Bug #646114 “mlock on stack will create guard page gap” : Bugs : linux package : Ubuntu

Revision history for this message

Kees Cook (kees) wrote on 2010-09-23:

#1

Test-case:

http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/annotate/head%3A/scripts/kernel/guard-page/split-stack.c

Changed in linux (Ubuntu Maverick):
status:	New → Fix Released

Revision history for this message

Stefan Bader (smb) wrote on 2010-09-23:

#2

This should be fixed in Hardy. Those changes were part of the emergency fix to unbreak Xen.

Changed in linux (Ubuntu Hardy):
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-10-19:

#3

This bug was fixed in the package linux - 2.6.32-25.45

---------------
linux (2.6.32-25.45) lucid-security; urgency=low

[ Upstream Kernel Changes ]

  * v4l: disable dangerous buggy compat function
    - CVE-2010-2963
  * Local privilege escalation vulnerability in RDS sockets
    - CVE-2010-3904
  * mm: (pre-stable) Move vma_stack_continue into mm.h
    - LP: #646114
  * net sched: fix some kernel memory leaks
    - CVE-2010-2942
  * irda: Correctly clean up self->ias_obj on irda_bind() failure.
    - CVE-2010-2954
  * wireless extensions: fix kernel heap content leak
    - CVE-2010-2955
  * KEYS: Fix RCU no-lock warning in keyctl_session_to_parent()
    - CVE-2010-2960
  * KEYS: Fix bug in keyctl_session_to_parent() if parent has no session
    keyring
    - CVE-2010-2960
  * aio: check for multiplication overflow in do_io_submit
    - CVE-2010-3067
  * xfs: prevent reading uninitialized stack memory
    - CVE-2010-3078
  * ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
    - CVE-2010-3080
  * niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL
    - CVE-2010-3084
  * rose: Fix signedness issues wrt. digi count.
    - CVE-2010-3310
  * sctp: Do not reset the packet during sctp_packet_config().
    - CVE-2010-3432
  * Fix pktcdvd ioctl dev_minor range check
    - CVE-2010-3437
  * ALSA: prevent heap corruption in snd_ctl_new()
    - CVE-2010-3442
  * net sched: fix kernel leak in act_police
    - CVE-2010-3477
  * Fix out-of-bounds reading in sctp_asoc_get_hmac()
    - CVE-2010-3705
  * ocfs2: Don't walk off the end of fast symlinks.
    - CVE-2010-NNN2
-- Steve Conklin <email address hidden> Wed, 06 Oct 2010 16:16:20 +0100

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-10-19:

#4

This bug was fixed in the package linux - 2.6.31-22.67

---------------
linux (2.6.31-22.67) karmic-security; urgency=low

[ Upstream Kernel Changes ]

  * Local privilege escalation vulnerability in RDS sockets
    - CVE-2010-3904
  * v4l: disable dangerous buggy compat function
    - CVE-2010-2963
  * mm: Do not assume ENOMEM when looking at a split stack vma
    - LP: #646114
  * mm: Use helper to find real vma with stack guard page
    - LP: #646114
  * Fix race in tty_fasync() properly
    - CVE-2009-4895
  * ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files
    - CVE-2010-2066
  * xfs: prevent swapext from operating on write-only files
    - CVE-2010-2226
  * cifs: Fix a kernel BUG with remote OS/2 server (try #3)
    - CVE-2010-2248
  * ethtool: Fix potential user buffer overflow for ETHTOOL_{G, S}RXFH
    - CVE-2010-2478
  * l2tp: Fix oops in pppol2tp_xmit
    - CVE-2010-2495
  * nfsd4: bug in read_buf
    - CVE-2010-2521
  * CIFS: Fix a malicious redirect problem in the DNS lookup code
    - CVE-2010-2524
  * GFS2: rename causes kernel Oops
    - CVE-2010-2798
  * net sched: fix some kernel memory leaks
    - CVE-2010-2942
  * jfs: don't allow os2 xattr namespace overlap with others
    - CVE-2010-2946
  * irda: Correctly clean up self->ias_obj on irda_bind() failure.
    - CVE-2010-2954
  * wireless extensions: fix kernel heap content leak
    - CVE-2010-2955
  * ext4: consolidate in_range() definitions
    - CVE-2010-3015
  * aio: check for multiplication overflow in do_io_submit
    - CVE-2010-3067
  * xfs: prevent reading uninitialized stack memory
    - CVE-2010-3078
  * ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
    - CVE-2010-3080
  * niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL
    - CVE-2010-3084
  * rose: Fix signedness issues wrt. digi count.
    - CVE-2010-3310
  * sctp: Do not reset the packet during sctp_packet_config().
    - CVE-2010-3432
  * Fix pktcdvd ioctl dev_minor range check
    - CVE-2010-3437
  * ALSA: prevent heap corruption in snd_ctl_new()
    - CVE-2010-3442
  * net sched: fix kernel leak in act_police
    - CVE-2010-3477
  * Fix out-of-bounds reading in sctp_asoc_get_hmac()
    - CVE-2010-3705
  * ocfs2: Don't walk off the end of fast symlinks.
    - CVE-2010-NNN2
-- Steve Conklin <email address hidden> Wed, 06 Oct 2010 16:05:21 +0100

This bug was fixed in the package linux - 2.6.31-22.67

---------------
linux (2.6.31-22.67) karmic-security; urgency=low

[ Upstream Kernel Changes ]

* Local privilege escalation vulnerability in RDS sockets
    - CVE-2010-3904
  * v4l: disable dangerous buggy compat function
    - CVE-2010-2963
  * mm: Do not assume ENOMEM when looking at a split stack vma
    -  LP: #646114
  * mm: Use helper to find real vma with stack guard page
    -  LP: #646114
  * Fix race in tty_fasync() properly
    - CVE-2009-4895
  * ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files
    - CVE-2010-2066
  * xfs: prevent swapext from operating on write-only files
    - CVE-2010-2226
  * cifs: Fix a kernel BUG with remote OS/2 server (try #3)
    - CVE-2010-2248
  * ethtool: Fix potential user buffer overflow for ETHTOOL_{G, S}RXFH
    - CVE-2010-2478
  * l2tp: Fix oops in pppol2tp_xmit
    - CVE-2010-2495
  * nfsd4: bug in read_buf
    - CVE-2010-2521
  * CIFS: Fix a malicious redirect problem in the DNS lookup code
    - CVE-2010-2524
  * GFS2: rename causes kernel Oops
    - CVE-2010-2798
  * net sched: fix some kernel memory leaks
    - CVE-2010-2942
  * jfs: don't allow os2 xattr namespace overlap with others
    - CVE-2010-2946
  * irda: Correctly clean up self->ias_obj on irda_bind() failure.
    - CVE-2010-2954
  * wireless extensions: fix kernel heap content leak
    - CVE-2010-2955
  * ext4: consolidate in_range() definitions
    - CVE-2010-3015
  * aio: check for multiplication overflow in do_io_submit
    - CVE-2010-3067
  * xfs: prevent reading uninitialized stack memory
    - CVE-2010-3078
  * ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
    - CVE-2010-3080
  * niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL
    - CVE-2010-3084
  * rose: Fix signedness issues wrt. digi count.
    - CVE-2010-3310
  * sctp: Do not reset the packet during sctp_packet_config().
    - CVE-2010-3432
  * Fix pktcdvd ioctl dev_minor range check
    - CVE-2010-3437
  * ALSA: prevent heap corruption in snd_ctl_new()
    - CVE-2010-3442
  * net sched: fix kernel leak in act_police
    - CVE-2010-3477
  * Fix out-of-bounds reading in sctp_asoc_get_hmac()
    - CVE-2010-3705
  * ocfs2: Don't walk off the end of fast symlinks.
    - CVE-2010-NNN2
 -- Steve Conklin <sconklin@canonical.com>   Wed, 06 Oct 2010 16:05:21 +0100

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-10-19:

#5

This bug was fixed in the package linux - 2.6.28-19.66

---------------
linux (2.6.28-19.66) jaunty-security; urgency=low

[ Stefan Bader ]

  * Revert "SAUCE: (no-up) Modularize vesafb -- fix initialization"
  * mm: Use helper to find real vma with stack guard page
    - LP: #646114
  * mm: Do not assume ENOMEM when looking at a split stack vma
    - LP: #646114

[ Upstream Kernel Changes ]

  * x86-64, compat: Test %rax for the syscall number, not %eax
    - CVE-2010-3301
  * x86-64, compat: Retruncate rax after ia32 syscall entry tracing
    - CVE-2010-3301
  * compat: Make compat_alloc_user_space() incorporate the access_ok()
    - CVE-2010-3081
  * Fix race in tty_fasync() properly
    - CVE-2009-4895
  * xfs: prevent swapext from operating on write-only files
    - CVE-2010-2226
  * cifs: Fix a kernel BUG with remote OS/2 server (try #3)
    - CVE-2010-2248
  * nfsd4: bug in read_buf
    - CVE-2010-2521
  * GFS2: rename causes kernel Oops
    - CVE-2010-2798
  * net sched: fix some kernel memory leaks
    - CVE-2010-2942
  * jfs: don't allow os2 xattr namespace overlap with others
    - CVE-2010-2946
  * irda: Correctly clean up self->ias_obj on irda_bind() failure.
    - CVE-2010-2954
  * wireless extensions: fix kernel heap content leak
    - CVE-2010-2955
  * ext4: consolidate in_range() definitions
    - CVE-2010-3015
  * aio: check for multiplication overflow in do_io_submit
    - CVE-2010-3067
  * xfs: prevent reading uninitialized stack memory
    - CVE-2010-3078
  * ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
    - CVE-2010-3080
  * rose: Fix signedness issues wrt. digi count.
    - CVE-2010-3310
  * sctp: Do not reset the packet during sctp_packet_config().
    - CVE-2010-3432
  * Fix pktcdvd ioctl dev_minor range check
    - CVE-2010-3437
  * ALSA: prevent heap corruption in snd_ctl_new()
    - CVE-2010-3442
  * net sched: fix kernel leak in act_police
    - CVE-2010-3477
  * Fix out-of-bounds reading in sctp_asoc_get_hmac()
    - CVE-2010-3705
  * v4l: disable dangerous buggy compat function
-- Steve Conklin <email address hidden> Fri, 15 Oct 2010 16:26:53 -0500

This bug was fixed in the package linux - 2.6.28-19.66

---------------
linux (2.6.28-19.66) jaunty-security; urgency=low

[ Stefan Bader ]

* Revert "SAUCE: (no-up) Modularize vesafb -- fix initialization"
  * mm: Use helper to find real vma with stack guard page
    - LP: #646114
  * mm: Do not assume ENOMEM when looking at a split stack vma
    - LP: #646114

[ Upstream Kernel Changes ]

* x86-64, compat: Test %rax for the syscall number, not %eax
    - CVE-2010-3301
  * x86-64, compat: Retruncate rax after ia32 syscall entry tracing
    - CVE-2010-3301
  * compat: Make compat_alloc_user_space() incorporate the access_ok()
    - CVE-2010-3081
  * Fix race in tty_fasync() properly
    - CVE-2009-4895
  * xfs: prevent swapext from operating on write-only files
    - CVE-2010-2226
  * cifs: Fix a kernel BUG with remote OS/2 server (try #3)
    - CVE-2010-2248
  * nfsd4: bug in read_buf
    - CVE-2010-2521
  * GFS2: rename causes kernel Oops
    - CVE-2010-2798
  * net sched: fix some kernel memory leaks
    - CVE-2010-2942
  * jfs: don't allow os2 xattr namespace overlap with others
    - CVE-2010-2946
  * irda: Correctly clean up self->ias_obj on irda_bind() failure.
    - CVE-2010-2954
  * wireless extensions: fix kernel heap content leak
    - CVE-2010-2955
  * ext4: consolidate in_range() definitions
    - CVE-2010-3015
  * aio: check for multiplication overflow in do_io_submit
    - CVE-2010-3067
  * xfs: prevent reading uninitialized stack memory
    - CVE-2010-3078
  * ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
    - CVE-2010-3080
  * rose: Fix signedness issues wrt. digi count.
    - CVE-2010-3310
  * sctp: Do not reset the packet during sctp_packet_config().
    - CVE-2010-3432
  * Fix pktcdvd ioctl dev_minor range check
    - CVE-2010-3437
  * ALSA: prevent heap corruption in snd_ctl_new()
    - CVE-2010-3442
  * net sched: fix kernel leak in act_police
    - CVE-2010-3477
  * Fix out-of-bounds reading in sctp_asoc_get_hmac()
    - CVE-2010-3705
  * v4l: disable dangerous buggy compat function
 -- Steve Conklin <sconklin@canonical.com>   Fri, 15 Oct 2010 16:26:53 -0500

Changed in linux (Ubuntu Jaunty):
status:	New → Fix Released
Changed in linux (Ubuntu Karmic):
status:	New → Fix Released
Changed in linux (Ubuntu Lucid):
status:	New → Fix Released

Tim Gardner (timg-tpi) on 2011-03-21

Changed in linux-mvl-dove (Ubuntu):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Dapper):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Jaunty):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Karmic):
status:	New → Invalid

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-03-24:

#6

Download full text (65.1 KiB)

This bug was fixed in the package linux-mvl-dove - 2.6.32-216.33

---------------
linux-mvl-dove (2.6.32-216.33) lucid-proposed; urgency=low

[ Ubuntu: 2.6.32-31.60 ]

  * Release Tracking Bug
    - LP: #734950
  * SAUCE: Clear new_profile in error path
    - LP: #732700
  * [Config] CONFIG_BOOT_PRINTK_DELAY=y
    - LP: #733191
  * Revert "drm/radeon/bo: add some fallback placements for VRAM only
    objects."
    - LP: #652934
  * drm/radeon: fall back to GTT if bo creation/validation in VRAM fails.
    - LP: #652934
  * drm/radeon/kms: Fix retrying ttm_bo_init() after it failed once.
    - LP: #652934
  * xfs: always use iget in bulkstat
    - LP: #692848
  * drm/radeon/kms: make the mac rv630 quirk generic
    - LP: #728687
  * drm/radeon/kms: add pll debugging output
    - LP: #728687
  * drm/radeon: remove 0x4243 pci id
    - LP: #728687
  * drm/radeon/kms: fix s/r issues with bios scratch regs
    - LP: #728687
  * drm/i915/lvds: Add AOpen i915GMm-HFS to the list of false-positive LVDS
    - LP: #728687
  * drm/i915: Add dependency on CONFIG_TMPFS
    - LP: #728687
  * Linux 2.6.32.29+drm33.14
    - LP: #728687
  * NFSD: memory corruption due to writing beyond the stat array
    - LP: #728687
  * mptfusion: mptctl_release is required in mptctl.c
    - LP: #728687
  * mptfusion: Fix Incorrect return value in mptscsih_dev_reset
    - LP: #728687
  * ocfs2_connection_find() returns pointer to bad structure
    - LP: #728687
  * x25: decrement netdev reference counts on unload
    - LP: #728687
  * x86, hpet: Disable per-cpu hpet timer if ARAT is supported
    - LP: #728687
  * OHCI: work around for nVidia shutdown problem
    - LP: #728687
  * x86/pvclock: Zero last_value on resume
    - LP: #728687
  * av7110: check for negative array offset
    - LP: #728687
  * CRED: Fix get_task_cred() and task_state() to not resurrect dead
    credentials
    - LP: #728687
  * bonding/vlan: Avoid mangled NAs on slaves without VLAN tag insertion
    - LP: #728687
  * CRED: Fix kernel panic upon security_file_alloc() failure.
    - LP: #728687
  * CRED: Fix BUG() upon security_cred_alloc_blank() failure
    - LP: #728687
  * CRED: Fix memory and refcount leaks upon security_prepare_creds()
    failure
    - LP: #728687
  * sendfile(): check f_op.splice_write() rather than f_op.sendpage()
    - LP: #728687
  * isdn: hisax: Replace the bogus access to irq stats
    - LP: #728687
  * ixgbe: add support for 82599 based Express Module X520-P2
    - LP: #728687
  * ixgbe: prevent speculative processing of descriptors before ready
    - LP: #728687
  * scsi_dh_alua: add netapp to dev list
    - LP: #728687
  * scsi_dh_alua: Add IBM Power Virtual SCSI ALUA device to dev list
    - LP: #728687
  * dm raid1: fail writes if errors are not handled and log fails
    - LP: #728687
  * GFS2: Fix bmap allocation corner-case bug
    - LP: #728687
  * dm raid1: fix null pointer dereference in suspend
    - LP: #728687
  * sunrpc/cache: fix module refcnt leak in a failure path
    - LP: #728687
  * be2net: Maintain tx and rx counters in driver
    - LP: #728687
  * tcp: Make TCP_MAXSEG minimum more correct.
    - LP: #728687
  * nfsd: correctly handle return value from ...

This bug was fixed in the package linux-mvl-dove - 2.6.32-216.33

---------------
linux-mvl-dove (2.6.32-216.33) lucid-proposed; urgency=low

[ Ubuntu: 2.6.32-31.60 ]

* Release Tracking Bug
    - LP: #734950
  * SAUCE: Clear new_profile in error path
    - LP: #732700
  * [Config] CONFIG_BOOT_PRINTK_DELAY=y
    - LP: #733191
  * Revert "drm/radeon/bo: add some fallback placements for VRAM only
    objects."
    - LP: #652934
  * drm/radeon: fall back to GTT if bo creation/validation in VRAM fails.
    - LP: #652934
  * drm/radeon/kms: Fix retrying ttm_bo_init() after it failed once.
    - LP: #652934
  * xfs: always use iget in bulkstat
    - LP: #692848
  * drm/radeon/kms: make the mac rv630 quirk generic
    - LP: #728687
  * drm/radeon/kms: add pll debugging output
    - LP: #728687
  * drm/radeon: remove 0x4243 pci id
    - LP: #728687
  * drm/radeon/kms: fix s/r issues with bios scratch regs
    - LP: #728687
  * drm/i915/lvds: Add AOpen i915GMm-HFS to the list of false-positive LVDS
    - LP: #728687
  * drm/i915: Add dependency on CONFIG_TMPFS
    - LP: #728687
  * Linux 2.6.32.29+drm33.14
    - LP: #728687
  * NFSD: memory corruption due to writing beyond the stat array
    - LP: #728687
  * mptfusion: mptctl_release is required in mptctl.c
    - LP: #728687
  * mptfusion: Fix Incorrect return value in mptscsih_dev_reset
    - LP: #728687
  * ocfs2_connection_find() returns pointer to bad structure
    - LP: #728687
  * x25: decrement netdev reference counts on unload
    - LP: #728687
  * x86, hpet: Disable per-cpu hpet timer if ARAT is supported
    - LP: #728687
  * OHCI: work around for nVidia shutdown problem
    - LP: #728687
  * x86/pvclock: Zero last_value on resume
    - LP: #728687
  * av7110: check for negative array offset
    - LP: #728687
  * CRED: Fix get_task_cred() and task_state() to not resurrect dead
    credentials
    - LP: #728687
  * bonding/vlan: Avoid mangled NAs on slaves without VLAN tag insertion
    - LP: #728687
  * CRED: Fix kernel panic upon security_file_alloc() failure.
    - LP: #728687
  * CRED: Fix BUG() upon security_cred_alloc_blank() failure
    - LP: #728687
  * CRED: Fix memory and refcount leaks upon security_prepare_creds()
    failure
    - LP: #728687
  * sendfile(): check f_op.splice_write() rather than f_op.sendpage()
    - LP: #728687
  * isdn: hisax: Replace the bogus access to irq stats
    - LP: #728687
  * ixgbe: add support for 82599 based Express Module X520-P2
    - LP: #728687
  * ixgbe: prevent speculative processing of descriptors before ready
    - LP: #728687
  * scsi_dh_alua: add netapp to dev list
    - LP: #728687
  * scsi_dh_alua: Add IBM Power Virtual SCSI ALUA device to dev list
    - LP: #728687
  * dm raid1: fail writes if errors are not handled and log fails
    - LP: #728687
  * GFS2: Fix bmap allocation corner-case bug
    - LP: #728687
  * dm raid1: fix null pointer dereference in suspend
    - LP: #728687
  * sunrpc/cache: fix module refcnt leak in a failure path
    - LP: #728687
  * be2net: Maintain tx and rx counters in driver
    - LP: #728687
  * tcp: Make TCP_MAXSEG minimum more correct.
    - LP: #728687
  * nfsd: correctly handle return value from nfsd_map_name_to_*
    - LP: #728687
  * s390: remove task_show_regs
    - LP: #728687
  * PM / Hibernate: Return error code when alloc_image_page() fails
    - LP: #728687
  * fs/partitions: Validate map_count in Mac partition tables
    - LP: #728687
  * ALSA: HDA: Add position_fix quirk for an Asus device
    - LP: #718402, #728687
  * ALSA: caiaq - Fix possible string-buffer overflow
    - LP: #728687
  * radio-aimslab.c needs #include <linux/delay.h>
    - LP: #728687
  * ARM: Ensure predictable endian state on signal handler entry
    - LP: #728687
  * acer-wmi: Fix capitalisation of GUID
    - LP: #728687
  * eCryptfs: Copy up lower inode attrs in getattr
    - LP: #728687
  * platform: x86: acer-wmi: world-writable sysfs threeg file
    - LP: #728687
  * platform: x86: asus_acpi: world-writable procfs files
    - LP: #728687
  * platform: x86: tc1100-wmi: world-writable sysfs wireless and jogdial
    files
    - LP: #728687
  * genirq: Disable the SHIRQ_DEBUG call in request_threaded_irq for now
    - LP: #728687
  * usb: musb: omap2430: fix kernel panic on reboot
    - LP: #728687
  * USB: add quirks entry for Keytouch QWERTY Panel
    - LP: #728687
  * USB: Add Samsung SGH-I500/Android modem ID switch to visor driver
    - LP: #728687
  * USB: Add quirk for Samsung Android phone modem
    - LP: #728687
  * p54pci: update receive dma buffers before and after processing
    - LP: #728687
  * sierra: add new ID for Airprime/Sierra USB IP modem
    - LP: #728687
  * staging: usbip: vhci: update reference count for usb_device
    - LP: #728687
  * staging: usbip: vhci: give back URBs from in-flight unlink requests
    - LP: #728687
  * staging: usbip: vhci: refuse to enqueue for dead connections
    - LP: #728687
  * staging: usbip: vhci: use urb->dev->portnum to find port
    - LP: #728687
  * epoll: prevent creating circular epoll structures
    - LP: #728687
  * ldm: corrupted partition table can cause kernel oops
    - LP: #728687
  * md: correctly handle probe of an 'mdp' device.
    - LP: #728687
  * x86 quirk: Fix polarity for IRQ0 pin2 override on SB800 systems
    - LP: #728687
  * xhci: Avoid BUG() in interrupt context
    - LP: #728687
  * xhci: Clarify some expressions in the TRB math
    - LP: #728687
  * xhci: Fix errors in the running total calculations in the TRB math
    - LP: #728687
  * xhci: Fix an error in count_sg_trbs_needed()
    - LP: #728687
  * x25: Do not reference freed memory.
    - LP: #728687
  * Linux 2.6.32.30
    - LP: #728687
  * Linux 2.6.32.31
    - LP: #728687
  * Ocfs2/refcounttree: Fix a bug for refcounttree to writeback clusters in
    a right number.
    - LP: #731226
  * mfd: Fix NULL pointer due to non-initialized ucb1x00-ts absinfo
    - LP: #731226
  * x86: Use u32 instead of long to set reset vector back to 0
    - LP: #731226
  * fuse: fix hang of single threaded fuseblk filesystem
    - LP: #731226
  * clockevents: Prevent oneshot mode when broadcast device is periodic
    - LP: #731226
  * ext2: Fix link count corruption under heavy link+rename load
    - LP: #731226
  * sctp: Fix oops when sending queued ASCONF chunks
    - LP: #731226
  * virtio: set pci bus master enable bit
    - LP: #731226
  * netxen: fix set mac addr
    - LP: #731226
  * HID: add support for Acan FG-8100 barcode reader
    - LP: #731226
  * p54usb: add Senao NUB-350 usbid
    - LP: #731226
  * dccp: fix oops on Reset after close
    - LP: #731226
  * e1000e: disable broken PHY wakeup for ICH10 LOMs, use MAC wakeup
    instead
    - LP: #731226
  * r8169: disable ASPM
    - LP: #731226
  * usb: iowarrior: don't trust report_size for buffer size
    - LP: #731226
  * arp_notify: unconditionally send gratuitous ARP for
    NETDEV_NOTIFY_PEERS.
    - LP: #731226
  * CIFS: Fix oplock break handling (try #2)
    - LP: #731226
  * Linux 2.6.32.32
    - LP: #731226

[ Ubuntu: 2.6.32-30.59 ]

* Release Tracking Bug
    - LP: #727336
  * [Config] CONFIG_IRQ_TIME_ACCOUNTING=n
    - LP: #723819
  * virtio_net: Add schedule check to napi_enable call
    - LP: #579276
  * NFS: fix the return value of nfs_file_fsync()
    - LP: #585657
  * block: check for proper length of iov entries earlier in
    blk_rq_map_user_iov(), CVE-2010-4163
    - LP: #721504
    - CVE-2010-4163
  * filter: make sure filters dont read uninitialized memory
    - LP: #721282
    - CVE-2010-4158
  * tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
    - LP: #720189
    - CVE-2010-4077
  * staging: usbip: remove double giveback of URB
    - LP: #723819
  * USB: EHCI: ASPM quirk of ISOC on AMD SB800
    - LP: #723819
  * rt2x00: add device id for windy31 usb device
    - LP: #723819
  * ALSA: snd-usb-us122l: Fix missing NULL checks
    - LP: #723819
  * hwmon: (via686a) Initialize fan_div values
    - LP: #723819
  * USB: serial: handle Data Carrier Detect changes
    - LP: #723819
  * USB: CP210x Add two device IDs
    - LP: #723819
  * USB: CP210x Removed incorrect device ID
    - LP: #723819
  * USB: usb-storage: unusual_devs update for Cypress ATACB
    - LP: #723819
  * USB: usb-storage: unusual_devs update for TrekStor DataStation maxi g.u
    external hard drive enclosure
    - LP: #723819
  * USB: usb-storage: unusual_devs entry for CamSport Evo
    - LP: #723819
  * USB: usb-storage: unusual_devs entry for Coby MP3 player
    - LP: #723819
  * USB: serial: Updated support for ICOM devices
    - LP: #723819
  * USB: adding USB support for Cinterion's HC2x, EU3 and PH8 products
    - LP: #723819
  * USB: EHCI: ASPM quirk of ISOC on AMD Hudson
    - LP: #723819
  * USB: EHCI: fix DMA deallocation bug
    - LP: #723819
  * USB: g_printer: fix bug in module parameter definitions
    - LP: #723819
  * USB: io_edgeport: fix the reported firmware major and minor
    - LP: #723819
  * USB: ti_usb: fix module removal
    - LP: #723819
  * USB: Storage: Add unusual_devs entry for VTech Kidizoom
    - LP: #723819
  * USB: ftdi_sio: add ST Micro Connect Lite uart support
    - LP: #723819
  * USB: cdc-acm: Adding second ACM channel support for Nokia N8
    - LP: #723819
  * USB: ftdi_sio: Add VID=0x0647, PID=0x0100 for Acton Research
    spectrograph
    - LP: #723819
  * USB: prevent buggy hubs from crashing the USB stack
    - LP: #723819
  * staging: comedi: add support for newer jr3 1-channel pci board
    - LP: #723819
  * staging: comedi: ni_labpc: Use shared IRQ for PCMCIA card
    - LP: #723819
  * Staging: hv: fix sysfs symlink on hv block device
    - LP: #723819
  * staging: hv: Enable sending GARP packet after live migration
    - LP: #723819
  * hvc_iucv: allocate memory buffers for IUCV in zone DMA
    - LP: #723819
  * iwlagn: enable only rfkill interrupt when device is down
    - LP: #723819
  * ath9k: Fix bug in delimiter padding computation
    - LP: #723819
  * correct vdso version string
    - LP: #723819
  * fix medium error problems with some arrays which can cause data
    corruption
    - LP: #723819
  * libsas: fix runaway error handler problem
    - LP: #723819
  * mpt2sas: Fix device removal handshake for zoned devices
    - LP: #723819
  * mpt2sas: Correct resizing calculation for max_queue_depth
    - LP: #723819
  * mpt2sas: Kernel Panic during Large Topology discovery
    - LP: #723819
  * radio-aimslab.c: Fix gcc 4.5+ bug
    - LP: #723819
  * em28xx: Fix audio input for Terratec Grabby
    - LP: #723819
  * ALSA : au88x0 - Limit number of channels to fix Oops via OSS emu
    - LP: #723819
  * ALSA: HDA: Fix dmesg output of HDMI supported bits
    - LP: #723819
  * ALSA: hda - Fix memory leaks in conexant jack arrays
    - LP: #723819
  * input: bcm5974: Add support for MacBookAir3
    - LP: #723819
  * ALSA: hrtimer: handle delayed timer interrupts
    - LP: #723819
  * ASoC: WM8990: msleep() takes milliseconds not jiffies
    - LP: #723819
  * ASoC: Blackfin AC97: fix build error after multi-component update
    - LP: #723819
  * NFS: Fix "kernel BUG at fs/aio.c:554!"
    - LP: #723819
  * rtc-cmos: fix suspend/resume
    - LP: #723819
  * iwlagn: Re-enable RF_KILL interrupt when down
    - LP: #723819
  * rapidio: fix hang on RapidIO doorbell queue full condition
    - LP: #723819
  * PCI: pci-stub: ignore zero-length id parameters
    - LP: #723819
  * virtio: remove virtio-pci root device
    - LP: #723819
  * ds2760_battery: Fix calculation of time_to_empty_now
    - LP: #723819
  * p54: fix sequence no. accounting off-by-one error
    - LP: #723819
  * i2c: Unregister dummy devices last on adapter removal
    - LP: #723819
  * serial: unbreak billionton CF card
    - LP: #723819
  * ptrace: use safer wake up on ptrace_detach()
    - LP: #723819
  * x86, mtrr: Avoid MTRR reprogramming on BP during boot on UP platforms
    - LP: #723819
  * fix jiffy calculations in calibrate_delay_direct to handle overflow
    - LP: #723819
  * USB: serial: pl2303: Hybrid reader Uniform HCR331
    - LP: #723819
  * drivers: update to pl2303 usb-serial to support Motorola cables
    - LP: #723819
  * klist: Fix object alignment on 64-bit.
    - LP: #723819
  * powerpc: Fix some 6xx/7xxx CPU setup functions
    - LP: #723819
  * parisc : Remove broken line wrapping handling pdc_iodc_print()
    - LP: #723819
  * kernel/smp.c: fix smp_call_function_many() SMP race
    - LP: #723819
  * hostap_cs: fix sleeping function called from invalid context
    - LP: #723819
  * md: fix regression with re-adding devices to arrays with no metadata
    - LP: #723819
  * pata_mpc52xx: inherit from ata_bmdma_port_ops
    - LP: #723819
  * TPM: Long default timeout fix
    - LP: #723819
  * tpm_tis: Use timeouts returned from TPM
    - LP: #723819
  * SELinux: define permissions for DCB netlink messages
    - LP: #723819
  * SELinux: do not compute transition labels on mountpoint labeled
    filesystems
    - LP: #723819
  * ieee80211: correct IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK macro
    - LP: #723819
  * dm: dont take i_mutex to change device size
    - LP: #723819
  * dm mpath: disable blk_abort_queue
    - LP: #723819
  * x86, mm: avoid possible bogus tlb entries by clearing prev mm_cpumask
    after switching mm
    - LP: #723819
  * usb: Realloc xHCI structures after a hub is verified.
    - LP: #723819
  * sched: Remove USER_SCHED
    - LP: #723819
  * sched: Remove remaining USER_SCHED code
    - LP: #723819
  * sched: Move sched_avg_update() to update_cpu_load()
    - LP: #723819
  * sched: Increment cache_nice_tries only on periodic lb
    - LP: #723819
  * sched: Try not to migrate higher priority RT tasks
    - LP: #723819
  * sched: Give CPU bound RT tasks preference
    - LP: #723819
  * sched: suppress RCU lockdep splat in task_fork_fair
    - LP: #723819
  * sched: fix RCU lockdep splat from task_group()
    - LP: #723819
  * sched: Do not consider SCHED_IDLE tasks to be cache hot
    - LP: #723819
  * sched: Set group_imb only a task can be pulled from the busiest cpu
    - LP: #723819
  * sched: Force balancing on newidle balance if local group has capacity
    - LP: #723819
  * sched: Drop group_capacity to 1 only if local group has extra capacity
    - LP: #723819
  * sched: Fix softirq time accounting
    - LP: #723819
  * sched: Consolidate account_system_vtime extern declaration
    - LP: #723819
  * sched: Remove unused PF_ALIGNWARN flag
    - LP: #723819
  * sched: Add a PF flag for ksoftirqd identification
    - LP: #723819
  * sched: Add IRQ_TIME_ACCOUNTING, finer accounting of irq time
    - LP: #723819
  * x86: Add IRQ_TIME_ACCOUNTING
    - LP: #723819
  * sched: Do not account irq time to current task
    - LP: #723819
  * sched: Remove irq time from available CPU power
    - LP: #723819
  * sched: Call tick_check_idle before __irq_enter
    - LP: #723819
  * sched: Export account_system_vtime()
    - LP: #723819
  * sched, cgroup: Fixup broken cgroup movement
    - LP: #723819
  * sched: Use group weight, idle cpu metrics to fix imbalances during idle
    - LP: #723819
  * sched: Fix cross-sched-class wakeup preemption
    - LP: #723819
  * sched: Fix volanomark performance regression
    - LP: #723819
  * sched: Fix idle balancing
    - LP: #723819
  * sched: Fix wake_affine() vs RT tasks
    - LP: #723819
  * sched: Remove some dead code
    - LP: #723819
  * kernel/user.c: add lock release annotation on free_user()
    - LP: #723819
  * Linux 2.6.32.29
    - LP: #723819
  * rds: Integer overflow in RDS cmsg handling, CVE-2010-4175
    - LP: #721455
    - CVE-2010-4175

[ Ubuntu: 2.6.32-29.58 ]

* Release Tracking Bug
    - LP: #716551
  * net: fix rds_iovec page count overflow, CVE-2010-3865
    - LP: #709153
    - CVE-2010-3865
  * net: ax25: fix information leak to userland, CVE-2010-3875
    - LP: #710714
    - CVE-2010-3875
  * net: ax25: fix information leak to userland harder, CVE-2010-3875
    - LP: #710714
    - CVE-2010-3875
  * net: packet: fix information leak to userland, CVE-2010-3876
    - LP: #710714
    - CVE-2010-3876
  * net: tipc: fix information leak to userland, CVE-2010-3877
    - LP: #711291
    - CVE-2010-3877
  * inet_diag: Make sure we actually run the same bytecode we audited,
    CVE-2010-3880
    - LP: #711865
    - CVE-2010-3880

[ Ubuntu: 2.6.32-29.57 ]

* Tracking Bug
    - LP: #708864
  * [Config] Set CONFIG_NR_CPUS=256 for amd64 server
    - LP: #706058
  * Input: i8042 - introduce 'notimeout' blacklist for Dell Vostro V13
    - LP: #380126
  * tun: avoid BUG, dump packet on GSO errors
    - LP: #698883
  * TTY: Fix error return from tty_ldisc_open()
    - LP: #705045
  * x86, hotplug: Use mwait to offline a processor, fix the legacy case
    - LP: #705045
  * fuse: verify ioctl retries
    - LP: #705045
  * fuse: fix ioctl when server is 32bit
    - LP: #705045
  * ALSA: hda: Use model=lg quirk for LG P1 Express to enable playback and
    capture
    - LP: #595482, #705045
  * nohz: Fix printk_needs_cpu() return value on offline cpus
    - LP: #705045
  * nohz: Fix get_next_timer_interrupt() vs cpu hotplug
    - LP: #705045
  * nfsd: Fix possible BUG_ON firing in set_change_info
    - LP: #705045
  * NFS: Fix fcntl F_GETLK not reporting some conflicts
    - LP: #705045
  * sunrpc: prevent use-after-free on clearing XPT_BUSY
    - LP: #705045
  * hwmon: (adm1026) Allow 1 as a valid divider value
    - LP: #705045
  * hwmon: (adm1026) Fix setting fan_div
    - LP: #705045
  * amd64_edac: Fix interleaving check
    - LP: #705045
  * IB/uverbs: Handle large number of entries in poll CQ
    - LP: #705045
  * PM / Hibernate: Fix PM_POST_* notification with user-space suspend
    - LP: #705045
  * ACPICA: Fix Scope() op in module level code
    - LP: #705045
  * ACPI: EC: Add another dmi match entry for MSI hardware
    - LP: #705045
  * orinoco: fix TKIP countermeasure behaviour
    - LP: #705045
  * orinoco: clear countermeasure setting on commit
    - LP: #705045
  * x86, amd: Fix panic on AMD CPU family 0x15
    - LP: #705045
  * md: fix bug with re-adding of partially recovered device.
    - LP: #705045
  * tracing: Fix panic when lseek() called on "trace" opened for writing
    - LP: #705045
  * x86, gcc-4.6: Use gcc -m options when building vdso
    - LP: #705045
  * x86: Enable the intr-remap fault handling after local APIC setup
    - LP: #705045
  * x86, vt-d: Handle previous faults after enabling fault handling
    - LP: #705045
  * x86, vt-d: Fix the vt-d fault handling irq migration in the x2apic mode
    - LP: #705045
  * x86, vt-d: Quirk for masking vtd spec errors to platform error handling
    logic
    - LP: #705045
  * hvc_console: Fix race between hvc_close and hvc_remove
    - LP: #705045
  * hvc_console: Fix race between hvc_close and hvc_remove, again
    - LP: #705045
  * HID: hidraw: fix window in hidraw_release
    - LP: #705045
  * bfa: fix system crash when reading sysfs fc_host statistics
    - LP: #705045
  * net: release dst entry while cache-hot for GSO case too
    - LP: #705045
  * install_special_mapping skips security_file_mmap check.
    - LP: #705045
  * USB: misc: uss720.c: add another vendor/product ID
    - LP: #705045
  * USB: ftdi_sio: Add D.O.Tec PID
    - LP: #705045
  * USB: usb-storage: unusual_devs entry for the Samsung YP-CP3
    - LP: #705045
  * p54usb: add 5 more USBIDs
    - LP: #705045
  * p54usb: New USB ID for Gemtek WUBI-100GW
    - LP: #705045
  * sound: Prevent buffer overflow in OSS load_mixer_volumes
    - LP: #705045
  * mv_xor: fix race in tasklet function
    - LP: #705045
  * ima: fix add LSM rule bug
    - LP: #705045
  * ALSA: hda: Use LPIB for Dell Latitude 131L
    - LP: #530346, #705045
  * ALSA: hda: Use LPIB quirk for Dell Inspiron m101z/1120
    - LP: #705045
  * block: Deprecate QUEUE_FLAG_CLUSTER and use queue_limits instead
    - LP: #705045
  * sctp: Fix a race between ICMP protocol unreachable and connect()
    - LP: #705045
  * posix-cpu-timers: workaround to suppress the problems with mt exec
    - LP: #705045
  * Linux 2.6.32.28
    - LP: #705045
  * dell-laptop: Add another Dell laptop family to the DMI whitelist
    - LP: #693078
  * dell-laptop: Add another Dell laptop family to the DMI whitelist
    - LP: #693078
  * drm/ttm: Clear the ghost cpu_writers flag on
    ttm_buffer_object_transfer.
    - LP: #708769
  * drm/kms: remove spaces from connector names (v2)
    - LP: #708769
  * Linux 2.6.32.28+drm33.13
    - LP: #708769

[ Ubuntu: 2.6.32-28.56 ]

* Tracking Bug
    - LP: #705565
  * Just a build number increment for a new upload. There was an issue
    in the previous upload that prevented ARMEL from building. The
    issue has been resolved in the PPA and a new upload should produce
    the requisite images.

[ Ubuntu: 2.6.32-28.55 ]

* Another version bump because of abi check failure
  * Tracking Bug
    - LP: #699885

[ Ubuntu: 2.6.32-28.54 ]

* Another version bump because of upload failure

[ Ubuntu: 2.6.32-28.53 ]

* Another version bump because of upload failure

[ Ubuntu: 2.6.32-28.52 ]

* (removed old tracking bug link)

[ Ubuntu: 2.6.32-28.51 ]

* bumped version due to build fail

[ Ubuntu: 2.6.32-28.50 ]

* SAUCE: Change nodelayacct boot parameter polarity.
    - LP: #493156
  * [Config] CONFIG_TASK_DELAY_ACCT=y
    - LP: #493156
  * ipc: initialize structure memory to zero for compat functions
  * tcp: Increase TCP_MAXSEG socket option minimum.
    - CVE-2010-4165
  * perf_events: Fix perf_counter_mmap() hook in mprotect()
    - CVE-2010-4169
  * af_unix: limit unix_tot_inflight
    - CVE-2010-4249
  * AppArmor: fix the upper bound check for the next/check table
    - LP: #581525
  * NFS: Fix panic after nfs_umount()
    - LP: #683938
  * block: Ensure physical block size is unsigned int
    - LP: #688669
  * block: limit vec count in bio_kmalloc() and bio_alloc_map_data()
    - LP: #688669
  * block: take care not to overflow when calculating total iov length
    - LP: #688669
  * block: check for proper length of iov entries in blk_rq_map_user_iov()
    - LP: #688669
  * jme: Fix PHY power-off error
    - LP: #688669
  * irda: Fix parameter extraction stack overflow
    - LP: #688669
  * irda: Fix heap memory corruption in iriap.c
    - LP: #688669
  * i2c-pca-platform: Change device name of request_irq
    - LP: #688669
  * microblaze: Fix build with make 3.82
    - LP: #688669
  * Staging: asus_oled: fix up some sysfs attribute permissions
    - LP: #688669
  * Staging: asus_oled: fix up my fixup for some sysfs attribute
    permissions
    - LP: #688669
  * Staging: line6: fix up some sysfs attribute permissions
    - LP: #688669
  * hpet: fix unwanted interrupt due to stale irq status bit
    - LP: #688669
  * hpet: unmap unused I/O space
    - LP: #688669
  * olpc_battery: Fix endian neutral breakage for s16 values
    - LP: #688669
  * percpu: fix list_head init bug in __percpu_counter_init()
    - LP: #688669
  * um: remove PAGE_SIZE alignment in linker script causing kernel
    segfault.
    - LP: #688669
  * um: fix global timer issue when using CONFIG_NO_HZ
    - LP: #688669
  * numa: fix slab_node(MPOL_BIND)
    - LP: #688669
  * hwmon: (lm85) Fix ADT7468 frequency table
    - LP: #688669
  * mm: fix return value of scan_lru_pages in memory unplug
    - LP: #688669
  * mm: fix is_mem_section_removable() page_order BUG_ON check
    - LP: #688669
  * ssb: b43-pci-bridge: Add new vendor for BCM4318
    - LP: #688669
  * sgi-xpc: XPC fails to discover partitions with all nasids above 128
    - LP: #688669
  * xen: ensure that all event channels start off bound to VCPU 0
    - LP: #688669
  * xen: don't bother to stop other cpus on shutdown/reboot
    - LP: #688669
  * sys_semctl: fix kernel stack leakage
    - LP: #688669
  * net: NETIF_F_HW_CSUM does not imply FCoE CRC offload
    - LP: #688669
  * drivers/char/vt_ioctl.c: fix VT_OPENQRY error value
    - LP: #688669
  * viafb: use proper register for colour when doing fill ops
    - LP: #688669
  * eCryptfs: Clear LOOKUP_OPEN flag when creating lower file
    - LP: #688669
  * md/raid1: really fix recovery looping when single good device fails.
    - LP: #688669
  * md: fix return value of rdev_size_change()
    - LP: #688669
  * x86: AMD Northbridge: Verify NB's node is online
    - LP: #688669
  * tty: prevent DOS in the flush_to_ldisc
    - LP: #688669
  * TTY: restore tty_ldisc_wait_idle
    - LP: #688669
  * tty_ldisc: Fix BUG() on hangup
    - LP: #688669
  * TTY: ldisc, fix open flag handling
    - LP: #688669
  * KVM: VMX: fix vmx null pointer dereference on debug register access
    - LP: #688669
    - CVE-2010-0435
  * KVM: x86: fix information leak to userland
    - LP: #688669
  * firewire: cdev: fix information leak
    - LP: #688669
  * firewire: core: fix an information leak
    - LP: #688669
  * firewire: ohci: fix buffer overflow in AR split packet handling
    - LP: #688669
  * firewire: ohci: fix race in AR split packet handling
    - LP: #688669
  * ALSA: ac97: Apply quirk for Dell Latitude D610 binding Master and
    Headphone controls
    - LP: #669279, #688669
  * ALSA: HDA: Add an extra DAC for Realtek ALC887-VD
    - LP: #688669
  * ALSA: hda: Use "alienware" model quirk for another SSID
    - LP: #683695, #688669
  * netfilter: nf_conntrack: allow nf_ct_alloc_hashtable() to get highmem
    pages
    - LP: #688669
  * latencytop: fix per task accumulator
    - LP: #688669
  * mm/vfs: revalidate page->mapping in do_generic_file_read()
    - LP: #688669
  * bio: take care not overflow page count when mapping/copying user data
    - LP: #688669
  * libata-scsi passthru: fix bug which truncated LBA48 return values
    - LP: #688669
  * libata: fix NULL sdev dereference race in atapi_qc_complete()
    - LP: #688669
  * PCI: fix size checks for mmap() on /proc/bus/pci files
    - LP: #688669
  * PCI: fix offset check for sysfs mmapped files
    - LP: #688669
  * efifb: check that the base address is plausible on pci systems
    - LP: #688669
  * USB: gadget: AT91: fix typo in atmel_usba_udc driver
    - LP: #688669
  * USB: ftdi_sio: add device IDs for Milkymist One JTAG/serial
    - LP: #688669
  * USB: option: fix when the driver is loaded incorrectly for some Huawei
    devices.
    - LP: #688669
  * usb: misc: sisusbvga: fix information leak to userland
    - LP: #688669
  * usb: misc: iowarrior: fix information leak to userland
    - LP: #688669
  * usb: core: fix information leak to userland
    - LP: #688669
  * USB: EHCI: fix obscure race in ehci_endpoint_disable
    - LP: #688669
  * USB: storage: sierra_ms: fix sysfs file attribute
    - LP: #688669
  * USB: atm: ueagle-atm: fix up some permissions on the sysfs files
    - LP: #688669
  * USB: misc: cypress_cy7c63: fix up some sysfs attribute permissions
    - LP: #688669
  * USB: misc: usbled: fix up some sysfs attribute permissions
    - LP: #688669
  * USB: ftdi_sio: revert "USB: ftdi_sio: fix DTR/RTS line modes"
    - LP: #688669
  * USB: misc: trancevibrator: fix up a sysfs attribute permission
    - LP: #688669
  * USB: misc: usbsevseg: fix up some sysfs attribute permissions
    - LP: #688669
  * USB: ftdi_sio: Add ID for RT Systems USB-29B radio cable
    - LP: #688669
  * USB: serial: ftdi_sio: Vardaan USB RS422/485 converter PID added
    - LP: #688669
  * acpi-cpufreq: fix a memleak when unloading driver
    - LP: #688669
  * ACPI: EC: add Vista incompatibility DMI entry for Toshiba Satellite
    L355
    - LP: #688669
  * fuse: fix attributes after open(O_TRUNC)
    - LP: #688669
  * do_exit(): make sure that we run with get_fs() == USER_DS
    - LP: #688669
  * uml: disable winch irq before freeing handler data
    - LP: #688669
  * backlight: grab ops_lock before testing bd->ops
    - LP: #688669
  * nommu: yield CPU while disposing VM
    - LP: #688669
  * DECnet: don't leak uninitialized stack byte
    - LP: #688669
  * ARM: 6489/1: thumb2: fix incorrect optimisation in usracc
    - LP: #688669
  * ARM: 6482/2: Fix find_next_zero_bit and related assembly
    - LP: #688669
  * Staging: frontier: fix up some sysfs attribute permissions
    - LP: #688669
  * staging: rtl8187se: Change panic to warn when RF switch turned off
    - LP: #688669
  * HID: hidraw, fix a NULL pointer dereference in hidraw_ioctl
    - LP: #688669
  * HID: hidraw, fix a NULL pointer dereference in hidraw_write
    - LP: #688669
  * gianfar: Fix crashes on RX path (Was Re: [Bugme-new] [Bug 19692] New:
    linux-2.6.36-rc5 crash with gianfar ethernet at full line rate traffic)
    - LP: #688669
  * Limit sysctl_tcp_mem and sysctl_udp_mem initializers to prevent integer
    overflows.
    - LP: #688669
  * sparc64: Fix race in signal instruction flushing.
    - LP: #688669
  * sparc: Don't mask signal when we can't setup signal frame.
    - LP: #688669
  * sparc: Prevent no-handler signal syscall restart recursion.
    - LP: #688669
  * x86, UV: Delete unneeded boot messages
    - LP: #688669
  * x86, UV: Fix initialization of max_pnode
    - LP: #688669
  * drivers/video/efifb.c: support framebuffer for NVIDIA 9400M in MacBook
    Pro 5,1
    - LP: #688669
  * efifb: support the EFI framebuffer on more Apple hardware
    - LP: #688669
  * V4L/DVB (13154): uvcvideo: Handle garbage at the end of streaming
    interface descriptors
    - LP: #688669
  * Input: i8042 - add Sony VAIO VPCZ122GX to nomux list
    - LP: #688669
  * x25: Patch to fix bug 15678 - x25 accesses fields beyond end of packet.
    - LP: #688669
  * memory corruption in X.25 facilities parsing
    - LP: #688669
  * can-bcm: fix minor heap overflow
    - LP: #688669
  * V4L/DVB: ivtvfb: prevent reading uninitialized stack memory
    - LP: #688669
  * x25: Prevent crashing when parsing bad X.25 facilities
    - LP: #688669
  * crypto: padlock - Fix AES-CBC handling on odd-block-sized input
    - LP: #688669
  * x86-32: Separate 1:1 pagetables from swapper_pg_dir
    - LP: #688669
  * x86, mm: Fix CONFIG_VMSPLIT_1G and 2G_OPT trampoline
    - LP: #688669
  * x86-32: Fix dummy trampoline-related inline stubs
    - LP: #688669
  * rds: Integer overflow in RDS cmsg handling
    - LP: #688669
  * net: Truncate recvfrom and sendto length to INT_MAX.
    - LP: #688669
  * net: Limit socket I/O iovec total length to INT_MAX.
    - LP: #688669
  * nmi: fix clock comparator revalidation
    - LP: #688669
  * UV - XPC: pass nasid instead of nid to gru_create_message_queue
    - LP: #688669
  * x86: uv: XPC receive message reuse triggers invalid BUG_ON()
    - LP: #688669
  * X86: uv: xpc_make_first_contact hang due to not accepting ACTIVE state
    - LP: #688669
  * x86: uv: xpc NULL deref when mesq becomes empty
    - LP: #688669
  * Linux 2.6.32.27
    - LP: #688669

linux-mvl-dove (2.6.32-215.32) lucid; urgency=low

[ Tim Gardner ]

* Tracking Bug
    -LP: #712610

[Paolo Pisati]

* UBUNTU: SAUCE: Clear new_profile in error path
    Fixes kernel oops.
    -LP: #732700

* Revert "dove: enable lcd0 by default"
    Fixes screen corruption regression.
    -LP: #732721

linux-mvl-dove (2.6.32-215.31) lucid; urgency=low

[ Tim Gardner ]

* Tracking Bug
    - LP: #712610

* rebasing to 2.6.32-29.57 was a really bad idea.
    lets forget it ever happened, start afresh
    from Ubuntu-2.6.32-213.29, and just apply CVE patches.

* inet_diag: Make sure we actually run the same bytecode we audited, CVE-2010-3880
    -LP: #711341
    CVE-2010-3880
  * net: tipc: fix information leak to userland, CVE-2010-3877
    -LP: #711291
    CVE-2010-3877
  * net: packet: fix information leak to userland, CVE-2010-3876
    -LP: #711045
    CVE-2010-3876
  * net: ax25: fix information leak to userland harder, CVE-2010-3875
    -LP: #710714
    CVE-2010-3875
  * net: ax25: fix information leak to userland, CVE-2010-3875
    -LP: #710714
    CVE-2010-3875
  * net: fix rds_iovec page count overflow, CVE-2010-3865
    -LP: #709153
    CVE-2010-3865
  * KVM: VMX: fix vmx null pointer dereference on debug register access, CVE-2010-0435
    -LP: #712615
    CVE-2010-0435
  * af_unix: limit unix_tot_inflight, CVE-2010-4249
    -LP: #720959
    CVE-2010-4249
  * perf_events: Fix perf_counter_mmap() hook in mprotect(), CVE-2010-4169
    -LP: #720966
    CVE-2010-4169
  * tcp: Increase TCP_MAXSEG socket option minimum., CVE-2010-4165
    -LP: #720967
    CVE-2010-4165
  * ipc: initialize structure memory to zero for compat functions, CVE-2010-4073
    -LP: #720968
    CVE-2010-4073

linux-mvl-dove (2.6.32-214.30) lucid; urgency=low

* This version was really bad. Pretend it never happened.

linux-mvl-dove (2.6.32-213.29) lucid-proposed; urgency=low

[ Brad Figg ]

* Rebased to 2.6.32-27.49

[ Ubuntu: 2.6.32-27.49 ]

* Revert "SAUCE: AF_ECONET prevent kernel stack overflow"
  * Revert "SAUCE: AF_ECONET SIOCSIFADDR ioctl does not check privileges"
  * Revert "SAUCE: AF_ECONET saddr->cookie prevent NULL pointer
    dereference"
  * [Config] Added be2net, be2scsi to udebs
    - LP: #628776
  * [Config] Use correct be2iscsi module name in d-i/modules/scsi-modules
    - LP: #628776
  * Revert "(pre-stable) ACPI: enable repeated PCIEXP wakeup by clearing
    PCIEXP_WAKE_STS on resume"
  * Revert "mm: (pre-stable) Move vma_stack_continue into mm.h"
  * x86, cpu: After uncapping CPUID, re-run CPU feature detection
    - LP: #668380
  * ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory
    - LP: #668380
  * ALSA: oxygen: fix analog capture on Claro halo cards
    - LP: #668380
  * ALSA: hda - Add Dell Latitude E6400 model quirk
    - LP: #643891, #668380
  * ALSA: rawmidi: fix oops (use after free) when unloading a driver module
    - LP: #668380
  * USB: fix bug in initialization of interface minor numbers
    - LP: #668380
  * usb: musb: gadget: fix kernel panic if using out ep with FIFO_TXRX
    style
    - LP: #668380
  * usb: musb: gadget: restart request on clearing endpoint halt
    - LP: #668380
  * oprofile: Add Support for Intel CPU Family 6 / Model 29
    - LP: #668380
  * RDMA/cxgb3: Turn off RX coalescing for iWARP connections
    - LP: #668380
  * mmc: sdhci-s3c: fix NULL ptr access in sdhci_s3c_remove
    - LP: #668380
  * x86/amd-iommu: Set iommu configuration flags in enable-loop
    - LP: #668380
  * x86/amd-iommu: Fix rounding-bug in __unmap_single
    - LP: #668380
  * x86/amd-iommu: Work around S3 BIOS bug
    - LP: #668380
  * tracing/x86: Don't use mcount in pvclock.c
    - LP: #668380
  * tracing/x86: Don't use mcount in kvmclock.c
    - LP: #668380
  * v4l1: fix 32-bit compat microcode loading translation
    - LP: #668380
  * V4L/DVB: cx231xx: Avoid an OOPS when card is unknown (card=0)
    - LP: #668380
  * V4L/DVB (13966): DVB-T regression fix for saa7134 cards
    - LP: #668380
  * Input: joydev - fix JSIOCSAXMAP ioctl
    - LP: #668380
  * x86, hpet: Fix bogus error check in hpet_assign_irq()
    - LP: #668380
  * x86, irq: Plug memory leak in sparse irq
    - LP: #668380
  * ubd: fix incorrect sector handling during request restart
    - LP: #668380
  * ring-buffer: Fix typo of time extends per page
    - LP: #668380
  * dmaengine: fix interrupt clearing for mv_xor
    - LP: #668380
  * hrtimer: Preserve timer state in remove_hrtimer()
    - LP: #668380
  * i2c-pca: Fix waitforcompletion() return value
    - LP: #668380
  * wext: fix potential private ioctl memory content leak
    - LP: #668380
  * atl1: fix resume
    - LP: #668380
  * x86, AMD, MCE thresholding: Fix the MCi_MISCj iteration order
    - LP: #668380
  * De-pessimize rds_page_copy_user
    - LP: #668380
  * xfrm4: strip ECN and IP Precedence bits in policy lookup
    - LP: #668380
  * tcp: Fix >4GB writes on 64-bit.
    - LP: #668380
  * net: Fix the condition passed to sk_wait_event()
    - LP: #668380
  * Phonet: Correct header retrieval after pskb_may_pull
    - LP: #668380
  * net: Fix IPv6 PMTU disc. w/ asymmetric routes
    - LP: #668380
  * ip: fix truesize mismatch in ip fragmentation
    - LP: #668380
  * net: clear heap allocations for privileged ethtool actions
    - LP: #668380
  * tcp: Fix race in tcp_poll
    - LP: #668380
  * netxen: dont set skb->truesize
    - LP: #668380
  * net: blackhole route should always be recalculated
    - LP: #668380
  * skge: add quirk to limit DMA
    - LP: #668380
  * r8169: allocate with GFP_KERNEL flag when able to sleep
    - LP: #668380
  * bsg: fix incorrect device_status value
    - LP: #668380
  * r6040: fix r6040_multicast_list
    - LP: #668380
  * r6040: Fix multicast list iteration when hash filter is used
    - LP: #668380
  * powerpc: Initialise paca->kstack before early_setup_secondary
    - LP: #668380
  * powerpc: Don't use kernel stack with translation off
    - LP: #668380
  * b44: fix carrier detection on bind
    - LP: #668380
  * ACPI: enable repeated PCIEXP wakeup by clearing PCIEXP_WAKE_STS on
    resume
    - LP: #613381, #668380
  * intel_idle: PCI quirk to prevent Lenovo Ideapad s10-3 boot hang
    - LP: #668380
  * ACPI: EC: add Vista incompatibility DMI entry for Toshiba Satellite
    L355
    - LP: #668380
  * ACPI: delete ZEPTO idle=nomwait DMI quirk
    - LP: #668380
  * ACPI: Disable Windows Vista compatibility for Toshiba P305D
    - LP: #668380
  * x86: detect scattered cpuid features earlier
    - LP: #668380
  * fix 2.6.32.23 suspend regression caused by commit 6f6198a
    - LP: #668380
  * setup_arg_pages: diagnose excessive argument size
    - LP: #668380
  * execve: improve interactivity with large arguments
    - LP: #668380
  * execve: make responsive to SIGKILL with large arguments
    - LP: #668380
  * Phonet: disable network namespace support
    - LP: #668380
  * mm: Move vma_stack_continue into mm.h
    - LP: #668380
  * Linux 2.6.32.25
    - LP: #668380
  * xfs: validate untrusted inode numbers during lookup
    - CVE-2010-2943
  * xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED
    - CVE-2010-2943
  * xfs: remove block number from inode lookup code
    - CVE-2010-2943
  * xfs: fix untrusted inode number lookup
    - CVE-2010-2943
  * drm/i915: Sanity check pread/pwrite
    - CVE-2010-2962
  * drm/i915: Rephrase pwrite bounds checking to avoid any potential
    overflow
    - CVE-2010-2962
  * net: clear heap allocation for ETHTOOL_GRXCLSRLALL
    - CVE-2010-3861
  * ipc: shm: fix information leak to userland
    - CVE-2010-4072
  * staging: usbip: Notify usb core of port status changes
    - LP: #681132
  * staging: usbip: Process event flags without delay
    - LP: #681132
  * powerpc/perf: Fix sampling enable for PPC970
    - LP: #681132
  * pcmcia: synclink_cs: fix information leak to userland
    - LP: #681132
  * sched: Fix string comparison in /proc/sched_features
    - LP: #681132
  * bluetooth: Fix missing NULL check
    - LP: #681132
  * futex: Fix errors in nested key ref-counting
    - LP: #681132
  * mm, x86: Saving vmcore with non-lazy freeing of vmas
    - LP: #681132
  * x86, cpu: Fix renamed, not-yet-shipping AMD CPUID feature bit
    - LP: #681132
  * x86, kexec: Make sure to stop all CPUs before exiting the kernel
    - LP: #681132
  * x86, olpc: Don't retry EC commands forever
    - LP: #681132
  * x86, mtrr: Assume SYS_CFG[Tom2ForceMemTypeWB] exists on all future AMD
    CPUs
    - LP: #681132
  * x86, intr-remap: Set redirection hint in the IRTE
    - LP: #681132
  * x86, kdump: Change copy_oldmem_page() to use cached addressing
    - LP: #681132
  * KVM: SVM: Fix wrong intercept masks on 32 bit
    - LP: #681132
  * KVM: MMU: fix direct sps access corrupted
    - LP: #681132
  * KVM: MMU: fix conflict access permissions in direct sp
    - LP: #681132
  * KVM: VMX: Fix host GDT.LIMIT corruption
    - LP: #681132
  * KVM: SVM: Adjust tsc_offset only if tsc_unstable
    - LP: #681132
  * KVM: x86: Fix SVM VMCB reset
    - LP: #681132
  * KVM: x86: Move TSC reset out of vmcb_init
    - LP: #681132
  * KVM: Fix fs/gs reload oops with invalid ldt
    - LP: #681132
  * KVM: Correct ordering of ldt reload wrt fs/gs reload
  * KVM: VMX: Fix host userspace gsbase corruption
  * pipe: fix failure to return error code on ->confirm()
    - LP: #681132
  * p54usb: fix off-by-one on !CONFIG_PM
    - LP: #681132
  * p54usb: add five more USBIDs
    - LP: #681132
  * drivers/net/wireless/p54/eeprom.c: Return -ENOMEM on memory allocation
    failure
    - LP: #681132
  * USB: ftdi_sio: Add PID for accesio products
    - LP: #681132
  * USB: add PID for FTDI based OpenDCC hardware
    - LP: #681132
  * USB: ftdi_sio: new VID/PIDs for various Papouch devices
    - LP: #681132
  * USB: ftdi_sio: add device ids for ScienceScope
    - LP: #681132
  * usb: musb: blackfin: call gpio_free() on error path in
    musb_platform_init()
    - LP: #681132
  * USB: option: Add more ZTE modem USB id's
    - LP: #681132
  * USB: cp210x: Add Renesas RX-Stick device ID
    - LP: #681132
  * USB: cp210x: Add WAGO 750-923 Service Cable device ID
    - LP: #681132
  * USB: atmel_usba_udc: force vbus_pin at -EINVAL when gpio_request
    failled
    - LP: #681132
  * USB: disable endpoints after unbinding interfaces, not before
    - LP: #681132
  * USB: opticon: Fix long-standing bugs in opticon driver
    - LP: #681132
  * USB: accept some invalid ep0-maxpacket values
    - LP: #681132
  * sd name space exhaustion causes system hang
    - LP: #681132
  * libsas: fix NCQ mixing with non-NCQ
    - LP: #681132
  * gdth: integer overflow in ioctl
    - LP: #681132
  * Fix race when removing SCSI devices
    - LP: #681132
  * Fix regressions in scsi_internal_device_block
    - LP: #681132
  * sgi-xp: incoming XPC channel messages can come in after the channel's
    partition structures have been torn down
    - LP: #681132
  * Linux 2.6.32.26
    - LP: #681132
  * drm/radeon: fix PCI ID 5657 to be an RV410
    - LP: #683257
  * Linux 2.6.32.26+drm33.12
    - LP: #683257
  * econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849
    - CVE-2010-3849
  * econet: fix CVE-2010-3850
    - CVE-2010-3850
  * econet: fix CVE-2010-3848
    - CVE-2010-3848

[ Ubuntu: 2.6.32-26.48 ]

* SAUCE: AF_ECONET prevent kernel stack overflow
    - CVE-2010-3848
  * SAUCE: AF_ECONET SIOCSIFADDR ioctl does not check privileges
    - CVE-2010-3850
  * SAUCE: AF_ECONET saddr->cookie prevent NULL pointer dereference
    - CVE-2010-3849

[ Ubuntu: 2.6.32-26.47 ]

* Revert "SAUCE: ALSA: HDA: Enable internal mic on Dell E6410 and Dell
    E6510"
  * Revert "[Config] Added be2net, be2scsi to udebs"
  * Revert "(ore-stable) ALSA: hda - Apply ALC269 VAIO fix-up to all Sony
    laptops with ALC269"
  * Revert "(pre-stable) ALSA: HDA: Correctly apply position_fix quirks for
    ATI and VIA controllers"
  * Revert "ALSA: hda: Use LPIB for another mainboard"
  * Revert "ALSA: hda: Use LPIB for ASUS M2V"
  * Revert "ALSA: hda: Use LPIB for an ASUS device"
  * Buglink Fixup for reverted unverified fixes

[ Ubuntu: 2.6.32-26.46 ]

* SAUCE: ALSA: HDA: Enable internal mic on Dell E6410 and Dell E6510
    - See: #605047, #628961
  * [Config] Added be2net, be2scsi to udebs
    - See: #628776
  * Revert "(pre-stable) drm/i915: add PANEL_UNLOCK_REGS definition"
    - LP: #645444
  * Revert "(pre-stable) drm/i915: make sure we shut off the panel in eDP
    configs"
    - LP: #645444
  * Revert "(pre-stable) drm/i915: make sure eDP panel is turned on"
    - LP: #645444
  * Revert "(pre-stable) drm/radeon/kms: initialize set_surface_reg reg for
    rs600 asic"
    - LP: #645371
  * Revert "drm/nouveau: Fix fbcon corruption with font width not divisible
    by 8"
    - LP: #663176
  * mmc: fix all hangs related to mmc/sd card insert/removal during
    suspend/resume
    - LP: #477106
  * mmc: build fix: mmc_pm_notify is only available with CONFIG_PM=y
    - LP: #477106
  * hwmon: (k8temp) Differentiate between AM2 and ASB1
    - LP: #644694
  * xen: handle events as edge-triggered
    - LP: #644694
  * xen: use percpu interrupts for IPIs and VIRQs
    - LP: #644694
  * ALSA: hda - Rename iMic to Int Mic on Lenovo NB0763
    - LP: #605101, #644694
  * sata_mv: fix broken DSM/TRIM support (v2)
    - LP: #644694
  * x86, tsc, sched: Recompute cyc2ns_offset's during resume from sleep
    states
    - LP: #644694
  * PCI: MSI: Remove unsafe and unnecessary hardware access
    - LP: #644694
  * PCI: MSI: Restore read_msi_msg_desc(); add get_cached_msi_msg_desc()
    - LP: #644694
  * sched: kill migration thread in CPU_POST_DEAD instead of CPU_DEAD
    - LP: #644694
  * sched: revert stable c6fc81a sched: Fix a race between ttwu() and
    migrate_task()
    - LP: #644694
  * staging: hv: Fix missing functions for net_device_ops
    - LP: #644694
  * staging: hv: Fixed bounce kmap problem by using correct index
    - LP: #644694
  * staging: hv: Fixed the value of the 64bit-hole inside ring buffer
    - LP: #644694
  * staging: hv: Increased storvsc ringbuffer and max_io_requests
    - LP: #644694
  * staging: hv: Fixed lockup problem with bounce_buffer scatter list
    - LP: #644694
  * fuse: flush background queue on connection close
    - LP: #644694
  * ath9k_hw: fix parsing of HT40 5 GHz CTLs
    - LP: #644694
  * ocfs2: Fix incorrect checksum validation error
    - LP: #644694
  * USB: ehci-ppc-of: problems in unwind
    - LP: #644694
  * USB: Fix kernel oops with g_ether and Windows
    - LP: #644694
  * USB: CP210x Add new device ID
    - LP: #644694
  * USB: cp210x: Add B&G H3000 link cable ID
    - LP: #644694
  * USB: ftdi_sio: Added custom PIDs for ChamSys products
    - LP: #644694
  * USB: serial: Extra device/vendor ID for mos7840 driver
    - LP: #644694
  * usb: serial: mos7840: Add USB ID to support the B&B Electronics
    USOPTL4-2P.
    - LP: #644694
  * USB: mos7840: fix DMA buffers on stack and endianess bugs
    - LP: #644694
  * usb: serial: mos7840: Add USB IDs to support more B&B USB/RS485
    converters.
    - LP: #644694
  * USB: Exposing second ACM channel as tty for Nokia S60 phones.
    - LP: #644694
  * USB: cdc-acm: add another device quirk
    - LP: #644694
  * USB: Expose vendor-specific ACM channel on Nokia 5230
    - LP: #644694
  * USB: cdc-acm: Adding second ACM channel support for various Nokia and
    one Samsung phones
    - LP: #644694
  * USB: cdc-acm: Add pseudo modem without AT command capabilities
    - LP: #644694
  * USB: cdc-acm: Fixing crash when ACM probing interfaces with no endpoint
    descriptors.
    - LP: #644694
  * ALSA: hda - Fix auto-parser of ALC269vb for HP pin NID 0x21
    - LP: #644694
  * ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
    - LP: #644694
  * sysfs: checking for NULL instead of ERR_PTR
    - LP: #644694
  * tun: Don't add sysfs attributes to devices without sysfs directories
    - LP: #644694
  * oprofile: fix crash when accessing freed task structs
    - LP: #644694
  * oprofile, x86: fix init_sysfs error handling
    - LP: #644694
  * oprofile, x86: fix init_sysfs() function stub
    - LP: #644694
  * HID: usbhid: initialize interface pointers early enough
    - LP: #644694
  * HID: fix suspend crash by moving initializations earlier
    - LP: #644694
  * libata: skip EH autopsy and recovery during suspend
    - LP: #644694
  * tracing: Fix a race in function profile
    - LP: #644694
  * tracing: Do not allow llseek to set_ftrace_filter
    - LP: #644694
  * tracing: t_start: reset FTRACE_ITER_HASH in case of seek/pread
    - LP: #644694
  * irda: off by one
    - LP: #644694
  * gcov: fix null-pointer dereference for certain module types
    - LP: #644694
  * tmio_mmc: don't clear unhandled pending interrupts
    - LP: #644694
  * mmc: fix the use of kunmap_atomic() in tmio_mmc.h
    - LP: #644694
  * bounce: call flush_dcache_page() after bounce_copy_vec()
    - LP: #644694
  * kernel/groups.c: fix integer overflow in groups_search
    - LP: #644694
  * binfmt_misc: fix binfmt_misc priority
    - LP: #644694
  * Input: i8042 - fix device removal on unload
    - LP: #644694
  * memory hotplug: fix next block calculation in is_removable
    - LP: #644694
  * perf: Initialize callchains roots's childen hits
    - LP: #644694
  * p54: fix tx feedback status flag check
    - LP: #644694
  * ath5k: check return value of ieee80211_get_tx_rate
    - LP: #644694
  * wireless extensions: fix kernel heap content leak
    - LP: #644694
  * x86, tsc: Fix a preemption leak in restore_sched_clock_state()
    - LP: #644694
  * sched: Protect task->cpus_allowed access in sched_getaffinity()
    - LP: #644694
  * sched: Protect sched_rr_get_param() access to task->sched_class
    - LP: #644694
  * sched: Consolidate select_task_rq() callers
    - LP: #644694
  * sched: Remove unused cpu_nr_migrations()
    - LP: #644694
  * sched: Remove rq->clock coupling from set_task_cpu()
    - LP: #644694
  * sched: Clean up ttwu() rq locking
    - LP: #644694
  * sched: Sanitize fork() handling
    - LP: #644694
  * sched: Remove forced2_migrations stats
    - LP: #644694
  * sched: Make wakeup side and atomic variants of completion API irq safe
    - LP: #644694
  * sched: Use rcu in sys_sched_getscheduler/sys_sched_getparam()
    - LP: #644694
  * sched: Use rcu in sched_get/set_affinity()
    - LP: #644694
  * sched: Use rcu in sched_get_rr_param()
    - LP: #644694
  * sched: Fix set_cpu_active() in cpu_down()
    - LP: #644694
  * sched: Use TASK_WAKING for fork wakups
    - LP: #644694
  * sched: Ensure set_task_cpu() is never called on blocked tasks
    - LP: #644694
  * sched: Make warning less noisy
    - LP: #644694
  * sched: Fix broken assertion
    - LP: #644694
  * sched: Fix sched_exec() balancing
    - LP: #644694
  * sched: Fix select_task_rq() vs hotplug issues
    - LP: #644694
  * sched: Add pre and post wakeup hooks
    - LP: #644694
  * sched: Remove the cfs_rq dependency from set_task_cpu()
    - LP: #644694
  * sched: Fix hotplug hang
    - LP: #644694
  * sched: Fix fork vs hotplug vs cpuset namespaces
    - LP: #644694
  * sched: Fix incorrect sanity check
    - LP: #644694
  * sched: Fix race between ttwu() and task_rq_lock()
    - LP: #644694
  * sched: Extend enqueue_task to allow head queueing
    - LP: #644694
  * sched: Implement head queueing for sched_rt
    - LP: #644694
  * sched: Queue a deboosted task to the head of the RT prio queue
    - LP: #644694
  * sched: set_cpus_allowed_ptr(): Don't use rq->migration_thread after
    unlock
    - LP: #644694
  * sched: Kill the broken and deadlockable
    cpuset_lock/cpuset_cpus_allowed_locked code
    - LP: #644694
  * sched: move_task_off_dead_cpu(): Take rq->lock around
    select_fallback_rq()
    - LP: #644694
  * sched: move_task_off_dead_cpu(): Remove retry logic
    - LP: #644694
  * sched: sched_exec(): Remove the select_fallback_rq() logic
    - LP: #644694
  * sched: _cpu_down(): Don't play with current->cpus_allowed
    - LP: #644694
  * sched: Make select_fallback_rq() cpuset friendly
    - LP: #644694
  * sched: Fix TASK_WAKING vs fork deadlock
    - LP: #644694
  * sched: Optimize task_rq_lock()
    - LP: #644694
  * sched: Fix nr_uninterruptible count
    - LP: #644694
  * sched: Fix rq->clock synchronization when migrating tasks
    - LP: #644694
  * sched: Remove unnecessary RCU exclusion
    - LP: #644694
  * sched: apply RCU protection to wake_affine()
    - LP: #644694
  * sched: Cleanup select_task_rq_fair()
    - LP: #644694
  * sched: More generic WAKE_AFFINE vs select_idle_sibling()
    - LP: #644694
  * sched: Fix vmark regression on big machines
    - LP: #644694
  * sched: Fix select_idle_sibling()
    - LP: #644694
  * sched: Pre-compute cpumask_weight(sched_domain_span(sd))
    - LP: #644694
  * sched: Fix select_idle_sibling() logic in select_task_rq_fair()
    - LP: #644694
  * sched: cpuacct: Use bigger percpu counter batch values for stats
    counters
    - LP: #644694
  * ALSA: hda - Handle missing NID 0x1b on ALC259 codec
    - LP: #644694
  * ALSA: hda - Handle pin NID 0x1a on ALC259/269
    - LP: #644694
  * arm: fix really nasty sigreturn bug
    - LP: #644694
  * hwmon: (f75375s) Shift control mode to the correct bit position
    - LP: #644694
  * hwmon: (f75375s) Do not overwrite values read from registers
    - LP: #644694
  * apm_power: Add missing break statement
    - LP: #644694
  * NFS: Fix a typo in nfs_sockaddr_match_ipaddr6
    - LP: #644694
  * SUNRPC: Fix race corrupting rpc upcall
    - LP: #644694
  * Linux 2.6.32.22
    - LP: #644694
  * drm/i915: don't access FW_BLC_SELF on 965G
    - LP: #645444
  * drm/i915: gen3 page flipping fixes
    - LP: #645444
  * drm/i915: don't queue flips during a flip pending event
    - LP: #645444
  * drm/i915: Hold the spinlock whilst resetting unpin_work along error
    path
    - LP: #645444
  * drm/i915: handle shared framebuffers when flipping
    - LP: #645444
  * drm/i915: add PANEL_UNLOCK_REGS definition
    - LP: #645444
  * drm/i915: make sure eDP panel is turned on
    - LP: #645444
  * drm/i915: make sure we shut off the panel in eDP configs
    - LP: #645444
  * Linux 2.6.32.22+drm33.9
    - LP: #645444
  * drm/radeon/kms/igp: sideport is AMD only
    - LP: #645371
  * drm/radeon/kms: flush HDP cache on GART table updates.
    - LP: #645371
  * drm/radeon/kms/r7xx: add workaround for hw issue with HDP flush
    - LP: #645371
  * drm/i915: Check overlay stride errata for i830 and i845
    - LP: #645371
  * i915: fix ironlake edp panel setup (v4)
    - LP: #645371
  * drm/radeon/kms: add additional quirk for Acer rv620 laptop
    - LP: #645371
  * drm/i915: fixup pageflip ringbuffer commands for i8xx
    - LP: #645371
  * drm/i915: i8xx also doesn't like multiple oustanding pageflips
    - LP: #645371
  * drm/i915/edp: Flush the write before waiting for PLLs
    - LP: #645371
  * drm/radeon/kms: disable MSI on IGP chips
    - LP: #645371
  * drm/radeon/kms: don't enable MSIs on AGP boards
    - LP: #645371
  * drm/radeon/kms: fix typo in radeon_compute_pll_gain
    - LP: #645371
  * drm/radeon/kms/DCE3+: switch pads to ddc mode when going i2c
    - LP: #645371
  * drm/radeon/kms: fix sideport detection on newer rs880 boards
    - LP: #645371
  * drm/i915: Don't touch PORT_HOTPLUG_EN in intel_dp_detect()
    - LP: #645371
  * drm/i915: Kill dangerous pending-flip debugging
    - LP: #645371
  * drm/radeon/kms: release AGP bridge at suspend
    - LP: #645371
  * drm/radeon/kms: initialize set_surface_reg reg for rs600 asic
    - LP: #645371
  * drm/radeon/kms: fix a regression on r7xx AGP due to the HDP flush fix
    - LP: #645371
  * Linux 2.6.32.22+drm33.10
    - LP: #645371
  * USB: serial/mos*: prevent reading uninitialized stack memory
    - LP: #649483
  * sparc: Provide io{read,write}{16,32}be().
    - LP: #649483
  * gro: fix different skb headrooms
    - LP: #649483
  * gro: Re-fix different skb headrooms
    - LP: #649483
  * irda: Correctly clean up self->ias_obj on irda_bind() failure.
    - LP: #649483
  * tcp: select(writefds) don't hang up when a peer close connection
    - LP: #649483
  * tcp: Combat per-cpu skew in orphan tests.
    - LP: #649483
  * tcp: fix three tcp sysctls tuning
    - LP: #649483
  * bridge: Clear IPCB before possible entry into IP stack
    - LP: #649483
  * bridge: Clear INET control block of SKBs passed into ip_fragment().
    - LP: #649483
  * net: Fix oops from tcp_collapse() when using splice()
    - LP: #649483
  * rds: fix a leak of kernel memory
    - LP: #649483
  * tcp: Prevent overzealous packetization by SWS logic.
    - LP: #649483
  * UNIX: Do not loop forever at unix_autobind().
    - LP: #649483
  * r8169: fix random mdio_write failures
    - LP: #649483
  * r8169: fix mdio_read and update mdio_write according to hw specs
    - LP: #649483
  * sparc64: Get rid of indirect p1275 PROM call buffer.
    - LP: #649483
  * drivers/net/usb/hso.c: prevent reading uninitialized memory
    - LP: #649483
  * drivers/net/cxgb3/cxgb3_main.c: prevent reading uninitialized stack
    memory
    - LP: #649483
  * drivers/net/eql.c: prevent reading uninitialized stack memory
    - LP: #649483
  * bonding: correctly process non-linear skbs
    - LP: #649483
  * Staging: vt6655: fix buffer overflow
    - LP: #649483
  * net/llc: make opt unsigned in llc_ui_setsockopt()
    - LP: #649483
  * pid: make setpgid() system call use RCU read-side critical section
    - LP: #649483
  * sched: Fix user time incorrectly accounted as system time on 32-bit
    - LP: #649483
  * oprofile: Add Support for Intel CPU Family 6 / Model 22 (Intel Celeron
    540)
    - LP: #649483
  * char: Mark /dev/zero and /dev/kmem as not capable of writeback
    - LP: #649483
  * drivers/pci/intel-iommu.c: fix build with older gcc's
    - LP: #649483
  * drivers/video/sis/sis_main.c: prevent reading uninitialized stack
    memory
    - LP: #649483
  * percpu: fix pcpu_last_unit_cpu
    - LP: #649483
  * aio: check for multiplication overflow in do_io_submit
    - LP: #649483
  * inotify: send IN_UNMOUNT events
    - LP: #649483
  * SCSI: mptsas: fix hangs caused by ATA pass-through
    - LP: #649483
  * ext4: Fix remaining racy updates of EXT4_I(inode)->i_flags
    - LP: #649483
  * IA64: fix siglock
    - LP: #649483
  * IA64: Optimize ticket spinlocks in fsys_rt_sigprocmask
    - LP: #649483
  * KEYS: Fix RCU no-lock warning in keyctl_session_to_parent()
    - LP: #649483
  * KEYS: Fix bug in keyctl_session_to_parent() if parent has no session
    keyring
    - LP: #649483
  * xfs: prevent reading uninitialized stack memory
    - LP: #649483
  * drivers/video/via/ioctl.c: prevent reading uninitialized stack memory
    - LP: #649483
  * ACPI: disable _OSI(Windows 2009) on Asus K50IJ
    - LP: #649483
  * bnx2: Fix netpoll crash.
    - LP: #649483
  * bnx2: Fix hang during rmmod bnx2.
    - LP: #649483
  * AT91: change dma resource index
    - LP: #649483
  * cxgb3: fix hot plug removal crash
    - LP: #649483
  * mm: page allocator: drain per-cpu lists after direct reclaim allocation
    fails
    - LP: #649483
  * mm: page allocator: calculate a better estimate of NR_FREE_PAGES when
    memory is low and kswapd is awake
    - LP: #649483
  * mm: page allocator: update free page counters after pages are placed on
    the free list
    - LP: #649483
  * guard page for stacks that grow upwards
    - LP: #649483
  * Fix unprotected access to task credentials in waitid()
    - LP: #649483
  * sctp: Do not reset the packet during sctp_packet_config().
    - LP: #649483
  * 3c503: Fix IRQ probing
    - LP: #649483
  * asix: fix setting mac address for AX88772
    - LP: #649483
  * dasd: use correct label location for diag fba disks
    - LP: #649483
  * clocksource: sh_tmu: compute mult and shift before registration
    - LP: #649483
  * gro: Fix bogus gso_size on the first fraglist entry
    - LP: #649483
  * hostap_pci: set dev->base_addr during probe
    - LP: #649483
  * inotify: fix inotify oneshot support
    - LP: #649483
  * Input: add compat support for sysfs and /proc capabilities output
    - LP: #649483
  * MIPS: Quit using undefined behavior of ADDU in 64-bit atomic
    operations.
    - LP: #649483
  * MIPS: Set io_map_base for several PCI bridges lacking it
    - LP: #649483
  * MIPS: uasm: Add OR instruction.
    - LP: #649483
  * pata_pdc202xx_old: fix UDMA mode for Promise UDMA33 cards
    - LP: #649483
  * pata_pdc202xx_old: fix UDMA mode for PDC2026x chipsets
    - LP: #649483
  * MIPS: Sibyte: Fix M3 TLB exception handler workaround.
    - LP: #649483
  * sis-agp: Remove SIS 760, handled by amd64-agp
    - LP: #649483
  * alpha: Fix printk format errors
    - LP: #649483
  * x86: Add memory modify constraints to xchg() and cmpxchg()
    - LP: #649483
  * Linux 2.6.32.23
    - LP: #649483
  * (pre-stable) [SCSI] megaraid_sas: Add new megaraid SAS 2 controller
    support to the driver
    - LP: #546091
  * (pre-stable) [SCSI] megaraid_sas: allocate the application cmds to sas2
    controller
    - LP: #546091
  * Xen: fix typo in previous patch
    - LP: #655456
  * Linux 2.6.32.24
    - LP: #655456
  * (ore-stable) ALSA: hda - Apply ALC269 VAIO fix-up to all Sony laptops
    with ALC269
    - See: #546769, #598938, #637291, #642892, #648871, #655386
  * (pre-stable) ALSA: HDA: Correctly apply position_fix quirks for ATI and
    VIA controllers
    - See: #465942, #580749, #587546
  * (pre-stable) ACPI: enable repeated PCIEXP wakeup by clearing
    PCIEXP_WAKE_STS on resume
    - LP: #613381
  * i915: return -EFAULT if copy_to_user fails
    - LP: #663176
  * i915_gem: return -EFAULT if copy_to_user fails
    - LP: #663176
  * drm/i915: Prevent double dpms on
    - LP: #663176
  * drm: Only decouple the old_fb from the crtc is we call mode_set*
    - LP: #663176
  * drm/radeon/kms: fix potential segfault in r600_ioctl_wait_idle
    - LP: #663176
  * drm/i915: Unset cursor if out-of-bounds upon mode change (v4)
    - LP: #586325, #663176
  * drm/i915: disable FBC when more than one pipe is active
    - LP: #663176
  * drm/radeon/kms: fix macbookpro connector quirk
    - LP: #663176
  * drm/nouveau: use ALIGN instead of open coding it
    - LP: #663176
  * drm/nouveau: Fix fbcon corruption with font width not divisible by 8
    - LP: #663176
  * drm/i915,agp/intel: Add second set of PCI-IDs for B43
    - LP: #640214, #663176
  * Linux 2.6.32.24+drm33.11
    - LP: #663176

[ Ubuntu: 2.6.32-25.45 ]

* v4l: disable dangerous buggy compat function
    - CVE-2010-2963
  * Local privilege escalation vulnerability in RDS sockets
    - CVE-2010-3904
  * mm: (pre-stable) Move vma_stack_continue into mm.h
    - LP: #646114
  * net sched: fix some kernel memory leaks
    - CVE-2010-2942
  * irda: Correctly clean up self->ias_obj on irda_bind() failure.
    - CVE-2010-2954
  * wireless extensions: fix kernel heap content leak
    - CVE-2010-2955
  * KEYS: Fix RCU no-lock warning in keyctl_session_to_parent()
    - CVE-2010-2960
  * KEYS: Fix bug in keyctl_session_to_parent() if parent has no session
    keyring
    - CVE-2010-2960
  * aio: check for multiplication overflow in do_io_submit
    - CVE-2010-3067
  * xfs: prevent reading uninitialized stack memory
    - CVE-2010-3078
  * ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
    - CVE-2010-3080
  * niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL
    - CVE-2010-3084
  * rose: Fix signedness issues wrt. digi count.
    - CVE-2010-3310
  * sctp: Do not reset the packet during sctp_packet_config().
    - CVE-2010-3432
  * Fix pktcdvd ioctl dev_minor range check
    - CVE-2010-3437
  * ALSA: prevent heap corruption in snd_ctl_new()
    - CVE-2010-3442
  * net sched: fix kernel leak in act_police
    - CVE-2010-3477
  * Fix out-of-bounds reading in sctp_asoc_get_hmac()
    - CVE-2010-3705
  * ocfs2: Don't walk off the end of fast symlinks.
    - CVE-2010-NNN2

linux-mvl-dove (2.6.32-212.28) lucid-proposed; urgency=low

[ Eric Miao ]

* Sync config with LSP 5.3.6
    - LP: #677498

[ Upstream Kernel Changes ]

* IDT clock: Clear all output in default
  * idt clock: add sysfs files for accessing registers
  * cs42l51 codec: provide back the set_bias_level
  * Force return stack off
  * bmm: export bmm alloc memory to kernel
  * bmm: fix module reinset get physical address 0 issue
  * bmm: support highmem
  * fix potential bug in coverity report
  * bmm: mutex replace spin_lock
  * NAND: add support for Samsung 2G devices
  * sdio: rework cis tuple parsing
  * sdio: fix reference counting in sdio_remove_func()
  * sdio: initialise SDIO functions and update card->sdio_funcs in lockstep
  * mmc: allow for MMC v4.4
  * sdio: add quirk to clamp byte mode transfer
  * sdio: introduce API for special power management features
  * sdio: don't use CMD[357] as part of a powered SDIO resume
  * sdio: kick the interrupt thread upon a resume
  * sdio: put active devices into 1-bit mode during suspend
  * sdio: recognize io card without powercycle
  * mmc: fix incorrect interpretation of card type bits
  * mmc: sd: clean up redundant memset
  * mmc: remove the "state" argument to mmc_suspend_host()
  * sdio: add new function for RAW (Read after Write) operation
  * mmc: fix all hangs related to mmc/sd card insert/removal during
    suspend/resume
  * mmc: build fix: mmc_pm_notify is only available with CONFIG_PM=y
  * pmem: Add cache flush ioctl for pmem buffers
  * dove: enable lcd0 by default
  * Dove: detect 1GHz clocks
  * Fix rt5611_ts touch screen driver to solve touch insenstive issue, that
    occur in a special timing condition, driver will not be easy to sample
    X or Y but Busy instead.
  * remove rt5611_ts.c debug message
  * update dove_android_defconfig based on dove_defconfig
  * vmeta uio driver support multi-instance decoding
  * update vmeta uio driver version to build-004
  * vmeta uio driver add suspend unset control func
  * update dove_android_defconfig
  * usb gadget: Fix mismatch on commit
    2c7c4829ac40fd18852a0c8bf0521a30a2ef2098 Author: Mike Lockwood
    <lockwood@android.com> Date: Tue Dec 2 22:01:33 2008 -0500
  * drivers: usb: gadget: Add helper function for installing ACM gadget
    function.
  * USB: gadget: android: android USB gadget improvements:
  * drivers: usb: gadget: handle NULL descriptors in composite config_buf
  * USB: composite: Fix USB WHQL Certification Issues
  * USB: android gadget: mass storage: Fix format issue for Vista Host
  * USB: composite: Add flag to usb_function to hide its interface during
    enumeration
  * USB: composite: Allow configurations to handle unhandled setup requests
  * USB: gadget: android: android USB gadget improvements:
  * USB: composite: Add class driver for enabling and disabling USB
    functions.
  * USB: gadget: Disable RNDIS function by default if
    CONFIG_USB_ANDROID_RNDIS is set
  * USB: composite: Compute interface numbers correctly when functions are
    hidden.
  * USB: gadget: android: Fix special case for RNDIS ethernet function
  * Add USB_ANDROID_RNDIS_WCEIS option.
  * USB: gadget: android: Disable UMS when RNDIS ethernet is active.
  * USB: gadget: composite: Don't call set_alt() on functions that are
    hidden.
  * USB: gadget: composite: Don't increment interface number for alt
    settings.
  * USB: gadget: android: check for null _android_dev in
    android_register_function()
  * USB: gadget: composite: Add userspace notifications for USB state
    changes
  * USB: gadget: composite: Move switch_set_state calls to a work queue
  * USB: composite: Add usb_composite_force_reset utility to force
    enumeration
  * dove android : support adb function
  * dove: disable write coalescing
 -- Paolo Pisati <paolo.pisati@canonical.com>   Thu, 17 Mar 2011 12:53:35 +0100

Changed in linux-mvl-dove (Ubuntu Lucid):
status:	New → Fix Released

Paolo Pisati (p-pisati) on 2011-03-25

Changed in linux-mvl-dove (Ubuntu Maverick):
status:	New → Fix Released

Revision history for this message

Julian Wiedmann (jwiedmann) wrote on 2012-03-02:

#7

Dapper reached EOL a long while ago.

Changed in linux (Ubuntu Dapper):
status:	New → Invalid

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	Undecided	Unassigned
Dapper	Invalid	Undecided	Unassigned
Hardy	Fix Released	Undecided	Unassigned
Jaunty	Fix Released	Undecided	Unassigned
Karmic	Fix Released	Undecided	Unassigned
Lucid	Fix Released	Undecided	Unassigned
Maverick	Fix Released	Undecided	Unassigned
linux-mvl-dove (Ubuntu)	Invalid	Undecided	Unassigned
Dapper	Invalid	Undecided	Unassigned
Hardy	Invalid	Undecided	Unassigned
Jaunty	Invalid	Undecided	Unassigned
Karmic	Invalid	Undecided	Unassigned
Lucid	Fix Released	Undecided	Unassigned
Maverick	Fix Released	Undecided	Unassigned

Ubuntu
linux package

mlock on stack will create guard page gap

Bug Description

Related branches

CVE References

Other bug subscribers

Remote bug watches

Ubuntulinux package

mlock on stack will create guard page gap

Bug Description

Related branches

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package