Bug#662573: Changes from longterm 2.6.32.58
Package: src:linux-2.6
Version: 2.6.32-41
Severity: important
- drm/i915: no lvds quirk for AOpen MP45
Fixes incorrect detection of an LVDS display panel on this compact PC.
It's not clear what the impact is, but I would guess that it can
result in no signal being sent through the real outputs. We won't
get this by default since we updated DRM to 2.6.33, but we should
probably apply it anyway.
- hwmon: (f75375s) Fix bit shifting in f75375_write16
Fixes fan speed programming in this driver. This is important as
incorrect fan configuration can result in overheating and/or sudden
shutdown.
- lib: proportion: lower PROP_MAX_SHIFT to 32 on 64-bit kernel
Fixes potential integer overflow or division by zero in calculations
used to manage writeback of memory-mapped files. Might be exploitable
for denial of service.
- relay: prevent integer overflow in relay_open()
Fixes integer overflow that can be turned into a heap buffer overflow.
This appears to be exploitable by any user with access to a block
device. It might require that debugfs is mounted, but I don't think
so.
- mac80211: timeout a single frame in the rx reorder buffer
Fixes possible excessive delay to received wireless packets.
- kernel.h: fix wrong usage of __ratelimit()
- printk_ratelimited(): fix uninitialized spinlock
Fixes for the printk_ratelimited function which I cherry-picked for
the fix for CVE-2011-4127. Oops.
- hwmon: (f75375s) Fix automatic pwm mode setting for F75373 & F75375
Fixes incorrect fan control programming in this driver.
- crypto: sha512 - Use binary and instead of modulus
- crypto: sha512 - Avoid stack bloat on i386
- crypto: sha512 - use standard ror64()
These should complete the sha512 fixes started in 2.6.32.56, though a
further change may be required to reduce stack size on sparc.
- eCryptfs: Remove mmap from directory operations
Removes the useless implementation of mmap on ecryptfs directories.
Currently mmap succeeds but the mapping is not usable, causing the
process to die with signal SIGBUS.
- Ban ecryptfs over ecryptfs
Prevents recursive use of ecryptfs, which currently results in a
crash (BUG) and is not likely to be useful.
- Add mount option to check uid of device being mounted = expect uid, CVE-2011-1833
Part of a fix for a race condition in private ecryptfs mounting that
can be used to access block devices owned by other users. Requires an
updated ecryptfs-utils to set the new mount option.
- drm/radeon/kms: fix MSI re-arm on rv370+
Fixes interrupt arming on some Radeon chips. The bug would presumably
lead to a graphics lock-up. We won't get this by default since we
updated DRM to 2.6.33, but we should probably apply it anyway.
- ecryptfs: read on a directory should return EISDIR if not supported
Fixes an error code that is commonly used by userland to distinguish
directories and files (the example given is grep -r).
- SCSI: 3w-9xxx fix bug in sgl loading
Fixes operation of some ioctls in this driver. This brings the driver
up to the hardware vendor's recommended minimum version.
- ARM: 7321/1: cache-v7: Disable preemption when reading CCSIDR
- ARM: 7325/1: fix v7 boot with lockdep enabled
Not relevant to the platforms supported in squeeze.
- USB: Added Kamstrup VID/PIDs to cp210x serial driver.
New hardware support.
- USB: Fix handoff when BIOS disables host PCI device.
Fixes xHCI (USB 3.0 interface) setup on some systems.
- xhci: Fix encoding for HS bulk/control NAK rate.
Fixes a bug in configuration of xHCI for a newly connected device that
can cause the device to be unusable. This particularly affects USB
2.0 storage devices connected to VIA xHCIs.
- hdpvr: fix race conditon during start of streaming
Fixes a race condition in this video capture driver that can cause it
to stop capturing immediately after being started.
- eCryptfs: Use notify_change for truncating lower inodes
Fixes a bug in truncating files on ecryptfs which could lead to data
corruption or leaking of blocks, depending on the lower filesystem.
- eCryptfs: Remove extra d_delete in ecryptfs_rmdir
Fixes a bug in removing a directory on ecryptfs which would lead to,
for example, an oops when the lower filesystem is NFSv3.
- eCryptfs: Clear i_nlink in rmdir
Fixes a bug in deletion of directories on ecryptfs which would lead
to the deletion not being reported through inotify etc.
- cdrom: use copy_to_user() without the underscores
Fixes integer overflow in validation of the buffer address for reading
CD audio data on 32-bit architectures. A user with permission to read
a CD drive could possibly use this to overwrite kernel code.
- autofs: work around unhappy compat problem on x86-64
- Fix autofs compile without CONFIG_COMPAT
- compat: fix compile breakage on s390
Fixes compatibility of amd64 kernel with i386 userland for autofs
protocol version 5.
- PM: Print a warning if firmware is requested when tasks are frozen
- firmware loader: allow builtin firmware load even if usermodehelper is disabled
- PM / Sleep: Fix freezer failures due to racy usermodehelper_is_disabled()
- PM / Sleep: Fix read_unlock_usermodehelper() call.
Mitigates bugs in some drivers that result in requesting firmware
during resume from sleep/hibernation. Currently this will result in a
delay of 60 seconds, since userland has not yet been resumed and the
firmware agent therefore does not respond to the request.
Ben.
-- System Information:
Debian Release: wheezy/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: