linux: 2.6.24-29.90 -proposed tracker

The certification team is not testing Hardy kernels. I will put this task as Invalid to avoid confusion.

Copied to hardy-proposed.

Nothing but CVEs in this release, so no verification required

The commit-checker missed 5caf3ae4c4bed98bd6148021e6e934d94b5dea1d (due to it accidentally claiming to be a backport of linus:272b62c1f0f6f742046e45b50b6fec98860208a0 instead of linus:b00916b189d13a615ff05c9242201135992fcda3), so CVE-2010-4655 was not shown as pending in UCT, but was correct in the changelog, so the resulting kernel is correct.

The commit-checker correctly found CVE-2011-1012 (linus:294f6cf48666825d23c9372ef37631232746e40d) which had been attributed to CVE-2011-1017 in the changelog instead of CVE-2011-1012. The fixes for CVE-2011-1017 are present also, so again, the resulting kernel is correct.

I'm happy for this to move to -security when it passes QA.

QA completed, results at https://wiki.ubuntu.com/QATeam/kernelSRU-hardy-2.6.24-29.90

Marking Fix-Released for QA.

Please note that EC2 tests shows a problem on m1.small instances.

Wrong /proc/version_signature: bug 794714
CONFIG_COMPAT_VDSO disabled: bug 794715

I'm a bit confused here -- C de-Avillez suggests that there is a regression?

The consensus between Kees and Stefan and Andy was that this issue has existed for some time and is not new in this kernel. This problem will be addressed in the next kernel. Therefore, no regression.

+1 The xen kernels have been built with this configuration since release. This is just the first time the test is actually run under ec2. I have added a SRU update for the next upload to disable that option, which will then fix it. But for now it is not a regression.

Agreed, please don't hold it back.

This bug was fixed in the package linux - 2.6.24-29.90

---------------
linux (2.6.24-29.90) hardy-proposed; urgency=low

  [ Herton R. Krzesinski ]

  * Release Tracking Bug
    - LP: #788843

  [Upstream Kernel Changes]

  * IB/cm: Bump reference count on cm_id before invoking callback,
    CVE-2011-0695
    - LP: #770369
    - CVE-2011-0695
  * RDMA/cma: Fix crash in request handlers, CVE-2011-0695
    - LP: #770369
    - CVE-2011-0695
  * ALSA: caiaq - Fix possible string-buffer overflow, CVE-2011-0712
    - LP: #768448
    - CVE-2011-0712
  * Treat writes as new when holes span across page boundaries,
    CVE-2011-0463
    - LP: #770483
    - CVE-2011-0463
  * net: clear heap allocations for privileged ethtool actions,
    CVE-2010-4655
    - LP: #771445
    - CVE-2010-4655
  * usb: iowarrior: don't trust report_size for buffer size, CVE-2010-4656
    - LP: #711484
    - CVE-2010-4656
  * fs/partitions/ldm.c: fix oops caused by corrupted partition table,
    CVE-2011-1017
    - LP: #771382
    - CVE-2011-1017
  * ldm: corrupted partition table can cause kernel oops, CVE-2011-1017
    - LP: #771382
    - CVE-2011-1017
  * next_pidmap: fix overflow condition, CVE-2011-1593
    - LP: #784727
    - CVE-2011-1593
  * proc: do proper range check on readdir offset, CVE-2011-1593
    - LP: #784727
    - CVE-2011-1593
 -- Herton Ronaldo Krzesinski <email address hidden> Thu, 26 May 2011 18:15:42 -0300

Copied to -updates/-security. Kees, can you please issue the USN?