kernel-image-2.4.17-ia64 (011226.17) stable-security; urgency=high
 
  * Non-maintainer upload by the Security Team
  * Apply patch for CAN-2004-0003 (potential local root exploit in r128)
  * Apply patch for CAN-2004-0010 (potential local root exploit in ncpfs)
  * Apply patch for CAN-2004-0109 (potential local root exploit in isofs)
  * Apply patch for CAN-2004-0177 (information leak in ext3)
  * Apply patch for CAN-2004-0178 (DoS in sound)
 
 -- dann frazier <dannf@debian.org>  Sun, 11 Apr 2004 13:08:18 -0600

kernel-image-2.4.17-ia64 (011226.16) stable-security; urgency=high
 
  * Non-maintainer upload by the Security Team
  * Applied patch by Andrea Arcangeli to fix a VMA limit local local privilege
    escalation vulnerability, discovered by Paul Starzetz (CAN-2004-0077)
 
 -- dann frazier <dannf@debian.org>  Mon, 16 Feb 2004 18:32:08 -0700

kernel-image-2.4.17-ia64 (011226.15) stable-security; urgency=high
 
  * Non-maintainer upload by the Security Team
  * Applied patch by Andrea Arcangeli to fix local priviledge escalation
    discovered by Paul Starzetz (CAN-2003-0985)
 
 -- Jeff Bailey <jbailey@nisa.net>  Mon,  5 Jan 2004 22:51:55 +0000

kernel-image-2.4.17-ia64 (011226.14.1) stable-security; urgency=high

  * Non-maintainer upload
  * Security: Backport of an additional zlib double free fix from
    the kernel-source-2.4.18 package.  A cut & paste of the changelog entry:
      * Fixed remaining double free in
         drivers/net/zlib.c
         fs/jffs2/zlib.c
  * Security: Backport of security fixes included in kernel-source-2.4.18
    version 2.4.18-6 through 2.4.18-14.  These patches include the ptrace
    and do_brk patches from the previous release.  Here's a copy of the
    changelog entries.
  
      * Added TASK_SIZE check to do_brk in mm/mmap.c.
      * Fixed steal_locks race introduced in 2.4.18-10:
        . fs/binfmt_elf.c
        . fs/exec.c
      * Fixed is_dumpable crash in include/linux/sched.h.
        This was introduced back in 2.4.18-7 but was exacerbated by 2.4.18-10.
      * Fixed signed comparison in fs/nfsd/nfs3xdr.c (2.4.21).
      * Made /proc/tty/driver root-only (CAN-2003-0461):
        . include/linux/proc_fs.h
        . fs/proc/generic.c
        . fs/proc/proc_tty.c
      * Fixed exec file handling semantics (CAN-2003-0462, CAN-2003-0476):
        . fs/binfmt_elf.c
        . fs/exec.c
        . fs/locks.c
        . include/linux/fs.h
        . kernel/fork.c
      * Fixed unchecked copy_to_user in fs/proc/proc_misc.c.
      * Fixed ptrace/proc bug in fs/proc/base.c (CAN-2003-0501).
      * Fixed bridging security issues (CAN-2003-055[012]):
        . net/bridge/br_fdb.c
        . net/bridge/br_if.c
        . net/bridge/br_input.c
        . net/bridge/br_private.h
        . net/bridge/br_stp_bpdu.c
      * Fixed boundary check in net/core/filter.c (Patrick McHardy).
      * Disabled O_DIRECT (CAN-2003-0018):
        . fs/fcntl.c
        . fs/open.c
      * Fixed user space copying bugs in drivers/sound/cmpci.c (bk).
      * Fixed mxcsr security hole in arch/i386/kernel/i387.c (2.5.70).
      * Fixed TIOCCONS and writing to /dev/console (2.4.21rc7):
        . drivers/char/tty_io.c
        . include/linux/tty.h
      * Fixed hashing exploits in fragment processing (2.4.21rc7).
      * Included linux/compiler.h in include/linux/kernel.h.
      * Fixed TSS I/O bitmap initialisation in arch/i386/kernel/ioport.c.
      * Fixed hashing exploits in network stack (David S. Miller).
      * Fixed ethernet packet padding information leak (2.4ac, see #176178):
        . 3c501
        . 3c505
        . 3c507
        . 3c523
        . 3c527
        . 7990
        . 8139too
        . 82596
        . 8390
        . a2065
        . am79c961a
        . ariadne
        . at1700
        . atarilance
        . atp
        . bagetlance
        . de600
        . de620
        . declance
        . depca
        . eepro
        . eexpress
        . epic100
        . eth16i
        . fmv18x
        . hp100
        . lance
        . lasi_82596
        . lp486e
        . ni5010
        . ni52
        . ni65
        . axnet_cs
        . fmvj18x_cs
        . ray_cs
        . xirc2ps_cs
        . xircom_tulip_cb
        . seeq8005
        . sgiseeq
        . sk_g16
        . smc9194
        . sun3_82586
        . sun3lance
        . via-rhine
        . wavelan
        . yellowfin
        . znet
      * Fixed ptrace security hole (see #185375).
      * Fixed i386 lcall DoS (Petr Vandrovec).
  
 -- dann frazier <dannf@dannf.org>  Sat,  6 Dec 2003 02:59:22 -0700

kernel-image-2.4.17-ia64 (011226.14) stable-security; urgency=high

  * include ptrace security patch
  * include do_brk security patch

 -- dann frazier <dannf@dannf.org>  Sun, 30 Nov 2003 14:21:28 -0700

kernel-image-2.4.17-ia64 (011226.13) unstable; urgency=low

  * turn off CONFIG_SERIAL_ACPI_CONSOLE_DETECT in mckinley* configs

 -- Bdale Garbee <bdale@gag.com>  Tue,  2 Apr 2002 11:58:23 -0700

kernel-image-2.4.17-ia64 (011226.12) unstable; urgency=low

  * small patch to fix a problem with GUID byte order in /proc/efi/vars

 -- Bdale Garbee <bdale@gag.com>  Tue,  2 Apr 2002 08:19:27 -0700

kernel-image-2.4.17-ia64 (011226.11) unstable; urgency=low

  * new ZX1 enablement patch set from HP LSO
  * add GPT fixup patch from Matt Domsch via Richard Hirst
  * add patch for access to last sector on odd-sector-count disks, so parted
    can support GPT on those disks too
  * add patch from Herbert Xu for zlib double free problem
  * config file tweaks

 -- Bdale Garbee <bdale@gag.com>  Mon,  1 Apr 2002 20:40:56 -0700

kernel-image-2.4.17-ia64 (011226.10) unstable; urgency=low

  * patch to disable interrupts on HP proto GSP cards to solve console hangs

 -- Bdale Garbee <bdale@gag.com>  Thu, 28 Feb 2002 21:30:00 -0700

kernel-image-2.4.17-ia64 (011226.9) unstable; urgency=low

  * add e1000 driver, now that it's GPL'ed!

 -- Bdale Garbee <bdale@gag.com>  Mon, 25 Feb 2002 21:20:22 -0700

kernel-image-2.4.17-ia64 (011226.8) unstable; urgency=low

  * freshen bcm patch to -3 version from ggg, fix MCA on ifconfig down
  * new patch set from HP LSO, fixes a problem with /dev/ttyS5 

 -- Bdale Garbee <bdale@gag.com>  Mon, 25 Feb 2002 15:13:12 -0700

kernel-image-2.4.17-ia64 (011226.7) unstable; urgency=low

  * fresh patch set from HP LSO
  * enable CONFIG_SERIAL_ACPI_CONSOLE_DETECT in mckinley configs
  * change ext3 from a module to kernel-resident
  * change broadcom driver from module to kernel-resident

 -- Bdale Garbee <bdale@gag.com>  Sun, 24 Feb 2002 00:17:30 -0700

kernel-image-2.4.17-ia64 (011226.6) unstable; urgency=low

  * lose radeonfb from kernel configs, it has pointer vs int problems
  * lose mga drm module since it's crashing when autoloaded by X
  * change lsi1030 from module to kernel resident

 -- Bdale Garbee <bdale@gag.com>  Wed, 20 Feb 2002 22:48:32 -0700

kernel-image-2.4.17-ia64 (011226.5) unstable; urgency=low

  * newer broadcom patch
  * increase CONFIG_SCSI_NCR53C8XX_SYNC from 20 to 80
  * restructure source package for neatness

 -- Bdale Garbee <bdale@gag.com>  Thu, 14 Feb 2002 02:49:24 -0700

kernel-image-2.4.17-ia64 (011226.4) unstable; urgency=low

  * updated patch for hplso.
  * added eepro100 RxHang patch.
  * added mpt-2.00.08-2.4.17.diff
  * removed patch.vmlinux.lds.S, patch.up, patch.ipv6, patch.strpbrk,
    patch.cache_wback, included in hplso patch

 -- Richard Hirst <rhirst@linuxcare.com>  Mon, 11 Feb 2002 15:25:53 +0000

kernel-image-2.4.17-ia64 (011226.3.1) unstable; urgency=low

  * add patch for access to last sector on odd-sector-count disks, so parted
    can support GPT on those disks too
  * add patch from Herbert Xu for zlib double free problem

 -- Bdale Garbee <bdale@gag.com>  Thu, 14 Mar 2002 12:14:36 -0700

kernel-image-2.4.17-ia64 (011226.3) unstable; urgency=low

  * updated patch for vmlinux.lds.S so we can use current binutils,
    closes: #128529, #128631
  * add patch to enable DVD+RW support for HP dvd100i and equivalent drives
    from http://fy.chalmers.se/~appro/linux/DVD+RW/

 -- Bdale Garbee <bdale@gag.com>  Wed, 30 Jan 2002 00:15:56 -0700

kernel-image-2.4.17-ia64 (011226.2) unstable; urgency=low

  * update kernel configs to set CONFIG_PACKET back to y instead of m 

 -- Bdale Garbee <bdale@gag.com>  Thu, 17 Jan 2002 21:51:49 -0700

kernel-image-2.4.17-ia64 (011226.1) unstable; urgency=low

  * updated kernel configs to build more things as modules, along with a
    pair of small patches required to support the config changes

 -- Bdale Garbee <bdale@gag.com>  Wed, 16 Jan 2002 20:44:45 -0700

kernel-image-2.4.17-ia64 (011226.0) unstable; urgency=low

  * initial release of kernel image packages based on 2.4.17
  * build-depend on older binutils that is known to work until we can figure
    out what the problem with latest binutils is (eeeewwwwww...)
  * include HP patches for McKinley system enablement
  * include Broadcom NetXtreme BCM5700 Gigabit Ethernet driver
  * enable FireWire drivers in arch/ia64/config.in
  * update config files to enable more drivers, most built as modules

 -- Bdale Garbee <bdale@gag.com>  Thu, 10 Jan 2002 01:29:23 -0700

