Re: [Evergreen] Evergreen 13.1 kernel - conclusion
We incorrectly released an oder kernel update. I am currently redoing the update :( Ciao , Marcus Am 3. Februar 2016 18:34:22 MEZ, schrieb Chad Lingrell : >Hello, > >Noticing that the 3.11.10-32.1 kernel was released I went to the >opensuse.org website and grabbed the source rpm: >http://download.opensuse.org/update/13.1/src/ >kernel-source-3.11.10-32.1.src.rpm. I noticed that the CVE-2016-0728 >vulnerability was listed as fixed >(http://lists.opensuse.org/opensuse-updates/2016-02/msg3.html), so >I just went to do a quick spot check after running the prep stages of >the rpmbuild using the kernel-default.spec and I noticed that the >expected fix was not patched (it is a one-liner in >security/keys/process_keys.c). That made me a little nervous so I >decided to compare the 3.11.10-32.1 with the 3.11.10-29.1 rpms: > >rpm -qp --dump kernel-source-3.11.10-29.1.src.rpm >>/tmp/kernel-source-3.11.10-29.1.cksum >rpm -qp --dump kernel-source-3.11.10-32.1.src.rpm >>/tmp/kernel-source-3.11.10-32.1.cksum > >diff /tmp/kernel-source-3.11.10-29.1.cksum >/tmp/kernel-source-3.11.10-32.1.cksum >30c30 >< kernel-source.spec 870472 1425898016 1124bf0b8e9aedef37e6746f0a98b38d >0100644 root root 0 0 0 X >--- >> kernel-source.spec 870433 1453891954 5581f8e87712f07fc51507270b2eefd0 >0100644 root root 0 0 0 X > >So only the kernel-source.spec has changed, and when I compare those >two only the release number has been updated. > >Am I missing something? > >Thanks, > >Chad > > >-Original Message- >From: evergreen-boun...@lists.rosenauer.org >[mailto:evergreen-boun...@lists.rosenauer.org] On Behalf Of Marcus >Meissner >Sent: Tuesday, February 02, 2016 10:20 AM >To: Michal Kubecek >Cc: evergr...@ds9.rosenauer.org >Subject: Re: [Evergreen] Evergreen 13.1 kernel - conclusion > >On Sat, Jan 30, 2016 at 08:33:39PM +0100, Michal Kubecek wrote: >> On Sat, Jan 30, 2016 at 06:18:37PM +0100, Marcus Meissner wrote: >> > >> > Also a side note, we are testing a 13.1 kernel update for the >> > current local root exploit and will want to release that before. >> >> OK, I'll wait until this one is released. For some reason I thought >it >> already was out. > >We have released it now. > >http://lists.opensuse.org/opensuse-updates/2016-02/msg3.html > >If you submit, submit with > > osc mr YOURSOURCEPROJECT kernel-source openSUSE:13.1:Update > >(This ensures it will land in openSUSE:Maintenance and not >openSUSE:Evergreen:Maintenance) > >we will probably need to refresh some of the kmps too if they no longer >build. > >Ciao, Marcus >___ >Evergreen mailing list >Evergreen@lists.rosenauer.org >http://lists.rosenauer.org/mailman/listinfo/evergreen > >___ >Evergreen mailing list >Evergreen@lists.rosenauer.org >http://lists.rosenauer.org/mailman/listinfo/evergreen -- Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] Evergreen 13.1 kernel - conclusion
Hello, Noticing that the 3.11.10-32.1 kernel was released I went to the opensuse.org website and grabbed the source rpm: http://download.opensuse.org/update/13.1/src/ kernel-source-3.11.10-32.1.src.rpm. I noticed that the CVE-2016-0728 vulnerability was listed as fixed (http://lists.opensuse.org/opensuse-updates/2016-02/msg3.html), so I just went to do a quick spot check after running the prep stages of the rpmbuild using the kernel-default.spec and I noticed that the expected fix was not patched (it is a one-liner in security/keys/process_keys.c). That made me a little nervous so I decided to compare the 3.11.10-32.1 with the 3.11.10-29.1 rpms: rpm -qp --dump kernel-source-3.11.10-29.1.src.rpm >/tmp/kernel-source-3.11.10-29.1.cksum rpm -qp --dump kernel-source-3.11.10-32.1.src.rpm >/tmp/kernel-source-3.11.10-32.1.cksum diff /tmp/kernel-source-3.11.10-29.1.cksum /tmp/kernel-source-3.11.10-32.1.cksum 30c30 < kernel-source.spec 870472 1425898016 1124bf0b8e9aedef37e6746f0a98b38d 0100644 root root 0 0 0 X --- > kernel-source.spec 870433 1453891954 5581f8e87712f07fc51507270b2eefd0 0100644 > root root 0 0 0 X So only the kernel-source.spec has changed, and when I compare those two only the release number has been updated. Am I missing something? Thanks, Chad -Original Message- From: evergreen-boun...@lists.rosenauer.org [mailto:evergreen-boun...@lists.rosenauer.org] On Behalf Of Marcus Meissner Sent: Tuesday, February 02, 2016 10:20 AM To: Michal Kubecek Cc: evergr...@ds9.rosenauer.org Subject: Re: [Evergreen] Evergreen 13.1 kernel - conclusion On Sat, Jan 30, 2016 at 08:33:39PM +0100, Michal Kubecek wrote: > On Sat, Jan 30, 2016 at 06:18:37PM +0100, Marcus Meissner wrote: > > > > Also a side note, we are testing a 13.1 kernel update for the > > current local root exploit and will want to release that before. > > OK, I'll wait until this one is released. For some reason I thought it > already was out. We have released it now. http://lists.opensuse.org/opensuse-updates/2016-02/msg3.html If you submit, submit with osc mr YOURSOURCEPROJECT kernel-source openSUSE:13.1:Update (This ensures it will land in openSUSE:Maintenance and not openSUSE:Evergreen:Maintenance) we will probably need to refresh some of the kmps too if they no longer build. Ciao, Marcus ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] Evergreen 13.1 kernel - conclusion
On Tue, Feb 02, 2016 at 10:25:10PM +0100, Michal Kubecek wrote: > On Tue, Feb 02, 2016 at 04:20:09PM +0100, Marcus Meissner wrote: > > > we will probably need to refresh some of the kmps too if they no > > longer build. > > I have all 13.1 packages which build KMPs linked in my home project but > only some of them needed patching; I'll submit those with kernel-source > (and probably also kernel-firmware) unless you tell me otherwise. Thinking about it again, I'm not sure what exactly needs to be done. Only three packages building KMPs need patching: ndiswrapper openvswitch pcfclock The rest, i.e. cloop crash hdjmod ipset iscsitarget vhba-kmp virtualbox xen xtables-addons build without any source change (virtualbox needed a patch originally but it does not since January 2015 update). However, they will still need a rebuild to work with new kernel which is probably not going to happen itself. Would submitting them anyway (without any source change) do the trick? Or perhaps adding an entry to *.changes (like "rebuild for 3.12 kernel")? Michal Kubeček ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] Evergreen 13.1 kernel - conclusion
On Wed, Feb 03, 2016 at 09:30:42AM +0100, Marcus Meissner wrote: > On Wed, Feb 03, 2016 at 08:28:43AM +0100, Michal Kubecek wrote: > > On Tue, Feb 02, 2016 at 10:25:10PM +0100, Michal Kubecek wrote: > > > On Tue, Feb 02, 2016 at 04:20:09PM +0100, Marcus Meissner wrote: > > > > > > > we will probably need to refresh some of the kmps too if they no > > > > longer build. > > > > > > I have all 13.1 packages which build KMPs linked in my home project but > > > only some of them needed patching; I'll submit those with kernel-source > > > (and probably also kernel-firmware) unless you tell me otherwise. > > > > Thinking about it again, I'm not sure what exactly needs to be done. > > Only three packages building KMPs need patching: > > > > ndiswrapper > > openvswitch > > pcfclock > > > > The rest, i.e. > > > > cloop > > crash > > hdjmod > > ipset > > iscsitarget > > vhba-kmp > > virtualbox > > xen > > xtables-addons > > > > build without any source change (virtualbox needed a patch originally > > but it does not since January 2015 update). However, they will still > > need a rebuild to work with new kernel which is probably not going to > > happen itself. Would submitting them anyway (without any source change) > > do the trick? Or perhaps adding an entry to *.changes (like "rebuild for > > 3.12 kernel")? > > I can and would branch the unchanged myself, no need to submit them. maintenance request #357472 created Michal Kubeček ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] Evergreen 13.1 kernel - conclusion
Michal Kubecek composed on 2016-02-03 07:08 (UTC+0100): > Felix Miata wrote: >> Whatever happened to the idea of using newer (3.12) for Evergreen? I've been >> using those from repositories/home:/mkubecek:/evergreen-13.1/openSUSE_13.1/ >> on most of my installations ever since you first announced that repo, going >> on two years ago. > That's exactly what we are talking about. I couldn't tell any such thing because the only kernel version I could find anywhere in the thread was 3.11.x. -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] Evergreen 13.1 kernel - conclusion
On Wed, Feb 03, 2016 at 08:28:43AM +0100, Michal Kubecek wrote: > On Tue, Feb 02, 2016 at 10:25:10PM +0100, Michal Kubecek wrote: > > On Tue, Feb 02, 2016 at 04:20:09PM +0100, Marcus Meissner wrote: > > > > > we will probably need to refresh some of the kmps too if they no > > > longer build. > > > > I have all 13.1 packages which build KMPs linked in my home project but > > only some of them needed patching; I'll submit those with kernel-source > > (and probably also kernel-firmware) unless you tell me otherwise. > > Thinking about it again, I'm not sure what exactly needs to be done. > Only three packages building KMPs need patching: > > ndiswrapper > openvswitch > pcfclock > > The rest, i.e. > > cloop > crash > hdjmod > ipset > iscsitarget > vhba-kmp > virtualbox > xen > xtables-addons > > build without any source change (virtualbox needed a patch originally > but it does not since January 2015 update). However, they will still > need a rebuild to work with new kernel which is probably not going to > happen itself. Would submitting them anyway (without any source change) > do the trick? Or perhaps adding an entry to *.changes (like "rebuild for > 3.12 kernel")? I can and would branch the unchanged myself, no need to submit them. Ciao, Marcus ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] Evergreen 13.1 kernel - conclusion
On Tue, Feb 02, 2016 at 05:37:36PM -0500, Felix Miata wrote: > Michal Kubecek composed on 2016-02-02 22:25 (UTC+0100): > > >> > Marcus Meissner wrote: > > >> > > Also a side note, we are testing a 13.1 kernel update for the current > >> > > local root exploit and will want to release that before. > > >> > OK, I'll wait until this one is released. For some reason I thought it > >> > already was out. > > >> We have released it now. > > >> http://lists.opensuse.org/opensuse-updates/2016-02/msg3.html > > >> If you submit, submit with > > >>osc mr YOURSOURCEPROJECT kernel-source openSUSE:13.1:Update > > >> (This ensures it will land in openSUSE:Maintenance and not > >> openSUSE:Evergreen:Maintenance) > > > Thanks for the info, I'll submit it tomorrow. > > >> we will probably need to refresh some of the kmps too if they no > >> longer build. > > > I have all 13.1 packages which build KMPs linked in my home project but > > only some of them needed patching; I'll submit those with kernel-source > > (and probably also kernel-firmware) unless you tell me otherwise. > > Whatever happened to the idea of using newer (3.12) for Evergreen? I've been > using those from repositories/home:/mkubecek:/evergreen-13.1/openSUSE_13.1/ > on most of my installations ever since you first announced that repo, going > on two years ago. That's exactly what we are talking about. Michal Kubeček ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] Evergreen 13.1 kernel - conclusion
Michal Kubecek composed on 2016-02-02 22:25 (UTC+0100): >> > Marcus Meissner wrote: >> > > Also a side note, we are testing a 13.1 kernel update for the current >> > > local root exploit and will want to release that before. >> > OK, I'll wait until this one is released. For some reason I thought it >> > already was out. >> We have released it now. >> http://lists.opensuse.org/opensuse-updates/2016-02/msg3.html >> If you submit, submit with >> osc mr YOURSOURCEPROJECT kernel-source openSUSE:13.1:Update >> (This ensures it will land in openSUSE:Maintenance and not >> openSUSE:Evergreen:Maintenance) > Thanks for the info, I'll submit it tomorrow. >> we will probably need to refresh some of the kmps too if they no >> longer build. > I have all 13.1 packages which build KMPs linked in my home project but > only some of them needed patching; I'll submit those with kernel-source > (and probably also kernel-firmware) unless you tell me otherwise. Whatever happened to the idea of using newer (3.12) for Evergreen? I've been using those from repositories/home:/mkubecek:/evergreen-13.1/openSUSE_13.1/ on most of my installations ever since you first announced that repo, going on two years ago. -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] Evergreen 13.1 kernel - conclusion
On Tue, Feb 02, 2016 at 04:20:09PM +0100, Marcus Meissner wrote: > On Sat, Jan 30, 2016 at 08:33:39PM +0100, Michal Kubecek wrote: > > On Sat, Jan 30, 2016 at 06:18:37PM +0100, Marcus Meissner wrote: > > > > > > Also a side note, we are testing a 13.1 kernel update for the current > > > local root exploit and will want to release that before. > > > > OK, I'll wait until this one is released. For some reason I thought it > > already was out. > > We have released it now. > > http://lists.opensuse.org/opensuse-updates/2016-02/msg3.html > > If you submit, submit with > > osc mr YOURSOURCEPROJECT kernel-source openSUSE:13.1:Update > > (This ensures it will land in openSUSE:Maintenance and not > openSUSE:Evergreen:Maintenance) Thanks for the info, I'll submit it tomorrow. > we will probably need to refresh some of the kmps too if they no > longer build. I have all 13.1 packages which build KMPs linked in my home project but only some of them needed patching; I'll submit those with kernel-source (and probably also kernel-firmware) unless you tell me otherwise. Michal Kubeček ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] Evergreen 13.1 kernel - conclusion
On Sat, Jan 30, 2016 at 08:33:39PM +0100, Michal Kubecek wrote: > On Sat, Jan 30, 2016 at 06:18:37PM +0100, Marcus Meissner wrote: > > > > Also a side note, we are testing a 13.1 kernel update for the current > > local root exploit and will want to release that before. > > OK, I'll wait until this one is released. For some reason I thought it > already was out. We have released it now. http://lists.opensuse.org/opensuse-updates/2016-02/msg3.html If you submit, submit with osc mr YOURSOURCEPROJECT kernel-source openSUSE:13.1:Update (This ensures it will land in openSUSE:Maintenance and not openSUSE:Evergreen:Maintenance) we will probably need to refresh some of the kmps too if they no longer build. Ciao, Marcus ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] Evergreen 13.1 kernel - conclusion
On Sat, Jan 30, 2016 at 06:18:37PM +0100, Marcus Meissner wrote: > > Also a side note, we are testing a 13.1 kernel update for the current > local root exploit and will want to release that before. OK, I'll wait until this one is released. For some reason I thought it already was out. Michal Kubeček ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] Evergreen 13.1 kernel - conclusion
Hi, Also a side note, we are testing a 13.1 kernel update for the current local root exploit and will want to release that before. Ciao, Marcus On Sat, Jan 30, 2016 at 02:25:50PM +0100, Wolfgang Rosenauer wrote: > Hi, > > as a sidenote about kernel updates. > At this moment the Evergreen team is unfortunately not able to > technically use the Evergreen maintenance process for kernel updates. > The reason is that we do not own a key which would be trusted for secure > boot. > > We hopefully still can release update kernels but need support from the > official maintenance team to push them through their process for the > time being. > > Wolfgang > > Am 30.01.2016 um 12:55 schrieb Michal Kubecek: > > On Sat, Jan 30, 2016 at 11:34:09AM +0100, Ronny Peine wrote: > >> > >> I would like to ask if and when the new kernel will arrive in the > >> standard update repos or if an additional repository is needed for > >> supported kernels. > > > > The plan is to switch in the beginning of February. Unless there are > > some problems, I would like to submit the kernel (and related packages) > > on Monday; after that, it usually takes a day or two until the packages > > get into the update channel. > > > > Michal Kubeček > > > > ___ > > Evergreen mailing list > > Evergreen@lists.rosenauer.org > > http://lists.rosenauer.org/mailman/listinfo/evergreen > > > > ___ > Evergreen mailing list > Evergreen@lists.rosenauer.org > http://lists.rosenauer.org/mailman/listinfo/evergreen > -- Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] Evergreen 13.1 kernel - conclusion
Hi, as a sidenote about kernel updates. At this moment the Evergreen team is unfortunately not able to technically use the Evergreen maintenance process for kernel updates. The reason is that we do not own a key which would be trusted for secure boot. We hopefully still can release update kernels but need support from the official maintenance team to push them through their process for the time being. Wolfgang Am 30.01.2016 um 12:55 schrieb Michal Kubecek: > On Sat, Jan 30, 2016 at 11:34:09AM +0100, Ronny Peine wrote: >> >> I would like to ask if and when the new kernel will arrive in the >> standard update repos or if an additional repository is needed for >> supported kernels. > > The plan is to switch in the beginning of February. Unless there are > some problems, I would like to submit the kernel (and related packages) > on Monday; after that, it usually takes a day or two until the packages > get into the update channel. > > Michal Kubeček > > ___ > Evergreen mailing list > Evergreen@lists.rosenauer.org > http://lists.rosenauer.org/mailman/listinfo/evergreen > ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] Evergreen 13.1 kernel - conclusion
On Sat, Jan 30, 2016 at 11:34:09AM +0100, Ronny Peine wrote: > > I would like to ask if and when the new kernel will arrive in the > standard update repos or if an additional repository is needed for > supported kernels. The plan is to switch in the beginning of February. Unless there are some problems, I would like to submit the kernel (and related packages) on Monday; after that, it usually takes a day or two until the packages get into the update channel. Michal Kubeček ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] Evergreen 13.1 kernel - conclusion
Hello, I would like to ask if and when the new kernel will arrive in the standard update repos or if an additional repository is needed for supported kernels. Thanks for your work. Kind regards, Ronny Am 11.09.2015 um 18:17 schrieb Michal Kubecek: > As nobody objected to the plan to base Evergreen 13.1 kernel on > SLE12-SP1 one (rather than SLE12 GA one) and there were some voices > supporting the idea, I'm going to go on with this plan. > > I already have first SP1 based build running on one of my machines and > so far everything looks good but I'm not going to publish it in OBS > until SP1 is released. Before that, there will be most likely one more > update based on SLE12 GA kernel. > > Michal Kubeček > > ___ > Evergreen mailing list > Evergreen@lists.rosenauer.org > http://lists.rosenauer.org/mailman/listinfo/evergreen > ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
