[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#633561: pu: package kfreebsd-8/8.1+dfsg-8+squeeze1



tags 633561 + moreinfo squeeze
thanks

Hi,

Apologies for letting this fall between the cracks for so long.

On Mon, 2011-07-11 at 17:46 +0200, Robert Millan wrote:
> Please consider this update for kfreebsd-8 in squeeze.  It fixes a security
> bug, a kernel panic condition in if_msk driver, and disables a buggy patch
> which disabled 58 kernel modules (including many drivers for USB devices
> and a few network cards) from the build system.
> 
>   * Fix net802.11 stack kernel memory disclosure (CVE-2011-2480).
>     (Closes: #631160)
>     - 000_net80211_disclosure.diff

This looks okay, although I think you meant #631161.  Your last message
in the log there says "uploaded to unstable, but the bug is still open
with no fixed versions recorded.  Please could you clarify the status
here?

>   * Merge backported if_msk driver from 8-STABLE.  (Closes: #628954)
>     - 000_msk_backport.diff

This should be okay, assuming that the resulting driver has been tested
on Squeeze systems.  A targetted fix would be preferable, but it sounds
from the upstream report as if that's not particularly easy to
accomplish.

>   * Disable buggy 009_disable_duped_modules.diff.  It was disabling many
>     more modules than built into kernel (e.g. all USB modules).

A few queries here, I'm afraid.

- What's the effect of re-enabling the (duplicate) building of the
modules which were intended to be disabled?

- Does this affect which modules end up in the udebs?

- The changelog comment from when the patch was introduced says that it
made a ~4MB difference to the size of the image.  As that was 2007, I'm
assuming that the size difference is a fair bit larger now?

- If the impact of the patch was to disable all USB modules, why was it
not disabled sooner?

Regards,

Adam




Reply to: