[Arm-dev] New kernel?

Mon Feb 27 12:42:15 UTC 2017
Johnny Hughes <johnny at centos.org>

Yes,

Fabian is building 4.9.13 for our generic release and for the PI now.

On 02/27/2017 06:28 AM, Jacco Ligthart wrote:
> Hi all,
> 
> in the end CVE-2017-6074 was fixed in 4.4.52 and 4.9.13
> 
> I also noticed that upstream raspberry repo moved to 4.9. So I did a
> build of that for raspberry2 (armv5). First result is, that the current
> spec file can be used with 'normal' changes. Just updating the code
> blobs and the version number resulted in a booting raspberry2 kernel.
> (hmm, now I think of it I tested only on a raspberry 3)
> 
> I guess this should be similar for armv7
> 
> next test: does it also work for raspberry version 1 :)
> 
> Jacco
> 
> 
> 
> On 24-02-17 13:08, Fabian Arrotin wrote:
>> On 24/02/17 07:46, Fabian Arrotin wrote:
>>> On 23/02/17 18:01, Fabian Arrotin wrote:
>>>> On 23/02/17 17:46, Jacco Ligthart wrote:
>>>>> On 23-02-17 17:16, Fabian Arrotin wrote:
>>>>>> On 23/02/17 14:17, Robert Moskowitz wrote:
>>>>>>> I see announcement of a new kernel for security updates.
>>>>>>>
>>>>>>> Any ETA for it here?
>>>>>>>
>>>>>>> thanks
>>>>>>>
>>>>>> I'm rebuilding kernel 4.4.50 (both generic and rpi variants) that would
>>>>>> fix  cve_2017_6074.
>>>>>> I'll let you know when it will be ready for testing and after some
>>>>>> feedback, I'll send those to the signing queue so that they can appear
>>>>>> on mirror.centos.org
>>>>> If I read the changelogs correctly, that CVE is not fixed in version 4.4.50
>>>>>
>>>>> I think I'll wait for 51 :(
>>>>>
>>>>> Jacco
>>>>>
>>>> I had no time to investigate further, but
>>>> http://news.softpedia.com/news/linux-kernels-4-9-11-4-4-50-lts-bring-networking-improvements-updated-drivers-513073.shtml
>>>> was mentioning DCCP
>>>>
>>>>
>>> So I just had a quick look at this this morning and yes, it seems the
>>> dccp patch wasn't included in 4.4.50 but rather in 4.4.51, so have
>>> submitted a build for the generic kernel (I'll push it to testing repo
>>> when built).
>>> For raspberrypi, nothing (yet) rebased (upstream) to 4.4.51, but otoh it
>>> seems that they have now switched to newer LTS 4.9.x version.
>>>
>>> For that CVE, I'd consider just bumping to 4.4.51 , but investigating
>>> having a rebase to 4.9.x (also LTS) seems a good option, but that has to
>>> be tested too
>>>
>> And just replying to myself : CONFIG_IP_DCCP isn't set in the default
>> bcm2709_defconfig used to build the rpi kernel, so nothing really to fix
>> for those kernels.
>> But as I built the 4.4.50 kernel for it, you can grab it from
>> https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-rpi2/
>>
>> Still waiting for the 4.4.51 to finish building before pushing it to
>> buildlogs.centos.org too (in kernel-generic repo)
> 
> _______________________________________________
> Arm-dev mailing list
> Arm-dev at centos.org
> https://lists.centos.org/mailman/listinfo/arm-dev
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/arm-dev/attachments/20170227/67676aca/attachment-0006.sig>