Yes, Fabian is building 4.9.13 for our generic release and for the PI now. On 02/27/2017 06:28 AM, Jacco Ligthart wrote: > Hi all, > > in the end CVE-2017-6074 was fixed in 4.4.52 and 4.9.13 > > I also noticed that upstream raspberry repo moved to 4.9. So I did a > build of that for raspberry2 (armv5). First result is, that the current > spec file can be used with 'normal' changes. Just updating the code > blobs and the version number resulted in a booting raspberry2 kernel. > (hmm, now I think of it I tested only on a raspberry 3) > > I guess this should be similar for armv7 > > next test: does it also work for raspberry version 1 :) > > Jacco > > > > On 24-02-17 13:08, Fabian Arrotin wrote: >> On 24/02/17 07:46, Fabian Arrotin wrote: >>> On 23/02/17 18:01, Fabian Arrotin wrote: >>>> On 23/02/17 17:46, Jacco Ligthart wrote: >>>>> On 23-02-17 17:16, Fabian Arrotin wrote: >>>>>> On 23/02/17 14:17, Robert Moskowitz wrote: >>>>>>> I see announcement of a new kernel for security updates. >>>>>>> >>>>>>> Any ETA for it here? >>>>>>> >>>>>>> thanks >>>>>>> >>>>>> I'm rebuilding kernel 4.4.50 (both generic and rpi variants) that would >>>>>> fix cve_2017_6074. >>>>>> I'll let you know when it will be ready for testing and after some >>>>>> feedback, I'll send those to the signing queue so that they can appear >>>>>> on mirror.centos.org >>>>> If I read the changelogs correctly, that CVE is not fixed in version 4.4.50 >>>>> >>>>> I think I'll wait for 51 :( >>>>> >>>>> Jacco >>>>> >>>> I had no time to investigate further, but >>>> http://news.softpedia.com/news/linux-kernels-4-9-11-4-4-50-lts-bring-networking-improvements-updated-drivers-513073.shtml >>>> was mentioning DCCP >>>> >>>> >>> So I just had a quick look at this this morning and yes, it seems the >>> dccp patch wasn't included in 4.4.50 but rather in 4.4.51, so have >>> submitted a build for the generic kernel (I'll push it to testing repo >>> when built). >>> For raspberrypi, nothing (yet) rebased (upstream) to 4.4.51, but otoh it >>> seems that they have now switched to newer LTS 4.9.x version. >>> >>> For that CVE, I'd consider just bumping to 4.4.51 , but investigating >>> having a rebase to 4.9.x (also LTS) seems a good option, but that has to >>> be tested too >>> >> And just replying to myself : CONFIG_IP_DCCP isn't set in the default >> bcm2709_defconfig used to build the rpi kernel, so nothing really to fix >> for those kernels. >> But as I built the 4.4.50 kernel for it, you can grab it from >> https://buildlogs.centos.org/centos/7/kernel/armhfp/kernel-rpi2/ >> >> Still waiting for the 4.4.51 to finish building before pushing it to >> buildlogs.centos.org too (in kernel-generic repo) > > _______________________________________________ > Arm-dev mailing list > Arm-dev at centos.org > https://lists.centos.org/mailman/listinfo/arm-dev > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/arm-dev/attachments/20170227/67676aca/attachment-0006.sig>