* Last call for Core Update 167 (was: Re: Core Updates 166 and 167)
[not found] <a19176a0-e95e-b58b-aa0e-35ce80ffa056@ipfire.org>
@ 2022-04-02 7:42 ` Peter Müller
2022-04-02 11:00 ` Michael Tremer
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Peter Müller @ 2022-04-02 7:42 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1255 bytes --]
Hello development folks,
being responsible for upcoming Core Update 167, I would like to close this
update roughly at the beginning of next week. This is because it contains
several security-relevant updates (such as Apache, Bind [might need another one?],
zlib [again], OpenSSH, and so on) which I think should be available to our
userbase as soon as possible.
To have CVE-2022-1015 and CVE-2022-1016 covered, I will submit a patch for
an updated kernel later this day, since we have enough space to ship one as
the linux-firmware changes were reverted (see 8a4780de645a5b3ab42054eaf022c57d6849ae9a).
Looking at Patchwork, it would be great if we could clarify the status of
these patches and patch series, and whether they should go into Core Update
167 or not:
- https://patchwork.ipfire.org/project/ipfire/list/?series=2684
- https://patchwork.ipfire.org/project/ipfire/list/?series=2698
- https://patchwork.ipfire.org/project/ipfire/patch/66e4978d-6ba4-6c14-329c-6f7ae99ed4b2(a)ipfire.org/
If there are any patches sitting around in your local/private repositories
you want to have in Core Update 167, kindly post them. As always, drop me a
line in case of questions or comments.
Thanks, and best regards,
Peter Müller
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Last call for Core Update 167 (was: Re: Core Updates 166 and 167)
2022-04-02 7:42 ` Last call for Core Update 167 (was: Re: Core Updates 166 and 167) Peter Müller
@ 2022-04-02 11:00 ` Michael Tremer
2022-04-02 11:30 ` Peter Müller
2022-04-04 9:21 ` Bernhard Bitsch
2022-04-02 14:54 ` Stefan Schantl
2022-04-11 6:21 ` Bernhard Bitsch
2 siblings, 2 replies; 9+ messages in thread
From: Michael Tremer @ 2022-04-02 11:00 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2080 bytes --]
Hello Peter,
> On 2 Apr 2022, at 08:42, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>
> Hello development folks,
>
> being responsible for upcoming Core Update 167, I would like to close this
> update roughly at the beginning of next week. This is because it contains
> several security-relevant updates (such as Apache, Bind [might need another one?],
> zlib [again], OpenSSH, and so on) which I think should be available to our
> userbase as soon as possible.
I don’t have anything left. Please await the conference call on Monday for a final decision.
> To have CVE-2022-1015 and CVE-2022-1016 covered, I will submit a patch for
> an updated kernel later this day, since we have enough space to ship one as
> the linux-firmware changes were reverted (see 8a4780de645a5b3ab42054eaf022c57d6849ae9a).
Please consult with Arne on this. There are lots of small details that need to be considered.
And I am sure he has a branch with an updated kernel somewhere already.
However, I really would like a new kernel in this release, even if that will take us a few days longer.
> Looking at Patchwork, it would be great if we could clarify the status of
> these patches and patch series, and whether they should go into Core Update
> 167 or not:
> - https://patchwork.ipfire.org/project/ipfire/list/?series=2684
I will leave this for Stefan.
> - https://patchwork.ipfire.org/project/ipfire/list/?series=2698
I was awaiting some response from Anthony. I am not sure whether we can take silence as approval but since he has approved the previous version of the patchset which has just been extended, I am sure this is okay to merge.
> - https://patchwork.ipfire.org/project/ipfire/patch/66e4978d-6ba4-6c14-329c-6f7ae99ed4b2(a)ipfire.org/
This is something for Arne.
> If there are any patches sitting around in your local/private repositories
> you want to have in Core Update 167, kindly post them. As always, drop me a
> line in case of questions or comments.
>
> Thanks, and best regards,
> Peter Müller
-Michael
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Last call for Core Update 167 (was: Re: Core Updates 166 and 167)
2022-04-02 11:00 ` Michael Tremer
@ 2022-04-02 11:30 ` Peter Müller
2022-04-02 14:16 ` Michael Tremer
2022-04-04 9:21 ` Bernhard Bitsch
1 sibling, 1 reply; 9+ messages in thread
From: Peter Müller @ 2022-04-02 11:30 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2791 bytes --]
Hello Michael,
thanks for your reply.
> Hello Peter,
>
>> On 2 Apr 2022, at 08:42, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>>
>> Hello development folks,
>>
>> being responsible for upcoming Core Update 167, I would like to close this
>> update roughly at the beginning of next week. This is because it contains
>> several security-relevant updates (such as Apache, Bind [might need another one?],
>> zlib [again], OpenSSH, and so on) which I think should be available to our
>> userbase as soon as possible.
>
> I don’t have anything left. Please await the conference call on Monday for a final decision.
Yes, I was planning to do so. Just thought a preliminary notice would be in order...
>
>> To have CVE-2022-1015 and CVE-2022-1016 covered, I will submit a patch for
>> an updated kernel later this day, since we have enough space to ship one as
>> the linux-firmware changes were reverted (see 8a4780de645a5b3ab42054eaf022c57d6849ae9a).
>
> Please consult with Arne on this. There are lots of small details that need to be considered.
>
> And I am sure he has a branch with an updated kernel somewhere already.
>
> However, I really would like a new kernel in this release, even if that will take us a few days longer.
Oh, I overlooked your mail before submitting that Linux 5.15.32 patch. Sorry.
Arne working on a kernel was also my impression, but with a look at people/arne_f/kernel.git
and people/arne_f/ipfire-2.x.git, I did not find anything I could pick up. So I thought I
do a kernel update to once in a while, trying to reduce the bus factor on this end. :-)
>
>> Looking at Patchwork, it would be great if we could clarify the status of
>> these patches and patch series, and whether they should go into Core Update
>> 167 or not:
>> - https://patchwork.ipfire.org/project/ipfire/list/?series=2684
>
> I will leave this for Stefan.
>
>> - https://patchwork.ipfire.org/project/ipfire/list/?series=2698
>
> I was awaiting some response from Anthony. I am not sure whether we can take silence as approval but since he has approved the previous version of the patchset which has just been extended, I am sure this is okay to merge.
I will wait until Monday for his reply then, and merge it if no negative feedback arrives until then.
Thanks, and best regards,
Peter Müller
>
>> - https://patchwork.ipfire.org/project/ipfire/patch/66e4978d-6ba4-6c14-329c-6f7ae99ed4b2(a)ipfire.org/
>
> This is something for Arne.
>
>> If there are any patches sitting around in your local/private repositories
>> you want to have in Core Update 167, kindly post them. As always, drop me a
>> line in case of questions or comments.
>>
>> Thanks, and best regards,
>> Peter Müller
>
> -Michael
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Last call for Core Update 167 (was: Re: Core Updates 166 and 167)
2022-04-02 11:30 ` Peter Müller
@ 2022-04-02 14:16 ` Michael Tremer
0 siblings, 0 replies; 9+ messages in thread
From: Michael Tremer @ 2022-04-02 14:16 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 3304 bytes --]
Hello,
> On 2 Apr 2022, at 12:30, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>
> Hello Michael,
>
> thanks for your reply.
>
>> Hello Peter,
>>
>>> On 2 Apr 2022, at 08:42, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>>>
>>> Hello development folks,
>>>
>>> being responsible for upcoming Core Update 167, I would like to close this
>>> update roughly at the beginning of next week. This is because it contains
>>> several security-relevant updates (such as Apache, Bind [might need another one?],
>>> zlib [again], OpenSSH, and so on) which I think should be available to our
>>> userbase as soon as possible.
>>
>> I don’t have anything left. Please await the conference call on Monday for a final decision.
>
> Yes, I was planning to do so. Just thought a preliminary notice would be in order...
Good thinking :)
>>
>>> To have CVE-2022-1015 and CVE-2022-1016 covered, I will submit a patch for
>>> an updated kernel later this day, since we have enough space to ship one as
>>> the linux-firmware changes were reverted (see 8a4780de645a5b3ab42054eaf022c57d6849ae9a).
>>
>> Please consult with Arne on this. There are lots of small details that need to be considered.
>>
>> And I am sure he has a branch with an updated kernel somewhere already.
>>
>> However, I really would like a new kernel in this release, even if that will take us a few days longer.
>
> Oh, I overlooked your mail before submitting that Linux 5.15.32 patch. Sorry.
>
> Arne working on a kernel was also my impression, but with a look at people/arne_f/kernel.git
> and people/arne_f/ipfire-2.x.git, I did not find anything I could pick up. So I thought I
> do a kernel update to once in a while, trying to reduce the bus factor on this end. :-)
Please consult with him no matter what. Arne is not always pushing all changes to his repositories and you know how much he replies on the list.
>>
>>> Looking at Patchwork, it would be great if we could clarify the status of
>>> these patches and patch series, and whether they should go into Core Update
>>> 167 or not:
>>> - https://patchwork.ipfire.org/project/ipfire/list/?series=2684
>>
>> I will leave this for Stefan.
>>
>>> - https://patchwork.ipfire.org/project/ipfire/list/?series=2698
>>
>> I was awaiting some response from Anthony. I am not sure whether we can take silence as approval but since he has approved the previous version of the patchset which has just been extended, I am sure this is okay to merge.
>
> I will wait until Monday for his reply then, and merge it if no negative feedback arrives until then.
Silence is not an ack. We should not have this culture here.
If this is urgent, please get in touch with him. I am sure you have his phone number :)
-Michael
> Thanks, and best regards,
> Peter Müller
>
>>
>>> - https://patchwork.ipfire.org/project/ipfire/patch/66e4978d-6ba4-6c14-329c-6f7ae99ed4b2(a)ipfire.org/
>>
>> This is something for Arne.
>>
>>> If there are any patches sitting around in your local/private repositories
>>> you want to have in Core Update 167, kindly post them. As always, drop me a
>>> line in case of questions or comments.
>>>
>>> Thanks, and best regards,
>>> Peter Müller
>>
>> -Michael
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Last call for Core Update 167 (was: Re: Core Updates 166 and 167)
2022-04-02 7:42 ` Last call for Core Update 167 (was: Re: Core Updates 166 and 167) Peter Müller
2022-04-02 11:00 ` Michael Tremer
@ 2022-04-02 14:54 ` Stefan Schantl
2022-04-11 6:21 ` Bernhard Bitsch
2 siblings, 0 replies; 9+ messages in thread
From: Stefan Schantl @ 2022-04-02 14:54 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1645 bytes --]
Hello Peter,
thanks for working and coordinating the next core update in this way.
> Hello development folks,
>
> being responsible for upcoming Core Update 167, I would like to close
> this
> update roughly at the beginning of next week. This is because it
> contains
> several security-relevant updates (such as Apache, Bind [might need
> another one?],
> zlib [again], OpenSSH, and so on) which I think should be available
> to our
> userbase as soon as possible.
>
> To have CVE-2022-1015 and CVE-2022-1016 covered, I will submit a
> patch for
> an updated kernel later this day, since we have enough space to ship
> one as
> the linux-firmware changes were reverted (see
> 8a4780de645a5b3ab42054eaf022c57d6849ae9a).
>
> Looking at Patchwork, it would be great if we could clarify the
> status of
> these patches and patch series, and whether they should go into Core
> Update
> 167 or not:
> - https://patchwork.ipfire.org/project/ipfire/list/?series=2684
Please ignore that patch set.
I'm currently working on improving the IDS again and these patches are
obsolete and safely can be dropped.
More about this project on Monday.
Best regards,
-Stefan
> - https://patchwork.ipfire.org/project/ipfire/list/?series=2698
> -
> https://patchwork.ipfire.org/project/ipfire/patch/66e4978d-6ba4-6c14-329c-6f7ae99ed4b2(a)ipfire.org/
>
> If there are any patches sitting around in your local/private
> repositories
> you want to have in Core Update 167, kindly post them. As always,
> drop me a
> line in case of questions or comments.
>
> Thanks, and best regards,
> Peter Müller
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Last call for Core Update 167 (was: Re: Core Updates 166 and 167)
2022-04-02 11:00 ` Michael Tremer
2022-04-02 11:30 ` Peter Müller
@ 2022-04-04 9:21 ` Bernhard Bitsch
1 sibling, 0 replies; 9+ messages in thread
From: Bernhard Bitsch @ 2022-04-04 9:21 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2566 bytes --]
Hi,
I think we should include the solution for bug #12838, if possible.
It isn't an urgent repair, but reinstalls the graphical presentation of
the hostile hits. This can be helpful for a first impression about these
fw hits.
Just another idea. Seeing many CTINVALID messages, it would be nice to
show them in the fwhits graph also.
Regards,
Bernhard
Am 02.04.2022 um 13:00 schrieb Michael Tremer:
> Hello Peter,
>
>> On 2 Apr 2022, at 08:42, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>>
>> Hello development folks,
>>
>> being responsible for upcoming Core Update 167, I would like to close this
>> update roughly at the beginning of next week. This is because it contains
>> several security-relevant updates (such as Apache, Bind [might need another one?],
>> zlib [again], OpenSSH, and so on) which I think should be available to our
>> userbase as soon as possible.
>
> I don’t have anything left. Please await the conference call on Monday for a final decision.
>
>> To have CVE-2022-1015 and CVE-2022-1016 covered, I will submit a patch for
>> an updated kernel later this day, since we have enough space to ship one as
>> the linux-firmware changes were reverted (see 8a4780de645a5b3ab42054eaf022c57d6849ae9a).
>
> Please consult with Arne on this. There are lots of small details that need to be considered.
>
> And I am sure he has a branch with an updated kernel somewhere already.
>
> However, I really would like a new kernel in this release, even if that will take us a few days longer.
>
>> Looking at Patchwork, it would be great if we could clarify the status of
>> these patches and patch series, and whether they should go into Core Update
>> 167 or not:
>> - https://patchwork.ipfire.org/project/ipfire/list/?series=2684
>
> I will leave this for Stefan.
>
>> - https://patchwork.ipfire.org/project/ipfire/list/?series=2698
>
> I was awaiting some response from Anthony. I am not sure whether we can take silence as approval but since he has approved the previous version of the patchset which has just been extended, I am sure this is okay to merge.
>
>> - https://patchwork.ipfire.org/project/ipfire/patch/66e4978d-6ba4-6c14-329c-6f7ae99ed4b2(a)ipfire.org/
>
> This is something for Arne.
>
>> If there are any patches sitting around in your local/private repositories
>> you want to have in Core Update 167, kindly post them. As always, drop me a
>> line in case of questions or comments.
>>
>> Thanks, and best regards,
>> Peter Müller
>
> -Michael
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Last call for Core Update 167 (was: Re: Core Updates 166 and 167)
2022-04-02 7:42 ` Last call for Core Update 167 (was: Re: Core Updates 166 and 167) Peter Müller
2022-04-02 11:00 ` Michael Tremer
2022-04-02 14:54 ` Stefan Schantl
@ 2022-04-11 6:21 ` Bernhard Bitsch
2022-04-11 7:49 ` Michael Tremer
2022-04-11 19:14 ` Rob Brewer
2 siblings, 2 replies; 9+ messages in thread
From: Bernhard Bitsch @ 2022-04-11 6:21 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1717 bytes --]
Hello,
Hope I'm not too late with this.
Since a week I have running the latest APU firmware ( v4.16.02 ) on my
system.
Found no problems until now, but an enhancement. The AMD PSP CCP is now
found as entropy source. So the boot process is faster.
This may be useful for many IPFire users. Is it possible to include in
CU 167?
Regards,
Bernhard
Am 02.04.2022 um 09:42 schrieb Peter Müller:
> Hello development folks,
>
> being responsible for upcoming Core Update 167, I would like to close this
> update roughly at the beginning of next week. This is because it contains
> several security-relevant updates (such as Apache, Bind [might need another one?],
> zlib [again], OpenSSH, and so on) which I think should be available to our
> userbase as soon as possible.
>
> To have CVE-2022-1015 and CVE-2022-1016 covered, I will submit a patch for
> an updated kernel later this day, since we have enough space to ship one as
> the linux-firmware changes were reverted (see 8a4780de645a5b3ab42054eaf022c57d6849ae9a).
>
> Looking at Patchwork, it would be great if we could clarify the status of
> these patches and patch series, and whether they should go into Core Update
> 167 or not:
> - https://patchwork.ipfire.org/project/ipfire/list/?series=2684
> - https://patchwork.ipfire.org/project/ipfire/list/?series=2698
> - https://patchwork.ipfire.org/project/ipfire/patch/66e4978d-6ba4-6c14-329c-6f7ae99ed4b2(a)ipfire.org/
>
> If there are any patches sitting around in your local/private repositories
> you want to have in Core Update 167, kindly post them. As always, drop me a
> line in case of questions or comments.
>
> Thanks, and best regards,
> Peter Müller
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Last call for Core Update 167 (was: Re: Core Updates 166 and 167)
2022-04-11 6:21 ` Bernhard Bitsch
@ 2022-04-11 7:49 ` Michael Tremer
2022-04-11 19:14 ` Rob Brewer
1 sibling, 0 replies; 9+ messages in thread
From: Michael Tremer @ 2022-04-11 7:49 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1985 bytes --]
Hello,
I would recommend creating a patch for this.
And since we need to test this a little bit before we release it, I would schedule it for c168.
-Michael
> On 11 Apr 2022, at 07:21, Bernhard Bitsch <bbitsch(a)ipfire.org> wrote:
>
> Hello,
>
> Hope I'm not too late with this.
> Since a week I have running the latest APU firmware ( v4.16.02 ) on my system.
> Found no problems until now, but an enhancement. The AMD PSP CCP is now found as entropy source. So the boot process is faster.
>
> This may be useful for many IPFire users. Is it possible to include in CU 167?
>
> Regards,
> Bernhard
>
> Am 02.04.2022 um 09:42 schrieb Peter Müller:
>> Hello development folks,
>> being responsible for upcoming Core Update 167, I would like to close this
>> update roughly at the beginning of next week. This is because it contains
>> several security-relevant updates (such as Apache, Bind [might need another one?],
>> zlib [again], OpenSSH, and so on) which I think should be available to our
>> userbase as soon as possible.
>> To have CVE-2022-1015 and CVE-2022-1016 covered, I will submit a patch for
>> an updated kernel later this day, since we have enough space to ship one as
>> the linux-firmware changes were reverted (see 8a4780de645a5b3ab42054eaf022c57d6849ae9a).
>> Looking at Patchwork, it would be great if we could clarify the status of
>> these patches and patch series, and whether they should go into Core Update
>> 167 or not:
>> - https://patchwork.ipfire.org/project/ipfire/list/?series=2684
>> - https://patchwork.ipfire.org/project/ipfire/list/?series=2698
>> - https://patchwork.ipfire.org/project/ipfire/patch/66e4978d-6ba4-6c14-329c-6f7ae99ed4b2(a)ipfire.org/
>> If there are any patches sitting around in your local/private repositories
>> you want to have in Core Update 167, kindly post them. As always, drop me a
>> line in case of questions or comments.
>> Thanks, and best regards,
>> Peter Müller
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Last call for Core Update 167 (was: Re: Core Updates 166 and 167)
2022-04-11 6:21 ` Bernhard Bitsch
2022-04-11 7:49 ` Michael Tremer
@ 2022-04-11 19:14 ` Rob Brewer
1 sibling, 0 replies; 9+ messages in thread
From: Rob Brewer @ 2022-04-11 19:14 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 685 bytes --]
On Monday 11 April 2022 07:21 Bernhard Bitsch wrote:
> Hello,
>
> Hope I'm not too late with this.
> Since a week I have running the latest APU firmware ( v4.16.02 ) on my
> system.
> Found no problems until now, but an enhancement. The AMD PSP CCP is now
> found as entropy source. So the boot process is faster.
>
> This may be useful for many IPFire users. Is it possible to include in
> CU 167?
>
> Regards,
> Bernhard
Poor entropy on my APU2 E4 has been a serious problem so much so that I will
do anything not to re-boot IPFire. I wasn't aware that this was a firmware
problem so this is really good news.
I hope the new firmware will soon be available via pakfire.
Rob
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2022-04-11 19:14 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <a19176a0-e95e-b58b-aa0e-35ce80ffa056@ipfire.org>
2022-04-02 7:42 ` Last call for Core Update 167 (was: Re: Core Updates 166 and 167) Peter Müller
2022-04-02 11:00 ` Michael Tremer
2022-04-02 11:30 ` Peter Müller
2022-04-02 14:16 ` Michael Tremer
2022-04-04 9:21 ` Bernhard Bitsch
2022-04-02 14:54 ` Stefan Schantl
2022-04-11 6:21 ` Bernhard Bitsch
2022-04-11 7:49 ` Michael Tremer
2022-04-11 19:14 ` Rob Brewer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox