r4127 - in dists/sid/linux-2.6/debian: . patches-debian
Andres Salomon
dilinger at costa.debian.org
Tue Sep 6 06:37:27 UTC 2005
Author: dilinger
Date: 2005-09-06 06:37:25 +0000 (Tue, 06 Sep 2005)
New Revision: 4127
Removed:
dists/sid/linux-2.6/debian/patches-debian/net-sockglue-cap.patch
Modified:
dists/sid/linux-2.6/debian/changelog
Log:
update changelog, reformatting to new conventions;
drop unusued sockglue patch (included in 2.6.12.6)
Modified: dists/sid/linux-2.6/debian/changelog
===================================================================
--- dists/sid/linux-2.6/debian/changelog 2005-09-03 10:26:09 UTC (rev 4126)
+++ dists/sid/linux-2.6/debian/changelog 2005-09-06 06:37:25 UTC (rev 4127)
@@ -2,45 +2,31 @@
[ Andres Salomon, Bastian Blank ]
* Change ATM and Classical-IP-over-ATM to be modular, instead of being
- statically included.
- (closes: #323143)
+ statically included. (closes: #323143)
[ Sven Luther ]
- * [powerpc]
- - Added pmac-sound sanity check patch.
- - Added preliminary apus patch, not applied though.
+ * [powerpc] powerpc-pmac-sound-check.patch: Added pmac-sound sanity check.
+ * [powerpc] powerpc-apus.patch:
+ Added preliminary apus patch to package, not applied to kernel tree yet.
[ Simon Horman ]
* Unset CC_OPTIMIZE_FOR_SIZE in i386 config,
it breaks iproute's (and other netlink users) ability
to set routes. (closes: #322723)
-
- * net-sockglue-cap.patch
- [Security] Restrict socket policy loading to CAP_NET_ADMIN.
- See CAN-2005-2555.
-
- * zlib deflateBound() patch added as part of the 2.6.12.5 patch in
- 2.6.12-3 now has a CAN number.
- See CAN-2005-2457
-
* Added 2.6.12.6
- - [Security] Restrict socket policy loading to CAP_NET_ADMIN.
- See CAN-2005-2555.
- - [Maybe-Security: Can remote traffic trigger this]
- Fix DST leak in icmp_push_reply()
- - [Maybe-Security: Seems like a local DoS]
- NPTL signal delivery deadlock fix
+ - [SECURITY: CAN-2005-2555] Restrict socket policy loading to
+ CAP_NET_ADMIN.
+ - [SECURITY] Fix DST leak in icmp_push_reply(). Possible remote
+ DoS?
+ - [SECURITY] NPTL signal delivery deadlock fix; possible local
+ DoS.
- fix gl_skb/skb type error in genelink driver in usbnet
- - [Maybe-Security: Seems like a local DoS]
- fix a memory leak in devices seq_file implementation
- - [Maybe-Security: Seems like a local DoS]
- Fix SKB leak in ip6_input_finish()
+ - [SECURITY] fix a memory leak in devices seq_file implementation;
+ local DoS.
+ - [SECURITY] Fix SKB leak in ip6_input_finish(); local DoS.
+ * [SECURITY: CAN-2005-2617] amd64-insert_vm_struct-leak.patch
+ TASK_SIZE fixes for compatibility mode processes.
- * amd64-insert_vm_struct-leak.patch
- [Security] TASK_SIZE fixes for compatibility mode processes
- See CAN-2005-2617
- *
-
-- Simon Horman <horms at debian.org> Thu, 1 Sep 2005 17:02:35 +0900
linux-2.6 (2.6.12-5) unstable; urgency=low
@@ -110,7 +96,7 @@
- [security] Zlib fixes See CAN-2005-2458, CAN-2005-2459
http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
http://bugs.gentoo.org/show_bug.cgi
- - Add zlib deflateBound()
+ - [security] Add zlib deflateBound(). See CAN-2005-2457
- [security] Fix error during session join. See CAN-2005-2098
- [security] Fix keyring destructor. See CAN-2005-2099
- Module per-cpu alignment cannot always be met
Deleted: dists/sid/linux-2.6/debian/patches-debian/net-sockglue-cap.patch
===================================================================
--- dists/sid/linux-2.6/debian/patches-debian/net-sockglue-cap.patch 2005-09-03 10:26:09 UTC (rev 4126)
+++ dists/sid/linux-2.6/debian/patches-debian/net-sockglue-cap.patch 2005-09-06 06:37:25 UTC (rev 4127)
@@ -1,39 +0,0 @@
-From: Herbert Xu <herbert at gondor.apana.org.au>
-Date: Sat, 6 Aug 2005 13:33:15 +0000 (-0700)
-Subject: [IPSEC]: Restrict socket policy loading to CAP_NET_ADMIN.
-X-Git-Tag: v2.6.13-rc6
-X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6fc0b4a7a73a81e74d0004732df358f4f9975be2
-
- [IPSEC]: Restrict socket policy loading to CAP_NET_ADMIN.
-
- The interface needs much redesigning if we wish to allow
- normal users to do this in some way.
-
- Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
- Signed-off-by: David S. Miller <davem at davemloft.net>
----
-
---- a/net/ipv4/ip_sockglue.c
-+++ b/net/ipv4/ip_sockglue.c
-@@ -848,6 +848,9 @@ mc_msf_out:
-
- case IP_IPSEC_POLICY:
- case IP_XFRM_POLICY:
-+ err = -EPERM;
-+ if (!capable(CAP_NET_ADMIN))
-+ break;
- err = xfrm_user_policy(sk, optname, optval, optlen);
- break;
-
---- a/net/ipv6/ipv6_sockglue.c
-+++ b/net/ipv6/ipv6_sockglue.c
-@@ -504,6 +504,9 @@ done:
- break;
- case IPV6_IPSEC_POLICY:
- case IPV6_XFRM_POLICY:
-+ retv = -EPERM;
-+ if (!capable(CAP_NET_ADMIN))
-+ break;
- retv = xfrm_user_policy(sk, optname, optval, optlen);
- break;
-
More information about the Kernel-svn-changes
mailing list