From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Testing report for IPFire 2.21 - Core Update 123 Date: Wed, 22 Aug 2018 19:36:15 +0200 Message-ID: <20ea8d10-0384-892e-fd11-3c9c5c24ff4e@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8726776829496117218==" List-Id: --===============8726776829496117218== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, since yesterday Core Update 123 is running on one of my firewall systems. After a reboot, I noticed average load has decreased a little bit (RAM consumption stays the same). Further, CPU frequency graphs are now working again (Thanks to Arne) and show some flapping freqs between 1.2kHz and 2.0kHz for each core. Before Core Update 121/122, idle frequencies were about 700MHz - not sure what this means. IDS, squid proxy (with URL filter and upstream proxy enabled), fireinfo and IPsec (N2N connections only) work fine. The OpenVPN WebUI page now displays a warning about a host certificate being not compliant to RFC3280, saying all host and root certificates should be replaced as soon as possible. This is probably related to https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommit;h=3D400c8afd9841bed350c= 192099a34bc84f3a04535 . GeoIP database results in WebUI are now as expected. A check script for CPU vulnerabilities (Spectre, Meltdown, ...) claims system is still vulnerable against CVE-2018-3640 (Spectre v3a), which requires up-to-date =C2=B5-codes. The overall results do not differ from a system running 121/122, which surprises me as new microcodes are shipped with this update. > [root(a)firewall ~]# grep "." /sys/devices/system/cpu/vulnerabilities/* > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI > /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Not affected > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user point= er sanitization > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic= retpoline, IBPB, IBRS_FW Besides of the microcode issue, I did not notice any issues. Output of "uname -a" is: > Linux firewall 4.14.50-ipfire #1 SMP Fri Jun 29 16:40:29 GMT 2018 x86_64 In= tel(R) Celeron(R) CPU N3150 @ 1.60GHz GenuineIntel GNU/Linux Thanks, and best regards, Peter M=C3=BCller --=20 Microsoft DNS service terminates abnormally when it recieves a response to a DNS query that was never made. Fix Information: Run your DNS service on a different platform. -- bugtraq --===============8726776829496117218== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUVCQ2dBZEZpRUV2UDRTaUdoRVlE SnlyUkxrMlVqeUQzMTduMmdGQWx0OW54WUFDZ2tRMlVqeUQzMTcKbjJpSTNoQUFxNFk2MVYvRFlR eCtuVkhhYVZGQTdlaFhRR0Q2OEVEOHJ5K21rMnFSemhwYXFEVGtheW81ZmhNUQpwWkgyakp5cjZi Ry9yVFMvYjFBdjlGZ2tJdmhnaktiMndwMWNmNzNLYnRpM0VUcmlQc3pHUFBkK2FkYU5rVWE5CnVP eERiSlo4QmdUV2toVUhWZ2Q5SzVZblJFZVZZdEpYNnQzQ2ptOXIwR1BXaUZ6UmxhOEhpMTIxMEpV aStHZ1kKbjVvTEVsS2MwRmtZLy9kYW1HVFVjM1hCVUNoL1dwcGZMbk5XSDRuQ2VQRWJFVyt4d0Jp dFZMZ0ovUnBhN29rTAorR3Q0VzNCa2EvQnNqM1N5dTFzRi9jaDNUT0hGUGxOc3dEak5jVzhpMHdR UXRsYUZ0TGUyWUJtdjRLZkIrVklzCksySDJIWmVLdkw0ZzBUQXU3dzF4d0x0bGUzanhjV0RTbXEx ZDcvQzRpdVdXMklKVjhvS3loTjYyUkdzcGNaTkYKWm00K3Y3Yng4allyVHBiRzk5d3g4WVNBM1ZO VmRTeXRCWWRkL0wyaDlpckhPajBkYitZanNZWGFYSlZqWFh5RApNbTB1S1FTTnl6Q3FpQmxuOVZ3 Z2h6SWYyamI1alJiSm1uemZyNExLQWlJL0h6RGdaTVF6dER6MGJ5eFJ0eFhCCnJNdEg5U2JQMEU2 ZjhzTWhQRVZ1YytCcTlEcjJUa1BTRTdiT3hTYmJzNUNCWGZxY0Y2UnVJNDArRE5aN0hPUTMKZ1o3 RUJUL1Z2MWNIazUrdFIwMjR5OEdtSng5YmEwL3NrV1FhVk9EcCttRW1CZk1Fa3dhMmNmSFQxWmhu UzFnMQpLOWIvckdaZklqRnhTRGdoekhkTWRSYjFMTllFaExBVnQ3RXp0OFhScDdRbnkyR1ViVUk9 Cj1rNnhVCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============8726776829496117218==--