++                   Hot Fix 1 for Linux Kernel 2.4.29                       ++
                          Willy Tarreau - EXOSEC
                          wtarreau at exosec.net


Please read the "README" file first. Then, simply run "make" in the directory
containing this file to rebuild the patches referenced in this file.


1) Security fixes
=================
+ flash_erase-checks-cap_sys_admin-1                             (James Nelson)

  This patch adds CAP_SYS_ADMIN checks to the potentially dangerous ioctls
  FLASH_Erase and FLASH_Burn in the Cobalt LCD interface driver.


2) Critical fixes
=================
+ panic-when-backing-up-lvm-snapshots-1                  (Heinz J. Mauelshagen)

  This patch fixes lvm-snap.c in order to avoid a list update on the snapshot
  exception hash happening while only holding a read lock as documented in Red
  Hat bugzilla #135266.


3) Major bug fixes
==================
+ nmi-oopser-megaraid2-abort-1                                (Andrey Melnikov)

  Prevent NMI oopser kill kernel thread when megaraid2 driver waiting abort or
  reset command completion.

+ oops-ata_to_sense_error-1                                       (Jeff Garzik)

  Fix an oops in ata_to_sense_error

+ lcd_ioctl-memory-leak-1                                        (James Nelson)

  This patch fixes a memory leak in the FLASH_Burn ioctl for the Cobalt LCD
  interface driver.


4) Minor bug fixes
==================
+ ppc32-tlb-miss-handler-1                        (Tom Rini / Joakim Tjernlund)

  There is a problem in the TLB Miss (and Error, as they jump to the Miss
  handler) handlers.  The problem is that when an app spans more than one L1
  entry, we don't have all of the correct information, and do_page_fault()
  things a protection fault happened, when it didn't really.  The fix for this
  is to modify the handlers slightly to force a TLB Error in this case.

+ rtnetlink-set-multi-flags-1                                     (Thomas Graf)

  Set NLM_F_MULTI for neighbour rtnetlink messages to userspace.

+ hiddev-busy-loop-1                                              (David Micon)

  In the loop, schedule() returns with the current state TASK_RUNNING, so at
  the next revolution it returns immediately, and the task sits there burning
  CPU.

+ msf-overflow-multisession-dvd-1                             (Luca Tettamanti)

  This a backport of my patch that went into 2.6.10. cdrom_read_toc (ide-cd.c)
  always reads the TOC using MSF format. If the last session of the disk
  starts beyond block 1152000 (LBA) there's an overflow in the MSF format and
  kernel complains:

      Unable to identify CD-ROM format.

  So read the multi-session TOC in LBA format in order to avoid an overflow in
  MSF format with multisession DVDs.

+ sparc64-signed-atomic-values-1               (David S. Miller / Hugh Daniels)

  Even though we declare these functions as returning a 32-bit signed integer,
  the sparc64 ABI states that such functions must properly sign-extend the
  return value to the full 64-bits.


5) Build fixes
==============
+ configure-mangles-hex-values-1                                 (Nick Pollitt)

  When doing a make oldconfig, the hex function strips the leading '0x' from
  hex values. The '0x' is needed in the final autoconf.h, and its absence
  causes the following problem.


6) Documentation fixes
======================
none yet.

END.