I see announcement of a new kernel for security updates.
Any ETA for it here?
thanks
On 23/02/17 14:17, Robert Moskowitz wrote:
I see announcement of a new kernel for security updates.
Any ETA for it here?
thanks
I'm rebuilding kernel 4.4.50 (both generic and rpi variants) that would fix cve_2017_6074. I'll let you know when it will be ready for testing and after some feedback, I'll send those to the signing queue so that they can appear on mirror.centos.org
On 23-02-17 17:16, Fabian Arrotin wrote:
On 23/02/17 14:17, Robert Moskowitz wrote:
I see announcement of a new kernel for security updates.
Any ETA for it here?
thanks
I'm rebuilding kernel 4.4.50 (both generic and rpi variants) that would fix cve_2017_6074. I'll let you know when it will be ready for testing and after some feedback, I'll send those to the signing queue so that they can appear on mirror.centos.org
If I read the changelogs correctly, that CVE is not fixed in version 4.4.50
I think I'll wait for 51 :(
Jacco
On 23/02/17 17:46, Jacco Ligthart wrote:
On 23-02-17 17:16, Fabian Arrotin wrote:
On 23/02/17 14:17, Robert Moskowitz wrote:
I see announcement of a new kernel for security updates.
Any ETA for it here?
thanks
I'm rebuilding kernel 4.4.50 (both generic and rpi variants) that would fix cve_2017_6074. I'll let you know when it will be ready for testing and after some feedback, I'll send those to the signing queue so that they can appear on mirror.centos.org
If I read the changelogs correctly, that CVE is not fixed in version 4.4.50
I think I'll wait for 51 :(
Jacco
I had no time to investigate further, but http://news.softpedia.com/news/linux-kernels-4-9-11-4-4-50-lts-bring-network... was mentioning DCCP
On 23/02/17 18:01, Fabian Arrotin wrote:
On 23/02/17 17:46, Jacco Ligthart wrote:
On 23-02-17 17:16, Fabian Arrotin wrote:
On 23/02/17 14:17, Robert Moskowitz wrote:
I see announcement of a new kernel for security updates.
Any ETA for it here?
thanks
I'm rebuilding kernel 4.4.50 (both generic and rpi variants) that would fix cve_2017_6074. I'll let you know when it will be ready for testing and after some feedback, I'll send those to the signing queue so that they can appear on mirror.centos.org
If I read the changelogs correctly, that CVE is not fixed in version 4.4.50
I think I'll wait for 51 :(
Jacco
I had no time to investigate further, but http://news.softpedia.com/news/linux-kernels-4-9-11-4-4-50-lts-bring-network... was mentioning DCCP
So I just had a quick look at this this morning and yes, it seems the dccp patch wasn't included in 4.4.50 but rather in 4.4.51, so have submitted a build for the generic kernel (I'll push it to testing repo when built). For raspberrypi, nothing (yet) rebased (upstream) to 4.4.51, but otoh it seems that they have now switched to newer LTS 4.9.x version.
For that CVE, I'd consider just bumping to 4.4.51 , but investigating having a rebase to 4.9.x (also LTS) seems a good option, but that has to be tested too
On 24/02/17 07:46, Fabian Arrotin wrote:
On 23/02/17 18:01, Fabian Arrotin wrote:
On 23/02/17 17:46, Jacco Ligthart wrote:
On 23-02-17 17:16, Fabian Arrotin wrote:
On 23/02/17 14:17, Robert Moskowitz wrote:
I see announcement of a new kernel for security updates.
Any ETA for it here?
thanks
I'm rebuilding kernel 4.4.50 (both generic and rpi variants) that would fix cve_2017_6074. I'll let you know when it will be ready for testing and after some feedback, I'll send those to the signing queue so that they can appear on mirror.centos.org
If I read the changelogs correctly, that CVE is not fixed in version 4.4.50
I think I'll wait for 51 :(
Jacco
I had no time to investigate further, but http://news.softpedia.com/news/linux-kernels-4-9-11-4-4-50-lts-bring-network... was mentioning DCCP
So I just had a quick look at this this morning and yes, it seems the dccp patch wasn't included in 4.4.50 but rather in 4.4.51, so have submitted a build for the generic kernel (I'll push it to testing repo when built). For raspberrypi, nothing (yet) rebased (upstream) to 4.4.51, but otoh it seems that they have now switched to newer LTS 4.9.x version.
For that CVE, I'd consider just bumping to 4.4.51 , but investigating having a rebase to 4.9.x (also LTS) seems a good option, but that has to be tested too
And just replying to myself : CONFIG_IP_DCCP isn't set in the default bcm2709_defconfig used to build the rpi kernel, so nothing really to fix for those kernels. But as I built the 4.4.50 kernel for it, you can grab it from https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-rpi2/
Still waiting for the 4.4.51 to finish building before pushing it to buildlogs.centos.org too (in kernel-generic repo)
On 24/02/17 13:08, Fabian Arrotin wrote: <snip>
And just replying to myself : CONFIG_IP_DCCP isn't set in the default bcm2709_defconfig used to build the rpi kernel, so nothing really to fix for those kernels. But as I built the 4.4.50 kernel for it, you can grab it from https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-rpi2/
Still waiting for the 4.4.51 to finish building before pushing it to buildlogs.centos.org too (in kernel-generic repo)
And now 4.4.51 is also available in the testing repo (https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-generic/)
After some positive feedback, we can sign/push to release and normal mirrors
I don't want to do this a couple hours before quitting for the day. I will work on putting it on medon Sunday.
On 02/24/2017 03:33 PM, Fabian Arrotin wrote:
On 24/02/17 13:08, Fabian Arrotin wrote:
<snip> > And just replying to myself : CONFIG_IP_DCCP isn't set in the default > bcm2709_defconfig used to build the rpi kernel, so nothing really to fix > for those kernels. > But as I built the 4.4.50 kernel for it, you can grab it from > https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-rpi2/ > > Still waiting for the 4.4.51 to finish building before pushing it to > buildlogs.centos.org too (in kernel-generic repo) > And now 4.4.51 is also available in the testing repo (https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-generic/)
After some positive feedback, we can sign/push to release and normal mirrors
Arm-dev mailing list Arm-dev@centos.org https://lists.centos.org/mailman/listinfo/arm-dev
I have applied this update to the mailserver test system for starters. I have rebooted with the new kernel and will see how it goes. Here is a little sed command to change extlinux.conf after you update the kernel.
sed -i -e "s/42-202/51-201/" /boot/extlinux/extlinux.conf
I have actually learned a little sed in this activity!
Of course better would be to add a new menu item as #1.
Bob
On 02/24/2017 03:33 PM, Fabian Arrotin wrote:
On 24/02/17 13:08, Fabian Arrotin wrote:
<snip> > And just replying to myself : CONFIG_IP_DCCP isn't set in the default > bcm2709_defconfig used to build the rpi kernel, so nothing really to fix > for those kernels. > But as I built the 4.4.50 kernel for it, you can grab it from > https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-rpi2/ > > Still waiting for the 4.4.51 to finish building before pushing it to > buildlogs.centos.org too (in kernel-generic repo) > And now 4.4.51 is also available in the testing repo (https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-generic/)
After some positive feedback, we can sign/push to release and normal mirrors
Arm-dev mailing list Arm-dev@centos.org https://lists.centos.org/mailman/listinfo/arm-dev
Hi all,
in the end CVE-2017-6074 was fixed in 4.4.52 and 4.9.13
I also noticed that upstream raspberry repo moved to 4.9. So I did a build of that for raspberry2 (armv5). First result is, that the current spec file can be used with 'normal' changes. Just updating the code blobs and the version number resulted in a booting raspberry2 kernel. (hmm, now I think of it I tested only on a raspberry 3)
I guess this should be similar for armv7
next test: does it also work for raspberry version 1 :)
Jacco
On 24-02-17 13:08, Fabian Arrotin wrote:
On 24/02/17 07:46, Fabian Arrotin wrote:
On 23/02/17 18:01, Fabian Arrotin wrote:
On 23/02/17 17:46, Jacco Ligthart wrote:
On 23-02-17 17:16, Fabian Arrotin wrote:
On 23/02/17 14:17, Robert Moskowitz wrote:
I see announcement of a new kernel for security updates.
Any ETA for it here?
thanks
I'm rebuilding kernel 4.4.50 (both generic and rpi variants) that would fix cve_2017_6074. I'll let you know when it will be ready for testing and after some feedback, I'll send those to the signing queue so that they can appear on mirror.centos.org
If I read the changelogs correctly, that CVE is not fixed in version 4.4.50
I think I'll wait for 51 :(
Jacco
I had no time to investigate further, but http://news.softpedia.com/news/linux-kernels-4-9-11-4-4-50-lts-bring-network... was mentioning DCCP
So I just had a quick look at this this morning and yes, it seems the dccp patch wasn't included in 4.4.50 but rather in 4.4.51, so have submitted a build for the generic kernel (I'll push it to testing repo when built). For raspberrypi, nothing (yet) rebased (upstream) to 4.4.51, but otoh it seems that they have now switched to newer LTS 4.9.x version.
For that CVE, I'd consider just bumping to 4.4.51 , but investigating having a rebase to 4.9.x (also LTS) seems a good option, but that has to be tested too
And just replying to myself : CONFIG_IP_DCCP isn't set in the default bcm2709_defconfig used to build the rpi kernel, so nothing really to fix for those kernels. But as I built the 4.4.50 kernel for it, you can grab it from https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-rpi2/
Still waiting for the 4.4.51 to finish building before pushing it to buildlogs.centos.org too (in kernel-generic repo)
On 27/02/17 13:28, Jacco Ligthart wrote:
Hi all,
in the end CVE-2017-6074 was fixed in 4.4.52 and 4.9.13
I also noticed that upstream raspberry repo moved to 4.9. So I did a build of that for raspberry2 (armv5). First result is, that the current spec file can be used with 'normal' changes. Just updating the code blobs and the version number resulted in a booting raspberry2 kernel. (hmm, now I think of it I tested only on a raspberry 3)
I guess this should be similar for armv7
next test: does it also work for raspberry version 1 :)
https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-rpi2/Packages/ : already built 4.9.13 for raspberrypi :-) (and generic kernel is now being built too)
In parallel I've built linux-firmware as there is now the needed broadcom fw for wifi in the pi3 (http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree...) Those linux-firmware packages are now sent to signing queue so will appear on mirror.centos.org soon (hopefully)
On 27-02-17 13:40, Fabian Arrotin wrote:
https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-rpi2/Packages/ : already built 4.9.13 for raspberrypi :-) (and generic kernel is now being built too)
In parallel I've built linux-firmware as there is now the needed broadcom fw for wifi in the pi3 (http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree...) Those linux-firmware packages are now sent to signing queue so will appear on mirror.centos.org soon (hopefully)
Thanks for the heads-up. I would have missed that otherwise.
Can you point me to a location with a spec or a srpm for that? I'm lost again in the CentOS trees.
While thinking over this, one of the other items on my todo list is a new kernel for my aging Odroid U3. It has a Samsung Exynos4412, which is supposedly supported in the generic kernel source. Does anybody here have experience with this? Do you have a link also to your generic kernel srpm? It should be easy to convert that for the Exynos4412.
Thanks,
Jacco
On 02/27/2017 07:24 AM, Jacco Ligthart wrote:
On 27-02-17 13:40, Fabian Arrotin wrote:
https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-rpi2/Packages/ : already built 4.9.13 for raspberrypi :-) (and generic kernel is now being built too)
In parallel I've built linux-firmware as there is now the needed broadcom fw for wifi in the pi3 (http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree...) Those linux-firmware packages are now sent to signing queue so will appear on mirror.centos.org soon (hopefully)
Thanks for the heads-up. I would have missed that otherwise.
Can you point me to a location with a spec or a srpm for that? I'm lost again in the CentOS trees.
While thinking over this, one of the other items on my todo list is a new kernel for my aging Odroid U3. It has a Samsung Exynos4412, which is supposedly supported in the generic kernel source. Does anybody here have experience with this? Do you have a link also to your generic kernel srpm? It should be easy to convert that for the Exynos4412.
I have a linux-firmware here that has everything up to 2/13/2017 in it:
http://cbs.centos.org/koji/buildinfo?buildID=15801
I am not sure if that is the one Fabian use or not.
On 02/27/2017 07:54 AM, Johnny Hughes wrote:
On 02/27/2017 07:24 AM, Jacco Ligthart wrote:
On 27-02-17 13:40, Fabian Arrotin wrote:
https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-rpi2/Packages/ : already built 4.9.13 for raspberrypi :-) (and generic kernel is now being built too)
In parallel I've built linux-firmware as there is now the needed broadcom fw for wifi in the pi3 (http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree...) Those linux-firmware packages are now sent to signing queue so will appear on mirror.centos.org soon (hopefully)
Thanks for the heads-up. I would have missed that otherwise.
Can you point me to a location with a spec or a srpm for that? I'm lost again in the CentOS trees.
While thinking over this, one of the other items on my todo list is a new kernel for my aging Odroid U3. It has a Samsung Exynos4412, which is supposedly supported in the generic kernel source. Does anybody here have experience with this? Do you have a link also to your generic kernel srpm? It should be easy to convert that for the Exynos4412.
I have a linux-firmware here that has everything up to 2/13/2017 in it:
http://cbs.centos.org/koji/buildinfo?buildID=15801
I am not sure if that is the one Fabian use or not.
Here is the git tree for that SRPM (if you want it):
https://git.centos.org/summary/sig-altarch!linux-firmware.git
The lookaside cache is here:
http://people.centos.org/hughesjr/altarch-kernel-4.4.x-Lookaside/
On 27-02-17 14:58, Johnny Hughes wrote:
On 02/27/2017 07:54 AM, Johnny Hughes wrote:
On 02/27/2017 07:24 AM, Jacco Ligthart wrote:
On 27-02-17 13:40, Fabian Arrotin wrote:
https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-rpi2/Packages/ : already built 4.9.13 for raspberrypi :-) (and generic kernel is now being built too)
In parallel I've built linux-firmware as there is now the needed broadcom fw for wifi in the pi3 (http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree...) Those linux-firmware packages are now sent to signing queue so will appear on mirror.centos.org soon (hopefully)
Thanks for the heads-up. I would have missed that otherwise.
Can you point me to a location with a spec or a srpm for that? I'm lost again in the CentOS trees.
While thinking over this, one of the other items on my todo list is a new kernel for my aging Odroid U3. It has a Samsung Exynos4412, which is supposedly supported in the generic kernel source. Does anybody here have experience with this? Do you have a link also to your generic kernel srpm? It should be easy to convert that for the Exynos4412.
I have a linux-firmware here that has everything up to 2/13/2017 in it:
http://cbs.centos.org/koji/buildinfo?buildID=15801
I am not sure if that is the one Fabian use or not.
Here is the git tree for that SRPM (if you want it):
https://git.centos.org/summary/sig-altarch!linux-firmware.git
The lookaside cache is here:
http://people.centos.org/hughesjr/altarch-kernel-4.4.x-Lookaside/
Thanks! somehow I missed the sig-altarch items on git.c.o
Is that kernel also the one that Fabian is building?
Jacco
On 02/27/2017 08:12 AM, Jacco Ligthart wrote:
On 27-02-17 14:58, Johnny Hughes wrote:
On 02/27/2017 07:54 AM, Johnny Hughes wrote:
On 02/27/2017 07:24 AM, Jacco Ligthart wrote:
On 27-02-17 13:40, Fabian Arrotin wrote:
https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-rpi2/Packages/ : already built 4.9.13 for raspberrypi :-) (and generic kernel is now being built too)
In parallel I've built linux-firmware as there is now the needed broadcom fw for wifi in the pi3 (http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree...) Those linux-firmware packages are now sent to signing queue so will appear on mirror.centos.org soon (hopefully)
Thanks for the heads-up. I would have missed that otherwise.
Can you point me to a location with a spec or a srpm for that? I'm lost again in the CentOS trees.
While thinking over this, one of the other items on my todo list is a new kernel for my aging Odroid U3. It has a Samsung Exynos4412, which is supposedly supported in the generic kernel source. Does anybody here have experience with this? Do you have a link also to your generic kernel srpm? It should be easy to convert that for the Exynos4412.
I have a linux-firmware here that has everything up to 2/13/2017 in it:
http://cbs.centos.org/koji/buildinfo?buildID=15801
I am not sure if that is the one Fabian use or not.
Here is the git tree for that SRPM (if you want it):
https://git.centos.org/summary/sig-altarch!linux-firmware.git
The lookaside cache is here:
http://people.centos.org/hughesjr/altarch-kernel-4.4.x-Lookaside/
Thanks! somehow I missed the sig-altarch items on git.c.o
Is that kernel also the one that Fabian is building?
Yes
On 27/02/17 15:12, Jacco Ligthart wrote:
On 27-02-17 14:58, Johnny Hughes wrote:
On 02/27/2017 07:54 AM, Johnny Hughes wrote:
On 02/27/2017 07:24 AM, Jacco Ligthart wrote:
On 27-02-17 13:40, Fabian Arrotin wrote:
https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-rpi2/Packages/ : already built 4.9.13 for raspberrypi :-) (and generic kernel is now being built too)
In parallel I've built linux-firmware as there is now the needed broadcom fw for wifi in the pi3 (http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree...) Those linux-firmware packages are now sent to signing queue so will appear on mirror.centos.org soon (hopefully)
Thanks for the heads-up. I would have missed that otherwise.
Can you point me to a location with a spec or a srpm for that? I'm lost again in the CentOS trees.
While thinking over this, one of the other items on my todo list is a new kernel for my aging Odroid U3. It has a Samsung Exynos4412, which is supposedly supported in the generic kernel source. Does anybody here have experience with this? Do you have a link also to your generic kernel srpm? It should be easy to convert that for the Exynos4412.
I have a linux-firmware here that has everything up to 2/13/2017 in it:
http://cbs.centos.org/koji/buildinfo?buildID=15801
I am not sure if that is the one Fabian use or not.
Here is the git tree for that SRPM (if you want it):
https://git.centos.org/summary/sig-altarch!linux-firmware.git
The lookaside cache is here:
http://people.centos.org/hughesjr/altarch-kernel-4.4.x-Lookaside/
Thanks! somehow I missed the sig-altarch items on git.c.o
Is that kernel also the one that Fabian is building?
Jacco
For kernel-generic (aka "upstream" one) ? yes For rpi2/3 : nope (see the other link) For updated linux-firmware : https://armv7.dev.centos.org/repodir/arm-kernels/linux-firmware-20170213/
I have a linux-firmware here that has everything up to 2/13/2017 in it:
http://cbs.centos.org/koji/buildinfo?buildID=15801
I am not sure if that is the one Fabian use or not.
Here is the git tree for that SRPM (if you want it):
https://git.centos.org/summary/sig-altarch!linux-firmware.git
The lookaside cache is here:
http://people.centos.org/hughesjr/altarch-kernel-4.4.x-Lookaside/
Thanks! somehow I missed the sig-altarch items on git.c.o
Is that kernel also the one that Fabian is building?
Jacco
For kernel-generic (aka "upstream" one) ? yes For rpi2/3 : nope (see the other link) For updated linux-firmware : https://armv7.dev.centos.org/repodir/arm-kernels/linux-firmware-20170213/
I noticed this when upgrading:
Transaction check error: file /usr/lib/firmware/v4l-cx25840.fw from install of linux-firmware-20170213-71.git6d3bc888.el7.noarch conflicts with file from package ivtv-firmware-2:20080701-26.el7.noarch
of course this is on redsleeve, but I *guess* this is similar on armv7. maybe we should add an 'obsoletes' line in the spec file?
Jacco
On 02/27/2017 12:01 PM, Jacco Ligthart wrote:
I have a linux-firmware here that has everything up to 2/13/2017 in it:
http://cbs.centos.org/koji/buildinfo?buildID=15801
I am not sure if that is the one Fabian use or not.
Here is the git tree for that SRPM (if you want it):
https://git.centos.org/summary/sig-altarch!linux-firmware.git
The lookaside cache is here:
http://people.centos.org/hughesjr/altarch-kernel-4.4.x-Lookaside/
Thanks! somehow I missed the sig-altarch items on git.c.o
Is that kernel also the one that Fabian is building?
Jacco
For kernel-generic (aka "upstream" one) ? yes For rpi2/3 : nope (see the other link) For updated linux-firmware : https://armv7.dev.centos.org/repodir/arm-kernels/linux-firmware-20170213/
I noticed this when upgrading:
Transaction check error: file /usr/lib/firmware/v4l-cx25840.fw from install of linux-firmware-20170213-71.git6d3bc888.el7.noarch conflicts with file from package ivtv-firmware-2:20080701-26.el7.noarch
of course this is on redsleeve, but I *guess* this is similar on armv7. maybe we should add an 'obsoletes' line in the spec file?
Mine has that and some other things obsoleted for el6 and el7 .. slightly different from the fedora one.
On 27/02/17 19:01, Jacco Ligthart wrote:
I have a linux-firmware here that has everything up to 2/13/2017 in it:
http://cbs.centos.org/koji/buildinfo?buildID=15801
I am not sure if that is the one Fabian use or not.
Here is the git tree for that SRPM (if you want it):
https://git.centos.org/summary/sig-altarch!linux-firmware.git
The lookaside cache is here:
http://people.centos.org/hughesjr/altarch-kernel-4.4.x-Lookaside/
Thanks! somehow I missed the sig-altarch items on git.c.o
Is that kernel also the one that Fabian is building?
Jacco
For kernel-generic (aka "upstream" one) ? yes For rpi2/3 : nope (see the other link) For updated linux-firmware : https://armv7.dev.centos.org/repodir/arm-kernels/linux-firmware-20170213/
I noticed this when upgrading:
Transaction check error: file /usr/lib/firmware/v4l-cx25840.fw from install of linux-firmware-20170213-71.git6d3bc888.el7.noarch conflicts with file from package ivtv-firmware-2:20080701-26.el7.noarch
of course this is on redsleeve, but I *guess* this is similar on armv7. maybe we should add an 'obsoletes' line in the spec file?
Jacco
Yes, forgot to mention that Johnny already fixed this and so newer (.1) pkgs were pushed to https://armv7.dev.centos.org/repodir/arm-kernels/linux-firmware-20170213/ that obsoletes conflicting pkgs ( https://armv7.dev.centos.org/repodir/c71611-updates-1/linux-firmware/2017021...)
On 27/02/17 14:24, Jacco Ligthart wrote:
On 27-02-17 13:40, Fabian Arrotin wrote:
https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-rpi2/Packages/ : already built 4.9.13 for raspberrypi :-) (and generic kernel is now being built too)
In parallel I've built linux-firmware as there is now the needed broadcom fw for wifi in the pi3 (http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree...) Those linux-firmware packages are now sent to signing queue so will appear on mirror.centos.org soon (hopefully)
Thanks for the heads-up. I would have missed that otherwise.
Can you point me to a location with a spec or a srpm for that? I'm lost again in the CentOS trees.
https://armv7.dev.centos.org/repodir/arm-kernels/rpi2-4.9.13/ has the .src.rpm and build logs
On 27-02-17 13:40, Fabian Arrotin wrote:
In parallel I've built linux-firmware as there is now the needed broadcom fw for wifi in the pi3 (http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree...) Those linux-firmware packages are now sent to signing queue so will appear on mirror.centos.org soon (hopefully)
Does this work for you? I see both on the pi3 as on the pi0W a message: Direct firmware load for brcm/brcmfmac43430-sdio.txt failed with error -2
Apparently this file can be found here: https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm
I am thinking of making a separate brcm firmware package and revert linux-firmware back to the RHEL version. I found some prior art for this: https://build.opensuse.org/package/view_file/hardware/bcm43xx-firmware/bcm43...
Jacco
On 06/03/17 23:19, Jacco Ligthart wrote:
On 27-02-17 13:40, Fabian Arrotin wrote:
In parallel I've built linux-firmware as there is now the needed broadcom fw for wifi in the pi3 (http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree...) Those linux-firmware packages are now sent to signing queue so will appear on mirror.centos.org soon (hopefully)
Does this work for you? I see both on the pi3 as on the pi0W a message: Direct firmware load for brcm/brcmfmac43430-sdio.txt failed with error -2
Apparently this file can be found here: https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm
I am thinking of making a separate brcm firmware package and revert linux-firmware back to the RHEL version. I found some prior art for this: https://build.opensuse.org/package/view_file/hardware/bcm43xx-firmware/bcm43...
Jacco
Yes, it works, but it indeed still needs the .txt file so while the firmware blob is in linux-firmware upstream, I'll modify the image creation for rpi3 to also create that file :
cat > $ROOTPATH/usr/lib/firmware/brcm/brcmfmac43430-sdio.txt << EOF # NVRAM file for BCM943430WLPTH # 2.4 GHz, 20 MHz BW mode
# The following parameter values are just placeholders, need to be updated. manfid=0x2d0 prodid=0x0727 vendid=0x14e4 devid=0x43e2 boardtype=0x0727 boardrev=0x1101 boardnum=22 #macaddr=00:90:4c:c5:12:38 sromrev=11 boardflags=0x00404201 boardflags3=0x08000000 xtalfreq=37400 nocrc=1 ag0=255 aa2g=1 ccode=ALL
pa0itssit=0x20 extpagain2g=0 #PA parameters for 2.4GHz, measured at CHIP OUTPUT pa2ga0=-168,7161,-820 AvVmid_c0=0x0,0xc8 cckpwroffset0=5
# PPR params maxp2ga0=84 txpwrbckof=6 cckbw202gpo=0 legofdmbw202gpo=0x66111111 mcsbw202gpo=0x77711111 propbw202gpo=0xdd
# OFDM IIR : ofdmdigfilttype=18 ofdmdigfilttypebe=18 # PAPD mode: papdmode=1 papdvalidtest=1 pacalidx2g=42 papdepsoffset=-22 papdendidx=58
# LTECX flags ltecxmux=0 ltecxpadnum=0x0102 ltecxfnsel=0x44 ltecxgcigpio=0x01
il0macaddr=00:90:4c:c5:12:38 wl0id=0x431b
deadman_to=0xffffffff # muxenab: 0x1 for UART enable, 0x2 for GPIOs, 0x8 for JTAG muxenab=0x1 # CLDO PWM voltage settings - 0x4 - 1.1 volt #cldo_pwm=0x4
#VCO freq 326.4MHz spurconfig=0x3
edonthd20l=-75 edoffthd20ul=-80
EOF
Yes,
Fabian is building 4.9.13 for our generic release and for the PI now.
On 02/27/2017 06:28 AM, Jacco Ligthart wrote:
Hi all,
in the end CVE-2017-6074 was fixed in 4.4.52 and 4.9.13
I also noticed that upstream raspberry repo moved to 4.9. So I did a build of that for raspberry2 (armv5). First result is, that the current spec file can be used with 'normal' changes. Just updating the code blobs and the version number resulted in a booting raspberry2 kernel. (hmm, now I think of it I tested only on a raspberry 3)
I guess this should be similar for armv7
next test: does it also work for raspberry version 1 :)
Jacco
On 24-02-17 13:08, Fabian Arrotin wrote:
On 24/02/17 07:46, Fabian Arrotin wrote:
On 23/02/17 18:01, Fabian Arrotin wrote:
On 23/02/17 17:46, Jacco Ligthart wrote:
On 23-02-17 17:16, Fabian Arrotin wrote:
On 23/02/17 14:17, Robert Moskowitz wrote: > I see announcement of a new kernel for security updates. > > Any ETA for it here? > > thanks > I'm rebuilding kernel 4.4.50 (both generic and rpi variants) that would fix cve_2017_6074. I'll let you know when it will be ready for testing and after some feedback, I'll send those to the signing queue so that they can appear on mirror.centos.org
If I read the changelogs correctly, that CVE is not fixed in version 4.4.50
I think I'll wait for 51 :(
Jacco
I had no time to investigate further, but http://news.softpedia.com/news/linux-kernels-4-9-11-4-4-50-lts-bring-network... was mentioning DCCP
So I just had a quick look at this this morning and yes, it seems the dccp patch wasn't included in 4.4.50 but rather in 4.4.51, so have submitted a build for the generic kernel (I'll push it to testing repo when built). For raspberrypi, nothing (yet) rebased (upstream) to 4.4.51, but otoh it seems that they have now switched to newer LTS 4.9.x version.
For that CVE, I'd consider just bumping to 4.4.51 , but investigating having a rebase to 4.9.x (also LTS) seems a good option, but that has to be tested too
And just replying to myself : CONFIG_IP_DCCP isn't set in the default bcm2709_defconfig used to build the rpi kernel, so nothing really to fix for those kernels. But as I built the 4.4.50 kernel for it, you can grab it from https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-rpi2/
Still waiting for the 4.4.51 to finish building before pushing it to buildlogs.centos.org too (in kernel-generic repo)
Arm-dev mailing list Arm-dev@centos.org https://lists.centos.org/mailman/listinfo/arm-dev
-
Fabian Arrotin -
Jacco Ligthart -
Johnny Hughes -
Robert Moskowitz