Re: Various programs and SVG image mis-rendering

[Jeffrey Walton]

On Thu, Mar 14, 2024 at 2:41 PM Stephen Satchell  wrote:
>
> Who are the correct people to report issues with the incorrect display
> of SVG images?  I've encountered the problem with:
>
> * Document Viewer
> * LibreOffice Write, Calc, Impress, Draw
> * GIMP
>
> The different programs screw up in different ways.  LibreOffice Write
> can't handle an SVG image with scrunched type.  Calc, Impress, and Draw
> bungle lines with arrows.
>
> Gimp almost gets it right; like Calc/Impress/Draw, it bungles arrows.
>
> Chrome only messes up with color on arrows.
>
> Firefox?  Gets it right.  Surprise.
>
> The SVG image was created in InkScape 1.3.2 on Ubuntu 20.04.6 LTS (Focal
> Fossa). if anyone wants the .svg file in question, just ask.

`apt-cache show ` will usually provide the maintainer contact
information. For example:

$ apt-cache show gimp
Package: gimp
Architecture: amd64
Version: 2.10.30-1ubuntu0.1
Priority: optional
Section: universe/graphics
Origin: Ubuntu
Maintainer: Ubuntu Developers 
Original-Maintainer: Debian GNOME Maintainers

Bugs: https://bugs.launchpad.net/ubuntu/+filebug
...

However, it is usually a good idea to file a bug upstream, too. So you
would file a bug with GIMP at
, and then reference the
bug in the Launchpad bug. Finally, the Ubuntu maintainers can wait for
the upstream fix.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Nginx and freenginx

[Jeffrey Walton]

Ubuntu might want to consider carrying freenginx. Also see
.

I'm going to hold off on a Launchpad bug and the needs-packaging tag.

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: request to update the apt package for verilator

[Jeffrey Walton]

On Thu, Jan 4, 2024 at 10:16 AM Daniel Wilkerson
 wrote:
>
> I am running Ubuntu.
> $ uname -srvo
> Linux 6.2.0-39-generic #40~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Nov
> 16 10:53:04 UTC 2 GNU/Linux
>
> My verilator install is from August 2020, so I wanted a new version.
> $ sudo apt-get update
> ...
> $ sudo apt-get install verilator
> ...
> verilator is already the newest version (4.038-1).
>
> That is years out of date.  Verilator 5.020 2024-01-01 was just released.
>
> The verilator people say that it is up to the Ubuntu maintainers to
> update the apt package, so I thought I would ping you and suggest
> that.

Aaron explained Ubuntu's update policy. Also see
.

But from the looks of things, verilator does _not_ have a lot of
dependencies. You may be able to build the latest sources without much
trouble.

If I am parsing things correctly, it only depends on libc:

   $ apt-cache show verilator
   Package: verilator
   Architecture: amd64
   Version: 4.038-1
   Priority: optional
   ...
   Depends: libc6 (>= 2.29)
   Recommends: libsystemc-dev
   Suggests: gtkwave
   ...

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: lastpass-cli

[Jeffrey Walton]

On Sun, Oct 22, 2023 at 7:48 PM JD  wrote:
>
> The lastpass-cli available in the ubuntu repositories (1.3.3) is out of date. 
>  I was able to employ it despite the lack of support for some LastPass 
> functions added in 1.3.4.  Earlier this year, the coded certificate 
> authorities expired and the corrected version on github, 1.3.6, will not 
> compile properly on ubuntu 22 (I actually run kubuntu to better support low 
> vision).
>
> How do I request a small update such as this?

I don't believe Ubuntu will do a version bump. See the SRU policy at
.

To get needed functionality from lastpass-1.3.4 or lastpass-1.3.6 into
lastpass-1.3.3, open a bug report at
, and supply
the patch.

Regarding lastpass and the problems with expired certificates, well
that sounds like a design problem with lastpass. Ubuntu supplies a
trusted store, and users can supply their own store. The app should be
using what is provided to it (the app). I would probably file a bug
against lastpass for that.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Open-SSH server

[Jeffrey Walton]

On Sat, Jun 10, 2023 at 2:39 PM Matthew Wilson 
wrote:

> Hi there,
>
>
>
> Do you have an update as to when the repository for Ubuntu 22.04.2 package
> Open-SSH will be upgraded from 8.9 to 9.3 to patch the security issues as
> it means our server is currently non-compliant.
>
>
>
> Kind Regards,
>

Is this a real question or a new way to distribute spam?

You can read about Ubuntu's patch policy at
https://wiki.ubuntu.com/StableReleaseUpdates .

Debian has similar policies and procedures, but Ubuntu's takes precedence
because of Canonical's administration of the distro.

Jeff
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: APT Package "wine64" removes unrelated packages

[Jeffrey Walton]

On Mon, Jan 9, 2023 at 11:41 AM Clayton Cronk  wrote:
>
> I am sending this message here as it is the address listed for the
> maintainer of the APT package "wine64". I attempted to install WINE on
> my system today following this guide for WINE 5.0:
> https://linuxize.com/post/how-to-install-wine-on-ubuntu-20-04/
>
> I ran these commands:
> $ sudo dpkg --add-architecture i386
>
> $ sudo apt update
>
> $ sudo apt install wine64
>
> $ sudo apt install wine32
>
> $ wine --version
>
> wine32 failed because it depended on a version of a package older than
> the version that would be installed. I did not catch that package name.
> I noticed that the icons for VSCode and DIscord had disappeared from the
> dock, so I scrolled back up and copied the output of "sudo apt install
> wine64" and found that it had removed 26 packages:
>
> The following packages will be REMOVED:
>brltty cheese code deja-dup discord eog evince gfm gnome-bluetooth
> gnome-calendar gnome-logs
>gnome-system-monitor gpick libevdocument3-4 libevview3-3
> libfprint-2-tod1 libnetplan0 libwireshark14
>netplan.io shotwell simple-scan thermald tilem tilp2 ubuntu-minimal
> xtrkcad
>
> I believe I have repaired the results of this but I would like to report
> this to ensure that it gets addressed, because that was frustrating to
> fix. Full output of "sudo apt install wine64", and "apt info wine64" are
> attached.

You might want to have a discussion at [1] . It seems off-topic for
[2] . You may not get a lot of answers to questions here.

Jeff

[1] https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
[2] https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Installation de squirrelmail

[Jeffrey Walton]

On Tue, Dec 20, 2022 at 4:15 PM mawuena Djade  wrote:
>
> Hello. Comment installé le serveur de mail web squirrelmail sous Ubuntu 18.04

https://lists.ubuntu.com/mailman/listinfo/ubuntu-fr

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Bind 9.16.1 crash on Ubuntu

[Jeffrey Walton]

On Thu, Dec 8, 2022 at 12:23 PM Ben Bridges  wrote:

> Greetings.
>
>
>
> Yesterday morning one of our BIND daemons crashed.  The following messages
> were logged in named.run at the time:
>
>
>
> 07-Dec-2022 11:58:37.097 general: critical: netmgr.c:687:
> REQUIRE((__builtin_expect(!!((sock) != ((void *)0)), 1) &&
> __builtin_expect(!!(((const isc__magic_t *)(sock))->magic == ((('N') << 24
> | ('M') << 16 | ('S') << 8 | ('K', 1))) failed, back trace
>
> It looks like it could be
https://gitlab.isc.org/isc-projects/bind9/-/issues/3483 .

Jeff
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: libssl1.0-dev about this Ubuntu package..

[Jeffrey Walton]

On Tue, Nov 15, 2022 at 10:25 AM Areeb Khan  wrote:

>
> I'm running a laravel attendize project on my linux ubuntu server. I have
> an issue while downloading PDFs so after a heavy google research I found a
> ubuntu package *libssl1.0-dev* that needs to be downloaded on a server..
> I already have this package but not the -*dev instance* which I have
> mentioned above.. Could you please tell me what the difference is in this
> package? And do I need to install it on ubuntu 16.04  ?
>

This is probably a better discussion for ubuntu-users list.

The -dev version of a package is for developers. It will include things
like source files and header files so you can write a program that uses the
package.

'apt-cache search' will help you find packages. 'apt-cache show' will show
you information about the package. If the package does not meet your needs,
you may need to build it from source.

Ubuntu 16.04 is 7 years old. You are going to see a lot of old packages. It
is going to cause pain as you try to use new features, especially when you
build a package yourself. You should probably upgrade the machine. Ubuntu
22.04 would be a good choice.

Jeff
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Maintainer for trustedqsl - please update for OpenSSL v3 support

[Jeffrey Walton]

On Sun, Jul 3, 2022 at 1:17 PM Chris Esser  wrote:
>
> Trying to reach the maintainer for trustedqsl, the package shows this list 
> mailer only for contact.

I think Ubuntu is tracking Debian.

The Debian package is located at
https://packages.debian.org/bullseye/trustedqsl (Bullseye is the
latest Debian Stable). On the right, there is "Developer Information",
which eventually leads back to SourceForge.

From Debian's Developer Information page, the package is maintained by
debian-h...@lists.debian.org. And it looks like Debian supplies
2.5.7-1 in Stable, and 2.6.3-1 in Unstable.

It will take some time for the package to move from Debian Unstable to
Debian Testing and finally Debian Stable. Debian Testing is also where
the next stable release is tested. So 2.6.3 will be available in
Debian Bookworm, which is Debian's next stable release.

So, I don't think Ubuntu will be able to update to 2.6.3 anytime soon.
Ubuntu will probably stay at 2.5.7. If you want 2.6.2 or above, you
will probably have to build it yourself in the near future.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Please backport kernel patches for ACPI parsing errors

[Jeffrey Walton]

Hi Everyone,

Some machines experience ACPI parsing errors. Also see
https://bugzilla.kernel.org/show_bug.cgi?id=201981 . Comment 24 offers
that Ubuntu should consider backporting these two commits:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dc6a6ab58379f25bf991d8e4a13b001ed806e881
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=65f936f3535950d2643eac5bf34a735a0e428cdd

It would be helpful if the Ubuntu kernel maintainers backported the commits.

Thanks in advance.

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: broken repository?

[Jeffrey Walton]

On Sun, Jun 5, 2022 at 5:16 PM Alan  wrote:
>
> I am unable to update mysql-client. Here's what I get:
>
> alan ~ $sudo apt update
>
> Get:1 http://repo.mysql.com/apt/ubuntu focal InRelease [12.9 kB]
>
> Err:1 http://repo.mysql.com/apt/ubuntu focal InRelease
>
> The following signatures couldn't be verified because the public key is not 
> available: NO_PUBKEY 467B942D3A79BD29
>
> Hit:2 http://us.archive.ubuntu.com/ubuntu focal InRelease
>
> Get:3 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
>
> Hit:4 http://archive.canonical.com/ubuntu focal InRelease
>
> Get:5 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
>
> Hit:6 http://dell.archive.canonical.com focal InRelease
>
> Reading package lists... Done
>
> W: GPG error: http://repo.mysql.com/apt/ubuntu focal InRelease: The following 
> signatures couldn't be verified because the public key is not available: 
> NO_PUBKEY 467B942D3A79BD29
>
> E: The repository 'http://repo.mysql.com/apt/ubuntu focal InRelease' is not 
> signed.
>
> N: Updating from such a repository can't be done securely, and is therefore 
> disabled by default.
>
> I am also trying to get help from mysql, but no help so far (they referred me 
> to an article about INSTALLING mysql).
>
> This issue is apparently preventing me from upgrading to 22.04. I am running 
> 20.04 LTS.

Looks like this has been seen before:
https://reddingitpro.com/2022/03/11/mysql-updates-pgp-keys-february-2022/

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Increasing user base of Ubuntu desktop.

[Jeffrey Walton]

On Sun, Mar 20, 2022 at 1:14 PM Stephen Satchell  wrote:
>
> On 3/20/22 8:38 AM, Amit wrote:
> > The current default GUI of Ubuntu desktop is not very user friendly.
>
> Would you please be specific about what is missin or wrong that makes
> Ubuntu desktop "not very use friendly"?  What would, in your eyes,
> improve the desktop experience, particularly for the seniors?
>
> "It sucks" is not very informative, and doesn't lead to a useful
> discussion that can be embraced by developers.

One area Linux is not user friendly is a simple-to-use Senior edition.
I think this is an instance problem of Accessibility.

I've found I can't set the font to a larger size without hassles and
troubles. Even if you manage to increase the font size for the
particular desktop, the boot and login screens don't honor the
settings.

It would be nice to set the font size in one place, and have it used
everywhere. For senior citizens and visually impaired users.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Issues on Amide 1.0.5-12build2

[Jeffrey Walton]

On Tue, Mar 8, 2022 at 12:01 PM Roberto Massari  wrote:
>
> Dear all,
>
> for whom it is of interest:
>
> I would like to report a bug in the package amide 1.0.5-12build2 for
> Ubuntu 20.04.4 LTS. The program has problems reading files in interfile
> format. It seems that it always reads the data as big endian even if in
> the header of the file is correctly declared as little endian. Older
> versions of amide or the one in Windows read the same file correctly.

https://bugs.launchpad.net/ubuntu/+filebug/?no-redirect

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: memcached

[Jeffrey Walton]

On Thu, Mar 3, 2022 at 11:59 AM Juan Jimenez Coelho
 wrote:
>
> I have run apt-cache show memcached and this email address was listed as the 
> "Maintainer".
>
> I have a simple question: could you please point me to the actual source code 
> where the specific version packaged, 1.5.22-2, can be found?

Start here: https://packages.ubuntu.com/. Select a Release. Scroll
down to bottom of page, and then click "All Packages". Then find
memcached.

It looks like 1.5.6 is part of Bionic. SO ga back one release from Bionic.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Ubuntu LTS20.04 - wireguard package

[Jeffrey Walton]

On Tue, Jan 11, 2022 at 8:36 AM Dan Streetman  wrote:
> ...
> > Fedora has a 6 month release cycle. Each version you are on has the
> > latest releases of its packages and gets full updates. And in 6 months
> > you move onto the next stable version. At the 6 month release in the
> > life cycle, you simply run dnf-system-upgrade [1] and you are on the
> > next version of Fedora. dnf-system-upgrade is a lot like a Ubuntu
> > dist-upgrade.
>
> Just to clarify, what you are describing about Fedora is EXACTLY the
> same for Ubuntu...6 month release cycle, latest packages in each
> release, full updates (for at least 9 months), upgrade with a single
> command at each 6 month release. The 'dnf-system-upgrade' sounds more
> like the 'do-release-upgrade' command, not 'apt dist-upgrade' (though
> both are similar).

Yes, you're right. do-release-upgrade looks like the similar command.

Do you know if do-release-upgrade will move from one LTS version to
another? I usually select Ubuntu LTS when I want long term stability,
like over 3 or 5 years. In fact, my main desktop machine is Ubuntu
18.04 LTS.

Fedora does not really offer long term stability. Fedora is more
suited for the latest stable release every 6 months. Select it when
you want as close to the bleeding edge as possible while staying
stable.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: nginx update schedule

[Jeffrey Walton]

On Mon, Jan 10, 2022 at 2:02 PM Vera, GustavoX  wrote:
>
> Quick question: is there a schedule I can follow related to your version 
> updates for the nginx package?

You can see Nginx versions supplied with Ubuntu releases by searching
packages at https://packages.ubuntu.com/.

But you may be interested in... Nginx is pretty easy to build from
sources. It has several dependencies - zLib, PCRE and OpenSSL. None of
them are difficult to build, and all of them are available from
Ubuntu, so you don't need to build them yourself.

The downside to Nginx is a non-standard configure program. Nginx does
not do things like most other packages. It also has a lot of options
so you will need to spend some time at
https://nginx.org/en/docs/configure.html.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Set up an antique machine for testing

[Jeffrey Walton]

On Mon, Jan 10, 2022 at 8:27 PM Jeffrey Walton  wrote:
> On Mon, Jan 10, 2022 at 7:40 PM  wrote:
> > Hi Jeffrey (2022.01.11_00:25:50_+)
> > > I want to install a Ubuntu Server from that era. Hardy/8.04 was
> > > contemporary around that time. I found the ISO at
> > > https://old-releases.ubuntu.com/releases/. I doubt there are any Hardy
> > > mirrors out there nowadays.
> >
> > There is at http://old-releases.ubuntu.com/ubuntu/
> >
> > > Apt wants to update its index files which is pointless for this setup.
> > > It results in an error that stops subsequent install operations.
> > >
> > > My question is, how do I get 'apt-get install' to work in this case?
> >
> > Update your APT sources to point at old-releases.ubuntu.com, then you
> > can apt install anything you want.
> >
> > On less ancient releases you may need to also tell apt to disable
> > Check-Valid-Until.
>
> Thanks Stefano. That worked out perfectly. I was not aware
> old-releases.ubuntu.com was the mirror that would allow 'apt-get
> install' to work.

In case anyone is interested... I have a GitHub that allows us to
install modern cURL, Wget, Git, SSH, etc. It is a hack and piss-poor
excuse for a package manager, but it works great on this old stuff to
get modern tools. The rub is, we need autotools, a compiler, and a few
other tools to get started. You can find it here:
https://github.com/noloader/Build-Scripts.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Set up an antique machine for testing

[Jeffrey Walton]

On Mon, Jan 10, 2022 at 7:40 PM  wrote:
>
> Hi Jeffrey (2022.01.11_00:25:50_+)
> > I want to install a Ubuntu Server from that era. Hardy/8.04 was
> > contemporary around that time. I found the ISO at
> > https://old-releases.ubuntu.com/releases/. I doubt there are any Hardy
> > mirrors out there nowadays.
>
> There is at http://old-releases.ubuntu.com/ubuntu/
>
> > Apt wants to update its index files which is pointless for this setup.
> > It results in an error that stops subsequent install operations.
> >
> > My question is, how do I get 'apt-get install' to work in this case?
>
> Update your APT sources to point at old-releases.ubuntu.com, then you
> can apt install anything you want.
>
> On less ancient releases you may need to also tell apt to disable
> Check-Valid-Until.

Thanks Stefano. That worked out perfectly. I was not aware
old-releases.ubuntu.com was the mirror that would allow 'apt-get
install' to work.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Set up an antique machine for testing

[Jeffrey Walton]

Hi Everyone,

I need to test a few security controls for an antique piece of
hardware and software. The antique software includes Java 1.5
environment (SEPT 2004 - NOV 2009). The company has not been able to
upgrade for several reasons, and I don't have control over it.

I want to install a Ubuntu Server from that era. Hardy/8.04 was
contemporary around that time. I found the ISO at
https://old-releases.ubuntu.com/releases/. I doubt there are any Hardy
mirrors out there nowadays.

I need to get autotools, package-config, gcc, python and perl
installed. I also need to get Java or OpenJDK installed, which should
be about Java 1.5.

Apt wants to update its index files which is pointless for this setup.
It results in an error that stops subsequent install operations.

My question is, how do I get 'apt-get install' to work in this case?

Thanks in advance.

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Ubuntu LTS20.04 - wireguard package

[Jeffrey Walton]

On Mon, Jan 10, 2022 at 2:02 PM Filip Menke  wrote:
>
> Is there a reason why the wireguard package is outdated and no updates are 
> available through the standard update process(apt-get update / upgrade)?
>
> Users must update the package manually and from a security perspective a VPN 
> server should be always up to date otherwise the system could be vulnerable..

Related, if you want the latest version of a package like Wireguard
(or GCC, or Python, or Perl, ...), then you might want to look at
Fedora.

Fedora has a 6 month release cycle. Each version you are on has the
latest releases of its packages and gets full updates. And in 6 months
you move onto the next stable version. At the 6 month release in the
life cycle, you simply run dnf-system-upgrade [1] and you are on the
next version of Fedora. dnf-system-upgrade is a lot like a Ubuntu
dist-upgrade.

I really like Fedora's model, the use of SELinux in enforcing mode,
and Fedora's desire to provide the latest versions of software. In
fact, I run Fedora Workstations to test the latest GCC compilers, and
Fedora Servers when I need a web server.

I no longer bother with CentOS or Red Hat servers. I can't stand that
antique software that makes you use Software Collections (SCL) to get
something semi-modern. I gave up on CentOS and Red Hat servers when
trying to get Mediawiki running on them. CentOS and Red Hat servers
with their old software was just too much work.

I also use Ubuntu workstations and servers. But every now and again
you want the latest software for a server, and that's when you want to
consider Fedora.

[1] https://docs.fedoraproject.org/en-US/quick-docs/dnf-system-upgrade/

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: [integer-Ticket #81335] Log4J Sicherheitslücke

[Jeffrey Walton]

On Sat, Dec 18, 2021 at 3:50 PM Christian Ehrhardt <
christian.ehrha...@canonical.com> wrote:

>
> On Tue, Dec 14, 2021 at 10:17 PM integer GmbH 
> wrote:
>
>> Hello Ubuntu-Team,
>> can you please tell me if the follwoing software is affected by the Log4J
>> exploit?
>>
>
> *disclaimer: I'm not from the security team and this is not a definitive
> or formal answer*
>
> In general for CVEs you'd want to check the https://ubuntu.com/security
> entry for it.
> It will mention its status, affected packages and link to further
> ressources one should know about.
> In this case the links to USN and the wiki page are very helpful as well.
>
> In this case that is at: https://ubuntu.com/security/CVE-2021-44228
>

Related, it looks like CVE-2021-45046 against log4j2 v2.15 applies as well.
It can result in a Remote Code Execution (RCE) under certain circumstances.
Also see https://www.openwall.com/lists/oss-security/2021/12/18/1.

Jeff
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: log4j rce patch

[Jeffrey Walton]

On Tue, Dec 14, 2021 at 6:32 AM Alex Murray  wrote:
> ...
> >
> > Also see https://www.randori.com/blog/cve-2021-44228/
>
> Please see https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Log4Shell for 
> more details but updates are now available, however the USN is still pending 
> publication.

Thanks Alex. Let me review the wiki page.

I see Ubuntu sent out a notice today.
https://ubuntu.com/security/notices/USN-5192-1.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Add a ca root to ca-certificates in WSL environment?

[Jeffrey Walton]

On Tue, Dec 14, 2021 at 9:17 AM Michael Loftis  wrote:
>
> No special magic for the WSL Ubuntu install.  You just apt-get install
> ca-certificates on the WSL Ubuntu environment command line, drop the
> pem certificate(s) in file(s) in /etc/ssl/certs, run
> update-ca-certificates (as root, use sudo) and you're done.   Just
> make sure the pem's are globally readable. The new certificate(s) will
> be included in /etc/ssl/certs/ca-certificates.crt and all system
> packages use that as their trusted root certs, pretty sure it'll also
> add the hash symlinks too.  That decade (and a bit) old IR is long,
> long, long closed.  This will NOT affect any Windows based stuff.

Ack, thanks.

> If you need to have it packaged then you'll have to do your own
> package, with a post-install hook.  You shouldn't be
> replacing/overriding the ca-certificates package.

Thanks.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Add a ca root to ca-certificates in WSL environment?

[Jeffrey Walton]

Hi Everyone,

I'm working on a Windows machine with Windows Subsystem Linux (WSL).
The machine hosts Ubuntu 20.04. We are having some TLS problems due to
an interception proxy. I need to add a CA root to the ca-certificates
package or store.

I checked the Ubuntu wiki and found one article on ca-certificates at
https://wiki.ubuntu.com/IncidentReports/2011-09-20-ca-certificates-removes-libnss3.

I'm Ok with dropping the root CA in the filesystem and running
c_rehash, if needed. I'm happy to use the method if that is
recommended.

My question is, how would I go about adding a root CA to the machine's
trusted root store?

Thanks in advance.

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

log4j rce patch

[Jeffrey Walton]

Hi Everyone,

Has Ubuntu pushed a patch for the log4j rce that was dropped earlier today?

At work, we think we are seeing activity due to zero day. But I am not
sure the servers are fully patched at the moment.

Also see https://www.randori.com/blog/cve-2021-44228/

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Remove CloudInit from Ubuntu Server

[Jeffrey Walton]

On Tue, Nov 30, 2021 at 2:05 AM Christian Ehrhardt
 wrote:
>
> On Mon, Nov 29, 2021 at 10:24 PM Jeffrey Walton  wrote:
> >
> > I'm testing Ubuntu Server in a VM. I noticed the server edition
> > includes CloudInit by default. I don't need a VM inside a VM so I
> > would like to remove it.
>
> There might be a misunderstanding. The CloudInit installed in your
> current VM (level 1) isn't responsible for a potential VM (level 2)
> further inside it.
>
> It is responsible to allow customization of your current VM (level 1).
> And depending on where/how you run/host your current VM (level 1) it
> might already be used to do customization when you have spawned it.
>
> > The CloudInit docs don't say if it is Ok to remove
> > (https://help.ubuntu.com/community/CloudInit).
> >
> > Is it Ok to remove CloudInit?
>
> We generally consider the ability to customize a system a core feature
> of a server image, therefore ubuntu-server-minimal depends on
> cloud-init and removing it will thereby wreak havoc as it would
> (auto)remove plenty of other things then.
> Even when not using CloudInit, it isn't much of a burden - it is small
> and designed to quickly check if there is no datasource and then does
> nothing.
> If even that is too much you can completely disable its start, for
> that check out [1]
>
> [1]: https://cloudinit.readthedocs.io/en/latest/topics/boot.html#generator

Ack, thanks. No sense in wreaking havoc :)

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Remove CloudInit from Ubuntu Server

[Jeffrey Walton]

Hi Everyone,

I'm testing Ubuntu Server in a VM. I noticed the server edition
includes CloudInit by default. I don't need a VM inside a VM so I
would like to remove it.

The CloudInit docs don't say if it is Ok to remove
(https://help.ubuntu.com/community/CloudInit).

Is it Ok to remove CloudInit?

Thanks in advance.

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: libreoffice_gtk3

[Jeffrey Walton]

On Sun, Sep 26, 2021 at 5:46 PM lemonnier  wrote:

> Hello to all your team.
> I want to report a bug with libre office version 7.1.2.1 under oubuntu
mate 20.04.
>
> Installing the libre office-gtk3 package with synaptic causes calc to
crash when moving through the calc sheets

How to Report Bugs in Ubuntu,
https://help.ubuntu.com/community/ReportingBugs

How to Report Bugs in LibreOffice,
https://wiki.documentfoundation.org/QA/BugReport
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Wget failures connecting to GitHub on Ubuntu 20

[Jeffrey Walton]

On Sat, Sep 18, 2021 at 7:16 AM Colin Watson  wrote:
>
> On Fri, Sep 17, 2021 at 09:15:12PM -0400, Jeffrey Walton wrote:
> > This caught me by surprise today:
> >
> > $ lsb_release -a
> > No LSB modules are available.
> > Distributor ID: Ubuntu
> > Description:Ubuntu 20.04.3 LTS
> > Release:20.04
> > Codename:   focal
> >
> > $ wget -O main.cxx
> > https://raw.githubusercontent.com/austin-clifton/cryptopp-chacha-asm-test/main/src/main.cpp
>
> This works fine for me on 20.04; perhaps the relevant DigiCert CA is
> disabled on your system.  Try "sudo dpkg-reconfigure ca-certificates"
> and make sure it's enabled.

Thanks Colin. That command cleared the issue.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Wget failures connecting to GitHub on Ubuntu 20

[Jeffrey Walton]

Hi Everyone,

This caught me by surprise today:

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 20.04.3 LTS
Release:20.04
Codename:   focal

$ wget -O main.cxx
https://raw.githubusercontent.com/austin-clifton/cryptopp-chacha-asm-test/main/src/main.cpp
  --2021-09-17 21:13:12--
https://raw.githubusercontent.com/austin-clifton/cryptopp-chacha-asm-test/main/src/main.cpp
Resolving raw.githubusercontent.com (raw.githubusercontent.com)...
185.199.111.133, 185.199.110.133, 185.199.109.133, ...
Connecting to raw.githubusercontent.com
(raw.githubusercontent.com)|185.199.111.133|:443... connected.
ERROR: cannot verify raw.githubusercontent.com's certificate, issued
by 'CN=DigiCert SHA2 High Assurance Server
CA,OU=www.digicert.com,O=DigiCert Inc,C=US':
  Unable to locally verify the issuer's authority.
To connect to raw.githubusercontent.com insecurely, use
`--no-check-certificate'.

$ command -v wget
/usr/bin/wget

$ wget --version
GNU Wget 1.20.3 built on linux-gnu.

-cares +digest -gpgme +https +ipv6 +iri +large-file -metalink +nls
+ntlm +opie +psl +ssl/openssl

Wgetrc:
/etc/wgetrc (system)
Locale:
/usr/share/locale
Compile:
gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc"
-DLOCALEDIR="/usr/share/locale" -I. -I../../src -I../lib
-I../../lib -Wdate-time -D_FORTIFY_SOURCE=2 -DHAVE_LIBSSL -DNDEBUG
-g -O2 -fdebug-prefix-map=/build/wget-OYIfr9/wget-1.20.3=.
-fstack-protector-strong -Wformat -Werror=format-security
-DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -g -Wall
Link:
gcc -DHAVE_LIBSSL -DNDEBUG -g -O2
-fdebug-prefix-map=/build/wget-OYIfr9/wget-1.20.3=.
-fstack-protector-strong -Wformat -Werror=format-security
-DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -g -Wall -Wl,-Bsymbolic-functions
-Wl,-z,relro -Wl,-z,now -lpcre2-8 -luuid -lidn2 -lssl -lcrypto -lz
-lpsl ftp-opie.o openssl.o http-ntlm.o ../lib/libgnu.a

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: cinnamon-screensaver

[Jeffrey Walton]

On Wed, Sep 15, 2021 at 7:01 PM Nicola Fusco  wrote:
>
> I have installed another screensaver, so I had the good idea to remove
> the old one, and now I cannot enter the graphic environment anymore.
>
> I tried to install the cinnamon-screensaver again, but with no luck:
> perhaps some others required packages have been removed with the
> screensaver, which I have to install again? and which are these packages?

Here's what I am seeing for Ubuntu 20.04.3 LTS:

$ sudo apt-get remove cinnamon-screensaver
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  cinnamon-common cjs gir1.2-caribou-1.0 gir1.2-cinnamondesktop-3.0
  gir1.2-clutter-1.0 gir1.2-cmenu-3.0 gir1.2-cogl-1.0 gir1.2-coglpango-1.0
  gir1.2-gkbd-3.0 gir1.2-gtkclutter-1.0 gir1.2-keybinder-3.0
  gir1.2-meta-muffin-0.0 gir1.2-nemo-3.0 gir1.2-timezonemap-1.0
  gir1.2-xapp-1.0 gir1.2-xkl-1.0 iso-flags-png-320x240 libcaribou-common
  libcaribou0 libcjs0 libcscreensaver0 libkeybinder-3.0-0 libmozjs-52-0
  libtimezonemap-data libtimezonemap1 metacity-common python3-pampy
  python3-psutil python3-pyinotify python3-setproctitle python3-xapp
  python3-xlib
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
  cinnamon cinnamon-core cinnamon-desktop-environment cinnamon-screensaver
0 upgraded, 0 newly installed, 4 to remove and 0 not upgraded.
After this operation, 1,494 kB disk space will be freed.
Do you want to continue? [Y/n] N
Abort.

Here is what I am seeing on Linux Mint 20.2:

$ sudo apt-get remove cinnamon-screensaver
[sudo] password for jwalton:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  bulky python3-magic
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
  cinnamon cinnamon-dbg cinnamon-screensaver mint-meta-cinnamon
0 upgraded, 0 newly installed, 4 to remove and 0 not upgraded.
After this operation, 3,389 kB disk space will be freed.
Do you want to continue? [Y/n] N
Abort.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: SBCL : building : Makefile : where to find?

[Jeffrey Walton]

On Wed, Jul 14, 2021 at 3:58 PM em...@kathe.in  wrote:
>
> Where should I look to find the process (Makefile) used to build SBCL under 
> Ubuntu?
> I tried look under http://in.archive.ubuntu.com/ubuntu but got disoriented 
> quite quickly.

Typically (or most often with GNU software) you run a configure
script. There is literally a script called 'configure' in the tarball.
The configure script generates the makefiles for you.

GNU software comes with README and INSTALL files. You should check
them for instructions on building and installing the software. For
non-GNU software you have to look through the files provided in the
tarball.

I'm not familiar with SBCL. If it is https://github.com/sbcl/sbcl,
then it looks like you may need to run install.sh. See the INSTALL
file for details at https://github.com/sbcl/sbcl/blob/master/INSTALL.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Broken dependencies which are required and I can't fix

[Jeffrey Walton]

On Mon, Jul 12, 2021 at 2:34 PM Kelechi Mba  wrote:
>
> I'm a new Ubuntu user and I have come across some troubles. I have some 
> broken dependencies which is making me not able to use the apt-get command. 
> I've tried reinstalling and removing the packages using the Synaptic Package 
> manager but I always come up with some errors.
> The packages that are broken are libcrypt1:i386, libgcc-s1:i386, 
> libidn2-0:i386, liblz4-1:i386, libudev1:i386, and libunistring2:i386.
> When I tried reinstalling the packages I get the error "E: Internal Error, No 
> file name for libgcc-s1:i386" and I don't know how to fix it. How do I fix 
> this?

In the old days you just installed ia32-libs.

Nowadays you do something like this:

$ sudo apt-get install lib32z1 lib32ncurses5
$ sudo apt-get install gcc-multilib gcc-7-multilib
$ sudo apt-get install g++-multilib g++-7-multilib

You should check the version of GCC that comes with the platform and
use the specific version when installing. My -m32 test system happens
to use GCC 7 by default, hence gcc-7-multilib and g++-7-multilib.

If you have dependencies, then you use the :i386 syntax, like:

$ sudo apt-get install libfoo:i386

Also see https://help.ubuntu.com/community/MultiArch, which is kind of
dated nowadays.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: help me install scidavis

[Jeffrey Walton]

On Mon, Jun 21, 2021 at 7:08 PM LEOMAR VALMORBIDA
 wrote:
>
> There are addictions that I can't solve, can you help me?

It looks like SciDAVis is not available in Ubuntu repos:

$ apt-cache search scidavis
$

It looks like you can find help from the SciDAVis folks at
http://scidavis.sourceforge.net/help.html . Also see
https://highperformancecoder.github.io/scidavis-handbook/compilation.html
.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Cannot load lib32z1: 32 bit package

[Jeffrey Walton]

On Mon, May 31, 2021 at 3:59 PM Pienkowski Andy
 wrote:
>
> I am writing to you in some desperation to find out how to load the lib32z1 
> package into a Ubuntu 20.04 installation.  I have two equivalent dual boot 
> Ububtu 20.04 systems.  One has the lib32z1 installed, the other will not 
> allow its installation for some reason?  (Please see the attached picture.)

In the old days you just installed ia32-libs.

Nowadays you do something like this:

$ sudo apt-get install lib32z1 lib32ncurses5
$ sudo apt-get install gcc-multilib gcc-7-multilib
$ sudo apt-get install g++-multilib g++-7-multilib

You should check the version of GCC that comes with the platform and
use the specific version when installing. My -m32 test system happens
to use GCC 7 by default, hence gcc-7-multilib and g++-7-multilib.

If you have dependencies, then you use the :i386 syntax, like:

$ sudo apt-get install libfoo:i386

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: rng-tools and VIA chipsets with Padlock

[Jeffrey Walton]

> My question is, is this something Ubuntu would like to investigate?

This looks like a problem I encountered in the past with rng-tools.
The problem in the past was, rngd is an old System V service. It does
not start correctly under Systemd.

I believe I fixed the problem in the past using a proper Systemd
service file. In fact, I think sysv wrapper would actually work if
Systemd retired the failed start.

$ systemctl status rng-tools.service
● rng-tools.service
   Loaded: loaded (/etc/init.d/rng-tools; generated)
   Active: active (exited) since Mon 2021-05-17 15:04:17 EDT; 2h 49min ago
 Docs: man:systemd-sysv-generator(8)
  Process: 372 ExecStart=/etc/init.d/rng-tools start (code=exited, status=0/SUCC

May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: No entropy sources working, exiting rngd
May 17 15:04:17 via systemd[1]: Started rng-tools.service.

$ journalctl -xe -u rng-tools.service
...
-- Reboot --
May 17 15:04:15 via systemd[1]: Starting rng-tools.service...
-- Subject: Unit rng-tools.service has begun start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit rng-tools.service has begun starting up.
May 17 15:04:15 via rng-tools[372]: Starting Hardware RNG entropy gatherer daemo
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
 ...
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: No entropy sources working, exiting rngd
May 17 15:04:17 via systemd[1]: Started rng-tools.service.
-- Subject: Unit rng-tools.service has finished start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit rng-tools.service has finished starting up.
--
-- The start-up result is RESULT.
lines 1193-1215/1215 (END)

On Mon, May 17, 2021 at 4:33 PM Jeffrey Walton  wrote:
>
> Hi Everyone,
>
> I have an old VIA C7-D machine I use for testing Padlock. Padlock is a
> security engine provides AES, SHA and a RNG for some of the VIA
> processors. (It predates Intel's gear by about 15 years).
>
> With rng-tools installed I'm seeing failures in /dev/random. Draining
> /dev/random and then trying to read from it is causing prolonged
> blocking. Blocking should not occur since Padlock has a hardware RNG.
>
> It also appears draining /dev/random is breaking /dev/urandom.
> /dev/urandom is blocking on 1024 bytes. It took about 6 minutes to
> read 1024 bytes from /dev/urandom after draining /dev/random.
>
> I pinged Thorsten and Henrique but did not receive a response.
> (Henrique is CC'd in case it fell off his radar).
>
> I believe this is the package:
> https://packages.ubuntu.com/bionic/rng-tools. But I may be mistaken.
>
> My question is, is this something Ubuntu would like to investigate?
>
> ==
>
> $ lsb_release -a
> No LSB modules are available.
> Distributor ID: Peppermint
> Description:Peppermint 10 Ten
> Release:10
> Codename:   bionic
>
> $ apt-cache show rng-tools
> Package: rng-tools
> Architecture: i386
> Version: 5-0ubuntu4
> Priority: optional
> Section: universe/utils
> Origin: Ubuntu
> Maintainer: Ubuntu Developers 
> Original-Maintainer: Henrique de Moraes Holschuh 
> Bugs: https://bugs.launchpad.net/ubuntu/+filebug
> Installed-Size: 87
> Provides: intel-rng-tools
> Depends: libc6 (>= 2.4), libgcrypt20 (>= 1.8.0), udev (>= 0.053) |
> makedev (>= 2.3.1-77)
> Conflicts: intel-rng-tools
> Replaces: intel-rng-tools
> Filename: pool/universe/r/rng-tools/rng-tools_5-0ubuntu4_i386.deb
> Size: 22424
> MD5sum: 2d5fb50e664508b75cf5261a5ebd8257
> SHA1: 229fd35e378f76f6a287a108d321e214602f2da5
> SHA256: 946a8f199b1d9f392763871428cfd634702ef4640971a94d977f27fc8a9766bd
> Description-en: Daemon to use a Hardware TRNG
>  The rngd daemon acts as a bridge between a Hardware TRNG (true random number
>  generator) such as the ones in some Intel/AMD/VIA chipsets, and the kernel's
>  PRNG (pseudo-random number generator).
>  .
>  It tests the data received from the TRNG using the FIPS 140-2 (2002-10-10)
>  tests to verify that it is indeed random, and feeds the random data to the
>  kernel entropy pool.
>  .
>  This increases the bandwidth of the /dev/random device, from a source that
>  does not depend on outside activity.  It may also improve the quality
>  (entropy) of the randomness of /dev/random.
>  .
>  A TRNG kernel module such as hw_rand

rng-tools and VIA chipsets with Padlock

[Jeffrey Walton]

Hi Everyone,

I have an old VIA C7-D machine I use for testing Padlock. Padlock is a
security engine provides AES, SHA and a RNG for some of the VIA
processors. (It predates Intel's gear by about 15 years).

With rng-tools installed I'm seeing failures in /dev/random. Draining
/dev/random and then trying to read from it is causing prolonged
blocking. Blocking should not occur since Padlock has a hardware RNG.

It also appears draining /dev/random is breaking /dev/urandom.
/dev/urandom is blocking on 1024 bytes. It took about 6 minutes to
read 1024 bytes from /dev/urandom after draining /dev/random.

I pinged Thorsten and Henrique but did not receive a response.
(Henrique is CC'd in case it fell off his radar).

I believe this is the package:
https://packages.ubuntu.com/bionic/rng-tools. But I may be mistaken.

My question is, is this something Ubuntu would like to investigate?

==

$ lsb_release -a
No LSB modules are available.
Distributor ID: Peppermint
Description:Peppermint 10 Ten
Release:10
Codename:   bionic

$ apt-cache show rng-tools
Package: rng-tools
Architecture: i386
Version: 5-0ubuntu4
Priority: optional
Section: universe/utils
Origin: Ubuntu
Maintainer: Ubuntu Developers 
Original-Maintainer: Henrique de Moraes Holschuh 
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 87
Provides: intel-rng-tools
Depends: libc6 (>= 2.4), libgcrypt20 (>= 1.8.0), udev (>= 0.053) |
makedev (>= 2.3.1-77)
Conflicts: intel-rng-tools
Replaces: intel-rng-tools
Filename: pool/universe/r/rng-tools/rng-tools_5-0ubuntu4_i386.deb
Size: 22424
MD5sum: 2d5fb50e664508b75cf5261a5ebd8257
SHA1: 229fd35e378f76f6a287a108d321e214602f2da5
SHA256: 946a8f199b1d9f392763871428cfd634702ef4640971a94d977f27fc8a9766bd
Description-en: Daemon to use a Hardware TRNG
 The rngd daemon acts as a bridge between a Hardware TRNG (true random number
 generator) such as the ones in some Intel/AMD/VIA chipsets, and the kernel's
 PRNG (pseudo-random number generator).
 .
 It tests the data received from the TRNG using the FIPS 140-2 (2002-10-10)
 tests to verify that it is indeed random, and feeds the random data to the
 kernel entropy pool.
 .
 This increases the bandwidth of the /dev/random device, from a source that
 does not depend on outside activity.  It may also improve the quality
 (entropy) of the randomness of /dev/random.
 .
 A TRNG kernel module such as hw_random, or some other source of true
 entropy that is accessible as a device or fifo, is required to use this
 package.
 .
 This is an unofficial version of rng-tools which has been extensively
 modified to add multithreading and a lot of new functionality.
Description-md5: 6da2aca3dd07b55b609d9cf3d5d7cd57

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Clang 10 patch for function multiversioning

[Jeffrey Walton]

Hi Everyone,

Would you mind picking up this patch for Clang 10 on Ubuntu 18?

* https://github.com/llvm/llvm-project/commit/0ed613612c5d

It looks like Clang is up to version 12. The patch may apply to 11 and 12, too.

Also see https://bugs.llvm.org/show_bug.cgi?id=50025.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Problem with libpng12-0 - please help me

[Jeffrey Walton]

On Mon, Mar 22, 2021 at 5:30 PM Jan Brøndum Johansson
 wrote:
>
> Hello, I followed the instructions on how to install PDF Editor in this 
> article by you https://vitux.com/how-to-edit-pdf-files-in-ubuntu/
>
> Unfortunately this caused me some serious problems on my Xubuntu 16,04 and 
> I'm hoping you will help me get this sorted out.

Ubuntu 16 is kind of old...

I would start by trying to get the machine in a good state:

  $ sudo dpkg --configure -a
  $ sudo apt install -f

followed by:

  $ sudo apt update
  $ sudo apt upgrade

Then, attempt the install.

I would not be surprised if a modern libpng package cannot be
installed on an old Ubuntu. In this case, you might want to build
libpng from sources.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Power problem with Radeon 7750 card and Nouveau driver

[Jeffrey Walton]

On Wed, Feb 10, 2021 at 3:24 AM Ralf Mardorf  wrote:
>
> On Tue, 9 Feb 2021 16:51:51 -0500, Jeffrey Walton wrote:
> >Does anyone have suggestions how to troubleshoot this further?
>
> it's probably not a driver related issue. At least you don't care for
> the correct driver. The Radeon driver is pre-installed and used for your
> Radeon graphics. The nouveau driver can't handle your AMD (the graphics
> brand formerly known as ATI) at all, since it's a driver for NVIDIA
> graphics.

Thanks Ralf.

It sounds like I picked the wrong card. My apologies for the noise.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Power problem with Radeon 7750 card and Nouveau driver

[Jeffrey Walton]

Hi Everyone,

I'm working on Ubuntu 20.04, x86_64, fully patched. It has the
5.4.0-64 kernel. The machine is a Dell XPS 8930 with an i7-8700,
https://www.amazon.com/gp/product/B078N85NCR.

I'm having a power management problem. The monitor goes to sleep and
does not wake up. Power Management applet settings are (a) turn
monitor off after 15 minutes, and (b) never go to sleep. Moving the
mouse and tapping on the keyboard does not seem to wake the monitor.
In this state I can SSH into the machine.

I think this issue has to do with Noveau. The problem started after I
removed the original GeForce GTX 1060 (Nvidia driver) and installed a
Radeon 7750 (Nouveau driver). I switched cards for the open source
driver. The Radeon 7750 card is
https://www.amazon.com/gp/product/B00C7EPSVS. The monitor cable is
HDMI to Mini DisplayPort. It is a new cable for use with the Radeon
card. https://www.amazon.com/gp/product/B00YONKZ72.

I have the package xserver-xorg-video-nouveau installed. I removed all
the Nvidia and purged all the packages.

The logs I have found look like this (from log viewer):


12:10 PM radeon_dp_aux_transfer_native: 2510 callbacks suppressed
 2:00 PM radeon_dp_aux_transfer_native: 1040 callbacks suppressed

 2:01 PM [drm:radeon_dp_link_train [radeon]] *ERROR* displayport link
status failed
 2:01 PM [drm:radeon_dp_link_train [radeon]] *ERROR* clock recovery failed
 2:01 PM [drm:radeon_dp_link_train [radeon]] *ERROR* displayport link
status failed
 2:01 PM [drm:radeon_dp_link_train [radeon]] *ERROR* clock recovery failed
 2:05 PM radeon_dp_aux_transfer_native: 566 callbacks suppressed


I searched Freedesktop's GitLab issues
(https://gitlab.freedesktop.org/drm/nouveau/-/issues) related to
"*ERROR* displayport link status failed" and "*ERROR* clock recovery
failed". GitLab did not return any hits.

I noticed I was missing the nouveau-firmware package. When I added it
I lost the monitor completely. The monitor displayed a message similar
to "No HDMI signal present", even during a reboot. nouveau-firmware
definitely made things worse. Removing nouveau-firmware did not help.
The "No HDMI signal" problem persisted. I had to switch back to the
GeForce card and the Nvidia driver.

Does anyone have suggestions how to troubleshoot this further?

$ apt-cache show xserver-xorg-video-nouveau
Package: xserver-xorg-video-nouveau
Architecture: amd64
Version: 1:1.0.16-1
Priority: optional
Section: x11
Origin: Ubuntu
Maintainer: Ubuntu Developers 
Original-Maintainer: Debian X Strike Force 
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 278
Provides: xorg-driver-video
Depends: libc6 (>= 2.4), libdrm-nouveau2 (>= 2.4.38), libdrm2 (>=
2.4.61), libudev1 (>= 183), xorg-video-abi-24, xserver-xorg-core (>=
2:1.18.99.901)
Recommends: libgl1-mesa-dri (>= 9.0)

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Ubuntu 18.04 and "Bad arg length for Socket::inet_ntoa" when using IPv6

[Jeffrey Walton]

On Fri, Jan 1, 2021 at 2:06 PM Robie Basak  wrote:
>
> Hi Jeff,
>
> On Fri, Jan 01, 2021 at 01:27:58PM -0500, Jeffrey Walton wrote:
> > On Sat, Dec 12, 2020 at 12:13 PM Jeffrey Walton  wrote:
> > > Would someone have a look at
> > > https://bugs.launchpad.net/ubuntu/+source/libhttp-daemon-perl/+bug/1904907
> > > when time is available.
> > >
> > > The issue causes self tests failures in a lot of packages, including
> > > Wget and Wget2. When 'make check' fails it munges up the install
> > > process. We don't have authority to install a package that fails its
> > > self tests.
> >
> > Wget 1.21 was released on DEC 31, 2020. It is still failing its self tests.
> >
> > Is there any hope of getting Perl fixed before Ubuntu 18 goes end-of-life?
>
> I'm sorry you're having problems. If I may, I'd like to adjust your
> expectations.
>
> Since this doesn't look like this has a real impact on any Ubuntu users
> not bound by their own policies, I don't expect that anyone will
> prioritise it, so it is unlikely to get fixed. If my understanding here
> is wrong, maybe you could clarify?
>
> If you'd like to contribute a fix yourself, then we'd welcome that
> regardless. We can help guide you, but we'd expect volunteers to provide
> all the necessary legwork.

That would be a bad idea. Asking people without knowledge of the
problem domain is just plain stupid. It is a recipe for disaster.

The people with the knowledge of the problem domain should perform the work.

> A fix to a stable release is subject to our policies documented at
> https://wiki.ubuntu.com/StableReleaseUpdates (and the reasoning for our
> requirements are documented there too). It's not clear to me from your
> bug report if the change you want would qualify under our policy. If you
> are prepared to do the legwork, I'd start by considering our policy to
> save effort if it does turn out that your proposed change would not
> qualify.

Sorry, but I have no idea what the policies say.

Leaving IPv6 broken in 2018 or 2020 means there's a broken policy in
place, if that's the case. We (in the US) have been experiencing a lot
of broken policies lately. Like the ones that allow police to murder
black people at will without any accountability.

Broken policies carry no weight with me.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Ubuntu 18.04 and "Bad arg length for Socket::inet_ntoa" when using IPv6

[Jeffrey Walton]

On Sat, Dec 12, 2020 at 12:13 PM Jeffrey Walton  wrote:
>
> Would someone have a look at
> https://bugs.launchpad.net/ubuntu/+source/libhttp-daemon-perl/+bug/1904907
> when time is available.
>
> The issue causes self tests failures in a lot of packages, including
> Wget and Wget2. When 'make check' fails it munges up the install
> process. We don't have authority to install a package that fails its
> self tests.

Wget 1.21 was released on DEC 31, 2020. It is still failing its self tests.

Is there any hope of getting Perl fixed before Ubuntu 18 goes end-of-life?

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Ubuntu 18.04 and "Bad arg length for Socket::inet_ntoa" when using IPv6

[Jeffrey Walton]

Hi Everyone,

Would someone have a look at
https://bugs.launchpad.net/ubuntu/+source/libhttp-daemon-perl/+bug/1904907
when time is available.

The issue causes self tests failures in a lot of packages, including
Wget and Wget2. When 'make check' fails it munges up the install
process. We don't have authority to install a package that fails its
self tests.

If I am parsing the issue properly, the fix has been available for
several years. This may also be helpful from Red Hat
https://access.redhat.com/errata/RHBA-2018:0665:

* BZ - 1413065 - HTTP-Daemon does not support IPv6: Arg length for inet_ntoa
* BZ - 1492760 - IO::Socket::IP->new() fails to listen on unspecified
local address

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: openarena package needs to be recompiled

[Jeffrey Walton]

On Mon, Dec 7, 2020 at 4:34 PM Czesław Makarski  wrote:
>
> on the Ubuntu 20.04 install the openarena package is broken. Could it be 
> possible fixed? Thanks.
>
> The details are in the following link: 
> https://bugs.launchpad.net/ubuntu/+source/openarena/+bug/1882432

Also see Bug #966173, "libc6: __atan2_finite reference in dlopened
module no longer found in executable linked to libm",
https://www.mail-archive.com/debian-glibc@lists.debian.org/msg59264.html

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Ubuntu 18.04 and "sig_hashalgo: md4"

[Jeffrey Walton]

Thanks Dimitri,

> If this is time critical for you, you could install kmod from focal on
> your bionic system (or use it from chroot).

It's nothing urgent. The issue fell out of a script I was working on.
But I've got a feeling it's going to take a few years for the kmod
changes to become readily available.

I'll probably switch to a C program using OpenSSL to do it.

Jeff

On Mon, Sep 7, 2020 at 5:03 AM Dimitri John Ledkov  wrote:
>
> Hey,
>
> linux kernel upstream has changed how signatures look like in
> v5.2-rc1, and only kmod 27 learned how to parse them. But bionic ships
> kmod 24, meaning with hwe / cloud kernels, the information printed by
> e.g. modinfo is incomplete.
>
> Normally bug reports should be opened in launchpad, i have done so now
> at https://bugs.launchpad.net/ubuntu/+source/kmod/+bug/1894611
>
> If this is time critical for you, you could install kmod from focal on
> your bionic system (or use it from chroot).
>
> On Sun, 6 Sep 2020 at 01:40, Jeffrey Walton  wrote:
> >
> > Hi Everyone,
> >
> > Ubuntu 18.04's modinfo looks like it is subject to
> > https://bugzilla.redhat.com/show_bug.cgi?id=1320921 and
> > https://bugzilla.redhat.com/show_bug.cgi?id=1490975.
> >
> > $ modinfo crypto_simd
> > filename:   /lib/modules/5.3.0-66-generic/kernel/crypto/crypto_simd.ko
> > license:GPL
> > srcversion: 701320EC07F22E0D8427859
> > depends:cryptd
> > retpoline:  Y
> > intree: Y
> > name:   crypto_simd
> > vermagic:   5.3.0-66-generic SMP mod_unload
> > signat: PKCS#7
> > signer:
> > sig_key:
> > sig_hashalgo:   md4
> >
> > A quick Google search did not pick up a similar Ubuntu bug report,
> > like Red Hat's 1320921 and 1490975.
> >
> > It looks like the fix was checked in about a year and a half ago. Also
> > see https://lwn.net/Articles/779249/.
> >
> > Would it be possible to pick up the fix?

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Ubuntu 18.04 and "sig_hashalgo: md4"

[Jeffrey Walton]

Hi Everyone,

Ubuntu 18.04's modinfo looks like it is subject to
https://bugzilla.redhat.com/show_bug.cgi?id=1320921 and
https://bugzilla.redhat.com/show_bug.cgi?id=1490975.

$ modinfo crypto_simd
filename:   /lib/modules/5.3.0-66-generic/kernel/crypto/crypto_simd.ko
license:GPL
srcversion: 701320EC07F22E0D8427859
depends:cryptd
retpoline:  Y
intree: Y
name:   crypto_simd
vermagic:   5.3.0-66-generic SMP mod_unload
signat: PKCS#7
signer:
sig_key:
sig_hashalgo:   md4

A quick Google search did not pick up a similar Ubuntu bug report,
like Red Hat's 1320921 and 1490975.

It looks like the fix was checked in about a year and a half ago. Also
see https://lwn.net/Articles/779249/.

Would it be possible to pick up the fix?

Thanks in advance.

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Crypto++ and Patch for CVE-2015-2141 committed

[Jeffrey Walton]

Hello,

You are receiving this email because you are (or were) listed as a
package maintainer for Crypto++. Emails are also being sent to the
well known security@ address from RFC 2142. Please accept apologies if
you receive this email multiple times.

Crypto++ committed the patch for CVE-2015-2141 today. For SVN, the
commit of interest is r542. You can find it at
https://sourceforge.net/p/cryptopp/code/542/. For GitHub, the commit
of interest is 9425e16437439e68c7d96abef922167d68fafaff. You can find
it at 
https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff.

* CVE-2015-2141 Details *

Evgeny Sidorov discovered he could recover the private key when using
Rabin-Williams signatures due to a bad interaction with the blinding
value used to mask private key operations. The bad interaction had to
do with the random value not meeting certain Jacobi requirements. The
full writeup can be found at https://eprint.iacr.org/2015/368.

Jean-Pierre Münch suggested a simple fix to avoid the bad interaction:
square the random value. Squaring the random value meant the value
satisfied the Jacobi requirements, and it avoid trial-and-error on
producing the random value in a loop. Avoiding trial-and-error saved
about 6-8 iterations of the loop, and about 12 Jacobi tests on
average.

* Obtain the latest sources *

To checkout from SVN, issue:

   svn checkout https://svn.code.sf.net/p/cryptopp/code/trunk/c5 cryptopp

To clone from Wei Dai's GitHub, issue:

git clone https://github.com/weidai11/cryptopp.git cryptopp

The ZIP files from the website do *not* include the latest revisions.
You should not build a package based upon it.

* DataDir patch *

As a maintainer, you may be interested in the DataDir patch. The patch
ensures the self tests and benchmarks run after the library is
installed.

For the patch and a script to help integrate it, see
http://www.cryptopp.com/wiki/DataDir.

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

glade-doc dependency problem

[Jeffrey Walton]

Hi All,

Reference Bug #477300
(https://bugs.launchpad.net/ubuntu/+source/scrollkeeper/+bug/477300?comments=all).

It appears glade-doc depends on libscrollkeeper0, which is no longer available.

Jeff

$ sudo apt-get install glade-doc
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
  glade-doc: Depends: libscrollkeeper0 but it is not installable
E: Broken packages

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss