lp:ubuntu/gutsy-updates/linux-source-2.6.22

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

50. By Stefan Bader on 2009-03-16

[Upstream Kernel Changes]

* NFS: Remove the buggy lock-if-signalled case from do_setlk()
  - CVE-2008-4307
* sctp: Avoid memory overflow while FWD-TSN chunk is received with bad
  stream ID
  - CVE-2009-0065
* net: 4 bytes kernel memory disclosure in SO_BSDCOMPAT gsopt try #2
  - CVE-2009-0676
* sparc: Fix mremap address range validation.
  - CVE-2008-6107
* copy_process: fix CLONE_PARENT && parent_exec_id interaction
  - CVE-2009-0028
* security: introduce missing kfree
  - CVE-2009-0031
* eCryptfs: check readlink result was not an error before using it
  - CVE-2009-0269
* dell_rbu: use scnprintf() instead of less secure sprintf()
  - CVE-2009-0322
* drivers/net/skfp: if !capable(CAP_NET_ADMIN): inverted logic
  - CVE-2009-0675
* Ext4: Fix online resize block group descriptor corruption
  - CVE-2009-0745
* ext4: Initialize the new group descriptor when resizing the filesystem
  - CVE-2009-0745
* ext4: Add sanity check to make_indexed_dir
  - CVE-2009-0746
* x86-64: syscall-audit: fix 32/64 syscall hole
  - CVE-2009-0834
* x86-64: seccomp: fix 32/64 syscall hole
  - CVE-2009-0835
* shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM
  - CVE-2009-0859
* udf: Fix oops when invalid character in filename occurs
  - LP: #321606

49. By Stefan Bader on 2009-01-09

[Upstream Kernel Changes]

* ATM: CVE-2008-5079: duplicate listen() on socket corrupts the vcc table
  - CVE-2008-5079
* libertas: fix buffer overrun
  - CVE-2008-5134
* Fix inotify watch removal/umount races
  - CVE-2008-5182
* net: Fix soft lockups/OOM issues w/ unix garbage collector
  - CVE-2008-5300
* Enforce a minimum SG_IO timeout
  - CVE-2008-5700
* ib700wdt.c - fix buffer_underflow bug
  - CVE-2008-5702
* Add preemption point in qdisc_run
  - CVE-2008-5713

48. By Stefan Bader on 2008-11-18

[Stefan Bader]

* XEN: Fix max number of segments in blkif
  - CVE-2007-5498

[Upstream Kernel Changes]

* Don't allow splice() to files opened with O_APPEND
  - CVE-2008-4554
* sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH
  - CVE-2008-4576
* hfsplus: fix Buffer overflow with a corrupted image
  - CVE-2008-4933
* hfsplus: check read_mapping_page() return value
  - CVE-2008-4934
* net: Fix recursive descent in __scm_destroy().
  - CVE-2008-5029
* security: avoid calling a NULL function pointer in
  drivers/video/tvaudio.c
  - CVE-2008-5033
* hfs: fix namelength memory corruption
  - CVE-2008-5025
* V4L/DVB (9621): Avoid writing outside shadow.bytes[] array

47. By Stefan Bader on 2008-10-01

[Stefan Bader]

* Enabled CONFIG_DEBUG_RODATA for all architectures.

[Upstream Kernel Changes]

* dccp: change L/R must have at least one byte in the dccpsf_val field
  - CVE-2008-3276
* dio: zero struct dio with kzalloc instead of manually
  - CVE-2007-6716
* wan: Missing capability checks in sbni_ioctl()
  - CVE-2008-3525
* tmpfs: fix kernel BUG in shmem_delete_inode
  - CVE-2008-3534
* fbdefio: add set_page_dirty handler to deferred IO FB
  - CVE-2008-3534
* nfsd: fix buffer overrun decoding NFSv4 acl
  - CVE-2008-3915
* Only allow access to DRM_I915_HWS_ADDR ioctl() for Xserver.
  - CVE-2008-383

46. By Stefan Bader on 2008-08-14

[Stefan Bader]

* mm: Fix zero length segment loop
  - LP: #249340
  follow-up for CVE-2008-0598

[Upstream Kernel Changes]

* Fix compiler warning on 64-bit
  follow-up for CVE-2008-1673
* netfilter: nf_nat_snmp_basic: fix a range check in NAT for SNMP
  follow-up for CVE-2008-1673

45. By Tim Gardner on 2008-07-11

Fix hppa FTBS by ignoring hppa ABI check. The last successful hppa
upload was -14.52.

44. By Ben Collins <email address hidden> on 2008-05-19

[Colin Ian King]

* usb-storage: always set the allow_restart flag
  - LP: #193154

[Upstream Kernel Changes]

* [IA64] Fix unaligned handler for floating point instructions with base
  update
* CVE-2007-6694: [POWERPC] CHRP: Fix possible NULL pointer dereference
* vm audit: add VM_DONTEXPAND to mmap for drivers that need it
  (CVE-2008-0007)
* fix SMP ordering hole in fcntl_setlk() (CVE-2008-1669)
* Fix dnotify/close race (CVE-2008-1375)
* [TCP]: secure_tcp_sequence_number() should not use a too fast clock
* hrtimer: check relative timeouts for overflow
* netdrvr: natsemi: Fix device removal bug

43. By Tim Gardner on 2008-02-11

[Tim Gardner]

* splice: fix user pointer access in get_iovec_page_array()
  (CVE-2008-0600)
  - LP: #190587

42. By Tim Gardner on 2008-01-28

[Amit Kucheria]

* Poulsbo: Mass update of all patches from moblin repo
* Update config.lpia to reflect new patches
* [sata_sil][sata->ide-bridg] failed to set xfermode
  - LP: #153096
* Poulsbo: remove extra patch

[Kees Cook]

* fix NFSv4 client mount regression
  - LP: #164231

[Tim Gardner]

* Support of new AMD PowerNow! (family 0x11 and beyond)
  - LP: #185649

[Upstream Kernel Changes]

* minixfs: limit minixfs printks on corrupted dir i_size (CVE-2006-6058)
* [JFFS2] Fix ACL vs. mode handling. (CVE-2007-4849)
* [IEEE80211]: avoid integer underflow for runt rx frames (CVE-2007-4997)
* [TCP]: Make sure write_queue_from does not begin with NULL ptr
  (CVE-2007-5501)
* wait_task_stopped: Check p->exit_state instead of TASK_TRACED
  (CVE-2007-5500)
* fix DLM regression
* CVE-2008-0001: Use access mode instead of open flags to determine
  needed permissions
* hrtimers: avoid overflow for large relative timeouts (CVE-2007-5966)
* isdn: avoid copying overly-long strings (CVE-2007-6063)
* I4L: fix isdn_ioctl memory overrun vulnerability (CVE-2007-6151)
* vfs: coredumping fix (CVE-2007-6206)
* tmpfs: restore missing clear_highpage (CVE-2007-6417)
* [UBUNTU] fs/dlm: Fix regression introduced with last security fix.

41. By Phillip Lougher <email address hidden> on 2007-12-13

[Security]

* wait_task_stopped: Check p->exit_state instead of TASK_TRACED
  (CVE-2007-5500)
* [TCP]: Make sure write_queue_from does not begin with NULL ptr
  (CVE-2007-5501)
* [IEEE80211]: avoid integer underflow for runt rx frames (CVE-2007-4997)
* [JFFS2] Fix ACL vs. mode handling. (CVE-2007-4849)
* minixfs: limit minixfs printks on corrupted dir i_size (CVE-2006-6058)
* NFS: Fix the mount regression

[Fabio Massimo Di Nitto]

* fix DLM regression

[Tim Gardner]

* linux-image postinst matches header_postinst_hook for postinst_hook
  incorrectly
  - LP: #125816

[Upstream Kernel Changes]

* [SPARC64]: Fix bugs in SYSV IPC handling in 64-bit processes.
* [SPARC64]: Fix register usage in xor_raid_4().
* [NIU]: Fix write past end of array in niu_pci_probe_sprom().
* [NIU]: getting rid of __ucmpdi2 in niu.o
* [SPARC64]: Do not use alloc_bootmem*low().
* [SPARC64]: Fix bogus '&' conditinal in set_rtc_mmss().
* [FUTEX]: Fix address computation in compat code.
* [NIU]: Fix link LED handling.
* [SPARC64]: Fix memory controller register access when non-SMP.
* [SPARC64]: Fix endless loop in cheetah_xcall_deliver().
* [SPARC64]: Fix two kernel linear mapping setup bugs.