Hi All,
I didn't see any further notification about the kernel fixes in CU178 being available to test but looking in the Changelog in the nightlies it seemed that the fixes were available in the CU178 version in master.
So I have tested it on 2 vm systems that I have.
After update the systems were on 178 Development Build master/41e33931. During the reboot on both systems no issues were found and no red warning messages.
OpenVPN RW and N2N both worked as normal after the update.
Ran for a couple of hours and did a range of web activities.
Everything worked as expected and all graphs reviewed showed data as normally expected.
No problems found.
Regards,
Adolf.
and then after sending this the Core Update Testing message came out. Still I think the testing feedback still applies unless I tested the wrong build version.
Regards,
Adolf.
On 14/08/2023 13:26, Adolf Belka wrote:
Hi All,
I didn't see any further notification about the kernel fixes in CU178 being available to test but looking in the Changelog in the nightlies it seemed that the fixes were available in the CU178 version in master.
So I have tested it on 2 vm systems that I have.
After update the systems were on 178 Development Build master/41e33931. During the reboot on both systems no issues were found and no red warning messages.
OpenVPN RW and N2N both worked as normal after the update.
Ran for a couple of hours and did a range of web activities.
Everything worked as expected and all graphs reviewed showed data as normally expected.
No problems found.
Regards,
Adolf.
Hello Adolf,
On 14 Aug 2023, at 12:26, Adolf Belka adolf.belka@ipfire.org wrote:
Hi All,
I didn't see any further notification about the kernel fixes in CU178 being available to test but looking in the Changelog in the nightlies it seemed that the fixes were available in the CU178 version in master.
Sorry for the confusion. Arne and I made a quick plan how to move forward with all those large security issues over the phone.
Since I was traveling last week I didn’t have a chance to test the update (so that at least a second pair of eyeballs has confirmed that we don’t break things really) before the announcement went out. This morning, I installed the update and pretty much immediately pressed the button for the announcement.
So I have tested it on 2 vm systems that I have.
After update the systems were on 178 Development Build master/41e33931. During the reboot on both systems no issues were found and no red warning messages.
Very good!
We decided to push all those changes straight to the master branch so that we gain more testers quickly and moved c178 to 179 and left that in next. In order to be able to release the update as quickly as possible, we didn’t back port anything else from next into master as we couldn’t find anything that is *really* urgent.
OpenVPN RW and N2N both worked as normal after the update.
Ran for a couple of hours and did a range of web activities.
Everything worked as expected and all graphs reviewed showed data as normally expected.
No problems found.
That is the stuff I want to hear :)
Unless someone reports any new regressions, I would like to release this update maybe on Wednesday or Thursday.
Best, -Michael
Regards,
Adolf.
What about the rebuilds like nmap, monit, nping, etc.??
Jon Murphy jon.murphy@ipfire.org
On Aug 14, 2023, at 9:03 AM, Michael Tremer michael.tremer@ipfire.org wrote:
Hello Adolf,
On 14 Aug 2023, at 12:26, Adolf Belka adolf.belka@ipfire.org wrote:
Hi All,
I didn't see any further notification about the kernel fixes in CU178 being available to test but looking in the Changelog in the nightlies it seemed that the fixes were available in the CU178 version in master.
Sorry for the confusion. Arne and I made a quick plan how to move forward with all those large security issues over the phone.
Since I was traveling last week I didn’t have a chance to test the update (so that at least a second pair of eyeballs has confirmed that we don’t break things really) before the announcement went out. This morning, I installed the update and pretty much immediately pressed the button for the announcement.
So I have tested it on 2 vm systems that I have.
After update the systems were on 178 Development Build master/41e33931. During the reboot on both systems no issues were found and no red warning messages.
Very good!
We decided to push all those changes straight to the master branch so that we gain more testers quickly and moved c178 to 179 and left that in next. In order to be able to release the update as quickly as possible, we didn’t back port anything else from next into master as we couldn’t find anything that is *really* urgent.
OpenVPN RW and N2N both worked as normal after the update.
Ran for a couple of hours and did a range of web activities.
Everything worked as expected and all graphs reviewed showed data as normally expected.
No problems found.
That is the stuff I want to hear :)
Unless someone reports any new regressions, I would like to release this update maybe on Wednesday or Thursday.
Best, -Michael
Regards,
Adolf.
Hi All,
On 14/08/2023 16:19, jon wrote:
What about the rebuilds like nmap, monit, nping, etc.??
Looking through the ChangeLog.txt those are not in CU178 so they will end up in CU179. I think CU178 is intended to be a very quick intermediate update due to the kernel vulnerabilities.
Jon Murphy jon.murphy@ipfire.org mailto:jon.murphy@ipfire.org
On Aug 14, 2023, at 9:03 AM, Michael Tremer <michael.tremer@ipfire.org mailto:michael.tremer@ipfire.org> wrote:
Hello Adolf,
On 14 Aug 2023, at 12:26, Adolf Belka <adolf.belka@ipfire.org mailto:adolf.belka@ipfire.org> wrote:
Hi All,
I didn't see any further notification about the kernel fixes in CU178 being available to test but looking in the Changelog in the nightlies it seemed that the fixes were available in the CU178 version in master.
Sorry for the confusion. Arne and I made a quick plan how to move forward with all those large security issues over the phone.
No problem. I was just being very enthusiastic.
Since I was traveling last week I didn’t have a chance to test the update (so that at least a second pair of eyeballs has confirmed that we don’t break things really) before the announcement went out. This morning, I installed the update and pretty much immediately pressed the button for the announcement.
So I have tested it on 2 vm systems that I have.
After update the systems were on 178 Development Build master/41e33931. During the reboot on both systems no issues were found and no red warning messages.
Very good!
We decided to push all those changes straight to the master branch so that we gain more testers quickly and moved c178 to 179 and left that in next. In order to be able to release the update as quickly as possible, we didn’t back port anything else from next into master as we couldn’t find anything that is *really* urgent.
OpenVPN RW and N2N both worked as normal after the update.
Ran for a couple of hours and did a range of web activities.
Everything worked as expected and all graphs reviewed showed data as normally expected.
No problems found.
That is the stuff I want to hear :)
Forgot to mention that the two new vulnerabilities are in the Hardware Vulnerabilities menu. My vm's are3 on an AMD machine so the vulnerability for Intel processors shows up as Not Affected and the other vulnerability for AMD processors shows up as Mitigated - safe RET so that is all working too.
Regards, Adolf.
Unless someone reports any new regressions, I would like to release this update maybe on Wednesday or Thursday.
Best, -Michael
Regards,
Adolf.
Hello,
On 14 Aug 2023, at 16:40, Adolf Belka adolf.belka@ipfire.org wrote:
Hi All,
On 14/08/2023 16:19, jon wrote:
What about the rebuilds like nmap, monit, nping, etc.??
Looking through the ChangeLog.txt those are not in CU178 so they will end up in CU179. I think CU178 is intended to be a very quick intermediate update due to the kernel vulnerabilities.
Since we added some changes after the release of c177 which did not get merged back into master, I cherry-picked that commit again so that we won’t go back on those releases.
Jon Murphy jon.murphy@ipfire.org mailto:jon.murphy@ipfire.org
On Aug 14, 2023, at 9:03 AM, Michael Tremer <michael.tremer@ipfire.org mailto:michael.tremer@ipfire.org> wrote:
Hello Adolf,
On 14 Aug 2023, at 12:26, Adolf Belka <adolf.belka@ipfire.org mailto:adolf.belka@ipfire.org> wrote:
Hi All,
I didn't see any further notification about the kernel fixes in CU178 being available to test but looking in the Changelog in the nightlies it seemed that the fixes were available in the CU178 version in master.
Sorry for the confusion. Arne and I made a quick plan how to move forward with all those large security issues over the phone.
No problem. I was just being very enthusiastic.
There is no problem with that.
Since I was traveling last week I didn’t have a chance to test the update (so that at least a second pair of eyeballs has confirmed that we don’t break things really) before the announcement went out. This morning, I installed the update and pretty much immediately pressed the button for the announcement.
So I have tested it on 2 vm systems that I have.
After update the systems were on 178 Development Build master/41e33931. During the reboot on both systems no issues were found and no red warning messages.
Very good!
We decided to push all those changes straight to the master branch so that we gain more testers quickly and moved c178 to 179 and left that in next. In order to be able to release the update as quickly as possible, we didn’t back port anything else from next into master as we couldn’t find anything that is *really* urgent.
OpenVPN RW and N2N both worked as normal after the update.
Ran for a couple of hours and did a range of web activities.
Everything worked as expected and all graphs reviewed showed data as normally expected.
No problems found.
That is the stuff I want to hear :)
Forgot to mention that the two new vulnerabilities are in the Hardware Vulnerabilities menu. My vm's are3 on an AMD machine so the vulnerability for Intel processors shows up as Not Affected and the other vulnerability for AMD processors shows up as Mitigated - safe RET so that is all working too.
Luckily the IPFire Mini Appliance that I am using for testing isn’t affected by either of them, but I can confirm it works well.
Best, -Michael
Regards, Adolf.
Unless someone reports any new regressions, I would like to release this update maybe on Wednesday or Thursday.
Best, -Michael
Regards,
Adolf.
Hello,
I already bumped these again and copied them manually into the stable branch.
Users should now see those updates.
But I wasn’t aware of nping… I only did these:
https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=80ff3f08c49fbf058039...
-Michael
On 14 Aug 2023, at 15:19, jon jon.murphy@ipfire.org wrote:
What about the rebuilds like nmap, monit, nping, etc.??
Jon Murphy jon.murphy@ipfire.org
On Aug 14, 2023, at 9:03 AM, Michael Tremer michael.tremer@ipfire.org wrote:
Hello Adolf,
On 14 Aug 2023, at 12:26, Adolf Belka adolf.belka@ipfire.org wrote:
Hi All,
I didn't see any further notification about the kernel fixes in CU178 being available to test but looking in the Changelog in the nightlies it seemed that the fixes were available in the CU178 version in master.
Sorry for the confusion. Arne and I made a quick plan how to move forward with all those large security issues over the phone.
Since I was traveling last week I didn’t have a chance to test the update (so that at least a second pair of eyeballs has confirmed that we don’t break things really) before the announcement went out. This morning, I installed the update and pretty much immediately pressed the button for the announcement.
So I have tested it on 2 vm systems that I have.
After update the systems were on 178 Development Build master/41e33931. During the reboot on both systems no issues were found and no red warning messages.
Very good!
We decided to push all those changes straight to the master branch so that we gain more testers quickly and moved c178 to 179 and left that in next. In order to be able to release the update as quickly as possible, we didn’t back port anything else from next into master as we couldn’t find anything that is *really* urgent.
OpenVPN RW and N2N both worked as normal after the update.
Ran for a couple of hours and did a range of web activities.
Everything worked as expected and all graphs reviewed showed data as normally expected.
No problems found.
That is the stuff I want to hear :)
Unless someone reports any new regressions, I would like to release this update maybe on Wednesday or Thursday.
Best, -Michael
Regards,
Adolf.
On 14/08/2023 17:42, Michael Tremer wrote:
Hello,
I already bumped these again and copied them manually into the stable branch.
Users should now see those updates.
But I wasn’t aware of nping… I only did these:
https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=80ff3f08c49fbf058039...
nping is one of the binaries from nmap so the bump of nmap package will cover nping.
Regards, Adolf.
-Michael
On 14 Aug 2023, at 15:19, jon jon.murphy@ipfire.org wrote:
What about the rebuilds like nmap, monit, nping, etc.??
Jon Murphy jon.murphy@ipfire.org
On Aug 14, 2023, at 9:03 AM, Michael Tremer michael.tremer@ipfire.org wrote:
Hello Adolf,
On 14 Aug 2023, at 12:26, Adolf Belka adolf.belka@ipfire.org wrote:
Hi All,
I didn't see any further notification about the kernel fixes in CU178 being available to test but looking in the Changelog in the nightlies it seemed that the fixes were available in the CU178 version in master.
Sorry for the confusion. Arne and I made a quick plan how to move forward with all those large security issues over the phone.
Since I was traveling last week I didn’t have a chance to test the update (so that at least a second pair of eyeballs has confirmed that we don’t break things really) before the announcement went out. This morning, I installed the update and pretty much immediately pressed the button for the announcement.
So I have tested it on 2 vm systems that I have.
After update the systems were on 178 Development Build master/41e33931. During the reboot on both systems no issues were found and no red warning messages.
Very good!
We decided to push all those changes straight to the master branch so that we gain more testers quickly and moved c178 to 179 and left that in next. In order to be able to release the update as quickly as possible, we didn’t back port anything else from next into master as we couldn’t find anything that is *really* urgent.
OpenVPN RW and N2N both worked as normal after the update.
Ran for a couple of hours and did a range of web activities.
Everything worked as expected and all graphs reviewed showed data as normally expected.
No problems found.
That is the stuff I want to hear :)
Unless someone reports any new regressions, I would like to release this update maybe on Wednesday or Thursday.
Best, -Michael
Regards,
Adolf.
Hello *,
Core Update 178 (master/41e33931) is running here without any issues for roughly a day now. A very minor finding is that vulnerabilities.cgi does not give human- readable names and CVEs for the new vulnerabilities, but that is by no means a show-stopper, and I'll prepare a patch for fixing this.
IMHO, Core Update 178 is ready to be released.
Thanks, and best regards, Peter Müller
Thank you for your feedback!
On 15 Aug 2023, at 16:54, Peter Müller peter.mueller@ipfire.org wrote:
Hello *,
Core Update 178 (master/41e33931) is running here without any issues for roughly a day now. A very minor finding is that vulnerabilities.cgi does not give human- readable names and CVEs for the new vulnerabilities, but that is by no means a show-stopper, and I'll prepare a patch for fixing this.
IMHO, Core Update 178 is ready to be released.
Thanks, and best regards, Peter Müller
-
Adolf Belka -
jon -
Michael Tremer -
Peter Müller