lp:ubuntu/feisty-security/linux-source-2.6.20
- Get this branch:
- bzr branch lp:ubuntu/feisty-security/linux-source-2.6.20
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 37. By Stefan Bader
-
[Upstream Kernel Changes]
* (CVE-2008-0598) mm: trim more holes
* Fix compiler warning on 64-bit
follow-up for CVE-2008-1673
* netfilter: nf_nat_snmp_basic: fix a range check in NAT for SNMP - 36. By Tim Gardner
-
[Upstream Kernel Changes]
* (CVE-2007-6282) [ESP]: Ensure IV is in linear part of the skb to avoid
BUG() due to OOB access
* (CVE-2008-1673) asn1: additional sanity checking during BER decoding
* (CVE-2008-2136) sit: Add missing kfree_skb() on pskb_may_pull()
failure.
* (CVE-2008-2137) sparc: Fix mmap VA span checking.
* (CVE-2008-2358) dccp: return -EINVAL on invalid feature length
* (CVE-2008-1615) x86_64: fix CS corruption on iret
* (CVE-2008-2826) sctp: Make sure N * sizeof(union sctp_addr) does not
overflow.[Tim Gardner]
* Fixed modules file sorting by forcing both ABI files to be lexigraphical.
* Add lds linker file to headers package for ia64 external modules linking. - 35. By Ben Collins
-
[Upstream Kernel Changes]
* CVE-2007-5904: [CIFS] Fix buffer overflow if server sends corrupt
response to small request
* [IA64] Fix unaligned handler for floating point instructions with base
update
* CVE-2007-6694: [POWERPC] CHRP: Fix possible NULL pointer dereference
* vm audit: add VM_DONTEXPAND to mmap for drivers that need it
(CVE-2008-0007)
* CVE-2008-1294: CPU time limit patch / setrlimit(RLIMIT_ CPU, 0) cheat
fix
* fix SMP ordering hole in fcntl_setlk() (CVE-2008-1669)
* Fix dnotify/close race (CVE-2008-1375)
* Convert snd-page-alloc proc file to use seq_file (CVE-2007-4571)
* hrtimer: check relative timeouts for overflow - 34. By Tim Gardner
-
[Tim Gardner]
* splice: fix user pointer access in get_iovec_
page_array( )
(CVE-2008-0600)
- GIT-SHA 9ba4693de4d2e7da123589c3e592ea 08eaf9e575 - 33. By Tim Gardner
-
[Kees Cook]
* fix NFSv4 client mount regression
- GIT-SHA 7a9e181ce37e0a862261b1814ee3ef 358036dd5e
- Bug #164231
* ppc64: fix corrupted sigcontext during FPU stress (CVE-2007-3107)
- GIT-SHA 7117942afa58a6331cc2abc498541b 2784cf79ac [Upstream Kernel Changes]
* minixfs: limit minixfs printks on corrupted dir i_size (CVE-2006-6058)
* [IPV6]: Do no rely on skb->dst before it is assigned. (CVE-2007-4567)
* [JFFS2] Fix ACL vs. mode handling. (CVE-2007-4849)
* [IEEE80211]: avoid integer underflow for runt rx frames (CVE-2007-4997)
* USB: fix DoS in pwc USB video driver (CVE-2007-5093)
* Fix debug regression in video/pwc
* wait_task_stopped: Check p->exit_state instead of TASK_TRACED
(CVE-2007-5500)
* fix DLM regression
* CVE-2008-0001: Use access mode instead of open flags to determine
needed permissions
* hrtimers: avoid overflow for large relative timeouts (CVE-2007-5966)
* isdn: avoid copying overly-long strings (CVE-2007-6063)
* I4L: fix isdn_ioctl memory overrun vulnerability (CVE-2007-6151)
* vfs: coredumping fix (CVE-2007-6206)
* tmpfs: restore missing clear_highpage (CVE-2007-6417)
* [UBUNTU] fs/dlm: Fix regression introduced with last security fix. - 32. By Phillip Lougher <email address hidden>
-
[Security]
* NFS: Fix the mount regression
* minixfs: limit minixfs printks on corrupted dir i_size (CVE-2006-6058)
* [IPV6]: Do no rely on skb->dst before it is assigned. (CVE-2007-4567)
* [JFFS2] Fix ACL vs. mode handling. (CVE-2007-4849)
* [IEEE80211]: avoid integer underflow for runt rx frames (CVE-2007-4997)
* USB: fix DoS in pwc USB video driver (CVE-2007-5093)
* Fix debug regression in video/pwc
* wait_task_stopped: Check p->exit_state instead of TASK_TRACED
(CVE-2007-5500)[Fabio Massimo Di Nitto]
* fix DLM regression
- 31. By Tim Gardner
-
[ security ]
* CVE-2007-4573: x86_64: Zero extend all registers after ptrace in 32bit entry path.
* CVE-2007-3731: i386: fixup TRACE_IRQ breakage
* CVE-2007-3731: Handle bogus %cs selector in single-step instruction decoding
* CVE-2007-3739: Don't allow the stack to grow into hugetlb reserved regions
* CVE-2007-3740: [CIFS] CIFS should honour umask - 30. By Phillip Lougher <email address hidden>
-
[Phillip Lougher]
* Fix build problem with CVE-2007-3380 patch
- GIT-SHA 40b2e68a8d1137d2e7f4eb7ce561cc f30ebce4d1
* sysfs_readdir NULL ptr dereference causes kernel oops (CVE-2007-3104)
- GIT-SHA 5ca45c7e9e3d363c7bd3a5419742cb 3368baf474
* Fix VMI lazy mode race (again)
- GIT-SHA b6fb010967dbc9fcbf173171692736 9c9cb89725
* Fix CVE-2007-3848 patch for older kernel
- GIT-SHA ddc739c7419ffdd584845d1aaa3ee9 ded154a951
* Fix paravirt vmalloc bug
- GIT-SHA c330f3fb3b90703cabc0e485aec3f7 545753e289
* Fix race condition in Squashfs cache handling
- GIT-SHA 00b3f12b4f0a5cbdea6d66587a3cd7 ca25375c55 [Tim Gardner]
* Dell Inspiron 1420 no external audio
- GIT-SHA dc24b94b0d384a70b400d56f970603 51f800c3df
- Bug #119898
* [TG3]: Fix link problem on Dell's onboard 5906.
- GIT-SHA 7dce7db84f689c27c012d30be00dba 2a0b567ff5
- Bug #121030
* Add AGP support for Intel G33 video. Add 3D/mesa support for Intel G33
video.
- GIT-SHA 6331663c669b38521a31b04d4f58f9 a888b19d2c
- Bug #121443
* Touchpad not recognized on Dell Inspiron 1420
- GIT-SHA 9cfe7aefbb8d5755a636eb10434817 5738eb4fe0
- Bug #129477
* Fix another paravirt bug for Feisty
- GIT-SHA 0d84c3f9a8dce561d393c7ac349014 b5f19a4c84 [Upstream Kernel Changes]
* cpuset: prevent information leak in cpuset_tasks_read (CVE-2007-2875)
* NETFILTER: {ip, nf}_conntrack_sctp: fix remotely triggerable NULL ptr
dereference (CVE-2007-2876)
* [DLM] CVE-2007-3380 A TCP connection to DLM port blocks DLM operations
* [PPPOE]: memory leak when socket is release()d before PPPIOCGCHAN has
been called on it (CVE-2007-2525)
* fat: fix VFAT compat ioctls on 64-bit systems (CVE-2007-2878)
* random: fix bound check ordering (CVE-2007-3105)
* USB: usblcd doesn't limit memory consumption during write
(CVE-2007-3513)
* [NETFILTER]: nf_conntrack_h323: add checking of out-of-range on
choices' index values (CVE-2007-3642)
* drm/i915: Fix i965 secured batchbuffer usage (CVE-2007-3851)
* [CIFS] Fix sign mount option and sign proc config setting
(CVE-2007-3843)
* Reset current->pdeath_ signal on SUID binary execution (CVE-2007-3848)
* aacraid: fix security hole (CVE-2007-4308) - 29. By Phillip Lougher <email address hidden>
-
[Phillip Lougher]
* Revert "{ata_,}piix: Consolidate PCI IDs. Move ata_piix pata IDs to
piix"
- GIT-SHA d20328e312148f5c47cb38482e967e d9a1b7fdb9 [Tim Gardner]
* Work around Dell E520 BIOS reboot bug.
- GIT-SHA 7d6ddf6fc8d2b5f40faac3c7915df7 1b4acb2fd4
- Bug #114854[Upstream Kernel Changes]
* Fix VMI logic error
* [CRYPTO] geode: Fix in-place operations and set key (CVE-2007-2451)
* random: fix error in entropy extraction (CVE-2007-2453)
* random: fix seeding with zero entropy (CVE-2007-2453)
* [Bluetooth] Fix L2CAP and HCI setsockopt() information leaks (CVE-2007-1353) - 28. By Phillip Lougher <email address hidden>
-
[Ben Collins]
* rtc: Ratelimit "lost interrupts" message.
- GIT-SHA 0102aad3b17d22e67864aa5afd88bc 108b881141
* vbox: Remove this driver. It will be outdated by release.
- GIT-SHA 60c8a6c1fbe7ed5dc28ccdd5a48c62 4e9ece56f3
* hppa: Build fixes from jbailey.
- GIT-SHA 4f87aff6afe3479c98f8a64e05c866 027e7d473d
* mmc: Set parent for block dev's to host, not class device.
- GIT-SHA 0400a0ceb5afa2afcda76c92d4425c 4696e72845
- Bug #99648[Daniel Chen]
* sound/pci/: Forward-port intel8x0 quirks from ubuntu-edgy.git
(intel8x0.c)
- GIT-SHA a2ce991fa1b7d601c428564f374104 4a492d13a4
* sound/pci/: Forward-port more intel8x0 quirks from kernel-team@
(intel8x0.c)
- GIT-SHA 5263bd37eeeedc72447441bdec9fc4 7e7cca83d9
* sound/pci/hda/: Revert Toshiba model setting (ALC861_TOSHIBA) for SSID
1179:ff10 (patch_realtek.c)
- GIT-SHA b6fffb0f499459dfaef0f022f2da1f 3fcb4fbdc2
* sound/pci/hda/: Add missing SSID for ALC861-VD (patch_realtek.c)
- GIT-SHA 0ca1a43cc8e4d484963a7f6e486660 2d5fe576db
* sound/pci/ac97/: Fix regression from Edgy - readd jack sense blacklist
entries (ac97_patch.c)
- GIT-SHA 963f93d185fc40ab7853ce75480a5f bcd607e070
* sound/pci/hda/: Fix regression from Edgy - incorrect model quirk for
ALC861-VD (patch_realtek.c)
- GIT-SHA 382e158458c0771a6bd48cc8a64df6 e24a46682e
* sound/pci/hda/: Fix inaudible sound on yet another Toshiba laptop -
incorrect model quirk (patch_realtek.c)
- GIT-SHA fbbec3e6208990a1dbe34766396084 d683bc3322 [Fabio M. Di Nitto]
* [OCFS2] Local mounts should skip inode updates
- GIT-SHA 8cbf682c7a9016caf65fb30bb67d1e 2de3e924c6 [Kyle McMartin]
* Enable ICH8GM (Crestline) support
- GIT-SHA 5b87e59b3898d33e11f71fcc037e7d 1c6480aee0
* bcm43xx: Update to 2.6.21
- GIT-SHA 9424583295f2fa0920a611eb0f37cc d8fb2dc453
* p54pci: Fix error path when eeprom read fails
- GIT-SHA c10305577fa669b114bcb03d6f80bd cbcd46a93a [Phillip Lougher]
* Squashfs: add SetPageError handling
- GIT-SHA ff5082e7b9e1b48d33bbb26fbe9104 ee1956688a
* Fix pata_sis crashes preventing booting
- GIT-SHA 1b27e19fa9145a1579cfecccf7d5be 7d7e242e46
- Bug #107774
* Initialize the Broadcom USB Bluetooth device in Dell laptops.
- GIT-SHA 0f50a719466ae29c18b9b75df3ae64 312d6523cf
* Update tifm driver to 0.8d
- GIT-SHA 6bec583645852716f3fee4a7d2534b e1acf060d6
- Bug #53923
* sound/pci/hda/: Forcibly set the maximum number of codecs (hda_intel.c)
- GIT-SHA d8f18e83ea5ef15ab519f6bf03cccb 3bdeb2e469
- Bug #106843
* Change CONFIG_NR_CPUS from 32 to 64.
- GIT-SHA 00f6cb2c3cda7dab1d02ceb444f5a3 4506c7a30d [Tim Gardner]
* Added more USB device IDs
- GIT-SHA 139e45123031d80bebcb8e609d6a07 9538db0970
* Prevent i2c_ec module from faulting becasue of uninitialized device
parent.
- GIT-SHA 490e63428ab4b3801bc94f520097fd 43a57fbc3f
* Initialize the device with the ACPI structure.
- GIT-SHA 5df920c2fd7da80ea1d47d0c664a74 7700bf33f1
* Backported from 2.6.21-rc6
- GIT-SHA 4d0bb04551b393dfc12552d26dff25 9034c7620c
* Remove vboxdrv from the module lists.
- GIT-SHA 4aae55dc540f17b7b295047b99f4f6 8c43d01930
* Cause SoftMac to emit an association event when setting ESSID.
- GIT-SHA c7a6bbdf4493b2951f02c924bd4a85 d01b46c839
- Bug #https://bugs.launchpad .net/ubuntu/ +source/ linux-source- 2.6.20/ +bug/103768 [Upstream Kernel Changes]
* ocfs2_dlm: Missing get/put lockres in dlm_run_
purge_lockres
* ocfs2_dlm: Add missing locks in dlm_empty_lockres
* ocfs2_dlm: Fix lockres ref counting bug
* ocfs2_dlm: Check for migrateable lockres in dlm_empty_lockres()
* [PS3] Add HV call to local_irq_restore( ).
* i2c: Remove the warning on missing adapter device
* 2.6.21 fix lba48 bug in libata fill_result_tf()
* futex: PI state locking fix
* [APPLETALK]: Fix a remotely triggerable crash (CVE-2007-1357)
* [IPV6]: Fix for ipv6_setsockopt NULL dereference (CVE-2007-1388)
* DCCP: Fix exploitable hole in DCCP socket options (CVE-2007-1730)
* [IPv4] fib: Fix out of bound access of fib_props[] (CVE-2007-2172)
* (Denial of Service security fix from stable kernel 2.6.20.8)
* (Fix to Denial of Service security fix, from stable kernel 2.6.20.10)
* (ipv6 security bug fix from stable kernel 2.6.20.9)
* (Bug fix to ipv6 security fix, from stable kernel 2.6.20.10)
* [SPARC64]: SUN4U PCI-E controller support.
* [VIDEO]: Add Sun XVR-500 framebuffer driver.
* [VIDEO]: Add Sun XVR-2500 framebuffer driver.
* [SPARC64]: Fix recursion in PROM tree building.
* [SPARC64]: Bump PROMINTR_MAX to 32.
* [SPARC64]: Correct FIRE_IOMMU_FLUSHINV register offset.
* [SPARC64]: Add bq4802 TOD chip support, as found on ultra45.
* [SERIAL] SUNHV: Add an ID string.
* [SPARC64]: Be more resiliant with PCI I/O space regs.
* [SPARC64]: Add missing cpus_empty() check in hypervisor xcall handling.
* Input: i8042 - fix AUX IRQ delivery check
* Input: i8042 - another attempt to fix AUX delivery checks
* Input: i8042 - fix AUX port detection with some chips
* [IPV6]: ipv6_fl_socklist is inadvertently shared. (CVE-2007-1592)[Wang Zhenyu]
* intel_agp: fix G965 GTT size detect
- GIT-SHA 8d9fac9fa2123f186f9f7c2b5ba7aa a594de1b58
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)