X-Original-To: alpine-devel@lists.alpinelinux.org
Received: from z3.mscf.uky.edu (mscf.ascs.uky.edu [128.163.133.138])
	by lists.alpinelinux.org (Postfix) with ESMTP id BC5205C4E12
	for <alpine-devel@lists.alpinelinux.org>; Sat, 25 Nov 2017 20:19:04 +0000 (GMT)
Received: from [128.163.133.149] (helo=vmowz.zemows.org)
	by z3.mscf.uky.edu with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
	(Exim 4.88)
	(envelope-from <busybox@mowsey.org>)
	id 1eIgwE-0005ti-FK
	for alpine-devel@lists.alpinelinux.org; Sat, 25 Nov 2017 15:20:34 -0500
Received: from [74.136.221.1] (helo=[192.168.1.4])
	by vmowz.zemows.org with esmtpsa (TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256)
	(Exim 4.89)
	(envelope-from <busybox@mowsey.org>)
	id 1eIguh-000ROe-Kb; Sat, 25 Nov 2017 15:19:03 -0500
From: Jack Schmidt <busybox@mowsey.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Sat, 25 Nov 2017 15:18:59 -0500
Subject: [alpine-devel] Hardened kernels 4.9.65-r0 are actually 4.9.59
Message-Id: <D7B4BDC7-C399-4633-B5AF-5644386D81F3@mowsey.org>
To: alpine-devel@lists.alpinelinux.org
X-Mailer: Apple Mail (2.3273)
X-Spam-Bar: /
X-MSCF-Spam-Score: -13 (+)

I noticed the recently released (virt)hardened kernels (4.9.65) appear =
to have been patched back to 4.9.59.

The hardened-3.1-4.9.65-201704252333-alpine.patch appears to mostly =
revert the source back 4.9.59 (I spot checked 5 or 6 changes in =
4.9.64--4.9.65, and all were reverted).

diff --git a/Makefile b/Makefile
index 87a641515e9c..a545aa72ca4f 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
 VERSION =3D 4
 PATCHLEVEL =3D 9
-SUBLEVEL =3D 65
+SUBLEVEL =3D 59
 EXTRAVERSION =3D
 NAME =3D Roaring Lionus

The distributed apks have the wrong modules directory:

=
http://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/linux-hardened-4.9.6=
5-r0.apk
=
http://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/linux-virthardened-4=
.9.65-r0.apk

$ apk info -W /lib/modules/4.9.59-0-*hardened/modules.builtin
/lib/modules/4.9.59-0-hardened/modules.builtin is owned by =
linux-hardened-4.9.65-r0
/lib/modules/4.9.59-0-virthardened/modules.builtin is owned by =
linux-virthardened-4.9.65-r0

Looking in the module, it seems like they really are 4.9.59 modules:

$ strings /lib/modules/4.9.59-0-virthardened/kernel/kernel/configs.ko | =
grep vermagic
vermagic=3D4.9.59-0-virthardened SMP mod_unload modversions KERNEXEC_BTS =
RAP REFCOUNT GRSEC
__UNIQUE_ID_vermagic12

Similarly, the kernel reports as 4.9.59, and does not appear to have =
4.9.65 bugfixes.


Unrelated, but maybe important for 3.7 RC matters: a few of the mirrors =
are a bit stale. This can also be helpful if someone needs to downgrade =
a kernel (mirror.aarnet.edu.au for example still has the 4.9.63-r0 =
kernels)

mirror -- last updated
dl-3  -- Nov 15th
dl-5  -- Oct 30th
mirror.rise.ph -- Oct 31st
mirror.aarnet.edu.au -- Nov 22nd=


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---