Xen Patches README
------------------

These patches are intended to be stacked on top of genpatches-base.

Many of the patches included here are swiped from various sources which
use their own four digit patch numbering scheme, so we are stuck with five
digits to indiciate the source for easier tracking and re-syncing.

Numbering
---------

0xxxx	Gentoo, not related to Xen. (in case we pull something from extras)
1xxxx	XenSource, upstream Xen patch for 2.6.18
2xxxx	Redhat, we use their Xen patch for >=2.6.20
3xxxx	Debian, we use their security fixes for 2.6.18
5xxxx	Gentoo, Xen and other fixes for Redhat and/or Debian patches.

Patches
-------

10001_xen-3.1.0.patch
    Upstream 3.1.0 patch

30001_nfnetlink_log-null-deref.patch
    [SECURITY] Fix remotely exploitable NULL pointer dereference in
    nfulnl_recv_config()
    See CVE-2007-1496

30002_nf_conntrack-set-nfctinfo.patch
    [SECURITY] Fix incorrect classification of IPv6 fragments as ESTABLISHED,
    which allows remote attackers to bypass certain rulesets
    See CVE-2007-1497

30003_netlink-infinite-recursion.patch
    [SECURITY] Fix infinite recursion bug in netlink
    See CVE-2007-1861

30004_nl_fib_lookup-oops.patch
    Add fix for oops bug added by previous patch

30005_core-dump-unreadable-PT_INTERP.patch
    [SECURITY] Fix a vulnerability that allows local users to read
    otherwise unreadable (but executable) files by triggering a core dump.
    See CVE-2007-0958

30006_appletalk-length-mismatch.patch
    [SECURITY] Fix a remote DoS (crash) in appletalk
    Depends upon bugfix/appletalk-endianness-annotations.patch
    See CVE-2007-1357

30007_cm4040-buffer-overflow.patch
    [SECURITY] Fix a buffer overflow in the Omnikey CardMan 4040 driver
    See CVE-2007-0005

30008_ipv6_fl_socklist-no-share.patch
    [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
    ipv6_fl_socklist between the listening socket and the socket created
    for connection.
    See CVE-2007-1592

30009_keys-serial-num-collision.patch
    [SECURITY] Fix the key serial number collision avoidance code in
    key_alloc_serial() that could lead to a local DoS (oops).
    (closes: #398470)
    See CVE-2007-0006

30010_ipv6_getsockopt_sticky-null-opt.patch
    [SECURITY] Fix kernel memory leak vulnerability in
    ipv6_getsockopt_sticky() which can be triggered by passing a len < 0.
    See CVE-2007-1000

30011_ipv6_setsockopt-NULL-deref.patch
    [SECURITY] Fix NULL dereference in ipv6_setsockopt that could lead
    to a local DoS (oops).
    See CVE-2007-1388

50001_make-install.patch
    Handle make install in a semi-sane way that plays nice with
    split domU/dom0 kernels.

50002_always-enable-xen-genapic.patch
    Compile fix for non-SMP (UP) kernels. Since UP support is broken in
    upstream Xen I'm not sure if I trust it or not. :-P