Kernel update

This kernel update of the openSUSE 12.1 kernel brings
various bug and security fixes.

Following issues were fixed:
- tcp: drop SYN+FIN messages (bnc#765102, CVE-2012-2663).
- net: sock: validate data_len before allocating skb in
sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136).

- thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE
(bnc#762991).

- be2net: non-member vlan pkts not received in promiscous mode
(bnc#732006 CVE-2011-3347).

- fcaps: clear the same personality flags as suid when fcaps
are used (bnc#758260 CVE-2012-2123).

- macvtap: zerocopy: validate vectors before building skb
(bnc#758243 CVE-2012-2119).
- macvtap: zerocopy: set SKBTX_DEV_ZEROCOPY only when skb is
built successfully (bnc#758243 CVE-2012-2119).
- macvtap: zerocopy: put page when fail to get all requested
user pages (bnc#758243 CVE-2012-2119).
- macvtap: zerocopy: fix offset calculation when building skb
(bnc#758243 CVE-2012-2119).

- Avoid reading past buffer when calling GETACL (bnc#762992).
- Avoid beyond bounds copy while caching ACL (bnc#762992).
- Fix length of buffer copied in __nfs4_get_acl_uncached
(bnc#762992).

- hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020).

- usb/net: rndis: merge command codes.
only net/hyperv part
- usb/net: rndis: remove ambigous status codes.
only net/hyperv part
- usb/net: rndis: break out defines.
only net/hyperv part

- net/hyperv: Add flow control based on hi/low watermark.

- hv: fix return type of hv_post_message().

- Drivers: hv: util: Properly handle version negotiations.
- Drivers: hv: Get rid of an unnecessary check in
vmbus_prep_negotiate_resp().

- HID: hyperv: Set the hid drvdata correctly.
- HID: hid-hyperv: Do not use hid_parse_report() directly.

- [SCSI] storvsc: Properly handle errors from the host
(bnc#747404).
- Delete patches.suse/suse-hv-storvsc-ignore-ata_16.patch.

- patches.suse/suse-hv-pata_piix-ignore-disks.patch
replace our version of this patch with upstream variant:
ata_piix: defer disks to the Hyper-V drivers by default
libata: add a host flag to ignore detected ATA devices.

- mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate
SMP race condition (bnc#762991 CVE-2012-2373).

- xfrm: take net hdr len into account for esp payload size
calculation (bnc#759545).

- net/hyperv: Adding cancellation to ensure rndis filter is closed.

- xfs: Fix oops on IO error during xlog_recover_process_iunlinks()
(bnc#761681).

- thp: reduce khugepaged freezing latency (bnc#760860).

- igb: fix rtnl race in PM resume path (bnc#748859).
- ixgbe: add missing rtnl_lock in PM resume path (bnc#748859).

- cdc_ether: Ignore bogus union descriptor for RNDIS devices
(bnc#735362).
Taking the fix from net-next

- Fix kABI breakage due to including proc_fs.h in kernel/fork.c
modversion changed because of changes in struct proc_dir_entry (became defined)
Refresh patches.fixes/procfs-namespace-pid_ns-fix-leakage-on-fork-failure.

- Disabled MMC_TEST (bnc#760077).

- Input: ALPS - add semi-MT support for v3 protocol (bnc#716996).
- Input: ALPS - add support for protocol versions 3 and 4
(bnc#716996).
- Input: ALPS - remove assumptions about packet size (bnc#716996).
- Input: ALPS - add protocol version field in alps_model_info
(bnc#716996).
- Input: ALPS - move protocol information to Documentation
(bnc#716996).

- sysctl/defaults: kernel.hung_task_timeout -> kernel.hung_task_timeout_secs (bnc#700174)

- btrfs: partial revert of truncation improvements (FATE#306586
bnc#748463 bnc#760279).

- libata: skip old error history when counting probe trials.

- procfs, namespace, pid_ns: fix leakage upon fork() failure (bnc#757783).

- cdc-wdm: fix race leading leading to memory corruption
(bnc#759554).
This patch fixes a race whereby a pointer to a buffer
would be overwritten while the buffer was in use leading
to a double free and a memory leak. This causes crashes.
This bug was introduced in 2.6.34

- netfront: delay gARP until backend switches to Connected.
- xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX.
- xenbus: check availability of XS_RESET_WATCHES command.
- xenbus_dev: add missing error checks to watch handling.
- drivers/xen/: use strlcpy() instead of strncpy().
- blkfront: properly fail packet requests (bnc#745929).
- Linux 3.1.10.
- Update Xen config files.
- Refresh other Xen patches.

- tlan: add cast needed for proper 64 bit operation (bnc#756840).

- dl2k: Tighten ioctl permissions (bnc#758813).

- mqueue: fix a vfsmount longterm reference leak (bnc#757783).

- cciss: Add IRQF_SHARED back in for the non-MSI(X) interrupt
handler (bnc#757789).

- procfs: fix a vfsmount longterm reference leak (bnc#757783).

- uwb: fix error handling (bnc#731720).
This fixes a kernel error on unplugging an uwb dongle
- uwb: fix use of del_timer_sync() in interrupt (bnc#731720).
This fixes a kernel warning on plugging in an uwb dongle

- acer-wmi: Detect communication hot key number.
- acer-wmi: replaced the hard coded bitmap by the communication devices bitmap from SMBIOS.
- acer-wmi: add ACER_WMID_v2 interface flag to represent new notebooks.
- acer-wmi: No wifi rfkill on Sony machines.
- acer-wmi: No wifi rfkill on Lenovo machines.

- [media] cx22702: Fix signal strength.

- fs: cachefiles: Add support for large files in filesystem
caching (bnc#747038).

- Drivers: scsi: storvsc: Account for in-transit packets in the
RESET path.

- CPU hotplug, cpusets, suspend: Don't touch cpusets during suspend/resume (bnc#752460).

- net: fix a potential rcu_read_lock() imbalance in rt6_fill_node() (bnc#754186, bnc#736268).

- This commit fixes suspend to ram breakage reported in bnc#764864.
Remove dud patch. The problem it addressed is being respun upstream,
is in tip, but not yet mainlined. See bnc#752460 for details regarding
the problem the now removed patch fixed while breaking S2R.
Delete patches.fixes/cpusets-Dont-touch-cpusets-during-suspend-or-resume.patch.
- Remove dud patch. The problem it addressed is being respun upstream,
is in tip, but not yet mainlined.
Delete patches.fixes/cpusets-Dont-touch-cpusets-during-suspend-or-resume.patch.

- fix VM_FOREIGN users after c/s 878:eba6fe6d8d53 (bnc#760974).
- gntdev: fix multi-page slot allocation (bnc#760974).
- mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populateSMP
race condition (bnc#762991 CVE-2012-2373).
- thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE (bnc#762991).

- sym53c8xx: Fix NULL pointer dereference in slave_destroy (bnc#767786).

- sky2: fix regression on Yukon Optima (bnc#731537).

Fixed bugs
bnc#700174
wrong sysctl in /boot/sysctl.conf-3.0.0-rc2-1-default (and 2.6.39.2 for M2?)
bnc#716996
touchpad on Dell Lat. e5520 recognised as a PS2
bnc#731537
speednetwork limit 10Mbit with sky2 driver
bnc#731720
wusb module hwa-hc crashes kernel
bnc#732006
VUL-1: CVE-2011-3347: kernel: be2net: promiscuous mode and non-member VLAN packets DoS
bnc#735362
cdc_ether bad CDC descriptors with Samsung Galaxy S and Android >= 2.3.4
bnc#736268
Kernel shutdown may hang due to nmi watchdog
bnc#745929
SCSI inquiry doesnt return data on SLES 11-SP1 Xen VM
bnc#747038
fscache 2 GB file size limitation
bnc#747404
Partner-entered description: System stop on "Formatting partition" when install SLES11 SP2 RC2 x64 on Win8 hyper-v with VHDX virtual harddisk
bnc#748463
SLES 11 SP2 kernel crashes during install on BTRFS with soft lockup
bnc#748859
During wake-up from standby mode call traces happen for the driver igb and ixgbe of SLES 11 SP2 GMC3.
bnc#752460
libvirt pinned to single CPU after suspend/resume
bnc#754186
rcu stalls (?) cause hung tasks
bnc#756840
BUG: unable to handle kernel paging request at 000000003b91bbac
bnc#757783
VUL-1: kernel: clone() with CLONE_NEWPID leaks kernel memory
bnc#757789
2nd SmartArray controller not recognised
bnc#758243
VUL-1: CVE-2012-2119: kernel: macvtap: zerocopy: vector length is not validated before pinning user pages
bnc#758260
VUL-1: CVE-2012-2123: kernel: fcaps: clear the same personality flags as suid when fcaps are used
bnc#758813
VUL-1: kernel: unfiltered netdev rio_ioctl access by users
bnc#759545
esp hangs on some MTUs if pmtu is enabled
bnc#759554
cdc-wdm oopsable by two very fast consecutive writes
bnc#760077
sd card reader not recognized because of bad additional kernel module
bnc#760279
btrfs: could not do orphan cleanup => mount fails upon startup
bnc#760860
khugepaged prevents suspend
bnc#760902
VUL-1: CVE-2012-2319: kernel: hfsplus: mounting crafted filesystem can cause code execution
bnc#760974
oops in nfs_direct_read_schedule_segment while starting xen-unstable pv guest with xl
bnc#761681
Kernel NULL pointer dereference when mounting USB HDD with corrupted xfs file system
bnc#762991
VUL-1: kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition
bnc#762992
VUL-1: CVE-2012-2375: kernel: NFS: incomplete fix for CVE-2011-4131
bnc#764864
Suspend to RAM doesnt work after upgrading to kernel in kernel standard repo
bnc#765102
VUL-1: CVE-2012-6638: kernel: denial of service via specially forged TCP packets (SYN+FIN)
bnc#765320
VUL-1: CVE-2012-2136: kernel: data_len not validated before allocating skb in sock_alloc_send_pskb()
bnc#767786
sym53c8xx_2 driver crash in updated kernel
CVE-CVE-2009-4020
Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
Selected Binaries
openSUSE Build Service is sponsored by