[MIR] libmodbus
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libmodbus (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
nut (Debian) |
Fix Released
|
Unknown
|
|||
nut (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
This is a new dependency from nut due do adding apc_modbus to nut, seen in component mismatches.
It seems to be most commonly found (top hits) in USV devices which is also how we encounter it (nut manages those).
But TBH there are much more devices speaking this protocol, usually (matching the protocol design) from the low level space. There are even HW gateways converting that to network.
It seems this is a general nice lib for Ubuntu users in low level spaces.
Yet OTOH the CVE history looks intense [4]
Maybe we'd want to talk to security in advance?
---
Oddly - using this was always in an extra package that is in universe.
src:nut
\
\- bin:nut-server suggests nut-modbus
The reason for this is that there are many protocols across HW generations and manufacturers.
And hard depending on all would be quite a punch.
So why is this a component mismatch now to begin with?
Turns out shlibs is now picking this up from bin:nut-server.
$ for p in $(file $(dpkg -L nut-server | xargs) | awk '/executable, x86/ {gsub(":",""); print $1}'); do lddtree $p; done | grep mod
2.8.0-7:
- nothing
2.8.1-1build1:
/lib/nut/apc_modbus (interpreter => /lib64/
libmodbus.so.5 => /lib/x86_
That matches the debian changelog which said
14 * New upstream release
15 - Install new apc_modbus and sms_ser drivers
But why would that not be in nut-modbus?
AFAICS this has ended up in the wrong package.
nut-server has a few very common drivers.
And others - mostly rare or those pulling in extra dependencies are in nut-$name packages.
IMHO
/lib/
Should go to bin_nut-modbus just like those already there.
/lib/nut/
/lib/nut/
/lib/nut/
/lib/nut/
/lib/nut/
TODO:
1. discuss
2. move /lib/nut/apc_modbus to bin:but-modbus
3. suggest the same to Debian to avoid modbus being always installed as dependency
[1]: https:/
[2]: https:/
[3]: https:/
[4]: https:/
tags: | added: server-next |
tags: |
added: server-todo removed: server-next |
description: | updated |
tags: | added: server-triage-discuss |
tags: | removed: server-triage-discuss |
Changed in nut (Debian): | |
status: | Unknown → New |
Changed in nut (Debian): | |
status: | New → Fix Released |
Changed in nut (Ubuntu): | |
assignee: | nobody → Miriam España Acebal (mirespace) |
Changed in libmodbus (Ubuntu): | |
assignee: | nobody → Miriam España Acebal (mirespace) |
assignee: | Miriam España Acebal (mirespace) → nobody |
Changed in nut (Ubuntu): | |
assignee: | Miriam España Acebal (mirespace) → nobody |
Changed in libmodbus (Ubuntu): | |
status: | Incomplete → Fix Committed |
Changed in libmodbus (Ubuntu): | |
status: | Fix Committed → Invalid |
Changed in nut (Ubuntu): | |
status: | Incomplete → Fix Committed |
Marking incomplete (as it isn't yet meant to be reviewed), but subscribing ubuntu-mir so that the tooling finds it.