<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux, branch v2.6.33.17</title>
<subtitle>Linux kernel source tree</subtitle>
<id>https://git.amat.us/linux/atom/?h=v2.6.33.17</id>
<link rel='self' href='https://git.amat.us/linux/atom/?h=v2.6.33.17'/>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/'/>
<updated>2011-08-08T17:48:25Z</updated>
<entry>
<title>Linux 2.6.33.17</title>
<updated>2011-08-08T17:48:25Z</updated>
<author>
<name>Greg Kroah-Hartman</name>
<email>gregkh@suse.de</email>
</author>
<published>2011-08-08T17:48:25Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=2bfed129b9afe882864f53735efe004defe4c383'/>
<id>urn:sha1:2bfed129b9afe882864f53735efe004defe4c383</id>
<content type='text'>
</content>
</entry>
<entry>
<title>drm/i915: Fix typo in DRM_I915_OVERLAY_PUT_IMAGE ioctl define</title>
<updated>2011-08-08T17:36:11Z</updated>
<author>
<name>Ole Henrik Jahren</name>
<email>olehenja@alumni.ntnu.no</email>
</author>
<published>2011-07-22T13:56:01Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=8b65599076036bbb2830391b0ca00f2d9f4bd5ce'/>
<id>urn:sha1:8b65599076036bbb2830391b0ca00f2d9f4bd5ce</id>
<content type='text'>
commit 842d452985300f4ec14c68cb86046e8a1a3b7251 upstream.

Because of a typo, calling ioctl with DRM_IOCTL_I915_OVERLAY_PUT_IMAGE
is broken if the macro is used directly. When using libdrm the bug is
not hit, since libdrm handles the ioctl encoding internally.

The typo also leads to the .cmd and .cmd_drv fields of the drm_ioctl
structure for DRM_I915_OVERLAY_PUT_IMAGE having inconsistent content.

Signed-off-by: Ole Henrik Jahren &lt;olehenja@alumni.ntnu.no&gt;
Acked-by: Daniel Vetter &lt;daniel.vetter@ffwll.ch&gt;
Signed-off-by: Keith Packard &lt;keithp@keithp.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>dm: fix idr leak on module removal</title>
<updated>2011-08-08T17:36:10Z</updated>
<author>
<name>Alasdair G Kergon</name>
<email>agk@redhat.com</email>
</author>
<published>2011-08-02T11:32:01Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=8d637efc631096456dba6ae73d5fdc5eecd2906d'/>
<id>urn:sha1:8d637efc631096456dba6ae73d5fdc5eecd2906d</id>
<content type='text'>
commit d15b774c2920d55e3d58275c97fbe3adc3afde38 upstream.

Destroy _minor_idr when unloading the core dm module.  (Found by kmemleak.)

Signed-off-by: Alasdair G Kergon &lt;agk@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>dm mpath: fix potential NULL pointer in feature arg processing</title>
<updated>2011-08-08T17:36:10Z</updated>
<author>
<name>Mike Snitzer</name>
<email>snitzer@redhat.com</email>
</author>
<published>2011-08-02T11:32:00Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=1120616a78cceff1b4a417c61b94da35edf09bdf'/>
<id>urn:sha1:1120616a78cceff1b4a417c61b94da35edf09bdf</id>
<content type='text'>
commit 286f367dad40beb3234a18c17391d03ba939a7f3 upstream.

Avoid dereferencing a NULL pointer if the number of feature arguments
supplied is fewer than indicated.

Signed-off-by: Mike Snitzer &lt;snitzer@redhat.com&gt;
Signed-off-by: Alasdair G Kergon &lt;agk@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>ALSA: sound/core/pcm_compat.c: adjust array index</title>
<updated>2011-08-08T17:36:09Z</updated>
<author>
<name>Julia Lawall</name>
<email>julia@diku.dk</email>
</author>
<published>2011-07-28T12:46:05Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=87c6272e4096149ddee39b6e923c87bbf5bcdd5a'/>
<id>urn:sha1:87c6272e4096149ddee39b6e923c87bbf5bcdd5a</id>
<content type='text'>
commit ca9380fd68514c7bc952282c1b4fc70607e9fe43 upstream.

Convert array index from the loop bound to the loop index.

A simplified version of the semantic patch that fixes this problem is as
follows: (http://coccinelle.lip6.fr/)

// &lt;smpl&gt;
@@
expression e1,e2,ar;
@@

for(e1 = 0; e1 &lt; e2; e1++) { &lt;...
  ar[
- e2
+ e1
  ]
  ...&gt; }
// &lt;/smpl&gt;

Signed-off-by: Julia Lawall &lt;julia@diku.dk&gt;
Signed-off-by: Takashi Iwai &lt;tiwai@suse.de&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>proc: restrict access to /proc/PID/io</title>
<updated>2011-08-08T17:36:08Z</updated>
<author>
<name>Vasiliy Kulikov</name>
<email>segoon@openwall.com</email>
</author>
<published>2011-06-24T12:08:38Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=000c40644220a5cea94b46889b1be5275152f172'/>
<id>urn:sha1:000c40644220a5cea94b46889b1be5275152f172</id>
<content type='text'>
commit 1d1221f375c94ef961ba8574ac4f85c8870ddd51 upstream.

/proc/PID/io may be used for gathering private information.  E.g.  for
openssh and vsftpd daemons wchars/rchars may be used to learn the
precise password length.  Restrict it to processes being able to ptrace
the target process.

ptrace_may_access() is needed to prevent keeping open file descriptor of
"io" file, executing setuid binary and gathering io information of the
setuid'ed process.

Signed-off-by: Vasiliy Kulikov &lt;segoon@openwall.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>alpha: fix several security issues</title>
<updated>2011-08-08T17:36:08Z</updated>
<author>
<name>Dan Rosenberg</name>
<email>drosenberg@vsecurity.com</email>
</author>
<published>2011-06-15T22:09:01Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=20e25df086ca0a450479bfe7c24b4f4b5b3f6dab'/>
<id>urn:sha1:20e25df086ca0a450479bfe7c24b4f4b5b3f6dab</id>
<content type='text'>
commit 21c5977a836e399fc710ff2c5367845ed5c2527f upstream.

Fix several security issues in Alpha-specific syscalls.  Untested, but
mostly trivial.

1. Signedness issue in osf_getdomainname allows copying out-of-bounds
kernel memory to userland.

2. Signedness issue in osf_sysinfo allows copying large amounts of
kernel memory to userland.

3. Typo (?) in osf_getsysinfo bounds minimum instead of maximum copy
size, allowing copying large amounts of kernel memory to userland.

4. Usage of user pointer in osf_wait4 while under KERNEL_DS allows
privilege escalation via writing return value of sys_wait4 to kernel
memory.

Signed-off-by: Dan Rosenberg &lt;drosenberg@vsecurity.com&gt;
Cc: Richard Henderson &lt;rth@twiddle.net&gt;
Cc: Ivan Kokshaysky &lt;ink@jurassic.park.msu.ru&gt;
Cc: Matt Turner &lt;mattst88@gmail.com&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>netns xfrm: fixup xfrm6_tunnel error propagation</title>
<updated>2011-08-08T17:36:08Z</updated>
<author>
<name>Alexey Dobriyan</name>
<email>adobriyan@gmail.com</email>
</author>
<published>2010-01-25T10:28:21Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=dcaf8e29487ed3a66e20fa061941a61ce7689889'/>
<id>urn:sha1:dcaf8e29487ed3a66e20fa061941a61ce7689889</id>
<content type='text'>
commit e924960dacdf85d118a98c7262edf2f99c3015cf upstream.

Signed-off-by: Alexey Dobriyan &lt;adobriyan@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>gre: fix netns vs proto registration ordering</title>
<updated>2011-08-08T17:36:07Z</updated>
<author>
<name>Alexey Dobriyan</name>
<email>adobriyan@gmail.com</email>
</author>
<published>2010-02-16T07:57:44Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=1ab3f68eb0da46cdb290e10682029e04042bc5f4'/>
<id>urn:sha1:1ab3f68eb0da46cdb290e10682029e04042bc5f4</id>
<content type='text'>
commit c2892f02712e9516d72841d5c019ed6916329794 upstream.

GRE protocol receive hook can be called right after protocol addition is done.
If netns stuff is not yet initialized, we're going to oops in
net_generic().

This is remotely oopsable if ip_gre is compiled as module and packet
comes at unfortunate moment of module loading.

Signed-off-by: Alexey Dobriyan &lt;adobriyan@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>Revert "block: rescan partitions on invalidated devices on -ENOMEDIA too"</title>
<updated>2011-08-08T17:36:06Z</updated>
<author>
<name>Greg Kroah-Hartman</name>
<email>gregkh@suse.de</email>
</author>
<published>2011-08-02T21:45:26Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=20befe11b5aae8d20479c0e3a73bace6db5b4a9a'/>
<id>urn:sha1:20befe11b5aae8d20479c0e3a73bace6db5b4a9a</id>
<content type='text'>
This reverts commit 6f31747bfeb8c74e6d0a10ecef0abe2a04c5a6cb (commit
02e352287a40bd456eb78df705bf888bc3161d3f upstream)

This should have only been commited on .38 and newer, not older kernels
like this one, sorry.

Cc: Tejun Heo &lt;tj@kernel.org&gt;
Cc: David Zeuthen &lt;zeuthen@gmail.com&gt;
Cc: Martin Pitt &lt;martin.pitt@ubuntu.com&gt;
Cc: Kay Sievers &lt;kay.sievers@vrfy.org&gt;
Cc: Alan Cox &lt;alan@lxorguk.ukuu.org.uk&gt;
Cc: Jens Axboe &lt;jaxboe@fusionio.com&gt;
Cc: Andi Kleen &lt;ak@linux.intel.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</content>
</entry>
</feed>
