<feed xmlns='http://www.w3.org/2005/Atom'>
<title>kernel/git/stable/linux.git/drivers/media/dvb, branch linux-2.6.32.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<id>https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/atom?h=linux-2.6.32.y</id>
<link rel='self' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/atom?h=linux-2.6.32.y'/>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/'/>
<updated>2016-03-12T13:25:42+00:00</updated>
<entry>
<title>tda1004x: only update the frontend properties if locked</title>
<updated>2016-03-12T13:25:42+00:00</updated>
<author>
<name>Mauro Carvalho Chehab</name>
<email>mchehab@osg.samsung.com</email>
</author>
<published>2016-02-03T19:33:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=cd6596b371585864dacbb9cc336bfad58c57df6f'/>
<id>urn:sha1:cd6596b371585864dacbb9cc336bfad58c57df6f</id>
<content type='text'>
commit e8beb02343e7582980c6705816cd957cf4f74c7a upstream.

The tda1004x was updating the properties cache before locking.
If the device is not locked, the data at the registers are just
random values with no real meaning.

This caused the driver to fail with libdvbv5, as such library
calls GET_PROPERTY from time to time, in order to return the
DVB stats.

Tested with a saa7134 card 78:
	ASUSTeK P7131 Dual, vendor PCI ID: 1043:4862

Signed-off-by: Mauro Carvalho Chehab &lt;mchehab@osg.samsung.com&gt;
[bwh: Backported to 3.2: adjust filename]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
Signed-off-by: Willy Tarreau &lt;w@1wt.eu&gt;
</content>
</entry>
<entry>
<title>cx24116: fix a buffer overflow when checking userspace params</title>
<updated>2015-09-18T11:52:08+00:00</updated>
<author>
<name>Mauro Carvalho Chehab</name>
<email>mchehab@osg.samsung.com</email>
</author>
<published>2015-04-28T21:51:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=505ac5d678780e043c97b163e1fee7661d480410'/>
<id>urn:sha1:505ac5d678780e043c97b163e1fee7661d480410</id>
<content type='text'>
commit 1fa2337a315a2448c5434f41e00d56b01a22283c upstream.

The maximum size for a DiSEqC command is 6, according to the
userspace API. However, the code allows to write up much more values:
	drivers/media/dvb-frontends/cx24116.c:983 cx24116_send_diseqc_msg() error: buffer overflow 'd-&gt;msg' 6 &lt;= 23

Signed-off-by: Mauro Carvalho Chehab &lt;mchehab@osg.samsung.com&gt;
[bwh: Backported to 3.2: adjust filename]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
(cherry picked from commit 729c8c5e3700410e3436573abfa5b68e8d3c89d6)

Signed-off-by: Willy Tarreau &lt;w@1wt.eu&gt;
</content>
</entry>
<entry>
<title>s5h1420: fix a buffer overflow when checking userspace params</title>
<updated>2015-09-18T11:52:07+00:00</updated>
<author>
<name>Mauro Carvalho Chehab</name>
<email>mchehab@osg.samsung.com</email>
</author>
<published>2015-04-28T21:34:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=55e780c13d7c2a1ba5c31af81334b0fb40a77fca'/>
<id>urn:sha1:55e780c13d7c2a1ba5c31af81334b0fb40a77fca</id>
<content type='text'>
commit 12f4543f5d6811f864e6c4952eb27253c7466c02 upstream.

The maximum size for a DiSEqC command is 6, according to the
userspace API. However, the code allows to write up to 7 values:
	drivers/media/dvb-frontends/s5h1420.c:193 s5h1420_send_master_cmd() error: buffer overflow 'cmd-&gt;msg' 6 &lt;= 7

Signed-off-by: Mauro Carvalho Chehab &lt;mchehab@osg.samsung.com&gt;
[bwh: Backported to 3.2: adjust filename]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
(cherry picked from commit 4bf124b5f179a9c169c57ef7cd3a74f239063ed1)

Signed-off-by: Willy Tarreau &lt;w@1wt.eu&gt;
</content>
</entry>
<entry>
<title>ttusb-dec: buffer overflow in ioctl</title>
<updated>2014-12-13T14:16:17+00:00</updated>
<author>
<name>Dan Carpenter</name>
<email>dan.carpenter@oracle.com</email>
</author>
<published>2014-11-24T12:16:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=44023d2f627574ac8a22c2ede35b7f8528bc7912'/>
<id>urn:sha1:44023d2f627574ac8a22c2ede35b7f8528bc7912</id>
<content type='text'>
commit dc0ab1ddeb0c5f5eb3f37a72eadb394792b3c40d upstream

We need to add a limit check here so we don't overflow the buffer.

Signed-off-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
Signed-off-by: Mauro Carvalho Chehab &lt;mchehab@osg.samsung.com&gt;
(backported from commit f2e323ec96077642d397bb1c355def536d489d16)
CVE-2014-8884
BugLink: http://bugs.launchpad.net/bugs/1395187
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
Acked-by: Andy Whitcroft &lt;apw@canonical.com&gt;
Signed-off-by: Andy Whitcroft &lt;apw@canonical.com&gt;
Acked-by: Stefan Bader &lt;stefan.bader@canonical.com&gt;
Signed-off-by: Willy Tarreau &lt;w@1wt.eu&gt;
</content>
</entry>
<entry>
<title>V4L/DVB: Add Elgato EyeTV Diversity to dibcom driver</title>
<updated>2011-05-09T22:55:30+00:00</updated>
<author>
<name>Michael Müller</name>
<email>mueller_michael@alice-dsl.net</email>
</author>
<published>2010-04-27T01:18:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f4a2d5813740264e092a90c1ad9b1b61b46ccaf1'/>
<id>urn:sha1:f4a2d5813740264e092a90c1ad9b1b61b46ccaf1</id>
<content type='text'>
commit 84e2f037ce9672d0fb118e3e82cecfe6122ace3f upstream.

This patch introduces support for DVB-T for the following dibcom
based card: Elgato EyeTV Diversity (USB-ID: 0fd9:0011)

Support for the Elgato silver IR remote is added too (set parameter
dvb_usb_dib0700_ir_proto=0)

[w.sang@pengutronix.de: rebased to current linuxtv-master]
Signed-off-by: Michael Müller &lt;mueller_michael@alice-dsl.net&gt;
Signed-off-by: Wolfram Sang &lt;w.sang@pengutronix.de&gt;
Signed-off-by: Patrick Boettcher &lt;pboettcher@kernellabs.com&gt;
Signed-off-by: Mauro Carvalho Chehab &lt;mchehab@redhat.com&gt;
[bwh: Adjust context and numbering for 2.6.32]
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</content>
</entry>
<entry>
<title>FLEXCOP-PCI: fix __xlate_proc_name-warning for flexcop-pci</title>
<updated>2011-05-09T22:54:52+00:00</updated>
<author>
<name>Patrick Boettcher</name>
<email>pboettcher@kernellabs.com</email>
</author>
<published>2011-04-03T15:40:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d93ec4a17fcf5d84f323647df3216dff84f6f963'/>
<id>urn:sha1:d93ec4a17fcf5d84f323647df3216dff84f6f963</id>
<content type='text'>
commit b934c20de1398d4a82d2ecfeb588a214a910f13f upstream.

This patch fixes the warning about bad names for sys-fs and other kernel-things. The flexcop-pci driver was using '/'-characters in it, which is not good.
This has been fixed in several attempts by several people, but obviously never made it into the kernel.

Signed-off-by: Patrick Boettcher &lt;pboettcher@kernellabs.com&gt;
Cc: Steffen Barszus &lt;steffenbpunkt@googlemail.com&gt;
Cc: Boris Cuber &lt;me@boris64.net&gt;
Signed-off-by: Mauro Carvalho Chehab &lt;mchehab@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>av7110: check for negative array offset</title>
<updated>2011-03-02T14:46:37+00:00</updated>
<author>
<name>Dan Carpenter</name>
<email>error27@gmail.com</email>
</author>
<published>2011-01-07T19:41:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=dd6a19a57d7247ed62e6445f489dad501b64af03'/>
<id>urn:sha1:dd6a19a57d7247ed62e6445f489dad501b64af03</id>
<content type='text'>
commit cb26a24ee9706473f31d34cc259f4dcf45cd0644 upstream.

info-&gt;num comes from the user.  It's type int.  If the user passes
in a negative value that would cause memory corruption.

Signed-off-by: Dan Carpenter &lt;error27@gmail.com&gt;
Signed-off-by: Mauro Carvalho Chehab &lt;mchehab@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>V4L/DVB: budget: Select correct frontends</title>
<updated>2010-08-02T17:21:27+00:00</updated>
<author>
<name>Ben Hutchings</name>
<email>ben@decadent.org.uk</email>
</author>
<published>2010-05-15T16:45:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=15b956904a38753fbc9ef8dfa1cafbf5b78e7331'/>
<id>urn:sha1:15b956904a38753fbc9ef8dfa1cafbf5b78e7331</id>
<content type='text'>
commit d46b36e7f927772bb72524dc9f1e384e3cb4a975 upstream.

Update the Kconfig selections to match the code.

Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
Signed-off-by: Mauro Carvalho Chehab &lt;mchehab@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>V4L/DVB: dvb-core: Fix ULE decapsulation bug</title>
<updated>2010-08-02T17:21:26+00:00</updated>
<author>
<name>Ang Way Chuang</name>
<email>wcang79@gmail.com</email>
</author>
<published>2010-05-27T05:02:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=65019a1c668d1dbcc4c6bdcdb7bb66d8ea714752'/>
<id>urn:sha1:65019a1c668d1dbcc4c6bdcdb7bb66d8ea714752</id>
<content type='text'>
commit 5c331fc8c19e181bffab46e9d18e1637cdc47170 upstream.

Fix ULE decapsulation bug when less than 4 bytes of ULE SNDU is packed
into the remaining bytes of a MPEG2-TS frame

ULE (Unidirectional Lightweight Encapsulation RFC 4326) decapsulation
code has a bug that incorrectly treats ULE SNDU packed into the
remaining 2 or 3 bytes of a MPEG2-TS frame as having invalid pointer
field on the subsequent MPEG2-TS frame.

Signed-off-by: Ang Way Chuang &lt;wcang@nav6.org&gt;
Acked-by: Jarod Wilson &lt;jarod@redhat.com&gt;
Signed-off-by: Mauro Carvalho Chehab &lt;mchehab@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>V4L/DVB: budget: Oops: "BUG: unable to handle kernel NULL pointer dereference"</title>
<updated>2010-05-12T21:57:15+00:00</updated>
<author>
<name>Bjørn Mork</name>
<email>bjorn@mork.no</email>
</author>
<published>2010-03-24T10:57:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=65f202baf580af35a417ac8118465bef9b65307e'/>
<id>urn:sha1:65f202baf580af35a417ac8118465bef9b65307e</id>
<content type='text'>
commit 6f550dc08369ee0bc6402963c377e65f0f2e3b71 upstream.

Never call dvb_frontend_detach if we failed to attach a frontend. This fixes
the following oops, which will be triggered by a missing stv090x module:

[    8.172997] DVB: registering new adapter (TT-Budget S2-1600 PCI)
[    8.209018] adapter has MAC addr = 00:d0:5c:cc:a7:29
[    8.328665] Intel ICH 0000:00:1f.5: PCI INT B -&gt; GSI 17 (level, low) -&gt; IRQ 17
[    8.328753] Intel ICH 0000:00:1f.5: setting latency timer to 64
[    8.562047] DVB: Unable to find symbol stv090x_attach()
[    8.562117] BUG: unable to handle kernel NULL pointer dereference at 000000ac
[    8.562239] IP: [&lt;e08b04a3&gt;] dvb_frontend_detach+0x4/0x67 [dvb_core]

Ref http://bugs.debian.org/575207

Signed-off-by: Bjørn Mork &lt;bjorn@mork.no&gt;
Signed-off-by: Mauro Carvalho Chehab &lt;mchehab@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
</feed>
