Let’s verify that what I am applying is the only real meat to the first patch.
I will build and test this locally to verify that we have the issue before and not after applying that patch.
Then we can test it as a group.
SO .. hold off on testing kernel-3.18.25-17 and I will create a kernel-3.18.25-18 if this fixes the CVE-2016-0728 issue.
Thanks, Johnny Hughes
Ok thanks. I will test it on several development machines once it is ready.
Thanks, Johnny!
Just a minor question about workflow. I had understood that CentOS
wanted the CBS itself to only be used for SIG dev testing; and that for wider testing they wanted to use buildlogs. And so ideally after making sure the basics were in place, you would have tagged it with
-testing, and then sent out an announcement asking people to test it by doing “yum –enablerepo
/etc/sysconfig/network-scripts/ifcfg-xenbr0: line 17: 8.8.4.4: command not found GRUB_CMDLINE_XEN_DEFAULT already set in /etc/default/grub, not touching GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT already set in /etc/default/grub, not touching Regenerating grub2 config Generating grub configuration file … Found linux image: /boot/vmlinuz-3.18.25-18.el7.x86_64
Found initrd image: /boot/initramfs-3.18.25-18.el7.x86_64.img Found linux image: /boot/vmlinuz-3.18.21-17.el7.x86_64
Found initrd image: /boot/initramfs-3.18.21-17.el7.x86_64.img Found linux image: /boot/vmlinuz-3.18.25-18.el7.x86_64
Found initrd image: /boot/initramfs-3.18.25-18.el7.x86_64.img Found linux image: /boot/vmlinuz-3.18.21-17.el7.x86_64
Found initrd image: /boot/initramfs-3.18.21-17.el7.x86_64.img Found linux image: /boot/vmlinuz-3.18.25-18.el7.x86_64
Found initrd image: /boot/initramfs-3.18.25-18.el7.x86_64.img Found linux image: /boot/vmlinuz-3.18.21-17.el7.x86_64
Found initrd image: /boot/initramfs-3.18.21-17.el7.x86_64.img Found linux image: /boot/vmlinuz-3.18.25-18.el7.x86_64
Found initrd image: /boot/initramfs-3.18.25-18.el7.x86_64.img Found linux image: /boot/vmlinuz-3.18.21-17.el7.x86_64
Found initrd image: /boot/initramfs-3.18.21-17.el7.x86_64.img Found linux image: /boot/vmlinuz-3.10.0-327.4.4.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-327.4.4.el7.x86_64.img Found linux image: /boot/vmlinuz-3.10.0-229.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-229.el7.x86_64.img Found linux image: /boot/vmlinuz-0-rescue-5d64f5b902f747cd8697961c92f8ca51
Found initrd image:
/boot/initramfs-0-rescue-5d64f5b902f747cd8697961c92f8ca51.img done Setting Xen as the default
Verifying :
kernel-3.18.25-18.el7.x86_64
1/1
Installed:
kernel.x86_64 0:3.18.25-18.el7
Complete!
[root@localhost ~]# uname -a Linux localhost 3.18.25-18.el7.x86_64 #1 SMP Tue Jan 19 22:23:47 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
That workflow works George .. I didn’t know if the stuff would end up on buildlogs or not (if that was automatic) .. but it is. So from now on, I will do it that way :)
7 thoughts on - Xen Kernel-3.18.25-17 EL6 And EL7 Needs Testing
I presume this addresses CVE-2016-0728?
Actually it does not .. they have not rolled that patch into the LTS
3.18 branch at kernel.org yet.
As soon as it hits the LTS tree I will build a new kernel though.
OK .. supposedly, this patch fixes the issue:
http://bit.ly/1Sv1Llu
I have made this patch apply to the xen kernel sources:
http://bit.ly/23d5JmD
Let’s verify that what I am applying is the only real meat to the first patch.
I will build and test this locally to verify that we have the issue before and not after applying that patch.
Then we can test it as a group.
SO .. hold off on testing kernel-3.18.25-17 and I will create a kernel-3.18.25-18 if this fixes the CVE-2016-0728 issue.
Thanks, Johnny Hughes
Ok thanks. I will test it on several development machines once it is ready.
Thanks, Johnny!
Just a minor question about workflow. I had understood that CentOS
wanted the CBS itself to only be used for SIG dev testing; and that for wider testing they wanted to use buildlogs. And so ideally after making sure the basics were in place, you would have tagged it with
-testing, and then sent out an announcement asking people to test it by doing “yum –enablerepo
CentOS 7 works fine:
Running transaction
Installing :
kernel-3.18.25-18.el7.x86_64
1/1
/etc/sysconfig/network-scripts/ifcfg-xenbr0: line 17: 8.8.4.4: command not found GRUB_CMDLINE_XEN_DEFAULT already set in /etc/default/grub, not touching GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT already set in /etc/default/grub, not touching Regenerating grub2 config Generating grub configuration file … Found linux image: /boot/vmlinuz-3.18.25-18.el7.x86_64
Found initrd image: /boot/initramfs-3.18.25-18.el7.x86_64.img Found linux image: /boot/vmlinuz-3.18.21-17.el7.x86_64
Found initrd image: /boot/initramfs-3.18.21-17.el7.x86_64.img Found linux image: /boot/vmlinuz-3.18.25-18.el7.x86_64
Found initrd image: /boot/initramfs-3.18.25-18.el7.x86_64.img Found linux image: /boot/vmlinuz-3.18.21-17.el7.x86_64
Found initrd image: /boot/initramfs-3.18.21-17.el7.x86_64.img Found linux image: /boot/vmlinuz-3.18.25-18.el7.x86_64
Found initrd image: /boot/initramfs-3.18.25-18.el7.x86_64.img Found linux image: /boot/vmlinuz-3.18.21-17.el7.x86_64
Found initrd image: /boot/initramfs-3.18.21-17.el7.x86_64.img Found linux image: /boot/vmlinuz-3.18.25-18.el7.x86_64
Found initrd image: /boot/initramfs-3.18.25-18.el7.x86_64.img Found linux image: /boot/vmlinuz-3.18.21-17.el7.x86_64
Found initrd image: /boot/initramfs-3.18.21-17.el7.x86_64.img Found linux image: /boot/vmlinuz-3.10.0-327.4.4.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-327.4.4.el7.x86_64.img Found linux image: /boot/vmlinuz-3.10.0-229.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-229.el7.x86_64.img Found linux image: /boot/vmlinuz-0-rescue-5d64f5b902f747cd8697961c92f8ca51
Found initrd image:
/boot/initramfs-0-rescue-5d64f5b902f747cd8697961c92f8ca51.img done Setting Xen as the default
Verifying :
kernel-3.18.25-18.el7.x86_64
1/1
Installed:
kernel.x86_64 0:3.18.25-18.el7
Complete!
[root@localhost ~]# uname -a Linux localhost 3.18.25-18.el7.x86_64 #1 SMP Tue Jan 19 22:23:47 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
That workflow works George .. I didn’t know if the stuff would end up on buildlogs or not (if that was automatic) .. but it is. So from now on, I will do it that way :)