[Talk] Home Edition security updates

Important informations about SolydXK including releases notes, forum rules and other anouncements
User avatar
zerozero
Posts: 5373
Joined: 10 Feb 2013 23:37
Location: West Midlands, England
Contact:

[Talk] Home Edition security updates

Postby zerozero » 03 Jun 2014 22:36

after updating chromium, can someone please check if

Code: Select all

sudo apt-get install --reinstall pepperflashplugin-nonfree
updates pepperflash as well?

i updated it the way described bellow (only thought about trying to reinstall pepperflashplugin after :P )

if the method above doesn't update flash you need to (as root)

Code: Select all

/usr/sbin/update-pepperflashplugin-nonfree --status
to check the version installed and the version available and if they are different

Code: Select all

/usr/sbin/update-pepperflashplugin-nonfree --install
bliss of ignorance

User avatar
jdhedden
Posts: 106
Joined: 26 Aug 2013 11:34
Location: Gibbstown, NJ
Contact:

Re: Home Edition security updates

Postby jdhedden » 04 Jun 2014 08:35

zerozero wrote:after updating chromium, can someone please check if

Code: Select all

sudo apt-get install --reinstall pepperflashplugin-nonfree
updates pepperflash as well?

i updated it the way described bellow (only thought about trying to reinstall pepperflashplugin after :P )

if the method above doesn't update flash you need to (as root)

Code: Select all

/usr/sbin/update-pepperflashplugin-nonfree --status
to check the version installed and the version available and if they are different

Code: Select all

/usr/sbin/update-pepperflashplugin-nonfree --install
Nothing to update:

Code: Select all

> sudo /usr/sbin/update-pepperflashplugin-nonfree --status
Flash Player version installed on this system  : 13.0.0.214
Flash Player version available on upstream site: 13.0.0.214
I didn't think the reinstall was needed, but tried it anyway. Running the status again afterward gave the same result.
Jerry : SolydX / Siduction / Liquorix Kernel / Dell XPS 8700 / NVIDIA GeForce GT 635

User avatar
grizzler
Posts: 2178
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: Home Edition security updates

Postby grizzler » 05 Jun 2014 19:30

Not an announcement, but I need some feedback and I think this thread is better suited for that than PMs.

Because of this, there's another revision of the 3.14 kernel on the way: 3.14.5-1 has been accepted in Unstable today and as it has 'urgency high' it probably won't be long before it migrates to Testing.
I don't see much activity on the Tracking pages for nvidia or ati card drivers, so I assume they won't need an upgrade as this is basically the same kernel as before with a security fix (correct me if I'm wrong). However, I don't have machines with nvidia or ati cards to test things on, so I can't make sure.

Could I ask some 'fellow security update testers' to temporarily switch to Debian Testing once 3.14.5-1 gets there, install the new kernel binaries and report back before I upload the lot to the security updates repository?

Please let me know if you're in for that.
Frank

SolydX EE 64 - tracking Debian Testing

User avatar
fleabus
Posts: 1227
Joined: 16 Sep 2013 04:24
Location: Winchester, VA USA

Re: Home Edition security updates

Postby fleabus » 05 Jun 2014 20:23

Not seeing it yet; Soon as I see it I'll grab it.

User avatar
zerozero
Posts: 5373
Joined: 10 Feb 2013 23:37
Location: West Midlands, England
Contact:

Re: Home Edition security updates

Postby zerozero » 05 Jun 2014 23:43

amd/ati will be covered as well.
bliss of ignorance

User avatar
fleabus
Posts: 1227
Joined: 16 Sep 2013 04:24
Location: Winchester, VA USA

Re: Home Edition security updates

Postby fleabus » 06 Jun 2014 07:29

Got the kernel from Sid, Ok so far, with 3.14.5-1 running in K64 Home... Will let you know if It causes trouble. No experience with kfreebsd...

Code: Select all

fleabus@dv7-1270us ~ $ uname -a
Linux dv7-1270us 3.14-1-amd64 #1 SMP Debian 3.14.5-1 (2014-06-05) x86_64 GNU/Linux
fleabus@dv7-1270us ~ $ inxi -SGxxx
System:    Host: dv7-1270us Kernel: 3.14-1-amd64 x86_64 (64 bit, gcc: 4.8.2) 
           Desktop: KDE 4.12.4 (Qt 4.8.6) info: plasma-desktop dm: kdm Distro: SolydXK 1 testing
Graphics:  Card: NVIDIA G96M [GeForce 9600M GT] bus-ID: 01:00.0 chip-ID: 10de:0649 
           X.Org: 1.15.0 driver: nvidia Resolution: 1920x1080@60.0hz 
           GLX Renderer: GeForce 9600M GT/PCIe/SSE2 GLX Version: 3.3.0 NVIDIA 331.67 Direct Rendering: Yes
fleabus@dv7-1270us ~ $ 
Edit: Ok so far in X64 Home as well.

Used my production partitions for this.
A judgment call based on the urgent status... :mrgreen: :oops:

User avatar
zerozero
Posts: 5373
Joined: 10 Feb 2013 23:37
Location: West Midlands, England
Contact:

Re: Home Edition security updates

Postby zerozero » 06 Jun 2014 09:41

grizzler wrote:
I had planned to handle libav ... and php5 ... as well, but they require 'additional investigation'. Some libav binaries appear to have higher numbered versions in the multimedia repository and the most recent non beta php5 update doesn't fix all the vulnerabilities, so I'm not sure which one to pick...
everything that involves upload deb-multimedia's packages might be very tricky due to the use of epochs in the version numbering.
bliss of ignorance

User avatar
Arjen Balfoort
Site Admin
Posts: 9311
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Re: Home Edition security updates

Postby Arjen Balfoort » 06 Jun 2014 10:18

...which is the reason why I removed deb-multimedia from the business editions.
Risk of breakage is rather high when it concerns deb-multimedia.
According to the KISS philosophy: when in doubt, don't do it.


SolydXK needs you!
Development | Testing | Translations

User avatar
grizzler
Posts: 2178
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: Home Edition security updates

Postby grizzler » 06 Jun 2014 10:24

@fleabus,

Thanks for that. So it looks like 3.14.5-1 won't cause nvidia problems.

@zerozero & schoelje,

The set with the security updates is the default Debian one, going from 6:9.11-3 to 6:10.1-1. However most of the binaries are (also) part of a multimedia set, version 10:2.1.4-dmo1. They obviously used the epoch to keep those ahead of the others.

Anyway, it looks like uploading the fixed set won't cause any problems as such, because the multimedia one will continue to overrule it. I just wonder whether a 2.1.4 is really worth keeping over a 10.1-1. But I must admit I have no idea why this particular construction was used. For all I know, there may be a very good reason not to use the default set.

Edit: actually, after reading a bit here and there (and elsewhere) I'm seriously thinking about removing the multimedia repo from my sources.list. But that's just me, of course...
Frank

SolydX EE 64 - tracking Debian Testing

User avatar
zerozero
Posts: 5373
Joined: 10 Feb 2013 23:37
Location: West Midlands, England
Contact:

Re: Home Edition security updates

Postby zerozero » 06 Jun 2014 10:53

grizzler wrote:
Edit: actually, after reading a bit here and there (and here...) I'm seriously thinking about removing the multimedia repo from my sources.list. But that's just me, of course...
we tried this (or at least thought about it several times but the task is not easy (for the distribution, it's maybe easier to manage for an install);
you need to be aware of possible version discrepancy in future updates that might take the update down.

===
as for this specif situation i see that libav/ffmpeg was also updated in deb-multimedia
http://www.deb-multimedia.org/lurker/me ... 0c.en.html
(2.2.3 is sid's version but http://www.deb-multimedia.org/dists/tes ... ibav-tools 2.2.2 is in testing)
is (AFAIK) a messy task :evil:
bliss of ignorance

User avatar
grizzler
Posts: 2178
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: Home Edition security updates

Postby grizzler » 06 Jun 2014 11:05

Makes you wonder why they keep this mess going...

I'll have to subscribe to Marillat's mailing list as well to keep an eye on what's happening there (must admit I completely forgot about multimedia until I saw it turn up with the libav set...).
Frank

SolydX EE 64 - tracking Debian Testing

User avatar
grizzler
Posts: 2178
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: Home Edition security updates

Postby grizzler » 06 Jun 2014 13:19

grizzler wrote:Anyway, it looks like uploading the fixed set won't cause any problems as such
Spoke too soon. Dependency mess again: one of the new libav binaries causes the removal of loads of other packages (gimp and vlc, amongst others). No time to investigate that now, unfortunately.
Frank

SolydX EE 64 - tracking Debian Testing

kurotsugi
Posts: 2236
Joined: 09 Jan 2014 00:17

Re: Home Edition security updates

Postby kurotsugi » 06 Jun 2014 21:02

correct me if I'm wrong but AFAIK there's three main point differences between native debian and deb-multimedia.
- deb multimedia is using ffmpeg instead of libav-tools
- deb multimedia have lots more codec in 'libavcodec-xx' package. debian split these codec into 'libavcodec-xx-extra'
- newer multimedia packages.

as for the safe method for migrating into debian's native repo, I used /etc/apt/preferences trick safely get rid all of my deb-multimedia package

Code: Select all

Package: *
Pin: origin <debian's repo address>
Pin-Priority: 1001
pin priority bigger than 1000 will force all package downgraded to selected repo. aptitude won't work but we can execute it via 'apt-get dist-upgrade'. after migrating to debian's native repo there'll be some leftover package (they were needed to install some package in deb-multimedia but we don't need them anymore). we can clean them by:
- delete deb-multimedia entry from /etc/apt/sources.list
- run sudo apt-get update
- open aptitude
- go to obsolete and locally created package section
- uninstall packages in this section.

we can also use deborphan but it will remove other packages.

User avatar
zerozero
Posts: 5373
Joined: 10 Feb 2013 23:37
Location: West Midlands, England
Contact:

Re: Home Edition security updates

Postby zerozero » 06 Jun 2014 22:44

kurotsugi wrote:correct me if I'm wrong but AFAIK there's three main point differences between native debian and deb-multimedia.
- deb multimedia is using ffmpeg instead of libav-tools
- deb multimedia have lots more codec in 'libavcodec-xx' package. debian split these codec into 'libavcodec-xx-extra'
- newer multimedia packages.

as for the safe method for migrating into debian's native repo, I used /etc/apt/preferences trick safely get rid all of my deb-multimedia package

Code: Select all

Package: *
Pin: origin <debian's repo address>
Pin-Priority: 1001
pin priority bigger than 1000 will force all package downgraded to selected repo. aptitude won't work but we can execute it via 'apt-get dist-upgrade'. after migrating to debian's native repo there'll be some leftover package (they were needed to install some package in deb-multimedia but we don't need them anymore). we can clean them by:
- delete deb-multimedia entry from /etc/apt/sources.list
- run sudo apt-get update
- open aptitude
- go to obsolete and locally created package section
- uninstall packages in this section.

we can also use deborphan but it will remove other packages.
zerozero wrote:[...]
but the task is not easy (for the distribution, it's maybe easier to manage for an install);
you need to be aware of possible version discrepancy in future updates that might take the update down.
[...]
thanks for confirming :)
bliss of ignorance

User avatar
grizzler
Posts: 2178
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: Home Edition security updates

Postby grizzler » 07 Jun 2014 05:53

While it may be a good idea to get rid of the multimedia repository, that is not what providing these security updates is about...

I have now confirmed that the problems with one of the binaries from Debian's own libav are nothing new. The reason this came up is the way I test things: I don't just try to upgrade the packages that are currently installed on my testing setup, I also try to install new binaries which aren't installed. This doesn't work with one of them (libavcodec-extra-55), for obvious reasons: it's the one that provides the same main functionality as a deb-multimedia binary. Try to install the previous version (libavcodec-extra-54) on my main setup and the same thing happens. So essentially, providing the libav update doesn't change anything and my original observation was correct after all.
Frank

SolydX EE 64 - tracking Debian Testing

User avatar
Arjen Balfoort
Site Admin
Posts: 9311
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Re: Home Edition security updates

Postby Arjen Balfoort » 07 Jun 2014 06:17

Is it safe to conclude (to keep things simple), that as long as we depend on deb-multimedia, the deb-multimedia overrule any Debian updates, and that it is therefor unnecessary to update those Debian packages?


SolydXK needs you!
Development | Testing | Translations

kurotsugi
Posts: 2236
Joined: 09 Jan 2014 00:17

Re: Home Edition security updates

Postby kurotsugi » 07 Jun 2014 06:35

While it may be a good idea to get rid of the multimedia repository, that is not what providing these security updates is about...
since our case is related with libavcodec-xx package we need to decide whether if we'll continue using deb-multimedia or not. we can't use debian's patch until we get rid all deb-multimedia packages. our option is:
1. continue using deb-multimedia.
(+) less work to do
(-) we can't apply debian's patch related to libav/ffmpeg to our system. we're forced to skip this libav patch.
(-) we need to rely on deb-multimedia patch for our system's security
2. stop using deb-multimedia.
(+) we can apply all debian's patch.
(-) we lose ffmpeg and some propietary dvd codecs
(-) more work to do. we need to replace libavcodec-xx with libavcodec-extra-xx and install libav-tools to get the missing codecs.
Is it safe to conclude (to keep things simple), that as long as we depend on deb-multimedia, the deb-multimedia overrule any Debian updates, and that it is therefor unnecessary to update those Debian packages?
AFAIK it only overrule the patch related with multimedia stuffs, especially on the codecs. if we trust deb-multimedia maintainer and he also apply the security patch into his packages then I see nothing wrong to keep deb-multimedia on our system.

User avatar
grizzler
Posts: 2178
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: Home Edition security updates

Postby grizzler » 07 Jun 2014 06:41

Schoelje wrote:Is it safe to conclude (to keep things simple), that as long as we depend on deb-multimedia, the deb-multimedia overrule any Debian updates, and that it is therefor unnecessary to update those Debian packages?
There are 19 binaries, 12 of those are overruled by deb-multimedia, which leaves 7 'originals', including the one that cannot be installed without breaking things.

I'm not entirely sure yet, but I think the recent fix was in one of the packages also provided by deb-multimedia (they also have a recent update in the works, as zerozero pointed out yesterday - I haven't had the time to really check that one out yet...).

Edit: on my main system this update does precisely nothing. So with just that in mind I'd say: skip it. But others might have the docs installed, to mention just one binary that would be updated...
Frank

SolydX EE 64 - tracking Debian Testing

User avatar
grizzler
Posts: 2178
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: Home Edition security updates

Postby grizzler » 07 Jun 2014 06:45

kurotsugi wrote:we can't use debian's patch until we get rid all deb-multimedia packages.
Providing the new update doesn't change things with regard to the libavcodec-extraXX binary. The current situation is no different. You can't install the current one either.
Frank

SolydX EE 64 - tracking Debian Testing

User avatar
zerozero
Posts: 5373
Joined: 10 Feb 2013 23:37
Location: West Midlands, England
Contact:

Re: [Talk] Home Edition security updates

Postby zerozero » 07 Jun 2014 12:00

bliss of ignorance


Return to “News & Anouncements”

Who is online

Users browsing this forum: No registered users and 1 guest