From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Testing report for Core Update 132
Date: Tue, 28 May 2019 12:24:57 +0100 [thread overview]
Message-ID: <80EC9595-86F3-4015-9BF6-4BA8EDE3F700@ipfire.org> (raw)
In-Reply-To: <dd84a181-2990-4e39-9e6c-25855fe06c16@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 2621 bytes --]
Hi,
> On 27 May 2019, at 21:26, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>
> Hello all,
>
> after testing too little in the past months, I am hereby
> trying to catch up for announced Core Update 132.
Cool!
>
> Most services are running as expected:
> - IPsec
> - OpenVPN (tested with RW connections only)
> - DDNS
> - Squid (non-transparent, including upstream proxy)
> - Suricata (IPS mode, activated on all interfaces)
>
> Tor suffers from missing libseccomp dependency and a permission
> bug (see #12088), but starts correctly after installing the
> library and fixing /var/lib/tor permissions manually.
>
> I can confirm IDS rulesets download works in combination
> with an upstream proxy now (tested with Emerging Threats).
>
> Suricata seems to drop some packets (as internal connections
> sometimes take ages to establish), but does not log anything.
> This requires some further investigation, and it is kind
> of an evident-missing blame at the moment.
Yes. I am aware of this and we have a ticket for it:
https://bugzilla.ipfire.org/show_bug.cgi?id=12078
>
> Talking about the <sarcasm>all-new-and-improved Intel CPU vulnerabilities</sarcasm>,
> disabling SMT automatically seems to work:
>
>> [root(a)maverick ~]# grep . /sys/devices/system/cpu/vulnerabilities/*
>> /sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
>> /sys/devices/system/cpu/vulnerabilities/mds:Mitigation: Clear CPU buffers; SMT disabled
>> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
>> /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Not affected
>> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
>> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB filling
You got a royal flush there. Almost hit them all.
> (CPU is an Intel Celeron N3150 4x 1.60 GHz .)
>
> However, the new WebUI CGI is partly missing German translations,
> and claims "Simultaneous Multi-Threading (SMT) is not supported". The
> latter is confusing, as the system states the opposite.
This is what we get from the kernel.
> Talking about aesthetics, the CGI is a bit messy, but that
> is not a functionality problem and might be fixed in an upcoming
> update.
Yes I know. I mentioned I did this as quickly as possible to make the release. Please send in patches :)
-Michael
>
> Thanks, and best regards,
> Peter Müller
> --
> The road to Hades is easy to travel.
> -- Bion of Borysthenes
prev parent reply other threads:[~2019-05-28 11:24 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-27 20:26 Peter Müller
2019-05-28 11:24 ` Michael Tremer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=80EC9595-86F3-4015-9BF6-4BA8EDE3F700@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox