* 3.14 kernel and LTS kernels
@ 2018-01-08 9:39 Jeffrey Walton
2018-01-08 10:20 ` Michael Tremer
0 siblings, 1 reply; 2+ messages in thread
From: Jeffrey Walton @ 2018-01-08 9:39 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 414 bytes --]
Hi Everyone,
I noticed IPfire 117 uses the 3.14 kernel:
# uname -r
3.14.79-ipfire-pae
I believe that was EOL about a year ago. It is not going to get the
patches for the cpu bugs; and it has not gotten patches for many other
vulnerabilities. Also see
http://kroah.com/log/blog/2018/01/06/meltdown-status/ .
Are there plans to move to a 4.x kernel or other LTS kernel?
Thanks in advance,
Jeffrey Walton
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: 3.14 kernel and LTS kernels
2018-01-08 9:39 3.14 kernel and LTS kernels Jeffrey Walton
@ 2018-01-08 10:20 ` Michael Tremer
0 siblings, 0 replies; 2+ messages in thread
From: Michael Tremer @ 2018-01-08 10:20 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2469 bytes --]
Hello Jeffrey,
thanks for getting in touch.
So far, IPFire is based on the 3.14 kernel. It is heavily patched in IPFire with
grsecurity and a variety of other patches, so although it is EOL upstream, we
still maintain this kernel.
However, this is not a very good state for us because we want all the
improvements and benefit from the hard work that the kernel community puts into
new releases and not put extra work into it. But rebasing the distribution on a
new kernel is hard work. Arne has been working on that for several months now
and kernels for x86_64 and i586 are already available here:
https://people.ipfire.org/~arne_f/highly-experimental/kernel/
I have been running those kernels for several months now on some of my own
systems and other people have been testing them well and they are very solid and
almost ready for release.
However, the ARM kernels are causing us a bit of a headache at the moment and
have been delaying the entire release process of this kernel. Arne is still on
it.
Certainly this kernel will arrive in Q1.
If you want to, you can already download the archives there, extract them onto
your system, run "update-bootloader" and reboot into the new kernel.
https://bugzilla.ipfire.org/showdependencytree.cgi?id=11548
There is only minor issues left.
Please send us your feedback.
I will also issue a statement on the latest CPU bugs affecting Intel and other
vendors hopefully later today. Since the firewall is not running any untrusted
code (e.g. JS in a web browser), this is not so easily exploitable as it is on
other systems. Any remote code execution vulnerability in any software running
on IPFire will of course allow an attacker to take advantage of this bug as
well, so that means we cannot wait for forever to patch this.
The 4.14.11 and later kernels from Arne's directory are patched against Meltdown
and Spectre.
Best,
-Michael
On Mon, 2018-01-08 at 04:39 -0500, Jeffrey Walton wrote:
> Hi Everyone,
>
> I noticed IPfire 117 uses the 3.14 kernel:
>
> # uname -r
> 3.14.79-ipfire-pae
>
> I believe that was EOL about a year ago. It is not going to get the
> patches for the cpu bugs; and it has not gotten patches for many other
> vulnerabilities. Also see
> http://kroah.com/log/blog/2018/01/06/meltdown-status/ .
>
> Are there plans to move to a 4.x kernel or other LTS kernel?
>
> Thanks in advance,
>
> Jeffrey Walton
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-01-08 10:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-08 9:39 3.14 kernel and LTS kernels Jeffrey Walton
2018-01-08 10:20 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox