[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Kernel Security Updates for Sarge

On Fri, 2005-05-13 at 11:53 -0400, Joey Hess wrote:
> dann frazier wrote:
> > On Thu, 2005-05-12 at 10:50 -0400, Joey Hess wrote:
> > > Horms wrote:
> > > >   ia64: version in Sarge: 2.6.8-12
> > > >   http://svn.debian.org/wsvn/kernel/trunk/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/changelog?op=file&rev=0&sc=0
> > > 
> > > Will -14 will be an ABI change from -12 or not?
> > 
> > Yes, it should.
> > 
> > Current status
> > --------------
> > * Sarge has a -2 ABI for ia64.
> > * Sid has the -3 ABI for ia64.  The ABI changed due to both the
> >   disabling of PREEMPT (for a security reason) and a security abi
> >   change that occured in kernel-tree-2.6.8-14 that was reverted in -15.
> > 
> > So, -14 should either have the -3 ABI or a -4 ABI.
> 
> It's only the preempt change that actually changes the ABI then isn't
> it?

If we re-add CAN-2005-0449 patches that changed the ABI, then that will
cause an ABI change as well.  These patches were dropped to avoid
changing the ABI prior to sarge, but I imagine we'll want to re-add them
in a security update.  I don't know if there are other pending
security/ABI changes.

For ia64, two changes caused the ABI difference between sarge and sid:

                -2 ABI (sarge)   -3 ABI (sid)
---------------------------------------------
PREEMPT        |     on       |     off
CAN-2005-0449  |     no       |     yes

-- 
dann frazier <dannf@dannf.org>
Reply to: