From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: CU178 kernel fixes Testing Date: Mon, 14 Aug 2023 16:57:17 +0100 Message-ID: <8D261FCC-9F4E-4B7B-A537-1F4331D5FB2C@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5185575079252735068==" List-Id: --===============5185575079252735068== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, > On 14 Aug 2023, at 16:40, Adolf Belka wrote: >=20 > Hi All, >=20 > On 14/08/2023 16:19, jon wrote: >> What about the rebuilds like nmap, monit, nping, etc.?? > Looking through the ChangeLog.txt those are not in CU178 so they will end u= p in CU179. I think CU178 is intended to be a very quick intermediate update = due to the kernel vulnerabilities. Since we added some changes after the release of c177 which did not get merge= d back into master, I cherry-picked that commit again so that we won=E2=80=99= t go back on those releases. >> Jon Murphy >> jon.murphy(a)ipfire.org >>> On Aug 14, 2023, at 9:03 AM, Michael Tremer > wrote: >>>=20 >>> Hello Adolf, >>>=20 >>>> On 14 Aug 2023, at 12:26, Adolf Belka > wrote: >>>>=20 >>>> Hi All, >>>>=20 >>>>=20 >>>> I didn't see any further notification about the kernel fixes in CU178 be= ing available to test but looking in the Changelog in the nightlies it seemed= that the fixes were available in the CU178 version in master. >>>=20 >>> Sorry for the confusion. Arne and I made a quick plan how to move forward= with all those large security issues over the phone. > No problem. I was just being very enthusiastic. There is no problem with that. >>>=20 >>> Since I was traveling last week I didn=E2=80=99t have a chance to test th= e update (so that at least a second pair of eyeballs has confirmed that we do= n=E2=80=99t break things really) before the announcement went out. This morni= ng, I installed the update and pretty much immediately pressed the button for= the announcement. >>>=20 >>>> So I have tested it on 2 vm systems that I have. >>>>=20 >>>> After update the systems were on 178 Development Build master/41e33931. = During the reboot on both systems no issues were found and no red warning mes= sages. >>>=20 >>> Very good! >>>=20 >>> We decided to push all those changes straight to the master branch so tha= t we gain more testers quickly and moved c178 to 179 and left that in next. I= n order to be able to release the update as quickly as possible, we didn=E2= =80=99t back port anything else from next into master as we couldn=E2=80=99t = find anything that is *really* urgent. >>>=20 >>>> OpenVPN RW and N2N both worked as normal after the update. >>>>=20 >>>> Ran for a couple of hours and did a range of web activities. >>>>=20 >>>> Everything worked as expected and all graphs reviewed showed data as nor= mally expected. >>>>=20 >>>>=20 >>>> No problems found. >>>=20 >>> That is the stuff I want to hear :) > Forgot to mention that the two new vulnerabilities are in the Hardware Vuln= erabilities menu. My vm's are3 on an AMD machine so the vulnerability for Int= el processors shows up as Not Affected and the other vulnerability for AMD pr= ocessors shows up as Mitigated - safe RET so that is all working too. Luckily the IPFire Mini Appliance that I am using for testing isn=E2=80=99t a= ffected by either of them, but I can confirm it works well. Best, -Michael >=20 > Regards, > Adolf. >>>=20 >>> Unless someone reports any new regressions, I would like to release this = update maybe on Wednesday or Thursday. >>>=20 >>> Best, >>> -Michael >>>=20 >>>>=20 >>>>=20 >>>> Regards, >>>>=20 >>>> Adolf. --===============5185575079252735068==--