Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 12 Feb 2011 23:01:09 +0300
From: Solar Designer <solar@...nwall.com>
To: owl-users@...ts.openwall.com, announce@...ts.openwall.com
Subject: [openwall-announce] Owl-current 2011/02/12 snapshot

Hi,

We've made available another Owl-current snapshot, along with new ISOs
and OpenVZ container templates:

http://www.openwall.com/Owl/

Contrary to what was planned, we have not broken 3.0 compatibility yet.
The primary reason for us to make this "unexpected" set of ISOs and
vztemplates was that we became aware of two serious issues with the
2011/02/05 snapshot.

Specifically, the fix for the patch(1) vulnerability (CVE-2010-4651)
that we backported in time for the 2011/02/05 snapshot was since found
to be incomplete.  The 2011/02/12 snapshot includes a new backport,
hopefully of the complete fix this time (at least it has passed our
tests with both relative and absolute pathnames).

The other major issue was that OpenVZ's x86_64 VDSO bugfix in their
"rhel5-testing/028stab084.1" kernel turned out to be incomplete.  This
was fixed in 084.2, and the kernel version in our 2011/02/12 snapshot is
based on 084.3, which obviously also has the fix.

The effect of this bug was that some Linux distributions would not run
with our 2011/02/05 snapshot.  Specifically, a Fedora 13/x86_64 OpenVZ
container would fail to start up, whereas Owl containers worked just
fine (both i686 and x86_64).  With this new snapshot, Fedora 13/x86_64
works fine again.

The bug itself was new with OpenVZ's RHEL 5.6'ish kernels, which were
never declared stable - and they still are not.  This bug was not
present in the kernel included in Owl 3.0, and we're not introducing
these new "testing" kernels into 3.0-stable yet.  So there's no one to
"blame" here; it's just OpenVZ using "testing" kernels for what these
are, and us using the Owl-current branch for what it is - trying out new
stuff before it can be declared "stable".

Now, that's apparently not the last bug in RHEL 5.6'ish OpenVZ kernels
to be fixed before they're declared stable (and before we're able to get
them into Owl 3.0-stable).  Even 084.3, which our 2011/02/12 snapshot
uses, is known to be unreliable on machines with 8 or more logical CPUs.

So at this time Owl-current is for those who truly like to explore
and/or help test this newer stuff.  For our typical "end-users", we
continue to recommend Owl 3.0 release (and then eventually 3.0-stable).

Besides the fixes above, we've added the usb_modeswitch package - a mode
switching tool for controlling "flip flop" (multiple device) USB gear -
along with usb_modeswitch-data and libusb-compat.

As usual, these changes are documented in a more formal fashion here:

http://www.openwall.com/Owl/CHANGES-current.shtml

For those of you who have decided to upgrade from Owl 3.0 to this
Owl-current snapshot, despite of it actually being "unstable", the
instructions from my previous announcement apply:

http://www.openwall.com/lists/owl-users/2011/02/06/1

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ