[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#647624: marked as done (Changes from longterm

Your message dated Tue, 17 Jan 2012 18:17:09 +0000
with message-id <E1RnDan-0004Fd-9K@franck.debian.org>
and subject line Bug#647624: fixed in user-mode-linux 2.6.32-1um-4+41
has caused the Debian Bug report #647624,
regarding Changes from longterm
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

647624: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647624
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: src:linux-2.6
Version: 2.6.32-39
Severity: important

[Actually based on, with the 1 definitely incorrect change

USB: ftdi_sio: add Calao reference board support
USB: ftdi_sio: add PID for Sony Ericsson Urban
USB: ftdi_sio: Support TI/Luminary Micro Stellaris BD-ICDI Board

Hardware support.

USB: EHCI: Do not rely on PORT_SUSPEND to stop USB resuming in ehci_bus_resume().

Looks like it fixes suspend/resume for USB devices attached to some

rt2x00: do not drop usb dev reference counter on suspend

Fixes potential crash on resume with rt2x00 USB devices.

atm: br2684: Fix oops due to skb->dev being NULL

This neglected driver is still broken...

sparc: Allow handling signals when stack is corrupted.

It sounds like a user task on sparc that somehow corrupts its stack
pointer cannot be debugged because any signal will kill the process
immediately.  The code change is large and looks like it would cause an
ABI change, so I am minded to revert it.

sparc: fix array bounds error setting up PCIC NMI trap

Trivial fix for compiler warning; should have no effect.

Fix broken backport for IPv6 tunnels

Fixes regression in ip6_tunnel in  We already avoided that
though we missed a failure path which this change also fixes.

net: Fix IPv6 GSO type checks in Intel ethernet drivers
ipv6: Add GSO support on forwarding path

Already applied in 2.6.32-39.

Revert "x86, hotplug: Use mwait to offline a processor, fix the legacy case"

Already applied in 2.6.32-36.

GRO: fix merging a paged skb after non-paged skbs

Fixes TCP receive failure when using the sfc driver.

xen-blkfront: fix data size for xenbus_gather in blkfront_connect

Appears to fix a protocol error that results in incorrect configuration
for block devices in a 64-bit Xen domU.

md/linear: avoid corrupting structure while waiting for rcu_free to complete.

Appears to fix a potential crash or data corruption during
reconfiguration of an md-linear device.

powerpc/mpic: Fix problem that affinity is not updated

Fixes IRQ affinity setting on powerpc.  This regressed in Linux 2.6.31;
it was effectively deferred until the next attempt to change affinity.

powerpc/pci: Check devices status property when scanning OF tree

Fixes PCI enumeration to skip devices that are disabled(?) by the
firmware and therefore not accessible.  If such a device is treated as
present, this will result in errors.  I suspect that the errors would be
harmless but would result in a lot of noise in the kernel log.

xen: x86_32: do not enable iterrupts when returning from exception in interrupt context

Fixes potential deadlock or (less likely) crash or data corruption on
32-bit Xen domU.

xen/smp: Warn user why they keel over - nosmp or noapic and what to use instead.

Fixes #637308.

ARM: davinci: da850 EVM: read mac address from SPI flash

No effect; we don't support this platform.

md: Fix handling for devices from 2TB to 4TB in 0.90 metadata.

Fixes regression in support for old md (software RAID) arrays in this
size range.  I'm not sure whether this could cause data corruption or
whether the device would fail to start.

net/9p: fix client code to fail more gracefully on protocol error

Fixes crash on protocol error, i.e. remote denial-of-service.

fs/9p: Fid is not valid after a failed clunk.

Not sure what this fixes but I would suspect another remote DoS.

net/9p: Fix the msize calculation.

I can't see how this is a serious bug, but it seems reasonable.

irda: fix smsc-ircc2 section mismatch warning

I think this fixes a potential crash if the driver is built-in.

[SCSI] qla2xxx: Correct inadvertent loop state transitions during port-update handling.

Appears to fix some sort of random driver hang.

e1000: Fix driver to be used on PA RISC C8000 workstations

Hardware support.

ASoC: Fix reporting of partial jack updates
ASoC: wm8940: Properly set codec->dapm.bias_level
ASoC: ak4642: fixup cache register table
ASoC: ak4535: fixup cache register table

No effect; ASoC is not enabled in any supported configuration.

ALSA: HDA: Cirrus - fix "Surround Speaker" volume control name

Cosmetic but safe.

cifs: fix possible memory corruption in CIFSFindNext

CVE-2011-3191, already fixed in 2.6.32-35squeeze1.

b43: Fix beacon problem in ad-hoc mode

Sounds like ad-hoc mode is just broken in this driver.  Simple fix.

wireless: Reset beacon_found while updating regulatory

This fixes a failure to follow the correct wireless regulations.  I
think it would mostly affect people travelling without restarting the

USB: PL2303: correctly handle baudrates above 115200

Hardware support, I suppose.


Hardware support.

hvc_console: Improve tty/console put_chars handling

Fixes lost console output on powerpc pSeries systems.

TPM: Call tpm_transmit with correct size

Fixes CVE-2011-1161; I don't know what the impact of that is.

TPM: Zero buffer after copying to userspace

Fixes CVE-2011-1162; possible information leak (but only in combination
with other bugs).

libiscsi_tcp: fix LLD data allocation

Looks like this fixes a potential use of freed memory, i.e. data

cnic: Improve NETDEV_UP event handling

Fixes unreliable probing of these iSCSI devices (hardware support?).

ALSA: hda/realtek - Avoid bogus HP-pin assignment

Not sure what the impact is, but I think that speaker output can be
wrongly muted.

[SCSI] 3w-9xxx: fix iommu_iova leak

Fixes resource leak in an error case in this driver.

[SCSI] aacraid: reset should disable MSI interrupt

Fixes interrupt control for this SCSI controller when it is reset.
Leaving the interrupt enabled is definitely incorrect (provokes a
WARNING) and might lead to a crash.

[SCSI] libsas: fix failure to revalidate domain for anything but the first expander child.

This appears to fix a bug in device discovery for external SAS devices
that change state, which I think includes hotplug.  So, hardware

cfg80211: Fix validation of AKM suites

Fixes stack buffer overflow exploitable with CAP_NET_ADMIN.

splice: direct_splice_actor() should not use pos in sd

Fixes data loss for some uses of splice (bug #641419).  We applied this
in 2.6.32-37.

[SCSI] libsas: fix panic when single phy is disabled on a wide port

Fixes crash in an odd removal case.

ahci: Enable SB600 64bit DMA on Asus M3A

Disk I/O performance improvement for this system.  Has no effect on
anything else.

HID: usbhid: Add support for SiGma Micro chip

Hardware support.

hwmon: (w83627ehf) Properly report thermal diode sensors

Seems like a minor bug in temperature reporting.  But looks safe,

x25: Prevent skb overreads when checking call user data

Could theoretically cause a crash (remote DoS), but is almost certain to
be harmless in practice.  I don't think anyone is using x25 any more

block: check for proper length of iov entries earlier in blk_rq_map_user_iov()

Attempts to fix a check for invalid SCSI-generic requests (SG_IO), but
doesn't (so far as I can see).  Probably has some security impact.

staging: quatech_usb2: Potential lost wakeup scenario in TIOCMIWAIT

Fixes race condition leading to (interruptible) hang in task using this
serial device.

USB: qcserial: add device ID for "HP un2430 Mobile Broadband Module"

Hardware support.

xhci-mem.c: Check for ring->first_seg != NULL

Fixes memory leak in some error cases.

[SCSI] ipr: Always initiate hard reset in kdump kernel

Fixes long delay in kdump when using these devices.

[SCSI] libsas: set sas_address and device type of rphy

Fixes some identifying information visible in sysfs.

ALSA: HDA: Add new revision for ALC662

Hardware support.

x86: Fix compilation bug in kprobes twobyte_is_boostable

Works around gcc bug that generates bad code (actually bad constant
data) for part of kprobes.  Doesn't appear to affect gcc-4.3 as used for
the official binary packages.

epoll: fix spurious lockdep warnings

Should have no effect on the official binary packages.  Probably useful
for people doing debugging with custom builds with lockdep enabled.

usbmon vs. tcpdump: fix dropped packet count

Fixes non-serious data loss (dropped packets should be expected, silent
drops should not).

USB: storage: Use normalized sense when emulating autosense

Sorry, no idea.

USB: pid_ns: ensure pid is not freed during kill_pid_info_as_uid

Fixes use-after-free.

usb: cdc-acm: Owen SI-30 support

Hardware support.

USB: add RESET_RESUME for webcams shown to be quirky

Workaround for buggy webcams that tend to fail after suspend/resume.

USB: pl2303: add id for SMART device

Hardware support.

QE/FHCI: fixed the CONTROL bug

No effect; FHCI is not enabled in any supported configuration.

Update email address for stable patch submission


kobj_uevent: Ignore if some listeners cannot handle message

Fixes spurious failure of device changes, e.g. lvm may fail if Chromium
is running (#641661).

kmod: prevent kmod_loop_msg overflow in __request_module()

Fixes excessive logging in case module loading recurses.

time: Change jiffies_to_clock_t() argument type to unsigned long

Fixes some incorrect time calculations, though it's not clear what the
real impact of this is.

nfsd4: Remove check for a 32-bit cookie in nfsd4_readdir()

Removes incorrect check that could prevent use of some NFSv4 servers.

nfsd4: ignore WANT bits in open downgrade

Fixes potential crash in NFSv4 server (remote DoS).

KVM: s390: check cpu_id prior to using it

Fixes user-controlled out-of-bounds memory write on s390.  It appears
that any user in the kvm group could use this for code injection.

[S390] ccwgroup: move attributes to attribute group

Fixes unreliable identification of these devices in sysfs.

iommu/amd: Fix wrong shift direction

Don't know what the impact of this is.

carminefb: Fix module parameters permissions

Some parameters were incorrectly made writable (but only to root).  This
could presumably lead to a crash or data corruption if they were

[media] uvcvideo: Set alternate setting 0 on resume if the bus has been reset

Workaround for some cameras that expect a particular request after

[media] tuner_xc2028: Allow selection of the frequency adjustment code for XC3028

Fixes support for some DVB tuner devices.

plat-mxc: iomux-v3.h: implicitly enable pull-up/down when thats desired

No effect; this platform is not supported.

um: fix ubd cow size

Fixes support for copy-on-write disk images in User Mode Linux (so not
relevant for linux-2.6 itself).

cfq: calculate the seek_mean per cfq_queue not per cfq_io_context
cfq: merge cooperating cfq_queues
cfq: change the meaning of the cfqq_coop flag
cfq: break apart merged cfqqs if they stop cooperating
cfq-iosched: get rid of the coop_preempt flag
cfq: Dont allow queue merges for queues that have no process references

These are supposed to fix very poor disk throughput for some workloads,
particularly NFS servers.

KVM: x86: Reset tsc_timestamp on TSC writes

Fixes severe performance regression for KVM guests (the bug is in the
host but only affects the guests).  Regression was introduced in (Debian version 2.6.32-35).

genirq: Add IRQF_RESUME_EARLY and resume such IRQs earlier

Fixes #644604, a regression which caused Xen domU to hang after
suspend/resume (including migration).  We already fixed this by
reverting the change that introduced the regression, but this should be

Revert "usb: musb: restore INDEX register in resume path"

No effect; we don't support any platform with MUSB.

Revert "MIPS: MTX-1: Make au1000_eth probe all PHY

No effect; we don't support this platform.

watchdog: mtx1-wdt: fix build failure

No effect; we don't support this platform.

kcore: fix test for end of list

It looks like reading from an invalid offset in /proc/kcore can crash
the kernel.  Shouldn't be a security issue as only root should be able
to read it.

thinkpad-acpi: module autoloading for newer Lenovo ThinkPads.

Hardware support.

scm: lower SCM_MAX_FD

Already applied this in 2.6.32-30.

deal with races in /proc/*/{syscall,stack,personality}
NLM: Dont hang forever on NLM unlock requests
Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
vm: fix vm_pgoff wrap in stack expansion
vm: fix vm_pgoff wrap in upward expansion
Bluetooth: Prevent buffer overflow in l2cap config request
nl80211: fix overflow in ssid_len
net_sched: Fix qdisc_notify()

Various security fixes, already applied in 2.6.32-35squeeze1.


Ben Hutchings
Sturgeon's Law: Ninety percent of everything is crap.

Attachment: signature.asc
Description: This is a digitally signed message part

--- End Message ---
--- Begin Message ---
Source: user-mode-linux
Source-Version: 2.6.32-1um-4+41

We believe that the bug you reported is fixed in the latest version of
user-mode-linux, which is due to be installed in the Debian FTP archive:

  to main/u/user-mode-linux/user-mode-linux_2.6.32-1um-4+41.diff.gz
  to main/u/user-mode-linux/user-mode-linux_2.6.32-1um-4+41.dsc
  to main/u/user-mode-linux/user-mode-linux_2.6.32-1um-4+41_amd64.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 647624@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
dann frazier <dannf@debian.org> (supplier of updated user-mode-linux package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.8
Date: Mon, 16 Jan 2012 15:10:25 -0700
Source: user-mode-linux
Binary: user-mode-linux
Architecture: source amd64
Version: 2.6.32-1um-4+41
Distribution: stable
Urgency: high
Maintainer: User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>
Changed-By: dann frazier <dannf@debian.org>
 user-mode-linux - User-mode Linux (kernel)
Closes: 586494 633526 637234 637308 638172 641661 645308 647624 650160 650652 651255 651367 652857 653398 655049
 user-mode-linux (2.6.32-1um-4+41) stable; urgency=high
   * Rebuild against linux-source-2.6.32 (2.6.32-41):
     * Add longterm releases and, including:
       - atm: br2684: Fix oops due to skb->dev being NULL
       - md/linear: avoid corrupting structure while waiting for rcu_free to
       - xen/smp: Warn user why they keel over - nosmp or noapic and what to use
         instead. (Closes: #637308)
       - md: Fix handling for devices from 2TB to 4TB in 0.90 metadata.
       - net/9p: fix client code to fail more gracefully on protocol error
       - fs/9p: Fid is not valid after a failed clunk.
       - TPM: Call tpm_transmit with correct size (CVE-2011-1161)
       - TPM: Zero buffer after copying to userspace (CVE-2011-1162)
       - libiscsi_tcp: fix LLD data allocation
       - cfg80211: Fix validation of AKM suites
       - USB: pid_ns: ensure pid is not freed during kill_pid_info_as_uid
       - kobj_uevent: Ignore if some listeners cannot handle message
         (Closes: #641661)
       - nfsd4: ignore WANT bits in open downgrade
       - [s390] KVM: check cpu_id prior to using it
       - cfq: merge cooperating cfq_queues
       - [x86] KVM: Reset tsc_timestamp on TSC writes (fixes guest performance
         regression introduced in 2.6.32-35)
       - ext4: fix BUG_ON() in ext4_ext_insert_extent()
       - ext2,ext3,ext4: don't inherit APPEND_FL or IMMUTABLE_FL for new inodes
       For the complete list of changes, see:
       and the bug report which this closes: #647624.
     * tg3: Fix I/O failures after chip reset (Closes: #645308; regression in
     * Add longterm release, including:
       - SCSI: st: fix race in st_scsi_execute_end
       - NFS/sunrpc: don't use a credential with extra groups.
       - netlink: validate NLA_MSECS length
       - hfs: add sanity check for file name length (CVE-2011-4330)
       - md/raid5: abort any pending parity operations when array fails.
       - mm: avoid null pointer access in vm_struct via /proc/vmallocinfo
       - ipv6: udp: fix the wrong headroom check (CVE-2011-4326)
       - USB: Fix Corruption issue in USB ftdi driver ftdi_sio.c
       For the complete list of changes, see:
       and the bug report which this closes: #650160.
     * ipv6: Allow inet6_dump_addr() to handle more than 64 addresses
       (Closes: #651255)
     * Add longterm release, including:
       - PCI hotplug: shpchp: don't blindly claim non-AMD 0x7450 device IDs
         (see #638863)
       - sched, x86: Avoid unnecessary overflow in sched_clock
       - [x86] mpparse: Account for bus types other than ISA and PCI
         (Closes: #586494)
       For the complete list of changes, see:
       and the bug report which this closes: #651367.
     * [vserver] Update patch to
       - nfs: Fix client uid/gid caching (Closes: #633526)
     * [x86] Add isci driver from Linux 3.1 (Closes: #652857)
       - libsas: fix definition of wideport, include local sas address
       - [x86] Introduce pci_map_biosrom()
     * Add longterm release, including:
       - percpu: fix chunk range calculation
       - xfrm: Fix key lengths for rfc3686(ctr(aes)) (Closes: #650652)
       - jbd/jbd2: validate sb->s_first in journal_get_superblock()
       - Make taskstats require root access (CVE-2011-2494)
       - hfs: fix hfs_find_init() sb->ext_tree NULL ptr oops (CVE-2011-2203)
       - oprofile, x86: Fix nmi-unsafe callgraph support
       - ext4: avoid hangs in ext4_da_should_update_i_disksize()
     * xen: backport upstream (xen.git#xen/stable-2.6.32.y) fixes to event
       - multiple fixes to PIRQ event channel handling (Closes: #638172)
       - setup IRQ before binding VIRQ to it.
       - correctly setup event channel mask for secondary CPUs on restore.
       - use locked set/clear bit when manipulating event channel masks.
       - ensure event channels are handled in a fair/round-robin order preventing
         lower numbered event channels from starving higher.
     * xen: blkback: don't fail empty barrier requests (Closes: #637234)
     * ipv6: make fragment identifications less predictable (CVE-2011-2699)
       - fix NULL dereference in udp6_ufo_fragment (see #643817)
     * Add longterm release
       - Revert "clockevents: Set noop handler in clockevents_exchange_device()",
         included in stable update (Closes: #653398)
     * Add longterm release, including:
       - cfq-iosched: fix cfq_cic_link() race confition
       For the complete list of changes, see:
       and the bug report which this closes: #655049.
 f494d27c53a7b37ca3a4347b436edd3524e68c02 2030 user-mode-linux_2.6.32-1um-4+41.dsc
 b488267ef63e4218f70c47ee51b40502007b5233 19896 user-mode-linux_2.6.32-1um-4+41.diff.gz
 9f7914a7a62777ecf85299f2b72ede31753c8afd 7082050 user-mode-linux_2.6.32-1um-4+41_amd64.deb
 ba2f5619cd4026bd17a83d3b6a0eaed47b9c62bc0cf46ec3ddf56f1d23f5593b 2030 user-mode-linux_2.6.32-1um-4+41.dsc
 5ccf08629fadd90d1083e938c8000fa2499028bfb91f0914b673e4b031214942 19896 user-mode-linux_2.6.32-1um-4+41.diff.gz
 f84c0799d02381f79ccbf1b78d2704011eb5a1158b63d4a724cbbf6e771c3e67 7082050 user-mode-linux_2.6.32-1um-4+41_amd64.deb
 99409f5e1cce01848a20d64c09487d7c 2030 kernel extra user-mode-linux_2.6.32-1um-4+41.dsc
 80d12b694c2947277796884f1d9c36cd 19896 kernel extra user-mode-linux_2.6.32-1um-4+41.diff.gz
 491732fc5e1e2a828e84767f691059a1 7082050 kernel extra user-mode-linux_2.6.32-1um-4+41_amd64.deb

Version: GnuPG v1.4.11 (GNU/Linux)


--- End Message ---

Reply to: