Change in libcrypt1 prevents upgrades from Buster to Bookworm
Hello! Are LTS folks aware about the change in libcrypt1 where tt was split out of libc into a separate package? Perl needs /lib/x86_64-linux-gnu/libcrypt.so.1 to run, and when it gets removed Perl immediately stops working, and thus no dpkg command will proceed anymore [1]. As it breaks dpkg, it affects to my understanding *all* upgrades from Stretch to Bookworm, and some upgrades from Bullseye to Bookworm too[2] on packages I maintain. This makes LTS kind of moot, as systems that want to stay on LTS and "skip" at least one release can no longer do so. What is your take here? If the issue is not fixed, then at least LTS should document it well for LTS users? - Otto (I am not on list, please use reply-to-all) [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993755 [2] https://salsa.debian.org/mariadb-team/galera-4/-/pipelines/300049
Re: libapache2-mod-proxy-uwsgi - CVE-2021-36160 regression, altered PATH_INFO
Hi, Thanks for your answer but also thanks for the information about wrong configuration of apache. I have tested both solution you explain here and both works good. If I apply change in Apache configuration (like explain in the official documentation about "/") my app works good. If I just apply your Debian patch, app works good also. So, we wait for the debian patch for the oldest installation and I now can create a fix for Tracim project about wrong usage of "/" in apache2 configuration. Thanks a lot for your solution :) :) :) Best regards. Philippe Sys Admin Algoo Le 2021-10-09 18:04, Sylvain Beucler a écrit : Hi, On 05/10/2021 18:41, Sylvain Beucler wrote: forwarded 995368 https://bz.apache.org/bugzilla/show_bug.cgi?id=65616 The Apache developers say there's an incorrect configuration in the first place. For example, ProxyPassMatch ^/ui uwsgi://127.0.0.1:8081/ should be ProxyPassMatch ^/ui uwsgi://127.0.0.1:8081 following the warning about slashes in the documentation: http://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass However, they are currently considering an additional patch to restore the previous (less strict) behavior. Philippe, Josef, I prepared a build with the new patch, so you can test early: https://people.debian.org/~beuc/lts/uwsgi/ https://people.debian.org/~beuc/lts/uwsgi/libapache2-mod-proxy-uwsgi_2.0.14+20161117-3+deb9u5_amd64.deb I'm interested in your feedback. Cheers! Sylvain Beucler Debian LTS Team
Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)
On Sat, Oct 09, 2021 at 10:33:47AM +0200, Sylvain Beucler wrote: > This would be the ELTS (not LTS) repo at > https://salsa.debian.org/freexian-team/extended-lts/security-tracker/. > > See the ELTS README at gitlab.com:freexian-lts/extended-lts [...] > See > https://wiki.debian.org/LTS/Development#Prepare_an_update_for_the_website Thanks, Sylvain! :) (and sorry for having been busy with other stuff. I shall reply timely again now.) -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Today, over 800 women will have died due to preventable pregnancy and birth complications, over 130 due to femicide. https://www.who.int/news-room/fact-sheets/detail/maternal-mortality https://en.wikipedia.org/wiki/Femicide#Worldwide signature.asc Description: PGP signature
Re: [SECURITY] [DLA 2777-1] tiff security update
Hi, On 04/10/2021 01:20, Utkarsh Gupta wrote: > Hello LTS team, > > Apparently, I've sent the following mail thrice to the -announce > list but it doesn't seem to be going through. Could somebody > please send the below announcement from my end? TIA! \o/ > > The website update has already been pushed long back. Done. Cheers! Sylvain Beucler Debian LTS Team
Re: libapache2-mod-proxy-uwsgi - CVE-2021-36160 regression, altered PATH_INFO
Hi, On 05/10/2021 18:41, Sylvain Beucler wrote: forwarded 995368 https://bz.apache.org/bugzilla/show_bug.cgi?id=65616 The Apache developers say there's an incorrect configuration in the first place. For example, ProxyPassMatch ^/ui uwsgi://127.0.0.1:8081/ should be ProxyPassMatch ^/ui uwsgi://127.0.0.1:8081 following the warning about slashes in the documentation: http://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass However, they are currently considering an additional patch to restore the previous (less strict) behavior. Philippe, Josef, I prepared a build with the new patch, so you can test early: https://people.debian.org/~beuc/lts/uwsgi/ https://people.debian.org/~beuc/lts/uwsgi/libapache2-mod-proxy-uwsgi_2.0.14+20161117-3+deb9u5_amd64.deb I'm interested in your feedback. Cheers! Sylvain Beucler Debian LTS Team
Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)
Hi, On 09/10/2021 02:09, Jeremiah C. Foster wrote: On 9/28/21 12:46 PM, Holger Levsen wrote: These scripts expect that you have clones of the security-tracker.git repo as well as the extented-security-tracker.git repo and the webwml.git repo checked out in these directories: ~/Projects/security-tracker ~/Projects/extended-security-tracker ~/Projects/debian-www/webwml As I mentioned in another email that I didn't send to the list, I'm not sure I have access to all of these git repos. I do have to security-tracker but I cannot find extended-security-tracker in Salsa or Gitlab. This would be the ELTS (not LTS) repo at https://salsa.debian.org/freexian-team/extended-lts/security-tracker/. See the ELTS README at gitlab.com:freexian-lts/extended-lts As for webwml, is that this https://salsa.debian.org/webmaster-team/webwml/ ? See https://wiki.debian.org/LTS/Development#Prepare_an_update_for_the_website Cheers! Sylvain