~ubuntu-kernel/ubuntu/+source/linux/+git/edgy:master

Last commit made on 2008-02-11
Get this branch:
git clone -b master https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/edgy
Members of Ubuntu Kernel Repositories can upload to this branch. Log in for directions.

Branch merges

Branch information

Recent commits

711761e... by Tim Gardner on 2008-02-11

[UBUNTU:debian] Ubuntu-2.6.17.1-12.44

Signed-off-by: Tim Gardner <email address hidden>

6515e4d... by Tim Gardner on 2008-02-11

[UBUNTU:] CVE-2008-0600 - splice: fix user pointer access in get_iovec_page_array()

UpstreamStatus: Merged in 2.6.22.Y
Reference: 190587

patch 712a30e63c8066ed84385b12edbfb804f49cbc44 in mainline.

Commit 8811930dc74a503415b35c4a79d14fb0b408a361 ("splice: missing user
pointer access verification") added the proper access_ok() calls to
copy_from_user_mmap_sem() which ensures we can copy the struct iovecs
from userspace to the kernel.

But we also must check whether we can access the actual memory region
pointed to by the struct iovec to fix the access checks properly.

Signed-off-by: Bastian Blank <email address hidden>
Acked-by: Oliver Pinter <email address hidden>
Cc: Jens Axboe <email address hidden>
Cc: Andrew Morton <email address hidden>
Signed-off-by: Pekka Enberg <email address hidden>
Signed-off-by: Linus Torvalds <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
Signed-off-by: Tim Gardner <email address hidden>

9655cd0... by Tim Gardner on 2008-01-18

[UBUNTU] Ubuntu-2.6.17.1-12.43

Signed-off-by: Tim Gardner <email address hidden>

e6fdfed... by Hugh Dickins <email address hidden> on 2007-11-28

tmpfs: restore missing clear_highpage (CVE-2007-6417)

[e84e2e132c9c66d8498e7710d4ea532d1feaaac5] linux-2.6

tmpfs was misconverted to __GFP_ZERO in 2.6.11. There's an unusual case in
which shmem_getpage receives the page from its caller instead of allocating.
We must cover this case by clear_highpage before SetPageUptodate, as before.

Signed-off-by: Hugh Dickins <email address hidden>
Signed-off-by: Linus Torvalds <email address hidden>
Signed-off-by: Kees Cook <email address hidden>

23c1a39... by Ingo Molnar <email address hidden> on 2007-11-28

vfs: coredumping fix (CVE-2007-6206)

[c46f739dd39db3b07ab5deb4e3ec81e1c04a91af] linux-2.6

fix: http://bugzilla.kernel.org/show_bug.cgi?id=3043

only allow coredumping to the same uid that the coredumping
task runs under.

Signed-off-by: Ingo Molnar <email address hidden>
Acked-by: Alan Cox <email address hidden>
Acked-by: Christoph Hellwig <email address hidden>
Acked-by: Al Viro <email address hidden>
Signed-off-by: Linus Torvalds <email address hidden>
Signed-off-by: Kees Cook <email address hidden>

eee6197... by Karsten Keil <email address hidden> on 2007-12-01

I4L: fix isdn_ioctl memory overrun vulnerability (CVE-2007-6151)

[eafe1aa37e6ec2d56f14732b5240c4dd09f0613a] linux-2.6

Fix possible memory overrun issue in the isdn ioctl code.

Found by ADLAB <email address hidden>

Signed-off-by: Karsten Keil <email address hidden>
Cc: ADLAB <email address hidden>
Cc: <email address hidden>
Signed-off-by: Andrew Morton <email address hidden>
Signed-off-by: Linus Torvalds <email address hidden>
Signed-off-by: Kees Cook <email address hidden>

9079687... by Karsten Keil <email address hidden> on 2007-11-22

isdn: avoid copying overly-long strings (CVE-2007-6063)

[0f13864e5b24d9cbe18d125d41bfa4b726a82e40] linux-2.6

Addresses http://bugzilla.kernel.org/show_bug.cgi?id=9416

Signed-off-by: Karsten Keil <email address hidden>
Signed-off-by: Andrew Morton <email address hidden>
Signed-off-by: Linus Torvalds <email address hidden>
Signed-off-by: Kees Cook <email address hidden>

f343450... by tglx on 2007-12-07

hrtimers: avoid overflow for large relative timeouts (CVE-2007-5966)

[62f0f61e6673e67151a7c8c0f9a09c7ea43fe2b5] linux-2.6

Relative hrtimers with a large timeout value might end up as negative
timer values, when the current time is added in hrtimer_start().

This in turn is causing the clockevents_set_next() function to set an
huge timeout and sleep for quite a long time when we have a clock
source which is capable of long sleeps like HPET. With PIT this almost
goes unnoticed as the maximum delta is ~27ms. The non-hrt/nohz code
sorts this out in the next timer interrupt, so we never noticed that
problem which has been there since the first day of hrtimers.

This bug became more apparent in 2.6.24 which activates HPET on more
hardware.

Signed-off-by: Thomas Gleixner <email address hidden>
Signed-off-by: Ingo Molnar <email address hidden>
Signed-off-by: Kees Cook <email address hidden>

5226815... by Kees Cook on 2008-01-16

[UBUNTU:ppc64] fix corrupted sigcontext during FPU stress (CVE-2007-3107)

PatchAuthor: Konrad Rzeszutek <email address hidden>
UpstreamStatus: Merged in 2.6.22

Signed-off-by: Kees Cook <email address hidden>

a286f5e... by Linus Torvalds <email address hidden> on 2008-01-12

CVE-2008-0001: Use access mode instead of open flags to determine needed permissions

[974a9f0b47da74e28f68b9c8645c3786aa5ace1a] linux-2.6

Way back when (in commit 834f2a4a1554dc5b2598038b3fe8703defcbe467, aka
"VFS: Allow the filesystem to return a full file pointer on open intent"
to be exact), Trond changed the open logic to keep track of the original
flags to a file open, in order to pass down the the intent of a dentry
lookup to the low-level filesystem.

However, when doing that reorganization, it changed the meaning of
namei_flags, and thus inadvertently changed the test of access mode for
directories (and RO filesystem) to use the wrong flag. So fix those
test back to use access mode ("acc_mode") rather than the open flag
("flag").

Issue noticed by Bill Roman at Datalight.

Reported-and-tested-by: Bill Roman <email address hidden>
Acked-by: Trond Myklebust <email address hidden>
Acked-by: Al Viro <email address hidden>
Cc: Christoph Hellwig <email address hidden>
Cc: Andrew Morton <email address hidden>
Signed-off-by: Linus Torvalds <email address hidden>
Signed-off-by: Kees Cook <email address hidden>