RE: Support Integration of Salsa-CI with Ubuntu: Your +1 Needed!

Otto, Correct me if I'm wrong, but wouldn't this be a Salsa-CI team decision wholly, and not an Ubuntu one, despite any support downstream? (My reply to the Salsa issue quotes my opinion on this, but my general opinion, not one that directly comes with an Ubuntu hat on.) Thomas

RE: Updates to cacti for CVE-2023-39361 (CVSS 9.8)?

Nor is it likely a community member would be able to solve this. I just went digging in Cacti, and even Debian was unable to get information about a pinpoint fix and patchset. From https://github.com/Cacti/cacti/issues/5523 I am quoting their security / developers directly: > Hi Paul, > >

Re: Special One-Time SRU Handling request for torbrowser-launcher

? If not, why not? Robie On Sun, Mar 19, 2023 at 07:55:48PM -0400, Thomas Ward wrote: I'm following up on this today, because Debian finally got off their lazy butt and uploaded 0.3.6-2 to Debian that addresses the core problems in Debian. However, that does not solve the problems for everyth

Re: torbrowser-launcher must be at least version="0.3.6" in repository

Jorgen, I'm already working on trying to get this approved for SRU.  The problem is it has to go through an MRE and the release and SRU teams have to approve it, and I have not yet gotten any response or acceptance from the Release Team or the SRU team and my multiple inquiries, if I don't

RE: dxf2gcode package is looking a bit dusty

In actuality, the current version is 20191025-2 from Debian synced into Lunar during a time period of which between 2018-04-24 the package was last updated and now a newer update made in November of 2022. "dusty" only applies to where the version is the older 20190925-4 version from 2018, and

Re: Special One-Time SRU Handling request for torbrowser-launcher

14:26, Thomas Ward wrote: Hello, release team. Pursuant to a recent change for torbrowser-launcher and Tor Browser, we have a little bit of a conundrum that is leading to a one time request for SRUing the latest `torbrowser-launcher` to all currently supported releases. With Tor Browser 12

RE: unixodbc-dev 2.3.11 seems broken

Unfortunately here your choices are limited. The ODBC from Microsoft is different than the one in the repos and the two packages conflict. >From my experience you will have to pick one or the other - use Microsoft's >packaged ODBC and no headers, or use the one in the repos with the headers

RE: libapache2-mod-shib2 package for Ubuntu 22.04

If the package is not yet in 22.04 it is unlikely to land except via Backports which is its own process. Sent from my Galaxy Original message From: Kent Kutan Date: 1/14/23 16:34 (GMT-05:00) To: ubuntu-devel-discuss@lists.ubuntu.com Subject: libapache2-mod-shib2 package

RE: Getting Invalid version exception during apt update

You already got a response on this thread from Colin, quoted below: On Tue, Jan 03, 2023 at 12:04:34PM +0530, probal basak wrote: > I am getting the below exception while trying to issue apt update: > Getting this issue since last week. Previously the same thing used to > work perfectly fine.

RE: Tomcat9 - Ubuntu 20.04 x64

FYI that's MOST vulnerability scanners. Most of them do not have privileged access nor the database of ubuntu patch info in them so report solely on the exposed version number and thats it. It leads to a lot of false positives and then questions like these. ;) Sent from my Galaxy

Re: Package Update for Ubuntu

To which SSL issues are you referring, in which Ubuntu releases? There is a fix in the works for the SSL EOF client issues, if you have a specific CVE or information you need to link here please. CVEs are typically patched by the Security Team without any change to the actual version of the

Re: rsync - security error

Alex, I believe that OP is referring to the last set of CVEs listed here[1] announced on the 14th. So forgive me while I poke the thread with additional information.  I think the original ask was about those. -- CVE-2022-37434 was announced on the 14th. And is patched already in

RE: Questions about openssl in Ubuntu mirrors

Regarding your first question about why we don’t update directly to newer versions, etc.: Once a version of OpenSSL (or most libraries) is released in Ubuntu, like many other pieces of software they’re more or less ‘version locked’. For the most part, this answer on Ask Ubuntu is still more

Re: rlwrap 0.44 needed for bugfix w/ readline 8.1

The package in Ubuntu for rlwrap is fed from Debian with no change rebuilds as needed it seems, and in Debian there is not a newer version packaged.  While it would be nice to get newest software, it looks like the package might not be maintained since 2018 in Debian.  And there's a bug in

Re: Increasing user base of Ubuntu desktop.

On 3/21/22 09:21, Amit wrote: On Mon, Mar 21, 2022, 6:36 PM Joel Rees wrote: On Mon, Mar 21, 2022 at 11:55 AM Amit wrote: > >[...] > > There is no menu in the default Ubuntu desktop GUI. Menu? I suppose it is not technically a menu, but there is that

Re: Increasing user base of Ubuntu desktop.

Okay, guys, with my community leadership hat on: before you read any further on this, don't take shots at each other, we're all on the same side here.  If you want to argue different points of view, do it in a civil tone, please don't call people "bogus" or fight with people about hardware,

RE: CVE-2022-0543 also applies to Ubuntu

Is there a Debian or Ununtu bug for this? For tracking purposes for a fix and such. Sent from my Galaxy Original message From: Reginaldo Silva Date: 3/3/22 11:59 (GMT-05:00) To: ubuntu-devel-discuss@lists.ubuntu.com Subject: CVE-2022-0543 also applies to Ubuntu Hi,

Re: AWS Ubuntu Pro FIPS 18.04 LTS AMI

CCing ubuntu-devel-discuss for the wider devel audience to weigh in on. MOST security scanners do NOT take into account the Ubuntu USNs for security release patching and go *strictly* on version number strings - in almost ALL of these cases, 'version based scanning' for vulnerabilities

Re: Q: backports and PPU

Due to extreme amounts of spam in the past, the Wiki is locked down so you need to apply for rights.  You need to have a Launchpad account and then apply to join the wiki editors team - https://launchpad.net/~ubuntu-wiki-editors - once added there you can create your application page.

Re: nginx update schedule

What exactly do you mean by 'version updates for the NGINX package'? 'Version updates' are based on what NGINX Stable is in each release development cycle, it is not regularly 'updated' after the fact other than security patches or cherry-picked bug fix patches as needed at that point.

Re: Is wallch being maintained?

I will make a couple notes here: (1) You're running Pop OS which DOES have a different DE than wallch was developed for. (2) wallch appears to run fine in the current Ubuntu.  Which suggests that the issue is in whichever DE Pop OS uses.  And is why it hasn't been removed yet.  (I tested

Re: firebird3.0 install on Ubuntu 16.04.7 LTS (Xenial Xerus)

: firebird3.0 install on Ubuntu 16.04.7 LTS (Xenial Xerus) On Fri, 23 Apr 2021 17:27:30 -0400, Thomas Ward wrote:>Be aware though: 16.04.7 goes past End of Standard Support this month>- you should consider upgrading 16.04 to 18.04 before the end of>standard support happens.Doesn't d

Re: firebird3.0 install on Ubuntu 16.04.7 LTS (Xenial Xerus)

I agree with Damyan, this looks to be fixed in later versions of Firebird. Be aware though: 16.04.7 goes past End of Standard Support this month - you should consider upgrading 16.04 to 18.04 before the end of standard support happens. Thomas On 4/22/21 5:00 AM, Damyan Ivanov wrote: -=|

Re: gr-iio package under 20.04 built for wrong gnuradio

You should file a bug against the package, then, rather than email the devel discuss list.  This is the type of thing where you should file a bug, rather than just an email. Thomas On 3/19/21 12:55 PM, Jason Gallicchio wrote: The gr-iio package is compiled in a way that's compatible with

Re: gthumb

This list is for Development Discussion. Technical support questions like this belong on the Ubuntu Users list (ubuntu-us...@lists.ubuntu.com) or on another support mechanism such as Ask Ubuntu or the Ubuntu Forums (https://ubuntuforums.org) Thomas On 2/9/21 10:24 AM, Yvonne van Rooijen

Re: curl in Debian behind latest version?

They might be complaining about the Focal versions, vs. what's in Hirsute or in Debian. In those cases, the question I linked to on Ask Ubuntu would answer why it's not in the latest version of curl ;) Thomas On 1/8/21 10:01 AM, Mattia Rizzolo wrote: On Wed, Jan 06, 2021 at 06:07:33PM

Re: curl in Debian behind latest version?

If you are intending to target the Debian versions, you're in the wrong mailing list, as this is for Ubuntu. For Ubuntu, this may be relevant: https://askubuntu.com/questions/151283/why-dont-the-ubuntu-repositories-have-the-latest-versions-of-software Thomas On 1/6/21 9:07 PM, Paul Hoffman

Re: QGIS 3.10.4+dfsg-1ubuntu2 Package Broken QGIS Kubuntu 20.04 LTS

File a bug against qgis with `ubuntu-bug qgis` on the command line.  Emailing this list doesnt really help get you support with the package nor get it fixed.  Bugs are where to report package issues and where we can collect information about bugs to debug and potentially fix packagea. Thomas

Re: iCal support?

I've only seen ICS file support in various specific mail/calendar clients.  Which mail client(s) or calendar clients are you using?  (Thunderbird + calendar plugins seem to work fine) On 10/15/20 3:13 PM, Matej Kovacic wrote: > Hi, > > any idea when Ubuntu will have decent ICS support? > > I am

Re: Cfengine package

What version of Ubuntu are you working with?  `cfengine` has been removed from Debian since 2006, and consequently from later Ubuntu versions as well.  It has not been available since Feisty, and therefore is not installable. Debian indicated the following at the time of the removal

Re: Bug in torbrowser-launcher

I am working on SRUing the fixes - patience please as it needs my eyes and also SRU team eyes for approvals. ⁣Get BlueMail for Android ​ Original Message From: LinusMcFly42 Sent: Fri Sep 25 14:55:13 EDT 2020 To: "ubuntu-devel-discuss@lists.ubuntu.com" Subject: Bug in

Re: Packages Ubuntu DEB

Those packages are available on Focal 20.04, and not earlier. You will need to be using Ubuntu 20.04 to get those packages. Thomas On 8/21/20 4:47 AM, jjes...@free.fr wrote: > I need some packages: > > - lsb   11.1.0ubuntu > - lsb-base 11.1.0ubuntu > - lsb-printing 

Re: Packaging libnginx-mod-http-modsecurity

Hiya, Niels! This discussion came up a while ago as to whether to ship it with Ubuntu or not.  A long while ago back in the 14.04 cycle, a similar module, called nginx-naxsi, was shipped in the Ubuntu packaging of NGINX.  It was also shipped in Debian.  Maintaining this was considered too

Re: 16.04 problems

Or potentially the ubuntu-users list, which is an email mailing list for general support.  ubuntu-us...@lists.ubuntu.com. Thomas On 8/14/20 3:48 PM, Gabriel Staples, ElectricRCAircraftGuy.com wrote: > Bill, The best place to do that would be Ask Ubuntu:  > > https://askubuntu.com/ > > -

Re: network-manager-fortisslvpn

Just to make a note here: The patch you refer to was rejected.  The merge request to fix the problem in another way, via https://gitlab.gnome.org/GNOME/NetworkManager-fortisslvpn/-/merge_requests/15, has been sitting for two months without any movement and has NOT been accepted by Upstream yet. 

RE: chromium stable core dump - easy to reproduce

Keep in mind that in later versions of chromium-browser in some releases that is simply a stub / metapackage to transition to the chromium snap and just installs chromium via the snap store.  As such it may not be that simple to provide debug symbols.Sent from my Sprint Samsung Galaxy Note10+.

Re: Kexi update

Hi, Ptitjoz. The Kexi package has not been updated in Debian since November 2018, which is why it hasn't been directly updated in Ubuntu since then, and why it's not yet in the repositories. I have CC'd the Debian QT/KDE team on this message so they're aware the package is outdated.  If this

Re: Some ideas about APT functionality

I have to 100% agree with Ralf here. On 8/12/19 1:13 PM, Ralf Mardorf wrote: > installing "alien" packages, based upon a different package management > via apt, is a bad idea. This is not functional, it's dysfunctional. This is well known to not mix and match different packaging styles.  Some

Re: Bless hex editor

Digging into this, this package is *automatically* imported from Debian.  It looks to me like the last update that went into Debian was in 2009 with packaging updates since.  So I would say that this package is orphaned up in Debian. That said, I would open a bug in Debian indicating that it is

Re: i386 architecture will be dropped starting with eoan (Ubuntu 19.10)

According to Steve on Ubuntu Discourse [1]: > I’m sorry that we’ve given anyone the impression that we are “dropping support for i386 applications”. That’s simply not the case. What we are dropping is updates to the i386 libraries, which will be frozen at the 18.04 LTS versions. But there is

Re: missing deb dependency for "onionshare" deb package

Can you open a bug for this against the package please, for tracking purposes? Sent from my Sprint Samsung Galaxy S9+. Original message From: "Greg W." Date: 12/12/18 18:18 (GMT-05:00) To: ubuntu-devel-discuss@lists.ubuntu.com Subject: missing deb dependency for

Re: Proposal: Let's drop i386

All: I hate to interject this late in the thread, but I think we need to clarify what the discussion actually entails. On the #ubuntu-release IRC channel, it became clear that the purpose of this thread was not entirely clear, so we need to clarify specifically: Are we discussing dropping

Re: Samba CVE-2018-1057

It's already been patched. The Ubuntu CVE tracker shows this [1], but also the relevant USN [2] indicates that the issue is already 'fixed' in Ubuntu.  (It doesn't always result in a software version bump, sometimes it's just patches getting applied to 'fix' the issue in the given version of the

Re: Samba CVE-2018-1057

It's already been patched. The Ubuntu CVE tracker shows this [1], but also the relevant USN [2] indicates that the issue is already 'fixed' in Ubuntu.  (It doesn't always result in a software version bump, sometimes it's just patches getting applied to 'fix' the issue in the given version of the

Re: Outdated Package (Weechat)

Let's take a quick look at this though. We import packages from Debian. 1.4 is an old version present only in Xenial: weechat | 1.4-2| xenial/universe | source, all weechat | 1.4-2ubuntu0.1 | xenial-security/universe | source, all weechat | 1.4-2ubuntu0.1 |

Re: need to fix 4 high vulnerability assessments about needing to update zlib 1.2.8

Consider that vulnerability scanners are 99% of the time **unaware** of how the Ubuntu Security Team does updates. Please compare what vulnerabilities are being reported against the corresponding CVEs on the Security Team CVE tracker (http://people.canonical.com/~ubuntu-security/cve/) and then

Re: owncloud-client for 16.04 LTS

I would strongly suggest that you download the owncloud client from their repositories on OpenSUSE’s servers - that is the fastest way to get an updated version. Backporting that piece of software is a manual optional process and not done automatically. Therefore, there are no plans to

Re: Looking for Contact for OpenSSL on Trusty to be updated

Based solely on the CVE information, I'd surmise we aren't affected by CVE-2017-3733, because we don't have any OpenSSL 1.1.0 in the repositories - anywhere.  The original Apache announcement also indicated that 1.0.2 is not affected, and the Security Team made a note that only OpenSSL 1.1.x is

Re: Compile settings from ubuntu Packages

You will need to look into the packages themselves, including the debian/rules file inside the source package. (I'd give more details but it's a pain to type on my phone) *Sent from my iPhone. Please excuse any typos, as they are likely to happen by accident.* > On Aug 16, 2017, at 13:52,

Re: keepass2 updates?

Hello! The version of Keepass2 in the Repositories is synchronized to Ubuntu from Debian. Currently, Debian only has 2.35 out and available. Zesty and Artful both have the most recent sync from Debian - 2.35. For an older version to be in Ubuntu, it'd either need to be backported or have a PPA

Re: packaging project for precise that requires >=cmake-2.8.8

You add that PPA as a PPA dependency in your PPA itself. Then it includes that repo in the builds environments and you then just refer to CMake as normal or define a version equality in the control file. There's nothing you do in your package's control file though - it's in the PPA settings

Re: About Ubuntu 16.04.2 ISO

I heard Thursday, on the IRC channel for the Release team. *Sent from my iPhone. Please excuse any typos, as they are likely to happen by accident.* > On Feb 14, 2017, at 10:52, Ramon Marquez wrote: > > When it's going to be released the ISO Ubuntu 16.04.2? Had been