From: "Peter Müller" <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Testing report for Core Update 132
Date: Mon, 27 May 2019 20:26:00 +0000 [thread overview]
Message-ID: <dd84a181-2990-4e39-9e6c-25855fe06c16@ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 2101 bytes --]
Hello all,
after testing too little in the past months, I am hereby
trying to catch up for announced Core Update 132.
Most services are running as expected:
- IPsec
- OpenVPN (tested with RW connections only)
- DDNS
- Squid (non-transparent, including upstream proxy)
- Suricata (IPS mode, activated on all interfaces)
Tor suffers from missing libseccomp dependency and a permission
bug (see #12088), but starts correctly after installing the
library and fixing /var/lib/tor permissions manually.
I can confirm IDS rulesets download works in combination
with an upstream proxy now (tested with Emerging Threats).
Suricata seems to drop some packets (as internal connections
sometimes take ages to establish), but does not log anything.
This requires some further investigation, and it is kind
of an evident-missing blame at the moment.
Talking about the <sarcasm>all-new-and-improved Intel CPU vulnerabilities</sarcasm>,
disabling SMT automatically seems to work:
> [root(a)maverick ~]# grep . /sys/devices/system/cpu/vulnerabilities/*
> /sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
> /sys/devices/system/cpu/vulnerabilities/mds:Mitigation: Clear CPU buffers; SMT disabled
> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Not affected
> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB filling
(CPU is an Intel Celeron N3150 4x 1.60 GHz .)
However, the new WebUI CGI is partly missing German translations,
and claims "Simultaneous Multi-Threading (SMT) is not supported". The
latter is confusing, as the system states the opposite.
Talking about aesthetics, the CGI is a bit messy, but that
is not a functionality problem and might be fixed in an upcoming
update.
Thanks, and best regards,
Peter Müller
--
The road to Hades is easy to travel.
-- Bion of Borysthenes
next reply other threads:[~2019-05-27 20:26 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-27 20:26 Peter Müller [this message]
2019-05-28 11:24 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dd84a181-2990-4e39-9e6c-25855fe06c16@ipfire.org \
--to=peter.mueller@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox