Re: [qubes-users] Re: [qubes-announce] [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)
On 2018-01-25 13:33, awokd wrote: > On Thu, January 25, 2018 10:51 pm, yreb...@riseup.net wrote: > >> *by this if I ran sudo qubes-dom0-update >> --enablerepo=qubes-dom0-security-testing*once, I take it , that >> I am still on the Stable Track "repo" so somehow magically I >> have the current testing Xen version (I checked and do), but when the >> security Xen goes to Stable , they will just be integrated . so >> currently I have a combination of 1 time security Xen and the rest is >> "current" (Not testing) ? > > Exactly! sorry, plz just disregard, restart the AppVM disappears , guess I don't need to know :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f11fe0f4034c1950f36eb761d84d578a%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: [qubes-announce] [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)
On 2018-01-25 13:33, awokd wrote: > On Thu, January 25, 2018 10:51 pm, yreb...@riseup.net wrote: > >> *by this if I ran sudo qubes-dom0-update >> --enablerepo=qubes-dom0-security-testing*once, I take it , that >> I am still on the Stable Track "repo" so somehow magically I >> have the current testing Xen version (I checked and do), but when the >> security Xen goes to Stable , they will just be integrated . so >> currently I have a combination of 1 time security Xen and the rest is >> "current" (Not testing) ? > > Exactly! fwiw, I am noticing "qrexec not connected" in AppVM triangle in the GUI Manager on what appears to be a normal operating AppVM , but think I saw it on a frozen HVM before rebooting is this of any particular concern .or possibly related to the new Testing Xen packages? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ba5150aa517babac1bf3c064cb73d747%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: [qubes-announce] [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)
On Thu, January 25, 2018 10:51 pm, yreb...@riseup.net wrote: > *by this if I ran sudo qubes-dom0-update > --enablerepo=qubes-dom0-security-testing*once, I take it , that > I am still on the Stable Track "repo" so somehow magically I > have the current testing Xen version (I checked and do), but when the > security Xen goes to Stable , they will just be integrated . so > currently I have a combination of 1 time security Xen and the rest is > "current" (Not testing) ? Exactly! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/07ea481657628bfab2ee108e36be7883.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: [qubes-announce] [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)
On 2018-01-24 23:20, awokd wrote: > On Thu, January 25, 2018 2:17 am, yreb...@riseup.net wrote: >> On 2018-01-24 15:12, Andrew David Wong wrote: > >>> >>> These packages will migrate from the security-testing repository to the >>> current (stable) repository over the next two weeks after being tested >>> by the community. >> >> >> 1) >> The latter (security) packages will migrate, I'd assume this means ? > > Yes, this is the standard model for deploying all updates including > security. They appear in testing first for bleeding edge users, then > stable for everyone. Sometimes bugs are found in the testing phase causing > the package to be pulled, so unless you are comfortable rolling back > packages yourself you should leave it on stable. > >> 2) >> Where would I find the repositories in dom0 for the track I'm currently >> using? > > If you haven't changed it manually, you are on stable. > >> 3) >> after doing the 1x securitytesting repo update, how do I check which Xen >> package is now installed? > > In dom0, "dnf list installed". > >> and/or how do I bring up the GUI >> update manager when it doesn't actually need to update it doesn't persist > > No GUI, but in dom0 you can force it to check for updates with "sudo > qubes-dom0-update". Might not be following your question here. Mostly, got it. Just the one item I'm unsure about. @URL: https://www.qubes-os.org/doc/software-update-dom0/ it mentions: -- To temporarily enable any of these repos, use the --enablerepo= option. Example commands: sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable To enable or disable any of these repos permanently, change the corresponding boolean in /etc/yum.repos.d/qubes-dom0.repo. -- *by this if I ran sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing*once, I take it , that I am still on the Stable Track "repo" so somehow magically I have the current testing Xen version (I checked and do), but when the security Xen goes to Stable , they will just be integrated . so currently I have a combination of 1 time security Xen and the rest is "current" (Not testing) ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a80d2cd6a26c9e89b67949a414f96f9d%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: [qubes-announce] [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)
There actually is a GUI for checking dom0 updates. In Qubes VM manager, select dom0 and click the update button in top toolbar. Or you can also use the context menu. OTOH, in this case, the main benefit of the GUI are the notifications. The update process itself is usually more friendly from commandline. And you cannot install security-testing using GUI. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/17ef6cbe-00d4-45ac-93e2-3220d4c01e81%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: [qubes-announce] [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)
On Thu, January 25, 2018 2:17 am, yreb...@riseup.net wrote: > On 2018-01-24 15:12, Andrew David Wong wrote: >> >> These packages will migrate from the security-testing repository to the >> current (stable) repository over the next two weeks after being tested >> by the community. > > > 1) > The latter (security) packages will migrate, I'd assume this means ? Yes, this is the standard model for deploying all updates including security. They appear in testing first for bleeding edge users, then stable for everyone. Sometimes bugs are found in the testing phase causing the package to be pulled, so unless you are comfortable rolling back packages yourself you should leave it on stable. > 2) > Where would I find the repositories in dom0 for the track I'm currently > using? If you haven't changed it manually, you are on stable. > 3) > after doing the 1x securitytesting repo update, how do I check which Xen > package is now installed? In dom0, "dnf list installed". > and/or how do I bring up the GUI > update manager when it doesn't actually need to update it doesn't persist No GUI, but in dom0 you can force it to check for updates with "sudo qubes-dom0-update". Might not be following your question here. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5877f3a839a49a8520367e507d47c1f8.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: [qubes-announce] [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)
On 2018-01-24 15:12, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2018-01-24 16:14, yreb...@riseup.net wrote: >> [...] >> >> So... there are packages *to be released *at some undefined point >> in the near future? -- The following packages contain the patches >> described above: >> >> - Xen packages, version 4.6.6-36 -- >> >> via the normal dom0 update process ? would be nice to see it in >> simple English >> > > Sorry! We forgot to include our usual patching instructions. I've just > created a pull request [1] to have this added to the QSB: > > ``` > The specific packages that contain the XPTI patches for Qubes 3.2 are > as follows: > > - Xen packages, version 4.6.6-36 > > The packages are to be installed in dom0 via the Qubes VM Manager or via > the qubes-dom0-update command as follows: > > For updates from the stable repository (not immediately available): > $ sudo qubes-dom0-update > > For updates from the security-testing repository: > $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing > > A system restart will be required afterwards. > > These packages will migrate from the security-testing repository to the > current (stable) repository over the next two weeks after being tested > by the community. 1) The latter (security) packages will migrate, I'd assume this means ? 2) Where would I find the repositories in dom0 for the track I'm currently using? 3) after doing the 1x securitytesting repo update, how do I check which Xen package is now installed? and/or how do I bring up the GUI update manager when it doesn't actually need to update it doesn't persist cc: thelist -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/239f63f73844750735049543719e3032%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: [qubes-announce] [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-01-24 16:14, yreb...@riseup.net wrote: > [...] > > So... there are packages *to be released *at some undefined point > in the near future? -- The following packages contain the patches > described above: > > - Xen packages, version 4.6.6-36 -- > > via the normal dom0 update process ? would be nice to see it in > simple English > Sorry! We forgot to include our usual patching instructions. I've just created a pull request [1] to have this added to the QSB: ``` The specific packages that contain the XPTI patches for Qubes 3.2 are as follows: - Xen packages, version 4.6.6-36 The packages are to be installed in dom0 via the Qubes VM Manager or via the qubes-dom0-update command as follows: For updates from the stable repository (not immediately available): $ sudo qubes-dom0-update For updates from the security-testing repository: $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing A system restart will be required afterwards. These packages will migrate from the security-testing repository to the current (stable) repository over the next two weeks after being tested by the community. If you use Anti Evil Maid, you will need to reseal your secret passphrase to new PCR values, as PCR18+19 will change due to the new Xen binaries. ``` [1] https://github.com/QubesOS/qubes-secpack/pull/18 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlppLtoACgkQ203TvDlQ MDDTmRAAw2QrNmo6JHHrgwa7Y2izZXIA84sjE/3HRVA1PkTZTlef3y6xLzCB9nYn o3TFnIvgHztkqlNFw67DMIGaXj8lf/KotlknnEIl8uuDufJNtjZHQ36KFkOud4KU H7nlKGSYELzAllydPhQZy6joqCcgCWAscJDwHNq8wDcMjgXVp0/E42jP6tGvYylL 4cCg66sjAoGH3jN8sJZZhaWKfhS7N+CagATUgHPjSy7d3Zh2hTI7JGOofGJ7V92f YZ2s7CEu8RAxYld8GHzyRasKL8Ri+gLx2uUa+qlKmBVNvRMuoUeysu0oHJmEHMEG uZsrrCL/ldL1jYyaXhsJt6lrUxgwYC7MuVp5NlnFsKxmw1fN2enjnOUVMV4/ikdI iGq02cagbtLowO5vctQz4heNFo583xhFRk0ib9BBeb1vx4qfhMrJkZ3qEmWFlq8j ZFbE13YNnJflOappGmSIXlB1hx4OqeaZS55ORjIbiIKTM/dZ0wRNDO5LxFFv9b1W rLF4HFP5AIpNF4AxBp5AeYcPee++8Jqtdgb4nBjlWtiYNIFAwg52xLW6DJLErrOy YCZ2Ujq+XxtXHFd4Ci131TXTCVkGH3+YzzvYAgErxPMh+wDPT1yhaI8YkhQxExMG +yBiofdwk10b5k0TVUncW6UgNqo+96cGlIJFxiKjQl4h7X9G0+o= =W9b/ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ab89cb1e-3904-b774-af7d-0773ea8a61b0%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
