1 kernel-2.6-cn (3:2.6.26-4) stable; urgency=low
3 * nova inacica paketa koja prestaje ovisiti o ExecShield ojacanoj verziji,
4 te ovisi iskljucivo o cistom Debian paketu
6 -- Dinko Korunic <kreator@carnet.hr> Wed, 17 Feb 2010 18:43:22 +0100
8 kernel-2.6-cn (3:2.6.26-3) stable; urgency=low
10 * Grub shell workaroundovi (divertovi) za ExecShield (grub i grub-probe)
12 -- Dinko Korunic <kreator@carnet.hr> Wed, 03 Jun 2009 13:19:06 +0200
14 kernel-2.6-cn (3:2.6.26-2) stable; urgency=low
16 * niz manjih izmjena u postinst rutinama za bolju detekciju root/boot
17 deviceova, ispravke manjih gresaka, itd.
19 -- Dinko Korunic <kreator@carnet.hr> Tue, 02 Jun 2009 21:26:05 +0200
21 kernel-2.6-cn (3:2.6.26-1) stable; urgency=high
23 * novi upstream kernel (linux-image-2.6.26-2+cn1-*)
24 * prvo izdanje za Lenny
25 * paket koji radi na amd64 i na i386 arhitekturi
27 -- Dinko Korunic <kreator@carnet.hr> Mon, 01 Jun 2009 14:17:52 +0200
29 kernel-2.6-cn (3:2.6.24-2) stable; urgency=high
31 * novi upstream kernel (2.6.24-6~etchnhalf.8etch1+cn1)
33 -- Dinko Korunic <kreator@carnet.hr> Sat, 9 May 2009 16:35:55 +0200
35 kernel-2.6-cn (3:2.6.24-1) stable; urgency=high
37 * paket postaje virtualni paket koji ovisi o posebno gradjenom CARNet Debian
38 kernelu (linux-image-2.6.24-etchnhalf.1-686-bigmem) koji je deriviran iz
39 standardnog Debian kernela, ali su dodani ExecShield patchevi kao i
40 Netfilter Layer 7 patchevi
41 * omogucen TCP MD5 Signature (RFC 2385)
42 * postavljen TCP Cubic kao defaultni TCP congestion algoritam
43 * prelazak na novi Epoch
45 -- Dinko Korunic <kreator@carnet.hr> Fri, 13 Feb 2009 15:05:21 +0100
47 kernel-2.6-cn (2:2.6.27.10-1) stable; urgency=high
49 * novi upstream kernel: 2.6.27.10 (niz bitnih sigurnosnih popravaka naspram
51 * omogucen TCP MD5 Signature (RFC 2385)
52 * pociscene nepotrebne opcije u LILO append parametru
53 * omoguceni x86 PAT registri
54 * povratak na SEGMEXEC zbog sporosti na Intel P4 procesorima (stariji
56 * omogucen Ext4 datotecni sustav
58 -- Dinko Korunic <kreator@carnet.hr> Sat, 27 Dec 2008 13:24:12 +0100
60 kernel-2.6-cn (2:2.6.26.3-1) stable; urgency=high
62 * novi upstream kernel: 2.6.26.3 (niz bitnih sigurnosnih popravaka naspram
64 * novi upstream patch: Grsecurity 2.1.12
65 * novi upstream patch: Layer7 2.20
66 * ciscenje nepotrebnih kernel postavki iz sysctl (kernel.rtsig-max,
67 net.ipv4.tcp_syncookies)
68 * nove sysctl postavke za TCP poboljsanja (net.core.rmem_default,
69 net.core.wmem_default kao i net.ipv4.tcp_congestion_control) te sigurnost
70 (vm.mmap_min_addr, kernel.maps_protect)
72 * par novih drivera (Marvel SATA/SAS, FlashPoint, SFF, SAS/SATA
73 hubovi/ekspanderi, SoftRAID 4/5/6)
74 * LILO konfiguracija sada sadrzi i plainold, prethodni non-Grsecurity kernel
75 * popravljen bug u initrd init skripti (import skripte iz Etcha), te
76 nadogradjeni svi binaryji koji se koriste unutar initrd preslike
78 -- Dinko Korunic <kreator@carnet.hr> Mon, 8 Sep 2008 18:52:36 +0200
80 kernel-2.6-cn (2:2.6.24.7-2) stable; urgency=low
82 * postinst za oidentd servis koristi oident:oident te reverta prethodne
83 promjene ako je potrebno, s obzirom da je to u Etchu default
85 -- Dinko Korunic <kreator@carnet.hr> Wed, 18 Jun 2008 12:54:08 +0200
87 kernel-2.6-cn (2:2.6.24.7-1) stable; urgency=high
89 * novi upstream kernel: 2.6.24.7 (bitni sigurnosni popravci od 2.6.24.2:
90 CVE-2008-1669, CVE-2008-1375, CVE-2008-1675)
91 * opet je omogucen cijeli Grsecurity, te je upaljen i UDEREF
92 * cfq elevator je default (zbog serverske namjene)
93 * conflict sa libc6-i686 zbog mogucih OOPS-anja i rusenja servisa (problem
95 * LILO conf koristi memtest86+ (ako je prisutan), a ne obsolete memtest86
96 * ugasena mprotect zastita zbog kolizija sa Debian bibliotekama (gmp) i
99 -- Dinko Korunic <kreator@carnet.hr> Thu, 22 May 2008 16:34:02 +0200
101 kernel-2.6-cn (2:2.6.24.2-2) stable; urgency=low
103 * fix za postrm kernel-2.4-cn i kernel-cn
104 * cfq elevator je sad default (zbog serverske namjene)
105 * uljepsan ispis prilikom instalacije/deinstalacije paketa
107 -- Dinko Korunic <kreator@carnet.hr> Tue, 26 Feb 2008 17:49:55 +0100
109 kernel-2.6-cn (2:2.6.24.2-1) stable; urgency=high
111 * novi upstream kernel: 2.6.24.2
112 * novi upstream PaX patch: pax-linux-2.6.24.1-test12.patch
113 * fix za: CVE-2008-0009, CVE-2008-0010 te CVE-2008-0600
115 -- Dinko Korunic <kreator@carnet.hr> Mon, 11 Feb 2008 17:23:02 +0100
117 kernel-2.6-cn (2:2.6.24-1) stable; urgency=high
119 * novi upstream kernel: 2.6.24
120 * Grsecurity patch za 2.6.23.14 i dalje uzrokuje rusenje, a onaj za
121 2.6.24 ne postoji -- fallback na cisti PaX
122 (pax-linux-2.6.24-test9.patch)
123 * izbacivanje SATA-generic layera za PATA uredjaje i fallback na cisti
124 nativni PATA layer (generic IDE uredjaji)
126 -- Dinko Korunic <kreator@carnet.hr> Tue, 29 Jan 2008 18:53:47 +0100
128 kernel-2.6-cn (2:2.6.23.14-2) stable; urgency=high
130 * rebuild zbog sluzbenog Grsecurity patcha za 2.6.23.14
132 -- Dinko Korunic <kreator@carnet.hr> Sat, 26 Jan 2008 12:52:35 +0100
134 kernel-2.6-cn (2:2.6.23.14-1) stable; urgency=high
136 * novi upstream source -- kernel 2.6.23.14, ispravljen CVE-2008-0001
137 * nova PCI lista za module (pcimodules)
138 * update dokumentacije (README.CARNet)
139 * podrska za nove uredjaje:
140 * mrezne kartice: Marvell Yukon 2/SysKonnect, Attansic L1
141 * SATA kontroleri: Initio 162x
142 * ostalo: IEEE 1394 FireWire stack, KVM Intel/AMD
144 -- Dinko Korunic <kreator@carnet.hr> Fri, 18 Jan 2008 20:42:36 +0100
146 kernel-2.6-cn (2:2.6.22.9-1) stable; urgency=low
148 * novi upstream source -- kernel 2.6.22.9, grsecurity 2.1.11, layer7 2.13
149 * nova PCI lista za module (pcimodules)
150 * update dokumentacije (README.CARNet)
151 * izbacen src za initrd, nepotreban je sistemcima
152 * koristimo irqbalance userspace servis umjesto zastarjelog u kernelu
154 -- Dinko Korunic <kreator@carnet.hr> Wed, 17 Oct 2007 17:20:24 +0200
156 kernel-2.6-cn (2:2.6.22.6-1) stable; urgency=low
158 * update dokumentacije (README.CARNet)
159 * novi upstream source -- kernel 2.6.22.6 te grsecurity 2.1.11
160 * koristen gcc4 za izgradnju
161 * nova PCI lista za module (pcimodules)
163 -- Dinko Korunic <kreator@carnet.hr> Sun, 23 Sep 2007 22:52:56 +0200
165 kernel-2.6-cn (2:2.6.20.6-1) stable; urgency=low
167 * 8-CPU podrska (npr. SMP quad-core Xeon)
168 * HIGHMEM64G podrska (>= 4GB RAM)
169 * IPsec podrska (transport, tunnel, BEET; AH, ESP, IPComp) za IPv4 i IPv6
170 * podrska za QLA iSCSI
171 * Marvell PATA driver
172 * multipath podrska (MD i DM)
173 * VIA Velocity podrska, QLA3xxx podrska
174 * watchdog podrska za i6300ESB, i8xx/Intel TCO
175 * HID podrska, USB serial, USB monitor
176 * ugasen ekstenzivni Grsecurity logging (problem spinlock OOPS)
177 * release bez Layer7 podrske (nema svjezeg patcha za 2.6.20)
178 * update dokumentacije (README.CARNet)
180 -- Dinko Korunic <kreator@carnet.hr> Thu, 12 Apr 2007 00:22:35 +0200
182 kernel-2.6-cn (2:2.6.19.3-2) stable; urgency=low
184 * dodani QLA i Emulex FC driveri
185 * dependancy na svjezi LILO, modutils, module-init-tools, itd.
186 * promijenjena procedura za detekciju boot uredjaja (LILO)
187 * update dokumentacije (README.CARNet)
189 -- Dinko Korunic <kreator@carnet.hr> Tue, 20 Feb 2007 21:42:57 +0100
191 kernel-2.6-cn (2:2.6.19.3-1) stable; urgency=high
193 * novi kernel source [2.6.19.3]
194 * novi Grsecurity patch [2.1.10] koji popravlja PaX expand_stack()
196 * nadogradjena pcilist uredjaja za automatsku HW detekciju
198 -- Dinko Korunic <kreator@carnet.hr> Wed, 7 Feb 2007 15:15:06 +0100
200 kernel-2.6-cn (2:2.6.18.2-1) stable; urgency=high
202 * novi kernel source [2.6.18.2]
203 * Layer 7 Netfilter podrska
204 * dodana dokumentacija za stealth modul
205 * nadogradjena pcilist uredjaja za automatsku HW detekciju
206 * uveden CONFIG_REGPARM
207 * uvedeni POSIX ACL-ovi na datotecnim sustavima ih podrzavaju
209 -- Dinko Korunic <kreator@carnet.hr> Thu, 23 Nov 2006 15:51:35 +0100
211 kernel-2.6-cn (2:2.6.17.8-1) stable; urgency=high
213 * novi kernel source [2.6.17.8]:
214 - CVE-2006-3468: Ext3 Invalid Inode Number Denial of Service
215 - niz manjih popravki unutar jezgre
217 -- Dinko Korunic <kreator@srce.hr> Thu, 10 Aug 2006 15:14:40 +0200
219 kernel-2.6-cn (2:2.6.17.5-1) stable; urgency=high
221 * novi kernel source [2.6.17.5]:
222 - CVE-2006-2451: "prctl" Privilege Escalation Vulnerability
223 - CVE-2006-2629: SMP "/proc" Race Condition Denial of Service
224 - CVE-2006-2445: Race condition in run_posix_cpu_timers
225 - CVE-2006-2071: Shared Memory Restrictions Bypass
226 - CVE-2006-1862: Virtual memory implementation flaw causing DoS
227 - CVE-2006-1860: "lease_init()" Denial of Service Vulnerability
228 - CVE-2006-1859: "lease_init()" Denial of Service Vulnerability
229 - CVE-2006-1525: "ip_route_input()" Denial of Service Vulnerability
230 - CVE-2006-1524: Shared Memory Restrictions Bypass
231 - CVE-2006-1523: "__group_complete_signal()" unknown impact
232 - CVE-2006-1522: "__keyring_search_one()" Denial of Service
233 - CVE-2006-1343: IPv4 "sockaddr_in.sin_zero" Information Disclosure
234 - CVE-2006-1055: SYSFS Local Denial of Service Vulnerability
235 - CVE-2006-0741: Local Denial of Service and Information Disclosure
236 - CVE-2006-0557: "sys_mbind()" unknown impact
237 - CVE-2006-0555: Local Denial of Service and Information Disclosure
238 - CVE-2006-0454: "ip_options_echo()" Denial of Service Vulnerability
239 - CVE-2006-0095: "dm-crypt()" Information Disclosure
241 * nove rutine [pcimodules] za automatsko ucitavanje potrebnih modula
242 * novi podrzani uredjaji: ServerRAID i it821x, itd.
244 -- Dinko Korunic <kreator@srce.hr> Mon, 17 Jul 2006 19:24:34 +0200
246 kernel-2.6-cn (2:2.6.14.7-2) stable; urgency=low
248 * poboljsana podrska za noviji MPT Fusion driver - sada
251 -- Dinko Korunic <kreator@srce.hr> Thu, 16 Mar 2006 21:22:22 +0100
253 kernel-2.6-cn (2:2.6.14.7-1) stable; urgency=low
255 * novi kernel source [2.6.14.7]
256 * novi grsecurity [2.1.9]
257 * nova imenicka shema kernel-2.4-cn za 2.4 kernel i kernel-2.6-cn za 2.6
260 -- Dinko Korunic <kreator@srce.hr> Thu, 23 Feb 2006 18:41:46 +0100
262 kernel-cn (2:2.6.14.3-1) stable; urgency=low
264 * novi kernel source [2.6.14.3]
265 * novi grsecurity [2.1.7]
267 -- Dinko Korunic <kreator@srce.hr> Sat, 10 Dec 2005 15:02:50 +0100
269 kernel-cn (2:2.4.32-1) stable; urgency=low
271 * novi kernel source [2.4.32-pre3]
272 * novi grsecurity [2.1.7]
273 * povratak nazad na prokusani i pouzdano radeci chpax
275 -- Dinko Korunic <kreator@srce.hr> Sat, 17 Sep 2005 13:54:46 +0200
277 kernel-cn (2:2.4.31-1) stable; urgency=low
279 * novi kernel source [2.4.31]
280 * novi grsecurity [2.1.6]
281 * prelazak sa chpax na noviji paxctl mehanizam
282 - TODO: uputstva za sistemce
283 * prelazak na carnet-tools-cn funkcije
285 -- Dinko Korunic <kreator@srce.hr> Fri, 24 Jun 2005 11:08:29 +0200
287 kernel-cn (2:2.4.30-2) stable; urgency=high
289 * dodani patchevi na 2.4.30 kernel:
290 - CAN-2005-1263: ELF binary format loader's core dump function problem
291 - 2.4.30-panic-if-more-than-one-moxa-2
292 - 2.4.30-bonding-rmmod-oops-1
293 - 2.4.30-madvise-must-return-EIO-1
294 - 2.4.30-rwsem-spinlocks-must-disable-interrupts-2
296 -- Dinko Korunic <kreator@srce.hr> Sun, 29 May 2005 12:29:47 +0200
298 kernel-cn (2:2.4.30-1) stable; urgency=medium
300 * nova upstream verzija kernela [2.4.30]
301 - CAN-2005-0400: kernel memory leak in ext2 mkdir()
302 - CAN-2005-0750: bluetooth range checking bug
303 - CAN-2005-0794: potential DOS in load_elf_library.
304 - CAN-2005-0815: range checking flaws in isofs
305 * nova upstream verzija grsecurity dodatka [2.1.5]
306 - rijesen mlock problem
308 -- Dinko Korunic <kreator@srce.hr> Fri, 22 Apr 2005 18:22:13 +0200
310 kernel-cn (2:2.4.29-3) stable; urgency=low
312 * ciscenja skripti paketa:
313 - sysctl.conf privremene datoteke se brisu
314 - vraca se nivo logiranja poruka na konzolu na vrijednosti prije
316 - paket u slucaju nadogradnje ne mijenja konfiguracijske datoteke bez
318 - ne dira se group bez potrebe, koristi se getent za pretrazivanje
319 - dopisan Debian header u sysctl.conf
320 - prilican broj manjih promjena u paketu
322 -- Dinko Korunic <kreator@srce.hr> Wed, 16 Mar 2005 23:40:35 +0100
324 kernel-cn (2:2.4.29-2) stable; urgency=high
326 * rebuild, izbacen epoll radi stabilnijeg kernela
327 * novi Grsecurity upstream source [2.1.2]
328 - rijesen Grsecurity sigurnosni bug sa PAGEEXEC
329 - izbacene ISN i ostale randomizacije
331 -- Dinko Korunic <kreator@srce.hr> Sun, 6 Mar 2005 12:49:15 +0100
333 kernel-cn (2:2.4.29-1) stable; urgency=high
335 * novi upstream source [2.4.29]
336 * SEC izdanje zbog niza sigurnosnih rupa:
337 - uselib() ranjivost [CAN-2004-1235],
338 - x86/SMP page fault handler ranjivost [CAN-2005-0001]
340 -- Dinko Korunic <kreator@srce.hr> Thu, 27 Jan 2005 10:19:01 +0100
342 kernel-cn (2:2.4.28-2) stable; urgency=high
344 * novi upstream source [2.4.28]
346 * SEC izdanje zbog niza sigurnosnih rupa:
347 http://grsecurity.net/news.php#grsec210
349 * dodana podrska za poznatije SATA kontrolere
351 -- Dinko Korunic <kreator@srce.hr> Sat, 8 Jan 2005 13:55:40 +0100
353 kernel-cn (2:2.4.28-1) stable; urgency=high
355 * novi upstream source [2.4.28-rc3]
357 * SEC izdanje zbog popravljenih binfmt_elf bugova
359 -- Dinko Korunic <kreator@srce.hr> Tue, 16 Nov 2004 14:27:58 +0100
361 kernel-cn (2:2.4.27-2) stable; urgency=low
363 * dodao sym53c8xx seriju kontrolaca u kernel
365 -- Dinko Korunic <kreator@srce.hr> Wed, 1 Sep 2004 18:56:22 +0200
367 kernel-cn (2:2.4.27-1) stable; urgency=high
369 * novi upstream sourcevi, sredjeni niz kernel bugova u <= 2.4.26:
370 CAN-2004-0495 (Al Viro sparse fixes)
371 CAN-2004-0497 (users could modify group ID of arbitrary files on the
373 CAN-2004-0535 (e1000 minor info leak)
374 CAN-2004-0685 (backported Conectiva usb sparse fixes)
375 CAN-2004-0415 (file offset pointer handling race)
376 CAN-2004-0565 (information leak ia64)
378 -- Dinko Korunic <kreator@srce.hr> Wed, 11 Aug 2004 00:33:24 +0200
380 kernel-cn (2:2.4.26-4) stable; urgency=medium
382 * privremeno zaobisao gr_handle_chroot_setpriority() bug koji bi rusio
383 kernel pri mijenjanju prioriteta chroot()-anim procesima
385 -- Dinko Korunic <kreator@srce.hr> Wed, 30 Jun 2004 15:24:04 +0200
387 kernel-cn (2:2.4.26-3) stable; urgency=high
389 * popravljena "heap overflow" kernel greska koja omogucava DoS korisnicima
392 -- Dinko Korunic <kreator@srce.hr> Wed, 16 Jun 2004 19:09:47 +0200
394 kernel-cn (2:2.4.26-2) stable; urgency=low
396 * brzi fixup za chpax, jer PT_* interface ne radi
397 * par poboljsanja postinst skripte: rotirajuci backupovi u /var/backups,
398 ocuvanje postojecih varijabli u /etc/sysctl.conf, atomicke operacije
400 -- Dinko Korunic <kreator@srce.hr> Tue, 20 Apr 2004 21:08:33 +0200
402 kernel-cn (2:2.4.26-1) stable; urgency=low
404 * novi upstream source
405 * popravljeno par kriticnijih bugova: do_fork() memory leak, moguce iso9660
406 symlink prepunjavanje spremnika
407 * popravljeni bugovi standardne kriticnosti:
408 niz IPv6 popravki, niz ACPI popravki koje zahvacaju i Proliante izmedju
409 ostaloga (http://bugzilla.kernel.org/show_bug.cgi?id=1590), nesto SCSI i
410 USB popravki, popravak Tigon3 modula, NFS fix, niz Sparc popravki
412 -- Dinko Korunic <kreator@srce.hr> Thu, 15 Apr 2004 19:13:17 +0200
414 kernel-cn (2:2.4.25-1) stable; urgency=high
416 * novi upstream source - kriticni root exploit za 2.4.* kernele
418 * chpax -> paxctl, ostavio symlink
420 -- Dinko Korunic <kreator@srce.hr> Tue, 24 Feb 2004 21:02:55 +0100
422 kernel-cn (2.4.24-1) stable; urgency=high
424 * novi upstream source - kriticni root exploit za 2.* kernele
426 -- Dinko Korunic <kreator@srce.hr> Mon, 5 Jan 2004 16:35:12 +0100
428 kernel-cn (2.4.23-3) stable; urgency=medium
430 * oops, updateao /lib/modules/2.4.23-grsec ispravno ovaj put
431 * pocisceni initrd, redirekcija u /dev/null ucitavanja modula, itd.
433 -- Dinko Korunic <kreator@srce.hr> Fri, 12 Dec 2003 12:05:47 +0100
435 kernel-cn (2.4.23-2) stable; urgency=low
437 * dodana detekcija uredjaja koji se nalaze na MPT na obicnom
439 * dodan driver za Broadcom Tigon3 mrezne kartice
441 -- Dinko Korunic <kreator@srce.hr> Tue, 9 Dec 2003 12:00:51 +0100
443 kernel-cn (2.4.23-1) stable; urgency=high
445 * novi 2.4.23 kernel koji donosi raznorazne popravke, kao i za zloglasni
446 do_brk() root exploit
447 * sluzbeni MegaRAID2 patch je sada u kernelu, pa vise nije
449 * noviji Grsecurity (1.9.13)
451 * kernel testiran na vecinu exploita pomocu paxtest; jedini problemi
452 koji nisu rijeseni su return-into-libc koristeci pokazivace, odnosno
453 problemi koji se inace rjesavaju ET_DYN zastitom
455 -- Dinko Korunic <kreator@srce.hr> Wed, 3 Dec 2003 02:22:07 +0100
457 kernel-cn (2.4.22-10) stable; urgency=medium
459 * IDE detekcija se pokazala da ne funkcionira ako su IDE moduli, te je IDE
460 odjeljak prebacen u kernel
461 * u initrdu se sada automatski ucitavaju i MPT* moduli, kao i CCISS i
463 * grsec i non-grsec kerneli od sada dijele isti initrd
464 * initrd sada nosi i cjeloviti drivers/ i fs/ odjeljak modula, te
465 modules.dep i modules.conf koji bi trebali omoguciti bolju automatsku
467 * dodan 3c59x driver po zahtjevu
468 * dodan epoll patch i epoll device
469 (http://www.xmailserver.org/linux-patches/nio-improve.html)
470 * kompilirano sa 2.95 gccom, zbog mogucih problema sa korisnickim
471 2.95-kompiliranim kernel modulima
472 * initrd ima potpuniju listu modula
473 * od sada kernel-cn nosi u /usr/src potpuni template za vlastiti initrd
475 * napravljena autodetekcija root i boot uredjaja za lilo.conf
477 -- Dinko Korunic <kreator@srce.hr> Mon, 17 Nov 2003 17:22:13 +0100
479 kernel-cn (2.4.22-9) stable; urgency=high
481 * razrijesen problem sa Koncar SoftRAID-om -> RAID ce raditi
482 za racunala koja imaju md0 = sd{a,b}2, kao sto nalaze install
484 * dodana IDE detekcija u modules
486 -- Dinko Korunic <kreator@srce.hr> Wed, 22 Oct 2003 21:40:11 +0200
488 kernel-cn (2.4.22-8) stable; urgency=low
490 * nova verzija glavnog paketa
491 * izvorni kod je patchiran sa novijim MegaRAID driverom
492 * modularizirana je podrska za ekstra SCSI hardver
493 * kompletno je pripremljen za potrebe rekompilacije
494 * sustav se dize pomocu initrd, tako da se potreban hardver detektira
495 tijekom podizanja sustava
496 * testirano na Koncar, Compaq Proliant i DELL PowerEdge racunalima
498 -- Dinko Korunic <kreator@srce.hr> Mon, 20 Oct 2003 14:37:41 +0200