Re: [DNG] Jessie-backports now has spectre patched kernel
On 05/01/2018 04:51 PM, Jimmy Johnson wrote: On 05/01/2018 04:27 PM, chillfan wrote: Whilst the kernels look to have been patched properly afaict (using the backported 4.9 kernel in Jessie), Debian doesn't make it clear if they will rebuild the whole archive yet. https://wiki.debian.org/DebianSecurity/SpectreMeltdown "No archive rebuild is planned at this point .." I'm no expert in this, but it would seem better to me if they did rebuild. Stretch is stable and an upgrade of that sorts in debian stable main maybe against Debian policy. Outside of that I feel the same as you. Sorry, I should have said Jessie/old stable. Cheers, -- Jimmy Johnson Devuan ASCII - TDE Trinity R14.0.5 - AMD A8-7600 - EXT4 at sda6 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Jessie-backports now has spectre patched kernel
On 05/01/2018 04:27 PM, chillfan wrote: Whilst the kernels look to have been patched properly afaict (using the backported 4.9 kernel in Jessie), Debian doesn't make it clear if they will rebuild the whole archive yet. https://wiki.debian.org/DebianSecurity/SpectreMeltdown "No archive rebuild is planned at this point .." I'm no expert in this, but it would seem better to me if they did rebuild. Stretch is stable and an upgrade of that sorts in debian stable main maybe against Debian policy. Outside of that I feel the same as you. Cheers, -- Jimmy Johnson Devuan ASCII - TDE Trinity R14.0.5 - AMD A8-7600 - EXT4 at sda6 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Jessie-backports now has spectre patched kernel
Whilst the kernels look to have been patched properly afaict (using the backported 4.9 kernel in Jessie), Debian doesn't make it clear if they will rebuild the whole archive yet. https://wiki.debian.org/DebianSecurity/SpectreMeltdown "No archive rebuild is planned at this point .." I'm no expert in this, but it would seem better to me if they did rebuild. Thanks, chillfan ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Jessie-backports now has spectre patched kernel
On 04/24/2018 06:16 AM, Arnt Karlsen wrote: On Tue, 24 Apr 2018 02:25:30 -0700, Jimmy wrote in message <0bb32fa0-85f5-e27d-322b-d4edaa4b0...@gmail.com>: In ascii/stretch the default linux-image-amd64 is patched, you don't have to do anything special. ..ok, the default ascii linux-image now is?: dpkg -l |grep image |grep `uname -r ` |fmt -tu ii linux-image-4.15.0-0.bpo.2-amd64 4.15.11-1~bpo9+1 amd64 Linux 4.15 for 64-bit PCs In stretch/ascii it's currently linux-image-4.9.0-6-amd64 and it is patched. https://packages.debian.org/stretch/linux-image-amd64 -- Jimmy Johnson Devuan Beowulf - TDE-Trinity R14.0.5 - AMD A8-7600 - EXT4 at sda8 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Jessie-backports now has spectre patched kernel
On Tue, 24 Apr 2018 02:25:30 -0700, Jimmy wrote in message <0bb32fa0-85f5-e27d-322b-d4edaa4b0...@gmail.com>: > In ascii/stretch the default linux-image-amd64 is patched, you don't > have to do anything special. ..ok, the default ascii linux-image now is?: dpkg -l |grep image |grep `uname -r ` |fmt -tu ii linux-image-4.15.0-0.bpo.2-amd64 4.15.11-1~bpo9+1 amd64 Linux 4.15 for 64-bit PCs -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Jessie-backports now has spectre patched kernel
On 04/24/2018 02:40 AM, KatolaZ wrote: On Tue, Apr 24, 2018 at 09:49:33AM +0200, Arnt Karlsen wrote: On Mon, 23 Apr 2018 11:30:27 -0700, Jimmy wrote in message <2f1aa23a-84c9-a773--58208a9a8...@gmail.com>: On 04/23/2018 07:54 AM, chillfan wrote: Great, thanks for the news. I'm hoping Debian will do a full rebuild to compile everything with reptoline, as this seems a lot better to me than just mitigating when a specific problem is found. Mitigation 2 * Kernel compiled with retpoline option: YES * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation) > STATUS: NOT VULNERABLE (Mitigation: Full AMD retpoline) ..which linux-image .deb package, and which kernel version is that? (As in: uname -rv & -l |grep image |grep `uname -r`) I am not sure I understand your question, but the latest linux-image-${ARCH} should pull the most recent Linux kernel. Those are already patched, both in jessie and in ascii. That is true for ASCII but for Jessie amd64 only meltdown is patched. When you install the back-port kernel on Jessie amd64 you get fully patched, you can check this with the spectre-meltdown-checker. For Jessie i386 stock kernel nothing is patched. Install the backports kernel on Jessie i386 and spectre 1&2 are patched but 3 is not patched. https://packages.debian.org/stretch-backports/all/spectre-meltdown-checker/download Cheers, -- Jimmy Johnson Devuan Jessie - TDE Trinity R14.0.5 - Intel Pentium-4-M 1.9GHz - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Jessie-backports now has spectre patched kernel
On Tue, Apr 24, 2018 at 09:49:33AM +0200, Arnt Karlsen wrote: > On Mon, 23 Apr 2018 11:30:27 -0700, Jimmy wrote in message > <2f1aa23a-84c9-a773--58208a9a8...@gmail.com>: > > > On 04/23/2018 07:54 AM, chillfan wrote: > > > Great, thanks for the news. > > > > > > I'm hoping Debian will do a full rebuild to compile everything with > > > reptoline, as this seems a lot better to me than just mitigating > > > when a specific problem is found. > > > > > > Mitigation 2 > >* Kernel compiled with retpoline option: YES > >* Kernel compiled with a retpoline-aware compiler: YES (kernel > > reports full retpoline compilation) > > > STATUS: NOT VULNERABLE (Mitigation: Full AMD retpoline) > > ..which linux-image .deb package, and which kernel version is that? > (As in: uname -rv & -l |grep image |grep `uname -r`) > I am not sure I understand your question, but the latest linux-image-${ARCH} should pull the most recent Linux kernel. Those are already patched, both in jessie and in ascii. HTH KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: Digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Jessie-backports now has spectre patched kernel
On 04/24/2018 12:49 AM, Arnt Karlsen wrote: On Mon, 23 Apr 2018 11:30:27 -0700, Jimmy wrote in message <2f1aa23a-84c9-a773--58208a9a8...@gmail.com>: On 04/23/2018 07:54 AM, chillfan wrote: Great, thanks for the news. I'm hoping Debian will do a full rebuild to compile everything with reptoline, as this seems a lot better to me than just mitigating when a specific problem is found. Mitigation 2 * Kernel compiled with retpoline option: YES * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation) > STATUS: NOT VULNERABLE (Mitigation: Full AMD retpoline) ..which linux-image .deb package, and which kernel version is that? (As in: uname -rv & -l |grep image |grep `uname -r`) ..which backport lines am I missing in my /etc/apt/sources.list here? I have: # cat /etc/apt/sources.list # Devuan repositories deb http://pkgmaster.devuan.org/merged ascii main contrib non-free deb-src http://pkgmaster.devuan.org/merged ascii main contrib non-free # /etc/apt/sources.list.d/devuan-stable-security.list deb http://pkgmaster.devuan.org/merged ascii-security main contrib non-free deb-src http://pkgmaster.devuan.org/merged ascii-security main contrib non-free # /etc/apt/sources.list.d/devuan-stable-updates.list deb http://pkgmaster.devuan.org/merged ascii-updates main contrib non-free deb-src http://pkgmaster.devuan.org/merged ascii-updates main contrib non-free # /etc/apt/sources.list.d/devuan-stable-proposed-updates.list deb http://pkgmaster.devuan.org/merged ascii-proposed-updates main contrib non-free deb-src http://pkgmaster.devuan.org/merged ascii-proposed-updates main contrib non-free # /etc/apt/sources.list.d/devuan-stable-backports.list deb http://pkgmaster.devuan.org/merged ascii-backports main contrib non-free deb-src http://pkgmaster.devuan.org/merged ascii-backports main contrib non-free # /etc/apt/sources.list.d/devuan-experimental.list deb http://pkgmaster.devuan.org/devuan experimental main contrib non-free deb-src http://pkgmaster.devuan.org/devuan experimental main contrib non-free # Devuan repositories # deb http://packages.devuan.org/merged ascii main contrib non-free # deb-src http://packages.devuan.org/merged ascii main contrib non-free ..is the https://devuan.org/os/etc/apt/sources.list recipe now the current proper Devuan way of setting up source listings for ascii? This is mine for ascii: deb http://pkgmaster.devuan.org/merged/ ascii main contrib non-free deb http://pkgmaster.devuan.org/merged/ ascii-updates main contrib non-free deb http://pkgmaster.devuan.org/merged/ ascii-security main contrib non-free deb http://pkgmaster.devuan.org/merged/ ascii-backports main contrib non-free In ascii/stretch the default linux-image-amd64 is patched, you don't have to do anything special. My post was about Jessie. Cheers, -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda5 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Jessie-backports now has spectre patched kernel
On Mon, 23 Apr 2018 11:30:27 -0700, Jimmy wrote in message <2f1aa23a-84c9-a773--58208a9a8...@gmail.com>: > On 04/23/2018 07:54 AM, chillfan wrote: > > Great, thanks for the news. > > > > I'm hoping Debian will do a full rebuild to compile everything with > > reptoline, as this seems a lot better to me than just mitigating > > when a specific problem is found. > > > Mitigation 2 >* Kernel compiled with retpoline option: YES >* Kernel compiled with a retpoline-aware compiler: YES (kernel > reports full retpoline compilation) > > STATUS: NOT VULNERABLE (Mitigation: Full AMD retpoline) ..which linux-image .deb package, and which kernel version is that? (As in: uname -rv & -l |grep image |grep `uname -r`) ..which backport lines am I missing in my /etc/apt/sources.list here? I have: # cat /etc/apt/sources.list # Devuan repositories deb http://pkgmaster.devuan.org/merged ascii main contrib non-free deb-src http://pkgmaster.devuan.org/merged ascii main contrib non-free # /etc/apt/sources.list.d/devuan-stable-security.list deb http://pkgmaster.devuan.org/merged ascii-security main contrib non-free deb-src http://pkgmaster.devuan.org/merged ascii-security main contrib non-free # /etc/apt/sources.list.d/devuan-stable-updates.list deb http://pkgmaster.devuan.org/merged ascii-updates main contrib non-free deb-src http://pkgmaster.devuan.org/merged ascii-updates main contrib non-free # /etc/apt/sources.list.d/devuan-stable-proposed-updates.list deb http://pkgmaster.devuan.org/merged ascii-proposed-updates main contrib non-free deb-src http://pkgmaster.devuan.org/merged ascii-proposed-updates main contrib non-free # /etc/apt/sources.list.d/devuan-stable-backports.list deb http://pkgmaster.devuan.org/merged ascii-backports main contrib non-free deb-src http://pkgmaster.devuan.org/merged ascii-backports main contrib non-free # /etc/apt/sources.list.d/devuan-experimental.list deb http://pkgmaster.devuan.org/devuan experimental main contrib non-free deb-src http://pkgmaster.devuan.org/devuan experimental main contrib non-free # Devuan repositories # deb http://packages.devuan.org/merged ascii main contrib non-free # deb-src http://packages.devuan.org/merged ascii main contrib non-free ..is the https://devuan.org/os/etc/apt/sources.list recipe now the current proper Devuan way of setting up source listings for ascii? -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Jessie-backports now has spectre patched kernel
Great, thanks for the news. I'm hoping Debian will do a full rebuild to compile everything with reptoline, as this seems a lot better to me than just mitigating when a specific problem is found. ‐‐‐ Original Message ‐‐‐ On April 22, 2018 8:23 PM, Jimmy Johnsonwrote: > 4.9.0-0.bpo.6-amd64 is patched, tested on AMD and Intel - Variant 1,2 > > and 3 patched. > > Cheers! > > > -- > > Jimmy Johnson > > Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda5 > > Registered Linux User #380263 > > Dng mailing list > > Dng@lists.dyne.org > > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Jessie-backports now has spectre patched kernel
4.9.0-0.bpo.6-amd64 is patched, tested on AMD and Intel - Variant 1,2 and 3 patched. Cheers! -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda5 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng