Mageia 7 needs to be updated to the currently supported 5.7 series (5.6 is EOL). The latest is 5.7.10 (Cauldron needs to be updated too): https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.10 Other things that may need to be updated or rebuilt include: - iproute2 (Bug 27005) - kmod-virtualbox - kmod-xtables-addons - wireguard-tools - kernel-firmware-nonfree - openafs 1.8.6 ( http://www.openafs.org/dl/openafs/1.8.6/RELNOTES-1.8.6 ) - any other packages with kernel modules that don't build with 5.7
Blocks: (none) => 27005
It looks like this update will fix (for Mageia 7) at least these CVEs: https://www.linuxkernelcves.com/cves/CVE-2019-18814 https://www.linuxkernelcves.com/cves/CVE-2019-19462 https://www.linuxkernelcves.com/cves/CVE-2020-0543 https://www.linuxkernelcves.com/cves/CVE-2020-10732 https://www.linuxkernelcves.com/cves/CVE-2020-10757 https://www.linuxkernelcves.com/cves/CVE-2020-10766 https://www.linuxkernelcves.com/cves/CVE-2020-10767 https://www.linuxkernelcves.com/cves/CVE-2020-10768 https://www.linuxkernelcves.com/cves/CVE-2020-10781 https://www.linuxkernelcves.com/cves/CVE-2020-13974 https://www.linuxkernelcves.com/cves/CVE-2020-15393 https://www.linuxkernelcves.com/cves/CVE-2020-15780 https://www.linuxkernelcves.com/cves/CVE-2020-15852
Component: RPM Packages => SecurityQA Contact: (none) => security
We should also update to libseccomp 2.5.0 with the updated syscall table: https://github.com/seccomp/libseccomp/releases/tag/v2.5.0
(In reply to David Walser from comment #2) > We should also update to libseccomp 2.5.0 with the updated syscall table: > https://github.com/seccomp/libseccomp/releases/tag/v2.5.0 Updated in Cauldron by Shlomi, checked into Mageia 7 SVN by me.
5.7.11 kernel is out: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11 List of fixed CVEs isn't updated yet, but will be here: https://www.linuxkernelcves.com/streams/5.7 Currently doesn't build in Cauldron due to gcc bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96377
Already up to 5.7.12 now: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.12 And we have a patched GCC building in Cauldron now, so should be able to start building these updates soon.
CC: (none) => fri
(In reply to David Walser from comment #5) > Already up to 5.7.12 now: > https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.12 > > And we have a patched GCC building in Cauldron now, so should be able to > start building these updates soon. kernel 5.7.12 was successfully built for cauldron core/release by tv. I'll try to test it soon.
CC: (none) => shlomif
(In reply to Shlomi Fish from comment #6) > (In reply to David Walser from comment #5) > > Already up to 5.7.12 now: > > https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.12 > > > > And we have a patched GCC building in Cauldron now, so should be able to > > start building these updates soon. > > kernel 5.7.12 was successfully built for cauldron core/release by tv. I'll > try to test it soon. kernel 5.7.12 seems to work well here. I am getting a warning before login about "cannot start ipv4 Shorewall" but I got it before.
openafs 1.8.6 updated in Cauldron and checked into Mageia 7 SVN. wireguard-tools and kernel-firmware-nonfree are already the same in Mageia 7 and Cauldron, but we should see if they can be updated. kmod-virtualbox and kmod-xtables-addons will be simple rebuilds against the updated kernel.
Now up to 5.7.13: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.13 which fixes one more CVE at least: https://www.linuxkernelcves.com/cves/CVE-2020-12656 although that's a disputed CVE.
wireguard-tools doesn't need to be updated yet, you can see when new versions get tagged here: https://git.zx2c4.com/wireguard-tools/log/ kernel-firmware-nonfree is here and does need updated to 20200721: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git
kernel-firmware-nonfree-20200721-1 updates have been pushed to the build system. radeon-firmware also may need to be updated, as it is packaged separately. For future reference, packages to possibly update with new kernel branches... filesystems: xfsprogs (Bug 27003) btrfs-progs (Bug 27004) userspace tools: ipset (Bug 26697 for kernel 5.6) strace (Bug 26786) ethtool (Bug 26820) iproute2 (Bug 27005) libseccomp kernel modules: ipt_NETFLOW broadcom-wl dkms-bbswitch
(In reply to David Walser from comment #11) > kernel modules: > ipt_NETFLOW > broadcom-wl > dkms-bbswitch zfs-fuse
(In reply to David Walser from comment #11) > radeon-firmware also may need to be updated, as it is packaged separately. radeon-firmware-20200721-1 updates have been pushed to the build system. > userspace tools: > ipset (Bug 26697 for kernel 5.6) > strace (Bug 26786) > ethtool (Bug 26820) > iproute2 (Bug 27005) libseccomp (Bug 27051)
kernel-firmware-nonfree and radeon-firmware updates are in Bug 27052. openafs update is in Bug 27053.
kernel-linus isn't available yet, but hopefully Nicolas will have that available tomorrow. Assigning to QA so testing the main kernel can begin. It would be nice if someone could test and make sure ipt_NETFLOW, broadcom-wl, and dkms-bbswitch still build (there are dkms packages for all of them) and that zfs-fuse still works with the updated kernel. Advisory to come later. Package lists below. SRPMS: kernel-5.7.13-2.mga7.src.rpm kmod-virtualbox-6.0.24-2.mga7.src.rpm kmod-xtables-addons-3.9-5.mga7.src.rpm i586: kernel-desktop586-5.7.13-2.mga7-1-1.mga7.i586.rpm kernel-desktop586-devel-5.7.13-2.mga7-1-1.mga7.i586.rpm kernel-desktop586-latest-5.7.13-2.mga7.i586.rpm kernel-desktop586-devel-latest-5.7.13-2.mga7.i586.rpm kernel-desktop-5.7.13-2.mga7-1-1.mga7.i586.rpm kernel-desktop-devel-5.7.13-2.mga7-1-1.mga7.i586.rpm kernel-desktop-latest-5.7.13-2.mga7.i586.rpm kernel-desktop-devel-latest-5.7.13-2.mga7.i586.rpm kernel-server-5.7.13-2.mga7-1-1.mga7.i586.rpm kernel-server-devel-5.7.13-2.mga7-1-1.mga7.i586.rpm kernel-server-latest-5.7.13-2.mga7.i586.rpm kernel-server-devel-latest-5.7.13-2.mga7.i586.rpm kernel-source-5.7.13-2.mga7-1-1.mga7.noarch.rpm kernel-source-latest-5.7.13-2.mga7.noarch.rpm kernel-doc-5.7.13-2.mga7.noarch.rpm kernel-userspace-headers-5.7.13-2.mga7.i586.rpm perf-5.7.13-2.mga7.i586.rpm cpupower-5.7.13-2.mga7.i586.rpm cpupower-devel-5.7.13-2.mga7.i586.rpm bpftool-5.7.13-2.mga7.i586.rpm libbpf0-5.7.13-2.mga7.i586.rpm libbpf-devel-5.7.13-2.mga7.i586.rpm virtualbox-kernel-5.7.13-desktop586-2.mga7-6.0.24-2.mga7.i586.rpm virtualbox-kernel-desktop586-latest-6.0.24-2.mga7.i586.rpm virtualbox-kernel-5.7.13-desktop-2.mga7-6.0.24-2.mga7.i586.rpm virtualbox-kernel-desktop-latest-6.0.24-2.mga7.i586.rpm virtualbox-kernel-5.7.13-server-2.mga7-6.0.24-2.mga7.i586.rpm virtualbox-kernel-server-latest-6.0.24-2.mga7.i586.rpm xtables-addons-kernel-5.7.13-desktop586-2.mga7-3.9-5.mga7.i586.rpm xtables-addons-kernel-desktop586-latest-3.9-5.mga7.i586.rpm xtables-addons-kernel-5.7.13-desktop-2.mga7-3.9-5.mga7.i586.rpm xtables-addons-kernel-desktop-latest-3.9-5.mga7.i586.rpm xtables-addons-kernel-5.7.13-server-2.mga7-3.9-5.mga7.i586.rpm xtables-addons-kernel-server-latest-3.9-5.mga7.i586.rpm x86_64: kernel-desktop-5.7.13-2.mga7-1-1.mga7.x86_64.rpm kernel-desktop-devel-5.7.13-2.mga7-1-1.mga7.x86_64.rpm kernel-desktop-latest-5.7.13-2.mga7.x86_64.rpm kernel-desktop-devel-latest-5.7.13-2.mga7.x86_64.rpm kernel-server-5.7.13-2.mga7-1-1.mga7.x86_64.rpm kernel-server-devel-5.7.13-2.mga7-1-1.mga7.x86_64.rpm kernel-server-latest-5.7.13-2.mga7.x86_64.rpm kernel-server-devel-latest-5.7.13-2.mga7.x86_64.rpm kernel-source-5.7.13-2.mga7-1-1.mga7.noarch.rpm kernel-source-latest-5.7.13-2.mga7.noarch.rpm kernel-doc-5.7.13-2.mga7.noarch.rpm kernel-userspace-headers-5.7.13-2.mga7.x86_64.rpm perf-5.7.13-2.mga7.x86_64.rpm cpupower-5.7.13-2.mga7.x86_64.rpm cpupower-devel-5.7.13-2.mga7.x86_64.rpm bpftool-5.7.13-2.mga7.x86_64.rpm lib64bpf0-5.7.13-2.mga7.x86_64.rpm lib64bpf-devel-5.7.13-2.mga7.x86_64.rpm virtualbox-kernel-5.7.13-desktop-2.mga7-6.0.24-2.mga7.x86_64.rpm virtualbox-kernel-desktop-latest-6.0.24-2.mga7.x86_64.rpm virtualbox-kernel-5.7.13-server-2.mga7-6.0.24-2.mga7.x86_64.rpm virtualbox-kernel-server-latest-6.0.24-2.mga7.x86_64.rpm xtables-addons-kernel-5.7.13-desktop-2.mga7-3.9-5.mga7.x86_64.rpm xtables-addons-kernel-desktop-latest-3.9-5.mga7.x86_64.rpm xtables-addons-kernel-5.7.13-server-2.mga7-3.9-5.mga7.x86_64.rpm xtables-addons-kernel-server-latest-3.9-5.mga7.x86_64.rpm
Assignee: kernel => qa-bugs
The only notable change I see in the commit log is: - drop the Amd SFH driver for now (several issues including null pointer deref) So the advisory will all about the CVEs. Updated kernel packages fix security vulnerabilities: This provides an update to kernel 5.7 series, currently based on upstream 5.7.13 adding support for new hardware and features, and fixes at least the following security issues: An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c (CVE-2019-18814). relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result (CVE-2019-19462). Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2020-0543). A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data (CVE-2020-10732). A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system (CVE-2020-10757). A logic bug flaw was found in the Linux kernel’s implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality (CVE-2020-10766). A flaw was found in the Linux kernel’s implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality (CVE-2020-10767). A flaw was found in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality (CVE-2020-10768). A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable (CVE-2020-10781). In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak (CVE-2020-15393). An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions (CVE-2020-15780). An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen (CVE-2020-15852). For other upstream fixes and changes in this update, see the referenced changelogs. References: https://kernelnewbies.org/Linux_5.7 https://www.linuxkernelcves.com/cves/CVE-2019-18814 https://www.linuxkernelcves.com/cves/CVE-2019-19462 https://www.linuxkernelcves.com/cves/CVE-2020-0543 https://www.linuxkernelcves.com/cves/CVE-2020-10732 https://www.linuxkernelcves.com/cves/CVE-2020-10757 https://www.linuxkernelcves.com/cves/CVE-2020-10766 https://www.linuxkernelcves.com/cves/CVE-2020-10767 https://www.linuxkernelcves.com/cves/CVE-2020-10768 https://www.linuxkernelcves.com/cves/CVE-2020-10781 https://www.linuxkernelcves.com/cves/CVE-2020-15393 https://www.linuxkernelcves.com/cves/CVE-2020-15780 https://www.linuxkernelcves.com/cves/CVE-2020-15852 https://access.redhat.com/security/cve/CVE-2020-10766 https://access.redhat.com/security/cve/CVE-2020-10767 https://access.redhat.com/security/cve/CVE-2020-10768 https://access.redhat.com/security/cve/CVE-2020-10781 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.1 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.2 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.4 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.6 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.9 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.10 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.12 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.13
(In reply to David Walser from comment #12) > (In reply to David Walser from comment #11) > > kernel modules: > > ipt_NETFLOW > > broadcom-wl > > dkms-bbswitch > zfs-fuse openafs xtables-addons (and kmod-xtables-addons) I see xtables-addons has a 3.10 available upstream, but it's probably only needed for kernel 5.8, so that'll be for Cauldron only at this point. I also see that tmb updated ldetect-lst when we updated to kernel 5.6, so that could be another one needed for future kernel updates. For now, Mageia 7 and Cauldron are already the same.
Hi, Without issues here. I have installed the kernel 5.7.13 from testing repos and no problems. All aplications works fine, no issues in boot, Nvidia building ok. [jose@localhost ~]$ uname -a Linux localhost 5.7.13-desktop-2.mga7 #1 SMP Wed Aug 5 20:03:55 UTC 2020 x86_64 GNU/Linux [jose@localhost ~]$
CC: (none) => joselp
Another kernel update is building, so the kmods will need to be rebuilt after too. We're also looking at another package, kernel-firmware, that needs to be updated, but we're not quite sure how to do it. I'm also concerned that it has files that conflict with radeon-firmware.
Keywords: (none) => feedback
(In reply to David Walser from comment #19) > We're also looking at another package, kernel-firmware, that needs to be > updated, but we're not quite sure how to do it. I'm also concerned that it > has files that conflict with radeon-firmware. No need to update it right now. It almost never changes contents as it ony carries free firmwares, and almost no fully free firmware gets added to upstream linux-firmware git tree. I'll try to document it why / what / how soon-ish
(In reply to David Walser from comment #17) > I also see that tmb updated ldetect-lst when we updated to kernel 5.6, so > that could be another one needed for future kernel updates. For now, Mageia > 7 and Cauldron are already the same. for kernel side it gets updated for new module aliases for radeon, amdgpu and i915 kernel modules. At the same time I usually also update pci.ids and usb.ids so drakx tools have access to latest info... (it also gets updated with new ids when a new nvidia-current driver gets uploaded)
(In reply to David Walser from comment #19) > Another kernel update is building, so the kmods will need to be rebuilt > after too. I'd suggest to wait for 5.7.14 final (currently running as -rc2 round on upstream testers) as upstream have been hammering on the follow-up fixes for random32 stuff that kept falling apart in various subtle ways...
(In reply to Thomas Backlund from comment #20) > (In reply to David Walser from comment #19) > > > > We're also looking at another package, kernel-firmware, that needs to be > > updated, but we're not quite sure how to do it. I'm also concerned that it > > has files that conflict with radeon-firmware. > > No need to update it right now. > > It almost never changes contents as it ony carries free firmwares, and > almost no fully free firmware gets added to upstream linux-firmware git tree. > > I'll try to document it why / what / how soon-ish Thanks. I think I mostly fixed the gen-free-firmware-tarball.sh script locally. Part of what I did is not include things listed as "Source: " in the tarball. Are those really needed?
(In reply to David Walser from comment #23) > (In reply to Thomas Backlund from comment #20) > > (In reply to David Walser from comment #19) > > > > > > > We're also looking at another package, kernel-firmware, that needs to be > > > updated, but we're not quite sure how to do it. I'm also concerned that it > > > has files that conflict with radeon-firmware. > > > > No need to update it right now. > > > > It almost never changes contents as it ony carries free firmwares, and > > almost no fully free firmware gets added to upstream linux-firmware git tree. > > > > I'll try to document it why / what / how soon-ish > > Thanks. I think I mostly fixed the gen-free-firmware-tarball.sh script > locally. Part of what I did is not include things listed as "Source: " in > the tarball. Are those really needed? Haha, no they're not needed. They're removed in the SPEC file. So the only thing missing in the tarball I generated with the fixed script is the r128 and radeon files, which have no License name in the WHENCE file, just the full text of the license from AMD pasted below it. Should those files be in kernel-firmware or radeon-firmware?
The script has one more minor issue since there are multiple Licence tags in the brcm section, but I accounted for that in the SPEC. So I'll push an update to Cauldron, but you're right that it doesn't appear to need an update for Mageia 7 because the resulting files should be the same.
(In reply to Thomas Backlund from comment #22) > (In reply to David Walser from comment #19) > > Another kernel update is building, so the kmods will need to be rebuilt > > after too. > > I'd suggest to wait for 5.7.14 final (currently running as -rc2 round on > upstream testers) as upstream have been hammering on the follow-up fixes for > random32 stuff that kept falling apart in various subtle ways... Thanks, it's really helpful to have your insights on these things.
(In reply to David Walser from comment #24) > So the only thing missing in the tarball I generated with the fixed script > is the r128 and radeon files, which have no License name in the WHENCE file, > just the full text of the license from AMD pasted below it. Should those > files be in kernel-firmware or radeon-firmware? The r128 and radeon files currently shipped in kernel-firmware package belongs there. They used to be in the upstream kernel source tree in hex form and are covered by the kernel GPL, but since it was decided upstream to not ship any hex or binary firmware in kernel tree, they got exported to the external linux-firmware tree. the rest of the firmwares in radeon/ and all of amdgpu/ belongs in radeon-firmware. The reason for keeping radeon-firmware as a separate srpm was/is to keep it simple to release smaller updates faster when needed as Amd have usually been quick to release new firmwares either through linux-firmware or through agd5f (Alex Deucher's development stuff) tree
CC: (none) => tmb
CC: tmb => (none)
OK, might as well update xtables-addons to 3.10 and push new kmods now so QA can test, even if we hold off releasing until 5.7.14. It's good practice anyway :o) Addendum to advisory will be: "Also, the xtables-addons package has been updated to version 3.10." SRPMS: kernel-5.7.13-3.mga7.src.rpm kmod-virtualbox-6.0.24-3.mga7.src.rpm xtables-addons-3.10-1.mga7.src.rpm kmod-xtables-addons-3.10-1.mga7.src.rpm i586: kernel-desktop586-5.7.13-3.mga7-1-1.mga7.i586.rpm kernel-desktop586-devel-5.7.13-3.mga7-1-1.mga7.i586.rpm kernel-desktop586-latest-5.7.13-3.mga7.i586.rpm kernel-desktop586-devel-latest-5.7.13-3.mga7.i586.rpm kernel-desktop-5.7.13-3.mga7-1-1.mga7.i586.rpm kernel-desktop-devel-5.7.13-3.mga7-1-1.mga7.i586.rpm kernel-desktop-latest-5.7.13-3.mga7.i586.rpm kernel-desktop-devel-latest-5.7.13-3.mga7.i586.rpm kernel-server-5.7.13-3.mga7-1-1.mga7.i586.rpm kernel-server-devel-5.7.13-3.mga7-1-1.mga7.i586.rpm kernel-server-latest-5.7.13-3.mga7.i586.rpm kernel-server-devel-latest-5.7.13-3.mga7.i586.rpm kernel-source-5.7.13-3.mga7-1-1.mga7.noarch.rpm kernel-source-latest-5.7.13-3.mga7.noarch.rpm kernel-doc-5.7.13-3.mga7.noarch.rpm kernel-userspace-headers-5.7.13-3.mga7.i586.rpm perf-5.7.13-3.mga7.i586.rpm cpupower-5.7.13-3.mga7.i586.rpm cpupower-devel-5.7.13-3.mga7.i586.rpm bpftool-5.7.13-3.mga7.i586.rpm libbpf0-5.7.13-3.mga7.i586.rpm libbpf-devel-5.7.13-3.mga7.i586.rpm virtualbox-kernel-5.7.13-desktop586-3.mga7-6.0.24-3.mga7.i586.rpm virtualbox-kernel-desktop586-latest-6.0.24-3.mga7.i586.rpm virtualbox-kernel-5.7.13-desktop-3.mga7-6.0.24-3.mga7.i586.rpm virtualbox-kernel-desktop-latest-6.0.24-3.mga7.i586.rpm virtualbox-kernel-5.7.13-server-3.mga7-6.0.24-3.mga7.i586.rpm virtualbox-kernel-server-latest-6.0.24-3.mga7.i586.rpm xtables-addons-3.10-1.mga7.i586.rpm iptaccount-3.10-1.mga7.i586.rpm xtables-geoip-3.10-1.mga7.noarch.rpm libaccount0-3.10-1.mga7.i586.rpm libaccount-devel-3.10-1.mga7.i586.rpm dkms-xtables-addons-3.10-1.mga7.i586.rpm xtables-addons-kernel-5.7.13-desktop586-3.mga7-3.10-1.mga7.i586.rpm xtables-addons-kernel-desktop586-latest-3.10-1.mga7.i586.rpm xtables-addons-kernel-5.7.13-desktop-3.mga7-3.10-1.mga7.i586.rpm xtables-addons-kernel-desktop-latest-3.10-1.mga7.i586.rpm xtables-addons-kernel-5.7.13-server-3.mga7-3.10-1.mga7.i586.rpm xtables-addons-kernel-server-latest-3.10-1.mga7.i586.rpm x86_64: kernel-desktop-5.7.13-3.mga7-1-1.mga7.x86_64.rpm kernel-desktop-devel-5.7.13-3.mga7-1-1.mga7.x86_64.rpm kernel-desktop-latest-5.7.13-3.mga7.x86_64.rpm kernel-desktop-devel-latest-5.7.13-3.mga7.x86_64.rpm kernel-server-5.7.13-3.mga7-1-1.mga7.x86_64.rpm kernel-server-devel-5.7.13-3.mga7-1-1.mga7.x86_64.rpm kernel-server-latest-5.7.13-3.mga7.x86_64.rpm kernel-server-devel-latest-5.7.13-3.mga7.x86_64.rpm kernel-source-5.7.13-3.mga7-1-1.mga7.noarch.rpm kernel-source-latest-5.7.13-3.mga7.noarch.rpm kernel-doc-5.7.13-3.mga7.noarch.rpm kernel-userspace-headers-5.7.13-3.mga7.x86_64.rpm perf-5.7.13-3.mga7.x86_64.rpm cpupower-5.7.13-3.mga7.x86_64.rpm cpupower-devel-5.7.13-3.mga7.x86_64.rpm bpftool-5.7.13-3.mga7.x86_64.rpm lib64bpf0-5.7.13-3.mga7.x86_64.rpm lib64bpf-devel-5.7.13-3.mga7.x86_64.rpm virtualbox-kernel-5.7.13-desktop-3.mga7-6.0.24-3.mga7.x86_64.rpm virtualbox-kernel-desktop-latest-6.0.24-3.mga7.x86_64.rpm virtualbox-kernel-5.7.13-server-3.mga7-6.0.24-3.mga7.x86_64.rpm virtualbox-kernel-server-latest-6.0.24-3.mga7.x86_64.rpm xtables-addons-3.10-1.mga7.x86_64.rpm iptaccount-3.10-1.mga7.x86_64.rpm xtables-geoip-3.10-1.mga7.noarch.rpm lib64account0-3.10-1.mga7.x86_64.rpm lib64account-devel-3.10-1.mga7.x86_64.rpm dkms-xtables-addons-3.10-1.mga7.x86_64.rpm xtables-addons-kernel-5.7.13-desktop-3.mga7-3.10-1.mga7.x86_64.rpm xtables-addons-kernel-desktop-latest-3.10-1.mga7.x86_64.rpm xtables-addons-kernel-5.7.13-server-3.mga7-3.10-1.mga7.x86_64.rpm xtables-addons-kernel-server-latest-3.10-1.mga7.x86_64.rpm
Keywords: feedback => (none)
Eating what you feed me... Was running 5.7.13-2 for a while, now -3 64 bit OK on My machine "svarten": Mainboard: Sabertooth P67, CPU: i7-3770, RAM 16G, Nvidia GTX760 (GK104) using nvidia-current; GeForce 635 series and later, 4k display. Also the new firmwares installed. Disk&Filesystem: SSD with EFI and ext 4 /boot, then an encrypted partition for LVM, containing swap and ext4 /home & / Plasma desktop Thunderbird, LibreOffice, FreeCad, Ktorrent, Syncthing, Nextcloud client... Video with sound in Firefox CUDA and OpenCL detected and used by BOINC. Stress test: BOINC use all cores to 100%, videos do not stutter. Also virtualbox 6.0.24-1 seem OK running MSW7 64 bit guest incl folder sharing, USB, bidirectional clipboard, dynamic guest window resizing. All as usual, need to free 2 CPU from BOINC to avoid video stutter in guest firefox, playing from internet. Installed and rebooted before testing: - cpupower-5.7.13-2.mga7.x86_64 - iwlwifi-firmware-20200721-1.mga7.nonfree.noarch - kernel-desktop-5.7.13-2.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-5.7.13-2.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-latest-5.7.13-2.mga7.x86_64 - kernel-desktop-latest-5.7.13-2.mga7.x86_64 - kernel-firmware-nonfree-20200721-1.mga7.nonfree.noarch - kernel-userspace-headers-5.7.13-2.mga7.x86_64 - radeon-firmware-20200721-1.mga7.nonfree.noarch - ralink-firmware-20200721-1.mga7.nonfree.noarch - rtlwifi-firmware-20200721-1.mga7.nonfree.noarch - virtualbox-kernel-5.7.13-desktop-2.mga7-6.0.24-2.mga7.x86_64 - virtualbox-kernel-desktop-latest-6.0.24-2.mga7.x86_64 Rebooted and ran that for a while, then installed - cpupower-5.7.13-3.mga7.x86_64 - kernel-desktop-5.7.13-3.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-5.7.13-3.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-latest-5.7.13-3.mga7.x86_64 - kernel-desktop-latest-5.7.13-3.mga7.x86_64 - kernel-userspace-headers-5.7.13-3.mga7.x86_64 - radeon-firmware-20200721-2.mga7.nonfree.noarch - virtualbox-kernel-5.7.13-desktop-3.mga7-6.0.24-3.mga7.x86_64 - virtualbox-kernel-desktop-latest-6.0.24-3.mga7.x86_64 and then rebooted for this testing, and keep using.
Compaq Presario C700 Mageia 7 32 bit Plasma DE lscpu ~ Model name: Intel(R) Celeron(R) M CPU 530 @ 1.73GHz lspcidrake ~ wl: Broadcom Inc. and subsidiaries|BCM4311 802.11b/g WLAN [NETWORK_OTHER] (rev: 02) uname -r 5.6.14-desktop-2.mga7 To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Updates Testing (distrib5)") cpupower 5.7.13 3.mga7 i586 kernel-desktop-5.7.13-3.mga7 1 1.mga7 i586 kernel-desktop-latest 5.7.13 3.mga7 i586 kernel-userspace-headers 5.7.13 3.mga7 i586 (medium "Nonfree Updates Testing (distrib15)") iwlwifi-firmware 20200721 1.mga7.nonfr> noarch kernel-firmware-nonfree 20200721 1.mga7.nonfr> noarch radeon-firmware 20200721 1.mga7.nonfr> noarch ralink-firmware 20200721 1.mga7.nonfr> noarch rtlwifi-firmware 20200721 1.mga7.nonfr> noarch 79MB of additional disk space will be used. 166MB of packages will be retrieved. Proceed with the installation of the 9 packages? (Y/n) y ~ reboot at desktop presentation, no wifi. draknet-center reports: Error. could not install the packages(dkms-broadcom-wl, dkms-broadcom-wl,dkms-broadcom-wl, dkms-broadcom-wl) connected via lan and retried. same result. looks like dkms-broadcom-wl package needs to be updated too
CC: (none) => westel
Compaq Presario C700 Mageia 7 32 bit Plasma DE lscpu ~ Model name: Intel(R) Celeron(R) M CPU 530 @ 1.73GHz lspcidrake ~ wl: Broadcom Inc. and subsidiaries|BCM4311 802.11b/g WLAN [NETWORK_OTHER] (rev: 02) uname -r 5.6.14-desktop-2.mga7 To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Updates Testing (distrib5)") cpupower 5.7.13 3.mga7 i586 kernel-desktop-5.7.13-3.mga7 1 1.mga7 i586 kernel-desktop-latest 5.7.13 3.mga7 i586 kernel-userspace-headers 5.7.13 3.mga7 i586 (medium "Nonfree Updates Testing (distrib15)") iwlwifi-firmware 20200721 1.mga7.nonfr> noarch kernel-firmware-nonfree 20200721 1.mga7.nonfr> noarch radeon-firmware 20200721 1.mga7.nonfr> noarch ralink-firmware 20200721 1.mga7.nonfr> noarch rtlwifi-firmware 20200721 1.mga7.nonfr> noarch 79MB of additional disk space will be used. 166MB of packages will be retrieved. Proceed with the installation of the 9 packages? (Y/n) y ~ reboot at desktop presentation, no wifi. draknet-center reports: Error. could not install the packages(dkms-broadcom-wl, dkms-broadcom-wl,dkms-broadcom-wl, dkms-broadcom-wl) connected via lan and retried. same result. oops, forgot to install these To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Updates Testing (distrib5)") kernel-desktop-devel-5.7.13-3> 1 1.mga7 i586 kernel-desktop-devel-latest 5.7.13 3.mga7 i586 44MB of additional disk space will be used. 11MB of packages will be retrieved. Proceed with the installation of the 2 packages? (Y/n) y reboot rebuilt broadcom driver during boot. at desktop wifi ok, but mouse pointer not working. reboot and all ok
(In reply to David Walser from comment #28) > OK, might as well update xtables-addons to 3.10 and push new kmods now so QA > can test, even if we hold off releasing until 5.7.14. It's good practice > anyway :o) 5.7.14 final has now passed upstream QA and is now released upstream
Created attachment 11788 [details] dkms-nvidia340 build log (/var/lib/dkms/nvidia340/340.108-6.mga7.nonfree/build/make.log)
CC: (none) => mageia
The kernel installed OK but dkms-nvidia340 failed to build kernel module. The DKMS make.log is attached. $ rpm -qa | grep nvidia x11-driver-video-nvidia340-340.108-6.mga7.nonfree dkms-nvidia340-340.108-6.mga7.nonfree nvidia340-doc-html-340.108-6.mga7.nonfree $ ls -la /usr/src/kernel-5.7.13-desktop-3.mga7/include/config/auto.conf /usr/src/kernel-5.7.13-desktop-3.mga7/include/generated/autoconf.h -rw-r--r-- 1 root root 14906 ago 7 11:22 /usr/src/kernel-5.7.13-desktop-3.mga7/include/config/auto.conf -rw-r--r-- 1 root root 19381 ago 7 11:22 /usr/src/kernel-5.7.13-desktop-3.mga7/include/generated/autoconf.h $ rpm -qa | grep kernel | sort kernel-desktop-5.6.14-2.mga7-1-1.mga7 kernel-desktop-5.7.13-3.mga7-1-1.mga7 kernel-desktop-devel-5.6.14-2.mga7-1-1.mga7 kernel-desktop-devel-5.7.13-3.mga7-1-1.mga7 kernel-desktop-devel-latest-5.7.13-3.mga7 kernel-desktop-latest-5.7.13-3.mga7 kernel-firmware-20190603-1.mga7 kernel-firmware-nonfree-20200721-1.mga7.nonfree kernel-userspace-headers-5.7.13-3.mga7
Continuing comment 34 ... This is a regression. The dkms-nvidia340 build OK for kernel 5.6.14-desktop-2.mga7. $ dkms status nvidia340, 340.108-6.mga7.nonfree, 5.6.14-desktop-2.mga7, x86_64: installed
Advisory will now be as follows. 5.7.14 is building, so I'll re-post package list later. Updated kernel packages fix security vulnerabilities: This provides an update to kernel 5.7 series, currently based on upstream 5.7.14 adding support for new hardware and features, and fixes at least the following security issues: An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c (CVE-2019-18814). relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result (CVE-2019-19462). Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2020-0543). A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data (CVE-2020-10732). A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system (CVE-2020-10757). A logic bug flaw was found in the Linux kernel’s implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality (CVE-2020-10766). A flaw was found in the Linux kernel’s implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality (CVE-2020-10767). A flaw was found in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality (CVE-2020-10768). A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable (CVE-2020-10781). In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak (CVE-2020-15393). An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions (CVE-2020-15780). An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen (CVE-2020-15852). For other upstream fixes and changes in this update, see the referenced changelogs. Also, the xtables-addons package has been updated to version 3.10. References: https://kernelnewbies.org/Linux_5.7 https://www.linuxkernelcves.com/cves/CVE-2019-18814 https://www.linuxkernelcves.com/cves/CVE-2019-19462 https://www.linuxkernelcves.com/cves/CVE-2020-0543 https://www.linuxkernelcves.com/cves/CVE-2020-10732 https://www.linuxkernelcves.com/cves/CVE-2020-10757 https://www.linuxkernelcves.com/cves/CVE-2020-10766 https://www.linuxkernelcves.com/cves/CVE-2020-10767 https://www.linuxkernelcves.com/cves/CVE-2020-10768 https://www.linuxkernelcves.com/cves/CVE-2020-10781 https://www.linuxkernelcves.com/cves/CVE-2020-15393 https://www.linuxkernelcves.com/cves/CVE-2020-15780 https://www.linuxkernelcves.com/cves/CVE-2020-15852 https://access.redhat.com/security/cve/CVE-2020-10766 https://access.redhat.com/security/cve/CVE-2020-10767 https://access.redhat.com/security/cve/CVE-2020-10768 https://access.redhat.com/security/cve/CVE-2020-10781 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.1 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.2 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.4 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.6 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.9 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.10 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.12 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.13 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.14
Final packages list: SRPMS: kernel-5.7.14-1.mga7.src.rpm kmod-virtualbox-6.0.24-4.mga7.src.rpm xtables-addons-3.10-1.mga7.src.rpm kmod-xtables-addons-3.10-2.mga7.src.rpm i586: kernel-desktop586-5.7.14-1.mga7-1-1.mga7.i586.rpm kernel-desktop586-devel-5.7.14-1.mga7-1-1.mga7.i586.rpm kernel-desktop586-latest-5.7.14-1.mga7.i586.rpm kernel-desktop586-devel-latest-5.7.14-1.mga7.i586.rpm kernel-desktop-5.7.14-1.mga7-1-1.mga7.i586.rpm kernel-desktop-devel-5.7.14-1.mga7-1-1.mga7.i586.rpm kernel-desktop-latest-5.7.14-1.mga7.i586.rpm kernel-desktop-devel-latest-5.7.14-1.mga7.i586.rpm kernel-server-5.7.14-1.mga7-1-1.mga7.i586.rpm kernel-server-devel-5.7.14-1.mga7-1-1.mga7.i586.rpm kernel-server-latest-5.7.14-1.mga7.i586.rpm kernel-server-devel-latest-5.7.14-1.mga7.i586.rpm kernel-source-5.7.14-1.mga7-1-1.mga7.noarch.rpm kernel-source-latest-5.7.14-1.mga7.noarch.rpm kernel-doc-5.7.14-1.mga7.noarch.rpm kernel-userspace-headers-5.7.14-1.mga7.i586.rpm perf-5.7.14-1.mga7.i586.rpm cpupower-5.7.14-1.mga7.i586.rpm cpupower-devel-5.7.14-1.mga7.i586.rpm bpftool-5.7.14-1.mga7.i586.rpm libbpf0-5.7.14-1.mga7.i586.rpm libbpf-devel-5.7.14-1.mga7.i586.rpm virtualbox-kernel-5.7.14-desktop586-1.mga7-6.0.24-4.mga7.i586.rpm virtualbox-kernel-desktop586-latest-6.0.24-4.mga7.i586.rpm virtualbox-kernel-5.7.14-desktop-1.mga7-6.0.24-4.mga7.i586.rpm virtualbox-kernel-desktop-latest-6.0.24-4.mga7.i586.rpm virtualbox-kernel-5.7.14-server-1.mga7-6.0.24-4.mga7.i586.rpm virtualbox-kernel-server-latest-6.0.24-4.mga7.i586.rpm xtables-addons-3.10-1.mga7.i586.rpm iptaccount-3.10-1.mga7.i586.rpm xtables-geoip-3.10-1.mga7.noarch.rpm libaccount0-3.10-1.mga7.i586.rpm libaccount-devel-3.10-1.mga7.i586.rpm dkms-xtables-addons-3.10-1.mga7.i586.rpm xtables-addons-kernel-5.7.14-desktop586-1.mga7-3.10-2.mga7.i586.rpm xtables-addons-kernel-desktop586-latest-3.10-2.mga7.i586.rpm xtables-addons-kernel-5.7.14-desktop-1.mga7-3.10-2.mga7.i586.rpm xtables-addons-kernel-desktop-latest-3.10-2.mga7.i586.rpm xtables-addons-kernel-5.7.14-server-1.mga7-3.10-2.mga7.i586.rpm xtables-addons-kernel-server-latest-3.10-2.mga7.i586.rpm x86_64: kernel-desktop-5.7.14-1.mga7-1-1.mga7.x86_64.rpm kernel-desktop-devel-5.7.14-1.mga7-1-1.mga7.x86_64.rpm kernel-desktop-latest-5.7.14-1.mga7.x86_64.rpm kernel-desktop-devel-latest-5.7.14-1.mga7.x86_64.rpm kernel-server-5.7.14-1.mga7-1-1.mga7.x86_64.rpm kernel-server-devel-5.7.14-1.mga7-1-1.mga7.x86_64.rpm kernel-server-latest-5.7.14-1.mga7.x86_64.rpm kernel-server-devel-latest-5.7.14-1.mga7.x86_64.rpm kernel-source-5.7.14-1.mga7-1-1.mga7.noarch.rpm kernel-source-latest-5.7.14-1.mga7.noarch.rpm kernel-doc-5.7.14-1.mga7.noarch.rpm kernel-userspace-headers-5.7.14-1.mga7.x86_64.rpm perf-5.7.14-1.mga7.x86_64.rpm cpupower-5.7.14-1.mga7.x86_64.rpm cpupower-devel-5.7.14-1.mga7.x86_64.rpm bpftool-5.7.14-1.mga7.x86_64.rpm lib64bpf0-5.7.14-1.mga7.x86_64.rpm lib64bpf-devel-5.7.14-1.mga7.x86_64.rpm virtualbox-kernel-5.7.14-desktop-1.mga7-6.0.24-4.mga7.x86_64.rpm virtualbox-kernel-desktop-latest-6.0.24-4.mga7.x86_64.rpm virtualbox-kernel-5.7.14-server-1.mga7-6.0.24-4.mga7.x86_64.rpm virtualbox-kernel-server-latest-6.0.24-4.mga7.x86_64.rpm xtables-addons-3.10-1.mga7.x86_64.rpm iptaccount-3.10-1.mga7.x86_64.rpm xtables-geoip-3.10-1.mga7.noarch.rpm lib64account0-3.10-1.mga7.x86_64.rpm lib64account-devel-3.10-1.mga7.x86_64.rpm dkms-xtables-addons-3.10-1.mga7.x86_64.rpm xtables-addons-kernel-5.7.14-desktop-1.mga7-3.10-2.mga7.x86_64.rpm xtables-addons-kernel-desktop-latest-3.10-2.mga7.x86_64.rpm xtables-addons-kernel-5.7.14-server-1.mga7-3.10-2.mga7.x86_64.rpm xtables-addons-kernel-server-latest-3.10-2.mga7.x86_64.rpm
(In reply to PC LX from comment #35) > Continuing comment 34 ... > > This is a regression. The dkms-nvidia340 build OK for kernel > 5.6.14-desktop-2.mga7. > > $ dkms status > nvidia340, 340.108-6.mga7.nonfree, 5.6.14-desktop-2.mga7, x86_64: installed Please file a separate bug for this.
In a Vbox client, M7.1, Gnome, 32-bit [root@localhost wilcal]# uname -a Linux localhost 5.6.14-desktop586-2.mga7 #1 SMP Wed May 20 23:04:13 UTC 2020 i686 i686 i386 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop586-latest Package kernel-desktop586-latest-5.6.14-2.mga7.i586 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.6.14-2.mga7.i586 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work. Install kernel-desktop586-latest cpupower from updates testing The following 3 packages are going to be installed: - cpupower-5.7.13-3.mga7.i586 - kernel-desktop586-5.7.13-3.mga7-1-1.mga7.i586 - kernel-desktop586-latest-5.7.13-3.mga7.i586 Reboot system. [root@localhost wilcal]# uname -a Linux localhost 5.7.13-desktop586-3.mga7 #1 SMP Thu Aug 6 11:56:29 UTC 2020 i686 i686 i386 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop586-latest Package kernel-desktop586-latest-5.7.13-3.mga7.i586 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.7.13-3.mga7.i586 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work.
CC: (none) => wilcal.int
In a Vbox client, M7.1, Plasma, 64-bit Testing: kernel-desktop-latest cpupower [root@localhost wilcal]# uname -a Linux localhost 5.6.14-desktop-2.mga7 #1 SMP Wed May 20 23:14:20 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-5.6.14-2.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.6.14-2.mga7.x86_64 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work. Install kernel-desktop-latest cpupower from updates testing The following 3 packages are going to be installed: - cpupower-5.7.13-3.mga7.x86_64 - kernel-desktop-5.7.13-3.mga7-1-1.mga7.x86_64 - kernel-desktop-latest-5.7.13-3.mga7.x86_64 - rpm-plugin-systemd-inhibit-4.14.3-1.mga7.x86_64 Reboot system. [root@localhost wilcal]# uname -a Linux localhost 5.7.13-desktop-3.mga7 #1 SMP Thu Aug 6 11:56:15 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-5.7.13-3.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.7.13-3.mga7.x86_64 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work.
(In reply to David Walser from comment #38) > (In reply to PC LX from comment #35) > > Continuing comment 34 ... > > > > This is a regression. The dkms-nvidia340 build OK for kernel > > 5.6.14-desktop-2.mga7. > > > > $ dkms status > > nvidia340, 340.108-6.mga7.nonfree, 5.6.14-desktop-2.mga7, x86_64: installed > > Please file a separate bug for this. Done. Bug 27062.
Compaq Presario C700 Mageia 7 32 bit Plasma DE lscpu ~ Model name: Intel(R) Celeron(R) M CPU 530 @ 1.73GHz lspcidrake ~ wl: Broadcom Inc. and subsidiaries|BCM4311 802.11b/g WLAN [NETWORK_OTHER] (rev: 02) uname -r 5.7.13-desktop-3.mga7 To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Updates Testing (distrib5)") cpupower 5.7.14 1.mga7 i586 kernel-desktop-5.7.14-1.mga7 1 1.mga7 i586 kernel-desktop-devel-5.7.14-1> 1 1.mga7 i586 kernel-desktop-devel-latest 5.7.14 1.mga7 i586 kernel-desktop-latest 5.7.14 1.mga7 i586 kernel-userspace-headers 5.7.14 1.mga7 i586 (medium "Nonfree Updates Testing (distrib15)") radeon-firmware 20200721 2.mga7.nonfr> noarch 107MB of additional disk space will be used. 72MB of packages will be retrieved. Proceed with the installation of the 7 packages? (Y/n) y reboot uname -r 5.7.14-desktop-1.mga7 firefox -ok
On real hardware, M7.1, Plasma, 64-bit install from update_testing: kernel-desktop-latest virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo kernel-desktop-devel-latest cpupower The following 5 packages are going to be installed: - cpupower-5.7.13-3.mga7.x86_64 - kernel-desktop-5.7.13-3.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-5.7.13-3.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-latest-5.7.13-3.mga7.x86_64 - kernel-desktop-latest-5.7.13-3.mga7.x86_64 [root@localhost wilcal]# uname -a Linux localhost 5.7.13-desktop-3.mga7 #1 SMP Thu Aug 6 11:56:15 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-5.7.13-3.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox Package virtualbox-6.0.24-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi x11-driver-video-vboxvideo Package x11-driver-video-vboxvideo-1.0.0-5.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi kernel-desktop-devel-latest Package kernel-desktop-devel-latest-5.7.13-3.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.7.13-3.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi dkms-vboxadditions Package dkms-vboxadditions-6.0.24-1.mga7.noarch is already installed [root@localhost wilcal]# urpmi dkms-virtualbox Package dkms-virtualbox-6.0.24-1.mga7.noarch is already installed [root@localhost wilcal]# lspci -k 00:02.0 VGA compatible controller: Intel Corporation Iris Plus Graphics G1 (Ice Lake) (rev 07) DeviceName: To Be Filled by O.E.M. Subsystem: Dell Device 097c Kernel driver in use: i915 Kernel modules: i915 Mageia-8-beta1-Live-Plasma-x86_64.iso Runs as a Vbox client. Works just fine. Boots to a working desktop. Mageia-8-beta1-Live-GNOME-x86_64.iso Runs as a Vbox client. Works just fine. Boots to a working desktop. Mageia-8-beta1-x86_64.iso Installed and runs properly Updates then reboots back to a working desktop
(In reply to David Walser from comment #11) > dkms-bbswitch Fixed for kernel 5.7 in Bug 27064.
Recent firmware already installed. 5.6.14-desktop-2.mga7 x86_64 Intel Core i7-4790 type: MT MCP GM204 [GeForce GTX 970] driver: nvidia 430.64 Realtek RTL8111/8168/8411 : r8169 Installed 5.7.14 and 3.10.1,2 packages. Rebooted but lost the nvidia driver. It was not rebuilt during boot. Otherwise the system looks fully functional. $ uname -r 5.7.14-desktop-1.mga7 About to try to recover the nvidia graphics driver. Tried drakx11. Rebooted smoothly to Mate desktop. nvidia graphics working. NAS/NFS shares mounted automatically. virtualbox works. Network logins work. stress tests complete. cpupower responds to cli. perf sanity checks OK. Sound and video work fine - tested via vlc and TV adapter.
CC: (none) => tarazed25
on mga7-64 kernel-desktop plasma Packages installed cleanly: - cpupower-5.7.14-1.mga7.x86_64 - kernel-desktop-5.7.14-1.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-5.7.14-1.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-latest-5.7.14-1.mga7.x86_64 - kernel-desktop-latest-5.7.14-1.mga7.x86_64 - kernel-userspace-headers-5.7.14-1.mga7.x86_64 - virtualbox-kernel-5.7.14-desktop-1.mga7-6.0.24-4.mga7.x86_64 - virtualbox-kernel-desktop-latest-6.0.24-4.mga7.x86_64 system re-booted normally: uname-r 5.7.14-desktop-1.mga7 # dkms status virtualbox, 6.0.24-1.mga7, 5.7.14-desktop-1.mga7, x86_64: installed virtualbox, 6.0.24-1.mga7, 5.6.14-desktop-2.mga7, x86_64: installed virtualbox, 6.0.24-1.mga7, 5.7.14-desktop-1.mga7, x86_64: installed-binary from 5.7.14-desktop-1.mga7 virtualbox, 6.0.24-1.mga7, 5.6.14-desktop-2.mga7, x86_64: installed-binary from 5.6.14-desktop-2.mga7 no regressions observed vbox and client launched normally looks OK for mga7-64 on this system: Mobo: Dell model: 09WH54 v: UEFI [Legacy]: Dell v: 2.13.1 CPU: Intel Core i7-6700 Graphics: Intel HD Graphics 530 (Skylake GT2)
CC: (none) => jim
on mga7-32 in a vbox VM kernel-desktop586 plasma packages installed cleanly: - cpupower-5.7.14-1.mga7.i586 - kernel-desktop586-5.7.14-1.mga7-1-1.mga7.i586 - kernel-desktop586-devel-5.7.14-1.mga7-1-1.mga7.i586 - kernel-desktop586-devel-latest-5.7.14-1.mga7.i586 - kernel-desktop586-latest-5.7.14-1.mga7.i586 - kernel-userspace-headers-5.7.14-1.mga7.i586 VM re-booted normally: $ uname -r 5.7.14-desktop586-1.mga7 # dkms status vboxadditions, 6.0.24-1.mga7: added No regressions noted OK for mga7-32 in a vbox VM
Updating from my comment 26, still all OK :) 64 bit OK on My machine "svarten": Mainboard: Sabertooth P67, CPU: i7-3770, RAM 16G, Nvidia GTX760 (GK104) using nvidia-current; GeForce 635 series and later, 4k display. Also the new firmwares installed. Disk&Filesystem: SSD with EFI and ext 4 /boot, then an encrypted partition for LVM, containing swap and ext4 /home & / Plasma desktop Thunderbird, LibreOffice, Ktorrent, Syncthing, Nextcloud client... Video with sound in Firefox CUDA and OpenCL detected and used by BOINC. Stress test: BOINC use all cores to 100%, videos do not stutter. Also virtualbox 6.0.24-1 seem OK running MSW7 64 bit guest incl folder sharing, USB label printer, bidirectional clipboard, dynamic guest window resizing. All as usual, need to free 2 CPU from BOINC to avoid video stutter in guest firefox, playing from internet. Updated before test: - cpupower-5.7.14-1.mga7.x86_64 - kernel-desktop-5.7.14-1.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-5.7.14-1.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-latest-5.7.14-1.mga7.x86_64 - kernel-desktop-latest-5.7.14-1.mga7.x86_64 - kernel-userspace-headers-5.7.14-1.mga7.x86_64 - virtualbox-kernel-5.7.14-desktop-1.mga7-6.0.24-4.mga7.x86_64 - virtualbox-kernel-desktop-latest-6.0.24-4.mga7.x86_64 reboot $ uname -a Linux svarten.tribun 5.7.14-desktop-1.mga7 #1 SMP Fri Aug 7 14:45:09 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ sudo dkms status virtualbox, 6.0.24-1.mga7, 5.7.13-desktop-2.mga7, x86_64: installed virtualbox, 6.0.24-1.mga7, 5.6.14-desktop-2.mga7, x86_64: installed virtualbox, 6.0.24-1.mga7, 5.7.13-desktop-3.mga7, x86_64: installed virtualbox, 6.0.24-1.mga7, 5.7.14-desktop-1.mga7, x86_64: installed nvidia-current, 430.64-8.mga7.nonfree, 5.7.13-desktop-2.mga7, x86_64: installed nvidia-current, 430.64-8.mga7.nonfree, 5.6.14-desktop-2.mga7, x86_64: installed nvidia-current, 430.64-8.mga7.nonfree, 5.7.13-desktop-3.mga7, x86_64: installed nvidia-current, 430.64-8.mga7.nonfree, 5.7.14-desktop-1.mga7, x86_64: installed virtualbox, 6.0.24-1.mga7, 5.7.13-desktop-2.mga7, x86_64: installed-binary from 5.7.13-desktop-2.mga7 virtualbox, 6.0.24-1.mga7, 5.6.14-desktop-2.mga7, x86_64: installed-binary from 5.6.14-desktop-2.mga7 virtualbox, 6.0.24-1.mga7, 5.7.13-desktop-3.mga7, x86_64: installed-binary from 5.7.13-desktop-3.mga7 virtualbox, 6.0.24-1.mga7, 5.7.14-desktop-1.mga7, x86_64: installed-binary from 5.7.14-desktop-1.mga7
Hi, I have tested kernel 5.7.14, with Nvidia 390 driver, a compilation bug appears. This is appears in konsole: nvidia390 (390.132-6.mga7.nonfree): Installing module. ................(bad exit status: 10) Build failed. Installation skipped. Creating: target|kernel|dracut args|basicmodules
Phys Hardware: AMD x2-3800, nvidia 6150le (nouveau) The following 3 packages are going to be installed: - cpupower-5.7.14-1.mga7.i586 - kernel-server-5.7.14-1.mga7-1-1.mga7.i586 - kernel-server-latest-5.7.14-1.mga7.i586 --- rebooted $ uname -a Linux localhost 5.7.14-server-1.mga7 #1 SMP Fri Aug 7 16:00:06 UTC 2020 i686 i686 i386 GNU/Linux nextcloud server working samba server working
CC: (none) => brtians1
Compaq 8510W Mobile Workstation XFCE DE Model name: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz Card:NVIDIA GeForce 8100 to GeForce 415: NVIDIA Corporation|G84GLM [Quadro FX 570M] [DISPLAY_VGA] (rev: a1) uname -r 5.6.14-desktop-2.mga7 To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Updates Testing (distrib5)") cpupower 5.7.14 1.mga7 x86_64 kernel-desktop-5.7.14-1.mga7 1 1.mga7 x86_64 kernel-desktop-devel-5.7.14-1> 1 1.mga7 x86_64 kernel-desktop-devel-latest 5.7.14 1.mga7 x86_64 kernel-desktop-latest 5.7.14 1.mga7 x86_64 kernel-userspace-headers 5.7.14 1.mga7 x86_64 (medium "Nonfree Updates Testing (distrib15)") kernel-firmware-nonfree 20200721 1.mga7.nonfr> noarch radeon-firmware 20200721 2.mga7.nonfr> noarch 133MB of additional disk space will be used. 171MB of packages will be retrieved. Proceed with the installation of the 8 packages? (Y/n) y nvidia340 (340.108-6.mga7.nonfree): Installing module. .....................(bad exit status: 10) Build failed. Installation skipped. Creating: target|kernel|dracut args|basicmodules remove-boot-splash: Format of /boot/initrd-5.7.14-desktop-1.mga7.img not recognized You should restart your computer for kernel-desktop-5.7.14-1.mga7 reboot nvidia340 driver built during boot, and asked for a reboot nvidia340driver not installed! reboot to working desktop -ok uname -r 5.7.14-desktop-1.mga7 [root@localhost ~]# lsmod | grep video video 53248 1 nouveau wifi ok lxterminal - ok mousepad - ok firefox -ok
Depends on: (none) => 27082
Depends on: (none) => 27083
Depends on: 27082, 27083 => 27062
(In reply to David Walser from comment #17) > (In reply to David Walser from comment #12) > > (In reply to David Walser from comment #11) > > > kernel modules: > > > ipt_NETFLOW > > > broadcom-wl > > > dkms-bbswitch > > zfs-fuse > openafs > xtables-addons (and kmod-xtables-addons) sysdig (Bug 27084)
AMD x3, Nvidia 730GT (Nvidia 390 driver) - physical hardware MGA7, Xfce The following 4 packages are going to be installed: - dkms-nvidia390-390.138-1.mga7.nonfree.x86_64 - nvidia390-cuda-opencl-390.138-1.mga7.nonfree.x86_64 - nvidia390-doc-html-390.138-1.mga7.nonfree.x86_64 - x11-driver-video-nvidia390-390.138-1.mga7.nonfree.x86_64 The following 5 packages are going to be installed: - cpupower-5.7.14-1.mga7.x86_64 - kernel-desktop-5.7.14-1.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-5.7.14-1.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-latest-5.7.14-1.mga7.x86_64 - kernel-desktop-latest-5.7.14-1.mga7.x86_64 After reboot # uname -a Linux localhost 5.7.14-desktop-1.mga7 #1 SMP Fri Aug 7 14:45:09 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux # lsmod | grep nvidia nvidia_drm 49152 1 nvidia_modeset 1056768 3 nvidia_drm nvidia 15831040 83 nvidia_modeset ipmi_msghandler 69632 2 ipmi_devintf,nvidia drm_kms_helper 245760 1 nvidia_drm drm 589824 5 drm_kms_helper,nvidia_drm,ttm When installed together working as designed.
Compaq 8510W Mobile Workstation XFCE DE Model name: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz Card:NVIDIA GeForce 8100 to GeForce 415: NVIDIA Corporation|G84GLM [Quadro FX 570M] [DISPLAY_VGA] (rev: a1) uname -r 5.7.14-desktop-1.mga7 To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Nonfree Updates Testing (distrib15)") dkms-nvidia340 340.108 7.mga7.nonfr> x86_64 nvidia340-cuda-opencl 340.108 7.mga7.nonfr> x86_64 nvidia340-devel 340.108 7.mga7.nonfr> x86_64 nvidia340-doc-html 340.108 7.mga7.nonfr> x86_64 x11-driver-video-nvidia340 340.108 7.mga7.nonfr> x86_64 2.2KB of additional disk space will be used. 67MB of packages will be retrieved. Proceed with the installation of the 5 packages? (Y/n) y Creating symlink /var/lib/dkms/nvidia340/340.108-7.mga7.nonfree/source -> /usr/src/nvidia340-340.108-7.mga7.nonfree DKMS: add Completed. Preparing kernel 5.7.14-desktop-1.mga7 for module build: (This is not compiling a kernel, just preparing kernel symbols) /usr/sbin/dkms: line 936: warning: command substitution: ignored null byte in input Storing current .config to be restored when complete Running Generic preparation routine make mrproper....(bad exit status: 2) using /proc/config.gz make oldconfig....(bad exit status: 2) make prepare....(bad exit status: 2) Building module: cleaning build area....(bad exit status: 2) 'make' -j2 SYSSRC=/lib/modules/5.7.14-desktop-1.mga7/build module................... cleaning build area....(bad exit status: 2) cleaning kernel tree (make mrproper)....(bad exit status: 2) DKMS: build Completed. nvidia340.ko.xz: - Installation - Installing to /lib/modules/5.7.14-desktop-1.mga7/dkms/drivers/char/drm/ depmod....... DKMS: install Completed. KMS: uninstall Completed. -------- Uninstall Beginning -------- Module: nvidia340 Version: 340.108-6.mga7.nonfree Kernel: 5.6.6-desktop-1.mga7 (x86_64) ------------------------------------- Status: Before uninstall, this module version was ACTIVE on this kernel. nvidia340.ko.xz: - Uninstallation - Deleting from: /lib/modules/5.6.6-desktop-1.mga7/dkms/drivers/char/drm/ - Original module - No original module was found for this module on this kernel. - Use the dkms install command to reinstall any previous module version. depmod...... DKMS: uninstall Completed. -------- Uninstall Beginning -------- Module: nvidia340 Version: 340.108-6.mga7.nonfree Kernel: 5.5.15-desktop-3.mga7 (x86_64) ------------------------------------- Status: Before uninstall, this module version was ACTIVE on this kernel. nvidia340.ko.xz: - Uninstallation - Deleting from: /lib/modules/5.5.15-desktop-3.mga7/dkms/drivers/char/drm/ - Original module - No original module was found for this module on this kernel. - Use the dkms install command to reinstall any previous module version. depmod...... DKMS: uninstall Completed. ------------------------------ Deleting module version: 340.108-6.mga7.nonfree completely from the DKMS tree. ------------------------------ Done. reboot check video driver: nouveau driver in use drakx11 to change to prop. nvidea and reboot. reboot to working desktop -ok # lsmod | grep video video 53248 0 # lsmod | grep nvidia nvidia 10608640 55 drm 589824 5 drm_kms_helper,nvidia,ttm uname -r 5.7.14-desktop-1.mga7 wifi ok lxterminal - ok mousepad - ok firefox -ok
(In reply to David Walser from comment #11) > userspace tools: > ipset (Bug 26697 for kernel 5.6) > strace (Bug 26786) > ethtool (Bug 26820) > iproute2 (Bug 27005) > libseccomp (Bug 27051) iw (5.4 is still the newest currently)
Installed the desktop kernel and rebooted without issues. Ethernet up and NFS shares mounted. belexeuli Kernel: 5.7.14-desktop-1.mga7 x86_64 Desktop System: Alienware product: Alienware X51 Mobo: Alienware model: 08PG26 v: A00 Quad Core: Intel Core i7-2600 type: MT MCP Device-2: NVIDIA GF114 [GeForce GTX 555] driver: nvidia v: 390.138 Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Device-2: Qualcomm Atheros AR9285 Wireless Network Adapter driver: ath9k $ rpm -q virtualbox virtualbox-6.0.24-1.mga7 stress tests completed successfully. perf record and report worked fine. # perf test ran 78 tests, some skipped and three showing failures for vfs_getname. $ cpupower frequency-info analyzing CPU 0: driver: intel_pstate CPUs which run at the same hardware frequency: 0 CPUs which need to have their frequency coordinated by software: 0 maximum transition latency: Cannot determine or is not supported. hardware limits: 1.60 GHz - 3.80 GHz available cpufreq governors: performance powersave current policy: frequency should be within 1.60 GHz and 3.80 GHz. ... glxspheres works, glmark2 does not. Desktop running smoothly.
(In reply to David Walser from comment #52) > (In reply to David Walser from comment #17) > > (In reply to David Walser from comment #12) > > > (In reply to David Walser from comment #11) > > > > kernel modules: > > > > ipt_NETFLOW > > > > broadcom-wl > > > > dkms-bbswitch > > > zfs-fuse > > openafs > > xtables-addons (and kmod-xtables-addons) > sysdig (Bug 27084) dkms-rtl8192eu (Bug 27097)
One more CVE is now known to have been fixed in 5.7.14. Updating the advisory: https://www.linuxkernelcves.com/cves/CVE-2020-16166 Updated kernel packages fix security vulnerabilities: This provides an update to kernel 5.7 series, currently based on upstream 5.7.14 adding support for new hardware and features, and fixes at least the following security issues: An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c (CVE-2019-18814). relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result (CVE-2019-19462). Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2020-0543). A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data (CVE-2020-10732). A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system (CVE-2020-10757). A logic bug flaw was found in the Linux kernel’s implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality (CVE-2020-10766). A flaw was found in the Linux kernel’s implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality (CVE-2020-10767). A flaw was found in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality (CVE-2020-10768). A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable (CVE-2020-10781). In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak (CVE-2020-15393). An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions (CVE-2020-15780). An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen (CVE-2020-15852). The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG. This is related to drivers/char/random.c and kernel/time/timer.c (CVE-2020-16166). For other upstream fixes and changes in this update, see the referenced changelogs. Also, the xtables-addons package has been updated to version 3.10. References: https://kernelnewbies.org/Linux_5.7 https://www.linuxkernelcves.com/cves/CVE-2019-18814 https://www.linuxkernelcves.com/cves/CVE-2019-19462 https://www.linuxkernelcves.com/cves/CVE-2020-0543 https://www.linuxkernelcves.com/cves/CVE-2020-10732 https://www.linuxkernelcves.com/cves/CVE-2020-10757 https://www.linuxkernelcves.com/cves/CVE-2020-10766 https://www.linuxkernelcves.com/cves/CVE-2020-10767 https://www.linuxkernelcves.com/cves/CVE-2020-10768 https://www.linuxkernelcves.com/cves/CVE-2020-10781 https://www.linuxkernelcves.com/cves/CVE-2020-15393 https://www.linuxkernelcves.com/cves/CVE-2020-15780 https://www.linuxkernelcves.com/cves/CVE-2020-15852 https://www.linuxkernelcves.com/cves/CVE-2020-16166 https://access.redhat.com/security/cve/CVE-2020-10766 https://access.redhat.com/security/cve/CVE-2020-10767 https://access.redhat.com/security/cve/CVE-2020-10768 https://access.redhat.com/security/cve/CVE-2020-10781 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.1 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.2 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.4 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.6 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.9 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.10 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.12 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.13 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.14
(In reply to David Walser from comment #57) > (In reply to David Walser from comment #52) > > (In reply to David Walser from comment #17) > > > (In reply to David Walser from comment #12) > > > > (In reply to David Walser from comment #11) > > > > > kernel modules: > > > > > ipt_NETFLOW > > > > > broadcom-wl > > > > > dkms-bbswitch > > > > zfs-fuse > > > openafs > > > xtables-addons (and kmod-xtables-addons) > > sysdig (Bug 27084) > dkms-rtl8192eu (Bug 27097) I have reported in (Bug 27097) that dkms-rtl8192eu now works fine.
(In reply to Jose Manuel López from comment #59) > > I have reported in (Bug 27097) that dkms-rtl8192eu now works fine. You reported that it works with the 5.8.1 kernel in M8. That's great, but we also need a test with the 5.7.14 kernel in M7 before we can validate.
CC: (none) => andrewsfarm
i5-2500, 16GB RAM, integrated Intel graphics, wired Internet connection, 64-bit Plasma system. The following 6 packages are going to be installed: - cpupower-5.7.14-1.mga7.x86_64 - kernel-desktop-5.7.14-1.mga7-1-1.mga7.x86_64 - kernel-desktop-latest-5.7.14-1.mga7.x86_64 - kernel-userspace-headers-5.7.14-1.mga7.x86_64 - virtualbox-kernel-5.7.14-desktop-1.mga7-6.0.24-4.mga7.x86_64 - virtualbox-kernel-desktop-latest-6.0.24-4.mga7.x86_64 All packages installed cleanly. The various firmware packages from Bug 27052 had already been installed. I have been using this kernel for almost two days with no regressions noted. Also HP Probook 6550b, i3, 8GB RAM, integrated Intel graphics, Intel wifi, 64-bit Plasma system. Same packages installed, including the firmware. This one used for two hours this morning, with no regressions noted.
Dell Inspiron 5100, P4, 2GB RAM, Radeon RV200 graphics, old Atheros wifi, 32-bit Xfce system. Installing firmware and kernel in one operation. The following 8 packages are going to be installed: - cpupower-5.7.14-1.mga7.i586 - iwlwifi-firmware-20200721-1.mga7.nonfree.noarch - kernel-desktop-5.7.14-1.mga7-1-1.mga7.i586 - kernel-desktop-latest-5.7.14-1.mga7.i586 - kernel-firmware-nonfree-20200721-1.mga7.nonfree.noarch - radeon-firmware-20200721-2.mga7.nonfree.noarch - ralink-firmware-20200721-1.mga7.nonfree.noarch - rtlwifi-firmware-20200721-1.mga7.nonfree.noarch No installation issues. Did a cold boot, and the display looks good. Tried this and that, including using Firefox to write this report. No regressions noted. Looks like this old hardware can keep chugging along...
Installed and tested without issues. System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia Geforce 210 using nvidia340 proprietary driver. Tested for two days of workstation usage and some explicit testing. Boot, reboot and poweroff all worked. Bunch of programs tested including some proprietary like steam, steam games, teamviewer, google chrome and google earth. $ uname -a Linux marte 5.7.14-desktop-1.mga7 #1 SMP Fri Aug 7 14:45:09 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ dkms status nvidia340, 340.108-7.mga7.nonfree, 5.6.14-desktop-2.mga7, x86_64: installed nvidia340, 340.108-7.mga7.nonfree, 5.7.13-desktop-3.mga7, x86_64: installed nvidia340, 340.108-7.mga7.nonfree, 5.7.14-desktop-1.mga7, x86_64: installed $ rpm -qa | egrep '(nvidia|kernel|dkms)' | sort dkms-2.0.19-40.mga7 dkms-minimal-2.0.19-40.mga7 dkms-nvidia340-340.108-7.mga7.nonfree kernel-desktop-5.6.14-2.mga7-1-1.mga7 kernel-desktop-5.7.13-3.mga7-1-1.mga7 kernel-desktop-5.7.14-1.mga7-1-1.mga7 kernel-desktop-devel-5.6.14-2.mga7-1-1.mga7 kernel-desktop-devel-5.7.13-3.mga7-1-1.mga7 kernel-desktop-devel-5.7.14-1.mga7-1-1.mga7 kernel-desktop-devel-latest-5.7.14-1.mga7 kernel-desktop-latest-5.7.14-1.mga7 kernel-firmware-20190603-1.mga7 kernel-firmware-nonfree-20200721-1.mga7.nonfree kernel-userspace-headers-5.7.14-1.mga7 nvidia340-doc-html-340.108-7.mga7.nonfree x11-driver-video-nvidia340-340.108-7.mga7.nonfree $ lspcidrake ehci_pci : Intel Corporation|NM10/ICH7 Family USB2 EHCI Controller [SERIAL_USB] (rev: 01) Card:NVIDIA GeForce 8100 to GeForce 415: NVIDIA Corporation|GT218 [GeForce 210] [DISPLAY_VGA] (rev: a2) uhci_hcd : Intel Corporation|NM10/ICH7 Family USB UHCI Controller #1 [SERIAL_USB] (rev: 01) uhci_hcd : Intel Corporation|NM10/ICH7 Family USB UHCI Controller #3 [SERIAL_USB] (rev: 01) ata_piix : Intel Corporation|82801G (ICH7 Family) IDE Controller [STORAGE_IDE] (rev: 01) unknown : Intel Corporation|NM10/ICH7 Family PCI Express Port 2 [BRIDGE_PCI] (rev: 01) unknown : Intel Corporation|4 Series Chipset DRAM Controller [BRIDGE_HOST] (rev: 03) i2c_i801 : Intel Corporation|NM10/ICH7 Family SMBus Controller [SERIAL_SMBUS] (rev: 01) unknown : Intel Corporation|82801 PCI Bridge [BRIDGE_PCI] (rev: e1) snd_hda_intel : Intel Corporation|NM10/ICH7 Family High Definition Audio Controller [MULTIMEDIA_AUDIO_DEV] (rev: 01) r8169 : Realtek Semiconductor Co., Ltd.|RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller [NETWORK_ETHERNET] (rev: 11) snd_hda_intel : NVIDIA Corporation|High Definition Audio Controller [MULTIMEDIA_AUDIO_DEV] (rev: a1) uhci_hcd : Intel Corporation|NM10/ICH7 Family USB UHCI Controller #2 [SERIAL_USB] (rev: 01) unknown : Intel Corporation|4 Series Chipset PCI Express Root Port [BRIDGE_PCI] (rev: 03) intel_rng : Intel Corporation|82801GB/GR (ICH7 Family) LPC Interface Bridge [BRIDGE_ISA] (rev: 01) uhci_hcd : Intel Corporation|NM10/ICH7 Family USB UHCI Controller #4 [SERIAL_USB] (rev: 01) unknown : Intel Corporation|NM10/ICH7 Family PCI Express Port 1 [BRIDGE_PCI] (rev: 01) ata_piix : Intel Corporation|NM10/ICH7 Family SATA Controller [IDE mode] [STORAGE_IDE] (rev: 01) hub : Linux 5.7.14-desktop-1.mga7 ehci_hcd|EHCI Host Controller [Hub|Unused|Full speed (or root) hub] hub : Genesys Logic, Inc.|USB2.0 Hub [Hub|Unused|Full speed (or root) hub] usbhid : USB|USB Keyboard [Human Interface Device|Boot Interface Subclass|Keyboard] usbhid : Sunplus Technology Co., Ltd|USB Laser Wheel Mouse [Human Interface Device|Boot Interface Subclass|Mouse] usb_storage : Generic|Mass Storage Device [Mass Storage|SCSI|Bulk-Only] hub : Linux 5.7.14-desktop-1.mga7 uhci_hcd|UHCI Host Controller [Hub|Unused|Full speed (or root) hub] Mouse:evdev : Logitech|USB Receiver [Human Interface Device|Boot Interface Subclass|Keyboard] hub : Linux 5.7.14-desktop-1.mga7 uhci_hcd|UHCI Host Controller [Hub|Unused|Full speed (or root) hub] hub : Linux 5.7.14-desktop-1.mga7 uhci_hcd|UHCI Host Controller [Hub|Unused|Full speed (or root) hub] hub : Linux 5.7.14-desktop-1.mga7 uhci_hcd|UHCI Host Controller [Hub|Unused|Full speed (or root) hub] hid_generic : Logitech USB Receiver hid_generic : USB USB Keyboard hid_generic : Logitech Wireless Keyboard PID:0055 hid_generic : USB Laser Wheel Mouse hid_generic : Logitech USB Receiver hid_generic : USB USB Keyboard hid_generic : Logitech Wireless Mouse PID:003f
Kernel: 5.7.14-desktop-1.mga7 x86_64 Mobo: ASUSTeK model: TUF X299 MARK 2 Intel Core i9-7900X type: MT MCP NVIDIA GP102 [GeForce GTX 1080 Ti] driver: nvidia v: 430.64 Intel Ethernet I219-V driver: e1000e Installed all desktop packages and rebooted. Kernel not listed so tried 'dracut -f' which rebuilt initrd for kernel 5.6.13. Ran "drakboot --boot' manually and selected 5.7.14. On third reboot it took and rebuilt nvidia module at the same time. Desktop running fine. $ stress -c 11 -t 25 stress: info: [5113] dispatching hogs: 11 cpu, 0 io, 0 vm, 0 hdd stress: info: [5113] successful run completed in 25s $ stress -i 4 -m 3 -t 25 stress: info: [6269] dispatching hogs: 0 cpu, 4 io, 3 vm, 0 hdd stress: info: [6269] successful run completed in 25s $ stress -d 4 -t 25 stress: info: [8538] dispatching hogs: 0 cpu, 0 io, 0 vm, 4 hdd stress: info: [8538] successful run completed in 25s $ cpupower idle-info CPUidle driver: intel_idle CPUidle governor: menu analyzing CPU 0: Number of idle states: 4 Available idle states: POLL C1 C1E C6 ........ $ perf test 1: vmlinux symtab matches kallsyms : FAILED! 2: Detect openat syscall event : FAILED! 3: Detect openat syscall event on all cpus : FAILED! 4: Read samples using the mmap interface : FAILED! 5: Test data source output : Ok [...] 20: Breakpoint overflow signal handler : Ok 21: Breakpoint overflow sampling : Ok 22: Breakpoint accounting : Skip 23: Watchpoint : 23.1: Read Only Watchpoint : Skip 23.2: Write Only Watchpoint : Ok 23.3: Read / Write Watchpoint : Ok [...] 40.1: Basic BPF llvm compile : Ok 40.2: kbuild searching : Ok 40.3: Compile source for BPF prologue generation : Ok 40.4: Compile source for BPF relocation : Ok 41: Session topology : Ok [...] 67: x86 instruction decoder - new instructions : Ok 68: Intel PT packet decoder : Ok 69: x86 bp modify : Ok 70: Use vfs_getname probe to get syscall args filenames : FAILED! 71: probe libc's inet_pton & backtrace it with ping : Skip 72: Add vfs_getname probe to get syscall args filenames : FAILED! 73: Zstd perf.data compression/decompression : Skip 74: Check open filename arg using perf trace + vfs_getname: FAILED! glmark2 runs. Desktop fully functional. NAS/NFS working. Sound and video OK.
In a Vbox client, M7.1, Gnome, 32-bit [root@localhost wilcal]# uname -a Linux localhost 5.6.14-desktop586-2.mga7 #1 SMP Wed May 20 23:04:13 UTC 2020 i686 i686 i386 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop586-latest Package kernel-desktop586-latest-5.6.14-2.mga7.i586 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.6.14-2.mga7.i586 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work. Install kernel-desktop586-latest cpupower from updates testing The following 3 packages are going to be installed: - cpupower-5.7.14-1.mga7.i586 - kernel-desktop586-5.7.14-1.mga7-1-1.mga7.i586 - kernel-desktop586-latest-5.7.14-1.mga7.i586 Reboot system. [root@localhost wilcal]# uname -a Linux localhost 5.7.14-desktop586-1.mga7 #1 SMP Fri Aug 7 14:46:00 UTC 2020 i686 i686 i386 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop586-latest Package kernel-desktop586-latest-5.7.14-1.mga7.i586 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.7.14-1.mga7.i586 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work.
In a Vbox client, M7.1, Plasma, 64-bit Testing: kernel-desktop-latest cpupower [root@localhost wilcal]# uname -a Linux localhost 5.6.14-desktop-2.mga7 #1 SMP Wed May 20 23:14:20 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-5.6.14-2.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.6.14-2.mga7.x86_64 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work. Install kernel-desktop-latest cpupower from updates testing The following 3 packages are going to be installed: - cpupower-5.7.14-1.mga7.x86_64 - kernel-desktop-5.7.14-1.mga7-1-1.mga7.x86_64 - kernel-desktop-latest-5.7.14-1.mga7.x86_64 Reboot system. [root@localhost wilcal]# uname -a Linux localhost 5.7.14-desktop-1.mga7 #1 SMP Fri Aug 7 14:45:09 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-5.7.14-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Boots to a working desktop. Screen resolution is correct. Common apps work.
On real hardware, M7.1, Plasma, 64-bit initial status: kernel-desktop-latest virtualbox virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo kernel-desktop-devel-latest cpupower dkms-vboxadditions dkms-virtualbox [root@localhost wilcal]# uname -a Linux localhost 5.6.14-desktop-2.mga7 #1 SMP Wed May 20 23:14:20 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-5.6.14-2.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox Package virtualbox-6.0.24-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi x11-driver-video-vboxvideo Package x11-driver-video-vboxvideo-1.0.0-5.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi kernel-desktop-devel-latest Package kernel-desktop-devel-latest-5.6.14-2.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.6.14-2.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi dkms-vboxadditions Package dkms-vboxadditions-6.0.24-1.mga7.noarch is already installed [root@localhost wilcal]# urpmi dkms-virtualbox Package dkms-virtualbox-6.0.24-1.mga7.noarch is already installed [root@localhost wilcal]# lspci -k 00:02.0 VGA compatible controller: Intel Corporation Iris Plus Graphics G1 (Ice Lake) (rev 07) DeviceName: To Be Filled by O.E.M. Subsystem: Dell Device 097c Kernel driver in use: i915 Kernel modules: i915 Mageia-7-Live-Xfce-i586.iso Runs as a Vbox client. Works just fine. Boots to a working desktop. install from update_testing: kernel-desktop-latest virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo kernel-desktop-devel-latest cpupower The following 7 packages are going to be installed: - cpupower-5.7.14-1.mga7.x86_64 - kernel-desktop-5.7.14-1.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-5.7.14-1.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-latest-5.7.14-1.mga7.x86_64 - kernel-desktop-latest-5.7.14-1.mga7.x86_64 - virtualbox-kernel-5.7.14-desktop-1.mga7-6.0.24-4.mga7.x86_64 - virtualbox-kernel-desktop-latest-6.0.24-4.mga7.x86_64 [root@localhost wilcal]# uname -a Linux localhost 5.7.14-desktop-1.mga7 #1 SMP Fri Aug 7 14:45:09 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-5.7.14-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox Package virtualbox-6.0.24-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi x11-driver-video-vboxvideo Package x11-driver-video-vboxvideo-1.0.0-5.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi kernel-desktop-devel-latest Package kernel-desktop-devel-latest-5.7.14-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.7.14-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi dkms-vboxadditions Package dkms-vboxadditions-6.0.24-1.mga7.noarch is already installed [root@localhost wilcal]# urpmi dkms-virtualbox Package dkms-virtualbox-6.0.24-1.mga7.noarch is already installed [root@localhost wilcal]# lspci -k 00:02.0 VGA compatible controller: Intel Corporation Iris Plus Graphics G1 (Ice Lake) (rev 07) DeviceName: To Be Filled by O.E.M. Subsystem: Dell Device 097c Kernel driver in use: i915 Kernel modules: i915 Mageia-7-Live-Xfce-i586.iso Runs as a Vbox client. Works just fine. Boots to a working desktop. Mageia-8-beta1-Live-GNOME-x86_64.iso Runs as a Vbox client. Works just fine. Boots to a working desktop. Mageia-8-beta1-x86_64.iso Installed and runs properly Updates then reboots back to a working desktop
Advisory in Comment 58. Package list in Comment 37.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA7-32-OK MGA7-64-OKCC: (none) => sysadmin-bugs
*** Bug 27129 has been marked as a duplicate of this bug. ***
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0333.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
OK, final summary of packaging work / what to update when updating to a new kernel branch, for reference later (with references to last time we updated it or how to update it). filesystems: xfsprogs (Bug 27003) btrfs-progs (Bug 27004) userspace tools: wireguard-tools ( https://git.zx2c4.com/wireguard-tools/log/ ) iw (Bug 25832) ipset (Bug 26697) strace (Bug 26786) ethtool (Bug 26820) iproute2 (Bug 27005) libseccomp (Bug 27051) kernel modules: ipt_NETFLOW (Bug 25858) broadcom-wl (Bug 26508) dkms-bbswitch (Bug 27064) openafs (Bug 27053) kmod-virtualbox kmod-xtables-addons/xtables-addons nvidia* (Bug 27062) sysdig (Bug 27084) dkms-rtl8192eu (Bug 27097) other: kernel-firmware (only if free firmwares changed) kernel-firmware-nonfree/radeon-firmware (Bug 27052) ldetect-lst
ipt_NETFLOW to fix kernels 5.6 through 5.8 support in Bug 26844.
Looks like you've forgot bbswitch package...
CC: (none) => olelukoie
Nope, it wasn't forgotten, it just hasn't been pushed yet. Nobody tested it until late yesterday.
So I don't forget in the future, one more filesystem package: aufs-tools (Bug 27230)