[meta-freescale] security patches in the Linux kernel

Sona Sarmadi sona.sarmadi at enea.com
Mon Jul 7 05:10:10 PDT 2014 

Hi Zhenhua,

These patches are fixed by community and published/discussed in the oss-security mailing list (http://www.openwall.com/lists/oss-security/2014/06/). These are normally fixed in the "git.kernel.org" later version and we try to backport them to the kernel versions we are using (e.g. meta-fsl-pps layer which is using 3.8.13 kernel). 

If we find the bug at Enea and fix it, we will send the patch to the relevant kernel mailing list.

Best regards
Sona 

-----Original Message-----
From: zhenhua.luo at freescale.com [mailto:zhenhua.luo at freescale.com] 
Sent: den 7 juli 2014 05:56
To: Sona Sarmadi; Otavio Salvador
Cc: meta-freescale at yoctoproject.org; meta-freescale at git.freescale.com
Subject: RE: [meta-freescale] security patches in the Linux kernel

Hello Sona, 



> -----Original Message-----
> From: Sona Sarmadi [mailto:sona.sarmadi at enea.com]
> Sent: Thursday, July 03, 2014 10:56 PM
> 
> Some background:
> 
> We scan oss-security public mailing list 
> (oss-security at lists.openwall.com) and other reliable open source 
> mailing lists. Whenever a vulnerability (e.g. CVE-2014-4667 Linux 
> kernel: sctp: sk_ack_backlog wrap-around
> problem) gets published/announced on these lists, we try to apply the 
> patch in all Linux kernels (or other open source packages) in our 
> distribution and run some tests. We want to help the community and 
> contribute back the results of our work, that is why we want to apply 
> patches in the vendor-layer (e.g met-fsl-ppc) so others can get the 
> security fixes without extra work.
[Luo Zhenhua-B19537] It is great to apply such security patches in ppc layer to ensure community users can use them.
	Will those patches go to kernel opensource git repository or only maintained separately by community? If the latter, I think patches rework might be needed along with kernel(or other OS package) upgrade. 
 

Best Regards,

Zhenhua


> 
> BR - Sona
> 
> -----Original Message-----
> From: otavio.salvador at gmail.com [mailto:otavio.salvador at gmail.com] On 
> Behalf Of Otavio Salvador
> Sent: den 3 juli 2014 14:09
> To: zhenhua.luo at freescale.com
> Cc: Sona Sarmadi; meta-freescale at yoctoproject.org; meta- 
> freescale at git.freescale.com
> Subject: Re: [meta-freescale] security patches in the Linux kernel
> 
> On Thu, Jul 3, 2014 at 3:44 AM, zhenhua.luo at freescale.com 
> <zhenhua.luo at freescale.com> wrote:
> > Except what Otavio mentioned(send the Yocto patches to 
> > meta-freescale
> maillist). It will be great if those patches can be sent to kernel
> upstream(http://patchwork.ozlabs.org/project/linuxppc-dev/list/) directly.
> 
> Sure but these are two parallel actions. Adding them to Yocto  Project 
> BSP and getting those merged upstream.
> 
> --
> Otavio Salvador                             O.S. Systems
> http://www.ossystems.com.br        http://code.ossystems.com.br
> Mobile: +55 (53) 9981-7854            Mobile: +1 (347) 903-9750

More information about the meta-freescale mailing list