From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: IPFire 2.27 - Core Update 177 is available for testing
Date: Fri, 11 Aug 2023 14:20:33 +0200
Message-ID: <79866549-77EF-4F14-9954-A7D922034CE4@ipfire.org>
In-Reply-To: <2896032e-67ed-47c6-6327-df01bfb000c5@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4786428832595315886=="
List-Id: <development.lists.ipfire.org>

--===============4786428832595315886==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello everyone,

I just had a phone call with Arne and we decided to add an extra update betwe=
en 177 and 178 with the latest kernel updates regarding the new processor vul=
nerabilities in AMD/Intel processors. The update will also include any microc=
ode updates that are available at this time.

The next branch that currently is on c178 will be changed to c179.

As soon as the new c178 update with the kernel fixes is available, please hel=
p us testing that we can release it as soon as possible aiming for the next c=
alendar week.

All the best,
-Michael

> On 2 Aug 2023, at 13:25, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>=20
> Hi All,
>=20
> On 02/08/2023 11:59, Michael Tremer wrote:
>> Hello everyone,
>> I just pushed another change regarding #13203 which fixed the snort Commun=
ity rules download URL.
>> I regard this as the last change that I have on my list for this update an=
d hope that we caught any known new regressions in the testing period so far.=
 I am now aware of any outstanding issues in this update. Please let me know =
if I forgot/overlooked something.
> I don't have anything extra for CU177
>> I would like to release this update within the next couple of days as it c=
ontains so many security issues and then focus on the following update.
>> Is there anything for Core Update 178 that has not been submitted to the l=
ist, yet? Otherwise I would like to close it in the next calendar week and su=
bmit it for testing to our community.
> I don't have anything that needs CU178 to wait for. Anything else I am/will=
 work on can wait for CU179
>=20
> Regards,
> Adolf.
>=20
>> All the best,
>> -Michael
>>> On 29 Jul 2023, at 11:58, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>>=20
>>> Hi All,
>>>=20
>>> General feedback on CU177 Testing so far.
>>>=20
>>> Apart from bugs 13195 & 19137, which have fixes submitted, the rest of th=
e testing has gone without any problems.
>>>=20
>>> The removal of the 5 min delay from the cups install means that I no long=
er end up with those fail messages about cups not running when I do the reboo=
t after the upgrade.
>>>=20
>>> The updated samba is working to the extent that my testing just has a bas=
ic share connected to a vm machine on my vm green network.
>>>=20
>>> OpenVPN Road Warrior and Net2Net are both working without any problems.
>>>=20
>>> Also tested a fresh install and it went without any problems. (Using iso =
with fix for bug 13195).
>>>=20
>>> All the graphs and Logs I have checked are all working and my ssh connect=
ion is fully functioning.
>>>=20
>>> Web proxy is working as before but I don't have URL Filter or Update Acce=
lerator set up on my vm testbed (also not on my production system).
>>>=20
>>> Regards,
>>>=20
>>> Adolf.
>>>=20
>>>=20
>>> On 28/07/2023 12:47, Michael Tremer wrote:
>>>> Hello Adolf,
>>>> Thanks for raising this. Literally a minute ago someone else opened the =
same ticket (with less detail tho).
>>>> It looks like rngd was never removed in the Core Update. I will take car=
e of this and push a commit today.
>>>> The mount problem seems to be a bigger issue. Please see my comments on =
your bug report.
>>>> -Michael
>>>>> On 28 Jul 2023, at 11:37, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>>>>=20
>>>>> Hi All,
>>>>>=20
>>>>> I have found another bug.
>>>>>=20
>>>>> When I did the Core Update 177 Testing update I was surprised to find t=
hat I got a failure message that /usr/sbin/rngd failed to find the libssl.so.=
1.1 file
>>>>>=20
>>>>> Surprised as I did not have rng-tools installed as an addon.
>>>>>=20
>>>>> After investigating I realised that when rng-tools was moved to an addo=
n the existing rootfile files were not removed from users IPFire systems. So =
/usr/sbin/rngd and /usr/bin/rngtest still exist on the old systems.
>>>>>=20
>>>>>=20
>>>>> I have raised a bug report for this.
>>>>>=20
>>>>> https://bugzilla.ipfire.org/show_bug.cgi?id=3D13197
>>>>>=20
>>>>>=20
>>>>> Regards,
>>>>>=20
>>>>> Adolf
>>>>>=20
>>>>>=20
>>>>> On 27/07/2023 22:13, Adolf Belka wrote:
>>>>>> Hi All,
>>>>>> When doing a reboot I get a fail message at the stage of remount root =
readonly. The reboot seems to occur okay in that IPFire works as expected aft=
er the reboot. Problem occurs at each reboot and has been shown on two vm mac=
hines that were upgraded to CU177 Testing.
>>>>>>=20
>>>>>> Bug raised for this.
>>>>>> https://bugzilla.ipfire.org/show_bug.cgi?id=3D13195
>>>>>>=20
>>>>>> Regards,
>>>>>> Adolf.
>>>>>>=20
>>>>>> On 27/07/2023 15:00, IPFire Project wrote:
>>>>>>> IPFire Logo
>>>>>>>=20
>>>>>>> there is a new post from Michael Tremer on the IPFire Blog:
>>>>>>>=20
>>>>>>> *IPFire 2.27 - Core Update 177 is available for testing*
>>>>>>>=20
>>>>>>>     The next update for IPFire is available for testing! It contains =
more hardening features for modern processors and a large number of security =
fixes in third-party packages.
>>>>>>>=20
>>>>>>> Click Here To Read More <https://blog.ipfire.org/post/ipfire-2-27-cor=
e-update-177-is-available-for-testing>
>>>>>>>=20
>>>>>>> The IPFire Project
>>>>>>> Don't like these emails? Unsubscribe <https://people.ipfire.org/unsub=
scribe>.
>>>>>>>=20
>=20
> --=20
> Sent from my laptop



--===============4786428832595315886==--