r3919 - in branches/dist: .
sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian
Simon Horman
horms at costa.debian.org
Tue Aug 16 11:11:39 UTC 2005
Author: horms
Date: 2005-08-16 11:11:38 +0000 (Tue, 16 Aug 2005)
New Revision: 3919
Added:
branches/dist/sarge-security/
Modified:
branches/dist/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
Log:
Add a place for sarge-security
Modified: branches/dist/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- branches/dist/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2005-08-16 10:14:29 UTC (rev 3918)
+++ branches/dist/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2005-08-16 11:11:38 UTC (rev 3919)
@@ -1,4 +1,4 @@
-kernel-source-2.6.8 (2.6.8-17) UNRELEASED; urgency=low
+kernel-source-2.6.8 (2.6.8-16sarge1) stable-security; urgency=high
[ Dann Frazier ]
* mckinley_icache.dpatch:
@@ -10,10 +10,11 @@
be trivial to construct a user-space DoS - Simon Horman.
[ Simon Horman ]
- * drivers-net-via-rhine-wol-oops.dpatch (removed):
- This patch breaks the via-rhine driver and 2.6.8 and is
- completely bogus for this version of the kernel
- (closes: #311357)
+ # Excluded from security-only release
+ # * drivers-net-via-rhine-wol-oops.dpatch (removed):
+ # This patch breaks the via-rhine driver and 2.6.8 and is
+ # completely bogus for this version of the kernel
+ # (closes: #311357)
* arch-x86_64-kernel-ptrace-boundary-check.dpatch
[Security, x86_64] Don't allow accesses below register frame in ptrace
@@ -37,8 +38,9 @@
in iounmap as it may be in a memory hole not mapped in mem_map and that
causes the hash lookup to go off to nirvana.
- * drivers-media-vidio-bttv-vc100xp-detect.dpatch
- Allow Leadtek WinFast VC100 XP cards to work.
+ # Excluded from security-only release
+ # * drivers-media-vidio-bttv-vc100xp-detect.dpatch
+ # Allow Leadtek WinFast VC100 XP cards to work.
* fs-exec-ptrace-core-exec-race.dpatch
[Security] Fix race between core dumping and exec with shared mm
@@ -56,23 +58,26 @@
mount a non-hfs filesystem as HFS+.
N.B: Marked as security as users may have mount privelages.
- * fs-jbd-checkpoint-assertion.dpatch
- Fix possible false assertion failure in log_do_checkpoint(). We might fail
- to detect that we actually made a progress when cleaning up the checkpoint
- lists if we don't retry after writing something to disk.
+ # Excluded from security-only release
+ # * fs-jbd-checkpoint-assertion.dpatch
+ # Fix possible false assertion failure in log_do_checkpoint(). We might fail
+ # to detect that we actually made a progress when cleaning up the checkpoint
+ # lists if we don't retry after writing something to disk.
* mm-mmap-range-test.dpatch
[Security] Make sure get_unmapped_area sanity tests are done regardless of
wheater MAP_FIXED is set or not.
See CAN-2005-1265
- * mm-rmap-out-of-bounds-pte.dpatch
- Stop try_to_unmap_cluster() passing out-of-bounds pte to pte_unmap()
+ # Excluded from security-only release
+ # * mm-rmap-out-of-bounds-pte.dpatch
+ # Stop try_to_unmap_cluster() passing out-of-bounds pte to pte_unmap()
* net-bridge-netfilter-etables-smp-race.dpatch
[Security] The patch below fixes an smp race that happens on such
systems under heavy load.
+ Excluded from security-only release
* net-bridge-mangle-oops-1.dpatch, net-bridge-mangle-oops-2.dpatch
Fix oops when mangling and brouting and tcpdumping packets
Needed for net-bridge-forwarding-poison-1.dpatch
@@ -84,8 +89,9 @@
hostile side of bridge from causing packet leakage, a small but possible
security risk.
- * net-ipv4-netfilter-ip_queue-deadlock.dpatch
- Fix deadlock with ip_queue and tcp local input path.
+ # Excluded from security-only release
+ # * net-ipv4-netfilter-ip_queue-deadlock.dpatch
+ # Fix deadlock with ip_queue and tcp local input path.
* [Security] net-rose-ndigis-verify.dpatch
Verify ndigis argument of a new route.
@@ -97,14 +103,16 @@
* net-ipv4-ipvs-conn_tab-race.dpatch
[Security] Fix race condition on ip_vs_conn_tab list modification
- * asm-i386-mem-clobber.dpatch:
- Make sure gcc doesn't reorder memory accesses in strncmp and friends on
- i386.
+ # Excluded from security-only release
+ # * asm-i386-mem-clobber.dpatch:
+ # Make sure gcc doesn't reorder memory accesses in strncmp and friends on
+ # i386.
- * drivers-acpi-pci_irq-elcr.dpatch:
- Make sure we call acpi_register_gsi() even for default PCI interrupt
- assignment. That's the part that keeps track of the ELCR register, and we
- want to make sure that the PCI interrupts are properly marked level/low.
+ # Excluded from security-only release
+ # * drivers-acpi-pci_irq-elcr.dpatch:
+ # Make sure we call acpi_register_gsi() even for default PCI interrupt
+ # assignment. That's the part that keeps track of the ELCR register, and we
+ # want to make sure that the PCI interrupts are properly marked level/low.
* asm-i386-mem-clobber.dpatch:
Make sure netlink_autobind() propagates the error return from
@@ -133,29 +141,30 @@
patch to apply cleanly.
See CAN-2005-1761.
- * Makefile-gcc-3.3.dpatch, control
- Build with gcc-3.3, as gcc-4.0, now the dedault in unstable,
- fails to build this source. As this tree is primarily
- intended for use with sarge, there seems little point
- in putting in gcc-4.0 fixes, but at the same time,
- there is some value in being able to use it with unstable.
- (Closes: #323059)
+ # Excluded from security-only release
+ # * Makefile-gcc-3.3.dpatch, control
+ # Build with gcc-3.3, as gcc-4.0, now the dedault in unstable,
+ # fails to build this source. As this tree is primarily
+ # intended for use with sarge, there seems little point
+ # in putting in gcc-4.0 fixes, but at the same time,
+ # there is some value in being able to use it with unstable.
+ # (Closes: #323059)
[ dann frazier ]
* Merge in applicable fixes from 2.6.12.3
- [Security] ppc32-time_offset-misuse.dpatch
- - v4l-cx88-hue-offset-fix.dpatch
- - tty_ldisc_ref-return-null-check.dpatch
+ # Excluded from security-only release - v4l-cx88-hue-offset-fix.dpatch
+ # Excluded from security-only release - tty_ldisc_ref-return-null-check.dpatch
* Merge in applicable fixes from 2.6.12.4
- [Security] netfilter-NAT-memory-corruption.dpatch
- - netfilter-deadlock-ip6_queue.dpatch
+ # Excluded from security-only release - netfilter-deadlock-ip6_queue.dpatch
- [Security] ipsec-array-overflow.dpatch See CAN-2005-2456
(See: #321401) (Closes: #321401)
- [Security] netfilter-ip_conntrack_untracked-refcount.dpatch
- [Security] sys_get_thread_area-leak.dpatch
- - rocket_c-fix-ldisc-ref-count.dpatch
- - early-vlan-fix.dpatch
+ # Excluded from security-only release - rocket_c-fix-ldisc-ref-count.dpatch
+ # Excluded from security-only release - early-vlan-fix.dpatch
[ Simon Horman ]
* fs_ext2_ext3_xattr-sharing.dpatch
@@ -176,9 +185,10 @@
[Security] Fixes remote DoS when using ipt_recent on a 64 bit machine.
(Closes: #322237)
- * drivers-sata-promise-sataii_tx2_tx4.dpatch
- Add SATAII TX2 and TX2/TX4 support to sata promise driver
- (Closes: #317286)
+ # Excluded from security-only release
+ # * drivers-sata-promise-sataii_tx2_tx4.dpatch
+ # Add SATAII TX2 and TX2/TX4 support to sata promise driver
+ # (Closes: #317286)
[ Frederik Schüler ]
* arch-x86_64-mm-ioremap-page-lookup-fix.dpatch
@@ -198,13 +208,15 @@
http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
http://bugs.gentoo.org/show_bug.cgi?id=94584
- * zisofs.dpatch
- Check input buffer size in zisofs
- From 2.6.12.5
+ # Excluded from security-only release
+ # * zisofs.dpatch
+ # Check input buffer size in zisofs
+ # From 2.6.12.5
- * module-per-cpu-alignment-fix.dpatch
- Module per-cpu alignment cannot always be met
- From 2.6.12.5
+ # Excluded from security-only release
+ # * module-per-cpu-alignment-fix.dpatch
+ # Module per-cpu alignment cannot always be met
+ # From 2.6.12.5
-- Simon Horman <horms at debian.org> Mon, 15 Aug 2005 18:51:34 +0900
More information about the Kernel-svn-changes
mailing list