I was looking at the CVE matrix today and noted that there were CVEs
applied to natty/master but not to natty/ti-omap4; this branch is not a
rebase branch and so needs manual handling. I have prepared a branch
with the requisite commits cherry-picked from natty/master and marked
those which are not applicable to ARM not-affected in the tracker.
Pull request is below. Note that there are a couple of additional NFS
fixes included to allow application of the CVE, all are stable fixes and
all are cherry-picked from the natty/master branch.

Proposing for natty/ti-omap4.

-apw

The following changes since commit 0851ca6dcfe069065835822d56862905813563cf:

UBUNTU: Ubuntu-2.6.38-1209.24 (2012-04-30 11:42:58 +0200)

are available in the git repository at:

git://kernel.ubuntu.com/apw/ubuntu-natty.git cve-catchup

for you to fetch changes up to 5266d78beb2c985ca170855c5fc9e61187b09e70:

Fix length of buffer copied in __nfs4_get_acl_uncached (2012-07-26 11:09:11 +0100)

----------------------------------------------------------------
Andy Adamson (1):
NFSv4: include bitmap in nfsv4 get acl data

Brad Figg (1):
Avoid reading past buffer when calling GETACL

Eric Paris (1):
fcaps: clear the same personality flags as suid when fcaps are used

Greg Kroah-Hartman (1):
hfsplus: Fix potential buffer overflows

Jason Wang (1):
net: sock: validate data_len before allocating skb in sock_alloc_send_pskb()

Jeff Layton (1):
nfs: don't lose MS_SYNCHRONOUS on remount of noac mount

Jeff Mahoney (1):
dl2k: Clean up rio_ioctl

Sachin Prabhu (2):
Avoid beyond bounds copy while caching ACL
Fix length of buffer copied in __nfs4_get_acl_uncached

Steve Conklin (1):
natty security: fix compile error in commoncap.c

Trond Myklebust (3):
NFSv4.1: Ensure state manager thread dies on last umount
NFSv4: Handle expired stateids when the lease is still valid
NFSv4.1: Fix the handling of NFS4ERR_SEQ_MISORDERED errors

drivers/net/dl2k.c | 53 ++++-----------------
drivers/net/dl2k.h | 7 ---
fs/hfsplus/catalog.c | 4 ++
fs/hfsplus/dir.c | 11 +++++
fs/nfs/nfs4proc.c | 112 +++++++++++++++++++++++++++-----------------
fs/nfs/nfs4state.c | 10 ++--
fs/nfs/nfs4xdr.c | 43 ++++++++++++-----
fs/nfs/super.c | 9 ++++
include/linux/nfs_xdr.h | 5 ++
include/linux/sunrpc/xdr.h | 2 +
net/core/sock.c | 7 ++-
net/sunrpc/xdr.c | 3 +-
security/commoncap.c | 6 +++
13 files changed, 160 insertions(+), 112 deletions(-)

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team

As we are uploading the last Natty kernels (baring critical CVEs) in this
cadance cycle I have just been reviewing the CVE matrix for these
kernels. It seems that a number of the recent CVEs were not applied to
the natty/ti-omap4 branch (which is _not_ a rebase branch). It seems
appropriate that natty/master and natty/ti-omap4 end up with the same
fixes (and flaws).

I have therefore pulled the missing commits and pushed them to the
natty/ti-omap4 repo. This consists of the commits below representing
3 CVEs:

a3e67ae mm: Hold a file reference in madvise_remove
47c94da sfc: Fix maximum number of TSO segments and minimum TX queue size
dc7496e sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE
e0cb62e tcp: Apply device TSO segment limit earlier
7accfd1 tcp: do not scale TSO segment size with reordering degree
ef9577d net: Allow driver to limit number of GSO segments per skb
a9a23ae KVM: unmap pages from the iommu when slots are removed

These are all commits as applied to and released or releasing for
natty/master.

-apw

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team