LMDE Betsy uses the deb-multimedia repository to add functionality for playing DVDs and multimedia files like .mp3's. While this does make playing these easier, it also can lead to a security risk due to the way that deb-multimedia "epochs" their package versions. This means that security updates provided by the Debian security team that impact software served from deb-multimedia do not make their way into LMDE 2, leaving some software vulnerable to openly-published exploits.
For example, in LMDE 2, VLC is provided from deb-multimedia and is at version 2.2.2. This version of VLC may be vulnerable to some of these exploits, even on Linux:
https://www.videolan.org/security/sa1601.html
https://www.exploit-db.com/exploits/38706/
https://cve.mitre.org/cgi-bin/cvekey.cg ... rd=VLC+2.2
Meanwhile, the Debian Security team has pushed VLC 2.2.4, which fixes these problems, to Debian Stable. However, since LMDE Betsy uses VLC from deb-multimedia, we don't get this update and are left with the vulnerable 2.2.2 version.
This is just one example out of many: on my personal machine, there were 16 separate packages from deb-multimedia that also had unapplied security updates from Debian. Not exactly what I wanted...
With this in mind, I'm providing this guide to removing all deb-multimedia packages, and (if possible) replace them with their Debian Jessie or LMDE Betsy counterparts so that you can get all security updates for them.
Please note that this is one example of the classic "Security or Stability" question. I can't promise that everything will work as you are used to immediately after following this guide; while I've had great results, yours might be a different situation. However, all of this is reversible so long as you follow the instructions carefully.
(Note: for the rest of the guide I will use "deb-multimedia" and "dmo" interchangeably.)
To remove all DMO packages:
1. Disable the deb-multimedia repository. Since it is listed in
/etc/apt/sources.list.d/official-package-repositories.list
, you cannot simply use the Software Sources tool. Instead, you'll have to open the file with a text editor and comment out the repo.Cinnamon:
Code: Select all
gksudo gedit /etc/apt/sources.list.d/official-package-repositories.list
Code: Select all
gksudo pluma /etc/apt/sources.list.d/official-package-repositories.list
#deb http://www.deb-multimedia.org jessie main non-free
. 2. Update apt:
Code: Select all
sudo apt-get update
Code: Select all
dpkg -l | grep dmo
Code: Select all
rmfiles=$(dpkg -l | grep dmo | awk '{print $2}')
echo $rmfiles
so check the contents.) Highly recommended: I also copied the list of packages to a text file so that I had a permanent record of what I was removing, in case I needed to reverse myself.4. Remove the dmo packages. Since
apt
wants to remove a lot of packages which depend on the dmo packages , some of which will break Mint if removed, use dpkg
to force the removal of only the dmo packages.
Code: Select all
sudo dpkg -P --force-depends $rmfiles
Code: Select all
sudo apt-get update
Code: Select all
/usr/lib/apt/methods/https: error while loading shared libraries: librtmp.so.1: cannot open shared object file: No such file or directory
E: Method https has died unexpectedly!
E: Sub-process https returned an error code (127)
E: Method /usr/lib/apt/methods/https did not start correctly
sudo apt-get update
completes without a hitch.6. Reinstall the missing dependencies. This will replace all the dmo dependencies removed in step 4 with dependencies from Debian Stable or LMDE Betsy.
Code: Select all
sudo apt-get install -f
sudo apt-get update
afterwards!At this point, you should be able to play any media file with VLC, and play .mp3's with the Video player (and probably any other media player in Mint). If you are happy with this, then you can stop here. On the other hand, if you want to be able to play common media files such as .mp4 videos with the Video player in Mint, then go on to step 7:
7. Reinstall all dmo packages that are also in Debian's or Mint's repos. Please note that this will not install any packages that are only in the deb-multimedia repo, such as libwresample; but only packages that were preinstalled in Betsy from deb-multimedia, were removed in step 4, and have equivalents in Debian's or Mint's repos, such as libmp3lame0.
Code: Select all
sudo apt-get install gstreamer1.0-libav libaacs0 libaudclient2 libchromaprint0 libdca0 libfaac0 libgegl-0.2-0 libhal1-flash libmjpegutils-2.1-0 libmp3lame0 libmpeg2encpp-2.1-0 libmplex2-2.1-0 librtmp1 libvamp-hostsdk3 libxvidcore4 libbasicusageenvironment0 libdvbpsi9 libavcodec56 libavfilter5 libavformat56 libavresample2 libavutil54 libbluray1 libebml4 libmatroska6 libswscale3
Congratulations! You've removed all DMO packages!
NOTES:
There are some packages in deb-multimedia that are not provided by Debian. I haven't needed 'em yet, and you might not either. If you do, I've got a complete list of these packages and I'll be happy to help you reinstall any of them. Particularly in this case, having a text file containing what you removed, as I recommended in step 3, will be most helpful!