Gentoo Archives: gentoo-hardened

From: Miroslav Rovis <miro.rovis@××××××××××××××.hr>
To: gentoo-hardened@l.g.o
Cc: "Francisco Blas Izquierdo Riera (klondike)" <klondike@g.o>
Subject: [gentoo-hardened] Re: hardened-sources-4.4.8-r1 mad COW patched?
Date: Tue, 25 Oct 2016 16:24:33
Message-Id: 20161025162459.GD19361@g0n.xdwgrp
In Reply to: [gentoo-hardened] Re: hardened-sources-4.4.8-r1 mad COW patched? by "Francisco Blas Izquierdo Riera (klondike)"
1 Hi Francisco, and Michael!
2
3 On 161025-16:10+0200, Francisco Blas Izquierdo Riera (klondike) wrote:
4 > El 25/10/16 a las 12:56, Miroslav Rovis escribió:
5 > > Hi!
6 > Hi Miroslav!
7 > > Due to this bug:
8 > > https://bugs.gentoo.org/show_bug.cgi?id=597554
9 > >
10 > > I can't use the patched 4.7.9 of hardened sources.
11 > >
12 > > hardened-sources-4.4.8-r1 do not appear to me to be mad COW patched.
13 > I guess you are talking about CVE-2016–5195 here. Please correct me if
14 > mistaken.
15 Not likely. Prefer not to go checking it but mad [C]opy [O]n [W]rite has
16 acquired enough notoriety by now.
17 > > I looked up the sources, but am not able to see for sure how to patch
18 > > 4.4.8-r1 myself.
19 > >
20 > > I have just rsynced my system and nothing new seems to have happened
21 > > with 4.4.8-r1 yet.
22 > If 4.4.8 gets patched you will find a new revision (i.e. 4.4.8-r2).
23 > ...
24 I know that more or less well.
25 >
26 > You can read more on the Gentoo project revision policy for ebuilds at
27 > https://devmanual.gentoo.org/general-concepts/ebuild-revisions/
28 Awaiting for me. Gone through it to some extent once, but I'm too slow
29 to figure much so well very soon... I'm nearly 60 yrs old and started
30 with computing after I was 40...
31 >
32 > I'm CCing the Gentoo Hardened user list as other users may be able to
33 > provide more and better input on this.
34 Which is great, since I now subscribed.
35 >
36 > Sincerely,
37 > Francisco Blas Izquierdo Riera (klondike)
38 Thanks, Francisco!
39
40 The other correspondent in this thread, Michael Orlitzky, mentioned how
41 4.7.10 already works fine for him.
42
43 I'll paste and ask him here:
44
45 > > I'm testing 4.7.10 and will have it stabilized soon.
46 > >
47 >
48 > FWIW, I've been panic-updating all of our x86/amd64 servers (mostly HP
49 > Proliant) to 4.7.10 and nothing has blown up yet.
50
51 Michael,
52
53 are you talking about that bug:
54
55 =sys-kernel/hardened-sources-4.7.6: Kernel panic when starting KVM
56 guests
57 > > https://bugs.gentoo.org/show_bug.cgi?id=597554
58 having been fixed in 4.7.10
59
60 Where are the hardened-sources?
61 I tried:
62 https://gitweb.gentoo.org/proj/hardened-kernel.git/
63 and see only very old stuff there.
64 I tried:
65 https://gitweb.gentoo.org/dev/blueness.git/
66 but can't find how to (maybe) get 4.7.10.
67
68 (And I also couldn't find them on Github a few days ago. And alos
69 currently don't have the time to study Gentoo git system more deeply.)
70
71 Regards!
72 --
73 Miroslav Rovis
74 Zagreb, Croatia
75 http://www.CroatiaFidelis.hr

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-hardened] Re: hardened-sources-4.4.8-r1 mad COW patched? wabe <wabenbau@×××××.com>