r4127 - in dists/sid/linux-2.6/debian: . patches-debian

Andres Salomon dilinger at costa.debian.org
Tue Sep 6 06:37:27 UTC 2005 

Author: dilinger
Date: 2005-09-06 06:37:25 +0000 (Tue, 06 Sep 2005)
New Revision: 4127

Removed:
   dists/sid/linux-2.6/debian/patches-debian/net-sockglue-cap.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
Log:
  update changelog, reformatting to new conventions;
  drop unusued sockglue patch (included in 2.6.12.6)


Modified: dists/sid/linux-2.6/debian/changelog
===================================================================
--- dists/sid/linux-2.6/debian/changelog	2005-09-03 10:26:09 UTC (rev 4126)
+++ dists/sid/linux-2.6/debian/changelog	2005-09-06 06:37:25 UTC (rev 4127)
@@ -2,45 +2,31 @@
 
   [ Andres Salomon, Bastian Blank ]
   * Change ATM and Classical-IP-over-ATM to be modular, instead of being
-    statically included.
-    (closes: #323143)
+    statically included. (closes: #323143)
 
   [ Sven Luther ]
-  * [powerpc]
-    - Added pmac-sound sanity check patch.
-    - Added preliminary apus patch, not applied though.
+  * [powerpc] powerpc-pmac-sound-check.patch: Added pmac-sound sanity check.
+  * [powerpc] powerpc-apus.patch:
+    Added preliminary apus patch to package, not applied to kernel tree yet.
 
   [ Simon Horman ]
   * Unset CC_OPTIMIZE_FOR_SIZE in i386 config,
     it breaks iproute's (and other netlink users) ability
     to set routes. (closes: #322723)
-
-  * net-sockglue-cap.patch
-    [Security] Restrict socket policy loading to CAP_NET_ADMIN.
-    See CAN-2005-2555.
-
-  * zlib deflateBound() patch added as part of the 2.6.12.5 patch in
-    2.6.12-3 now has a CAN number.
-    See CAN-2005-2457
-
   * Added 2.6.12.6
-    - [Security] Restrict socket policy loading to CAP_NET_ADMIN.
-      See CAN-2005-2555.
-    - [Maybe-Security: Can remote traffic trigger this]
-      Fix DST leak in icmp_push_reply()
-    - [Maybe-Security: Seems like a local DoS]
-      NPTL signal delivery deadlock fix
+    - [SECURITY: CAN-2005-2555] Restrict socket policy loading to
+      CAP_NET_ADMIN.
+    - [SECURITY] Fix DST leak in icmp_push_reply().  Possible remote
+      DoS?
+    - [SECURITY] NPTL signal delivery deadlock fix; possible local
+      DoS.
     - fix gl_skb/skb type error in genelink driver in usbnet
-    - [Maybe-Security: Seems like a local DoS]
-      fix a memory leak in devices seq_file implementation
-    - [Maybe-Security: Seems like a local DoS]
-      Fix SKB leak in ip6_input_finish()
+    - [SECURITY] fix a memory leak in devices seq_file implementation;
+      local DoS.
+    - [SECURITY] Fix SKB leak in ip6_input_finish(); local DoS.
+  * [SECURITY: CAN-2005-2617] amd64-insert_vm_struct-leak.patch
+    TASK_SIZE fixes for compatibility mode processes.
 
-  * amd64-insert_vm_struct-leak.patch
-    [Security] TASK_SIZE fixes for compatibility mode processes
-    See CAN-2005-2617
-  * 
-
  -- Simon Horman <horms at debian.org>  Thu,  1 Sep 2005 17:02:35 +0900
 
 linux-2.6 (2.6.12-5) unstable; urgency=low
@@ -110,7 +96,7 @@
     - [security] Zlib fixes See CAN-2005-2458, CAN-2005-2459
       http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
       http://bugs.gentoo.org/show_bug.cgi
-    - Add zlib deflateBound()
+    - [security] Add zlib deflateBound().  See CAN-2005-2457
     - [security] Fix error during session join. See CAN-2005-2098
     - [security] Fix keyring destructor. See CAN-2005-2099
     - Module per-cpu alignment cannot always be met

Deleted: dists/sid/linux-2.6/debian/patches-debian/net-sockglue-cap.patch
===================================================================
--- dists/sid/linux-2.6/debian/patches-debian/net-sockglue-cap.patch	2005-09-03 10:26:09 UTC (rev 4126)
+++ dists/sid/linux-2.6/debian/patches-debian/net-sockglue-cap.patch	2005-09-06 06:37:25 UTC (rev 4127)
@@ -1,39 +0,0 @@
-From: Herbert Xu <herbert at gondor.apana.org.au>
-Date: Sat, 6 Aug 2005 13:33:15 +0000 (-0700)
-Subject: [IPSEC]: Restrict socket policy loading to CAP_NET_ADMIN.
-X-Git-Tag: v2.6.13-rc6
-X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6fc0b4a7a73a81e74d0004732df358f4f9975be2
-
-  [IPSEC]: Restrict socket policy loading to CAP_NET_ADMIN.
-  
-  The interface needs much redesigning if we wish to allow
-  normal users to do this in some way.
-  
-  Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
-  Signed-off-by: David S. Miller <davem at davemloft.net>
----
-
---- a/net/ipv4/ip_sockglue.c
-+++ b/net/ipv4/ip_sockglue.c
-@@ -848,6 +848,9 @@ mc_msf_out:
-  
- 		case IP_IPSEC_POLICY:
- 		case IP_XFRM_POLICY:
-+			err = -EPERM;
-+			if (!capable(CAP_NET_ADMIN))
-+				break;
- 			err = xfrm_user_policy(sk, optname, optval, optlen);
- 			break;
- 
---- a/net/ipv6/ipv6_sockglue.c
-+++ b/net/ipv6/ipv6_sockglue.c
-@@ -504,6 +504,9 @@ done:
- 		break;
- 	case IPV6_IPSEC_POLICY:
- 	case IPV6_XFRM_POLICY:
-+		retv = -EPERM;
-+		if (!capable(CAP_NET_ADMIN))
-+			break;
- 		retv = xfrm_user_policy(sk, optname, optval, optlen);
- 		break;
-

More information about the Kernel-svn-changes mailing list