Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
On 23 February 2018 at 14:08, Recowrote: > Hi. > > On Fri, Feb 23, 2018 at 01:47:25PM +, Michael Fothergill wrote: > > On 23 February 2018 at 13:42, Reco wrote: > > > > > Hi. > > > > > > On Fri, Feb 23, 2018 at 01:14:16PM +, Michael Fothergill wrote: > > > > On 23 February 2018 at 12:43, Reco wrote: > > > > > > > > > Hi. > > > > > > > > > > On Wed, Feb 21, 2018 at 06:46:05PM +0100, Julien Aubin wrote: > > > > > > Hi, > > > > > > > > > > > > Do you have any clue on when the gcc fix for stretch is to be > > > released ? > > > > > > > > > > > > Actually the retpoline-compliant kernel is ready, and gcc fixes > for > > > > > stretch > > > > > > seem to have already been implemented. So I dunno what is still > > > blocking > > > > > > the release. :'( > > > > > > > > > > https://www.debian.org/security/2018/dsa-4120 > > > > > > > > > > > > Can it be true? A version of gcc that runs on stretch that will > compile > > > > the latest fancy spectre fixes etc? > > > > > > > > Cheers > > > > > > So it seems. New kernel came today with the usual 'apt update && apt > > > upgrade' routine: > > > > > > $ uname -r > > > 4.9.0-6-amd64 > > > > > > $ grep bug /proc/cpuinfo > > > bugs: cpu_meltdown spectre_v1 spectre_v2 > > > > > > > Could you install this kernel in stretch at present or only in buster? > > I *only* use Debian stable, so yes, it's definitely possible to install > this kernel in stretch. This particular package is provided by > security.debian.org, so entire world is installing it on Debian stable > as I'm writing this. > Excellent news. Stellar stuff. Cheers MF > > Theoretically, of course, it should be possible to install this kernel > in testing (buster) and even get a bootable system. > > Reco > >
Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
Hi. On Fri, Feb 23, 2018 at 01:47:25PM +, Michael Fothergill wrote: > On 23 February 2018 at 13:42, Recowrote: > > > Hi. > > > > On Fri, Feb 23, 2018 at 01:14:16PM +, Michael Fothergill wrote: > > > On 23 February 2018 at 12:43, Reco wrote: > > > > > > > Hi. > > > > > > > > On Wed, Feb 21, 2018 at 06:46:05PM +0100, Julien Aubin wrote: > > > > > Hi, > > > > > > > > > > Do you have any clue on when the gcc fix for stretch is to be > > released ? > > > > > > > > > > Actually the retpoline-compliant kernel is ready, and gcc fixes for > > > > stretch > > > > > seem to have already been implemented. So I dunno what is still > > blocking > > > > > the release. :'( > > > > > > > > https://www.debian.org/security/2018/dsa-4120 > > > > > > > > > Can it be true? A version of gcc that runs on stretch that will compile > > > the latest fancy spectre fixes etc? > > > > > > Cheers > > > > So it seems. New kernel came today with the usual 'apt update && apt > > upgrade' routine: > > > > $ uname -r > > 4.9.0-6-amd64 > > > > $ grep bug /proc/cpuinfo > > bugs: cpu_meltdown spectre_v1 spectre_v2 > > > > Could you install this kernel in stretch at present or only in buster? I *only* use Debian stable, so yes, it's definitely possible to install this kernel in stretch. This particular package is provided by security.debian.org, so entire world is installing it on Debian stable as I'm writing this. Theoretically, of course, it should be possible to install this kernel in testing (buster) and even get a bootable system. Reco
Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
On 23 February 2018 at 13:42, Recowrote: > Hi. > > On Fri, Feb 23, 2018 at 01:14:16PM +, Michael Fothergill wrote: > > On 23 February 2018 at 12:43, Reco wrote: > > > > > Hi. > > > > > > On Wed, Feb 21, 2018 at 06:46:05PM +0100, Julien Aubin wrote: > > > > Hi, > > > > > > > > Do you have any clue on when the gcc fix for stretch is to be > released ? > > > > > > > > Actually the retpoline-compliant kernel is ready, and gcc fixes for > > > stretch > > > > seem to have already been implemented. So I dunno what is still > blocking > > > > the release. :'( > > > > > > https://www.debian.org/security/2018/dsa-4120 > > > > > > Can it be true? A version of gcc that runs on stretch that will compile > > the latest fancy spectre fixes etc? > > > > Cheers > > So it seems. New kernel came today with the usual 'apt update && apt > upgrade' routine: > > $ uname -r > 4.9.0-6-amd64 > > $ grep bug /proc/cpuinfo > bugs: cpu_meltdown spectre_v1 spectre_v2 > Could you install this kernel in stretch at present or only in buster? Regards MF > ... > > Reco > >
apt vs apt-get (was: Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?)
Hi. On Fri, Feb 23, 2018 at 08:54:31AM -0500, Greg Wooledge wrote: > On Fri, Feb 23, 2018 at 04:42:01PM +0300, Reco wrote: > > So it seems. New kernel came today with the usual 'apt update && apt > > upgrade' routine: > > > > $ uname -r > > 4.9.0-6-amd64 > > You mean "apt (or apt-get) dist-upgrade", right? What works too. > /me tries it on a different computer that hasn't dist-upgraded yet... > Wait, wait, wait... what? WHAT?! > "apt upgrade" and "apt-get upgrade" DON'T DO THE SAME THING ?!? apt(8) has this to say on this: upgrade (apt-get(8)) upgrade is used to install available upgrades of all packages currently installed on the system from the sources configured via sources.list(5). New packages will be installed if required to satisfy dependencies, but existing packages will never be removed. So yes, "apt-get upgrade" and "apt upgrade" are different, that's intended, and once again Debian project choose sane default behavior. In this particular case, "linux-image-4.9.0-6-amd64" was pulled as a dependency of "linux-image-amd64", and old "linux-image-4.9.0-5-amd64" was not removed. Neat, isn't it? Reco
Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
On Fri, Feb 23, 2018 at 04:42:01PM +0300, Reco wrote: > So it seems. New kernel came today with the usual 'apt update && apt > upgrade' routine: > > $ uname -r > 4.9.0-6-amd64 You mean "apt (or apt-get) dist-upgrade", right? /me tries it on a different computer that hasn't dist-upgraded yet... Wait, wait, wait... what? WHAT?! "apt upgrade" and "apt-get upgrade" DON'T DO THE SAME THING ?!? What the hell, Debian?
Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
Hi. On Fri, Feb 23, 2018 at 01:14:16PM +, Michael Fothergill wrote: > On 23 February 2018 at 12:43, Recowrote: > > > Hi. > > > > On Wed, Feb 21, 2018 at 06:46:05PM +0100, Julien Aubin wrote: > > > Hi, > > > > > > Do you have any clue on when the gcc fix for stretch is to be released ? > > > > > > Actually the retpoline-compliant kernel is ready, and gcc fixes for > > stretch > > > seem to have already been implemented. So I dunno what is still blocking > > > the release. :'( > > > > https://www.debian.org/security/2018/dsa-4120 > > > Can it be true? A version of gcc that runs on stretch that will compile > the latest fancy spectre fixes etc? > > Cheers So it seems. New kernel came today with the usual 'apt update && apt upgrade' routine: $ uname -r 4.9.0-6-amd64 $ grep bug /proc/cpuinfo bugs: cpu_meltdown spectre_v1 spectre_v2 ... Reco
Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
On 23 February 2018 at 12:43, Recowrote: > Hi. > > On Wed, Feb 21, 2018 at 06:46:05PM +0100, Julien Aubin wrote: > > Hi, > > > > Do you have any clue on when the gcc fix for stretch is to be released ? > > > > Actually the retpoline-compliant kernel is ready, and gcc fixes for > stretch > > seem to have already been implemented. So I dunno what is still blocking > > the release. :'( > > https://www.debian.org/security/2018/dsa-4120 Can it be true? A version of gcc that runs on stretch that will compile the latest fancy spectre fixes etc? Cheers MF > > > Reco > >
Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
Hi. On Wed, Feb 21, 2018 at 06:46:05PM +0100, Julien Aubin wrote: > Hi, > > Do you have any clue on when the gcc fix for stretch is to be released ? > > Actually the retpoline-compliant kernel is ready, and gcc fixes for stretch > seem to have already been implemented. So I dunno what is still blocking > the release. :'( https://www.debian.org/security/2018/dsa-4120 Reco
Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
On 21 February 2018 at 17:46, Julien Aubinwrote: > Hi, > > Do you have any clue on when the gcc fix for stretch is to be released ? > > Actually the retpoline-compliant kernel is ready, and gcc fixes for > stretch seem to have already been implemented. So I dunno what is still > blocking the release. :'( > Ooooh! Tantalazing stuff The solution is to collectively burst into song; singing e.g. the Climb Every Mountain song from the sound of music and "To Dream the Impossible Dream" etc. and then suggest we are going to post it on the site here in some way. Then we relent and say we are happy to forget all about that idea if the fixes are released soon etc That would persuade me. Cheers MF > > Thanks a lot. >
Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
Hi, Do you have any clue on when the gcc fix for stretch is to be released ? Actually the retpoline-compliant kernel is ready, and gcc fixes for stretch seem to have already been implemented. So I dunno what is still blocking the release. :'( Thanks a lot.