kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #48321
[Bug 1277722] Re: Quantal update to v3.5.7.29 stable release
This bug was fixed in the package linux - 3.5.0-47.71
---------------
linux (3.5.0-47.71) quantal; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #1281828
[ Upstream Kernel Changes ]
* Revert "mm: ensure get_unmapped_area() returns higher address than
mmap_min_addr"
- LP: #1277722
* net: clamp ->msg_namelen instead of returning an error
- LP: #1269053
* netfilter: nf_conntrack: avoid large timeout for mid-stream pickup
- LP: #1270237
* SELinux: Fix kernel BUG on empty security contexts.
- CVE-2014-1874
* lirc_zilog: Don't use dynamic static allocation
- LP: #1277722
* net: Fix "ip rule delete table 256"
- LP: #1277722
* ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
- LP: #1277722
* random32: fix off-by-one in seeding requirement
- LP: #1277722
* bonding: don't permit to use ARP monitoring in 802.3ad mode
- LP: #1277722
* 6lowpan: Uncompression of traffic class field was incorrect
- LP: #1277722
* bonding: fix two race conditions in bond_store_updelay/downdelay
- LP: #1277722
* isdnloop: use strlcpy() instead of strcpy()
- LP: #1277722
* connector: improved unaligned access error fix
- LP: #1277722
* ipv4: fix possible seqlock deadlock
- LP: #1277722
* inet: prevent leakage of uninitialized memory to user in recv syscalls
- LP: #1277722
* atm: idt77252: fix dev refcnt leak
- LP: #1277722
* net: core: Always propagate flag changes to interfaces
- LP: #1277722
* net: rework recvmsg handler msg_name and msg_namelen logic
- LP: #1277722
* net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
sockaddr_storage)
- LP: #1277722
* packet: fix use after free race in send path when dev is released
- LP: #1277722
* inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
functions
- LP: #1277722
* ipv6: fix leaking uninitialized port number of offender sockaddr
- LP: #1277722
* net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST
- LP: #1277722
* inet: fix possible seqlock deadlocks
- LP: #1277722
* ipv6: fix possible seqlock deadlock in ip6_finish_output2
- LP: #1277722
* af_packet: block BH in prb_shutdown_retire_blk_timer()
- LP: #1277722
* {pktgen, xfrm} Update IPv4 header total len and checksum after
tranformation
- LP: #1277722
* bridge: flush br's address entry in fdb when remove the
- LP: #1277722
* mmc: block: fix a bug of error handling in MMC driver
- LP: #1277722
* NFSv4: Update list of irrecoverable errors on DELEGRETURN
- LP: #1277722
* Update of blkg_stat and blkg_rwstat may happen in bh context. While
u64_stats_fetch_retry is only preempt_disable on 32bit UP system. This
is not enough to avoid preemption by bh and may read strange 64 bit
value.
- LP: #1277722
* ASoC: wm8990: Mark the register map as dirty when powering down
- LP: #1277722
* irq: Enable all irqs unconditionally in irq_resume
- LP: #1277722
* xen/gnttab: leave lazy MMU mode in the case of a m2p override failure
- LP: #1277722
* libsas: fix usage of ata_tf_to_fis
- LP: #1277722
* crypto: authenc - Find proper IV address in ablkcipher callback
- LP: #1277722
* s390/crypto: Don't panic after crypto instruction failures
- LP: #1277722
* crypto: s390 - Fix aes-xts parameter corruption
- LP: #1277722
* crypto: ccm - Fix handling of zero plaintext when computing mac
- LP: #1277722
* ALSA: hda - Fix silent output on ASUS W7J laptop
- LP: #1277722
* net: smc91: fix crash regression on the versatile
- LP: #1277722
* ARM: footbridge: fix VGA initialisation
- LP: #1277722
* hpsa: do not discard scsi status on aborted commands
- LP: #1277722
* hpsa: return 0 from driver probe function on success, not 1
- LP: #1277722
* ALSA: hda - Another fixup for ASUS laptop with ALC660 codec
- LP: #1277722
* enclosure: fix WARN_ON in dual path device removing
- LP: #1277722
* powerpc/gpio: Fix the wrong GPIO input data on MPC8572/MPC8536
- LP: #1277722
* ASoC: wm8731: fix dsp mode configuration
- LP: #1277722
* cpuidle: Check for dev before deregistering it.
- LP: #1277722
* iwlwifi: dvm: don't override mac80211's queue setting
- LP: #1277722
* um: add missing declaration of 'getrlimit()' and friends
- LP: #1277722
* dm: fix truncated status strings
- LP: #1277722
* elevator: acquire q->sysfs_lock in elevator_change()
- LP: #1277722
* iommu/vt-d: Fixed interaction of VFIO_IOMMU_MAP_DMA with IOMMU address
limits
- LP: #1277722
* video: kyro: fix incorrect sizes when copying to userspace
- LP: #1277722
* Input: allow deselecting serio drivers even without CONFIG_EXPERT
- LP: #1277722
* Input: mousedev - allow disabling even without CONFIG_EXPERT
- LP: #1277722
* i2c: i801: SMBus patch for Intel Avoton DeviceIDs
- LP: #1277722
* HID: add quirk for Freescale i.MX23 ROM recovery
- LP: #1277722
* HID: hid-multitouch: add support for SiS panels
- LP: #1277722
* HID: roccat: fix Coverity CID 141438
- LP: #1277722
* HID: apple: option to swap the 'Option' ("Alt") and 'Command' ("Flag")
keys.
- LP: #1277722
* 9p: send uevent after adding/removing mount_tag attribute
- LP: #1277722
* NFSv4 wait on recovery for async session errors
- LP: #1277722
* sched: Avoid throttle_cfs_rq() racing with period_timer stopping
- LP: #1277722
* nfs: fix do_div() warning by instead using sector_div()
- LP: #1277722
* dm delay: fix a possible deadlock due to shared workqueue
- LP: #1277722
* mac80211: don't attempt to reorder multicast frames
- LP: #1277722
* USB: serial: fix race in generic write
- LP: #1277722
* usb: gadget: composite: reset delayed_status on reset_config
- LP: #1277722
* usb: dwc3: fix implementation of endpoint wedge
- LP: #1277722
* saa7164: fix return value check in saa7164_initdev()
- LP: #1277722
* USB: serial: option: blacklist interface 1 for Huawei E173s-6
- LP: #1277722
* USB: option: support new huawei devices
- LP: #1277722
* USB: spcp8x5: correct handling of CS5 setting
- LP: #1277722
* USB: mos7840: correct handling of CS5 setting
- LP: #1277722
* USB: ftdi_sio: fixed handling of unsupported CSIZE setting
- LP: #1277722
* USB: pl2303: fixed handling of CS5 setting
- LP: #1277722
* USB: cdc-acm: Added support for the Lenovo RD02-D400 USB Modem
- LP: #1277722
* drm/radeon: fixup bad vram size on SI
- LP: #1277722
* usb: hub: Use correct reset for wedged USB3 devices that are
NOTATTACHED
- LP: #1277722
* drivers/char/i8k.c: add Dell XPLS L421X
- LP: #1277722
* crypto: scatterwalk - Set the chain pointer indication bit
- LP: #1277722
* crypto: scatterwalk - Use sg_chain_ptr on chain entries
- LP: #1277722
* ARM: 7912/1: check stack pointer in get_wchan
- LP: #1277722
* ARM: 7913/1: fix framepointer check in unwind_frame
- LP: #1277722
* ALSA: memalloc.h - fix wrong truncation of dma_addr_t
- LP: #1277722
* dm snapshot: avoid snapshot space leak on crash
- LP: #1277722
* dm table: fail dm_table_create on dm_round_up overflow
- LP: #1277722
* x86, build, icc: Remove uninitialized_var() from compiler-intel.h
- LP: #1277722
* x86, efi: Don't use (U)EFI time services on 32 bit
- LP: #1277722
* dm bufio: initialize read-only module parameters
- LP: #1277722
* ARM: pxa: tosa: fix keys mapping
- LP: #1277722
* hwmon: (w83l786ng) Fix fan speed control mode setting and reporting
- LP: #1277722
* hwmon: (w83l768ng) Fix fan speed control range
- LP: #1277722
* hwmon: Prevent some divide by zeros in FAN_TO_REG()
- LP: #1277722
* futex: fix handling of read-only-mapped hugepages
- LP: #1277722
* KVM: Improve create VCPU parameter (CVE-2013-4587)
- LP: #1277722
* KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
- LP: #1277722
* KVM: x86: Convert vapic synchronization to _cached functions
(CVE-2013-6368)
- LP: #1277722
* selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()
- LP: #1277722
* selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()
- LP: #1277722
* drivers/rtc/rtc-at91rm9200.c: correct alarm over day/month wrap
- LP: #1277722
* MIPS: DMA: For BMIPS5000 cores flush region just like non-coherent
R10000
- LP: #1277722
* xfs: underflow bug in xfs_attrlist_by_handle()
- LP: #1277722
* Linux 3.5.7.28
- LP: #1277722
* ARM: OMAP3: hwmod data: Don't prevent RESET of USB Host module
- LP: #1277722
* ARM: OMAP2+: hwmod: Fix SOFTRESET logic
- LP: #1277722
* Input: usbtouchscreen - separate report and transmit buffer size
handling
- LP: #1277722
* sc1200_wdt: Fix oops
- LP: #1277722
* cxd2820r_core: fix sparse warnings
- LP: #1277722
* staging: comedi: ssv_dnp: use comedi_dio_update_state()
- LP: #1277722
* staging: comedi: pcmuio: fix possible NULL deref on detach
- LP: #1277722
* HID: Bump maximum global item tag report size to 128 bytes
- LP: #1277722
* selinux: look for IPsec labels on both inbound and outbound packets
- LP: #1277722
* selinux: process labeled IPsec TCP SYN-ACK packets properly in
selinux_ip_postroute()
- LP: #1277722
* intel_idle: enable IVB Xeon support
- LP: #1277722
* mm/hugetlb: check for pte NULL pointer in __page_check_address()
- LP: #1277722
* dm mpath: fix race condition between multipath_dtr and pg_init_done
- LP: #1277722
* KVM: IOMMU: hva align mapping page size
- LP: #1277722
* IB/qib: Convert qib_user_sdma_pin_pages() to use get_user_pages_fast()
- LP: #1277722
* Staging: zram: Fix access of NULL pointer
- LP: #1277722
* ARM: pxa: prevent PXA270 occasional reboot freezes
- LP: #1277722
* Staging: zram: Fix memory leak by refcount mismatch
- LP: #1277722
* TTY: pmac_zilog, check existence of ports in pmz_console_init()
- LP: #1277722
* ceph: cleanup aborted requests when re-sending requests.
- LP: #1277722
* ceph: wake up 'safe' waiters when unregistering request
- LP: #1277722
* powerpc: kvm: fix rare but potential deadlock scene
- LP: #1277722
* libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus
SpinPoint M8
- LP: #1277722
* ext4: fix use-after-free in ext4_mb_new_blocks
- LP: #1277722
* ext4: check for overlapping extents in ext4_valid_extent_entries()
- LP: #1277722
* ext2: Fix oops in ext2_get_block() called from ext2_quota_write()
- LP: #1277722
* ext4: fix del_timer() misuse for ->s_err_report
- LP: #1277722
* usb: cdc-wdm: manage_power should always set needs_remote_wakeup
- LP: #1277722
* scripts/link-vmlinux.sh: only filter kernel symbols for arm
- LP: #1277722
* xhci: Limit the spurious wakeup fix only to HP machines
- LP: #1277722
* drm/i915: don't update the dri1 breadcrumb with modesetting
- LP: #1277722
* iscsi-target: Fix-up all zero data-length CDBs with R/W_BIT set
- LP: #1277722
* drm/radeon: Fix sideport problems on certain RS690 boards
- LP: #1277722
* ALSA: hda - Add enable_msi=0 workaround for four HP machines
- LP: #1260225, #1277722
* gpio: msm: Fix irq mask/unmask by writing bits instead of numbers
- LP: #1277722
* radiotap: fix bitmap-end-finding buffer overrun
- LP: #1277722
* ftrace: Initialize the ftrace profiler for each possible cpu
- LP: #1277722
* libata: disable a disk via libata.force params
- LP: #1277722
* drm/edid: add quirk for BPC in Samsung NP700G7A-S01PL notebook
- LP: #1277722
* sched/rt: Fix rq's cpupri leak while enqueue/dequeue child RT entities
- LP: #1277722
* ALSA: Add SNDRV_PCM_STATE_PAUSED case in wait_for_avail function
- LP: #1277722
* rtlwifi: pci: Fix oops on driver unload
- LP: #1277722
* ath9k: Fix interrupt handling for the AR9002 family
- LP: #1277722
* cpupower: Fix segfault due to incorrect getopt_long arugments
- LP: #1277722
* iio:adc:ad7887 Fix channel reported endianness from cpu to big endian
- LP: #1277722
* ASoC: wm8904: fix DSP mode B configuration
- LP: #1277722
* net_dma: mark broken
- LP: #1277722
* dm9601: fix reception of full size ethernet frames on dm9620/dm9621a
- LP: #1277722
* dm9601: work around tx fifo sync issue on dm962x
- LP: #1277722
* libata, freezer: avoid block device removal while system is frozen
- LP: #1277722
* drm/radeon: fix asic gfx values for scrapper asics
- LP: #1277722
* ext4: add explicit casts when masking cluster sizes
- LP: #1277722
* drm/radeon: 0x9649 is SUMO2 not SUMO
- LP: #1277722
* selinux: fix broken peer recv check
- LP: #1277722
* selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()
- LP: #1277722
* powerpc: Fix bad stack check in exception entry
- LP: #1277722
* ARM: fix "bad mode in ... handler" message for undefined instructions
- LP: #1277722
* ath9k_htc: properly set MAC address and BSSID mask
- LP: #1277722
* powerpc: Align p_end
- LP: #1277722
* Input: allocate absinfo data when setting ABS capability
- LP: #1277722
* GFS2: don't hold s_umount over blkdev_put
- LP: #1277722
* GFS2: Fix incorrect invalidation for DIO/buffered I/O
- LP: #1277722
* jbd2: don't BUG but return ENOSPC if a handle runs out of space
- LP: #1277722
* sh: always link in helper functions extracted from libgcc
- LP: #1277722
* ceph: Avoid data inconsistency due to d-cache aliasing in readpage()
- LP: #1277722
* mm: ensure get_unmapped_area() returns higher address than
mmap_min_addr
- LP: #1277722
* ftrace: Check module functions being traced on reload
- LP: #1277722
* sched: Fix race on toggling cfs_bandwidth_used
- LP: #1277722
* sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining
- LP: #1277722
* sched: Fix hrtimer_cancel()/rq->lock deadlock
- LP: #1277722
* sched: Guarantee new group-entities always have weight
- LP: #1277722
* net: do not pretend FRAGLIST support
- LP: #1277722
* rds: prevent BUG_ON triggered on congestion update to loopback
- LP: #1277722
* macvtap: Do not double-count received packets
- LP: #1277722
* macvtap: update file current position
- LP: #1277722
* tun: update file current position
- LP: #1277722
* macvtap: signal truncated packets
- LP: #1277722
* ipv6: don't count addrconf generated routes against gc limit
- LP: #1277722
* net: drop_monitor: fix the value of maxattr
- LP: #1277722
* net: unix: allow set_peek_off to fail
- LP: #1277722
* tg3: Initialize REG_BASE_ADDR at PCI config offset 120 to 0
- LP: #1277722
* netvsc: don't flush peers notifying work during setting mtu
- LP: #1277722
* net: unix: allow bind to fail on mutex lock
- LP: #1277722
* net: inet_diag: zero out uninitialized idiag_{src,dst} fields
- LP: #1277722
* drivers/net/hamradio: Integer overflow in hdlcdrv_ioctl()
- LP: #1277722
* hamradio/yam: fix info leak in ioctl
- LP: #1277722
* rds: prevent dereference of a NULL device
- LP: #1277722
* net: rose: restore old recvmsg behavior
- LP: #1277722
* vlan: Fix header ops passthru when doing TX VLAN offload.
- LP: #1277722
* net: llc: fix use after free in llc_ui_recvmsg
- LP: #1277722
* bridge: use spin_lock_bh() in br_multicast_set_hash_max
- LP: #1277722
* x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround
- LP: #1277722
* mac80211: move "bufferable MMPDU" check to fix AP mode scan
- LP: #1277722
* SELinux: Fix possible NULL pointer dereference in
selinux_inode_permission()
- LP: #1277722
* Linux 3.5.7.29
- LP: #1277722
* ext4: fix deadlock when writing in ENOSPC conditions
- LP: #1281791
* writeback: Fix data corruption on NFS
- LP: #1281791
* md/raid5: Fix possible confusion when multiple write errors occur.
- LP: #1281791
* md/raid10: fix two bugs in handling of known-bad-blocks.
- LP: #1281791
* md/raid10: fix bug when raid10 recovery fails to recover a block.
- LP: #1281791
* hwmon: (coretemp) Fix truncated name of alarm attributes
- LP: #1281791
* nilfs2: fix segctor bug that causes file system corruption
- LP: #1281791
* mm: fix crash when using XFS on loopback
- LP: #1281791
* vfs: In d_path don't call d_dname on a mount point
- LP: #1281791
* perf/x86/amd/ibs: Fix waking up from S3 for AMD family 10h
- LP: #1281791
* staging: comedi: 8255_pci: fix for newer PCI-DIO48H
- LP: #1281791
* mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate
successfully
- LP: #1281791
* serial: amba-pl011: use port lock to guard control register access
- LP: #1281791
* rtlwifi: rtl8192cu: Fix W=1 build warning
- LP: #1281791
* rtlwifi: rtl8192cu: Add new firmware
- LP: #1281791
* rtlwifi: Set the link state
- LP: #1281791
* rtlwifi: rtl8192c: Add new definitions in the dm_common header
- LP: #1281791
* rtlwifi: rtl8192cu: Fix some code in RF handling
- LP: #1281791
* NFSv4: OPEN must handle the NFS4ERR_IO return code correctly
- LP: #1281791
* parport: parport_pc: remove double PCI ID for NetMos
- LP: #1281791
* staging: vt6656: [BUG] BBvUpdatePreEDThreshold Always set sensitivity
on bScanning
- LP: #1281791
* bfa: Chinook quad port 16G FC HBA claim issue
- LP: #1281791
* usb: option: add new zte 3g modem pids to option driver
- LP: #1281791
* dib8000: make 32 bits read atomic
- LP: #1281791
* serial: add support for 200 v3 series Titan card
- LP: #1281791
* usb: xhci: Check for XHCI_PLAT in xhci_cleanup_msix()
- LP: #1281791
* x86/efi: Fix off-by-one bug in EFI Boot Services reservation
- LP: #1281791
* perf kvm: Fix kvm report without guestmount.
- LP: #1281791
* mtd: mxc_nand: remove duplicated ecc_stats counting
- LP: #1281791
* xen/pvhvm: If xen_platform_pci=0 is set don't blow up (v4).
- LP: #1281791
* USB: serial: add support for iBall 3.5G connect usb modem
- LP: #1281791
* USB: Nokia 502 is an unusual device
- LP: #1281791
* USB: cypress_m8: fix ring-indicator detection and reporting
- LP: #1281791
* ALSA: rme9652: fix a missing comma in channel_map_9636_ds[]
- LP: #1281791
* sunrpc: Fix infinite loop in RPC state machine
- LP: #1281791
* dm thin: initialize dm_thin_new_mapping returned by get_next_mapping
- LP: #1281791
* SELinux: Fix memory leak upon loading policy
- LP: #1281791
* drm/radeon: warn users when hw_i2c is enabled (v2)
- LP: #1281791
* USB: ftdi_sio: added CS5 quirk for broken smartcard readers
- LP: #1281791
* serial: 8250: enable UART_BUG_NOMSR for Tegra
- LP: #1281791
* dm: wait until embedded kobject is released before destroying a device
- LP: #1281791
* dm space map common: make sure new space is used during extend
- LP: #1281791
* ASoC: adau1701: Fix ADAU1701_SEROCTL_WORD_LEN_16 constant
- LP: #1281791
* radeon/pm: Guard access to rdev->pm.power_state array
- LP: #1281791
* drm/radeon: skip colorbuffer checking if COLOR_INFO.FORMAT is set to
INVALID
- LP: #1281791
* staging: r8712u: Set device type to wlan
- LP: #1281791
* ALSA: Enable CONFIG_ZONE_DMA for smaller PCI DMA masks
- LP: #1281791
* mmc: atmel-mci: fix timeout errors in SDIO mode when using DMA
- LP: #1281791
* rtlwifi: rtl8192cu: Add new device ID
- LP: #1281791
* mwifiex: add missing endian conversion for fw_tsf
- LP: #1281791
* b43: Fix lockdep splat
- LP: #1281791
* b43: Fix unload oops if firmware is not available
- LP: #1281791
* b43legacy: Fix unload oops if firmware is not available
- LP: #1281791
* nfs4.1: properly handle ENOTSUP in SECINFO_NO_NAME
- LP: #1281791
* audit: correct a type mismatch in audit_syscall_exit()
- LP: #1281791
* md/raid5: fix long-standing problem with bitmap handling on write
failure.
- LP: #1281791
* drm/radeon: set the full cache bit for fences on r7xx+
- LP: #1281791
* hp_accel: Add a new PnP ID HPQ6007 for new HP laptops
- LP: #1281791
* intel-iommu: fix off-by-one in pagetable freeing
- LP: #1281791
* fuse: fix pipe_buf_operations
- LP: #1281791
* drm/cirrus: correct register values for 16bpp
- LP: #1281791
* IB/qib: Fix QP check when looping back to/from QP1
- LP: #1281791
* ore: Fix wrong math in allocation of per device BIO
- LP: #1281791
* b43: fix the wrong assignment of status.freq in b43_rx()
- LP: #1281791
* KVM: PPC: e500: Fix bad address type in deliver_tlb_misss()
- LP: #1281791
* Btrfs: handle EAGAIN case properly in btrfs_drop_snapshot()
- LP: #1281791
* ACPI / init: Flag use of ACPI and ACPI idioms for power supplies to
regulator API
- LP: #1281791
* powerpc: Make sure "cache" directory is removed when offlining cpu
- LP: #1281791
* drm/radeon/DCE4+: clear bios scratch dpms bit (v2)
- LP: #1281791
* mm/page-writeback.c: fix dirty_balance_reserve subtraction from
dirtyable memory
- LP: #1281791
* target/iscsi: Fix network portal creation race
- LP: #1281791
* mm, oom: base root bonus on current usage
- LP: #1281791
* x86, x32: Correct invalid use of user timespec in the kernel
- LP: #1281791
* alpha: fix broken network checksum
- LP: #1281791
* ARM: at91: smc: bug fix in sam9_smc_cs_read()
- LP: #1281791
* KVM: s390: fix diagnose code extraction
- LP: #1281791
* e752x_edac: Fix pci_dev usage count
- LP: #1281791
* lib/decompressors: fix "no limit" output buffer length
- LP: #1281791
* bnx2x: fix DMA unmapping of TSO split BDs
- LP: #1281791
* inet_diag: fix inet_diag_dump_icsk() timewait socket state logic
- LP: #1281791
* net: avoid reference counter overflows on fib_rules in multicast
forwarding
- LP: #1281791
* net,via-rhine: Fix tx_timeout handling
- LP: #1281791
* mm: hugetlbfs: fix hugetlbfs optimization
- LP: #1281791
* usb: core: get config and string descriptors for unauthorized devices
- LP: #1281791
* tty/serial: at91: Handle shutdown more safely
- LP: #1281791
* slub: Fix calculation of cpu slabs
- LP: #1281791
* turbostat: Use GCC's CPUID functions to support PIC
- LP: #1281791
* Linux 3.5.7.30
- LP: #1281791
-- Brad Figg <brad.figg@xxxxxxxxxxxxx> Mon, 10 Feb 2014 09:51:32 -0800
** Changed in: linux (Ubuntu Quantal)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4587
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6367
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6368
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1874
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1277722
Title:
Quantal update to v3.5.7.29 stable release
Status in “linux” package in Ubuntu:
Confirmed
Status in “linux” source package in Quantal:
Fix Released
Bug description:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from Linus' tree or in a minimally
backported form of that patch. The v3.5.7.29 upstream stable
patch set is now available. It should be included in the Ubuntu
kernel as well.
git://git.kernel.org/
TEST CASE: TBD
The following patches are in the v3.5.7.29 stable release:
Linux 3.5.7.29
SELinux: Fix possible NULL pointer dereference in selinux_inode_permission()
mac80211: move "bufferable MMPDU" check to fix AP mode scan
x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround
bridge: use spin_lock_bh() in br_multicast_set_hash_max
net: llc: fix use after free in llc_ui_recvmsg
vlan: Fix header ops passthru when doing TX VLAN offload.
net: rose: restore old recvmsg behavior
rds: prevent dereference of a NULL device
hamradio/yam: fix info leak in ioctl
drivers/net/hamradio: Integer overflow in hdlcdrv_ioctl()
net: inet_diag: zero out uninitialized idiag_{src,dst} fields
net: unix: allow bind to fail on mutex lock
netvsc: don't flush peers notifying work during setting mtu
tg3: Initialize REG_BASE_ADDR at PCI config offset 120 to 0
net: unix: allow set_peek_off to fail
net: drop_monitor: fix the value of maxattr
ipv6: don't count addrconf generated routes against gc limit
macvtap: signal truncated packets
tun: update file current position
macvtap: update file current position
macvtap: Do not double-count received packets
rds: prevent BUG_ON triggered on congestion update to loopback
net: do not pretend FRAGLIST support
sched: Guarantee new group-entities always have weight
sched: Fix hrtimer_cancel()/rq->lock deadlock
sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining
sched: Fix race on toggling cfs_bandwidth_used
ftrace: Check module functions being traced on reload
mm: ensure get_unmapped_area() returns higher address than mmap_min_addr
Revert "mm: ensure get_unmapped_area() returns higher address than mmap_min_addr"
ceph: Avoid data inconsistency due to d-cache aliasing in readpage()
sh: always link in helper functions extracted from libgcc
jbd2: don't BUG but return ENOSPC if a handle runs out of space
GFS2: Fix incorrect invalidation for DIO/buffered I/O
GFS2: don't hold s_umount over blkdev_put
Input: allocate absinfo data when setting ABS capability
powerpc: Align p_end
ath9k_htc: properly set MAC address and BSSID mask
ARM: fix "bad mode in ... handler" message for undefined instructions
powerpc: Fix bad stack check in exception entry
selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()
selinux: fix broken peer recv check
drm/radeon: 0x9649 is SUMO2 not SUMO
ext4: add explicit casts when masking cluster sizes
drm/radeon: fix asic gfx values for scrapper asics
libata, freezer: avoid block device removal while system is frozen
dm9601: work around tx fifo sync issue on dm962x
dm9601: fix reception of full size ethernet frames on dm9620/dm9621a
net_dma: mark broken
ASoC: wm8904: fix DSP mode B configuration
iio:adc:ad7887 Fix channel reported endianness from cpu to big endian
cpupower: Fix segfault due to incorrect getopt_long arugments
ath9k: Fix interrupt handling for the AR9002 family
rtlwifi: pci: Fix oops on driver unload
ALSA: Add SNDRV_PCM_STATE_PAUSED case in wait_for_avail function
sched/rt: Fix rq's cpupri leak while enqueue/dequeue child RT entities
drm/edid: add quirk for BPC in Samsung NP700G7A-S01PL notebook
libata: disable a disk via libata.force params
ftrace: Initialize the ftrace profiler for each possible cpu
radiotap: fix bitmap-end-finding buffer overrun
gpio: msm: Fix irq mask/unmask by writing bits instead of numbers
ALSA: hda - Add enable_msi=0 workaround for four HP machines
drm/radeon: Fix sideport problems on certain RS690 boards
iscsi-target: Fix-up all zero data-length CDBs with R/W_BIT set
drm/i915: don't update the dri1 breadcrumb with modesetting
xhci: Limit the spurious wakeup fix only to HP machines
scripts/link-vmlinux.sh: only filter kernel symbols for arm
usb: cdc-wdm: manage_power should always set needs_remote_wakeup
ext4: fix del_timer() misuse for ->s_err_report
ext2: Fix oops in ext2_get_block() called from ext2_quota_write()
ext4: check for overlapping extents in ext4_valid_extent_entries()
ext4: fix use-after-free in ext4_mb_new_blocks
libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus SpinPoint M8
powerpc: kvm: fix rare but potential deadlock scene
ceph: wake up 'safe' waiters when unregistering request
ceph: cleanup aborted requests when re-sending requests.
TTY: pmac_zilog, check existence of ports in pmz_console_init()
Staging: zram: Fix memory leak by refcount mismatch
ARM: pxa: prevent PXA270 occasional reboot freezes
Staging: zram: Fix access of NULL pointer
IB/qib: Convert qib_user_sdma_pin_pages() to use get_user_pages_fast()
KVM: IOMMU: hva align mapping page size
dm mpath: fix race condition between multipath_dtr and pg_init_done
mm/hugetlb: check for pte NULL pointer in __page_check_address()
intel_idle: enable IVB Xeon support
intel_idle: initial IVB support
selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute()
selinux: look for IPsec labels on both inbound and outbound packets
HID: Bump maximum global item tag report size to 128 bytes
staging: comedi: pcmuio: fix possible NULL deref on detach
staging: comedi: ssv_dnp: use comedi_dio_update_state()
[media] cxd2820r_core: fix sparse warnings
sc1200_wdt: Fix oops
Input: usbtouchscreen - separate report and transmit buffer size handling
ARM: OMAP2+: hwmod: Fix SOFTRESET logic
ARM: OMAP3: hwmod data: Don't prevent RESET of USB Host module
Linux 3.5.7.28
xfs: underflow bug in xfs_attrlist_by_handle()
MIPS: DMA: For BMIPS5000 cores flush region just like non-coherent R10000
drivers/rtc/rtc-at91rm9200.c: correct alarm over day/month wrap
selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()
selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()
KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368)
KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
KVM: Improve create VCPU parameter (CVE-2013-4587)
futex: fix handling of read-only-mapped hugepages
hwmon: Prevent some divide by zeros in FAN_TO_REG()
hwmon: (w83l768ng) Fix fan speed control range
hwmon: (w83l786ng) Fix fan speed control mode setting and reporting
ARM: pxa: tosa: fix keys mapping
dm bufio: initialize read-only module parameters
x86, efi: Don't use (U)EFI time services on 32 bit
x86, build, icc: Remove uninitialized_var() from compiler-intel.h
dm table: fail dm_table_create on dm_round_up overflow
dm snapshot: avoid snapshot space leak on crash
ALSA: memalloc.h - fix wrong truncation of dma_addr_t
ARM: 7913/1: fix framepointer check in unwind_frame
ARM: 7912/1: check stack pointer in get_wchan
crypto: scatterwalk - Use sg_chain_ptr on chain entries
crypto: scatterwalk - Set the chain pointer indication bit
drivers/char/i8k.c: add Dell XPLS L421X
usb: hub: Use correct reset for wedged USB3 devices that are NOTATTACHED
drm/radeon: fixup bad vram size on SI
USB: cdc-acm: Added support for the Lenovo RD02-D400 USB Modem
USB: pl2303: fixed handling of CS5 setting
USB: ftdi_sio: fixed handling of unsupported CSIZE setting
USB: mos7840: correct handling of CS5 setting
USB: spcp8x5: correct handling of CS5 setting
USB: option: support new huawei devices
USB: serial: option: blacklist interface 1 for Huawei E173s-6
[media] saa7164: fix return value check in saa7164_initdev()
usb: dwc3: fix implementation of endpoint wedge
usb: gadget: composite: reset delayed_status on reset_config
USB: serial: fix race in generic write
mac80211: don't attempt to reorder multicast frames
dm delay: fix a possible deadlock due to shared workqueue
nfs: fix do_div() warning by instead using sector_div()
sched: Avoid throttle_cfs_rq() racing with period_timer stopping
NFSv4 wait on recovery for async session errors
9p: send uevent after adding/removing mount_tag attribute
HID: apple: option to swap the 'Option' ("Alt") and 'Command' ("Flag") keys.
HID: roccat: fix Coverity CID 141438
HID: hid-multitouch: add support for SiS panels
HID: add quirk for Freescale i.MX23 ROM recovery
i2c: i801: SMBus patch for Intel Avoton DeviceIDs
Input: mousedev - allow disabling even without CONFIG_EXPERT
Input: allow deselecting serio drivers even without CONFIG_EXPERT
video: kyro: fix incorrect sizes when copying to userspace
iommu/vt-d: Fixed interaction of VFIO_IOMMU_MAP_DMA with IOMMU address limits
elevator: acquire q->sysfs_lock in elevator_change()
dm: fix truncated status strings
um: add missing declaration of 'getrlimit()' and friends
iwlwifi: dvm: don't override mac80211's queue setting
cpuidle: Check for dev before deregistering it.
ASoC: wm8731: fix dsp mode configuration
powerpc/gpio: Fix the wrong GPIO input data on MPC8572/MPC8536
[SCSI] enclosure: fix WARN_ON in dual path device removing
ALSA: hda - Another fixup for ASUS laptop with ALC660 codec
[SCSI] hpsa: return 0 from driver probe function on success, not 1
[SCSI] hpsa: do not discard scsi status on aborted commands
ARM: footbridge: fix VGA initialisation
net: smc91: fix crash regression on the versatile
ALSA: hda - Fix silent output on ASUS W7J laptop
crypto: ccm - Fix handling of zero plaintext when computing mac
crypto: s390 - Fix aes-xts parameter corruption
s390/crypto: Don't panic after crypto instruction failures
crypto: authenc - Find proper IV address in ablkcipher callback
[SCSI] libsas: fix usage of ata_tf_to_fis
xen/gnttab: leave lazy MMU mode in the case of a m2p override failure
irq: Enable all irqs unconditionally in irq_resume
ASoC: wm8990: Mark the register map as dirty when powering down
Update of blkg_stat and blkg_rwstat may happen in bh context. While u64_stats_fetch_retry is only preempt_disable on 32bit UP system. This is not enough to avoid preemption by bh and may read strange 64 bit value.
NFSv4: Update list of irrecoverable errors on DELEGRETURN
mmc: block: fix a bug of error handling in MMC driver
bridge: flush br's address entry in fdb when remove the
{pktgen, xfrm} Update IPv4 header total len and checksum after tranformation
af_packet: block BH in prb_shutdown_retire_blk_timer()
ipv6: fix possible seqlock deadlock in ip6_finish_output2
inet: fix possible seqlock deadlocks
net: clamp ->msg_namelen instead of returning an error
net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST
ipv6: fix leaking uninitialized port number of offender sockaddr
inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions
packet: fix use after free race in send path when dev is released
net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct sockaddr_storage)
net: rework recvmsg handler msg_name and msg_namelen logic
net: core: Always propagate flag changes to interfaces
atm: idt77252: fix dev refcnt leak
inet: prevent leakage of uninitialized memory to user in recv syscalls
ipv4: fix possible seqlock deadlock
connector: improved unaligned access error fix
isdnloop: use strlcpy() instead of strcpy()
bonding: fix two race conditions in bond_store_updelay/downdelay
6lowpan: Uncompression of traffic class field was incorrect
bonding: don't permit to use ARP monitoring in 802.3ad mode
random32: fix off-by-one in seeding requirement
ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
net: Fix "ip rule delete table 256"
[media] lirc_zilog: Don't use dynamic static allocation
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1277722/+subscriptions
References