[elrepo] kmod-ecryptfs.x86_64 on Centos Stream fails

Sun Jan 31 11:12:07 EST 2021

On 31/01/2021 16:02, Leon Fauster via elrepo wrote:
> Am 31.01.21 um 15:14 schrieb lejeczek via elrepo:
> >
> >
> > On 31/01/2021 13:44, Trevor Hemsley wrote:
> >> On 31/01/2021 10:38, lejeczek via elrepo wrote:
> >> > Does anybody else get this and if yes then should it go to
> >> > bugzilla?
> >>
> >> ELRepo do not support Stream since it uses a different, non-KABI 
> stable,
> >> kernel series to RHEL. This is something that's come up several 
> times in
> >> the mailing list etc threads on what Red Hat are doing with CentOS
> >> Linux 8.
> >>
> >> Trevor
> >>
> > And what is the actual problem? Surely it's not one of technical nature.
> > Increasingly more of us will be ridding "Stream" as months go by.
> > many thanks, L.
>
> As others pointed out - its a problem thats not resolved now.
> Following should not been seen as solution (the location can
> vanished in the future)
>
> JFI: old 240series-stream-kernel
>
> https://composes.centos.org/CentOS-Stream-8-20201203.n.0/compose/BaseOS/x86_64/os/Packages/ 
> <https://composes.centos.org/CentOS-Stream-8-20201203.n.0/compose/BaseOS/x86_64/os/Packages>

And thanks for amply demonstrating why this is not a useful solution :-(

The latest kernel there in the -240 series is the original 8.3 one, 
https://composes.centos.org/CentOS-Stream-8-20201203.n.0/compose/BaseOS/x86_64/os/Packages/kernel-core-4.18.0-240.el8.x86_64.rpm

In CentOS Linux 8.3 there have been several newer kernels than the 
-240.el8 one listed there. When I check the rpm changelog for the latest 
(-240.10.1) it has the original -240 one listed starting on line 91 so 
the list of CVEs you would be missing by reverting to that -240.el8 
kernel is

[root at centos8 ~]# rpm -q --changelog kernel-core-4.18.0-240.10.1.el8_3 | head -90 | grep CVE
- [net] netfilter: ctnetlink: add a range check for l3/l4 protonum (Florian Westphal) [1892665 1892666] {CVE-2020-25211}
- [netdrv] geneve: add transport ports in route lookup for geneve (Mark Gray) [1891818 1884481] {CVE-2020-25645}
- [char] random32: update the net random state on interrupt and activity (Donghai Qiao) [1888233 1867569] {CVE-2020-16166}
- [net] Bluetooth: fix kernel oops in store_pending_adv_report (Gopal Tiwari) [1888454 1888455] {CVE-2020-24490}
- [net] Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel (Gopal Tiwari) [1888257 1888258] {CVE-2020-12351}
- [net] Bluetooth: A2MP: Fix not initializing all members (Gopal Tiwari) [1888806 1888807] {CVE-2020-12352}

Trevor

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more visit the Mimecast website.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.elrepo.org/pipermail/elrepo/attachments/20210131/95d89b22/attachment-0001.html>