For those following along at home, I would suggest booting the grsec
enabled kernel once - then saving the output of `sudo lsmod` into a
file. Take every module you want (ie: all of them) and put the list
into /etc/initramfs-tools/modules - then you'll need to run
`dpkg-reconfigure
On 12/21/15, Mickaël Salaün <m...@digikod.net> wrote:
> On 21/12/2015 00:14, Jacob Appelbaum wrote:
>> I was left with:
>>
>> [ 1802.373906] grsec: denied untrusted exec (due to not being in
>> trusted group and file in non-root-owned directory) of
>> /run/
I'm also running this kernel with AppArmor and it seems to work without issue.
I followed the steps on https://wiki.debian.org/AppArmor/HowToUse
which sets "apparmor=1 security=apparmor" on the kernel command line
as documented:
sudo perl -pi -e
To make my Debian Jessie system work with pax, I had to set pax flags
for these three binaries:
paxctl -c -m /usr/bin/gnome-shell
paxctl -c -m /usr/bin/gnome-session
paxctl -c -m /usr/bin/pulseaudio
If you don't want to modify the binary, you can also set the
attributes in the file system:
It may make sense for us to have a package of paxrat with common
configurations for Debian users:
https://github.com/subgraph/paxrat
This would ensure that everyone can use this kernel and have xorg work
as expected, for example.
Otherwise, I think we will see a lot of people who just run:
On 12/19/15, Yves-Alexis Perez wrote:
> On jeu., 2015-11-05 at 22:08 +0100, Yves-Alexis Perez wrote:
>> On sam., 2015-10-10 at 21:55 +0200, Yves-Alexis Perez wrote:
>> > This is really a work in progress and this mail a request for comment.
>> > Especially missing is:
>>
>> So,
On 12/19/15, Jacob Appelbaum <ja...@appelbaum.net> wrote:
> On 12/19/15, Yves-Alexis Perez <cor...@debian.org> wrote:
>> On jeu., 2015-11-05 at 22:08 +0100, Yves-Alexis Perez wrote:
>>> On sam., 2015-10-10 at 21:55 +0200, Yves-Alexis Perez wrote:
>>&
On 8/24/15, intrigeri intrig...@debian.org wrote:
Hi Ben, hi Jacob,
Ben Bailess wrote (29 Jul 2015 15:55:12 GMT) :
I recently installed Torbirdy using the pkg xul-ext-torbirdy in order to
have
connection to system tor by default. When I open icedove, I do not see the
typical green text at
On 7/3/15, Bastian Neuburger b.neubur...@gsi.de wrote:
Source: golang-xmpp-dev
Severity: minor
DUCK reported a problem with the homepage set in the source packages
control file.
Currently it points to https://www.github.com/agl/xmpp
That was the correct url at the time.
However it seems
I'd like to use a Debian server - which one would fit?
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On 4/27/15, Rian Hunter r...@thelig.ht wrote:
Hi,
This totally hosed all of my systems!!
Sorry to hear that this issue has caused you problems. :(
I think relying on the internal server_random member of the ssl data
structure is error prone and to me it's not unexpected that a server would
Hi Sebastian,
On 4/23/15, Sebastian Pipping sebast...@pipping.org wrote:
Package: tlsdate
Version: 0.0.12-2~bpo70+1
Severity: normal
When using debian.org for a host, time is somewhat stable:
$ for i in {1..10}; do tlsdate --dont-set-clock --showtime -H debian.org ;
done
Thu Apr 23
On 4/23/15, Kurt Roeckx k...@roeckx.be wrote:
Package: tlsdate
Version: 0.0.12-2
Severity: grave
Hi,
I found this in my syslog today:
Apr 23 16:09:23 intrepid tlsdated[3408]: [event:action_run_tlsdate]
requested re-run of tlsdate while tlsdate is running
Apr 23 16:09:23 intrepid
not the security direction I'd like for tlsdate...
On 12/12/14, James Cowgill james...@cowgill.org.uk wrote:
On Fri, 2014-12-12 at 14:29 +, Jacob Appelbaum wrote:
Thanks for the bug report!
I think it might make sense to disable seccomp when building on that
platform until the next upstream
Thanks for the bug report!
I think it might make sense to disable seccomp when building on that
platform until the next upstream release. I've not had access to a
mips64 box with seccomp - it may also be a trivial patch and I haven't
had any time to look into this specific issue yet.
Could you
I know that I have access to this kind of porterbox. :)
I don't know if I have the time to work on this in the next few weeks.
I hope but am not sure.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
I've prepared a fix in version 0.1.3-1 - this merges the latest
release and it also includes various packaging fixes. The new version
depends on Tor and it patches TorBirdy to use 9050 rather than 9150.
The package needs review (I'm hoping Lunar^ will review, tag and
upload) but I believe
I've confirmed this issue. This bug should be fixed in the next release.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Thank you for testing!
I plan to release a new tlsdate tonight - I'll tag a release and then
poke h0lger to upload it tomorrow.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
I'm aware of this issue with the AUR package of tlsdate - thanks for
confirming it also impacts Debian!
I'm planning a new upstream release for another minor fix - it will be
fixed in 0.0.12.
Could you confirm that it works with the following service file:
[Unit]
Description=Secure parasitic
On 8/23/14, Holger Levsen hol...@layer-acht.org wrote:
package: tlsdate
Hi,
please acknowledge the 0.0.7-1.3 NMU aka pick the pull requests from git
hub.
Maybe also a new upstream release would be nice...
Agreed. Thanks for handling the upload!
All the best,
Jacob
--
To UNSUBSCRIBE,
On 6/12/14, Jonas Smedegaard d...@jones.dk wrote:
Package: torbrowser-launcher
Severity: serious
Justification: Policy 2.2.1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
- From its package description, torbrowser-launcher fetches executable
code from outside of Debian. That is
I am currently traveling in East Africa without access to my signing
keys. Furthermore, those signing keys have expired and new keys will
be generated in the near future after this trip. Pending a
regeneration of key signatures from some other Debian developers, I'll
upload a fix. If anyone wants
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum ja...@appelbaum.net
* Package name: novena-eeprom
Version : v1.0
Upstream Author : Sean Cross
* URL : https://github.com/xobs/novena-eeprom/
* License : BSD
Programming Lang: C
Description : novena
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum ja...@appelbaum.net
* Package name: blockfinder
Version : v1.0
Upstream Author : Jacob Appelbaum
* URL : https://github.com/ioerror/blockfinder/
* License : BSD-2-Clause
Programming Lang: Python
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum ja...@appelbaum.net
* Package name: golang-xmpp-dev
Version : 0.0~20140304-1
Upstream Author : Adam Langley a...@imperialviolet.org
* URL : http://www.github.com/agl/xmpp
* License : BSD
Programming Lang
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum ja...@appelbaum.net
* Package name: xmpp-client
Version : 0.1~20140304-1
Upstream Author : Adam Langley a...@imperialviolet.org
* URL : http://www.github.com/agl/xmpp
* License : BSD
Programming Lang
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum ja...@appelbaum.net
* Package name: liborchid-java
Version : 1.0
Upstream Author : Bruce Leidl br...@subgraph.com
* URL : http://www.subgraph.com/orchid.html
* License : BSD
Programming Lang: Java
I've uploaded a package - including the suggested VCS packaging
details - it is now in the new queue waiting for review by the Great
Debian Packaging Review Overlords:
https://ftp-master.debian.org/new.html
https://ftp-master.debian.org/new/torbirdy_0.1.2-1.html
I've also updated a related
That is incorrect.
tlsdate will continue to function, of course. There are already
non-compliant TLS servers that do not return time or return skewed
time. We attempt to compensate for that kind of server provided data
in a few different ways. There may also be new TLS servers that
implement
intrig...@debian.org:
Package: tlsdate
Version: 0.0.5-2
Severity: important
Hi,
I'm starting tlsdate with sudo service tlsdate start on a Wheezy
amd64 system with AppArmor enabled, and:
1. tlsdated does not start, hence the normal severity.
2. my syslog reads:
kernel:
intrigeri:
Hi,
Moritz Muehlenhoff wrote (02 Aug 2013 12:26:16 GMT) :
attached is a patch which adds a systemd service file for tlsdate.
FWIW: applied, rebuilt package = seems to work fine for me.
I've added a basic service file to the root of the tlsdate git repo.
I'll also add it to the
intrig...@debian.org:
Package: tlsdate
Version: 0.0.5-2
Severity: wishlist
It seems that Debian packaging work is published on GitHub:
https://github.com/ioerror/tlsdate.git
Could you please document this using the appropriate Vcs-* control
fields, so that standard tools such as
I've addressed this in the following git commit:
[debian-master 8dde3d4] call dh --with autotools_dev; closes Debian #727986
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum ja...@appelbaum.net
* Package name: torbrowser-launcher
Version : 0.0.1
Upstream Author : Micah Lee micahf...@riseup.net
* URL : https://github.com/micahflee/torbrowser-launcher
* License : BSD
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum ja...@appelbaum.net
* Package name: torbirdy
Version : 0.0.13
Upstream Author : Jacob Appelbaum ja...@appelbaum.net
* URL : https://www.github.com/ioerror/torbirdy
* License : BSD
Programming Lang
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum ja...@appelbaum.net
* Package name: tlsdate
Version : 0.0.1
Upstream Author : Jacob Appelbaum ja...@appelbaum.net
* URL : https://www.github.com/ioerror/tlsdate
* License : BSD
Programming Lang: C
Additionally, I should note that if I attempt to rmmod the module and
modprobe it, I have the following errors logged by my kernel:
[55412.053721] iwlagn :03:00.0: PCI INT A disabled
[55427.285783] iwlagn: Intel(R) Wireless WiFi Link AGN driver for Linux,
1.3.27ks
[55427.285785] iwlagn:
I'm having the same problem with my laptop X61 Lenovo laptop running Lenny:
[54510.421880] iwlagn :03:00.0: MAC is in deep sleep!. CSR_GP_CNTRL
= 0x
[54510.433558] iwlagn :03:00.0: MAC is in deep sleep!. CSR_GP_CNTRL
= 0x
[54510.443506] iwlagn :03:00.0: BSM uCode
lspci reports the following devices (both before and after module
loading or driver breakage):
00:19.0 Ethernet controller: Intel Corporation 82566MM Gigabit Network
Connection (rev 03)
03:00.0 Network controller: Intel Corporation PRO/Wireless 4965 AG or
AGN [Kedron] Network Connection (rev ff)
Thanks for the catch! I've put the proper descriptions into the package,
uploaded the changes to git and I'm waiting on my sponsor to upload a
new package. Once that's done, I'll close this bug...
signature.asc
Description: OpenPGP digital signature
Package: wnpp
Severity: wishlist
Owner: Debian Forensics [EMAIL PROTECTED]
* Package name: AESKeyFinder
Version : 1.0.0
* URL : http://citp.princeton.edu/memory/code/
* License : BSD
Programming Lang: C
Description : A tool for finding and repairing AES
Package: wnpp
Severity: wishlist
Owner: Debian Forensics [EMAIL PROTECTED]
* Package name: RSAKeyFinder
Version : 1.0.0
* URL : http://citp.princeton.edu/memory/code/
* License : BSD
Programming Lang: C++
Description : A tool for locating RSA private and
Package: wnpp
Severity: wishlist
Owner: Debian Forensics [EMAIL PROTECTED]
* Package name: AESFix
Version : 1.0.1
* URL : http://citp.princeton.edu/memory/code/
* License : BSD
Programming Lang: C++
Description : A tool for correcting bit errors in an AES
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum [EMAIL PROTECTED]
* Package name: biosmemimage
Version : 1.0.0
* URL : http://citp.princeton.edu/memory/code/
* License : BSD
Programming Lang: C
Description : Tools for capturing memory dumps on x86
owner 495422 Debian Forensics [EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum [EMAIL PROTECTED]
* Package name: ozymandns
Version : 0.0.1
Upstream Author : Dan Kaminsky [EMAIL PROTECTED]
* URL : http://www.doxpara.com/ozymandns_src_0.1.tgz
* License : (Currently consulting
Package: libgmp3-dev
Version: 2:4.2.1+dfsg-4
Severity: normal
It would be quite useful if this package or its corresponding
'libgmp3-doc' package included even a single simple man page.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture:
Package: mono
Version: 1.1.6-4
Severity: normal
This version of mono has fundamental garbage collection bugs that have
since been fixed. I highly recommend upgrading to at least mono 1.1.7,
which is what wikipedia has deployed. 1.1.8.2 would be even better, of
course.
Please upgrade this ASAP
Package: dcraw
Version: 5.88-1
Followup-For: Bug #274603
The current version of dcraw in debian testing segfaults on a raw canon
20d .cr2 file:
dcraw -v img_8727.cr2
Loading Canon EOS 20D image from img_8727.cr2...
Scaling with black=0, pre_mul[] = 1.00 1.00 1.00
VNG
50 matches
Mail list logo