Re: Kernel Security Updates for Sarge
- To: dann frazier <dannf@dannf.org>
- Cc: Joey Hess <joeyh@debian.org>, Martin Schulze <joey@infodrom.org>, Andres Salomon <dilinger@debian.org>, Steve Langasek <vorlon@debian.org>, Norbert Tretkowski <nobse@debian.org>, Thibaut VARENE <varenet@debian.org>, dann frazier <dannf@debian.org>, Bastian Blank <waldi@debian.org>, Rob Radez <rob@osinvestor.com>, Joshua Kwan <joshk@triplehelix.org>, Jurij Smakov <jurij@wooyd.org>, Frederik Schüler <fschueler@gmx.net>, Guido Guenther <agx@debian.org>, Karsten Merker <merker@debian.org>, Thiemo Seufer <ths@debian.org>, Sven Luther <luther@debian.org>, Kyle McMartin <kyle@debian.org>, "Christian T. Steigies" <cts@debian.org>, Ben Collins <bcollins@debian.org>, LaMont Jones <lamont@debian.org>, Bdale Garbee <bdale@debian.org>, Debian Kernel Team <debian-kernel@lists.debian.org>
- Subject: Re: Kernel Security Updates for Sarge
- From: Horms <horms@verge.net.au>
- Date: Sat, 14 May 2005 11:33:45 +0900
- Message-id: <[🔎] 20050514023343.GB15301@verge.net.au>
- Mail-followup-to: dann frazier <dannf@dannf.org>, Joey Hess <joeyh@debian.org>, Martin Schulze <joey@infodrom.org>, Andres Salomon <dilinger@debian.org>, Steve Langasek <vorlon@debian.org>, Norbert Tretkowski <nobse@debian.org>, Thibaut VARENE <varenet@debian.org>, dann frazier <dannf@debian.org>, Bastian Blank <waldi@debian.org>, Rob Radez <rob@osinvestor.com>, Joshua Kwan <joshk@triplehelix.org>, Jurij Smakov <jurij@wooyd.org>, Frederik Schüler <fschueler@gmx.net>, Guido Guenther <agx@debian.org>, Karsten Merker <merker@debian.org>, Thiemo Seufer <ths@debian.org>, Sven Luther <luther@debian.org>, Kyle McMartin <kyle@debian.org>, "Christian T. Steigies" <cts@debian.org>, Ben Collins <bcollins@debian.org>, LaMont Jones <lamont@debian.org>, Bdale Garbee <bdale@debian.org>, Debian Kernel Team <debian-kernel@lists.debian.org>
- In-reply-to: <[🔎] 1116000895.8737.40.camel@localhost>
- References: <[🔎] 20050512060848.GA12019@verge.net.au> <[🔎] 20050512145059.GA5041@kitenet.net> <[🔎] 1115918576.23048.61.camel@krebs.dannf> <[🔎] 20050513155357.GE32296@kitenet.net> <[🔎] 1116000895.8737.40.camel@localhost>
On Fri, May 13, 2005 at 10:14:55AM -0600, dann frazier wrote:
> On Fri, 2005-05-13 at 11:53 -0400, Joey Hess wrote:
> > dann frazier wrote:
> > > On Thu, 2005-05-12 at 10:50 -0400, Joey Hess wrote:
> > > > Horms wrote:
> > > > > ia64: version in Sarge: 2.6.8-12
> > > > > http://svn.debian.org/wsvn/kernel/trunk/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/changelog?op=file&rev=0&sc=0
> > > >
> > > > Will -14 will be an ABI change from -12 or not?
> > >
> > > Yes, it should.
> > >
> > > Current status
> > > --------------
> > > * Sarge has a -2 ABI for ia64.
> > > * Sid has the -3 ABI for ia64. The ABI changed due to both the
> > > disabling of PREEMPT (for a security reason) and a security abi
> > > change that occured in kernel-tree-2.6.8-14 that was reverted in -15.
> > >
> > > So, -14 should either have the -3 ABI or a -4 ABI.
> >
> > It's only the preempt change that actually changes the ABI then isn't
> > it?
>
> If we re-add CAN-2005-0449 patches that changed the ABI, then that will
> cause an ABI change as well. These patches were dropped to avoid
> changing the ABI prior to sarge, but I imagine we'll want to re-add them
> in a security update. I don't know if there are other pending
> security/ABI changes.
I am not planing to include the CAN-2005-0449 fix in the security or r1
update as I undersdand that ABI changes are highly problematic. I am
willing to be convinced otherwise.
> For ia64, two changes caused the ABI difference between sarge and sid:
>
> -2 ABI (sarge) -3 ABI (sid)
> ---------------------------------------------
> PREEMPT | on | off
> CAN-2005-0449 | no | yes
>
> --
> dann frazier <dannf@dannf.org>
>
>
> --
> To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
Horms
Reply to: