Bug#607041: marked as done (linux-image-2.6.32-5-openvz-amd64: amd64 ip6tables broken in OpenVZ VE)

Mon, 07 Mar 2011 12:04:25 -0800 

Your message dated Mon, 07 Mar 2011 19:59:07 +0000
with message-id <e1pwgab-0005rc...@franck.debian.org>
and subject line Bug#607041: fixed in linux-2.6 2.6.32-31
has caused the Debian Bug report #607041,
regarding linux-image-2.6.32-5-openvz-amd64: amd64 ip6tables broken in OpenVZ VE
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
607041: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607041
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: linux-image-2.6.32-5-openvz-amd64
Version: 2.6.32-29

Hi,
I noticed that on kernel 2.6.32-5-openvz-amd64 (Debian 2.6.32-29), the amd64 build of ip6tables does not work at all in an OpenVZ VE, but the i386 build does. Within the OpenVZ host itself though (VE0), both versions work. So I'm inclined to say this is more likely a kernel/OpenVZ bug than a bug in ip6tables. 

IPv4 iptables works fine in all cases.
I tested this within a OpenVZ VE, which is an amd64 Debian lenny install, with an i386 chroot inside of it: 


# dpkg-query -Wf '${Package}-${Version}_${Architecture}\n' iptables
iptables-1.4.2-6_amd64

# ip6tables -L
FATAL: Could not load /lib/modules/2.6.32-5-openvz-amd64/modules.dep: No such file or directory ip6tables v1.4.2: can't initialize ip6tables table `filter': Permission denied (you must be root) 
Perhaps ip6tables or your kernel needs to be upgraded.
# chroot lenny-i386/ dpkg-query -Wf '${Package}-${Version}_${Architecture}\n' iptables 
iptables-1.4.2-6_i386

# chroot lenny-i386/ ip6tables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
...


I believe this strace of the amd64 version shows where the problem occurs:


socket(PF_INET6, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IPV6, 0x40 /* IPV6_??? */, 0x7fff508e34d0, 0x7fff508e3538) = 
-1 EPERM (Operation not permitted)
After that, ip6tables seems to think some kernel modules must be missing, so it tries to load them, except that's not correct for OpenVZ and that leads to the errors visible on stderr. 

The same getsockopt() call succeeds in the i386 version:


socket(PF_INET6, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IPV6, 0x40 /* IPV6_??? */, 
"filter\0\377\241\372\3\201\377\377\377\377\6\0\0\0\0\0\0\0Q\367\0\201\377\377\377\377\16"...,
 [84]) = 0
After an exhaustive search of kernel source I think maybe this is the source of that -1 EPERM return value: 


static int
compat_do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
{
        int ret;

        if (!capable(CAP_VE_NET_ADMIN))
                return -EPERM;



static int
do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
{
        int ret;

        if (!capable(CAP_NET_ADMIN))
                return -EPERM;
It looks like the OpenVZ patch changed CAP_NET_ADMIN to CAP_VE_NET_ADMIN for compat_do_ip6t_{get,set}_ctl but not for the native functions ip6t_{get,set}_ctl.
However, the equivalent IPv4 functions have something slightly different, for all four functions (get and set, compat and native): 


if (capable(CAP_NET_ADMIN) && !capable(CAP_VE_NET_ADMIN))
In all honesty I don't know what this means -- I don't know if there are security implications if I changed this. Or maybe it would break ip6tables in the host system (VE0). I may try fiddling with this sometime if I get the chance to reboot the machine (a production system, unfortunately, such is the way of things...). 

Thanks,
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org

--- End Message ---
--- Begin Message --- 
Source: linux-2.6
Source-Version: 2.6.32-31

We believe that the bug you reported is fixed in the latest version of
linux-2.6, which is due to be installed in the Debian FTP archive:

firmware-linux-free_2.6.32-31_all.deb
  to main/l/linux-2.6/firmware-linux-free_2.6.32-31_all.deb
linux-2.6_2.6.32-31.diff.gz
  to main/l/linux-2.6/linux-2.6_2.6.32-31.diff.gz
linux-2.6_2.6.32-31.dsc
  to main/l/linux-2.6/linux-2.6_2.6.32-31.dsc
linux-base_2.6.32-31_all.deb
  to main/l/linux-2.6/linux-base_2.6.32-31_all.deb
linux-doc-2.6.32_2.6.32-31_all.deb
  to main/l/linux-2.6/linux-doc-2.6.32_2.6.32-31_all.deb
linux-manual-2.6.32_2.6.32-31_all.deb
  to main/l/linux-2.6/linux-manual-2.6.32_2.6.32-31_all.deb
linux-patch-debian-2.6.32_2.6.32-31_all.deb
  to main/l/linux-2.6/linux-patch-debian-2.6.32_2.6.32-31_all.deb
linux-source-2.6.32_2.6.32-31_all.deb
  to main/l/linux-2.6/linux-source-2.6.32_2.6.32-31_all.deb
linux-support-2.6.32-5_2.6.32-31_all.deb
  to main/l/linux-2.6/linux-support-2.6.32-5_2.6.32-31_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 607...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ben Hutchings <b...@decadent.org.uk> (supplier of updated linux-2.6 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 07 Mar 2011 01:54:53 +0000
Source: linux-2.6
Binary: linux-tools-2.6.32 linux-source-2.6.32 linux-doc-2.6.32 
linux-manual-2.6.32 linux-patch-debian-2.6.32 firmware-linux-free 
linux-support-2.6.32-5 linux-base linux-libc-dev linux-headers-2.6.32-5-all 
linux-headers-2.6.32-5-all-alpha linux-headers-2.6.32-5-common 
linux-image-2.6.32-5-alpha-generic linux-headers-2.6.32-5-alpha-generic 
linux-image-2.6.32-5-alpha-smp linux-headers-2.6.32-5-alpha-smp 
linux-image-2.6.32-5-alpha-legacy linux-headers-2.6.32-5-alpha-legacy 
linux-headers-2.6.32-5-all-amd64 linux-image-2.6.32-5-amd64 
linux-headers-2.6.32-5-amd64 linux-image-2.6.32-5-amd64-dbg 
linux-headers-2.6.32-5-common-openvz linux-image-2.6.32-5-openvz-amd64 
linux-headers-2.6.32-5-openvz-amd64 linux-image-2.6.32-5-openvz-amd64-dbg 
linux-headers-2.6.32-5-common-vserver linux-image-2.6.32-5-vserver-amd64 
linux-headers-2.6.32-5-vserver-amd64 linux-image-2.6.32-5-vserver-amd64-dbg 
linux-headers-2.6.32-5-common-xen linux-image-2.6.32-5-xen-amd64 
linux-headers-2.6.32-5-xen-amd64
 linux-image-2.6.32-5-xen-amd64-dbg xen-linux-system-2.6.32-5-xen-amd64 
linux-headers-2.6.32-5-all-armel linux-image-2.6.32-5-iop32x 
linux-headers-2.6.32-5-iop32x linux-image-2.6.32-5-ixp4xx 
linux-headers-2.6.32-5-ixp4xx linux-image-2.6.32-5-kirkwood 
linux-headers-2.6.32-5-kirkwood linux-image-2.6.32-5-orion5x 
linux-headers-2.6.32-5-orion5x linux-image-2.6.32-5-versatile 
linux-headers-2.6.32-5-versatile linux-headers-2.6.32-5-all-hppa 
linux-image-2.6.32-5-parisc linux-headers-2.6.32-5-parisc 
linux-image-2.6.32-5-parisc-smp linux-headers-2.6.32-5-parisc-smp 
linux-image-2.6.32-5-parisc64 linux-headers-2.6.32-5-parisc64 
linux-image-2.6.32-5-parisc64-smp linux-headers-2.6.32-5-parisc64-smp 
linux-headers-2.6.32-5-all-i386 linux-image-2.6.32-5-486 
linux-headers-2.6.32-5-486 linux-image-2.6.32-5-686 linux-headers-2.6.32-5-686 
linux-image-2.6.32-5-686-bigmem linux-headers-2.6.32-5-686-bigmem 
linux-image-2.6.32-5-686-bigmem-dbg linux-image-2.6.32-5-openvz-686
 linux-headers-2.6.32-5-openvz-686 linux-image-2.6.32-5-openvz-686-dbg 
linux-image-2.6.32-5-vserver-686 linux-headers-2.6.32-5-vserver-686 
linux-image-2.6.32-5-vserver-686-bigmem 
linux-headers-2.6.32-5-vserver-686-bigmem 
linux-image-2.6.32-5-vserver-686-bigmem-dbg linux-image-2.6.32-5-xen-686 
linux-headers-2.6.32-5-xen-686 linux-image-2.6.32-5-xen-686-dbg 
xen-linux-system-2.6.32-5-xen-686 linux-headers-2.6.32-5-all-ia64 
linux-image-2.6.32-5-itanium linux-headers-2.6.32-5-itanium 
linux-image-2.6.32-5-mckinley linux-headers-2.6.32-5-mckinley 
linux-image-2.6.32-5-vserver-itanium linux-headers-2.6.32-5-vserver-itanium 
linux-image-2.6.32-5-vserver-mckinley linux-headers-2.6.32-5-vserver-mckinley 
linux-headers-2.6.32-5-all-m68k linux-image-2.6.32-5-amiga 
linux-headers-2.6.32-5-amiga linux-image-2.6.32-5-atari 
linux-headers-2.6.32-5-atari linux-image-2.6.32-5-bvme6000 
linux-headers-2.6.32-5-bvme6000 linux-image-2.6.32-5-mac 
linux-headers-2.6.32-5-mac
 linux-image-2.6.32-5-mvme147 linux-headers-2.6.32-5-mvme147 
linux-image-2.6.32-5-mvme16x linux-headers-2.6.32-5-mvme16x 
linux-headers-2.6.32-5-all-mips linux-image-2.6.32-5-r4k-ip22 
linux-headers-2.6.32-5-r4k-ip22 linux-image-2.6.32-5-r5k-ip32 
linux-headers-2.6.32-5-r5k-ip32 linux-image-2.6.32-5-sb1-bcm91250a 
linux-headers-2.6.32-5-sb1-bcm91250a linux-image-2.6.32-5-sb1a-bcm91480b 
linux-headers-2.6.32-5-sb1a-bcm91480b linux-image-2.6.32-5-4kc-malta 
linux-headers-2.6.32-5-4kc-malta linux-image-2.6.32-5-5kc-malta 
linux-headers-2.6.32-5-5kc-malta linux-headers-2.6.32-5-all-mipsel 
linux-image-2.6.32-5-r5k-cobalt linux-headers-2.6.32-5-r5k-cobalt 
linux-headers-2.6.32-5-all-powerpc linux-image-2.6.32-5-powerpc 
linux-headers-2.6.32-5-powerpc linux-image-2.6.32-5-powerpc-smp 
linux-headers-2.6.32-5-powerpc-smp linux-image-2.6.32-5-powerpc64 
linux-headers-2.6.32-5-powerpc64 linux-image-2.6.32-5-vserver-powerpc 
linux-headers-2.6.32-5-vserver-powerpc
 linux-image-2.6.32-5-vserver-powerpc64 
linux-headers-2.6.32-5-vserver-powerpc64 linux-headers-2.6.32-5-all-s390 
linux-image-2.6.32-5-s390x linux-headers-2.6.32-5-s390x 
linux-image-2.6.32-5-s390x-tape linux-image-2.6.32-5-vserver-s390x 
linux-headers-2.6.32-5-vserver-s390x linux-headers-2.6.32-5-all-sh4 
linux-image-2.6.32-5-sh7751r linux-headers-2.6.32-5-sh7751r 
linux-image-2.6.32-5-sh7785lcr linux-headers-2.6.32-5-sh7785lcr 
linux-headers-2.6.32-5-all-sparc linux-image-2.6.32-5-sparc64 
linux-headers-2.6.32-5-sparc64 linux-image-2.6.32-5-sparc64-smp 
linux-headers-2.6.32-5-sparc64-smp linux-image-2.6.32-5-vserver-sparc64 
linux-headers-2.6.32-5-vserver-sparc64
 linux-headers-2.6.32-5-all-sparc64
Architecture: all amd64 source
Version: 2.6.32-31
Distribution: stable
Urgency: low
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <b...@decadent.org.uk>
Closes: 568454 590105 590653 591061 600769 602444 602853 603835 604802 607041 
607879 608148 608684 609538 610360 610838 611390 613170 613200 613335 613499 
613501 613531 613823 614555 615888 616058
Description: 
 firmware-linux-free - Binary firmware for various drivers in the Linux kernel
 linux-base - Linux image base package
 linux-doc-2.6.32 - Linux kernel specific documentation for version 2.6.32
 linux-headers-2.6.32-5-486 - Header files for Linux 2.6.32-5-486
 linux-headers-2.6.32-5-4kc-malta - Header files for Linux 2.6.32-5-4kc-malta
 linux-headers-2.6.32-5-5kc-malta - Header files for Linux 2.6.32-5-5kc-malta
 linux-headers-2.6.32-5-686-bigmem - Header files for Linux 2.6.32-5-686-bigmem
 linux-headers-2.6.32-5-686 - Header files for Linux 2.6.32-5-686
 linux-headers-2.6.32-5-all - All header files for Linux 2.6.32 (meta-package)
 linux-headers-2.6.32-5-all-alpha - All header files for Linux 2.6.32 
(meta-package)
 linux-headers-2.6.32-5-all-amd64 - All header files for Linux 2.6.32 
(meta-package)
 linux-headers-2.6.32-5-all-armel - All header files for Linux 2.6.32 
(meta-package)
 linux-headers-2.6.32-5-all-hppa - All header files for Linux 2.6.32 
(meta-package)
 linux-headers-2.6.32-5-all-i386 - All header files for Linux 2.6.32 
(meta-package)
 linux-headers-2.6.32-5-all-ia64 - All header files for Linux 2.6.32 
(meta-package)
 linux-headers-2.6.32-5-all-m68k - All header files for Linux 2.6.32 
(meta-package)
 linux-headers-2.6.32-5-all-mips - All header files for Linux 2.6.32 
(meta-package)
 linux-headers-2.6.32-5-all-mipsel - All header files for Linux 2.6.32 
(meta-package)
 linux-headers-2.6.32-5-all-powerpc - All header files for Linux 2.6.32 
(meta-package)
 linux-headers-2.6.32-5-all-s390 - All header files for Linux 2.6.32 
(meta-package)
 linux-headers-2.6.32-5-all-sh4 - All header files for Linux 2.6.32 
(meta-package)
 linux-headers-2.6.32-5-all-sparc64 - All header files for Linux 2.6.32 
(meta-package)
 linux-headers-2.6.32-5-all-sparc - All header files for Linux 2.6.32 
(meta-package)
 linux-headers-2.6.32-5-alpha-generic - Header files for Linux 
2.6.32-5-alpha-generic
 linux-headers-2.6.32-5-alpha-legacy - Header files for Linux 
2.6.32-5-alpha-legacy
 linux-headers-2.6.32-5-alpha-smp - Header files for Linux 2.6.32-5-alpha-smp
 linux-headers-2.6.32-5-amd64 - Header files for Linux 2.6.32-5-amd64
 linux-headers-2.6.32-5-amiga - Header files for Linux 2.6.32-5-amiga
 linux-headers-2.6.32-5-atari - Header files for Linux 2.6.32-5-atari
 linux-headers-2.6.32-5-bvme6000 - Header files for Linux 2.6.32-5-bvme6000
 linux-headers-2.6.32-5-common - Common header files for Linux 2.6.32-5
 linux-headers-2.6.32-5-common-openvz - Common header files for Linux 
2.6.32-5-openvz
 linux-headers-2.6.32-5-common-vserver - Common header files for Linux 
2.6.32-5-vserver
 linux-headers-2.6.32-5-common-xen - Common header files for Linux 2.6.32-5-xen
 linux-headers-2.6.32-5-iop32x - Header files for Linux 2.6.32-5-iop32x
 linux-headers-2.6.32-5-itanium - Header files for Linux 2.6.32-5-itanium
 linux-headers-2.6.32-5-ixp4xx - Header files for Linux 2.6.32-5-ixp4xx
 linux-headers-2.6.32-5-kirkwood - Header files for Linux 2.6.32-5-kirkwood
 linux-headers-2.6.32-5-mac - Header files for Linux 2.6.32-5-mac
 linux-headers-2.6.32-5-mckinley - Header files for Linux 2.6.32-5-mckinley
 linux-headers-2.6.32-5-mvme147 - Header files for Linux 2.6.32-5-mvme147
 linux-headers-2.6.32-5-mvme16x - Header files for Linux 2.6.32-5-mvme16x
 linux-headers-2.6.32-5-openvz-686 - Header files for Linux 2.6.32-5-openvz-686
 linux-headers-2.6.32-5-openvz-amd64 - Header files for Linux 
2.6.32-5-openvz-amd64
 linux-headers-2.6.32-5-orion5x - Header files for Linux 2.6.32-5-orion5x
 linux-headers-2.6.32-5-parisc64 - Header files for Linux 2.6.32-5-parisc64
 linux-headers-2.6.32-5-parisc64-smp - Header files for Linux 
2.6.32-5-parisc64-smp
 linux-headers-2.6.32-5-parisc - Header files for Linux 2.6.32-5-parisc
 linux-headers-2.6.32-5-parisc-smp - Header files for Linux 2.6.32-5-parisc-smp
 linux-headers-2.6.32-5-powerpc64 - Header files for Linux 2.6.32-5-powerpc64
 linux-headers-2.6.32-5-powerpc - Header files for Linux 2.6.32-5-powerpc
 linux-headers-2.6.32-5-powerpc-smp - Header files for Linux 
2.6.32-5-powerpc-smp
 linux-headers-2.6.32-5-r4k-ip22 - Header files for Linux 2.6.32-5-r4k-ip22
 linux-headers-2.6.32-5-r5k-cobalt - Header files for Linux 2.6.32-5-r5k-cobalt
 linux-headers-2.6.32-5-r5k-ip32 - Header files for Linux 2.6.32-5-r5k-ip32
 linux-headers-2.6.32-5-s390x - Header files for Linux 2.6.32-5-s390x
 linux-headers-2.6.32-5-sb1a-bcm91480b - Header files for Linux 
2.6.32-5-sb1a-bcm91480b
 linux-headers-2.6.32-5-sb1-bcm91250a - Header files for Linux 
2.6.32-5-sb1-bcm91250a
 linux-headers-2.6.32-5-sh7751r - Header files for Linux 2.6.32-5-sh7751r
 linux-headers-2.6.32-5-sh7785lcr - Header files for Linux 2.6.32-5-sh7785lcr
 linux-headers-2.6.32-5-sparc64 - Header files for Linux 2.6.32-5-sparc64
 linux-headers-2.6.32-5-sparc64-smp - Header files for Linux 
2.6.32-5-sparc64-smp
 linux-headers-2.6.32-5-versatile - Header files for Linux 2.6.32-5-versatile
 linux-headers-2.6.32-5-vserver-686-bigmem - Header files for Linux 
2.6.32-5-vserver-686-bigmem
 linux-headers-2.6.32-5-vserver-686 - Header files for Linux 
2.6.32-5-vserver-686
 linux-headers-2.6.32-5-vserver-amd64 - Header files for Linux 
2.6.32-5-vserver-amd64
 linux-headers-2.6.32-5-vserver-itanium - Header files for Linux 
2.6.32-5-vserver-itanium
 linux-headers-2.6.32-5-vserver-mckinley - Header files for Linux 
2.6.32-5-vserver-mckinley
 linux-headers-2.6.32-5-vserver-powerpc64 - Header files for Linux 
2.6.32-5-vserver-powerpc64
 linux-headers-2.6.32-5-vserver-powerpc - Header files for Linux 
2.6.32-5-vserver-powerpc
 linux-headers-2.6.32-5-vserver-s390x - Header files for Linux 
2.6.32-5-vserver-s390x
 linux-headers-2.6.32-5-vserver-sparc64 - Header files for Linux 
2.6.32-5-vserver-sparc64
 linux-headers-2.6.32-5-xen-686 - Header files for Linux 2.6.32-5-xen-686
 linux-headers-2.6.32-5-xen-amd64 - Header files for Linux 2.6.32-5-xen-amd64
 linux-image-2.6.32-5-486 - Linux 2.6.32 for old PCs
 linux-image-2.6.32-5-4kc-malta - Linux 2.6.32 for MIPS Malta
 linux-image-2.6.32-5-5kc-malta - Linux 2.6.32 for MIPS Malta (64-bit)
 linux-image-2.6.32-5-686-bigmem-dbg - Debugging infos for Linux 
2.6.32-5-686-bigmem
 linux-image-2.6.32-5-686-bigmem - Linux 2.6.32 for PCs with 4GB+ RAM
 linux-image-2.6.32-5-686 - Linux 2.6.32 for modern PCs
 linux-image-2.6.32-5-alpha-generic - Linux 2.6.32 for Alpha
 linux-image-2.6.32-5-alpha-legacy - Linux 2.6.32 for Alpha Legacy
 linux-image-2.6.32-5-alpha-smp - Linux 2.6.32 for Alpha SMP
 linux-image-2.6.32-5-amd64-dbg - Debugging infos for Linux 2.6.32-5-amd64
 linux-image-2.6.32-5-amd64 - Linux 2.6.32 for 64-bit PCs
 linux-image-2.6.32-5-amiga - Linux 2.6.32 for Amiga
 linux-image-2.6.32-5-atari - Linux 2.6.32 for Atari
 linux-image-2.6.32-5-bvme6000 - Linux 2.6.32 for BVM BVME4000 and BVME6000
 linux-image-2.6.32-5-iop32x - Linux 2.6.32 for IOP32x
 linux-image-2.6.32-5-itanium - Linux 2.6.32 for Itanium
 linux-image-2.6.32-5-ixp4xx - Linux 2.6.32 for IXP4xx
 linux-image-2.6.32-5-kirkwood - Linux 2.6.32 for Marvell Kirkwood
 linux-image-2.6.32-5-mac - Linux 2.6.32 for Macintosh
 linux-image-2.6.32-5-mckinley - Linux 2.6.32 for Itanium II
 linux-image-2.6.32-5-mvme147 - Linux 2.6.32 for Motorola MVME147
 linux-image-2.6.32-5-mvme16x - Linux 2.6.32 for Motorola MVME162/6/7, MVME172/7
 linux-image-2.6.32-5-openvz-686-dbg - Debugging infos for Linux 
2.6.32-5-openvz-686
 linux-image-2.6.32-5-openvz-686 - Linux 2.6.32 for modern PCs, OpenVZ support
 linux-image-2.6.32-5-openvz-amd64-dbg - Debugging infos for Linux 
2.6.32-5-openvz-amd64
 linux-image-2.6.32-5-openvz-amd64 - Linux 2.6.32 for 64-bit PCs, OpenVZ support
 linux-image-2.6.32-5-orion5x - Linux 2.6.32 for Marvell Orion
 linux-image-2.6.32-5-parisc64 - Linux 2.6.32 for 64-bit PA-RISC
 linux-image-2.6.32-5-parisc64-smp - Linux 2.6.32 for multiprocessor 64-bit 
PA-RISC
 linux-image-2.6.32-5-parisc - Linux 2.6.32 for 32-bit PA-RISC
 linux-image-2.6.32-5-parisc-smp - Linux 2.6.32 for multiprocessor 32-bit 
PA-RISC
 linux-image-2.6.32-5-powerpc64 - Linux 2.6.32 for 64-bit PowerPC
 linux-image-2.6.32-5-powerpc - Linux 2.6.32 for uniprocessor 32-bit PowerPC
 linux-image-2.6.32-5-powerpc-smp - Linux 2.6.32 for multiprocessor 32-bit 
PowerPC
 linux-image-2.6.32-5-r4k-ip22 - Linux 2.6.32 for SGI IP22
 linux-image-2.6.32-5-r5k-cobalt - Linux 2.6.32 for Cobalt
 linux-image-2.6.32-5-r5k-ip32 - Linux 2.6.32 for SGI IP32
 linux-image-2.6.32-5-s390x - Linux 2.6.32 for IBM zSeries
 linux-image-2.6.32-5-s390x-tape - Linux 2.6.32 for IBM zSeries, IPL from tape
 linux-image-2.6.32-5-sb1a-bcm91480b - Linux 2.6.32 for BCM91480B
 linux-image-2.6.32-5-sb1-bcm91250a - Linux 2.6.32 for BCM91250A
 linux-image-2.6.32-5-sh7751r - Linux 2.6.32 for sh7751r
 linux-image-2.6.32-5-sh7785lcr - Linux 2.6.32 for sh7785lcr
 linux-image-2.6.32-5-sparc64 - Linux 2.6.32 for uniprocessor 64-bit UltraSPARC
 linux-image-2.6.32-5-sparc64-smp - Linux 2.6.32 for multiprocessor 64-bit 
UltraSPARC
 linux-image-2.6.32-5-versatile - Linux 2.6.32 for Versatile
 linux-image-2.6.32-5-vserver-686-bigmem-dbg - Debugging infos for Linux 
2.6.32-5-vserver-686-bigmem
 linux-image-2.6.32-5-vserver-686-bigmem - Linux 2.6.32 for PCs with 4GB+ RAM, 
Linux-VServer support
 linux-image-2.6.32-5-vserver-686 - Linux 2.6.32 for modern PCs, Linux-VServer 
support
 linux-image-2.6.32-5-vserver-amd64-dbg - Debugging infos for Linux 
2.6.32-5-vserver-amd64
 linux-image-2.6.32-5-vserver-amd64 - Linux 2.6.32 for 64-bit PCs, 
Linux-VServer support
 linux-image-2.6.32-5-vserver-itanium - Linux 2.6.32 for Itanium, Linux-VServer 
support
 linux-image-2.6.32-5-vserver-mckinley - Linux 2.6.32 for Itanium II, 
Linux-VServer support
 linux-image-2.6.32-5-vserver-powerpc64 - Linux 2.6.32 for 64-bit PowerPC, 
Linux-VServer support
 linux-image-2.6.32-5-vserver-powerpc - Linux 2.6.32 for uniprocessor 32-bit 
PowerPC, Linux-VServer suppo
 linux-image-2.6.32-5-vserver-s390x - Linux 2.6.32 for IBM zSeries, 
Linux-VServer support
 linux-image-2.6.32-5-vserver-sparc64 - Linux 2.6.32 for uniprocessor 64-bit 
UltraSPARC, Linux-VServer su
 linux-image-2.6.32-5-xen-686-dbg - Debugging infos for Linux 2.6.32-5-xen-686
 linux-image-2.6.32-5-xen-686 - Linux 2.6.32 for modern PCs, Xen dom0 support
 linux-image-2.6.32-5-xen-amd64-dbg - Debugging infos for Linux 
2.6.32-5-xen-amd64
 linux-image-2.6.32-5-xen-amd64 - Linux 2.6.32 for 64-bit PCs, Xen dom0 support
 linux-libc-dev - Linux support headers for userspace development
 linux-manual-2.6.32 - Linux kernel API manual pages for version 2.6.32
 linux-patch-debian-2.6.32 - Debian patches to version 2.6.32 of the Linux 
kernel
 linux-source-2.6.32 - Linux kernel source for version 2.6.32 with Debian 
patches
 linux-support-2.6.32-5 - Support files for Linux 2.6.32
 linux-tools-2.6.32 - Performance analysis tools for Linux 2.6.32
 xen-linux-system-2.6.32-5-xen-686 - Xen system with Linux 2.6.32 on modern PCs 
(meta-package)
 xen-linux-system-2.6.32-5-xen-amd64 - Xen system with Linux 2.6.32 on 64-bit 
PCs (meta-package)
Changes: 
 linux-2.6 (2.6.32-31) stable; urgency=low
 .
   [ Ian Campbell ]
   * xen: blkback: fix potential leak of kernel thread. (CVE-2010-3699)
 .
   [ Moritz Muehlenhoff ]
   * rds: Fix rds_iovec page count overflow (CVE-2010-3865)
 .
   [ Ben Hutchings ]
   * tty: Fix information leaks from SIOCGICOUNT handlers (CVE-2010-4075,
     CVE-2010-4076, CVE-2010-4077)
   * bonding: Ensure that we unshare skbs prior to calling pskb_may_pull
     (Closes: #610838)
   * r8169: Keep firmware in memory (Closes: #609538)
   * linux-base: Convert LILO entries for /boot/vmlinuz, /boot/vmlinuz.old
     (Closes: #613200)
   * aufs: Fix VM race leading to kernel panic (Closes: #607879)
   * rt2500usb: Fall back to SW encryption for TKIP+AES (Closes: #611390)
   * Add longterm 2.6.32.29:
     - SCSI: Fix medium error problems with some arrays which can cause
       data corruption
     - ptrace: Use safer wake up on ptrace_detach()
     - [x86] mm: Avoid possible bogus TLB entries by clearing prev
       mm_cpumask after switching mm
     - sched: Fix softirq time accounting
     - sched: Use group weight, idle cpu metrics to fix imbalances during
       idle
     - [openvz,vserver] Revert sched changes since they conflict
   * Revert "USB: Prevent buggy hubs from crashing the USB stack", included
     in longterm 2.6.32.29 and reported to cause a regression
   * virtio_net: Further fixes for out-of-memory conditions (Closes: #603835)
     - Fix OOM handling on TX
     - Add schedule check to napi_enable call
   * af_unix: Limit recursion level of passing sockets through sockets
     (variant of CVE-2010-4249)
   * iowarrior: Don't trust report_size for buffer size (CVE-2010-4656)
   * drm: Fix unsigned vs signed comparison issue in modeset ctl ioctl
     (CVE-2011-1013)
   * brcm80211: Fix suspend/resume in brcmsmac (Closes: #600769, #604802)
   * brcm80211: Fix race between scanning and calibration on SMP
     (Closes: 602444)
   * drm/i915: Overlay on gen2 can't address above 1G
   * drm/i915: Fix memory corruption with GM965 and >4GB RAM
   * ipv6: Silence privacy extensions initialization (Closes: #590653)
   * [x86] Enable VT6656, loading firmware from a separate file (requires
     firmware-linux-nonfree 0.28+squeeze1) (Closes: #568454)
   * usbfs: Show correct speed for SuperSpeed USB devices (Closes: #613531)
   * drm/i915: Add pipe A force quirk for some laptops (Closes: #608148)
   * psmouse/elantech: Fix detection and decoding for newer Elantech
     touchpads (Closes: #613335)
 .
   [ dann frazier ]
   * xfs: Fix information leak using stale NFS handle (CVE-2010-2943)
   * CAN: Use inode instead of kernel address for /proc file (CVE-2010-4565)
 .
   [ maximilian attems]
   * Update openvz patch to feoktistov (ipv6, checkpointing, stability,
     ipsec, nfs, ppp, tc, ve). (closes: #607041, #613501, #613170)
   * HID: add support for Acan FG-8100 barcode reader. (closes: #615888)
   * Add longterm 2.6.32.30:
     - nfsd: Memory corruption due to writing beyond the stat array
     - av7110: check for negative array offset (CVE-2011-0521)
     - cred: Fix get_task_cred() and task_state() to not resurrect dead
       credentials
     - cred: Fix kernel panic upon security_file_alloc() failure
     - cred: Fix BUG() upon security_cred_alloc_blank() failure
     - cred: Fix memory and refcount leaks upon security_prepare_creds()
       failure
     - dm/raid1: Fail writes if errors are not handled and log fails
     - GFS2: Fix bmap allocation corner-case bug
     - [s390] remove task_show_regs (CVE-2011-0710)
     - PM/hibernate: Return error code when alloc_image_page() fails
     - fs/partitions: Validate map_count in Mac partition tables
       (CVE-2011-1010)
     - ALSA: caiaq - Fix possible string-buffer overflow (CVE-2011-0712)
     - acer-wmi, asus_acpi, tc1100-wmi: Restrict write permissions on files
       in procfs/sysfs
     - [x86] usbip/vhci: Update reference count for usb_device
     - [x86] usbip/vhci: Give back URBs from in-flight unlink requests
     - [x86] usbip/vhci: Refuse to enqueue for dead connections
     - epoll: Prevent creating circular epoll structures
     - fs/partitions/ldm: Corrupted partition table can cause kernel oops
     - xhci: Avoid BUG() in interrupt context
     - xhci: Fix errors in the running total calculations in the TRB math
     - xhci: Fix an error in count_sg_trbs_needed()
     - x25: Do not reference freed memory
   * Add longterm 2.6.32.31.
   * Add longterm 2.6.32.32-rc1:
     - netxen: fix set mac addr. (closes: #616058)
     - [xen] do not release any memory under 1M in domain 0. (closes: #613823)
     - virtio: set pci bus master enable bit. (closes: #610360)
     - sctp: Fix oops when sending queued ASCONF chunks (CVE-2010-1173).
     - drm/ttm: Fix two race conditions + fix busy codepaths (closes: #591061)
   * Add Slovak translation by Slavko. (closes: #608684)
   * Add drm changes from 2.6.32.28+drm33.13:
     - drm/i915: Add dependency on CONFIG_TMPFS.
     - drm/i915/lvds: Add AOpen i915GMm-HFS to the list of false-positive LVDS.
     - drm/radeon/kms: add pll debugging output.
     - drm/radeon/kms: add quirk for Mac Radeon HD 2600 card.
     - drm/radeon/kms: fix s/r issues with bios scratch regs.
     - drm/radeon/kms: make the mac rv630 quirk generic.
     - drm/radeon: remove 0x4243 pci id.
 .
   [ Aurelien Jarno ]
   * init: fix race between init and kthreadd, fixes a kernel panic on
     mips/5kc-malta.
   * mips/swarm: enable PATA drivers that have been lost during IDE -> PATA
     conversion.
 .
   [ Martin Michlmayr ]
   * Orion: add support for Buffalo LS-CHL (Closes: #590105).
   * Kirkwood: initialize PCIE1 for QNAP TS-419P+ (Closes: #613499).
 .
   [ Jurij Smakov ]
   * sparc: add sparc-console-handover.patch to address problems with
     console handover on sparc causing kernel to hang during boot on
     systems using atyfb driver.
     Thanks to Fabio M. Di Nitto <fabbi...@fabbione.net> for the patch.
     (Closes: #602853)
 .
   [ Bastian Blank ]
   * Add supportt for AMD Family 10h/11h CPU internal temperatur sensor.
     (closes: #614555)
Checksums-Sha1: 
 ba440b0dcfb8e3ecba608e4cea3bfa5acf76cfb9 6969 linux-2.6_2.6.32-31.dsc
 dbabb73fa2dc05ddfddf4182b9ca4db677bdb8a0 14545949 linux-2.6_2.6.32-31.diff.gz
 f1a13a756876c92b6488d0b7bb5515f18ef19012 159524 
linux-support-2.6.32-5_2.6.32-31_all.deb
 a7602b6da12abfcc520a86dd66120b4c7ca6d80d 147620 
firmware-linux-free_2.6.32-31_all.deb
 da6148241a124682440e613b33345576c23f3b5c 169566 linux-base_2.6.32-31_all.deb
 5ae884ac3cf7774f1bda42b89d9ae44d308eb130 7701932 
linux-patch-debian-2.6.32_2.6.32-31_all.deb
 b2932155fd9962ff98cecae045394bc964b0fac9 65054266 
linux-source-2.6.32_2.6.32-31_all.deb
 61edeedd18b302bb71984abeaa369a78c4779d92 6054660 
linux-doc-2.6.32_2.6.32-31_all.deb
 8d05c2389ec79725198cac2e843e03b61f8737f9 2728422 
linux-manual-2.6.32_2.6.32-31_all.deb
Checksums-Sha256: 
 c233469c11d4d2132c88862a472205a0aac277d0fb292f724d2935db8446a7b0 6969 
linux-2.6_2.6.32-31.dsc
 21b63e52aee0de85c83cae3ddce206f03d1a3a8b7a322aebaa6f03ac82992e8b 14545949 
linux-2.6_2.6.32-31.diff.gz
 af945a91ffbc0db3fe7393763db08cea2ba59cfa848b3da06df3109b6d967806 159524 
linux-support-2.6.32-5_2.6.32-31_all.deb
 802539aaa32e582d2a1c18ef5bb88ec9d4fd8c52ad83bd8bb6574522df01e887 147620 
firmware-linux-free_2.6.32-31_all.deb
 1d8ff28bf825cf13e55bd955b8304ad228f2e34d2dd2a8f2fade2801fa259537 169566 
linux-base_2.6.32-31_all.deb
 5e2a6946d4ce85236d982f30c418b1b8970290ae17556b8ce55659ba1030aacd 7701932 
linux-patch-debian-2.6.32_2.6.32-31_all.deb
 da7065e1faa1c6129441e5dfc41969389b93eb5a55754d20f10fd8d22038885b 65054266 
linux-source-2.6.32_2.6.32-31_all.deb
 b2fe62debe1aba059d4379363cb502e36349c17f0fb480c97e292528647701fb 6054660 
linux-doc-2.6.32_2.6.32-31_all.deb
 511b226a0a6680b9fd265051e11c2336f7cf63c83989d6cd8b84154ee825323f 2728422 
linux-manual-2.6.32_2.6.32-31_all.deb
Files: 
 7f1210eabc5a00094a52c1e0fab292b2 6969 kernel optional linux-2.6_2.6.32-31.dsc
 70806b556b2ec290156d6ad4748e0759 14545949 kernel optional 
linux-2.6_2.6.32-31.diff.gz
 2f13dcac5067aa6516afa3970119109b 159524 devel optional 
linux-support-2.6.32-5_2.6.32-31_all.deb
 deed6dc3ebb99e4a1675380ccdeecdb7 147620 kernel optional 
firmware-linux-free_2.6.32-31_all.deb
 4201c29037234c0be60eac54db2e6769 169566 kernel optional 
linux-base_2.6.32-31_all.deb
 d997377112089b010e605a05124e5e6b 7701932 kernel optional 
linux-patch-debian-2.6.32_2.6.32-31_all.deb
 3fca2c4170d9cce67bc377feec06d6c7 65054266 kernel optional 
linux-source-2.6.32_2.6.32-31_all.deb
 4d499f146638422395029f6eb1f116a1 6054660 doc optional 
linux-doc-2.6.32_2.6.32-31_all.deb
 c2c7798ebfbde7a3762e41b2d1e3ee14 2728422 doc optional 
linux-manual-2.6.32_2.6.32-31_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIVAwUBTXTb5ue/yOyVhhEJAQqiuA/+OlE0mzEvJMeeMZx5CECfsyWkLMtHfter
loaa3109pqWxdU9WHhD1VnyqAmuSDpQZJgspQnrvaDuPe5LwreJFSTg+kh24rAWL
o4vn6WYsTwf7N6b5QEqz2sjUOzvZbPCW/ioNZKDWEkZJO0M9pZAbv6UxrzJa5Bwr
Gs+qPAXRWRd1fQSipT1CxrB2pYkpZsAcDPlBWtEZdoUQUDhKxq39mqpJ/gMyoo2v
MjOt2eV8f4fatPz7hxZQ6d+gENa2ERqlgQG3u2rH3fncYGLjK/aICW4Vvm9hYcwz
A77r9KS4s9+dcXpOF3cSjcOoNyu2BGrJVV/vB+PYwV7hu1wfR9rW4Gj4qBAybCUF
3Gk1ywybYkKNBG0plzpblZFP0PX+ke+CmPWZ4WsOgsOckLKMDuGXLH4M+hLSLNJ1
qFVrdqJRZnGYwGu5doGTpl3DbiqyLi5IwE3kQbZSXO1bSS33AvgXFdta3J5WE4un
j3qJHJBHFpMYAQ9YB5lVYjVkIPl7/5COf6jlwG3l6sDrDbfgs6a4f71DDbvW/o0m
1LArvSgzmxyzzTuRzlcMv8ZKTXvxZ+Q0TpIK/RqU+42itwgFHVsJAlegIZT2MEiG
/+Pq4D/EF2IOy3nQH4IxtODfJ4T6Ny5zo+JYgXL3HFhhaeVOl7Xww0squr5zwsrm
83poDnDMJBE=
=T7Ti
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to