kernel-image-2.4.27-ia64 (2.4.27-10sarge5) stable-security; urgency=high

  * Build against kernel-tree-2.4.27-10sarge5:
    * 233_ia64-sparc-cross-region-mappings.diff
      [SECURITY] Prevent cross-region mappings on ia64 and sparc which
      could be used in a local DoS attack (system crash)
      See CVE-2006-4538
    * 234_atm-clip-freed-skb-deref.diff
      [SECURITY] Avoid dereferencing an already freed skb, preventing a
      potential remote DoS (system crash) vector
      See CVE-2006-4997
    * 235_ppc-alignment-exception-table-check.diff
      [SECURITY][ppc] Avoid potential DoS which can be triggered by some
      futex ops
      See CVE-2006-5649
    * 236_s390-uaccess-memleak.diff
      [SECURITY][s390] Fix memory leak in copy_from_user by clearing the
      remaining bytes of the kernel buffer after a fault on the userspace
      address in copy_from_user()
      See CVE-2006-5174
    * 237_smbfs-honor-mount-opts.diff
      Honor uid, gid and mode mount options for smbfs even when unix extensions
      are enabled (closes: #310982)
      See CVE-2006-5871
    * 238_ppc-hid0-dos.diff
      [SECURITY] [ppc] Fix local DoS by clearing HID0 attention enable on
      PPC970 at boot time
      See CVE-2006-4093

 -- dann frazier <dannf@debian.org>  Tue,  5 Dec 2006 02:22:55 -0700

kernel-image-2.4.27-ia64 (2.4.27-10sarge4) stable-security; urgency=high

  * Build against kernel-tree-2.4.27-10sarge4:
    * [ERRATA] 213_madvise_remove-restrict.diff
      [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with
      CVE-2006-1524. However, this patch fixes an mprotect issue that was
      split off from the original report into CVE-2006-2071. 2.4.27 is not
      vulnerable to CVE-2006-1524 the madvise_remove issue.
      See CVE-2006-2071
    * 223_nfs-handle-long-symlinks.diff
      [SECURITY] Fix buffer overflow in NFS readline handling that allows a
      remote server to cause a denial of service (crash) via a long symlink
      See CVE-2005-4798
    * 224_cdrom-bad-cgc.buflen-assign.diff
      [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially
      be used by a local user to trigger a buffer overflow via a specially
      crafted DVD, USB stick, or similar automatically mounted device.
      See CVE-2006-2935
    * 225_sg-no-mmap-VM_IO.diff
      [SECURITY] Fix DoS vulnerability whereby a local user could attempt
      a dio/mmap and cause the sg driver to oops.
      See CVE-2006-1528
    * 226_snmp-nat-mem-corruption-fix.diff
      [SECURITY] Fix memory corruption in snmp_trap_decode
      See CVE-2006-2444
    * 227_kfree_skb.diff
      [SECURITY] Fix race between kfree_skb and __skb_unlink
      See CVE-2006-2446
    * 228_sparc-mb-extraneous-semicolons.diff
      Fix a syntax error caused by extranous semicolons in smp_mb() macros
      which resulted in a build failure with 227_kfree_skb.diff
    * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff
      [SECURITY] Fix SCTP privelege escalation
      See CVE-2006-3745
    * 231_udf-deadlock.diff
      [SECURITY] Fix possible UDF deadlock and memory corruption
      See CVE-2006-4145
    * 232_sparc-membar-extraneous-semicolons.diff
      Fix an additional syntax error caused by extraneous semicolons
      in membar macros on sparc

 -- dann frazier <dannf@debian.org>  Sun,  3 Sep 2006 17:51:46 -0600

kernel-image-2.4.27-ia64 (2.4.27-10sarge3) stable-security; urgency=high

  * Build against kernel-tree-2.4.27-10sarge3:
    * 207_smbfs-chroot-escape.diff
      [SECURITY] Fix directory traversal vulnerability in smbfs that permits
      local users to escape chroot restrictions
      See CVE-2006-1864
    * 208_ia64-die_if_kernel-returns.diff
      [SECURITY][ia64] Fix a potential local DoS on ia64 systems caused by
      an incorrect 'noreturn' attribute on die_if_kernel()
      See CVE-2006-0742
    * 209_sctp-discard-unexpected-in-closed.diff
      [SECURITY] Fix remote DoS in SCTP code by discarding unexpected chunks
      received in CLOSED state instead of calling BUG()
      See CVE-2006-2271
    * 210_ipv4-id-no-increment.diff
      [SECURITY] Fix vulnerability that allows remote attackers to conduct an
      Idle Scan attack, bypassing intended protections against such attacks
      See CVE-2006-1242
    * 211_usb-gadget-rndis-bufoverflow.diff
      [SECURITY] Fix buffer overflow in the USB Gadget RNDIS implementation
      that allows for a remote DoS attack (kmalloc'd memory corruption)
      See CVE-2006-1368
    * 212_ipv4-sin_zero_clear.diff
      [SECURITY] Fix local information leak in af_inet code
      See CVE-2006-1343
    * 213_madvise_remove-restrict.diff
      [SECURITY] Fix vulnerability that allows local users to bypass IPC
      permissions and replace portions of read-only tmpfs files with zeroes.
      See CVE-2006-1524
    * 214_mcast-ip-route-null-deref.diff
      [SECURITY] Fix local DoS vulnerability that allows local users to panic
      a system by requesting a route for a multicast IP
      See CVE-2006-1525
    * 215_sctp-fragment-recurse.diff
      [SECURITY] Fix remote DoS vulnerability that can lead to infinite
      recursion when a packet containing two or more DATA fragments is received
      See CVE-2006-2274
    * 216_sctp-fragmented-receive-fix.diff
      [SECURITY] Fix remote DoS vulnerability that allows IP fragmented
      COOKIE_ECHO and HEARTBEAT SCTP control chunks to cause a kernel panic
      See CVE-2006-2272
    * 217_amd64-fp-reg-leak.diff
      [SECURITY][amd64] Fix an information leak that allows a process to see
      a portion of the floating point state of other processes, possibly
      exposing sensitive information.
      See CVE-2006-1056
    * 218_do_add_counters-race.diff
      [SECURITY] Fix race condition in the do_add_counters() function in
      netfilter that allows local users with CAP_NET_ADMIN capabilities to
      read kernel memory
      See CVE-2006-0039
    * 219_sctp-hb-ack-overflow.diff
      [SECURITY] Fix a remote buffer overflow that can result from a badly
      formatted HB-ACK chunk
      See CVE-2006-1857
    * 220_sctp-param-bound-checks.diff
      [SECURITY] Fix a bound checking error (remote DoS) in the SCTP parameter
      checking code
      See CVE-2006-1858
    * 221_netfilter-do_replace-overflow.diff
      [SECURITY] Fix buffer overflow in netfilter do_replace which can could
      be triggered by users with CAP_NET_ADMIN rights.
      See CVE-2006-0038
    * 222_binfmt-bad-elf-entry-address.diff
      [SECURITY][amd64] Fix potential local DoS vulnerability in the binfmt_elf
      code on em64t processors
      See CVE-2006-0741

 -- dann frazier <dannf@debian.org>  Mon, 29 May 2006 09:55:07 -0600

kernel-image-2.4.27-ia64 (2.4.27-10sarge2) stable-security; urgency=high

  * Build against kernel-tree-2.4.27-10sarge2
  * Increment ABI to -3

 -- dann frazier <dannf@debian.org>  Wed,  1 Feb 2006 00:42:32 -0700

kernel-image-2.4.27-ia64 (2.4.27-10sarge1) stable-security; urgency=high

  * Build against kernel-tree-2.4.27-10sarge1

 -- dann frazier <dannf@debian.org>  Wed, 17 Aug 2005 10:04:49 -0600

kernel-image-2.4.27-ia64 (2.4.27-10) unstable; urgency=medium

  * Rebuild against kernel-tree-2.4.27-10 and
    kernel-patch-2.4.27-ia64 (2.4.27-4)

 -- dann frazier <dannf@hp.com>  Sun, 29 May 2005 23:42:34 -0600

kernel-image-2.4.27-ia64 (2.4.27-9) unstable; urgency=low

  * Rebuild against kernel-tree-2.4.27-9

 -- dann frazier <dannf@biglpk.hpde>  Sat, 26 Mar 2005 11:12:48 -0700

kernel-image-2.4.27-ia64 (2.4.27-8) unstable; urgency=low

  * Rebuild against kernel-patch-2.4.27-ia64 (2.4.27-3)
  * Change the maintainer to the debian-kernel team, and add me as an
    uploader.

 -- dann frazier <dannf@debian.org>  Mon, 14 Mar 2005 11:04:45 -0700

kernel-image-2.4.27-ia64 (2.4.27-7) unstable; urgency=high

  * Rebuild against kernel-patch-2.4.27-ia64 (2.4.27-2)
  * Turn off CONFIG_XFS_TRACE and CONFIG_XFS_DEBUG - they make the initrd
    too big, breaking d-i xfs root installs.  Thanks to Jim Lieb.
    Closes: #292045

 -- dann frazier <dannf@debian.org>  Tue, 01 Feb 2005 18:14:52 -0700

kernel-image-2.4.27-ia64 (2.4.27-6) unstable; urgency=high

  * Rebuild against kernel-tree-2.4.27-8

 -- dann frazier <dannf@debian.org>  Sun, 23 Jan 2005 20:32:10 -0700

kernel-image-2.4.27-ia64 (2.4.27-5) unstable; urgency=high

  * Rebuild against kernel-tree-2.4.27-7 and bump SONAME to -2

 -- dann frazier <dannf@debian.org>  Fri, 31 Dec 2004 12:12:06 -0700

kernel-image-2.4.27-ia64 (2.4.27-4) unstable; urgency=high

  * Rebuild against kernel-tree-2.4.27-6

 -- dann frazier <dannf@debian.org>  Sat, 04 Dec 2004 17:45:25 -0700

kernel-image-2.4.27-ia64 (2.4.27-3) unstable; urgency=high

  * Rebuild against kernel-tree-2.4.27-5

 -- dann frazier <dannf@debian.org>  Fri, 03 Sep 2004 11:22:52 -0600

kernel-image-2.4.27-ia64 (2.4.27-2) unstable; urgency=high

  * Rebuild against kernel-tree-2.4.27-4

 -- dann frazier <dannf@debian.org>  Wed, 25 Aug 2004 12:37:36 -0600

kernel-image-2.4.27-ia64 (2.4.27-1) unstable; urgency=high

  * New upstream release

 -- dann frazier <dannf@debian.org>  Sun, 15 Aug 2004 12:07:51 -0600

kernel-image-2.4.26-ia64 (2.4.26-5) unstable; urgency=high

  * dann frazier
    - Build against kernel-tree-2.4.26-5
  * Urgency set to high because kernel-source-2.4.26 (2.4.26-5) fixes
    some security problems.

 -- dann frazier <dannf@debian.org>  Thu, 05 Aug 2004 09:00:54 -0600

kernel-image-2.4.26-ia64 (2.4.26-4) unstable; urgency=low

  * dann frazier
    - Build against kernel-tree-2.4.26-4

 -- dann frazier <dannf@debian.org>  Thu, 22 Jul 2004 09:53:35 -0600

kernel-image-2.4.26-ia64 (2.4.26-3) unstable; urgency=low

  * dann frazier
    - Build against kernel-tree-2.4.26-3

 -- dann frazier <dannf@debian.org>  Tue, 13 Jul 2004 11:56:39 -0600

kernel-image-2.4.26-ia64 (2.4.26-2) unstable; urgency=low

  * SECURITY: Build against kernel-patch-2.4.26-ia64 (2.4.26-2), which includes
    a fix for a potential floating point information leak.
  * Add missing build-dep: kernel-patch-2.4.26-ia64

 -- dann frazier <dannf@debian.org>  Tue, 08 Jun 2004 18:08:41 -0600

kernel-image-2.4.26-ia64 (2.4.26-1) unstable; urgency=low

  * Initial 2.4.26 release
  * Resync'd with Herbert Xu's build system

 -- dann frazier <dannf@debian.org>  Wed, 19 May 2004 19:57:52 -0600

kernel-image-2.4.25-ia64 (2.4.25-6) unstable; urgency=low

  * Build against kernel-tree-2.4.25-3, which fixes a security issue in XFS
    code.

 -- dann frazier <dannf@debian.org>  Wed, 14 Apr 2004 09:45:08 -0600

kernel-image-2.4.25-ia64 (2.4.25-5) unstable; urgency=low

  * Build against kernel-tree-2.4.25-2, which fixes a few security issues.

 -- dann frazier <dannf@debian.org>  Tue, 13 Apr 2004 21:21:52 -0600

kernel-image-2.4.25-ia64 (2.4.25-4) unstable; urgency=high

  * Turn on the basic hid drivers as modules, needed for d-i
  * Recommend hotplug

 -- dann frazier <dannf@debian.org>  Thu, 18 Mar 2004 15:13:56 -0700

kernel-image-2.4.25-ia64 (2.4.25-3) unstable; urgency=low

  * Turn on crypto modules, since they build now - this fixes some
    unresolved symbols.
  * Disable various other modules w/ unresolved symbols

 -- dann frazier <dannf@debian.org>  Tue, 02 Mar 2004 23:04:54 -0700

kernel-image-2.4.25-ia64 (2.4.25-2) unstable; urgency=high

  * Build against kernel-patch-2.5.25-ia64-2.4.25-2, which contains
    a patch for a potential data corruption bug.

 -- dann frazier <dannf@debian.org>  Sun, 29 Feb 2004 14:57:58 -0700

kernel-image-2.4.25-ia64 (2.4.25-1) unstable; urgency=high

  * new upstream release

 -- dann frazier <dannf@debian.org>  Tue, 24 Feb 2004 00:25:30 -0700

kernel-image-2.4.24-ia64 (2.4.24-3) unstable; urgency=high

  * SECURITY: build against kernel-tree-2.4.24-3, which adds a patch to
    "Check return value of do_munmap in do_mremap in mm/mremap.c (2.4.25)"
  * link sym53c8xx_2 statically, don't build sym53c8xx.  initrd-tools will
    want to load sym53c8xx, but if you've explicitly requested sym538cxx_2 via
    /etc/mkinitrd/modules, then your machine will surely crash.  This is a
    workaround until the sym53c8xx is fixed not to runover sym53c8xx_2.
    Hopefully nobody needs the v1 driver - if you do, please file a bug.

 -- dann frazier <dannf@debian.org>  Thu, 19 Feb 2004 11:01:33 -0700

kernel-image-2.4.24-ia64 (2.4.24-2) unstable; urgency=low

  * build against kernel-tree-2.4.24-2
  * provide kernel-image-2.4 (thanks to jbailey for noticing its absence)

 -- dann frazier <dannf@debian.org>  Tue, 10 Feb 2004 12:04:15 -0700

kernel-image-2.4.24-ia64 (2.4.24-1) unstable; urgency=high

  * initial release

 -- dann frazier <dannf@debian.org>  Sat, 24 Jan 2004 22:10:52 -0700

kernel-image-2.4.22-ia64 (2.4.22-7.1) unstable; urgency=high

  * NMU
  * SECURITY: build against kernel-patch-2.4.22-ia64_2.4.22-7.1 (mremap fix)
    Closes: #225710
  * SECURITY: build against kernel-tree-2.4.22-5 (do_brk fix)
  * turn off CONFIG_SYM53C8XX, in favor of the v2 version of the driver.
    Closes: #225944
  * turn on CONFIG_DRM_RADEON=m
  * add dependency on initrd-tools
  * add elilo to Suggests

 -- dann frazier <dannf@debian.org>  Tue, 18 Nov 2003 14:43:39 -0700

kernel-image-2.4.22-ia64 (2.4.22-7) unstable; urgency=low

  * build-dep on kernel-tree instead of kernel-source
  * split kernel-patch into a separate package
  * build the input drivers as modules

 -- dann frazier <dannf@debian.org>  Tue, 18 Nov 2003 14:43:39 -0700

kernel-patch-2.4.22-ia64 (2.4.22-6) unstable; urgency=low

  * add ni_syscall_hush.patch - silences complaints about non existant
    syscalls.  See #219512.

 -- dann frazier <dannf@debian.org>  Thu, 13 Nov 2003 22:01:22 -0700

kernel-patch-2.4.22-ia64 (2.4.22-5) unstable; urgency=low

  * add a skeleton offsets.h patch.  works around a circular dependency
    (print_offsets.c -> ptrace.h -> offsets.h -> print_offsets.c)

 -- dann frazier <dannf@debian.org>  Wed, 12 Nov 2003 19:14:53 -0700

kernel-patch-2.4.22-ia64 (2.4.22-4) unstable; urgency=low

  * turn off NUMA support, breaks on some HP machines

 -- dann frazier <dannf@debian.org>  Sun, 02 Nov 2003 17:43:32 -0700

kernel-patch-2.4.22-ia64 (2.4.22-3) unstable; urgency=low

  * turn on magic sysrq
  * turn off CONFIG_E100, which will oops

 -- dann frazier <dannf@dannf.org>  Sun, 26 Oct 2003 15:20:43 -0700

kernel-patch-2.4.22-ia64 (2.4.22-2) unstable; urgency=low

  * turn on devfs support in all kernels
  * build w/ --initrd support
  * remove udeb bits

 -- dann frazier <dannf@dannf.org>  Sat, 25 Oct 2003 15:45:58 -0600

kernel-patch-2.4.22-ia64 (2.4.22-1) unstable; urgency=low

  * a 2.4.22 build

 -- dann frazier <dannf@dannf.org>  Mon, 13 Oct 2003 21:39:21 -0600

kernel-patch-2.4.20-ia64 (021210.em20.4) unstable; urgency=low

  * add ide-probe-mod to ide-modules, closes: #212328
  * ifdef out the CONFIG_TR definition to avoid polluting userspace
    includes, closes #210359
  * update cciss driver - increases card support & fixes a bug that
    affects newer ia64 platforms
  * added myself as an uploader

 -- dann frazier <dannf@dannf.org>  Mon, 13 Oct 2003 20:57:30 -0600

kernel-patch-2.4.20-ia64 (021210.em20.3) unstable; urgency=low

  * add devfs to kernel used by d-i, closes: #210352
  * remove bogus dependency in udeb builds from debian/rules, closes: #201065
  * change autofs to modules, closes: #203513
  * pick up perfmon task pinning fix for system-wide monitoring in SMP 
    systems, closes: #197983

 -- Bdale Garbee <bdale@gag.com>  Thu, 11 Sep 2003 16:36:50 -0600

kernel-patch-2.4.20-ia64 (021210.em20.2) unstable; urgency=low

  * fresh build to pick up kernel-source-2.4.20 security updates

 -- Bdale Garbee <bdale@gag.com>  Fri, 15 Aug 2003 08:35:55 -0600

kernel-patch-2.4.20-ia64 (021210.em20.1) unstable; urgency=low

  * updated patch from HP, fixes problems with itanium-smp on i2000 and 
    updates support for serial ports on the remote management cards in HP
    systems, closes: #194371
  * update config files to enable CONFIG_HP_DIVA.

 -- Bdale Garbee <bdale@gag.com>  Tue, 10 Jun 2003 13:04:17 -0600

kernel-patch-2.4.20-ia64 (021210.em18.3) unstable; urgency=low

  * change config files to build raid devices into kernel not modules
  * pull pal.h patch forward from 2.4.19 tree to fix syntax errors due to 
    asm/pal.h inclusion by other headers, closes: #191114
  * force use of gcc-3.2 since gcc-3.3 isn't building ia64 kernels right now!

 -- Bdale Garbee <bdale@gag.com>  Mon,  2 Jun 2003 23:12:00 -0600

kernel-patch-2.4.20-ia64 (021210.em18.2) unstable; urgency=low

  * fix type in patching scripts, closes: #191161
  * fix duplicated patch, closes: #191164
  * enable CONFIG_SERIAL_ACPI, closes: #190583
  * enable QLA2XXX fibre channel driver

 -- Bdale Garbee <bdale@gag.com>  Wed, 30 Apr 2003 12:27:41 -0600

kernel-patch-2.4.20-ia64 (021210.em18.1) unstable; urgency=low

  * updated patchset from HP
  * fix typo in description field... this isn't for powerpc!  closes: #185427
  * enable CONFIG_IP_NF_NAT_LOCAL as a module per request from Ryan Bradetich
  * enable CONFIG_VLAN_8021Q as a module per request from Grant Grundler

 -- Bdale Garbee <bdale@gag.com>  Thu, 10 Apr 2003 11:10:00 -0600

kernel-patch-2.4.20-ia64 (021210.em6.1) unstable; urgency=low

  * new upstream kernel version, first instance of a kernel-patch package
    for ia64 instead of a full source package.  borrowing heavily from the
    powerpc version maintained by Daniel Jacobowitz <dan@debian.org>

 -- Bdale Garbee <bdale@gag.com>  Mon, 10 Mar 2003 16:32:19 -0700

