kernel-image-2.4.17-ia64 (011226.18) oldstable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Security: Backport of security fixes included in kernel-source-2.4.18
    version 2.4.18-14.3 through 2.4.18-14.4.  Here's a copy of the
    changelog entries.

    * Applied patch from John Byrne <john.l.byrne@hp.com> for Linux 2.4.26
      to fix local denial of service in do_fork()
      <http://marc.theaimsgroup.com/?l=linux-kernel&m=108139073506983&w=2>
      [kernel/fork.c, CAN-2004-0427]
    * Applied patch by Marcelo Tosatti <marcelo.tosatti@cyclades.com> to fix
      potential memory access to free memory in /proc handling
      [fs/proc/base.c, CAN-2005-0489]
    * Applied patch by Marcelo Tosatti <marcelo.tosatti@cyclades.com> to fix
      a possible buffer overflow in panic() [kernel/panic.c, CAN-2004-0394]
    * Applied patch by David Mosberger <davidm@napali.hpl.hp.com> to fix
      local denial of service in combination with gdb 6.x and NPTL on IA-64
      <http://marc.theaimsgroup.com/?l=linux-ia64&m=108026377907667&w=2>
      [arch/ia64/kernel/unwind.c, CAN-2004-0447]
    * Applied patch by Alexander Nyberg and Andi/Sergey to fix local denial
      of service.  <http://linuxreviews.org/news/2004-06-11_kernel_crash/>
      [include/asm-i386/i387.h, CAN-2004-0554]
    * Applied patch by Arun Sharma <arun.sharma@intel.com> to fix register
      information leak on the IA64 architecture
      <http://lia64.bkbits.net:8080/to-linus-2.5/cset@1.1726.29.7>
      [include/asm-ia64/system.h, CAN-2004-0565]
    * Backported patch by Mark Cox to fix information leak by initialising
      allocated data structures [drivers/usb/serial/io_edgeport.c,
      drivers/sound/audio.c, CAN-2004-0685]
      <http://linux.bkbits.net:8080/linux-2.4/cset@410582380U3H9KOx8J2YZmMT0bhXQw>
    * Applied patch from Marcelo Tosatti to fix i386 SMP page fault handler
      privilege escalation [include/linux/mm.h, CAN-2005-0001]
    * Applied patch by Stefan Esser to fix missing boundary checks
      [fs/smbfs/proc.c, fs/smbfs/sock.c, CAN-2004-0883]
    * Applied patch by Stefan Esser to fix information leak
      [fs/smbfs/sock.c, CAN-2004-0949]
    * Applied patch by Herbert Xu to fix a denial of service in scm_send()
      <http://linux.bkbits.net:8080/linux-2.4/cset@41b76e94BsJKm8jhVtyDat9ZM1dXXg>,
      added patch by Marcus Meissner to fix more 64/32 bit compatibility
      code, added additional patch by Olaf Kirch and Marcus Meissner for
      type correction [arch/ia64/ia32/sys_ia32.c,
      arch/s390x/kernel/linux32.c, include/linux/socket.h, net/core/scm.c,
      net/ipv4/ip_sockglue.c, net/ipv6/datagram.c, CAN-2004-1016]
    * Applied patch by Thiemo Seufer to fix local ptrace root in the MIPS
      ptrace implementation [arch/mips/kernel/scall_o32.S,
      arch/mips/tools/offset.c, arch/mips64/kernel/scall_64.S,
      arch/mips64/kernel/scall_o32.S, CAN-2004-0997]
    * Applied patch by Marcelo Tosatti to fix integer overflow in the
      vc_resize() function [drivers/char/console.c, CAN-2004-1333]
    * Applied patch by Dave Miller to fix memory leak in ip_options_get()
      [net/ipv4/ip_options.c, CAN-2004-1335]
    * Applied patch by Greg Kroah-Hartman to fix buffer overflow and crash
      [drivers/usb/serial/io_edgeport.c, CAN-2004-1017]
    * Applied patch by Jan Harkes to fix to add bounds checking for tainted
      scalars [include/linux/coda.h, fs/coda/upcall.c, CAN-2005-0124]
    * Applied patch by Andrea Arcangeli from 2.4.24 to fix privilege
      escalation in the mremap() syscall [mm/mremap.c, CAN-2004-nnnn]
    * Applied patch by Tom Rini to fix information leak
      [drivers/char/efirtc.c, drivers/char/rtc.c, drivers/macintosh/rtc.c,
      drivers/sbus/char/rtc.c, CAN-2003-0984]
    * Applied patch by Chris Wright to fix wrong return value check while
      filling kernel buffers [fs/binfmt_elf.c, CAN-2004-1070]
    * Applied patch by Chris Wright to fix incorrect error behaviour when
      mmap() fails [fs/binfmt_elf.c, CAN-2004-1071]
    * Applied patch by Chris Wright to fix NULL termination vulnerability
      when reading an interpreter [fs/binfmt_elf.c, CAN-2004-1072]
    * Applied patch by Chris Wright to fix reading of non-readable ELF
      binaries [fs/binfmt_elf.c, CAN-2004-1073]
    * Applied patch by Chris Wright to not insert overlapping regions in
      setup_arg_pages() [fs/exec.c, associated to CAN-2004-1074]
    * Applied patch by Chris Wright to fix error handling in do_brk() when
      setting up bss in a.out [fs/binfmt_aout.c, CAN-2004-1074]
    * Applied patch by Chris Wright to denial of service in the ELF loader
      when the interpreter architecture doesn't match the current one
      <http://linux.bkbits.net:8080/linux-2.4/cset@4021346f79nBb-4X_usRikR3Iyb4Vg>
      [fs/binfmt_elf.c, CAN-2004-0138]
    * Applied patch by Dave Miller to serialize dgram read using semaphore
      [net/unix/af_unix.c, CAN-2004-1068]
    * Applied patch by Chris Wright to fix denial of service in the ELF loader
      <http://linux.bkbits.net:8080/linux-2.4/cset@4076466d_SqUm4azg4_v3FIG2-X6XQ>
      [fs/binfmt_elf.c, CAN-2004-1234]
    * Backported patch by Nanhai Zou from 2.6 to fix denial of service via
      broken executables [arch/ia64/ia32/binfmt_elf32.c,
      arch/ia64/mm/init.c, fs/exec.c, include/linux/mm.h, mm/mmap.c,
      CAN-2005-0003]
    * Backported patch by Chris Wright and Simon Heywood to fix a race
      conditions in the uselib calls for ELF and a.out formats
      [arch/mips/kernel/irixelf.c, arch/sparc64/kernel/binfmt_aout32.c,
      fs/binfmt_aout.c, fs/binfmt_elf.c, CAN-2004-1235]
    * Applied patch by Brad Spengler to fix integer overflow in the moxa
      serial driver [drivers/char/moxa.c, CAN-2005-0504]
    * Applied patch by Ben Martel and Stephen Blackheath to fix a remote
      denial of service [drivers/net/ppp_async.c, CAN-2005-0384]
    * Backported patch by Keith Owens to fix a locally induced crash on
      IA-64 machines [arch/ia64/kernel/unwind.c, CAN-2005-0135]

 -- dann frazier <dannf@debian.org>  Wed, 17 May 2006 14:21:49 -0500

kernel-image-2.4.17-ia64 (011226.17) stable-security; urgency=high
 
  * Non-maintainer upload by the Security Team
  * Apply patch for CAN-2004-0003 (potential local root exploit in r128)
  * Apply patch for CAN-2004-0010 (potential local root exploit in ncpfs)
  * Apply patch for CAN-2004-0109 (potential local root exploit in isofs)
  * Apply patch for CAN-2004-0177 (information leak in ext3)
  * Apply patch for CAN-2004-0178 (DoS in sound)
 
 -- dann frazier <dannf@debian.org>  Sun, 11 Apr 2004 13:08:18 -0600

kernel-image-2.4.17-ia64 (011226.16) stable-security; urgency=high
 
  * Non-maintainer upload by the Security Team
  * Applied patch by Andrea Arcangeli to fix a VMA limit local local privilege
    escalation vulnerability, discovered by Paul Starzetz (CAN-2004-0077)
 
 -- dann frazier <dannf@debian.org>  Mon, 16 Feb 2004 18:32:08 -0700

kernel-image-2.4.17-ia64 (011226.15) stable-security; urgency=high
 
  * Non-maintainer upload by the Security Team
  * Applied patch by Andrea Arcangeli to fix local priviledge escalation
    discovered by Paul Starzetz (CAN-2003-0985)
 
 -- Jeff Bailey <jbailey@nisa.net>  Mon,  5 Jan 2004 22:51:55 +0000

kernel-image-2.4.17-ia64 (011226.14.1) stable-security; urgency=high

  * Non-maintainer upload
  * Security: Backport of an additional zlib double free fix from
    the kernel-source-2.4.18 package.  A cut & paste of the changelog entry:
      * Fixed remaining double free in
         drivers/net/zlib.c
         fs/jffs2/zlib.c
  * Security: Backport of security fixes included in kernel-source-2.4.18
    version 2.4.18-6 through 2.4.18-14.  These patches include the ptrace
    and do_brk patches from the previous release.  Here's a copy of the
    changelog entries.
  
      * Added TASK_SIZE check to do_brk in mm/mmap.c.
      * Fixed steal_locks race introduced in 2.4.18-10:
        . fs/binfmt_elf.c
        . fs/exec.c
      * Fixed is_dumpable crash in include/linux/sched.h.
        This was introduced back in 2.4.18-7 but was exacerbated by 2.4.18-10.
      * Fixed signed comparison in fs/nfsd/nfs3xdr.c (2.4.21).
      * Made /proc/tty/driver root-only (CAN-2003-0461):
        . include/linux/proc_fs.h
        . fs/proc/generic.c
        . fs/proc/proc_tty.c
      * Fixed exec file handling semantics (CAN-2003-0462, CAN-2003-0476):
        . fs/binfmt_elf.c
        . fs/exec.c
        . fs/locks.c
        . include/linux/fs.h
        . kernel/fork.c
      * Fixed unchecked copy_to_user in fs/proc/proc_misc.c.
      * Fixed ptrace/proc bug in fs/proc/base.c (CAN-2003-0501).
      * Fixed bridging security issues (CAN-2003-055[012]):
        . net/bridge/br_fdb.c
        . net/bridge/br_if.c
        . net/bridge/br_input.c
        . net/bridge/br_private.h
        . net/bridge/br_stp_bpdu.c
      * Fixed boundary check in net/core/filter.c (Patrick McHardy).
      * Disabled O_DIRECT (CAN-2003-0018):
        . fs/fcntl.c
        . fs/open.c
      * Fixed user space copying bugs in drivers/sound/cmpci.c (bk).
      * Fixed mxcsr security hole in arch/i386/kernel/i387.c (2.5.70).
      * Fixed TIOCCONS and writing to /dev/console (2.4.21rc7):
        . drivers/char/tty_io.c
        . include/linux/tty.h
      * Fixed hashing exploits in fragment processing (2.4.21rc7).
      * Included linux/compiler.h in include/linux/kernel.h.
      * Fixed TSS I/O bitmap initialisation in arch/i386/kernel/ioport.c.
      * Fixed hashing exploits in network stack (David S. Miller).
      * Fixed ethernet packet padding information leak (2.4ac, see #176178):
        . 3c501
        . 3c505
        . 3c507
        . 3c523
        . 3c527
        . 7990
        . 8139too
        . 82596
        . 8390
        . a2065
        . am79c961a
        . ariadne
        . at1700
        . atarilance
        . atp
        . bagetlance
        . de600
        . de620
        . declance
        . depca
        . eepro
        . eexpress
        . epic100
        . eth16i
        . fmv18x
        . hp100
        . lance
        . lasi_82596
        . lp486e
        . ni5010
        . ni52
        . ni65
        . axnet_cs
        . fmvj18x_cs
        . ray_cs
        . xirc2ps_cs
        . xircom_tulip_cb
        . seeq8005
        . sgiseeq
        . sk_g16
        . smc9194
        . sun3_82586
        . sun3lance
        . via-rhine
        . wavelan
        . yellowfin
        . znet
      * Fixed ptrace security hole (see #185375).
      * Fixed i386 lcall DoS (Petr Vandrovec).
  
 -- dann frazier <dannf@dannf.org>  Sat,  6 Dec 2003 02:59:22 -0700

kernel-image-2.4.17-ia64 (011226.14) stable-security; urgency=high

  * include ptrace security patch
  * include do_brk security patch

 -- dann frazier <dannf@dannf.org>  Sun, 30 Nov 2003 14:21:28 -0700

kernel-image-2.4.17-ia64 (011226.13) unstable; urgency=low

  * turn off CONFIG_SERIAL_ACPI_CONSOLE_DETECT in mckinley* configs

 -- Bdale Garbee <bdale@gag.com>  Tue,  2 Apr 2002 11:58:23 -0700

kernel-image-2.4.17-ia64 (011226.12) unstable; urgency=low

  * small patch to fix a problem with GUID byte order in /proc/efi/vars

 -- Bdale Garbee <bdale@gag.com>  Tue,  2 Apr 2002 08:19:27 -0700

kernel-image-2.4.17-ia64 (011226.11) unstable; urgency=low

  * new ZX1 enablement patch set from HP LSO
  * add GPT fixup patch from Matt Domsch via Richard Hirst
  * add patch for access to last sector on odd-sector-count disks, so parted
    can support GPT on those disks too
  * add patch from Herbert Xu for zlib double free problem
  * config file tweaks

 -- Bdale Garbee <bdale@gag.com>  Mon,  1 Apr 2002 20:40:56 -0700

kernel-image-2.4.17-ia64 (011226.10) unstable; urgency=low

  * patch to disable interrupts on HP proto GSP cards to solve console hangs

 -- Bdale Garbee <bdale@gag.com>  Thu, 28 Feb 2002 21:30:00 -0700

kernel-image-2.4.17-ia64 (011226.9) unstable; urgency=low

  * add e1000 driver, now that it's GPL'ed!

 -- Bdale Garbee <bdale@gag.com>  Mon, 25 Feb 2002 21:20:22 -0700

kernel-image-2.4.17-ia64 (011226.8) unstable; urgency=low

  * freshen bcm patch to -3 version from ggg, fix MCA on ifconfig down
  * new patch set from HP LSO, fixes a problem with /dev/ttyS5 

 -- Bdale Garbee <bdale@gag.com>  Mon, 25 Feb 2002 15:13:12 -0700

kernel-image-2.4.17-ia64 (011226.7) unstable; urgency=low

  * fresh patch set from HP LSO
  * enable CONFIG_SERIAL_ACPI_CONSOLE_DETECT in mckinley configs
  * change ext3 from a module to kernel-resident
  * change broadcom driver from module to kernel-resident

 -- Bdale Garbee <bdale@gag.com>  Sun, 24 Feb 2002 00:17:30 -0700

kernel-image-2.4.17-ia64 (011226.6) unstable; urgency=low

  * lose radeonfb from kernel configs, it has pointer vs int problems
  * lose mga drm module since it's crashing when autoloaded by X
  * change lsi1030 from module to kernel resident

 -- Bdale Garbee <bdale@gag.com>  Wed, 20 Feb 2002 22:48:32 -0700

kernel-image-2.4.17-ia64 (011226.5) unstable; urgency=low

  * newer broadcom patch
  * increase CONFIG_SCSI_NCR53C8XX_SYNC from 20 to 80
  * restructure source package for neatness

 -- Bdale Garbee <bdale@gag.com>  Thu, 14 Feb 2002 02:49:24 -0700

kernel-image-2.4.17-ia64 (011226.4) unstable; urgency=low

  * updated patch for hplso.
  * added eepro100 RxHang patch.
  * added mpt-2.00.08-2.4.17.diff
  * removed patch.vmlinux.lds.S, patch.up, patch.ipv6, patch.strpbrk,
    patch.cache_wback, included in hplso patch

 -- Richard Hirst <rhirst@linuxcare.com>  Mon, 11 Feb 2002 15:25:53 +0000

kernel-image-2.4.17-ia64 (011226.3.1) unstable; urgency=low

  * add patch for access to last sector on odd-sector-count disks, so parted
    can support GPT on those disks too
  * add patch from Herbert Xu for zlib double free problem

 -- Bdale Garbee <bdale@gag.com>  Thu, 14 Mar 2002 12:14:36 -0700

kernel-image-2.4.17-ia64 (011226.3) unstable; urgency=low

  * updated patch for vmlinux.lds.S so we can use current binutils,
    closes: #128529, #128631
  * add patch to enable DVD+RW support for HP dvd100i and equivalent drives
    from http://fy.chalmers.se/~appro/linux/DVD+RW/

 -- Bdale Garbee <bdale@gag.com>  Wed, 30 Jan 2002 00:15:56 -0700

kernel-image-2.4.17-ia64 (011226.2) unstable; urgency=low

  * update kernel configs to set CONFIG_PACKET back to y instead of m 

 -- Bdale Garbee <bdale@gag.com>  Thu, 17 Jan 2002 21:51:49 -0700

kernel-image-2.4.17-ia64 (011226.1) unstable; urgency=low

  * updated kernel configs to build more things as modules, along with a
    pair of small patches required to support the config changes

 -- Bdale Garbee <bdale@gag.com>  Wed, 16 Jan 2002 20:44:45 -0700

kernel-image-2.4.17-ia64 (011226.0) unstable; urgency=low

  * initial release of kernel image packages based on 2.4.17
  * build-depend on older binutils that is known to work until we can figure
    out what the problem with latest binutils is (eeeewwwwww...)
  * include HP patches for McKinley system enablement
  * include Broadcom NetXtreme BCM5700 Gigabit Ethernet driver
  * enable FireWire drivers in arch/ia64/config.in
  * update config files to enable more drivers, most built as modules

 -- Bdale Garbee <bdale@gag.com>  Thu, 10 Jan 2002 01:29:23 -0700

