Control: severity -1 minor
Control: retitle -1
On Tue, 19 Jun 2018 at 15:06:40 +0200, Antonio wrote:
> The boot problem is that you include file "/lib/cryptsetup/functions"
> [scripts: hooks/cryptgnupg, hooks/cryptopensc, hooks/cryptroot under
> /usr/share/initramfs-tools] but when generate initr
Hi Antonio,
On Tue, 19 Jun 2018 at 08:31:39 +0200, Antonio wrote:
> $ update-initramfs -u
> cryptsetup: WARNING: The initramfs image may not contain cryptsetup binaries
> nor crypto modules. If that's on purpose, you may want to uninstall the
> 'crypsetup-initramfs' package in order to disable the
Control: severity -1 wishlist
Control: tag -1 - moreinfo
Control: retitle -1 cryptsetup-initramfs: please provide documented shell
functions to validate/sanitize cryptroot entries in 3rd party hook files
On Mon, 18 Jun 2018 at 23:54:09 +0200, Christoph Anton Mitterer wrote:
> So why do I need stu
Control: tag -1 moreinfo
Hi Christoph,
On Mon, 18 Jun 2018 at 15:06:59 +0200, Christoph Anton Mitterer wrote:
> Fritst thanks for work you've done in the recent new versions. Sooo many
> nice things have been implemented/fixed :-)
:-)
> The problem seems that in earlier versions, the initramfs
Control: tag -1 pending
Hi,
On Sun, 25 Dec 2016 at 19:13:18 +0100, schaarsc wrote:
> Please consider adding keyfile-size, keyfile-offset to the supported options.
Thanks for the patch. I didn't apply it as is since we just finished a
major refactoring of our scripts, but nonetheless this commit
Control: tag -1 pending
On Sun, 17 Jun 2018 at 09:02:56 +0100, Chris Lamb wrote:
> How did the sprint go? :)
Go*es*, we still have a few hours left :-) Quite well, thanks for
approving the sponsorship! The refactoring branch is now merged to
master, and 'failsleep' is no longer supported. Beca
Control: tag -1 pending
Hi,
Thanks for the review! Refactoring cryptdisks.functions has been on our
TODO list for quite a while, and we finally got around to it. All the
points you mentioned are addressed, AFAICT:
https://salsa.debian.org/cryptsetup-team/cryptsetup/blob/master/debian/cryp
Hi Chris,
On Wed, 06 Jun 2018 at 09:04:58 +0100, Chris Lamb wrote:
>> Given that a major refactoring of the initramfs integration is ongoing,
>
> How's that getting on? :)
Finishing the refactoring is on the agenda for our hackathon in about 10
days, but this part is largely done already (failsl
Control: tag -1 pending
Hi,
On Sun, 20 Aug 2017 at 21:40:44 -0400, G. Branden Robinson wrote:
> I'm at a loss for what put my terminal into that state in the first
> place
Just got another report from Grégoire Détrez, who stumbled upon the same
problem and found out how to reproduce it, namely b
Control: retitle -1 signing-party: gpgsigs(1) doesn't fill in partially filled
Checksum lines
Control: tag -1 wishlist
Hi,
On Wed, 30 May 2018 at 23:18:55 +0200, Uwe Kleine-König wrote:
> uwe@taurus:~/tmp$ gpgsigs 0D2511F322BFAB1C1580266BE2DCDD9132669BD6
> uwesparty.txt | grep -A2 "SHA256 Ch"
>
Control: tag -1 pending
Hi,
On Tue, 22 May 2018 at 21:56:36 +0200, Stephan Gerth wrote:
> Enabling roundcube: ok
> Enabling fastcgi: ok
> Met dependency: fastcgi
> Enabling fastcgi-php: ok
> already enabled
> Run "service lighttpd force-reload" to enable changes
I'm able to reproduce this in a c
Hi Chris,
On Sat, 12 May 2018 at 19:10:43 +0100, Chris Lamb wrote:
> It would be nice if the sleep-on-failure time was configurable, just
> like tries=N, etc.
>
> Patch attached.
Thanks for the patch! (We discussed about this bug IRL but let me
follow up here for the sake of transparency.) The
Control: retitle -1 Unify cryptsetup's crypttab(5) and systemd's
Hi,
On Mon, 01 Jan 2018 at 06:01:33 -0800, Harrison wrote:
> The "plain," is undocumented but REQUIRED or the unlock fails during boot.
> […]
> Init: systemd (via /run/systemd/system)
This partition isn't unlocked at initramfs stag
Control: tag -1 pending
Control: severity -1 minor
On Sun, 13 May 2018 at 01:06:56 +0200, Stefan Tauner wrote:
> I guess the best would be to refactor the function and use the generic
> copy_file() function of the hook-functions library that prints a
> suitable message?
Good idea indeed, just app
On Wed, 09 May 2018 at 09:58:07 +0200, Geert Stappers wrote:
> On Tue, May 08, 2018 at 07:01:48PM +0200, Guilhem Moulin wrote:
>> Control: tag -1 pending
>
> When will the upload happen?
Wanted to have upstream changes to clean up the SVN markup ($Id, $Rev,
etc.) But if there i
Control: tag -1 pending
On Tue, 08 May 2018 at 18:54:34 +0200, Geert Stappers wrote:
> It would be good if signing-party moved to a more team location.
It's done already: https://salsa.debian.org/debian/signing-party :-)
--
Guilhem.
signature.asc
Description: PGP signature
FYI I just refactored and simplified the option/argument verification
logic. Here are examples of command invocations with 0, 1, or 2
non-optional arguments.
Listening on AF_UNIX socket /tmp/sock (nc.openbsd <1.187-1 supports only
the second invocation).
$ strace -e trace=bind nc -U -l -s /
Control: tag -1 pending
Hi Christian,
On Fri, 27 Apr 2018 at 10:22:55 +0200, Christian Ehrhardt wrote:
> It realizes no more options are there and then ends at
> } else if (argv[0] && argv[1]) {
> host = argv[0];
> uport = &argv[1];
> if (pflag || sflag
Control: reassign -1 src:linux 4.15.0-3-amd64
Control: retitle -1 linux: Please add userspace crypto ('algif_skcipher'
module) to crypto-modules .udeb
Control: severity -1 wishlist
Control: tag -1 - moreinfo
Control: affects -1 cryptsetup
On Thu, 26 Apr 2018 at 14:47:30 +0200, Christian Dietrich
Control: tag -1 + d-i moreinfo
Hi,
On Thu, 26 Apr 2018 at 13:24:44 +0200, Christian Dietrich wrote:
> I'm trying to install Debian Buster to an LUKS2 encrypted partition:
>
> cryptsetup luksFormat /dev/sda1 -> works
> cryptsetup --type=luks2 luksFormat /dev/sda1 -> "libgcc_s.so.1 must be
> instal
On Sat, 21 Apr 2018 at 13:03:04 +0200, Guilhem Moulin wrote:
> On Sat, 21 Apr 2018 at 08:23:55 +0200, Salvatore Bonaccorso wrote:
>> Looks good to me, please do upload to security-master.
>
> Done.
Shy ping, in case you missed the upload (embargoed on Sat 21 Apr at
10:50:21 UTC) :
Hi,
On Sat, 21 Apr 2018 at 08:23:55 +0200, Salvatore Bonaccorso wrote:
> On Sat, Apr 21, 2018 at 02:13:54AM +0200, Guilhem Moulin wrote:
>> On Fri, 20 Apr 2018 at 05:18:36 +0200, Salvatore Bonaccorso wrote:
>>> Thanks for following up for stretch. First a quick comment. Plea
https://github.com/roundcube/roundcubemail/issues/6173
+
+ -- Guilhem Moulin Sat, 21 Apr 2018 01:51:56 +0200
+
roundcube (1.2.3+dfsg.1-4+deb9u1) stretch-security; urgency=high
* Backport fix for CVE-2017-16651: File disclosure vulnerability caused by
diff -Nru roundcube-1.2.3+dfsg.1/debia
ecurity; urgency=high
+
+ * Backport fix for CVE-2018-9846: When the archive plugin enabled and
+configured, it's possible to exploit the unsanitized, user-controlled
+"_uid" parameter to perform an MX (IMAP) injection attack.
+https://github.com/roundcube/roundcubemail/issues/
On Mon, 09 Apr 2018 at 12:25:20 +0200, Guilhem Moulin wrote:
> Thanks for the poke! Upstream fixed this earlier today:
>
> https://github.com/roundcube/roundcubemail/commit/e3dd5b66d236867572e68fcb80281e9268a0cfb0
My bad, it's only fixed in master and 1.3. Since 1.2 is still
Hi Salvatore,
Thanks for the poke! Upstream fixed this earlier today:
https://github.com/roundcube/roundcubemail/commit/e3dd5b66d236867572e68fcb80281e9268a0cfb0
> If you fix the vulnerability please also make sure to include the CVE
> (Common Vulnerabilities & Exposures) id in your changelog en
Control: tag -1 - moreinfo
On Thu, 22 Feb 2018 at 17:16:34 +0100, Mikhail Morfikov wrote:
> I just converted LUKS1 to LUKS2 and added another keyslot with Argon2i. I
> tested the new keyslot, and it looks like it works without any issues now. I
> also wiped the previous keyslot to be sure. I don't
Control: retitle -1 cryptsetup: Using luks2 with argon2 PBKDF produces an
unbootable system
On Mon, 19 Feb 2018 at 00:02:02 +0100, Mikhail Morfikov wrote:
> Since in Debian Sid we have a cryptsetup v2 for some time, I wanted to
> wipe my current system and install a fresh one in the LUKS/LVM set
On Sat, 10 Feb 2018 at 23:17:34 +0100, Cyril Brulebois wrote:
> Guilhem Moulin (2018-02-10):
>> Should we? I was refraining from uploading 2.2.1 due to the following
>> note in the transition page
>>
>>“Please avoid uploads unrelated to this transition, they woul
Control: reassign -1 cryptsetup-bin
Hi Michael,
On Sat, 10 Feb 2018 at 09:22:44 +0100, Michael Biebl wrote:
> On Wed, 24 Jan 2018 14:38:50 +0100 Guilhem Moulin
> wrote:
>> On Wed, 24 Jan 2018 at 09:13:53 +0100, Milan Broz wrote:
>>> Fixed upstream in
>>> https://gi
On Wed, 24 Jan 2018 at 09:13:53 +0100, Milan Broz wrote:
> Fixed upstream in
> https://gitlab.com/cryptsetup/cryptsetup/commit/8728ba08e2e056a4c18b55407146eea7ac0043c6
Thanks for the super-fast fix, btw :-)
--
Guilhem.
signature.asc
Description: PGP signature
Control: tag -1 fixed-upstream
On Wed, 24 Jan 2018 at 09:13:53 +0100, Milan Broz wrote:
> It would be nice if this patch is on added on top of 2.0.1 in Debian ;-)
My thought exactly :-) We wanted to wait until the auto-cryptsetup
transition has gone through before uploading 2:2.0.1-1 (missed it
Hi,
On Sat, 20 Jan 2018 at 12:00:06 +0100, Cyril Brulebois wrote:
> Jonas Meurer (2018-01-20):
>> Am 18.12.2017 um 19:38 schrieb Emilio Pozuelo Monfort:
>>> Actually I just read the thread about the -udeb uninstallability.
>>> Let's wait until that is fixed or until Cyril says it's alright to
>>>
What do you have in /etc/roundcube/debian-db.php?
--
Guilhem.
signature.asc
Description: PGP signature
Control: tag -1 moreinfo
Hi Matthew,
On Fri, 22 Sep 2017 at 16:54:03 +0100, Matthew Wakeling wrote:
> I have set up my system with an unencrypted /root partition, but with
> /home, /var, /tmp, and swap all in an LVM inside a luks crypt
> partition.
> When booting, the system prompts for the crypt
On Thu, 18 Jan 2018 at 14:35:37 +, Robert Lister wrote:
> apt-get install roundcube
This pulls in roundcube-core, which in turns pulls roundcube-mysql as
it's the first alternative (preferred driver):
$ apt depends roundcube-core
roundcube-core
[…]
|Depends: roundcube-mysql (
Source: civicrm
Version: 4.7.24+dfsg-1
Severity: serious
Tags: security
Justification: security issues
(Since CiviCRM isn't in Jessie nor in Stretch I guess the Security Team
can ignore this.)
4.7.26, released on Nov. 1, fixes multiple security issues, with risks
upstream classified up to “critic
On Sat, 13 Jan 2018 at 11:30:53 +0100, t...@cock.li wrote:
> https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/v2.0.0-ReleaseNotes
> https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-2.0.0.tar.xz
> https://git.kernel.org/pub/scm/utils/cryptsetup/cryptsetup.git/refs/
https://li
On Fri, 05 Jan 2018 at 14:25:50 +0300, Michael S wrote:
> I know there is a ticket 792552 suggesting some patches but neigher is
> working for me, I have tried:
> - removing /run/udev/control before do_stop() in cryptsetup.functions
Can you try to apply the patch from #791944's message 181?
Hi,
On Sun, 31 Dec 2017 at 18:36:05 +1100, Dean Hamstead wrote:
> It would be amazing if you could update the backport of jessie.
Upload of 1.1.5+dfsg.1-1~bpo8+6 was rejected, the backport folks asked
us to backport and upload 1.2.3+dfsg.1-4~bpo8+1 instead. Unfortunately
the 1.2 branch adds more
Hi Scott,
On Mon, 19 Jun 2017 at 16:56:28 -0400, Scott Kitterman wrote:
> I need to think a bit about how best to address this, but I have the
> information I need.
I'd like to flag that this bug causes every postfix upgrade since
3.2.2-1 to fail on systems with a non-default ‘alias_database’ typ
On Thu, 07 Dec 2017 at 13:25:07 +, Holger Levsen wrote:
> On Tue, Dec 05, 2017 at 08:50:17PM +0100, Jean-Philippe Guérard wrote:
>> * What was the outcome of this action?
>> The attachment is not on the sent message, neither on the
>> stored copy in the sent folder.
>
> that's a pret
Control: tag -1 pending
Hi Laurent,
On Wed, 06 Dec 2017 at 12:40:33 +0100, Laurent Bigonville wrote:
> I see that the upstart files are not shipped in the package anymore, but
> these files are not removed from the installed system on upgrade:
>
> /etc/init/cryptdisks.conf e5527ceb5c020174a6464b
Control: reopen -1
Didn't mean to close this, sorry.
--
Guilhem.
signature.asc
Description: PGP signature
Control: retitle -1 xts module should depend on ecb
Control: reassign -1 src:linux 4.10.1-1
Control: affects -1 cryptsetup
On Tue, 05 Dec 2017 at 14:16:42 +, Francis Russell wrote:
> Apparently from Linux 4.10 onwards, the ecb module became a dependency
> of xts[1]. I am running a custom ker
Control: tag -1 pending
On Thu, 23 Nov 2017 at 20:33:10 +0100, Uwe Kleine-König wrote:
> Hmm, regarding the above command the man page claims:
>
> It is an error to use [-l] in conjunction with the -p, -s, or -z
> options.
>
> which isn't treated as an error but does the same as
>
>
Control: tag -1 pending
On Mon, 24 Apr 2017 at 16:21:08 +0800, 積丹尼 Dan Jacobson wrote:
> -C Send CRLF as line-ending.
>
> Mention if this adds a \r before every \n before sending it to the
> remote server.
>
> Also mention if it does or doesn't affect traffic coming back to us too.
>
> Al
Hi Uwe,
On Thu, 26 Oct 2017 at 15:47:25 +0200, Uwe Kleine-König wrote:
> with the expectation that nc then bind(2)s passing
>
> .inet_pton(AF_INET6, "::1", &sin6_addr),
>
> in the 2nd argument (instead of "::") to limit where the open port is
> available.
`nc -l ::1 12345` does exactly th
Control: tag -1 moreinfo
Hi,
On Mon, 29 May 2017 at 14:26:53 +0200, Olaf Zaplinski wrote:
> I have upgraded from MySQL to mariaDB today, afterwards I did a bit of
> housekeeping.
>
> So I have purged the package 'php-mdb2-driver-mysql' which looked orphaned.
> No package
> had a dependency to
Source: json-c
Version: 0.12.1-1.2
Severity: wishlist
Dear Maintainer,
cryptsetup ≥2.0.0 introduces a new on-disk “LUKS2” format, which uses
JSON text format for metadata. Hence libcryptsetup12 (currently in
experimental only) now depends on libjson-c3, and for cryptsetup to keep
working in the
Package: libargon2-0
Version: 0~20161029-1
Severity: wishlist
Dear Maintainer,
cryptsetup ≥2.0.0 introduces a new on-disk “LUKS2” format, which support
Argon2i and Argon2id as PBKDF. Hence the package now depends on
libargon2-0 (in experimental only), and for cryptsetup to keep working
in the de
Control: tag -1 pending
Hi Daniel,
On Mon, 02 Oct 2017 at 14:14:12 -0700, Daniel Kahn Gillmor wrote:
> https://gitlab.com/cryptsetup/cryptsetup/tags suggests that upstream
> has released the first release candidate for cryptsetup 2.0.0:
> 2.0.0-rc0.
>
> It'd be great to have that uploaded to deb
Control: block -1 by 875979
On Mon, 05 Sep 2016 at 15:15:46 +0300, Mert Dirik wrote:
> I know you've wanted to get some suggestions last year but this bug
> report, which is only followed by a couple users like me who were
> affected from the lack of scp, is not really the right place for
> gettin
Package: openssh-client
Version: 1:7.5p1-10
Severity: wishlist
Hi there,
OpenSSH's scp(1) binary can be used in client mode in combination with
other SSH clients, or in sink mode in combination with another server.
/usr/bin/scp is only linked against libc6, but to install it along with
a more li
Hi Ivan,
On Wed, 13 Sep 2017 at 00:28:44 +0300, Ivan Krylov wrote:
> Since my setup is going to need keyscripts, I have installed
> sysvinit-core shotrly after upgrading to Stretch.
Note that you could also add the ‘initramfs’ option to the cryptab(5)
entry of these devices so they can be unlocke
Hi,
On Tue, 29 Aug 2017 at 20:44:41 +0200, Marc Haber wrote:
> the Wiki page on https://keyring.debian.org/creating-key.html mentions
> that some lines from ~/.gnupg/gpg.conf need to be copied to
> ~/.caff/gnupghome/gpg.conf to avoid my caff signatures being SHA-1.
(X-Debbugs-Cc'ing keyring-ma...
Control: retitle -1 caff: should put the TTY in a sane state before prompts
On Fri, 18 Aug 2017 at 15:16:41 -0400, G. Branden Robinson wrote:
> speed 38400 baud; rows 73; columns 191; line = 0;
> intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = ; eol2 =
> ; swtch = ; start = ^Q; stop
Control: tag -1 + moreinfo
On Fri, 18 Aug 2017 at 03:27:14 -0400, G. Branden Robinson wrote:
> The only way to get past the prompt into type Ctrl+J (yes, hold down Control
> and press J).
I'm afraid I can't reproduce this.
- How did you run caff(1)? (Could you share the command line?)
- Is
Control: tag -1 pending
Control: retitle -1 gpg-key2ps: doesn't support EC (sub)keys
Hi ben,
On Sat, 22 Jul 2017 at 20:06:39 -0600, Ben Hildred wrote:
> gpg-key2ps produces output that crashes ps2pdf. here is a session log
> and the generated postscript.
Fix pending. However you might also
Control: reopen -1
Control: retitle -1 cryptsetup.prerm script prints a warning when 'dm_mod'
can't be loaded
Just reopening this with severity minor as we could avoid the warning at
removal time (and assume that there are no active dm-crypt mappings if
'dm_mod' can't be loaded for some reason).
On Tue, 08 Aug 2017 at 23:01:07 +0800, Matt Johnston wrote:
> --disable-bundled-libtom should work OK. I had assumed Debian was
> already using that.
I was not involved in dropbear maintenance during the early days, but
looking at debian/control's history it never Build-Depend'ed on
libtom*-dev.
Hi,
Actually libtomcrypt 1.17 and libtommath 1.0 are both available in
Debian, so I'm tempted to add --disable-bundled-libtom to CFLAGS and
dynamically link against these libraries. Not doing so is in fact a
violation of Debian policy §4.13:
“Some software packages include in their distribut
On Mon, 10 Jul 2017 at 09:53:39 +0100, Simon McVittie wrote:
> On Sun, 09 Jul 2017 at 22:16:06 +0200, Guilhem Moulin wrote:
> Would you mind reporting this upstream at
> <https://github.com/projectatomic/bubblewrap/issues>? I don't think I'm
> going to be able to add m
Package: bubblewrap
Version: 0.1.8-2
Severity: normal
Dear Maintainer,
I noticed that bubblewrap refuses to create a new user namespace when
the procfs is mounted (outside the container) with hidepid≥1.
$ sudo mount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=0 /proc
$ bwrap --ro-
On Tue, 04 Jul 2017 at 10:47:36 -0400, Antoine Beaupré wrote:
> On 2017-07-04 10:34:04, Guilhem Moulin wrote:
>> On Mon, 03 Jul 2017 at 19:08:52 -0400, Antoine Beaupré wrote:
>>> thanks, i guess this is done? or do we need to document the "initramfs"
>>> tag
On Mon, 03 Jul 2017 at 19:08:52 -0400, Antoine Beaupré wrote:
> On 2017-07-03 23:21:25, Guilhem Moulin wrote:
>> Actually I came up with a better solution that doesn't rely on the
>> behavior of dropbear. It passes my tests, but perhaps you could try it
>> as well?
On Sun, 02 Jul 2017 at 23:16:22 +0200, Guilhem Moulin wrote:
> On Sun, 02 Jul 2017 at 17:03:53 -0400, Antoine Beaupré wrote:
>> Maybe what is needed then is simply a patch to the motd to warn the user
>> the command may need to be called multiple times? Or just loop over the
&g
On Sun, 02 Jul 2017 at 17:33:00 -0400, Antoine Beaupré wrote:
> On 2017-07-02 23:16:22, Guilhem Moulin wrote:
>> Control: tag -1 = pending
>>
>> On Sun, 02 Jul 2017 at 17:03:53 -0400, Antoine Beaupré wrote:
>>> Maybe what is needed then is simply a patch to the
Control: tag -1 = pending
On Sun, 02 Jul 2017 at 17:03:53 -0400, Antoine Beaupré wrote:
> Maybe what is needed then is simply a patch to the motd to warn the user
> the command may need to be called multiple times? Or just loop over the
> devices as you suggested before?
I have implemented the la
Package: initramfs-tools
Version: 0.130
Severity: wishlist
Dear Maintainer,
While the BOOT environment variable (either set to "local" or "nfs") is
currently exposed to boot scripts, it's currently not documented in the
manpage.
Knowing the boot method can be useful at init-premount and init-bot
Hi,
On Sun, 02 Jul 2017 at 03:08:48 +0200, M. Buecher wrote:
> when using Dropbear in an Debian 9.0 Stretch InitRAMFS for remotely unlocking
> an encrypted root file system via SSH, then the network setup via DHCP does
> provide the host name as it was with Debian 8.0 Jessie.
>
> This avoids usin
Control: tag -1 moreinfo
On Sat, 01 Jul 2017 at 23:16:32 +0200, Guilhem Moulin wrote:
> On Sat, 01 Jul 2017 at 16:10:01 -0400, Antoine Beaupré wrote:
>> On 2017-07-01 21:10:37, Guilhem Moulin wrote:
>>> Does setting “IFDOWN=none” (the option was latter renamed) in
>>&
On Sat, 01 Jul 2017 at 16:10:01 -0400, Antoine Beaupré wrote:
> On 2017-07-01 21:10:37, Guilhem Moulin wrote:
>> Does setting “IFDOWN=none” (the option was latter renamed) in
>> /etc/dropbear-initramfs/config
>> solves your problem? Please file a bug against dropbear-ini
On Sat, 01 Jul 2017 at 14:00:19 -0400, Antoine Beaupré wrote:
> Some more information. Attached is the script I originally used.
Looks like you forgot the attachement :-P
--
Guilhem.
signature.asc
Description: PGP signature
Hi Antoine,
On Sat, 01 Jul 2017 at 13:35:20 -0400, Antoine Beaupre wrote:
> I used to have a custom initramfs script that would do that for me in
> jessie, but since the stretch upgrade, it stopped working, and I'm not
> exactly sure why: i just don't get the prompt on the SSH commandline
> at all
Control: severity -1 important
On Mon, 19 Jun 2017 at 09:44:38 -0400, Scott Kitterman wrote:
> Thanks. I have replicated this and believe that switching file snippets
> provided in dynamicmaps.cf.d instead of having the maintainer scripts fiddle
> with dynamicmaps.cf will solve this. That was
Package: postfix
Version: 3.2.2-1
Severity: serious
Reason: Upgrade fails for non-default database types
Dear Maintainer,
Looks like I got bitten by #847242 again when upgradating from 3.1.4-7
to 3.2.2-1. Here is my original report, with the `apt install postfix`
output updated.
--8<---
On Sat, 03 Jun 2017 at 11:24:07 -0400, Felipe Sateler wrote:
> On Sat, Jun 3, 2017 at 4:31 AM, Guilhem Moulin wrote:
>> On Mon, 29 May 2017 at 14:42:33 +0200, Michael Biebl wrote:
> This is an ugly fix.
Yes, but we're really far in the release cycle and as a cryptsetup
maintai
On Mon, 29 May 2017 at 14:42:33 +0200, Michael Biebl wrote:
> tags 791944 + help
I'm afraid I can't help backporting the fix to Stretch, but as Pali
mentioned this bug causes a severe regression for sysvinit users with
encrypted disks.
If udev can't be fixed in time maybe cryptsetup could ship a
On Mon, 29 May 2017 at 13:16:35 +0200, Pali Rohár wrote:
> On Monday 29 May 2017 09:31:39 Guilhem Moulin wrote:
>> On Sun, 28 May 2017 at 23:41:56 +0200, Pali Rohár wrote:
>>> On Sunday 28 May 2017 21:26:53 Guilhem Moulin wrote:
>>>> which as I explained in mes
On Sun, 28 May 2017 at 23:41:56 +0200, Pali Rohár wrote:
> On Sunday 28 May 2017 21:26:53 Guilhem Moulin wrote:
>> which as I explained in message #86 is due to /etc/init.d/sendsigs
>> killing systemd-udevd at shutdown/reboot time, thereby causing
>> dmsetup to hang.
>
Hi Pali,
On Thu, 25 May 2017 at 18:23:00 +0200, Pali Rohár wrote:
> Same problem there. I have up-to-date Debian Stretch with LUKS-encrypted
> rootfs and system hangup on every shutdown or reboot.
>
> I debugged this problem and found out that after this log message
>
> [] Stopping remainin
Package: dropbear
Version: 2014.65-1+deb8u2
Severity: grave
Tags: security
Justification: user security hole
dropbear 2017.75 was released [0] on May 18 and fixes the following two
security vulnerabilities, for which no CVE was assigned yet AFAIK [1].
- Security: Fix double-free in server TCP
ptsetup-1.7.3/debian/changelog 2017-05-09 13:50:59.0 +0200
@@ -1,3 +1,16 @@
+cryptsetup (2:1.7.3-4) unstable; urgency=high
+
+ [ Guilhem Moulin ]
+ * Drop obsolete update-rc.d parameters. Thanks to Michael Biebl for the
+patch. (Closes: #847620)
+ * debian/copyright: Fix license m
Control: severity -1 serious
Control: tag -1 pending
Control: retitle -1 cryptsetup: cryptroot-hook doesn't honor initramfs-tools'
(>= 0.129) logic for resume devices
On Mon, 24 Apr 2017 at 13:46:06 +0200, Thorsten Glaser wrote:
> bwh indicates that this is a bug in cryptsetup.
> If initram
Package: cryptsetup
Version: 2:1.6.1-1
Severity: important
Tag: pending
Upstream changed sub-libraries license from GPLv2 only to LGPLv2.1+ in
7eccb7ff [0], but as of 2:1.7.3-3 debian/copyright lists GPLv2+ for all
files.
--
Guilhem.
[0]
https://gitlab.com/cryptsetup/cryptsetup/commit/7eccb7ff
Control: tag -1 pending
On Fri, 28 Apr 2017 at 12:25:02 +0200, Salvatore Bonaccorso wrote:
> the following vulnerability was published for roundcube.
>
> CVE-2017-8114[0]:
> security issue in virtualmin and sasl drivers
Thanks, pushed. Sandro, Vincent, would you mind tagging & uploading?
--
G
Package: netcat-openbsd
Version: 1.105-1
Severity: important
debian/copyright suggests that all upstream files are released under
3-clause BSD, while atomicio.[ch] and socks.c are in fact released under
2-clause BSD.
--
Guilhem.
signature.asc
Description: PGP signature
graphs to match upstream's LICENSE file.
+(Closes: #860406.)
+
+ -- Guilhem Moulin Sun, 16 Apr 2017 12:22:56 +0200
+
dropbear (2016.74-2) unstable; urgency=low
* Tolerate lack of boot script config file /etc/dropbear-initramfs/config.
diff -Nru dropbear-2016.74/debian/copyright dro
Source: dropbear
Version: 2015.68-1
Severity: serious
debian/copyright suggests that all files outside the debian directory
are licensed under MIT, while upstream's LICENSE lists some files
released under OpenSSH license or BSD 2- and 3-clauses.
https://anonscm.debian.org/git/collab-maint/dro
Hi intrigeri,
On Sun, 02 Apr 2017 at 09:50:55 +0200, intrigeri wrote:
> So at this point, I suggest this bug is reassigned to cryptsetup, and
> option 3 is implemented there. But downgrading to non-RC and leaving
> things as-is seems acceptable to me as well.
>
> Thoughts?
I think the proper fix
Control: tag -1 patch
Was an easy one, patch attached.
Thanks for maintaining repro in Debian!
--
Guilhem.
diff --git a/debian/libresiprocate-1.11.install b/debian/libresiprocate-1.11.install
index 3fa33baaf..b9c8b98eb 100644
--- a/debian/libresiprocate-1.11.install
+++ b/debian/libresiprocate-
Control: reopen -1
Control: tag -1 pending
On Tue, 14 Mar 2017 at 07:40:34 +0100, Vincent Bernat wrote:
> Both of them uploaded.
Crap, I shouldn't work in the middle of the night, I forgot to add the
patch to the debian/patches/series… Fixed in the VCS, sorry for the
inconvenience. :-(
--
Guil
Control: tag -1 pending
Hi,
On Sat, 11 Mar 2017 at 20:29:11 +0100, Salvatore Bonaccorso wrote:
> 1.2.4 roundcube release fixed a XSS issue in handling of a style tag
> inside of an svg element.
Thanks for the ping and the pointers! I applied the fix to 1.2.3
(unstable) and 1.1.5 (jessie-backpor
ive value
+to "-q" now implies "-N"; in particular, "-q0" is now a mere alias for
+"-N". (Closes: #854292)
+
+ -- Guilhem Moulin Fri, 03 Mar 2017 20:32:55 +0100
+
netcat-openbsd (1.130-2) unstable; urgency=medium
* Fix handling of del
Control: reopen -1
Control: found -1 1.130-3
Control: tag-1 upstream
On Mon, 12 Dec 2016 at 15:18:53 +, Guilhem Moulin wrote:
> We believe that the bug you reported is fixed in the latest version of
> netcat-openbsd, which is due to be installed in the Debian FTP
> archive.
M
First of, apologizes for opening duplicate #856844… I apparently
overlooked this one while browsing though the list of existing bug
reports :-/
On Thu, 30 Jul 2015 at 22:35:17 +0200, Francesco Poli wrote:
> Now, the bad news is that I remembered that the libruby module
> providing SSL support lin
Package: apt-listbugs
Version: 0.1.23
Severity: normal
Dear Maintainer,
As the manpage indicates, apt-listbugs connects to bugs.debian.org:80 by
default:
~$ apt-listbugs -d list . 2>/dev/null | grep -A4 '= Request'
= Request
! CONNECT TO bugs.debian.org:80
! CONNECTION ESTABLISH
Control: tag -1 pending
I just pushed a fix with the following debian/changelog snippet:
Change defaults from "-q0" to "-q-1" to match upstream defaults since the
introduction of flag "-N" in version 1.110. Passing a non-negative value
to "-q" now implies "-N"; in particular, "-q0" i
Hi Francois,
On Fri, 03 Mar 2017 at 17:10:19 +0100, Francois Gouget wrote:
> But does the -q option still do anything at all?
-q0 is the default since 1.89-4, see #502188. From debian/Changelog:
Quit immediately after EOF if -q is not given (i.e. make the default
equivalent to -q 0). Th
701 - 800 of 1080 matches
Mail list logo
