IRC logs for #cip for Thursday, 2021-10-14

*** rajm <rajm!~robert@cpc126990-macc4-2-0-cust43.1-3.cable.virginm.net> has joined #cip		06:25
*** toscalix_ <toscalix_!~agustinbe@174.red-79-144-82.dynamicip.rima-tde.net> has joined #cip		08:14
*** rajm <rajm!~robert@cpc126990-macc4-2-0-cust43.1-3.cable.virginm.net> has quit IRC		09:42
*** uli <uli!~uli@55d41653.access.ecotel.net> has joined #cip		11:16
*** masami <masami!~masami@FL1-122-133-108-128.tky.mesh.ad.jp> has joined #cip		11:51
*** rajm <rajm!~robert@cpc126990-macc4-2-0-cust43.1-3.cable.virginm.net> has joined #cip		12:45
*** josiah\|2 <josiah\|2!~kvirc@pool-100-16-211-90.bltmmd.fios.verizon.net> has joined #cip		12:59
*** iwamatsu` is now known as iwamatsu		13:00
*** jki <jki!~jki@88.215.84.132> has joined #cip		13:00
jki	#startmeeting CIP IRC weekly meeting	13:01
brlogger	Meeting started Thu Oct 14 13:01:19 2021 UTC and is due to finish in 60 minutes. The chair is jki. Information about MeetBot at http://wiki.debian.org/MeetBot.	13:01
brlogger	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	13:01
brlogger	The meeting name has been set to 'cip_irc_weekly_meeting'	13:01
*** brlogger changes topic to " (Meeting topic: CIP IRC weekly meeting)"		13:01
*** pavel <pavel!~pavel@88.103.239.87> has joined #cip		13:01
jki	hi all, please say hello if you are around	13:01
pavel	hi	13:01
uli	hello	13:01
iwamatsu	hi	13:01
masami	hello	13:01
josiah\|2	hi	13:01
alicef	o/	13:01
patersonc[m]	hello	13:02
josiah\|2	Hi	13:02
jki	full house, great	13:02
jki	#topic AI review	13:02
*** brlogger changes topic to "AI review (Meeting topic: CIP IRC weekly meeting)"		13:02
jki	1. Combine root filesystem with kselftest binary - iwamatsu & alicef	13:03
alicef	hi o/	13:03
iwamatsu	no update	13:03
alicef	the kernelci patch for using the gz isar-core-cip is almost finished and will be merged probably this week	13:03
patersonc[m]	\o/	13:04
jki	great!	13:04
iwamatsu	yey	13:04
alicef	depend from how much it will take other pull request to be checked	13:04
alicef	that are conflicting with our pull request	13:04
alicef	this is only for managing gz compression	13:05
alicef	so I'm currently starting to test the pull request for implement isar-core-cip	13:06
alicef	for check that everything work correctly with kernelci	13:06
alicef	and maybe do some changes depending from the result	13:07
jki	very good news	13:08
jki	2. Document new LAVA domains in wiki - patersonc	13:08
patersonc[m]	Done	13:08
jki	\o/	13:08
jki	3. Look into S3 artifact upload issues - patersonc	13:09
patersonc[m]	Not done	13:09
jki	any new AIs?	13:10
alicef	one	13:10
jki	3	13:10
jki	go ahead!	13:10
alicef	looks like lava is using jquery 3.4.0 and could be affected by XSS CVE-2020-11023	13:11
alicef	I'm trying to fix it upstream but I have no replay from lavasoftware people	13:12
jki	uh	13:12
alicef	for getting permission to send merge request	13:13
jki	do we have an idea where this could be affecting security?	13:13
alicef	lava.ciplatform.org is using lava	13:13
jki	i know	13:14
alicef	GKernelCI is also	13:14
alicef	I'm currently working on patching GKernelCI and trying to send the patch upstream if something come out	13:15
jki	question is, e.g., if only authorized users to exploit that or any visitor	13:15
*** pav3l <pav3l!~user@37-48-8-177.nat.epc.tmcz.cz> has joined #cip		13:16
alicef	from the CVE: passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.	13:16
alicef	is affecting jquery equal to 1.0.3 and before 3.5.0	13:16
jki	should we ping someone from kernelci on that directly?	13:18
alicef	currently I'm trying to talk about it with #lavasoftware and wait for their replay	13:18
jki	ok	13:18
jki	then lets wait and meanwhile at this as AI on the stack	13:19
alicef	my idea is to just trying to update jquery as was arleady updated also in the pust for some security concern	13:19
patersonc[m]	Thanks alicef	13:19
alicef	s/pust/past	13:20
alicef	s/arleady/already	13:20
jki	Quirin just pointed me to https://git.lavasoftware.org/lava/lava/-/issues/421 - TL;DR No fix because we don't use the dangerous code	13:20
alicef	that's nice	13:21
jki	wait, that is not the same one, is it?	13:21
jki	CVE-2020-11022	13:21
alicef	mmm oh right	13:21
jki	you wrote CVE-2020-11023	13:21
alicef	let me open a new issue if so	13:21
jki	thanks!	13:22
jki	any other AIs?	13:22
jki	3	13:23
jki	2	13:23
jki	1	13:23
jki	#topic Kernel maintenance updates	13:23
*** brlogger changes topic to "Kernel maintenance updates (Meeting topic: CIP IRC weekly meeting)"		13:23
pavel	I have reviewed patches for 5.10.72,73,74.	13:23
uli	reviewed for 5.10.71	13:23
masami	There is four new CVEs this week	13:23
masami	CVE-2021-0935: 4.4 hasn't been fixed yet. other stable kernels have been fixed.	13:24
iwamatsu	I reviewed 5.10.72 and 73.	13:24
masami	CVE-2021-0937, CVE-2021-0938, CVE-2021-0941: all stable kernels have been fixed.	13:24
masami	CVE-2021-41864: 4.9 and 4.14 haven't been fixed yet.	13:24
pavel	4.19 and 4.14 are not really our focus; we can let someone else handle that.	13:24
masami	s/four/five/s	13:24
pavel	CVE..-0935: it is networking but not remotely exploitable afaict. I guess we can wait few weeks and try to do something about it if not fixed by then...?	13:25
masami	pavel: 4.19 and 4.14? you mean 4.9 and 4.14?	13:26
pavel	masami: Sorry. I meant 4.9 and 4.14. We do care about 4.19.	13:26
masami	pavel: no problem.	13:26
iwamatsu	About CVE-2021-0935, I am trying backportting.	13:27
masami	iwamatsu: thank you	13:27
jki	anything else under this topic?	13:29
jki	3	13:29
jki	2	13:29
jki	1	13:30
jki	#topic Kernel testing	13:30
*** brlogger changes topic to "Kernel testing (Meeting topic: CIP IRC weekly meeting)"		13:30
patersonc[m]	Other then what Alice has been said previously I don't have much to add	13:30
jki	then let's make it short, or?	13:30
jki	3	13:31
jki	2	13:31
jki	1	13:31
jki	#topic AOB	13:31
*** brlogger changes topic to "AOB (Meeting topic: CIP IRC weekly meeting)"		13:31
jki	I would like to hear if there is anything (further) to do regarding that wireless topic	13:32
*** pavel <pavel!~pavel@88.103.239.87> has quit IRC		13:33
pav3l	Not really, I believe.	13:34
jki	TSC meeting sounded like Security is expecting some statement from Kernel WG	13:35
jki	but I may have misunderstood that	13:35
pav3l	I missed that. What kind of statement?	13:35
pav3l	We can't really promise them anything.	13:36
jki	someone said kernel team would be "looking" into that	13:36
jki	yeah, understood	13:36
jki	summary would be kernel team can handle few selected wifi drivers, doing basic testing only, correct?	13:36
pav3l	jki basically no testing.	13:37
jki	compile "testing" only, ok	13:37
pav3l	jki we can review patches from upstream, that's it.	13:37
jki	was this communicated already?	13:37
iwamatsu	we can not test it on LAVA.	13:38
pav3l	jki but that should be enough... And yes, I tried to explain that.	13:38
jki	"building and probing seem reasonable tests currently"	13:38
jki	what was meant by "probing"?	13:38
pav3l	We want to have driver present on boards that have it...	13:39
jki	ok	13:39
iwamatsu	+1	13:39
pav3l	...to catch unlikely error that it fails during probe or something like that.	13:39
jki	then I will try to point this out again during next TSC	13:40
pav3l	Sounds good.	13:41
jki	any other AOB?	13:41
patersonc[m]	We may be able to add wifi to a LAVA lab if really needed	13:41
jki	yeah, maybe just check if scanning works (known networks visible), that's what I tend to do manually	13:42
jki	but already that requires that the thing is not in a metal box...	13:43
jki	so, anything else?	13:43
jki	3	13:43
jki	2	13:43
jki	1	13:44
jki	#endmeeting	13:44
brlogger	Meeting ended Thu Oct 14 13:44:06 2021 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	13:44
brlogger	Minutes: https://irclogs.baserock.org/meetings/cip/2021/10/cip.2021-10-14-13.01.html	13:44
brlogger	Minutes (text): https://irclogs.baserock.org/meetings/cip/2021/10/cip.2021-10-14-13.01.txt	13:44
brlogger	Log: https://irclogs.baserock.org/meetings/cip/2021/10/cip.2021-10-14-13.01.log.html	13:44
*** brlogger changes topic to "Civil Infrastructure Platform Project. Find the logs at https://irclogs.baserock.org/cip/"		13:44
alicef	opened issue to lava hoping it dosen't affect anything ttps://git.lavasoftware.org/lava/lava/-/issues/513	13:44
jki	then thank you all!	13:44
jki	thanks, alicef!	13:44
alicef	ah it was for end the meeting I thought related to kernel testing sorry	13:44
jki	we were already AOB :)	13:44
alicef	ok :)	13:45
alicef	today my typo are on fire ...	13:45
pav3l	Thank you!	13:45
patersonc[m]	typos ;)	13:45
alicef	thank you	13:45
masami	bye!	13:45
iwamatsu	Thank you	13:45
jki	too many stuck keys ;)	13:45
jki	bye!	13:45
*** josiah\|2 <josiah\|2!~kvirc@pool-100-16-211-90.bltmmd.fios.verizon.net> has quit IRC		13:45
uli	bye	13:45
alicef	patersonc[m]: :'\|	13:45
*** masami <masami!~masami@FL1-122-133-108-128.tky.mesh.ad.jp> has quit IRC		13:47
* patersonc[m] runs away		13:47
alicef	bye!	13:47
*** jki <jki!~jki@88.215.84.132> has quit IRC		13:49
*** pav3l <pav3l!~user@37-48-8-177.nat.epc.tmcz.cz> has quit IRC		13:51
*** uli <uli!~uli@55d41653.access.ecotel.net> has left #cip		15:36
*** patersonc[m] <patersonc[m]!~patersonc@2001:470:69fc:105::aaf> has quit IRC		16:08
*** patersonc[m] <patersonc[m]!~patersonc@2001:470:69fc:105::aaf> has joined #cip		16:12
*** toscalix_ <toscalix_!~agustinbe@174.red-79-144-82.dynamicip.rima-tde.net> has quit IRC		16:48
*** rajm <rajm!~robert@cpc126990-macc4-2-0-cust43.1-3.cable.virginm.net> has quit IRC		22:02

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!