6,534
edits
Changes
created (still not finished)
== Changes ==
* Major x86_64 security fix ({{CVE|2007-4573}})
* areca and r8169 driver updates
* Rebased to RHEL4-55.0.2.EL
=== Configs ===
Same as {{Kernel link|rhel4|023stab044.4}}, plus:
* +<code>CONFIG_MD_RAID6=y</code>
=== Patches ===
<dl>
<dt>diff-ms-security-x8664-rax-check-20070919
<dd><pre class="simple">
x86_64: Zero extend all registers after ptrace in 32bit entry path.
Strictly it's only needed for eax.
It actually does a little more than strictly needed -- the other registers
are already zero extended.
Also remove the now unnecessary and non functional compat task check
in ptrace.
This is CVE-2007-4573
Found by Wojciech Purczynski
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
X-Git-Url: 176df2457ef6207156ca1a40991c54ca01fef567
</pre>
<dt>linux-2.6.9-arcmsr-1.20.0X.14.devel.patch
<dd><pre>
Areca driver was provided to Thomas Krenn AG by Areca people.
https://helpdesk.swsoft.com/index.html?q=351134
Requested by Thomas Krenn AG due to memory leak caused by Areca command line
utility (about 7 MB per execution of the CLI according to Thomas Krenn AG).
Declared to fix the memory leak problem.
Bug #87569
P.S. the issue with ARCMSR_MAX_XFER_SECTORS[_B] fixed (see the bug).
</pre>
<dt>linux-2.6.9-r8169-2.2LK-NAPI-ms-2.6.22.patch
<dd><pre>
Patch prepared by Kostja (khorenko@):
r8169 driver updated upto version 2.2LK-NAPI.
Requested by Padberg-IT (web4.hm).
Sources are backported from mainstream 2.6.22 kernel.
</pre>
<dt>diff-simfs-stat64-20070622
<dd><pre>
Patch from Vasily (vtaras@):
[PATCH][2.6.9] simfs: add stat64 hook
Initial problem: per-user/group disk quota in VE doesn't work, if you
use 2.6.9-based kernel.
The thing is that during `vzctl start`, vzctl gives the required
permission to the appropriate device. If simfs is used, the device
should be an anon device.
But stat() system call on any simfs inode (this syscall is used by vzctl
to obtain major/minor number of device) returns major/minor of
_underlying_ device. Consequently vzctl gives the permission to
underlying device! Note, it is a potential security hole.
The patch adds hook to vfs_getstat64 and creates sim_getstat64: the same
approach as in vfs_getstat/sim_getsat.
</pre>
: {{bug|632}}
</dl>
* Major x86_64 security fix ({{CVE|2007-4573}})
* areca and r8169 driver updates
* Rebased to RHEL4-55.0.2.EL
=== Configs ===
Same as {{Kernel link|rhel4|023stab044.4}}, plus:
* +<code>CONFIG_MD_RAID6=y</code>
=== Patches ===
<dl>
<dt>diff-ms-security-x8664-rax-check-20070919
<dd><pre class="simple">
x86_64: Zero extend all registers after ptrace in 32bit entry path.
Strictly it's only needed for eax.
It actually does a little more than strictly needed -- the other registers
are already zero extended.
Also remove the now unnecessary and non functional compat task check
in ptrace.
This is CVE-2007-4573
Found by Wojciech Purczynski
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
X-Git-Url: 176df2457ef6207156ca1a40991c54ca01fef567
</pre>
<dt>linux-2.6.9-arcmsr-1.20.0X.14.devel.patch
<dd><pre>
Areca driver was provided to Thomas Krenn AG by Areca people.
https://helpdesk.swsoft.com/index.html?q=351134
Requested by Thomas Krenn AG due to memory leak caused by Areca command line
utility (about 7 MB per execution of the CLI according to Thomas Krenn AG).
Declared to fix the memory leak problem.
Bug #87569
P.S. the issue with ARCMSR_MAX_XFER_SECTORS[_B] fixed (see the bug).
</pre>
<dt>linux-2.6.9-r8169-2.2LK-NAPI-ms-2.6.22.patch
<dd><pre>
Patch prepared by Kostja (khorenko@):
r8169 driver updated upto version 2.2LK-NAPI.
Requested by Padberg-IT (web4.hm).
Sources are backported from mainstream 2.6.22 kernel.
</pre>
<dt>diff-simfs-stat64-20070622
<dd><pre>
Patch from Vasily (vtaras@):
[PATCH][2.6.9] simfs: add stat64 hook
Initial problem: per-user/group disk quota in VE doesn't work, if you
use 2.6.9-based kernel.
The thing is that during `vzctl start`, vzctl gives the required
permission to the appropriate device. If simfs is used, the device
should be an anon device.
But stat() system call on any simfs inode (this syscall is used by vzctl
to obtain major/minor number of device) returns major/minor of
_underlying_ device. Consequently vzctl gives the permission to
underlying device! Note, it is a potential security hole.
The patch adds hook to vfs_getstat64 and creates sim_getstat64: the same
approach as in vfs_getstat/sim_getsat.
</pre>
: {{bug|632}}
</dl>