kernel-image-2.6.8-hppa (2.6.8-6sarge4) stable-security; urgency=high

  * Build against kernel-tree-2.6.8-16sarge4:
    * proc-environ-race-1.dpatch, proc-environ-race-2.dpatch
      [SECURITY] Fix local root vulnerability caused by a race in proc
      See CVE-2006-3626

 -- dann frazier <dannf@debian.org>  Sat, 15 Jul 2006 09:23:24 -0600

kernel-image-2.6.8-hppa (2.6.8-6sarge3) stable-security; urgency=high

  * Build against kernel-tree-2.6.8-16sarge3:
    * net-protocol-mod-refcounts-pre.dpatch, net-protocol-mod-refcounts.dpatch
      [SECURITY] Fix potential DoS (panic) cause by inconsistent reference
      counting in network protocol modules.
      See CVE-2005-3359
    * netfilter-do_replace-overflow.dpatch
      [SECURITY] Fix buffer overflow in netfilter do_replace which can could
      be triggered by users with CAP_NET_ADMIN rights.
      See CVE-2006-0038
    * sys_mbind-sanity-checking.dpatch
      [SECURITY] Make sure maxnodes is safe size before calculating nlongs in
      get_nodes() to prevent a local DoS vulnerability.
      See CVE-2006-0557
    * smbfs-chroot-escape.dpatch
      [SECURITY] Fix directory traversal vulnerability in smbfs that permits
      local users to escape chroot restrictions
      See CVE-2006-1864
    * perfmon-exit-race.dpatch
      [SECURITY][ia64] Fix local denial of service vulnerability (oops) in
      the ia64 perfmon subsystem
      See CVE-2006-0558
    * ia64-die_if_kernel-returns.dpatch
      [SECURITY][ia64] Fix a potential local DoS on ia64 systems caused by
      an incorrect 'noreturn' attribute on die_if_kernel()
      See CVE-2006-0742
    * smbfs-chroot-escape.dpatch
      [SECURITY] Fix directory traversal vulnerability in smbfs that permits
      local users to escape chroot restrictions
      See CVE-2006-1863
    * binfmt-bad-elf-entry-address.dpatch
      [SECURITY][amd64] Fix potential local DoS vulnerability in the binfmt_elf
      code on em64t processors
      See CVE-2006-0741
    * em64t-uncanonical-return-addr.dpatch
      [SECURITY][amd64] Fix local DoS vulnerability on em64t systems that
      arises when returning program control using SYSRET
      See CVE-2006-0744
    * sctp-discard-unexpected-in-closed.dpatch
      [SECURITY] Fix remote DoS in SCTP code by discarding unexpected chunks
      received in CLOSED state instead of calling BUG()
      See CVE-2006-2271
    * ipv4-id-no-increment.dpatch
      [SECURITY] Fix vulnerability that allows remote attackers to conduct an
      Idle Scan attack, bypassing intended protections against such attacks
      See CVE-2006-1242
    * usb-gadget-rndis-bufoverflow.dpatch
      [SECURITY] Fix buffer overflow in the USB Gadget RNDIS implementation that
      allows for a remote DoS attack (kmalloc'd memory corruption)
      See CVE-2006-1368
    * group_complete_signal-BUG_ON.dpatch
      [SECURITY] Fix improper use of BUG_ON in __group_complete_signal()
      See CVE-2006-1523
    * madvise_remove-restrict.dpatch
      [SECURITY] Fix vulnerability that allows local users to bypass IPC
      permissions and replace portions of read-only tmpfs files with zeroes.
      See CVE-2006-1524
    * mcast-ip-route-null-deref.dpatch
      [SECURITY] Fix local DoS vulnerability that allows local users to panic
      a system by requesting a route for a multicast IP
      See CVE-2006-1525
    * sctp-fragment-recurse.dpatch
      [SECURITY] Fix remote DoS vulnerability that can lead to infinite
      recursion when a packet containing two or more DATA fragments is received
      See CVE-2006-2274
    * sctp-fragmented-receive-fix.dpatch
      [SECURITY] Fix remote DoS vulnerability that allows IP fragmented
      COOKIE_ECHO and HEARTBEAT SCTP control chunks to cause a kernel panic
      See CVE-2006-2272
    * amd64-fp-reg-leak-dep[1-3].dpatch, amd64-fp-reg-leak.dpatch
      [SECURITY][amd64] Fix an information leak that allows a process to see
      a portion of the floating point state of other processes, possibly
      exposing sensitive information.
      See CVE-2006-1056
    * do_add_counters-race.dpatch
      [SECURITY] Fix race condition in the do_add_counters() function in
      netfilter that allows local users with CAP_NET_ADMIN capabilities to
      read kernel memory
      See CVE-2006-0039
    * s390-strnlen_user-return.dpatch
      [SECURITY][s390] Fix local DoS on s390 that may result from strnlen_user
      returning a value that is too large
      See CVE-2006-0456
    * xfs-ftruncate-leak.dpatch
      [SECURITY] Fix leak in the ftruncate call in the XFS filesystem that may
      permit local users to view sensitive information
      See CVE-2006-0554
    * nfs-another-O_DIRECT-fix.dpatch
      [SECURITY] Fix a potential local DoS vulnerability in the NFS O_DIRECT
      code
      See CVE-2006-0555
    * sctp-hb-ack-overflow.dpatch
      [SECURITY] Fix a remote buffer overflow that can result from a badly
      formatted HB-ACK chunk
      See CVE-2006-1857
    * sctp-param-bound-checks.dpatch
      [SECURITY] Fix a bound checking error (remote DoS) in the SCTP parameter
      checking code
      See CVE-2006-1858

 -- dann frazier <dannf@debian.org>  Fri, 26 May 2006 17:29:55 -0600

kernel-image-2.6.8-hppa (2.6.8-6sarge2) stable-security; urgency=high

  * Rebuild against kernel-tree-2.6.8-16sarge2
  * Increment ABI to -3

 -- dann frazier <dannf@debian.org>  Wed,  1 Feb 2006 00:02:14 -0700

kernel-image-2.6.8-hppa (2.6.8-6sarge1) stable-security; urgency=high

  * Rebuild against kernel-tree-2.6.8-16sarge1.
  * Change build-dep from modutils to module-init-tools, preventing a FTBFS.

 -- dann frazier <dannf@debian.org>  Wed, 24 Aug 2005 11:23:22 -0600

kernel-image-2.6.8-hppa (2.6.8-6) unstable; urgency=high

  * Disable de4x5, as it conflicts with tulip.
  * We have lots of modules enabled now. (closes: #275468)
  * Enable SERIAL_MUX and PDC_CONSOLE, the former so we have
    console on K and Nova class machines. 
  * Depend on newer kernel-source-2.6.8, for security fixes.
  * Depend on newer kernel-patch-2.6.8-hppa, to fix rejects with
    newer kernel-source.
  * Properly set the $architecture for make-kpkg, so it
    preserves include/asm-parisc properly. (closes: #289785)

 -- Kyle McMartin <kyle@debian.org>  Sat, 15 Jan 2005 19:40:05 -0500

kernel-image-2.6.8-hppa (2.6.8-5) unstable; urgency=high

  * make ps2 keyboard support built-in instead of modular to ease d-i pain
    
 -- Bdale Garbee <bdale@gag.com>  Tue,  2 Nov 2004 12:55:33 -0700

kernel-image-2.6.8-hppa (2.6.8-4) unstable; urgency=high

  * we really want ext2 built-in and not as a module for d-i initrd use
  * turn AT keyboard and PS mouse support back on as modules
  * add gcc-3.3-hppa64 and binutils-hppa64 to build deps
  * make sure all the configs are 'make oldconfig' clean again, and the diffs
    between flavors are only those things that should vary between them
  * add Bdale as an uploader
  * crank up urgency as we need these changes in sarge for d-i udebs

 -- Bdale Garbee <bdale@gag.com>  Thu, 28 Oct 2004 10:51:22 -0600

kernel-image-2.6.8-hppa (2.6.8-3) unstable; urgency=low

  * CONFIG_BLK_DEV_RAM_SIZE must be 8192, or d-i fails, because
    kernel command line flags are truncated.

 -- Kyle McMartin <kyle@debian.org>  Sun, 24 Oct 2004 01:35:23 -0400

kernel-image-2.6.8-hppa (2.6.8-2) unstable; urgency=low

  * Remove meta-packages, as we will transition to the
    kernel-latest framework.
  * Build against kernel-patch-hppa 2.6.8-4.
  * Add support for PCI/EISA network cards (in addition to those
    already built on PA-RISC.)

 -- Kyle McMartin <kyle@debian.org>  Sat, 16 Oct 2004 10:29:53 -0400

kernel-image-2.6.8-hppa (2.6.8-1) unstable; urgency=high

  * New upstream release. Synced to 2.6.8.1-pa7 or greater.
  * Priority is high, since we want to see this package make it into
    sarge. It provides significantly better hardware support, which
    we feel justifies the higher priority.

 -- Kyle McMartin <kyle@debian.org>  Wed, 18 Aug 2004 12:21:12 -0400

