IRC logs for #cip for Thursday, 2020-10-15

« Wednesday, 2020-10-14 Index Friday, 2020-10-16 »
*** rajm has joined #cip06:07
*** masashi910 has joined #cip07:17
*** tpollard has joined #cip08:01
*** fujita has joined #cip08:49
*** pave1 has joined #cip08:59
masashi910#startmeeting CIP IRC weekly meeting09:00
brloggerMeeting started Thu Oct 15 09:00:01 2020 UTC and is due to finish in 60 minutes.  The chair is masashi910. Information about MeetBot at http://wiki.debian.org/MeetBot.09:00
brloggerUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.09:00
brloggerThe meeting name has been set to 'cip_irc_weekly_meeting'09:00
*** brlogger changes topic to " (Meeting topic: CIP IRC weekly meeting)"09:00
masashi910#topic rollcall09:00
*** brlogger changes topic to "rollcall (Meeting topic: CIP IRC weekly meeting)"09:00
wenshi09:00
pave1hi09:00
masashi910please say hi if you're around09:00
iwamatsuhi09:00
fujitahi09:00
patersonchi09:00
masashi910#topic AI review09:00
*** brlogger changes topic to "AI review (Meeting topic: CIP IRC weekly meeting)"09:00
masashi910  1. Combine root filesystem with kselftest binary - iwamatsu09:00
iwamatsusorry, no update this09:00
masashi910iwamatsu: Sure, Thanks!09:01
masashi910  2. Check whether CVE-2019-0145, CVE-2019-0147, CVE-2019-0148 needs to be backported to 4.4 - masashi91009:01
masashi910Jan-san@Siemens would like us to backport them to 4.4.09:01
masashi910https://lore.kernel.org/cip-dev/d5baee23-9a71-6994-146d-1b54d42d1ef9@siemens.com/09:01
masashi910pave1, iwamatsu: Do you think we can proceed the backporting?09:01
pave1masashi: I'm looking into that, yes.09:02
masashi910pave1: Thanks!09:02
iwamatsuyes,09:02
masashi910iwamatsu: Thanks!09:02
masashi910So, shall we move on?09:02
masashi910#topic Kernel maintenance updates09:02
*** brlogger changes topic to "Kernel maintenance updates (Meeting topic: CIP IRC weekly meeting)"09:02
pave1masashi: CVE-- There's some confusion as 145 and 147 point to same fix in our database. Plus some of the issues may not be serious enough to be worth fixing.09:03
pave1I have reviewed 4.19.151... and PCIe EP series.09:04
masashi910pave1: Oh, I see. Need to sort out the necessity again?09:04
iwamatsuI reviewed 4.4.23909:04
wensthere's not much to go on from Intel's security notice09:04
pave1masashi: Well, either that or we identified wrong commits.09:05
wensthe latter is possible09:05
pave1wens: I'm looking at Bluetooth CVEs (CVE-2020-12351,12352,24490).09:06
wenswas about to report on those09:06
wens- CVE-2020-12351, CVE-2020-12352, CVE-2020-24490 [bluetooth] (also known as BleedingTooth)09:06
wens  These are grouped together because Intel's security notice does not clearly state which patches fix which issues. Fixes posted.09:06
wens- CVE-2020-16119 [net: dccp] - fix posted09:06
wens- CVE-2020-16120 [overlayfs] - fixed09:06
wens- CVE-2020-25645 [net: geneve] - fixed and backported to 4.14+ - Fix should be backported to 4.4 and 4.9. The driver was added in 4.2.09:06
wensregarding the Bluetooth CVEs, Google has produced much better reports than Intel's security notices: https://lwn.net/Articles/834297/rss09:07
pave1wens: Yes, Google is doing pretty well there. They even have proof of concepts.09:07
wensI haven't fixed the entries in cip-kernel-sec yet.09:08
pave1wens: AFAICT, CVE-2020-24490.yml is fixed at least in 4.19.y.09:08
pave1wens: I started taking notes in form of yml files. Will post the diff if it is useful as a starting point.09:09
wensI plan to ask if bwh wanted to push them upstream (to Debian) before we update it on our end, otherwise we end up pulling in the garbled stuff in again.09:09
pave1wens: If the entries are later replaced with cleaner entries from Debian... that should not be a huge problem.09:11
wenssure. the changes here https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/merge_requests/7809:11
pave1wens: Thanks!09:11
masashi910pave1, iwamatsu, wens: Thanks for your works!09:11
wensare just the initial import. I can split them up based on Google's information.09:12
wensthat's all.09:12
masashi910Any suggestions for CVE-2019-0145/0147/0148 how to proceed?09:12
wensideally, ask Intel for more information about which commits are the correct fixes.09:13
masashi910wens: I see. Thanks for your comment. Well, let's discuss offline, then.09:14
masashi910Any other topics?09:14
masashi910309:14
masashi910209:14
masashi910109:14
masashi910#topic Kernel testing09:14
*** brlogger changes topic to "Kernel testing (Meeting topic: CIP IRC weekly meeting)"09:14
patersoncHello09:15
patersoncThe LAVA master and workers have been updated to the latest version of lava-docker, based on LAVA 2020.07.09:15
patersoncLet me know if you see any issues.09:15
patersoncThanks to the lab owners for their support.09:15
patersoncAlso, the x86 devices have been split into seperate device-types (x86-openblocks-iot-vx2, x86-simatic-ipc227e) so we can choose specific platforms to run tests.09:15
patersoncThat's it from me09:15
masashi910patersonc: Thanks for your works!09:16
masashi910any queries or comments?09:16
masashi910309:16
masashi910209:16
masashi910109:16
masashi910#topic CIP Security09:16
*** brlogger changes topic to "CIP Security (Meeting topic: CIP IRC weekly meeting)"09:16
yoshidak[m]Hello09:17
yoshidak[m]We got the gap assessment report about CIP development process to meet for IEC 62443-4-1.09:17
yoshidak[m]You can see it in our security repo:09:18
yoshidak[m]https://gitlab.com/cip-project/cip-security/iec_62443-4-x/-/blob/master/gap_assessment/TLF_Gap_Analysis_IEC_62443_4-1_Public.pdf09:18
yoshidak[m]The report shows what we have to define, and then we try to define the compliant process to IEC 62443-4-1.09:18
yoshidak[m]We keep continue to work this.09:19
yoshidak[m]That's the end from me this week, thanks!09:19
masashi910yoshidak[m]: Thanks for your updates.09:19
masashi910any queries or comments?09:19
masashi910309:19
masashi910209:19
masashi910109:20
masashi910#topic AOB09:20
*** brlogger changes topic to "AOB (Meeting topic: CIP IRC weekly meeting)"09:20
masashi910Are there any business to discuss?09:20
masashi910309:20
masashi910209:20
masashi910109:20
masashi910#endmeeting09:20
brloggerMeeting ended Thu Oct 15 09:20:39 2020 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)09:20
brloggerMinutes:        https://irclogs.baserock.org/meetings/cip/2020/10/cip.2020-10-15-09.00.html09:20
brloggerMinutes (text): https://irclogs.baserock.org/meetings/cip/2020/10/cip.2020-10-15-09.00.txt09:20
brloggerLog:            https://irclogs.baserock.org/meetings/cip/2020/10/cip.2020-10-15-09.00.log.html09:20
*** brlogger changes topic to "Civil Infrastructure Platform Project. Find the logs at https://irclogs.baserock.org/cip/"09:20
masashi910Thanks, Bye!09:20
wensThank you!09:20
pave1Thank you! Wish us luck!09:20
iwamatsuthank you09:20
fujitathank you09:21
masashi910Chris-san, are you here?09:22
patersoncmasashi910: yep09:23
masashi910I am already in Teams.09:24
patersoncmasashi910: I'll be there in 5 mins. I'm just in another call, sorry09:25
masashi910patersonc: Sure!09:25
*** fujita has quit IRC09:38
*** pave1 has quit IRC09:49
*** monstr has joined #cip13:15
*** masashi910 has quit IRC15:05
*** masashi910 has joined #cip15:14
*** masashi910 has quit IRC15:30
*** tpollard has quit IRC16:02
*** monstr has quit IRC17:02
*** toscalix has joined #cip19:20
*** toscalix has quit IRC21:28
*** toscalix has joined #cip21:29
*** toscalix has quit IRC21:49
*** rajm has quit IRC22:02
« Wednesday, 2020-10-14 Index Friday, 2020-10-16 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!