lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1373978601.2537.8.camel@deadeye.wl.decadent.org.uk>
Date:	Tue, 16 Jul 2013 13:43:21 +0100
From:	Ben Hutchings <ben@...adent.org.uk>
To:	Jiri Kosina <jkosina@...e.cz>
Cc:	James Bottomley <James.Bottomley@...senPartnership.com>,
	Greg KH <greg@...ah.com>,
	ksummit-2013-discuss@...ts.linuxfoundation.org,
	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [Ksummit-2013-discuss] KS Topic request: Handling the Stable
 kernel, let's dump the cc: stable tag

On Tue, 2013-07-16 at 11:46 +0200, Jiri Kosina wrote:
> On Tue, 16 Jul 2013, James Bottomley wrote:
> 
> > > But I need, from the distros, specific examples of what they object to.
> > > So far all I've gotten is one security patch (that was needed), and one
> > > patch for sysfs that I backported too far in the version numbers (my
> > > fault.)
> > > 
> > > Given the huge number of stable patches over the past few years, only
> > > having 2 patches be an issue sounds like things are working well for
> > > people here.
> > > 
> > > If I don't get pushback, with specifics, from the distros, I will not
> > > know what to change, so if people can provide me that, it will help out
> > > a lot.
> > 
> > I agree ... I think Jiří and his Red Hat equivalent need to pipe up and
> > give us more examples of the problems they've been having.
> 
> I am still continuing with my pushback against the /dev/random revamp that 
> happened in -stable; at least in the form it happened. I still strongly 
> believe it's something that's not a stable material. But that's happening 
> in parallel in a different thread already.
> 
> Okay, if you want another example:
> 
> 	commit a6aa749906b92eaec6ca0469f90f35de26044d90
> 	Author: Zhenzhong Duan <zhenzhong.duan@...cle.com>
> 	Date:   Thu Dec 20 15:05:14 2012 -0800
> 
> 	    drivers/firmware/dmi_scan.c: fetch dmi version from SMBIOS if it exists
> 
> While this is a correct fix for major kernel release, as it achieves 
> correctness by checking SMBIOS version properly and behaving according to 
> the spec, it actually causes an userspace ABI regression in some sense, as 
> it just changes byte order of /sys/class/dmi/id/product_uuid on certain 
> systems.
[...]

It wasn't even a correct fix, as it caused the DMI header to be detected
in the wrong place on some machines.

Ben.

-- 
Ben Hutchings
Humans are not rational beings; they are rationalising beings.

Download attachment "signature.asc" of type "application/pgp-signature" (829 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ