e
wrong command.
Any thoughts?
Maybe I should ask the MIT kerberos maintainer for opinions here also.
--
Brian May @ Debian
+deb11u1) oldstable; urgency=medium
+
+ * CVE-2024-28054: Handle multiple boundary parameters that contain
+conflicting values.
+
+ -- Brian May Sun, 31 Mar 2024 18:16:32 +1100
+
amavisd-new (1:2.11.1-5) unstable; urgency=medium
* Add missing dependency on libnet-snmp-perl. Closes
:2.13.0-3+deb12u1) stable; urgency=medium
+
+ * Fix race condition in postinst. Closes: #1064349.
+ * CVE-2024-28054: Handle multiple boundary parameters that contain
+conflicting values.
+
+ -- Brian May Fri, 01 Mar 2024 09:56:51 +1100
+
amavisd-new (1:2.13.0-3) unstable; urgency=medium
en't checked it on Debian 11 but we use amavis on Debian 10
> sysvinit.
If all goes to plan, I am about to upload version 1:2.13.0-4 which I
think should fix this problem.
It seems to work OK for me, but would appreciate it if you can test it
and confirm it works for you.
If it fails, please reopen the bug report.
--
Brian May @ Debian
ave conflicting opinions here. But if we
wanted to get rid of them, now would probably be a really good time.
--
Brian May @ Debian
override stuff.
But if that is the case, I would have thought it would fail with systemd
also.
Just my random thoughts, I don't have time to look at this right now.
--
Brian May @ Debian
ound correct?
Although maybe this does not matter, I see that there is already a
serious bug against openafs anyway since
August... https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043131
--
Brian May @ Debian
Samuel Thibault writes:
> I checked all *_amd64.so packages, apparently libafsauthent2 is using
> rk_strlcpy and rk_strlcat from libroken, so a Breaks transition is
> needed for that.
Whaat is the process for a breaks transition?
--
Brian May @ Debian
Johannes Schauer Marin Rodrigues writes:
> thank you! Would you like me to take care of filing the unblock request with
> release.debian.org or would you like to take care of that yourself?
Can you please do this?
Thanks
--
Brian May @ Debian
Salvatore Bonaccorso writes:
> Version: 7.8.git20221117.28daf24+dfsg-1.1
Are you sure this applies to the unstable version?
I can only find one out of two chunks in the patch. Maybe it was already
fixed in the stable branch which we use for unstable?
--
Brian May @ Debian
ent. If somebody wants to
contribute a tested merge request to
https://salsa.debian.org/debian/heimdal to do this, that would be
appreciated :-)
--
Brian May
\
--with-libedit=/usr \
--enable-kcm \
--with-hdbdir=/var/lib/heimdal-kdc \
--without-openssl \
--without-krb4
--
Brian May
Helmut Grohne writes:
> Is there a significant advantage over "apt-get build-dep -y ./"?
I wasn't aware that apt-get build-dep could now use a local source
directory. Thanks, will try that,
--
Brian May
ovides it. It comes from heimdal itself and is added by
> my patch. So you first need to perform a native build and then once that
> native build is accessible, you can perform a cross build.
Hmmm. Not entirely convinced here. If you look at the messages, it is
clearly trying to locate a package called "" in addition to the
correct package name.
--
Brian May
locate package
Is "heimdal-multidev-bin ," correct syntax? If so, maybe
apt-get-build-depends doesn't support it.
--
Brian May
d to believe this is an openldap issue.
--
Brian May
If you don't agree with me, then assign this bug back to sshuttle and I
will deal with it. In fact latest upstream sshuttle removes
setuptools-scm support anyway.
--
Brian May
On Sat, Aug 06, 2022 at 03:57:47PM +0200, julien.pu...@gmail.com wrote:
> reassign 1015044 sshutle 1.0.1-1
errr, typo here in the package name.
--
Brian May
68638, where it was found that we had to use
/var/lib/heimdal-kdc/heimdal.mkey not /var/lib/heimdal-kdc/m-key
I am guessing that the default must have changed somewhere.
--
Brian May
heimdal-1.2.dfsg.1/lib/hdb/hdb-ldap.c.
>
> Its now calculated dynamically. sambaPwdLastSet + sambaMaxPwdAge
This was forwarded upstream, but probably lost many years ago.
Do we need to open a new upstream bug report?
--
Brian May
On Sat, Jul 03, 2010 at 01:23:36PM +0200, Per Olofsson wrote:
> This bug still exists in the latest version.
Over 10 years later, is this still an issue?
If so we need to create a new upstream report.
If not we need to close this bug report.
--
Brian May
ached dif (which is probably totally wrong and shouldn't be
> applied anywhere outside of a test instance) to Heimdal 1.5 makes the
> kdc work again with no error.
Over 10 years later, anyone know if this is still an issue?
If no response, will assume fixed and close this bug report.
Otherwise we should open a new upstream bug report.
--
Brian May
er I
have tagged this "wontfix".
--
Brian May
ase. Even if there has not been any
stable releases in years.
And I think cherry-picking a change from the git branch isn't any better
either. Maybe worse, we won't automatically get bug fixes for the change
we cherry-picked.
--
Brian May
On Mon, Aug 15, 2022 at 11:32:45AM +1000, Brian May wrote:
> Actaully, I am confused, how come this list here is different from the
> list in #1016884?
Sorry, too much multi-tasking here..
That does show the exact same symbol rk_closefrom was removed.
This is a duplicate bug.
--
Brian May
: override_dh_makeshlibs] Error 25
Actaully, I am confused, how come this list here is different from the
list in #1016884?
--
Brian May
I think this is a duplicate of #1016884.
--
Brian May
4.0+git20110226
> +#MISSING: 7.7.0+dfsg-4+b1# rk_closefrom@HEIMDAL_ROKEN_1.0 1.4.0+git20110226
What would be considered an acceptable solution here?
Presumably I can't just delete the symbol, that might break stuff.
Also see https://github.com/heimdal/heimdal/issues/1006
--
Brian May
p/version.py 2022-07-26 07:58:22.490171539 +1000
@@ -1,5 +1,5 @@
# coding: utf-8
# file generated by setuptools_scm
# don't change, don't track in version control
-version = '1.1.0'
-version_tuple = (1, 1, 0)
+__version__ = version = '1.1.0'
+__version_tuple__ = version_tuple = (1, 1, 0)
--
Brian May
e
> can keep up with the solution of this issue.
I think this was fixed when the following was merged:
https://github.com/sshuttle/sshuttle/pull/712
But there hasn't been a release since. I guess this needs to be
rectified.
--
Brian May
umped SONAME [1].
Are you sure about that?
I have not seen any soname change in any version of Heimdal that has
been released, and no reference to a change until version 8.0, which has
not been released.
https://github.com/heimdal/heimdal/issues/279
--
Brian May
Brian May writes:
> * Patch breaks compilation on latest Heimdal release:
https://github.com/heimdal/heimdal/issues/849
Upstream solution is use the git version :-(
--
Brian May
[debian/rules:38: override_dh_auto_configure] Error 2
Anyway, just my status for now. Help appreciated :-)
--
Brian May
Bastien ROUCARIES writes:
> Whitout source image it is hard to say...
>
> Please join source images
What is the preferred way to supply you copies of the image?
I don't think I can send large files to the BTS (unless I am mistaken).
--
Brian May
04, sw, mtu 1500
Which is why this service wasn't starting.
Once I shutdown the "Wired Connection 1" the "br0" could come up and
this service started working.
network-manager really needs to be a bit more transparent when things go
wrong. Such as printing a message "Waiting for
Package: network-manager
Version: 1.30.0-2
Severity: important
File: NetworkManager-wait-online.service
$ systemctl status NetworkManager-wait-online.service
● NetworkManager-wait-online.service - Network Manager Wait Online
Loaded: loaded
Package: imagemagick-6.q16
Version: 8:6.9.11.60+dfsg-1.3
Severity: important
File: /usr/bin/mogrify-im6.q16
$ mogrify -verbose -write /dev/null
/home/brian/photos/images/orig/1990/04/01/flood001.tif
/home/brian/photos/images/orig/1990/04/01/flood001.tif TIFF 6639x3984
6639x3984+0+0 8-bit
Package: imagemagick-6.q16
Version: 8:6.9.11.60+dfsg-1.3
Severity: important
File: /usr/bin/mogrify-im6.q16
$ /usr/bin/mogrify-im6.q16 -verbose -write /dev/null
/home/brian/photos/images/orig/2005/03/19/IMG_4706.CR2
'ufraw-batch' --silent --create-id=also --out-type=png --out-depth=16
Package: ftp.debian.org
Severity: important
Similar to #974877 in fact:
=== cut ===
packer_0.10.2+dfsg-6+deb9u1_amd64.deb: Built-Using refers to non-existing
source package golang-fsnotify (= 1.4.2-1)
===
Please feel free to respond to this email if you don't understand why
rejected, or if you upload new files which address our
concerns.
=== cut ===
As instructed I responded to the email:
=== cut ===
Brian May (Tue. 16:52) (lts watch)
Subject: Re: rclone_1.35-1+deb8u1_amd64.changes REJECTED
To: Debian FTP Masters ,
d...@security.debian.org
cripts/-/commit/4164cdce33b5d668b0ae3435eaa7028c4d172590
Thanks!
--
Brian May
Mattia Rizzolo writes:
> You should be able to do that with -D already.
For the record, that only helps set the distribution field. The
automatically generated version number is still wrong (+deb8u1 instead
of +deb9u1).
--
Brian May
Package: devscripts
Version: 2.20.4
Severity: normal
File: /usr/bin/debchange
dch --lts hardcodes Jessie. But Jessie is no longer correct, Stretch is
the current lts distribution
It would be good if it was possible to override the default somehow.
e.g. via another command line argument.
===
will keep a note of it for future.
--
Brian May
Package: kdenlive
Version: 20.08.2-1
Severity: grave
Justification: renders package unusable
If I try to start kdenlive on a new system that has never run kdenlive
before, it aborts with an error.
$ kdenlive
Using modified system locale without group separator for numbers
NEW LC_ALL en_AU.UTF-8
Dmitry Shachnev writes:
> I would be happy to update the packaging to the latest upstream
> release (1.1) and upload it, if the maintainer (Brian) wants so.
That is good with me.
Thanks.
--
Brian May
Charles Goyard writes:
> Please find attached a patch that updates the documentation with this
> respect.
Thanks. Now uploaded new version.
--
Brian May
- is adding the clamav user to the amavis group enough?
> - should the amavis group should be made primary to clamav as of now?
> - or any other correct configuration path?
Patches welcome to fix this. I believe (but 100% certain) that you
follow the instructions as is, but skip the AllowSupplementaryGroups
which isn't required anymore.
--
Brian May
ugs.debian.org/954300 - this also includes a reference to
the upstream fix which will fix the breakage and expose the security
issue here.
Regardless, I created an upstream bug, see:
https://github.com/keplerproject/cgilua/issues/17
--
Brian May
severity 954300 important
thanks
On Fri, Mar 20, 2020 at 07:54:45AM +1100, Brian May wrote:
> As far as I can tell - please do say if I am wrong - this package is
> completely useless with LUA5.1, as packaged.
I was forgetting that lua-cgi is more then just the session mana
Package: lua-cgi
Version: 5.2~alpha2-1
Severity: serious
Justification: renders package useless
As far as I can tell - please do say if I am wrong - this package is
completely useless with LUA5.1, as packaged.
When run with the following code:
=== cut ===
session = require("cgilua.session")
s is not going to help here, this is a known issue.
Regards
--
Brian May
ty hardening settings you
said I should not include. So wonder if I should drop these.
--
Brian May
commit 2d8c8fec1ed103caafb9925658788e308420cbcf
Author: Brian May
Date: Tue Feb 4 08:04:01 2020 +1100
Add systemd service files.
Closes: #738548.
diff --git a/debian/amavisd-new.amavi
Andreas Henriksson writes:
> The best would be if upstream could provide a set of recommended
> service files (including security hardening settings).
For the record, this has been raised before:
https://groups.google.com/forum/#!msg/mailing.unix.amavis-user/gX_e87BOJfk/UxueACiuCQAJ
--
oks like it could be non-trivial to fix.
--
Brian May
e,
lintian complains with the following errors:
E: amavisd-new: omitted-systemd-service-for-init.d-script amavis-mc
E: amavisd-new: omitted-systemd-service-for-init.d-script amavisd-snmp-subagent
Maybe we need some sort of disabled by default systemd file for these
services too?
--
Brian May
Holger Levsen writes:
> awesome, merged, thank you! Do you think we can close this bug now?
Fine with me...
--
Brian May
Brian May writes:
> Is it OK if we simply delete this line?
Done by https://salsa.debian.org/webmaster-team/webwml/merge_requests/298
--
Brian May
Brian May writes:
> When I just tested it I found that the index contains entries for both
> files, however the DSA--2 entry is incorrectly titled as DSA- instead
> of DSA--2.
Actually it looks like this was deliberate.
The file template/debian/recent_list_securit
SA--2 entry is incorrectly titled as DSA- instead
of DSA-nnnn-2.
--
Brian May
Mark Hindley writes:
> Since this upload was an LTS NMU, I should have copied you in.
Thanks for the report. It looks like the fix for CVE-2019-10871 might be
broken, and I might have to revert this change.
--
Brian May
Brian May writes:
> If it is not needed anymore, and nobody has the time to maintain it,
> might be best to remove it.
Removal request sent, see Bug#940923.
--
Brian May
Package: ftp.debian.org
Severity: normal
This package is no longer required, and has no interest.
See #916614.
7?
Oops. I looked at it, then forgot to finish.
See https://salsa.debian.org/webmaster-team/webwml/merge_requests/222
Not sure why you referenced dla-377 - is there something wrong with this
one?
--
Brian May
ing for DLA 145-2
I believe all of these have now been resolved.
--
Brian May
fix was reverted, which means in turn means that
CVE-2015-TEMP-1 was not fixed despite DLA 145-1 declaring otherwise,
however no point worrying about that now :-)
Where to from here? Should I invent an appropriate DLA-145-2 based on
the information above?
--
Brian May
n't run that command myself.
Thanks
--
Brian May
2 unless we reverted package to Django
1.11.x.
--
Brian May
Hilmar Preuße writes:
> Are you still interested in having this issue solved? If yes I'd find
> out, where the bug is located (I guess xmltex is correct as you found
> out) and then report @upstream.
I am no longer using docbook stuff in Debian.
Regards
--
Brian May
https://linuxpen
.
+Closes: #929064.
+ * Update test certificates to pre 2038 expiry. Closes: #923930.
+
+ -- Brian May Tue, 21 May 2019 18:04:35 +1000
+
+heimdal (7.5.0+dfsg-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload
+ * Add patch to create headers before building (Closes: 906623)
+
+ -- Hilko
so that they expire before the 2038 armageddon so the
> test suite will pass on 32-bit operating systems until the underlying
> issues can be resolved.
>
Thanks for this.
--
Brian May
Brian May writes:
> This implies it should be possible for ap application to request 64 bit
> time_t, but not sure how.
I see proposals to setting _TIME_BITS=64 from 2015, however I don't
actually see any reference to this being implemented yet.
https://lwn.net/Articles/664800/
--
Brian May
Brian May writes:
> My vague understanding is that this might already be possible by
> defining __USE_TIME_BITS64.
I may not have got this exactly right:
/*
* The event structure itself
* Note that __USE_TIME_BITS64 is defined by libc based on
* application's request to use 64 bit
t already be possible by
defining __USE_TIME_BITS64.
Having problems trying to verify this right now however.
--
Brian May
b.com/quanah/heimdal/commit/e3cd069e5c40b455541508b81ffeb0563e882aed
--
Brian May
check-tester \
check-uu
TESTS = $(SCRIPT_TESTS)
=== cut ===
--
Brian May
n I
> can try to cook up the required patch.
I would appreciate any fix that will fix this for both 32bit and 64bit
- preferably as simple as possible, so I can get the recent security
fixes into buster.
(also please do CC me in BTS emails)
Thanks!
--
Brian May
Salvatore Bonaccorso writes:
> Ah right, this is #923930?
Yes, looks like it. I didn't get the recent emails, thanks for the
reference. I have now followed up there.
--
Brian May
ild] Error 2
dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2
Build finished at 2019-05-21T08:56:44Z
=== cut ===
--
Brian May
;
+ kdc_log(context, config, 0, "Reject PA-S4U2Self with unkeyed
checksum");
+ ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
+ goto out;
+ }
+
ret = _krb5_s4u2self_to_checksumdata(context, , );
if (ret)
goto out;
--
Brian May
.wml file missing for DLA 0005-1
> ERROR: .data or .wml file missing for DLA 0004-1
> ERROR: .data or .wml file missing for DLA 0003-1
> ERROR: .data or .wml file missing for DLA 0002-1
> ERROR: .data or .wml file missing for DLA 0001-1
These are fixed.
--
Brian May
On 2019-04-10 09:32, MK wrote:
Any chance of having this pushed into debian-release for buster via an unblock request?
This seems important to anyone running a mail server with amavis in buster.
I believe it was unblocked already:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926580
It
Tobias Frost writes:
> I've prepared an NMU for amavisd-new (versioned as 1:2.11.0-6.1) and
> uploaded it to DELAYED/10. Please feel free to tell me if I
> should delay it longer.
Thanks. This looks good to me. Feel free to upload immediately without
the delay if you want.
--
Brian May
Package: python-rdflib-tools
Version: 4.2.2-2
Severity: normal
(sid-amd64-default)root@silverfish:/home/brian# csv2rdf
Traceback (most recent call last):
File "/usr/bin/csv2rdf", line 6, in
from pkg_resources import load_entry_point
ModuleNotFoundError: No module named 'pkg_resources'
I
ment
from upstream. The problem has been fixed in the latest RC version of
celery.
I have a suspicion that the stable version of celery will work fine with
billiard 3.6.0.0, but not tested it.
--
Brian May
l for a Perl program - I am
guessing I would need to point to the Perl interpreter, so probably
should use --user too.
--
Brian May
n't know how to fix #921016.
--
Brian May
> I don't know whether this is an issue from amavisd-new or dpkg
> (start-stop-daemon) but feel free to assign it properly.
Bug #921557 is relevant here.
--
Brian May
rt.
I thought I had fixed the problem when I applied the patch in #913548
because there is no mention in that bug report that the patch is not
sufficient.
I really do not have any time to waste on such matters.
Regards
--
Brian May
Pierre-Elliott Bécue writes:
> Brian, do you have an issue with me releasing this upstream version?
No objections.
Thanks!
--
Brian May
ive me the ability to symlink the JS/CSS/fonts files to
> the packaged versions (the custom theme uses Bootstrap 2 which is removed
> from Debian, the default theme uses Bootstrap 3 and will use Bootstrap 4
> in the next release).
All this seems fine with me.
Thanks!
--
Brian May
e time to maintain it,
might be best to remove it.
--
Brian May
be sure I was looking at the right
file...
--
Brian May
roduce this.
--
Brian May
Simon Désaulniers writes:
> Noted. May be that would be worth to formulate as a question to xss-lock's
> upstream too?
Maybe. However it is probably not a bug in xss-lock... How would you
phrase such a question?
--
Brian May
ngcolor=ff3e \
--linecolor=ff00 --keyhlcolor=0080 --ringvercolor= \
--
Brian May
Package: i3lock-fancy
Version: 0.0~git20160228.0.0fcb933-2
Severity: wishlist
Version in Debian unstable is very old, please consider updating to at
least version 0.2, the latest release.
Actually I am somewhat confused, the Debian package seems to contain
functionality to support multiple
ge: error: debian/rules build-indep subprocess returned exit
> status 2
>
I simply cannot reproduce this error.
Are you sure you didn't accidentally delete the supplied
./lib/hcrypto/engine.h file?
Regards
--
Brian May
Sam Hartman writes:
> No problem.
> I'll lookinto it and see what's involved both on the Heimdal and MIT
> side.
Thanks.
--
Brian May
uld you feel about turning this on in the
> krb5.conf shipped by krb5-config?
The concept sounds fine to me. I may be restricted in how much time I
can spend on such a project however.
--
Brian May
1 - 100 of 1211 matches
Mail list logo
