Bryan Kadzban wrote: > Bruce Dubbs wrote: > http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git;a=commitdiff;h=c40ca2aab8a3d3ba213b7b174cb2c90bd3b51235 > > Look vaguely familiar? :-) See also that particular commit ID (search > the page for it) in: > > http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.6 > >>> Please, please, patch the kernel to fix this issue, and please stop >>> LFS from being exploited. > > It's not. > >> Thanks for the heads up. I don't think this is an emergency though. >> New kernels are released pretty regularly. I think that 2.6.31.7 >> and/or 2.6.32.0 will be released in the next day or two. At that >> point we can update -dev. > > No point. The fix is already in 2.6.31.6...
Thanks Bryan. I didn't look that close enough. > It's not in any of the changelogs (yet) for 2.6.30.x or 2.6.29.x, but > that's not entirely surprising since neither of those are maintained > anymore, either. Not sure what that means for the 6.5 book. (Maybe an > errata saying 2.6.31.6 and newer work, and have a fix for this bug?) Yes, it means we need to add an entry to the website errata page for stable LFS-6.5. We use 2.6.30.2 there. The latest in that series is 2.6.30.9, but I don't see fs/pipe.c in the patch: http://www.kernel.org/diff/diffview.cgi?file=/pub/linux/kernel/v2.6/patch-2.6.30.9.bz2 As you said, that series looks like it stopped being maintained October 5th. I think we just need to say to use the latest in the 2.6.31 series. > It *is* in the 2.6.27.39 changelog, but that's missing a few newer > features too; I don't think we can roll back that far, given udev. Agree. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
