On 12-03-02 at 05:11am, Ben Hutchings wrote: > The longstanding link restriction patches were recently accepted by > Andrew Morton and are likely to end up in Linux 3.4. I've applied > these to src:linux-2.6 in svn and they should end up in the upcoming > version 3.2.9-1. > > We know that these are going to break some programs, most notably > 'at' (#597130, fixed in wheezy/sid). But of course it's possible > to work around that by disabling the restriction, so I don't think > this should result in a 'Breaks' relation. > > I'm therefore intending to warn about this with the following NEWS > entry in the linux-image metapackages: > > Index: debian/linux-image.NEWS > =================================================================== > --- debian/linux-image.NEWS (revision 18757) > +++ debian/linux-image.NEWS (working copy) > @@ -1,3 +1,18 @@ > +linux-latest (44) unstable; urgency=low > + > + * The new kernel version includes security restrictions on links, which > + are enabled by default. These are specified in > + Documentation/sysctl/fs.txt in the linux-doc-3.2 and linux-source-3.2 > + packages. > + > + These restrictions may cause some legitimate programs to fail. > + In particular, if the 'at' package is installed, you should either: > + - Upgrade it to at least version 3.1.13-1 (or a backport of that) > + or: > + - Set sysctl fs.protected_hardlinks=0 (see /etc/sysctl.conf) > + > + -- Ben Hutchings <b...@decadent.org.uk> Fri, 02 Mar 2012 04:58:24 +0000 > + > linux-latest-2.6 (26) unstable; urgency=low > > * The old IDE (PATA) drivers are no longer developed. Most PATA > --- END --- > > (Why in the metapackages, you ask? Because apt-listchanges shows NEWS > from upgraded packages, not new packages.) > > Does anyone have a better idea how to do this? Know about other > packages that are affected?
I suggest to add it to *both* metapackages and real packages: Some may not use the metapackages and may inspect the NEWS file by other means than via apt-listchanges (which I guess is what you are talking about). Regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: Digital signature