lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090726144152.GA2844@hera.kernel.org>
Date:	Sun, 26 Jul 2009 14:41:52 +0000
From:	Willy Tarreau <wtarreau@...a.kernel.org>
To:	linux-kernel@...r.kernel.org
Subject: Linux 2.4.37.4


I've just released Linux 2.4.37.4.

It fixes a build error that my last fix to memcmp has introduced
on some archs such as MIPS. It also removes annoying warnings that
were emitted when building with CONFIG_MODVERSIONS=y. This time I
have built for i386, x86_64 and alpha, so we should be fine.

Another relevant fix is related to the personality issue recently
discovered by Julien Tinnes and Tavis Ormandy and fixed in kernel
2.6. While performing deeper checks on 2.4 with Solar Designer, we
found that some archs such as x86_64 are similarly affected while
others like i386 and alpha are not. I would appreciate it if arch
maintainers and/or people well aware of the personality uses could
help us figuring out how this is *supposed* to work and fix the
affected code path. Right now we have applied a common preventive
fix which protects against initial NULL mapping when mmap_min_addr
is correctly set. This should be enough even on untested architectures,
but that's not a reason for not fixing them.

The rest is minor ; fix for some failures to correctly detect some USB
flash drives, and proper MTU checks on tulip to fix VLAN support (tested
and works).

The patch and changelog will appear soon at the following locations:
  ftp://ftp.kernel.org/pub/linux/kernel/v2.4/
  ftp://ftp.kernel.org/pub/linux/kernel/v2.4/patch-2.4.37.4.bz2
  ftp://ftp.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.4

Git repository:
   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.4.37.y.git
  http://www.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.4.37.y.git

Git repository through the gitweb interface:
  http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git

Note for those who have already upgraded to 2.4.37.3 : the security fix
is not *that* serious, as it protects against faulty setuid programs. If
you don't have any issues with 2.4.37.3, there's no emergency to upgrade.

Willy

--
Summary of changes from v2.4.37.3 to v2.4.37.4
============================================

Tomasz Lemiech (1):
      tulip: Fix for MTU problems with 802.1q tagged frames

Willy Tarreau (6):
      lib: memcmp must be exported without module versioning
      lib: fix again memcmp export issues in the arch ksyms only
      usb-storage: fix "READ CAPACITY failed" errors with USB flash drives
      md/raid5: silent out the "switching cache buffer size" messages
      personality: clear MMAP_PAGE_ZERO on exec if mmap_min_addr is set
      Change VERSION to 2.4.37.4

Zhang Rui (1):
      kernel/resource.c: fix sign extension in reserve_setup()

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ