Accepted kernel-source-2.4.27 2.4.27-9 (source)

Daniel Holbach dh at mailempfang.de
Wed Apr 6 12:10:28 CDT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Origin: Debian/unstable
Format: 1.7
Date: Wed,  06 Apr 2005 18:07:24 +0100
Source: kernel-source-2.4.27
Binary: kernel-source-2.4.27, kernel-tree-2.4.27, kernel-doc-2.4.27, kernel-patch-debian-2.4.27
Architecture: source
Version: 2.4.27-9
Distribution: hoary
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>
Changed-By: Daniel Holbach <dh at mailempfang.de>
Description: 
 kernel-source-2.4.27 - Linux kernel source for version 2.4.27 with Debian patches
Closes: 285521 285563 288046 288272 288279 288712 289202 289517 289682 290013 290039 291536 296639 296700 296905
Changes: 
 kernel-source-2.4.27 (2.4.27-9) unstable; urgency=low
 .
   * There was a stray file in 2.4.27-8. Don't include it this time.
     (Simon Horman) (closes: Bug#291536)
 .
   * Updated kernel-tree description from Martin F Krafft
     (Simon Horman)
 .
   * Updated apply script so it can handle point versions
     (Simon Horman)
 .
   * 134_skb_reset_ip_summed.diff: [CAN-2005-0209] resolve checksumming
     exploit in fragmented packet forwarding (Joshua Kwan)
 .
   * 135_fix_ip_options_leak.diff: [CAN-2004-1335] fix leak of IP options
     data. (Joshua Kwan)
 .
   * 136_vc_resizing_overflow.diff: [CAN-2004-1333] make sure VC resizing
     fits in 16 bits. (Joshua Kwan)
 .
   * 137_io_edgeport_overflow.diff: [CAN-2004-1017] fix buffer overflow
     (underflow, really) that opens multiple attack vectors. (Joshua Kwan)
 .
   * 138_amd64_syscall_vuln.diff: [CAN-2004-1144] fix the "int 0x80 hole"
     that allowed overflow of the system call table. (Joshua Kwan)
 .
   * 139_sparc_context_switch.diff: fix FPU context switching dirtiness on
     sparc32 SMP. (Joshua Kwan)
 .
   * 140_VM_IO.diff: [CAN-2004-1057] fix possible DoS from accessing freed
     kernel pages by flagging VM_IO where necessary.
 .
   * 141_acpi_noirq.patch:
     [ACPI] Enhanced PCI probe, CONFIG_HPET_TIMER build warning fix
     (Simon Horman)
 .
   * 142_acpi_skip_timer_override-1.diff, 142_acpi_skip_timer_override-2.diff,
     142_acpi_skip_timer_override-3.diff, 142_acpi_skip_timer_override-4.diff:
     [ACPI] skip_timer_override including early PCI bridge detection.
     (closes: #296639) (Simon Horman)
 .
   * 121_drm-locking-checks-3.diff: LOCK_TEST_WITH_RETURN build cleanup
     (Simon Horman)
 .
   * 143_outs.diff:
     [SECURITY]: AMD64, allows local users to write to privileged
     IO ports via OUTS instruction (CAN-2005-0204) (Simon Horman)
     (closes: #296700)
 .
   * 144_sparc64-sb1500-clock-2.4.diff by David Miller: enable recognition
     of the clock chip on SunBlade 1500, it won't boot otherwise.
     (Jurij Smakov).
 .
   * 145_insert_vm_struct-no-BUG.patch:
     [SECURITY] make insert_vm_struct return an error rather than BUG().
     See CAN-2005-0003. (dann frazier)
 .
   * 146_ip6_copy_metadata_leak.diff 147_ip_copy_metadata_leak.diff:
     [SECURITY] Do not leak dst entries in ip_copy_metadata()
     See CAN-2005-0210. (Simon Horman)
 .
   * 148_ip_evitor_smp_loop.diff:
     Fix theoretical loop on SMP in ip_evictor().
     (Simon Horman, Andres Salomon)
 .
   * 149_fragment_queue_flush.diff:
     Flush fragment queue on conntrack unload. (Simon Horman, Andres Salomon)
 .
   * *** ABI Change! Notify D-I team or delay for future release
     *** Omitted from release
     *** 150_private_fragment_queues-1.diff, 150_private_fragment_queues-2.diff:
     *** Keep fragment queues private to each user. See CAN-2005-0449 and
     *** http://oss.sgi.com/archives/netdev/2005-01/msg01048.html
     *** (Simon Horman, Andres Salomon)
 .
   * 151_atm_get_addr_signedness_fix.diff:
     [SECURITY]  Fix ATM copy-to-user usage. See: CAN-2005-0531.
     See: http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
     (closes: #296905) (Simon Horman)
 .
   * 153_ppp_async_dos.diff:
     [SECURITY] remote Linux DoS on ppp servers. See: CAN-2005-0384
     (Simon Horman)
 .
   * 111-smb-client-overflow-fix-2.diff, 111-smb-client-overflow-fix-1.diff:
     [SECURITY] The above patches, included in 2.4.27-6 resolve:
     local information leak caused by race in SMP systems with
     more than 4GB of memory. remote information leak cansed by
     handling of TRANS2 packets handling in smbfs. See CAN-2004-1191.
     (see: #300163) (Simon Horman)
 .
   * 154_cmsg_compat_signedness_fix.diff:
     Fix CMSG32_OK macros. (Dann Frazier, Simon Horman)
 .
 kernel-source-2.4.27 (2.4.27-8) unstable; urgency=high
 .
   * add dh_fixperms to the build targets to kernel-patch-debian-2.4.27
     to ensure that the permissions of the files in this package are
     sensible. (closes: Bug#288279) (Simon Horman)
   * Turn a make conditional into a runtime conditional to allow debian/rules
     prune to work. (closes: #289682) (Joshua Kwan)
 .
   Patches applied:
 .
   * 121_drm-locking-checks-1.diff, 121_drm-locking-checks-2.diff:
     [SECURITY] Fix insufficient locking checks in DRM code; CAN-2004-1056
     (Fabio M. Di Nitto, Dann Frazier, Simon Horman). (closes: Bug#285563)
   * 122_sec_brk-locked.diff
     [SECURITY] Fix vulnerability in the ELF loader code allowing
     local attacker to execute code as root; CAN-2004-1235. This is better
     known as the "uselib() bug". (closes: #289202) (Maximilian Attems)
   * 123_nfs_verify_eacces.diff
     Return -EACCES instead of -ESTALE to fix some NFS data loss bugs, already
     fixed in 2.6 but not in 2.4. (closes: #288046) (Joshua Kwan)
   * 124_random_poolsize_overflow.diff
     [SECURITY] Fix integer overflow in random poolsize sysctl. (Simon Horman)
   * 125_moxa_bound_checking.diff
     [SECURITY] Fix bounds checking in moxa serial driver. (Simon Horman)
   * 126_rlimit_memlock_dos.diff
     [SECURITY] Fix RLIMIT_MEMLOCK local DoS (Simon Horman)
   * 127_fs_coda_coverty.diff
     [SECURITY] Untrusted user data in kernel. (Maxmilian Attems)
   * 128_net_fose_coverty.diff
     [SECURITY] Fix Coverity reported lack of bounds checking rose_rt_ioctl.
     (Maximilian Attems)
   * 129_net_sdla_coverty.diff
     [SECURITY] Fix sdla_xfer lack of bounds checking, reported by Coverity.
     (Maximilian Attems)
   * 130_fs_xfs_coverty.diff
     [SECURITY] Fix xfs_attrmulti_by_handle lack of bounds checking, reported
     by Coverity. (Maximilian Attems)
   * 131_expand_stack_race.diff
     [SECURITY] Fix expand_stack race in mm.h; see CAN-2005-0001.
   * 127_acpi_off.diff
     Do not do acpi_early_init() if acpi=off is in effect.
     (closes: #290039, #290013, #289517, #288712, #285521, #288272)
     (Simon Horman)
   * 133_strncpy_zero_pad.diff
     [SECURITY] Make sure strncpy null terminates strings. (CAN-2003-0465)
     Fix for s390x, ppc64 and s390. mips and alpha are still unfixed.
     N.B. This bug appears to be minor at best
     http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2
     (See: #280492) (Simon Horman)
Files: 
 9cc9dbdfe3f53e4c45c331ea303de95d 678025 devel optional kernel-source-2.4.27_2.4.27-9.diff.gz
 c1b495a855629746033b7672ca5a9415 886 devel optional kernel-source-2.4.27_2.4.27-9.dsc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iQEVAwUBQlQXTAF4adwMEr3XAQIiJQf/et9jK/ZVIsst/Omo0a9i6RotTmV3rwfQ
c2wApENKQontgt4FMKtOTNuyH5dQg+22hjc+RG5lcrsTTz/q2R90NNfPx5Hk7SFn
RjKBKOzaFzGDEK5/X+tpH47YRI/R6iLOvmuxCTiCrjjCkoIS3F4hfvEc/EcgCZIQ
fkJOh0RlFj7MEaAiavqwsAplMOFdlgL7Go7yItZ0H4cIMS6eQ8ShvQaCyOZh0bh2
fuhgk82LedJZrs/QDImjo12kOGzklhtrgKLYaFVSzmzbmGPTuIrReNmWNZWdxrEH
toxeCFhm880DIqV2Gokr0t4QmmL8PlBX7lJMS9rfaJtbasYXEpkvOA==
=Iq0J
-----END PGP SIGNATURE-----


Accepted:
kernel-source-2.4.27_2.4.27-9.diff.gz
  to pool/universe/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-9.diff.gz
kernel-source-2.4.27_2.4.27-9.dsc
  to pool/universe/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-9.dsc

More information about the hoary-changes mailing list