. So, hardware
support.
cfg80211: Fix validation of AKM suites
Fixes stack buffer overflow exploitable with CAP_NET_ADMIN.
splice: direct_splice_actor() should not use pos in sd
Fixes data loss for some uses of splice (bug #641419). We applied this
in 2.6.32-37.
[SCSI] libsas: fix panic when single phy is disabled on a wide port
Fixes crash in an odd removal case.
ahci: Enable SB600 64bit DMA on Asus M3A
Disk I/O performance improvement for this system. Has no effect on
anything else.
HID: usbhid: Add support for SiGma Micro chip
Hardware support.
hwmon: (w83627ehf) Properly report thermal diode sensors
Seems like a minor bug in temperature reporting. But looks safe,
anyway.
x25: Prevent skb overreads when checking call user data
Could theoretically cause a crash (remote DoS), but is almost certain to
be harmless in practice. I don't think anyone is using x25 any more
though.
block: check for proper length of iov entries earlier in blk_rq_map_user_iov()
Attempts to fix a check for invalid SCSI-generic requests (SG_IO), but
doesn't (so far as I can see). Probably has some security impact.
staging: quatech_usb2: Potential lost wakeup scenario in TIOCMIWAIT
Fixes race condition leading to (interruptible) hang in task using this
serial device.
USB: qcserial: add device ID for "HP un2430 Mobile Broadband Module"
Hardware support.
xhci-mem.c: Check for ring->first_seg != NULL
Fixes memory leak in some error cases.
[SCSI] ipr: Always initiate hard reset in kdump kernel
Fixes long delay in kdump when using these devices.
[SCSI] libsas: set sas_address and device type of rphy
Fixes some identifying information visible in sysfs.
ALSA: HDA: Add new revision for ALC662
Hardware support.
x86: Fix compilation bug in kprobes twobyte_is_boostable
Works around gcc bug that generates bad code (actually bad constant
data) for part of kprobes. Doesn't appear to affect gcc-4.3 as used for
the official binary packages.
epoll: fix spurious lockdep warnings
Should have no effect on the official binary packages. Probably useful
for people doing debugging with custom builds with lockdep enabled.
usbmon vs. tcpdump: fix dropped packet count
Fixes non-serious data loss (dropped packets should be expected, silent
drops should not).
USB: storage: Use normalized sense when emulating autosense
Sorry, no idea.
USB: pid_ns: ensure pid is not freed during kill_pid_info_as_uid
Fixes use-after-free.
usb: cdc-acm: Owen SI-30 support
Hardware support.
USB: add RESET_RESUME for webcams shown to be quirky
Workaround for buggy webcams that tend to fail after suspend/resume.
USB: pl2303: add id for SMART device
Hardware support.
QE/FHCI: fixed the CONTROL bug
No effect; FHCI is not enabled in any supported configuration.
Update email address for stable patch submission
Administrivia.
kobj_uevent: Ignore if some listeners cannot handle message
Fixes spurious failure of device changes, e.g. lvm may fail if Chromium
is running (#641661).
kmod: prevent kmod_loop_msg overflow in __request_module()
Fixes excessive logging in case module loading recurses.
time: Change jiffies_to_clock_t() argument type to unsigned long
Fixes some incorrect time calculations, though it's not clear what the
real impact of this is.
nfsd4: Remove check for a 32-bit cookie in nfsd4_readdir()
Removes incorrect check that could prevent use of some NFSv4 servers.
nfsd4: ignore WANT bits in open downgrade
Fixes potential crash in NFSv4 server (remote DoS).
KVM: s390: check cpu_id prior to using it
Fixes user-controlled out-of-bounds memory write on s390. It appears
that any user in the kvm group could use this for code injection.
[S390] ccwgroup: move attributes to attribute group
Fixes unreliable identification of these devices in sysfs.
iommu/amd: Fix wrong shift direction
Don't know what the impact of this is.
carminefb: Fix module parameters permissions
Some parameters were incorrectly made writable (but only to root). This
could presumably lead to a crash or data corruption if they were
changed.
[media] uvcvideo: Set alternate setting 0 on resume if the bus has been reset
Workaround for some cameras that expect a particular request after
reset.
[media] tuner_xc2028: Allow selection of the frequency adjustment code for XC3028
Fixes support for some DVB tuner devices.
plat-mxc: iomux-v3.h: implicitly enable pull-up/down when thats desired
No effect; this platform is not supported.
um: fix ubd cow size
Fixes support for copy-on-write disk images in User Mode Linux (so not
relevant for linux-2.6 itself).
cfq: calculate the seek_mean per cfq_queue not per cfq_io_context
cfq: merge cooperating cfq_queues
cfq: change the meaning of the cfqq_coop flag
cfq: break apart merged cfqqs if they stop cooperating
cfq-iosched: get rid of the coop_preempt flag
cfq: Dont allow queue merges for queues that have no process references
These are supposed to fix very poor disk throughput for some workloads,
particularly NFS servers.
KVM: x86: Reset tsc_timestamp on TSC writes
Fixes severe performance regression for KVM guests (the bug is in the
host but only affects the guests). Regression was introduced in
2.6.32.40 (Debian version 2.6.32-35).
genirq: Add IRQF_RESUME_EARLY and resume such IRQs earlier
Fixes #644604, a regression which caused Xen domU to hang after
suspend/resume (including migration). We already fixed this by
reverting the change that introduced the regression, but this should be
better.
Revert "usb: musb: restore INDEX register in resume path"
No effect; we don't support any platform with MUSB.
Revert "MIPS: MTX-1: Make au1000_eth probe all PHY
No effect; we don't support this platform.
watchdog: mtx1-wdt: fix build failure
No effect; we don't support this platform.
kcore: fix test for end of list
It looks like reading from an invalid offset in /proc/kcore can crash
the kernel. Shouldn't be a security issue as only root should be able
to read it.
thinkpad-acpi: module autoloading for newer Lenovo ThinkPads.
Hardware support.
scm: lower SCM_MAX_FD
Already applied this in 2.6.32-30.
deal with races in /proc/*/{syscall,stack,personality}
NLM: Dont hang forever on NLM unlock requests
Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
vm: fix vm_pgoff wrap in stack expansion
vm: fix vm_pgoff wrap in upward expansion
Bluetooth: Prevent buffer overflow in l2cap config request
nl80211: fix overflow in ssid_len
net_sched: Fix qdisc_notify()
Various security fixes, already applied in 2.6.32-35squeeze1.
Ben.
--
Ben Hutchings
Sturgeon's Law: Ninety percent of everything is crap.
Attachment:
signature.asc
Description: This is a digitally signed message part