Re: Question on CVE-2017-5754 on Debian 8.9

To: debian-user <debian-user@lists.debian.org>
Subject: Re: Question on CVE-2017-5754 on Debian 8.9
From: Michael Fothergill <michael.fothergill@gmail.com>
Date: Wed, 24 Jan 2018 14:15:42 +0000
Message-id: <[🔎] CANc=Sd3wxGbggVjb0-b7hQB4DELdPGPm-Aa9eka+B_wo6HoSSg@mail.gmail.com>
In-reply-to: <[🔎] 20180124141119.GA13787@cventin.lip.ens-lyon.fr>
References: <[🔎] CANc=Sd2xgWZH7N=RPML7C5=M74EDAN99RAd2hi9cbLt7d+rjdg@mail.gmail.com> <[🔎] CANc=Sd3bZcYidE4tG7BEiqX7sz8yFn51xFm=ZzwEerbjdZQXnQ@mail.gmail.com> <[🔎] 4d314cdf-02aa-30f1-5f4f-455137825dde@walnut.gen.nz> <[🔎] CANc=Sd3KAB8CPrgXqOgRSrdkdQD7pwnBGW3tC4adVsUp9pEQAQ@mail.gmail.com> <[🔎] CANc=Sd14kOzp7LaO2rbBC5x9Xg7bp86VEvyzxVm7dZ7AD+57_A@mail.gmail.com> <[🔎] CANc=Sd16WCBDoEA0-FnR+N1nbfawanG5Oj5uBAgVvRozn1w1Gg@mail.gmail.com> <[🔎] CANc=Sd2mVyZ2niHUVmGouDyo=CofLBS6T+TZtbA6eNTXTSg97A@mail.gmail.com> <[🔎] 2e5ckno3hf4jv8@mids.svenhartge.de> <[🔎] CANc=Sd379=Vr+YJ7r87wNCp8Owz+DNjRqTGisWa5B4nZSuK+aw@mail.gmail.com> <[🔎] 3e5cng63hf4jv8@mids.svenhartge.de> <[🔎] 20180124141119.GA13787@cventin.lip.ens-lyon.fr>

On 24 January 2018 at 14:11, Vincent Lefevre <vincent@vinc17.net> wrote:

On 2018-01-24 14:44:18 +0100, Sven Hartge wrote:
> Michael Fothergill <michael.fothergill@gmail.com> wrote:
> > On 24 January 2018 at 12:58, Sven Hartge <sven@svenhartge.de> wrote:
>
> >> Michael Fothergill <michael.fothergill@gmail.com> wrote:
>
> >> > The link within the above one:
> >>> https://gcc.gnu.org/ml/gcc/2018-01/msg00148.html
> >>> also has a link to the ftp download for the release candidate version of
> >>> gcc 7.3 ie 7.3.0rc1 which does actually work for spectre and retpoline.
>
> >> Debian Sid got gcc-7.3.0rc2 last night, the package is still named gcc-7
> >> (7.2.0-20) though.
>
> > Does that mean that if you upgrade to sid and installed gcc 7.2.0 you
> > would actually get 7.3.0rc2 in practice?
>
> Unless I interpret the changelog wrong: yes.

But the changelogs don't mention anything about Spectre and retpoline.

It's OK. As long as you really do end up installing gcc 7.3.0 rc2 we know it can handle the compilation of kernel 4.14.14 correctly to

make the KPTI and retpoline patches work...........

So the changelog doesn't matter.

Cheers

MF

--
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

Follow-Ups:
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>

References:
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Richard Hector <richard@walnut.gen.nz>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Sven Hartge <sven@svenhartge.de>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Sven Hartge <sven@svenhartge.de>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Vincent Lefevre <vincent@vinc17.net>

Prev by Date: Re: Question on CVE-2017-5754 on Debian 8.9
Next by Date: Packages web page, was Re: Aptitude package manager "package"
Previous by thread: Re: Question on CVE-2017-5754 on Debian 8.9
Next by thread: Re: Question on CVE-2017-5754 on Debian 8.9
Index(es):
- Date
- Thread