Merge pull request 'LKRG updated to version 0.9.8, which adds a remote kernel message logging capability' (#24) from solardiz-patch-22 into main

Reviewed-on: security/wiki#24
Reviewed-by: Neil Hanlon <neil@noreply@resf.org>
This commit is contained in:
Neil Hanlon 2024-02-28 02:31:42 +00:00
commit 426618b56d
2 changed files with 22 additions and 8 deletions

View File

@ -2,6 +2,10 @@
These are what we consider significant SIG/Security news items, not an exhaustive list of package updates and wiki edits.
## February 28, 2024
[lkrg](packages/lkrg.md) updated to version 0.9.8, which adds a remote kernel message logging capability.
## January 31, 2024
Further EL9 [glibc](packages/glibc.md) security hardening in response to the [recent](https://www.openwall.com/lists/oss-security/2024/01/30/6) [findings](https://www.openwall.com/lists/oss-security/2024/01/30/7) by Qualys.

View File

@ -2,13 +2,13 @@
## EL9
- Version `0.9.7-4.el9_3.security`
- Based on upstream version `0.9.7`
- Version `0.9.8-1.el9_3.security`
- Based on upstream version `0.9.8`
## EL8
- Version `0.9.7-4.el8_9.security`
- Based on upstream version `0.9.7`
- Version `0.9.8-1.el8_9.security`
- Based on upstream version `0.9.8`
### Package summary
@ -18,7 +18,7 @@ More information is available on the [LKRG homepage](https://lkrg.org) and in th
### Usage in Rocky Linux
Due to EL's kABI stability and the `weak-modules` mechanism, which this package uses, the same binary package of LKRG works across different kernel revisions/builds within the same EL minor release (e.g., 9.3). Once there's a new minor release (e.g., 9.3 is upgraded to 9.4), we'll provide a new build of LKRG accordingly.
Due to EL's kABI stability and the `weak-modules` mechanism, which this package uses, the same binary package of LKRG usually works across different kernel revisions/builds within the same EL minor release (e.g., 9.3). Once there's a new minor release (e.g., 9.3 is upgraded to 9.4), we'll provide a new build of LKRG accordingly.
Installing the package does not automatically start LKRG nor enable it to start on system bootup. To start LKRG please use:
@ -36,12 +36,22 @@ systemctl enable lkrg
Although the current package passed our own testing (on 9.3 and 8.9), we recommend that you only enable LKRG to start on system bootup after you've tested it for a while to ensure its compatibility with your system. If you nevertheless run into a boot time issue with LKRG later, you can disable it with the `nolkrg` kernel command-line option.
### Remote logging
LKRG includes a remote kernel message logging capability.
The corresponding userspace tools are found in the `lkrg-logger` sub-package.
Documentation is also included in there, in `/usr/share/doc/lkrg-logger/LOGGING`.
### Change log
The 0.9.7-4 source package was originally built for (and tested on) 9.2 and 8.8, then rebuilt without source level changes for 9.3 and 8.9 (and re-tested on those versions).
```
* Wed Nov 08 2023 Solar Designer <solar@openwall.com> 0.9.7-4
* Tue Feb 27 2024 Solar Designer <solar@openwall.com> 0.9.8-1
- Update to 0.9.8
- Add logger sub-package
- Mark the sysctl configuration file config(noreplace)
- Use "sort -V" to build against the latest installed version of kernel-devel
* Wed Nov 8 2023 Solar Designer <solar@openwall.com> 0.9.7-4
- Add a couple of upstream patches, most notably to fix kINT false positives on
EL 8.8.