We incorrectly released an oder kernel update. I am currently redoing the
update :(
Ciao , Marcus
Am 3. Februar 2016 18:34:22 MEZ, schrieb Chad Lingrell
<chad.lingr...@genband.com>:
>Hello,
>
>Noticing that the 3.11.10-32.1 kernel was released I went to the
>opensuse.org website and grabbed the source rpm:
>http://download.opensuse.org/update/13.1/src/
>kernel-source-3.11.10-32.1.src.rpm. I noticed that the CVE-2016-0728
>vulnerability was listed as fixed
>(http://lists.opensuse.org/opensuse-updates/2016-02/msg00003.html), so
>I just went to do a quick spot check after running the prep stages of
>the rpmbuild using the kernel-default.spec and I noticed that the
>expected fix was not patched (it is a one-liner in
>security/keys/process_keys.c). That made me a little nervous so I
>decided to compare the 3.11.10-32.1 with the 3.11.10-29.1 rpms:
>
>rpm -qp --dump kernel-source-3.11.10-29.1.src.rpm
>>/tmp/kernel-source-3.11.10-29.1.cksum
>rpm -qp --dump kernel-source-3.11.10-32.1.src.rpm
>>/tmp/kernel-source-3.11.10-32.1.cksum
>
>diff /tmp/kernel-source-3.11.10-29.1.cksum
>/tmp/kernel-source-3.11.10-32.1.cksum
>30c30
>< kernel-source.spec 870472 1425898016 1124bf0b8e9aedef37e6746f0a98b38d
>0100644 root root 0 0 0 X
>---
>> kernel-source.spec 870433 1453891954 5581f8e87712f07fc51507270b2eefd0
>0100644 root root 0 0 0 X
>
>So only the kernel-source.spec has changed, and when I compare those
>two only the release number has been updated.
>
>Am I missing something?
>
>Thanks,
>
>Chad
>
>
>-----Original Message-----
>From: evergreen-boun...@lists.rosenauer.org
>[mailto:evergreen-boun...@lists.rosenauer.org] On Behalf Of Marcus
>Meissner
>Sent: Tuesday, February 02, 2016 10:20 AM
>To: Michal Kubecek
>Cc: evergr...@ds9.rosenauer.org
>Subject: Re: [Evergreen] Evergreen 13.1 kernel - conclusion
>
>On Sat, Jan 30, 2016 at 08:33:39PM +0100, Michal Kubecek wrote:
>> On Sat, Jan 30, 2016 at 06:18:37PM +0100, Marcus Meissner wrote:
>> >
>> > Also a side note, we are testing a 13.1 kernel update for the
>> > current local root exploit and will want to release that before.
>>
>> OK, I'll wait until this one is released. For some reason I thought
>it
>> already was out.
>
>We have released it now.
>
>http://lists.opensuse.org/opensuse-updates/2016-02/msg00003.html
>
>If you submit, submit with
>
> osc mr YOURSOURCEPROJECT kernel-source openSUSE:13.1:Update
>
>(This ensures it will land in openSUSE:Maintenance and not
>openSUSE:Evergreen:Maintenance)
>
>we will probably need to refresh some of the kmps too if they no longer
>build.
>
>Ciao, Marcus
>_______________________________________________
>Evergreen mailing list
>Evergreen@lists.rosenauer.org
>http://lists.rosenauer.org/mailman/listinfo/evergreen
>
>_______________________________________________
>Evergreen mailing list
>Evergreen@lists.rosenauer.org
>http://lists.rosenauer.org/mailman/listinfo/evergreen
--
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.
_______________________________________________
Evergreen mailing list
Evergreen@lists.rosenauer.org
http://lists.rosenauer.org/mailman/listinfo/evergreen
