~alpine/devel

1

[alpine-devel] Hardened kernels 4.9.65-r0 are actually 4.9.59

Jack Schmidt <alpine@mowsey.org>
Details
Message ID
<7E9EEE36-99DE-48CD-9FDB-20F801F91E32@mowsey.org>
Sender timestamp
1511644106
DKIM signature
missing
Download raw message
6 years ago 
I noticed the recently released (virt)hardened kernels (4.9.65) appear to have been patched back to 4.9.59.

The hardened-3.1-4.9.65-201704252333-alpine.patch appears to mostly revert the source back 4.9.59 (I spot checked 5 or 6 changes in 4.9.64--4.9.65, and all were reverted).

diff --git a/Makefile b/Makefile
index 87a641515e9c..a545aa72ca4f 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
VERSION = 4
PATCHLEVEL = 9
-SUBLEVEL = 65
+SUBLEVEL = 59
EXTRAVERSION =
NAME = Roaring Lionus

The distributed apks have the wrong modules directory:

http://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/linux-hardened-4.9.65-r0.apk
http://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/linux-virthardened-4.9.65-r0.apk

$ apk info -W /lib/modules/4.9.59-0-*hardened/modules.builtin
/lib/modules/4.9.59-0-hardened/modules.builtin is owned by linux-hardened-4.9.65-r0
/lib/modules/4.9.59-0-virthardened/modules.builtin is owned by linux-virthardened-4.9.65-r0

Looking in the module, it seems like they really are 4.9.59 modules:

$ strings /lib/modules/4.9.59-0-virthardened/kernel/kernel/configs.ko | grep vermagic
vermagic=4.9.59-0-virthardened SMP mod_unload modversions KERNEXEC_BTS RAP REFCOUNT GRSEC
__UNIQUE_ID_vermagic12

Similarly, the kernel reports as 4.9.59, and does not appear to have 4.9.65 bugfixes.


Unrelated, but maybe important for 3.7 RC matters: a few of the mirrors are a bit stale. This can also be helpful if someone needs to downgrade a kernel (mirror.aarnet.edu.au for example still has the 4.9.63-r0 kernels)

mirror -- last updated
dl-3  -- Nov 15th
dl-5  -- Oct 30th
mirror.rise.ph -- Oct 31st
mirror.aarnet.edu.au -- Nov 22nd



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20171128180112.7d24ec0f@ncopa-desktop.copa.dup.pw>
In-Reply-To
<7E9EEE36-99DE-48CD-9FDB-20F801F91E32@mowsey.org> (view parent)
Sender timestamp
1511888472
DKIM signature
missing
Download raw message
6 years ago 
On Sat, 25 Nov 2017 16:08:26 -0500
Jack Schmidt <alpine@mowsey.org> wrote:

> I noticed the recently released (virt)hardened kernels (4.9.65)
> appear to have been patched back to 4.9.59.
> 
> The hardened-3.1-4.9.65-201704252333-alpine.patch appears to mostly
> revert the source back 4.9.59 (I spot checked 5 or 6 changes in
> 4.9.64--4.9.65, and all were reverted).

Yes I messed up when preparing the patch, and thought my test script
was broken when testbooted it before pushing.

It should be fixed with 4.9.65-r1

Thanks!

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)