{"id":3686,"date":"2018-02-05T12:54:19","date_gmt":"2018-02-05T12:54:19","guid":{"rendered":"https:\/\/blog.mageia.org\/en\/?p=3686"},"modified":"2018-02-06T17:18:50","modified_gmt":"2018-02-06T17:18:50","slug":"weekly-roundup-2018-week-5","status":"publish","type":"post","link":"https:\/\/blog.mageia.org\/en\/2018\/02\/05\/weekly-roundup-2018-week-5\/","title":{"rendered":"Weekly Roundup 2018 \u2013 Week 5"},"content":{"rendered":"

The flood of updates has slowed a little this week:<\/span><\/p>\n

sox (Mga 5, 6); java-1.8.0-openjdk (Mga 5,6); rsyncMga 5,6; gdk-pixbuf2.0 (Mga5) – as always, check Mageia Advisories<\/a> for details<\/span>. Along with the 409 updates that have gone into Cauldron, there’s been plenty happening!<\/span><\/p>\n

Behind the scenes, work is still happening on the panel applet update mechanism, on further Meltdown\/Spectra mitigation, and on the possible Mageia 6.1 release, so the devs and QA folks we all rely on are still very busy indeed. As always, you can check for yourself on Mageia Advisories<\/a>, the Mageia AppDB<\/a>, PkgSubmit<\/a> to see the last 48 hours, and Bugzilla<\/a> to see what’s currently happening.\u00a0<\/span><\/p>\n

And almost daily, new and updated translations go up; hearty thanks to our translation team, who make Mageia so friendly to users around the world!<\/span><\/p>\n

\"\"<\/h3>\n

Interim info on Meltdown\/Spectra mitigation<\/span><\/h3>\n

From tmb, our extremely busy kernel guru for whom we give thanks daily:<\/p>\n

If you’re using<\/i><\/p>\n

grep cpu_insecure \/proc\/cpuinfo && echo \"patched\" || echo \"unpatched\"<\/pre>\n
and you get<\/i><\/p>\n
unpatched<\/pre>\n
don’t worry – this is an invalid check. Official Linux source does not have any “cpu_insecure” flag.<\/i><\/span><\/p>\n
If you are using\u00a0\u00a0\u00a0<\/i><\/span><\/p>\n
\u00a0\u00a0<\/i> cat \/proc\/cpuinfo | grep bugs<\/span><\/pre>\n
and you get\u00a0<\/i><\/span><\/p>\n
bugs\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 : cpu_meltdown\r\nbugs\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 : cpu_meltdown\r\nbugs\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 : cpu_meltdown\r\nbugs\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 : cpu_meltdown<\/pre>\n
This tells you that you have a CPU that is affected by meltdown and needs to be protected by KPTI. The only way you can get rid of that flag is to buy new hardware. That means according to Intel their new silicon that should become a new CPU by the end of 2018; for AMD and Spectre issues, it means buying a Zen2 based CPU, that is supposed to be out sometime in 2018.<\/i><\/span><\/p>\n
If you have used\u00a0<\/i><\/span>https:\/\/github.com\/speed47\/spectre-meltdown-checker<\/a><\/span>\u00a0and the result is <\/i>“not OK”:<\/i><\/span><\/p>\n
That’s expected. Because:<\/i><\/span><\/p>\n
1. Spectre variant 1 is hard to fix and also more difficult to abuse – it really needs microcode updates, and Intel botched that. According to Lenovo there should be a fix out around February 9th. AMD officially will only ship their microcode update to hardware vendors so it depends on when they will release updated bioses\u00a0 or we can get the microcode through some other means. There is some code to mitigate here too, but afaik its not upstream yet.<\/i><\/span><\/p>\n
2. Spectre variant 2 also really needs new microcode, and the IBRR\/IBPB\/… Kernel code mitigations have only started landing in upstream last week, and still need to be\u00a0<\/i><\/span>backported to the 4.14 longterm branch. And we have the alternative mitigation with minimal retpoline queued in\u00a0<\/i><\/span>https:\/\/bugs.mageia.org\/show_bug.cgi?id=22454<\/i><\/a><\/span>\u00a0(I plan to push this one later today as soon as I have written the advisories). For full retpoline we need compiler support, something I got patches for during Fosdem, and it’s now patched in gcc 5.5.0 in testing, so the next kernel will have full retpoline.<\/i><\/span><\/p>\n
3. Meltdown has been mitigated since 4.14.13 was released in\u00a0<\/i><\/span>http:\/\/advisories.mageia.org\/MGASA-2018-0076.html<\/i><\/a><\/span>.\u00a0<\/i><\/span><\/p>\n
NOTE. the Kernel Page Table Isolation mitigation is so far only for x86_64, but some suggested patches have been posted as RFC for i586, and should hopefully land soon-ish upstream and get backported. But then again, meltdown is not as easy on 32bit as it already has the 3G\/1G memory split causing other complications.<\/i><\/span><\/p>\n
Now I know some\/many distros have “panic patched” stuff with earlier revisions of the fixes, but for example Redhat has afaik backed out of some of the spectre mitigations as it caused more problems than it fixed, so I have chosen to rely on somewhat tested code actually getting accepted and landing upstream.<\/i><\/span><\/p>\n
That’s is where we are at the moment. If upstream keeps current pace we should hopefully have all the bits in place within ~1 week…<\/i><\/span><\/p>\n
Thank you tmb!<\/span><\/p>\n
In other news:<\/span><\/h2>\n
\u00a0The LQ Members Choice Awards polls are on right now. You may want to register and vote for Mageia being your distro of choice to add a little marketing “buzz” to our favourite distro. You can find the polls here:\u00a0<\/span><\/p>\n
https:\/\/www.linuxquestions.org\/questions\/2017-linuxquestions-org-members-choice-awards-126\/<\/a><\/span><\/p>\n
If you are not a member of the LinuxQuestions.org group, you just have to register and then post one reply on their site. This then allows you to vote on various Linux poll items. Pass the word along to other Mageia supporters and make your voice count!<\/span><\/p>\n
<\/div>\n","protected":false},"excerpt":{"rendered":"
The flood of updates has slowed a little this week: sox (Mga 5, 6); java-1.8.0-openjdk (Mga 5,6); rsyncMga 5,6; gdk-pixbuf2.0 (Mga5) – as always, check Mageia Advisories for details. Along with the 409 updates that have gone into Cauldron, there’s … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":13,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[136,159,171],"tags":[],"class_list":["post-3686","post","type-post","status-publish","format-standard","hentry","category-qa-2","category-security","category-weekly-roundup"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p159kA-Xs","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.mageia.org\/en\/wp-json\/wp\/v2\/posts\/3686","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.mageia.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mageia.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mageia.org\/en\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mageia.org\/en\/wp-json\/wp\/v2\/comments?post=3686"}],"version-history":[{"count":7,"href":"https:\/\/blog.mageia.org\/en\/wp-json\/wp\/v2\/posts\/3686\/revisions"}],"predecessor-version":[{"id":3698,"href":"https:\/\/blog.mageia.org\/en\/wp-json\/wp\/v2\/posts\/3686\/revisions\/3698"}],"wp:attachment":[{"href":"https:\/\/blog.mageia.org\/en\/wp-json\/wp\/v2\/media?parent=3686"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mageia.org\/en\/wp-json\/wp\/v2\/categories?post=3686"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mageia.org\/en\/wp-json\/wp\/v2\/tags?post=3686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}