Bug#989425: Libpam-chroot/0.9-5 uploaded
tags 989425 -moreinfo thanks Libpam-chroot 0.9-5 has been uploaded to unstable. Best regards Javier
Bug#986908: unblock: snort 2.9.15.1-5
On Mon, 19 Apr 2021 at 23:24, Chris Hofstaedtler wrote: > > $ debdiff snort_2.9.15.1-4_i386.deb snort_2.9.15.1-5_i386.deb > [..] > > The debdiff does not seem to show any actual packaging changes. Are > you sure you diffed the correct files? > Apologies, I sent a debdiff of the binary packages. I will send a debdiff of the source packages soon. Best regards Javier
Bug#892793: stretch-pu: package cron/128+deb9u2
Dear Michael, On 13 March 2018 at 01:03, Michael Bieblwrote: > Am 13.03.2018 um 00:43 schrieb Javier Fernández-Sanguino Peña: >> +After=remote-fs.target nss-user-lookup.target > > Why is the remote-fs.target ordering necessary? That doesn't seem > correct to me. Why doesn't that look correct to you? Please note that cron's init file already had a dependency on remote mount points being available (autofs - see bug #512757). Remote-fs.target was added to the cron.service file due to bug #815088 (in version 3.0pl1-128.1, available in unstable following a NMU in Oct 2017). I just added to this proposed upload for coherence. Cron system tasks do not depend on user's directories being mounted. However, crontab tasks defined by local users might depend on remote mount points being available in the systems (e.g. their /home). Best regards Javier
Re: [release-notes] The two last weeks up to the release
Dear Niels, El 5 jun. 2017 9:23 a. m., "Niels Thykier"escribió: I admit it is not a lot of time to finish. But it should get us a lot of the way while hopefully leaving enough time for everyone to do their part. Thank you for providing a plan for both proofreading, reviews and translations. With my translator's hat own, I think It is really helpful to have a plan like this in order to plan days of work. Best regards, Javier
Re: snort/daq mess in testing.
On 5 November 2014 23:53, Peter Michael Green plugwash-urg...@p10link.net wrote: While checking up on the changes to the list of uninstallable packages in arm64 testing I noticed the following had appeared due to the migration of a new version of snort to testing. snort2.9.7.0-3unsatisfied dependency on libdaq0 snort-common-libraries2.9.7.0-3unsatisfied dependency on libdaq0 Initially I thought this was just another case of need to schedule a binnmu in TPU but unfortunately the reality is a lot more horrible than that. On further investigation it seems that 1: sid has a bogus libdaq0 package that actually contains libdaq.so.2. The package has been correctly renamed in the most recent sid upload but the bogus package is still arround. The libdaq0 package should be removed from sid. The 'daq' source package now builds only libdaq2 (which replaces libdaq0). For some reason the latest version (2.0.4-3) has not yet been built by the autobuildds, it should have migrated to testing by now. I probably messed up something in this transition, I tried to go by the book but I'm not sure I did it properly. 2: snort appears (from the build logs and from lack of daq related output in ldd) to be statically linked against sid's libdaq but for reasons I do not know (maybe something to do with plugins) it has an unversioned dependency on libdaq0 This seems to be something that upstream does and I was not aware of. I will have to review if we can change this in the Snort Debian build for future releases. I don't think it's really acceptable to have a package in jessie statically linked against a substantially newer version of the library then is shipped in jessie. Agreed. So as I see it there are a few possible soloutions but none of them are great (not advocating one over another, just saying what the options appear to be, I'm just a regular dd who came across brokenness, not a release team member or ftpmaster) 1: complete the transition, build everything against the new snort and ship that in jessie. I would be in favor of this one. 2: remove the arm64 snort binaries, perform +b2 binnmus of snort in sid and +b1 binnmus of snort in tpu. Make sure the +b2 binnmus don't migrate to testing (depending on how the dependencies are generated this may be tricky) 2a: same as 2 but fix the daq package for arm64 through TPU rather than removing the arm binaries of snort. 3: revert daq in unstable using an epoch or a +really version number. Remove arm64 binaries of daq and snort from sid and rebuild snort against the reverted daq. I would prefer to provide the latest daq version in unstable, the old one should be removed. 3a: same as 3 but fix the arm64 build of daq when reverting it. 4: completely remove snort from testing It's also quite possible that snort is not the only package caught up in this. It is, as far as I know daq is not used by any other package. I have not investigated at this point if fixing up testings version of daq for arm64 is a trivial fix or not (it fails with an outdated config.sub which is trivial to fix but I dunno if that's the only issue) The daq version in testing should be updated with the 2.0.4-3 version Regards Javier -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cab9b7ust7rjxjnpruemln7xn71hml13dfq8lfoujybxt2uy...@mail.gmail.com
Bug#706653: Pre-approval, unblock: debian-history/2.19
On 22 May 2013 23:27, David Prévot taf...@debian.org wrote: Javier, given your last edition dates from over two weeks, and a point release is scheduled in three weeks, is it OK for you to get the remaining (main) translations updated, and to pursue the initial goal? In case you don’t have time to finish it, or to reply to that thread in the coming days, I’ll issue another call for translation updates and will continue the process in order to have things ready for next week. I have sent a trasnlation update call to the translators' mailing list as well as to the individiual maintainers of specific translations which could easily be fully up-to-date with latest document changes. We will give some time for translators to send updated translations and then we will make an upload to stable with the updated document as well as the translators. The current target for this upload is June 1st. I hope that leaves enough time for it to get the updated package into the next point release. Does it? Best regards Javier -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAB9B7UuJpPf+xddG6Ntf8m=j5r7g_mznjgctbtgqn1_my0+...@mail.gmail.com
Please accept doc-debian 6.1 into testing (Wheezy)
Hi there, Please unblock doc-debian so that the latest version moves over into Wheezy. This package only ships documentation and it should not impact any other stuff. Wheezy currently ships doc-debian 4.0.2, the same version that was shipped with the previous release. I believe that it is blocked due to bug #614497, which applies to the doc-debian version 4.0.2 also. Since doc-debian includes documents relevant to the project (the Constitution, the Social Contract) it would be best if the latest version is shipped with the Wheezy release. Regarding bug #614497, please note that there is work ongoing regarding bug #388141, which seems will be resolved throughout the year, and once that bug is fixed #614497 would go away too. Thanks, Javier -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cab9b7usbdzobbrq0cmg4mpgaoakknvs_jdyjzmdd3ywxdna...@mail.gmail.com
Removal request of OpenVAS packages from testing
Dear Release Managers, I would like to request you to remove *all* of the OpenVAS 2.x packages from the current testing distribution. This includes the following packages: - libopenvas2 / libopenvas2-dev (version 2.0.4-2.1) - libopenvasnasl2 / libopenvasnasl2-dev (version 2.0.2-2.1) - openvas-client (version 2.0.5-1.1) - openvas-plugins-base / openvas-plugins-dfsg (version 1:20100705-2) - openvas-server / openvas-server-dev (version 2.0.3-6) Support for OpenVAS 2 was discontinued last year [2]. Providing OpenVAS 2 to our Debian 'stable' users in our upcoming release is not really a good idea. Even though the scanner/client works 'as it is', users will not be able to download new plugins for this release from the OpenVAs servers and it will not be possible for them to find recent vulnerabilities in hosts they scan. For the last 2 years I have provided experimental versions of OpenVAS 3, which seem to have not received to much attention from users. In any case since that version is also going to be discontinued upstream. Since the latest OpenVAS release is version 5 [1] (released May this year) I will work towards providing OpenVAS 5 in our unstable distribution. And, once available, will try to make backports available for Wheezy too. Removing the OpenVAS 2 packages from testing simplifies handling upgrades to the newer version and also installations of the backports of OpenVAS 5 packages in Wheezy. Please let me know if I should open up an RC bug against these packages for this removal. Thanks, Javier [1] http://www.openvas.org/news_archive.html#openvas5 [2] http://lists.wald.intevation.org/pipermail/openvas-announce/2011-June/000127.html -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAB9B7Us6GKR=tufmdbmrtaumoboiiforpsc_cmkxnobnp3j...@mail.gmail.com
Re: NMU
Thanks for the NMU, I did not have time this week to make an upload myself. Regards Javier PS: If I have time I might make an upload soon with the same changes, in order to acknowledge the NMU -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cab9b7ustwhj1mczkl6czjnbar4n282rvtdusrfiuntgrpw2...@mail.gmail.com
Re: ifupdown-extra upload to stable-proposed-updates
2011/9/28 Adam D. Barratt a...@adam-barratt.org.uk: Unfortunately, after some more detailed review of the diff and some testing, I'm afraid we've had to reject the upload, as it stands. The issue is the move of the conffile simply using mv. This leads to dpkg raising a conffile change prompt on upgrades even if the user has not made any changes. Note that this issue also affects the package in unstable, so would need resolving there first. Ok. I will fix this and re-upload to stable. Regards Javier -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cab9b7uvror20txsocydymr773xwnj4srf0qdlwchm8bjido...@mail.gmail.com
Re: ifupdown-extra upload to stable-proposed-updates
2011/6/13 Adam D. Barratt a...@adam-barratt.org.uk: On Sun, 2011-06-12 at 23:25 +0200, Javier Fernández-Sanguino Peña wrote: The last of the changes in the list above has this changelog entry associated with it: + * if-up-scripts/static-routes: + - Fix typo that prevent the script from adding routes as it expected them + to have 'reject' when they shouldn't. Thanks to Mathieu Parent and + to Petru Ratiu for the patches. (Closes: #613632, #458395) (LP: #631533) but actually appears to both fix a bug (the inverted sense of the reject test) and introduce new functionality relative to the current version in stable, namely the adding of routes which _do_ have reject associated with them. Is that correct? You are right. I will strip off the new functionality and just fix the bug. The second query is more of a comment really. I appreciate that this isn't a regression from the previous matching code, but it seems to me that this: add_static_routes() { - cat $ROUTEFILE | egrep ${IFACE}$ | + cat $ROUTEFILE | egrep ^[^#].*${IFACE}$ | will match a line of foo bareth0 in the route file where $IFACE contains eth0. I'm not sure if this is an issue in practical use of the package though. Hmmm.. .it is not fully a regression since it behaves similarly to how it did previously, but the regular expression could be improved so that it only matched $IFACE when it is a full word and not part of it. It is not that common to have similarly named interfaces, but I do agree that this, under some circumstances, could trigger a bug. I will ammend the regular expression in unstable and in the upload to proposed-updates. It is my understanding that fixing these two issues I could go ahead and do an unpload to 'stable'? Regards Javier -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/BANLkTi=tbsa9-cxvl1j+3xav0knsmrg...@mail.gmail.com
Bug#609843: unblock: snort/2.8.5.2-7
On 21 January 2011 22:55, Adam D. Barratt a...@adam-barratt.org.uk wrote: On Fri, 2011-01-21 at 21:47 +0100, Javier Fernandez-Sanguino wrote: It's in my todo list for this weekend. That's great; thanks for the update. I uploaded a new version to the archive fixing this and another bug (that affects upgrades from squeeze) a few hours ago. Sorry for the delay. Regards Javier -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/AANLkTi=cg41uoekgyvlzrt4+iattx7edprhtdxx-z...@mail.gmail.com
Bug#609843: unblock: snort/2.8.5.2-7
Hello Adam, It's in my todo list for this weekend. Javier El 21/01/2011 14:08, Adam D. Barratt a...@adam-barratt.org.uk escribió: On Tue, January 18, 2011 23:51, Javier Fernandez-Sanguino wrote: 2011/1/18 Adam D. Barratt adam@a... Thanks. Any estimate on when you'll have chance to make the new upload? Regards, Adam
Bug#609843: unblock: snort/2.8.5.2-7
2011/1/18 Adam D. Barratt a...@adam-barratt.org.uk: On Thu, 2011-01-13 at 00:09 +0100, Javier Fernández-Sanguino Peña wrote: Please unblock the snort package version 2.8.5.2-7. This package fixes the following RC bugs: #608590, #603428 and #566308 So, after having stared at it for a while, I think I've convinced myself that the configuration management code isn't entirely crazy, which is a good start; on the other hand, this, from each of snort{,-inline,-mysql,-pgsql}.prerm looks odd: + start-stop-daemon --stop --quiet --oknodo --exec /usr/sbin/nessusd That shouldn't be there. I don't know how or when this got in but I will remove it as soon as possible. Regards Javier -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/AANLkTi=_KyQQ2rtqGt1yFzoNJ6FD+t37D1O+kR8TKX=k...@mail.gmail.com
Re: Request unblock for snort 2.8.5.2-5 (in 7 days)
On 1 January 2011 19:53, Julien Cristau jcris...@debian.org wrote: (...) This screams of policy violation. Are user modifications to a configuration file actually overwritten? Errr... yes. You are right that this should not happen. Actually, in the previous releases this already happened when the changes were done in a section of the other configuration file (/etc/snort/snort.conf). So the package in squeeze already does this already, but to another configuration file and it is not so evident. The situation is improved somewhat in that now the contents are automatically written to a configuration file (/etc/snort/database.conf) and not a conffile provided by the package (previously, /etc/snort/snort.conf) so that user's will not get a conffile changed prompt in upgrades. In addition, upon reviewing the code, this also applies to pre-existing changes done through debconf to /etc/snort/snort.debian.conf although the comment in the file is not so self-evident. I will try to work on this in order to properly preserve local admin changes. It might take me some time, however, to get that fixed. In the meantime I will file a serious bug for the previous version too. Regards Javier -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktimwjc4k66trhjyaedmsq_r7zboon9oypu8rz...@mail.gmail.com
Re: CfH: Some issues regarding the lenny release notes
2009/2/2 W. Martin Borgert deba...@debian.org: 0. Credits I added some author and translator names to the file en/release-notes.dbk. If your name or the name of your favourite contributor is not yet in, please just patch the file. If the existing information is inaccurate, patch it. Maybe we can also remove some names, which do not apply to the current state anymore. In my opinions translators should only appear in the relevant translation document, not in all languages. Having, for eg, the bielorussian's translators name in the spanish translation of the Release Notes does not make sense. Maybe it should be best to have something like: # TRANSLATORS: Please introduce here the name of the people # you want to credit both for current and past translations msgid The translation teams for each of their respective languages msgstr And have translation teams introduce in the translation whatever they feel appropiate. I'm not sure how the 'hidden Also, either all credits should have email addresses or none should, doing a mix of some do, some don't looks odd. Just my 2c Regards Javier -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Please unfreeze snort 2.7.0-20
2008/11/2 Adeodato Simó [EMAIL PROTECTED]: * Javier Fernández-Sanguino Peña [Mon, 27 Oct 2008 21:56:52 +0100]: Hello, Javier. Snort 2.7.0-20, recently uploaded to unstable, introduces a fix for a known security vulnerability (CVE-2008-1804). Please unfreeze this package so that the fix can move into Lenny. The i386 binaries that were uploaded to t-p-u depended on the pcre3 on unstable (they were built in an unstable system/chroot and not in a testing one). They hence can't migrate to testing. I'm postitive I built them in a lenny chroot. I don't know what happened there. Will check. Regards Javier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re: Erich Schubert: SELinux support is a release goal for etch
(Please CC: me, I'm not in the list) Uwe Hermann said: Is there any quickstart document I should read to get myself up to speed? Any TODO list for Debian which contains items a SELinux newbie could tackle? Maybe that is one of the things that prevents users and developers from running or enabling SElinux, there is currently not much information to describe what a user needs to do in Debian in order to benefit from it. What's more, if you Google it out you might end up with bits that are not updated and do not apply anymore. Manoj gave an excellent talk on SElinux at Debconf6, and the wiki points to three different pages [0] The Debian Security Manual does not currently have a section on SELinux, it is only mentioned, in passing at the Adding kernel patches section [1] I would gladly add a separate section on SElinux to the Manual if somebody from the team would write one. It doesn't have to be excessively detailed, it could maybe be written based on Manoj's [2] or Russel's [3] pages. But somebody has to do it (maybe even talk to Manoj to get him to attach a proper license to this brief HOWTO so that it can be reused in the Manual) I'm not knowledgeable enough on SELinux to do it myself, and I cannot spare time to tinker with it, but if someone where to do it I think that might spur more users and developers... My 2c. Javier [0] http://wiki.debian.org/SELinux, http://wiki.debian.org/SELinuxSetup and http://wiki.debian.org/SELinuxStatus [1] http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-kernel-patches [2] http://www.golden-gryphon.com/software/security/selinux.xhtml [3] http://www.coker.com.au/selinux/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]