fai-kernels (1.9.1sarge3) stable-security; urgency=high

  * NMU by the Security Team
  * Build against kernel-tree-2.6.8-16sarge4
    * proc-environ-race-1.dpatch, proc-environ-race-2.dpatch
      [SECURITY] Fix local root vulnerability caused by a race in proc
      See CVE-2006-3626

 -- dann frazier <dannf@debian.org>  Mon, 17 Jul 2006 18:48:10 -0600

fai-kernels (1.9.1sarge2) stable-security; urgency=high

  * NMU by the Security Team
  * Build against kernel-tree-2.4.27-10sarge3:
    * 207_smbfs-chroot-escape.diff
      [SECURITY] Fix directory traversal vulnerability in smbfs that permits
      local users to escape chroot restrictions
      See CVE-2006-1864
    * 208_ia64-die_if_kernel-returns.diff
      [SECURITY][ia64] Fix a potential local DoS on ia64 systems caused by
      an incorrect 'noreturn' attribute on die_if_kernel()
      See CVE-2006-0742
    * 209_sctp-discard-unexpected-in-closed.diff
      [SECURITY] Fix remote DoS in SCTP code by discarding unexpected chunks
      received in CLOSED state instead of calling BUG()
      See CVE-2006-2271
    * 210_ipv4-id-no-increment.diff
      [SECURITY] Fix vulnerability that allows remote attackers to conduct an
      Idle Scan attack, bypassing intended protections against such attacks
      See CVE-2006-1242
    * 211_usb-gadget-rndis-bufoverflow.diff
      [SECURITY] Fix buffer overflow in the USB Gadget RNDIS implementation
      that allows for a remote DoS attack (kmalloc'd memory corruption)
      See CVE-2006-1368
    * 212_ipv4-sin_zero_clear.diff
      [SECURITY] Fix local information leak in af_inet code
      See CVE-2006-1343
    * 213_madvise_remove-restrict.diff
      [SECURITY] Fix vulnerability that allows local users to bypass IPC
      permissions and replace portions of read-only tmpfs files with zeroes.
      See CVE-2006-1524
    * 214_mcast-ip-route-null-deref.diff
      [SECURITY] Fix local DoS vulnerability that allows local users to panic
      a system by requesting a route for a multicast IP
      See CVE-2006-1525
    * 215_sctp-fragment-recurse.diff
      [SECURITY] Fix remote DoS vulnerability that can lead to infinite
      recursion when a packet containing two or more DATA fragments is received
      See CVE-2006-2274
    * 216_sctp-fragmented-receive-fix.diff
      [SECURITY] Fix remote DoS vulnerability that allows IP fragmented
      COOKIE_ECHO and HEARTBEAT SCTP control chunks to cause a kernel panic
      See CVE-2006-2272
    * 217_amd64-fp-reg-leak.diff
      [SECURITY][amd64] Fix an information leak that allows a process to see
      a portion of the floating point state of other processes, possibly
      exposing sensitive information.
      See CVE-2006-1056
    * 218_do_add_counters-race.diff
      [SECURITY] Fix race condition in the do_add_counters() function in
      netfilter that allows local users with CAP_NET_ADMIN capabilities to
      read kernel memory
      See CVE-2006-0039
    * 219_sctp-hb-ack-overflow.diff
      [SECURITY] Fix a remote buffer overflow that can result from a badly
      formatted HB-ACK chunk
      See CVE-2006-1857
    * 220_sctp-param-bound-checks.diff
      [SECURITY] Fix a bound checking error (remote DoS) in the SCTP parameter
      checking code
      See CVE-2006-1858
    * 221_netfilter-do_replace-overflow.diff
      [SECURITY] Fix buffer overflow in netfilter do_replace which can could
      be triggered by users with CAP_NET_ADMIN rights.
      See CVE-2006-0038
    * 222_binfmt-bad-elf-entry-address.diff
      [SECURITY][amd64] Fix potential local DoS vulnerability in the binfmt_elf
      code on em64t processors
      See CVE-2006-0741
  * Build against kernel-tree-2.6.8-16sarge3:
    * net-protocol-mod-refcounts-pre.dpatch, net-protocol-mod-refcounts.dpatch
      [SECURITY] Fix potential DoS (panic) cause by inconsistent reference
      counting in network protocol modules.
      See CVE-2005-3359
    * netfilter-do_replace-overflow.dpatch
      [SECURITY] Fix buffer overflow in netfilter do_replace which can could
      be triggered by users with CAP_NET_ADMIN rights.
      See CVE-2006-0038
    * sys_mbind-sanity-checking.dpatch
      [SECURITY] Make sure maxnodes is safe size before calculating nlongs in
      get_nodes() to prevent a local DoS vulnerability.
      See CVE-2006-0557
    * smbfs-chroot-escape.dpatch
      [SECURITY] Fix directory traversal vulnerability in smbfs that permits
      local users to escape chroot restrictions
      See CVE-2006-1864
    * perfmon-exit-race.dpatch
      [SECURITY][ia64] Fix local denial of service vulnerability (oops) in
      the ia64 perfmon subsystem
      See CVE-2006-0558
    * ia64-die_if_kernel-returns.dpatch
      [SECURITY][ia64] Fix a potential local DoS on ia64 systems caused by
      an incorrect 'noreturn' attribute on die_if_kernel()
      See CVE-2006-0742
    * smbfs-chroot-escape.dpatch
      [SECURITY] Fix directory traversal vulnerability in smbfs that permits
      local users to escape chroot restrictions
      See CVE-2006-1863
    * binfmt-bad-elf-entry-address.dpatch
      [SECURITY][amd64] Fix potential local DoS vulnerability in the binfmt_elf
      code on em64t processors
      See CVE-2006-0741
    * em64t-uncanonical-return-addr.dpatch
      [SECURITY][amd64] Fix local DoS vulnerability on em64t systems that
      arises when returning program control using SYSRET
      See CVE-2006-0744
    * sctp-discard-unexpected-in-closed.dpatch
      [SECURITY] Fix remote DoS in SCTP code by discarding unexpected chunks
      received in CLOSED state instead of calling BUG()
      See CVE-2006-2271
    * ipv4-id-no-increment.dpatch
      [SECURITY] Fix vulnerability that allows remote attackers to conduct an
      Idle Scan attack, bypassing intended protections against such attacks
      See CVE-2006-1242
    * usb-gadget-rndis-bufoverflow.dpatch
      [SECURITY] Fix buffer overflow in the USB Gadget RNDIS implementation that
      allows for a remote DoS attack (kmalloc'd memory corruption)
      See CVE-2006-1368
    * group_complete_signal-BUG_ON.dpatch
      [SECURITY] Fix improper use of BUG_ON in __group_complete_signal()
      See CVE-2006-1523
    * madvise_remove-restrict.dpatch
      [SECURITY] Fix vulnerability that allows local users to bypass IPC
      permissions and replace portions of read-only tmpfs files with zeroes.
      See CVE-2006-1524
    * mcast-ip-route-null-deref.dpatch
      [SECURITY] Fix local DoS vulnerability that allows local users to panic
      a system by requesting a route for a multicast IP
      See CVE-2006-1525
    * sctp-fragment-recurse.dpatch
      [SECURITY] Fix remote DoS vulnerability that can lead to infinite
      recursion when a packet containing two or more DATA fragments is received
      See CVE-2006-2274
    * sctp-fragmented-receive-fix.dpatch
      [SECURITY] Fix remote DoS vulnerability that allows IP fragmented
      COOKIE_ECHO and HEARTBEAT SCTP control chunks to cause a kernel panic
      See CVE-2006-2272
    * amd64-fp-reg-leak-dep[1-3].dpatch, amd64-fp-reg-leak.dpatch
      [SECURITY][amd64] Fix an information leak that allows a process to see
      a portion of the floating point state of other processes, possibly
      exposing sensitive information.
      See CVE-2006-1056
    * do_add_counters-race.dpatch
      [SECURITY] Fix race condition in the do_add_counters() function in
      netfilter that allows local users with CAP_NET_ADMIN capabilities to
      read kernel memory
      See CVE-2006-0039
    * s390-strnlen_user-return.dpatch
      [SECURITY][s390] Fix local DoS on s390 that may result from strnlen_user
      returning a value that is too large
      See CVE-2006-0456
    * xfs-ftruncate-leak.dpatch
      [SECURITY] Fix leak in the ftruncate call in the XFS filesystem that may
      permit local users to view sensitive information
      See CVE-2006-0554
    * nfs-another-O_DIRECT-fix.dpatch
      [SECURITY] Fix a potential local DoS vulnerability in the NFS O_DIRECT
      code
      See CVE-2006-0555
    * sctp-hb-ack-overflow.dpatch
      [SECURITY] Fix a remote buffer overflow that can result from a badly
      formatted HB-ACK chunk
      See CVE-2006-1857
    * sctp-param-bound-checks.dpatch
      [SECURITY] Fix a bound checking error (remote DoS) in the SCTP parameter
      checking code
      See CVE-2006-1858

 -- dann frazier <dannf@debian.org>  Sat, 10 Jun 2006 12:12:24 -0600

fai-kernels (1.9.1sarge1) stable-security; urgency=high

  * NMU by the Security Team
  * Rebuild against kernel-tree-2.6.8-16sarge2 and kernel-tree-2.4.27-10sarge2
  * Don't export PATCH_THE_KERNEL=Yes - the kernel-source is already patched
  * Add build-dep on module-init-tools

 -- dann frazier <dannf@debian.org>  Mon, 27 Feb 2006 20:32:09 -0700

fai-kernels (1.9.1) unstable; urgency=high

  * recompile with new kernel sources
  * use kernel-tree-2.6.8-16 and kernel-tree-2.4.27-10

 -- Thomas Lange <lange@debian.org>  Tue, 31 May 2005 14:33:16 +0200

fai-kernels (1.9) unstable; urgency=high

  * provide kernel patchlevel in Build-depends to easier track security
    issues (closes: #297811)
  * build-depends on kernel-tree packges with abi version number
  * added README.security-updates, README.non-i386
  * prepare the rules files to support powerpc
  * added powerpc-kernel-configs
  * rules: set PATCH_THE_KERNEL=YES, so kernel-sources will be patched

 -- Thomas Lange <lange@debian.org>  Fri,  8 Apr 2005 16:05:45 +0200

fai-kernels (1.8.2) unstable; urgency=low

  * add SATA support for 2.4 kernel (closes: 286854)
  * add IA32_EMULATION (only usefull on x86-64)
  * disable math emulation to make kernel fit on a floppy (for 2.6 kernel)
  * ps2 mouse and serial mouse as module, disable autofs support (2.6 kernel)
  * rules: include file versions which sets the variables kversion and
    kversion24
  * disable HAMACHI and ARCNET in both kernel configs
  * enable options which are needed for fai bootcd kernel
  * use gcc 3.3.5 for compilation
  
 -- Thomas Lange <lange@debian.org>  Fri,  7 Jan 2005 11:58:37 +0100

fai-kernels (1.8.1) unstable; urgency=low

  * add POSIX ACL support for 2.4 kernel (closes: #279871)
  * add ReiserFS ACL support for 2.6 kernel

 -- Thomas Lange <lange@debian.org>  Tue,  9 Nov 2004 11:23:32 +0100

fai-kernels (1.8) unstable; urgency=medium

  * use kernel 2.4.27 and 2.6.8 (closes: #271244)
  * disable coda fs
  * added xfs for 2.4 kernel
  * added some network drivers
  * copy kernel config for 2.6 kernel to doc directory

 -- Thomas Lange <lange@debian.org>  Mon, 13 Sep 2004 11:20:35 +0200

fai-kernels (1.7.1) unstable; urgency=low

  * add Promise IDE drivers
  * add SATA drivers to 2.6 kernel

 -- Thomas Lange <lange@debian.org>  Tue,  3 Aug 2004 21:14:22 +0200

fai-kernels (1.7) unstable; urgency=low

  * use 2.4.26 kernel
  * add config for 2.6.7 kernel
  * add aic79xx scsi driver (closes: #241278)
  * control: reformat extended description

 -- Thomas Lange <lange@debian.org>  Thu, 22 Jul 2004 13:49:50 +0200

fai-kernels (1.6) unstable; urgency=low

  * use 2.4.24 kernel
  * rules: add --append-to-version, copy kernel config to doc directory,
    move value of DH_COMPAT in rules to new compat file
  * fai-kernel-config-2.4: add 3Com typhoon drivers, remove some PCMCIA
    drivers, enable highmem support
  * file kernel-version removed, set version in debian/rules
  
 -- Thomas Lange <lange@debian.org>  Tue,  3 Feb 2004 15:47:46 +0100

fai-kernels (1.5.3) unstable; urgency=low

  * add dependency on modutils (closes: #190895)

 -- Thomas Lange <lange@debian.org>  Tue, 29 Apr 2003 15:59:15 +0200

fai-kernels (1.5.2) unstable; urgency=high

  * kernel configuration now build with make oldconfig instead of
    make menuconfig (closes: #188633)
  * dependency on libncurses5-dev is not needed any more
  * add NEWS file
  
 -- Thomas Lange <lange@debian.org>  Wed, 23 Apr 2003 14:46:58 +0200

fai-kernels (1.5.1) unstable; urgency=low

  * add more network drivers for gigabit cards
  * README: list some network card drivers and their size, if someone need
    more space on the boot floppy

 -- Thomas Lange <lange@debian.org>  Mon,  7 Apr 2003 11:08:09 +0200

fai-kernels (1.5) unstable; urgency=low

  * use 2.4.20 kernel
  * debian/rules: build target only builds kernel version 2.4.x
  * debian/control: remove dependency on kernel-source-2.2.20
  * remove frame buffer support (and the penguin logo)
  * SCSI and IDE drivers are only availavle as modules
  * build target does not need root privileges (closes: #167102)
  * add build dependencies in control file
  * use new Intel NIC drivers, add tulip NIC driver
  * remove NFS server and quota support
  * ext2, loop, floppy now as modules
  * use even more kernel modules to reduce the size of the kernel image
  * disable FDDI drivers
  
 -- Thomas Lange <lange@debian.org>  Thu,  6 Feb 2003 15:53:45 +0100

fai-kernels (1.4) unstable; urgency=medium

  * remove setting of DEB_HOST_ARCH in rules file (closes: #146107)
  * add build-depends on bin86
  * merge the two 2.2.20 kernels to one that support both BOOTP and DHCP
  * override obsolete 1.3 version of this package, but add 2.4 kernel support

 -- Thomas Lange <lange@debian.org>  Thu, 16 May 2002 14:30:34 +0200

fai-kernels (1.3) unstable; urgency=low

  * add README to the Debian package
  * add info how to compile a 2.4.X kernel
  * new kernel-config-2.4 file
  * kernel 2.4.18 included in package
  
 -- Thomas Lange <lange@debian.org>  Wed,  8 May 2002 12:58:16 +0200

fai-kernels (1.2) unstable; urgency=low

  * update for kernel 2.2.20

 -- Thomas Lange <lange@debian.org>  Thu, 11 Apr 2002 11:45:47 +0200

fai-kernels (1.1.5) unstable; urgency=low

  * package depends on kernel-source-2.2.19 (closes: #133584)
  * use RTL8139TOO ethernet driver instead of RTL8139
  * added via-rhine ethernet driver
  
 -- Thomas Lange <lange@debian.org>  Mon, 18 Feb 2002 14:59:55 +0100

fai-kernels (1.1.4) unstable; urgency=low

  * add build-depends (closes: #123716)
  * don't use option I with tar, instead use a pipe and bzcat
  * Standards update to 3.5.6

 -- Thomas Lange <lange@debian.org>  Wed,  2 Jan 2002 15:08:13 +0100

fai-kernels (1.1.3) unstable; urgency=low

  * added driver for Promise IDE controlle (needs kernel boot parameter)

 -- Thomas Lange <lange@debian.org>  Fri, 16 Nov 2001 13:48:46 +0100

fai-kernels (1.1.2) unstable; urgency=low

  * kernel configuration slightly changed
  * added serial console support

 -- Thomas Lange <lange@debian.org>  Thu,  4 Oct 2001 13:01:46 +0200

fai-kernels (1.1.1) unstable; urgency=low

  * Build-Depends to kernel-source without version number (closes:
    #102040, #98117)

 -- Thomas Lange <lange@debian.org>  Mon, 23 Jul 2001 11:19:59 +0200

fai-kernels (1.1) unstable; urgency=low

  * first upload to Debian archive
  * Support for kernel 2.2.19
  * enhanced documentation
  
 -- Thomas Lange <lange@debian.org>  Tue,  8 May 2001 16:22:46 +0200

fai-kernels (1.0) unstable; urgency=low

  * Initial Release.

 -- Thomas Lange <lange@debian.org>  Wed, 29 Nov 2000 17:25:29 +0100


