Package : nasm
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-1287
Debian Bug : 285889
Jonathan Rockway discovered a buffer overflow in nasm, the
general-purpose x86 assembler, which could lead to the execution of
arbitrary code when compiling a maliciously crafted assembler source
file.
For the stable distribution (woody) this problem has been fixed in
version 0.98.28cvs-1woody2.
For the unstable distribution (sid) this problem has been fixed in
version 0.98.38-1.1.
We recommend that you upgrade your nasm package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Subject: Updated openssl package for LBA-Linux R1
Advisory ID: LBASA-2004:49
Date: Tuesday, January 4, 2005
Product: LBA-Linux R1
Problem description:
CAN-2004-0975
The der_chop script allows local users to
overwrite files via a symlink attack on temporary files.
CAN-2004-0079
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k,
and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of
service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CAN-2004-0112
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and
0.9.7c, when using Kerberos ciphersuites, does not properly check
the length of Kerberos tickets during a handshake, which allows remote
attackers to cause a denial of service (crash) via a crafted SSL/TLS
handshake that causes an out-of-bounds read.
Subject: Updated libtiff package for LBA-Linux R1
Advisory ID: LBASA-2004:48
Date: Tuesday, January 4, 2005
Product: LBA-Linux R1
Problem description:
CAN-2004-0803
Multiple vulnerabilities in the RLE (run length encoding) decoders for
libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows,
allow remote attackers to execute arbitrary code via TIFF files.
CAN-2004-0804
Vulnerability in in tif_dirread.c for libtiff allows remote attackers to cause
a denial of service (application crash) via a TIFF image that causes a
divide-by-zero error when the number of row bytes is zero.
CAN-2004-0886
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers
to cause a denial of service (crash or memory corruption) via TIFF images
that lead to incorrect malloc calls.
Subject: Updated imlib package for LBA-Linux R1
Advisory ID: LBASA-2004:47
Date: Tuesday, January 4, 2005
Product: LBA-Linux R1
Problem description:
CAN-2004-1025
Multiple heap-based buffer overflows in imlib 1.9.14 and earlier,
which is used by gkrellm and several window managers, allow
remote attackers to cause a denial of service (application crash)
and execute arbitrary code via certain image files.
CAN-2004-1026
Multiple integer overflows in the image handler for imlib 1.9.14
and earlier, which is used by gkrellm and several window managers,
allow remote attackers to cause a denial of service (application crash)
and execute arbitrary code via certain image files.
Subject: Updated samba package for LBA-Linux R1
Advisory ID: LBASA-2004:46
Date: Tuesday, January 4, 2005
Product: LBA-Linux R1
Problem description:
CAN-2004-0930
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly
other versions allows remote authenticated users to cause a
denial of service (CPU consumption) via a SAMBA request that
contains multiple * (wildcard) characters.
CAN-2004-0882
Buffer overflow in the QFILEPATHINFO request handler in
Samba 3.0.x through 3.0.7 may allow remote attackers to
execute arbitrary code via a TRANSACT2_QFILEPATHINFO request
with a small "maximum data bytes" value.
CAN-2004-1154
Integer overflow in the Samba daemon (smbd) in Samba 2.x
and 3.0.x through 3.0.9 allows remote authenticated users to
cause a denial of service (application crash) and possibly execute
arbitrary code via a Samba request with a large number of security
descriptors that triggers a heap-based buffer overflow.
Subject: Updated squid package for LBA-Linux R1
Advisory ID: LBASA-2004:45
Date: Tuesday, January 4, 2005
Product: LBA-Linux R1
Problem description:
CAN-2004-0918
The asn_parse_header function (asn1.c) in the SNMP module for
Squid Web Proxy Cache before 2.4.STABLE7 allows remote
attackers to cause a denial of service (server restart) via certain
SNMP packets with negative length fields that causes a memory allocation error.
CAN-2004-0832
The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6
and earlier, with NTLM authentication enabled, allow remote attackers to
cause a denial of service (application crash) via an NTLMSSP packet that
causes a negative value to be passed to memcpy.
Squid Malformed Host Name Error Message Information Leakage.
Subject: Updated httpd package for LBA-Linux R1
Advisory ID: LBASA-2004:44
Date: Tuesday, January 4, 2005
Product: LBA-Linux R1
Problem description:
CAN-2004-0885
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the
"SSLCipherSuite" directive in directory or location context, allows remote
clients to bypass intended restrictions by using any cipher suite that is
allowed by the virtual host configuration.
CAN-2004-0942
Apache webserver 2.0.52 and earlier allows remote attackers to cause
a denial of service (CPU consumption) via an HTTP GET request with a
MIME header containing multiple lines with a large number of space
characters.
Subject: Updated XFree86 package for LBA-Linux R1
Advisory ID: LBASA-2004:43
Date: Tuesday, January 4, 2005
Product: LBA-Linux R1
Problem description:
Chris Evans reported three vulnerabilities in libXpm which can
be exploited remotely by providing malformed XPM image files.
The function xpmParseColors() is vulnerable to an integer overflow
and a stack-based buffer overflow. The functions ParseAndPutPixels()
as well as ParsePixels() is vulnerable to a stack-based buffer overflow too.
KDE applications which use the ftp kioslave, e.g. Konqueror, allow
remote attackers to execute arbitrary FTP commands via an ftp://
URL that contains an URL-encoded newline ( %0a ) before the ftp
command, which causes the commands to be inserted into the resulting
FTP session.
Due to similiarities between the ftp and the SMTP protocol, this
vulnerability allows to misuse the ftp slave to connect to a
SMTP server and issue arbitrary commands, like sending an email.
3. Impact:
The FTP kioslave can be misused to execute any ftp command on the
server or be a vector for sending out unsolicited email.
4. Solution:
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
26/12/2004 Public bug report filed against kio_ftp by Thiago Macieira
about being able to send email via kio_ftp CR/LF injection.
26/12/2004 Patches developed by Thiago Macieira developed and applied
to CVS.
01/01/2005 Advisory released.
Product : Fedora Core 3
Name : kernel
Version : 2.6.9
Release : 1.724_FC3
Summary : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
A large change over previous kernels has been made. The 4G:4G memory
split patch has been dropped, and Fedora kernels now revert back to
the upstream 3G:1G kernel/userspace split.
A number of security fixes are present in this update.
CAN-2004-1016:
Paul Starzetz discovered a buffer overflow vulnerability in the "__scm_send"
function which handles the sending of UDP network packets. A wrong validity
check of the cmsghdr structure allowed a local attacker to modify kernel
memory, thus causing an endless loop (Denial of Service) or possibly even
root privilege escalation.
CAN-2004-1017:
Alan Cox reported two potential buffer overflows with the io_edgeport driver.
CAN-2004-1068:
A race condition was discovered in the handling of AF_UNIX network packets.
This reportedly allowed local users to modify arbitrary kernel memory,
facilitating privilege escalation, or possibly allowing code execution in the
context of the kernel.
CAN-2004-1137:
Paul Starzetz discovered several flaws in the IGMP handling code. This
allowed users to provoke a Denial of Service, read kernel memory, and execute
arbitrary code with root privileges. This flaw is also exploitable remotely
if an application has bound a multicast socket.
CAN-2004-1151:
Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall()
and sys32_vm86_warning() functions. This could possibly be exploited to
overwrite kernel memory with attacker-supplied code and cause root privilege
escalation.
NO-CAN-ASSIGNED:
Fix memory leak in ip_conntrack_ftp (local DoS)
Do not leak IP options. (local DoS)
fix missing security_*() check in net/compat.c
ia64/x86_64/s390 overlapping vma fix
Fix bugs with SOCK_SEQPACKET AF_UNIX sockets
Make sure VC resizing fits in s16.
Georgi Guninski reported a buffer overflow with vc_resize().
Clear ebp on sysenter return.
A small information leak was found by Brad Spengler.
Sat Jan 01 2005 Dave Jones <davej@redhat.com>
Fix probing of vesafb. (#125890)
Enable PCILynx driver. (#142173)
Fri Dec 31 2004 Dave Jones <davej@redhat.com>
Drop 4g/4g patch completely.
Tue Dec 28 2004 Dave Jones <davej@redhat.com>
Drop bogus ethernet slab cache.
Thu Dec 23 2004 Dave Jones <davej@redhat.com>
Fix bio error propagation.
Clear ebp on sysenter return.
Extra debugging info on OOM kill.
exit() race fix.
Fix refcounting order in sd/sr, fixing cable pulls on USB storage.
IGMP source filter fixes.
Fix ext2/3 leak on umount.
fix missing wakeup in ipc/sem
Fix another tux corner case bug.
Wed Dec 22 2004 Dave Jones <davej@redhat.com>
Add another ipod to the unusual usb devices list. (#142779)
Tue Dec 21 2004 Dave Jones <davej@redhat.com>
Fix two silly bugs in the AGP posting fixes.
Thu Dec 16 2004 Dave Jones <davej@redhat.com>
Better version of the PCI Posting fixes for agpgart.
Add missing cache flush to the AGP code.
Sun Dec 12 2004 Dave Jones <davej@redhat.com>
fix false ECHILD result from wait* with zombie group leader.
Sat Dec 11 2004 Dave Jones <davej@redhat.com>
Workaround broken pci posting in AGPGART.
Make sure VC resizing fits in s16.
Fri Dec 10 2004 Dave Jones <davej@redhat.com>
Prevent block device queues from being shared in viocd. (#139018)
Libata updates. (#132848, #138405)
aacraid: remove aac_handle_aif (#135527)
fix uninitialized variable in waitid(2). (#142505)
Fix CMSG validation checks wrt. signedness.
Fix memory leak in ip_conntrack_ftp
[IPV4]: Do not leak IP options.
ppc64: Align PACA buffer for hypervisor's use. (#141817)
ppc64: Indicate that the veth link is always up. (#135402)
ppc64: Quiesce OpenFirmware stdin device at boot. (#142009)
SELinux: Fix avc_node_update oops. (#142353)
Fix CCISS ioctl return code.
Make ppc64's pci_alloc_consistent() conform to documentation. (#140047)
Disable tiglusb module. (#142102)
E1000 64k-alignment fix. (#140047)
Disable tiglusb module. (#142102)
ID updates for cciss driver.
Fix overflows in USB Edgeport-IO driver. (#142258)
Fix wrong TASK_SIZE for 32bit processes on x86-64. (#141737)
Fix ext2/ext3 xattr/mbcache race. (#138951)
Fix bug where __getblk_slow can loop forever when pages are partially mapped. (#140424)
Add missing cache flushes in agpgart code.
Wed Dec 08 2004 Dave Jones <davej@redhat.com>
Enable EDD
Enable ETH1394. (#138497)
Workaround E1000 post-maturely writing back to TX descriptors. (#133261)
Fix the previous E1000 errata workaround.
Several IDE fixes from 2.6.9-ac
vm pageout throttling. (#133858)
Fix Tux from oopsing. (#140918)
Fix Tux/SELinux incompatability (#140916)
Fix Tux/IPV6 problem. (#140916)
ide: Fix possible oops on boot.
Make spinlock debugging panic instead of printk.
Update Emulex lpfc driver to 8.0.16
Selected patches from 2.6.9-ac12
ppc64: Fix inability to find space for TCE table (#138844)
Fix compat fcntl F_GETLK{,64} (#141680)
blkdev_get_blocks(): handle eof
Another card reader for the whitelist. (#134094)
Sat Dec 04 2004 Dave Jones <davej@redhat.com>
Enable both old and new megaraid drivers.
Add yet another card reader to usb scsi whitelist. (#141367)
Fix oops in conntrack on rmmod.
Fri Dec 03 2004 Dave Jones <davej@redhat.com>
Pull in bits of -ac12
Should fix the smbfs & visor issues among others.
Thu Dec 02 2004 Dave Jones <davej@redhat.com>
Drop the futex debug patch, it served its purpose.
XFRM layer bug fixes
ppc64: Convert to using ibm,read-slot-reset-state2 RTAS call
ide: Make CSB6 driver support configurations.
ide: Handle early EOF on CDs.
Fix sx8 device naming in sysfs
e100/e1000: return -EINVAL when setting rx-mini or rx-jumbo. (#140793)
Wed Dec 01 2004 Dave Jones <davej@redhat.com>
Disable 4G/4G for i686.
Workaround for the E1000 erratum 23 (#140047)
Remove bogus futex warning. (#138179)
x86_64: Fix lost edge triggered irqs on UP kernel.
x86_64: Reenable DRI for MGA.
Workaround E1000 post-maturely writing back to TX descriptors (#133261)
3c59x: add EEPROM_RESET for 3c900 Boomerang
Fix buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()
ext3: improves ext3's error logging when we encounter an on-disk corruption.
ext3: improves ext3's ability to deal with corruption on-disk
ext3: Handle double-delete of indirect blocks.
Disable SCB2 flash driver for RHEL4. (#141142)
Tue Nov 30 2004 Dave Jones <davej@redhat.com>
x86_64: add an option to configure oops stack dump
x86[64]: display phys_proc_id only when it is initialized
x86_64: no TIOCSBRK/TIOCCBRK in ia32 emulation
via-rhine: references __init code during resume
Add barriers to generic timer code to prevent race. (#128242)
ppc64: Add PURR and version data to /proc/ppc64/lparcfg
Prevent xtime value becoming incorrect.
scsi: return full SCSI status byte in SG_IO
Fix show_trace() in irq context with CONFIG_4KSTACKS
Adjust alignment of pagevec structure.
md: make sure md always uses rdev_dec_pending properly.
Make proc_pid_status not dereference dead task structs.
sg: Fix oops of sg_cmd_done and sg_release race (#140648)
fix bad segment coalescing in blk_recalc_rq_segments()
fix missing security_*() check in net/compat.c
ia64/x86_64/s390 overlapping vma fix
Update Emulex lpfc to 8.0.15
Mon Nov 29 2004 Dave Jones <davej@redhat.com>
Add another card reader to whitelist. (#141022)
Fix possible hang in do_wait() (#140042)
Fix ps showing wrong ppid. (#132030)
Print advice to use -hugemem if >=16GB of memory is detected.
Enable ICOM serial driver. (#136150)
Enable acpi hotplug driver for IA64.
SCSI: fix USB forced remove oops.
ia64: add missing sn2 timer mask in time_interpolator code. (#140580)
ia64: Fix hang reading /proc/pal/cpu0/tr_info (#139571)
ia64: bump number of UARTS. (#139100)
Fix ACPI debug level (#141292)
Make EDD runtime configurable, and reenable.
ppc64: IBM VSCSI driver race fix. (#138725)
ppc64: Ensure PPC64 interrupts don't end up hard-disabled. (#139020, #131590)
ppc64: Yet more sigsuspend/singlestep fixing. (#140102, #137931)
x86-64: Implement ACPI based reset mechanism. (#139104)
Backport 2.6.10rc sysfs changes needed for IBM hotplug driver. (#140372)
Update Emulex lpfc driver to v8.0.14
Optimize away the unconditional write to debug registers on signal delivery path.
Fix up scsi_test_unit_ready() to work correctly with CD-ROMs.
md: fix two little bugs in raid10
Remove incorrect ELF check from module loading. (#140954)
Plug leaks in error paths of aic driver.
Add refcounting to scsi command allocation.
Taint oopses on machine checks, bad_page()'s calls and forced rmmod's.
Share Intel cache descriptors between x86 & x86-64.
rx checksum support for gige nForce ethernet
vm: vm_dirty_ratio initialisation fix
Sun Nov 28 2004 Dave Jones <davej@redhat.com>
Move 4g/4g kernel into -hugemem.
Sat Nov 27 2004 Dave Jones <davej@redhat.com>
Recognise Shuttle SN85G4 card reader. (#139163)
Tue Nov 23 2004 Dave Jones <davej@redhat.com>
Add futex debug patch.
Mon Nov 22 2004 Dave Jones <davej@redhat.com>
Update -ac patch to 2.6.9-ac11
make tulip_stop_rxtx() wait for DMA to fully stop. (#138240)
ACPI: Make LEqual less strict about operand types matching.
scsi: avoid extra 'put' on devices in __scsi_iterate_device() (#138135)
Fix bugs with SOCK_SEQPACKET AF_UNIX sockets
Reenable token ring drivers. (#119345)
SELinux: Map Unix seqpacket sockets to appropriate security class
SELinux: destroy avtab node cache in policy load error path.
AF_UNIX: Serialize dgram read using semaphore just like stream.
lockd: NLM blocks locks don't sleep
NFS lock recovery fixes
Add more MODULE_VERSION tags (#136403)
Update qlogic driver to 2.6.10rc2 level.
cciss: fixes for clustering
ieee802.11 update.
ipw2100: update to ver 1.0.0
ipw2200: update to ver 1.0.0
Enable promisc mode on ipw2100
3c59x: reload EEPROM values at rmmod for needy cards
ppc64: Prevent sigsuspend stomping on r4 and r5
ppc64: Alternative single-step fix.
fix for recursive netdump oops on x86_64
ia64: Fix IRQ routing fix when booted with maxcpus= (#138236)
ia64: search the iommu for the correct size
Deal with fraglists correctly on ipv4/ipv6 output
Various statm accounting fixes (#139447)
Reenable CMM /proc interface for s390 (#137397)
Fri Nov 19 2004 Dave Jones <davej@redhat.com>
e100: fix improper enabling of interrupts. (#139706)
autofs4: allow map update recognition
Various TCP fixes from 2.6.10rc
Various netlink fixes from 2.6.10rc
[IPV4]: Do not try to unhash null-netdev nexthops.
ppc64: Make NUMA map CPU->node before bringing up the CPU (#128063)
ppc64: sched domains / cpu hotplug cleanup. (#128063)
ppc64: Add a CPU_DOWN_PREPARE hotplug CPU notifier (#128063)
ppc64: Register a cpu hotplug notifier to reinitialize the
scheduler domains hierarchy (#128063)
Product : Fedora Core 2
Name : kernel
Version : 2.6.9
Release : 1.11_FC2
Summary : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
A large change over previous kernels has been made. The 4G:4G memory
split patch has been dropped, and Fedora kernels now revert back to
the upstream 3G:1G kernel/userspace split.
A number of security fixes are present in this update.
CAN-2004-1016:
Paul Starzetz discovered a buffer overflow vulnerability in the "__scm_send"
function which handles the sending of UDP network packets. A wrong validity
check of the cmsghdr structure allowed a local attacker to modify kernel
memory, thus causing an endless loop (Denial of Service) or possibly even
root privilege escalation.
CAN-2004-1017:
Alan Cox reported two potential buffer overflows with the io_edgeport driver.
CAN-2004-1068:
A race condition was discovered in the handling of AF_UNIX network packets.
This reportedly allowed local users to modify arbitrary kernel memory,
facilitating privilege escalation, or possibly allowing code execution in the
context of the kernel.
CAN-2004-1137:
Paul Starzetz discovered several flaws in the IGMP handling code. This
allowed users to provoke a Denial of Service, read kernel memory, and execute
arbitrary code with root privileges. This flaw is also exploitable remotely
if an application has bound a multicast socket.
CAN-2004-1151:
Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall()
and sys32_vm86_warning() functions. This could possibly be exploited to
overwrite kernel memory with attacker-supplied code and cause root privilege
escalation.
NO-CAN-ASSIGNED:
Fix memory leak in ip_conntrack_ftp (local DoS)
Do not leak IP options. (local DoS)
fix missing security_*() check in net/compat.c
ia64/x86_64/s390 overlapping vma fix
Fix bugs with SOCK_SEQPACKET AF_UNIX sockets
Make sure VC resizing fits in s16.
Georgi Guninski reported a buffer overflow with vc_resize().
Clear ebp on sysenter return.
A small information leak was found by Brad Spengler.
Sat Jan 01 2005 Dave Jones <davej@redhat.com>
Fix probing of vesafb. (#125890)
Enable PCILynx driver. (#142173)
Fri Dec 31 2004 Dave Jones <davej@redhat.com>
Drop 4g/4g patch completely.
Tue Dec 28 2004 Dave Jones <davej@redhat.com>
Drop bogus ethernet slab cache.
Thu Dec 23 2004 Dave Jones <davej@redhat.com>
Fix bio error propagation.
Clear ebp on sysenter return.
Extra debugging info on OOM kill.
exit() race fix.
Fix refcounting order in sd/sr, fixing cable pulls on USB storage.
IGMP source filter fixes.
Fix ext2/3 leak on umount.
fix missing wakeup in ipc/sem
Fix another tux corner case bug.
Wed Dec 22 2004 Dave Jones <davej@redhat.com>
Add another ipod to the unusual usb devices list. (#142779)
Tue Dec 21 2004 Dave Jones <davej@redhat.com>
Fix two silly bugs in the AGP posting fixes.
Thu Dec 16 2004 Dave Jones <davej@redhat.com>
Better version of the PCI Posting fixes for agpgart.
Add missing cache flush to the AGP code.
Sun Dec 12 2004 Dave Jones <davej@redhat.com>
fix false ECHILD result from wait* with zombie group leader.
Sat Dec 11 2004 Dave Jones <davej@redhat.com>
Workaround broken pci posting in AGPGART.
Make sure VC resizing fits in s16.
Fri Dec 10 2004 Dave Jones <davej@redhat.com>
Prevent block device queues from being shared in viocd. (#139018)
Libata updates. (#132848, #138405)
aacraid: remove aac_handle_aif (#135527)
fix uninitialized variable in waitid(2). (#142505)
Fix CMSG validation checks wrt. signedness.
Fix memory leak in ip_conntrack_ftp
[IPV4]: Do not leak IP options.
ppc64: Align PACA buffer for hypervisor's use. (#141817)
ppc64: Indicate that the veth link is always up. (#135402)
ppc64: Quiesce OpenFirmware stdin device at boot. (#142009)
SELinux: Fix avc_node_update oops. (#142353)
Fix CCISS ioctl return code.
Make ppc64's pci_alloc_consistent() conform to documentation. (#140047)
Disable tiglusb module. (#142102)
E1000 64k-alignment fix. (#140047)
Disable tiglusb module. (#142102)
ID updates for cciss driver.
Fix overflows in USB Edgeport-IO driver. (#142258)
Fix wrong TASK_SIZE for 32bit processes on x86-64. (#141737)
Fix ext2/ext3 xattr/mbcache race. (#138951)
Fix bug where __getblk_slow can loop forever when pages are partially mapped. (#140424)
Add missing cache flushes in agpgart code.
Wed Dec 08 2004 Dave Jones <davej@redhat.com>
Enable EDD
Enable ETH1394. (#138497)
Workaround E1000 post-maturely writing back to TX descriptors. (#133261)
Fix the previous E1000 errata workaround.
Several IDE fixes from 2.6.9-ac
vm pageout throttling. (#133858)
Fix Tux from oopsing. (#140918)
Fix Tux/SELinux incompatability (#140916)
Fix Tux/IPV6 problem. (#140916)
ide: Fix possible oops on boot.
Make spinlock debugging panic instead of printk.
Update Emulex lpfc driver to 8.0.16
Selected patches from 2.6.9-ac12
ppc64: Fix inability to find space for TCE table (#138844)
Fix compat fcntl F_GETLK{,64} (#141680)
blkdev_get_blocks(): handle eof
Another card reader for the whitelist. (#134094)
Sat Dec 04 2004 Dave Jones <davej@redhat.com>
Enable both old and new megaraid drivers.
Add yet another card reader to usb scsi whitelist. (#141367)
Fix oops in conntrack on rmmod.
Fri Dec 03 2004 Dave Jones <davej@redhat.com>
Pull in bits of -ac12
Should fix the smbfs & visor issues among others.
Thu Dec 02 2004 Dave Jones <davej@redhat.com>
Drop the futex debug patch, it served its purpose.
XFRM layer bug fixes
ppc64: Convert to using ibm,read-slot-reset-state2 RTAS call
ide: Make CSB6 driver support configurations.
ide: Handle early EOF on CDs.
Fix sx8 device naming in sysfs
e100/e1000: return -EINVAL when setting rx-mini or rx-jumbo. (#140793)
Wed Dec 01 2004 Dave Jones <davej@redhat.com>
Disable 4G/4G for i686.
Workaround for the E1000 erratum 23 (#140047)
Remove bogus futex warning. (#138179)
x86_64: Fix lost edge triggered irqs on UP kernel.
x86_64: Reenable DRI for MGA.
Workaround E1000 post-maturely writing back to TX descriptors (#133261)
3c59x: add EEPROM_RESET for 3c900 Boomerang
Fix buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()
ext3: improves ext3's error logging when we encounter an on-disk corruption.
ext3: improves ext3's ability to deal with corruption on-disk
ext3: Handle double-delete of indirect blocks.
Disable SCB2 flash driver for RHEL4. (#141142)
Tue Nov 30 2004 Dave Jones <davej@redhat.com>
x86_64: add an option to configure oops stack dump
x86[64]: display phys_proc_id only when it is initialized
x86_64: no TIOCSBRK/TIOCCBRK in ia32 emulation
via-rhine: references __init code during resume
Add barriers to generic timer code to prevent race. (#128242)
ppc64: Add PURR and version data to /proc/ppc64/lparcfg
Prevent xtime value becoming incorrect.
scsi: return full SCSI status byte in SG_IO
Fix show_trace() in irq context with CONFIG_4KSTACKS
Adjust alignment of pagevec structure.
md: make sure md always uses rdev_dec_pending properly.
Make proc_pid_status not dereference dead task structs.
sg: Fix oops of sg_cmd_done and sg_release race (#140648)
fix bad segment coalescing in blk_recalc_rq_segments()
fix missing security_*() check in net/compat.c
ia6 4/x86_64/s390 overlapping vma fix
Update Emulex lpfc to 8.0.15
Mon Nov 29 2004 Dave Jones <davej@redhat.com>
Add another card reader to whitelist. (#141022)
Fix possible hang in do_wait() (#140042)
Fix ps showing wrong ppid. (#132030)
Print advice to use -hugemem if >=16GB of memory is detected.
Enable ICOM serial driver. (#136150)
Enable acpi hotplug driver for IA64.
SCSI: fix USB forced remove oops.
ia64: add missing sn2 timer mask in time_interpolator code. (#140580)
ia64: Fix hang reading /proc/pal/cpu0/tr_info (#139571)
ia64: bump number of UARTS. (#139100)
Fix ACPI debug level (#141292)
Make EDD runtime configurable, and reenable.
ppc64: IBM VSCSI driver race fix. (#138725)
ppc64: Ensure PPC64 interrupts don't end up hard-disabled. (#139020, #131590)
ppc64: Yet more sigsuspend/singlestep fixing. (#140102, #137931)
x86-64: Implement ACPI based reset mechanism. (#139104)
Backport 2.6.10rc sysfs changes needed for IBM hotplug driver. (#140372)
Update Emulex lpfc driver to v8.0.14
Optimize away the unconditional write to debug registers on signal delivery path.
Fix up scsi_test_unit_ready() to work correctly with CD-ROMs.
md: fix two little bugs in raid10
Remove incorrect ELF check from module loading. (#140954)
Plug leaks in error paths of aic driver.
Add refcounting to scsi command allocation.
Taint oopses on machine checks, bad_page()'s calls and forced rmmod's.
Share Intel cache descriptors between x86 & x86-64.
rx checksum support for gige nForce ethernet
vm: vm_dirty_ratio initialisation fix
Mon Nov 29 2004 Soeren Sandmann <sandmann@redhat.com>
Build FC-3 kernel in RHEL build root
Sun Nov 28 2004 Dave Jones <davej@redhat.com>
Move 4g/4g kernel into -hugemem.
Sat Nov 27 2004 Dave Jones <davej@redhat.com>
Recognise Shuttle SN85G4 card reader. (#139163)
Tue Nov 23 2004 Dave Jones <davej@redhat.com>
Add futex debug patch.
Mon Nov 22 2004 Dave Jones <davej@redhat.com>
Update -ac patch to 2.6.9-ac11
make tulip_stop_rxtx() wait for DMA to fully stop. (#138240)
ACPI: Make LEqual less strict about operand types matching.
scsi: avoid extra 'put' on devices in __scsi_iterate_device() (#138135)
Fix bugs with SOCK_SEQPACKET AF_UNIX sockets
Reenable token ring drivers. (#119345)
SELinux: Map Unix seqpacket sockets to appropriate security class
SELinux: destroy avtab node cache in policy load error path.
AF_UNIX: Serialize dgram read using semaphore just like stream.
lockd: NLM blocks locks don't sleep
NFS lock recovery fixes
Add more MODULE_VERSION tags (#136403)
Update qlogic driver to 2.6.10rc2 level.
cciss: fixes for clustering
ieee802.11 update.
ipw2100: update to ver 1.0.0
ipw2200: update to ver 1.0.0
Enable promisc mode on ipw2100
3c59x: reload EEPROM values at rmmod for needy cards
ppc64: Prevent sigsuspend stomping on r4 and r5
ppc64: Alternative single-step fix.
fix for recursive netdump oops on x86_64
ia64: Fix IRQ routing fix when booted with maxcpus= (#138236)
ia64: search the iommu for the correct size
Deal with fraglists correctly on ipv4/ipv6 output
Various statm accounting fixes (#139447)
Reenable CMM /proc interface for s390 (#137397)
Fri Nov 19 2004 Dave Jones <davej@redhat.com>
e100: fix improper enabling of interrupts. (#139706)
autofs4: allow map update recognition
Various TCP fixes from 2.6.10rc
Various netlink fixes from 2.6.10rc
[IPV4]: Do not try to unhash null-netdev nexthops.
ppc64: Make NUMA map CPU->node before bringing up the CPU (#128063)
ppc64: sched domains / cpu hotplug cleanup. (#128063)
ppc64: Add a CPU_DOWN_PREPARE hotplug CPU notifier (#128063)
ppc64: Register a cpu hotplug notifier to reinitialize the
scheduler domains hierarchy (#128063)
