[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: lenny updates

Ola Lundqvist wrote:

Hi Kir

Result from the import. Some comments and questions.

Building right now. Results will be available soon.

On Tue, Mar 10, 2009 at 03:17:47AM +0300, Kir Kolyshkin wrote:

Kir Kolyshkin wrote:
I am currently checking all the ~80 patches that are not in openvz lenny kernel. Looks like most are really needed. Let me suggest some in a few emails I will send as a reply to this one.
Misc patches that do not fall into one of the above categories. I am only including important stuff. 


http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=5d70bbc8780b474371b555cd6eeaaafdea82efe9
binfmt_misc: fix false -ENOEXEC when coupled with other binary handlers
A backport from mainstream patch.
Attached as 0014*


This was already in the Debian sources. No patch needed.


http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=4c9010eff11d97bf013f53601a76990b017e45b7
autofs4: pidns friendly oz_mode
Fix oz_mode detect to prevent autofs daemon hang inside CT.
Fix for OpenVZ bug #959 (http://bugzilla.openvz.org/959)
Attached as 0020*


Denial of service problem I assume.


http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=7ebcbe3c7ad977f1a9bfb03a6d7f7dca9f883b83
autofs: fix default pgrp vnr
Attached as 0021*


Security related, right?


Correct


http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=ff3483aef4dbbddf6ee5ca483555c0ef8f8a047f
Fix erratum that causes memory corruption
Attached as 0027*.


Security issue!


http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=6b9fe0296b1aa5b2e70e9ba9790e4bd9af5908c6
vzwdog: walk through the block devices list properly
A fix for kernel oops, OpenVZ bug #1064 (http://bugzilla.openvz.org/1064)
Attached as 0044*


Security issue!

http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=134416f49ad04db56afd7eb2a41ddef4f157ea6f
Correct per-process capabilities bounding set in CT
Important security fix.
Attached as 0045*


Important security issue!


http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=86d74166a99f5ece5bcd46b85cba4ebd54126685
ms: fix inotify umount
A fix for inotify vs. umount, backported from mainstream.
Attached as 0052*


Regression problem (even though it did not fully work before), right?


http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=14131d2abbd2554276fe4488e3403d4c0a747cdf
ve: sanitize capability checks for namespaces creation
Fix for OpenVZ bug #1113 (http://bugzilla.openvz.org/1113)
Attached as 0054*


Is this one important?


Yes, this is a prerequisite for the next fixes.


I see that the same problem exists in all other versions in Debian. However it should not hurt that
much to include it, right?


http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=c5c1032d4b6519d1e3a37853c5c0fd7fbd1f8798
Don't dereference NULL tsk->mm in ve_move_task
Attached as 0059*


Security issue, right?


Right.


http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=8aa704481f80e55dce430c0c01d276e8ca13018e
Fix broken permissions for Unix98 pty.
Attached as 0065*


Security issue!

http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=397500cb89baf75c8035060585c0886b3012708a
autofs4: fix ia32 compat mode
Attached as 0067*


Fix for amd64 environment.


http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=a65ea96551f370afb7174472dcd4c43b8165710c
simfs: don't work with buggy input
Attached as 0069*


Is this one important? Could be a security issue in some cases I assume, but how many filesystems
are buggy in that way? However it was an exasy fix so we should probably fix that.


At least aufs and unionfs.


http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=0328e3d32c6915650b14dd40fcd7598a420b1364
OpenVZ bug #1160 (http://bugzilla.openvz.org/1160)
Attached as 0070*


Kernel ops related to filesystem operation. That should be really important.

Best regards,

// Ola
Reply to: