Security fixes since 2.6.16.27:
- CVE-2006-2935: cdrom: fix bad cgc.buflen assignment
- CVE-2006-3745: Fix sctp privilege elevation
- CVE-2006-4093: powerpc: Clear HID0 attention enable on PPC970 at boot time
- CVE-2006-4145: Fix possible UDF deadlock and memory corruption
Location:
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/
git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.6.16.y.git
RSS feed of the git tree:
http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=rss
Changes since 2.6.16.27:
Adrian Bunk:
fix the SND_FM801_TEA575X dependencies
SOUND_SSCAPE shouldn't depend on OBSOLETE_OSS_DRIVER
update the i386 defconfig
Linux 2.6.16.28-rc1
Linux 2.6.16.28-rc2
Linux 2.6.16.28-rc3
Linux 2.6.16.28
Al Boldi:
ide-io: increase timeout value to allow for slave wakeup
Andi Kleen:
BLOCK: Fix bounce limit address check
Bob Breuer:
SPARC32: Fix iommu_flush_iotlb end address
Chuck Ebbert:
ieee80211: TKIP requires CRC32
Danny Tholen:
1394: fix for recently added firewire patch that breaks things on ppc
Dave Jones:
[AGPGART] Fix Nforce3 suspend on amd64.
David S. Miller:
SPARC64: Fix quad-float multiply emulation.
Jan Kara:
Fix possible UDF deadlock and memory corruption (CVE-2006-4145)
Jens Axboe:
Fix missing ret assignment in __bio_map_user() error path
fix debugfs inode leak
cdrom: fix bad cgc.buflen assignment (CVE-2006-2935)
Michael S. Tsirkin:
IB/mthca: restore missing PCI registers after reset
Olof Johansson:
powerpc: Clear HID0 attention enable on PPC970 at boot time (CVE-2006-4093)
Pavel Machek:
remove obsolete swsusp_encrypt
pdflush: handle resume wakeups
Robert Hancock:
Fix broken suspend/resume in ohci1394
Sridhar Samudrala:
Fix sctp privilege elevation (CVE-2006-3745)
Stefan Richter:
ieee1394: sbp2: enable auto spin-up for Maxtor disks
Yasunori Goto:
memory hotplug: solve config broken: undefined reference to `online_page'
Makefile | 4
arch/i386/Kconfig | 3
arch/i386/defconfig | 1261 ++++++++++++++--------
arch/ia64/Kconfig | 3
arch/powerpc/Kconfig | 3
arch/powerpc/kernel/cpu_setup_power4.S | 2
arch/sparc/mm/iommu.c | 3
arch/x86_64/Kconfig | 2
block/ll_rw_blk.c | 2
drivers/cdrom/cdrom.c | 2
drivers/char/agp/amd64-agp.c | 3
drivers/ide/ide-io.c | 2
drivers/ieee1394/ohci1394.c | 3
drivers/ieee1394/sbp2.c | 3
drivers/infiniband/hw/mthca/mthca_reset.c | 59 +
fs/bio.c | 5
fs/debugfs/inode.c | 3
fs/udf/super.c | 2
fs/udf/truncate.c | 64 -
include/asm-sparc64/sfp-machine.h | 2
include/net/sctp/sctp.h | 13
include/net/sctp/sm.h | 3
kernel/power/Kconfig | 12
mm/Kconfig | 2
mm/pdflush.c | 15
net/ieee80211/Kconfig | 1
net/sctp/sm_make_chunk.c | 30
net/sctp/sm_statefuns.c | 20
net/sctp/socket.c | 10
sound/oss/Kconfig | 2
sound/pci/Kconfig | 14
sound/pci/fm801.c | 2
32 files changed, 1010 insertions(+), 545 deletions(-)
On Saturday 26 August 2006 02:36, Adrian Bunk wrote:
> Security fixes since 2.6.16.27:
> - CVE-2006-2935: cdrom: fix bad cgc.buflen assignment
> - CVE-2006-3745: Fix sctp privilege elevation
> - CVE-2006-4093: powerpc: Clear HID0 attention enable on PPC970 at boot time
> - CVE-2006-4145: Fix possible UDF deadlock and memory corruption
>
>
> Location:
> ftp://ftp.kernel.org/pub/linux/kernel/v2.6/
>
> git tree:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.6.16.y.git
>
> RSS feed of the git tree:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=rss
Why isn't there an incremental patch-2.6.16.27-28.bz2 available
in ftp://ftp.kernel.org/pub/linux/kernel/v2.6/incr ?
--
Greetings Michael.
On Sat, Aug 26, 2006 at 01:00:30PM +0200, Michael Buesch wrote:
> On Saturday 26 August 2006 02:36, Adrian Bunk wrote:
> > Security fixes since 2.6.16.27:
> > - CVE-2006-2935: cdrom: fix bad cgc.buflen assignment
> > - CVE-2006-3745: Fix sctp privilege elevation
> > - CVE-2006-4093: powerpc: Clear HID0 attention enable on PPC970 at boot time
> > - CVE-2006-4145: Fix possible UDF deadlock and memory corruption
> >
> >
> > Location:
> > ftp://ftp.kernel.org/pub/linux/kernel/v2.6/
> >
> > git tree:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.6.16.y.git
> >
> > RSS feed of the git tree:
> > http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=rss
>
> Why isn't there an incremental patch-2.6.16.27-28.bz2 available
> in ftp://ftp.kernel.org/pub/linux/kernel/v2.6/incr ?
Thanks for the note, I've added it now (it might take a few minutes
until it's at the mirrors).
> Greetings Michael.
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
In-Reply-To: <[email protected]>
On Sat, 26 Aug 2006 02:36:39 +0200, Adrian Bunk wrote:
> Location:
> ftp://ftp.kernel.org/pub/linux/kernel/v2.6/
Could you post the incremental patch as a reply like Greg does?
And are you going to apply Paul Fulghum's tty patch? Without it
I get solid lockup on pppd disconnect about once a month.
--
Chuck
On Sat, Aug 26, 2006 at 10:20:43AM -0400, Chuck Ebbert wrote:
> In-Reply-To: <[email protected]>
>
> On Sat, 26 Aug 2006 02:36:39 +0200, Adrian Bunk wrote:
>
> > Location:
> > ftp://ftp.kernel.org/pub/linux/kernel/v2.6/
>
> Could you post the incremental patch as a reply like Greg does?
After Michaels reminder I've put it at ftp.kernel.org .
> And are you going to apply Paul Fulghum's tty patch? Without it
> I get solid lockup on pppd disconnect about once a month.
I've still many patches (including parts of four 2.6.17 releases) to
review and I wasn't yet there.
Paul, can you ACK that this patch is OK for 2.6.16?
> Chuck
cu
Adrian
Subject: tty serialize flush_to_ldisc
From: Paul Fulghum <[email protected]>
Serialize processing of tty buffers in flush_to_ldisc
to fix (very rare) corruption of tty buffer free list
on SMP systems.
Signed-off-by: Paul Fulghum <[email protected]>
Acked-by: Alan Cox <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/char/tty_io.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
--- linux-2.6.17.7.orig/drivers/char/tty_io.c
+++ linux-2.6.17.7/drivers/char/tty_io.c
@@ -2776,7 +2776,7 @@ static void flush_to_ldisc(void *private
struct tty_struct *tty = (struct tty_struct *) private_;
unsigned long flags;
struct tty_ldisc *disc;
- struct tty_buffer *tbuf;
+ struct tty_buffer *tbuf, *head;
int count;
char *char_buf;
unsigned char *flag_buf;
@@ -2793,7 +2793,9 @@ static void flush_to_ldisc(void *private
goto out;
}
spin_lock_irqsave(&tty->buf.lock, flags);
- while((tbuf = tty->buf.head) != NULL) {
+ head = tty->buf.head;
+ tty->buf.head = NULL;
+ while((tbuf = head) != NULL) {
while ((count = tbuf->commit - tbuf->read) != 0) {
char_buf = tbuf->char_buf_ptr + tbuf->read;
flag_buf = tbuf->flag_buf_ptr + tbuf->read;
@@ -2802,10 +2804,12 @@ static void flush_to_ldisc(void *private
disc->receive_buf(tty, char_buf, flag_buf, count);
spin_lock_irqsave(&tty->buf.lock, flags);
}
- if (tbuf->active)
+ if (tbuf->active) {
+ tty->buf.head = head;
break;
- tty->buf.head = tbuf->next;
- if (tty->buf.head == NULL)
+ }
+ head = tbuf->next;
+ if (head == NULL)
tty->buf.tail = NULL;
tty_buffer_free(tty, tbuf);
}
On Saturday 26 August 2006 17:51, Adrian Bunk wrote:
> On Sat, Aug 26, 2006 at 10:20:43AM -0400, Chuck Ebbert wrote:
> > In-Reply-To: <[email protected]>
> >
> > On Sat, 26 Aug 2006 02:36:39 +0200, Adrian Bunk wrote:
> >
> > > Location:
> > > ftp://ftp.kernel.org/pub/linux/kernel/v2.6/
> >
> > Could you post the incremental patch as a reply like Greg does?
>
> After Michaels reminder I've put it at ftp.kernel.org .
Well, actually it would be good to have that incremental patch
as a reply to the mail (like Greg does).
The reason I asked for the incremental patch is that I have to search
the diff and decide if I have to apply that to my server kernel or not.
If it was as reply, this would be much easier.
But anyway. Thanks for maintaining 2.6.16.x. I very much like
to have a stable series kernel for my server.
--
Greetings Michael.
On Sat, 2006-08-26 at 17:51 +0200, Adrian Bunk wrote:
> Paul, can you ACK that this patch is OK for 2.6.16?
> Subject: tty serialize flush_to_ldisc
Yes, it is OK for 2.6.16.
Thanks,
Paul
On Sat, Aug 26, 2006 at 01:30:16PM -0500, Paul Fulghum wrote:
> On Sat, 2006-08-26 at 17:51 +0200, Adrian Bunk wrote:
> > Paul, can you ACK that this patch is OK for 2.6.16?
> > Subject: tty serialize flush_to_ldisc
>
> Yes, it is OK for 2.6.16.
Thanks, applied.
> Thanks,
> Paul
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed