Quantcast

OpenSUSE 13.1 Official Security Update Kernel 3.11.10-32.1 misses patches from announcement

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

OpenSUSE 13.1 Official Security Update Kernel 3.11.10-32.1 misses patches from announcement

Martin Konold-2
Hi there,

At Mon, 1 Feb 2016 16:11:19 +0100 (CET) an openSUSE-SU-2016:0301-1 security
update for the kernel of openSUSE 13.1 got announced.

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html

It mentions that kernel 3.11.10-32.1 fixes these issues.

I verified that many updates/fixes including those mentioned in the advisory are
already incorporated in the git version as available from  http://
download.opensuse.org/repositories/Kernel://openSUSE-13.1/standard/src/kernel-
source-3.11.10-170.1.g1e76e80.src.rpm

But when checking with http://download.opensuse.org/update/13.1/src/kernel-source-3.11.10-32.1.src.rpm which explicitly carries the version which is
mentioned in the security announcement and is also from 1 Feb 2016 I noticed
that the actual security fixes are missing in this package!

You may easily verify the issue by either looking at series.conf in the
supposed update package or simply check the changelog.

rpm -qpi --changelog kernel-source-3.11.10-170.1.g1e76e80.src.rpm |grep
'Source Timestamp'  

Source Timestamp: 2016-01-20 15:13:45 +0100

versus

rpm -qpi --changelog http://download.opensuse.org/update/13.1/src/kernel-source-3.11.10-32.1.src.rpm |grep 'Source Timestamp'  

Source Timestamp: 2015-03-05 17:24:00 +0100

The later is definitely outdated.

I can only assume that maybe something is wrong with the OBS setup. Maybe
Coolo can shed some light on the issue.

Kind regards
--martin konold

--
Dipl.-Physiker Martin Konold

e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Registergericht: Amtsgericht Stuttgart PR 126
Firmensitz: Adolfstra├če 23, 70469 Stuttgart
fon: 0711 67400963
fax: 0711 67400959
email: [hidden email]
http://www.erfrakon.de


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSUSE 13.1 Official Security Update Kernel 3.11.10-32.1 misses patches from announcement

Marcus Meissner
Hi,

I can confirm this.

This was a mistake on our side, caused by some confusion of the
handling of evergreen updates .

We will reissue this kernel (or if quicker, do the 3.12 update)

Ciao, Marcus
On Wed, Feb 03, 2016 at 08:46:48AM +0100, Martin Konold wrote:

> Hi there,
>
> At Mon, 1 Feb 2016 16:11:19 +0100 (CET) an openSUSE-SU-2016:0301-1 security
> update for the kernel of openSUSE 13.1 got announced.
>
> http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html
>
> It mentions that kernel 3.11.10-32.1 fixes these issues.
>
> I verified that many updates/fixes including those mentioned in the advisory are
> already incorporated in the git version as available from  http://
> download.opensuse.org/repositories/Kernel://openSUSE-13.1/standard/src/kernel-
> source-3.11.10-170.1.g1e76e80.src.rpm
>
> But when checking with http://download.opensuse.org/update/13.1/src/kernel-source-3.11.10-32.1.src.rpm which explicitly carries the version which is
> mentioned in the security announcement and is also from 1 Feb 2016 I noticed
> that the actual security fixes are missing in this package!
>
> You may easily verify the issue by either looking at series.conf in the
> supposed update package or simply check the changelog.
>
> rpm -qpi --changelog kernel-source-3.11.10-170.1.g1e76e80.src.rpm |grep
> 'Source Timestamp'  
>
> Source Timestamp: 2016-01-20 15:13:45 +0100
>
> versus
>
> rpm -qpi --changelog http://download.opensuse.org/update/13.1/src/kernel-source-3.11.10-32.1.src.rpm |grep 'Source Timestamp'  
>
> Source Timestamp: 2015-03-05 17:24:00 +0100
>
> The later is definitely outdated.
>
> I can only assume that maybe something is wrong with the OBS setup. Maybe
> Coolo can shed some light on the issue.
>
> Kind regards
> --martin konold
>
> --
> Dipl.-Physiker Martin Konold
>
> e r f r a k o n
> Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
> Registergericht: Amtsgericht Stuttgart PR 126
> Firmensitz: Adolfstra├če 23, 70469 Stuttgart
> fon: 0711 67400963
> fax: 0711 67400959
> email: [hidden email]
> http://www.erfrakon.de
>
>
> --
> To unsubscribe, e-mail: [hidden email]
> To contact the owner, e-mail: [hidden email]
>

--
Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <[hidden email]>
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Loading...