[Talk] Home Edition security updates

Important informations about SolydXK including releases notes, forum rules and other anouncements
User avatar
grizzler
Posts: 2180
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: [Talk] Home Edition security updates

Postby grizzler » 14 Dec 2014 07:01

fleabus wrote:It's working fine with the (slightly) older production version nvidia driver:
Thanks. That's what I was concerned about. I think I'll upload the update around noon (UTC) today.
Frank

SolydX EE 64 - tracking Debian Testing

User avatar
Snap
Posts: 1244
Joined: 25 Aug 2013 20:01
Location: Spain

Re: [Talk] Home Edition security updates

Postby Snap » 14 Dec 2014 09:24

Cool, go ahead!

... and I'll cross my fingers for the next update. :?
This likely means that your installation is broken. -Mr Pixbuf.

Image

kurotsugi
Posts: 2240
Joined: 09 Jan 2014 00:17

Re: [Talk] Home Edition security updates

Postby kurotsugi » 01 Jan 2015 20:07

there's a super annoying bug in xscreensaver as reported here http://forums.solydxk.nl/viewtopic.php? ... 719#p49719 can we include xscreensaver as security updates? TIA.

User avatar
grizzler
Posts: 2180
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: [Talk] Home Edition security updates

Postby grizzler » 01 Jan 2015 20:17

Yes, I noticed that one and I'd been thinking about pushing xscreensaver 5.30. Haven't gotten round to it yet, though (I'm currently a bit busy breaking the suggested BE to Jessie upgrade method...). I'll try to do this later tonight.
Frank

SolydX EE 64 - tracking Debian Testing

User avatar
grizzler
Posts: 2180
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: [Talk] Home Edition security updates

Postby grizzler » 01 Jan 2015 20:44

Bloody libjpeg62-turbo dependency messes things up again. :evil:

Can't update the entire set. I'll have to check if updating just the main binary works. If I upload the packages that depend on libjpeg62-turbo, every SolydX user will have an unresolvable updatemanager warning until the end of January.

What's worse?

Edit 22:11 CET
It seems to work, but I can't check every possible combination. People may need to go back to 5.26 if they experience problems.
I'll do the upload in time for the next server update (which is in about 50 minutes).
Frank

SolydX EE 64 - tracking Debian Testing

kurotsugi
Posts: 2240
Joined: 09 Jan 2014 00:17

Re: [Talk] Home Edition security updates

Postby kurotsugi » 01 Jan 2015 21:17

libjpeg-turbo was in 'recommend' section so I think it shall be safe.

EDIT: great. thanks :3

User avatar
Zill
Posts: 1850
Joined: 13 Aug 2013 14:28
Location: Lincolnshire, UK

Re: [Talk] Home Edition security updates

Postby Zill » 02 Jan 2015 11:54

Upgrading xscreensaver:i386 from 5.26-1 to 5.30-1+b1 worked for me. :-)

Many thanks to kurotsugi and grizzler for their prompt action.

dave hartley
Posts: 28
Joined: 08 Aug 2013 21:16

Re: [Talk] Home Edition security updates

Postby dave hartley » 04 Jan 2015 23:48

hi,

applied the updates in UM and I'm afraid one of the changes installed libavcodec-extra-56:i386 (11-1) which entailed removing a large number of packages and broke VLC (conceivably amongst other things I haven't spotted) .

Tad annoying since I was about to use VLC :(

Solydx on a Revo L80.

From /var/log/apt/history.log

Code: Select all

Start-Date: 2015-01-04  21:36:02
Commandline: apt-get install --reinstall --assume-yes -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold --force-yes libavformat55
Reinstall: libavformat55:i386 (2.3.3-dmo3)
End-Date: 2015-01-04  21:36:13

Start-Date: 2015-01-04  21:36:16
Commandline: apt-get install --assume-yes -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold --force-yes libavcodec-extra-56
Install: libavcodec-extra-56:i386 (11-1)
Remove: libffmpegthumbnailer4:i386 (2.0.8-dmo4), libkcddb4:i386 (4.14.0-1), libplasma3:i386 (4.14.1-1), libopencv-contrib2.4:i386 (2.4.9.1+dfsg-1), libkemoticons4:i386 (4.14.1-1), kdelibs-bin:i386 (4.14.1-1), katepart:i386 (4.14.1-1), libk3b6-extracodecs:i386 (2.0.2-7.1), libchromaprint0:i386 (1.2-dmo2), libkde3support4:i386 (4.14.1-1), plasma-scriptengine-javascript:i386 (4.14.1-1), kde-runtime:i386 (4.14.1-1), tumbler-plugins-extra:i386 (0.1.30-1), libknewstuff3-4:i386 (4.14.1-1), gimp:i386 (2.8.14-1), libopencv-objdetect2.4:i386 (2.4.9.1+dfsg-1), libkparts4:i386 (4.14.1-1), phonon-backend-vlc:i386 (0.8.0-dmo2), libkdewebkit5:i386 (4.14.1-1), browser-plugin-vlc:i386 (2.0.6-4), libopencv-calib3d2.4:i386 (2.4.9.1+dfsg-1), audacious-plugins:i386 (3.5.1-dmo3), audacious:i386 (3.5.1-dmo1), libkhtml5:i386 (4.14.1-1), phonon:i386 (4.8.0-1), libkfile4:i386 (4.14.1-1), libknotifyconfig4:i386 (4.14.1-1), libopencv-legacy2.4:i386 (2.4.9.1+dfsg-1), libkcompactdisc4:i386 (4.12.4-0r0+b8), libktexteditor4:i386 (4.14.1-1), kdoctools:i386 (4.14.1-1), libkio5:i386 (4.14.1-1), libkmediaplayer4:i386 (4.14.1-1), python-opencv:i386 (2.4.9.1+dfsg-1), libopencv-features2d2.4:i386 (2.4.9.1+dfsg-1), libstreamanalyzer0:i386 (0.7.8-1.2+b2), libkatepartinterfaces4:i386 (4.14.1-1), libgegl-0.2-0:i386 (0.2.0-dmo4), vlc-plugin-notify:i386 (2.2.0~pre3-dmo3), libkactivities-models1:i386 (4.13.3-1), libkxmlrpcclient4:i386 (4.14.1-1), libopencv-highgui2.4:i386 (2.4.9.1+dfsg-1), vlc:i386 (2.2.0~pre3-dmo3), k3b:i386 (2.0.2-7.1), libavformat56:i386 (2.4.1-dmo1), kdelibs5-plugins:i386 (4.14.1-1), libk3b6:i386 (2.0.2-7.1), libavcodec56:i386 (2.4.1-dmo1), libkactivities-bin:i386 (4.13.3-1), nepomuk-core-runtime:i386 (4.14.0-1+b2), vlc-nox:i386 (2.2.0~pre3-dmo3)
End-Date: 2015-01-04  21:37:06

Start-Date: 2015-01-04  21:37:13
Commandline: apt-get --assume-yes -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold --force-yes dist-upgrade
Upgrade: ddm:i386 (1.0.8, 1.9.0), lightdm-manager:i386 (0.6.7, 0.6.8), xscreensaver:i386 (5.26-1, 5.30-1+b1), usermanager:i386 (0.6.8, 0.6.9), sambashare:i386 (0.6.5, 0.6.6)
End-Date: 2015-01-04  21:37:28
Following which VLC had effectively been killed and declined to be reinstalled.

Code: Select all

apt-get install vlc

Code: Select all

Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 vlc : Depends: vlc-nox (= 1:2.2.0~pre3-dmo3) but it is not going to be installed
       Depends: libavcodec56 (>= 10:2.4.1) but it is not going to be installed
       Recommends: vlc-plugin-notify (= 1:2.2.0~pre3-dmo3) but it is not going to be installed
Looking at the information page for libavcodec-extra-56:i386 (11-1) in synaptic I note it says it also breaks mplayer.

Using Synaptic I uninstalled libavcodec-extra-56:i386 (11-1) which automatically reinstalled an older version.

Code: Select all

Removed the following packages:
libavcodec-extra-56

Installed the following packages:
libavcodec56 (10:2.4.1-dmo1)
VLC then reinstalled

Code: Select all

Installed the following packages:
libavformat56 (10:2.4.1-dmo1)
libchromaprint0 (1.2-dmo2)
vlc (1:2.2.0~pre3-dmo3)
vlc-nox (1:2.2.0~pre3-dmo3)
vlc-plugin-notify (1:2.2.0~pre3-dmo3)
Little baffled as to which of the updates triggered this unwelcome change. Nonetheless I don't think libavcodec-extra-56:i386 (11-1) itself is quite ready for prime time.

Apologies for the length of this - if there's anything else I can tell you let me know.

kurotsugi
Posts: 2240
Joined: 09 Jan 2014 00:17

Re: [Talk] Home Edition security updates

Postby kurotsugi » 05 Jan 2015 02:34

Little baffled as to which of the updates triggered this unwelcome change. Nonetheless I don't think libavcodec-extra-56:i386 (11-1) itself is quite ready for prime time.
your system broke because you enabled DMO repo. several months ago we decided to remove ffmpeg, disable that repo and use debians codec (libavcodec-extra-XX). DMO repo is still maintained on solydxk but you need to remember that they didn't got security updates and at some point might broke.

User avatar
grizzler
Posts: 2180
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: [Talk] Home Edition security updates

Postby grizzler » 05 Jan 2015 07:20

dave hartley wrote:Little baffled as to which of the updates triggered this unwelcome change.
Not one of the recent security updates, as far as I can tell. There hasn't been one to do with codecs for ages. As kurotsugi mentioned, it's probably DMO related.

Edit
I just noticed libavcodec-extra-56 11.1-1 has just become available in Debian's Testing repository, so this is indeed a DMO versus Debian Jessie/Testing issue. If your system is tracking Debian Jessie or Testing directly, we can't block problematic updates for you.

This belongs in the Breakages and News tracking Debian Testing thread rather than here.
Frank

SolydX EE 64 - tracking Debian Testing

User avatar
grizzler
Posts: 2180
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: [Talk] Home Edition security updates

Postby grizzler » 05 Jan 2015 07:56

kurotsugi wrote:your system broke because you enabled DMO repo
Actually, this looks more like a system without that repo but with most dmo packages still in place. There was a procedure to remove both the repo and the packages (reinstalling the Debian versions at the same time) which resulted in a 'clean' system with only a few missing items (I'll add details later - have to go now...). Removing only the repo will eventually cause a mess like this.
Frank

SolydX EE 64 - tracking Debian Testing

kurotsugi
Posts: 2240
Joined: 09 Jan 2014 00:17

Re: [Talk] Home Edition security updates

Postby kurotsugi » 05 Jan 2015 08:49

Removing only the repo will eventually cause a mess like this.
I think that's not our case. the probability is he missed our announcement and still have DMO repo. when he reinstall vlc, these packages got installed

Code: Select all

Installed the following packages:
libavformat56 (10:2.4.1-dmo1)
libchromaprint0 (1.2-dmo2)
vlc (1:2.2.0~pre3-dmo3)
vlc-nox (1:2.2.0~pre3-dmo3)
vlc-plugin-notify (1:2.2.0~pre3-dmo3)
the version number shows that he pull the packages from DMO so it means that he still have it enabled.

when we migrated into debian codecs we got no fail report so your scripts seems work just fine. he probably manually add DMO repo because he need something from there or missed our announcement and do manual update via terminal. I'm actually curious about this part

Code: Select all

Start-Date: 2015-01-04  21:36:16
Commandline: apt-get install --assume-yes -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold --force-yes libavcodec-extra-56
Install: libavcodec-extra-56:i386 (11-1)
the command used here is obviously not issued manually by user. I don't know "what" did this but it's clear that "it" will broke all system with DMO enabled. thankfully most of our user have migrated into debian codec so they won't get affected. however, we might need to investigate this problem further to avoid complains from DMO user.

dave hartley
Posts: 28
Joined: 08 Aug 2013 21:16

Re: [Talk] Home Edition security updates

Postby dave hartley » 05 Jan 2015 09:25

Many thanks for your replies
kurotsugi wrote:your system broke because you enabled DMO repo. several months ago we decided to remove ffmpeg, disable that repo and use debians codec (libavcodec-extra-XX). DMO repo is still maintained on solydxk but you need to remember that they didn't got security updates and at some point might broke.
My installation predates the decision to remove debian.solydxk.nl/production/multimedia from future ISO's, so more exactly I didn't remove it.
grizzler wrote:Edit
I just noticed libavcodec-extra-56 11.1-1 has just become available in Debian's Testing repository, so this is indeed a DMO versus Debian Jessie/Testing issue. If your system is tracking Debian Jessie or Testing directly, we can't block problematic updates for you.
I'm not tracking Debian directly - aside from keeping the debian.solydxk.nl/production/multimedia repo my sources list is that recommended for the Home Edition. The updates were applied via Update Manager (had I seen a list of the proposed removals in advance I wouldn't have applied them :) )

libavcodec-extra-56 version 6.11-1 is available on both machines I'm running Solydxk on but not yet libavcodec-extra-56 11.1-1.

This evidently relates to the multimedia repo and presumably the libavcodec issue in Debian. Hmm that gives me something to think about more generally.

Anyhow as you say it doesn't seem to be directly related to the security updates themselves and my apologies for raising it here.

User avatar
Arjen Balfoort
Site Admin
Posts: 9337
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Re: [Talk] Home Edition security updates

Postby Arjen Balfoort » 05 Jan 2015 09:49

There is a maintenance section in the Update Manager (you need to enable it in the preferences).
If you remove the dmo repository, you can use that to downgrade any existing packages after which you can remove not available packages.
Be sure you made an image of your system before you do so.


SolydXK needs you!
Development | Testing | Translations

User avatar
grizzler
Posts: 2180
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: [Talk] Home Edition security updates

Postby grizzler » 05 Jan 2015 09:51

@Dave,

The libav packages version 6:11-1 entered Debian Testing in September 2014, so they're part of the October update pack. Does that mean you hadn't applied that update until recently?

What does your sources.list look like exactly? It looks like there's a serious mixup here, because a setup with DMO shouldn't have any libavcodec-extra packages installed at all. In fact, as soon as I try to install one (on the SolydX64 VM with DMO) I get the usual error message about dependencies. So having this creep in unnoticed is almost impossible (unless the updatemanager is doing something it shouldn't...).
Frank

SolydX EE 64 - tracking Debian Testing

User avatar
grizzler
Posts: 2180
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: [Talk] Home Edition security updates

Postby grizzler » 05 Jan 2015 09:53

kurotsugi wrote: I'm actually curious about this part

Code: Select all

Start-Date: 2015-01-04  21:36:16
Commandline: apt-get install --assume-yes -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold --force-yes libavcodec-extra-56
Install: libavcodec-extra-56:i386 (11-1)
the command used here is obviously not issued manually by user. I don't know "what" did this but it's clear that "it" will broke all system with DMO enabled. thankfully most of our user have migrated into debian codec so they won't get affected. however, we might need to investigate this problem further to avoid complains from DMO user.
Yes, I was wondering about that one as well. It looks like an updatemanager action, but why would the updatemanager install a libavcodec-extra on a DMO setup?
Frank

SolydX EE 64 - tracking Debian Testing

dave hartley
Posts: 28
Joined: 08 Aug 2013 21:16

Re: [Talk] Home Edition security updates

Postby dave hartley » 05 Jan 2015 10:26

grizzler wrote:@Dave,

The libav packages version 6:11-1 entered Debian Testing in September 2014, so they're part of the October update pack. Does that mean you hadn't applied that update until recently?
Applied the October update in December (Hadn't used this machine for some months). Didn't notice any issues with the update and I've been using VLC daily since then.
What does your sources.list look like exactly? It looks like there's a serious mixup here, because a setup with DMO shouldn't have any libavcodec-extra packages installed at all. In fact, as soon as I try to install one (on the SolydX64 VM with DMO) I get the usual error message about dependencies. So having this creep in unnoticed is almost impossible (unless the updatemanager is doing something it shouldn't...).

Code: Select all

deb http://home.solydxk.com/production/ solydxk main upstream import
deb http://debian.solydxk.com/production testing main contrib non-free
deb http://debian.solydxk.com/security testing/updates main contrib non-free
deb http://community.solydxk.com/production/ solydxk main
deb http://debian.solydxk.com/production/multimedia testing main non-free
(I'm using the 32-bit edition).

kurotsugi
Posts: 2240
Joined: 09 Jan 2014 00:17

Re: [Talk] Home Edition security updates

Postby kurotsugi » 05 Jan 2015 10:26

The updates were applied via Update Manager
it means that the update manager is the culprit.

the root of your problem is the epic battle libav vs ffmpeg on debian. debian is using libav but DMO is using ffmpeg. all DMO packages depends on ffmpeg to work (you'll need to install libavcodec-XX dmo version). libavcodec-extra-XX is part of debian, thus, it contain libav. if you're using DMO then you mustn't install libavcodec-extra-XX at all cost. however, for unknown reason UM issued a command to install libavcodec-extra-XX and broke your system.

the easiest solution would be avoid using UM until we solve the issue. else, you can try to use apt-pinning and give libavcodec-extra-XX (-1) priority so that it never installed into your system.

anyway, vlc isn't the only thing broke on your system. you'll need to reinstall these packages to revert it to the previous states

Code: Select all

libffmpegthumbnailer4:i386 (2.0.8-dmo4), libkcddb4:i386 (4.14.0-1), libplasma3:i386 (4.14.1-1), libopencv-contrib2.4:i386 (2.4.9.1+dfsg-1), libkemoticons4:i386 (4.14.1-1), kdelibs-bin:i386 (4.14.1-1), katepart:i386 (4.14.1-1), libk3b6-extracodecs:i386 (2.0.2-7.1), libchromaprint0:i386 (1.2-dmo2), libkde3support4:i386 (4.14.1-1), plasma-scriptengine-javascript:i386 (4.14.1-1), kde-runtime:i386 (4.14.1-1), tumbler-plugins-extra:i386 (0.1.30-1), libknewstuff3-4:i386 (4.14.1-1), gimp:i386 (2.8.14-1), libopencv-objdetect2.4:i386 (2.4.9.1+dfsg-1), libkparts4:i386 (4.14.1-1), phonon-backend-vlc:i386 (0.8.0-dmo2), libkdewebkit5:i386 (4.14.1-1), browser-plugin-vlc:i386 (2.0.6-4), libopencv-calib3d2.4:i386 (2.4.9.1+dfsg-1), audacious-plugins:i386 (3.5.1-dmo3), audacious:i386 (3.5.1-dmo1), libkhtml5:i386 (4.14.1-1), phonon:i386 (4.8.0-1), libkfile4:i386 (4.14.1-1), libknotifyconfig4:i386 (4.14.1-1), libopencv-legacy2.4:i386 (2.4.9.1+dfsg-1), libkcompactdisc4:i386 (4.12.4-0r0+b8), libktexteditor4:i386 (4.14.1-1), kdoctools:i386 (4.14.1-1), libkio5:i386 (4.14.1-1), libkmediaplayer4:i386 (4.14.1-1), python-opencv:i386 (2.4.9.1+dfsg-1), libopencv-features2d2.4:i386 (2.4.9.1+dfsg-1), libstreamanalyzer0:i386 (0.7.8-1.2+b2), libkatepartinterfaces4:i386 (4.14.1-1), libgegl-0.2-0:i386 (0.2.0-dmo4), vlc-plugin-notify:i386 (2.2.0~pre3-dmo3), libkactivities-models1:i386 (4.13.3-1), libkxmlrpcclient4:i386 (4.14.1-1), libopencv-highgui2.4:i386 (2.4.9.1+dfsg-1), vlc:i386 (2.2.0~pre3-dmo3), k3b:i386 (2.0.2-7.1), libavformat56:i386 (2.4.1-dmo1), kdelibs5-plugins:i386 (4.14.1-1), libk3b6:i386 (2.0.2-7.1), libavcodec56:i386 (2.4.1-dmo1), libkactivities-bin:i386 (4.13.3-1), nepomuk-core-runtime:i386 (4.14.0-1+b2), vlc-nox:i386 (2.2.0~pre3-dmo3)
Yes, I was wondering about that one as well.
if we look into the logs,

Code: Select all

Start-Date: 2015-01-04  21:36:02
Commandline: apt-get install --reinstall --assume-yes -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold --force-yes libavformat55

Start-Date: 2015-01-04  21:36:16
Commandline: apt-get install --assume-yes -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold --force-yes libavcodec-extra-56
the small gap between 1st and 2nd command means that it was done by a kind of script (probably solydfixes. it tried to remove DMO but failed. the probabilities are: dave might accidentally use maintainance tool on UM to remove DMO or the UM have a problem and executed solydxkfixes.

Code: Select all

Start-Date: 2015-01-04  21:37:13
Commandline: apt-get --assume-yes -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold --force-yes dist-upgrade
Upgrade: ddm:i386 (1.0.8, 1.9.0), lightdm-manager:i386 (0.6.7, 0.6.8), xscreensaver:i386 (5.26-1, 5.30-1+b1), usermanager:i386 (0.6.8, 0.6.9), sambashare:i386 (0.6.5, 0.6.6)
there's a big gap between 2nd and 3rd command so I think that the script accidentally executed by user, not UM.

User avatar
grizzler
Posts: 2180
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: [Talk] Home Edition security updates

Postby grizzler » 05 Jan 2015 10:45

No recent update of the solydfixes script has been made available anywhere (I'm still working on it...), so anyone running the current version would see it try to install libavcodec-extra-55 (not 56) if it was used to attempt DMO removal. Besides, the apt-get command line for that particular action doesn't look like the one listed here (there are more dpkg options) and there would be a different action immediately preceding it (not the single libavformat reinstall as seen here). So I don't think solydfixes is involved. Other than that, I'm totally lost on what's going on here... :?:
Frank

SolydX EE 64 - tracking Debian Testing

User avatar
grizzler
Posts: 2180
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: [Talk] Home Edition security updates

Postby grizzler » 05 Jan 2015 10:52

dave hartley wrote:

Code: Select all

deb http://home.solydxk.com/production/ solydxk main upstream import
deb http://debian.solydxk.com/production testing main contrib non-free
deb http://debian.solydxk.com/security testing/updates main contrib non-free
deb http://community.solydxk.com/production/ solydxk main
deb http://debian.solydxk.com/production/multimedia testing main non-free
Looks OK.

Weird. I'm afraid I have no idea who or what dragged in that libavcodec-extra. It just shouldn't be there on a system with DMO enabled.
Frank

SolydX EE 64 - tracking Debian Testing


Return to “News & Anouncements”

Who is online

Users browsing this forum: No registered users and 1 guest