# Drop patches included in 2.6.32.61..2.6.32.64
- bugfix/x86/x86-Don-t-use-the-EFI-reboot-method-by-default.patch
- bugfix/x86/msr-add-capabilities-check.patch
- bugfix/x86/KVM-x86-relax-MSR_KVM_SYSTEM_TIME-alignment-check.patch
- bugfix/x86/KVM-x86-fix-for-buffer-overflow-in-handling-of-MSR_K.patch
- bugfix/x86/KVM-x86-invalid-opcode-oops-on-SET_SREGS-with-OSXSAV.patch
- bugfix/ia64/revert-pcdp-use-early_ioremap-early_iounmap-to-acces.patch
- bugfix/all/kernel-signal.c-use-__ARCH_HAS_SA_RESTORER-instead-o.patch
- bugfix/all/signal-Define-__ARCH_HAS_SA_RESTORER-so-we-know-whet.patch
- bugfix/all/signal-stop-infoleak-via-tkill-and-tgkill-signals.patch
- bugfix/all/signal-always-clear-sa_restorer-on-execve.patch
- bugfix/all/exec-use-ELOOP-for-max-recursion-depth.patch
- bugfix/all/exec-do-not-leave-bprm-interp-on-stack.patch
- bugfix/all/USB-cdc-wdm-fix-buffer-overflow.patch
- bugfix/all/USB-io_ti-Fix-Null-dereference-in-chase-port.patch
- bugfix/all/fs-compat_ioctl.c-VIDEO_SET_SPU_PALETTE-missing-erro.patch
- bugfix/all/net-fix-info-leak-in-compat-dev_ifconf.patch
- bugfix/all/ext4-Fix-max-file-size-and-logical-block-counting-of-extent-format-file.patch
- bugfix/all/ext4-avoid-hang-when-mounting-non-journal-filesystem.patch
- bugfix/all/ext4-make-orphan-functions-be-no-op-in-no-journal-mo.patch
- bugfix/all/fat-Fix-stat-f_namelen.patch
- bugfix/all/isofs-avoid-info-leak-on-export.patch
- debian/nls-Avoid-ABI-change-for-CVE-2013-1773-fix.patch
- bugfix/all/NLS-improve-UTF8-UTF16-string-conversion-routine.patch
- bugfix/all/ext4-AIO-vs-fallocate-stale-data-exposure.patch
- bugfix/all/udf-avoid-info-leak-on-export.patch
- bugfix/all/usermodehelper-____call_usermodehelper-doesnt-need-do_exit.patch
- bugfix/all/usermodehelper-implement-UMH_KILLABLE.patch
- bugfix/all/usermodehelper-introduce-umh_complete.patch
- bugfix/all/fix-ptrace-when-task-is-in-task_is_stopped-state.patch
- bugfix/all/ptrace-ensure-arch_ptrace-ptrace_request-can-never-race-with-SIGKILL.patch
- bugfix/all/ptrace-introduce-signal_wake_up_state-and-ptrace_signal_wake_up.patch
- bugfix/all/ptrace-ptrace_resume-shouldnt-wake-up-TASK_TRACED-thread.patch
- bugfix/all/mm-fix-vma_resv_map-NULL-pointer.patch
- bugfix/all/hugetlb-fix-resv_map-leak-in-error-path.patch
- bugfix/all/inet-add-RCU-protection-to-inet-opt.patch
- bugfix/all/ipv6-discard-overlapping-fragment.patch
- bugfix/all/CVE-2013-4470.patch
- bugfix/all/CVE-2013-4387.patch
- bugfix/all/ipv6-ipv6_sk_dst_check_must-not-assume-ipv6-dst.patch
- bugfix/all/ipv6-fix-NULL-dereference-in-udp6_ufo_fragment.patch
- bugfix/all/ipv6-make-fragment-identifications-less-predictable.patch
- bugfix/all/kmod-make-__request_module-killable.patch
- bugfix/all/kmod-introduce-call_modprobe-helper.patch
- bugfix/all/wake_up_process-should-be-never-used-to-wakeup-a-TASK_STOPPED-TRACED-task.patch
- bugfix/all/revert-time-avoid-making-adjustments-if-we-haven-t.patch
- bugfix/all/tmpfs-fix-use-after-free-of-mempolicy-object.patch
- bugfix/all/ax25-fix-info-leak-via-msg_name-in-ax25_recvmsg.patch
- bugfix/all/atm-fix-info-leak-in-getsockopt-SO_ATMPVC.patch
- bugfix/all/atm-fix-info-leak-via-getsockname.patch
- bugfix/all/atm-update-msg_namelen-in-vcc_recvmsg.patch
- bugfix/all/Bluetooth-fix-possible-info-leak-in-bt_sock_recvmsg.patch
- bugfix/all/Bluetooth-L2CAP-Fix-info-leak-via-getsockname.patch
- bugfix/all/Bluetooth-RFCOMM-Fix-missing-msg_namelen-update-in-r.patch
- bugfix/all/Bluetooth-RFCOMM-Fix-info-leak-via-getsockname.patch
- bugfix/all/Bluetooth-HCI-Fix-info-leak-in-getsockopt-HCI_FILTER.patch
- bugfix/all/Bluetooth-Fix-incorrect-strncpy-in-hidp_setup_hid.patch
- bugfix/all/dcbnl-fix-various-netlink-info-leaks.patch
- bugfix/all/net-fix-divide-by-zero-in-tcp-algorithm-illinois.patch
- bugfix/all/irda-Fix-missing-msg_namelen-update-in-irda_recvmsg_.patch
- bugfix/all/iucv-Fix-missing-msg_namelen-update-in-iucv_sock_rec.patch
- bugfix/all/llc-Fix-missing-msg_namelen-update-in-llc_ui_recvmsg.patch
- bugfix/all/llc-fix-info-leak-via-getsockname.patch
- bugfix/all/ipvs-fix-info-leak-in-getsockopt-IP_VS_SO_GET_TIMEOU.patch
- bugfix/all/rds-set-correct-msg_namelen.patch
- bugfix/all/rose-fix-info-leak-via-msg_name-in-rose_recvmsg.patch
- bugfix/all/kernel-panic-when-mount-NFSv4.patch
- bugfix/all/tipc-fix-info-leaks-via-msg_name-in-recv_msg-recv_st.patch
- bugfix/all/xfrm_user-return-error-pointer-instead-of-NULL-2.patch
- bugfix/all/xfrm_user-return-error-pointer-instead-of-NULL.patch
- bugfix/all/xfrm_user-fix-info-leak-in-copy_to_user_tmpl.patch
- bugfix/all/xfrm_user-fix-info-leak-in-copy_to_user_policy.patch
- bugfix/all/xfrm_user-fix-info-leak-in-copy_to_user_state.patch
- bugfix/all/keys-fix-race-with-concurrent-install_user_keyrings.patch
- bugfix/all/KVM-Fix-bounds-checking-in-ioapic-indirect-register-.patch
# End of patches to drop for 2.6.32.61
- bugfix/all/exec-ptrace-fix-get_dumpable-incorrect-tests.patch
- bugfix/s390/fix-kernel-crash-due-to-linkage-stack-instructi.patch
- bugfix/all/CVE-2013-4512.patch
- bugfix/all/CVE-2014-1438.patch
- bugfix/x86/KVM-Fix-potential-divide-by-0-in-lapic-CVE-2013-.patch
- bugfix/all/CVE-2013-4345.patch
- bugfix/all/cpqarray-fix-info-leak.patch
- bugfix/all/CVE-2014-1737_CVE-2014-1738.patch
- bugfix/all/block-do-not-pass-disknames-as-formatstrings.patch
- bugfix/all/cdrom-use-kzalloc-for-failing-hw.patch
- bugfix/all/CVE-2014-0196.patch
- bugfix/all/hid-helper-to-validate-hid-reports.patch
- bugfix/all/hid-lg-validate-hid-output-report-details.patch
- bugfix/all/HID-pantherlord-validate-output-report-details.patch
- bugfix/all/hid-zeroplus-validate-output.patch
- bugfix/all/hid-validate-report-id-size.patch
- bugfix/all/CVE-2013-4299.patch
- bugfix/all/hamradio-yam-fix-info-leak-in-ioctl.patch
- bugfix/all/farsync-fix-info-leak-in-ioctl.patch
- bugfix/all/wanxl-fix-info-leak-in-ioctl.patch
- bugfix/all/b43-stop-formatstring-leak.patch
- bugfix/all/CVE-2013-6378.patch
- bugfix/all/intel-iommu-Flush-unmaps-at-domain_exit.patch
- bugfix/all/CVE-2013-6381.patch
- bugfix/all/CVE-2013-6380.patch
- bugfix/all/CVE-2013-6383.patch
- bugfix/all/CVE-2013-4511.patch
- bugfix/all/xfs-underflow-bug-in-xfs_attrlist_by_handle.patch
- bugfix/all/CVE-2013-6405-2.patch
- bugfix/all/CVE-2013-6405-1.patch
- bugfix/all/sctp-duplicate-cookie-handling-null-pointer-deref.patch
- bugfix/all/sctp-deal-with-multiple-COOKIE_ECHO-chunks.patch
- bugfix/all/net-sctp-fix-sctp_sf_do_5_1D_ce-to-verify-if-we-peer.patch
- bugfix/all/CVE-2013-0343-patch
- bugfix/all/af_key-fix-info-leaks-in-notify-msgs.patch
- bugfix/all/af_key-initialize-sa_type-in-key_notify_policy_flush.patch
- bugfix/all/netfilter-nf_conntrack_dccp-fix-skb_header_pointer-A.patch
- bugfix/all/rds-prevent-dereference-of-a-NULL-device.patch
- bugfix/all/CVE-2014-2678.patch
- bugfix/all/SELinux-Fix-kernel-BUG-on-empty-security-contexts.patch
- bugfix/all/CVE-2013-4587.patch
- bugfix/all/CVE-2013-4162.patch
- bugfix/all/hid-check-for-null-when-setting-values.patch
# End of patches to drop for 2.6.32.62
- bugfix/all/CVE-2014-3917.patch
- bugfix/all/CVE-2014-3153-4.patch
- bugfix/all/CVE-2014-3153-3.patch
- bugfix/all/CVE-2014-3153-2.patch
- bugfix/all/CVE-2014-3153-1.patch
# End of patches to drop for 2.6.32.63
- bugfix/all/CVE-2014-4699.patch
- bugfix/all/CVE-2014-0203.patch
- bugfix/all/CVE-2014-3122.patch
- bugfix/all/CVE-2014-3144_CVE-2014-3145.patch
- bugfix/all/CVE-2014-4667.patch
- bugfix/all/CVE-2014-4656-2.patch
- bugfix/all/CVE-2014-4656-1.patch
- debian/alsa-avoid-abi-change-for-cve-2014-4652-fix.patch
- bugfix/all/CVE-2014-4652.patch
# End of patches to drop for 2.6.32.64

# Add upstream patches
+ bugfix/all/stable/2.6.32.61.patch
+ bugfix/all/stable/2.6.32.62.patch
+ bugfix/all/stable/2.6.32.63.patch
+ bugfix/all/stable/2.6.32.64.patch

# Reinstate the patches that had to be temporarily disabled
+ debian/nls-Avoid-ABI-change-for-CVE-2013-1773-fix.patch
+ debian/alsa-avoid-abi-change-for-cve-2014-4652-fix.patch
+ bugfix/all/ipv6-fix-NULL-dereference-in-udp6_ufo_fragment.patch

# Add security patches not yet available in upstream kernel
+ bugfix/all/CVE-2014-4653.patch
+ bugfix/all/CVE-2014-4654+4655.patch  
+ bugfix/all/CVE-2014-4943.patch

+ debian/block-Avoid-ABI-change-in-2.6.32.61.patch

# Fix-ups for 2.6.32.61..64
+ bugfix/all/block-add-missing-blk_queue_dead-checks.patch
+ bugfix/all/block-Fix-blk_execute_rq_nowait-dead-queue-handling.patch
+ bugfix/all/proc-connector-Delete-spurious-memset-in-proc_exit_c.patch
+ bugfix/all/vlan-Don-t-propagate-flag-changes-on-down-interfaces.patch
+ bugfix/all/net-sendmsg-Really-fix-NULL-pointer-dereference.patch
+ bugfix/all/sctp-Fix-double-free-introduced-by-bad-backport-in-2.patch
+ bugfix/all/md-raid6-Fix-misapplied-backport-in-2.6.32.64.patch

# Fixes for kernel entry/exit security flaws (mostly x86-64)
+ bugfix/x86/x86-64-bit-Move-K8-B-step-iret-fixup-to-fault-entry-.patch
+ bugfix/x86/x86-64-Adjust-frame-type-at-paranoid_exit.patch
+ bugfix/x86/x86-64-modify_ldt-Ban-16-bit-segments-on-64-bit-kern.patch
+ bugfix/x86/x86-32-espfix-Remove-filter-for-espfix32-due-to-race.patch
+ bugfix/x86/x86-64-espfix-Don-t-leak-bits-31-16-of-esp-returning.patch
+ bugfix/x86/x86-espfix-Move-espfix-definitions-into-a-separate-h.patch
+ bugfix/x86/x86-espfix-Fix-broken-header-guard.patch
+ bugfix/x86/x86-espfix-Make-espfix64-a-Kconfig-option-fix-UML.patch
+ bugfix/x86/x86-espfix-Make-it-possible-to-disable-16-bit-suppor.patch
+ bugfix/x86/x86_64-entry-xen-Do-not-invoke-espfix64-on-Xen.patch
+ bugfix/x86/x86-espfix-xen-Fix-allocation-of-pages-for-paravirt-.patch
+ bugfix/x86/x86_64-traps-Stop-using-IST-for-SS.patch
+ bugfix/x86/x86_64-traps-Fix-the-espfix64-DF-fixup-and-rewrite-i.patch
+ bugfix/x86/x86_64-traps-Rework-bad_iret.patch
