On Wed, Feb 08, 2006 at 12:26:27PM +0900, Horms wrote: > On Fri, Oct 14, 2005 at 04:30:10PM +0900, Horms wrote: > > > Also this patch: > > > http://linux.bkbits.net:8080/linux-2.4/diffs/fs/xfs/[EMAIL > > > PROTECTED]|src/|src/fs|src/fs/xfs|related/fs/xfs/xfs_dinode.h|[EMAIL > > > PROTECTED]|hist/fs/xfs/xfs_inode.c > > > ([XFS] Handle inode creation race) should also be applied since it > > > appears to be a security issue. > > > > Fixed in 2.4.29-pre1 > > Patch: http://linux.bkbits.net:8080/linux-2.4/[EMAIL > > PROTECTED]|src/|src/fs|src/fs/xfs|related/fs/xfs/xfs_inode.c > > ChangeLog: http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.29 > > > > I'll get this into SVN for 2.4.27. > > It does not seem to relate to 2.6 at all. > > > > > I am having trouble locating CAN numbers for these, does anyone know if > > > there are any? > > > > I don't think there are any. Perhaps we should file for the 2nd one. > > I noice that hlh was involved in that patch, perhaps > > he can provide a slightly longer description. > > It turns out that this patch introduces a bug in the form of a missing > symbol (#343970). > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343970
Sorry, this problem should be tracked as #344036 as per the note I sent to #343970 earlier today. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344036 > The fix for this is to add an additional patch, which was also included > in 2.4.29-pre1 > > http://linux.bkbits.net:8080/linux-2.4/[EMAIL > PROTECTED]|src/|src/fs|src/fs/xfs|src/fs/xfs/linux-2.4|related/fs/xfs/linux-2.4/xfs_vnode.h > > I have added this for inclusion in Sid's (trunk) 2.4.27-13. > > I have removed the original patch from sarge-security's 2.4.27-10sarge2 > as I believe that these patches are far to large for a security release. > I don't believe they have been closely examined. And we don't even > have a CVE for them. Should we add a patch-tracker entry for them > and consider them for "sarge3"? > > -- > Horms -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
