New Tumbleweed snapshot 20180125 released!

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

New Tumbleweed snapshot 20180125 released!

Dominique Leuenberger

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20180125

When you reply to report some issues, make sure to change the subject.
It is not helpful to keep the release announcement subject in a thread
while discussing a specific problem.

Packages changed:
  babl (0.1.38 -> 0.1.40)
  drbd (9.0.10+git.b7994aa1 -> 9.0.12+git.7eb4aef)
  gnome-builder (3.26.2 -> 3.26.3)
  gnome-software (3.26.4 -> 3.26.5)
  graphviz
  graphviz-addons
  ipset
  kwebkitpart (1.3.4 -> 1.3.4git.20171117T115813~cca571d)
  libdazzle (3.26.1 -> 3.26.2)
  libmbim (1.14.2 -> 1.16.0)
  libqmi (1.18.0 -> 1.20.0)
  libsoup (2.60.2 -> 2.60.3)
  libvirt (3.10.0 -> 4.0.0)
  llvm4
  mariadb
  perl-List-MoreUtils-XS (0.426 -> 0.428)
  perl-Socket6 (0.25 -> 0.28)
  perl-Try-Tiny (0.28 -> 0.30)
  plymouth (0.9.3+git20171130.fa66a5b -> 0.9.3+git20171220.6e9e95d)
  python-SecretStorage
  tlp (1.0 -> 1.1)
  ucode-intel (20180108 -> 20171117)
  vim
  virt-manager
  xdg-desktop-portal-kde (5.11.5 -> 5.11.95)
  zypp-plugin (0.6.2 -> 0.6.3)

=== Details ===

==== babl ====
Version update (0.1.38 -> 0.1.40)

- Update to version 0.1.40:
  + Added:
  - Format "CIE XYZ alpha" color model and formats;
  - Meson build; being tested in parallel with automake.
  + New API babl_process_rows for reduced overhead in some
    scenarios; though bigger gains seen also for regular
    babl_process with reimplemented branch-free dispatch, and
    faster cbrt.
  + Improved reference conversions for formats skipping some of
    models components.
  + Fixed gamma handling in indexed/palettized formats and improved
    gamma precision consistenct in sse2 conversions.

==== drbd ====
Version update (9.0.10+git.b7994aa1 -> 9.0.12+git.7eb4aef)
Subpackages: drbd-kmp-default

- bsc#1077318, Update to 9.0.12
  * Fix a race condition in the device_open code path that can cause an
  internal counter to go negative
- Update to 9.0.11
  * Fix bug in compat code: Without this fix large bios are not split.

==== gnome-builder ====
Version update (3.26.2 -> 3.26.3)
Subpackages: gnome-builder-lang gnome-builder-plugin-beautifier gnome-builder-plugin-clang gnome-builder-plugin-cmake gnome-builder-plugin-ctags gnome-builder-plugin-devhelp gnome-builder-plugin-gettext gnome-builder-plugin-gnome-code-assistance gnome-builder-plugin-html-completion gnome-builder-plugin-jedi gnome-builder-plugin-jhbuild gnome-builder-plugin-mingw gnome-builder-plugin-symbol-tree gnome-builder-plugin-sysmon gnome-builder-plugin-todo gnome-builder-plugin-vala-pack gnome-builder-plugin-xml-pack

- Update to version 3.26.3:
  + Various improvements to for developing against the host system
    when running Builder from a flatpak.
  + Builder will set more fallback environment variable when
    running under flatpak to ensure subprocesses have a predictable
    environment.
  + Various fixes to the shortcut engine and how key-press are
    captured.
  + Fixes for invalid cast in LSP format provider.
  + Various correctness and memory leak fixes.
  + Symbol tree will try additional symbol resolvers if the first
    one returned with an empty set.
  + Updated translations.

==== gnome-software ====
Version update (3.26.4 -> 3.26.5)
Subpackages: gnome-software-lang

- Update to version 3.26.5:
  + Add missing locking to gs_plugin_cache_remove(), fixing a
    possible crash.
  + Fix various memory leaks spotted by valgrind.
  + Fix a possible crash triggered by the fwupd plugin.
  + Do not emit critical warnings when reviewing OS Updates.
  + fwupd: Use the custom user-agent when downloading firmware.
  + overview page: Fix a crash when we have no featured apps.
  + packagekit: Implement repository enabling.
  + Fix hover CSS for "unknown" and "nonfree" license buttons.
  + Updated translations.

==== graphviz ====
Subpackages: graphviz-plugins-core libgraphviz6

- Disable building the graphviz-ocaml package: we have no consumer
  of it, but not building it allows us to elminiate a build cycle.

==== graphviz-addons ====
Subpackages: graphviz-gd graphviz-gnome

- Disable building the graphviz-ocaml package: we have no consumer
  of it, but not building it allows us to elminiate a build cycle.

==== ipset ====
Subpackages: libipset11

- Add 0001-build-do-install-libipset-args.h.patch.

==== kwebkitpart ====
Version update (1.3.4 -> 1.3.4git.20171117T115813~cca571d)
Subpackages: kwebkitpart-lang

- Update to latest git master
  * ported away from kdelibs4support
  * fix translation of the search bar
  * use the KSslInfoDialog provided by kio
  * ported to categorized logging
- Update translations to the latest versions from svn
- Adjust build requirements
- Use the ki18n_install() cmake macro to build/install the
  translations instead of relying on some old cmake files
- Change package version to reflect the fact that it's a git
  snapshot (boo#1076525)
- Update Url

==== libdazzle ====
Version update (3.26.1 -> 3.26.2)
Subpackages: libdazzle-1_0-0 typelib-1_0-libdazzle-1_0

- Update to version 3.26.2:
  + Progress menu button will now avoid spinning in some
    conditions.
  + Leak fixed in DzlTree text rendering.
  + Shortcut mneumonics are now properly activated.
  + Fixes to avoid various deprecated API.
  + A number of leaks detected by ASAN were fixed.
  + The directory reaper handles various mtime comparisons more
    correctly now.
  + Some G-I annotations were improved.
  + DzlMenuMerger is more flexible with input.
  + Some performance improvements when dealing with CSS and other
    resources paths.

==== libmbim ====
Version update (1.14.2 -> 1.16.0)
Subpackages: libmbim-glib4 mbimcli-bash-completion

- Update to version 1.16.0:
  + All the code base was ported to use the GTask based
    asynchronous operations support instead of the deprecated
    GSimpleAsyncResult.
  + New support for AT&T Device Service and Intel Firmware Update
    Service.
  + libmbim-glib:
  - Added:
    . MBIM_STATUS_ERROR_CONTEXT_NOT_SUPPORTED to MbimStatusError.
    . Support to detect already open MBIM channels on the Sierra
    Wireless EM7345.
  - Avoid using iconv() directly for the UTF-16BE conversions,
    which makes it possible to use libmbim on systems with a stub
    iconv() implementation.
  - Prefer realpath() to canonicalize_file_name().
  - Added MBIM_READY_INFO_FLAG_NONE to MbimReadyInfoFlag.
  + mbimcli:
  - New: --query-ip-packet-filters, --query-pin-list action,
  - -atds-query-signal, --atds-query-location and
  - -intel-modem-reboot actions.
  - Add cancellability to the query-ip-configuration action.
  + mbim-proxy: Avoid receiving signals from the parent process.
- Add pkgconfig(gio-unix-2.0) BuildRequires: it was being pulled
  by another pkgconfig module that live in glib2-devel package and
  used already.

==== libqmi ====
Version update (1.18.0 -> 1.20.0)
Subpackages: libqmi-glib5 libqmi-tools

- Update to version 1.20.0:
  + New services: loc - new "LOC" (location) service, which e.g.
    allows controlling GPS devices in newer modules that don't
    implement the PDS service. Just some very basic implementation
    for now.
  + New request/responses:
  - nas: new "Attach/Detach" request/response messages.
  - wds: new "Get Channel Rates" request/response messages.
  - dms: new 'Swi Get/Set USB Composition' request/response
    messages.
  + New TLVs supported in existing messages:
  - nas: new 'Extended LTE Band Preference' TLV in "Set/Get SSP".
  - dms: new 'Extended LTE Band Capability' TLV in "Get Band
    Capabilities".
  + libqmi:
  - New:
    . QMI_DEVICE_SIGNAL_REMOVED signal in the QmiDevice
    object, propagated through the qmi-proxy.
    . QMI_CLIENT_VALID property in the QmiClient that allows
    detecting whether the underlying QmiDevice is usable or not.
  - Defined additional LTE bands.
  + qmicli:
  - New: --wds-set-ip-family, --wds-get-channel-rates,
  - -uim-read-record, --dms-swi-get-usb-composition and
  - -dms-swi-set-usb-composition commands.
  + libqmi-glib:
  - Prefer realpath() to canonicalize_file_name().
  - Avoid signals sent to the qmi-proxy process.
  + qmi-firmware-update: Support USB3->USB2 mode changes during
    upgrade.
- Update Url to https://www.freedesktop.org/wiki/Software/libqmi/:
  current libqmi's web page.
- Add pkgconfig(gio-unix-2.0) BuildRequires: it was being pulled
  by another pkgconfig module that live in glib2-devel package and
  used already.

==== libsoup ====
Version update (2.60.2 -> 2.60.3)
Subpackages: libsoup-2_4-1 libsoup-lang typelib-1_0-Soup-2_4

- Update to version 2.60.3:
  + heap-buffer-overflow in soup_ntlm_parse_challenge()
    (bgo#788037).
  + session: don't request Keep-Alive for upgraded connections
    (bgo#788723).
  + soup-headers: accept any 3 digit number as message status code
    (bgo#792124).

==== libvirt ====
Version update (3.10.0 -> 4.0.0)
Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-driver-uml libvirt-daemon-driver-vbox libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs

- Update to libvirt 4.0.0
  - Many incremental improvements and bug fixes, see
    http://libvirt.org/news.html
  - Dropped patches:
    2d07f1f0-fix-storage-crash.patch,
    69ed99c7-dom0-persistent.patch,
    8599aedd-libvirt-guests-dom0-filter.patch,
    0f33025a-virt-aa-helper-handle-more-disk-images.patch,
    b475a91b-add-virStringFilterChars-string-utility.patch,
    faec1958-lxc-set-hostname-based-on-container-name.patch,
    2089ab21-netserver-close-clients-before-stopping-all-drivers.patch,
    fix-virt-aa-helper-profile.patch,
  - Patches added to fix upstream bugs:
    72adaf2f-revert-qemu-monitor-error-report.patch,
    71d56a39-nodedev-fix-parse-PCI-address.patch
  - CVE-2018-5748, CVE-2017-5715, bsc#1071651, bsc#1076500

==== llvm4 ====
Subpackages: clang4-checker libLLVM4 libclang4

- n_clang_allow_BUILD_SHARED_LIBRARY.patch
  * Allow buildling clang with BUILD_SHARED_LIBRARY while the rest
    is built with LLVM_LINK_LLVM_DYLIB. (bnc#1065464)
- Remove clang-devel-static.

==== mariadb ====
Subpackages: libmysqld19 mariadb-client mariadb-errormessages

- change owner of mysql-test directory from root to mysql. It also
  fixes sys_vars.secure_file_priv running under mysql user (e.g.
  if ít's started via suse-test-run script) that needs to be able
  to create a test file there during its run [bsc#1012075]

==== perl-List-MoreUtils-XS ====
Version update (0.426 -> 0.428)

- updated to 0.428
  see /usr/share/doc/packages/perl-List-MoreUtils-XS/Changes
  0.428 2017-12-19
  - release 0.427_002 without further changes
  0.427_002   2017-12-14
  - Update ppport.h to 3.37 for improved blead support
  - Fix RT#123869 - context arg to croak() reported by Zefram
  - fix RT#123870 - one() returns true on empty list reported by Andy Lester
  - pamper RT#123868 - $a/$b/$_ refcounting bugs reported by Zefram
  0.427_001   2017-12-12
  - Fix RT#123613 - build fails on perl >=5.27.4 with -DDEBUGGING,
    thanks for reporting and the suggested patch goes to Andreas
    Koenig and Tony Cook

==== perl-Socket6 ====
Version update (0.25 -> 0.28)

- updated to 0.28
  * aclocal.m4 (IPv6_CHECK_INET_NTOP): inet_ntop(3) may returns
    IPv4-compatible IPv6 address. [cpan #113950]
- includes fix from 0.27
  * t/use.t: We still support an environment where AF_INET6 is
    not defined
- includes changes from 0.26
  * Makefile.PL: Make Socket6 buildable on Android. [cpan #98181]
  * system inet_ntop broken in darwin. [cpan #113005]
  * gailookup.pl.in: Add -r option to do reverse lookup
  * gailookup.pl.in: Add awareness of AI_ALL and AI_V4MAPPED
  * gailookup.pl.in: Add -P option to ease to specify port number
- cleanup spec file with spec-cleaner
- split tests into %check section

==== perl-Try-Tiny ====
Version update (0.28 -> 0.30)

- updated to 0.30
  see /usr/share/doc/packages/perl-Try-Tiny/Changes
  0.30      2017-12-21 07:23:03Z
  - expand "when" test skippage to more perl versions
- updated to 0.29
  see /usr/share/doc/packages/perl-Try-Tiny/Changes
  0.29      2017-12-19 03:51:26Z
  - skip tests of "when" and "given/when" usage for perl 5.27.7 *only* (see
    RT#123908)

==== plymouth ====
Version update (0.9.3+git20171130.fa66a5b -> 0.9.3+git20171220.6e9e95d)
Subpackages: libply-boot-client4 libply-splash-core4 libply-splash-graphics4 libply4 plymouth-dracut plymouth-plugin-label plymouth-plugin-label-ft plymouth-plugin-script plymouth-scripts

- Update to version 0.9.3+git20171220.6e9e95d:
  * device-manager: drop superfluous
    create_pixel_displays_for_renderer call
  * x11: don't call gdk_display_get_name before gtk_init

==== python-SecretStorage ====

- Fix dbus-python deps to ease the logic and allow python2less build

==== tlp ====
Version update (1.0 -> 1.1)
Subpackages: tlp-rdw

- Update to version 1.1:
  * Disc drives:
  - SATA_LINKPWR_ON_AC/BAT: Try multiple values to support the
    new recommended ALPM policy "med_power_with_dipm" in
    Linux 4.15.
  * Processor:
  - ENERGY_PERF_POLICY_ON_AC/BAT: Support changed values:
    performance, balance-performance, default, balance-power,
    power (gh#linrunner/TLP#297).
  * ThinkPad Battery:
  - Support ThinkPad 13 1st & 2nd Gen, E130;
    new tpacpi-bat version.
  - tlp-stat --psup: Show ASLbase for tpacpi-bat (in device/path).
  - tlp discharge: Show state of the battery and force_discharge.
  * USB:
  - USB_BLACKLIST_PRINTER: Exclude printers from autosuspend.
  * Bugfixes:
  - Intercept the link_power_management_policy write error
    (gh#linrunner/TLP#271).
  - Fix AC power detection for MacBook Pro 2017
    (gh#linrunner/TLP#283).
  - Move runtime data from /var/run/tlp to /run/tlp
    (gh#linrunner/TLP#298).
  - Fix DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth" not
    working as expected (gh#linrunner/TLP#301).
  - Do not detect wireless input devices batteries as power
    supply (gh#linrunner/TLP#313).
- Remove tlp-1.0-run-mount.patch: fixed upstream.

==== ucode-intel ====
Version update (20180108 -> 20171117)

- firmware-CVE-2017-5715.tar.gz: updates for:
  HSX EP 000306F2
  BDX E EP EP4S EX 000406F1
  SKX H0 00050654
  (bsc#1068032 CVE-2017-5715)
- Update to microcode version: 20171117 (bsc#1068839)
  - - New Platforms --
  CFL U0 (06-9e-0a:22) 70
  CFL B0 (06-9e-0b:2) 72
  SKX H0 (06-55-04:b7) 2000035
  GLK B0 (06-7a-01:1) 1e
  APL Bx (06-5c-09:3) 2c
  - - Updates --
  KBL Y0 (06-8e-0a:c0) 66->70
- Remove code in intel-microcode2ucode.c that refers to
  GenuineIntel.bin , previously in binary blob package.
- Remove binary blob package again. This was intended to be used
  by linuxrc, but the firmware files can simply be concatenated.
- Update to version 20170707 (bsc#1048133, bsc#1043358):
  KBL H0 (06-8e-09:c0) 62
  KBL Y0 (06-8e-0a:c0) 66
  KBL B0 (06-9e-09:2a) 5e
  SKX H0 (06-55-04:97) 2000022
- Update to version 20170511:
  BDX-ML B0/M0/R0 (06-4f-01:ef) b00001f->b000021
  Skylake D0 (06-4e-03:c0) 9e->ba
  Broadwell ULT/ULX E/F-step (06-3d-04:c0) 24->25
  ULT Cx/Dx (06-45-01:72) 1f->20
  Crystalwell Cx (06-46-01:32) 16->17
  Broadwell Halo E/G-step (06-47-01:22) 16->17
  HSX EX E0 (06-3f-04:80) d->f
  Skylake R0 (06-5e-03:36) 9e->ba
  Haswell Cx/Dx (06-3c-03:32) 20->22
  HSX C0 (06-3f-02:6f) 39->3a
- Update to version 20161104.
- Update to version 20160714.
- Should fix bsc#987358, a bug which got introduced with the last
  release.
- Should finally fix "Intel Skylake bug" (bnc#993639), previous
  releases since Jan 2016 may or may not have completely fixed it.
- Update to version 20160607, no changelog available
- Fix dependency on coreutils for initrd macros (boo#958562)
- Call missing initrd macro at postun (boo#958562)
- Fix Url and Source0
- Add GenuineIntel.bin to ucode-intel-blob
- Update to version 20151106
  * No changelog available
- Use download Url as source
- Add ucode-intel-blob subpackage to get the full microcode.dat
    directly
- Update to microcode 20150121.
- Pre require coreutils (bnc#914169).
- Do not try to reload/update microcode at runtime after package
  installation. Only supported way of updating microcode is via
  early microcode update via initrd. bnc#896736
- Update to Intel microcode version 20140624 (bnc#896736, fate#317896)
  This microcode disables lock elision on CPUs which are known to
  not work reliable with this feature
- Update to Intel microcode version 20140624 (bnc#885213)
- Delete mkinitrd scripts. This is done via %rpm regenerate_initrd_* macros
  (bnc#894160)
- Update to Intel microcode version 20140430 (bnc#876073)
- Regenerate the initrd in %posttrans (fate#313506)
- ucode 20140122, no changelog available.
- Loading firmware needs udev to be running
- Add mkinitrd script to add Intel microcode to initrd.
  This is needed because microcode driver is built in or gets loaded
  automatically via udev early. Therefore the microcode has to be available
  in initrd already.
  This must not be mixed up with early micorcode loading. This feature will
  not be implemented via mkinitrd. Dracut is doing early microcode loading.
- bnc#847158
- mkinitrd scripts:
  - mkinitrd_setup-intel_microcode.sh
    Adding microcode to the initrd
  - mkinitrd_boot-intel_microcode.sh
    Triggering the reload at boot
- Correct Supplements string so that the package gets correctly installed
  on machines with Intel CPUs
  bnc#847158
- ucode 20130906, no changelog available.
- ucode 20130808, as usual, no changelog available.
- Run spec-cleaner
- Initial packaging. Moved microcode from microctl_ctl package.

==== vim ====
Subpackages: gvim vim-data

- Make vim require vim-data bsc#1077352 bsc#1075541 bsc#1074790

==== virt-manager ====
Subpackages: virt-install virt-manager-common

- Replace conditional gtk2-tools with gtk3-tools BuildRequires.

==== xdg-desktop-portal-kde ====
Version update (5.11.5 -> 5.11.95)
Subpackages: xdg-desktop-portal-kde-lang

- Update to 5.11.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.95.php
- Changes since 5.11.5:
  * Email portal: add support for attachments
  * Email portal: add support for attachments

==== zypp-plugin ====
Version update (0.6.2 -> 0.6.3)

- Disable singlespec packaging in SLE12* and older distros while it's
  not working there. They provide python2 packages only.
- Fix a bit the obsoletes/provides to allow migration, previously
  was overwritten by macros
- BR python-rpm-macros to build on older distributions
- Fix bit python detection conditions on install phase to be better
  readable and uniform
- Switch to singlespec packaging to make it easy to disable either
  python3 or python2 plugin and make sure all is buildable
- version 0.6.3


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: New Tumbleweed snapshot 20180125: ucode-intel

Peter Suetterlin-2
Dominique Leuenberger wrote:

> Packages changed:

>   ucode-intel (20180108 -> 20171117)

So this reverts the microcode patches (also) for Skylake, correct?

Any words on the influence regarding Meltdown/Spectre?  Are the other (kernel)
measures 'good enough' also w/o microcode update?

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: New Tumbleweed snapshot 20180125: ucode-intel

Frank Krüger
Am 27.01.2018 um 19:07 schrieb Peter Suetterlin:

> Dominique Leuenberger wrote:
>
>> Packages changed:
>
>>   ucode-intel (20180108 -> 20171117)
>
> So this reverts the microcode patches (also) for Skylake, correct?
>
> Any words on the influence regarding Meltdown/Spectre?>
> Are the other (kernel) measures '?good enough' also w/o microcode update?

For current TW kernel "grep . /sys/devices/system/cpu/vulnerabilities/"
gives

sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full
generic retpoline

Regards, Frank



--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: New Tumbleweed snapshot 20180125: ucode-intel

Andrei Borzenkov
In reply to this post by Peter Suetterlin-2
27.01.2018 21:07, Peter Suetterlin пишет:
> Dominique Leuenberger wrote:
>
>> Packages changed:
>
>>   ucode-intel (20180108 -> 20171117)
>
> So this reverts the microcode patches (also) for Skylake, correct?
>

According to changelog it contains microcode with fixes for
CVE-2017-5715 on top of 20171117 Intel release.

> Any words on the influence regarding Meltdown/Spectre?  Are the other (kernel)
> measures 'good enough' also w/o microcode update?
>

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: New Tumbleweed snapshot 20180125: ucode-intel

Larry Finger
In reply to this post by Frank Krüger
On 01/27/2018 12:21 PM, Frank Krüger wrote:

> Am 27.01.2018 um 19:07 schrieb Peter Suetterlin:
>> Dominique Leuenberger wrote:
>>
>>> Packages changed:
>>
>>>    ucode-intel (20180108 -> 20171117)
>>
>> So this reverts the microcode patches (also) for Skylake, correct?
>>
>> Any words on the influence regarding Meltdown/Spectre?>
>> Are the other (kernel) measures '?good enough' also w/o microcode update?
>
> For current TW kernel "grep . /sys/devices/system/cpu/vulnerabilities/"
> gives
>
> sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable
> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full
> generic retpoline

Posted this morning by Linus Torvalds to Dan Williams:

On Fri, Jan 26, 2018 at 11:55 PM, Dan Williams <[hidden email]> wrote:
 >
 > Here's another spin of the spectre-v1 mitigations for 4.16.

I see nothing really objectionable here.

And unlike Spectre-v2 and Meltdown, I expect Spectre-v1 to be with us
for a long time. It's not a "CPU did a bad job with checking the
cached information it had" (whether it be from the TLB, BTB or RSB),
it's pretty fundamental to just regular conditional branch prediction.

So ack from me, and I don't expect this to be behind any config options.

I still haven't really seen any numbers for this, but I _assume_ it's
basically not measurable.

                  Linus
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: New Tumbleweed snapshot 20180125: ucode-intel

Dominique Leuenberger / DimStar
In reply to this post by Peter Suetterlin-2
On Sat, 2018-01-27 at 18:07 +0000, Peter Suetterlin wrote:
> Dominique Leuenberger wrote:
>
> > Packages changed:
> >   ucode-intel (20180108 -> 20171117)
>
> So this reverts the microcode patches (also) for Skylake, correct?
>
> Any words on the influence regarding Meltdown/Spectre?  Are the other (kernel)
> measures 'good enough' also w/o microcode update?

Please see https://news.opensuse.org/2018/01/26/opensuse-meltdown-spectre-update-26-jan-2018/
for more detailed information on the topic.

As for ucode-intel, it states:

"""
While we have released updates for some Intel chipsets and also AMD
Ryzen, the Intel CPU Microcode updates were later found to be unstable
and have now been retracted.

Intel is currently working on better versions of the CPU Microcode,
which we will ship once they become available.

For openSUSE Tumbleweed we have reverted the “ucode-intel” package to
the pre-Spectre state.
"""

Cheers,
Dominique

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: New Tumbleweed snapshot 20180125: ucode-intel

Marcus Meissner
In reply to this post by Andrei Borzenkov
On Sat, Jan 27, 2018 at 10:12:20PM +0300, Andrei Borzenkov wrote:
> 27.01.2018 21:07, Peter Suetterlin пишет:
> > Dominique Leuenberger wrote:
> >
> >> Packages changed:
> >
> >>   ucode-intel (20180108 -> 20171117)
> >
> > So this reverts the microcode patches (also) for Skylake, correct?

Yes.

> According to changelog it contains microcode with fixes for
> CVE-2017-5715 on top of 20171117 Intel release.

I reverted that even more to the pre-Spectre release for now.
 
> > Any words on the influence regarding Meltdown/Spectre?  Are the other (kernel)
> > measures 'good enough' also w/o microcode update?

Spectre v1 and Meltdown mitigations are not microcode dependend
and are present.

https://news.opensuse.org/2018/01/26/opensuse-meltdown-spectre-update-26-jan-2018/

CIao, Marcus
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]