Thorsten Glaser dixit:
>As explained in #111 it’s only an r-bd for an old version of
Oops, sent too early… #1006449 this should be.
bye,
//mirabilos
--
[16:04:33] bkix: "veni vidi violini"
[16:04:45] bkix: "ich kam, sah und vergeigte"...
Package: libminify-maven-plugin-java
Version: 1.7.4-1.1
Severity: serious
Justification: other
X-Debbugs-Cc: t...@mirbsd.de
minify-maven-plugin is currently only in Debian to satisfy a Build-Depends
of guacamole-client on libminify-maven-plugin-java (its binary package).
However,
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: t...@mirbsd.de
Please remove angular-maven-plugin/0.3.4-3 from both buster and bullseye.
As explained in #111 it’s only an r-bd for an old version of
guacamole-client, and the
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de
angular-maven-plugin is currently only present as r-bd for
guacamole-client, which has been in bad shape for quite a
while. Newer versions of guacamole-client will not use this
plugin any more, so this can be removed.
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: t...@mirbsd.de
Hi,
these are otherwise unused r-deps for movim, which did not make the
release. They were also just removed from unstable, since the movim
packaging project was
]
+ * Security fix: Query Binding Exploitation (Closes: #980899)
+Fixes CVE-2021-21263
+ * Security fix: SQL injection with Microsoft SQL Server (Closes: #987848)
+
+ [ Thorsten Glaser ]
+ * Update Maintainer, upload to oldstable as security fixpack
+
+ -- Thorsten Glaser Fri, 25 Feb 2022 00
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de
Dear ftpmasters,
please remove the source package rng-tools when you have time.
It shipped in bullseye as transitional package and is therefore
now not needed any longer, superceded by both the rng-tools5 and
rng-tools-debian
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de
Dear ftpmasters,
please remove the following packages:
movim
php-cboden-ratchet
php-cocur-slugify
php-defuse-php-encryption
php-dflydev-fig-cookies
php-embed
php-evenement
php-fabiang-sasl
php-markdown
php-raintpl
Package: wnpp
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de, pkg-php-p...@lists.alioth.debian.org
Control: affects -1 src:php-react-promise
I hereby orphan the php-react-promise package.
The package description is:
React/Promise also provides several other useful promise-related
concepts, such
Package: wnpp
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de, only...@debian.org
Control: affects -1 src:php-htmlpurifier
I hereby orphan the php-htmlpurifier package.
The package description is:
HTML Purifier is an HTML filter that will remove all malicious code
(better known as XSS) with a
On Tue, 22 Feb 2022, Thomas Uhle wrote:
> What do you think, wouldn't it be time for an update in Debian?
The comment
> at https://github.com/beanshell/beanshell/issues/603 .
reads for me more like a “maybe remove it instead…”.
Honestly though, if it’s not available in Central, upstreams will
Package: arduino
Version: 2:1.8.19+dfsg1-1~bpo11+1, 2:1.8.13+dfsg1-2
Severity: important
X-Debbugs-Cc: t...@mirbsd.de
arduino (both bullseye and bullseye-backports) Depends: default-jre |
openjdk-11-jre
This is completely nōnsensical. Either it needs 11, then the dependency
must be tightened,
Hi Holger,
> and filed against src:debian-security-support, as openjdk-17 seems to be
> supported and src:debian-security-support's purpose is to documented what's
no, 11 is supported, 17 is just for users to run third-party
stuff on (IIUC).
bye,
//mirabilos
--
Infrastrukturexperte • tarent
retitle 925358 qemu-user-static: mis-emulates something to do with
process/signal handling (m68k, s390x, …)
affects 925358 klibc-dev
thanks
This still happens. (And retitling because I almost filed a bug
against klibc again… oops…)
Look for “mtest-external” (second occurrence) in:
reassign 980759 libgd3
# version in buster
notfound 980759 2.2.5-5.2
# version in bullseye, bookworm/testing, sid
found 980759 2.3.0-2
tags 980759 + bullseye bookworm sid
forwarded 980759 https://github.com/libgd/libgd/issues/814
affects 980759 php7.4-gd
affects 980759 php8.0-gd
affects 980759
found 1004465 2.0.10-1
thanks
Dixi quod…
>Quite some files are missing:
[…]
>/usr/lib/klibc/include/alloca.h
[…]
>/usr/lib/klibc/include/arpa/inet.h
> /usr/lib/klibc/include/asm
> /usr/lib/klibc/include/asm-generic
>/usr/lib/klibc/include/assert.h
[…]
From this
Package: libklibc-dev
Version: 2.0.10-3
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: t...@mirbsd.de
Quite some files are missing:
$ comm <($bullseye dpkg -L libklibc-dev | sort) <($sid dpkg -L libklibc-dev |
sort)
/.
/usr
Hi Norbert,
>Debian at all, and should be brought to the respective channels (TL
>mailing list, LaTeX team tracker, IRC, ...).
thank you for forwarding it there then ☻
bye,
//mirabilos
--
"Using Lynx is like wearing a really good pair of shades: cuts out
the glare and harmful UV
Norbert Preining dixit:
>Fontseries combines weight and width, and thus theoretically any
>combination of weight (ul,el,l,sl,m,sb,b,eb,ub) and width
>(uc,ec,c,sc,sx,x,ex,ux) are possible.
>
>So c = width, b = weight, can be combined.
Yes, they *can* be combined.
If I do \fontseries{bc}.
But
reopen 1003634
thanks
Hi Norbert,
>> \fontfamily{Roboto-TLF}\fontseries{c}\fontsize{12pt}{12pt}\selectfont%
>> This is \f@series{} and should be c.
>>
>> \fontfamily{Roboto-TLF}\fontseries{b}\fontsize{40pt}{40pt}\selectfont%
>> This is \f@series{} and should be b.
>
>Fontseries combines weight
Package: texlive-latex-base
Version: 2020.20210202-3
Severity: important
X-Debbugs-Cc: t...@mirbsd.de
MWE:
-BEGIN cutting here may damage your screen surface-
\documentclass{article}
\usepackage[T1]{fontenc}
\begin{document}
\makeatletter%
On Wed, 5 Jan 2022, Loorey wrote:
> information they can always by logs anyway.
It’s not that easy. fsck can become interactive, and then
there’s the point of where to write the logs during root
and /var⚠ fsck and how to promote them to the eventual
/var and this needs coordination between
tags 907606 - unreproducible
thanks
On Wed, 5 Jan 2022, Adam Borowski wrote:
> Yet in so many cases it's this log output that's an order or two of
> magnitude slower than actual fsck. Even a spinner gives 200 seeks per
Indeed, especially with fb consoles it’s very very slow on scroll,
but slow
On Wed, 29 Dec 2021, Gioele Barabucci wrote:
> Instead of using LSB packages, this version of `lsb_release` uses the
> information in `/etc/os-release`. Nevertheless, the output of this version is
/etc/os-release DOES NOT contain enough information for lsb_release:
(sid-amd64)tglase@tglase:~ $
Package: firefox-esr
Version: 91.4.1esr-1~deb11u1
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de, t...@security.debian.org
Having just been upgraded from 78(IIRC) to 91, it’s slow as hell.
Hitting PgDn in a page blocks the entire browser (including Ctrl-Tab)
for often multiple seconds, otherwise a
Bill Allombert dixit:
>What about the underlying hash functions ?
They’re not used with the keys themselves, merely stated as preferences.
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128,
forcemerge 955393 1001956
thanks
Bill Allombert dixit:
>Is it not the same as #955393 ? gpg1 is not supported.
Ah right, it is; I didn’t see it, probably because it was closed,
and I only recently updated the system in question.
Maybe you should support gpg1…
bye,
//mirabilos
--
[16:04:33]
Package: popularity-contest
Version: 1.71
Severity: grave
Justification: renders package unusable
got a cron mail:
Subject: Cron test -x /usr/sbin/anacron || ( cd / && run-parts
--report /etc/cron.daily )
/etc/cron.daily/popularity-contest:
gpg: 5B1A07804DD558242CF5538215A07BA5233E3E85:
Package: prosody
Version: 0.11.9-2
Severity: serious
Justification: Policy 10.7.3
During an upgrade from buster to bullseye, prosody broke my SSL configuration,
as shown by etckeeper / “git log -p” in /etc:
diff --git a/prosody/certs/localhost.crt b/prosody/certs/localhost.crt
index
Michael Meskes dixit:
>I did some more testing and it seems this simple patch fixes the issue:
I think you should still include a setgroups(0, NULL) call there.
Personally I’d prefer setres[ug]id() because that makes the intent
more explicit even when the effect is the same, but… I’ll let you
Michael Meskes dixit:
>Could you elaborate why? I cannot see much of a difference in these
>when it comes to the topic at hand. Doesn't set[ug]id set all ids to
>the given one?
No, it only sets one of the three (real, effective and saved) uid/gid
to the given one; setres[ug]id() is the one that
Michael Meskes dixit:
>Wouldn't using setuid() suffice?
I doubt that. At least change the gid and reset the auxilliary
groups vector. But using setres[ug]id() is safer, especially
considering each instance shells out to cpp(1), which would
then otherwise be suid-user.
bye,
//mirabilos
--
Michael Meskes dixit:
>Hmm, not sure what I'm doing wrong. Using the same entries in my calendar file
>I get:
>
>michael@feivel:~$ calendar
Right, but do enable the cronjob. “calendar -a” runs as root.
Or try sudo calendar -a which is basically the same then watch
your mail. (You’ll also need
Hi,
it would probably have been better to reassign all (relevant)
bugreports to the equivalent 8.1 packages first; this is probably
something the PHP maintainers ought to have done, as closing all
bugs on package removal is normal ftpmasters procedure.
Maybe next time? ☻
bye,
//mirabilos
--
Package: php8.1-gd
Version: 8.1.0-1
Followup-For: Bug #980759
X-Debbugs-Cc: t...@mirbsd.de
Control: retitle -1 php8.1: imageftbbox returns too small bounding box
(pbuild3309-sid/i386)root@tglase:/tmp# php x.php
Array
(
[V] => 8.1.0
[bbox] => Array
(
[0] => 1
On Sun, 21 Nov 2021, tito wrote:
> couldn't renaming the scripts in the orphan-sysvinit-scripts package
> be a solution to solve this?
I think that breaks user expectations and should only be a
very last resort.
I think both the “cp”, which I cannot find in the binary package
at all so where
Jessica Clarke dixit:
>benefit (primarily that a malicious actor can’t withhold updates;
>Valid-Until is on a much longer timescale than TLS). Most of the other
I don’t get that part. But I only know about the backend issue
because Valid-Until will shrink to 3? 7? days for -security soon
(see
ydir...@free.fr dixit:
>Nowadays only HTTPS entries are in sources.list (maybe that could
What? No!
Besides, the CDN uses HTTP to the backend servers internally, so
you SHOULD NOT use https with deb.debian.org or the older httpredir
to avoid a false sense of security.
bye,
//mirabilos
--
Hi,
> However, this version has not been updated since the Bullseye release
> (whereas the up to date version is available in testing).
right, someone has to do a stable or stable-security upload; probably
the latter, from how this has been handed for other JDK versions before.
Primary contact
Mark Hindley dixit:
>I realise this may be clutching at straws, but is there any chance the
>x32 arch is the trigger for this?
As already stated… at least twice, I think, no: the system got
converted to amd64 in the meanwhile, and the same problem occurs
on my amd64 laptop that was never a
Dixi quod…
>contents of files that start with a cpp-able string *and* contain
>a tab somewhere after that (because calendar(1) does not call cpp(1)
>with -traditional-cpp, which is another minor bug in the port), but
I was mistaken, it does call it like that, and it does work:
Package: calendar
Version: 12.1.7+nmu3
Severity: serious
Tags: security
Justification: security
X-Debbugs-Cc: t...@mirbsd.de, Debian Security Team
I was wondering how Debian’s calendar(1) packaging handled the
setusercontext(3) part, and after finding d/p/calendar_cap.diff
I see it just… does
On Tue, 26 Oct 2021, Clint Adams wrote:
> effort maintaining a utility which is superfluous given the
> existence of alternatives which are preferred by people who care
“It only exists if it’s in Debian.”
SCNR. But this is relevant, here.
[ overly harsh words deleted ]
bye,
//mirabilos
--
# imake
reassign 997628 xutils-dev
found 997628 1:7.7+5
retitle 997628 imake: uses “ar clq” by default, which recent binutils broke in
an incompatible way
# causes an FTBFS, cannot be workarounded in mgp
affects 997628 src:mgp
# root bug is in binutils
block 997628 by 981072
# at least, if not
On Sat, 23 Oct 2021, Svante Signell wrote:
> > However, since you asked, PATH_MAX is set to 2048 in pidof.
This is twice as long as needed on all other systems, and
possibly too short on the Hurd.
> > Using get_current_dir_name() is not a valid way to do it as it is not
> > portable across C
On Fri, 22 Oct 2021, Jesse Smith wrote:
> Hurd systems because there is explicitly a check for that and, if it's
> not defined, PATH_MAX is declared in the code. So this code is GNU Hurd
> safe.
To what value? (Spoiler: 1024 is wrong. All other values are also wrong.)
PATH_MAX does not exist on
On Wed, 20 Oct 2021, Jesse Smith wrote:
> 1. There is something about the host system that is causing insserv to
But what, given I can reproduce this in a chroot and on my laptop?
bye,
//mirabilos
--
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn •
On Wed, 20 Oct 2021, Mark Hindley wrote:
> As Ian said previously, we are clearly still missing something here. I am
> pretty much in
> the dark and clutching at straws. But what filesystem are you using? My
> /var/cache/pbuilder is ext3.
Oh wow.
Mine is on:
/dev/mapper/vg--tglase-lv--tglase
On Sat, 16 Oct 2021, Clint Adams wrote:
> It is my hope that update-shells will obsolete add-shell and remove-shell
Huh, what’s update-shells?
Hm, apparently something new in sid. Ouch. If you really wish for
that, it’ll involve painful versioned Pre-Depends and a largish
diff for backports :/
Hi Simon,
>You might be imagining that dbus-update-activation-environment is forcing
>particular environment variables for your GUI session, but it's the other
yes, this is what I thought at first.
>way round: its purpose is to receive environment variables (usually from
>your GUI session) and
reassign 996418 xrdp
found 996418 0.9.15-1
retitle 996418 xrdp-sesman: fails to initialise environment properly
severity 996418 important
thanks
On Wed, 13 Oct 2021, Thorsten Glaser wrote:
(full quote below for the xrdp maintainers)
> Hi, not sure which package is actually at fault h
Package: dbus-x11
Version: 1.12.20-2
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de
Hi, not sure which package is actually at fault here, but here we go.
Please reassign (and notify the target package maintainers) as needed.
This machine used to be an unstable machine but some time before the
Package: x11-xserver-utils
Version: 7.7+8
Severity: normal
Tags: upstream
X-Debbugs-Cc: t...@mirbsd.de
My ~/.xsessionrc has:
xset dpms 0 0 0
With a regular X11 session, this works, but in an xrdp+xorgxrdp session,
it fails because the server lacks DPMS support. But then, once having
Package: musl-tools
Version: 1.2.2-1
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de
Supposedly, all versions since stretch/bionic should be able
to do static PIE, at least as far as my research shows me, but
I either can’t seem to figure it out, or it’s plain broken.
Both of…
musl-gcc -fPIE
Dixi quod…
>dpkg: unrecoverable fatal error, aborting:
> unknown system group 'plocate' in statoverride file; the system group got
> removed
>before the override, which is most probably a packaging bug, to recover you
>can remove the override manually with dpkg-statoverride
Before I do that,
Package: plocate
Version: 1.1.12-1
Severity: critical
Justification: breaks unrelated software
X-Debbugs-Cc: t...@mirbsd.de
I'm encountering this:
[... apt-get dist-upgrade ...]
Extracting templates from packages: 100%
Felix Lechner dixit:
>By the way, you should also be able to use the wildcards * and ? in
>lieu of the line numbers right now. Please let me know if that works.
So indeed:
-mksh source: debian-watch-uses-insecure-uri
http://www.mirbsd.org/MirOS/dist/mir/mksh/
+mksh source:
Version: 1:5.2+dfsg-11+deb11u1
On Fri, 25 Oct 2019, Thorsten Glaser wrote:
> This now happens with qemu-s390x-static for me as well, which has
Reconfirmed on bullseye, using usr/lib/klibc/bin/mksh from sid’s
mksh_59c-11_s390x.deb binary package. (I’m about to upload -12,
but I assume it
close 988027
thanks
I guess it works as documented for klibc, even though this is a porting
hindrance so no need to keep this bugreport open. Deliberately closing
per control instead of done as the underlying issue is still present.
Guilhem Moulin dixit:
>first to report it I suppose nobody uses large offset= values. Don't
>think adding ‘Depends: bc’ is justified here :-P.
Eh, bc’s supposed to be a base tool anyway…
>Also in practice I was able to use offset=2⁵⁹
(buster-i386)tglase@tglase:~ $ echo '2^59' | bc
Hi Guilhem,
>(And added unit tests for the use case.)
thanks! I was more interested in getting my system working and did the
fix on the installed system without looking at the source package at
first.
>Thanks for the patch! FWIW crypttab(5)'s ‘offset=’ passes the value to
>`cryptsetup -o`
Dixi quod…
>I’m attaching a first cut at my favourite solution. It’s missing
… this time with attachment…
bye,
//mirabilos
--
„Cool, /usr/share/doc/mksh/examples/uhr.gz ist ja ein Grund,
mksh auf jedem System zu installieren.“
-- XTaran auf der OpenRheinRuhr, ganz begeistert
(EN:
Felix Lechner dixit:
>At first glance, the line numbers seemed like a customer-friendly way
>to distinguish hints, but I see your point. (Many more hints are fixed
>than overridden.)
Indeed, but it makes overriding them in the case where that’s truly
the correct action (at no fault of lintian)
Package: lintian
Version: 2.107.0
Please reconsider changing and extending the context of various tags.
More specifically:
• debian-watch-uses-insecure-uri
old context: the URI
new context: the URI plus " (line 2)"
• typo-in-manual-page
old context: file, space, old word, space, new word
On Wed, 6 Oct 2021, Thorsten Glaser wrote:
> So I can verify this behaviour in an otherwise clean chroot.
And https://mops.tarent.de/.tmp/base.cow-bullseye-amd64.tar.xz is the
chroot, just in case it is something about that as well.
bye,
//mirabilos
--
Infrastrukturexperte • tarent soluti
On Wed, 6 Oct 2021, Ian Jackson wrote:
> Thorsten, can you provide a formal Steps To Reproduce that start with
> something like "in a chroot", and which you have verified ? Ie,
> something that you think would allow me (say) to reproduce it in a way
> that has minimal dependencies on our
On Wed, 6 Oct 2021, Mark Hindley wrote:
> Thanks for this. However, neither Jesse nor I can reproduce this behaviour
> with
> the LSB headers you provided which makes debugging what is going on difficult.
I don’t understand this: on another bullseye system (my laptop),
this is not even just
tags 992885 = pending
thanks
Vincent Lefevre dixit:
>> >But I wonder why the signals are restored (and what this does
>> >exactly).
>>
>> You’ll have to trace this through pdksh, I’m afraid.
>
>Yes, and the mksh repository doesn't help as this was in the
>initial pdksh code.
I’m not even sure
Lee Garrett dixit:
>That's entirely possible, but there is no single config that will work
>for more than a few similar models. Note that you can still use your
OK.
>works for you. Long-term I'd love to collect a few thinkfan.yaml to ship
>as examples for specific (thinkpad) models. I'd also
Debian FTP Masters dixit:
> * Don't ship an example config in /etc/thinkfan.yaml (Closes: #983727)
> * Ship example config in /usr/share/doc/thinkfan/examples/
I don’t think these resolve my issue with the newer thinkfan releases.
I’ve looked at the example configuration, and it refers to
Package: fwupd
Version: 1.5.7-4
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de
tglase@tglase-nb:~ $ sudo fwupdmgr get-devices
WARNING: Firmware can not be updated in legacy BIOS mode
See https://github.com/fwupd/fwupd/wiki/PluginFlag:legacy-bios for more
information.
[…]
I’ve followed the
On Sun, 26 Sep 2021, Jesse Smith wrote:
> I just realized what the problem is. On the version of insserv you are
> using, the command should be "insserv -p etc-stripped/init.d -i
> etc-stripped/init.d". The 1.21.0 version of insserv has a second flag
> for where to send dependency information.
On Mon, 27 Sep 2021, Mark Hindley wrote:
> Thorsten, I am wondering if you have anything in /etc/insserv/overrides or
Nope:
tglase@tglase:~ $ find /etc/insserv* -ls
2097290 4 drwxr-xr-x 3 root root 4096 Mär 27 2013
/etc/insserv
2098907 4 drwxr-xr-x 2 root
On Sun, 26 Sep 2021, Jesse Smith wrote:
> I checked out the init.d directories provided by Thorsten. One of the
> features of insserv allows it to test init scripts in an alternative
> directory or chroot.
This seems to be broken:
tglase@tglase:~ $ insserv -p etc-stripped
insserv:
On Sun, 26 Sep 2021, Jesse Smith wrote:
> I've tried this again on my own machine and cannot reproduce the
Does the attached file help? It’s my /etc/{init.d,rc*}/ stripped to
just reproduce the files up to the end of the LSB headers.
bye,
//mirabilos
--
Infrastrukturexperte • tarent solutions
On Sun, 26 Sep 2021, Jesse Smith wrote:
> behaviour. I've tried both the latest version of insserv (1.23.0) and
> the version which shipped with Debian 10 (1.18.0). I did notice having
This is Debian 11 so 1.21.0-1.1 (including Debian patches).
> Thorsten, I wonder if you could give the latest
On Sun, 26 Sep 2021, Jesse Smith wrote:
> did last time. This time please run"
>
> # insserv -v -s
>
> This should set avahi-daemon to K01. Then run
Erm, well, it doesn’t. Apparently, the presence of -s prevents this.
> # insserv -v -s -n
>
> This should tell us whether insserv wants to
Dixi quod…
> On Sun, 26 Sep 2021, Jesse Smith wrote:
>
> > Something that might be useful here is seeing the output from "insserv
> > -v -s -n". This will show in what order insserv intends to assign each
> > service in each runlevel. No changes will be made to the system when
> > insserv is run
On Sun, 26 Sep 2021, Jesse Smith wrote:
> Something that might be useful here is seeing the output from "insserv
> -v -s -n". This will show in what order insserv intends to assign each
> service in each runlevel. No changes will be made to the system when
> insserv is run with the "-n" flag.
On Sun, 26 Sep 2021, Mark Hindley wrote:
> Thorsten's original report[1] suggests it happens on every upgrade.
root@tglase:/etc # git status
On branch master
nothing to commit, working tree clean
root@tglase:/etc # insserv
root@tglase:/etc # git status
On branch master
Changes not staged for
John Scott dixit:
>It's been a little while. Do you still plan on working on this?
Yes, as time permits. I’m even keeping my ear on a possible
inofficial (as the new Muse Group management is disinterested)
3.7 which is accumulating over a hundred fixes still. I’m
still wary of the regressions
On Fri, 24 Sep 2021, Adrian Bunk wrote:
> and assuming the sysvinit-utils maintainers agree, that they adopt
> both the existing "which" and (at least temporarily) "tempfile".
Independent of which “which” is to be adopted, I ask for this “which”
to be one that *does* support “which -a”, which is
Markus Koschany dixit:
>> (maybe some systemd
>> fan paid him)
>
>^^^
>Such malicious allegations are not helpful.
You should adjust your humour detector.
>> but this is what is, and that GR outcome is interpreted
>> as Emmanuel being able to block this indefinitely despite nōn-systemd
>>
Ondrej Zary dixit:
>Hello, why tomcat9 still does not have an init script despite it has
>been posted here?
>
>I'm upgrading a Stretch server without systemd to Buster. Tomcat 9 is
>installed but cannot be started without an init script.
Mostly because Emmanuel insists on using systemd’s
On Mon, 20 Sep 2021, Vincent Lefevre wrote:
> For the 1.1 DTD, w3c-dtd-xhtml 1.1-5 had the *upstream* file
> xhtml-1.1/basic/xhtml-special.ent with the buggy entity definitions
Hmm, now where did t̲h̲a̲t̲ come from?
http://www.w3.org/TR/2001/REC-xhtml11-20010531/xhtml11.tgz
has the flattened
On Mon, 20 Sep 2021, Vincent Lefevre wrote:
> Then libxml2 can find the right file on the local file system via
> catalogs. In my case (which is the *default* setup with Debian
I never understood this catalogue thing. When I tried it, it didn’t
work for me (that may admittedly have been multiple
ml-lib
--
That’s not entirely true, though:
* [22]#826217 [n| | ] [[23]w3c-sgml-lib] [24]w3c-sgml-lib: XHTML 1.1
files missing
Reported by: [25]Thorsten Glaser ; Date: Fri, 3 Jun
2016 11:21:02 UTC; Severity: normal; Filed 5 years a
Package: cryptsetup
Version: 2:2.3.5-1
Severity: important
X-Debbugs-Cc: t...@mirbsd.de
In order to use a cryptsetup swap with a very tiny protective ext2fs
filesystem so we can use LABEL= as source device, I use offset= as
shown in the Arch Linux wiki.
However it fails in Debian:
Package: fontconfig
Version: 2.13.1-4.2
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de
fc-list(1) refers to FcPatternFormat(3) for its -f parameter
(which, incidentally, is in a different, not installed by
default, package). The latter:
fclist
Expands to the output of the default
Vincent Lefevre dixit:
>Perhaps because of this optimization, the wrong set of signals are
>restored?
Hrm, this sounds plausible. I don’t have the bandwidth to investigate
this at the moment, though — sorry :/ but should you, or someone else,
be interested… be my guest.
>But I wonder why the
Vincent Lefevre dixit:
>This is incorrect, because SIGINT should be ignored.
>
>This issue disappears when the subshell has several commands:
>
>$ mksh -c 'trap "" INT; trap; ( :; sleep 3; ); echo $?'
>trap -- '' INT
>^C0
Consider this:
$ mksh -c 'trap "" INT; trap; ( :; exec sleep 3; ); echo
Hi,
as the content for the release notes was suggested to be put into the
Wiki (instead?) anyway, how about, to lower translator burden, there
*will* be put a section about this into the installation guide, but one
that is mostly comprised of a link to the Wiki, with a short intro.
@Matthew:
Ariadne Conill dixit:
> It turns out SNI is only marginally related to this issue. The issue
> itself is far more severe: HTParse() does not understand the authn
> part of the URI at all.
Yes, of course. But without SNI, nothing would have been sent *in
plaintext* at all. The certificate
>Axel Beckert dixit:
>>IMHO this nevertheless needs a CVE-ID.
I wonder… perhaps the use of SNI, both in the TLSv1.3 standard
and in some TLSv1.2 implementations, should receive CVEs as well?
It certainly ought to be disabled by default. Perhaps add some
environment variable to enable SNI in the
Axel Beckert dixit:
>This is more severe than it initially looked like: Due to TLS Server
>Name Indication (SNI) the hostname as parsed by Lynx (i.e with
>"user:pass@" included) is sent in _clear_ text over the wire even
I *ALWAYS* SAID SNI IS A SHIT THING ONLY USED AS BAD EXCUSE FOR NAT
BY
Package: popularity-contest
Version: 1.71
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de
When SUBMITURLS has an https URL (or one not with http:// anyway,
see /usr/share/popularity-contest/popcon-upload line 38 for why,
submission fails; syslog has…
Aug 5 01:37:53 DESKTOP-PN6OO9E
Holger Levsen dixit:
>too wide for what?
For reasonable terminals (~80-100 columns).
>> Unix usernames are supposed to be up to 8 characters
>
>says who? (besides you obviously :) and then GNU's not unix ;)
The person who was pissed off by getting a shell account on
a GNU/Linux box “mirabilo”…
Package: debian-security-support
Version: 2019.12.12~deb8u2
Severity: normal
Colour my surprise when I did an “ls -l /var/lib” and saw:
[…]
drwxr-xr-x 3 rootroot 4096 Oct 1
2019 ucf/
drwxr-xr-x 2 rootroot 4096
Hi Phil,
>BTW one can preseed this behaviour with 'debian-installer/exit/halt' or
>'debian-installer/exit/poweroff' as mentioned here:
>
> https://www.debian.org/releases/stable/amd64/apbs04.en.html#preseed-finish
oh, good to know.
>which means that you could specify such a setting on the
Package: debian-installer
Followup-For: Bug #901332
X-Debbugs-Cc: t...@mirbsd.de
Did anything ever come from this, now that we’re nearing a release?
-- System Information:
Debian Release: 11.0
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'stable-updates'), (500,
501 - 600 of 4557 matches
Mail list logo
