[Testing Update i686] 2018-12-19 to 2019-01-25 - Systemd, Kernels, LibreOffice Fresh, Readline, Firefox



It’s the 64 bit capable CPUs running 32 bit that have some vulnerabilities. The vulnerabilities that are fixed make my baytrail a bit sluggish compared to a year ago. It’s tempting to run an old [EOL] kernel.

[jb@LapLet ~]$ sudo spectre-meltdown-checker 
[sudo] password for jb: 
Spectre and Meltdown mitigation detection tool v0.37

Checking for vulnerabilities on current system
Kernel is Linux 4.19.15-1-MANJARO #1 SMP PREEMPT Mon Jan 14 01:55:09 UTC 2019 i686
CPU is Intel(R) Atom(TM) CPU  Z3775  @ 1.46GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 55 stepping 8 ucode 0x832 cpuid 0x30678)
* CPU vulnerability to the three speculative execution attack variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec (x86):  YES  (1 occurrence(s) found of 32 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch:  NO 
* Kernel has mask_nospec64 (arm):  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (Mitigation: Full generic retpoline, STIBP: disabled, RSB filling)
* Mitigation 1
  * Kernel is compiled with IBRS support:  YES 
    * IBRS enabled and active:  UNKNOWN 
  * Kernel is compiled with IBPB support:  YES 
    * IBPB enabled and active:  NO 
* Mitigation 2
  * Kernel has branch predictor hardening (arm):  NO 
  * Kernel compiled with retpoline option:  YES 
    * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
> STATUS:  NOT VULNERABLE  (Full retpoline is mitigating the vulnerability)
IBPB is considered as a good addition to retpoline for Variant 2 mitigation, but your CPU microcode doesn't support it'

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI):  YES 
  * PTI enabled and active:  YES 
  * Reduced performance impact of PTI:  NO  (PCID/INVPCID not supported, performance impact of PTI will be significant)
* Running as a Xen PV DomU:  NO 

A false sense of security is worse than no security at all, see --disclaimer


New LightDM which should fix the segfaults. If it does that should mean a new x32-stable snap should be possible!

:: Different sync package(s) in repository core i686

                             PACKAGE          x32-testing         x32-unstable
                              libpsl           0.20.2-3.0           0.20.2-3.1

:: Different overlay package(s) in repository extra i686

                             PACKAGE          x32-testing         x32-unstable
                             lightdm         1:1.28.0-1.0                    -

:: Different sync package(s) in repository extra i686

                             PACKAGE          x32-testing         x32-unstable
         adobe-source-sans-pro-fonts  2.040ro+1.090it-1.0  2.045ro+1.095it-1.0
        adobe-source-serif-pro-fonts  2.007ro+1.007it-2.0  2.010ro+1.010it-1.0
                             lightdm         1:1.28.0-1.2         1:1.28.0-1.3
                                wget           1.20.1-2.2           1.20.1-2.3

:: Different sync package(s) in repository community i686

                             PACKAGE          x32-testing         x32-unstable
                    cura-binary-data            3.4.1-1.2            3.6.0-1.0
                         python-praw            6.0.0-1.0            6.1.0-1.0
        python-pytest-fixture-config            1.3.0-2.0            1.4.0-1.0
                python-pytest-shutil            1.3.0-2.0            1.4.0-1.0
            python-pytest-virtualenv            1.3.0-2.0            1.4.0-1.0
             python-virtualenv-clone            0.4.0-1.0            0.5.0-1.0
                        python2-praw            6.0.0-1.0            6.1.0-1.0
       python2-pytest-fixture-config            1.3.0-2.0            1.4.0-1.0
               python2-pytest-shutil            1.3.0-2.0            1.4.0-1.0
           python2-pytest-virtualenv            1.3.0-2.0            1.4.0-1.0
            python2-virtualenv-clone            0.4.0-1.0            0.5.0-1.0
                           shorewall            5.2.2-1.0
                      shorewall-core            5.2.2-1.0
                          shorewall6            5.2.2-1.0
                        ttf-ibm-plex            1.2.2-1.0            1.2.3-1.0


Finally, our prayer has been heard :joy: , I can’t wait for the server to get updated and try this patch to see if the issue has been fixed. Just few 7 lines of code that makes all the difference, Memory infinity and beyond :rocket: .


Yeah! I can log out now!! Why would I want to though??


Cinnamon x32 is working with systemd 240. I just finished the GUI update (enabled downgrade in pamac, but it wasn’t used.) Linux-4.19.16 is working too. Seems this update was smoother than the 64 bit testing. :face_with_raised_eyebrow:


I don’t know about that - for the past month some people haven’t had a properly-working LightDM. :wink:


Well, my Cinnamon was installed quite a while ago. Just looking in /etc I see several .pacnew’s including one for lightdm-gtk-greeter.conf.pacnew. Looking at it though, all I see are comments and a single section header. My own .conf has several parameters set and there are differences in the parameter names list.


Here is my old lightdm-gtk-greeter.conf (intel Z3775, i915 integrated graphics) that works, default values - auto-login. Cinnamon over XFCE x32.

background = /usr/share/backgrounds/breath.png
font-name = Cantarell 10
xft-antialias = true
icon-theme-name = Vertex-Maia
screensaver-timeout = 60
theme-name = Vertex-Maia
cursor-theme-name = xcursor-breeze
show-clock = false
default-user-image = #avatar-default
xft-hintstyle = hintfull
position = 50%,center 50%,center
clock-format =
panel-position = bottom
indicators = ~host;~spacer;~clock;~spacer;~language;~session;~a11y;~power

I was not able to get Cinnamon running on a recent 64 bit XFCE 18.02 install on another partition. Cinnamon was irrelevant to exploring the old boot logo hang with 4.19, (which worked in 64 bit) so I re-used the partition for another distro. Nope, different distro, but it was a login failure. I used the community Manjaro Cinnamon ISO as a base to make a bootable UEFI32 ISO.


And after many days I have a successful Firefox build:


:: Different overlay package(s) in repository extra i686

                             PACKAGE          x32-testing         x32-unstable
                             firefox               64.0-0             64.0.2-0
                      liblightdm-qt4         1:1.28.0-1.0                    -
                      liblightdm-qt5         1:1.28.0-1.0                    -
                             libxml2              2.9.8-8                    -


…Must mean a newer version coming REAL soon!!!


Yes; I think that was the last remaining major hurdle to a new x32-stable release.

Can I ask any testers to please check in with any remaining issues.

Please update your votes on the “is it ready” poll in the OP.


Its gonna be a big one … wonder how many stable users will backup first?


My Lightdm works again - thank you.


YAAAY :smile: Finally, LightDM is fixed. Now I can see my beautiful :sparkles: 32-bit Desktop in all its glory :joy: .


I still have issue with firefox while opening it. I have to open Task Manager and kill one of the firefox process, the one with smaller memory, after killing that process, it finally launches. Anyone have this issue?? :thinking:


Unfortunately problem with lightdm persists. Just made latest upgrade. LightDM 1:1.28.0-1.3

jaan  21 21:13:39 TH systemd-coredump[727]: Process 725 (lightdm-gtk-gre) of user 620 dumped core.
                                                  Stack trace of thread 725:
                                                  #0  0x00000000b70d9b25 n/a (libglib-2.0.so.0)
                                                  #1  0x00000000b70ce230 g_log_default_handler (libglib-2.0.so.0)
                                                  #2  0x00000000b70d9d7d g_logv (libglib-2.0.so.0)
                                                  #3  0x00000000b70d9f55 g_log (libglib-2.0.so.0)
                                                  #4  0x00000000b70c067a g_thread_new (libglib-2.0.so.0)
                                                  #5  0x00000000b70e0a1e n/a (libglib-2.0.so.0)
                                                  #6  0x00000000b70e0a7a n/a (libglib-2.0.so.0)
                                                  #7  0x00000000b70958d7 g_unix_signal_source_new (libglib-2.0.so.0)
                                                  #8  0x00000000b70983ef g_unix_signal_add_full (libglib-2.0.so.0)
                                                  #9  0x00000000b7098463 g_unix_signal_add (libglib-2.0.so.0)
                                                  #10 0x00000000004ab145 main (lightdm-gtk-greeter)
                                                  #11 0x00000000b6c35a49 __libc_start_main (libc.so.6)
                                                  #12 0x00000000004ad7f5 _start (lightdm-gtk-greeter)

If i have missed something ?

The second weird problem appeared. When to press Alt Gr + any other button, whole graphical environment freezes. Mouse cursor moves, CAPS LOCK works, but no any other response. Only Ctrl+Alt+Backspace fixes it.


Hmmm… :thinking:, Do you have Plymouth installed?? Could that be the reason or something else, it is strange I used get same coredump error like yours but after recent patch to lightdm, it got fixed.


I’m getting this dumping…anybody else?


PID: 448 (panel-2-whisker)
UID: 1000 (dad)
GID: 1000 (dad)
Signal: 11 (SEGV)
Timestamp: Tue 2019-01-22 16:39:32 EST (56min ago)
Command Line: /usr/lib/xfce4/panel/wrapper-2.0 /usr/lib/xfce4/panel/plugins/libwhiskermenu.so 2 14>
Executable: /usr/lib/xfce4/panel/wrapper-2.0
Control Group: /user.slice/user-1000.slice/session-1.scope
Unit: session-1.scope
Slice: user-1000.slice
Session: 1
Owner UID: 1000 (dad)
Boot ID: 3948860075754e5aa7420c0f32e08191
Machine ID: 314b7397f9b948e6859a08db799cd657
Hostname: manjaro
Storage: /var/lib/systemd/coredump/core.panel-2-whisker.1000.3948860075754e5aa7420c0f32e08191>
Message: Process 448 (panel-2-whisker) of user 1000 dumped core.

            Stack trace of thread 448:
            #0  0x00000000b72453fd g_slice_alloc (libglib-2.0.so.0)
            #1  0x00000000b736240d g_value_array_new (libgobject-2.0.so.0)
            #2  0x00000000b73cbaa7 n/a (libdbus-glib-1.so.2)
            #3  0x00000000b73c66cd n/a (libdbus-glib-1.so.2)
            #4  0x00000000b73c587f n/a (libdbus-glib-1.so.2)
            #5  0x00000000b73c6431 n/a (libdbus-glib-1.so.2)
            #6  0x00000000b73c6d02 n/a (libdbus-glib-1.so.2)
            #7  0x00000000b73bfded n/a (libdbus-glib-1.so.2)
            #8  0x00000000b73838e6 g_closure_invoke (libgobject-2.0.so.0)
            #9  0x00000000b7370c5e n/a (libgobject-2.0.so.0)
            #10 0x00000000b73744da g_signal_emit_valist (libgobject-2.0.so.0)
            #11 0x00000000b7374f65 g_signal_emit (libgobject-2.0.so.0)
            #12 0x00000000b73c0927 n/a (libdbus-glib-1.so.2)
            #13 0x00000000b65708d7 dbus_connection_dispatch (libdbus-1.so.3)
            #14 0x00000000b73cce77 n/a (libdbus-glib-1.so.2)
            #15 0x00000000b726aa1e g_main_context_dispatch (libglib-2.0.so.0)
            #16 0x00000000b726cafa n/a (libglib-2.0.so.0)
#17 0x00000000b726dc31 g_main_loop_run (libglib-2.0.so.0)
            #18 0x00000000b78a64c8 gtk_main (libgtk-3.so.0)
            #19 0x00000000004873e6 main (wrapper-2.0)
            #20 0x00000000b7053a49 __libc_start_main (libc.so.6)
            #21 0x000000000048756c _start (wrapper-2.0)


Changes in version 2.3.1

Released on January 19, 2019
Fix crash when reload is required


*** Looks like the 64 guys got it yesterday! ***


On my system: