Noticing that the 3.11.10-32.1 kernel was released I went to the opensuse.org 
website and grabbed the source rpm: 
kernel-source-3.11.10-32.1.src.rpm.  I noticed that the CVE-2016-0728 
vulnerability was listed as fixed 
(http://lists.opensuse.org/opensuse-updates/2016-02/msg00003.html), so I just 
went to do a quick spot check after running the prep stages of the rpmbuild 
using the kernel-default.spec  and I noticed that the expected fix was not 
patched (it is a one-liner in security/keys/process_keys.c).  That made me a 
little nervous so I decided to compare the 3.11.10-32.1 with the 3.11.10-29.1 
rpm -qp --dump kernel-source-3.11.10-29.1.src.rpm 
rpm -qp --dump kernel-source-3.11.10-32.1.src.rpm 

diff /tmp/kernel-source-3.11.10-29.1.cksum /tmp/kernel-source-3.11.10-32.1.cksum
< kernel-source.spec 870472 1425898016 1124bf0b8e9aedef37e6746f0a98b38d 0100644 
root root 0 0 0 X
> kernel-source.spec 870433 1453891954 5581f8e87712f07fc51507270b2eefd0 0100644 
> root root 0 0 0 X

So only the kernel-source.spec has changed, and when I compare those two only 
the release number has been updated.

Am I missing something?



-----Original Message-----
From: evergreen-boun...@lists.rosenauer.org 
[mailto:evergreen-boun...@lists.rosenauer.org] On Behalf Of Marcus Meissner
Sent: Tuesday, February 02, 2016 10:20 AM
To: Michal Kubecek
Cc: evergr...@ds9.rosenauer.org
Subject: Re: [Evergreen] Evergreen 13.1 kernel - conclusion

On Sat, Jan 30, 2016 at 08:33:39PM +0100, Michal Kubecek wrote:
> On Sat, Jan 30, 2016 at 06:18:37PM +0100, Marcus Meissner wrote:
> > 
> > Also a side note, we are testing a 13.1 kernel update for the 
> > current local root exploit and will want to release that before.
> OK, I'll wait until this one is released. For some reason I thought it 
> already was out.

We have released it now.


If you submit, submit with 

        osc mr YOURSOURCEPROJECT kernel-source openSUSE:13.1:Update

(This ensures it will land in openSUSE:Maintenance and not 

we will probably need to refresh some of the kmps too if they no longer build.

Ciao, Marcus
Evergreen mailing list

Evergreen mailing list

Reply via email to