linux-toradex.git, branch v2.6.20.13

Linux 2.6.20.13

2007-06-07T21:23:23+00:00

[PATCH] NETFILTER: {ip, nf}_conntrack_sctp: fix remotely triggerable NULL ptr dereference (CVE-2007-2876)

2007-06-07T21:23:05+00:00

When creating a new connection by sending an unknown chunk type, we
don't transition to a valid state, causing a NULL pointer dereference in
sctp_packet when accessing sctp_timeouts[SCTP_CONNTRACK_NONE].

Fix by don't creating new conntrack entry if initial state is invalid.

Noticed by Vilmos Nebehaj 

CC: Kiran Kumar Immidi 
Cc: David Miller 
Signed-off-by: Patrick McHardy 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Chris Wright

[PATCH] cpuset: prevent information leak in cpuset_tasks_read (CVE-2007-2875)

2007-06-07T21:23:05+00:00

Use simple_read_from_buffer to avoid possible underflow in
cpuset_tasks_read which could allow user to read kernel memory.

Note: This is fixed upstream in 85badbdf5120d246ce2bb3f1a7689a805f9c9006

Signed-off-by: Chris Wright

[PATCH] random: fix seeding with zero entropy (CVE-2007-2453 2 of 2)

2007-06-07T21:23:04+00:00

Add data from zero-entropy random_writes directly to output pools to
avoid accounting difficulties on machines without entropy sources.

Tested on lguest with all entropy sources disabled.

Signed-off-by: Matt Mackall 
Acked-by: "Theodore Ts'o" 
Signed-off-by: Linus Torvalds 
Signed-off-by: Chris Wright

[PATCH] random: fix error in entropy extraction (CVE-2007-2453 1 of 2)

2007-06-07T21:23:04+00:00

Fix cast error in entropy extraction.
Add comments explaining the magic 16.
Remove extra confusing loop variable.

Signed-off-by: Matt Mackall 
Acked-by: "Theodore Ts'o" 
Signed-off-by: Linus Torvalds 
Signed-off-by: Chris Wright

Linux 2.6.20.12

2007-05-24T21:21:02+00:00

[PATCH] GEODE-AES: Allow in-place operations [CVE-2007-2451]

2007-05-24T21:20:43+00:00

Allow in-place crypto operations.  Also remove the coherent user flag
(we use it automagically now), and by default use the user written
key rather then the HW hidden key - this makes crypto just work without
any special considerations, and thats OK, since its our only usage
model.

Signed-off-by: Jordan Crouse 
Signed-off-by: Herbert Xu 
Signed-off-by: Chris Wright

Linux 2.6.20.11

2007-05-02T00:34:12+00:00

Revert "adjust legacy IDE resource setting (v2)"

2007-05-02T00:06:03+00:00

Revert "adjust legacy IDE resource setting (v2)"

This reverts commit ed8ccee0918ad063a4741c0656fda783e02df627.

It causes hang on boot for some users and we don't yet know why:

http://bugzilla.kernel.org/show_bug.cgi?id=7562

http://lkml.org/lkml/2007/4/20/404
http://lkml.org/lkml/2007/3/25/113

Just reverse it for 2.6.21-final, having broken X server is somehow
better than unbootable system.

Signed-off-by: Bartlomiej Zolnierkiewicz 
Cc: Chuck Ebbert 
Signed-off-by: Greg Kroah-Hartman

cfq-iosched: fix alias + front merge bug

2007-05-02T00:06:03+00:00

There's a really rare and obscure bug in CFQ, that causes a crash in
cfq_dispatch_insert() due to rq == NULL. One example of that is seen
here:

http://lkml.org/lkml/2007/4/15/41

Neil correctly diagnosed the situation for how this can happen, read
that analysis here:

http://lkml.org/lkml/2007/4/25/57

This looks like it requires md to trigger, even though it should
potentially be possible to due with O_DIRECT (at least if you edit the
kernel and doctor some of the unplug calls).

The fix is to move the ->next_rq update to when we add a request to the
rbtree. Then we remove the possibility for a request to exist in the
rbtree code, but not have ->next_rq correctly updated.

Signed-off-by: Jens Axboe 
Signed-off-by: Greg Kroah-Hartman