[Debian] Re: lenny updates

Kir Kolyshkin kir at openvz.org
Mon Mar 16 07:24:26 EDT 2009 

Ola Lundqvist wrote:
> Hi Kir
>
> Result from the import. Some comments and questions.
>
> Building right now. Results will be available soon.
>
> On Tue, Mar 10, 2009 at 03:17:47AM +0300, Kir Kolyshkin wrote:
>   
>> Kir Kolyshkin wrote:
>>     
>>> I am currently checking all the ~80 patches that are not in openvz 
>>> lenny kernel. Looks like most are really needed. Let me suggest some 
>>> in a few emails I will send as a reply to this one.
>>>       
>> Misc patches that do not fall into one of the above categories. I am 
>> only including important stuff.
>>
>>
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=5d70bbc8780b474371b555cd6eeaaafdea82efe9
>> binfmt_misc: fix false -ENOEXEC when coupled with other binary handlers
>> A backport from mainstream patch.
>> Attached as 0014*
>>     
>
> This was already in the Debian sources. No patch needed.
>
>   
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=4c9010eff11d97bf013f53601a76990b017e45b7
>> autofs4: pidns friendly oz_mode
>> Fix oz_mode detect to prevent autofs daemon hang inside CT.
>> Fix for OpenVZ bug #959 (http://bugzilla.openvz.org/959)
>> Attached as 0020*
>>     
>
> Denial of service problem I assume.
>
>   
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=7ebcbe3c7ad977f1a9bfb03a6d7f7dca9f883b83
>> autofs: fix default pgrp vnr
>> Attached as 0021*
>>     
>
> Security related, right?
>   

Correct

>   
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=ff3483aef4dbbddf6ee5ca483555c0ef8f8a047f
>> Fix erratum that causes memory corruption
>> Attached as 0027*.
>>     
>
> Security issue!
>
>   
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=6b9fe0296b1aa5b2e70e9ba9790e4bd9af5908c6
>> vzwdog: walk through the block devices list properly
>> A fix for kernel oops, OpenVZ bug #1064 (http://bugzilla.openvz.org/1064)
>> Attached as 0044*
>>     
>
> Security issue!
>  
>   
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=134416f49ad04db56afd7eb2a41ddef4f157ea6f
>> Correct per-process capabilities bounding set in CT
>> Important security fix.
>> Attached as 0045*
>>     
>
> Important security issue!
>
>   
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=86d74166a99f5ece5bcd46b85cba4ebd54126685
>> ms: fix inotify umount
>> A fix for inotify vs. umount, backported from mainstream.
>> Attached as 0052*
>>     
>
> Regression problem (even though it did not fully work before), right?
>
>   
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=14131d2abbd2554276fe4488e3403d4c0a747cdf
>> ve: sanitize capability checks for namespaces creation
>> Fix for OpenVZ bug #1113 (http://bugzilla.openvz.org/1113)
>> Attached as 0054*
>>     
>
> Is this one important?
>   

Yes, this is a prerequisite for the next fixes.

> I see that the same problem exists in all other versions in Debian. However it should not hurt that
> much to include it, right?
>
>   
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=c5c1032d4b6519d1e3a37853c5c0fd7fbd1f8798
>> Don't dereference NULL tsk->mm in ve_move_task
>> Attached as 0059*
>>     
>
> Security issue, right?
>   

Right.

>   
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=8aa704481f80e55dce430c0c01d276e8ca13018e
>> Fix broken permissions for Unix98 pty.
>> Attached as 0065*
>>     
>
> Security issue!
>  
>   
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=397500cb89baf75c8035060585c0886b3012708a
>> autofs4: fix ia32 compat mode
>> Attached as 0067*
>>     
>
> Fix for amd64 environment.
>
>   
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=a65ea96551f370afb7174472dcd4c43b8165710c
>> simfs: don't work with buggy input
>> Attached as 0069*
>>     
>
> Is this one important? Could be a security issue in some cases I assume, but how many filesystems
> are buggy in that way? However it was an exasy fix so we should probably fix that.
>   

At least aufs and unionfs.

>   
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=0328e3d32c6915650b14dd40fcd7598a420b1364
>> OpenVZ bug #1160 (http://bugzilla.openvz.org/1160)
>> Attached as 0070*
>>     
>
> Kernel ops related to filesystem operation. That should be really important.
>
> Best regards,
>
> // Ola
>
>

More information about the Debian mailing list