Stable kernel 2.6.22.4 released

From: Greg Kroah-Hartman
To: [email protected], Andrew Morton , [email protected], [email protected]
Subject: Linux 2.6.22.4
Date: Mon, 20 Aug 2007 21:43:07 -0700
Message-ID: <[email protected]>
Archive-link: Article, Thread

We (the -stable team) are announcing the release of the 2.6.22.4 kernel.
It contains one security fix and all users of the 2.6.22 series are
encouraged to upgrade to it.

I’ll also be replying to this message with a copy of the patch between
2.6.22.3 and 2.6.22.4

The updated 2.6.22.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.6.22.y.git
and can be browsed at the normal kernel.org git web browser:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2….

thanks,

greg k-h

——–

Makefile | 2 +-
fs/exec.c | 13 +++++++++—-
2 files changed, 10 insertions(+), 5 deletions(-)

Summary of changes from v2.6.22.3 to v2.6.22.4
==============================================

Greg Kroah-Hartman (1):
Linux 2.6.22.4

Marcel Holtmann (1):
Reset current->pdeath_signal on SUID binary execution (CVE-2007-3848)

Xen 3.0.3 on Debian 4.0 Etch

Here is the instruction for running XEN on Debian Etch on Core2Duo 6300 with 2GB Ram.

First, install all the packages that related to XEN.

apt-get install  libc6-xen linux-headers-2.6-xen-686
linux-headers-2.6-xen-vserver-686 linux-headers-2.6.18-4-xen
linux-headers-2.6.18-4-xen-686 linux-headers-2.6.18-4-xen-vserver
linux-headers-2.6.18-4-xen-vserver-686 linux-image-2.6-xen-686
linux-image-2.6-xen-vserver-686 linux-image-2.6.18-4-xen-686
linux-image-2.6.18-4-xen-vserver-686 linux-image-xen-686
linux-image-xen-vserver-686 linux-modules-2.6.18-4-xen-686
linux-modules-2.6.18-4-xen-vserver-686 xen-hypervisor-3.0.3-1-i386
xen-hypervisor-3.0.3-1-i386-pae xen-ioemu-3.0.3-1 xen-tools
xen-utils-3.0.3-1 xen-utils-common bridge-utils iproute sysfsutils

Then, boot reboot the machine and choose the pae kernel to boot.

Next, add the following into /etc/network/interface for the Xen Bridge neteork.

auto xenbr0
iface xenbr0 inet dhcp
bridge_ports eth0
# optional
bridge_maxwait 0

To build a new debian domain:

Configurature /etc/xen-tools/xen-tools.conf collectly such as kernel version and initrd.

Then, run

xen-create-image --hostname=<name_of_DomU> --dir /home/xen/images/debian

Next, configurature

/etc/xen/<name_of_DomU>.cfg

to make sure all the Tag are correct.

Finally, run

xm create test.cfg -c

to run the VM.

As Core2Duo 6300 support VT, we could run Windows under Xen.

To run Windows in Xen,

first, build an image file for windows.

dd if=/dev/zero of=/home/xen/images/WinXP.img bs=1M count=4096

Next, copy the Windows XP install CD in to an iso format

dd if=/dev/cdrom of=/home/xen/cds/winxp.iso

Then, build a winxp config file in /etc/xen as the following. eg:

vi /etc/xen/winxp
kernel = "hvmloader"
builder='hvm'
memory = 512
name = "winxp"
vif = [ 'type=ioemu, bridge=xenbr0' ]
disk = [ 'file:/home/xen/images/WinXP.img,ioemu:hda,w',
'file:/home/xen/cds/winxp.iso,hdc:cdrom,r' ]
#cdrom = '/dev/hda'
device_model = 'qemu-dm'
boot="dc"
sdl=1
vnc=0
nographic=0
localtime=1

Run

xm create winxp -c

to boot up the VM and install XP.

After finished installing the XP, turn off the VM and

change the

boot="dc"

to

boot="c"

in

/etc/xen/winxp

xen1xen2xen3
xen4xen5

How to generate a self-signed certificate for apache2 in Debian

The source is now on Github: https://github.com/wanleung/self-signed-certificate-generator

While the Debian apache2 package was in Apache version 2.0, there was a tool called “apache2-ssl-certificate” for the users to use that script to gererate their own self-signed cert themselves. However, the script was removed since the apache2 package had been upgraded to Apache v2.2.

I had modified the old script so that it can generate a suitable self-signed cert for the new apache2(Apache v2.2) in Debain.

Here is the code:

 #!/bin/sh -e DAYS="365" CERTPATH="/etc/apache2/ssl" CERTNAME="apache" KEYBIT="1024" FORCE="0"; usage(){ echo "This is a program for the users to gernate their own self-signed certificate." echo echo "Usage: $0 [[OPTION] [VALUE]]..." echo echo "OPTIONS:" echo " -h | -help | --help -- To Show This Help" echo " -f | --force -- Force to generate the cert" echo " -d | -days | --days -- cert to expire after x days, default is 365" echo " -p | -path | --path -- Path of the cert will be stored," echo " default is /etc/apache/ssl" echo " -n | -name | --name -- the name of the cert, default is apache" echo " -b | -bit | --bit -- length of the key, default is 1024" echo } createcert() { if [ "$FORCE" != "1" -a -f $CERTPATH/$CERTNAME.pem ]; then echo "$CERTPATH/$CERTNAME.pem exists! Use \"$0 --force.\"" exit 0 fi echo echo creating selfsigned certificate echo "replace it with one signed by a certification authority (CA)" echo echo enter your ServerName at the Common Name prompt echo echo If you want your certificate to expire after x days call this programm echo with "--days x" mkdir -p "$CERTPATH/" export RANDFILE=/dev/random openssl req $@ -new -x509 -days $DAYS -nodes -newkey rsa:$KEYBIT -out $CERTPATH/$CERTNAME.pem -keyout $CERTPATH/$CERTNAME.pem chmod 600 $CERTPATH/$CERTNAME.pem } case $1 in -h|help|--help) usage exit 0 ;; esac until [ -z "$1" ] # Until all parameters used up . . . do case $1 in --force|-f|-force) FORCE="1" shift ;; --days|-d|-days) DAYS=$2 shift shift ;; --path|-p|-path) CERTPATH=$2 shift shift ;; --name|-n|-name) CERTNAME=$2 shift shift ;; --bit|-n|-bit) KEYBIT=$2 shift shift ;; *) usage exit 0 ;; esac done createcert

Here is the file.
apache2-ssl-certificate.tar.gz

MD5SUM: 6fb69eb0d63a683e73461f4f682e13e5

You could get the project from github.

The source is now on Github: https://github.com/wanleung/self-signed-certificate-generator