Ubuntu and Debian Reports and Views

posted by Roy Schestowitz on Feb 11, 2025

• Debian Family

  • Dave Hibberd: Radio Activity 10-16 Feb 2025

    It’s been quite the week of radio related nonsense for me, where I’ve been channelling my time and brainspace for radio into activity on air and system refinements, not working on Debian.

    POTA, Antennas and why do my toys not work?

    Having had my interest piqued by Ian at mastodon.radio, I looked online and spotted a couple of parks within stumbling distance of my house, that’s good news! It looks like the list has been refactored and expanded since I last looked at it, so there are now more entities to activate and explore.

  • Petter Reinholdtsen: Some of my 2024 free software activities

    It is a while since I posted a summary of the free software and open culture activities and projects I have worked on. Here is a quick summary of the major ones from last year.

    I guess the biggest project of the year has been migrating orphaned packages in Debian without a version control system to have a git repository on salsa.debian.org. When I started in April around 450 the orphaned packages needed git. I've since migrated around 250 of the packages to a salsa git repository, and around 40 packages were left when I took a break. Not sure who did the around 160 conversions I was not involved in, but I am very glad I got some help on the project. I stopped partly because some of the remaining packages needed more disk space to build than I have available on my development machine, and partly because some had a strange build setup I could not figure out. I had a time budget of 20 minutes per package, if the package proved problematic and likely to take longer, I moved to another package. Might continue later, if I manage to free up some disk space.

• Ubuntu Family

  • Threat Source ☛ Small praise for modern compilers - A case of Ubuntu printing vulnerability that wasn’t

    Earlier this year, we conducted code audits of the macOS printing subsystem, which is heavily based on the open-source CUPS package. During this investigation, IPP-USB protocol caught our attention. IPP over USB specification defines how printers that are available over USB can only still support network printing via Internet Printing Protocol (IPP). After wrapping up the macOS investigation, we decided to take a look at how other operating systems handle the same functionality.

    Our target Linux system was running Ubuntu 22.04, a long-term support (LTS) release that handled IPP-USB via the “ippusbxd” package. This package is part of the OpenPrinting suite of printing tools that was under a lot of scrutiny recently due to several high severity vulnerabilities in different components. Publicity around these issues has caused undue stress on the OpenPrinting suite maintainers, so, although the potential vulnerability we are about to discuss is very real, mitigating circumstances make it less severe. The vulnerability is discovered and made unexploitable by modern compiler features, and we are highlighting this rare win. Additionally, the “ippusbxd” package is replaced by a safer “ipp-usb” solution, making exploitation of this vulnerability less likely.

  • Ubuntu News ☛ Ubuntu Weekly Newsletter Issue 878

    Welcome to the Ubuntu Weekly Newsletter, Issue 878 for the week of February 2 – 8, 2025. The full version of this issue is available here. In this issue we cover: Spec: Switch to Dracut Ubuntu Studio: LTS Upgrades (22.04 to 24.04) ARE BACK!