You are not logged in.
- Topics: Active | Unanswered
#201 Other Issues » [SOLVED] Security update delays (again) » 2021-05-05 18:22:07
- pcalvert
- Replies: 8
I received this notification more than 24 hours ago:
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4912-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 04, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------Package : exim4
CVE ID : CVE-2020-28007 CVE-2020-28008 CVE-2020-28009 CVE-2020-28010
CVE-2020-28011 CVE-2020-28012 CVE-2020-28013 CVE-2020-28014
CVE-2020-28015 CVE-2020-28017 CVE-2020-28019 CVE-2020-28021
CVE-2020-28022 CVE-2020-28023 CVE-2020-28024 CVE-2020-28025
CVE-2020-28026The Qualys Research Labs reported several vulnerabilities in Exim, a
mail transport agent, which could result in local privilege escalation
and remote code execution.Details can be found in the Qualys advisory at
https://www.qualys.com/2021/05/04/21nails/21nails.txtFor the stable distribution (buster), these problems have been fixed in
version 4.92-8+deb10u6.We recommend that you upgrade your exim4 packages.
For the detailed security status of exim4 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/exim4Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Reference:
https://www.debian.org/security/2021/dsa-4912
I've run apt update multiple times since then, and it hasn't shown up yet.
$ apt policy exim4
exim4:
Installed: 4.92-8+deb10u5
Candidate: 4.92-8+deb10u5
Version table:
*** 4.92-8+deb10u5 500
500 http://deb.devuan.org/merged beowulf/main amd64 Packages
100 /var/lib/dpkg/status
4.92-8+deb10u4 500
500 http://deb.devuan.org/merged beowulf-security/main amd64 PackagesAlthough I could be mistaken, this does not seem like normal behavior to me.
#202 Re: Hardware & System Configuration » Firewall on laptop with Chimaera » 2021-05-02 23:15:31
I like FireHOL. It uses a simple, human-readable configuration file.
Package name: firehol
More info:
https://firehol.org/
https://packages.debian.org/stable/firehol
For a laptop, the default configuration would probably be sufficient.
Phil
#203 Re: Devuan Derivatives » Issues installing VirtualBox on Refracta » 2021-03-24 15:13:36
I don't have any ideas for the usb. Yes I do. Not a fix; just a workaround. Someone I know used shared folders with a usb mounted on the host system.
Good idea. That might help some people. Unfortunately, that won't work for a printer or scanner.
Since version 5.2 worked just fine on Devuan ASCII, I figured I would go back to using that version even though it's no longer supported. Imagine my surprise when I encountered the same error messages when I tried to install version 5.2 on Beowulf-based Refracta.
This was my final attempt to get VirtualBox working:
$ wget https://download.virtualbox.org/virtualbox/6.1.18/VirtualBox-6.1.18-142142-Linux_amd64.run
$ wget https://www.virtualbox.org/download/hashes/6.1.18/SHA256SUMS
$ sha256sum VirtualBox-6.1.18-142142-Linux_amd64.run
[Then check to make sure that the sha256sum value is correct.]
$ su
[Enter root password.]
# chmod u+x VirtualBox-6.1.18-142142-Linux_amd64.run
# ./VirtualBox-6.1.18-142142-Linux_amd64.run installI was quite surprised when those same error messages appeared again.
This is what I did to try to repair (complete) the installation:
# update-rc.d vboxdrv defaults
# rcvboxdrv setupI then tested USB passthrough to see if it was working, and it was not. At this point I almost gave up. In fact, I did a minimal installation of QEMU and started researching the different utilities and GUI tools that are available for QEMU.
I then had a hunch that I should try rebooting the system. I didn't think it would help, but I went ahead and did it anyway. That worked -- USB passthrough is now working.
#204 Devuan Derivatives » Issues installing VirtualBox on Refracta » 2021-03-19 21:00:01
- pcalvert
- Replies: 11
I ran into some problems when installing VirtualBox 6.1.18 on Beowulf-based Refracta.
Here's the relevant info:
$ cat /etc/apt/sources.list.d/virtualbox.list
deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian buster contrib# aptitude install virtualbox-6.1 -r
The following NEW packages will be installed:
libqt5opengl5{a} libqt5printsupport5{a} libsdl-ttf2.0-0{a} virtualbox-6.1
0 packages upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/88.7 MB of archives. After unpacking 215 MB will be used.
Do you want to continue? [Y/n/?] y
Preconfiguring packages ...
Selecting previously unselected package libqt5opengl5:amd64.
(Reading database ... 158142 files and directories currently installed.)
Preparing to unpack .../libqt5opengl5_5.11.3+dfsg1-1+deb10u4_amd64.deb ...
Unpacking libqt5opengl5:amd64 (5.11.3+dfsg1-1+deb10u4) ...
Selecting previously unselected package libqt5printsupport5:amd64.
Preparing to unpack .../libqt5printsupport5_5.11.3+dfsg1-1+deb10u4_amd64.deb ...
Unpacking libqt5printsupport5:amd64 (5.11.3+dfsg1-1+deb10u4) ...
Preparing to unpack .../virtualbox-6.1_6.1.18-142142~Debian~buster_amd64.deb ...
Unpacking virtualbox-6.1 (6.1.18-142142~Debian~buster) ...
Selecting previously unselected package libsdl-ttf2.0-0:amd64.
Preparing to unpack .../libsdl-ttf2.0-0_2.0.11-6_amd64.deb ...
Unpacking libsdl-ttf2.0-0:amd64 (2.0.11-6) ...
Setting up libqt5printsupport5:amd64 (5.11.3+dfsg1-1+deb10u4) ...
Setting up libqt5opengl5:amd64 (5.11.3+dfsg1-1+deb10u4) ...
Setting up libsdl-ttf2.0-0:amd64 (2.0.11-6) ...
Setting up virtualbox-6.1 (6.1.18-142142~Debian~buster) ...
addgroup: The group `vboxusers' already exists as a system group. Exiting.
insserv: FATAL: service dbus is missed in the runlevels S to use service bluetooth
insserv: exiting now!
insserv: FATAL: service vboxdrv has to be enabled to use service vboxballoonctrl-service
insserv: FATAL: service dbus is missed in the runlevels S to use service bluetooth
insserv: exiting now!
insserv: FATAL: service vboxdrv has to be enabled to use service vboxautostart-service
insserv: FATAL: service dbus is missed in the runlevels S to use service bluetooth
insserv: exiting now!
insserv: FATAL: service vboxdrv has to be enabled to use service vboxweb-service
insserv: FATAL: service dbus is missed in the runlevels S to use service bluetooth
insserv: exiting now!
Processing triggers for mime-support (3.62) ...
Processing triggers for hicolor-icon-theme (0.17-2) ...
Processing triggers for libc-bin (2.28-10) ...
Processing triggers for shared-mime-info (1.10-1) ...
Processing triggers for desktop-file-utils (0.23-4) ...I believe that this may be a solution (or partial solution):
# update-rc.d vboxdrv defaultsReference:
Instalando VirtualBox 6.0 en Devuan Beowulf
https://www.linuxito.com/cloud/1269-ins … an-beowulf
VirtualBox runs and appears to (mostly) work. However, at least one function (USB passthrough) does not. The extension pack and guest additions have been installed, so that isn't the problem.
Anyone have any ideas? And what about those error messages regarding dbus?
P.S. Don't tell me not to use VirtualBox. I'm not ready to switch just yet.
#205 Re: Other Issues » [SOLVED] Security update delays » 2020-06-13 04:31:45
I found some evidence that this problem is back (or maybe it's a new, but related problem):
DSA-4701-1 intel-microcode -- security update
[Date Reported: 11 Jun 2020]
The update hasn't shown up for me yet, so I did some checking:
$ apt policy intel-microcode
intel-microcode:
Installed: (none)
Candidate: 3.20200609.2~deb9u1
Version table:
3.20200609.2~deb9u1 500
500 http://deb.devuan.org/merged ascii-security/non-free i386 Packages
3.20191115.2~deb9u1 500
500 http://deb.devuan.org/merged ascii/non-free i386 PackagesWhen I first looked at that, I was a little confused. And then I remembered that I am using a 64-bit kernel (it's a multi-arch system).
So I checked again:
$ apt policy intel-microcode:amd64
intel-microcode:amd64:
Installed: 3.20191115.2~deb9u1
Candidate: 3.20191115.2~deb9u1
Version table:
*** 3.20191115.2~deb9u1 500
500 http://deb.devuan.org/merged ascii/non-free amd64 Packages
500 http://deb.devuan.org/merged ascii-security/non-free amd64 Packages
100 /var/lib/dpkg/statusOkay, so that explains (partially) why I am not seeing the update. I then wondered, "Is this a Devuan problem, or is the problem on Debian's end?" To help answer that question, I added the repository for Debian Stretch security updates.
And here's the result that gave me:
$ apt policy intel-microcode:amd64
intel-microcode:amd64:
Installed: 3.20191115.2~deb9u1
Candidate: 3.20200609.2~deb9u1
Version table:
3.20200609.2~deb9u1 500
500 http://deb.debian.org/debian-security stretch/updates/non-free amd64 Packages
*** 3.20191115.2~deb9u1 500
500 http://deb.devuan.org/merged ascii/non-free amd64 Packages
500 http://deb.devuan.org/merged ascii-security/non-free amd64 Packages
100 /var/lib/dpkg/statusThat tells me that the problem is not on Debian's end.
Phil
#206 Re: Other Issues » [stable] security update delay for firefox-esr » 2020-06-06 15:13:14
What result does this give you?:
apt policy firefox-esrHere's mine:
$ apt policy firefox-esr
firefox-esr:
Installed: 68.9.0esr-1~deb9u1
Candidate: 68.9.0esr-1~deb9u1
Version table:
*** 68.9.0esr-1~deb9u1 500
500 http://deb.devuan.org/merged ascii-security/main i386 Packages
100 /var/lib/dpkg/status
68.4.1esr-1~deb9u1 500
500 http://deb.devuan.org/merged ascii/main i386 Packages
60.6.3esr-1~deb9u1 500
500 http://deb.devuan.org/merged ascii-updates/main i386 PackagesThat's on Devuan ASCII.
And here's a little more info:
$ ls -l /var/cache/apt/archives |grep firefox
-rw-r--r-- 1 root root 51238698 May 6 00:02 firefox-esr_68.8.0esr-1~deb9u1_i386.deb
-rw-r--r-- 1 root root 51256908 Jun 2 23:44 firefox-esr_68.9.0esr-1~deb9u1_i386.debPhil
#207 Re: Devuan » Why apt still links to libsystemd0? » 2020-06-04 23:07:41
Does it link to libsystemd0 because apt in Devuan is build from older source code or is that because apt in Devuan is built on Debian that has systemd?
The apt package in Devuan comes directly from Debian; it is an unmodified Debian package.
Phil
#208 Re: Devuan » Why apt still links to libsystemd0? » 2020-06-04 22:24:22
It's installed by libelogind0.
$ ldd $(which apt) | grep -i systemd $ dpkg -S /usr/lib/x86_64-linux-gnu/libsystemd.so.0
That's not a problem. It's essentially a "fake" systemd component -- libelogind0 put that there because some software expects libsystemd0 to be present. The software "thinks" it's "talking" to libsystemd0, but it's really "talking" to libelogind0.
Phil
#209 Re: Devuan » Why apt still links to libsystemd0? » 2020-06-04 22:14:15
Isn't it a symbolic link to libelogind.so.0?
Yes, you are correct.
Phil
#210 Re: Off-topic » Debian Buster with SysVinit as PID 1 [from FDN] » 2020-06-03 19:55:40
Just so people here know, here's why (in part) I chose to engage in what may seem, to some people, like a pointless endeavor:
1. To see what's currently possible.
2. To show others some of what's currently possible.
3. To (hopefully) increase the number of people using sysvinit-core and elogind -- Devuan may benefit from this since an increased number of people using those packages may help expose bugs more quickly.
Also, some people don't particularly like systemd, but they also don't want to leave Debian. Hopefully my post will help some of those people.
Phil
#211 Re: Forum Feedback » Forum notifications » 2020-05-28 00:02:29
I'm subscribed to this thread, and I didn't receive any notifications regarding replies.
Phil
#212 Forum Feedback » Forum notifications » 2020-05-27 14:08:10
- pcalvert
- Replies: 6
I haven't received any email notifications from the forum for about a month. This is from the last one I received:
Date: Sat, 25 Apr 2020 20:58:08 +0000
Is anyone else still receiving email notifications from the forum?
Phil
#213 Re: Devuan Derivatives » Can live isos be burned to optical media? » 2020-05-26 15:30:44
Boot to single user, give root password,
stop and start eudev is enough.
That just fixes the keyboard and mouse problem, right? Because I just tried it, and sound still isn't working.
Phil
#214 Re: Devuan Derivatives » Can live isos be burned to optical media? » 2020-05-25 18:56:34
Have you done that on the iso that you've created, or on the beowulf rc live-image?
I did it using the ISO file I created. By the way, the Beowulf system I used to create the ISO started out as a Debian Buster standard system (no X). I wanted to see if building a Beowulf live CD/DVD in a slightly different way would yield better results.
Phil
#215 Re: Devuan Derivatives » Can live isos be burned to optical media? » 2020-05-25 16:13:20
That may help with some issues, but it doesn't look like it will help with the no-sound issue (for me, anyway).
Here's why:
# groupadd kvm
groupadd: group 'kvm' already existsPhil
#216 Re: Devuan Derivatives » Can live isos be burned to optical media? » 2020-05-25 13:55:23
I created a Devuan Beowulf ISO using Refractasnapshot. It boots OK in VirtualBox; I haven't tried booting from an actual DVD yet. However, there is no sound. I then checked the Devuan Beowulf system I used to create the ISO, and that has no sound either.
Phil
#217 Re: News & Announcements » Migrating from Buster to Beowulf - feedback needed » 2020-05-23 09:44:51
I migrated a new Debian Buster system to Beowulf, and things went well (for the most part). There is a problem, though. After the desktop appears, there is constant, non-stop disk activity. Running top shows a couple of CPU hogs:
udevd 20 to 30 % CPU
udisksd 14 to 20% CPU
udevd 1 to 2 % CPUBased on a hunch, I uninstalled gvfs and the problem went away.
Phil
#218 Re: News & Announcements » Beowulf Beta is here! » 2020-05-09 20:53:48
I upgraded from ASCII to Beowulf last night, and things did not exactly go well. I'm getting the udev warnings, but that wasn't a complete surprise. When the system boots up, it never switches to framebuffer mode. The worst part is that I can't log in because I get this message on my monitor:
Input Signal Out of Range
Change Settings to 1600x900 - 60HzI can get to the GRUB screen, and I can log in as root using Recovery Mode, so I may be able to fix things (if I knew what to do).
Phil
#219 Re: News & Announcements » Beowulf Beta is here! » 2020-05-07 12:48:38
To get rid of those repeating udev warnings, I tried (and failed) disabling lvm. Made a new snapshot and booted it from DVD. It booted without the repeated warnings. Instead, I got them on shutdown, and whenever it reached the end of the list, it would start over.
I found something that looks like it could be a possible solution (or workaround):
https://bbs.archlinux.org/viewtopic.php … 5#p1867015
The Gentoo wiki page that he linked to seems to have some good info (based on my limited understanding) about this problem.
Phil
#220 Re: Devuan » Please add a hardened kernel by @anthraxx (Levente Polyak) » 2020-05-07 10:01:13
Sure Alpine package integrity is verified before installation, but after files have been installed how to verify them once again say like by
wajig integrity
in Devuan?
You could use something like this:
https://packages.debian.org/stable/fcheck
I think the best way to use this would be to scan the system while it's offline by using a live USB Devuan, with the database also stored on an external drive.
Phil
#221 Re: Devuan Derivatives » Refracta beowulf xfce isos » 2020-05-04 04:05:15
My test results:
1st attempt
===========
Version: refracta10-beta2_xfce_amd64-20200425_1600.iso
Error messages:
WARNING: Device /dev/loop0 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda2 not initialized in udev database even after waiting 10000000 microseconds.
...and so on.I didn't know what to do about it, so I just waited to see what would happen. After a long wait, the boot process eventually "died" and I thought the system had frozen. I pressed the "Enter" key to see if anything would happen, and I was presented with a working command prompt.
2nd attempt
===========
Version: refracta10-beta2_xfce_i386-20200425_1631.iso
As before, error messages:
WARNING: Device /dev/loop0 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda not initialized in udev database even after waiting 10000000 microseconds.I pressed Ctrl-C and the boot process continued. Eventually I was presented with an Xfce desktop. The mouse was unresponsive, so I tried pressing Ctrl-Alt-Delete and Ctrl-Alt-Backspace. Nothing happened. However, the system wasn't totally locked up because the clock was working.
Phil
#222 Re: Devuan Derivatives » Refracta beowulf xfce isos » 2020-04-25 16:35:33
Thank-you.
Get my key if you don't already have it.
$ gpg --recv-keys 094c5620
^^^ This didn't work.
Result:
$ gpg --recv-keys 094c5620
gpg: keyserver receive failed: No nameHowever, this appeared to work:
$ gpg --keyserver hkp://keys.gnupg.net --recv-keys 094c5620
gpg: key A73823D3094C5620: 1 signature not checked due to a missing key
gpg: key A73823D3094C5620: public key "fsmithred (aka fsr) <fsmithred@gmail.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1Phil
#223 Re: Devuan Derivatives » Refracta beowulf xfce isos » 2020-04-24 12:49:34
I looked around quite a bit and didn't see any instructions anywhere on how to verify the downloads using the SHA256SUMS.txt.asc file. Such instructions (or a pointer to where they are located) would be very helpful.
Phil
#224 Re: News & Announcements » Beowulf Beta is here! » 2020-03-19 22:34:17
is it possible to include package
"lsb"which i would need for the printer (epson) drivers.
On Ascii it was possible to install from Debian Jessie the packages; now it seems no more possible.
You could try downloading the package from here and installing it using gdebi, apt, or dpkg:
https://packages.debian.org/jessie/lsb
Phil
#225 Re: Installation » Security Updates for Beowulf not installed automatically » 2020-03-05 18:17:55
Devuan ASCII has the same problem. I encountered it last year.
See: https://dev1galaxy.org/viewtopic.php?pid=14632#p14632
Phil
Board footer
