Re: [DNG] Jessie-backports now has spectre patched kernel

[Jimmy Johnson]

On 05/01/2018 04:51 PM, Jimmy Johnson wrote:

On 05/01/2018 04:27 PM, chillfan wrote:
Whilst the kernels look to have been patched properly afaict (using 
the backported 4.9 kernel in Jessie), Debian doesn't make it clear if 
they will rebuild the whole archive yet.


https://wiki.debian.org/DebianSecurity/SpectreMeltdown

"No archive rebuild is planned at this point .."

I'm no expert in this, but it would seem better to me if they did 
rebuild.



Stretch is stable and an upgrade of that sorts in debian stable main 
maybe against Debian policy.  Outside of that I feel the same as you.



Sorry, I should have said Jessie/old stable.

Cheers,
--
Jimmy Johnson

Devuan ASCII - TDE Trinity R14.0.5 - AMD A8-7600 - EXT4 at sda6
Registered Linux User #380263

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Jessie-backports now has spectre patched kernel

[Jimmy Johnson]

On 05/01/2018 04:27 PM, chillfan wrote:

Whilst the kernels look to have been patched properly afaict (using the 
backported 4.9 kernel in Jessie), Debian doesn't make it clear if they will 
rebuild the whole archive yet.

https://wiki.debian.org/DebianSecurity/SpectreMeltdown

"No archive rebuild is planned at this point .."

I'm no expert in this, but it would seem better to me if they did rebuild.



Stretch is stable and an upgrade of that sorts in debian stable main 
maybe against Debian policy.  Outside of that I feel the same as you.


Cheers,
--
Jimmy Johnson

Devuan ASCII - TDE Trinity R14.0.5 - AMD A8-7600 - EXT4 at sda6
Registered Linux User #380263

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Jessie-backports now has spectre patched kernel

[chillfan]

Whilst the kernels look to have been patched properly afaict (using the 
backported 4.9 kernel in Jessie), Debian doesn't make it clear if they will 
rebuild the whole archive yet.

https://wiki.debian.org/DebianSecurity/SpectreMeltdown

"No archive rebuild is planned at this point .."

I'm no expert in this, but it would seem better to me if they did rebuild.

​Thanks,

chillfan
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Jessie-backports now has spectre patched kernel

[Jimmy Johnson]

On 04/24/2018 06:16 AM, Arnt Karlsen wrote:

On Tue, 24 Apr 2018 02:25:30 -0700, Jimmy wrote in message
<0bb32fa0-85f5-e27d-322b-d4edaa4b0...@gmail.com>:


In ascii/stretch the default linux-image-amd64 is patched, you don't
have to do anything special.


..ok, the default ascii linux-image now is?:
dpkg -l |grep image |grep `uname -r ` |fmt -tu
ii linux-image-4.15.0-0.bpo.2-amd64 4.15.11-1~bpo9+1 amd64
Linux 4.15 for 64-bit PCs



In stretch/ascii it's currently linux-image-4.9.0-6-amd64 and it is patched.
 https://packages.debian.org/stretch/linux-image-amd64
--
Jimmy Johnson

Devuan Beowulf - TDE-Trinity R14.0.5 - AMD A8-7600 - EXT4 at sda8
Registered Linux User #380263

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Jessie-backports now has spectre patched kernel

[Arnt Karlsen]

On Tue, 24 Apr 2018 02:25:30 -0700, Jimmy wrote in message 
<0bb32fa0-85f5-e27d-322b-d4edaa4b0...@gmail.com>:

> In ascii/stretch the default linux-image-amd64 is patched, you don't 
> have to do anything special.  

..ok, the default ascii linux-image now is?: 
dpkg -l |grep image |grep `uname -r ` |fmt -tu 
ii linux-image-4.15.0-0.bpo.2-amd64 4.15.11-1~bpo9+1 amd64 
   Linux 4.15 for 64-bit PCs

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Jessie-backports now has spectre patched kernel

[Jimmy Johnson]

On 04/24/2018 02:40 AM, KatolaZ wrote:

On Tue, Apr 24, 2018 at 09:49:33AM +0200, Arnt Karlsen wrote:

On Mon, 23 Apr 2018 11:30:27 -0700, Jimmy wrote in message
<2f1aa23a-84c9-a773--58208a9a8...@gmail.com>:


On 04/23/2018 07:54 AM, chillfan wrote:

Great, thanks for the news.

I'm hoping Debian will do a full rebuild to compile everything with
reptoline, as this seems a lot better to me than just mitigating
when a specific problem is found.



Mitigation 2
* Kernel compiled with retpoline option:  YES
* Kernel compiled with a retpoline-aware compiler:  YES  (kernel
reports full retpoline compilation)
  > STATUS:  NOT VULNERABLE  (Mitigation: Full AMD retpoline)


..which linux-image .deb package, and which kernel version is that?
(As in: uname -rv & -l |grep image |grep `uname -r`)



I am not sure I understand your question, but the latest
linux-image-${ARCH} should pull the most recent Linux kernel. Those
are already patched, both in jessie and in ascii.



That is true for ASCII but for Jessie amd64 only meltdown is patched. 
When you install the back-port kernel on Jessie amd64 you get fully 
patched, you can check this with the spectre-meltdown-checker.  For 
Jessie i386 stock kernel nothing is patched. Install the backports 
kernel on Jessie i386 and spectre 1&2 are patched but 3 is not patched.


https://packages.debian.org/stretch-backports/all/spectre-meltdown-checker/download 



Cheers,
--
Jimmy Johnson

Devuan Jessie - TDE Trinity R14.0.5 - Intel Pentium-4-M 1.9GHz - EXT4 at 
sda2

Registered Linux User #380263

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Jessie-backports now has spectre patched kernel

[KatolaZ]

On Tue, Apr 24, 2018 at 09:49:33AM +0200, Arnt Karlsen wrote:
> On Mon, 23 Apr 2018 11:30:27 -0700, Jimmy wrote in message 
> <2f1aa23a-84c9-a773--58208a9a8...@gmail.com>:
> 
> > On 04/23/2018 07:54 AM, chillfan wrote:
> > > Great, thanks for the news.
> > > 
> > > I'm hoping Debian will do a full rebuild to compile everything with
> > > reptoline, as this seems a lot better to me than just mitigating
> > > when a specific problem is found.  
> > 
> > 
> > Mitigation 2
> >* Kernel compiled with retpoline option:  YES
> >* Kernel compiled with a retpoline-aware compiler:  YES  (kernel 
> > reports full retpoline compilation)
> >  > STATUS:  NOT VULNERABLE  (Mitigation: Full AMD retpoline)  
> 
> ..which linux-image .deb package, and which kernel version is that?  
> (As in: uname -rv & -l |grep image |grep `uname -r`)
> 

I am not sure I understand your question, but the latest
linux-image-${ARCH} should pull the most recent Linux kernel. Those
are already patched, both in jessie and in ascii.

HTH

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Jessie-backports now has spectre patched kernel

[Jimmy Johnson]

On 04/24/2018 12:49 AM, Arnt Karlsen wrote:

On Mon, 23 Apr 2018 11:30:27 -0700, Jimmy wrote in message
<2f1aa23a-84c9-a773--58208a9a8...@gmail.com>:


On 04/23/2018 07:54 AM, chillfan wrote:

Great, thanks for the news.

I'm hoping Debian will do a full rebuild to compile everything with
reptoline, as this seems a lot better to me than just mitigating
when a specific problem is found.



Mitigation 2
* Kernel compiled with retpoline option:  YES
* Kernel compiled with a retpoline-aware compiler:  YES  (kernel
reports full retpoline compilation)
  > STATUS:  NOT VULNERABLE  (Mitigation: Full AMD retpoline)


..which linux-image .deb package, and which kernel version is that?
(As in: uname -rv & -l |grep image |grep `uname -r`)


..which backport lines am I missing in my /etc/apt/sources.list here?
I have: # cat /etc/apt/sources.list
# Devuan repositories
deb http://pkgmaster.devuan.org/merged ascii main contrib non-free
deb-src http://pkgmaster.devuan.org/merged ascii main contrib non-free

# /etc/apt/sources.list.d/devuan-stable-security.list
deb http://pkgmaster.devuan.org/merged ascii-security main contrib
non-free
deb-src http://pkgmaster.devuan.org/merged ascii-security main contrib
non-free

# /etc/apt/sources.list.d/devuan-stable-updates.list
deb http://pkgmaster.devuan.org/merged ascii-updates main contrib
non-free
deb-src http://pkgmaster.devuan.org/merged ascii-updates main contrib
non-free

# /etc/apt/sources.list.d/devuan-stable-proposed-updates.list
deb http://pkgmaster.devuan.org/merged ascii-proposed-updates main
contrib non-free
deb-src http://pkgmaster.devuan.org/merged ascii-proposed-updates main
contrib non-free

# /etc/apt/sources.list.d/devuan-stable-backports.list
deb http://pkgmaster.devuan.org/merged ascii-backports main contrib
non-free
deb-src http://pkgmaster.devuan.org/merged ascii-backports main contrib
non-free

# /etc/apt/sources.list.d/devuan-experimental.list
deb http://pkgmaster.devuan.org/devuan experimental main contrib
non-free
deb-src http://pkgmaster.devuan.org/devuan experimental main contrib
non-free


# Devuan repositories
# deb http://packages.devuan.org/merged ascii main contrib non-free
# deb-src http://packages.devuan.org/merged ascii main contrib non-free


..is the https://devuan.org/os/etc/apt/sources.list recipe now the
current proper Devuan way of setting up source listings for ascii?




This is mine for ascii:
deb http://pkgmaster.devuan.org/merged/ ascii main contrib non-free
deb http://pkgmaster.devuan.org/merged/ ascii-updates main contrib non-free
deb http://pkgmaster.devuan.org/merged/ ascii-security main contrib 
non-free
deb http://pkgmaster.devuan.org/merged/ ascii-backports main contrib 
non-free


In ascii/stretch the default linux-image-amd64 is patched, you don't 
have to do anything special.  My post was about Jessie.


Cheers,
--
Jimmy Johnson

Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda5
Registered Linux User #380263

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Jessie-backports now has spectre patched kernel

[Arnt Karlsen]

On Mon, 23 Apr 2018 11:30:27 -0700, Jimmy wrote in message 
<2f1aa23a-84c9-a773--58208a9a8...@gmail.com>:

> On 04/23/2018 07:54 AM, chillfan wrote:
> > Great, thanks for the news.
> > 
> > I'm hoping Debian will do a full rebuild to compile everything with
> > reptoline, as this seems a lot better to me than just mitigating
> > when a specific problem is found.  
> 
> 
> Mitigation 2
>* Kernel compiled with retpoline option:  YES
>* Kernel compiled with a retpoline-aware compiler:  YES  (kernel 
> reports full retpoline compilation)
>  > STATUS:  NOT VULNERABLE  (Mitigation: Full AMD retpoline)  

..which linux-image .deb package, and which kernel version is that?  
(As in: uname -rv & -l |grep image |grep `uname -r`)


..which backport lines am I missing in my /etc/apt/sources.list here?
I have: # cat /etc/apt/sources.list
# Devuan repositories
deb http://pkgmaster.devuan.org/merged ascii main contrib non-free
deb-src http://pkgmaster.devuan.org/merged ascii main contrib non-free

# /etc/apt/sources.list.d/devuan-stable-security.list
deb http://pkgmaster.devuan.org/merged ascii-security main contrib
non-free 
deb-src http://pkgmaster.devuan.org/merged ascii-security main contrib
non-free

# /etc/apt/sources.list.d/devuan-stable-updates.list
deb http://pkgmaster.devuan.org/merged ascii-updates main contrib
non-free 
deb-src http://pkgmaster.devuan.org/merged ascii-updates main contrib
non-free

# /etc/apt/sources.list.d/devuan-stable-proposed-updates.list
deb http://pkgmaster.devuan.org/merged ascii-proposed-updates main
contrib non-free 
deb-src http://pkgmaster.devuan.org/merged ascii-proposed-updates main
contrib non-free

# /etc/apt/sources.list.d/devuan-stable-backports.list
deb http://pkgmaster.devuan.org/merged ascii-backports main contrib
non-free 
deb-src http://pkgmaster.devuan.org/merged ascii-backports main contrib
non-free

# /etc/apt/sources.list.d/devuan-experimental.list
deb http://pkgmaster.devuan.org/devuan experimental main contrib
non-free 
deb-src http://pkgmaster.devuan.org/devuan experimental main contrib
non-free


# Devuan repositories
# deb http://packages.devuan.org/merged ascii main contrib non-free
# deb-src http://packages.devuan.org/merged ascii main contrib non-free


..is the https://devuan.org/os/etc/apt/sources.list recipe now the
current proper Devuan way of setting up source listings for ascii?

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Jessie-backports now has spectre patched kernel

[chillfan]

Great, thanks for the news. 

I'm hoping Debian will do a full rebuild to compile everything with reptoline, 
as this seems a lot better to me than just mitigating when a specific problem 
is found.

‐‐‐ Original Message ‐‐‐

On April 22, 2018 8:23 PM, Jimmy Johnson  wrote:

> 4.9.0-0.bpo.6-amd64 is patched, tested on AMD and Intel - Variant 1,2
> 
> and 3 patched.
> 
> Cheers!
> 
> 
> --
> 
> Jimmy Johnson
> 
> Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda5
> 
> Registered Linux User #380263
> 
> Dng mailing list
> 
> Dng@lists.dyne.org
> 
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Jessie-backports now has spectre patched kernel

[Jimmy Johnson]

4.9.0-0.bpo.6-amd64 is patched, tested on AMD and Intel - Variant 1,2 
and 3 patched.


Cheers!
--
Jimmy Johnson

Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda5
Registered Linux User #380263

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng