login
Search
Andres Salomon announced a new kernel patchset focused on security and obvious bugfixes. He explained, "I'm announcing a new kernel tree; -as. The goal of this tree is to form a stable base for vendors/distributors to use for their kernels. In order to do this, I intend to include only security fixes and obvious bugfixes, from various sources. I do not intend to include driver updates, large subsystem fixes, cleanups, and so on. Basically, this is what I'd want 2.6.10.1 to contain."
Andres notes that the new patchset will be used by Debian, whose upcoming sarge release will have a 2.6.8 kernel patched with the -as patchset. He explains, "my plan is to include security fixes for a kernel or two behind what is the latest. Currently, I'm supporting (for Debian) 2.6.8 through 2.6.10. Of course, normally I wouldn't support 2.6.8 for this long, but since sarge will (hopefully?) be releasing someday, and this is the kernel chosen for it, I must continue support." He went on to note that for the older kernels he plans to primarily focus on security fixes, not small bugfixes.
From: Andres Salomon [email blocked] To: linux-kernel Subject: 2.6.10-as1 Date: Thu, 13 Jan 2005 03:37:28 -0500 Hi, I'm announcing a new kernel tree; -as. The goal of this tree is to form a stable base for vendors/distributors to use for their kernels. In order to do this, I intend to include only security fixes and obvious bugfixes, from various sources. I do not intend to include driver updates, large subsystem fixes, cleanups, and so on. Basically, this is what I'd want 2.6.10.1 to contain. This first release should have been done last week, but the various security advisories kept me pretty busy. It includes various iptables and nfs fixes, the various security fixes announced over the past two weeks (including the latest, CAN-2005-0001), and misc. others. My hope is that people find this useful, so less work is duplicated by distribution packagers. Debian kernels are basically a combination of this tree, as well as debian-specific patches and more experimental stuff. The kernel patches can be grabbed from here: http://www.acm.rpi.edu/~dilinger/patches/2.6.10/as1/ 02e412361955fa80c0ea3a5a59a37c36 ChangeLog 0a75d0e8922491fb2540b3c6178dfd58 linux-2.6.10-as1.tar.gz 540effd229ea72dad4bd274bba40fb94 patch-2.6.10-as1.gz patch-2.6.10-as1.gz is a patch against vanilla 2.6.10. linux-2.6.10-as1.tar.gz are the patches, individually broken out. Patches pulled from bitkeeper include their comment headers. As mentioned, this should've been released last week; as such, it's about a week behind bitkeeper. I shall go through the remaining 600 or so changesets within the next few days, and release -as2. -- Andres Salomon [email blocked]
From: Frank Steiner [email blocked] Subject: Re: 2.6.10-as1 Date: Thu, 13 Jan 2005 11:09:24 +0100 Andres Salomon wrote > Hi, > > I'm announcing a new kernel tree; -as. The goal of this tree is to form > a stable base for vendors/distributors to use for their kernels. In > order to do this, I intend to include only security fixes and obvious > bugfixes, from various sources. I do not intend to include driver > updates, large subsystem fixes, cleanups, and so on. Basically, this is > what I'd want 2.6.10.1 to contain. Very nice idea! Not only for distributors! Thanks for doing this! Do you plan to maintain -as only for the latest release, i.e., will 2.6.10-as still be maintained with security fixes even when 2.6.11-as comes up? cu, Frank -- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
From: Andres Salomon [email blocked] Subject: Re: 2.6.10-as1 Date: Thu, 13 Jan 2005 10:26:00 -0500 On Thu, 2005-01-13 at 11:09 +0100, Frank Steiner wrote: > Andres Salomon wrote > > > Hi, > > > > I'm announcing a new kernel tree; -as. The goal of this tree is to form > > a stable base for vendors/distributors to use for their kernels. In > > order to do this, I intend to include only security fixes and obvious > > bugfixes, from various sources. I do not intend to include driver > > updates, large subsystem fixes, cleanups, and so on. Basically, this is > > what I'd want 2.6.10.1 to contain. > > Very nice idea! Not only for distributors! Thanks for doing this! > Do you plan to maintain -as only for the latest release, i.e., will > 2.6.10-as still be maintained with security fixes even when 2.6.11-as > comes up? > My plan is to include security fixes for a kernel or two behind what is the latest. Currently, I'm supporting (for Debian) 2.6.8 through 2.6.10. Of course, normally I wouldn't support 2.6.8 for this long, but since sarge will (hopefully?) be releasing someday, and this is the kernel chosen for it, I must continue support. I do not plan to continue small bugfixes for older kernels too much longer after a new kernel is released; however, if people were to feed me patches for older kernels, I'd be more than happy to do releases. -- Andres Salomon [email blocked]
From: Frank Steiner [email blocked] Subject: Re: 2.6.10-as1 Date: Thu, 13 Jan 2005 17:18:08 +0100 Andres Salomon wrote > My plan is to include security fixes for a kernel or two behind what is > the latest. Currently, I'm supporting (for Debian) 2.6.8 through That would definitely help a lot. I always try to upgrade to a new major release, but sometimes this is not easy. We have 60 hosts here and are, for example, using Ati Radeons and nvidia Gforce cards. So when 2.6.10 came out, I couldn't just upgrade until patches came out that made the fglrx and nv modules compile and work again. So from time to time, there are reasons to stay with the former major release for a while (and if it is only because one currently doesn't have time for testing the new one) and I'm sure that I'm not the only one with this problem. If at least one kernel behind the latest was supplied with security fixes that would give people enough time to test the new release without ruffle while still getting security fixes for the former release. > I do not plan to continue small bugfixes for older kernels too much > longer after a new kernel is released; however, if people were to feed > me patches for older kernels, I'd be more than happy to do releases. I guess that for most people security fixes would already be enough, or say, that's at least what you want in the first place... I hope that many people make use of this tree and that is will be included on the kernel.org page as official tree. It definitely is a very useful tree! cu, Frank -- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
| Attachment | Size |
|---|---|
| ChangeLog.txt | 9.84 KB |
grsecurity?
Can we expect it to be compatible with (or include) grsecurity patches? Probably not, but surely would be nice.
Great!
With any kernel that's patched for the uselib() vulnerability, my systems crash within an hour:
http://audioseek.net/~hiryu/panic.png
(Haven't tried 2.6.11rc1 as the compile fails for me, but bk patches before rc11 give me this instability, as does do the recent ac patches).
This occurs on amd64 and regular 32 bit systems alike. 2.6.10 (which isn't patched for uselib() yet) also has this problem. So it will be nice to be stable AND secure.
2.6.8.1 (aside from uselib() of course) has been a champ for me. Performs well (enough), and most importantly, doesn't crash all the time.
Bug report?
Have you filed a bug report at http://bugzilla.kernel.org/ or at least mentioned the problems on the LKML?
kernel 2.8.1 sucks vs 2.6.10
and debian should se that..2.6.7 was ok not 2.6.8-> 2.6.9 urrgghh
look at what maintaners say, and look @ changelogs
Huoh
Kernel 2.6.8 contains many very important and impressive fixes and bugfixes. Do not unrestimate it.
I've had 0 problems with 2.6.
I've had 0 problems with 2.6.8 or 2.6.9 and 2.6.10 is a huge jump, there's a lot of big changes that got in and that is a little scarey when you're deciding which kernel to put on your install media.
That and 2.6.10 broke swsusp2 for me, so I'm a little bitter.
A bit off topic ... but talking about bug fix
this
Bug #779
make desktop user (I suspect it's common in old/slow hardware) frustating.
I see it was opened in 2003/06/06 and still is there. I propose a stupid (wrong) fix that do not actually solve problem but make the psmouse problem less hateful for user.
BTW, there are a number of patch (mostly 2 kind of patch) in bug #2082 (which actually is a duplicate of #779), but I think none of those are the right fix.
This is an "end-user" bug, and nobody fix it over 2 years.
I'm sure the fix is none of those proposed, I'm still waiting..
Sorry, for the off topic, but I want a bit more amplification over this bug.
Related to security ..
Sorry, I miss to explain how it related to security:
while having "lost syncronization" message seems not a problem, mouse pointer jump and click in random position in screen, it could happen that you are running a suid app and such a random click could be very annoying.. It could be dangerous even with a simple office application.