From: "Peter Müller" <peter.mueller@link38.eu>
To: development@lists.ipfire.org
Subject: Testing report for IPFire 2.21 - Core Update 123
Date: Wed, 22 Aug 2018 19:36:15 +0200 [thread overview]
Message-ID: <20ea8d10-0384-892e-fd11-3c9c5c24ff4e@link38.eu> (raw)
[-- Attachment #1: Type: text/plain, Size: 2107 bytes --]
Hello,
since yesterday Core Update 123 is running on one of my firewall systems.
After a reboot, I noticed average load has decreased a little bit (RAM
consumption stays the same).
Further, CPU frequency graphs are now working again (Thanks to Arne) and
show some flapping freqs between 1.2kHz and 2.0kHz for each core. Before
Core Update 121/122, idle frequencies were about 700MHz - not sure what
this means.
IDS, squid proxy (with URL filter and upstream proxy enabled), fireinfo
and IPsec (N2N connections only) work fine.
The OpenVPN WebUI page now displays a warning about a host certificate
being not compliant to RFC3280, saying all host and root certificates
should be replaced as soon as possible. This is probably related to
https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=400c8afd9841bed350c192099a34bc84f3a04535 .
GeoIP database results in WebUI are now as expected.
A check script for CPU vulnerabilities (Spectre, Meltdown, ...) claims
system is still vulnerable against CVE-2018-3640 (Spectre v3a), which
requires up-to-date µ-codes. The overall results do not differ from a
system running 121/122, which surprises me as new microcodes are shipped
with this update.
> [root(a)firewall ~]# grep "." /sys/devices/system/cpu/vulnerabilities/*
> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Not affected
> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB, IBRS_FW
Besides of the microcode issue, I did not notice any issues. Output of
"uname -a" is:
> Linux firewall 4.14.50-ipfire #1 SMP Fri Jun 29 16:40:29 GMT 2018 x86_64 Intel(R) Celeron(R) CPU N3150 @ 1.60GHz GenuineIntel GNU/Linux
Thanks, and best regards,
Peter Müller
--
Microsoft DNS service terminates abnormally when it recieves a response
to a DNS query that was never made. Fix Information: Run your DNS
service on a different platform.
-- bugtraq
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next reply other threads:[~2018-08-22 17:36 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-22 17:36 Peter Müller [this message]
2018-08-23 13:34 ` Intel Microcode (was: Testing report for IPFire 2.21 - Core Update 123) Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20ea8d10-0384-892e-fd11-3c9c5c24ff4e@link38.eu \
--to=peter.mueller@link38.eu \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox