Re: Kernel Security Updates for Sarge
- To: Joey Hess <joeyh@debian.org>
- Cc: Martin Schulze <joey@infodrom.org>, Andres Salomon <dilinger@debian.org>, Steve Langasek <vorlon@debian.org>, Norbert Tretkowski <nobse@debian.org>, Thibaut VARENE <varenet@debian.org>, dann frazier <dannf@debian.org>, Bastian Blank <waldi@debian.org>, Rob Radez <rob@osinvestor.com>, Joshua Kwan <joshk@triplehelix.org>, Jurij Smakov <jurij@wooyd.org>, Frederik Schüler <fschueler@gmx.net>, Guido Guenther <agx@debian.org>, Karsten Merker <merker@debian.org>, Thiemo Seufer <ths@debian.org>, Sven Luther <luther@debian.org>, Kyle McMartin <kyle@debian.org>, "Christian T. Steigies" <cts@debian.org>, Ben Collins <bcollins@debian.org>, LaMont Jones <lamont@debian.org>, Bdale Garbee <bdale@debian.org>, Debian Kernel Team <debian-kernel@lists.debian.org>
- Subject: Re: Kernel Security Updates for Sarge
- From: dann frazier <dannf@dannf.org>
- Date: Fri, 13 May 2005 10:14:55 -0600
- Message-id: <[🔎] 1116000895.8737.40.camel@localhost>
- In-reply-to: <[🔎] 20050513155357.GE32296@kitenet.net>
- References: <[🔎] 20050512060848.GA12019@verge.net.au> <[🔎] 20050512145059.GA5041@kitenet.net> <[🔎] 1115918576.23048.61.camel@krebs.dannf> <[🔎] 20050513155357.GE32296@kitenet.net>
On Fri, 2005-05-13 at 11:53 -0400, Joey Hess wrote:
> dann frazier wrote:
> > On Thu, 2005-05-12 at 10:50 -0400, Joey Hess wrote:
> > > Horms wrote:
> > > > ia64: version in Sarge: 2.6.8-12
> > > > http://svn.debian.org/wsvn/kernel/trunk/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/changelog?op=file&rev=0&sc=0
> > >
> > > Will -14 will be an ABI change from -12 or not?
> >
> > Yes, it should.
> >
> > Current status
> > --------------
> > * Sarge has a -2 ABI for ia64.
> > * Sid has the -3 ABI for ia64. The ABI changed due to both the
> > disabling of PREEMPT (for a security reason) and a security abi
> > change that occured in kernel-tree-2.6.8-14 that was reverted in -15.
> >
> > So, -14 should either have the -3 ABI or a -4 ABI.
>
> It's only the preempt change that actually changes the ABI then isn't
> it?
If we re-add CAN-2005-0449 patches that changed the ABI, then that will
cause an ABI change as well. These patches were dropped to avoid
changing the ABI prior to sarge, but I imagine we'll want to re-add them
in a security update. I don't know if there are other pending
security/ABI changes.
For ia64, two changes caused the ABI difference between sarge and sid:
-2 ABI (sarge) -3 ABI (sid)
---------------------------------------------
PREEMPT | on | off
CAN-2005-0449 | no | yes
--
dann frazier <dannf@dannf.org>
Reply to: