Bug#930104: amazon-ecr-credential-helper: Use of uninitialized variable in debian/rules

2019-06-06 Thread Noah Meyerhans
Control: tags -1 + patch On Thu, Jun 06, 2019 at 11:10:48PM +, Karp, Samuel wrote: > Thank you for the bug report!  I maintain the Debian source on the > `debian` branch of the upstream GitHub repository, here: https://github > .com/awslabs/amazon-ecr-credential-helper/tree/debian.  If you're

Bug#930104: amazon-ecr-credential-helper: Use of uninitialized variable in debian/rules

2019-06-06 Thread Noah Meyerhans
Package: amazon-ecr-credential-helper Version: 0.2.0-1 Severity: normal Manual invocation of 'debian/rules binary' for the amazon-ecr-credential-helper package fails with the following: github.com/golang/mock/gomock github.com/awslabs/amazon-ecr-credential-helper/ecr-login/api/mocks

Bug#929263: cloud.debian.org: /usr/sbin not in default $PATH

2019-05-20 Thread Noah Meyerhans
Control: severity -1 wishlist > This is a historical convention, going back decades, that only the > system administrators needs to run the programs in /sbin and > /usr/sbin. So to avoid users getting confused when they might run > those programs and get "permission denied", historically normal

Bug#929263: cloud.debian.org: /usr/sbin not in default $PATH

2019-05-20 Thread Noah Meyerhans
On Mon, May 20, 2019 at 11:26:00AM +0200, Jorge Barata González wrote: >Vagrant image debian/stretch64 v9.6.0 >/usr/sbin is not included by default in $PATH > >``` >vagrant@stretch:~$ service >-bash: service: command not found >vagrant@stretch:~$ /usr/sbin/service >

Bug#907327: #907327 -- status?

2019-05-14 Thread Noah Meyerhans
Control: tags -1 + upstream pending fixed-upstream On Tue, Nov 27, 2018 at 10:13:17AM +, David Buckley wrote: > Hi! Is this going to get acted on if I leave it here? I was rather > hoping the maintainers here would know better than I how to submit this > patch. > > I tried many years ago

Bug#928334: iputils FTCBFS: Uses the build architecture compiler

2019-05-10 Thread Noah Meyerhans
On Thu, May 02, 2019 at 04:46:06PM +0700, Nguyen Van. Hieu wrote: > iputils fails to cross build from source, because it uses the build > architecture compiler. > Using "dh_auto_build" instead of "$(MAKE)" can solve this problem. > Please consider applying the attached patch. After buster is

Bug#927092: release-notes: document removal of ipsec-tools in buster

2019-04-29 Thread Noah Meyerhans
Control: tags -1 - moreinfo On Mon, Apr 15, 2019 at 08:50:32AM +0300, Andrei POPESCU wrote: > > Ipsec-tools has been removed from buster. As a security-sensitive package, > > active upstream involvement is essential for this package, but it has been > > lacking for some time. > > Would you mind

Bug#927092: release-notes: document removal of ipsec-tools in buster

2019-04-14 Thread Noah Meyerhans
Package: release-notes Severity: normal Ipsec-tools has been removed from buster. As a security-sensitive package, active upstream involvement is essential for this package, but it has been lacking for some time. Users are encouraged to migrate to Libreswan, which has broader protocol

Bug#925530: cloud.debian.org: Debian docker images pointing to github for bug tracking

2019-03-26 Thread Noah Meyerhans
On Tue, Mar 26, 2019 at 12:25:12PM +0100, Lucas Nussbaum wrote: > On https://hub.docker.com/_/debian, there's: > > > Where to file issues: > > https://github.com/debuerreotype/docker-debian-artifacts/issues > > Are those official images? I'm surprised by official Debian images > pointing to a

Bug#922499: spamassassin: sa-update fails with error "Cannot open file ..."

2019-02-18 Thread Noah Meyerhans
Control: tags -1 + upstream fixed-upstream Control: forwarded -1 https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7418 > After the latest Debian upgrade yesterday evening, sa-update fails > with error: > > Cannot open file >

Bug#922050: Debdiff for CVE-2019-5736

2019-02-11 Thread Noah Meyerhans
:34.0 -0800 +++ runc-1.0.0~rc6+dfsg1/debian/changelog 2019-02-11 09:13:16.0 -0800 @@ -1,3 +1,9 @@ +runc (1.0.0~rc6+dfsg1-2) unstable; urgency=high + + * Apply upstream patch addressing CVE-2019-5736 (Closes: #922050) + + -- Noah Meyerhans Mon, 11 Feb 2019 09:13:16 -0800 + runc (1.0.0

Bug#918188: linux: FTBFS on arm64

2019-01-04 Thread Noah Meyerhans
On Fri, Jan 04, 2019 at 06:57:21AM +0100, Salvatore Bonaccorso wrote: > > LD vmlinux.o > > MODPOST vmlinux.o > > GEN .version > > CHK include/generated/compile.h > > UPD include/generated/compile.h > > CC init/version.o > > LD init/built-in.o > >

Bug#917847: ipsec-tools is unsuitable for inclusion in Debian

2018-12-30 Thread Noah Meyerhans
Package: ipsec-tools Version: 1:0.8.2+20140711-12 Severity: grave [On behalf of the ipsec-tools maintainers, I'm opening this against ipsec-tools for visibility and discussion.] The package is effectively orphaned upstream and has been for some time. Given the security-sensitive nature of the

Bug#913350: chmod: changing permissions of '/.../body_neg100.so': Operation not permitted

2018-12-16 Thread Noah Meyerhans
> I don't recall executing sa-compile as root, but that could have happened of > course. The file in question is cruft from an older version sa-compile. So > could > the scripts at least be fixed to ignore curft? It may be reasonable to completely remove /var/lib/spamassassin/compiled after

Bug#915229: src:linux: Updated driver needed for Amazon ENA ethernet

2018-12-06 Thread Noah Meyerhans
Control: tags -1 + patch Merge request for Linux 4.9 (stretch): https://salsa.debian.org/kernel-team/linux/merge_requests/81

Bug#915231: Proposed fix submitted on salsa

2018-12-06 Thread Noah Meyerhans
Control: tags -1 + patch Merge request: https://salsa.debian.org/kernel-team/linux/merge_requests/80

Bug#915231: src:linux: Enable PCI_HOTPLUG for arm64

2018-12-01 Thread Noah Meyerhans
Package: src:linux Version: 4.9.130-2 Severity: wishlist Tags: stretch Amazon recently announced arm64-based EC2 instances. These instances rely on PCI_HOTPLUG functionality to support attach/detach of resources such as ethernet interfaces and block devices. PCI_HOTPLUG is enabled for arm64 in

Bug#915229: src:linux: Updated driver needed for Amazon ENA ethernet

2018-12-01 Thread Noah Meyerhans
Package: src:linux Severity: important ENA is an ethernet adaptor used on Amazon EC2 cloud instances. Version 2.0.2 of the ENA driver was added to the mainline kernel as of version 4.20. This version includes fixes for various bugs, some of which result in kernel panics, and is needed in order to

Bug#915127: cloud.debian.org: Please add AWS image for new ARM instances

2018-11-30 Thread Noah Meyerhans
It's on its way. A newer ENA driver is required for working network, so that's kind of a blocker. On November 30, 2018 10:17:06 AM PST, Phil Endecott wrote: >Package: cloud.debian.org >Severity: wishlist > >Dear Maintainer, > >AWS have recently announced new instance types that use the 64-bit

Bug#896165: linux: request packaging of bpftool

2018-11-28 Thread Noah Meyerhans
On Tue, Nov 27, 2018 at 09:50:17AM -0800, Jakub Kicinski wrote: > > > Please see https://salsa.debian.org/kernel-team/linux/merge_requests/72 > > > > Ugh. We cannot currently package bpftool in Debian. There are several > > GPLv2-only files in its source tree, and it links unconditionally > >

Bug#913548: spamassassin: running /etc/cron.daily/spamassassin gives: Unescaped left brace in regex is deprecated here

2018-11-24 Thread Noah Meyerhans
Control: tags -1 + moreinfo On Mon, Nov 12, 2018 at 09:05:01AM +0100, Elimar Riesebieter wrote: > > running /etc/cron.daily/spamassassin gives: > Unescaped left brace in regex is deprecated here (and will be fatal in Perl > 5.32), passed through in regex; marked by <-- HERE in m/ ( {<-- HERE }

Bug#896165: linux: request packaging of bpftool

2018-11-20 Thread Noah Meyerhans
On Mon, Nov 19, 2018 at 11:34:26PM -0800, Noah Meyerhans wrote: > Please see https://salsa.debian.org/kernel-team/linux/merge_requests/72 Ugh. We cannot currently package bpftool in Debian. There are several GPLv2-only files in its source tree, and it links unconditionally against the GP

Bug#896165: linux: request packaging of bpftool

2018-11-19 Thread Noah Meyerhans
On Fri, Apr 20, 2018 at 02:07:40PM +0200, Simon Horman wrote: > I would like to request packaging of bpftool which has been > included in upstream Linux tree since v4.15-rc1. I expect this can > be done in a similar manner to the way that perf, also present in > the upstream Linux kernel tree, is

Bug#896165: linux: request packaging of bpftool

2018-11-14 Thread Noah Meyerhans
On Fri, Apr 20, 2018 at 02:07:40PM +0200, Simon Horman wrote: > I would like to request packaging of bpftool which has been > included in upstream Linux tree since v4.15-rc1. I expect this can > be done in a similar manner to the way that perf, also present in > the upstream Linux kernel tree, is

Bug#877721: racoon: IPsec tunnel with HMAC SHA256 in phase 2 is not working correctly

2018-11-12 Thread Noah Meyerhans
On Mon, Nov 12, 2018 at 01:50:57PM +0100, Jean-Samuel Reynaud wrote: > In conclusion, for me it's look like a feature missing in racoon... A > discusion was about this on racoon ML: > > https://sourceforge.net/p/ipsec-tools/mailman/message/34146970/ Thanks. The best course of action from here is

Bug#913571: spamassassin: 'domain is utf8 flagged' messages in log since upgrade to 3.4.2

2018-11-12 Thread Noah Meyerhans
Control: tags -1 + upstream fixed-upstream Control: severity -1 minor Control: forwarded -1 https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7632 > Since upgrading to 3.4.2-1~deb9u1 I see lots of these in > /var/log/mail.log: > > Nov 12 12:10:54 swiss spamd[12013]: dns: new_dns_packet: domain

Bug#913350: chmod: changing permissions of '/.../body_neg100.so': Operation not permitted

2018-11-09 Thread Noah Meyerhans
Control: tags -1 + moreinfo Control: severity -1 normal On Fri, Nov 09, 2018 at 08:40:14PM +0100, Sebastian Ramacher wrote: > > | chmod: changing permissions of > > '/var/lib/spamassassin/compiled/5.024/3.004001/auto/Mail/SpamAssassin/CompiledRegexps/body_neg100/body_neg100.so': > > Operation

Bug#912524: snapshot.debian.org is unreachable from (apparently) 18.128.0.0/9

2018-11-01 Thread Noah Meyerhans
It was pointed out on IRC that this is intentional, per https://salsa.debian.org/dsa-team/mirror/dsa-puppet/blob/master/modules/roles/manifests/snapshot_web.pp IMO blocking random (and large) chunks of EC2 is not a good idea, as the collateral impact is potentially huge. I'd like to suggest a

Bug#912524: snapshot.debian.org is unreachable from (apparently) 18.128.0.0/9

2018-11-01 Thread Noah Meyerhans
On Thu, Nov 01, 2018 at 09:46:51AM +0900, Mike Hommey wrote: > - Looking back at the logs from all the jobs we've had in the past > failing to reach snapshot.debian.org (or at least, marked as such), > the IP addresses of the hosts they were running on (as well as the IP > address of the

Bug#912198: stretch-pu: package spamassassin/3.4.2-1~deb9u1

2018-10-31 Thread Noah Meyerhans
On Wed, Oct 31, 2018 at 10:01:13PM +, Adam D. Barratt wrote: > Please feel free to upload, bearing in mind that the window for getting > updates into the 9.6 point release closes during this weekend. Uploaded. Thanks. noah signature.asc Description: PGP signature

Bug#912198: stretch-pu: package spamassassin/3.4.2-1~deb9u1

2018-10-29 Thread Noah Meyerhans
cron job's execution. (Closes: 890650) * Create /var/lib/spamassassin via dpkg, rather than the postinst. (Closes: 891833) * Add libbsd-resource-perl to Suggests (Closes: 910434) -- Noah Meyerhans Sun, 30 Sep 2018 23:44:58 -0700 spamassassin (3.4.1-8) unstable; urgency=medium

Bug#910049: Acknowledgement (linux-image-4.18.0-1-cloud-amd64: Please enable Amazon ENA NIC support)

2018-10-22 Thread Noah Meyerhans
Submitted the patch in more complete form at https://salsa.debian.org/kernel-team/linux/merge_requests/68

Bug#910641: spamassassin: Default options for spamd should include "--listen localhost"

2018-10-09 Thread Noah Meyerhans
> The man-page of spamd states: > >An asterisk '*' in place of a hostname implies an unspecified address, >('0.0.0.0' or '::'), i.e. it binds to all interfaces. An empty option >value implies '*'. A default is '--listen localhost', which binds to >a loopback interface only." > >

Bug#910654: cloud.debian.org: cloud-init apt module can't add GPG keys; dirmngr missing

2018-10-09 Thread Noah Meyerhans
On Tue, Oct 09, 2018 at 11:01:33AM +, Daniel Strong wrote: > Stderr: gpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or > directory > gpg: connecting dirmngr at '/root/.gnupg/S.dirmngr' failed: No such file > or directory > gpg: keyserver receive failed: No dirmngr

Bug#910049: linux-image-4.18.0-1-cloud-amd64: Please enable Amazon ENA NIC support

2018-10-01 Thread Noah Meyerhans
Package: linux-image-4.18.0-1-cloud-amd64 Version: 4.18.8-1 Severity: wishlist Tags: patch Control: affects -1 cloud.debian.org The cloud variant of the kernel packages does not currently enable CONFIG_ENA_ETHERNET, meaning it is not able to drive the network hardware on modern AWS instances. A

Bug#884163: fixed in spamassassin 3.4.2-1

2018-10-01 Thread Noah Meyerhans
On Mon, Oct 01, 2018 at 10:08:59AM +0200, Vincent Lefevre wrote: > >* Preserve locally set ENABLED=1 setting from /etc/default/spamassassin > > when installing on systemd-based systems. (Closes: 884163, 858457) > > Since ENABLED has normally been ignored on systemd-based systems, > it is

Bug#788429: spamassassin: /etc/init.d/spamassassin restart fails on Jessie/sysvinit

2018-09-30 Thread Noah Meyerhans
On Thu, Jun 11, 2015 at 11:40:48AM +0200, Marko von Oppen wrote: > root@host:~# /etc/init.d/spamassassin restart > Restarting SpamAssassin Mail Filter Daemon: No /usr/sbin/spamd found running; > none killed. > server socket setup failed, retry 1: spamd: could not create IO::Socket::IP > socket

Bug#739489: spamassassin: Failed to update

2018-09-30 Thread Noah Meyerhans
On Sun, Feb 23, 2014 at 07:05:29PM -0700, Bob Proulx wrote: > Best would be if spamassassin itself was able to understand that this > directory is not fully populated yet and ignore it until it is so that > it could avoid the "no rules" error itself. If there is a bug to be > pointed at I think

Bug#781794: URI_OBFU_WWW

2018-09-30 Thread Noah Meyerhans
On Tue, Feb 23, 2016 at 11:32:24AM -0330, Allan Goulding wrote: > For the record, we have a similar situation with this test. Messages > were tagged with the same URI_OBFU_WWW test because the domain name was > embedded in the message signature. > > In this case, the domain is www.ace-net.ca > >

Bug#891833: Please restore SELinux context on /var/lib/spamassassin

2018-06-21 Thread Noah Meyerhans
On Thu, Mar 01, 2018 at 12:49:48PM +0100, Laurent Bigonville wrote: > On package installation, the /var/lib/spamassassin directory ends up > wrongly labeled on disk. Thanks for this report. > There are two solutions here to fix this problem, either: > > 1) ship the directory in the package

Bug#858930: potential patch available

2018-05-29 Thread Noah Meyerhans
https://github.com/openwrt/packages/pull/6141 was recently submitted to OpenWRT, and also apparently upstream. It makes use of openssl-compat.[ch] from https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes, which is unfortunate, but may be the best we're going to get. I haven't yet tested

Bug#889501: spamassassin: root escalation from debian-spamd user on kernels that do not have fs.protected_hardlinks=1

2018-02-03 Thread Noah Meyerhans
On Sat, Feb 03, 2018 at 03:58:10PM -0500, Daniel Kahn Gillmor wrote: > This problem exists at least in debian unstable, but it appears to go > back at least to 2012, when the debian-spamd user was introduced. > (most likely, the recursive chown was to make it easier to transition > existing setups

Bug#888837: thx for the hot-fix

2018-01-31 Thread Noah Meyerhans
On Wed, Jan 31, 2018 at 08:24:03PM +0100, SZÉPE Viktor wrote: > There is no version constrain for FORGED_GMAIL_RCVD > > Noah: Do you see a resolution? Nope, you're right. Looks like it's taking >36 hours for changes to the updates rulesets to propagate. The fix has been committed upstream, and

Bug#888837: thx for the hot-fix

2018-01-31 Thread Noah Meyerhans
On Wed, Jan 31, 2018 at 04:21:20PM +, Harald Kapper wrote: >thank you for pointing the quick-fix out, this probably lets some >spamassassin-admins work their systems until upstream rolls down the >debian-system. A hotfix shouldn't be necessary. The spamassassin updates channel is

Bug#888837: spamassassin: sa-update failed, spamd does not start anymore

2018-01-30 Thread Noah Meyerhans
Control: severity -1 normal Resetting severity to normal, since we don't ship with updates enabled at all by default. On Tue, Jan 30, 2018 at 09:07:26AM -0700, Will Aoki wrote: > forwarded 37 https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7540 > thanks > > We hit this bug this morning

Bug#884163: spamassassin: spamd no longer works after upgrade

2017-12-12 Thread Noah Meyerhans
Control: severity -1 important > $ systemctl status spamassassin.service > ● spamassassin.service - Perl-based spam filter using text analysis >Loaded: loaded (/lib/systemd/system/spamassassin.service; disabled; vendor > preset: enabled) >Active: inactive (dead) Please run: systemctl

Bug#883982: iputils-ping: man page typo

2017-12-09 Thread Noah Meyerhans
Control: tags -1 + fixed-upstream pending On Sun, Dec 10, 2017 at 02:53:54AM +0200, Alex wrote: > man page contains typo for option '-f' (line 39). Currently it states "while > for ever ECHO_REPLY" which was probably meant to be "for every". > If somebody could point me to instructions on how to

Bug#211353: chrony: please add debconf question for entering timeserver

2017-12-09 Thread Noah Meyerhans
On Mon, Nov 16, 2015 at 11:30:05PM +0100, Vincent Blut wrote: > Marking as wontfix as I’m definitely not sure implementing the debconf > mechanism > for such thing is the right approach. Hi. At a recent debian-cloud sprint, we made the choice to switch from ntpd to chrony for our cloud images. As

Bug#882194: stretch-pu: package spamassassin/3.4.1-6+deb9u1

2017-11-24 Thread Noah Meyerhans
On Fri, Nov 24, 2017 at 10:52:06AM +, Adam D. Barratt wrote: > > Hello. I'd like to fix a number of bugs in spamassassin, mostly > > related to systemd service management. A debdiff against the current > > stretch version is attached. All the changes have been in buster for > > some time. I've

Bug#882194: stretch-pu: package spamassassin/3.4.1-6+deb9u1

2017-11-19 Thread Noah Meyerhans
in cron script. +(Closes: 865514) + * Fix spamd service manage on upgrades. (Closes: #865356) + + -- Noah Meyerhans <no...@debian.org> Sun, 19 Nov 2017 10:43:02 -0800 + spamassassin (3.4.1-6) unstable; urgency=medium * Import upstream fix for spamassassin bug 7226: Enhance white

Bug#858930: WIP, but no ETA

2017-11-14 Thread Noah Meyerhans
I've started work porting ipsec-tools to openssl 1.1, but it's definitely going to be a fair bit of work. It's certainly not going to be complete before the package is removed from buster, but it may be finished in time to get back into buster for the release. Unfortunately, upstream hasn't shown

Bug#877721: [Pkg-ipsec-tools-devel] Bug#877721: racoon: IPsec tunnel with HMAC SHA256 in phase 2 is not working correctly

2017-10-09 Thread Noah Meyerhans
On Wed, Oct 04, 2017 at 10:05:08PM +0200, Bartek Krawczyk wrote: > In summary: 1. racoon configuration with aes128-cbc, sha256 and > pfs2048 doesn't work with MikroTik. 2. changing only sha256 to sha1 > on racoon and MikroTik solves the problem immediately. 3. MikroTik to > MikroTik and

Bug#875958: sa-compile: The package fails to run sa-compile

2017-09-16 Thread Noah Meyerhans
On Sat, Sep 16, 2017 at 11:15:12PM +0900, Bernard wrote: > Package: sa-compile > Version: 3.4.1-6 > Severity: grave > Justification: renders package unusable Dropping this to severity 'normal', because I don't think this is widespread. 3.4.1-6 was released 11 months ago and this is the first

Bug#875958: sa-compile: The package fails to run sa-compile

2017-09-16 Thread Noah Meyerhans
On Sat, Sep 16, 2017 at 11:15:12PM +0900, Bernard wrote: > Anyway, it fails and as a result spamassassin cannot be installed > (configuration fails). Can you send a complete transcript of a failing 'apt install sa-compile' run? Thanks noah signature.asc Description: PGP signature

Bug#869408: upstream patch is more complex

2017-09-09 Thread Noah Meyerhans
On Sun, Sep 10, 2017 at 01:14:53AM +0200, Francesco Potortì wrote: > Apparently this warning was useful to discover a bug, corrected upstream: > > > >

Bug#874188: fai-client: Integrate some form of file templating system

2017-09-03 Thread Noah Meyerhans
Package: fai-client Severity: wishlist In our use of FAI for generating the stretch cloud images, we use fcopy's preinst scripts to implement a crude form of templating. See https://anonscm.debian.org/cgit/cloud/fai-cloud-images.git/tree/files/etc/apt/sources.list for the files and script. In

Bug#648033: iputils crosscompilation - upstream

2017-08-02 Thread Noah Meyerhans
On Wed, Aug 02, 2017 at 03:35:37PM +0200, David Heidelberg wrote: > Instead of keeping with Makefile, where I don't plan any new functionality, > would you be interested in extending/improving meson build system support? > It's right way, it's not going anywhere and it simplified iputils build.

Bug#869955: warning with perl 5.24

2017-07-27 Thread Noah Meyerhans
Control: tags -1 + upstream fixed-upstream newcomer On Fri, Jul 28, 2017 at 01:40:24AM +0200, Ivan Sergio Borgonovo wrote: > After upgrading perl to 5.26.0-4 I get: > > Unescaped left brace in regex is deprecated here (and will be fatal in Perl > 5.30), passed through in regex; marked by <--

Bug#869949: jessie-pu: package ipsec-tools/1:0.8.2+20140711-2+deb8u1

2017-07-27 Thread Noah Meyerhans
-0700 +++ ipsec-tools-0.8.2+20140711/debian/changelog 2017-07-27 14:37:54.0 -0700 @@ -1,3 +1,9 @@ +ipsec-tools (1:0.8.2+20140711-2+deb8u2) oldstable; urgency=medium + + * Import NetBSD's patch to address CVE-2016-10396 (Closes: #867986) + + -- Noah Meyerhans <no...@debian.org> Thu,

Bug#867986: CVE-2016-10396

2017-07-27 Thread Noah Meyerhans
On Mon, Jul 10, 2017 at 11:18:35PM +0200, Moritz Muehlenhoff wrote: > > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10396 Hi Moritz. I assume your intent was not to issue a DSA for this since it's been a known issue for nearly a year. Under that assumption I've gone

Bug#867986: [Pkg-ipsec-tools-devel] Bug#867986: CVE-2016-10396

2017-07-25 Thread Noah Meyerhans
g 2017-07-18 10:22:32.0 -0700 @@ -1,3 +1,9 @@ +ipsec-tools (1:0.8.2+20140711-9) UNRELEASED; urgency=medium + + * Import NetBSD's patch to address CVE-2016-10396 (Closes: #867986) + + -- Noah Meyerhans <no...@debian.org> Tue, 18 Jul 2017 17:22:32 + + ipsec-tools (1:0.8.2+20

Bug#867986: [Pkg-ipsec-tools-devel] Bug#867986: CVE-2016-10396

2017-07-18 Thread Noah Meyerhans
o address CVE-2016-10396 (Closes: #867986) + + -- Noah Meyerhans <no...@debian.org> Tue, 18 Jul 2017 17:22:32 + + ipsec-tools (1:0.8.2+20140711-8) unstable; urgency=medium * Depend on libfl-dev to follow flex changes (Closes: #846430) diff -Nru ipsec-tools-0.8.2+20140711/debian/p

Bug#865965: InvalidBlockDeviceMapping error while creating a new ami based on stretch one

2017-06-26 Thread Noah Meyerhans
On Mon, Jun 26, 2017 at 09:55:31AM +0200, Xavier Lembo wrote: > I've tried today to use my jessie working script on the eu-west-1 stretch > ami (ami-e79f8781) > > My custom ami must have a specific size for first partition, so , i use a > specific block device mapping. > > On the Stretch

Bug#864810: spamassassin: fails to initialize on IPv6 and then breaks

2017-06-24 Thread Noah Meyerhans
Control: tags -1 + pending On Thu, Jun 15, 2017 at 04:23:22AM -0400, Norbert Preining wrote: > It seems that the systemctl service files do not require a working > ipv6 setup It's worse than that. The spamassassin.service unit that we're shipping doesn't even have a dependency on the network at

Bug#865514: spamassassin: Incorrect invoke-rc.d check in cron script

2017-06-24 Thread Noah Meyerhans
Control: tags -1 + pending On Thu, Jun 22, 2017 at 10:43:53AM +0200, Valentin Vidic wrote: > The invoke-rc.d check in the reload action is not correct as > the else branch still uses invoke-rc.d: Thanks. Fix committed and will be included in the next update. There will likely be a spamassassin

Bug#864635: cron.daily: info: rules: meta test __MONEY_FRAUD_8 has dependency 'LOTTO_AGENT' with a zero score

2017-06-24 Thread Noah Meyerhans
On Mon, Jun 12, 2017 at 08:51:08AM +0800, Paul Wise wrote: > Yesterday I got these messages from the spamassassin cron job. > I am guessing these are from the downloaded/compiled rules. > It would be better for non-warnings like these to be disabled. > > Jun 12 01:23:08.924 [3147] info: rules:

Bug#865595: spamassassin install problem in Debian 9

2017-06-22 Thread Noah Meyerhans
On Thu, Jun 22, 2017 at 11:50:35PM -0300, Marcelo Gondim wrote: >Configurando spamassassin (3.4.1-6) ... >-su: 53: Syntax error: "(" unexpected (expecting "}") >dpkg: erro ao processar o pacote spamassassin (--configure): > sub-processo script post-installation instalado retornou

Bug#852876: spamassassin: Please add systemd timer as cronjob replacement

2017-05-12 Thread Noah Meyerhans
On Sat, Jan 28, 2017 at 09:03:43AM +0100, Daniel Schaal wrote: > The attached patch adds the following: > > * Add sa-update.service and sa-update.timer > * Move common cronjob functions to /etc/spamassassin/spamassassin.cron.common > * Add check to original cronjob to only run when not using

Bug#797722: spamassassin cron.daily fails with permission denied for tmp file

2017-05-11 Thread Noah Meyerhans
On Tue, Sep 01, 2015 at 10:57:57PM +, Simon Walter wrote: > Package: spamassassin > Version: 3.4.0-6 > > cron.daily spamassassin fails because the tmp file can't be created. script > seems to be executed in /root/ This bug has been open for ages. I'd like to either figure out what went

Bug#858457: spamd stops autostarting after release upgrade

2017-03-25 Thread Noah Meyerhans
On Thu, Mar 23, 2017 at 07:46:47PM -0700, Noah Meyerhans wrote: > > If in wheezy I enable spamd by setting ENABLED=1 in > > /etc/default/spamassassin, and then I upgrade to jessie, then spamd > > stops automatically starting after a reboot due to the switch to > > syst

Bug#858457: spamd stops autostarting after release upgrade

2017-03-23 Thread Noah Meyerhans
On Wed, Mar 22, 2017 at 02:29:49PM +, Robie Basak wrote: > If in wheezy I enable spamd by setting ENABLED=1 in > /etc/default/spamassassin, and then I upgrade to jessie, then spamd > stops automatically starting after a reboot due to the switch to > systemd. > > Workaround: "systemctl enable

Bug#846583: cloud.debian.org: AWS Image should enable DHCPv6 client

2016-12-14 Thread Noah Meyerhans
On Wed, Dec 14, 2016 at 08:17:28AM +0100, Thomas Lange wrote: > I wonder why you need to source /usr/lib/fai/subroutines for importing > the ifclass subroutine. If your scripts are bash scripts, this > function should be already available. Hm. I have no idea why I thought that would be necessary.

Bug#846583: cloud.debian.org: AWS Image should enable DHCPv6 client

2016-12-13 Thread Noah Meyerhans
On Sat, Dec 10, 2016 at 08:57:22PM +0100, Bernhard Schmidt wrote: > I don't think this will ever be fixed with ifupdown. I think > systemd-networkd and NetworkManager do the right thing here, but I have > never had a look at either for maintaining a _server_. So I will not > propose switching to

Bug#846583: cloud.debian.org: AWS Image should enable DHCPv6 client

2016-12-10 Thread Noah Meyerhans
On Sat, Dec 10, 2016 at 04:31:23PM -0500, Sam Hartman wrote: > I've played with systemd-networkd a bit. > It seems capable enough to handle this use case, but it has some > significant drawbacks. I've looked in to systemd-networkd in the stretch images, but haven't managed to get it to acquire a

Bug#804396: if IPv6 configuration fails, then IPv4 is not configured

2016-12-08 Thread Noah Meyerhans
On Sat, Jan 09, 2016 at 08:29:39PM +0100, Guus Sliepen wrote: > > If /etc/network/interfaces defines 2 protocols for one interface, > > then a tiny problem for one protocol can affect both. > > This is by design. Recent versions of ifupdown will even exit with an > error code if there is an error

Bug#846583: cloud.debian.org: AWS Image should enable DHCPv6 client

2016-12-08 Thread Noah Meyerhans
On Thu, Dec 08, 2016 at 10:23:22PM -0800, Noah Meyerhans wrote: > > For this /etc/network/interfaces needs to be amended with > > > > iface eth0 inet6 dhcp > > Unfortunately this breaks networking for instances in subnets with IPv6 > *disabled*, which is likel

Bug#846583: cloud.debian.org: AWS Image should enable DHCPv6 client

2016-12-08 Thread Noah Meyerhans
On Fri, Dec 02, 2016 at 12:25:44PM +0100, Bernhard Schmidt wrote: > thanks for providing an AWS EC2 Image with Debian Jessie. > > AWS is now supporting IPv6 on EC2 instances, see > > > https://aws.amazon.com/de/blogs/aws/new-ipv6-support-for-ec2-instances-in-virtual-private-clouds/. > >

Bug#703216: iputils-ping: ping preload doesn't appear to work as advertised in the man page, works fine when strace'ing it

2016-11-08 Thread Noah Meyerhans
On Sun, Mar 17, 2013 at 05:06:00PM +1100, Michael Chesterton wrote: >* What led up to the situation? > network testing >* What exactly did you do (or not do) that was effective (or > ineffective)? > sudo ping -l 20 some lan connected address >* What was the outcome of this action?

Bug#832999: "ping: icmp open socket: Operation not permitted" as non-root in Debian Live

2016-11-08 Thread Noah Meyerhans
Control: reassign -1 cdimage.debian.org On Sat, Jul 30, 2016 at 10:12:13AM +, Askar Safin wrote: > I downloaded Debian Live from this link: > http://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-8.5.0-amd64-kde-desktop.iso > I booted into this KDE live system, opened

Bug#693945: raising severity

2016-11-04 Thread Noah Meyerhans
Control: severity 693945 important Control: severity 831848 important Per discussion among the cloud team, I'm raising these bugs to important. We want to be sure we release stretch with at least basic support for the cloud.debian.org pseudopackage. noah signature.asc Description: PGP

Bug#563285: spamassassin: SUSPICIOUS_RECIPS yields false positive

2016-10-30 Thread Noah Meyerhans
On Fri, Jan 01, 2010 at 07:45:55PM +0100, Vincent Lefevre wrote: > I reported 5 bugs against a package, so that I received a reply with: > > Cc: 563...@bugs.debian.org, 563...@bugs.debian.org, 563...@bugs.debian.org, > 563...@bugs.debian.org, 563...@bugs.debian.org > > which triggered

Bug#620762: updating status to reflect upstream's decision

2016-10-30 Thread Noah Meyerhans
Control: tags -1 + wontfix As upstream does not intend to fix this bug, I'm going to tag it as wontfix here as well. I don't want to introduce a Debian specific change for this.

Bug#828552: Fix in svn

2016-10-29 Thread Noah Meyerhans
Control: tags -1 + pending Committed a fix here: https://anonscm.debian.org/viewvc/collab-maint?view=revision=27090 Will be included in 3.4.1-6, which should happen soon. signature.asc Description: PGP signature

Bug#828552: spamassassin: FTBFS with openssl 1.1.0

2016-10-29 Thread Noah Meyerhans
Control: tags -1 - patch + upstream Control: forwarded -1 https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7361 On Thu, Sep 22, 2016 at 01:25:11PM +0200, Sebastian Andrzej Siewior wrote: > control: tags -1 patch > > On 2016-06-26 12:24:10 [+0200], Kurt Roeckx wrote: > > There is a libssl-dev

Bug#841960: spamassassin: should suggest libgeo-ip-perl for Mail::SpamAssassin::Plugin::URILocalBL

2016-10-25 Thread Noah Meyerhans
Control: tags -1 + pending Thanks, updated for 3.4.1-6 On Mon, Oct 24, 2016 at 10:10:23PM +0200, Jonas Smedegaard wrote: > Source: spamassassin > Version: 3.4.1-1 > Severity: normal > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > SpamAssassin 3.4.1 introduced a few new plugins,

Bug#760277: spamassassin: URIDNSBL.pm complains about $rdatanum if URIBL* is turned off

2016-10-01 Thread Noah Meyerhans
On Thu, Sep 29, 2016 at 11:36:01PM -0400, Peter Colberg wrote: > I have prepared an NMU based on the upstream patch, which resolves > the issue of using uninitialized values in URIDNSBL.pm at line 1042. > > Please let me know whether you are going to upload a new version soon, > or whether I

Bug#807805: vlc: Crash upon startup

2016-05-09 Thread Noah Meyerhans
On Mon, May 09, 2016 at 04:51:58PM +0300, Dmitry Shachnev wrote: > On Mon, May 09, 2016 at 07:12:05AM +0200, Sebastian Ramacher wrote: > > Thank you for the backtrace. This seems to be an issue between Qt (or > > somewhere > > in the Qt/KDE stack) and your WM. So I'm reassigning it to Qt and

Bug#807805: vlc: Crash upon startup

2016-05-08 Thread Noah Meyerhans
Control: tags -1 - moreinfo Control: found -1 2.2.2-6 On Wed, Jan 27, 2016 at 11:29:52PM +0100, Sebastian Ramacher wrote: > On 2016-01-27 12:08:15, Hörmetjan Yiltiz wrote: > > Could you please tell me how to produce this informative feedback so that a > > diagnosis would be possible? > > Install

Bug#811411: O: adduser -- add and remove users and groups

2016-03-06 Thread Noah Meyerhans
A few folks have expressed interest in maintaining this package. All of you sound relatively new to Debian package maintainership. Do any of you actually have up upload access at this time, or are you looking for sponsors? The package has a number of Severity: important bugs; have you looked

Bug#811411: O: adduser -- add and remove users and groups

2016-03-06 Thread Noah Meyerhans
On Sun, Mar 06, 2016 at 09:50:12PM -0800, Noah Meyerhans wrote: > A few folks have expressed interest in maintaining this package. All of > you sound relatively new to Debian package maintainership. Do any of you > actually have up upload access at this time, or are you looking for &

Bug#816227: ping: socket: Address family not supported by protocol (raw socket required by specified options).

2016-02-29 Thread Noah Meyerhans
Control: tags -1 + upstream pending fixed-upstream On Mon, Feb 29, 2016 at 09:02:02AM +0100, Florent Rougon wrote: > Apart from that, I use: > > GRUB_CMDLINE_LINUX="init=/bin/systemd ipv6.disable=1" Confirmed that this breaks ping when run without an explicit address family. This is actually

Bug#816227: ping: socket: Address family not supported by protocol (raw socket required by specified options).

2016-02-28 Thread Noah Meyerhans
Control: severity -1 important On Sun, Feb 28, 2016 at 10:04:13PM +, Jamie Heilman wrote: > root@cucamonga:~# ping 127.0.0.1 > ping: socket: Address family not supported by protocol (raw socket required > by specified options). > > I actually can't ping anything at all, it all fails with

Bug#780721: iputils: Please raise libcap2-bin from Recommends to Depends

2016-02-22 Thread Noah Meyerhans
On Mon, Feb 22, 2016 at 09:15:37PM +0100, John Paul Adrian Glaubitz wrote: > I didn't say you should remove setuid altogether. I just said you should > use capabilties on Linux by default by setting: > > Depends: libcap2-bin [linux-any] Recommends are installed by default, so the default

Bug#780721: iputils: Please raise libcap2-bin from Recommends to Depends

2016-02-22 Thread Noah Meyerhans
On Mon, Feb 22, 2016 at 04:01:24PM +0100, John Paul Adrian Glaubitz wrote: > I'll have to re-test that. Again, this occurred during a FAI > installation, that is an automated installation. Thanks. In the meantime, I've submitted 815566 against libcap2-bin requesting that it be raised to Priority:

Bug#815566: libcap2-bin: Please raise Priority of libcap2-bin to "important"

2016-02-22 Thread Noah Meyerhans
Package: libcap2-bin Version: 1:2.24-8 Severity: normal libcap2-bin is a dependency of systemd, which is Priority: important. There's also a request (780721) to add it as a dependency of iputils-ping, which is also Priority: important. Per policy, section 2.5, "Packages must not depend on

Bug#780721: iputils: Please raise libcap2-bin from Recommends to Depends

2016-02-22 Thread Noah Meyerhans
On Mon, Feb 22, 2016 at 08:22:50AM +0100, John Paul Adrian Glaubitz wrote: > Can we just fix this bug first so that people don't install iputils > in setups like FAI or debootstrap and keep wondering why iputils-ping > doesn't work for non-root users? Please explain how ping is not usable by

Bug#780721: iputils: Please raise libcap2-bin from Recommends to Depends

2016-02-21 Thread Noah Meyerhans
(Apologies for the 11 month turn-around!) On Thu, Mar 19, 2015 at 09:59:39AM +0100, John Paul Adrian Glaubitz wrote: > > iputils-ping, as priority "important", cannot declare a dependency > > on libcap2-bin, which is priority "optional". Thus, the Recommends > > relationship. It is perfectly

Bug#815197: iputils package update

2016-02-20 Thread Noah Meyerhans
On Fri, Feb 19, 2016 at 04:05:18PM -0800, Noah Meyerhans wrote: > >The iputils package included in Sid is from 2012.  There have been  > > several > >releases since then and should be updated.  Specifically, the  > > iputils-ping > >package needs to be

Bug#815197: iputils package update

2016-02-19 Thread Noah Meyerhans
On Fri, Feb 19, 2016 at 06:29:36PM -0500, Jester 2.0 wrote: >The iputils package included in Sid is from 2012.  There have been several >releases since then and should be updated.  Specifically, the iputils-ping >package needs to be updated to support the unified ping binary. That

Bug#219140: combined ping binary

2016-02-19 Thread Noah Meyerhans
On Fri, Feb 19, 2016 at 06:28:11PM -0500, Jester 2.0 wrote: >This functionality was committed to the source in June 2015.   >Specific >commit:  > [1]https://github.com/iputils/iputils/commit/ebad35fee3de851b809c7b72ccc654a72b6af61d >Also, the iputils package in general hasn't been

  1   2   3   4   5   >