Bug#1068297: bpfcc-tools: Security issue of Debian patch: code execution via environment variable
Package: bpfcc-tools Version: 0.26.0+ds-1 Severity: normal Tags: security X-Debbugs-Cc: i...@valdikss.org.ru Dear Maintainer, Last year there was a Debian fix for the upstream issue of bpfcc package https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028479 The patch was created by Debian maintainer of the package, and is as follows (0001-Cleanup-existing-temporary-kernel-headers-path.patch): --- a/src/cc/frontends/clang/kbuild_helper.cc +++ b/src/cc/frontends/clang/kbuild_helper.cc @@ -215,7 +215,8 @@ dirpath = std::string(dirpath_tmp); if (file_exists(dirpath_tmp)) -return 0; +snprintf(dirpath_tmp, 256, "Cleaning up already existing path %s", dirpath_tmp); +system(("rm -rf " + std::string(dirpath_tmp)).c_str()); // First time so extract it return extract_kheaders(dirpath, uname_data); dirpath_tmp is getenv("TMPDIR") here, obvious code execution. Note that there's no brackets, so the system code with TMPDIR env is executed unconditionally. The exploitation is as simple as that: TMPDIR=';id;' tcpconnect-bfpcc -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-18-amd64 (SMP w/1 CPU thread; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages bpfcc-tools depends on: ii python3 3.11.2-1+b1 ii python3-bpfcc0.26.0+ds-1 ii python3-netaddr 0.8.0-2 bpfcc-tools recommends no packages. bpfcc-tools suggests no packages. -- no debconf information OpenPGP_signature.asc Description: OpenPGP digital signature
Bug#1039934: Acknowledgement (gcc-12: __builtin_cpu_supports does not detect SSE2 on VIA CPU, patch available)
Can confirm that the gcc (4:12.3.0-1) from testing works correctly. Thanks! OpenPGP_signature Description: OpenPGP digital signature
Bug#1029792: Info received (Bug#1029792: sse2-support: SSE2 support not detected on VIA Eden Eshter)
gcc has been updated with the fix for this issue gcc (4:12.3.0-1) from testing already includes it. OpenPGP_signature Description: OpenPGP digital signature
Bug#1039934: gcc-12: __builtin_cpu_supports does not detect SSE2 on VIA CPU, patch available
Package: gcc-12 Version: 12.2.0-14 Severity: normal X-Debbugs-Cc: i...@valdikss.org.ru Dear Maintainer, GCC function __builtin_cpu_supports, which is used by Debian's isa-support package to detect various CPU features, such as SSE2 support, in the current GCC version fails to detect SSE2 support on VIA C7 CPUs, which prevent installing software which require SSE2 support on such machines. This has been fixed upstream with the patch to GCC 12: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100758#c25 Kindly asking to apply the patch and rebuild isa-support package. Bugreport for sse2-support package: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029792 -- System Information: Debian Release: 12.0 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 6.1.0-9-686-pae (SMP w/1 CPU thread; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gcc-12 depends on: ii binutils 2.40-2 ii cpp-12 12.2.0-14 ii gcc-12-base12.2.0-14 ii libc6 2.36-9 ii libcc1-0 12.2.0-14 ii libgcc-12-dev 12.2.0-14 ii libgcc-s1 12.2.0-14 ii libgmp10 2:6.2.1+dfsg1-1.1 ii libisl23 0.25-1 ii libmpc31.3.1-1 ii libmpfr6 4.2.0-1 ii libstdc++6 12.2.0-14 ii libzstd1 1.5.4+dfsg2-5 ii zlib1g 1:1.2.13.dfsg-1 Versions of packages gcc-12 recommends: ii libc6-dev 2.36-9 Versions of packages gcc-12 suggests: pn gcc-12-doc pn gcc-12-locales pn gcc-12-multilib -- no debconf information OpenPGP_signature Description: OpenPGP digital signature
Bug#1029792: sse2-support: SSE2 support not detected on VIA Eden Eshter
Still the issue as of Debian 12. OpenPGP_signature Description: OpenPGP digital signature
Bug#1029792: Acknowledgement (sse2-support: SSE2 support not detected on VIA Eden Eshter)
GCC has fixed __builtin_cpu_supports() function. Please merge the following patch: https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=454bf9f4d55058589ac6a76261356cbda599e831 OpenPGP_signature Description: OpenPGP digital signature
Bug#1029792: sse2-support: SSE2 support not detected on VIA Eden Eshter
Package: sse2-support Version: 15 Severity: normal X-Debbugs-Cc: i...@valdikss.org.ru Dear Maintainer, sse2-support package fails to detect SSE2 on VIA Eden Eshter CPU, which leads to inability to install task-lxqt-desktop on WYSE C10LE machine. The installation used to work fine on Debian 11, as far as I remember. This seem to be a known bug of __builtin_cpu_supports() function which was closed as WONTFIX in gcc bug tracker. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100758 gcc developer Martin Liška proposed using cpuid bit detection method to the author. Apparently, __builtin_cpu_supports() is unreliable. $ cat /proc/cpuinfo | grep flags flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge cmov pat clflush acpi mmx fxsr sse sse2 tm nx cpuid pni est tm2 xtpr rng rng_en ace ace_en ace2 ace2_en phe phe_en pmm pmm_en $ /usr/libexec/i386-linux-gnu/isa-support/test-SSE2 $ echo $? 1 -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 6.1.0-1-686-pae (SMP w/1 CPU thread; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages sse2-support depends on: ii isa-support 15 sse2-support recommends no packages. sse2-support suggests no packages. OpenPGP_signature Description: OpenPGP digital signature
Bug#1029259: openssl: AES-192 and 256 encryption broken with VIA Padlock, upstream patch
Package: openssl Version: 1.1.1n-0+deb11u3 Severity: normal X-Debbugs-Cc: i...@valdikss.org.ru Dear Maintainer, VIA Padlock engine is not encrypting or decrypting properly on VIA hardware, due to a bug. Please apply the following upstream patch to OpenSSL: https://github.com/openssl/openssl/commit/2bcf8e69bd92e33d84c48e7d108d3d46b22f8a6d.patch -- System Information: Debian Release: 11.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 5.10.0-20-686-pae (SMP w/1 CPU thread) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openssl depends on: ii libc6 2.31-13+deb11u5 ii libssl1.1 1.1.1n-0+deb11u3 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20210119 -- Configuration Files: /etc/ssl/openssl.cnf changed [not included] -- no debconf information OpenPGP_signature Description: OpenPGP digital signature
Bug#1028898: openssl: Regression, SIGSEGV when using engines
Package: openssl Version: 3.0.7-1 Severity: important Tags: patch X-Debbugs-Cc: i...@valdikss.org.ru Dear Maintainer, OpenSSL 3.0.7-1 shipped in current Testing has a bug which causes SIGSEGV in different applications if OpenSSL if configured to use engines. People on OpenSSL bug tracker reported issues with devcrypto engine, which causes SSHd crashes and inability to connect, and for me it crashes when using VIA Padlock engine. Upstream fix available, applies cleanly to 3.0.7, tested by me: https://github.com/openssl/openssl/commit/d0f8056c47f7aea40a34815fe459404f14501e81.patch Other bug reports: https://github.com/openssl/openssl/issues/17995 https://github.com/openssl/openssl/issues/18578 -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 6.0.0-6-686-pae (SMP w/1 CPU thread; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openssl depends on: ii libc62.36-7 ii libssl3 3.0.7-1 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20211016 OpenPGP_signature Description: OpenPGP digital signature
Bug#992187: Report invalid
Sorry, this bug report is invalid. I didn't know that this is an intended debian-installer behavior and is present on all versions.
Bug#992187: debian-installer: Debian 11.0.0 ISO downloads packages from network (internet) even when no network mirror selected
Package: debian-installer Severity: normal Tags: d-i Dear Maintainer, Debian 11.0.0 ISO file (debian-11.0.0-amd64-DVD-1.iso) silently downloads package index and updated .deb files from debian-security repository upon installation, even when no network mirror option was chosen. I believe this is a mistake due to recent distro/updates -> distro-security security repository naming transaction. HOW TO REPRODUCE: 1. Install Debian 11.0.0 from DVD ISO file on the computer with the internet connection 2. Choose "do not use internet mirror" option 3. Check internet usage upon installation ACTUAL RESULT: Wireshark shows bullseye-security repository index update and perl .deb packets download (perl-base, perl-modules etc). EXPECTED RESULT: Internet is not used when "do not use internet mirror" option is chosen. -- System Information: Debian Release: 11.0 APT prefers stable-security APT policy: (500, 'stable-security') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-8-amd64 (SMP w/2 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#984791: eatmydata-udeb: udeb included in Debian ISO, but eatmydata and libeatmydata1 are not
Indeed, I should have provide more context. Debian Buster installation from DVD1 ISO file takes enormous amount of time in a VM without write cache and on bare metal with older (a bit wore out) HDDs due to excessive fsync() calls. For example, installation from debian-10.6.0-amd64-DVD-1.iso in a VM without internet access took 1 hour, 44 minutes, 30 seconds. On a bare metal: more than 40 minutes (I was too impatient, didn't wait it to finish and powered off the machine). I found out that eatmydata-udeb is included into ISO images (in both CD and DVD), but can't be used because eatmydata and libeatmydata1 packages are missing. Enabling eatmydata-udeb does not have any effect in this case. The issues with eatmydata-udeb in my opinion are: 1. eatmydata-udeb should be enabled by default, to speed up the installation process. It should not require to be enabled from preseed file or bootloader cmdline. It's pointless to use fsync() in installation process, the user won't attempt to fix partially installed system due to power loss, it only slows it down. 2. eatmydata and libeatmydata1 packages should present in ISO images (/pool directory) to make eatmydata-udeb possible to use without the internet (you say it downloads the packages when internet is connected, I'm not sure it works though). 3. eatmydata-udeb should also inject libeatmydata to the base system installation process, which is performed by debootstrap. Base system installation is also quite slow, not as slow as the main system due to much less package count, but still takes much more time than it should. I've prepared an automatic patcher script which could be found here: https://bitbucket.org/ValdikSS/debian-iso-fastinstall/ It adds eatmydata and libeatmydata1 packages into ISO image, patches debootstrap to use libeatmydata, and activates eatmydata-udeb (patches boot cmdline). With this script, patched debian-10.6.0-amd64-DVD-1.iso ISO file which previously took 1 hour, 44 minutes, 30 seconds to install, now installs in 10 minutes 37 seconds. Patched netinstall image, when run without the internet access, installs the whole mini distro with base utilities in less than 3 minutes. If #2 (packages in iso image) it not an eatmydata-udeb packaging concern, please tell for which package I should create a bug, it's not clear for me. OpenPGP_signature Description: OpenPGP digital signature
Bug#984794: calamares: use eatmydata to speed up last installation step (60remove-live-packages)
Package: calamares Version: 3.2.36-1 Severity: wishlist Dear Maintainer, Upon installation of Debian 10.8.0 using live ISO with Calamares, the step of live packages removal from target file system may take up to 30 minutes on old HDD due to excessive fsync()'s caused by dpkg. With eatmydata package used, this step takes 3-5 minutes. Please consider using eatmydata for apt operations on calamares. -- System Information: Debian Release: 10.8 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-14-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages calamares depends on: pn kio pn kpackagetool5 ii libatasmart4 0.19-5 ii libblkid1 2.33.1-0.1 ii libboost-python1.67.0 1.67.0-13+deb10u1 ii libc6 2.28-10 ii libgcc1 1:8.3.0-6 pn libkf5auth5 pn libkf5codecs5 pn libkf5completion5 pn libkf5configcore5 pn libkf5configgui5 pn libkf5configwidgets5 pn libkf5coreaddons5 pn libkf5i18n5 pn libkf5jobwidgets5 pn libkf5kiocore5 pn libkf5kiowidgets5 pn libkf5package5 pn libkf5parts5 pn libkf5plasma5 pn libkf5service-bin pn libkf5service5 pn libkf5sonnetui5 pn libkf5textwidgets5 pn libkf5widgetsaddons5 pn libkf5xmlgui5 pn libkpmcore7 ii libparted2 3.2-25 ii libpwquality1 1.4.0-3 ii libpython3.7 3.7.3-2+deb10u2 pn libqt5concurrent5 ii libqt5core5a 5.11.3+dfsg1-1+deb10u4 ii libqt5dbus5 5.11.3+dfsg1-1+deb10u4 ii libqt5gui5 5.11.3+dfsg1-1+deb10u4 ii libqt5network5 5.11.3+dfsg1-1+deb10u4 ii libqt5qml5 5.11.3-4 ii libqt5quick5 5.11.3-4 pn libqt5quickwidgets5 ii libqt5svg5 5.11.3-2 ii libqt5webkit5 5.212.0~alpha2-21 ii libqt5widgets5 5.11.3+dfsg1-1+deb10u4 ii libqt5xml5 5.11.3+dfsg1-1+deb10u4 ii libstdc++6 8.3.0-6 pn libyaml-cpp0.6 ii os-prober 1.77 Versions of packages calamares recommends: ii btrfs-progs 4.20.1-2 pn squashfs-tools calamares suggests no packages. OpenPGP_signature Description: OpenPGP digital signature
Bug#984792: eatmydata-udeb: finish-install.d/13eatmydata-udeb executes earlier than 60remove-live-packages on live ISO
Package: eatmydata-udeb Version: 105-7 Severity: normal Tags: d-i Dear Maintainer, /usr/lib/finish-install.d/60remove-live-packages file is executed after disablng eatmydata-udeb on live iso file, which slows down live packages removing process dramatically. Consider increasing execution order of eatmydata-udeb script. 61 or 62 would fix the issue. -- System Information: Debian Release: 10.8 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-14-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled OpenPGP_signature Description: OpenPGP digital signature
Bug#984791: eatmydata-udeb: udeb included in Debian ISO, but eatmydata and libeatmydata1 are not
Package: eatmydata-udeb Version: 105-7 Severity: normal Tags: d-i Dear Maintainer, eatmydata-udeb is included in Debian ISO files but can't be used as eatmydata and libeatmydata1 are missing in ISO pool on any ISO I've tested (CD/DVD, regular/live). Without the library eatmydata-udeb does nothing. It also does not attempt to load the library over the internet. Please include eatmydata package into installation ISO files. I should mention that eatmydata-udeb by itself is not used by default and could be activated only with preseed file or kernel argument. -- System Information: Debian Release: 10.8 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-14-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled OpenPGP_signature Description: OpenPGP digital signature
Bug#700633: Debootstrap is very slow. Please use eatmydata to fix this.
Debootstrap is used in Debian ISO installer (debian-installer, d-i) for initial target rootfs bootstrapping. With sync enabled, this takes hundreds of minutes to unpack and configure base system on a HDD. With eatmydata it takes about a minute. What could be done to introduce eatmydata into debootstrap? Are propsed patches above (in message 50 and before) are not correct or not conform to Debian style or policy? If so, what should be improved? OpenPGP_signature Description: OpenPGP digital signature
Bug#932054: bug reply
rspamd default configuration file contains a set of RBL servers, links to different phishing/spamming feeds, public ASN lookup server, fuzzy hashes server, etc. All the data is refreshed with regular intervals. https://github.com/rspamd/rspamd/blob/master/conf/modules.d/rbl.conf https://github.com/rspamd/rspamd/blob/master/conf/modules.d/phishing.conf https://github.com/rspamd/rspamd/blob/master/conf/modules.d/asn.conf https://github.com/rspamd/rspamd/blob/52a281c58f31ba48e1d365c1646321747be501ff/conf/modules.d/fuzzy_check.conf#L21 OpenPGP_signature Description: OpenPGP digital signature
Bug#768496: (no subject)
When this will be pushed to testing? signature.asc Description: OpenPGP digital signature
Bug#768496: [Pkg-sysvinit-devel] Typo in invoke-rc.d
Yes, I can confirm, it works fine with this (commit 5eddf30) change. Thank you for quick fix! signature.asc Description: OpenPGP digital signature
Bug#768496: [invoke-rc.d] Typo in initctl which breaks upstart
Package: sysv-rc Version: 2.88dsf-57 The latest version has a very silly typo which breaks invoke-rc.d if upstart is used. Line 275: inictl should be initctl signature.asc Description: OpenPGP digital signature
Bug#762491: (no subject)
Can confirm, it's totally broken. No errors in error logs or whatsoever. signature.asc Description: OpenPGP digital signature
Bug#762491: (no subject)
No, sorry, this is nginx issue, for sure! Works fine with nginx 1.6.1. Can somebody confirm? nginx 1.6.2 and php 5.6.0 works on one of my server, but not on another 15 ones. signature.asc Description: OpenPGP digital signature
Bug#762491: (no subject)
http://www.linux-support.com/cms-xxx/ubuntu-developers-thomas-ward-nginx-changes-in-debian-causing-default-config-fastcgi-users-issues/ signature.asc Description: OpenPGP digital signature
Bug#761072: (no subject)
Please change sites-available/default to fastcgi.conf signature.asc Description: OpenPGP digital signature
Bug#734041: (no subject)
If anyone is still interested, here is a fork of OpenVPN's easy-rsa v3 with ipsec support https://github.com/ValdikSS/easy-rsa-ipsec signature.asc Description: OpenPGP digital signature
Bug#761066: Include build option --enable-vici and --enable-swanctl for new swanctl tool
Package: strongswan Version: 5.2.0-2 Severity: wishlist Dear maintainer, swanctl is a new, portable command line utility to configure, control and monitor the IKE daemon charon using the vici interface. It has been introduced with strongSwan 5.2.0. swanctl works independently from starter, ipsec.conf or the ipsec script, and is a lightweight alternative available on all platforms. It would be very useful to have this tool packaged. Thanks. signature.asc Description: OpenPGP digital signature
Bug#760214: (no subject)
I can confirm this bug. This probably happened after networkmanager update. It seems like networkmanager intercepts route too late. Here are two workarounds: 1) add route-delay 1 to your openvpn configuration file. 2) use route-nopull and redirect-gateway (without def1). signature.asc Description: OpenPGP digital signature
Bug#760214: (no subject)
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=06703c1670d0f96834b268920b09792e22fdb4c4 signature.asc Description: OpenPGP digital signature
Bug#739641: (no subject)
Sadly, it's not so easy as it seems to be If you compile strongSwan with --enable-kernel-ipsec, kernel-ipsec would be enabled by default, which is not what most of the package users expect. Ubuntu maintainers are thinking of 2 ways of dealing with this issue: 1) Compile kernel-libipsec libraries and configuration files as separate package 2) Change kernel-libipsec configuration to not enable it by default -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#741366: cadaver: Untrusted server certificate presented for `my.server.tld'
Package: cadaver Version: 0.23.3-2 Severity: normal Dear Maintainer, When accessing an https DAV volume, I get the following message even if the server cert got signed by a trusted CA (ie: provided by the ca-certificates package). WARNING: Untrusted server certificate presented for `my.server.tld': [...] Do you wish to accept the certificate? (y/n) The bug #459453 is closed and marked as fixed, but it is not fixed for me. -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages cadaver depends on: ii libc6 2.18-4 ii libcomerr21.42.9-3 ii libgcrypt11 1.5.3-3 ii libgnutls26 2.12.23-13 ii libgssapi-krb5-2 1.12+dfsg-2 ii libk5crypto3 1.12+dfsg-2 ii libkrb5-3 1.12+dfsg-2 ii libncurses5 5.9+20140118-1 ii libreadline6 6.2+dfsg-0.1 ii libtinfo5 5.9+20140118-1 ii libxml2 2.9.1+dfsg1-3 cadaver recommends no packages. cadaver suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org