[Arm-dev] New kernel?

Fri Feb 24 12:08:47 UTC 2017
Fabian Arrotin <arrfab at centos.org>

On 24/02/17 07:46, Fabian Arrotin wrote:
> On 23/02/17 18:01, Fabian Arrotin wrote:
>> On 23/02/17 17:46, Jacco Ligthart wrote:
>>> On 23-02-17 17:16, Fabian Arrotin wrote:
>>>> On 23/02/17 14:17, Robert Moskowitz wrote:
>>>>> I see announcement of a new kernel for security updates.
>>>>>
>>>>> Any ETA for it here?
>>>>>
>>>>> thanks
>>>>>
>>>> I'm rebuilding kernel 4.4.50 (both generic and rpi variants) that would
>>>> fix  cve_2017_6074.
>>>> I'll let you know when it will be ready for testing and after some
>>>> feedback, I'll send those to the signing queue so that they can appear
>>>> on mirror.centos.org
>>>
>>> If I read the changelogs correctly, that CVE is not fixed in version 4.4.50
>>>
>>> I think I'll wait for 51 :(
>>>
>>> Jacco
>>>
>>
>> I had no time to investigate further, but
>> http://news.softpedia.com/news/linux-kernels-4-9-11-4-4-50-lts-bring-networking-improvements-updated-drivers-513073.shtml
>> was mentioning DCCP
>>
>>
> 
> So I just had a quick look at this this morning and yes, it seems the
> dccp patch wasn't included in 4.4.50 but rather in 4.4.51, so have
> submitted a build for the generic kernel (I'll push it to testing repo
> when built).
> For raspberrypi, nothing (yet) rebased (upstream) to 4.4.51, but otoh it
> seems that they have now switched to newer LTS 4.9.x version.
> 
> For that CVE, I'd consider just bumping to 4.4.51 , but investigating
> having a rebase to 4.9.x (also LTS) seems a good option, but that has to
> be tested too
> 

And just replying to myself : CONFIG_IP_DCCP isn't set in the default
bcm2709_defconfig used to build the rpi kernel, so nothing really to fix
for those kernels.
But as I built the 4.4.50 kernel for it, you can grab it from
https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-rpi2/

Still waiting for the 4.4.51 to finish building before pushing it to
buildlogs.centos.org too (in kernel-generic repo)


-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/arm-dev/attachments/20170224/31271368/attachment-0006.sig>