Re: debina-backports missing packages
Varghese Paul (2024-04-15): I am encountering an issue with the Buster-backports repository. It seems that the repository does not have a Release file, which is preventing package management tools from retrieving updates or installing new packages from this source. On 16.04.24 07:57, Cyril Brulebois wrote: https://lists.debian.org/debian-devel-announce/2024/03/msg3.html http://archive.debian.org/debian/dists/buster-backports/ On 16.04.24 08:45, Matus UHLAR - fantomas wrote: Thanks for info, I just encountered this problem too. I would expect this to be posted to debian-backports-announce as well. https://lists.debian.org/debian-backports-announce/ Or, because this will affects buster (which is currently in LTS stage) immediately after packages are removed from main archive, perhaps even debian-lts-announce. I'm Cc:ing this to debian-lts if people are interested in such announce -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. He who laughs last thinks slowest.
Re: opendmarc 1.3.2-6+deb10u3 postinst hangs
Matus UHLAR - fantomas wrote: seems that the postinst file hangs, missing db_stop line On 30.08.23 08:37, Chris Lamb wrote: Thanks for the report; I will release an updated version within a few hours max. thank you, the upgrade passed corrrectly on machine I encountered this problem I'd be very interested to learn why the testing of the upgrade process (both manually and via Salsa's piuparts) did not surface this issue. Could it be different debconf frontends? If so, we should of course broaden our testing surface. I have retried with dbconfig-no-thanks, still the same result. I see that postinst script has hardcoded: . /usr/share/debconf/confmodule . /usr/share/dbconfig-common/dpkg/postinst.mysql dbc_go opendmarc "$@" However, when I tried installing under systemd, the problem did not appear. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam = (S)tupid (P)eople's (A)dvertising (M)ethod
opendmarc 1.3.2-6+deb10u3 postinst hangs
Hello, seems that the postinst file hangs, missing db_stop line this is described/fixed in bug#965284 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965284 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. My mind is like a steel trap - rusty and illegal in 37 states.
Re: Debian 10 and LTS version
On 30.03.23 09:16, Badr BENZERKANE wrote: I contact you because I wanted to download the LTS version of Debian 10 (Buster) but I can not find it on your website so I take the liberty of contacting you to know if you have suspended the download if it exists or if there was a problem with this version. For a task to do it, I need to install a light operating system for our industrial computer and as I searched on the Internet I based it on Debian 10.13 netinst because I want a version without desktop environment and I am looking for the LTS version. All debian versions can be run without desktop and all of them are expected to have LTS for some time, cmomercial ELTS for longer: https://wiki.debian.org/LTS/Extended On the other hand, Debian 10 Buster is 4 years old and we expect it to end in one year - for now I'd recommend Debian 11 Bullseye. I ask, if possible, is Debian netinst the lightweight version that contains all the important packages is netinst? and I would like to have the download link of the LTS version if possible. netinst is lightweight version because it does NOT contain all packages, you are supposed to install most of them via internet. If this is not possible, I recommend downloading full DVD image. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux is like a teepee: no Windows, no Gates and an apache inside...
Re: [SECURITY] [DLA 3140-1] libpgjava security update
On 10/10/2022 10:01, Onny van den Boom wrote: Is it possible to change the subscription of gysb...@hippoline.nl in helpd...@hippoline.nl? On 10.10.22 10:54, Emilio Pozuelo Monfort wrote: You can subscribe or unsubscribe by filling the form in https://lists.debian.org/debian-lts-announce/ Note that you will get a confirmation email with a link that you need to follow. the same applies for unsubscription, where there's some probability that the confirmation e-mail falls into spam folder. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "One World. One Web. One Program." - Microsoft promotional advertisement "Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
Re: [SECURITY] [DLA 2687-2] prosody regression update
Guys, On 21.06.21 11:11, Jamie Tudor wrote: From: Jamie Tudor Cc: debian-lts@lists.debian.org To: David Sutton List-Id: List-URL: <https://lists.debian.org/debian-lts/> List-Post: <mailto:debian-lts@lists.debian.org> List-Help: <mailto:debian-lts-requ...@lists.debian.org?subject=help> List-Subscribe: <mailto:debian-lts-requ...@lists.debian.org?subject=subscribe> List-Unsubscribe: <mailto:debian-lts-requ...@lists.debian.org?subject=unsubscribe> sending mail to the list will send it to its members, won't get you unsubscribed. See the List-Unsubscribe address above. Unsubscribe On Jun 21, 2021, at 11:06 AM, David Sutton wrote: unsubscribe -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Emacs is a complicated operating system without good text editor.
cacti graph zoom bug
Hello, a graph zooming bug appeared in cacti ~2 months ago. The bug appears in cacti 0.8 in stretch, it's fixed in buster. I have submitted a bug, containing fix for this issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974926 I'm not sure if anyone is willing to fix this in the stretch version, but if it's the case, here you are... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 42.7 percent of all statistics are made up on the spot.
Re: regression in librrd4
On 02.03.20 14:11, Utkarsh Gupta wrote: On Mon, 2 Mar, 2020, 1:53 PM Matus UHLAR - fantomas, wrote: the rrdtool package uploaded to jessie today has a bug that prevents (at least) smokeping and cacti from drawing graphs. Yikes! I did the upload. And whilst the smoke-test went alright, I didn't see that coming. I shall take a look at this. The temoporary solution is to downgrade librrd4 from 1.4.8-1.2+deb8u1 to 1.4.8-1.2 I'll try to see if it could be fixed properly, otherwise the fall back would be to downgrade back to the previous version. Thank you for reporting this :) please tell us if you get new versions, I can test them on a few dozen servers if needee... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. It's now safe to throw off your computer.
Re: regression in librrd4
On 02.03.20 09:23, Matus UHLAR - fantomas wrote: the rrdtool package uploaded to jessie today has a bug that prevents (at least) smokeping and cacti from drawing graphs. The temoporary solution is to downgrade librrd4 from 1.4.8-1.2+deb8u1 to 1.4.8-1.2 FYI this is the error smokeping shows: ERROR: cannot compile regular expression: Error while compiling regular expression ^(?:[^%]+|%%)*%[+- 0#]?[0-9]*([.][0-9]+)?l[eEfF](?:[^%]+|%%)*%s(?:[^%]+|%%)*$ at char 18: range out of order in character class (^(?:[^%]+|%%)*%[+- 0#]?[0-9]*([.][0-9]+)?l[eEfF](?:[^%]+|%%)*%s(?:[^%]+|%%)*$) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. (R)etry, (A)bort, (C)ancer
regression in librrd4
Hello, the rrdtool package uploaded to jessie today has a bug that prevents (at least) smokeping and cacti from drawing graphs. The temoporary solution is to downgrade librrd4 from 1.4.8-1.2+deb8u1 to 1.4.8-1.2 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam = (S)tupid (P)eople's (A)dvertising (M)ethod
Re: spamassassin security update in Debian jessie LTS
On 31.01.20 14:31, Mike Gabriel wrote: Hi Noah, dear LTS contributors, Helo guys, I am about to look into CVE-2020-1930 and CVE-2020-1931 reported against spamassassin. The issues have been fixed in 3.4.4~rc1 FYI, 3.4.4 was released two days ago... and as spamassassin has been upstream version bumped in Debian jessie LTS before, I am asking for your opinion, if you'd rather recommend cherry-picking the fixes (which I haven't been able to identify yet in upstream SVN) or simply upstream version bump spamassassin in jessie LTS once more. @LTS team: sharing your feedback / opinions will be much appreciated, too. ... and I discussed this with some people on spamassassin mailing list. quoting one mail[1]: Key to the issue is I fail to see how the highly intrusive security work done for 3.4.3 can possibly be backported. My recommendation remains a strong: upgrade to 3.4.4. and its reply[2] The Debian patches for CVE-2018-11805 and CVE-2019-12420 onto 3.4.2 are roughly 100kb in size. I can't guess how big would be the fix now. the decision is of course up to you. [1] https://mail-archives.apache.org/mod_mbox/spamassassin-users/202001.mbox/<32172386-a795-1bea-ad6f-05218d5db...@apache.org> [2] https://mail-archives.apache.org/mod_mbox/spamassassin-users/202001.mbox/ -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95
Re: packages from old security releases.
El sáb., 25 de may. de 2019 a la(s) 10:41, Raphael Hertzog (hert...@debian.org) escribió: The reason why Wheezy Extended LTS packages are not in the Debian repositories is because Debian was not interested in keeping the wheezy On 10.10.19 14:03, PICCORO McKAY Lenz wrote: i'm talking about ARCHIVE not main! archive.debian.org that's because extended lts is not part of debian. repositories alive for longer. So Debian is not going to merge those packages. And while you can benefit from those packages freely, this is only possible because there are sponsors paying the work required to provide those updates. See https://deb.freexian.com/extended-lts/ for details. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I intend to live forever - so far so good.
Re: python3.4 regression update
On 26.06.19 08:45, Matus UHLAR - fantomas wrote:
yesterday's python3.4 regression update workd properly, however not with
unattended-upgrade.
is it possible (any idea how) to update that package automatically or do we
need to do that manually?
I just want to add that about half of my jessie machines updated today to
fixed python version correctly, I got mail from the other half:
/etc/cron.daily/apt:
Traceback (most recent call last):
File "/usr/bin/unattended-upgrade", line 55, in
import apt
File "/usr/lib/python3/dist-packages/apt/__init__.py", line 26, in
from apt.package import Package
File "/usr/lib/python3/dist-packages/apt/package.py", line 32, in
from http.client import BadStatusLine
File "/usr/lib/python3.4/http/client.py", line 1014
raise InvalidURL(f"URL can't contain control characters. {url!r} "
^
SyntaxError: invalid syntax
manual upgrade fixed it
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.
python3.4 regression update
Hello, yesterday's python3.4 regression update workd properly, however not with unattended-upgrade. is it possible (any idea how) to update that package automatically or do we need to do that manually? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fighting for peace is like fucking for virginity...
Re: packages from old security releases.
On 23.05.19 22:04, PICCORO McKAY Lenz wrote: all those response souns "it's not our problem, we dont care about that" ... of course. We are not paid, we are just members of mailing list. important updates for wheeze never will be in archive. thanks for nothing! You are using Debian for free, aren't you? If not, ask those you pay to. Otherwise, don't blame Debian people for not providing more free services. El jue., 23 de may. de 2019 a la(s) 16:49, Matus UHLAR - fantomas (uh...@fantomas.sk) escribió: >> On 22/05/2019 19:54, PICCORO McKAY Lenz wrote: >>> currently still are security updats for jessie (debian LTS) and wheeze >>> (ExLTS) why those packages are not uploaded to archive debian ? >2019-05-22 13:58 GMT-04:30, Emilio Pozuelo Monfort : >> jessie LTS is available from security.debian.org, just like other Debian On 22.05.19 22:46, PICCORO McKAY Lenz wrote: >and not in archive? right? packages are moved to archive after they are removed from official mirrors. >> security updates for supported releases. wheezy ELTS is not officially part >> of >> Debian, that's why the updates are not available from debian.org machines, >> but >> you can still get them from the deb.freexian.com repository if you so >> choose. >i already know but why are not in archive!? the same reason as above and still they same reason Emilio said. >those packages are in good >shape and have important updates.. many many MANY hardware runs wheezy >and cannot be upgraded! due lack of support from recent "fashioned" >linux you can get them from freexian archive as Emilio said. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I feel like I'm diagonally parked in a parallel universe.
Re: packages from old security releases.
On 22/05/2019 19:54, PICCORO McKAY Lenz wrote: currently still are security updats for jessie (debian LTS) and wheeze (ExLTS) why those packages are not uploaded to archive debian ? 2019-05-22 13:58 GMT-04:30, Emilio Pozuelo Monfort : jessie LTS is available from security.debian.org, just like other Debian On 22.05.19 22:46, PICCORO McKAY Lenz wrote: and not in archive? right? packages are moved to archive after they are removed from official mirrors. security updates for supported releases. wheezy ELTS is not officially part of Debian, that's why the updates are not available from debian.org machines, but you can still get them from the deb.freexian.com repository if you so choose. i already know but why are not in archive!? the same reason as above and still they same reason Emilio said. those packages are in good shape and have important updates.. many many MANY hardware runs wheezy and cannot be upgraded! due lack of support from recent "fashioned" linux you can get them from freexian archive as Emilio said. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 99 percent of lawyers give the rest a bad name.
Re: jessie-updates gone
On 2019-04-03 02:02, Andy Smith wrote: c) if getting warnings from "apt update" does seem to be an effective final way to reach such users, would it be a good idea to find a way to have apt tell them about their transition into LTS? On 03.04.19 09:54, Jan Ingvoldstad wrote: So, sort of a variant on Pierre Fourès's suggestion? I like that. I agree. It's better to warn than error, better when LTS starts than year later. Just note that expiring the archive is something to consider - people who put 'Acquire::Check-Valid-Until "0";' into their configs may forget it there, so they will miss such warnings within next release cycle. Additionally: c 2) a transition into LTS should probably be accompagnied with a default run of check-support-status maybe create new point release where base-files depend on debian-security-support unfortunately that won't help users who only use unattended-upgrades for security upgrades. c 3) when requesting installation of unsupported packages, provide a warning check-support-status should do that. For c 3), this could be similar to when e.g. apt/apt-get pauses to ask due to dependencies, and overridable with the same options. However, as Pierre says, this is quite a bit of extra work for package system developers/maintainers. I hope that's what we discuss here ;-) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Christian Science Programming: "Let God Debug It!".
Re: jessie-updates gone
On Tue, Apr 02, 2019 at 03:09:03PM +0200, Matus UHLAR - fantomas wrote: On 02.04.19 10:59, Andy Smith wrote: >The alternative is that those users continue using Debian without >realising that their packages stopped being supported by the >maintainers and security team and are now supported by LTS alone. this should happen when LTS is over, not before. also, there's check-support-status for unsupported packages. On 02.04.19 14:43, Andy Smith wrote: Sorry I am not sure I follow. Miroslav said, "led thousands of users to ask themselves what was wrong with their apt update". I cannot personally say that I saw thousands, but I did see tens (some of which are my users that I support), which suggests there are quite a lot more of these users that we don't see. You understand that these users do not currently read the announcements about support life times and do not currently run check-support-status, right? Otherwise they would not have been confused about what happened with jessie-updates. So are you really saying that your proposed solution is just to tell people who aren't currently reading announcements and are not running check-support-status to try harder? I'm trying to say that people using LTS should not notice ot of nothing that the -updates archive is now gone. That should happen after LTS is over. dropping the the -backorts is fine, maybe even just after LTS startes. note that the -updates usually contains packages that are continued to be supported. This does not apply for -backports. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "The box said 'Requires Windows 95 or better', so I bought a Macintosh".
Re: jessie-updates gone
On 4/1/19 8:14 PM, Andy Smith wrote: >I do understand that re-adding an empty jessie-updates directory >will silence a lot of warnings from apt update, and thus would avoid >the questions from end users that I have seen in a lot of places, >but… I can't help thinking that although it is bad that these users >were confused, at least they now understand that the level of >support has changed. On Tue, Apr 02, 2019 at 11:53:50AM +0200, Miroslav Skoric wrote: -1 Programmers' decision that led thousands of users to ask themselves what was wrong with their apt update was a very bad marketing for Debian. On 02.04.19 10:59, Andy Smith wrote: The alternative is that those users continue using Debian without realising that their packages stopped being supported by the maintainers and security team and are now supported by LTS alone. this should happen when LTS is over, not before. also, there's check-support-status for unsupported packages. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!
Re: jessie-updates gone
On Mon, Apr 01, 2019 at 02:29:23PM +0200, Pierre Fourès wrote: Now that Jessie is in LTS and that jessie-updates/ is gone, does this also mean there won't be any other updates to tzdata, clamav, or similar (timely dependent's) packages ? no. good. Or if still updated, where does we got them from ? I guess it's not from security updates ? On 01.04.19 13:40, Holger Levsen wrote: from LTS. to clarify: this is LTS: deb http://security.debian.org/ jessie/updates main formerly security (only) updates. this is gone: deb http://deb.debian.org/debian/ jessie-updates main formerly volatile. We have asked if it's going to be re-added, even if empty, to avoid people using jessie from seeing errors when updateing package lists. do I have to fill a bugreport to get it back? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. M$ Win's are shit, do not use it !
Re: jessie-updates gone
On 27.03.19 11:20, Bernie Elbourn wrote: I am very grateful for all the work done here. You are all heroes! Can I gently ask if we can just blank the stretch-updates archive next time round please. Otherwise every stable machine out there now will need a change. Am 27.03.19 um 12:50 schrieb Matus UHLAR - fantomas: That's what I meant too. I probably should have emphasized that. If it is possible to wiz up a blank jessie-updates this will save me visiting a bunch of systems throwing apt errors in next few days. I wonder if it wasn't blank already. All of its contents was supposed to be moved to jessie main archive with last point release and no content should be there after that. On 27/03/2019 13:33, Markus Koschany wrote: So the idea is to readd the empty jessie-updates directory to avoid apt errors when updating? Jörg is this possible? On 27.03.19 14:02, Emilio Pozuelo Monfort wrote: Yes, I talked to them earlier today and they agreed to bringing it back to avoid these problems on users that have jessie-updates on their sources.list. and when is this expected to happen? jessie-proposed-updates could also be brought back, though that's not enabled by default upon installation so it should be less problematic if it stays removed (though some people may have it so it wouldn't hurt to bring it back as well). I agree although I don't use it neither. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are
LTS packages changelogs on packages.d.o / metadata.ftp-master.d.o
Hello, trying to look at changelog of packages in LTS, it's not available on links from packages.debian.org that point to metadata.ftp-master.d.o e.g. https://packages.debian.org/jessie/linux-support-3.16.0-6 https://packages.debian.org/jessie/linux-support-3.16.0-7 https://packages.debian.org/jessie/linux-support-3.16.0-8 all point to: https://metadata.ftp-master.debian.org/changelogs/main/l/linux/linux_3.16.64-1_changelog which does not exist. can I find those changelogs in an easy way (without installing those packages)? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist "So does syphillis. Good thing we have penicillin." - Matthew Alton
Re: jessie-updates gone
On 27.03.19 11:20, Bernie Elbourn wrote: If it is possible to wiz up a blank jessie-updates this will save me visiting a bunch of systems throwing apt errors in next few days. On 2019-03-27 11:50, Matus UHLAR - fantomas wrote: I wonder if it wasn't blank already. All of its contents was supposed to be moved to jessie main archive with last point release and no content should be there after that. On 27.03.19 13:52, Adam D. Barratt wrote: Packages aren't moved from -updates to (old)stable, they're moved from p-u. Packages only get removed from -updates following manual action from a Release Team member. so, as I understand it, packages like clamav, spamassassin and others that are in -updates may not get to main archive with a point release? Is there anything other needed to get them in? iirc, the -updates (formerly called volatile) was created to contain packages that really need updates during distribution lifecycle, just like antiviruses, spam filters and alike. They should not be lost. In the case of jessie, it appears there was still at least an old kernel package in there. luckily, nothing important. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Emacs is a complicated operating system without good text editor.
Re: jessie-updates gone
On 27.03.19 11:20, Bernie Elbourn wrote: I am very grateful for all the work done here. You are all heroes! Can I gently ask if we can just blank the stretch-updates archive next time round please. Otherwise every stable machine out there now will need a change. That's what I meant too. I probably should have emphasized that. If it is possible to wiz up a blank jessie-updates this will save me visiting a bunch of systems throwing apt errors in next few days. I wonder if it wasn't blank already. All of its contents was supposed to be moved to jessie main archive with last point release and no content should be there after that. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Support bacteria - they're the only culture some people have.
Re: jessie-updates gone
On Tue, 26 Mar 2019, Jakob Hirsch wrote: so I noticed this morning that jessie-updates is gone from the mirrors. After some research, I found that this was kind of announced in https://lists.debian.org/debian-devel-announce/2019/03/msg6.html. Question is now, what should I put in my sources.list? I used https://wiki.debian.org/LTS/Using#Using_Debian_Long_Term_Support_.28LTS.29 as the authorative source, but this is obviously outdated now. So, am I ok by just using these two? On 26.03.19 11:37, Alexander Wirt wrote: Its deprecated and unsupported for sime time now, please stop using it. It was working since jessie was released, so anyone using jessie will apparently have it in sources.list. I believe one of LTS goals was to continue without need for changing sources.list. I also believe that after last point release all stuff was moved to main archive, so jessie-updates was supposed to be empty. I did comment it out on all jessie machines: "sed -i -e '/jessie-updates/s/^#*/#/' /etc/apt/sources.list" -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Eagles may soar, but weasels don't get sucked into jet engines.
Re: Newer kernel for jessie backports
On 14.03.19 13:47, Arthur de Jong wrote: In jessie backports there is currently a 4.9 kernel (4.9.110-3+debu5~deb8u1) which is based on stretch 4.9.110-3+deb9u2. Since stretch now has 4.9.144-3.1 are there any plans to make a 4.9.144-3.1~deb8u1 for jessie? it should be possible to rebuild the server from stretch on jessie, or directly install kernel packages from jessie. I have a piece of hardware that requires the newer kernel but will sadly not be able to upgrade to stretch for a few months. Is there something I can do to help this along? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!
Re: gzip not working properly
On Fri, Jan 11, 2019 at 10:59:00AM +, xia boles wrote: >Hi, gzip is not working correctly, because when I install linux-images, it >reports with gzip: stdout: no space left on device when I have a lot of >space left. Can you fix it? On Fri, 2019-01-11 at 08:02 -0500, Roberto C. Sánchez wrote: That does not seem like a gzip problem. It seems like your filesystem does not have enough free space. If /boot is a separate partition on your system, try removing some kernel packages you no longer use. On 13.01.19 15:21, Ben Hutchings wrote: Right. The error from gzip likely relates to creation of the initramfs image, which has to go in /boot. If there isn't even room for 2 versions of the kernel and initramfs in /boot, another option would be to reduce the size of the initramfs by setting MODULES=dep (see initramfs.conf(5)). I think it uses /tmp as well. Do you have enough of space on /tmp? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "To Boot or not to Boot, that's the question." [WD1270 Caviar]
fix squirrelmail bug 775720 in jessie
Hello, the debian bug 775720 for squirrelmail was closed by debian maintainer because squirrelmail was removed from archive. However, there were security 3 updates to squirrelmail since, and I've had to fix the same bug (apply the same patch) 3 times after each update. Does it sound logical to apply the mentioned patch to squirrelmail, should that happen again? Thank you -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. He who laughs last thinks slowest.
Re: [SECURITY] [DLA 1379-1] curl security update
On 24.05.18 13:38, Helge Hinkelmann wrote: Subject: Re: [SECURITY] [DLA 1379-1] curl security update To: debian-lts@lists.debian.org From: Helge Hinkelmann <helge.hinkelm...@dimdi.de> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 List-Id: List-URL: <https://lists.debian.org/debian-lts/> List-Post: <mailto:debian-lts@lists.debian.org> List-Help: <mailto:debian-lts-requ...@lists.debian.org?subject=help> List-Subscribe: <mailto:debian-lts-requ...@lists.debian.org?subject=subscribe> List-Unsubscribe: <mailto:debian-lts-requ...@lists.debian.org?subject=unsubscribe> List-Archive: https://lists.debian.org/msgid-search/98a7119e-ae00-3d79-6cf3-87b027ab5...@dimdi.de UNSUBSCRIBE you need to send this to list admin address, not to list address - this way it goes to subscribers. All mail from this mailing lists contains headers that help you to unsubscribe, see above (especially the List-Unsubscribe header) I see you use Mozilla Thunderbird - maybe you could search for extension that helps you manage mailing lists. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Silvester Stallone: Father of the RISC concept.
Re: MySQL 5.5 EOL before Debian 8 LTS ends
Am 22.01.2018 um 13:42 schrieb Lars Tangvald: First off, thanks for handling the 5.5.59 update for Wheezy. I had the security announcement date mixed up so picked it up too late, sorry. MySQL 5.5 is expected to be EOL in December (it was first released December 15, 2010, and we have 8 year security support), while Jessie LTS is until April 2020 How are such cases handled? Will the source package be removed, or is it possible to have it upgraded to a more recent version? On 22/01/18 16:35, Markus Koschany wrote: These are both possible options but given the significance of MySQL we would rather prefer to upgrade to a supported release provided this is viable for Jessie. If an upgrade is possible, while we did a successful transition in Ubuntu from 5.5 to 5.7, there were significant changes from 5.6 to 5.7, requiring small changes to a lot of third-party packages as well as to the default server behavior, so 5.6 (which is supported until 2021) would be a better option. I also think it makes sense to take a smaller step and upgrade from 5.5 to 5.6. Are there any known issues with 5.6 or can you share any information about expected regressions with reverse-dependencies? On 19.05.18 20:41, Emilio Pozuelo Monfort wrote: jessie ships mysql-5.5 and mariadb-10.0. Given that stretch no longer ships mysql but only mariadb, we could just let mysql-5.5 go end of life, mark it as unsupported (or drop the server part), and keep supporting mariadb-10.0. Users will need to move to mariadb at some point anyway. The only problem is that mariadb-10.0 goes EOL on March 2019. mariadb-10.1 is EOL on October 2020, so if we decided to provide that in jessie that would be enough. There are packages in jessie that depend on mysql (or libmysql), not on mariadb. IMHO If it's possible to migrate to mysql-5.6 and later from mysql-5.6 to stretch, it would be a better alternative than deprecate it. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Boost your system's speed by 500% - DEL C:\WINDOWS\*.*
Re: wheezy-security (LTS) libclamav7's version is newer than jessie's
> > On Thu, 03 May 2018, Marc SCHAEFER wrote: > > > Probably that a downgrade of the clamav suite would solve the problem; however > > > there is something wrong in the coherency between wheezy LTS and jessie, don't > > > you think? > El 04/05/18 a las 09:20, Raphael Hertzog escribió: > > A newer version is already targeted to jessie (0.100.0+dfsg-0+deb8u1) but > > it's sitting in jessie-proposed-updates and will only be in the main > > repository after the next (final?) point release. On 04.05.18 09:42, Santiago R.R. wrote: > Just FTR, 0.99.4+dfsg-1+deb8u1 was also in proposed updates: > https://tracker.debian.org/news/937695/accepted-clamav-0994dfsg-1deb8u1-source-all-into-oldstable-proposed-updates-oldstable-new-oldstable-proposed-updates/ El 04/05/18 a las 12:27, Matus UHLAR - fantomas escribió: where is it now then? On 04.05.18 15:16, Santiago R.R. wrote: I think it was also on proposed updates. changes files are still there: http://ftp.debian.org/debian/dists/oldstable-proposed-updates/clamav_0.99.4+dfsg-1+deb8u1_all.changes I'm sorry, I don't hive enough time to test those :( I have upgraded one of machines noticing this - not a big issue, but I wondered than new version hasn't been uploaded to jessie for such time. It seems I didn't fully understand the mail that Moritz sent in March, about avoiding to break upgrades. Really sorry for that! I am documenting more explicitly how to handle clamav in LTS, according to the comments in his recent mail. as I said, no big problem - I have 0.99.4 with one library dependency from wheezy installed now on a jessie machine. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. You have the right to remain silent. Anything you say will be misquoted, then used against you.
Re: wheezy-security (LTS) libclamav7's version is newer than jessie's
On Thu, 03 May 2018, Marc SCHAEFER wrote: > Probably that a downgrade of the clamav suite would solve the problem; however > there is something wrong in the coherency between wheezy LTS and jessie, don't > you think? El 04/05/18 a las 09:20, Raphael Hertzog escribió: A newer version is already targeted to jessie (0.100.0+dfsg-0+deb8u1) but it's sitting in jessie-proposed-updates and will only be in the main repository after the next (final?) point release. On 04.05.18 09:42, Santiago R.R. wrote: Just FTR, 0.99.4+dfsg-1+deb8u1 was also in proposed updates: https://tracker.debian.org/news/937695/accepted-clamav-0994dfsg-1deb8u1-source-all-into-oldstable-proposed-updates-oldstable-new-oldstable-proposed-updates/ where is it now then? I have upgraded one of machines noticing this - not a big issue, but I wondered than new version hasn't been uploaded to jessie for such time. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I just got lost in thought. It was unfamiliar territory.
Re: Regarding microcode update
On 26.03.18 19:05, VigneshDhanraj G wrote: After microcode update, for signature=0x306a9 upgraded revision should be 0x1f but dmesg shows wrong revision any ideas what went wrong. according to the log, firmware was updated from 0x17 to 0x1b which version of intel-microcode do you have installed? did you reboot after upgrading the package? In intel release notes, came across the below notes which says that it should upgraded to 0x1f. IVB E2 6-3a-9:12 1c->1f dhanraj@debian:~$ dmesg | grep microcode [2.542014] microcode: CPU0 sig=0x306a9, pf=0x2, revision=0x17 [2.543391] platform microcode: firmware: agent loaded intel-ucode/06-3a-09 into memory [2.543971] microcode: CPU0 updated to revision 0x1b, date = 2014-05-29 [2.543997] microcode: CPU1 sig=0x306a9, pf=0x2, revision=0x17 [2.545378] platform microcode: firmware: agent loaded intel-ucode/06-3a-09 into memory [2.545647] microcode: CPU1 updated to revision 0x1b, date = 2014-05-29 [2.545674] microcode: CPU2 sig=0x306a9, pf=0x2, revision=0x17 [2.547079] platform microcode: firmware: agent loaded intel-ucode/06-3a-09 into memory [2.547357] microcode: CPU2 updated to revision 0x1b, date = 2014-05-29 [2.547366] microcode: CPU3 sig=0x306a9, pf=0x2, revision=0x17 [2.548655] platform microcode: firmware: agent loaded intel-ucode/06-3a-09 into memory [2.548920] microcode: CPU3 updated to revision 0x1b, date = 2014-05-29 [2.548942] microcode: CPU4 sig=0x306a9, pf=0x2, revision=0x17 [2.550180] platform microcode: firmware: agent loaded intel-ucode/06-3a-09 into memory [2.550460] microcode: CPU4 updated to revision 0x1b, date = 2014-05-29 [2.550480] microcode: CPU5 sig=0x306a9, pf=0x2, revision=0x17 [2.551675] platform microcode: firmware: agent loaded intel-ucode/06-3a-09 into memory [2.551957] microcode: CPU5 updated to revision 0x1b, date = 2014-05-29 [2.551978] microcode: CPU6 sig=0x306a9, pf=0x2, revision=0x17 [2.553162] platform microcode: firmware: agent loaded intel-ucode/06-3a-09 into memory [2.553429] microcode: CPU6 updated to revision 0x1b, date = 2014-05-29 [2.553435] microcode: CPU7 sig=0x306a9, pf=0x2, revision=0x17 [2.554585] platform microcode: firmware: agent loaded intel-ucode/06-3a-09 into memory [2.554851] microcode: CPU7 updated to revision 0x1b, date = 2014-05-29 [2.554898] microcode: Microcode Update Driver: v2.00 < tig...@aivazian.fsnet.co.uk>, Peter Oruba Need to understand what went wrong in my side. Regards, Vigneshdhanraj -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. There's a long-standing bug relating to the x86 architecture that allows you to install Windows. -- Matthew D. Fuller
debsecan bugs about irssi
Hello, I have debsecan on debian 7 installed. my architecture is i386 and I have irssi installed, in current version 0.8.15-5+deb7u4 available for i386. However, irssi for amd64 arch is at version 0.8.15-5+deb7u5 and debsecan bugs me daily about available security update, which is not true. My question is, should I report this as a bug for debsecan, or probably irssi? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. If Barbie is so popular, why do you have to buy her friends?
Re: apt sources.list for wheezy-to-jessie distro upgrade
On 27/11/2017 11:21, Matus UHLAR - fantomas wrote: simply change all "wheezy" strings to "jessie" in sources.list On 27.11.17 11:43, Adam Weremczuk wrote: Currently I have: deb http://httpredir.debian.org/debian/ wheezy main contrib non-free deb-src http://httpredir.debian.org/debian/ wheezy main contrib non-free deb http://security.debian.org/ wheezy/updates main contrib non-free deb-src http://security.debian.org/ wheezy/updates main contrib non-free deb http://httpredir.debian.org/debian/ wheezy-updates main contrib non-free deb-src http://httpredir.debian.org/debian/ wheezy-updates main contrib non-free deb http://hwraid.le-vert.net/debian wheezy main So a simple wheezy -> jessie following by jessie -> stretch substitutions will provide me with the latest sources? yes. in your case, it applies for http://hwraid.le-vert.net/debian source too, although there may be some repositories who don't update often... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #9: Out of error messages.
Re: apt sources.list for wheezy-to-jessie distro upgrade
On 27.11.17 11:03, Adam Weremczuk wrote: I'm about to distro upgrade wheezy 7.11 to (the latest) jessie. Following by jessie to stretch distro upgrade at some point later. Would this be my best choice for /etc/apt-sources.list (for step one): deb http://ftp.uk.debian.org/debian jessie main contrib non-free deb-src http://ftp.uk.debian.org/debian jessie main contrib non-free deb http://security.debian.org/ jessie/updates main contrib non-free simply change all "wheezy" strings to "jessie" in sources.list -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)elete
libclamunrar7 i386 only deb7u1
Hello, debsecan reports that there's security update available for libclamunrar. However there's no newer version available for my system: libclamunrar7: Installed: 0.99-0+deb7u1 Candidate: 0.99-0+deb7u1 Version table: *** 0.99-0+deb7u1 0 500 file:/mount/mirrors/debian/ wheezy/non-free i386 Packages 500 file:/mount/mirrors/debian/ wheezy-updates/non-free i386 Packages 100 /var/lib/dpkg/status Looking at it there's version 0.99-0+deb7u2 available, but only for amd64 architecture, my system is i386: https://packages.debian.org/wheezy/libclamunrar7 I haven't found any reason in bug reports or changelog mentioning that this bug would not affect i386 arch. Maybe I did not search thoroughly enough? Or should I fill a bug report for this? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. How does cat play with mouse? cat /dev/mouse
Re: openssh_7.2p2+ availability for wheezy
On 27.07.17 15:42, Adam Weremczuk wrote: These are the vulnerability I'm referring to and they have been addressed in OpenSSH versions 6.6 and 7.2p2: Threat 1: The sshd server fails to validate user-supplied X11 authentication credentials when establishing an X11 forwarding session. An authenticated user may inject arbitrary xauth commands by sending an x11 channel request that includes a newline character in the x11 cookie. Please note that Systems with X11Forwarding enabled are affected. Affected Versions: OpenSSH versions prior to 7.2p2 you are apparently talking about CVE-2016-3115 https://security-tracker.debian.org/tracker/CVE-2016-3115 see noted at bottom: [jessie] - openssh (Minor issue) [wheezy] - openssh (Minor issue) this was apparently resolved as minor, so no DSA was issued. Threat 2: The security issue is caused by an error within the "child_set_env()" function (usr.bin/ssh/session.c) and can be exploited to bypass intended environment restrictions by using a substring before a wildcard character. Affected Versions: OpenSSH Versions prior to 6.6 are affected apparently CVE-2014-2532 openssh (PTS) wheezy 1:6.0p1-4+deb7u4fixed wheezy (security) 1:6.0p1-4+deb7u6fixed jessie (security), jessie 1:6.7p1-5+deb8u3fixed stretch 1:7.4p1-10+deb9u1 fixed buster, sid 1:7.5p1-5 fixed fixed long ago -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges.
Re: unattended upgrades don't work in wheezy
On 09.07.17 15:41, Chris Lamb wrote:
Is this https://bugs.debian.org/762965 ?
I don't think so. That bug is caused by someone making changes to config
file ("For extra security i have added the parameter n=wheezy.")
Ah okay, thanks.
Can you file a new bug against unattended-upgrades with a "Version:" field
of "0.79.5+wheezy2"?
On 09.07.17 17:06, Matus UHLAR - fantomas wrote:
either I did already or I miss something:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867169
and someone has reported it as bug 867728:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867728
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.
Re: unattended upgrades don't work in wheezy
On 09.07.17 15:41, Chris Lamb wrote:
>Is this https://bugs.debian.org/762965 ?
I don't think so. That bug is caused by someone making changes to config
file ("For extra security i have added the parameter n=wheezy.")
Ah okay, thanks.
Can you file a new bug against unattended-upgrades with a "Version:" field
of "0.79.5+wheezy2"?
either I did already or I miss something:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867169
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her friends?
Re: unattended upgrades don't work in wheezy
On Tue, Jul 4, 2017 at 10:02 PM, Matus UHLAR wrote:
I just found out that the unattended-upgrades package in wheezy does not
upgrade packages although configured to do it.
On 2017-07-04 22:13:44, Paul Wise wrote:
I note that this same situation will apply to jessie when it becomes
oldoldstable.
I haven't tested the default stretch sources.list and u-u configuration.
luckily, with the configuration shown one paragraph below it won't.
admins using modified config file will have to take care...
On 04.07.17 10:38, Antoine Beaupré wrote:
I can at least say it seems to be fixed in stretch. This is my stretch
system's default u-u config:
"origin=Debian,codename=${distro_codename},label=Debian-Security";
It seems we should be using the codename there ("wheezy") and not the
archive name ("oldstable") as the latter has the risk of doing
unexpected major updates, although I suspect u-u may have built-in
protections against this.
On 04.07.17 17:13, Matus UHLAR - fantomas wrote:
I believe it has. This is however a problem of sources-list configuration,
not u-u itself.
Therefore when we fix this, we should use codename, if that's supported
in wheezy. There were issues with codename matching, however (#704087)
which may make that impossible, so we may be forced to do the
"oldoldstable" trick...
I have tried it and unfortunately it does not work. We apparently need the
oldoldstable trick...
so, can we expect updated package to appear in wheezy soon?
should I bug someone or is anyone taking a look at it?
thanks
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Atheism is a non-prophet organization.
Re: unattended upgrades don't work in wheezy
On 04.07.17 10:38, Antoine Beaupré wrote:
Adding the bug in CC.
so am I.
On Tue, Jul 4, 2017 at 10:02 PM, Matus UHLAR wrote:
I just found out that the unattended-upgrades package in wheezy does not
upgrade packages although configured to do it.
On 2017-07-04 22:13:44, Paul Wise wrote:
I note that this same situation will apply to jessie when it becomes
oldoldstable.
I haven't tested the default stretch sources.list and u-u configuration.
This is a recurring problem, but I think it was fixed in more recent
releases (e.g. jessie). It was reported in #762965 before and I believe
those bugs may need to be merged.
I didn't feel that to be the same problem, because its submitter changed
configuration manually (different behaviour can be expected in such case).
u-u worked well with default 50unattended-upgrades on wheezy machines,
until stretch release 3 weeks ago.
I can at least say it seems to be fixed in stretch. This is my stretch
system's default u-u config:
"origin=Debian,codename=${distro_codename},label=Debian-Security";
It seems we should be using the codename there ("wheezy") and not the
archive name ("oldstable") as the latter has the risk of doing
unexpected major updates, although I suspect u-u may have built-in
protections against this.
I believe it has. This is however a problem of sources-list configuration,
not u-u itself.
Therefore when we fix this, we should use codename, if that's supported
in wheezy. There were issues with codename matching, however (#704087)
which may make that impossible, so we may be forced to do the
"oldoldstable" trick...
I have tried it and unfortunately it does not work. We apparently need the
oldoldstable trick...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #98652: Operation completed successfully.
Re: CVE-2016-2313 fix wrong
On 28/07/16 13:35, Matus UHLAR - fantomas wrote: i believe the fix for CVE-2016-2313 in CVE-2016-2313-authentication-bypass.patch is invalid. On 28.07.16 14:26, Emilio Pozuelo Monfort wrote: Thanks for the report. I'll look at it later today. I have posted cacti bug http://bugs.cacti.net/view.php?id=2697 and attached patch http://bugs.cacti.net/file_download.php?file_id=1229=bug that should fix the issue. The patch is to be applied to "fixed" version in debian -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)elete
CVE-2016-2313 fix wrong
Hello,
i believe the fix for CVE-2016-2313 in
CVE-2016-2313-authentication-bypass.patch is invalid.
Quoting the authorization settings:
Web Basic Authentication - Authentication is handled by the web server.
Users can be added or created automatically on first login if the Template
User is defined, otherwise the defined guest permissions will be used.
this patch makes authentication fail when the template user is not set, but
the guest user is set, while in such case guest user should be used.
Unfortunely the original bug report does not have fix for this, and the last
comment says:
"
(0007083)
cigamit (developer)
2016-03-06 11:01
agree and it's been re-fixed in 1.0. Will backport shortly.
"
I believe that the patch could be fixed simply by changing the test from:
+ if (!$user && read_config_option('user_template') == '0') {
to something like:
+ if (!$user && read_config_option('user_template') == '0' &&
read_config_option('guest_user') == '0') {
and of course the error messages:
+ cacti_log("ERROR: User '" . $username . "' authenticated by
Web Server, but a Template User is not defined in Cacti. Exiting.", false, 'AUTH');
+ $username = htmlspecialchars($username);
+ auth_display_custom_error_message("$username authenticated
by Web Server, but a Template User is not defined in Cacti.");
to:
+ cacti_log("ERROR: User '" . $username . "' authenticated by
Web Server, but a Template User and a Guest User are not defined in Cacti. Exiting.", false,
'AUTH');
+ $username = htmlspecialchars($username);
+ auth_display_custom_error_message("$username authenticated
by Web Server, but a Template User and a Guest User are not defined in Cacti.");
this seems to work on our cacti installation.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Enter any 12-digit prime number to continue.
Re: Archive of squeeze-lts ?
On Thu, 24 Mar 2016, Luke Hall wrote: I'm seeing this when trying to fetch lts packages from archive.debian.org at the moment. Anyone know a good contact for them? E: Release file expired, ignoring http://archive.debian.org/debian/dists/squeeze-lts/Release (invalid since 9d 1h 10min 4s) On 24.03.16 17:43, Alexander Wirt wrote: Thats expected and won't change. Time to upgrade. On 2016-03-27 15:01:01, Matus UHLAR - fantomas wrote: some time ago I have upgraded few lenny hosts (on private networks) from achive to latest lenny available, without error message of this kind. Happily works before I'm able to transfer services to new installation. I would like to do the same with squeeze withoud need to manually avoid the apt warnings... On 28.03.16 18:04, Antoine Beaupré wrote: Unfortunately, this won't be possible. They key expired and, since squeeze was archived, it is not possible (or at least, really inconvenient and unusal) to renew that key. funny, I was able to do the above with expired key, from archive.d.o. the archive key was expired, the only difference was release file not expired... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I'm not interested in your website anymore. If you need cookies, bake them yourself.
Re: Archive of squeeze-lts ?
On Thu, 24 Mar 2016, Luke Hall wrote: I'm seeing this when trying to fetch lts packages from archive.debian.org at the moment. Anyone know a good contact for them? E: Release file expired, ignoring http://archive.debian.org/debian/dists/squeeze-lts/Release (invalid since 9d 1h 10min 4s) On 24.03.16 17:43, Alexander Wirt wrote: Thats expected and won't change. Time to upgrade. some time ago I have upgraded few lenny hosts (on private networks) from achive to latest lenny available, without error message of this kind. Happily works before I'm able to transfer services to new installation. I would like to do the same with squeeze withoud need to manually avoid the apt warnings... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Have you got anything without Spam in it? - Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
Re: squid3 LTS assertion errors
El 02/03/16 a las 13:45, Matus UHLAR - fantomas escribió: since upgrade to LTS squid3 version 3.1.6-1.2+squeeze6, it repeatedly crashes with assertion errors: 2016/03/01 06:58:31| assertion failed: forward.cc:298: "fd == server_fd" ... 2016/03/01 07:16:54| assertion failed: forward.cc:298: "fd == server_fd" 2016/03/01 07:17:16| assertion failed: forward.cc:491: "server_fd == fd" 2016/03/01 07:17:38| assertion failed: forward.cc:298: "fd == server_fd" 2016/03/01 07:17:42| assertion failed: forward.cc:491: "server_fd == fd" 2016/03/01 07:17:54| assertion failed: forward.cc:298: "fd == server_fd" I have solved this by upgrading to wheezy version, but this is not correct way to push users to wheezy ;-) On 02.03.16 19:09, santiag...@riseup.net wrote: I'm sorry about this. I didn't identify this crash, squid3 has been running on my squeeze test setup without any trouble. no problem, I just wanted to inform... now I wonder if it's possible to upload a fix ;-) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. REALITY.SYS corrupted. Press any key to reboot Universe.
squeeze-lts on archive.debian.org?
Hello, as long as I wasn't able access main squeeze archive on my debian mirror, (when) will the rest be moved to archive.debian.org? I mean the (volatile) updates, security, lts and apparently backports. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Microsoft dick is soft to do no harm
squid3 LTS assertion errors
Hello, since upgrade to LTS squid3 version 3.1.6-1.2+squeeze6, it repeatedly crashes with assertion errors: 2016/03/01 06:58:31| assertion failed: forward.cc:298: "fd == server_fd" ... 2016/03/01 07:16:54| assertion failed: forward.cc:298: "fd == server_fd" 2016/03/01 07:17:16| assertion failed: forward.cc:491: "server_fd == fd" 2016/03/01 07:17:38| assertion failed: forward.cc:298: "fd == server_fd" 2016/03/01 07:17:42| assertion failed: forward.cc:491: "server_fd == fd" 2016/03/01 07:17:54| assertion failed: forward.cc:298: "fd == server_fd" I have solved this by upgrading to wheezy version, but this is not correct way to push users to wheezy ;-) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux is like a teepee: no Windows, no Gates and an apache inside...
Re: Wiki update LTS/Using and EOL announcement
On 29-02-16 12:35, Markus Koschany wrote: We recommend that you upgrade your systems to Debian 7 "Wheezy". On 29.02.16 19:59, Paul Gevers wrote: /me wonders, do we really recommend that? I would say we recommend our users to upgrade to the current stable (via Wheezy), no? And wheezy-lts is there for those that can't or won't upgrade now from wheezy to jessie (maybe coming from squeeze, true). But if you are upgrading, why not do it "right" if you can? you only can upgrade to wheezy directly. upgrade accross versions is not supported. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux IS user friendly, it's just selective who its friends are...
Re: Upgrading from Debian 6.0 LTS to 7
On 02/20/2016 01:17 PM, Alexis Grigoriou wrote: or is there more that I need to do since my installation has LTS support? One thing that comes to mind is the "squeeze-lts" entry in /etc/apt/sources.list. Does that need to be removed prior to upgrading or does the upgrade process take care of that itself? On 20.02.16 20:46, Miroslav Skoric wrote: Probably it would be enough to do the following: at first to update as much as possible with the actual "squeeze-lts" entry, following by changing all "squeeze-lts" and "squeeze" entries to "wheezy" and update/upgrade it again in some way of a 'safe upgrade' (there is some syntax on the web how to do that, and that step will upgrade only the kernel parts of the system), and finally to do full upgrade again (all the rest packages in the system). I see currently two possible issues in replacing squeeze with wheezy: 1. does wheezy-lts exist already on mirrors? (doesn't seem so) 2. there's still ongoing security support for wheezy, but there is not for squeeze. If anyone removed security mirror from squeeze's sources.list, will stop having security updates. I know that shouldn't happen - I have asked about this some time ago and was advised to leave sources.list as they were, including volatile and security updates. BUT: https://wiki.debian.org/LTS/Using - only mentions having only squeeze and squeeze-lts, so user updating that config for wheezy would lose updates (including security). It would be much better to keep all currently archives working and being used. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Support bacteria - they're the only culture some people have.
Re: Preparing to announce Squeeze LTS end-of-life
On 02/09/2016 05:04 AM, Bret Busby wrote: End of Life on Valentines Day? So, Valentines Day means death to many lifes? A Valentines Day Massacre? (Someone had to say it...) On 09.02.16 17:05, Miroslav Skoric wrote: To prevent the 'end of life' I upgraded my old comp to wheezy some time ago, despite being told to throw the old box to the junk-yard. It is awfully slw now. I wonder if it is in its 'afterlife' :-) so, are you prepared for valentine's day massacre? or have you tried something like memory upgrade? I notice slowdown when logging to lxde after upgrading to jessie, however I think most of problems aren't related to HW performance, I remember ~18 tears ago when installing dnsmasq locally speed up my computer much. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. You have the right to remain silent. Anything you say will be misquoted, then used against you.
Re: eglibc 2.11.3-4+deb6u9 crashes php on reload
Santiago Ruano Rincón <santiag...@riseup.net> writes: It should be part of libc6-i686 [i386] On 08.02.16 21:18, Brian May wrote: Oh, right. Only available on i386. So maybe you need i386 not amd64 to reproduce this problem? (squeeze-i386-default)root@prune:/home/brian# objdump -T /lib/i686/cmov/libm.so.6 | grep __strtod_nan DF *UND* GLIBC_2.0 __strtod_nan That doesn't look healthy to me. OK, this is the error from amd64 server (wrapped again): apache2: Syntax error on line 203 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/mods-enabled/php5.load: Cannot load /usr/lib/apache2/modules/libphp5.so into server: /lib/libm.so.6: symbol __strtold_nan, version GLIBC_2.2.5 not defined in file libc.so.6 with link time reference -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. A day without sunshine is like, night.
eglibc 2.11.3-4+deb6u9 crashes php on reload
Package: eglibc Version: 2.11.3-4+deb6u9 Hello, after updating libc6 to 2.11.3-4+deb6u9 we have notices all apache servers with mod_php loaded to crash after reload, with message: apache2: Syntax error on line 203 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/mods-enabled/php5.load: Cannot load /usr/lib/apache2/modules/libphp5.so into server: /lib/i686/cmov/libm.so.6: symbol __strtod_nan, version GLIBC_2.0 not defined in file libc.so.6 with link time reference (wrapped for better readability). apparently caused by fix of bug #813187 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #9: Out of error messages.
Re: eglibc 2.11.3-4+deb6u9 crashes php on reload
Matus UHLAR - fantomas <uh...@fantomas.sk> writes: /lib/i686/cmov/libm.so.6: symbol __strtod_nan, version GLIBC_2.0 not defined in file libc.so.6 with link time reference On 08.02.16 20:44, Brian May wrote: I believe it should be using GLIBC_2.2.5 for the version, not GLIBC_2.0 At least GLIBC_2.2.5 appears to be what is getting exported. If I am reading the following correctly: (squeeze-amd64-default)root@prune:/tmp/eglibc-2.11.3# objdump -T /lib/libc.so.6 | grep __strtod_nan 0003efc0 gDF .text 00ab GLIBC_2.2.5 __strtod_nan Which package owns /lib/i686/cmov/libm.so.6? Guessing it is related to /lib/libm.so.6? (squeeze-amd64-default)root@prune:/tmp/eglibc-2.11.3# objdump -T /lib/libm.so.6 | grep __strtod_nan DF *UND* GLIBC_2.2.5 __strtod_nan Not sure I can see the problem. Maybe something wrong with Matus' libm.so.6? all those systems are LTS since LTS exists. some are i386, some are amd64. they seem to have the same set of modules I found another two that crashed through night. I also found ONE where apache continued run without crash. It's the only one with 32bit system and amd64 kernel, but another difference that apache is reloaded here weekly (daily on other machines). I keep looking at it... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "They say when you play that M$ CD backward you can hear satanic messages." "That's nothing. If you play it forward it will install Windows."
Re: Further Review Of MySQL 5.5 Packages [1]
El 01/12/15 a las 08:30, Scott Kitterman escribió: Upgrading with 5.1 already installed does seem to be somewhat problematic. I believe this is primarily because mysql-common-5.5 Breaks Breaks: mysql-server and client-5.1 while mysql-server/client-5.5 require mysql-common-5.5 so we end up stuck in a bit of a dependency loop. I got most of the way there with dpkg and --auto-deconfigure in my testing and managed it with a bit of manual futzing. Perhaps apt would do better. On 02.12.15 11:21, Santiago Ruano Rincón wrote: Indeed, apt does better. I don't get issues upgrading from mysql-5.1. this reminds me that I've had troubles updating mysql from squeeze to wheezy on two machines. In both cases innodb got corrupted nad in both cases I wasn't able to fix it with forced recovery ... hope nobody will -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I drive way too fast to worry about cholesterol.
Re: The content of /etc/apt/sources.list
On 23.05.15 09:21, Miroslav Skoric wrote: Probably after some faulty misconfiguration I lost some lines in /etc/apt/sources.list so I am not sure now what is the proper content of it. In fact, I started to use squeeze a couple of years ago by installing the first ten CDs of its release 6.0.1a and by time upgraded to 6.0.10 and at some points I also added backports and squeeze-lts to the sources list. However I am not sure now if the system is updated properly, so would appreciate advices on the most appropriate content of /etc/apt/sources.list deb http://httpredir.debian.org/debian/ squeeze main contrib non-free deb-src http://httpredir.debian.org/debian/ squeeze main contrib non-free deb http://httpredir.debian.org/debian/ squeeze-updates main contrib non-free deb-src http://httpredir.debian.org/debian/ squeeze-updates main contrib non-free deb ftp://security.debian.org/debian-security/ squeeze/updates main contrib non-free deb-src ftp:/security.debian.org/debian-security/ squeeze/updates main contrib non-free deb http://httpredir.debian.org/debian/ squeeze-lts main contrib non-free deb-src http://httpredir.debian.org/debian/ squeeze-lts main contrib non-free Secondly, having in mind that squeeze-lts will be retired next February, I've been thinking on upgrading this comp to wheezy. The main issue is that is an old box (Celeron II 400 MHz, 224 meg RAM, most of the internal cards are ISA, etc), so I wonder if it would accept the upgrade. According to some websites, it seems that should be possible, however I would like to hear advices on that. This machine is primarily used as a firewall-router for the other two comps in the home LAN, and it has an ISA dial-up modem Zoltrix and USB wifi connectivity on it, Xfce, icedove, etc. All of that works with squeeze-lts although as expected the comp is pretty slow. I wonder if upgrading to wheezy (or wheezy-lts if available) would be feasible here, or I should look for other options. Thank you. tried searching for more RAM? there's also some small probability to get better/faster CPU for the same socket, e.g. Pentium 3. I'm afraid xfce won't be very fast on such machine, switching to LXDE _could_ help (not sure tho). However, if the machine acts as FW/GW, you don't really need X there... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #98652: Operation completed successfully. -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150523103625.ga28...@fantomas.sk
Re: security.debian.org vs debian-lts respository
Sorry for bringing this again, but... On 08.10.14 13:32, Adam D. Barratt wrote: Those are all the same source package. And, no, they weren't missed. The openjdk-6 updates were unfortunately not able to be included, as mentioned in https://lists.debian.org/debian-announce/2014/msg6.html (albeit only by DSA reference). Specifically, because the openjdk-6 DSA packages for wheezy FTBFS on some architectures, wheezy currently contains 6b27-1.12.5-1. Accepting the squeeze-security packages as part of a point release would have led to oldstable having a higher version of the packages than stable on some architectures, which would be broken. On 2014-10-08 15:07, Matus UHLAR - fantomas wrote: Is this still applicable? We only have 2 architectures in LTS and if we want to clear security updates, it would be good that security updates were still available... On 08.10.14 17:01, Adam D. Barratt wrote: Updating openjdk-6 in LTS to a version 6b27-1.12.5-1 will still cause the same problem, yes. I haven't checked the archive constraints for -lts, but certainly having it contain more recent packages than wheezy would at the very least break the principle of least surprise. this would cause problems only when updating from squeeze with security updates to wheezy without security updates... is that still an issue? and to get back to the old point of this thread: there are still people having installed packages from squeeze/updates, if they remove this repository from sources.list, they will have unknown version installed, which is not nice thing... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Your mouse has moved. Windows NT will now restart for changes to take to take effect. [OK] -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141106150248.ga2...@fantomas.sk
Re: Query about validity of updates
On 08.10.14 15:32, Bret Busby wrote: I have just booted up a Debian 6 LTS system (laptop), and found an update notification (panel applet notification). The problem is that, in Synaptic, that it opens up, I get a list of unauthenticated updates, with the same packages being listed also as upgrades, and, when I close Synaptic, and click on the panel yellow star notification icon, when that opens Update Manager, I get the list of updates, as Third-party updates, and both include various apache, bash, php, and library packages. This is not consistent with what I expect for the particular packages, and, I do not remember getting these results, when I updated this Debian 6 LTS system, from which I am sending this message. Thus, I am not confident that the update system, has not been breached. Could what is happening, be clarified, please? do you have actual debian-archive-keyring package? Could you try to verify this by using apt/aptitude? maybe your synaptic doesn't truts LTS because of old keyring installed. (I don't use synaptic, this may a bug in it as well) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam is for losers who can't get business any other way. -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141016075722.ga27...@fantomas.sk
Re: security.debian.org vs debian-lts respository
On 2014-10-04 11:30, Matus UHLAR - fantomas wrote: What about squeeze-updates (formerly volatile)? Are they still needed? Are security fixes applied to packages in squeeze or squeeze-updates? On 04.10.14 12:09, Adam D. Barratt wrote: That question doesn't make sense. squeeze-updates is a strict subset of squeeze (technically squeeze+o-p-u, until a point release). There are never packages in squeeze-updates which are not also in squeeze+o-p-u. this is what I wanted to know and what I hoped for... I think I have already asked about that some time ago. (In fact, I'm tempted to clear out squeeze-updates, as all of the packages have now been part of a point release and are thus in squeeze proper.) there still are versions in security that are lower in main, were they missed openjdk-6-jre: Installed: 6b31-1.13.3-1~deb6u1 Candidate: 6b31-1.13.3-1~deb6u1 Version table: *** 6b31-1.13.3-1~deb6u1 0 500 http://security.debian.org/ squeeze/updates/main amd64 Packages 100 /var/lib/dpkg/status 6b18-1.8.13-0+squeeze2 0 500 http://ftp.sk.debian.org/debian/ squeeze/main amd64 Packages davfs2: Installed: (none) Candidate: 1.4.6-1.1+squeeze1 Version table: 1.4.6-1.1+squeeze1 0 500 http://security.debian.org/ squeeze/updates/main amd64 Packages 1.4.6-1 0 500 http://ftp.sk.debian.org/debian/ squeeze/main amd64 Packages and also others from openjdk-6 family: openjdk-6-jdk openjdk-6-doc openjdk-6-jre-headless openjdk-6-dbg openjdk-6-demo openjdk-6-source openjdk-6-jre-lib ... and even the vice versa, seems (left from before last point release?) postgresql-client: Installed: (none) Candidate: 8.4.22-0+deb6u1 Version table: 8.4.22-0+deb6u1 0 500 http://ftp.sk.debian.org/debian/ squeeze-lts/main amd64 Packages 8.4.21-0squeeze1 0 500 http://ftp.sk.debian.org/debian/ squeeze/main amd64 Packages 8.4.20-0squeeze1 0 500 http://security.debian.org/ squeeze/updates/main amd64 Packages [...] -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Nothing is fool-proof to a talented fool. -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141008115954.ga27...@fantomas.sk
Re: security.debian.org vs debian-lts respository
On 08.10.14 13:59, Matus UHLAR - fantomas wrote: there still are versions in security that are lower in main, were they missed Missed this: Were they missed during last squeeze point release? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. He who laughs last thinks slowest. -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141008120318.gb27...@fantomas.sk
Re: security.debian.org vs debian-lts respository
On Freitag, 3. Oktober 2014, Matus UHLAR - fantomas wrote: there are still packages that seem to be part of security updates, like bugzilla3 and openswan https://packages.debian.org/search?keywords=openswan On 03.10.14 16:48, Holger Levsen wrote: oh, you found a bug in the archive: openswan was removed from squeeze on 2014-07-19 as you can see https://packages.qa.debian.org/o/openswan.html and the same is true for https://packages.qa.debian.org/b/bugzilla.html i was just checking my local pkg files ... :) but/so these packages should also have been removed from oldstable-security, thus cc:ing the ftpmaster team, to make them aware. Shall I file a bug so that this doesn't get forgotten? imho, yes... btw, installing the debian-security-support package would also have told you that these packages are not supported anymore./hint :-) I do have that one. well unfortunately it's not in wheezy yet. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 99 percent of lawyers give the rest a bad name. -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141004073631.gb12...@fantomas.sk
Re: security.debian.org vs debian-lts respository
On Dienstag, 17. Juni 2014, Evgeni Golov wrote: No, please *extend* the list. Not replace it. https://wiki.debian.org/LTS/Using If you remove squeeze and/or squeeze security, dependencies will become unresolvable. On 03.10.14 15:42, Holger Levsen wrote: squeeze-security isn't needed, the last point release has happened and all packages have been moved from there to squeeze proper. Good, I have asked about this some time ago... So only squeeze and squeeze-lts are needed. I'm updating https://wiki.debian.org/LTS/Using to reflect this again. What about squeeze-updates (formerly volatile)? Are they still needed? Are security fixes applied to packages in squeeze or squeeze-updates? btw, installing the debian-security-support package would also have told you that these packages are not supported anymore./hint :-) On Samstag, 4. Oktober 2014, Matus UHLAR - fantomas wrote: I do have that one. well unfortunately it's not in wheezy yet. On 04.10.14 10:12, Holger Levsen wrote: there is a backport in wheezy-backports. not the same, using backports is not necessary but having debian-security-support would be nice in wheezy too. Maybe it's time to ask release manager? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges. -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141004103044.ga13...@fantomas.sk
Re: security.debian.org vs debian-lts respository
On Dienstag, 17. Juni 2014, Evgeni Golov wrote: No, please *extend* the list. Not replace it. https://wiki.debian.org/LTS/Using If you remove squeeze and/or squeeze security, dependencies will become unresolvable. On 03.10.14 15:42, Holger Levsen wrote: squeeze-security isn't needed, the last point release has happened and all packages have been moved from there to squeeze proper. So only squeeze and squeeze-lts are needed. I'm updating https://wiki.debian.org/LTS/Using to reflect this again. there are still packages that seem to be part of security updates, like bugzilla3 and openswan -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. A day without sunshine is like, night. -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141003140408.ga3...@fantomas.sk
Re: security.debian.org vs debian-lts respository
On Freitag, 3. Oktober 2014, Matus UHLAR - fantomas wrote: there are still packages that seem to be part of security updates, like bugzilla3 and openswan On 03.10.14 16:17, Holger Levsen wrote: I don't see these source packages in squeeze at all, where do you see them? https://packages.debian.org/search?keywords=openswan and in /var/lib/apt/lists -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. On the other hand, you have different fingers. -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141003143915.ga4...@fantomas.sk
Re: LTS for Debian 6.0.7
On 29.09.14 11:23, Björn Daunfeldt wrote: Im running Debian 6.0.7 on two servers, for me to use the latest updates(security for bash and future ones) for my system i need to get the lts repository if i understand it correct. Im wondering if what I wrote above is correct? If i add the lts repository to my Debian 6.0.7 it will get the security updates? note that Debian 6 is already at 6.0.10. You should apparently use security updates along with LTS ... it may not work properly without them. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #98652: Operation completed successfully. -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140929100020.ga2...@fantomas.sk
Re: [SECURITY] [DSA 2954-1] dovecot security update
On Tue, Jun 10, 2014 at 5:51 AM, Brandon Vincent wrote: Squeeze-LTS is maintained by volunteers rather than the Debian security team. If a package is released, a notification should be posted to the debian-lts-announce mailing list. On 10.06.14 07:57, Paul Wise wrote: I guess you mean s/rather/other/ there? AFAIK rather is correct, some of people are the same (and thus not other). PS: why was the separation between the squeeze/squeeze-lts suites and between debian-security/debian-lts necessary at all? I'm failing to understand the decisions here. AFAIK it's just because of the above. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I drive way too fast to worry about cholesterol. -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140610101335.ga7...@fantomas.sk
