cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wei ZHOU <ustcweiz...@gmail.com>
Subject Re: [VOTE] 4.11.3.0 RC1
Date Tue, 18 Jun 2019 18:32:46 GMT
Hi Rohit,

Do we need to change default iptable tables for cpvm and ssvm ?

# iptables -I INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j DROP
# ip6tables -I INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j
DROP
(see https://access.redhat.com/security/vulnerabilities/tcpsack)

-Wei


Rohit Yadav <rohit.yadav@shapeblue.com> 于2019年6月18日周二 上午11:57写道:

> All,
>
>
> Due to recently disclosed and fixed tcp/SACK vulnerability and other
> security issues (refer https://www.debian.org/security/2019/dsa-4465),
> I've rebuilt and synced new 4.11.3.0 systemvmtemplates which has linux
> 4.9.168-1+deb9u3 (2019-06-16):
>
>
> http://download.cloudstack.org/systemvm/testing/4.11.3-rc
>
> http://packages.shapeblue.com/testing/systemvm/41130rc1
>
>
> Kindly continue testing 4.11.3.0 RC1 using above systemvmtemplates. Thanks.
>
>
> Build log for reference:
> http://download.cloudstack.org/systemvm/testing/4.11.3-rc/build.log
>
>
> Regards,
>
> Rohit Yadav
>
> Software Architect, ShapeBlue
>
> https://www.shapeblue.com
>
> ________________________________
> From: Riepl, Gregor (SWISS TXT) <Gregor.Riepl@swisstxt.ch>
> Sent: Friday, June 14, 2019 7:45:58 PM
> To: dev@cloudstack.apache.org; users@cloudstack.apache.org
> Subject: Re: [VOTE] 4.11.3.0 RC1
>
> +1
>
> Based on:
> - Packages from http://packages.shapeblue.com/testing/41130rc1/ and
> http://packages.shapeblue.com/testing/systemvm/41130rc1/
> - Upgrade of our test cloud from 4.11.2 to 4.11.3 worked without problems
> (aside from the mentioned template issue)
> - Our internal smoke test stack ran successfully
>
> The only thing I'm a bit unhappy about is the backported ostype API fix:
> https://github.com/apache/cloudstack/pull/3066
> Since this is a breaking API change, I don't think it should be included
> in a minor release, even if it fixes an API bug.
> It triggers an error in Packer, which we use to create templates.
> However, a fix was already commited and will be in the next Packer
> release, so I'm ok'ing it: https://github.com/hashicorp/packer/pull/7694
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> Amadeus House, Floral Street, London  WC2E 9DPUK
> @shapeblue
>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message