A time bomb issue has been fixed in gpsd: https://www.openwall.com/lists/oss-security/2021/08/01/1 We should backport the fix to Mageia 8.
Thanks for the warning. Assigning to DavidG, the active maintainer for this.
Assignee: bugsquad => geiger.david68210
Cauldron updated to newly released 3.23
Version: Cauldron => 8Blocks: (none) => 28711Assignee: geiger.david68210 => tmb
Mga 8 also updated to 3.23 to fix this and a lot of other issues, including mga#28711 foxtrotgps, viking, marble, merkaartor, navit, plasma-workspace are rebuilt for new libgps Packages to test: SRPMS: gpsd-3.23-1.mga8.src.rpm foxtrotgps-1.2.2-4.1.mga8.src.rpm marble-20.12.0-1.1.mga8.src.rpm merkaartor-0.18.4-9.1.mga8.src.rpm navit-0.5.4-3.1.mga8.src.rpm plasma-workspace-5.20.4-5.1.mga8.src.rpm viking-1.8-5.1.mga8.src.rpm i586: gpsd-3.23-1.mga8.i586.rpm gpsd-clients-3.23-1.mga8.i586.rpm libgpsd29-3.23-1.mga8.i586.rpm libgpsd-devel-3.23-1.mga8.i586.rpm libgpsdpacket29-3.23-1.mga8.i586.rpm libQgpsmm29-3.23-1.mga8.i586.rpm python3-gpsd-3.23-1.mga8.i586.rpm foxtrotgps-1.2.2-4.1.mga8.i586.rpm libastro1-20.12.0-1.1.mga8.i586.rpm libmarblewidget-qt5_28-20.12.0-1.1.mga8.i586.rpm marble-20.12.0-1.1.mga8.i586.rpm marble-data-20.12.0-1.1.mga8.noarch.rpm marble-devel-20.12.0-1.1.mga8.i586.rpm marble-handbook-20.12.0-1.1.mga8.noarch.rpm merkaartor-0.18.4-9.1.mga8.i586.rpm navit-0.5.4-3.1.mga8.i586.rpm navit-graphics-sdl-0.5.4-3.1.mga8.i586.rpm navit-gtk-gui-0.5.4-3.1.mga8.i586.rpm libcolorcorrect5-5.20.4-5.1.mga8.i586.rpm libkfontinst5-5.20.4-5.1.mga8.i586.rpm libkfontinstui5-5.20.4-5.1.mga8.i586.rpm libkworkspace5-5.20.4-5.1.mga8.i586.rpm libnotificationmanager1-5.20.4-5.1.mga8.i586.rpm libplasma-geolocation-interface5-5.20.4-5.1.mga8.i586.rpm libplasma-workspace-devel-5.20.4-5.1.mga8.i586.rpm libtaskmanager6-5.20.4-5.1.mga8.i586.rpm libweather_ion7-5.20.4-5.1.mga8.i586.rpm plasma-workspace-5.20.4-5.1.mga8.i586.rpm plasma-workspace-handbook-5.20.4-5.1.mga8.noarch.rpm plasma-workspace-wayland-5.20.4-5.1.mga8.i586.rpm viking-1.8-5.1.mga8.i586.rpm x86_64: gpsd-3.23-1.mga8.x86_64.rpm gpsd-clients-3.23-1.mga8.x86_64.rpm lib64gpsd29-3.23-1.mga8.x86_64.rpm lib64gpsd-devel-3.23-1.mga8.x86_64.rpm lib64gpsdpacket29-3.23-1.mga8.x86_64.rpm lib64Qgpsmm29-3.23-1.mga8.x86_64.rpm python3-gpsd-3.23-1.mga8.x86_64.rpm foxtrotgps-1.2.2-4.1.mga8.x86_64.rpm lib64astro1-20.12.0-1.1.mga8.x86_64.rpm lib64marblewidget-qt5_28-20.12.0-1.1.mga8.x86_64.rpm marble-20.12.0-1.1.mga8.x86_64.rpm marble-data-20.12.0-1.1.mga8.noarch.rpm marble-devel-20.12.0-1.1.mga8.x86_64.rpm marble-handbook-20.12.0-1.1.mga8.noarch.rpm merkaartor-0.18.4-9.1.mga8.x86_64.rpm navit-0.5.4-3.1.mga8.x86_64.rpm navit-graphics-sdl-0.5.4-3.1.mga8.x86_64.rpm navit-gtk-gui-0.5.4-3.1.mga8.x86_64.rpm lib64colorcorrect5-5.20.4-5.1.mga8.x86_64.rpm lib64kfontinst5-5.20.4-5.1.mga8.x86_64.rpm lib64kfontinstui5-5.20.4-5.1.mga8.x86_64.rpm lib64kworkspace5-5.20.4-5.1.mga8.x86_64.rpm lib64notificationmanager1-5.20.4-5.1.mga8.x86_64.rpm lib64plasma-geolocation-interface5-5.20.4-5.1.mga8.x86_64.rpm lib64plasma-workspace-devel-5.20.4-5.1.mga8.x86_64.rpm lib64taskmanager6-5.20.4-5.1.mga8.x86_64.rpm lib64weather_ion7-5.20.4-5.1.mga8.x86_64.rpm plasma-workspace-5.20.4-5.1.mga8.x86_64.rpm plasma-workspace-handbook-5.20.4-5.1.mga8.noarch.rpm plasma-workspace-wayland-5.20.4-5.1.mga8.x86_64.rpm viking-1.8-5.1.mga8.x86_64.rpm
Assignee: tmb => qa-bugsCC: (none) => tmb
Following up on my posts to Bug 28711 [rolf@x570i ~]$ sudo unlink /usr/local/sbin/gpsdctl [rolf@x570i ~]$ ll /usr/local/sbin/gpsdctl ls: cannot access '/usr/local/sbin/gpsdctl': No such file or directory [rolf@x570i ~]$ sudo urpmi.update opencpn http://mirrors.kernel.org/mageia/distrib/8/x86_64/media/core/updates_testing/media_info/20210808-161548-synthesis.hdlist.cz updated medium "opencpn" [rolf@x570i ~]$ sudo urpmi gpsd To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "opencpn") gpsd 3.23 1.mga8 x86_64 lib64gpsd29 3.23 1.mga8 x86_64 python3-gpsd 3.23 1.mga8 x86_64 920KB of additional disk space will be used. 806KB of packages will be retrieved. Proceed with the installation of the 3 packages? (Y/n) http://mirrors.kernel.org/mageia/distrib/8/x86_64/media/core/updates_testing/python3-gpsd-3.23-1.mga8.x86_64.rpm http://mirrors.kernel.org/mageia/distrib/8/x86_64/media/core/updates_testing/lib64gpsd29-3.23-1.mga8.x86_64.rpm http://mirrors.kernel.org/mageia/distrib/8/x86_64/media/core/updates_testing/gpsd-3.23-1.mga8.x86_64.rpm installing python3-gpsd-3.23-1.mga8.x86_64.rpm gpsd-3.23-1.mga8.x86_64.rpm lib64gpsd29-3.23-1.mga8.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ######################################################################### 1/3: lib64gpsd29 ######################################################################### 2/3: python3-gpsd ######################################################################### 3/3: gpsd ######################################################################### 1/2: removing gpsd-3.21-2.mga8.x86_64 ######################################################################### 2/2: removing python3-gpsd-3.21-2.mga8.x86_64 ######################################################################### ldconfig: /lib/libbrscandec2.so.1 is not a symbolic link ldconfig: /lib/libbrcolm2.so.1 is not a symbolic link ldconfig: /lib/libbrscandec2.so.1 is not a symbolic link ldconfig: /lib/libbrcolm2.so.1 is not a symbolic link [rolf@x570i ~]$ gpsctl gpsctl:ERROR: no devices connected. [rolf@x570i ~]$ $ sudo systemctl restart gpsd [rolf@x570i ~]$ gpsctl gpsctl:ERROR: no devices connected. [rolf@x570i ~]$ ps aux | grep gpsd nobody 374088 0.0 0.0 9656 2432 ? S<s 10:28 0:00 /usr/sbin/gpsd rolf 374192 0.0 0.0 19732 704 pts/1 S+ 10:28 0:00 grep --color gpsd [rolf@x570i ~]$ ll `which gpsctl` -rwxr-xr-x 1 root root 565352 Aug 8 07:46 /usr/bin/gpsctl* [rolf@x570i ~]$ sudo gpsctl gpsctl:ERROR: no devices connected. [rolf@x570i ~]$ *sudo reboot* [rolf@x570i ~]$ ps aux | grep gpsd nobody 1763 0.0 0.0 9684 2268 ? S<s 10:30 0:00 /usr/sbin/gpsd rolf 10705 0.0 0.0 19864 760 pts/0 S+ 10:31 0:00 grep --color gpsd [rolf@x570i ~]$ gpsctl /dev/ttyACM1 identified as a u-blox at 9600 baud. [rolf@x570i ~]$ However, xgps doesn't open from the menu, nor xgpsspeed and [rolf@x570i ~]$ xgps xgps: ERROR: need gps module version 3.21, got 3.23 [rolf@x570i ~]$ [rolf@x570i ~]$ xgpsspeed xgpsspeed: ERROR: need gps module version 3.21, got 3.23 [rolf@x570i ~]$ Thanks.
CC: (none) => rolfpedersen
Sorry, [rolf@x570i ~]$ rpm -q gpsd-clients gpsd-clients-3.21-2.mga8 [rolf@x570i ~]$ sudo urpmi gpsd-clients http://mirrors.kernel.org/mageia/distrib/8/x86_64/media/core/updates_testing/gpsd-clients-3.23-1.mga8.x86_64.rpm installing gpsd-clients-3.23-1.mga8.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ######################################################################### 1/1: gpsd-clients ######################################################################### 1/1: removing gpsd-clients-3.21-2.mga8.x86_64 ######################################################################### ... They now both open and xgps gui looks as before.
MGA8-64 Plasma on Lenovo B50 No installation issues. I have no gps device, so testing is rather limited. gpsd starts OK. gpsct says "No devie found" which is OK. Started applications like marble, navit, viking, merkaator, xpps which all start OK wuithin the limitations of haveing no device I'd rather like that someone with a device would OK this update.
CC: (none) => herman.viaene
Ubuntu has issued an advisory for this today (August 10): https://ubuntu.com/security/notices/USN-5035-1
I have ordered a usb VK-172 device to test this. Amazon says it will be here in two days. Amazon comments indicate that Windows users need to jump through hoops to download and install drivers, but they read like they are already included with Linux. We'll see. Hoping it's essentially plug-and-play.
CC: (none) => andrewsfarm
I first installed the current packages and attempted to use my new device. I found that the device was recognized, but that it didn't seem to be doing anything. the xgps tool showed no activity whatsoever. Then I read Bug 28711, and realized this was one of the bugs this update was supposed to fix. So I updated the packages, with no installation issues. Then I rebooted, without the device plugged in. I plugged the device in, then ran xgps. This time the device was reporting that it could "see" from 2 to 10 satellites, showing some information about each one. But, it also said it wasn't "using" any of them, and indeed no position data was being reported. This would seem to be progress, but perhaps not enough. Three very possible reasons for the failure to "use" the satellites: 1. I don't have a clue about what I am doing. (Most likely reason) 2. I didn't wait long enough for communication to be established. 3. I was inside, in my living room on the first floor, using my desktop. Perhaps my 100+ year-old wood-frame house was blocking the signal enough that it was too weak to connect reliably. I can perhaps try something with my laptop outside if the above theories are correct, but not necessarily right away. A hurricane is scheduled to come ashore east of here tomorrow. While it isn't predicted to affect us very much, with hurricanes you never really know what will happen until it happens. If I am on the wrong track, please direct me to the correct one.
I tried this on my laptop, not outside (damp out there today) but on a different floor. the xgps app detects at least 9 stable satellites, with several more that come in and out. Still, it fails to "use" any of them. I'm sure this is something I'm doing, or not doing. (Do I have to open the port manually? I don't know for sure how to do that.) I believe it is working as designed. At the very least it seems to correct an access problem, and I'm going to grant an OK based on just that. If something more is needed, please let me know. If not, I'm OK with a validation, as well.
Whiteboard: (none) => MGA8-64-OK
Created attachment 12911 [details] screenshot of xgps Adding a screenshot of the data I am receiving from xgps. The only thing that changes over several minutes is the number of satellites detected. I am about as sure as I can be while stumbling in the dark that there is some step or another that I have failed to do to make this work.
My gps receiver should show up in a few days too so I can see if I can reproduce..
I do not reject the idea that my dongle could be faulty. It was not the least expensive device listed on Amazon, but it was close. I went with this one because most of the 300 comments were positive - though they were based on using the device with Windows or a Raspberry Pi. One comment did say that it took the device over 5 minutes to "lock on," so maybe I'm still not waiting long enough.
Taking back my OK, at least until Thomas' investigation has been completed.
Whiteboard: MGA8-64-OK => (none)
Works ok here OOB, validating and flushing out.
CC: (none) => sysadmin-bugsKeywords: (none) => advisory, validated_updateWhiteboard: (none) => MGA8-64-OK
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0411.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
After reading Comment 15, I tried with my device and my laptop one more time. This time it tried to lock on to one or two satellites, but couldn't hold the connection. Then I tried a tip from one of the Amazon reviews, and used a short usb extension between the device and my laptop. Huge difference. More satellites detected, and it was able to lock on to 8 of them in xgps and hold them. I suspect the extension was being used as an antenna. I did not get Marble or FoxtrotGPS to do anything with it, but Viking did receive the correct longitude and latitude. Once again, the failures are probably due to my own lack of knowledge.
(In reply to Thomas Andrews from comment #17) > > Huge difference. More satellites detected, and it was able to lock on to 8 > of them in xgps and hold them. I suspect the extension was being used as an > antenna. > It's more that adding that cord makes the device get some distance so it wont get affected by the electronic interference your laptop creates