Bug#605090:

For those following along at home, I would suggest booting the grsec enabled kernel once - then saving the output of `sudo lsmod` into a file. Take every module you want (ie: all of them) and put the list into /etc/initramfs-tools/modules - then you'll need to run `dpkg-reconfigure

Bug#605090:

On 12/21/15, Mickaël Salaün <m...@digikod.net> wrote: > On 21/12/2015 00:14, Jacob Appelbaum wrote: >> I was left with: >> >> [ 1802.373906] grsec: denied untrusted exec (due to not being in >> trusted group and file in non-root-owned directory) of >> /run/

Bug#605090:

I'm also running this kernel with AppArmor and it seems to work without issue. I followed the steps on https://wiki.debian.org/AppArmor/HowToUse which sets "apparmor=1 security=apparmor" on the kernel command line as documented: sudo perl -pi -e

Bug#605090:

To make my Debian Jessie system work with pax, I had to set pax flags for these three binaries: paxctl -c -m /usr/bin/gnome-shell paxctl -c -m /usr/bin/gnome-session paxctl -c -m /usr/bin/pulseaudio If you don't want to modify the binary, you can also set the attributes in the file system:

Bug#605090: [RFC] Proposal for a new linux-grsec source package

It may make sense for us to have a package of paxrat with common configurations for Debian users: https://github.com/subgraph/paxrat This would ensure that everyone can use this kernel and have xorg work as expected, for example. Otherwise, I think we will see a lot of people who just run:

Bug#605090: [RFC] Proposal for a new linux-grsec source package

On 12/19/15, Yves-Alexis Perez wrote: > On jeu., 2015-11-05 at 22:08 +0100, Yves-Alexis Perez wrote: >> On sam., 2015-10-10 at 21:55 +0200, Yves-Alexis Perez wrote: >> > This is really a work in progress and this mail a request for comment. >> > Especially missing is: >> >> So,

Bug#605090: [RFC] Proposal for a new linux-grsec source package

On 12/19/15, Jacob Appelbaum <ja...@appelbaum.net> wrote: > On 12/19/15, Yves-Alexis Perez <cor...@debian.org> wrote: >> On jeu., 2015-11-05 at 22:08 +0100, Yves-Alexis Perez wrote: >>> On sam., 2015-10-10 at 21:55 +0200, Yves-Alexis Perez wrote: >>&

Bug#793987: xul-ext-torbirdy: Torbirdy options not visible in Icedove 31.7.0

On 8/24/15, intrigeri intrig...@debian.org wrote: Hi Ben, hi Jacob, Ben Bailess wrote (29 Jul 2015 15:55:12 GMT) : I recently installed Torbirdy using the pkg xul-ext-torbirdy in order to have connection to system tor by default. When I open icedove, I do not see the typical green text at

Bug#790947: golang-xmpp-dev: Wrong homepage in control file

On 7/3/15, Bastian Neuburger b.neubur...@gsi.de wrote: Source: golang-xmpp-dev Severity: minor DUCK reported a problem with the homepage set in the source packages control file. Currently it points to https://www.github.com/agl/xmpp That was the correct url at the time. However it seems

Bug#783174: www.google.com

I'd like to use a Debian server - which one would fit? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#783174: tlsdate: Time retrieved from default host (www.ptb.de) jumping all over the place?

On 4/27/15, Rian Hunter r...@thelig.ht wrote: Hi, This totally hosed all of my systems!! Sorry to hear that this issue has caused you problems. :( I think relying on the internal server_random member of the ssl data structure is error prone and to me it's not unexpected that a server would

Bug#783174: tlsdate: Time retrieved from default host (www.ptb.de) jumping all over the place?

Hi Sebastian, On 4/23/15, Sebastian Pipping sebast...@pipping.org wrote: Package: tlsdate Version: 0.0.12-2~bpo70+1 Severity: normal When using debian.org for a host, time is somewhat stable: $ for i in {1..10}; do tlsdate --dont-set-clock --showtime -H debian.org ; done Thu Apr 23

Bug#783193: tlsdate: Sets time wrong

On 4/23/15, Kurt Roeckx k...@roeckx.be wrote: Package: tlsdate Version: 0.0.12-2 Severity: grave Hi, I found this in my syslog today: Apr 23 16:09:23 intrepid tlsdated[3408]: [event:action_run_tlsdate] requested re-run of tlsdate while tlsdate is running Apr 23 16:09:23 intrepid

Bug#772956: tlsdate: FTBFS on recent MIPS kernels

not the security direction I'd like for tlsdate... On 12/12/14, James Cowgill james...@cowgill.org.uk wrote: On Fri, 2014-12-12 at 14:29 +, Jacob Appelbaum wrote: Thanks for the bug report! I think it might make sense to disable seccomp when building on that platform until the next upstream

Bug#772956: tlsdate: FTBFS on recent MIPS kernels

Thanks for the bug report! I think it might make sense to disable seccomp when building on that platform until the next upstream release. I've not had access to a mips64 box with seccomp - it may also be a trivial patch and I haven't had any time to look into this specific issue yet. Could you

Bug#772956: tlsdate: FTBFS on recent MIPS kernels

I know that I have access to this kind of porterbox. :) I don't know if I have the time to work on this in the next few weeks. I hope but am not sure. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact

Bug#756054: default to 9050 for Debian package

I've prepared a fix in version 0.1.3-1 - this merges the latest release and it also includes various packaging fixes. The new version depends on Tor and it patches TorBirdy to use 9050 rather than 9150. The package needs review (I'm hoping Lunar^ will review, tag and upload) but I believe

Bug#766579: tlsdate's apparmor rules are a bit too restrictive

I've confirmed this issue. This bug should be fixed in the next release. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#766533: tlsdate cannot be started with systemd

Thank you for testing! I plan to release a new tlsdate tonight - I'll tag a release and then poke h0lger to upload it tomorrow. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#766533: tlsdate cannot be started with systemd

I'm aware of this issue with the AUR package of tlsdate - thanks for confirming it also impacts Debian! I'm planning a new upstream release for another minor fix - it will be fixed in 0.0.12. Could you confirm that it works with the following service file: [Unit] Description=Secure parasitic

Bug#758931: acknowledge 0.0.7-1.3 NMU

On 8/23/14, Holger Levsen hol...@layer-acht.org wrote: package: tlsdate Hi, please acknowledge the 0.0.7-1.3 NMU aka pick the pull requests from git hub. Maybe also a new upstream release would be nice... Agreed. Thanks for handling the upload! All the best, Jacob -- To UNSUBSCRIBE,

Bug#751366: torbrowser-launcher: should be in contrib archive area (not main)

On 6/12/14, Jonas Smedegaard d...@jones.dk wrote: Package: torbrowser-launcher Severity: serious Justification: Policy 2.2.1 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, - From its package description, torbrowser-launcher fetches executable code from outside of Debian. That is

Bug#746606: tlsdate: incorrect path to tlsdated binary in /etc/init.d/tlsdate

I am currently traveling in East Africa without access to my signing keys. Furthermore, those signing keys have expired and new keys will be generated in the near future after this trip. Pending a regeneration of key signatures from some other Debian developers, I'll upload a fix. If anyone wants

Bug#741668:

Package: wnpp Severity: wishlist Owner: Jacob Appelbaum ja...@appelbaum.net * Package name: novena-eeprom Version : v1.0 Upstream Author : Sean Cross * URL : https://github.com/xobs/novena-eeprom/ * License : BSD Programming Lang: C Description : novena

Bug#741677: ITP: blockfinder -- enumerates network information for countries

Package: wnpp Severity: wishlist Owner: Jacob Appelbaum ja...@appelbaum.net * Package name: blockfinder Version : v1.0 Upstream Author : Jacob Appelbaum * URL : https://github.com/ioerror/blockfinder/ * License : BSD-2-Clause Programming Lang: Python

Bug#740738: ITP: golang-xmpp-dev -- pure Golang xmpp client implementation

Package: wnpp Severity: wishlist Owner: Jacob Appelbaum ja...@appelbaum.net * Package name: golang-xmpp-dev Version : 0.0~20140304-1 Upstream Author : Adam Langley a...@imperialviolet.org * URL : http://www.github.com/agl/xmpp * License : BSD Programming Lang

Bug#740741: ITP: xmpp-client -- console XMPP client written in pure Go.

Package: wnpp Severity: wishlist Owner: Jacob Appelbaum ja...@appelbaum.net * Package name: xmpp-client Version : 0.1~20140304-1 Upstream Author : Adam Langley a...@imperialviolet.org * URL : http://www.github.com/agl/xmpp * License : BSD Programming Lang

Bug#740364: ITP: orchid -- a tor client implementation and library written in pure java

Package: wnpp Severity: wishlist Owner: Jacob Appelbaum ja...@appelbaum.net * Package name: liborchid-java Version : 1.0 Upstream Author : Bruce Leidl br...@subgraph.com * URL : http://www.subgraph.com/orchid.html * License : BSD Programming Lang: Java

Bug#699107: Package uploaded

I've uploaded a package - including the suggested VCS packaging details - it is now in the new queue waiting for review by the Great Debian Packaging Review Overlords: https://ftp-master.debian.org/new.html https://ftp-master.debian.org/new/torbirdy_0.1.2-1.html I've also updated a related

Bug#739596: tlsdate: Will be broken once the SSL handshake does not include timestamps anymore?

That is incorrect. tlsdate will continue to function, of course. There are already non-compliant TLS servers that do not return time or return skewed time. We attempt to compensate for that kind of server provided data in a few different ways. There may also be new TLS servers that implement

Bug#704680: tlsdate: AppArmor profile does not support multiarch library locations = tlsdated does not start

intrig...@debian.org: Package: tlsdate Version: 0.0.5-2 Severity: important Hi, I'm starting tlsdate with sudo service tlsdate start on a Wheezy amd64 system with AppArmor enabled, and: 1. tlsdated does not start, hence the normal severity. 2. my syslog reads: kernel:

Bug#718571: Add systemd service file for tlsdate

intrigeri: Hi, Moritz Muehlenhoff wrote (02 Aug 2013 12:26:16 GMT) : attached is a patch which adds a systemd service file for tlsdate. FWIW: applied, rebuilt package = seems to work fine for me. I've added a basic service file to the root of the tlsdate git repo. I'll also add it to the

Bug#718572: tlsdate: Please fill Vcs-Git and Vcs-Browser control fields

intrig...@debian.org: Package: tlsdate Version: 0.0.5-2 Severity: wishlist It seems that Debian packaging work is published on GitHub: https://github.com/ioerror/tlsdate.git Could you please document this using the appropriate Vcs-* control fields, so that standard tools such as

Bug#727986: fixed

I've addressed this in the following git commit: [debian-master 8dde3d4] call dh --with autotools_dev; closes Debian #727986 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#705177: ITP: torbrowser-launcher -- A program to help you download, keep updated, and run the Tor Browser Bundle

Package: wnpp Severity: wishlist Owner: Jacob Appelbaum ja...@appelbaum.net * Package name: torbrowser-launcher Version : 0.0.1 Upstream Author : Micah Lee micahf...@riseup.net * URL : https://github.com/micahflee/torbrowser-launcher * License : BSD

Bug#699107: ITP: TorBirdy -- configures Mozilla birds for use with Tor

Package: wnpp Severity: wishlist Owner: Jacob Appelbaum ja...@appelbaum.net * Package name: torbirdy Version : 0.0.13 Upstream Author : Jacob Appelbaum ja...@appelbaum.net * URL : https://www.github.com/ioerror/torbirdy * License : BSD Programming Lang

Bug#681000: ITP: tlsdate -- secure parasitic rdate replacement

Package: wnpp Severity: wishlist Owner: Jacob Appelbaum ja...@appelbaum.net * Package name: tlsdate Version : 0.0.1 Upstream Author : Jacob Appelbaum ja...@appelbaum.net * URL : https://www.github.com/ioerror/tlsdate * License : BSD Programming Lang: C

Bug#556585: (no subject)

Additionally, I should note that if I attempt to rmmod the module and modprobe it, I have the following errors logged by my kernel: [55412.053721] iwlagn :03:00.0: PCI INT A disabled [55427.285783] iwlagn: Intel(R) Wireless WiFi Link AGN driver for Linux, 1.3.27ks [55427.285785] iwlagn:

Bug#556585: X61 problem on Lenny with Backports kernel

I'm having the same problem with my laptop X61 Lenovo laptop running Lenny: [54510.421880] iwlagn :03:00.0: MAC is in deep sleep!. CSR_GP_CNTRL = 0x [54510.433558] iwlagn :03:00.0: MAC is in deep sleep!. CSR_GP_CNTRL = 0x [54510.443506] iwlagn :03:00.0: BSM uCode

Bug#556585: (no subject)

lspci reports the following devices (both before and after module loading or driver breakage): 00:19.0 Ethernet controller: Intel Corporation 82566MM Gigabit Network Connection (rev 03) 03:00.0 Network controller: Intel Corporation PRO/Wireless 4965 AG or AGN [Kedron] Network Connection (rev ff)

Bug#541279: (no subject)

Thanks for the catch! I've put the proper descriptions into the package, uploaded the changes to git and I'm waiting on my sponsor to upload a new package. Once that's done, I'll close this bug... signature.asc Description: OpenPGP digital signature

Bug#495416: ITP: AESKeyFinder -- A tool for finding and reconstructing AES keys.

Package: wnpp Severity: wishlist Owner: Debian Forensics [EMAIL PROTECTED] * Package name: AESKeyFinder Version : 1.0.0 * URL : http://citp.princeton.edu/memory/code/ * License : BSD Programming Lang: C Description : A tool for finding and repairing AES

Bug#495418: ITP: RSAKeyFinder -- A tool for locating RSA private and public keys.

Package: wnpp Severity: wishlist Owner: Debian Forensics [EMAIL PROTECTED] * Package name: RSAKeyFinder Version : 1.0.0 * URL : http://citp.princeton.edu/memory/code/ * License : BSD Programming Lang: C++ Description : A tool for locating RSA private and

Bug#495419: ITP: AESFix -- A tool for correcting bit errors in an AES key schedule.

Package: wnpp Severity: wishlist Owner: Debian Forensics [EMAIL PROTECTED] * Package name: AESFix Version : 1.0.1 * URL : http://citp.princeton.edu/memory/code/ * License : BSD Programming Lang: C++ Description : A tool for correcting bit errors in an AES

Bug#495422: ITP: biosmemimage -- Tools for capturing memory dumps on x86 and x86-64 systems

Package: wnpp Severity: wishlist Owner: Jacob Appelbaum [EMAIL PROTECTED] * Package name: biosmemimage Version : 1.0.0 * URL : http://citp.princeton.edu/memory/code/ * License : BSD Programming Lang: C Description : Tools for capturing memory dumps on x86

Bug#495422: ITP: biosmemimage -- Tools for capturing memory dumps on x86 and x86-64 systems

owner 495422 Debian Forensics [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494043: ITP: ozymandns -- An experimental DNS server and miscellaneous DNS tools

Package: wnpp Severity: wishlist Owner: Jacob Appelbaum [EMAIL PROTECTED] * Package name: ozymandns Version : 0.0.1 Upstream Author : Dan Kaminsky [EMAIL PROTECTED] * URL : http://www.doxpara.com/ozymandns_src_0.1.tgz * License : (Currently consulting

Bug#459492: libgmp3-dev is missing any sort of useful manpage

Package: libgmp3-dev Version: 2:4.2.1+dfsg-4 Severity: normal It would be quite useful if this package or its corresponding 'libgmp3-doc' package included even a single simple man page. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture:

Bug#319081: mono: Seriously out of date build full of problems unusable

Package: mono Version: 1.1.6-4 Severity: normal This version of mono has fundamental garbage collection bugs that have since been fixed. I highly recommend upgrading to at least mono 1.1.7, which is what wikipedia has deployed. 1.1.8.2 would be even better, of course. Please upgrade this ASAP

Bug#274603: dcraw: Support for Canon 20d is currently broken

Package: dcraw Version: 5.88-1 Followup-For: Bug #274603 The current version of dcraw in debian testing segfaults on a raw canon 20d .cr2 file: dcraw -v img_8727.cr2 Loading Canon EOS 20D image from img_8727.cr2... Scaling with black=0, pre_mul[] = 1.00 1.00 1.00 VNG