Bug #16708: Upgrade Linux to 4.19.37

segfault wrote:
> One thing that’s odd is that “Resize to VM” doesn’t work on this VM in virt-manager. Not sure it’s actually related to the new kernel though.

It’s unrelated, sorry for the noise

#12 Updated by segfault 2019-05-11 18:51:56

I would like to fix that devel FTBFS because of the missing linux-image-4.19.0-4-amd64 package, but I don’t know whether I should just upgrade it to 4.19.37 or use 4.19.0-0.bpo.4 from stretch-backports instead.

#13 Updated by intrigeri 2019-05-14 12:52:15

> I would like to fix that devel FTBFS because of the missing linux-image-4.19.0-4-amd64 package, but I don’t know whether I should just upgrade it to 4.19.37 or use 4.19.0-0.bpo.4 from stretch-backports instead.

I’d say 4.19.37-1 so we get as much data as we can in order to decide whether we want to ship this update in 3.14.

#14 Updated by anonym 2019-05-16 07:29:08

Priority changed from Normal to High

Due to ~~Bug #16720~~ we definitely need linux 4.19.37-2 in Tails 3.14.

#15 Updated by anonym 2019-05-16 07:40:18

% Done changed from 0 to 30
Type of work changed from Research to Code

I have bumped the snapshots so we get linux 4.19.37-2 with the mitigations.

#16 Updated by anonym 2019-05-16 08:45:43

Package diff vs 3.13.2:

--- wiki/src/torrents/files/tails-amd64-3.13.2.packages 2019-05-14 13:37:53.440047323 +0200
+++ tails-amd64-bugfix_16708-linux-4.19.37+force-all-tests-3.14-20190516T0740Z-581176c472.packages  2019-05-16 10:10:50.556773124 +0200
@@ -29,7 +29,7 @@
 bc 1.06.95-9+b3
 bilibop-common 0.5.2.1
 bilibop-udev   0.5.2.1
-bind9-host 1:9.10.3.dfsg.P4-12.3+deb9u4
+bind9-host 1:9.10.3.dfsg.P4-12.3+deb9u5
 binutils   2.28-5
 blt    2.5.3+dfsg-3
 bookletimposer 0.2-5
@@ -70,8 +70,8 @@
 cups-common    2.2.1-8+deb9u3
 cups-core-drivers  2.2.1-8+deb9u3
 cups-daemon    2.2.1-8+deb9u3
-cups-filters   1.11.6-3
-cups-filters-core-drivers  1.11.6-3
+cups-filters   1.11.6-3+deb9u1
+cups-filters-core-drivers  1.11.6-3+deb9u1
 cups-pk-helper 0.2.6-1+b1
 cups-ppdc  2.2.1-8+deb9u3
 cups-server-common 2.2.1-8+deb9u3
@@ -101,13 +101,14 @@
 dmidecode  3.0-4
 dmsetup    2:1.02.137-2
 dmz-cursor-theme   0.4.4
+dnsutils   1:9.10.3.dfsg.P4-12.3+deb9u5
 dosfstools 4.1-1
 dpkg   1.18.25
 e2fslibs:amd64 1.43.4-2
 e2fsprogs  1.43.4-2
 efibootmgr 14-2
 eject  2.1.5+deb1+cvs20081104-13.2
-electrum   3.2.3-1
+electrum   3.2.3-1.1
 emacsen-common 2.0.8
 enigmail   2:2.0.8-5~deb9u1
 eog    3.20.5-1+b1
@@ -126,21 +127,21 @@
 file-roller    3.22.3-1
 findutils  4.6.0+git+20161106-2
 firefox    60.6.1+fake1
-firmware-amd-graphics  20190114-1
-firmware-atheros   20190114-1
+firmware-amd-graphics  20190502-1
+firmware-atheros   20190502-1
 firmware-b43-installer 1:019-4
 firmware-b43legacy-installer   1:019-4
-firmware-brcm80211 20190114-1
-firmware-intel-sound   20190114-1
-firmware-ipw2x00   20190114-1
-firmware-iwlwifi   20190114-1
-firmware-libertas  20190114-1
-firmware-linux 20190114-1
+firmware-brcm80211 20190502-1
+firmware-intel-sound   20190502-1
+firmware-ipw2x00   20190502-1
+firmware-iwlwifi   20190502-1
+firmware-libertas  20190502-1
+firmware-linux 20190502-1
 firmware-linux-free    3.4
-firmware-linux-nonfree 20190114-1
-firmware-misc-nonfree  20190114-1
-firmware-realtek   20190114-1
-firmware-ti-connectivity   20190114-1
+firmware-linux-nonfree 20190502-1
+firmware-misc-nonfree  20190502-1
+firmware-realtek   20190502-1
+firmware-ti-connectivity   20190502-1
 firmware-zd1211    1:1.5-6
 fontconfig 2.11.0-6.7.0tails4
 fontconfig-config  2.11.0-6.7.0tails4
@@ -170,7 +171,7 @@
 geoip-database 20170512-1
 gettext    0.19.8.1-2
 gettext-base   0.19.8.1-2
-ghostscript    9.26a~dfsg-0+deb9u2
+ghostscript    9.26a~dfsg-0+deb9u3
 gimp   2.8.18-1+deb9u1
 gimp-data  2.8.18-1+deb9u1
 gir1.2-accountsservice-1.0 0.6.43-1
@@ -294,6 +295,7 @@
 hdparm 9.51+ds-1+deb9u1
 hicolor-icon-theme 0.15-1
 hopenpgp-tools 0.19.4-3
+host   1:9.10.3.dfsg.P4-12.3+deb9u5
 hostname   3.18+b1
 hpijs-ppds 3.16.11+repack0-3
 hplip  3.16.11+repack0-3
@@ -329,7 +331,7 @@
 initramfs-tools-core   0.130.0tails1
 inkscape   0.92.1-1
 inotify-tools  3.14-2
-intel-microcode    3.20190312.1~bpo9+1
+intel-microcode    3.20190514.1~deb9u1
 iproute2   4.9.0-1+deb9u1
 iptables   1.6.0+snapshot20161117-6
 iputils-ping   3:20161105-1
@@ -399,7 +401,7 @@
 libb-hooks-endofscope-perl 0.21-1
 libb-hooks-op-check-perl   0.19-3+b1
 libbabl-0.1-0:amd64    0.1.18-1
-libbind9-140:amd64 1:9.10.3.dfsg.P4-12.3+deb9u4
+libbind9-140:amd64 1:9.10.3.dfsg.P4-12.3+deb9u5
 libblas-common 3.7.0-2
 libblas3   3.7.0-2
 libblkid1:amd64    2.29.2-1+deb9u1
@@ -500,7 +502,7 @@
 libcrystalhd3:amd64    1:0.0~git20110715.fdd2f19-12
 libcups2:amd64 2.2.1-8+deb9u3
 libcupscgi1:amd64  2.2.1-8+deb9u3
-libcupsfilters1:amd64  1.11.6-3
+libcupsfilters1:amd64  1.11.6-3+deb9u1
 libcupsimage2:amd64    2.2.1-8+deb9u3
 libcupsmime1:amd64 2.2.1-8+deb9u3
 libcupsppdc1:amd64 2.2.1-8+deb9u3
@@ -537,8 +539,8 @@
 libdjvulibre-text  3.5.27.1-7
 libdjvulibre21:amd64   3.5.27.1-7
 libdmapsharing-3.0-2:amd64 2.9.37-1
-libdns-export162   1:9.10.3.dfsg.P4-12.3+deb9u4
-libdns162:amd64    1:9.10.3.dfsg.P4-12.3+deb9u4
+libdns-export162   1:9.10.3.dfsg.P4-12.3+deb9u5
+libdns162:amd64    1:9.10.3.dfsg.P4-12.3+deb9u5
 libdotconf0:amd64  1.3-0.2
 libdouble-conversion1:amd64    2.0.1-4
 libdpkg-perl   1.18.25
@@ -615,7 +617,7 @@
 libflite1:amd64    2.0.0-release-3+b1
 libfluidsynth1:amd64   1.1.6-4
 libfontconfig1:amd64   2.11.0-6.7.0tails4
-libfontembed1:amd64    1.11.6-3
+libfontembed1:amd64    1.11.6-3+deb9u1
 libfontenc1:amd64  1:1.1.3-1+b2
 libfreehand-0.1-1  0.1.1-2
 libfreetype6:amd64 2.6.3-3.2
@@ -701,8 +703,8 @@
 libgpm2:amd64  1.20.4-6.2+b1
 libgraphite2-3:amd64   1.3.10-1
 libgrilo-0.3-0:amd64   0.3.2-2
-libgs9:amd64   9.26a~dfsg-0+deb9u2
-libgs9-common  9.26a~dfsg-0+deb9u2
+libgs9:amd64   9.26a~dfsg-0+deb9u3
+libgs9-common  9.26a~dfsg-0+deb9u3
 libgsasl7  1.8.0-8+b2
 libgsecuredelete0  0.3-1
 libgsl2:amd64  2.3+dfsg-1
@@ -788,10 +790,10 @@
 libipc-system-simple-perl  1.25-3
 libiptc0:amd64 1.6.0+snapshot20161117-6
 libiptcdata0   1.0.4-6+b1
-libisc-export160   1:9.10.3.dfsg.P4-12.3+deb9u4
-libisc160:amd64    1:9.10.3.dfsg.P4-12.3+deb9u4
-libisccc140:amd64  1:9.10.3.dfsg.P4-12.3+deb9u4
-libisccfg140:amd64 1:9.10.3.dfsg.P4-12.3+deb9u4
+libisc-export160   1:9.10.3.dfsg.P4-12.3+deb9u5
+libisc160:amd64    1:9.10.3.dfsg.P4-12.3+deb9u5
+libisccc140:amd64  1:9.10.3.dfsg.P4-12.3+deb9u5
+libisccfg140:amd64 1:9.10.3.dfsg.P4-12.3+deb9u5
 libisl15:amd64 0.18-1
 libisofs6:amd64    1.4.6-1
 libiw30:amd64  30~pre9-12+b1
@@ -850,7 +852,7 @@
 liblwp-mediatypes-perl 6.02-1
 liblwp-protocol-https-perl 6.06-2
 liblwp-protocol-socks-perl 1.7-1
-liblwres141:amd64  1:9.10.3.dfsg.P4-12.3+deb9u4
+liblwres141:amd64  1:9.10.3.dfsg.P4-12.3+deb9u5
 liblz4-1:amd64 0.0~r131-2+b1
 liblzma5:amd64 5.2.2-1.2+b1
 liblzo2-2:amd64    2.08-1.2+b2
@@ -1147,7 +1149,7 @@
 libslang2:amd64    2.3.1-5
 libsm6:amd64   2:1.2.2-1+b3
 libsmartcols1:amd64    2.29.2-1+deb9u1
-libsmbclient:amd64 2:4.5.16+dfsg-1+deb9u1
+libsmbclient:amd64 2:4.5.16+dfsg-1+deb9u2
 libsnappy1v5:amd64 1.1.3-3
 libsndfile1:amd64  1.0.27-3
 libsndio6.1:amd64  1.1.0-3
@@ -1273,7 +1275,7 @@
 libwayland-egl1:amd64  1.16.0-1~bpo9+1
 libwayland-egl1-mesa:amd64 18.2.8-2~bpo9+1
 libwayland-server0:amd64   1.16.0-1~bpo9+1
-libwbclient0:amd64 2:4.5.16+dfsg-1+deb9u1
+libwbclient0:amd64 2:4.5.16+dfsg-1+deb9u2
 libwebkit2gtk-4.0-37:amd64 2.18.6-1~deb9u1
 libwebp6:amd64 0.5.2-1
 libwebpdemux2:amd64    0.5.2-1
@@ -1381,7 +1383,7 @@
 libzvbi-common 0.2.35-13
 libzvbi0:amd64 0.2.35-13
 linux-base 4.5
-linux-image-4.19.0-4-amd64 4.19.28-2
+linux-image-4.19.0-5-amd64 4.19.37-2
 live-boot  1:20170112
 live-boot-initramfs-tools  1:20170112
 live-config    5.20170112+deb9u1
@@ -1536,7 +1538,7 @@
 python3-dbus   1.2.4-1+b1
 python3-dnspython  1.15.0-1+deb9u1
 python3-ecdsa  0.13-2
-python3-electrum   3.2.3-1
+python3-electrum   3.2.3-1.1
 python3-flask  0.12.1-1
 python3-gi 3.22.0-2
 python3-gi-cairo   3.22.0-2
@@ -1595,7 +1597,7 @@
 rfkill 0.5-1+b1
 rng-tools  2-unofficial-mt.14-1+b2
 rsync  3.1.2-1+deb9u2
-samba-libs:amd64   2:4.5.16+dfsg-1+deb9u1
+samba-libs:amd64   2:4.5.16+dfsg-1+deb9u2
 sane-utils 1.0.25-4.1
 scdaemon   2.1.18-8~deb9u4
 scribus    1.4.6+dfsg-4

So we also get intel-microcode 3.20190514.1~deb9u1 for ~~Bug #16720~~.

Also, the problems intrigeri predicted are present above:

electrum 3.2.3-1.1: no clue what to do here. :/
firmware-amd-graphics 20190502-1: our safest best us to downgrade to 20190114-1 which still is in testing, or 20190114-1~bpo9+2.

#17 Updated by anonym 2019-05-16 08:47:32

Full automated test suite run (still running): https://jenkins.tails.boum.org/job/test_Tails_ISO_bugfix-16708-linux-4.19.37-force-all-tests/9/

#18 Updated by anonym 2019-05-16 09:23:10

Warning! For ~~Bug #16720~~ I have pushed a branch with a very similar name to this ticket’s:

bugfix/16720-linux-4.19.37-nosmt+force-all-tests
          ^^              ^^^^^^

#19 Updated by segfault 2019-05-16 11:37:39

anonym wrote:
> Also, the problems intrigeri predicted are present above:
> * electrum 3.2.3-1.1: no clue what to do here. :/

What options do we have? I see three:

1. Package the current electrum version ourselves, and upload it to our custom APT repo
2. Upload the last working electrum Debian package (3.2.3-1) to our custom APT repo
3. Stop shipping a (working) electrum package

I could spend some hours on 1. until the end of the weekend.

#20 Updated by segfault 2019-05-16 18:48:26

related to ~~Feature #16725~~: Create custom electrum package added

#21 Updated by intrigeri 2019-05-18 08:20:55

Assignee changed from segfault to intrigeri

Thanks everyone who moved this forward!

I’ll take this (and ~~Bug #16720~~) for now and will coordinate with segfault once he shows up.

> * firmware-amd-graphics 20190502-1: our safest best us to downgrade to 20190114-1 which still is in testing, or 20190114-1~bpo9+2.

Agreed, let’s stick to the version we shipped in 3.13.2. I’ll do that.

#22 Updated by intrigeri 2019-05-18 08:23:40

segfault wrote:
> anonym wrote:
>> * electrum 3.2.3-1.1: no clue what to do here. :/

> What options do we have? I see three:

> 1. Package the current electrum version ourselves, and upload it to our custom APT repo

I’d rather not to. This seems 1. probably too much work for 3.14 given the timing; 2. somewhat in contradiction with the strategy we’ve decided wrt. Electrum (if s7r doesn’t find anyone to help co-maintain Electrum, we’ll step up, but diving into this right now increases the chances we become the de facto only maintainers, which I’d rather avoid if we can).

> 2. Upload the last working electrum Debian package (3.2.3-1) to our custom APT repo

I’ll go with this option.

> 3. Stop shipping a (working) electrum package

FTR we don’t really ship a working Electrum ATM: it rarely manages to connect to the network. But let’s at least not make things worse.

#23 Updated by intrigeri 2019-05-18 08:46:22

anonym wrote:
> I have bumped the snapshots so we get linux 4.19.37-2 with the mitigations.

… and I’ve bumped the expiry date of the debian 2019051601 snapshot accordingly.

#24 Updated by intrigeri 2019-05-18 09:04:02

>> * firmware-amd-graphics 20190502-1: our safest best us to downgrade to 20190114-1 which still is in testing, or 20190114-1~bpo9+2.
> Agreed, let’s stick to the version we shipped in 3.13.2. I’ll do that.

>> 2. Upload the last working electrum Debian package (3.2.3-1) to our custom APT repo
> I’ll go with this option.

Both done on the topic branch, that I’ll use as a basis to disable SMT on ~~Bug #16720~~.

#25 Updated by intrigeri 2019-05-18 09:11:15

blocks ~~Bug #16720~~: Update kernel to mitigate new MDS attacks added

#26 Updated by intrigeri 2019-05-18 09:21:22

I’ve looked at the src:linux recent regressions reported in Debian and the only important one I’ve spotted is https://bugs.debian.org/929098 (Radeon Vega 1.0, amdgpu). IMO that’s a risk we have to take in order to fix ~~Bug #16720~~ :/

#27 Updated by intrigeri 2019-05-18 10:02:41

related to ~~Bug #16728~~: Upgrade firmware-amd-graphics (and the rest of firmware-nonfree) added

#28 Updated by intrigeri 2019-05-18 10:16:30

Note to reviewer: I had to do some nasty changes but 1. they should be entirely harmless; 2. I’ve filed ~~Bug #16728~~ so we don’t forget to revert them once we can.

#29 Updated by segfault 2019-05-18 13:31:07

Reviewed up to 575ee712cfab9c4863e6c549788b604320fa372b, LGTM

#30 Updated by intrigeri 2019-05-18 16:40:27

Status changed from In Progress to Fix committed
% Done changed from 30 to 100

Applied in changeset commit:tails|4c54166bd5a468c2e9e521aad61ade635322c9f1.

#31 Updated by intrigeri 2019-05-18 16:41:17

related to deleted (~~~~Feature #16725~~: Create custom electrum package~~)

#32 Updated by intrigeri 2019-05-18 16:41:43

Assignee deleted (~~intrigeri~~)
QA Check set to Pass

I’ve seen all tests pass locally, except the OpenPGP applet and Electrum ones, as expected.

#33 Updated by CyrilBrulebois 2019-05-23 21:21:12

Status changed from Fix committed to Resolved

Related to Tails - ~~Bug #16728~~: Upgrade firmware-amd-graphics (and the rest of firmware-nonfree)	Resolved
Blocks Tails - Feature #16209: Core work: Foundations Team	Confirmed
Blocks Tails - ~~Bug #16720~~: Update kernel to mitigate new MDS attacks	Resolved

Tails

Bug #16708

Upgrade Linux to 4.19.37

History

#1 Updated by intrigeri 2019-05-07 06:11:03

#2 Updated by intrigeri 2019-05-07 06:11:15

#3 Updated by intrigeri 2019-05-08 05:44:27

#4 Updated by intrigeri 2019-05-08 06:11:19

#5 Updated by segfault 2019-05-10 13:29:42

#6 Updated by segfault 2019-05-10 13:52:17

#7 Updated by segfault 2019-05-10 13:52:45

#8 Updated by segfault 2019-05-10 15:17:01

#9 Updated by segfault 2019-05-10 15:23:32

#10 Updated by segfault 2019-05-10 15:26:58

#11 Updated by segfault 2019-05-10 15:29:36