SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for kernel-2.6.18-348.3.1.el5.028stab106.2.owl0.3.0.1.i686.rpm :

* Mon Apr 08 2013 Solar Designer 2.6.18-348.3.1.el5.028stab106.2.owl0.3.0.1- Updated to 2.6.18-348.3.1.el5.028stab106.2.
* Sun Apr 07 2013 Solar Designer 2.6.18-308.20.1.el5.028stab104.3.owl0.3.0.2- Use \"pigz -11\" (Zopfli) to compress the kernel.- In dot-config-x86_64, changed CONFIG_ATL1 from =m back to =y.
* Thu Feb 21 2013 Solar Designer 2.6.18-308.20.1.el5.028stab104.3.owl0.3.0.1- Updated to 2.6.18-308.20.1.el5.028stab104.3.- CONFIG_EFI_PARTITION=y- In dot-config-x86_64, changed CONFIG_ATL1 from =y to =m for the kernel to fiton a 2.88 MB \"floppy\" as required for Owl 3.0-stable\'s CDs.
* Sat Aug 18 2012 Solar Designer 2.6.18-308.11.1.el5.028stab102.1.owl0.3.0.1- Updated to 2.6.18-308.11.1.el5.028stab102.1.- Made \"make menuconfig\" work with new binutils (added -ltinfo).- Support builds with CONFIG_IP_PING=n.
* Sun May 06 2012 Solar Designer 2.6.18-308.4.1.el5.028stab100.2.owl0.3.0.1- Updated to 2.6.18-308.4.1.el5.028stab100.2.- Reverted the dmesg_restrict sysctl tri-state feature in favor of the approachtaken by OpenVZ as discussed at http://bugzilla.openvz.org/show_bug.cgi?id=2197- In drivers/net/bnx2x/bnx2x_main.c, wrapped the hacks needed for building withgcc 3.4.5 (Owl 3.0-stable) in #if __GNUC__ < 4 ... #endif.- In fs/proc/task_mmu.c: show_map_internal(), corrected the struct mm_structleak on i686 that was introduced in 2.6.18-274.18.1.el5.028stab098.1.owl1.
* Sat Feb 25 2012 Solar Designer 2.6.18-274.18.1.el5.028stab098.1.owl0.3.0.1- Updated to 2.6.18-274.18.1.el5.028stab098.1.- Introduced the previously missed RLIMIT_NPROC check into fs/compat.c:compat_do_execve() (used by 32-bit program binaries on 64-bit kernel).- Introduced protection against unintended self-read by a SUID/SGID program of/proc//mem and /proc//
*maps files, based on approaches taken inrecent grsecurity patches.- Made the dmesg_restrict sysctl tri-state and container-aware.- CONFIG_NFSD=m.
* Wed Jan 25 2012 Solar Designer 2.6.18-274.17.1.el5.028stab097.1.owl1- Updated to 2.6.18-274.17.1.el5.028stab097.1.
* Tue Dec 27 2011 Solar Designer 2.6.18-274.12.1.el5.028stab096.1.owl1- Updated to 2.6.18-274.12.1.el5.028stab096.1.- CONFIG_VIA_RHINE=m, CONFIG_VIA_RHINE_MMIO=y, CONFIG_VIA_RHINE_NAPI=y
* Sun Nov 27 2011 Vasiliy Kulikov 2.6.18-274.7.1.el5.028stab095.1.owl1- Updated to -274.7.1.el5.028stab095.1. Security and bugfix update.- Set CONFIG_PCNET32=y again as VMware emulates NIC of this type by default.
* Wed Oct 26 2011 Solar Designer 2.6.18-274.3.1.el5.028stab094.3.owl3- Discard section .eh_frame in arch/i386/kernel/vmlinux.lds.S just like it wasalready being done for x86_64.
* Sun Oct 16 2011 Vasiliy Kulikov 2.6.18-274.3.1.el5.028stab094.3.owl2- Fixed compilation failures under gcc 4.6.1.
* Sun Oct 09 2011 Solar Designer 2.6.18-274.3.1.el5.028stab094.3.owl1- Updated to 2.6.18-274.3.1.el5.028stab094.3.- Restricted permissions on /proc/slabinfo.- Moved some OpenVZ features to modules like it is done in OpenVZ\'s officialkernel builds.- Changed CONFIG_UDF_FS=y to =m.- Changed CONFIG_BLK_DEV_CRYPTOLOOP and most CONFIG_CRYPTO_
* from =y to =m.- On x86_64, changed CONFIG_PCNET32 and CONFIG_FORCEDETH (these are some of the100 Mbps NIC drivers) from =y to =m. Of the 100 Mbps NIC drivers, we\'releaving only those for Intel, Realtek, and NE2000-compatible NICs built intothe kernel on x86_64 now.- CONFIG_SCSI_AIC94XX=y, CONFIG_BLK_CPQ_CISS_DA=y (the latter was already =y oni686, now it is =y on x86_64 as well).
* Wed Jul 27 2011 Solar Designer 2.6.18-238.19.1.el5.028stab092.2.owl1- Updated to 2.6.18-238.19.1.el5.028stab092.2.- In kernel/sched.c, wrapped the use of sched_goidle inwouldn\'t compile with our config).- In drivers/net/bonding/bond_main.c, moved the body of a function to beinlined up in the code to make this compilable by gcc 3.4.5;set CONFIG_BONDING=m in dot-config-
*.- CONFIG_BLK_CPQ_CISS_DA=m and CONFIG_CISS_SCSI_TAPE=y in dot-config-x86_64.- Applied a patch adding limited support for LSISAS8208ELP (PCI device id0x0059), which provides access to individual hard drives:http://bugs.gentoo.org/show_bug.cgi?id=325805http://bugs.gentoo.org/attachment.cgi?id=236721http://forums.gentoo.org/viewtopic-t-731366.html- Moved the RLIMIT_NPROC check from set_user() to execve():http://www.openwall.com/lists/kernel-hardening/2011/07/12/1- In set_user(), SIGKILL the process rather than return -EAGAIN on alloc_uid()failure (which \"can\'t happen\").
* Tue May 03 2011 Vasiliy Kulikov 2.6.18-238.9.1.el5.028stab089.1-owl1- Updated to 2.6.18-238.9.1.el5.028stab089.1. This fixes obscure securityissues: kernel panic by unprivileged user via NFSv4 (CVE-2011-1090) and a NULLpointer dereference in GRO code (CVE-2011-1478). It fixes non-security issueswith page tables accounting, AMD Bulldozer boot process, OOM killer and CPUstats bugs. It also introduces numerous features. More detailed descriptionsee at:http://wiki.openvz.org/Download/kernel/rhel5/028stab089.1http://wiki.openvz.org/Download/kernel/rhel5/028stab085.5
* Sat Apr 02 2011 Vasiliy Kulikov 2.6.18-238.5.1.el5.028stab085.3.owl1- Updated to 2.6.18-238.5.1.el5.028stab085.3. This fixes a kernel oops causedby nfsd.- Fixed a SIGSEGV of top running in Fedora 13 x86_64 container (gcc 3.4.5inlining issue):http://bugzilla.openvz.org/show_bug.cgi?id=1815
* Mon Mar 21 2011 Vasiliy Kulikov 2.6.18-238.5.1.el5.028stab085.2.owl3- Backported fixes for netfilter infoleaks: arp_tables (CVE-2011-1170),ip_tables (CVE-2011-1171), ip6_tables (CVE-2011-1172), and ipt_CLUSTERIP:http://www.openwall.com/lists/oss-security/2011/03/18/15One must have CAP_NET_ADMIN to exploit these issues. The default Owlinstallation is vulnerable to the infoleak in ip_tables only as we neither shipother netfilter modules nor have IPv6 enabled.
* Sat Mar 12 2011 Solar Designer 2.6.18-238.5.1.el5.028stab085.2.owl2- Disabled the eepro100 driver in favor of e100:http://www.openwall.com/lists/owl-users/2011/03/05/3
* Fri Mar 11 2011 Vasiliy Kulikov 2.6.18-238.5.1.el5.028stab085.2.owl1- Updated to 238.5.1.el5.028stab085.2. This fixes a bug in CFQ.
* Thu Mar 10 2011 Vasiliy Kulikov 2.6.18-238.5.1.el5.028stab085.1.owl1- Updated to 238.5.1.el5.028stab085.1. This fixes a rare kernel panic withsysfs virtualization, a potential livelock in dirty pages balancing,garbage collector for AF_UNIX sockets error (CVE-2010-4249):https://bugzilla.redhat.com/show_bug.cgi?id=657303,exceeding the receiver\'s buffer limit of socket queues (CVE-2010-4251):https://bugzilla.redhat.com/show_bug.cgi?id=656756- Fixed build failure with CONFIG_IPV6=n (default in Owl).- Fixed build failure with gcc 3.4.5 (issue with inline functions).- Fixed bug with fragmented ICMP sockets (Owl-specific issue). Reportedby Piotr Meyer.
* Thu Feb 10 2011 Vasiliy Kulikov 2.6.18-238.1.1.el5.028stab084.3.owl1- Updated to 2.6.18-238.1.1.el5.028stab084.3. It contains\"fix for optimized kmem accounting.\"
* Wed Feb 09 2011 Vasiliy Kulikov 2.6.18-238.1.1.el5.028stab084.2.owl1- Updated to 2.6.18-238.1.1.el5.028stab084.2. The fix for VDSO bug in028stab084.1 was incomplete, now fixed, hopefully:http://bugzilla.openvz.org/show_bug.cgi?id=1762- Dropped page accounting fix from -owl patch (fixed in OpenVZ\'s kernel).- CONFIG_BRIDGE=m (it also needs CONFIG_BRIDGE_NETFILTER=y,CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m, CONFIG_BRIDGE_NF_EBTABLES=n).- CONFIG_PPP_MPPE=m, this is needed by PPTP access server.- CONFIG_IP_NF_TARGET_ULOG=y.
* Sat Feb 05 2011 Vasiliy Kulikov 2.6.18-238.1.1.el5.028stab084.1.owl2- Updated to upstream\'s \"fixed fix for paging accounting\". The incompletefix introduced with our 2011/02/04 update could have caused trouble with32-bit x86 kernels:http://bugzilla.openvz.org/show_bug.cgi?id=1760
* Fri Feb 04 2011 Vasiliy Kulikov 2.6.18-238.1.1.el5.028stab084.1.owl1- Updated to 2.6.18-238.1.1.el5.028stab084.1.- Enabled VDSO on x86_64 (the actual bug is fixed in 028stab084.1).- Combined -owl and -owl-pingsockets into -owl.- Applied a patch fixing flooding \"Uncharging too much\" for non-4levels pagetables acct:http://bugzilla.openvz.org/show_bug.cgi?id=1760
* Thu Feb 03 2011 Vasiliy Kulikov 2.6.18-238.1.1.el5.028stab083.1.owl4- Initialize ping_group_range to {1, 0} to disable the feature fordaemons that don\'t drop GID 0. Suggested by Solar.
* Mon Jan 31 2011 Vasiliy Kulikov 2.6.18-238.1.1.el5.028stab083.1.owl3- Added ICMP socket kind.
* Sat Jan 29 2011 Solar Designer 2.6.18-238.1.1.el5.028stab083.1.owl2- Applied a patch fixing APIC driver selection on x86_64 systems with more than8 logical CPUs (thanks to Pavel Emelyanov of OpenVZ for providing this patch).- Disabled VDSO on x86_64 as a temporary workaround for a bug introduced in2.6.18-238.1.1.el5.028stab083.1.
* Fri Jan 28 2011 Solar Designer 2.6.18-238.1.1.el5.028stab083.1.owl1- Updated to 2.6.18-238.1.1.el5.028stab083.1.- Fixed an infoleak in net/core/ethtool.c: ethtool_get_regs().This was the portion of CVE-2010-4655 affecting RHEL5 kernels.http://www.openwall.com/lists/oss-security/2011/01/28/1- CONFIG_PCIE_ECRC=y to match Red Hat\'s kernels; presumably they had enabledthis option for a reason (broken BIOSes?)- CONFIG_PCI_IOV=y, which is indirectly required for the bnx2x driver (via whatlooks like a somewhat bogus dependency in the current PCI code).- CONFIG_SCSI_3W_SAS=y (new driver backport in RHEL 5.6).- CONFIG_FUSION_SAS=y, also requiring CONFIG_SCSI_SAS_ATTRS=y. On i686, alsoCONFIG_FUSION_FC=y and CONFIG_SCSI_FC_ATTRS=y. Previously, these were builtas modules.- CONFIG_SATA_SIS=y, CONFIG_PATA_SIS=y, and CONFIG_SIS900=y (on i686) orCONFIG_SIS900=m (on x86_64). These were needed for at least a certain Atom CPUbased mini-server. These chips are presumably unlikely to be seen on a 64-bitcapable system, yet this is possible. The SATA/PATA drivers are tiny. The NICdriver is larger, so it\'s excluded from the x86_64 kernel image.- CONFIG_BNX2X=m (also sets CONFIG_MDIO=m, CONFIG_CRYPTO_CRC32C=m, andCONFIG_LIBCRC32C=m).- Enabled building of old 3Com NIC drivers as modules.- Moved the EDAC drivers to modules to avoid console flood on certain buggymachines, as well as to reduce kernel size.- Moved the DMA engine stuff to modules because it resulted in a boot-timefailure on at least one server type (Supermicro X8DTU/X8DTU-F motherboard)when compiled into the kernel.
* Thu Dec 09 2010 Solar Designer 2.6.18-194.26.1.el5.028stab079.1-owl2- In the CVE-2010-4258 fix, moved the in_interrupt() check to be done beforethe newly added set_fs() call. Rationale:http://www.openwall.com/lists/oss-security/2010/12/09/4- Added mmap_min_addr checks into install_special_mapping() and__bprm_mm_init(). The problem was discovered and a similar patch proposed byTavis Ormandy of Google Security Team:http://www.openwall.com/lists/oss-security/2010/12/09/12- Set the default mmap_min_addr to 98304, just like we do in our sysctl.conf.- Merged linux-2.6-net-limit-sendto-recvfrom-iovec-total-length-to-int_max.patchfrom 2.6.18-236.el5.
* Wed Dec 08 2010 Solar Designer 2.6.18-194.26.1.el5.028stab079.1-owl1- Updated to 2.6.18-194.26.1.el5.028stab079.1.- Fixed \"Dangerous interaction between clear_child_tid, set_fs(), and kerneloopses\" (CVE-2010-4258). Problem discovered and fix proposed by Nelson Elhageof Ksplice:http://www.openwall.com/lists/oss-security/2010/12/02/3http://www.openwall.com/lists/oss-security/2010/12/02/7http://www.openwall.com/lists/oss-security/2010/12/08/4- Merged many security-relevant patches from 2.6.18-236.el5 (mostly forinfoleaks discovered by Dan Rosenberg, as well as his patch introducingthe dmesg_restrict sysctl and CONFIG_SECURITY_DMESG_RESTRICT).- Set CONFIG_SECURITY_DMESG_RESTRICT=y in our default configs.- Package include/ub/, which is needed for external kernel module buildsagainst OpenVZ kernel headers (ub/ files are included from the \"regular\" linux/header files, so even a non-OpenVZ-specific module ends up needing them).
* Fri Sep 24 2010 Solar Designer 2.6.18-194.11.3.el5.028stab071.5-owl1- Updated to 2.6.18-194.11.3.el5.028stab071.5.- Added a fix for CVE-2010-3081 from 028stab070.5 (the same as Red Hat\'slinux-2.6-misc-make-compat_alloc_user_space-incorporate-the-access_ok.patchfrom their -194.11.4 kernel, but adjusted to apply on top of OpenVZ).- Restricted permissions on /proc/kallsyms (0444 to 0400).- Enabled building of DRBD as a module (also enabled connector and HMAC).- Set CONFIG_FUSION_SPI=y and CONFIG_PCNET32=y (these were at =m before) to rununder VMware out of the box, but switched CONFIG_IXGBE and CONFIG_IXGB (large10G Ethernet drivers) from =y to =m (have to fit on a 2.88 MB \"floppy\").- Switched to using xz-compressed source tarball and OpenVZ patch.
* Thu Sep 02 2010 Solar Designer 2.6.18-194.11.3.el5.028stab071.3-owl1- Updated to 2.6.18-194.11.3.el5.028stab071.3.
* Mon Aug 30 2010 Solar Designer 2.6.18-194.8.1.el5.028stab070.4-owl1- Updated to 2.6.18-194.8.1.el5.028stab070.4.- Added most post-194.8.1 patches from Red Hat\'s -194.11.1.- Fixed an Owl-specific bug in init/do_mounts.c: do_mount_root() withroot=/dev/cdrom failing to access CD drives on IDE slaves.- Applied a variation of Kees Cook\'s partial fix to fs/exec.c\'s argv expansion:http://www.openwall.com/lists/oss-security/2010/08/27/1http://www.openwall.com/lists/oss-security/2010/08/30/3- Applied upstream\'s fix to integer overflow flaws in ext4_ext_in_cache() andext4_ext_get_blocks():http://www.openwall.com/lists/oss-security/2010/08/16/1- Enabled CONFIG_FUSION_
* and CONFIG_PCNET32 as modules.
* Wed Jul 21 2010 Solar Designer 2.6.18-194.8.1.el5.028stab070.2.owl3- Backported the AHCI vs. Marvell PATA driver co-existence fixes from 2.6.34.1,made the corresponding messages more verbose.- Implemented support of root=/dev/cdrom - a magic root device that correspondsto the first CD drive with a valid filesystem (maybe of a specified type).
* Tue Jul 20 2010 Solar Designer 2.6.18-194.8.1.el5.028stab070.2.owl2- Fixed a bug in drivers/dca/Kconfig that prevented CONFIG_DCA from being setto \"y\" when module support is enabled.- Made assorted changes to the kernel configs.
* Sat Jul 17 2010 Solar Designer 2.6.18-194.8.1.el5.028stab070.2.owl1- RPM\'ed the kernel in a way allowing for easy non-RPM\'ed builds as well.
  
ICM