Re: gr-iio package under 20.04 built for wrong gnuradio

[Thomas Ward]

You should file a bug against the package, then, rather than email the 
devel discuss list.  This is the type of thing where you should file a 
bug, rather than just an email.



Thomas


On 3/19/21 12:55 PM, Jason Gallicchio wrote:
The gr-iio package is compiled in a way that's compatible with 
gnuradio3.7, but gnuradio3.8 is the version in 20.04.


The most popular reason to install this is for students to use Analog 
Device's PlutoSDR with gnuradio. Analog Device's instructions involve 
cloning the "upgrade-3.8" branch of gr-iio, which seems to not be what 
was done in the Ubuntu package:
https://wiki.analog.com/resources/tools-software/linux-software/gnuradio 



All of the other required packages in 20.04 are appropriate--gr-iio is 
the only one that my students must build from source to fix this issue.


In more detail, the 20.04 gr-iio package supplies .xml files like
/usr/share/gnuradio/grc/blocks/iio_pluto_sink.xml
but gnuradio3.8 has switched to .yml files. Making the upgrade-3.8 
branch, creates files like

.../share/gnuradio/grc/blocks/iio_pluto_source.block.yml

Apologies if this was not appropriate for this list or didn't contain 
the right information, but it's the first time I'm suggesting a 
package bug fix.


Thanks,
Jason


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Problem with libpng12-0 - please help me

[Jeffrey Walton]

On Mon, Mar 22, 2021 at 5:30 PM Jan Brøndum Johansson
 wrote:
>
> Hello, I followed the instructions on how to install PDF Editor in this 
> article by you https://vitux.com/how-to-edit-pdf-files-in-ubuntu/
>
> Unfortunately this caused me some serious problems on my Xubuntu 16,04 and 
> I'm hoping you will help me get this sorted out.

Ubuntu 16 is kind of old...

I would start by trying to get the machine in a good state:

  $ sudo dpkg --configure -a
  $ sudo apt install -f

followed by:

  $ sudo apt update
  $ sudo apt upgrade

Then, attempt the install.

I would not be surprised if a modern libpng package cannot be
installed on an old Ubuntu. In this case, you might want to build
libpng from sources.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Problem with libpng12-0 - please help me

[Jan Brøndum Johansson]

Hello, I followed the instructions on how to install PDF Editor in this 
article by you https://vitux.com/how-to-edit-pdf-files-in-ubuntu/


Unfortunately this caused me some serious problems on my Xubuntu 16,04 
and I'm hoping you will help me get this sorted out.


As of now I can't update my system becaúse its blocked by unmet 
dependencies caused by libpng12 which can't be installed properly. It 
can't be uninstalled either.


I have attached the problem in detail downstairs.

Hope you will help me.

Thank you in advance.
--


*Med venlig hilsen / With kind regards

Jan Brøndum Johansson
*
*
*
*th@th-ThinkPad-X300:~$ cd /tmp
th@th-ThinkPad-X300:/tmp$ wget 
http://mirrors.kernel.org/ubuntu/pool/main/l/lcms/liblcms1_1.19.dfsg-1ubuntu3_amd64.deb
--2021-03-20 10:45:06-- 
http://mirrors.kernel.org/ubuntu/pool/main/l/lcms/liblcms1_1.19.dfsg-1ubuntu3_amd64.deb
Resolving mirrors.kernel.org (mirrors.kernel.org)... 198.145.21.9, 
2001:19d0:306:6:0:1994:3:14
Connecting to mirrors.kernel.org 
(mirrors.kernel.org)|198.145.21.9|:80... connected.

HTTP request sent, awaiting response... 301 Moved Permanently
Location: 
http://mirrors.edge.kernel.org/ubuntu/pool/main/l/lcms/liblcms1_1.19.dfsg-1ubuntu3_amd64.deb 
[following]
--2021-03-20 10:45:07-- 
http://mirrors.edge.kernel.org/ubuntu/pool/main/l/lcms/liblcms1_1.19.dfsg-1ubuntu3_amd64.deb
Resolving mirrors.edge.kernel.org (mirrors.edge.kernel.org)... 
147.75.95.133, 2604:1380:3000:1500::1
Connecting to mirrors.edge.kernel.org 
(mirrors.edge.kernel.org)|147.75.95.133|:80... connected.

HTTP request sent, awaiting response... 200 OK
Length: 105756 (103K) [application/octet-stream]
Saving to: ‘liblcms1_1.19.dfsg-1ubuntu3_amd64.deb’

liblcms1_1.19.dfsg-1ubuntu3_a 
100%[=>] 103.28K   
328KB/s    in 0.3s


2021-03-20 10:45:08 (328 KB/s) - ‘liblcms1_1.19.dfsg-1ubuntu3_amd64.deb’ 
saved [105756/105756]


th@th-ThinkPad-X300:/tmp$ wget 
http://mirrors.kernel.org/ubuntu/pool/main/libm/libmng/libmng1_1.0.10-3_amd64.deb
--2021-03-20 10:45:29-- 
http://mirrors.kernel.org/ubuntu/pool/main/libm/libmng/libmng1_1.0.10-3_amd64.deb
Resolving mirrors.kernel.org (mirrors.kernel.org)... 198.145.21.9, 
2001:19d0:306:6:0:1994:3:14
Connecting to mirrors.kernel.org 
(mirrors.kernel.org)|198.145.21.9|:80... connected.

HTTP request sent, awaiting response... 301 Moved Permanently
Location: 
http://mirrors.edge.kernel.org/ubuntu/pool/main/libm/libmng/libmng1_1.0.10-3_amd64.deb 
[following]
--2021-03-20 10:45:30-- 
http://mirrors.edge.kernel.org/ubuntu/pool/main/libm/libmng/libmng1_1.0.10-3_amd64.deb
Resolving mirrors.edge.kernel.org (mirrors.edge.kernel.org)... 
147.75.95.133, 2604:1380:3000:1500::1
Connecting to mirrors.edge.kernel.org 
(mirrors.edge.kernel.org)|147.75.95.133|:80... connected.

HTTP request sent, awaiting response... 200 OK
Length: 214904 (210K) [application/octet-stream]
Saving to: ‘libmng1_1.0.10-3_amd64.deb’

libmng1_1.0.10-3_amd64.deb 
100%[=>] 209.87K   
419KB/s    in 0.5s


2021-03-20 10:45:31 (419 KB/s) - ‘libmng1_1.0.10-3_amd64.deb’ saved 
[214904/214904]


th@th-ThinkPad-X300:/tmp$ wget 
http://mirrors.kernel.org/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.54-1ubuntu1_amd64.deb
--2021-03-20 10:45:47-- 
http://mirrors.kernel.org/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.54-1ubuntu1_amd64.deb
Resolving mirrors.kernel.org (mirrors.kernel.org)... 198.145.21.9, 
2001:19d0:306:6:0:1994:3:14
Connecting to mirrors.kernel.org 
(mirrors.kernel.org)|198.145.21.9|:80... connected.

HTTP request sent, awaiting response... 301 Moved Permanently
Location: 
http://mirrors.edge.kernel.org/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.54-1ubuntu1_amd64.deb 
[following]
--2021-03-20 10:45:48-- 
http://mirrors.edge.kernel.org/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.54-1ubuntu1_amd64.deb
Resolving mirrors.edge.kernel.org (mirrors.edge.kernel.org)... 
147.75.95.133, 2604:1380:3000:1500::1
Connecting to mirrors.edge.kernel.org 
(mirrors.edge.kernel.org)|147.75.95.133|:80... connected.

HTTP request sent, awaiting response... 200 OK
Length: 116466 (114K) [application/octet-stream]
Saving to: ‘libpng12-0_1.2.54-1ubuntu1_amd64.deb’

libpng12-0_1.2.54-1ubuntu1_am 
100%[=>] 113.74K   
351KB/s    in 0.3s


2021-03-20 10:45:49 (351 KB/s) - ‘libpng12-0_1.2.54-1ubuntu1_amd64.deb’ 
saved [116466/116466]


th@th-ThinkPad-X300:/tmp$ wget 
http://mirrors.kernel.org/ubuntu/pool/main/q/qt-x11-free/libqt3-mt_3.3.8-b-8ubuntu3_amd64.deb
--2021-03-20 10:46:28-- 
http://mirrors.kernel.org/ubuntu/pool/main/q/qt-x11-free/libqt3-mt_3.3.8-b-8ubuntu3_amd64.deb
Resolving mirrors.kernel.org (mirrors.kernel.org)... 198.145.21.9, 
2001:19d0:306:6:0:1994:3:14
Connecting to mirrors.kernel.org 
(mirrors.kernel.org)|198.145.21.9|:80... connected.

HTTP request sent, awaiting response... 301 Moved Permanently
Location: 
http://mirrors.edge.kernel.org/ubuntu/pool/main/q/qt-x11-fr

Re: CVE-2018-5710: krb5 package version issue

[Sam Hartman]

This doesn't sound like a Debian issue.
It sounds more like a disagreement between your source of vulnerability
information and Ubuntu about when a problem is fixed (or whether it
was).
I also don't see CVE-2018-5710 as a vulnerability that upstream lists as
fixed in their git history.

I would not want to take on the liability of making a comment about
whether a particular issue is fixed in a particular package version in
Ubuntu unless I prepared that version.

--Sam

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

CVE-2018-5710: krb5 package version issue

[Andrei Nikonov]

Dear Sam Hartman, Russ Allbery, Benjamin Kaduk and Security team!

Let me ask you for help and guidance.

At the moment, I have a PC running Ubuntu 18.04 at my disposal. It has some
binary packages that depend on the "*krb5*" package. The problem is that
the vulnerability scanner finds the *CVE-2018-5710* vulnerability (related
to my binary *krb5* packages) and suggests updating to version *1.16.1-1*,
even though the packages have been updated to the latest version (
*1.16-2ubuntu0.2*).

Version *1.16.1-1* is also listed on the vulnerability website
 (
https://ubuntu.com/security/CVE-2018-5710) and in the OVAL data on which
the scanner operates.

I found that there are later versions of the krb5 package for Debian
distributions, but I cannot officially update my package (using the package
manager on Ubuntu OS).

I've also seen discussions on this topic
 on the Internet (
https://github.com/future-architect/vuls/issues/1069), but it only points
out a possible error in the OVAL data.

I ask you to consider my letter and, if possible, give an explanation of
this case. Maybe this is just a technical hitch and no update has been
added for the version? Or can the information in the OVAL data be updated
to reflect the current version?

Let me thank you for your work in fixing software security holes. This is
an important and necessary task.

Hoping for an answer
-- 
Andrey Nikonov,
Security engineer,
"Frodex" Ltd.
Ufa, Russia.
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Hirsute Hippo (21.04) UI Freeze

[giordano giordani]

Hallo. In last updates of my Ubuntu 20.04.2 LTS i lose wireless network
adapter (RTL 8821CE.802, by Realtek). Can you help me? Thanks Giordano
Giordani, email giordani.giord...@gmail.com

Il ven 19 mar 2021, 15:07 Lukasz Zemczak  ha
scritto:

> Hello Ubuntu developers,
>
> Effective yesterday, we are now officially under the User Interface Freeze
> for Hirsute:
>
>https://wiki.ubuntu.com/UserInterfaceFreeze
>
> In order to help ensure our documentation is accurate for the release,
> please notify the documentation team and translation teams of any
> further changes to artwork, text strings, or UI designs that will be
> made between now and the release, and please make such changes only
> where necessary.
>
> On behalf of the Ubuntu Release team,
>
> --
> Łukasz 'sil2100' Zemczak
>  Foundations Team
>  lukasz.zemc...@canonical.com
>  www.canonical.com
>
> --
> ubuntu-devel-announce mailing list
> ubuntu-devel-annou...@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-announce
>
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: CVE-2018-5710: krb5 package version issue

[Russ Allbery]

Hi Andrei,

Andrei Nikonov  writes:

> Moreover, the package version 1.16.1-1 is shown as a fixed version on
> the official Ubuntu CVE page
> . So I don't think that there
> can be any disagreement in vulnerability information.

None of the people you have explicitly cc'd in this email are affiliated
with Ubuntu so far as I know, so I'm not sure we're the right people to
ask.  Given the information you've shown (which matches what I saw when
looking around Launchpad), there certainly doesn't seem to be any
indication that Ubuntu patched CVE-2018-5710 prior to version 1.16.1-1.

Ubuntu claims that bug is fixed in 1.16.1-1, and I see no reason to doubt
that, although unfortunately the CVE reference is confusing.  Upstream
used CVE-2018-5729 and CVE-2018-5730 to track what appears to be the same
vulnerability.  Debian's security tracker notes:

The CVE is a duplicate of the #891869 issue(s) due to reporter not
having coordinated with upstream and the CVE assignment ist sill for
slight different coverage. Thus keep it distinct (for now) and mark
CVE-2018-5710 issue as well as fixed once #891869 is adressed.

at https://security-tracker.debian.org/tracker/CVE-2018-5710 which is
consistent with that analysis.

Please note that I was not involved in preparing this release and haven't
checked any of this analysis myself, but given the above, it seems likely
to me that this bug was fixed in 1.16.1-1 and the bug fix has not been
backported to Ubuntu's 1.16-2ubuntu0.2 release.

> Howbeit, how should I interpret information from the CVE-2018-5710 page
> ? I have krb5-1.16-2ubuntu0.2
> on my PC and it is vulnerable as its version is less than 1.16.1-1?

That is how I would interpret this information, yes.

Note that you should decide whether you care, given that this bug affects
only the KDC and only with LDAP support enabled.

-- 
Russ Allbery (r...@debian.org)  

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: CVE-2018-5710: krb5 package version issue

[Andrei Nikonov]

Dear Sam,

Thank You for the answer.
At first: vulnerability source, that I use, is official Ubuntu's OVAL data
. I downloaded the file by this link
.
For Your convenience, I attached a screenshot with CVE-2018-5710 definition
from this file. Moreover, the package version 1.16.1-1 is shown as a fixed
version on the official Ubuntu CVE page
. So I don't think that there
can be any disagreement in  vulnerability information.

As for the question, whose issue is it (Debian or Ubuntu) - I am not sure
how this mechanism works, but I wrote to You as You are the maintainer for
krb5. It is shown in the last link
 on the CVE page,
and on the official Ubuntu packages page
.

I also looked through Ubuntu Changelog

and Debian Changelog

for the krb5 package - there is the same record in both of them about the
1.16-2 version of krb5 ( Sat, 20 Jan 2018 11:02:57).
And right after that in Debian Changelog 1.16.1-1 version appeared while in
Ubuntu Changelog the next version for krb5 is 1.16-2build1.

I might just assume that this can be some minor point with copying the krb5
version for Debian to Ubuntu vulnerability data.

Howbeit, how should I interpret information from the CVE-2018-5710 page
? I have krb5-1.16-2ubuntu0.2 on
my PC and it is vulnerable as its version is less than 1.16.1-1? But my
version is actual.

With appreciation,
--
Andrey Nikonov,
Security engineer,
"Frodex" Ltd.
Ufa, Russia.



пн, 22 мар. 2021 г. в 21:41, Sam Hartman :

> This doesn't sound like a Debian issue.
> It sounds more like a disagreement between your source of vulnerability
> information and Ubuntu about when a problem is fixed (or whether it
> was).
> I also don't see CVE-2018-5710 as a vulnerability that upstream lists as
> fixed in their git history.
>
> I would not want to take on the liability of making a comment about
> whether a particular issue is fixed in a particular package version in
> Ubuntu unless I prepared that version.
>
> --Sam
>


-- 
с уважением,
Андрей Никонов.
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

gr-iio package under 20.04 built for wrong gnuradio

[Jason Gallicchio]

The gr-iio package is compiled in a way that's compatible with gnuradio3.7,
but gnuradio3.8 is the version in 20.04.

The most popular reason to install this is for students to use Analog
Device's PlutoSDR with gnuradio. Analog Device's instructions involve
cloning the "upgrade-3.8" branch of gr-iio, which seems to not be what was
done in the Ubuntu package:
https://wiki.analog.com/resources/tools-software/linux-software/gnuradio

All of the other required packages in 20.04 are appropriate--gr-iio is the
only one that my students must build from source to fix this issue.

In more detail, the 20.04 gr-iio package supplies .xml files like
/usr/share/gnuradio/grc/blocks/iio_pluto_sink.xml
but gnuradio3.8 has switched to .yml files. Making the upgrade-3.8 branch,
creates files like
.../share/gnuradio/grc/blocks/iio_pluto_source.block.yml

Apologies if this was not appropriate for this list or didn't contain the
right information, but it's the first time I'm suggesting a package bug fix.

Thanks,
Jason
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss