fai-kernels (1.17+etch.26etch2) oldstable-security; urgency=high

  * Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-26etch2:
    * [s390] Revert syscall wrapping of execve() - 2.6.18 still
      has some in-kernel callers which bollocks up pt_regs.
      (Closes: #562525)
    * [SCSI] gdth: Prevent negative offsets in ioctl (CVE-2009-3080)
    * NFSv4: Fix a problem whereby a buggy server can oops the kernel
      (CVE-2009-3726)
    * isdn: hfc_usb: Fix read buffer overflow (CVE-2009-4005)
    * hfs: fix a potential buffer overflow (CVE-2009-4020)
    * fuse: prevent fuse_put_request on invalid pointer (CVE-2009-4021)
    * e1000: enhance frame fragment detection (CVE-2009-4536)
    * netfilter: ebtables: enforce CAP_NET_ADMIN (CVE-2010-0007)
    * connector: Delete buggy notification code. (CVE-2010-0410)
    * Fix potential crash with sys_move_pages (CVE-2010-0415)
    * futex: Handle user space corruption gracefully (CVE-2010-0622)
    * [s390] Fix missing capability check in z90crypt driver (CVE-2009-1883)
    * net ax25: Fix signed comparison in the sockopt handler (CVE-2009-2909)
    * fix information leak in llc_ui_getname (CVE-2009-3001)
    * net: fix information leak due to uninitialized structures in
      getname functions (CVE-2009-3002)
    * tc: Fix uninitialized kernel memory leak (CVE-2009-3228)
    * random: make get_random_int() more random (CVE-2009-3238)
    * NFSv4: fix open-create permissions, move iattr & verf attributes of
      struct nfsd4_open out of the union (CVE-2009-3286)
    * fs: pipe.c null pointer dereference (CVE-2009-3547)
    * netlink: fix typo in initialization (CVE-2009-3612)
    * AF_UNIX: Fix deadlock on connecting to shutdown socket (CVE-2009-3621)
    * [mips/mipsel] Fix errno on inexistent syscalls. (Closes: #520034).
    * bridge: Fix oops in port_carrier_check (closes: #529165)

 -- dann frazier <dannf@debian.org>  Mon, 22 Feb 2010 18:12:45 -0700

fai-kernels (1.17+etch.24etch4) oldstable-security; urgency=high

  * Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-24etch3:
    * [parisc] isa-eeprom - Fix loff_t usage (CVE-2009-2846)
    * do_sigaltstack: avoid copying 'stack_t' as a structure to user space
      (CVE-2009-2847)
    * execve: must clear current->clear_child_tid (CVE-2009-2848)
    * md: avoid dereferencing NULL pointer when accessing suspend_* sysfs
      attributes (CVE-2009-2849)
    * [UDP]: Fix MSG_PROBE crash (CVE-2009-2698)

 -- dann frazier <dannf@debian.org>  Mon, 24 Aug 2009 10:03:10 -0600

fai-kernels (1.17+etch.24etch3) oldstable-security; urgency=high

  * Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-24etch3:
    * e1000: add missing length check to e1000 receive routine (CVE-2009-1385)
    * r8169: fix crash when large packets are received (CVE-2009-1389)
    * nfs4: fix MAY_EXEC handling (CVE-2009-1630)
    * cifs: fix several string conversion issues (CVE-2009-1633)
    * net: fix possible NULL dereference in sock_sendpage() (CVE-2009-2692)

 -- dann frazier <dannf@debian.org>  Sun, 16 Aug 2009 09:18:49 -0600

fai-kernels (1.17+etch.24etch2) oldstable-security; urgency=high

  * Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-24etch2:
    * Fix buffer underflow in the ib700wdt watchdog driver:
     - bugfix/all/watchdog-ib700wdt-buffer_underflow.patch
    See CVE-2008-5702
    * nfs: Fix fcntl/close race
       - bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch
      See CVE-2008-4307
    * sctp: fix memory overflow
       - bugfix/all/sctp-avoid-memory-overflow.patch
      See CVE-2009-0065
    * Fix sign-extend ABI issue w/ system calls on various 64-bit architectures
       - bugfix/all/CVE-2009-0029/*
      See CVE-2009-0029
    * security: introduce missing kfree
       - bugfix/all/security-keyctl-missing-kfree.patch
      See CVE-2009-0031
    * dell_rbu: use scnprintf instead of less secure sprintf
       - bugfix/all/dell_rbu-use-scnprintf-instead-of-sprintf.patch
      See CVE-2009-0322
    * [hppa] Fix system crash while unwinding a userspace process
       - bugfix/hppa/userspace-unwind-crash.patch
      See CVE-2008-5395
    * NET: Add preemption point in qdisc_run
       - bugfix/all/net-add-preempt-point-in-qdisc_run.patch
      See CVE-2008-5713
    * [mips] Fix potential DOS by untrusted user app
       - bugfix/mips/fix-potential-dos.patch
      See CVE-2008-5701
    * Fix sensitive memory leak in SO_BSDCOMPAT gsopt
       - bugfix/all/net-SO_BSDCOMPAT-leak.patch
       - bugfix/all/net-SO_BSDCOMPAT-leak-2.patch
      See CVE-2009-0676
    * skfp: Fix inverted capabilities check logic
       - bugfix/all/skfp-fix-inverted-cap-logic.patch
      See CVE-2009-0675
    * [amd64] syscall-audit: fix 32/64 syscall hole
       - bugfix/syscall-audit-fix-32+64-syscall-hole.patch
      See CVE-2009-0834
    * shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM
      This issue does not effect pre-build Debian kernels.
       - bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch
      See CVE-2009-0859
    * copy_process: fix CLONE_PARENT && parent_exec_id interaction
       - bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch
      See CVE-2009-0028
    * af_rose/x25: Sanity check the maximum user frame size
       - bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch
      See CVE-2009-1265
    * NFS: fix an oops in encode_lookup()
       - bugfix/all/nfs-fix-oops-in-encode_lookup.patch
      See CVE-2009-1336
    * exit_notify: kill the wrong capable(CAP_KILL) check
       - bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch
      See CVE-2009-1337
    * agp: zero pages before sending to userspace
       - bugfix/all/agp-zero-pages-before-sending-to-userspace.patch
      See CVE-2009-1192
    * cifs: Fix memory overwrite when saving nativeFileSystem field during mount
       - bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch
       - bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch
       - bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch
      See CVE-2009-1439
    * Fix mips FTBFS due to a missed rename of the mips-specific
      sys_pipe symbol.

 -- dann frazier <dannf@debian.org>  Wed, 06 May 2009 16:22:58 -0600

fai-kernels (1.17+etch.24) stable; urgency=high

  * Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-24:
    [ dann frazier ]
    * cciss: Add support for new hardware (closes: #502553)
       - Add PCI ids for P700m, P212, P410, P410i, P411, P812, P711m, p712m
       - Read the FIFO size from the controller config instead of
         hardcoding it into the driver
    * [hppa] disable UP-optimized flush_tlb_mm, fixing thread-related
      hangs. (closes: #478717)

    [ Ian Campbell ]
    * xen: Add softlockup-no-idle-hz.patch to prevent softlockup in xen guest.
      (closes: #506418)

    [ Bastian Blank ]
    * [xen] Remove 4gb segments warning completely. (closes: #391373)
    * [xen/i386] Fix pseudo hwcap value to match newer kernels.
      (closes: #506420)

 -- dann frazier <dannf@debian.org>  Mon, 29 Dec 2008 11:36:34 -0700

fai-kernels (1.17+etch.23etch1) stable-security; urgency=high

  * Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-23etch1:
    * Fix missing boundary checks in syscall/syscall32_nopage():
       - bugfix/add-install_special_mapping.patch
       - bugfix/i386-vdso-use_install_special_mapping.patch
       - bugfix/x86_64-ia32-vDSO-use-install_special_mapping.patch
       - features/all/xen/vdso-use_install_special_mapping.patch
      See CVE-2008-3527
    * Modify feature patches to apply on top of the fixes for
      CVE-2008-3527:
       - features/all/vserver/vs2.0.2.2-rc9.patch
       - features/all/xen/fedora-2.6.18-36186.patch
       - features/all/xen/vserver-update.patch
    * Don't allow splicing to files opened with O_APPEND:
       - bugfix/dont-allow-splice-to-files-opened-with-O_APPEND.patch
      See CVE-2008-4554
    * Avoid printk floods when reading corrupted ext[2,3] directories
       - bugfix/ext2-avoid-corrupted-directory-printk-floods.patch
       - bugfix/ext3-avoid-corrupted-directory-printk-floods.patch
      See CVE-2008-3528
    * Fix oops in SCTP
       - bugfix/sctp-fix-oops-when-INIT-ACK-indicates-that-peer-doesnt-support-AUTH.patch
      See CVE-2008-4576
    * Fix buffer overflow in hfsplus
       - bugfix/hfsplus-fix-Buffer-overflow-with-a-corrupted-image.patch
      See CVE-2008-4933
    * Fix BUG() in hfsplus
       - bugfix/hfsplus-check_read_mapping_page-return-value.patch
      See CVE-2008-4934
    * Fix stack corruption in hfs
       - bugfix/hfs-fix-namelength-memory-corruption.patch
      See CVE-2008-5025
    * Fix recursive descent in __scm_destroy
       - bugfix/af_unix-fix-garbage-collector-races.patch
       - bugfix/af_unix-convert-socks-to-unix_socks.patch
       - bugfix/net-unix-fix-inflight-counting-bug-in-garbage-collector.patch
       - bugfix/net-fix-recursive-descent-in-__scm_destroy.patch
      See CVE-2008-5029
    * Make sendmsg() block during UNIX garbage collection:
       - bugfix/net-unix-gc-fix-soft-lockups-oom-issues.patch
      See CVE-2008-5300
    * Fix DoS when calling svc_listen twice on the same socket while reading
      /proc/net/atm/*vc:
       - bugfix/atm-duplicate-listen-on-socket-corrupts-the-vcc-table.patch
      See CVE-2008-5079
    * Fix race conditions between inotify removal and umount
       - bugfix/inotify-watch-removal-umount-races.patch
      See CVE-2008-5182

 -- dann frazier <dannf@debian.org>  Sat, 13 Dec 2008 17:42:58 -0700

fai-kernels (1.17+etch.23) stable; urgency=high

  * Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-23:
    [ Ian Campbell ]
    * Fix DMA crash under Xen when no IOMMU is present (closes: #445987)

    [ dann frazier ]
    * [xfs] Fix attr2 corruption with btree data extents (closes: #498309)

 -- dann frazier <dannf@debian.org>  Mon, 13 Oct 2008 17:52:29 -0600

fai-kernels (1.17+etch.22etch3) stable-security; urgency=high

  * Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-22etch3:
    * bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch
      Fix integer overflow in dccp_setsockopt_change()
      See CVE-2008-3276
    * bugfix/dio-zero-struct-dio-with-kzalloc-instead-of-manually.patch
      Fix oops caused by uninitialized field in struct dio
      See CVE-2007-6716
    * bugfix/wan-sbni_ioctl-cap-checks.patch
      Add missing capability checks in sbni_ioctl
      See CVE-2008-3525
    * bugfix/open-allows-sgid-in-sgid-directory.patch
      Prevent open() creating file with wrong permissions
      See CVE-2008-4210
    * bugfix/splice-fix-bad-unlock_page-in-error-case.patch
      Don't attempt to unlock a page if add_to_page_cache_lru fails
      See CVE-2008-4302
    * bugfix/remove-SUID-when-splicing-into-an-inode.patch
      Remove SUID when splicing into an inode
      See CVE-2008-3833
  
 -- dann frazier <dannf@debian.org>  Sun, 12 Oct 2008 21:29:25 -0600

fai-kernels (1.17+etch.22etch2) stable-security; urgency=high

  * Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-22etch2:
    * bugfix/x86-wrong-register-was-used-in-align-macro.patch
      Fix regression introduced upstream by the fix for CVE-2008-0598
    * bugfix/cifs-fix-compiler-warning.patch,
      bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch
      Fix regressions introduced upstream by the fixes for CVE-2008-1673
    * bugfix/sound-ensure-device-number-is-valid-in-snd_seq_oss_synth_make_info.patch
      Fix possible information leak in seq_oss_synth.c
      See CVE-2008-3272
    * bugfix/vfs-fix-lookup-on-deleted-directory.patch
      Fix potential memory leak in lookup path
      See CVE-2008-3275

 -- dann frazier <dannf@debian.org>  Mon, 18 Aug 2008 22:07:49 -0600

fai-kernels (1.17+etch.22etch1) stable-security; urgency=high

  * Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-22etch1:
    * bugfix/sctp-make-sure-n-sizeof-does-not-overflow.patch
      [SECURITY] Fix potential overflow condition in
      sctp_getsockopt_local_addrs_old
      See CVE-2008-2826
    * bugfix/esp-iv-in-linear-part-of-skb.patch
      [SECURITY] Avoid tripping BUG() in IPsec code when the first fragment
      of an ESP packet does not contain the entire ESP header and IV
      See CVE-2007-6282
    * bugfix/amd64-fix-zeroing-on-exception-in-copy_user.patch
      [SECURITY] [amd64] Fix potential information leak when a copy
      operation fails by properly zeroing out destination memory
      See CVE-2008-2729
    * bugfix/tty-fix-for-tty-operations-bugs.patch
      [SECURITY] Fix issues with tty operation handling in various drivers
      See CVE-2008-2812
    * bugfix/check-privileges-before-setting-mount-propagation.patch
      [SECURITY] Check CAP_SYS_ADMIN when changing mountpoint type 
      See CVE-2008-2931
    * bugfix/x86-fix-copy_user.patch
      [SECURITY][amd64] Fix memory leak in the copy_user routine, see #490910.
      See CVE-2008-0598
  * Changes from 2.6.18.dfsg.1-22:
    * Merge in changes from 2.6.18.dfsg.1-18etch6
    * 3w-9xxx: Add 3ware 9690SA Backport (closes: #479773)
    * Backport http://xenbits.xensource.com/xen-unstable.hg?rev/914304b3a3da,
      fixing kernel BUG at drivers/xen/core/evtchn.c:481 (closes: #410807).
  * Changes from 2.6.18.dfsg.1-18etch6
    * bugfix/dccp-feature-length-check.patch
      [SECURITY] Validate feature length to avoid heap overflow
      See CVE-2008-2358
    * bugfix/asn1-ber-decoding-checks.patch
      [SECURITY] Validate lengths in ASN.1 decoding code to avoid
      heap overflow
      See CVE-2008-1673

 -- dann frazier <dannf@debian.org>  Wed,  6 Aug 2008 00:31:44 -0600

fai-kernels (1.17+etch.21) stable; urgency=high

  * Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-21

 -- dann frazier <dannf@debian.org>  Sat, 31 May 2008 13:45:13 -0600

fai-kernels (1.17+etch.18etch5) stable-security; urgency=high

  * Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-18etch5):
    * bugfix/sit-missing-kfree_skb-on-pskb_may_pull.patch
      [SECURITY] Fix remotely-triggerable memory leak in the Simple
      Internet Transition (SIT) code used for IPv6 over IPv4 tunnels
      See CVE-2008-2136
    * bugfix/hrtimer-prevent-overrun.patch,
      bugfix/ktime-fix-MTIME_SEC_MAX-on-32-bit.patch
      [SECURITY] Fix potential infinite loop in hrtimer_forward on
      64-bit systems
      See CVE-2007-6712
    * bugfix/amd64-cs-corruption.patch
      [SECURITY] Fix local ptrace denial of service for amd64 flavor
      kernels, bug #480390
      See CVE-2008-1615
    * bugfix/sparc-fix-mmap-va-span-checking.patch
      bugfix/sparc-fix-mremap-addr-range-validation.patch
      [SECURITY] Validate address ranges regardless of MAP_FIXED
      See CVE-2008-2137

 -- dann frazier <dannf@debian.org>  Tue, 27 May 2008 01:54:12 -0600

fai-kernels (1.17+etch.18etch4) stable-security; urgency=high

  * Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-18etch4)
    * bugfix/fcntl_setlk-close-race.patch
      [SECURITY] Fix an SMP race to prevent reordering of flock updates
      and accesses to the descriptor table on close().
      See CVE-2008-1669

 -- dann frazier <dannf@debian.org>  Mon, 12 May 2008 10:19:37 -0600

fai-kernels (1.17+etch.18etch3) stable-security; urgency=high

  * Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-18etch3):
    * Wrap added code in bugfix/dnotify-race-avoid-abi-change.patch in
      #ifndef __GENKSYMS__ to avoid ABI change
    * Revert ABI change introduced in 2.6.18.dfsg.1-18etch2

 -- dann frazier <dannf@debian.org>  Mon, 28 Apr 2008 22:57:05 -0600

fai-kernels (1.17+etch.18etch2) stable-security; urgency=high

  * Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-18etch2):
    * bugfix/powerpc-chrp-null-deref.patch
      [SECURITY][powerpc] Fix NULL pointer dereference if get_property
      fails on the subarchitecture
      See CVE-2007-6694
    * bugfix/mmap-VM_DONTEXPAND.patch
      [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
      a fault handler but do not bounds check the offset argument
      See CVE-2008-0007
    * bugfix/RLIMIT_CPU-earlier-checking.patch
      [SECURITY] Move check for an RLIMIT_CPU with a value of 0 earlier
      to prevent a user escape (closes: #419706)
      See CVE-2008-1294
    * bugfix/dnotify-race.patch
      [SECURITY] Fix a race in the directory notify
      See CVE-2008-1375
      This patch changes the ABI
    * Bump ABI to 7.

 -- dann frazier <dannf@debian.org>  Mon, 21 Apr 2008 22:30:26 -0600

fai-kernels (1.17+etch.18etch1) stable-security; urgency=high

  * Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-18etch1)
    * bugfix/vmsplice-security.patch
      [SECURITY] Fix missing access check in vmsplice.
      See CVE-2008-0010, CVE-2008-0600
    * bugfix/all/vserver/proc-link-security.patch
      [SECURITY][vserver] Fix access checks for the links in /proc/$pid.
  * Changes from linux-source-2.6.18 (2.6.18.dfsg.1-18)
    [ Martin Michlmayr ]
    * [mips] Fix network on Cobalt RaQ1, thanks Thomas Bogendoerfer
      (closes: #460337).

    [ dann frazier ]
    * [ia64] Fix an issue with unaligned accesses and certain floating point
      instructions that can result in silent user data corruption
      (closes: #461493).
    * Update abi reference files for ABI 6

 -- dann frazier <dannf@debian.org>  Tue, 12 Feb 2008 09:59:43 -0700

fai-kernels (1.17+etch.17etch1) stable-security; urgency=high

  * Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-17etch1):
    * bugfix/i4l-isdn_ioctl-mem-overrun.patch
      [SECURITY] Fix potential isdn ioctl memory overrun
      See CVE-2007-6151
    * bugfix/vfs-use-access-mode-flag.patch
      [SECURITY] Use the access mode flag instead of the open flag when
      testing access mode for a directory. Modify
      features/all/vserver/vs2.0.2.2-rc9.patch to apply on top of this
      See CVE-2008-0001
    * bugfix/fat-move-ioctl-compat-code.patch, bugfix/fat-fix-compat-ioctls.patch
      [SECURITY][ABI Changer] Fix kernel_dirent corruption in the compat layer
      for fat ioctls
      See CVE-2007-2878
    * bugfix/proc-snd-page-alloc-mem-leak.patch
      [SECURITY][ABI Changer] Fix an issue in the alsa subsystem that allows a
      local user to read potentially sensitive kernel memory from the proc
      filesystem
      See CVE-2007-4571
    * Bump ABI to 6.

 -- dann frazier <dannf@debian.org>  Tue, 22 Jan 2008 22:42:35 -0700

fai-kernels (1.17+etch.17) stable; urgency=high

  * Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-17):
    * [futex] Fix address computation in compat code, fixing hangs
      on sparc64. (closes: #433187)
    * [x86_64] Mask the NX bit in mk_pte_phys to avoid triggering a RSVD type
      page fault on non-NX capable systems which causes a crash.
      (closes: #414742)
    * [fusion] Avoid holding the device busy for too long in the low level
      driver, which was causing filesystems in VMWare guests to get remounted
      read-only under load. (closes: #453120)
    * Add UNUSUAL_DEV entries for supertop usb drives which require the
      IGNORE_RESIDUE flag. (closes: #455856)
    * [sparc64] Enable CONFIG_USB_SERIAL (closes: #412740)

 -- dann frazier <dannf@debian.org>  Sat, 22 Dec 2007 17:32:43 -0700

fai-kernels (1.17+etch.13etch6) stable-security; urgency=high

  * NMU by the Security Team
  * Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-13etch6):
    * bugfix/isdn-net-overflow.patch
      [SECURITY] Fix potential overflows in the ISDN subsystem
      See CVE-2007-6063
    * bugfix/coredump-only-to-same-uid.patch
      [SECURITY] Fix an issue where core dumping over a file that
      already exists retains the ownership of the original file
      See CVE-2007-6206
    * bugfix/hrtimer-large-relative-timeouts-overflow.patch
      [SECURITY] Avoid overflow in hrtimers due to large relative timeouts
      See CVE-2007-5966
    * bugfix/minixfs-printk-hang.patch
      [SECURITY] Rate-limit printks caused by accessing a corrupted minixfs
      filesystem that would otherwise cause a system to hang (printk storm)
      See CVE-2006-6058
    * bugfix/tmpfs-restore-clear_highpage.patch
      [SECURITY] Fix a theoretical kernel memory leak in the tmpfs filesystem
      See CVE-2007-6417

 -- dann frazier <dannf@debian.org>  Wed, 19 Dec 2007 23:59:32 -0700

fai-kernels (1.17+etch.13etch5) stable-security; urgency=high

  * NMU by the Security Team
  * Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-13etch5):
    * bugfix/sysfs_readdir-NULL-deref-1.patch,
      bugfix/sysfs_readdir-NULL-deref-2.patch,
      bugfix/sysfs-fix-condition-check.patch
      [SECURITY] Fix potential NULL pointer dereference which can lead to
      a local DoS (kernel oops)
      See CVE-2007-3104
    * bugfix/ieee80211-underflow.patch
      [SECURITY] Fix integer overflow in ieee80211 which makes it possible
      for a malicious frame to crash a system using a driver built on top of
      the Linux 802.11 wireless code.
      See CVE-2007-4997
    * bugfix/wait_task_stopped-hang.patch
      [SECURITY] wait_task_stopped was incorrectly testing for TASK_TRACED -
      check p->exit_state instead avoiding a potential system hang
      See CVE-2007-5500
    * bugfix/cifs-better-failed-mount-errors.patch,
      bugfix/cifs-corrupt-server-response-overflow.patch
      [SECURITY][CIFS] Fix multiple overflows that can be remotely triggered
      by a server sending a corrupt response.
      See CVE-2007-5904

 -- dann frazier <dannf@debian.org>  Mon, 10 Dec 2007 20:13:22 -0700

fai-kernels (1.17+etch.13etch4) stable-security; urgency=high

  * NMU by the Security Team
  * Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-13etch4):
    [ Bastian Blank ]
    * bugfix/amd64-zero-extend-32bit-ptrace-xen.patch
      [SECURITY] Zero extend all registers after ptrace in 32-bit entry path
      (Xen).
      See CVE-2007-4573
    * bugfix/don-t-leak-nt-bit-into-next-task-xen.patch
      [SECURITY] Don't leak NT bit into next task (Xen).
      See CVE-2006-5755

    [ dann frazier ]
    * bugfix/hugetlb-prio_tree-unit-fix.patch
      [SECURITY] Fix misconversion of hugetlb_vmtruncate_list to prio_tree
      which could be used to trigger a BUG_ON() call in exit_mmap.
      See CVE-2007-4133
    * bugfix/usb-pwc-disconnect-block.patch
      [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
      If userspace still has the device open it can result, the driver would
      wait for the device to close, blocking the USB subsystem.
      See CVE-2007-5093

 -- dann frazier <dannf@debian.org>  Mon,  8 Oct 2007 23:42:43 -0600

fai-kernels (1.17+etch.13etch3) stable-security; urgency=high

  * NMU by the Security Team
  * Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-13etch3):
    * bugfix/ptrace-handle-bogus-selector.patch,
      bugfix/fixup-trace_irq-breakage.patch
      [SECURITY] Handle an invalid LDT segment selector %cs (the xcs field)
      during ptrace single-step operations that can be used to trigger a
      NULL-pointer dereference causing an Oops.
      See CVE-2007-3731
    * bugfix/prevent-stack-growth-into-hugetlb-region.patch
      [SECURITY] Prevent OOPS during stack expansion when the VMA crosses
      into address space reserved for hugetlb pages.
      See CVE-2007-3739
    * bugfix/cifs-honor-umask.patch
      [SECURITY] Make CIFS honor a process' umask
      See CVE-2007-3740
    * bugfix/amd64-zero-extend-32bit-ptrace.patch
      [SECURITY] Zero extend all registers after ptrace in 32-bit entry path.
      See CVE-2007-4573
    * bugfix/jffs2-ACL-vs-mode-handling.patch
      [SECURITY] Write correct legacy modes to the medium on inode creation to
      prevent incorrect permissions upon remount.
      See CVE-2007-4849

 -- dann frazier <dannf@debian.org>  Thu, 27 Sep 2007 12:53:36 -0600

fai-kernels (1.17+etch5) stable-security; urgency=high

  * NMU by the Security Team
  * Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-13etch2):
    * bugfix/ipv4-fib_props-out-of-bounds.patch
      [SECURITY] Fix a typo which caused fib_props[] to be of the wrong size
      and check for out of bounds condition in index provided by userspace
      See CVE-2007-2172
    * bugfix/cpuset_tasks-underflow.patch
      [SECURITY] Fix integer underflow in /dev/cpuset/tasks which could allow
      local attackers to read sensitive kernel memory if the cpuset filesystem
      is mounted.
      See CVE-2007-2875
    * bugfix/random-bound-check-ordering.patch
      [SECURITY] Fix stack-based buffer overflow in the random number
      generator
      See CVE-2007-3105
    * bugfix/cifs-fix-sign-settings.patch
      [SECURITY] Fix overriding the server to force signing on caused by
      checking the wrong gloal variable.
      See CVE-2007-3843
    * bugfix/aacraid-ioctl-perm-check.patch
      [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
      See CVE-2007-4308

 -- dann frazier <dannf@debian.org>  Fri, 31 Aug 2007 15:20:11 -0600

fai-kernels (1.17+etch4) stable-security; urgency=high

  * NMU by the Security Team
    * Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-13etch1):
    * Update abi reference files for ABI 5
    * bugfix/bluetooth-l2cap-hci-info-leaks.patch
      [SECURITY] Fix information leaks in setsockopt() implementations
      See CVE-2007-1353
    * bugfix/usblcd-limit-memory-consumption.patch
      [SECURITY] limit memory consumption during write in the usblcd driver
      See CVE-2007-3513
    * bugfix/pppoe-socket-release-mem-leak.patch
      [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
      after connect but before PPPIOCGCHAN ioctl is called upon it
      See CVE-2007-2525
    * bugfix/nf_conntrack_h323-bounds-checking.patch
      [SECURITY] nf_conntrack_h323: add checking of out-of-range on choices'
      index values
      See CVE-2007-3642
    * bugfix/dn_fib-out-of-bounds.patch
      [SECURITY] Fix out of bounds condition in dn_fib_props[]
      See CVE-2007-2172
    * bugfix/random-fix-seeding-with-zero-entropy.patch
      bugfix/random-fix-error-in-entropy-extraction.patch
      [SECURITY] Avoid seeding with the same values at boot time when a
      system has no entropy source and fix a casting error in entropy
      extraction that resulted in slightly less random numbers.
      See CVE-2007-2453
    * bugfix/nf_conntrack_sctp-null-deref.patch
      [SECURITY] Fix remotely triggerable NULL pointer dereference
      by sending an unknown chunk type.
      See CVE-2007-2876
    * bugfix/i965-secure-batchbuffer.patch
      [SECURITY] Fix i965 secured batchbuffer usage
      See CVE-2007-3851
    * bugfix/reset-pdeathsig-on-suid.patch
      [SECURITY] Fix potential privilege escalation caused by improper
      clearing of the child process' pdeath signal.
      Thanks to Marcel Holtmann for the patch.
      See CVE-2007-3848

 -- dann frazier <dannf@debian.org>  Wed, 15 Aug 2007 17:06:20 -0600

fai-kernels (1.17+etch3) stable; urgency=low

  * build arcmsr scsi-driver as module on all three archs (Closes: #417752)
  * updated maintainer address

 -- Holger Levsen <holger@debian.org>  Wed, 16 May 2007 11:03:49 +0200

fai-kernels (1.17+etch2) stable-security; urgency=high

  * NMU by the Security Team
  * Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-12etch2):
    * bugfix/nfnetlink_log-null-deref.patch
      [SECURITY] Fix remotely exploitable NULL pointer dereference in
      nfulnl_recv_config()
      See CVE-2007-1496
    * bugfix/nf_conntrack-set-nfctinfo.patch
      [SECURITY] Fix incorrect classification of IPv6 fragments as ESTABLISHED,
      which allows remote attackers to bypass certain rulesets
      See CVE-2007-1497
    * bugfix/netlink-infinite-recursion.patch
      [SECURITY] Fix infinite recursion bug in netlink
      See CVE-2007-1861
    * bugfix/nl_fib_lookup-oops.patch
      Add fix for oops bug added by previous patch

 -- dann frazier <dannf@debian.org>  Wed, 09 May 2007 18:26:42 -0600

fai-kernels (1.17+etch1) stable-security; urgency=high

  * NMU by the Security Team
  * Rebuild with a version greater than the binNMU in stable (1.17+b1)

 -- dann frazier <dannf@debian.org>  Fri,  4 May 2007 13:33:20 -0600

fai-kernels (1.17etch1) stable-security; urgency=high

  * NMU by the Security Team
  * Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-12etch1):
    * bugfix/core-dump-unreadable-PT_INTERP.patch
      [SECURITY] Fix a vulnerability that allows local users to read
      otherwise unreadable (but executable) files by triggering a core dump.
      See CVE-2007-0958
    * bugfix/appletalk-length-mismatch.patch
      [SECURITY] Fix a remote DoS (crash) in appletalk
      Depends upon bugfix/appletalk-endianness-annotations.patch
      See CVE-2007-1357
    * bugfix/cm4040-buffer-overflow.patch
      [SECURITY] Fix a buffer overflow in the Omnikey CardMan 4040 driver
      See CVE-2007-0005
    * bugfix/ipv6_fl_socklist-no-share.patch
      [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
      ipv6_fl_socklist between the listening socket and the socket created
      for connection.
      See CVE-2007-1592

 -- dann frazier <dannf@debian.org>  Mon, 30 Apr 2007 14:39:56 -0600

fai-kernels (1.17) unstable; urgency=low

  * build against newer version of linux-source-2.6.18 (2.6.18.dfsg.1-11) 

 -- Holger Levsen <debian@layer-acht.org>  Tue, 27 Feb 2007 19:56:20 +0000

fai-kernels (1.16) unstable; urgency=low

  * build against newer version of linux-source-2.6.18 (2.6.18.dfsg.1-10)

 -- Holger Levsen <debian@layer-acht.org>  Wed,  7 Feb 2007 12:29:52 +0100

fai-kernels (1.15) unstable; urgency=low

  * build against newer version of linux-source-2.6.18 (2.6.18-7)
  * JFFS2 (i386 only) needs MTD, this really (Closes: #399990)

 -- Holger Levsen <debian@layer-acht.org>  Sun, 10 Dec 2006 13:54:20 +0000

fai-kernels (1.14) unstable; urgency=low

  * build against newer version of linux-source-2.6.18
  * add Vcs-Svn control field (Closes: #399554)
  * build IPMI modules on i386 and amd64 (Closes: #399545)
  * build 3ware modules on powerpc too, so on all archs now (Closes: #399538)
  * build JFFS2 modules on i386 (Closes: #399990)
  * build LSI MegaRAID modules on powerpc too, so on all archs now (Closes: #399534)

 -- Holger Levsen <debian@layer-acht.org>  Tue, 28 Nov 2006 20:02:04 +0000

fai-kernels (1.13) unstable; urgency=low

  * upgraded to 2.6.18
  * bnx2 network driver enabled (Closes: #387572)
  * copied the Graphics support and Console display driver support 
    configuration sections from config-2.6.18-2-vserver-686/amd64/powerpc
    (Closes: #396740) 
  * introduced config-2.6.17.144floppy in /usr/share/doc/fai-kernels/
    for easy rebuilding with a kernel that still fits on a 1.44mb floppy
    Those configurations are the same as where used in fai-kernels 1.12
    but without the gigabit nic drivers.
  * moved NEWS to NEWS.Debian
  * enabled nfs4

 -- Holger Levsen <debian@layer-acht.org>  Mon, 13 Nov 2006 18:35:14 +0000

fai-kernels (1.12) unstable; urgency=low

  * reverted 1.11-2 as the NMU was a.) incomplete (only i386), b.) included
    cruft and unmentioned changes, c.) I had most changes in SVN anyway and d.)
    got additional bonus points for not sending the patches to the BTS nor 
    opening a bug for the NMU
  * switched images and configs to 2.6.17
  * added CONFIG_USB_HIDINPUT=y to amd64 and i386 (Closes: #385435)
  * enabled some more SCSI modules on i386, amd64 and powerpc (Closes: #381494)
  * enabled CONFIG_SKGE and CONFIG_SKY2 on i386 and amd64 (Closes: #385613)
  * enabled CONFIG_MV643XX_ETH on powerpc
  * enabled CONFIG_NETLINK on i386, amd64 and powerpc (Closes: #380611)

 -- Holger Levsen <debian@layer-acht.org>  Mon, 11 Sep 2006 12:07:23 +0200

fai-kernels (1.11.2) unstable; urgency=low

  * build with CONFIG_SKGE and CONFIG_SKY2 driver Marvell/Yukon gigabit
    ethernet cards support on i386 (closes: #385613).
  * build with CONFIG_USB_HIDINPUT driver for USB keyboards on i386
    (closes: #385435).
  * added myself as uploader

 -- Cyril Bouthors <cyril@bouthors.org>  Sat,  2 Sep 2006 14:41:27 +0300

fai-kernels (1.11.1) unstable; urgency=low

  * build SATA_SIS as a module on i386 (Closes: #378021)
  * removed PATCH_THE_KERNEL=yes as suggested by Dann Frazier in 1.9.1sarge1,
    removed build-conflicts linux-patch-bootsplash (Closes: #378008, #378018)
  * added build-dep module-init-tools also suggested by him in that
    security-upload
  * removed veryclean target and moved its contents to clean

 -- Holger Levsen <debian@layer-acht.org>  Fri, 14 Jul 2006 16:28:19 +0000

fai-kernels (1.11) unstable; urgency=low

  * removed kernel 2.4 
  * therefore also removed alpha build as no 2.6 config for fai-kernels for
    alpha exits :-(
  * build SATA nvidia driver as a module on i386 (Closes: #366423) and the
    AHCI SATA driver on i386 and amd64 (Closes:  #375653)
  * build all megaraid drivers as modules on i386 and amd64 (Closes: #375843)
  * build with FORCEDETH nvidia driver support on i386 (Closes: #368612)
  * confirmed that the package conforms to debian-policy 3.7.2

 -- Holger Levsen <debian@layer-acht.org>  Tue, 11 Jul 2006 18:47:22 +0000

fai-kernels (1.10.3) unstable; urgency=low

  * upgraded to build with 2.6.16
  * enabled aacraid driver (as module) in i386, amd64 and powerpc 2.6 kernels
    as well as in powerpc 2.4 kernels (closes: #357918)

 -- Holger Levsen <debian@layer-acht.org>  Sat,  8 Apr 2006 15:45:01 +0000

fai-kernels (1.10.2) unstable; urgency=low

  * updated to use 2.6.15
  * the test, if the patch for #328707 applies, now works as intended. 
    (That means fai-kernels builds with kernel-source-2.4.27-12 in sid.)
  * increased CONFIG_BLK_DEV_RAM_SIZE=8192 as this is needed for the new
    fai-cd and also matches the debian default kernels
  * added arch specific build-depends on kernel sources
  * bugfix: don't copy the 2.6 kernel config on alpha - the real fix (tm)
    should be to build 2.6 fai-kernels on alpha... as I don't have an 
    alpha I'm waiting for someone to send that config to the BTS
  * build HW_RANDOM as module on archs that support it (2.6 only) - requested
    by user via private mail (please use the BTS instead)
  * build with CONFIG_PDC202XX_FORCE=y as requested by user via private mail 
  * set CONFIG_FUSION=y as it's an option, not a driver
  * more driver needed for 2.6 i386, requested by Thomas Lange (TULIP, 
    CONFIG_DE4X5, CONFIG_WINBOND_840, CONFIG_DM9102, CONFIG_ULI526X)
  * the i386, amd64 and powerpc kernel configs have been re-generated with 
    "make menuconfig" so in future it will be easier to diff them. The alpha
    config still needs to be updated that way. 
  * enabled CONFIG_SCSI_SATA_ULI=m (and therefore experimental drivers) on
    2.6 on i386 and amd64 as requested by Thomas Lange.

 -- Holger Levsen <debian@layer-acht.org>  Wed, 18 Jan 2006 15:44:37 +0100

fai-kernels (1.10.1) unstable; urgency=low

  * added build-depends on gcc-3.3 (closes: #340884)
  * reenabled serial console on 2.6 on i386 (closes: #296932) and also on
    powerpc and amd64 as well as on 2.4 on powerpc
  * streamlined support for Fusion MPT on i386 and amd64
  * added support for 2.4 fai-kernels on alpha - thanks to Steffen Grunewald

 -- Holger Levsen <debian@layer-acht.org>  Wed, 30 Nov 2005 11:42:16 +0100

fai-kernels (1.10) unstable; urgency=low

  * fai-kernels was removed as requested in #323183. Unfortunatly neither
    Thomas Lange (the former maintainer) nor me was informed of that action
    before it was done. 
    This makes FAI unpleasent to use in unstable, and since FAI is in heavy 
    development at the moment we would like to have as many testers as possible 
    - so we decided to re-upload fai-kernels.
    As this is done now, I will stick to my original plan, which is using
    standard debian kernels with "nfsroot"-initrds for FAI. This will make
    fai-kernel unnecessary so it _then_ can be removed again.
  * added support for amd64 and ppc 
  * updated README.non-i386 accordingly
  * updated to use linux-tree-2.6.14 instead of 2.6.8
  * apply the patch for #328707 to kernel-source-2.4.27 during build-time, so 
    that it builds with the latest binutils. As 2.4.27-12 will hopefully soon
    be uploaded with the patch included, the patch will only be applied, if it
    applies cleanly without errors.
  * dont merge kernel config snipplets, rather use one config file per arch
    and kernel version (2.4/2.6)
  * added some drivers for various network cards and scsi controllers 
    (closes: #328232)
  * updated README (closes: #328230)
  * append "fai-kernels" to version of the build kernel-packages instead of
    "fai"
  * updated the FSF address in copyright
  * confirmed that the package conforms to debian-policy 3.6.2
  * made build-dependency to debhelper versioned and raised debian/compat to
    a non-deprecated value
  * added myself to maintainers field

 -- Holger Levsen <debian@layer-acht.org>  Fri, 21 Nov 2005 16:23:42 +0100

fai-kernels (1.9.1) unstable; urgency=high

  * recompile with new kernel sources
  * use kernel-tree-2.6.8-16 and kernel-tree-2.4.27-10

 -- Thomas Lange <lange@debian.org>  Tue, 31 May 2005 14:33:16 +0200

fai-kernels (1.9) unstable; urgency=high

  * provide kernel patchlevel in Build-depends to easier track security
    issues (closes: #297811)
  * build-depends on kernel-tree packges with abi version number
  * added README.security-updates, README.non-i386
  * prepare the rules files to support powerpc
  * added powerpc-kernel-configs
  * rules: set PATCH_THE_KERNEL=YES, so kernel-sources will be patched

 -- Thomas Lange <lange@debian.org>  Fri,  8 Apr 2005 16:05:45 +0200

fai-kernels (1.8.2) unstable; urgency=low

  * add SATA support for 2.4 kernel (closes: 286854)
  * add IA32_EMULATION (only usefull on x86-64)
  * disable math emulation to make kernel fit on a floppy (for 2.6 kernel)
  * ps2 mouse and serial mouse as module, disable autofs support (2.6 kernel)
  * rules: include file versions which sets the variables kversion and
    kversion24
  * disable HAMACHI and ARCNET in both kernel configs
  * enable options which are needed for fai bootcd kernel
  * use gcc 3.3.5 for compilation
  
 -- Thomas Lange <lange@debian.org>  Fri,  7 Jan 2005 11:58:37 +0100

fai-kernels (1.8.1) unstable; urgency=low

  * add POSIX ACL support for 2.4 kernel (closes: #279871)
  * add ReiserFS ACL support for 2.6 kernel

 -- Thomas Lange <lange@debian.org>  Tue,  9 Nov 2004 11:23:32 +0100

fai-kernels (1.8) unstable; urgency=medium

  * use kernel 2.4.27 and 2.6.8 (closes: #271244)
  * disable coda fs
  * added xfs for 2.4 kernel
  * added some network drivers
  * copy kernel config for 2.6 kernel to doc directory

 -- Thomas Lange <lange@debian.org>  Mon, 13 Sep 2004 11:20:35 +0200

fai-kernels (1.7.1) unstable; urgency=low

  * add Promise IDE drivers
  * add SATA drivers to 2.6 kernel

 -- Thomas Lange <lange@debian.org>  Tue,  3 Aug 2004 21:14:22 +0200

fai-kernels (1.7) unstable; urgency=low

  * use 2.4.26 kernel
  * add config for 2.6.7 kernel
  * add aic79xx scsi driver (closes: #241278)
  * control: reformat extended description

 -- Thomas Lange <lange@debian.org>  Thu, 22 Jul 2004 13:49:50 +0200

fai-kernels (1.6) unstable; urgency=low

  * use 2.4.24 kernel
  * rules: add --append-to-version, copy kernel config to doc directory,
    move value of DH_COMPAT in rules to new compat file
  * fai-kernel-config-2.4: add 3Com typhoon drivers, remove some PCMCIA
    drivers, enable highmem support
  * file kernel-version removed, set version in debian/rules
  
 -- Thomas Lange <lange@debian.org>  Tue,  3 Feb 2004 15:47:46 +0100

fai-kernels (1.5.3) unstable; urgency=low

  * add dependency on modutils (closes: #190895)

 -- Thomas Lange <lange@debian.org>  Tue, 29 Apr 2003 15:59:15 +0200

fai-kernels (1.5.2) unstable; urgency=high

  * kernel configuration now build with make oldconfig instead of
    make menuconfig (closes: #188633)
  * dependency on libncurses5-dev is not needed any more
  * add NEWS file
  
 -- Thomas Lange <lange@debian.org>  Wed, 23 Apr 2003 14:46:58 +0200

fai-kernels (1.5.1) unstable; urgency=low

  * add more network drivers for gigabit cards
  * README: list some network card drivers and their size, if someone need
    more space on the boot floppy

 -- Thomas Lange <lange@debian.org>  Mon,  7 Apr 2003 11:08:09 +0200

fai-kernels (1.5) unstable; urgency=low

  * use 2.4.20 kernel
  * debian/rules: build target only builds kernel version 2.4.x
  * debian/control: remove dependency on kernel-source-2.2.20
  * remove frame buffer support (and the penguin logo)
  * SCSI and IDE drivers are only availavle as modules
  * build target does not need root privileges (closes: #167102)
  * add build dependencies in control file
  * use new Intel NIC drivers, add tulip NIC driver
  * remove NFS server and quota support
  * ext2, loop, floppy now as modules
  * use even more kernel modules to reduce the size of the kernel image
  * disable FDDI drivers
  
 -- Thomas Lange <lange@debian.org>  Thu,  6 Feb 2003 15:53:45 +0100

fai-kernels (1.4) unstable; urgency=medium

  * remove setting of DEB_HOST_ARCH in rules file (closes: #146107)
  * add build-depends on bin86
  * merge the two 2.2.20 kernels to one that support both BOOTP and DHCP
  * override obsolete 1.3 version of this package, but add 2.4 kernel support

 -- Thomas Lange <lange@debian.org>  Thu, 16 May 2002 14:30:34 +0200

fai-kernels (1.3) unstable; urgency=low

  * add README to the Debian package
  * add info how to compile a 2.4.X kernel
  * new kernel-config-2.4 file
  * kernel 2.4.18 included in package
  
 -- Thomas Lange <lange@debian.org>  Wed,  8 May 2002 12:58:16 +0200

fai-kernels (1.2) unstable; urgency=low

  * update for kernel 2.2.20

 -- Thomas Lange <lange@debian.org>  Thu, 11 Apr 2002 11:45:47 +0200

fai-kernels (1.1.5) unstable; urgency=low

  * package depends on kernel-source-2.2.19 (closes: #133584)
  * use RTL8139TOO ethernet driver instead of RTL8139
  * added via-rhine ethernet driver
  
 -- Thomas Lange <lange@debian.org>  Mon, 18 Feb 2002 14:59:55 +0100

fai-kernels (1.1.4) unstable; urgency=low

  * add build-depends (closes: #123716)
  * don't use option I with tar, instead use a pipe and bzcat
  * Standards update to 3.5.6

 -- Thomas Lange <lange@debian.org>  Wed,  2 Jan 2002 15:08:13 +0100

fai-kernels (1.1.3) unstable; urgency=low

  * added driver for Promise IDE controlle (needs kernel boot parameter)

 -- Thomas Lange <lange@debian.org>  Fri, 16 Nov 2001 13:48:46 +0100

fai-kernels (1.1.2) unstable; urgency=low

  * kernel configuration slightly changed
  * added serial console support

 -- Thomas Lange <lange@debian.org>  Thu,  4 Oct 2001 13:01:46 +0200

fai-kernels (1.1.1) unstable; urgency=low

  * Build-Depends to kernel-source without version number (closes:
    #102040, #98117)

 -- Thomas Lange <lange@debian.org>  Mon, 23 Jul 2001 11:19:59 +0200

fai-kernels (1.1) unstable; urgency=low

  * first upload to Debian archive
  * Support for kernel 2.2.19
  * enhanced documentation
  
 -- Thomas Lange <lange@debian.org>  Tue,  8 May 2001 16:22:46 +0200

fai-kernels (1.0) unstable; urgency=low

  * Initial Release.

 -- Thomas Lange <lange@debian.org>  Wed, 29 Nov 2000 17:25:29 +0100


