Changelog from 2.6.24.22.45 (current in dell-mini) to 2.6.24.23.52 (in generic hardy)


http://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_2.6.24-23.52/changelog

linux (2.6.24-23.52) hardy-security; urgency=low

  [Stefan Bader]

  * rt: Fix FTBS caused by shm changes
    - CVE-2009-0859

  [Steve Beattie]

  * fix apparmor memory leak on deleted file ops Bug: #329489
    - LP: #329489

  [Upstream Kernel Changes]

  * NFS: Remove the buggy lock-if-signalled case from do_setlk()
    - CVE-2008-4307
  * sctp: Avoid memory overflow while FWD-TSN chunk is received with bad
    stream ID
    - CVE-2009-0065
  * net: 4 bytes kernel memory disclosure in SO_BSDCOMPAT gsopt try #2
    - CVE-2009-0676
  * sparc: Fix mremap address range validation.
    - CVE-2008-6107
  * copy_process: fix CLONE_PARENT && parent_exec_id interaction
    - CVE-2009-0028
  * security: introduce missing kfree
    - CVE-2009-0031
  * eCryptfs: check readlink result was not an error before using it
    - CVE-2009-0269
  * dell_rbu: use scnprintf() instead of less secure sprintf()
    - CVE-2009-0322
  * drivers/net/skfp: if !capable(CAP_NET_ADMIN): inverted logic
    - CVE-2009-0675
  * Ext4: Fix online resize block group descriptor corruption
    - CVE-2009-0745
  * ext4: Initialize the new group descriptor when resizing the filesystem
    - CVE-2009-0745
  * ext4: Add sanity check to make_indexed_dir
    - CVE-2009-0746
  * x86-64: syscall-audit: fix 32/64 syscall hole
    - CVE-2009-0834
  * x86-64: seccomp: fix 32/64 syscall hole
    - CVE-2009-0835
  * shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM
    - CVE-2009-0859
  * apparmor: Fix handling of larger number of profiles
    - LP: #345144
  * udf:SAUCE (drop after 2.6.30): Fix oops when invalid character in
    filename occurs
    - LP: #321606
  * Fix memory corruption in console selection
    - CVE-2009-1046
  * SPARC64: Loosen checks in exception table handling.
    - LP: #301608, #349655

 -- Stefan Bader <email address hidden>  Mon, 16 Mar 2009 18:39:14 +0100

linux (2.6.24-23.48) hardy-security; urgency=low

  [Upstream Kernel Changes]

  * ATM: CVE-2008-5079: duplicate listen() on socket corrupts the vcc table
    - CVE-2008-5079
  * libertas: fix buffer overrun
    - CVE-2008-5134
  * Fix inotify watch removal/umount races
    - CVE-2008-5182
  * net: Fix soft lockups/OOM issues w/ unix garbage collector
    - CVE-2008-5300
  * Enforce a minimum SG_IO timeout
    - CVE-2008-5700
  * ib700wdt.c - fix buffer_underflow bug
    - CVE-2008-5702

 -- Stefan Bader <email address hidden>  Wed, 14 Jan 2009 17:46:55 +0100

linux (2.6.24-23.46) hardy-proposed; urgency=low

  [Alessio Igor Bogani]

  * rt: Updated PREEMPT_RT support to rt21
    - LP: #302138

  [Amit Kucheria]

  * SAUCE: Update lpia patches from moblin tree
    - LP: #291457

  [Andy Whitcroft]

  * SAUCE: replace gfs2_bitfit with upstream version to prevent oops
    - LP: #276641

  [Colin Ian King]

  * isdn: Do not validate ISDN net device address prior to interface-up
    - LP: #237306
  * hwmon: (coretemp) Add Penryn CPU to coretemp
    - LP: #235119
  * USB: add support for Motorola ROKR Z6 cellphone in mass storage mode
    - LP: #263217
  * md: fix an occasional deadlock in raid5
    - LP: #208551

  [Stefan Bader]

  * SAUCE: buildenv: Show CVE entries in printchanges
  * SAUCE: buildenv: Send git-ubuntu-log informational message to stderr
  * Xen: dma: avoid unnecessarily SWIOTLB bounce buffering
    - LP: #247148
  * Update openvz patchset to apply to latest stable tree.
    - LP: #301634
  * XEN: Fix FTBS with stable updates
    - LP: #301634

  [Steve Conklin]

  * Add HID quirk for dual USB gamepad
    - LP: #140608

  [Tim Gardner]

  * Enable CONFIG_AX25_DAMA_SLAVE=y
    - LP: #257684
  * SAUCE: Correctly blacklist Thinkpad r40e in ACPI
    - LP: #278794
  * SAUCE: ALPS touchpad for Dell Latitude E6500/E6400
    - LP: #270643

  [Upstream Kernel Changes]

  * Revert "[Bluetooth] Eliminate checks for impossible conditions in IRQ
    handler"
    - LP: #217659
  * KVM: VMX: Clear CR4.VMXE in hardware_disable
    - LP: #268981
  * iov_iter_advance() fix
    - LP: #231746
  * Fix off-by-one error in iov_iter_advance()
    - LP: #231746
  * USB: serial: ch341: New VID/PID for CH341 USB-serial
    - LP: #272485
  * x86: Fix 32-bit x86 MSI-X allocation leakage
    - LP: #273103
  * b43legacy: Fix failure in rate-adjustment mechanism
    - LP: #273143
  * x86: Reserve FIRST_DEVICE_VECTOR in used_vectors bitmap.
    - LP: #276334
  * openvz: merge missed fixes from vanilla 2.6.24 openvz branch
    - LP: #298059
  * openvz: some autofs related fixes
    - LP: #298059
  * openvz: fix ve stop deadlock after nfs connect
    - LP: #298059
  * openvz: fix netlink and rtnl inside container
    - LP: #298059
  * openvz: fix wrong size of ub0_percpu
    - LP: #298059
  * openvz: fix OOPS while stopping VE started before binfmt_misc.ko loaded
    - LP: #298059
  * x86-64: Fix "bytes left to copy" return value for copy_from_user()
  * NET: Fix race in dev_close(). (Bug 9750)
    - LP: #301608
  * IPV6: Fix IPsec datagram fragmentation
    - LP: #301608
  * IPV6: dst_entry leak in ip4ip6_err.
    - LP: #301608
  * IPV4: Remove IP_TOS setting privilege checks.
    - LP: #301608
  * IPCONFIG: The kernel gets no IP from some DHCP servers
    - LP: #301608
  * IPCOMP: Disable BH on output when using shared tfm
    - LP: #301608
  * IRQ_NOPROBE helper functions
    - LP: #301608
  * MIPS: Mark all but i8259 interrupts as no-probe.
    - LP: #301608
  * ub: fix up the conversion to sg_init_table()
    - LP: #301608
  * x86: adjust enable_NMI_through_LVT0()
    - LP: #301608
  * SCSI ips: handle scsi_add_host() failure, and other err cleanups
    - LP: #301608
  * CRYPTO xcbc: Fix crash with IPsec
    - LP: #301608
  * CRYPTO xts: Use proper alignment
    - LP: #301608
  * SCSI ips: fix data buffer accessors conversion bug
    - LP: #301608
  * SCSI aic94xx: fix REQ_TASK_ABORT and REQ_DEVICE_RESET
    - LP: #301608
  * x86: replace LOCK_PREFIX in futex.h
    - LP: #301608
  * ARM pxa: fix clock lookup to find specific device clocks
    - LP: #301608
  * futex: fix init order
    - LP: #301608
  * futex: runtime enable pi and robust functionality
    - LP: #301608
  * file capabilities: simplify signal check
    - LP: #301608
  * hugetlb: ensure we do not reference a surplus page after handing it to
    buddy
    - LP: #301608
  * ufs: fix parenthesisation in ufs_set_fs_state()
    - LP: #301608
  * spi: pxa2xx_spi clock polarity fix
    - LP: #301608
  * NETFILTER: Fix incorrect use of skb_make_writable
    - LP: #301608
  * NETFILTER: fix ebtable targets return
    - LP: #301608
  * SCSI advansys: fix overrun_buf aligned bug
    - LP: #301608
  * pata_hpt*, pata_serverworks: fix UDMA masking
    - LP: #301608
  * moduleparam: fix alpha, ia64 and ppc64 compile failures
    - LP: #301608
  * PCI x86: always use conf1 to access config space below 256 bytes
    - LP: #301608
  * e1000e: Fix CRC stripping in hardware context bug
    - LP: #301608
  * atmel_spi: fix clock polarity
    - LP: #301608
  * x86: move out tick_nohz_stop_sched_tick() call from the loop
    - LP: #301608
  * macb: Fix speed setting
    - LP: #301608
  * ioat: fix 'ack' handling, driver must ensure that 'ack' is zero
    - LP: #301608
  * VT notifier fix for VT switch
    - LP: #301608
  * USB: ftdi_sio: Workaround for broken Matrix Orbital serial port
    - LP: #301608
  * USB: ftdi_sio - really enable EM1010PC
    - LP: #301608
  * SCSI: fix BUG when sum(scatterlist) > bufflen
    - LP: #301608
  * x86: don't use P6_NOPs if compiling with CONFIG_X86_GENERIC
    - LP: #301608
  * Fix default compose table initialization
    - LP: #301608
  * SCSI: gdth: bugfix for the at-exit problems
    - LP: #301608
  * sched: fix race in schedule()
    - LP: #301608
  * nfsd: fix oops on access from high-numbered ports
    - LP: #301608
  * sched_nr_migrate wrong mode bits
    - LP: #301608
  * NETFILTER: xt_time: fix failure to match on Sundays
    - LP: #301608
  * NETFILTER: nfnetlink_queue: fix computation of allocated size for
    netlink skb
    - LP: #301608
  * NETFILTER: nfnetlink_log: fix computation of netlink skb size
    - LP: #301608
  * zisofs: fix readpage() outside i_size
    - LP: #301608
  * jbd2: correctly unescape journal data blocks
    - LP: #301608
  * jbd: correctly unescape journal data blocks
    - LP: #301608
  * aio: bad AIO race in aio_complete() leads to process hang
    - LP: #301608
  * async_tx: avoid the async xor_zero_sum path when src_cnt >
    device->max_xor
    - LP: #301608
  * SCSI advansys: Fix bug in AdvLoadMicrocode
    - LP: #301608
  * BLUETOOTH: Fix bugs in previous conn add/del workqueue changes.
    - LP: #301608
  * relay: fix subbuf_splice_actor() adding too many pages
    - LP: #301608
  * slab: NUMA slab allocator migration bugfix
    - LP: #301608
  * S390 futex: let futex_atomic_cmpxchg_pt survive early functional tests.
    - LP: #301608
  * Linux 2.6.24.4
    - LP: #301608
  * time: prevent the loop in timespec_add_ns() from being optimised away
    - LP: #301632
  * kbuild: soften modpost checks when doing cross builds
    - LP: #301632
  * mtd: memory corruption in block2mtd.c
    - LP: #301632
  * md: remove the 'super' sysfs attribute from devices in an 'md' array
    - LP: #301632
  * V4L: ivtv: Add missing sg_init_table()
    - LP: #301632
  * UIO: add pgprot_noncached() to UIO mmap code
    - LP: #301632
  * USB: new quirk flag to avoid Set-Interface
    - LP: #301632
  * NOHZ: reevaluate idle sleep length after add_timer_on()
    - LP: #301632
  * slab: fix cache_cache bootstrap in kmem_cache_init()
    - LP: #301632
  * xen: fix RMW when unmasking events
    - LP: #301632
  * xen: mask out SEP from CPUID
    - LP: #301632
  * xen: fix UP setup of shared_info
    - LP: #301632
  * PERCPU : __percpu_alloc_mask() can dynamically size percpu_data storage
    - LP: #301632
  * alloc_percpu() fails to allocate percpu data
    - LP: #301632
  * vfs: fix data leak in nobh_write_end()
    - LP: #301632
  * pci: revert SMBus unhide on HP Compaq nx6110
    - LP: #301632
  * vmcoreinfo: add the symbol "phys_base"
    - LP: #301632
  * USB: Allow initialization of broken keyspan serial adapters.
    - LP: #301632
  * USB: serial: fix regression in Visor/Palm OS module for kernels >=
    2.6.24
    - LP: #301632
  * USB: serial: ti_usb_3410_5052: Correct TUSB3410 endpoint requirements.
    - LP: #301632
  * CRYPTO xcbc: Fix crash when ipsec uses xcbc-mac with big data chunk
    - LP: #301632
  * mtd: fix broken state in CFI driver caused by FL_SHUTDOWN
    - LP: #301632
  * ipmi: change device node ordering to reflect probe order
    - LP: #301632
  * AX25 ax25_out: check skb for NULL in ax25_kick()
    - LP: #301632
  * NET: include <linux/types.h> into linux/ethtool.h for __u* typedef
    - LP: #301632
  * SUNGEM: Fix NAPI assertion failure.
    - LP: #301632
  * INET: inet_frag_evictor() must run with BH disabled
    - LP: #301632
  * LLC: Restrict LLC sockets to root
    - LP: #301632
  * netpoll: zap_completion_queue: adjust skb->users counter
    - LP: #301632
  * PPPOL2TP: Make locking calls softirq-safe
    - LP: #301632
  * PPPOL2TP: Fix SMP issues in skb reorder queue handling
    - LP: #301632
  * NET: Add preemption point in qdisc_run
    - LP: #301632
  * sch_htb: fix "too many events" situation
    - LP: #301632
  * SCTP: Fix local_addr deletions during list traversals.
    - LP: #301632
  * NET: Fix multicast device ioctl checks
    - LP: #301632
  * TCP: Fix shrinking windows with window scaling
    - LP: #301632
  * TCP: Let skbs grow over a page on fast peers
    - LP: #301632
  * VLAN: Don't copy ALLMULTI/PROMISC flags from underlying device
    - LP: #301632
  * SPARC64: Fix atomic backoff limit.
    - LP: #301632
  * SPARC64: Fix __get_cpu_var in preemption-enabled area.
    - LP: #301632
  * SPARC64: flush_ptrace_access() needs preemption disable.
    - LP: #301632
  * libata: assume no device is attached if both IDENTIFYs are aborted
    - LP: #301632
  * sis190: read the mac address from the eeprom first
    - LP: #301632
  * bluetooth: hci_core: defer hci_unregister_sysfs()
    - LP: #301632
  * SPARC64: Fix FPU saving in 64-bit signal handling.
    - LP: #301632
  * DVB: tda10086: make the 22kHz tone for DISEQC a config option
    - LP: #301632
  * HFS+: fix unlink of links
    - LP: #301632
  * plip: replace spin_lock_irq with spin_lock_irqsave in irq context
    - LP: #301632
  * signalfd: fix for incorrect SI_QUEUE user data reporting
    - LP: #301632
  * POWERPC: Fix build of modular drivers/macintosh/apm_emu.c
    - LP: #301632
  * PARISC futex: special case cmpxchg NULL in kernel space
    - LP: #301632
  * PARISC pdc_console: fix bizarre panic on boot
    - LP: #301632
  * PARISC fix signal trampoline cache flushing
    - LP: #301632
  * acpi: bus: check once more for an empty list after locking it
    - LP: #301632
  * fbdev: fix /proc/fb oops after module removal
    - LP: #301632
  * macb: Call phy_disconnect on removing
    - LP: #301632
  * file capabilities: remove cap_task_kill()
    - LP: #301632
  * locks: fix possible infinite loop in fcntl(F_SETLKW) over nfs
    - LP: #301632
  * Linux 2.6.24.5
    - LP: #301632
  * splice: use mapping_gfp_mask
    - LP: #301634
  * fix oops on rmmod capidrv
    - LP: #301634
  * USB: gadget: queue usb USB_CDC_GET_ENCAPSULATED_RESPONSE message
    - LP: #301634
  * JFFS2: Fix free space leak with in-band cleanmarkers
    - LP: #301634
  * Increase the max_burst threshold from 3 to tp->reordering.
    - LP: #301634
  * USB: remove broken usb-serial num_endpoints check
    - LP: #301634
  * V4L: Fix VIDIOCGAP corruption in ivtv
    - LP: #301634
  * Linux 2.6.24.6
    - LP: #301634

 -- Stefan Bader <email address hidden>  Mon, 24 Nov 2008 09:44:34 +0100