Hi all,
New year, new kernel :-)
Linux 2.4.36 is finally ready and has been checked long enough to
be released. Quite a bunch of bugs, build errors and security issues
have been fixed since 2.4.35, but all of those fixes were merged
into 2.4.35-stable. I should say that I'm quite statisfied of this
dual-branch release model which proves to be very successful at
separating quick fixes from changes which require more thorough testing.
The full changelog between 2.4.35 and 2.4.36 is appended at the end of
this mail.
The remaining changes between 2.4.35.5 and 2.4.36 are just minimal :
- IDE support for JMicron 20363 and UDMA on ICH7
- the addition of the mmap_min_addr sysctl which provides the ability to
prevent processes from mapping the NULL address, thus preventing the
exploitation of a kind of possibly yet undiscovered kernel bugs (NULL
dereferences) to escalade privileges. This is the convergence of an
Openwall kernel 2.4 patch by Solar Designer, and Eric Paris' 2.6 patch.
The mmap_min_addr protection is not enabled by default. In order to
activate it, you have to write the minimum allowed user-space address
in mmap_min_addr :
# echo 4096 > /proc/sys/vm/mmap_min_addr
or alternatively :
# sysctl -w vm.mmap_min_addr=4096
I have been running with values between 4096 and 65536 on various machines
without any problem. Default value is zero, thus disabling the protection.
Feedback from the field welcome, of course.
Concerning future versions, I have nothing pending in the queue anymore. I
will then go on with 2.4.36.X when bug fixes come in, and only open 2.4.37
when I get something which I do not consider suitable for 2.4.36.X.
Happy new year 2008 to everyone !
Willy
---
Changelog between 2.4.35 and 2.4.36
---
final:
- v2.4.36-rc1 was released as 2.4.36 with no changes.
Summary of changes from v2.4.36-pre2 to v2.4.36-rc1
============================================
Jonas Danielsson (1):
net/ipv4/arp.c: Fix arp reply when se...
