From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Re: CU178 kernel fixes Testing Date: Mon, 14 Aug 2023 17:40:18 +0200 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5369575665942623118==" List-Id: --===============5369575665942623118== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi All, On 14/08/2023 16:19, jon wrote: > What about the rebuilds like nmap, monit, nping, etc.?? Looking through the ChangeLog.txt those are not in CU178 so they will end up = in CU179. I think CU178 is intended to be a very quick intermediate update du= e to the kernel vulnerabilities. >=20 > Jon Murphy > jon.murphy(a)ipfire.org >=20 >=20 >=20 >> On Aug 14, 2023, at 9:03 AM, Michael Tremer > wrote: >> >> Hello Adolf, >> >>> On 14 Aug 2023, at 12:26, Adolf Belka > wrote: >>> >>> Hi All, >>> >>> >>> I didn't see any further notification about the kernel fixes in CU178 bei= ng available to test but looking in the Changelog in the nightlies it seemed = that the fixes were available in the CU178 version in master. >> >> Sorry for the confusion. Arne and I made a quick plan how to move forward = with all those large security issues over the phone. No problem. I was just being very enthusiastic. >> >> Since I was traveling last week I didn=E2=80=99t have a chance to test the= update (so that at least a second pair of eyeballs has confirmed that we don= =E2=80=99t break things really) before the announcement went out. This mornin= g, I installed the update and pretty much immediately pressed the button for = the announcement. >> >>> So I have tested it on 2 vm systems that I have. >>> >>> After update the systems were on 178 Development Build master/41e33931. D= uring the reboot on both systems no issues were found and no red warning mess= ages. >> >> Very good! >> >> We decided to push all those changes straight to the master branch so that= we gain more testers quickly and moved c178 to 179 and left that in next. In= order to be able to release the update as quickly as possible, we didn=E2=80= =99t back port anything else from next into master as we couldn=E2=80=99t fin= d anything that is *really* urgent. >> >>> OpenVPN RW and N2N both worked as normal after the update. >>> >>> Ran for a couple of hours and did a range of web activities. >>> >>> Everything worked as expected and all graphs reviewed showed data as norm= ally expected. >>> >>> >>> No problems found. >> >> That is the stuff I want to hear :) Forgot to mention that the two new vulnerabilities are in the Hardware Vulner= abilities menu. My vm's are3 on an AMD machine so the vulnerability for Intel= processors shows up as Not Affected and the other vulnerability for AMD proc= essors shows up as Mitigated - safe RET so that is all working too. Regards, Adolf. >> >> Unless someone reports any new regressions, I would like to release this u= pdate maybe on Wednesday or Thursday. >> >> Best, >> -Michael >> >>> >>> >>> Regards, >>> >>> Adolf. >>> >>> >> >=20 --===============5369575665942623118==--