[Debian] Re: lenny updates

Ola Lundqvist ola at inguza.com
Sat Mar 14 13:10:04 EDT 2009 

Hi Kir

Result from the import. Some comments and questions.

Building right now. Results will be available soon.

On Tue, Mar 10, 2009 at 03:17:47AM +0300, Kir Kolyshkin wrote:
> Kir Kolyshkin wrote:
> >I am currently checking all the ~80 patches that are not in openvz 
> >lenny kernel. Looks like most are really needed. Let me suggest some 
> >in a few emails I will send as a reply to this one.
> 
> 
> Misc patches that do not fall into one of the above categories. I am 
> only including important stuff.
> 
> 
> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=5d70bbc8780b474371b555cd6eeaaafdea82efe9
> binfmt_misc: fix false -ENOEXEC when coupled with other binary handlers
> A backport from mainstream patch.
> Attached as 0014*

This was already in the Debian sources. No patch needed.

> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=4c9010eff11d97bf013f53601a76990b017e45b7
> autofs4: pidns friendly oz_mode
> Fix oz_mode detect to prevent autofs daemon hang inside CT.
> Fix for OpenVZ bug #959 (http://bugzilla.openvz.org/959)
> Attached as 0020*

Denial of service problem I assume.

> 
> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=7ebcbe3c7ad977f1a9bfb03a6d7f7dca9f883b83
> autofs: fix default pgrp vnr
> Attached as 0021*

Security related, right?

> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=ff3483aef4dbbddf6ee5ca483555c0ef8f8a047f
> Fix erratum that causes memory corruption
> Attached as 0027*.

Security issue!

> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=6b9fe0296b1aa5b2e70e9ba9790e4bd9af5908c6
> vzwdog: walk through the block devices list properly
> A fix for kernel oops, OpenVZ bug #1064 (http://bugzilla.openvz.org/1064)
> Attached as 0044*

Security issue!
 
> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=134416f49ad04db56afd7eb2a41ddef4f157ea6f
> Correct per-process capabilities bounding set in CT
> Important security fix.
> Attached as 0045*

Important security issue!

> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=86d74166a99f5ece5bcd46b85cba4ebd54126685
> ms: fix inotify umount
> A fix for inotify vs. umount, backported from mainstream.
> Attached as 0052*

Regression problem (even though it did not fully work before), right?

> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=14131d2abbd2554276fe4488e3403d4c0a747cdf
> ve: sanitize capability checks for namespaces creation
> Fix for OpenVZ bug #1113 (http://bugzilla.openvz.org/1113)
> Attached as 0054*

Is this one important?
I see that the same problem exists in all other versions in Debian. However it should not hurt that
much to include it, right?

> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=c5c1032d4b6519d1e3a37853c5c0fd7fbd1f8798
> Don't dereference NULL tsk->mm in ve_move_task
> Attached as 0059*

Security issue, right?

> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=8aa704481f80e55dce430c0c01d276e8ca13018e
> Fix broken permissions for Unix98 pty.
> Attached as 0065*

Security issue!
 
> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=397500cb89baf75c8035060585c0886b3012708a
> autofs4: fix ia32 compat mode
> Attached as 0067*

Fix for amd64 environment.

> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=a65ea96551f370afb7174472dcd4c43b8165710c
> simfs: don't work with buggy input
> Attached as 0069*

Is this one important? Could be a security issue in some cases I assume, but how many filesystems
are buggy in that way? However it was an exasy fix so we should probably fix that.

> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=0328e3d32c6915650b14dd40fcd7598a420b1364
> OpenVZ bug #1160 (http://bugzilla.openvz.org/1160)
> Attached as 0070*

Kernel ops related to filesystem operation. That should be really important.

Best regards,

// Ola

-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola at inguza.com                    Annebergsslingan 37        \
|  opal at debian.org                   654 65 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------

More information about the Debian mailing list