kitty | Morning | 10:41 |
---|---|---|
kitty | https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt | 10:41 |
kitty | anyone know if this effects the kernel in Devuan? | 10:41 |
kitty | I'm guessing the systemd related vulnerability at the bottom is just a giggle point for us ? | 10:42 |
Hurgotron | I'm quite sure it affects Devuan, since it seems to affect every Linux kernel younger than 2014. | 10:45 |
kitty | is 4.19.0-17 fixing it ? | 10:46 |
Hurgotron | kitty: 4.19.194-3 fixes it, as of today. | 10:51 |
kitty | apt-get dist-upgrade gives me 4.19.0-17 | 10:51 |
Hurgotron | kitty: dpkg -l | grep linux-image-4.19.0-17 | 10:52 |
Hurgotron | ii linux-image-4.19.0-17-amd64 4.19.194-3 amd64 Linux 4.19 for 64-bit PCs (signed) | 10:52 |
Hurgotron | look at the second number | 10:52 |
kitty | ahah! | 10:52 |
Hurgotron | It's also in uname -a, in case you're unsure about the active image | 10:53 |
kitty | Linux Pratchett 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 GNU/Linux | 10:55 |
Hurgotron | well that could be more recent in any case :) | 10:55 |
kitty | it's only one version off | 10:56 |
kitty | Linux Tardos 4.19.0-17-amd64 #1 SMP Debian 4.19.194-3 (2021-07-18) x86_64 GNU/Linux | 10:56 |
Hurgotron | Patchlevel matters | 10:56 |
Hurgotron | in general, if you find the CVE in /usr/share/doc/linux-image-4.19.0-17-amd64/changelog.gz the issue is addressed. Otherwise not | 10:57 |
kitty | ahah, that's where it is | 10:58 |
Hurgotron | meh, had to force apt to ipv4 to get the updates. Packages missing on some ipv6 server(s) | 11:06 |
onefang | Might just be being slow updating. Which mirrors? | 11:08 |
Hurgotron | 404 Not Found [IP: 2001:878:346::116 80] | 11:09 |
kitty | yeah, I got 404's on some mirrors too | 11:11 |
kitty | retried, picked up another mirror, worked fine | 11:11 |
kitty | had this on a couple of machiens | 11:11 |
Hurgotron | slow updates, likely. | 11:12 |
Hurgotron | giving -o Acquire::ForceIPv4=true as an apt option worked for me | 11:12 |
onefang | mirrors.dotsrc.org, hasn't completed the latest round of updates yet. It's still within it's update window though. | 11:13 |
Hurgotron | gotcha, thanks | 11:13 |
Hurgotron | hmm, unrelated: I just noticed that I can't directly read gzip'd text files with less anymore. I think "lesspipe" gave me that fuctionality but that package doesn't seem to be available. Has it been replaced? | 11:16 |
rrq | don't know; I use zless | 11:22 |
Hurgotron | lesspipe could also read pdf on the commandline (well the text parts), and other stuff | 11:23 |
Hurgotron | I could imagine it was removed due to security concerns, after all, it was a shell filter with format autodetection and I can see all kinds of things groing wrong with it | 11:23 |
Hurgotron | But I can't find any info offhand | 11:24 |
rrq | seems like beowulf-backports' less package has moved its binaries into /usr/bin | 11:25 |
rrq | probably part of debians merged-usr nonsense | 11:26 |
rodr | I installed beowulf with mate desktop and lightdm fails to start | 12:27 |
rodr | how to solve it? | 12:27 |
fsmithred | rodr, maybe run 'dpkg-reconfigure lightdm' | 12:28 |
fsmithred | does startx work? | 12:29 |
rodr | the dpkg- did not anything | 12:31 |
rodr | startx fails with "cannot run in framebuffer mode" | 12:32 |
fsmithred | is it amd hardware? some systems need firmware-amd-graphics to work | 12:40 |
fsmithred | I'm not very good with diagnosing xorg problems. See /var/log/Xorg.0.log for errors (EE) | 12:41 |
rodr | yes it is amd | 12:49 |
rodr | will try firmware then | 12:49 |
rodr | ok | 12:54 |
rodr | now it works | 12:54 |
rodr | thanks | 12:54 |
kitty | anyone here an expert in nftables or IP tables? | 14:48 |
kitty | I'm trying to work out how to allow certain UDP traffic through my devuan router, I have public IP's on all devices, so don't need NAT. yet all the examples I find are based on NAT. | 14:48 |
kitty | I don't want to just allow UDP port 123 and 53 through for everything | 14:48 |
GyrosGeier | do you want connection tracking (to make replies come through), or do you want to have server-to-server connections only (which for ntp has 123 on both sides)? | 14:53 |
kitty | connection tracking | 14:55 |
kitty | I finally worked it out I think | 14:55 |
kitty | udp sport 53 ct state established counter accept; | 14:55 |
kitty | udp dport 53 ct state new,established counter accept; | 14:56 |
kitty | and the same for port 123 | 14:56 |
kitty | allow out, do not allow back in | 14:56 |
kitty | or rather allow out, allow answers back in, do not allow anyone else in | 14:56 |
GyrosGeier | yes | 15:10 |
kitty | Woo, I think my firewall config is up and working! | 15:46 |
brocashelm | https://www.youtube.com/watch?v=qC42UYUDdf0 - Devuan Ascii Initial Impressions on a New Install | 21:38 |
UsL | ascii? Old stable. Hope he does a chimaera as well. | 22:24 |
brocashelm | this was last june, but yeah, he seems to be actively making videos. he was one of the early adopters of devuan i came across circa 2016 when he wasn't happy with mint's direction beyond lmde2/lm17 | 22:31 |
brocashelm | to sum up the video (for those who didn't watch it): he praised devuan for being so good at handling resources (even with obs and libreoffice running in the background), swap wasn't an afterthought with 800 mb being used all at once on a mate desktop | 22:32 |
golinux | This is a good tour of the desktop https://www.youtube.com/watch?v=FqrIgyZhtUk | 22:43 |
eyalroz | So, I installed chimaera... | 23:01 |
eyalroz | (from scratch, not by dist-upgrade'ing) | 23:01 |
eyalroz | and am now using it. | 23:01 |
eyalroz | I have a bunch of issues/bugs/complaints to report... | 23:01 |
eyalroz | about 15 of them actually. | 23:01 |
eyalroz | How should I best do that? | 23:02 |
brocashelm | try the forums at dev1galaxy.org | 23:05 |
golinux | One per post please | 23:07 |
golinux | Otherwise, it gets messy quickly | 23:08 |
golinux | Search first for solutions | 23:08 |
jason1234 | eyalroz: the installer is recommeded. anyhow debootstrap does not work that well. be aware, that chimaera is qquite good now, before it was not that. | 23:20 |
eyalroz | jason1234: I used the installer | 23:20 |
jason1234 | eyalroz: sound good. the insatller is quite robust. when it comes to grub2, this is mostly issue of grub guys. the grub is quite unreliable (installer). | 23:20 |
eyalroz | golinux: I will, but - I've gotten past most of the issues; there was nothing critical. | 23:21 |
eyalroz | jason1234: No grub issues luckily. | 23:21 |
jason1234 | eyalroz: good to hear | 23:21 |
jason1234 | eyalroz: is networking working? | 23:21 |
eyalroz | Oh yes, there was nothing major | 23:22 |
eyalroz | I'll give you just one example: | 23:22 |
eyalroz | When logging into my user the first time, I'm offered several options for my "Default Window Manager" for LXQt. But - I didn't choose LXQT to be my session manager in the first place. | 23:22 |
eyalroz | s/session manager/desktop environment/ | 23:23 |
fsmithred | what did you choose for a desktop? | 23:23 |
jason1234 | eyalroz: so it net works, sounds very good | 23:25 |
eyalroz | fsmithred: I'm a Cinnamon man. | 23:25 |
jason1234 | sddm or slim are quite good to use | 23:25 |
fsmithred | is pulseaudio missing? | 23:25 |
jason1234 | if nothing works, try slim. | 23:25 |
eyalroz | fsmithred: No, but I should mention I installed (almost) all packages I had installed on beowulf, | 23:26 |
jason1234 | you can use alsa or pulseaudio, if you choose kde, the devuan/debian works but nothing in kde desktop is totally working. usually rpm distros with kde work better than (KDE desk). than on debian/devuan. | 23:26 |
eyalroz | (after saving them with apt-mark showmanual) | 23:26 |
eyalroz | jason1234: While I hate GNOME with a passion, I'm also not quite at home with KDE... | 23:27 |
fsmithred | posting on the forum is a good place to start so that we can sort out our own bugs from debian's. | 23:27 |
eyalroz | fsmithred: I'll do that then, probably starting tomorrow. | 23:28 |
fsmithred | thanks | 23:28 |
eyalroz | Oh, wait, it already is tomorrow where I'm at. | 23:28 |
golinux | eyalroz: That's good progress then! | 23:30 |
eyalroz | golinux: The dev1galaxy human-or-bot questions are hard :-( | 23:31 |
fsmithred | eyalroz, you can cheat. Just ask us. | 23:38 |
eyalroz | fsmithred: I managed. But I failed with the "What's the default desktop environment on Devuan?" question. It's actually a pretty bad question to use, seeing how the answer changes based on the version one is using. | 23:39 |
fsmithred | the default desktop has been xfce in all our releases | 23:40 |
fsmithred | but yeah, the questions kinda suck. We couldn't find a way around that. | 23:41 |
eyalroz | fsmithred: Has it really? http://dev1galaxy.org/viewtopic.php?pid=30795 | 23:56 |
eyalroz | fsmithred: Also, if one enters xfce4, that would probably not be acceted either. | 23:57 |
fsmithred | I have already installed xfce several times with the new isos | 23:57 |
fsmithred | I have not tried any other desktops | 23:57 |
fsmithred | and it might all be different next week when the new task-*-desktop packages move down from ceres | 23:58 |
eyalroz | fsmithred: Well, in my issue, I'm obviously describing the current state of affairs. | 23:58 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!