Re: CU178 kernel fixes Testing

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 3332 bytes --]

Hello,

> On 14 Aug 2023, at 16:40, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
> 
> Hi All,
> 
> On 14/08/2023 16:19, jon wrote:
>> What about the rebuilds like nmap, monit, nping, etc.??
> Looking through the ChangeLog.txt those are not in CU178 so they will end up in CU179. I think CU178 is intended to be a very quick intermediate update due to the kernel vulnerabilities.

Since we added some changes after the release of c177 which did not get merged back into master, I cherry-picked that commit again so that we won’t go back on those releases.

>> Jon Murphy
>> jon.murphy(a)ipfire.org <mailto:jon.murphy(a)ipfire.org>
>>> On Aug 14, 2023, at 9:03 AM, Michael Tremer <michael.tremer(a)ipfire.org <mailto:michael.tremer(a)ipfire.org>> wrote:
>>> 
>>> Hello Adolf,
>>> 
>>>> On 14 Aug 2023, at 12:26, Adolf Belka <adolf.belka(a)ipfire.org <mailto:adolf.belka(a)ipfire.org>> wrote:
>>>> 
>>>> Hi All,
>>>> 
>>>> 
>>>> I didn't see any further notification about the kernel fixes in CU178 being available to test but looking in the Changelog in the nightlies it seemed that the fixes were available in the CU178 version in master.
>>> 
>>> Sorry for the confusion. Arne and I made a quick plan how to move forward with all those large security issues over the phone.
> No problem. I was just being very enthusiastic.

There is no problem with that.

>>> 
>>> Since I was traveling last week I didn’t have a chance to test the update (so that at least a second pair of eyeballs has confirmed that we don’t break things really) before the announcement went out. This morning, I installed the update and pretty much immediately pressed the button for the announcement.
>>> 
>>>> So I have tested it on 2 vm systems that I have.
>>>> 
>>>> After update the systems were on 178 Development Build master/41e33931. During the reboot on both systems no issues were found and no red warning messages.
>>> 
>>> Very good!
>>> 
>>> We decided to push all those changes straight to the master branch so that we gain more testers quickly and moved c178 to 179 and left that in next. In order to be able to release the update as quickly as possible, we didn’t back port anything else from next into master as we couldn’t find anything that is *really* urgent.
>>> 
>>>> OpenVPN RW and N2N both worked as normal after the update.
>>>> 
>>>> Ran for a couple of hours and did a range of web activities.
>>>> 
>>>> Everything worked as expected and all graphs reviewed showed data as normally expected.
>>>> 
>>>> 
>>>> No problems found.
>>> 
>>> That is the stuff I want to hear :)
> Forgot to mention that the two new vulnerabilities are in the Hardware Vulnerabilities menu. My vm's are3 on an AMD machine so the vulnerability for Intel processors shows up as Not Affected and the other vulnerability for AMD processors shows up as Mitigated - safe RET so that is all working too.

Luckily the IPFire Mini Appliance that I am using for testing isn’t affected by either of them, but I can confirm it works well.

Best,
-Michael

> 
> Regards,
> Adolf.
>>> 
>>> Unless someone reports any new regressions, I would like to release this update maybe on Wednesday or Thursday.
>>> 
>>> Best,
>>> -Michael
>>> 
>>>> 
>>>> 
>>>> Regards,
>>>> 
>>>> Adolf.