Bug#954802: logcheck: Support mail size limits

Package: logcheck Version: 1.3.18 Severity: normal It's generally considered to be good practice to configure size limits on messages at the MTA level. Logcheck should have the ability to limit the size of its generated to comply with such limits. I'd propose that it should be configurable via l

Bug#954363: cloud-init fails to obtain an IMDS API token on Amazon EC2

Control: tags -1 + upstream > 2020-03-20 18:25:10,332 - url_helper.py[DEBUG]: [0/1] open > 'http://169.254.169.254/latest/api/token' with {'url': > 'http://169.254.169.254/latest/api/token', 'allow_redirects': True, 'method': > 'PUT', 'timeout': 1.0, 'headers': {'User-Agent': 'Cloud-Init/20.1',

Bug#954363: cloud-init fails to obtain an IMDS API token on Amazon EC2

Package: cloud-init Version: 20.1-1 Severity: important Cloud-init 20.1 attempts to obtain an API token for use with Amazon EC2 instance metadata service (IMDS). On EC2, this operation should always succeed, whether using IMDSv1 or v2, and cloud-init will always access IMDS in v2 mode. However,

Bug#953018: ITP: spamassassin-milter -- milter for spam filtering with SpamAssassin

On Tue, Mar 03, 2020 at 11:00:45AM +0100, David Bürgin wrote: > Debian already has package spamass-milter, which serves the same > function. This new alternative is not exactly the same: It does a few > things better (eg automatic macro negotiation, skipping large bodies), > some things differently

Bug#952108: Cloud variant: please enable CONFIG_VHOST_SCSI

On Sun, Feb 23, 2020 at 12:28:53AM -0800, Josh Triplett wrote: > The normal Debian kernel configuration has CONFIG_VHOST_SCSI enabled, > but the cloud configuration does not seem to have it enabled. Please > enable CONFIG_VHOST_SCSI=m on the cloud configuration as well. Out of curiosity, where is

Bug#952563: src:cloud-utils: ec2metadata does not speak EC2 IMDSv2

Package: src:cloud-utils Version: 0.31-1 Severity: important The ec2metadata command queries a well-known link-local endpoint (169.254.169.254 in Amazon EC2) to obtain information about the instance on which it runs. Last year, AWS released "IMDSv2" in an effort to protect customers against some

Bug#866613: cloud-init: Adding Apache v2 license to debian/copyright

On Fri, Jun 30, 2017 at 02:14:00PM +, Joonas Kylmälä wrote: > We need to also take care of asking permission from the authors of > Debian patches if they can be used under Apache v2 license. I don't think there's anything copyrightable in any of those contributions. Note that none of the debi

Bug#948855: buster-pu: package iputils/3:20180629-2

Control: tags -1 -moreinfo On Tue, Jan 28, 2020 at 10:11:23PM +, Adam D. Barratt wrote: > > > > I'd like to fix > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947921 in > > > > buster. Ping has some issues coping with explicitly specified > > > > source interfaces when pinging DNS

Bug#947759: Configuration optimizations for the cloud variant

On Tue, Feb 04, 2020 at 03:48:32PM -0800, Josh Triplett wrote: > I would suggest testing on a c5.large. t2 and t3 have shared CPUs, so > they have less consistent boot time. c5.large is about the same cost as > t3.large, but will have far more consistent performance. Performance definitely seems t

Bug#947759: Configuration optimizations for the cloud variant

Before optimizations: $ systemd-analyze Startup finished in 7.828s (kernel) + 22.332s (userspace) = 30.161s graphical.target reached after 20.312s in userspace With optimizations: $ systemd-analyze Startup finished in 1.968s (kernel) + 6.536s (userspace) = 8.504s graphical.target reached after

Bug#950258: src:spamassassin: arbitrary code execution when processing rules files

Package: src:spamassassin Version: 3.4.2-1+deb10u1 Severity: grave Tags: security CVE-2020-1930: Apache SpamAssassin 3.4.4 was recently released, and fixes an issue of security note where nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805.

Bug#948855: buster-pu: package iputils/3:20180629-2

Control: tags -1 - moreinfo On Fri, Jan 24, 2020 at 10:11:38PM +, Adam D. Barratt wrote: > > I'd like to fix > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947921 in > > buster. Ping has some issues coping with explicitly specified source > > interfaces when pinging DNS names and DNS

Bug#947759: Configuration optimizations for the cloud variant

On Mon, Jan 20, 2020 at 04:38:55PM -0800, Josh Triplett wrote: > Following up on this, here's a simplified list of optimizations for the > cloud variant in one place, taking into account the previous reply. > Would it help to get this in the form of a patch or MR on > https://salsa.debian.org/kerne

Bug#948855: buster-pu: package iputils/3:20180629-2

orrect an issue in which ping would improperly exit with a failure code +when there were untried addresses still available in the getaddrinfo() +library call return value. (Closes: #947921) + + -- Noah Meyerhans Mon, 13 Jan 2020 15:29:01 -0800 + iputils (3:20180629-2) unstable;

Bug#948519: Info received (Bug#948519: insufficient boot-time entropy on arm64 virtual machines)

Control: tags -1 + patch Proposed solution submitted as https://salsa.debian.org/kernel-team/linux/merge_requests/202

Bug#948519: insufficient boot-time entropy on arm64 virtual machines

On Thu, Jan 09, 2020 at 02:00:01PM -0500, Noah Meyerhans wrote: > The 5.4 kernel currently in sid does not experience this lack of > entropy. It has been suggested that upstream commit 50ee7529ec45 > ("random: try to actively add entropy rather than passively wait for > it")

Bug#931644: Buster kernel entropy pool too low on VM boot

On Thu, Jul 11, 2019 at 09:42:17AM -0400, Michael J. Redd wrote: > > The release notes for buster do mention this issue and provide a > > link to: > > > > https://wiki.debian.org/BoottimeEntropyStarvation > > > > which has your Haveged solution as one of its suggestions. > > > > D'oh! Serve

Bug#948519: insufficient boot-time entropy on arm64 virtual machines

Package: src:linux Version: 4.19.67-2+deb10u2 Severity: important See the thread at https://lists.debian.org/debian-cloud/2020/01/threads.html#00013 for some context. When launching arm64 VMs on Amazon EC2, a lack of entropy at boot results in the full boot process taking several minutes, when t

Bug#947927: Got it working

On Thu, Jan 02, 2020 at 10:42:57AM +0200, Harald Hannelius wrote: > It seems like a restart of mimedefang was needed after an upgrade of > spamassassin (and spamd). It might be the spamassassin package's > responsibility to do that? Cross-package coordination of this nature involves the dpkg trigg

Bug#918506: Installation fails with "This account is currently not available." when debian-spamd has no login shell

On Sat, Jan 05, 2019 at 07:58:45AM +0100, debian-bugreports...@sethdepot.org wrote: > > Instead I worked around this issue with the following change in the > postinst script /var/lib/dpkg/info/spamassassin.postinst > Line 38 > su - $OWNER -c "sa-update \ > --gpghomedir /var/l

Bug#946958: sa-compile failing on Graylisting.pm

On Wed, Dec 18, 2019 at 07:10:48AM -0600, de...@deatech.com wrote: > I considered that this bug may belong to the sa-exim package which is the > source of the Graylisting.pm file, however, it is the sa-compile package that > changed not sa-exim and sa-compile is the one with the broken installation

Bug#946958: sa-compile failing on Graylisting.pm

On Wed, Dec 18, 2019 at 07:10:48AM -0600, de...@deatech.com wrote: > Setting up sa-compile (3.4.2-0+deb8u2) ... > Running sa-compile (may take a long time) > rules: failed to run GREYLIST_ISWHITE test, skipping: > (Insecure dependency in eval while running with -T switch at > /usr/shar

Bug#946653: spamassassin: specially crafted messages can exhaust system resources resulting in a denial of service

Package: spamassassin Version: 3.4.2-1 Severity: grave Tags: upstream fixed-upstream pending security Per upstream's 3.4.3 release announcement: Apache SpamAssassin 3.4.3 was recently released [1], and fixes an issue of security note where a message can be crafted in a way to use excessive resour

Bug#946652: spamassassin arbitrary code execution via malicious sa-update servers

Package: spamassassin Version: 3.4.2-1 Severity: grave Tags: security upstream fixed-upstream pending Per upstream's release announcement: Apache SpamAssassin 3.4.3 was recently released [1], and fixes an issue of security note where nefarious CF files can be configured to run system commands wit

Bug#945536: spamassassin: failure in postinst due to modified /var/lib/spamassassin

On Tue, Nov 26, 2019 at 07:44:11PM +0100, Christian Göttsche wrote: > > They should be owned by debian-spamd:debian-spamd, and have been created as > > such at least as far back at stretch. > On my system they are owned by root, cause spamd runs as root and also > my custom sa-update systemd timer

Bug#945536: spamassassin: failure in postinst due to modified /var/lib/spamassassin

Control: severity -1 important Dropping the severity of this after verifying that it does not impact the default install when upgrading across multiple Debian releases.

Bug#945536: spamassassin: failure in postinst due to modified /var/lib/spamassassin

Control: tags -1 + moreinfo On Tue, Nov 26, 2019 at 06:07:15PM +0100, Christian Göttsche wrote: > gpg: WARNING: unsafe ownership on homedir > '/var/lib/spamassassin/sa-update-keys' > gpg: failed to create temporary file > '/var/lib/spamassassin/sa-update-keys/.#lk0xREPLACED.1705986': > Permission

Bug#943981: Proposal: Switch to cgroupv2 by default

Package: systemd Severity: wishlist Version: 242-7 Tags: patch I'd like to propose that we switch to cgroupv2 as the default configuration for the bullseye release. This has the potential to impact quite a few packages (notably, it breaks Docker today), so I don't think it can be done without eng

Bug#931341: linux-image-4.19.0-5-cloud-amd64 does not have /dev/rtc, used by GCE images

Proposed fixes for unstable and stable (respectively) are at: https://salsa.debian.org/kernel-team/linux/merge_requests/179 https://salsa.debian.org/kernel-team/linux/merge_requests/178

Bug#942268: spamassassin: FROM_EXCESS_BASE64 always gives false positive

Control: tags -1 + upstream fixed-upstream Control: forwarded -1 https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7730 > file /usr/share/spamassassin/20_head_tests.cf contains: > > -- > header __FROM_NEEDS_MIMEFrom:

Bug#941704: RFP: openrdap -- command line RDAP client

Package: wnpp Severity: wishlist * Package name: openrdap Version : 0.9.0 Upstream Author : Tom Harwood * URL : https://www.openrdap.org/ * License : MIT Programming Lang: Go Description : command line RDAP client RDAP is intended to be the successor t

Bug#941291: Acknowledgement (Amazon ENA driver update for stable)

Proposed implementation in https://salsa.debian.org/kernel-team/linux/merge_requests/172

Bug#936080: confirm this bug

Control: severity -1 important On Mon, Sep 30, 2019 at 03:11:02PM +0200, Thomas Lange wrote: > I can confirm this nasty bug. I also use dracut and my computer cannot > boot since dracut stops with the error message "Duplicate address > detected" caused by arping. > > I like to raise the severity

Bug#941291: Amazon ENA driver update for stable

Package: src:linux Version: 4.19.67-2 ENA is an ethernet adaptor used on Amazon EC2 cloud instances. Upstream has recently merged a number of bug fixes and enhancements, and it would be nice to have these available in stable. Specific upstream changesets that I'm interested in are: https://lore

Bug#941284: Wishlist/RFC: Use CONFIG_HZ=100 in linux-image-cloud-*

On Fri, Sep 27, 2019 at 01:15:29PM -0700, Flavio Veloso wrote: > Since linux-image-cloud-* packages are created for cloud environments -- > read: servers which do not need desktop-level responsiveness --, wouldn't it > be beneficial to build the kernels with CONFIG_HZ set to 100? For what it's wor

Bug#938964: please don't install runit-helper on everyone's system

On Sun, Sep 01, 2019 at 09:38:36PM +0800, Shengjing Zhu wrote: > > Just for my curiosity (not going to happen in my watch), would you be > > happier if `runit-helper` script was part of init-system-helpers (which > > is essential, anyway). > > I'm not sure why you didn't chose this at first. As it

Bug#936080: iputils-arping: arping -D : false positives

On Fri, Aug 30, 2019 at 12:01:32AM +0200, Pierre Donis wrote: > I'm using dracut to build the initramfs to boot on an ISCSI root disk. > Line 125 of /usr/lib/dracut/modules.d/40network/ifup.sh : > > if ! arping -f -q -D -c 2 -I $netif $ip ; then > warn "Duplicate address detected for $ip fo

Bug#935946: iputils-arping: -w (deadline) broken

Control: tags -1 + confirmed upstream On Wed, Aug 28, 2019 at 11:52:15AM +0200, Lucas Nussbaum wrote: > arping -w doesn't work anymore. Instead of exiting when the deadline is > reached, it just hangs. > > # arping -w 2 -f -I eno1 172.17.49.5 > ARPING 172.17.49.5 from 172.16.72.51 eno1 > > Sent

Bug#934274: cloud.debian.org: stretch AMIs not available in new regions

On Thu, Aug 08, 2019 at 05:56:44PM -0700, Tarjei Husøy wrote: > > The AMIs in the AWS marketplace should be launchable in the new regions. > > See https://aws.amazon.com/marketplace/pp/B073HW9SP3 and let me know if > > it'll work for you. The Marketplace AMIs are identical to the ones we > > publis

Bug#934274: cloud.debian.org: stretch AMIs not available in new regions

> Amazon recently launched two new regions, Hong Kong (ap-east-1) and > Bahrain (me-south-1). All new regions after March 20, 2019 come on a > opt-in basis [1], thus you might not have seen them show up unless you > saw the news when they were introduced. Would it be possible to have > stretch imag

Bug#934274: cloud.debian.org: stretch AMIs not available in new regions

Package: cloud.debian.org Severity: important Control: submitter -1 Tarjei Husøy Hi, Amazon recently launched two new regions, Hong Kong (ap-east-1) and Bahrain (me-south-1). All new regions after March 20, 2019 come on a opt-in basis [1], thus you might not have seen them show up unless you s

Bug#933352: please add a "Debian way" to add sa-update channels

On Mon, Jul 29, 2019 at 05:14:26PM +0200, Tomas Pospisek wrote: > I like to propose to add this (or some other working) mechanism to > the SA package to be able to "easily" add more channels. Thanks for putting this together. This feature is long overdue. I haven't thought in depth about your chan

Bug#931491: iputils: FTBFS in sid (missing dependency on setcap)

There's a bug in upstream's build system that causes the build to fail if setcap is unavailable, even if its usage is disabled via the NO_SETCAP_OR_SUID configuration. I'll work with upstream to get this fixed.

Bug#931491: iputils: FTBFS in sid (missing dependency on setcap)

On Sat, Jul 06, 2019 at 01:31:08PM +0200, Gianfranco Costamagna wrote: > > Hello, looks like the new version does search for *bin/setcap tool, and fails > to build if missing. > Hm. Seems libcap2-bin is present in my pbuilder environment as a result of being a dependency of packages like iprout

Bug#805401: /bin/ping6: ping6 does not correctly handle avahi .local addresses

Control: reassign -1 libnss-mdns On Sat, Oct 06, 2018 at 04:53:00PM +0200, Benjamin Peter wrote: > just a moment after writing I found an article, saying to modify > nsswitch.conf as follows > > hosts: files mdns_minimal [NOTFOUND=return] dns mdns > #hosts: files mdns4_minimal [

Bug#930104: amazon-ecr-credential-helper: Use of uninitialized variable in debian/rules

Control: tags -1 + patch On Thu, Jun 06, 2019 at 11:10:48PM +, Karp, Samuel wrote: > Thank you for the bug report!  I maintain the Debian source on the > `debian` branch of the upstream GitHub repository, here: https://github > .com/awslabs/amazon-ecr-credential-helper/tree/debian.  If you're

Bug#930104: amazon-ecr-credential-helper: Use of uninitialized variable in debian/rules

Package: amazon-ecr-credential-helper Version: 0.2.0-1 Severity: normal Manual invocation of 'debian/rules binary' for the amazon-ecr-credential-helper package fails with the following: github.com/golang/mock/gomock github.com/awslabs/amazon-ecr-credential-helper/ecr-login/api/mocks github.com/aw

Bug#929263: cloud.debian.org: /usr/sbin not in default $PATH

Control: severity -1 wishlist > This is a historical convention, going back decades, that only the > system administrators needs to run the programs in /sbin and > /usr/sbin. So to avoid users getting confused when they might run > those programs and get "permission denied", historically normal u

Bug#929263: cloud.debian.org: /usr/sbin not in default $PATH

On Mon, May 20, 2019 at 11:26:00AM +0200, Jorge Barata González wrote: >Vagrant image debian/stretch64 v9.6.0 >/usr/sbin is not included by default in $PATH > >``` >vagrant@stretch:~$ service >-bash: service: command not found >vagrant@stretch:~$ /usr/sbin/service >Usag

Bug#907327: #907327 -- status?

Control: tags -1 + upstream pending fixed-upstream On Tue, Nov 27, 2018 at 10:13:17AM +, David Buckley wrote: > Hi! Is this going to get acted on if I leave it here? I was rather > hoping the maintainers here would know better than I how to submit this > patch. > > I tried many years ago subm

Bug#928334: iputils FTCBFS: Uses the build architecture compiler

On Thu, May 02, 2019 at 04:46:06PM +0700, Nguyen Van. Hieu wrote: > iputils fails to cross build from source, because it uses the build > architecture compiler. > Using "dh_auto_build" instead of "$(MAKE)" can solve this problem. > Please consider applying the attached patch. After buster is r

Bug#927092: release-notes: document removal of ipsec-tools in buster

Control: tags -1 - moreinfo On Mon, Apr 15, 2019 at 08:50:32AM +0300, Andrei POPESCU wrote: > > Ipsec-tools has been removed from buster. As a security-sensitive package, > > active upstream involvement is essential for this package, but it has been > > lacking for some time. > > Would you mind e

Bug#927092: release-notes: document removal of ipsec-tools in buster

Package: release-notes Severity: normal Ipsec-tools has been removed from buster. As a security-sensitive package, active upstream involvement is essential for this package, but it has been lacking for some time. Users are encouraged to migrate to Libreswan, which has broader protocol compatibilit

Bug#925530: cloud.debian.org: Debian docker images pointing to github for bug tracking

On Tue, Mar 26, 2019 at 12:25:12PM +0100, Lucas Nussbaum wrote: > On https://hub.docker.com/_/debian, there's: > > > Where to file issues: > > https://github.com/debuerreotype/docker-debian-artifacts/issues > > Are those official images? I'm surprised by official Debian images > pointing to a non

Bug#922499: spamassassin: sa-update fails with error "Cannot open file ..."

Control: tags -1 + upstream fixed-upstream Control: forwarded -1 https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7418 > After the latest Debian upgrade yesterday evening, sa-update fails > with error: > > Cannot open file > /var/lib/spamassassin/3.004002/updates_spamassassin_org/1853687.tar.g

Bug#922050: Debdiff for CVE-2019-5736

1-24 12:55:34.0 -0800 +++ runc-1.0.0~rc6+dfsg1/debian/changelog 2019-02-11 09:13:16.0 -0800 @@ -1,3 +1,9 @@ +runc (1.0.0~rc6+dfsg1-2) unstable; urgency=high + + * Apply upstream patch addressing CVE-2019-5736 (Closes: #922050) + + -- Noah Meyerhans Mon, 11 Feb 2019 09:13:16 -0800 + r

Bug#918188: linux: FTBFS on arm64

On Fri, Jan 04, 2019 at 06:57:21AM +0100, Salvatore Bonaccorso wrote: > > LD vmlinux.o > > MODPOST vmlinux.o > > GEN .version > > CHK include/generated/compile.h > > UPD include/generated/compile.h > > CC init/version.o > > LD init/built-in.o > > ./drivers/f

Bug#917847: ipsec-tools is unsuitable for inclusion in Debian

Package: ipsec-tools Version: 1:0.8.2+20140711-12 Severity: grave [On behalf of the ipsec-tools maintainers, I'm opening this against ipsec-tools for visibility and discussion.] The package is effectively orphaned upstream and has been for some time. Given the security-sensitive nature of the pac

Bug#913350: chmod: changing permissions of '/.../body_neg100.so': Operation not permitted

> I don't recall executing sa-compile as root, but that could have happened of > course. The file in question is cruft from an older version sa-compile. So > could > the scripts at least be fixed to ignore curft? It may be reasonable to completely remove /var/lib/spamassassin/compiled after we're

Bug#915229: src:linux: Updated driver needed for Amazon ENA ethernet

Control: tags -1 + patch Merge request for Linux 4.9 (stretch): https://salsa.debian.org/kernel-team/linux/merge_requests/81

Bug#915231: Proposed fix submitted on salsa

Control: tags -1 + patch Merge request: https://salsa.debian.org/kernel-team/linux/merge_requests/80

Bug#915231: src:linux: Enable PCI_HOTPLUG for arm64

Package: src:linux Version: 4.9.130-2 Severity: wishlist Tags: stretch Amazon recently announced arm64-based EC2 instances. These instances rely on PCI_HOTPLUG functionality to support attach/detach of resources such as ethernet interfaces and block devices. PCI_HOTPLUG is enabled for arm64 in bus

Bug#915229: src:linux: Updated driver needed for Amazon ENA ethernet

Package: src:linux Severity: important ENA is an ethernet adaptor used on Amazon EC2 cloud instances. Version 2.0.2 of the ENA driver was added to the mainline kernel as of version 4.20. This version includes fixes for various bugs, some of which result in kernel panics, and is needed in order to

Bug#915127: cloud.debian.org: Please add AWS image for new ARM instances

It's on its way. A newer ENA driver is required for working network, so that's kind of a blocker. On November 30, 2018 10:17:06 AM PST, Phil Endecott wrote: >Package: cloud.debian.org >Severity: wishlist > >Dear Maintainer, > >AWS have recently announced new instance types that use the 64-bit

Bug#896165: linux: request packaging of bpftool

On Tue, Nov 27, 2018 at 09:50:17AM -0800, Jakub Kicinski wrote: > > > Please see https://salsa.debian.org/kernel-team/linux/merge_requests/72 > > > > Ugh. We cannot currently package bpftool in Debian. There are several > > GPLv2-only files in its source tree, and it links unconditionally > > agai

Bug#913548: spamassassin: running /etc/cron.daily/spamassassin gives: Unescaped left brace in regex is deprecated here

Control: tags -1 + moreinfo On Mon, Nov 12, 2018 at 09:05:01AM +0100, Elimar Riesebieter wrote: > > running /etc/cron.daily/spamassassin gives: > Unescaped left brace in regex is deprecated here (and will be fatal in Perl > 5.32), passed through in regex; marked by <-- HERE in m/ ( {<-- HERE } (

Bug#896165: linux: request packaging of bpftool

On Mon, Nov 19, 2018 at 11:34:26PM -0800, Noah Meyerhans wrote: > Please see https://salsa.debian.org/kernel-team/linux/merge_requests/72 Ugh. We cannot currently package bpftool in Debian. There are several GPLv2-only files in its source tree, and it links unconditionally against the GP

Bug#896165: linux: request packaging of bpftool

On Fri, Apr 20, 2018 at 02:07:40PM +0200, Simon Horman wrote: > I would like to request packaging of bpftool which has been > included in upstream Linux tree since v4.15-rc1. I expect this can > be done in a similar manner to the way that perf, also present in > the upstream Linux kernel tree, is p

Bug#896165: linux: request packaging of bpftool

On Fri, Apr 20, 2018 at 02:07:40PM +0200, Simon Horman wrote: > I would like to request packaging of bpftool which has been > included in upstream Linux tree since v4.15-rc1. I expect this can > be done in a similar manner to the way that perf, also present in > the upstream Linux kernel tree, is p

Bug#877721: racoon: IPsec tunnel with HMAC SHA256 in phase 2 is not working correctly

On Mon, Nov 12, 2018 at 01:50:57PM +0100, Jean-Samuel Reynaud wrote: > In conclusion, for me it's look like a feature missing in racoon... A > discusion was about this on racoon ML: > > https://sourceforge.net/p/ipsec-tools/mailman/message/34146970/ Thanks. The best course of action from here is

Bug#913571: spamassassin: 'domain is utf8 flagged' messages in log since upgrade to 3.4.2

Control: tags -1 + upstream fixed-upstream Control: severity -1 minor Control: forwarded -1 https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7632 > Since upgrading to 3.4.2-1~deb9u1 I see lots of these in > /var/log/mail.log: > > Nov 12 12:10:54 swiss spamd[12013]: dns: new_dns_packet: domain i

Bug#913350: chmod: changing permissions of '/.../body_neg100.so': Operation not permitted

Control: tags -1 + moreinfo Control: severity -1 normal On Fri, Nov 09, 2018 at 08:40:14PM +0100, Sebastian Ramacher wrote: > > | chmod: changing permissions of > > '/var/lib/spamassassin/compiled/5.024/3.004001/auto/Mail/SpamAssassin/CompiledRegexps/body_neg100/body_neg100.so': > > Operation no

Bug#912524: snapshot.debian.org is unreachable from (apparently) 18.128.0.0/9

It was pointed out on IRC that this is intentional, per https://salsa.debian.org/dsa-team/mirror/dsa-puppet/blob/master/modules/roles/manifests/snapshot_web.pp IMO blocking random (and large) chunks of EC2 is not a good idea, as the collateral impact is potentially huge. I'd like to suggest a mor

Bug#912524: snapshot.debian.org is unreachable from (apparently) 18.128.0.0/9

On Thu, Nov 01, 2018 at 09:46:51AM +0900, Mike Hommey wrote: > - Looking back at the logs from all the jobs we've had in the past > failing to reach snapshot.debian.org (or at least, marked as such), > the IP addresses of the hosts they were running on (as well as the IP > address of the host

Bug#912198: stretch-pu: package spamassassin/3.4.2-1~deb9u1

On Wed, Oct 31, 2018 at 10:01:13PM +, Adam D. Barratt wrote: > Please feel free to upload, bearing in mind that the window for getting > updates into the 9.6 point release closes during this weekend. Uploaded. Thanks. noah signature.asc Description: PGP signature

Bug#912198: stretch-pu: package spamassassin/3.4.2-1~deb9u1

hange modes with the cron job's execution. (Closes: 890650) * Create /var/lib/spamassassin via dpkg, rather than the postinst. (Closes: 891833) * Add libbsd-resource-perl to Suggests (Closes: 910434) -- Noah Meyerhans Sun, 30 Sep 2018 23:44:58 -0700 spamassassin (3.4.1-

Bug#910049: Acknowledgement (linux-image-4.18.0-1-cloud-amd64: Please enable Amazon ENA NIC support)

Submitted the patch in more complete form at https://salsa.debian.org/kernel-team/linux/merge_requests/68

Bug#910641: spamassassin: Default options for spamd should include "--listen localhost"

> The man-page of spamd states: > >An asterisk '*' in place of a hostname implies an unspecified address, >('0.0.0.0' or '::'), i.e. it binds to all interfaces. An empty option >value implies '*'. A default is '--listen localhost', which binds to >a loopback interface only." > >

Bug#910654: cloud.debian.org: cloud-init apt module can't add GPG keys; dirmngr missing

On Tue, Oct 09, 2018 at 11:01:33AM +, Daniel Strong wrote: > Stderr: gpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or > directory > gpg: connecting dirmngr at '/root/.gnupg/S.dirmngr' failed: No such file > or directory > gpg: keyserver receive failed: No dirmngr

Bug#910049: linux-image-4.18.0-1-cloud-amd64: Please enable Amazon ENA NIC support

Package: linux-image-4.18.0-1-cloud-amd64 Version: 4.18.8-1 Severity: wishlist Tags: patch Control: affects -1 cloud.debian.org The cloud variant of the kernel packages does not currently enable CONFIG_ENA_ETHERNET, meaning it is not able to drive the network hardware on modern AWS instances. A p

Bug#884163: fixed in spamassassin 3.4.2-1

On Mon, Oct 01, 2018 at 10:08:59AM +0200, Vincent Lefevre wrote: > >* Preserve locally set ENABLED=1 setting from /etc/default/spamassassin > > when installing on systemd-based systems. (Closes: 884163, 858457) > > Since ENABLED has normally been ignored on systemd-based systems, > it is

Bug#788429: spamassassin: /etc/init.d/spamassassin restart fails on Jessie/sysvinit

On Thu, Jun 11, 2015 at 11:40:48AM +0200, Marko von Oppen wrote: > root@host:~# /etc/init.d/spamassassin restart > Restarting SpamAssassin Mail Filter Daemon: No /usr/sbin/spamd found running; > none killed. > server socket setup failed, retry 1: spamd: could not create IO::Socket::IP > socket on

Bug#739489: spamassassin: Failed to update

On Sun, Feb 23, 2014 at 07:05:29PM -0700, Bob Proulx wrote: > Best would be if spamassassin itself was able to understand that this > directory is not fully populated yet and ignore it until it is so that > it could avoid the "no rules" error itself. If there is a bug to be > pointed at I think th

Bug#781794: URI_OBFU_WWW

On Tue, Feb 23, 2016 at 11:32:24AM -0330, Allan Goulding wrote: > For the record, we have a similar situation with this test. Messages > were tagged with the same URI_OBFU_WWW test because the domain name was > embedded in the message signature. > > In this case, the domain is www.ace-net.ca > >

Bug#891833: Please restore SELinux context on /var/lib/spamassassin

On Thu, Mar 01, 2018 at 12:49:48PM +0100, Laurent Bigonville wrote: > On package installation, the /var/lib/spamassassin directory ends up > wrongly labeled on disk. Thanks for this report. > There are two solutions here to fix this problem, either: > > 1) ship the directory in the package itsel

Bug#858930: potential patch available

https://github.com/openwrt/packages/pull/6141 was recently submitted to OpenWRT, and also apparently upstream. It makes use of openssl-compat.[ch] from https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes, which is unfortunate, but may be the best we're going to get. I haven't yet tested this

Bug#889501: spamassassin: root escalation from debian-spamd user on kernels that do not have fs.protected_hardlinks=1

On Sat, Feb 03, 2018 at 03:58:10PM -0500, Daniel Kahn Gillmor wrote: > This problem exists at least in debian unstable, but it appears to go > back at least to 2012, when the debian-spamd user was introduced. > (most likely, the recursive chown was to make it easier to transition > existing setups

Bug#888837: thx for the hot-fix

On Wed, Jan 31, 2018 at 08:24:03PM +0100, SZÉPE Viktor wrote: > There is no version constrain for FORGED_GMAIL_RCVD > > Noah: Do you see a resolution? Nope, you're right. Looks like it's taking >36 hours for changes to the updates rulesets to propagate. The fix has been committed upstream, and sh

Bug#888837: thx for the hot-fix

On Wed, Jan 31, 2018 at 04:21:20PM +, Harald Kapper wrote: >thank you for pointing the quick-fix out, this probably lets some >spamassassin-admins work their systems until upstream rolls down the >debian-system. A hotfix shouldn't be necessary. The spamassassin updates channel is n

Bug#888837: spamassassin: sa-update failed, spamd does not start anymore

Control: severity -1 normal Resetting severity to normal, since we don't ship with updates enabled at all by default. On Tue, Jan 30, 2018 at 09:07:26AM -0700, Will Aoki wrote: > forwarded 37 https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7540 > thanks > > We hit this bug this morning wi

Bug#884163: spamassassin: spamd no longer works after upgrade

Control: severity -1 important > $ systemctl status spamassassin.service > ● spamassassin.service - Perl-based spam filter using text analysis >Loaded: loaded (/lib/systemd/system/spamassassin.service; disabled; vendor > preset: enabled) >Active: inactive (dead) Please run: systemctl ena

Bug#883982: iputils-ping: man page typo

Control: tags -1 + fixed-upstream pending On Sun, Dec 10, 2017 at 02:53:54AM +0200, Alex wrote: > man page contains typo for option '-f' (line 39). Currently it states "while > for ever ECHO_REPLY" which was probably meant to be "for every". > If somebody could point me to instructions on how to a

Bug#211353: chrony: please add debconf question for entering timeserver

On Mon, Nov 16, 2015 at 11:30:05PM +0100, Vincent Blut wrote: > Marking as wontfix as I’m definitely not sure implementing the debconf > mechanism > for such thing is the right approach. Hi. At a recent debian-cloud sprint, we made the choice to switch from ntpd to chrony for our cloud images. As

Bug#882194: stretch-pu: package spamassassin/3.4.1-6+deb9u1

On Fri, Nov 24, 2017 at 10:52:06AM +, Adam D. Barratt wrote: > > Hello. I'd like to fix a number of bugs in spamassassin, mostly > > related to systemd service management. A debdiff against the current > > stretch version is attached. All the changes have been in buster for > > some time. I've

Bug#882194: stretch-pu: package spamassassin/3.4.1-6+deb9u1

ation of invoke-rc.d in cron script. +(Closes: 865514) + * Fix spamd service manage on upgrades. (Closes: #865356) + + -- Noah Meyerhans Sun, 19 Nov 2017 10:43:02 -0800 + spamassassin (3.4.1-6) unstable; urgency=medium * Import upstream fix for spamassassin bug 7226: Enhance w

Bug#858930: WIP, but no ETA

I've started work porting ipsec-tools to openssl 1.1, but it's definitely going to be a fair bit of work. It's certainly not going to be complete before the package is removed from buster, but it may be finished in time to get back into buster for the release. Unfortunately, upstream hasn't shown

Bug#877721: [Pkg-ipsec-tools-devel] Bug#877721: racoon: IPsec tunnel with HMAC SHA256 in phase 2 is not working correctly

On Wed, Oct 04, 2017 at 10:05:08PM +0200, Bartek Krawczyk wrote: > In summary: 1. racoon configuration with aes128-cbc, sha256 and > pfs2048 doesn't work with MikroTik. 2. changing only sha256 to sha1 > on racoon and MikroTik solves the problem immediately. 3. MikroTik to > MikroTik and MikroTik

Bug#875958: sa-compile: The package fails to run sa-compile

On Sat, Sep 16, 2017 at 11:15:12PM +0900, Bernard wrote: > Package: sa-compile > Version: 3.4.1-6 > Severity: grave > Justification: renders package unusable Dropping this to severity 'normal', because I don't think this is widespread. 3.4.1-6 was released 11 months ago and this is the first repor

Bug#875958: sa-compile: The package fails to run sa-compile

On Sat, Sep 16, 2017 at 11:15:12PM +0900, Bernard wrote: > Anyway, it fails and as a result spamassassin cannot be installed > (configuration fails). Can you send a complete transcript of a failing 'apt install sa-compile' run? Thanks noah signature.asc Description: PGP signature

Bug#869408: upstream patch is more complex

On Sun, Sep 10, 2017 at 01:14:53AM +0200, Francesco Potortì wrote: > Apparently this warning was useful to discover a bug, corrected upstream: > > > >

<    1   2   3   4   5   6   7   8   >