subject:"\[patch 00\/18\] 2.6.18\-stable review"

Re: [patch 00/18] 2.6.18-stable review

2007-03-05 Thread S.Çağlar Onur

05 Mar 2007 Pts tarihinde, Greg KH şunları yazmıştı: 
> > So maybe 2.6.18 deserves another stable release :) ?
>
> Why?  Does anyone really use it now that 2.6.19 and 2.6.20 is out?
>
> I don't want to do a new release as we need to catch up on the 2.6.20
> issues...
>
> And also remember, the point of the -stable tree was that we would drop
> older releases after the next release came out.

I know, i just referred your "Barring anything extremely serious, this will be 
the last 2.6.18 based release." sentence from last stable release 
announcement and some security regressions seems something to me and just 
want to ping :) and of course i clearly understand your point of -stable tree 
maintanence with much more up2date kernel and drop olders view.

Cheers
-- 
S.Çağlar Onur <[EMAIL PROTECTED]>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!


pgpo4rfeG7awS.pgp
Description: PGP signature

Re: [patch 00/18] 2.6.18-stable review

2007-03-05 Thread Greg KH

On Mon, Mar 05, 2007 at 03:44:22PM +0200, S.??a??lar Onur wrote:
> 26 ??ub 2007 Pts tarihinde, Adrian Bunk ??unlar?? yazmt??: 
> > On Wed, Feb 21, 2007 at 01:55:04PM +0200, S.??a??lar Onur wrote:
> > > 21 ??ub 2007 ??ar tarihinde, Greg KH ??unlar?? yazmt??:
> > > > Responses should be made by Friday February 23 00:00 UTC.  Anything
> > > > received after that time might be too late.
> > >
> > > We have still some CVEish patches in our package which maybe you want to
> > > consider adding into -stable.
> >
> > Below, I'll only look at the 2.6.18, 2.6.19 and 2.6.20 kernels.
> >
> > > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814
> >
> > fixed in:
> > - 2.6.18.8
> > - 2.6.19.2
> > - 2.6.20
> >
> > > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5749
> >
> > fixed in:
> > - 2.6.20 (commit dab6df63086762629936e8b89a5984bae39724f6)
> >
> > missing in:
> > - 2.6.18
> > - 2.6.19
> >
> > > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5753
> >
> > fixed in:
> > - 2.6.20 (commit be6aab0e9fa6d3c6d75aa1e38ac972d8b4ee82b8)
> >
> > missing in:
> > - 2.6.18
> > - 2.6.19
> >
> > > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5823
> >
> > fixed in:
> > - 2.6.19.2
> > - 2.6.20
> >
> > missing in:
> > - 2.6.18
> >
> > > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6053
> >
> > fixed in:
> > - 2.6.19.2
> > - 2.6.20
> >
> > missing in:
> > - 2.6.18
> >
> > > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6054
> >
> > fixed in:
> > - 2.6.19.2
> > - 2.6.20
> >
> > missing in:
> > - 2.6.18
> >
> > > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6333
> >
> > fixed in:
> > - 2.6.19.1
> > - 2.6.20
> >
> > problem not present in:
> > - 2.6.18
> >
> > > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0006
> >
> > fixed in:
> > - 2.6.19.5
> >
> > missing in:
> > - 2.6.18
> > - 2.6.20
> 
> So maybe 2.6.18 deserves another stable release :) ?

Why?  Does anyone really use it now that 2.6.19 and 2.6.20 is out?

I don't want to do a new release as we need to catch up on the 2.6.20
issues...

And also remember, the point of the -stable tree was that we would drop
older releases after the next release came out.

thanks,

greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [patch 00/18] 2.6.18-stable review

2007-03-05 Thread S.Çağlar Onur

26 Şub 2007 Pts tarihinde, Adrian Bunk şunları yazmıştı: 
> On Wed, Feb 21, 2007 at 01:55:04PM +0200, S.Çağlar Onur wrote:
> > 21 Şub 2007 Çar tarihinde, Greg KH şunları yazmıştı:
> > > Responses should be made by Friday February 23 00:00 UTC.  Anything
> > > received after that time might be too late.
> >
> > We have still some CVEish patches in our package which maybe you want to
> > consider adding into -stable.
>
> Below, I'll only look at the 2.6.18, 2.6.19 and 2.6.20 kernels.
>
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814
>
> fixed in:
> - 2.6.18.8
> - 2.6.19.2
> - 2.6.20
>
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5749
>
> fixed in:
> - 2.6.20 (commit dab6df63086762629936e8b89a5984bae39724f6)
>
> missing in:
> - 2.6.18
> - 2.6.19
>
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5753
>
> fixed in:
> - 2.6.20 (commit be6aab0e9fa6d3c6d75aa1e38ac972d8b4ee82b8)
>
> missing in:
> - 2.6.18
> - 2.6.19
>
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5823
>
> fixed in:
> - 2.6.19.2
> - 2.6.20
>
> missing in:
> - 2.6.18
>
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6053
>
> fixed in:
> - 2.6.19.2
> - 2.6.20
>
> missing in:
> - 2.6.18
>
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6054
>
> fixed in:
> - 2.6.19.2
> - 2.6.20
>
> missing in:
> - 2.6.18
>
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6333
>
> fixed in:
> - 2.6.19.1
> - 2.6.20
>
> problem not present in:
> - 2.6.18
>
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0006
>
> fixed in:
> - 2.6.19.5
>
> missing in:
> - 2.6.18
> - 2.6.20

So maybe 2.6.18 deserves another stable release :) ?


-- 
S.Çağlar Onur <[EMAIL PROTECTED]>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!


pgp8tGly8U4oD.pgp
Description: PGP signature

Re: [patch 00/18] 2.6.18-stable review

2007-02-25 Thread Adrian Bunk

On Wed, Feb 21, 2007 at 01:55:04PM +0200, S.Çağlar Onur wrote:
> 21 Şub 2007 Çar tarihinde, Greg KH şunları yazmıştı: 
> > Responses should be made by Friday February 23 00:00 UTC.  Anything
> > received after that time might be too late.
> 
> We have still some CVEish patches in our package which maybe you want to 
> consider adding into -stable.

Below, I'll only look at the 2.6.18, 2.6.19 and 2.6.20 kernels.

> * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814

fixed in:
- 2.6.18.8
- 2.6.19.2
- 2.6.20

> * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5749

fixed in:
- 2.6.20 (commit dab6df63086762629936e8b89a5984bae39724f6)

missing in:
- 2.6.18
- 2.6.19

> * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5753

fixed in:
- 2.6.20 (commit be6aab0e9fa6d3c6d75aa1e38ac972d8b4ee82b8)

missing in:
- 2.6.18
- 2.6.19

> * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5823

fixed in:
- 2.6.19.2
- 2.6.20

missing in:
- 2.6.18

> * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6053

fixed in:
- 2.6.19.2
- 2.6.20

missing in:
- 2.6.18

> * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6054

fixed in:
- 2.6.19.2
- 2.6.20

missing in:
- 2.6.18

> * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6333

fixed in:
- 2.6.19.1
- 2.6.20

problem not present in:
- 2.6.18

> * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0006

fixed in:
- 2.6.19.5

missing in:
- 2.6.18
- 2.6.20

> Cheers

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [stable] [patch 00/18] 2.6.18-stable review

2007-02-25 Thread Adrian Bunk

On Wed, Feb 21, 2007 at 09:34:45AM -0800, Greg KH wrote:
> On Wed, Feb 21, 2007 at 01:55:04PM +0200, S.??a??lar Onur wrote:
> > 21 ??ub 2007 ??ar tarihinde, Greg KH ??unlar?? yazmt??: 
> > > Responses should be made by Friday February 23 00:00 UTC.  Anything
> > > received after that time might be too late.
> > 
> > We have still some CVEish patches in our package which maybe you want to 
> > consider adding into -stable.
> > 
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5749
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5753
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5823
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6053
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6054
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6333
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0006
> 
> Do you have a pointer to the patches for these fixes anywhere?
> 
> And are you sure they are all for 2.6.18?  The first one above is for
> the 2.4 kernel tree :)

Fixed in 2.6.19.2 and 2.6.18.8 (the latter contains a
Signed-off-by: Greg Kroah-Hartman <[EMAIL PROTECTED]>  ;-) ).

> thanks,
> 
> greg k-h

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [stable] [patch 00/18] 2.6.18-stable review

2007-02-23 Thread Hugh Dickins

On Fri, 23 Feb 2007, Chris Wright wrote:
> * Hugh Dickins ([EMAIL PROTECTED]) wrote:
> > 
> > There's two from 2.6.19-stable that I thought Chris had agreed
> > for 2.6.18-stable (Linus' mincore and my read_zero_pagealigned);
> > two that I sent Chris cc stable for 2.6.18-stable on 4th January
> > (msync and powerpc current); one I know about from 2.6.19-stable
> > equally desirable in 2.6.18-stable (Badari's shmem_truncate); and
> > a new one I was waiting to appear in 2.6.21-rc1 before sending
> > (Tigran's extN noacl umask).
> 
> Yes, you're right.  I've got the first five here, will get those
> sorted shortly.

Okay, thanks a lot Chris, I'll minimize the noise and stick to
just sending the .18 .19 .20 versions of the last one (umask).

Hugh
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [stable] [patch 00/18] 2.6.18-stable review

2007-02-23 Thread Chris Wright

* Hugh Dickins ([EMAIL PROTECTED]) wrote:
> On Tue, 20 Feb 2007, Greg KH wrote:
> > This is the start of the stable review cycle for the 2.6.18.8 release.
> > 
> > This will be the last release of the 2.6.18-stable series, so if there
> > are patches that you feel should be applied to that tree, please let me
> > know.
> > 
> > Responses should be made by Friday February 23 00:00 UTC.  Anything
> > received after that time might be too late.
> 
> Sorry I'm late to the party, just climbed through 2000 mails.
> 
> I do hope you'll manage an -rc2,
> I seem not the only one to notice wanted patches missing.
> 
> There's two from 2.6.19-stable that I thought Chris had agreed
> for 2.6.18-stable (Linus' mincore and my read_zero_pagealigned);
> two that I sent Chris cc stable for 2.6.18-stable on 4th January
> (msync and powerpc current); one I know about from 2.6.19-stable
> equally desirable in 2.6.18-stable (Badari's shmem_truncate); and
> a new one I was waiting to appear in 2.6.21-rc1 before sending
> (Tigran's extN noacl umask).

Yes, you're right.  I've got the first five here, will get those
sorted shortly.

thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [patch 00/18] 2.6.18-stable review

2007-02-23 Thread Hugh Dickins

On Tue, 20 Feb 2007, Greg KH wrote:
> This is the start of the stable review cycle for the 2.6.18.8 release.
> 
> This will be the last release of the 2.6.18-stable series, so if there
> are patches that you feel should be applied to that tree, please let me
> know.
> 
> Responses should be made by Friday February 23 00:00 UTC.  Anything
> received after that time might be too late.

Sorry I'm late to the party, just climbed through 2000 mails.

I do hope you'll manage an -rc2,
I seem not the only one to notice wanted patches missing.

There's two from 2.6.19-stable that I thought Chris had agreed
for 2.6.18-stable (Linus' mincore and my read_zero_pagealigned);
two that I sent Chris cc stable for 2.6.18-stable on 4th January
(msync and powerpc current); one I know about from 2.6.19-stable
equally desirable in 2.6.18-stable (Badari's shmem_truncate); and
a new one I was waiting to appear in 2.6.21-rc1 before sending
(Tigran's extN noacl umask).

I'm reassembling the six patches against 2.6.18.8-rc1 for these
now (plus a 2.6.19-stable and a 2.6.20-stable for the latter),
will send them to Greg cc stable shortly.

I wonder whether Chris has a tree somewhere, or a mailbox,
containing further goodies which have been missed.

Hugh
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [stable] [patch 00/18] 2.6.18-stable review

2007-02-21 Thread Willy Tarreau

Hi Greg,

On Wed, Feb 21, 2007 at 09:34:45AM -0800, Greg KH wrote:
> On Wed, Feb 21, 2007 at 01:55:04PM +0200, S.??a??lar Onur wrote:
> > 21 ??ub 2007 ??ar tarihinde, Greg KH ??unlar?? yazmt??: 
> > > Responses should be made by Friday February 23 00:00 UTC.  Anything
> > > received after that time might be too late.
> > 
> > We have still some CVEish patches in our package which maybe you want to 
> > consider adding into -stable.
> > 
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5749
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5753
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5823
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6053
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6054
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6333
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0006
> 
> Do you have a pointer to the patches for these fixes anywhere?
> 
> And are you sure they are all for 2.6.18?  The first one above is for
> the 2.4 kernel tree :)

No, in fact the CVE description is not precise enough. Maybe we should
propose an update to Steven, I don't know how CVE descriptions are
supposed to evolve.

The patch merged in 2.4 was a backport by Hugh Dickins of Linus' 2.6 patch,
which itself was composed of three successive fixes :

  2f77d107050abc14bc393b34bdb7b91cf670c250
  4fb23e439ce09157d64b89a21061b9fc08f2b495
  825020c3866e7312947e17a0caa9dd1a5622bafc

I attach all of them to this mail for your convenience. I noticed that
Linus recently applied other changes to mincore, though I'm not sure
they are security-related.

Hoping this helps,
Willy

>From 2f77d107050abc14bc393b34bdb7b91cf670c250 Mon Sep 17 00:00:00 2001
From: Linus Torvalds <[EMAIL PROTECTED]>
Date: Sat, 16 Dec 2006 09:44:32 -0800
Subject: Fix incorrect user space access locking in mincore()

Doug Chapman noticed that mincore() will doa "copy_to_user()" of the
result while holding the mmap semaphore for reading, which is a big
no-no.  While a recursive read-lock on a semaphore in the case of a page
fault happens to work, we don't actually allow them due to deadlock
schenarios with writers due to fairness issues.

Doug and Marcel sent in a patch to fix it, but I decided to just rewrite
the mess instead - not just fixing the locking problem, but making the
code smaller and (imho) much easier to understand.

Cc: Doug Chapman <[EMAIL PROTECTED]>
Cc: Marcel Holtmann <[EMAIL PROTECTED]>
Cc: Hugh Dickins <[EMAIL PROTECTED]>
Cc: Andrew Morton <[EMAIL PROTECTED]>
Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
---
 mm/mincore.c |  190 ++
 1 files changed, 86 insertions(+), 104 deletions(-)

diff --git a/mm/mincore.c b/mm/mincore.c
index 7289078..b44d7f8 100644
--- a/mm/mincore.c
+++ b/mm/mincore.c
@@ -1,7 +1,7 @@
 /*
  * linux/mm/mincore.c
  *
- * Copyright (C) 1994-1999  Linus Torvalds
+ * Copyright (C) 1994-2006  Linus Torvalds
  */
 
 /*
@@ -38,46 +38,60 @@ static unsigned char mincore_page(struct
return present;
 }
 
-static long mincore_vma(struct vm_area_struct * vma,
-   unsigned long start, unsigned long end, unsigned char __user * vec)
+/*
+ * Do a chunk of "sys_mincore()". We've already checked
+ * all the arguments, we hold the mmap semaphore: we should
+ * just return the amount of info we're asked for.
+ */
+static long do_mincore(unsigned long addr, unsigned char *vec, unsigned long 
pages)
 {
-   long error, i, remaining;
-   unsigned char * tmp;
+   unsigned long i, nr, pgoff;
+   struct vm_area_struct *vma = find_vma(current->mm, addr);
 
-   error = -ENOMEM;
-   if (!vma->vm_file)
-   return error;
-
-   start = ((start - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff;
-   if (end > vma->vm_end)
-   end = vma->vm_end;
-   end = ((end - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff;
+   /*
+* find_vma() didn't find anything: the address
+* is above everything we have mapped.
+*/
+   if (!vma) {
+   memset(vec, 0, pages);
+   return pages;
+   }
 
-   error = -EAGAIN;
-   tmp = (unsigned char *) __get_free_page(GFP_KERNEL);
-   if (!tmp)
-   return error;
+   /*
+* find_vma() found something, but we might be
+* below it: check for that.
+*/
+   if (addr < vma->vm_start) {
+   unsigned long gap = (vma->vm_start - addr) >> PAGE_SHIFT;
+   if (gap > pages)
+   gap = pages;
+   memset(vec, 0, gap);
+   return gap;
+   }
 
-   /* (end - start) is # of pages, and also # of bytes in "vec */
-   remaining = (end - start),
+   /*
+* Ok, got it. But check whether it's a segment we support
+* mincore() on. Right now, we don'

Re: [stable] [patch 00/18] 2.6.18-stable review

2007-02-21 Thread Ismail Dönmez

On Wednesday 21 February 2007 19:34:45 Greg KH wrote:
> On Wed, Feb 21, 2007 at 01:55:04PM +0200, S.??a??lar Onur wrote:
> > 21 ??ub 2007 ??ar tarihinde, Greg KH ??unlar?? yazmt??:
> > > Responses should be made by Friday February 23 00:00 UTC.  Anything
> > > received after that time might be too late.
> >
> > We have still some CVEish patches in our package which maybe you want to
> > consider adding into -stable.
> >
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5749
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5753
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5823
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6053
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6054
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6333
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0006
>
> Do you have a pointer to the patches for these fixes anywhere?
>
> And are you sure they are all for 2.6.18?  The first one above is for
> the 2.4 kernel tree :)

Yep and Mandriva fixed that in their kernel release which is 2.6.x, I mailed 
[EMAIL PROTECTED] about it some time ago, but got no response so far.

Regards,
ismail

-- 
FFmpeg doxy @ http://cekirdek.pardus.org.tr/~ismail/ffmpeg-docs
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [stable] [patch 00/18] 2.6.18-stable review

2007-02-21 Thread S.Çağlar Onur

Hi;

21 Şub 2007 Çar tarihinde, Greg KH şunları yazmıştı: 
> On Wed, Feb 21, 2007 at 01:55:04PM +0200, S.??a??lar Onur wrote:
> > 21 ??ub 2007 ??ar tarihinde, Greg KH ??unlar?? yazmt??:
> > > Responses should be made by Friday February 23 00:00 UTC.  Anything
> > > received after that time might be too late.
> >
> > We have still some CVEish patches in our package which maybe you want to
> > consider adding into -stable.
> >
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5749
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5753
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5823
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6053
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6054
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6333
> > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0006
>
> Do you have a pointer to the patches for these fixes anywhere?

http://svn.pardus.org.tr/pardus/2007/kernel/kernel/files/CVE/ has all of them 
as you can see some of them backports grabbed from newer kernels/git trees

> And are you sure they are all for 2.6.18?  The first one above is for
> the 2.4 kernel tree :)

Yep, but that one still clearly applies on top of 2.6.18.7. I'm not sure they 
have _valid cases_, i'm simply following the CVE announcements :)

Cheers
-- 
S.Çağlar Onur <[EMAIL PROTECTED]>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!


pgpjmxgJMbagi.pgp
Description: PGP signature

Re: [stable] [patch 00/18] 2.6.18-stable review

2007-02-21 Thread Greg KH

On Wed, Feb 21, 2007 at 01:55:04PM +0200, S.??a??lar Onur wrote:
> 21 ??ub 2007 ??ar tarihinde, Greg KH ??unlar?? yazmt??: 
> > Responses should be made by Friday February 23 00:00 UTC.  Anything
> > received after that time might be too late.
> 
> We have still some CVEish patches in our package which maybe you want to 
> consider adding into -stable.
> 
> * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814
> * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5749
> * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5753
> * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5823
> * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6053
> * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6054
> * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6333
> * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0006

Do you have a pointer to the patches for these fixes anywhere?

And are you sure they are all for 2.6.18?  The first one above is for
the 2.4 kernel tree :)

thanks,

greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [patch 00/18] 2.6.18-stable review

2007-02-21 Thread S.Çağlar Onur

21 Şub 2007 Çar tarihinde, Greg KH şunları yazmıştı: 
> Responses should be made by Friday February 23 00:00 UTC.  Anything
> received after that time might be too late.

We have still some CVEish patches in our package which maybe you want to 
consider adding into -stable.

* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5749
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5753
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5823
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6053
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6054
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6333
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0006

Cheers
-- 
S.Çağlar Onur <[EMAIL PROTECTED]>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!


pgpeWPz6bwE2v.pgp
Description: PGP signature

[patch 00/18] 2.6.18-stable review

2007-02-20 Thread Greg KH

This is the start of the stable review cycle for the 2.6.18.8 release.

This will be the last release of the 2.6.18-stable series, so if there
are patches that you feel should be applied to that tree, please let me
know.

There are 18 patches in this series, all will be posted as a response to
this one.  If anyone has any issues with these being applied, please let
us know.  If anyone is a maintainer of the proper subsystem, and wants
to add a Signed-off-by: line to the patch, please respond with it.

These patches are sent out with a number of different people on the Cc:
line.  If you wish to be a reviewer, please email [EMAIL PROTECTED] to
add your name to the list.  If you want to be off the reviewer list,
also email us.

Responses should be made by Friday February 23 00:00 UTC.  Anything
received after that time might be too late.

The whole patch set can be downloaded at:
kernel.org/pub/linux/kernel/v2.6/testing/patch-2.6.18.8-rc1.gz

thanks,

the -stable release team
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [patch 00/18] 2.6.18-stable review

Re: [patch 00/18] 2.6.18-stable review

Re: [patch 00/18] 2.6.18-stable review

Re: [patch 00/18] 2.6.18-stable review

Re: [stable] [patch 00/18] 2.6.18-stable review

Re: [stable] [patch 00/18] 2.6.18-stable review

Re: [stable] [patch 00/18] 2.6.18-stable review

Re: [patch 00/18] 2.6.18-stable review

Re: [stable] [patch 00/18] 2.6.18-stable review

Re: [stable] [patch 00/18] 2.6.18-stable review

Re: [stable] [patch 00/18] 2.6.18-stable review

Re: [stable] [patch 00/18] 2.6.18-stable review

Re: [patch 00/18] 2.6.18-stable review

[patch 00/18] 2.6.18-stable review

14 matches

Site Navigation

Mail list logo

Footer information