6,534
edits
Changes
created
== Changes ==
* Security fixes (see RHSA-2007:0940 for details)
* Added TPE feature from grsecurity
* Other minor fixes
=== Config changes ===
Added:
* +<code>CONFIG_GRKERNSEC=y</code>
* +<code>CONFIG_GRKERNSEC_TPE=y</code>
* +<code>CONFIG_GRKERNSEC_TPE_ALL=y</code>
* +<code>CONFIG_GRKERNSEC_TPE_GID=</code>1005
* +<code>CONFIG_GRKERNSEC_SYSCTL=y</code>
* +<code>CONFIG_GRKERNSEC_FLOODTIME=</code>10
* +<code>CONFIG_GRKERNSEC_FLOODBURST=</code>4
<includeonly>[[{{PAGENAME}}/changes#Patches|{{Long changelog message}}]]</includeonly><noinclude>
=== Patches ===
==== diff-cpt-ptr-warn-20071015 ====
<div class="change">
Patch from Alexey Kuznetsov <alexey@openvz.org><br/>
[CPT] warning in cpt_restore_process()
</div>
==== diff-cpt-warn-20071011 ====
<div class="change">
Patch from Alexandr Andreev <aandreev@openvz.org> <br/>
[PATCH] CPT: fix some compilation warnings
* fix declaration of variable after statements
* fix asmlinkage declaration of hook
[dev@: corrected asmlinkage fix]
</div>
==== diff-grsec-2.1.10-tpe-core-20071010 ====
<div class="change">
Patch from Alexandr Andreev <aandreev@openvz.org> <br/>
[PATCH] grsecurity: TPE feature
This patch is a part of big grsecure-2.1.10 patch.
This patch doesn't contain virtualization support,
and source code looks like original grsecure source as much as possible.
V2 - added TPE check in mmap()/mprotect()
V3 - removed exec_file; added grsec_lock feature
Bug #92177.
</div>
==== diff-grsec-2.1.10-tpe-virt-20071010 ====
<div class="change">
Patch from Alexandr Andreev <aandreev@openvz.org><br/>
[PATCH] grsecurity: TPE feature virtualization
Bug #92177.
</div>
==== diff-ms-faster-oom-20071023 ====
<div class="change">
Patch from Denis Lunev <den@openvz.org> <br/>
Exit from OOMed process ASAP rather then dig in try_to_free_pages().
It can spend really lots of time in try_to_free_pages() (up to minutes),
while process selected for OOM should die ASAP.
Bug #79344.
</div>
==== diff-ms-net-bridge-via-eth-f-20071022 ====
<div class="change">
Patch from Vitaliy Gusev <vgusev@openvz.org>
When via_phys_dev flag is set then bridge doesn't have any ip address.
Therefore ip-traffic HW->VE passes only if bridge has the same MAC-address as
real ethernet interface. This patch corrects checking for input packets.
Bug #92737.
</div>
==== diff-smp-nmi-show-regs-b ====
<div class="change">
Patch from Vitaliy Gusev <vgusev@openvz.org> <br/>
[PATCH] fix bust_spinlocks() race when doing Alt-SysRq-P via NMI IPI
smp_show_regs() function calls bust_spinlocks() which is not protected
by any lock.
Just call bust_spinlocks() under smp_show_regs lock.
Bug #92669.
</div>
==== diff-ve-proc-sound-20071015 ====
<div class="change">
Patch from Evgeny Kravtsunov <emkravts@openvz.org><br/>
[PATCH] hide global /proc/asound entry from VE
create_proc_entry() in sound/core/info.c is called with
gobal parent == &proc_root, thus /proc/asound is global.
Make it VE0 local.
Bug #92723.
</div>
</noinclude>
* Security fixes (see RHSA-2007:0940 for details)
* Added TPE feature from grsecurity
* Other minor fixes
=== Config changes ===
Added:
* +<code>CONFIG_GRKERNSEC=y</code>
* +<code>CONFIG_GRKERNSEC_TPE=y</code>
* +<code>CONFIG_GRKERNSEC_TPE_ALL=y</code>
* +<code>CONFIG_GRKERNSEC_TPE_GID=</code>1005
* +<code>CONFIG_GRKERNSEC_SYSCTL=y</code>
* +<code>CONFIG_GRKERNSEC_FLOODTIME=</code>10
* +<code>CONFIG_GRKERNSEC_FLOODBURST=</code>4
<includeonly>[[{{PAGENAME}}/changes#Patches|{{Long changelog message}}]]</includeonly><noinclude>
=== Patches ===
==== diff-cpt-ptr-warn-20071015 ====
<div class="change">
Patch from Alexey Kuznetsov <alexey@openvz.org><br/>
[CPT] warning in cpt_restore_process()
</div>
==== diff-cpt-warn-20071011 ====
<div class="change">
Patch from Alexandr Andreev <aandreev@openvz.org> <br/>
[PATCH] CPT: fix some compilation warnings
* fix declaration of variable after statements
* fix asmlinkage declaration of hook
[dev@: corrected asmlinkage fix]
</div>
==== diff-grsec-2.1.10-tpe-core-20071010 ====
<div class="change">
Patch from Alexandr Andreev <aandreev@openvz.org> <br/>
[PATCH] grsecurity: TPE feature
This patch is a part of big grsecure-2.1.10 patch.
This patch doesn't contain virtualization support,
and source code looks like original grsecure source as much as possible.
V2 - added TPE check in mmap()/mprotect()
V3 - removed exec_file; added grsec_lock feature
Bug #92177.
</div>
==== diff-grsec-2.1.10-tpe-virt-20071010 ====
<div class="change">
Patch from Alexandr Andreev <aandreev@openvz.org><br/>
[PATCH] grsecurity: TPE feature virtualization
Bug #92177.
</div>
==== diff-ms-faster-oom-20071023 ====
<div class="change">
Patch from Denis Lunev <den@openvz.org> <br/>
Exit from OOMed process ASAP rather then dig in try_to_free_pages().
It can spend really lots of time in try_to_free_pages() (up to minutes),
while process selected for OOM should die ASAP.
Bug #79344.
</div>
==== diff-ms-net-bridge-via-eth-f-20071022 ====
<div class="change">
Patch from Vitaliy Gusev <vgusev@openvz.org>
When via_phys_dev flag is set then bridge doesn't have any ip address.
Therefore ip-traffic HW->VE passes only if bridge has the same MAC-address as
real ethernet interface. This patch corrects checking for input packets.
Bug #92737.
</div>
==== diff-smp-nmi-show-regs-b ====
<div class="change">
Patch from Vitaliy Gusev <vgusev@openvz.org> <br/>
[PATCH] fix bust_spinlocks() race when doing Alt-SysRq-P via NMI IPI
smp_show_regs() function calls bust_spinlocks() which is not protected
by any lock.
Just call bust_spinlocks() under smp_show_regs lock.
Bug #92669.
</div>
==== diff-ve-proc-sound-20071015 ====
<div class="change">
Patch from Evgeny Kravtsunov <emkravts@openvz.org><br/>
[PATCH] hide global /proc/asound entry from VE
create_proc_entry() in sound/core/info.c is called with
gobal parent == &proc_root, thus /proc/asound is global.
Make it VE0 local.
Bug #92723.
</div>
</noinclude>