kernel-cn (3:4.19.0+cn10u1) stable; urgency=low * Izmjene za buster, ne briĊĦu se postavke iz /etc/modules i /etc/security/limits nakon brisanja paketa -- Zeljko Boros Wed, 05 Jul 2023 20:49:57 +0200 kernel-cn (3:4.9.0~cn0) stable; urgency=low * izmjene za stretch -- Ivan Rako Sat, 14 Jul 2018 20:05:31 +0200 kernel-cn (3:3.16.7~cn0) stable; urgency=low * izmjene za jessie -- Ivan Rako Sun, 21 Feb 2016 17:23:59 +0100 kernel-cn (3:3.2.1) stable; urgency=low * ne instaliraj na Xen DomU xvda/xvdb * maknut kernel.exec-shield sysctl grep viska * OTRS -> syshelp@carnet.hr -- Dinko Korunic Wed, 27 Nov 2013 10:37:47 +0100 kernel-cn (3:3.2.0) stable; urgency=low * izmjena imena iz kernel-2.6-cn u genericki kernel-cn * izmjene za Wheezy -- Dinko Korunic Wed, 23 Oct 2013 15:18:11 +0200 kernel-2.6-cn (3:2.6.32.1) stable; urgency=low * #14002: kernel-2.6-cn/lenny: koristiti /etc/sysctl.d/ * update paketa za Squeeze * lintian fixevi * Grub2 kompatibilnost * migracija sa udevsettle na udevadm settle * reload sysctl varijabli kroz init procps skriptu -- Dinko Korunic Thu, 28 Apr 2011 09:41:53 +0200 kernel-2.6-cn (3:2.6.26.6) stable; urgency=low * #10170: ukloniti konflikte s prethodnim kernelom * #10171: detektirati Layer7 prije upgrade-a * #10172: NEWS.CARNet za ExecShield, Layer7 * #10200: debian/postinst: here-doc quoting * #10199: Lintian greske/upozorenja * #10198: ExecShield wrapperi za grub, grub-probe -- Dinko Korunic Wed, 24 Feb 2010 12:12:08 +0100 kernel-2.6-cn (3:2.6.26-5) stable; urgency=low * depend o opcenitim/generickim kernel paketima umjesto specificnim inacicama -- Dinko Korunic Sat, 20 Feb 2010 18:03:18 +0100 kernel-2.6-cn (3:2.6.26-4) stable; urgency=low * nova inacica paketa koja prestaje ovisiti o ExecShield ojacanoj verziji, te ovisi iskljucivo o cistom Debian paketu -- Dinko Korunic Wed, 17 Feb 2010 18:43:22 +0100 kernel-2.6-cn (3:2.6.26-3) stable; urgency=low * Grub shell workaroundovi (divertovi) za ExecShield (grub i grub-probe) -- Dinko Korunic Wed, 03 Jun 2009 13:19:06 +0200 kernel-2.6-cn (3:2.6.26-2) stable; urgency=low * niz manjih izmjena u postinst rutinama za bolju detekciju root/boot deviceova, ispravke manjih gresaka, itd. -- Dinko Korunic Tue, 02 Jun 2009 21:26:05 +0200 kernel-2.6-cn (3:2.6.26-1) stable; urgency=high * novi upstream kernel (linux-image-2.6.26-2+cn1-*) * prvo izdanje za Lenny * paket koji radi na amd64 i na i386 arhitekturi -- Dinko Korunic Mon, 01 Jun 2009 14:17:52 +0200 kernel-2.6-cn (3:2.6.24-2) stable; urgency=high * novi upstream kernel (2.6.24-6~etchnhalf.8etch1+cn1) -- Dinko Korunic Sat, 9 May 2009 16:35:55 +0200 kernel-2.6-cn (3:2.6.24-1) stable; urgency=high * paket postaje virtualni paket koji ovisi o posebno gradjenom CARNet Debian kernelu (linux-image-2.6.24-etchnhalf.1-686-bigmem) koji je deriviran iz standardnog Debian kernela, ali su dodani ExecShield patchevi kao i Netfilter Layer 7 patchevi * omogucen TCP MD5 Signature (RFC 2385) * postavljen TCP Cubic kao defaultni TCP congestion algoritam * prelazak na novi Epoch -- Dinko Korunic Fri, 13 Feb 2009 15:05:21 +0100 kernel-2.6-cn (2:2.6.27.10-1) stable; urgency=high * novi upstream kernel: 2.6.27.10 (niz bitnih sigurnosnih popravaka naspram 2.6.26.3) * omogucen TCP MD5 Signature (RFC 2385) * pociscene nepotrebne opcije u LILO append parametru * omoguceni x86 PAT registri * povratak na SEGMEXEC zbog sporosti na Intel P4 procesorima (stariji posluzitelji) * omogucen Ext4 datotecni sustav -- Dinko Korunic Sat, 27 Dec 2008 13:24:12 +0100 kernel-2.6-cn (2:2.6.26.3-1) stable; urgency=high * novi upstream kernel: 2.6.26.3 (niz bitnih sigurnosnih popravaka naspram 2.6.24.7) * novi upstream patch: Grsecurity 2.1.12 * novi upstream patch: Layer7 2.20 * ciscenje nepotrebnih kernel postavki iz sysctl (kernel.rtsig-max, net.ipv4.tcp_syncookies) * nove sysctl postavke za TCP poboljsanja (net.core.rmem_default, net.core.wmem_default kao i net.ipv4.tcp_congestion_control) te sigurnost (vm.mmap_min_addr, kernel.maps_protect) * 4K stacks * par novih drivera (Marvel SATA/SAS, FlashPoint, SFF, SAS/SATA hubovi/ekspanderi, SoftRAID 4/5/6) * LILO konfiguracija sada sadrzi i plainold, prethodni non-Grsecurity kernel * popravljen bug u initrd init skripti (import skripte iz Etcha), te nadogradjeni svi binaryji koji se koriste unutar initrd preslike -- Dinko Korunic Mon, 8 Sep 2008 18:52:36 +0200 kernel-2.6-cn (2:2.6.24.7-2) stable; urgency=low * postinst za oidentd servis koristi oident:oident te reverta prethodne promjene ako je potrebno, s obzirom da je to u Etchu default -- Dinko Korunic Wed, 18 Jun 2008 12:54:08 +0200 kernel-2.6-cn (2:2.6.24.7-1) stable; urgency=high * novi upstream kernel: 2.6.24.7 (bitni sigurnosni popravci od 2.6.24.2: CVE-2008-1669, CVE-2008-1375, CVE-2008-1675) * opet je omogucen cijeli Grsecurity, te je upaljen i UDEREF * cfq elevator je default (zbog serverske namjene) * conflict sa libc6-i686 zbog mogucih OOPS-anja i rusenja servisa (problem sa SYSENTER) * LILO conf koristi memtest86+ (ako je prisutan), a ne obsolete memtest86 * ugasena mprotect zastita zbog kolizija sa Debian bibliotekama (gmp) i Sophos Sweep AV -- Dinko Korunic Thu, 22 May 2008 16:34:02 +0200 kernel-2.6-cn (2:2.6.24.2-2) stable; urgency=low * fix za postrm kernel-2.4-cn i kernel-cn * cfq elevator je sad default (zbog serverske namjene) * uljepsan ispis prilikom instalacije/deinstalacije paketa -- Dinko Korunic Tue, 26 Feb 2008 17:49:55 +0100 kernel-2.6-cn (2:2.6.24.2-1) stable; urgency=high * novi upstream kernel: 2.6.24.2 * novi upstream PaX patch: pax-linux-2.6.24.1-test12.patch * fix za: CVE-2008-0009, CVE-2008-0010 te CVE-2008-0600 -- Dinko Korunic Mon, 11 Feb 2008 17:23:02 +0100 kernel-2.6-cn (2:2.6.24-1) stable; urgency=high * novi upstream kernel: 2.6.24 * Grsecurity patch za 2.6.23.14 i dalje uzrokuje rusenje, a onaj za 2.6.24 ne postoji -- fallback na cisti PaX (pax-linux-2.6.24-test9.patch) * izbacivanje SATA-generic layera za PATA uredjaje i fallback na cisti nativni PATA layer (generic IDE uredjaji) -- Dinko Korunic Tue, 29 Jan 2008 18:53:47 +0100 kernel-2.6-cn (2:2.6.23.14-2) stable; urgency=high * rebuild zbog sluzbenog Grsecurity patcha za 2.6.23.14 -- Dinko Korunic Sat, 26 Jan 2008 12:52:35 +0100 kernel-2.6-cn (2:2.6.23.14-1) stable; urgency=high * novi upstream source -- kernel 2.6.23.14, ispravljen CVE-2008-0001 * nova PCI lista za module (pcimodules) * update dokumentacije (README.CARNet) * podrska za nove uredjaje: * mrezne kartice: Marvell Yukon 2/SysKonnect, Attansic L1 * SATA kontroleri: Initio 162x * ostalo: IEEE 1394 FireWire stack, KVM Intel/AMD -- Dinko Korunic Fri, 18 Jan 2008 20:42:36 +0100 kernel-2.6-cn (2:2.6.22.9-1) stable; urgency=low * novi upstream source -- kernel 2.6.22.9, grsecurity 2.1.11, layer7 2.13 * nova PCI lista za module (pcimodules) * update dokumentacije (README.CARNet) * izbacen src za initrd, nepotreban je sistemcima * koristimo irqbalance userspace servis umjesto zastarjelog u kernelu -- Dinko Korunic Wed, 17 Oct 2007 17:20:24 +0200 kernel-2.6-cn (2:2.6.22.6-1) stable; urgency=low * update dokumentacije (README.CARNet) * novi upstream source -- kernel 2.6.22.6 te grsecurity 2.1.11 * koristen gcc4 za izgradnju * nova PCI lista za module (pcimodules) -- Dinko Korunic Sun, 23 Sep 2007 22:52:56 +0200 kernel-2.6-cn (2:2.6.20.6-1) stable; urgency=low * 8-CPU podrska (npr. SMP quad-core Xeon) * HIGHMEM64G podrska (>= 4GB RAM) * IPsec podrska (transport, tunnel, BEET; AH, ESP, IPComp) za IPv4 i IPv6 * podrska za QLA iSCSI * Marvell PATA driver * multipath podrska (MD i DM) * VIA Velocity podrska, QLA3xxx podrska * watchdog podrska za i6300ESB, i8xx/Intel TCO * HID podrska, USB serial, USB monitor * ugasen ekstenzivni Grsecurity logging (problem spinlock OOPS) * release bez Layer7 podrske (nema svjezeg patcha za 2.6.20) * update dokumentacije (README.CARNet) -- Dinko Korunic Thu, 12 Apr 2007 00:22:35 +0200 kernel-2.6-cn (2:2.6.19.3-2) stable; urgency=low * dodani QLA i Emulex FC driveri * dependancy na svjezi LILO, modutils, module-init-tools, itd. * promijenjena procedura za detekciju boot uredjaja (LILO) * update dokumentacije (README.CARNet) -- Dinko Korunic Tue, 20 Feb 2007 21:42:57 +0100 kernel-2.6-cn (2:2.6.19.3-1) stable; urgency=high * novi kernel source [2.6.19.3] * novi Grsecurity patch [2.1.10] koji popravlja PaX expand_stack() ranjivost * nadogradjena pcilist uredjaja za automatsku HW detekciju -- Dinko Korunic Wed, 7 Feb 2007 15:15:06 +0100 kernel-2.6-cn (2:2.6.18.2-1) stable; urgency=high * novi kernel source [2.6.18.2] * Layer 7 Netfilter podrska * dodana dokumentacija za stealth modul * nadogradjena pcilist uredjaja za automatsku HW detekciju * uveden CONFIG_REGPARM * uvedeni POSIX ACL-ovi na datotecnim sustavima ih podrzavaju -- Dinko Korunic Thu, 23 Nov 2006 15:51:35 +0100 kernel-2.6-cn (2:2.6.17.8-1) stable; urgency=high * novi kernel source [2.6.17.8]: - CVE-2006-3468: Ext3 Invalid Inode Number Denial of Service - niz manjih popravki unutar jezgre -- Dinko Korunic Thu, 10 Aug 2006 15:14:40 +0200 kernel-2.6-cn (2:2.6.17.5-1) stable; urgency=high * novi kernel source [2.6.17.5]: - CVE-2006-2451: "prctl" Privilege Escalation Vulnerability - CVE-2006-2629: SMP "/proc" Race Condition Denial of Service - CVE-2006-2445: Race condition in run_posix_cpu_timers - CVE-2006-2071: Shared Memory Restrictions Bypass - CVE-2006-1862: Virtual memory implementation flaw causing DoS - CVE-2006-1860: "lease_init()" Denial of Service Vulnerability - CVE-2006-1859: "lease_init()" Denial of Service Vulnerability - CVE-2006-1525: "ip_route_input()" Denial of Service Vulnerability - CVE-2006-1524: Shared Memory Restrictions Bypass - CVE-2006-1523: "__group_complete_signal()" unknown impact - CVE-2006-1522: "__keyring_search_one()" Denial of Service - CVE-2006-1343: IPv4 "sockaddr_in.sin_zero" Information Disclosure - CVE-2006-1055: SYSFS Local Denial of Service Vulnerability - CVE-2006-0741: Local Denial of Service and Information Disclosure - CVE-2006-0557: "sys_mbind()" unknown impact - CVE-2006-0555: Local Denial of Service and Information Disclosure - CVE-2006-0454: "ip_options_echo()" Denial of Service Vulnerability - CVE-2006-0095: "dm-crypt()" Information Disclosure ... * nove rutine [pcimodules] za automatsko ucitavanje potrebnih modula * novi podrzani uredjaji: ServerRAID i it821x, itd. -- Dinko Korunic Mon, 17 Jul 2006 19:24:34 +0200 kernel-2.6-cn (2:2.6.14.7-2) stable; urgency=low * poboljsana podrska za noviji MPT Fusion driver - sada se ucitava u initrdu -- Dinko Korunic Thu, 16 Mar 2006 21:22:22 +0100 kernel-2.6-cn (2:2.6.14.7-1) stable; urgency=low * novi kernel source [2.6.14.7] * novi grsecurity [2.1.9] * nova imenicka shema kernel-2.4-cn za 2.4 kernel i kernel-2.6-cn za 2.6 jezgru -- Dinko Korunic Thu, 23 Feb 2006 18:41:46 +0100 kernel-cn (2:2.6.14.3-1) stable; urgency=low * novi kernel source [2.6.14.3] * novi grsecurity [2.1.7] -- Dinko Korunic Sat, 10 Dec 2005 15:02:50 +0100 kernel-cn (2:2.4.32-1) stable; urgency=low * novi kernel source [2.4.32-pre3] * novi grsecurity [2.1.7] * povratak nazad na prokusani i pouzdano radeci chpax -- Dinko Korunic Sat, 17 Sep 2005 13:54:46 +0200 kernel-cn (2:2.4.31-1) stable; urgency=low * novi kernel source [2.4.31] * novi grsecurity [2.1.6] * prelazak sa chpax na noviji paxctl mehanizam - TODO: uputstva za sistemce * prelazak na carnet-tools-cn funkcije -- Dinko Korunic Fri, 24 Jun 2005 11:08:29 +0200 kernel-cn (2:2.4.30-2) stable; urgency=high * dodani patchevi na 2.4.30 kernel: - CAN-2005-1263: ELF binary format loader's core dump function problem - 2.4.30-panic-if-more-than-one-moxa-2 - 2.4.30-bonding-rmmod-oops-1 - 2.4.30-madvise-must-return-EIO-1 - 2.4.30-rwsem-spinlocks-must-disable-interrupts-2 -- Dinko Korunic Sun, 29 May 2005 12:29:47 +0200 kernel-cn (2:2.4.30-1) stable; urgency=medium * nova upstream verzija kernela [2.4.30] - CAN-2005-0400: kernel memory leak in ext2 mkdir() - CAN-2005-0750: bluetooth range checking bug - CAN-2005-0794: potential DOS in load_elf_library. - CAN-2005-0815: range checking flaws in isofs * nova upstream verzija grsecurity dodatka [2.1.5] - rijesen mlock problem -- Dinko Korunic Fri, 22 Apr 2005 18:22:13 +0200 kernel-cn (2:2.4.29-3) stable; urgency=low * ciscenja skripti paketa: - sysctl.conf privremene datoteke se brisu - vraca se nivo logiranja poruka na konzolu na vrijednosti prije instalacije paketa - paket u slucaju nadogradnje ne mijenja konfiguracijske datoteke bez potrebe - ne dira se group bez potrebe, koristi se getent za pretrazivanje - dopisan Debian header u sysctl.conf - prilican broj manjih promjena u paketu -- Dinko Korunic Wed, 16 Mar 2005 23:40:35 +0100 kernel-cn (2:2.4.29-2) stable; urgency=high * rebuild, izbacen epoll radi stabilnijeg kernela * novi Grsecurity upstream source [2.1.2] - rijesen Grsecurity sigurnosni bug sa PAGEEXEC - izbacene ISN i ostale randomizacije -- Dinko Korunic Sun, 6 Mar 2005 12:49:15 +0100 kernel-cn (2:2.4.29-1) stable; urgency=high * novi upstream source [2.4.29] * SEC izdanje zbog niza sigurnosnih rupa: - uselib() ranjivost [CAN-2004-1235], - x86/SMP page fault handler ranjivost [CAN-2005-0001] -- Dinko Korunic Thu, 27 Jan 2005 10:19:01 +0100 kernel-cn (2:2.4.28-2) stable; urgency=high * novi upstream source [2.4.28] * novi grsec [2.1.0] * SEC izdanje zbog niza sigurnosnih rupa: http://grsecurity.net/news.php#grsec210 * dodan bridge modul * dodana podrska za poznatije SATA kontrolere -- Dinko Korunic Sat, 8 Jan 2005 13:55:40 +0100 kernel-cn (2:2.4.28-1) stable; urgency=high * novi upstream source [2.4.28-rc3] * novi grsec [2.0.2] * SEC izdanje zbog popravljenih binfmt_elf bugova -- Dinko Korunic Tue, 16 Nov 2004 14:27:58 +0100 kernel-cn (2:2.4.27-2) stable; urgency=low * dodao sym53c8xx seriju kontrolaca u kernel -- Dinko Korunic Wed, 1 Sep 2004 18:56:22 +0200 kernel-cn (2:2.4.27-1) stable; urgency=high * novi upstream sourcevi, sredjeni niz kernel bugova u <= 2.4.26: CAN-2004-0495 (Al Viro sparse fixes) CAN-2004-0497 (users could modify group ID of arbitrary files on the system) CAN-2004-0535 (e1000 minor info leak) CAN-2004-0685 (backported Conectiva usb sparse fixes) CAN-2004-0415 (file offset pointer handling race) CAN-2004-0565 (information leak ia64) -- Dinko Korunic Wed, 11 Aug 2004 00:33:24 +0200 kernel-cn (2:2.4.26-4) stable; urgency=medium * privremeno zaobisao gr_handle_chroot_setpriority() bug koji bi rusio kernel pri mijenjanju prioriteta chroot()-anim procesima -- Dinko Korunic Wed, 30 Jun 2004 15:24:04 +0200 kernel-cn (2:2.4.26-3) stable; urgency=high * popravljena "heap overflow" kernel greska koja omogucava DoS korisnicima sa shell pristupom -- Dinko Korunic Wed, 16 Jun 2004 19:09:47 +0200 kernel-cn (2:2.4.26-2) stable; urgency=low * brzi fixup za chpax, jer PT_* interface ne radi * par poboljsanja postinst skripte: rotirajuci backupovi u /var/backups, ocuvanje postojecih varijabli u /etc/sysctl.conf, atomicke operacije -- Dinko Korunic Tue, 20 Apr 2004 21:08:33 +0200 kernel-cn (2:2.4.26-1) stable; urgency=low * novi upstream source * popravljeno par kriticnijih bugova: do_fork() memory leak, moguce iso9660 symlink prepunjavanje spremnika * popravljeni bugovi standardne kriticnosti: niz IPv6 popravki, niz ACPI popravki koje zahvacaju i Proliante izmedju ostaloga (http://bugzilla.kernel.org/show_bug.cgi?id=1590), nesto SCSI i USB popravki, popravak Tigon3 modula, NFS fix, niz Sparc popravki -- Dinko Korunic Thu, 15 Apr 2004 19:13:17 +0200 kernel-cn (2:2.4.25-1) stable; urgency=high * novi upstream source - kriticni root exploit za 2.4.* kernele * sk98lin driver * chpax -> paxctl, ostavio symlink -- Dinko Korunic Tue, 24 Feb 2004 21:02:55 +0100 kernel-cn (2.4.24-1) stable; urgency=high * novi upstream source - kriticni root exploit za 2.* kernele -- Dinko Korunic Mon, 5 Jan 2004 16:35:12 +0100 kernel-cn (2.4.23-3) stable; urgency=medium * oops, updateao /lib/modules/2.4.23-grsec ispravno ovaj put * pocisceni initrd, redirekcija u /dev/null ucitavanja modula, itd. -- Dinko Korunic Fri, 12 Dec 2003 12:05:47 +0100 kernel-cn (2.4.23-2) stable; urgency=low * dodana detekcija uredjaja koji se nalaze na MPT na obicnom SCSI prikljucku * dodan driver za Broadcom Tigon3 mrezne kartice -- Dinko Korunic Tue, 9 Dec 2003 12:00:51 +0100 kernel-cn (2.4.23-1) stable; urgency=high * novi 2.4.23 kernel koji donosi raznorazne popravke, kao i za zloglasni do_brk() root exploit * sluzbeni MegaRAID2 patch je sada u kernelu, pa vise nije rucno upatchiran * noviji Grsecurity (1.9.13) * novi gradm i chpax * kernel testiran na vecinu exploita pomocu paxtest; jedini problemi koji nisu rijeseni su return-into-libc koristeci pokazivace, odnosno problemi koji se inace rjesavaju ET_DYN zastitom -- Dinko Korunic Wed, 3 Dec 2003 02:22:07 +0100 kernel-cn (2.4.22-10) stable; urgency=medium * IDE detekcija se pokazala da ne funkcionira ako su IDE moduli, te je IDE odjeljak prebacen u kernel * u initrdu se sada automatski ucitavaju i MPT* moduli, kao i CCISS i CPQArray te AIC79xx * grsec i non-grsec kerneli od sada dijele isti initrd * initrd sada nosi i cjeloviti drivers/ i fs/ odjeljak modula, te modules.dep i modules.conf koji bi trebali omoguciti bolju automatsku detekciju * dodan 3c59x driver po zahtjevu * dodan epoll patch i epoll device (http://www.xmailserver.org/linux-patches/nio-improve.html) * kompilirano sa 2.95 gccom, zbog mogucih problema sa korisnickim 2.95-kompiliranim kernel modulima * initrd ima potpuniju listu modula * od sada kernel-cn nosi u /usr/src potpuni template za vlastiti initrd (grsec i non-grsec) * napravljena autodetekcija root i boot uredjaja za lilo.conf -- Dinko Korunic Mon, 17 Nov 2003 17:22:13 +0100 kernel-cn (2.4.22-9) stable; urgency=high * razrijesen problem sa Koncar SoftRAID-om -> RAID ce raditi za racunala koja imaju md0 = sd{a,b}2, kao sto nalaze install kuharica * dodana IDE detekcija u modules -- Dinko Korunic Wed, 22 Oct 2003 21:40:11 +0200 kernel-cn (2.4.22-8) stable; urgency=low * nova verzija glavnog paketa * izvorni kod je patchiran sa novijim MegaRAID driverom * modularizirana je podrska za ekstra SCSI hardver * kompletno je pripremljen za potrebe rekompilacije * sustav se dize pomocu initrd, tako da se potreban hardver detektira tijekom podizanja sustava * testirano na Koncar, Compaq Proliant i DELL PowerEdge racunalima -- Dinko Korunic Mon, 20 Oct 2003 14:37:41 +0200