Hello, Noticing that the 3.11.10-32.1 kernel was released I went to the opensuse.org website and grabbed the source rpm: http://download.opensuse.org/update/13.1/src/ kernel-source-3.11.10-32.1.src.rpm. I noticed that the CVE-2016-0728 vulnerability was listed as fixed (http://lists.opensuse.org/opensuse-updates/2016-02/msg00003.html), so I just went to do a quick spot check after running the prep stages of the rpmbuild using the kernel-default.spec and I noticed that the expected fix was not patched (it is a one-liner in security/keys/process_keys.c). That made me a little nervous so I decided to compare the 3.11.10-32.1 with the 3.11.10-29.1 rpms: rpm -qp --dump kernel-source-3.11.10-29.1.src.rpm >/tmp/kernel-source-3.11.10-29.1.cksum rpm -qp --dump kernel-source-3.11.10-32.1.src.rpm >/tmp/kernel-source-3.11.10-32.1.cksum
diff /tmp/kernel-source-3.11.10-29.1.cksum /tmp/kernel-source-3.11.10-32.1.cksum 30c30 < kernel-source.spec 870472 1425898016 1124bf0b8e9aedef37e6746f0a98b38d 0100644 root root 0 0 0 X --- > kernel-source.spec 870433 1453891954 5581f8e87712f07fc51507270b2eefd0 0100644 > root root 0 0 0 X So only the kernel-source.spec has changed, and when I compare those two only the release number has been updated. Am I missing something? Thanks, Chad -----Original Message----- From: evergreen-boun...@lists.rosenauer.org [mailto:evergreen-boun...@lists.rosenauer.org] On Behalf Of Marcus Meissner Sent: Tuesday, February 02, 2016 10:20 AM To: Michal Kubecek Cc: evergr...@ds9.rosenauer.org Subject: Re: [Evergreen] Evergreen 13.1 kernel - conclusion On Sat, Jan 30, 2016 at 08:33:39PM +0100, Michal Kubecek wrote: > On Sat, Jan 30, 2016 at 06:18:37PM +0100, Marcus Meissner wrote: > > > > Also a side note, we are testing a 13.1 kernel update for the > > current local root exploit and will want to release that before. > > OK, I'll wait until this one is released. For some reason I thought it > already was out. We have released it now. http://lists.opensuse.org/opensuse-updates/2016-02/msg00003.html If you submit, submit with osc mr YOURSOURCEPROJECT kernel-source openSUSE:13.1:Update (This ensures it will land in openSUSE:Maintenance and not openSUSE:Evergreen:Maintenance) we will probably need to refresh some of the kmps too if they no longer build. Ciao, Marcus _______________________________________________ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen _______________________________________________ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen