Kernel 2.4.26 Out

StupidKatz writes "Fresh from the oven, the fine folks at kernel.org have released 2.4.26, filled with such yummy goodness as fixes for those damnable mmap() vulns, among other things. Remember to use your favorite mirror!"

Why still 2.4?

[zx2c4]

Why do people still use the 2.4 branch? Why not move onto the 2.6 branch? Why doesn't the kernel team devote their work for the new?

Re:Why still 2.4?

[neurojab]

>2.6 is alot bigger than 2.4, so if you are running on a slow computer, or perhaps a low-memory computer built into something (fridge or car?) you might want to use 2.4 or maybe 2.2

That's interesting. I suppose for ultra low memory situations, it might be easier to stick with 2.4... I wonder how much different the memory footprint is for an absolutely bare-bones kernel. I suspect the difference would not be large, and may even be negative. If you want to run some applications in addition to the kernel, you probably want to go with 2.6 for its enhanced memory management.

If you're talking raw speed, 2.6 clearly wins, even on slower processors.

Remember, Linux is not like Windows. It usually gets FASTER with each release.

Re:Hmmm...

[mh101]

I don't think it's an arduous task... I thought it was going to be a big task too, until I asked on the Gentoo forums. I was told that I just need to do the usual "compile sources, update bootloader" procedure.

Or maybe that only works with Gentoo...?

Re:When

[Paladin128]

What would be REALLY interesting is if the kernel source had a script triggered by something like "make update" that downloaded and installed the diff.

LVM2?

[bulletman]

Anyone know whether LVM2 got into this kernel?

Stephen

Re:When

[Zutroi_Zatatakowsky]

Already done, in Gentoo.

"emerge -u gentoo-sources" will fetch the current stable release and install it. The only thing left to do it the usual "make dep && make clean bzImage modules modules_install". Now, replace "gentoo-sources" with the sources set you prefer (mm, grsec, development (2.6), gaming, vanilla, etc.)

But sure, if it was implemented at kernel level, it would be easier for non-gentoo users to update to next stable release. Could be made as a modules I guess. Love/Cox/Tosatti, I hope you read this. :)

Re:When

[grahamdrew]

...except that gentoo doesn't use a diff at all from version to version (at least not kernel version, patch level is something diffrent). Every kernel source build in the portage tree downloads a FULL source tarball (linux-2.4.26.tar.bz2) and then patches that. 2.4.27 comes out tomarrow? You're downloading another 30M tarball (or whatever they're running nowadays).

I don't mean to rag on portage, it's a great system. It certaintly doesn't use diffs as the grandparent mentioned, though.

Re:Ahem.

[lagoon]

I am not a C guru, but that is not a vulnerability as far as I know. Just a regular bug which might be nasty in some circumstances when one uses async NFS. I for one hope that those mmap() vulnerabilities have been fixed properly in the last few releases.

Re:When

[diegocgteleline.es]

Already saw ketchup?

http://www.selenic.com/ketchup/ketchup-0.5 :

ketchup is a script that automatically patches between kernel
versions, downloading and caching patches as needed, and automatically
determining the latest versions of several trees. Example usage:
$ ketchup 2.6-mm
2.6.3-rc1-mm1 -> 2.6.5-mm4
Applying 2.6.3-rc1-mm1.bz2 -R
Applying patch-2.6.3-rc1.bz2 -R
Applying patch-2.6.3.bz2
Applying patch-2.6.4.bz2
Applying patch-2.6.5.bz2
Downloading 2.6.5-mm4.bz2
Downloading 2.6.5-mm4.bz2.sign
Verifying signature...
gpg: Signature made Sat Apr 10 21:55:36 2004 CDT using DSA key ID 517D0F0E gpg: Good signature from "Linux Kernel Archives Verification Key "
gpg: aka "Linux Kernel Archives Verification Key "
owner.
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the Primary key fingerprint: C75D C40A 11D7 AF88 9981 ED5B C86B A06A 517D 0F0E
Applying 2.6.5-mm4.bz2