Bug#1068297: bpfcc-tools: Security issue of Debian patch: code execution via environment variable

2024-04-03 Thread ValdikSS 

Package: bpfcc-tools
Version: 0.26.0+ds-1
Severity: normal
Tags: security
X-Debbugs-Cc: i...@valdikss.org.ru

Dear Maintainer,

Last year there was a Debian fix for the upstream issue of bpfcc package
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028479

The patch was created by Debian maintainer of the package, and is as follows
(0001-Cleanup-existing-temporary-kernel-headers-path.patch):

--- a/src/cc/frontends/clang/kbuild_helper.cc
+++ b/src/cc/frontends/clang/kbuild_helper.cc
@@ -215,7 +215,8 @@
   dirpath = std::string(dirpath_tmp);

   if (file_exists(dirpath_tmp))
-return 0;
+snprintf(dirpath_tmp, 256, "Cleaning up already existing path %s",
dirpath_tmp);
+system(("rm -rf " + std::string(dirpath_tmp)).c_str());

   // First time so extract it
   return extract_kheaders(dirpath, uname_data);


dirpath_tmp is getenv("TMPDIR") here, obvious code execution. Note that
there's no brackets, so the system code with TMPDIR env is executed
unconditionally.

The exploitation is as simple as that:

TMPDIR=';id;' tcpconnect-bfpcc



-- System Information:
Debian Release: 12.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable')

Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-18-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE 
not set

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages bpfcc-tools depends on:
ii  python3  3.11.2-1+b1
ii  python3-bpfcc0.26.0+ds-1
ii  python3-netaddr  0.8.0-2

bpfcc-tools recommends no packages.

bpfcc-tools suggests no packages.

-- no debconf information


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1039934: Acknowledgement (gcc-12: __builtin_cpu_supports does not detect SSE2 on VIA CPU, patch available)

2023-07-10 Thread ValdikSS 

Can confirm that the gcc (4:12.3.0-1) from testing works correctly.
Thanks!


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1029792: Info received (Bug#1029792: sse2-support: SSE2 support not detected on VIA Eden Eshter)

2023-07-10 Thread ValdikSS 

gcc has been updated with the fix for this issue
gcc (4:12.3.0-1) from testing already includes it.


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1039934: gcc-12: __builtin_cpu_supports does not detect SSE2 on VIA CPU, patch available

2023-06-29 Thread ValdikSS 

Package: gcc-12
Version: 12.2.0-14
Severity: normal
X-Debbugs-Cc: i...@valdikss.org.ru

Dear Maintainer,

GCC function __builtin_cpu_supports, which is used by Debian's isa-support
package to detect various CPU features, such as SSE2 support, in the current
GCC version fails to detect SSE2 support on VIA C7 CPUs, which prevent
installing software which require SSE2 support on such machines.

This has been fixed upstream with the patch to GCC 12:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100758#c25

Kindly asking to apply the patch and rebuild isa-support package.

Bugreport for sse2-support package:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029792

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 6.1.0-9-686-pae (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gcc-12 depends on:
ii  binutils   2.40-2
ii  cpp-12 12.2.0-14
ii  gcc-12-base12.2.0-14
ii  libc6  2.36-9
ii  libcc1-0   12.2.0-14
ii  libgcc-12-dev  12.2.0-14
ii  libgcc-s1  12.2.0-14
ii  libgmp10   2:6.2.1+dfsg1-1.1
ii  libisl23   0.25-1
ii  libmpc31.3.1-1
ii  libmpfr6   4.2.0-1
ii  libstdc++6 12.2.0-14
ii  libzstd1   1.5.4+dfsg2-5
ii  zlib1g 1:1.2.13.dfsg-1

Versions of packages gcc-12 recommends:
ii  libc6-dev  2.36-9

Versions of packages gcc-12 suggests:
pn  gcc-12-doc   
pn  gcc-12-locales   
pn  gcc-12-multilib  

-- no debconf information


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1029792: sse2-support: SSE2 support not detected on VIA Eden Eshter

2023-06-29 Thread ValdikSS 

Still the issue as of Debian 12.


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1029792: Acknowledgement (sse2-support: SSE2 support not detected on VIA Eden Eshter)

2023-03-19 Thread ValdikSS 

GCC has fixed __builtin_cpu_supports() function.

Please merge the following patch: 
https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=454bf9f4d55058589ac6a76261356cbda599e831


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1029792: sse2-support: SSE2 support not detected on VIA Eden Eshter

2023-01-27 Thread ValdikSS 

Package: sse2-support
Version: 15
Severity: normal
X-Debbugs-Cc: i...@valdikss.org.ru

Dear Maintainer,

sse2-support package fails to detect SSE2 on VIA Eden Eshter CPU, which 
leads to inability to install task-lxqt-desktop on WYSE C10LE machine.

The installation used to work fine on Debian 11, as far as I remember.

This seem to be a known bug of __builtin_cpu_supports() function which 
was closed as WONTFIX in gcc bug tracker.


https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100758

gcc developer Martin Liška proposed using cpuid bit detection method to 
the author. Apparently, __builtin_cpu_supports() is unreliable.



$ cat /proc/cpuinfo | grep flags
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge 
cmov pat clflush acpi mmx fxsr sse sse2 tm nx cpuid pni est tm2 xtpr rng 
rng_en ace ace_en ace2 ace2_en phe phe_en pmm pmm_en


$ /usr/libexec/i386-linux-gnu/isa-support/test-SSE2
$ echo $?
1

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 6.1.0-1-686-pae (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sse2-support depends on:
ii  isa-support  15

sse2-support recommends no packages.

sse2-support suggests no packages.


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1029259: openssl: AES-192 and 256 encryption broken with VIA Padlock, upstream patch

2023-01-20 Thread ValdikSS 

Package: openssl
Version: 1.1.1n-0+deb11u3
Severity: normal
X-Debbugs-Cc: i...@valdikss.org.ru

Dear Maintainer,

VIA Padlock engine is not encrypting or decrypting properly on VIA 
hardware, due to a bug.

Please apply the following upstream patch to OpenSSL:

https://github.com/openssl/openssl/commit/2bcf8e69bd92e33d84c48e7d108d3d46b22f8a6d.patch

-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable')

Architecture: i386 (i686)

Kernel: Linux 5.10.0-20-686-pae (SMP w/1 CPU thread)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssl depends on:
ii  libc6  2.31-13+deb11u5
ii  libssl1.1  1.1.1n-0+deb11u3

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates  20210119

-- Configuration Files:
/etc/ssl/openssl.cnf changed [not included]

-- no debconf information


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1028898: openssl: Regression, SIGSEGV when using engines

2023-01-14 Thread ValdikSS 

Package: openssl
Version: 3.0.7-1
Severity: important
Tags: patch
X-Debbugs-Cc: i...@valdikss.org.ru

Dear Maintainer,

OpenSSL 3.0.7-1 shipped in current Testing has a bug which causes SIGSEGV
in different applications if OpenSSL if configured to use engines.
People on OpenSSL bug tracker reported issues with devcrypto engine,
which causes SSHd crashes and inability to connect,
and for me it crashes when using VIA Padlock engine.

Upstream fix available, applies cleanly to 3.0.7, tested by me:
https://github.com/openssl/openssl/commit/d0f8056c47f7aea40a34815fe459404f14501e81.patch

Other bug reports:
https://github.com/openssl/openssl/issues/17995
https://github.com/openssl/openssl/issues/18578


-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 6.0.0-6-686-pae (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssl depends on:
ii  libc62.36-7
ii  libssl3  3.0.7-1

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates  20211016


OpenPGP_signature
Description: OpenPGP digital signature

Bug#992187: Report invalid

2021-08-15 Thread ValdikSS 
Sorry, this bug report is invalid. I didn't know that this is an 
intended debian-installer behavior and is present on all versions.

Bug#992187: debian-installer: Debian 11.0.0 ISO downloads packages from network (internet) even when no network mirror selected

2021-08-15 Thread ValdikSS 

Package: debian-installer
Severity: normal
Tags: d-i

Dear Maintainer,

Debian 11.0.0 ISO file (debian-11.0.0-amd64-DVD-1.iso) silently 
downloads package index and updated .deb files from debian-security 
repository upon installation, even when no network mirror option was chosen.


I believe this is a mistake due to recent distro/updates -> 
distro-security security repository naming transaction.


HOW TO REPRODUCE:

1. Install Debian 11.0.0 from DVD ISO file on the computer with the
   internet connection
2. Choose "do not use internet mirror" option
3. Check internet usage upon installation

ACTUAL RESULT:
Wireshark shows bullseye-security repository index update and
perl .deb packets download (perl-base, perl-modules etc).

EXPECTED RESULT:
Internet is not used when "do not use internet mirror" option is 
chosen.


-- System Information:
Debian Release: 11.0
  APT prefers stable-security
  APT policy: (500, 'stable-security')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#984791: eatmydata-udeb: udeb included in Debian ISO, but eatmydata and libeatmydata1 are not

2021-03-12 Thread ValdikSS 

Indeed, I should have provide more context.

Debian Buster installation from DVD1 ISO file takes enormous amount of 
time in a VM without write cache and on bare metal with older (a bit 
wore out) HDDs due to excessive fsync() calls.
For example, installation from debian-10.6.0-amd64-DVD-1.iso in a VM 
without internet access took 1 hour, 44 minutes, 30 seconds. On a bare 
metal: more than 40 minutes (I was too impatient, didn't wait it to 
finish and powered off the machine).


I found out that eatmydata-udeb is included into ISO images (in both CD 
and DVD), but can't be used because eatmydata and libeatmydata1 packages 
are missing. Enabling eatmydata-udeb does not have any effect in this case.


The issues with eatmydata-udeb in my opinion are:

1. eatmydata-udeb should be enabled by default, to speed up the
   installation process. It should not require to be enabled from
   preseed file or bootloader cmdline. It's pointless to use fsync() in
   installation process, the user won't attempt to fix partially
   installed system due to power loss, it only slows it down.
2. eatmydata and libeatmydata1 packages should present in ISO images
   (/pool directory) to make eatmydata-udeb possible to use without the
   internet (you say it downloads the packages when internet is
   connected, I'm not sure it works though).
3. eatmydata-udeb should also inject libeatmydata to the base system
   installation process, which is performed by debootstrap. Base system
   installation is also quite slow, not as slow as the main system due
   to much less package count, but still takes much more time than it
   should.


I've prepared an automatic patcher script which could be found here: 
https://bitbucket.org/ValdikSS/debian-iso-fastinstall/
It adds eatmydata and libeatmydata1 packages into ISO image, patches 
debootstrap to use libeatmydata, and activates eatmydata-udeb (patches 
boot cmdline).


With this script, patched debian-10.6.0-amd64-DVD-1.iso ISO file which 
previously took 1 hour, 44 minutes, 30 seconds to install, now installs 
in 10 minutes 37 seconds.
Patched netinstall image, when run without the internet access, installs 
the whole mini distro with base utilities in less than 3 minutes.


If #2 (packages in iso image) it not an eatmydata-udeb packaging 
concern, please tell for which package I should create a bug, it's not 
clear for me.





OpenPGP_signature
Description: OpenPGP digital signature

Bug#984794: calamares: use eatmydata to speed up last installation step (60remove-live-packages)

2021-03-08 Thread ValdikSS 

Package: calamares
Version: 3.2.36-1
Severity: wishlist

Dear Maintainer,

Upon installation of Debian 10.8.0 using live ISO with Calamares, the 
step of live packages removal from target file system may take up to 30 
minutes on old HDD due to excessive fsync()'s caused by dpkg.

With eatmydata package used, this step takes 3-5 minutes.

Please consider using eatmydata for apt operations on calamares.

-- System Information:
Debian Release: 10.8
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-14-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages calamares depends on:
pn kio 
pn kpackagetool5 
ii libatasmart4 0.19-5
ii libblkid1 2.33.1-0.1
ii libboost-python1.67.0 1.67.0-13+deb10u1
ii libc6 2.28-10
ii libgcc1 1:8.3.0-6
pn libkf5auth5 
pn libkf5codecs5 
pn libkf5completion5 
pn libkf5configcore5 
pn libkf5configgui5 
pn libkf5configwidgets5 
pn libkf5coreaddons5 
pn libkf5i18n5 
pn libkf5jobwidgets5 
pn libkf5kiocore5 
pn libkf5kiowidgets5 
pn libkf5package5 
pn libkf5parts5 
pn libkf5plasma5 
pn libkf5service-bin 
pn libkf5service5 
pn libkf5sonnetui5 
pn libkf5textwidgets5 
pn libkf5widgetsaddons5 
pn libkf5xmlgui5 
pn libkpmcore7 
ii libparted2 3.2-25
ii libpwquality1 1.4.0-3
ii libpython3.7 3.7.3-2+deb10u2
pn libqt5concurrent5 
ii libqt5core5a 5.11.3+dfsg1-1+deb10u4
ii libqt5dbus5 5.11.3+dfsg1-1+deb10u4
ii libqt5gui5 5.11.3+dfsg1-1+deb10u4
ii libqt5network5 5.11.3+dfsg1-1+deb10u4
ii libqt5qml5 5.11.3-4
ii libqt5quick5 5.11.3-4
pn libqt5quickwidgets5 
ii libqt5svg5 5.11.3-2
ii libqt5webkit5 5.212.0~alpha2-21
ii libqt5widgets5 5.11.3+dfsg1-1+deb10u4
ii libqt5xml5 5.11.3+dfsg1-1+deb10u4
ii libstdc++6 8.3.0-6
pn libyaml-cpp0.6 
ii os-prober 1.77

Versions of packages calamares recommends:
ii btrfs-progs 4.20.1-2
pn squashfs-tools 

calamares suggests no packages.




OpenPGP_signature
Description: OpenPGP digital signature

Bug#984792: eatmydata-udeb: finish-install.d/13eatmydata-udeb executes earlier than 60remove-live-packages on live ISO

2021-03-08 Thread ValdikSS 

Package: eatmydata-udeb
Version: 105-7
Severity: normal
Tags: d-i

Dear Maintainer,

/usr/lib/finish-install.d/60remove-live-packages file is executed after 
disablng eatmydata-udeb on live iso file, which slows down live packages 
removing process dramatically.
Consider increasing execution order of eatmydata-udeb script. 61 or 62 
would fix the issue.


-- System Information:
Debian Release: 10.8
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-14-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled




OpenPGP_signature
Description: OpenPGP digital signature

Bug#984791: eatmydata-udeb: udeb included in Debian ISO, but eatmydata and libeatmydata1 are not

2021-03-08 Thread ValdikSS 

Package: eatmydata-udeb
Version: 105-7
Severity: normal
Tags: d-i

Dear Maintainer,

eatmydata-udeb is included in Debian ISO files but can't be used as 
eatmydata and libeatmydata1 are missing in ISO pool on any ISO I've 
tested (CD/DVD, regular/live).
Without the library eatmydata-udeb does nothing. It also does not 
attempt to load the library over the internet.

Please include eatmydata package into installation ISO files.

I should mention that eatmydata-udeb by itself is not used by default 
and could be activated only with preseed file or kernel argument.



-- System Information:
Debian Release: 10.8
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-14-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled




OpenPGP_signature
Description: OpenPGP digital signature

Bug#700633: Debootstrap is very slow. Please use eatmydata to fix this.

2021-03-08 Thread ValdikSS 
Debootstrap is used in Debian ISO installer (debian-installer, d-i) for 
initial target rootfs bootstrapping. With sync enabled, this takes 
hundreds of minutes to unpack and configure base system on a HDD.


With eatmydata it takes about a minute.

What could be done to introduce eatmydata into debootstrap? Are propsed 
patches above (in message 50 and before) are not correct or not conform 
to Debian style or policy? If so, what should be improved?






OpenPGP_signature
Description: OpenPGP digital signature

Bug#932054: bug reply

2021-01-11 Thread ValdikSS 
rspamd default configuration file contains a set of RBL servers, links 
to different phishing/spamming feeds, public ASN lookup server, fuzzy 
hashes server, etc.


All the data is refreshed with regular intervals.

https://github.com/rspamd/rspamd/blob/master/conf/modules.d/rbl.conf
https://github.com/rspamd/rspamd/blob/master/conf/modules.d/phishing.conf
https://github.com/rspamd/rspamd/blob/master/conf/modules.d/asn.conf
https://github.com/rspamd/rspamd/blob/52a281c58f31ba48e1d365c1646321747be501ff/conf/modules.d/fuzzy_check.conf#L21





OpenPGP_signature
Description: OpenPGP digital signature

Bug#768496: (no subject)

2014-11-19 Thread ValdikSS 
When this will be pushed to testing?



signature.asc
Description: OpenPGP digital signature

Bug#768496: [Pkg-sysvinit-devel] Typo in invoke-rc.d

2014-11-08 Thread ValdikSS 
Yes, I can confirm, it works fine with this (commit 5eddf30) change.
Thank you for quick fix!



signature.asc
Description: OpenPGP digital signature

Bug#768496: [invoke-rc.d] Typo in initctl which breaks upstart

2014-11-07 Thread ValdikSS 
Package: sysv-rc
Version: 2.88dsf-57

The latest version has a very silly typo which breaks invoke-rc.d if
upstart is used.

Line 275: inictl should be initctl



signature.asc
Description: OpenPGP digital signature

Bug#762491: (no subject)

2014-10-02 Thread ValdikSS 
Can confirm, it's totally broken. No errors in error logs or whatsoever.



signature.asc
Description: OpenPGP digital signature

Bug#762491: (no subject)

2014-10-02 Thread ValdikSS 
No, sorry, this is nginx issue, for sure! Works fine with nginx 1.6.1.
Can somebody confirm? nginx 1.6.2 and php 5.6.0 works on one of my
server, but not on another 15 ones.



signature.asc
Description: OpenPGP digital signature

Bug#762491: (no subject)

2014-10-02 Thread ValdikSS 
http://www.linux-support.com/cms-xxx/ubuntu-developers-thomas-ward-nginx-changes-in-debian-causing-default-config-fastcgi-users-issues/



signature.asc
Description: OpenPGP digital signature

Bug#761072: (no subject)

2014-10-02 Thread ValdikSS 
Please change sites-available/default to fastcgi.conf



signature.asc
Description: OpenPGP digital signature

Bug#734041: (no subject)

2014-09-10 Thread ValdikSS 
If anyone is still interested, here is a fork of OpenVPN's easy-rsa v3
with ipsec support
https://github.com/ValdikSS/easy-rsa-ipsec



signature.asc
Description: OpenPGP digital signature

Bug#761066: Include build option --enable-vici and --enable-swanctl for new swanctl tool

2014-09-10 Thread ValdikSS 
Package: strongswan
Version: 5.2.0-2
Severity: wishlist

Dear maintainer,

swanctl is a new, portable command line utility to configure, control
and monitor the IKE daemon charon using the vici interface. It has been
introduced with strongSwan 5.2.0.

swanctl works independently from starter, ipsec.conf or the ipsec
script, and is a lightweight alternative available on all platforms.

It would be very useful to have this tool packaged.
Thanks.



signature.asc
Description: OpenPGP digital signature

Bug#760214: (no subject)

2014-09-09 Thread ValdikSS 
I can confirm this bug. This probably happened after networkmanager
update. It seems like networkmanager intercepts route too late.

Here are two workarounds:
1) add route-delay 1 to your openvpn configuration file.
2) use route-nopull and redirect-gateway (without def1).



signature.asc
Description: OpenPGP digital signature

Bug#760214: (no subject)

2014-09-09 Thread ValdikSS 
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=06703c1670d0f96834b268920b09792e22fdb4c4



signature.asc
Description: OpenPGP digital signature

Bug#739641: (no subject)

2014-09-07 Thread ValdikSS 
Sadly, it's not so easy as it seems to be
If you compile strongSwan with --enable-kernel-ipsec, kernel-ipsec would
be enabled by default, which is not what most of the package users expect.

Ubuntu maintainers are thinking of 2 ways of dealing with this issue:
1) Compile kernel-libipsec libraries and configuration files as separate
package
2) Change kernel-libipsec configuration to not enable it by default


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#741366: cadaver: Untrusted server certificate presented for `my.server.tld'

2014-03-11 Thread ValdikSS 
Package: cadaver
Version: 0.23.3-2
Severity: normal

Dear Maintainer,

When accessing an https DAV volume, I get the following message even
if the server cert got signed by a trusted CA (ie: provided by the
ca-certificates package).

WARNING: Untrusted server certificate presented for `my.server.tld':
[...]
Do you wish to accept the certificate? (y/n)

The bug #459453 is closed and marked as fixed, but it is not fixed for
me.

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages cadaver depends on:
ii  libc6 2.18-4
ii  libcomerr21.42.9-3
ii  libgcrypt11   1.5.3-3
ii  libgnutls26   2.12.23-13
ii  libgssapi-krb5-2  1.12+dfsg-2
ii  libk5crypto3  1.12+dfsg-2
ii  libkrb5-3 1.12+dfsg-2
ii  libncurses5   5.9+20140118-1
ii  libreadline6  6.2+dfsg-0.1
ii  libtinfo5 5.9+20140118-1
ii  libxml2   2.9.1+dfsg1-3

cadaver recommends no packages.

cadaver suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org