r3081 - in sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches/series
Simon Horman
horms@costa.debian.org
Fri, 13 May 2005 06:36:51 +0000
Author: horms
Date: 2005-05-13 06:36:49 +0000 (Fri, 13 May 2005)
New Revision: 3081
Added:
sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-8sarge1
Removed:
sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10
sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9
Modified:
sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
Log:
Frist pass at sarge-security for kernel-source-2.4.27
Modified: sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2005-05-13 06:16:10 UTC (rev 3080)
+++ sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2005-05-13 06:36:49 UTC (rev 3081)
@@ -1,5 +1,8 @@
-kernel-source-2.4.27 (2.4.27-10) UNRELEASED; urgency=low
+kernel-source-2.4.27 (2.4.27-8sarge1) testing-security; urgency=low
+ ### Log below is from the changelog 2.4.27-10 (as yet unreleased),
+ ### annotated as needed
+
* 155_net-bluetooth-signdness-fix.diff:
[Security] Fix signedness problem at socket creation in bluetooth
which can lead to local root exploit. See CAN-2005-0750
@@ -20,23 +23,27 @@
Potential DOS in load_elf_library. See CAN-2005-0749
(Simon Horman) (closes: #302705)
- * 159_fs-cramfs-stat.diff
- Fix to stat output for cramfs
- (Simon Horman)
+ # Omitted from security release
+ #* 159_fs-cramfs-stat.diff
+ # Fix to stat output for cramfs
+ # (Simon Horman)
- * 160_drivers-net-sis900-oops.diff
- sis900 kernel oops fix
- (Simon Horman)
+ # Omitted from security release
+ #* 160_drivers-net-sis900-oops.diff
+ # sis900 kernel oops fix
+ # (Simon Horman)
- * 161_drivers-net-amd8111e-irq.diff
- AMD8111e driver was releasing an irq in some error situations
- (Simon Horman)
+ # Omitted from security release
+ #* 161_drivers-net-amd8111e-irq.diff
+ # AMD8111e driver was releasing an irq in some error situations
+ # (Simon Horman)
- * 162_drivers-net-via-rhine-irq.diff
- VIA Rhine driver was releasing an irq in some error situations
- (Simon Horman)
+ # Omitted from security release
+ #* 162_drivers-net-via-rhine-irq.diff
+ # VIA Rhine driver was releasing an irq in some error situations
+ # (Simon Horman)
- * 165_VM_IO.diff added, 140_VM_IO.diff removed:
+ * 165_VM_IO.diff added:
[CAN-2004-1057] Updated fix for DoS from accessing freed kernel pages.
The previous fix seems to have cuased some problems and this
is the one that is upstream.
@@ -54,18 +61,19 @@
Linux kernel ELF core dump privilege elevation
See CAN-2005-1263. (closes: #308757). (Simon Horman)
- -- Simon Horman <horms@debian.org> Thu, 12 May 2005 17:08:10 +0900
+ ### Log below is from the changelog 2.4.27-9, annotated as needed
-kernel-source-2.4.27 (2.4.27-9) unstable; urgency=low
-
* There was a stray file in 2.4.27-8. Don't include it this time.
(Simon Horman) (closes: Bug#291536)
+ N.B: This was a build-time error that would have to be
+ forcibly repoduced
* Updated kernel-tree description from Martin F Krafft
(Simon Horman)
* Updated apply script so it can handle point versions
(Simon Horman)
+ N.B: This is needed to allow releases of the form 2.4.27-8sarge1
* 134_skb_reset_ip_summed.diff: [CAN-2005-0209] resolve checksumming
exploit in fragmented packet forwarding (Joshua Kwan)
@@ -82,32 +90,38 @@
* 138_amd64_syscall_vuln.diff: [CAN-2004-1144] fix the "int 0x80 hole"
that allowed overflow of the system call table. (Joshua Kwan)
- * 139_sparc_context_switch.diff: fix FPU context switching dirtiness on
- sparc32 SMP. (Joshua Kwan)
+ # Omitted from security release
+ #* 139_sparc_context_switch.diff: fix FPU context switching dirtiness on
+ # sparc32 SMP. (Joshua Kwan)
- * 140_VM_IO.diff: [CAN-2004-1057] fix possible DoS from accessing freed
- kernel pages by flagging VM_IO where necessary.
+ # Obsolted by 163_VM_IO.diff above
+ #* 140_VM_IO.diff: [CAN-2004-1057] fix possible DoS from accessing freed
+ # kernel pages by flagging VM_IO where necessary.
- * 141_acpi_noirq.patch:
- [ACPI] Enhanced PCI probe, CONFIG_HPET_TIMER build warning fix
- (Simon Horman)
+ # Omitted from security release
+ #* 1141_acpi_pci_probe.diff:
+ # [ACPI] Enhanced PCI probe, CONFIG_HPET_TIMER build warning fix
+ # (Simon Horman)
- * 142_acpi_skip_timer_override-1.diff, 142_acpi_skip_timer_override-2.diff,
- 142_acpi_skip_timer_override-3.diff, 142_acpi_skip_timer_override-4.diff:
- [ACPI] skip_timer_override including early PCI bridge detection.
- (closes: #296639) (Simon Horman)
+ # Omitted from security release
+ #* 142_acpi_skip_timer_override-1.diff, 142_acpi_skip_timer_override-2.diff,
+ # 142_acpi_skip_timer_override-3.diff, 142_acpi_skip_timer_override-4.diff:
+ # [ACPI] skip_timer_override including early PCI bridge detection.
+ # (closes: #296639) (Simon Horman)
- * 121_drm-locking-checks-3.diff: LOCK_TEST_WITH_RETURN build cleanup
- (Simon Horman)
+ # Omitted from security release
+ #* 121_drm-locking-checks-3.diff: LOCK_TEST_WITH_RETURN build cleanup
+ # (Simon Horman)
* 143_outs.diff:
[SECURITY]: AMD64, allows local users to write to privileged
IO ports via OUTS instruction (CAN-2005-0204) (Simon Horman)
(closes: #296700)
- * 144_sparc64-sb1500-clock-2.4.diff by David Miller: enable recognition
- of the clock chip on SunBlade 1500, it won't boot otherwise.
- (Jurij Smakov).
+ # Omitted from security release
+ #* 144_sparc64-sb1500-clock-2.4.diff by David Miller: enable recognition
+ # o the clock chip on SunBlade 1500, it won't boot otherwise.
+ # (Jurij Smakov).
* 145_insert_vm_struct-no-BUG.patch:
[SECURITY] make insert_vm_struct return an error rather than BUG().
@@ -117,12 +131,14 @@
[SECURITY] Do not leak dst entries in ip_copy_metadata()
See CAN-2005-0210. (Simon Horman)
- * 148_ip_evitor_smp_loop.diff:
- Fix theoretical loop on SMP in ip_evictor().
- (Simon Horman, Andres Salomon)
+ # Omitted from security release
+ #* 148_ip_evitor_smp_loop.diff:
+ # Fix theoretical loop on SMP in ip_evictor().
+ # (Simon Horman, Andres Salomon)
- * 149_fragment_queue_flush.diff:
- Flush fragment queue on conntrack unload. (Simon Horman, Andres Salomon)
+ # Omitted from security release
+ #* 149_fragment_queue_flush.diff:
+ # Flush fragment queue on conntrack unload. (Simon Horman, Andres Salomon)
* *** ABI Change! Notify D-I team or delay for future release
*** Omitted from release
@@ -147,10 +163,11 @@
handling of TRANS2 packets handling in smbfs. See CAN-2004-1191.
(see: #300163) (Simon Horman)
- * 154_cmsg_compat_signedness_fix.diff:
- Fix CMSG32_OK macros. (Dann Frazier, Simon Horman)
+ # Omitted from security release
+ #* 154_cmsg_compat_signedness_fix.diff:
+ # Fix CMSG32_OK macros. (Dann Frazier, Simon Horman)
- -- Simon Horman <horms@debian.org> Fri, 25 Mar 2005 10:42:50 +0900
+ -- Simon Horman <horms@debian.org> Fri, 13 May 2005 15:35:58 +0900
kernel-source-2.4.27 (2.4.27-8) unstable; urgency=high
Deleted: sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10
===================================================================
--- sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10 2005-05-13 06:16:10 UTC (rev 3080)
+++ sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10 2005-05-13 06:36:49 UTC (rev 3081)
@@ -1,15 +0,0 @@
-+ 155_bluetooth_signdness-fix.diff
-+ 156_fs-ext2-info-leak.diff
-+ 157_fs-isofs-range-check-1.diff
-+ 157_fs-isofs-range-check-2.diff
-+ 157_fs-isofs-range-check-3.diff
-+ 158_fs-binfmt_elf-dos.diff
-+ 159_fs-cramfs-stat.diff
-+ 160_drivers-net-sis900-oops.diff
-+ 161_drivers-net-amd8111e-irq.diff
-+ 162_drivers-net-via-rhine-irq.diff
-- 140_VM_IO.diff
-+ 163_VM_IO.diff
-+ 164_net-ipv4-icmp-quench.diff
-+ 165_arch-ia64-kernel-missing-sysctl.diff
-+ 166_fs-binfmt_elf-dump-privelage.diff
Added: sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-8sarge1
===================================================================
--- sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-8sarge1 2005-05-13 06:16:10 UTC (rev 3080)
+++ sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-8sarge1 2005-05-13 06:36:49 UTC (rev 3081)
@@ -0,0 +1,40 @@
++ 134_skb_reset_ip_summed.diff
++ 135_fix_ip_options_leak.diff
++ 136_vc_resizing_overflow.diff
++ 137_io_edgeport_overflow.diff
++ 138_amd64_syscall_vuln.diff
+# omitted from security update + 139_sparc_context_switch.diff
+# obsolted by 163_VM_IO.diff below + 140_VM_IO.diff
+# omitted from security update + 141_acpi_pci_probe.diff
+# omitted from security update + 142_acpi_skip_timer_override-1.diff
+# omitted from security update + 142_acpi_skip_timer_override-2.diff
+# omitted from security update + 142_acpi_skip_timer_override-3.diff
+# omitted from security update + 142_acpi_skip_timer_override-4.diff
+# omitted from security update + 121_drm-locking-checks-3.diff
++ 143_outs.diff
+# omitted from security update + 144_sparc64-sb1500-clock-2.4.diff
++ 145_insert_vm_struct-no-BUG.diff
++ 146_ip6_copy_metadata_leak.diff
++ 147_ip_copy_metadata_leak.diff
+# omitted from security update + 148_ip_evictor_smp_loop.diff
+# omitted from security update + 149_fragment_queue_flush.diff
+#ABI Change+ 150_private_fragment_queues-1.diff
+#ABI Change+ 150_private_fragment_queues-2.diff
++ 151_atm_get_addr_signedness_fix.diff
++ 153_ppp_async_dos.diff
+# omitted from security update + 154_cmsg_compat_signedness_fix.diff
++ 155_bluetooth_signdness-fix.diff
++ 156_fs-ext2-info-leak.diff
++ 157_fs-isofs-range-check-1.diff
++ 157_fs-isofs-range-check-2.diff
++ 157_fs-isofs-range-check-3.diff
++ 158_fs-binfmt_elf-dos.diff
+# omitted from security update + 159_fs-cramfs-stat.diff
+# omitted from security update + 160_drivers-net-sis900-oops.diff
+# omitted from security update + 161_drivers-net-amd8111e-irq.diff
+# omitted from security update + 162_drivers-net-via-rhine-irq.diff
+# never added for this release - 140_VM_IO.diff
++ 163_VM_IO.diff
++ 164_net-ipv4-icmp-quench.diff
++ 165_arch-ia64-kernel-missing-sysctl.diff
++ 166_fs-binfmt_elf-dump-privelage.diff
Deleted: sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9
===================================================================
--- sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9 2005-05-13 06:16:10 UTC (rev 3080)
+++ sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9 2005-05-13 06:36:49 UTC (rev 3081)
@@ -1,25 +0,0 @@
-+ 134_skb_reset_ip_summed.diff
-+ 135_fix_ip_options_leak.diff
-+ 136_vc_resizing_overflow.diff
-+ 137_io_edgeport_overflow.diff
-+ 138_amd64_syscall_vuln.diff
-+ 139_sparc_context_switch.diff
-+ 140_VM_IO.diff
-+ 141_acpi_pci_probe.diff
-+ 142_acpi_skip_timer_override-1.diff
-+ 142_acpi_skip_timer_override-2.diff
-+ 142_acpi_skip_timer_override-3.diff
-+ 142_acpi_skip_timer_override-4.diff
-+ 121_drm-locking-checks-3.diff
-+ 143_outs.diff
-+ 144_sparc64-sb1500-clock-2.4.diff
-+ 145_insert_vm_struct-no-BUG.diff
-+ 146_ip6_copy_metadata_leak.diff
-+ 147_ip_copy_metadata_leak.diff
-+ 148_ip_evictor_smp_loop.diff
-+ 149_fragment_queue_flush.diff
-#ABI Change+ 150_private_fragment_queues-1.diff
-#ABI Change+ 150_private_fragment_queues-2.diff
-+ 151_atm_get_addr_signedness_fix.diff
-+ 153_ppp_async_dos.diff
-+ 154_cmsg_compat_signedness_fix.diff