Source: linux
Version: 6.7.7-1
Severity: grave
Justification: user security hole
Dear Maintainer,
(Opting for grave/usersec because naturally updated kernels
fix security vulnerabilities, but actually i think i can't update the
kernel and that's grave, security be damned.)
Observe:
$ sudo apt install --no-install-recommends linux-headers-amd64
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
binutils-x86-64-linux-gnu:amd64 : Depends: libgcc-s1:amd64 (>= 4.2) but it is not going to be installed
Depends: libjansson4:amd64 (>= 2.14) but it is not going to be installed
Depends: libstdc++6:amd64 (>= 13.1) but it is not going to be installed
cpp-13-x86-64-linux-gnu:amd64 : Depends: libgmp10:amd64 (>= 2:6.3.0+dfsg) but it is not going to be installed
Depends: libisl23:amd64 (>= 0.15) but it is not going to be installed
Depends: libmpc3:amd64 (>= 1.1.0) but it is not going to be installed
Depends: libmpfr6:amd64 (>= 3.1.3) but it is not going to be installed
gcc-13-x86-64-linux-gnu:amd64 : Depends: libcc1-0:amd64 (>= 13.2.0-18) but it is not going to be installed
Depends: libgcc-s1:amd64 (>= 3.0) but it is not going to be installed
Depends: libgmp10:amd64 (>= 2:6.3.0+dfsg) but it is not going to be installed
Depends: libisl23:amd64 (>= 0.15) but it is not going to be installed
Depends: libmpc3:amd64 (>= 1.1.0) but it is not going to be installed
Depends: libmpfr6:amd64 (>= 3.1.3) but it is not going to be installed
Depends: libstdc++6:amd64 (>= 5) but it is not going to be installed
libc6:amd64 : Depends: libgcc-s1:amd64 but it is not going to be installed
libgcc-13-dev:amd64 : Depends: libgcc-s1:amd64 (>= 13.2.0-18) but it is not going to be installed
Depends: libgomp1:amd64 (>= 13.2.0-18) but it is not going to be installed
Depends: libitm1:amd64 (>= 13.2.0-18) but it is not going to be installed
Depends: libatomic1:amd64 (>= 13.2.0-18) but it is not going to be installed
Depends: libasan8:amd64 (>= 13.2.0-18) but it is not going to be installed
Depends: libubsan1:amd64 (>= 13.2.0-18) but it is not going to be installed
Depends: libquadmath0:amd64 (>= 13.2.0-18) but it is not going to be installed
libgprofng0:amd64 : Depends: libgcc-s1:amd64 (>= 3.3.1) but it is not going to be installed
Depends: libstdc++6:amd64 (>= 13.1) but it is not going to be installed
libhwasan0:amd64 : Depends: gcc-14-base:amd64 (= 14-20240303-1) but it is not going to be installed
Depends: libgcc-s1:amd64 (>= 3.3) but it is not going to be installed
liblsan0:amd64 : Depends: gcc-14-base:amd64 (= 14-20240303-1) but it is not going to be installed
Depends: libgcc-s1:amd64 (>= 3.3) but it is not going to be installed
libtsan2:amd64 : Depends: gcc-14-base:amd64 (= 14-20240303-1) but it is not going to be installed
Depends: libgcc-s1:amd64 (>= 3.4) but it is not going to be installed
linux-headers-6.7.7-amd64:amd64 : Depends: linux-kbuild-6.7.7:amd64
E: Unable to correct problems, you have held broken packages.
or
$ sudo apt install --no-install-recommends linux-headers-amd64 linux-kbuild-6.7.7:x32
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
binutils-x86-64-linux-gnu:amd64 : Depends: libgcc-s1:amd64 (>= 4.2) but it is not installable
Depends: libjansson4:amd64 (>= 2.14) but it is not going to be installed
Depends: libstdc++6:amd64 (>= 13.1) but it is not going to be installed
cpp-13-x86-64-linux-gnu:amd64 : Depends: libgmp10:amd64 (>= 2:6.3.0+dfsg) but it is not going to be installed
Depends: libisl23:amd64 (>= 0.15) but it is not going to be installed
Depends: libmpc3:amd64 (>= 1.1.0) but it is not going to be installed
Depends: libmpfr6:amd64 (>= 3.1.3) but it is not going to be installed
gcc-13-x86-64-linux-gnu:amd64 : Depends: libcc1-0:amd64 (>= 13.2.0-18) but it is not going to be installed
Depends: libgcc-s1:amd64 (>= 3.0) but it is not installable
Depends: libgmp10:amd64 (>= 2:6.3.0+dfsg) but it is not going to be installed
Depends: libisl23:amd64 (>= 0.15) but it is not going to be installed
Depends: libmpc3:amd64 (>= 1.1.0) but it is not going to be installed
Depends: libmpfr6:amd64 (>= 3.1.3) but it is not going to be installed
Depends: libstdc++6:amd64 (>= 5) but it is not going to be installed
libc6:amd64 : Depends: libgcc-s1:amd64 but it is not installable
libgcc-13-dev:amd64 : Depends: libgcc-s1:amd64 (>= 13.2.0-18) but it is not installable
Depends: libgomp1:amd64 (>= 13.2.0-18) but it is not going to be installed
Depends: libitm1:amd64 (>= 13.2.0-18) but it is not going to be installed
Depends: libatomic1:amd64 (>= 13.2.0-18) but it is not going to be installed
Depends: libasan8:amd64 (>= 13.2.0-18) but it is not going to be installed
Depends: libubsan1:amd64 (>= 13.2.0-18) but it is not going to be installed
Depends: libquadmath0:amd64 (>= 13.2.0-18) but it is not going to be installed
libgprofng0:amd64 : Depends: libgcc-s1:amd64 (>= 3.3.1) but it is not installable
Depends: libstdc++6:amd64 (>= 13.1) but it is not going to be installed
libhwasan0:amd64 : Depends: gcc-14-base:amd64 (= 14-20240303-1) but it is not installable
Depends: libgcc-s1:amd64 (>= 3.3) but it is not installable
liblsan0:amd64 : Depends: gcc-14-base:amd64 (= 14-20240303-1) but it is not installable
Depends: libgcc-s1:amd64 (>= 3.3) but it is not installable
libtsan2:amd64 : Depends: gcc-14-base:amd64 (= 14-20240303-1) but it is not installable
Depends: libgcc-s1:amd64 (>= 3.4) but it is not installable
E: Unable to correct problems, you have held broken packages.
Compare:
$ apt info linux-headers-6.5.0-5-amd64:amd64 linux-headers-6.7.7-amd64:amd64
Package: linux-headers-6.5.0-5-amd64:amd64
Version: 6.5.13-1
Priority: optional
Section: kernel
Source: linux
Maintainer: Debian Kernel Team <
debian-kernel@lists.debian.org>
Installed-Size: 3,736 kB
Depends: linux-headers-6.5.0-5-common (= 6.5.13-1), linux-kbuild-6.5.0-5, linux-compiler-gcc-13-x86
Homepage:
https://www.kernel.org/
Download-Size: 1,274 kB
APT-Manual-Installed: no
APT-Sources:
http://deb.debian.org/debian sid/main amd64 Packages
Description: Header files for Linux 6.5.0-5-amd64
This package provides the architecture-specific kernel header files for
Linux kernel 6.5.0-5-amd64, generally used for building out-of-tree kernel
modules. These files are going to be installed into
/usr/src/linux-headers-6.5.0-5-amd64, and can be used for building modules
that load into the kernel provided by the linux-image-6.5.0-5-amd64
package.
Package: linux-headers-6.7.7-amd64:amd64
Version: 6.7.7-1
Priority: optional
Section: kernel
Source: linux
Maintainer: Debian Kernel Team <
debian-kernel@lists.debian.org>
Installed-Size: 6,329 kB
Depends: linux-headers-6.7.7-common (= 6.7.7-1), linux-image-6.7.7-amd64 (= 6.7.7-1) | linux-image-6.7.7-amd64-unsigned (= 6.7.7-1), linux-kbuild-6.7.7, gcc-13
Homepage:
https://www.kernel.org/
Download-Size: 1,768 kB
APT-Sources:
http://deb.debian.org/debian sid/main amd64 Packages
Description: Header files for Linux 6.7.7-amd64
This package provides the architecture-specific kernel header files for
Linux kernel 6.7.7-amd64, generally used for building out-of-tree kernel
modules. These files are going to be installed into
/usr/src/linux-headers-6.7.7-amd64, and can be used for building modules
that load into the kernel provided by the linux-image-6.7.7-amd64 package. specifically
Depends: linux-headers-6.5.0-5-common (= 6.5.13-1), linux-kbuild-6.5.0-5, linux-compiler-gcc-13-x86
Depends: linux-headers-6.7.7-common (= 6.7.7-1), linux-image-6.7.7-amd64 (= 6.7.7-1) | linux-image-6.7.7-amd64-unsigned (= 6.7.7-1), linux-kbuild-6.7.7, gcc-13
From a purely academic standpoint, I don't really see why
linux-headers-$ver would depend on linux-image-$ver at all?
one wants to build for linux but not care for or want the image
(and i-t &c.) quite often.
but whatever.
The real kicker is, I think going by the unmet-dep list,
the gcc-13 dependency, with linux-headers-6.7.7-amd64:amd64
now trying to pull in gcc-13:amd64 for an unknown reason.
linux-headers-6.5.0-5-amd64:amd64 pulled in linux-compiler-gcc-13-x86:x32 ‒
linux-compiler-gcc-13-x86/unstable 6.5.13-1 amd64
linux-compiler-gcc-13-x86/unstable 6.5.13-1 i386
linux-compiler-gcc-13-x86/now 6.5.13-1 x32 [installed,local]
ii linux-compiler-gcc-13-x86 6.5.13-1 x32 Compiler for Linux on x86 (meta-package)
Package: linux-compiler-gcc-13-x86
Version: 6.5.13-1
Status: install ok installed
Priority: optional
Section: kernel
Source: linux
Maintainer: Debian Kernel Team <
debian-kernel@lists.debian.org>
Installed-Size: 746 kB
Depends: gcc-13
Homepage:
https://www.kernel.org/
Download-Size: unknown
APT-Manual-Installed: no
APT-Sources: /var/lib/dpkg/status
Description: Compiler for Linux on x86 (meta-package)
This package depends on GCC of the appropriate version and architecture
for Linux on amd64, i386 and x32.
‒ which correctly and expectedly pulled in gcc-13:x32.
Because this is an x32 host.
Please revert this change and pull in the correct compiler again.
Best,
наб
(One has to assume this would be a similar scenario on an i386 host using
an amd64 kernel; this is rare in a.d. 2024 probably, but.)
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: x32 (x86_64)
Foreign Architectures: amd64, i386
Kernel: Linux 6.5.0-3-amd64 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FORCED_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEfWlHToQCjFzAxEFjvP0LAY0mWPEFAmXpDl4ACgkQvP0LAY0m WPEyxg//ekown66iXIS3DFUV9ZADrIVzcuwZZs0TbZJSl1UvavuyiTh6ifoaXKsx XhppgCTWnmvWq/DEIPvN5zrIjYzxtrlNRXhuqCw4LTN5EvqBA8gnei6sD1XGVL29 oBcqkxFibo4udUgJ8D0PNUPD4pi1gDakYgsE5NnqiMR+dXarib4iBbKilnmW6QJV t2bYSKtetQRnzorAlayssspkbp66ztSycY9Q1Kk/s+ZlLk/O6zDZtqIS0rXvJYjj 9t7Lkm5o8k3kYDxhc19xWS/vcKuUdWeJBAYNq0daHIVPODaVGJJU33nNzGB5GOG7 QgM06FaVMLjmzpbcg9rg84f6vHLaeSPOWnRviZ0aOPhTYO/Myx9VphPUS65727jy mXt7Esgd0+0uPxumJwrvANGDGvSL51QD79PCdJ9a6KBZKrs35rkb0OnbObRwa2/c 13lw7AfiUIlKLI38iPupeBU2uZ5vd/P4EwqtlwSXHPlPoLBppDIo2Z90qAbsvG3V E7S5TRuv4wix6amntTT/9QeovuPFHEjY82HLerRD18Bm1ETvTvG63k//TtKnWJ3k 9KdrFIEcvA05lP3LQZogNcOb6U4YE55alu+wvAgtyzYWrct0Hq1e9iCp0BYf9zYt Ip/fn/9/txAsR0LPuFzXxCiD99GSre88xoCPVcHpu28PyyXzp/U=
=0lBl
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)