Re: [arch-general] postgres 12

Checking the bug tracker should be the first spot to look for an answer https://bugs.archlinux.org/task/68601 Local files got mixed after the test build as the tree contained a rebuild bump. Just wait for -3 hitting the repos and upgrade to it. Cheers

Re: [arch-general] Update to Boost Libraries

On October 7, 2020 11:58:52 PM GMT+02:00, karx via arch-general wrote: >On Wed, Oct 7, 2020 at 3:05 PM Jayesh Badwaik via arch-general < >arch-general@archlinux.org> wrote: >How long has the updated version been available? If it was just >released >then it will take some time for it to get

Re: [arch-general] usbguard package neglected

On 6/24/20 11:37 PM, arch user via arch-general wrote: > Hello, > > the package usbguard was flagged out of date in november. Three new > versions came out since then. A package update or any info on this would > be greatly appreciated. > > Kind regards > The trust chain is broken as the

Re: [arch-general] A few out of date packages

On 2/12/20 12:58 AM, Genes Lists via arch-general wrote: > I've selected a few to highlight based on age and my own view of > importance (no claim its a good view). > > So, here's a few that might benefit from an update: >Cal Pkg > Name

Re: [arch-general] Pacman Database Signatures

On 2/2/20 10:59 PM, Christopher W. via arch-general wrote: > Hi. The wiki states that database signatures for pacman are currently > a work in progress. It's been that way for a long time, so I assume > there is no "progress" happening. What is currently in the way of this > much-needed security

Re: [arch-general] Does Arch Linux support containers, dockers and Kubernetes?

On 10/1/19 12:58 AM, Turritopsis Dohrnii Teo En Ming via arch-general wrote: > Noted with thanks. > > [...] @Turritopsis Dohrnii Teo En Ming @José Vilmar Estácio de Souza Please do not top-post. On all Arch mailing lists we have a bottom-post policy for replies (it also makes reading posts more

Re: [arch-general] CVE-2019-11477 (/proc/sys/net/ipv4/tcp_sack)

On 6/21/19 8:25 AM, David C. Rankin wrote: > After 5.12.1 is there any further mitigation needed for: > > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477 > > related: > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478 >

Re: [arch-general] Is it secure to just sign repository databases?

On June 16, 2019 5:57:34 PM GMT+02:00, Eli Schwartz via arch-general wrote: >That being said, if you have signed the repository db then as you >mentioned the sha256 checksums for the package file are securely >signed, >so you are guaranteed that use of pacman -S pkgname will securely >verify

Re: [arch-general] steam-native can't find libpcre.so.3, breaks embedded browser

On April 4, 2019 7:11:07 PM GMT+02:00, Maarten de Vries via arch-general wrote: >A better fix is mentioned on the steam forum [1] by a WorMzy: >> $ export >LD_PRELOAD="/usr/lib/libgio-2.0.so.0:/usr/lib/libglib-2.0.so.0" >> $ steam-native > >Apparently those libraries still come from the steam

Re: [arch-general] BrlTTY Hard Dependency on eSpeak

As already stated, may you just wait until it's rules out, problems with other packages fixed, rebuild and replaced? Thanks

Re: [arch-general] BrlTTY Hard Dependancy on eSpeak

On February 14, 2019 12:17:02 AM GMT+01:00, "brent s." wrote: >On 2/13/19 5:18 PM, Doug Newgard via arch-general wrote: >> On Wed, 13 Feb 2019 15:25:19 -0500 >> "brent s." wrote: >> >>> On 2/13/19 3:16 PM, Storm Dragon via arch-general wrote: Hi, I'm having some issues with

Re: [arch-general] How to have multiple JDKs parallel?

On 9/17/18 6:27 PM, Doug Newgard via arch-general wrote: > > Going forward with the new release policies, would it be better to just have > an > openjdk/openjre package that's always the latest version, then versioned > packages for the lts releases, such as they are? > This is exactly what

Re: [arch-general] AppArmor support

On 9/10/18 7:31 PM, Geo Kozey wrote: >> >> From: Levente Polyak >> Sent: Mon Sep 10 18:42:14 CEST 2018 >> To: Geo Kozey >> Cc: General Discussion about Arch Linux >> Subject: Re: [arch-general] AppArmor support &

Re: [arch-general] AppArmor support

On 9/10/18 5:58 PM, Geo Kozey wrote: > I think you may consider disabling CONFIG_PANIC_ON_OOPS in linux-hardened > default config. Preventing users from being able to debug and report their > issues upstream or even discouraging them from using linux-hardend at all is > quite a big cost of it.

Re: [arch-general] AppArmor support

On 9/10/18 1:43 PM, Carsten Mattner wrote: > On 9/10/18, Levente Polyak via arch-general > wrote: >> Just a crazy idea but how about contributing back instead of just >> complaining? People on the bug tracker always help guiding how to report >> upstream or finding releva

Re: [arch-general] AppArmor support

On 9/9/18 10:26 PM, Carsten Mattner via arch-general wrote: > On 9/9/18, Gus wrote: >> Linux-hardened doesn't support hibernation and i think it's overkill to >> use it on desktop. > > Not arguing in anyway for or against AppArmor, just another > data point regarding linux-hardened 4.17 and

Re: [arch-general] Unresponsive maintainer

On July 30, 2018 5:14:56 PM GMT+02:00, "данила кивер via arch-general" wrote: > >I want one of his packages ( >https://www.archlinux.org/packages/extra/x86_64/visualvm ) to be >updated because an important bug was fixed in the upstream (I've >already built this package, installed and tested

Re: [arch-general] Kernel modules not loaded after Linux update

On 07/23/2018 10:43 AM, Ralf Mardorf wrote: > [1] > 4.17.8 still in Core allegedly also contains it. > > $ grep pkg.e.= linux/repos/core-x86_64/PKGBUILD > pkgver=4.17.8 > pkgrel=1 > $ grep SALSA linux/repos/core-x86_64/config > CONFIG_CRYPTO_SALSA20=m > CONFIG_CRYPTO_SALSA20_X86_64=m > > I

Re: [arch-general] valgrind 3.13.0-6 exclusions broken again

On April 7, 2018 6:18:39 AM GMT+02:00, "David C. Rankin" wrote: >On 04/01/2018 07:43 PM, David C. Rankin wrote: >> >> >> I was looking for confirmation of the bug and whether the devs want >it >> filed here to track or to not waste time filing with Arch and just

Re: [arch-general] OpenRA / Mono exceptions

On March 2, 2018 12:38:33 PM GMT+01:00, Dan Haworth wrote: >On 02/03/18 11:17, Alajos Odoyle wrote: >> On 2018-03-02 11:38, Dan Haworth wrote: >>> >>> I had the same issue, seems to be related to the following bug >>> https://github.com/mono/mono/issues/6752. I downgraded

Re: [arch-general] Arch install broken by invalid signatures (anthraxx) using 201610 iso

On 01/08/2017 08:11 AM, David C. Rankin wrote: > I'll download a new iso and try, but I'd be > surprised if an iso less than 5 months old no longer works? > Well IMO 5 months is pretty damn ancient in the Arch Linux world. :p Most of the time a simple keyring package update does the trick:

Re: [arch-general] Stronger Hashes for PKGBUILDs

On 12/16/2016 06:03 AM, Eli Schwartz via arch-general wrote: > On 12/15/2016 08:35 PM, fnodeuser wrote: >> what i said is that the users must check the integrity of the sources too. >> it is not something that only the package maintainers must do. >> the users must check the PKGBUILD files to

Re: [arch-general] ensuring integrity of sources (was: [arch-dev-public] todo list for moving http -> https sources)

On 10/31/2016 10:50 PM, Leonid Isaev wrote: > On Mon, Oct 31, 2016 at 06:04:48PM +0100, Levente Polyak wrote: >> I get your point what you try to achieve but the PKGBUILD already >> contains the integrity values (checksums) for all external sources and >> if you sig

Re: [arch-general] ensuring integrity of sources (was: [arch-dev-public] todo list for moving http -> https sources)

On 10/31/2016 04:43 PM, Patrick Burroughs (Celti) wrote: > On Mon, 31 Oct 2016 16:16:21 +0100 > Levente Polyak <anthr...@archlinux.org> wrote: > >> On 10/31/2016 04:03 PM, Patrick Burroughs (Celti) wrote: >>> As a middle ground, I think it would be more rea

Re: [arch-general] [arch-dev-public] todo list for moving http -> https sources

On 10/31/2016 04:03 PM, Patrick Burroughs (Celti) wrote: > As a middle ground, I think it would be more reasonable (or at least, > less unreasonable) to modify makepkg to allow signing PKGBUILDs, or at > least parts of them. For an existing example, OpenBSD's signify(1) uses > their cryptographic

Re: [arch-general] Problem with powerdns-recursor-4.0.3-1 package

On 10/23/2016 03:10 PM, Roel de Wildt via arch-general wrote: > > Do I need something to change to make it working against 4.0.x? > After a rough look I can't reproduce your issue by playing around with the config, it just works. Something seems to eat up the responses. A better place for

Re: [arch-general] Announcing pacpak

On 07/10/2016 11:05 AM, pelzflorian (Florian Pelz) wrote: > [...] Bundles ship with the version > of their dependencies which they need. Dependencies are not > force-upgraded with the operating system, but easily upgradable by the > bundle creator. We, as the Security Team, are strongly against

Re: [arch-general] SLiM DM

On 06/13/2016 12:59 AM, David C. Rankin wrote: > [...] prevent whip-sawing all arch users who following the > recommendation in configuring their desktop from finding out their config is > broken on the first reboot after update following removal. > That's highly overdramatized, isn't it? Lets

Re: [arch-general] [arch-dev-public] Arch Linux website down

On 06/01/2016 07:02 PM, Jude DaShiell wrote: > I've been reading a thread on aur-general about too many loose git > objects and it appears the problem may be on the aur server not a user's > machine and git prune needs to be run. I am concerned that all of the > current technical difficulties may

Re: [arch-general] PIE repo considerations

On 05/16/2016 05:47 PM, Information Technology Works wrote: > I also don't understand the lack of discussion on something this > important by other devs. one person had concerns about various things > and another mentioned whether upstream would support it and that was it. > I was hoping to at

Re: [arch-general] Compositing broken on laptop, Compton and xcompmgr

On 03/12/2016 11:29 PM, Harley W wrote: > I've been using Compton on my laptop for about a year without any issues. > Recently, I noticed that transparency stopped working, and even more > recently, shadows stopped working. If I try calling Compton from the command > line I get an error saying

Re: [arch-general] JasPer vulnerabilities

On 03/07/2016 01:04 PM, Harrison Wells wrote: > Haven't reported in security list before. Should I just repost my previous > message? It's a announcement only mailing list, discussions should go here (arch-general) and most of the time we also notice and read that. However to directly report or

Re: [arch-general] [arch-security] [Announcement] Discussion about restricting arch-security for public participation

On 01/28/2016 04:29 PM, Elmar Stellnberger wrote: > Now there are different opinions about this: > Some people certainly estimate comments, questions and discussion about > security issues which do not solely pertain to updates of packages for > already known security issues. Allowing discussion

Re: [arch-general] Unknown Trust and Corrupted Package

On 01/25/2016 10:27 AM, Damjan Georgievski wrote: > huh, now what? > [...] > gpg: keyserver refresh failed: Permission denied As the error message indicates, you need to do that as root. It's also possible to grab the new archlinux-keyring package from [testing]. cheers, Levente signature.asc

Re: [arch-general] Unknown Trust and Corrupted Package

On 01/25/2016 03:17 AM, Jayesh Badwaik wrote: > Hi, > > I'm receiving message about unknown trust while trying to install the confuse > package. > Looks like people tend to forget about updating pacman keyring. pacman-key --refresh-keys cheers, anthraxx signature.asc Description:

Re: [arch-general] CVE-2015-0235: glibc / heap overflow in gethostbyname()

On 01/27/2015 05:42 PM, Ido Rosen wrote: Hi Allan others, This is a pretty big remote vulnerability, with a big attack surface. I'm not sure if this is the right list to be sending it to, but I'd suggest patching glibc right away. I think RedHat's already released an RHEL5 backported

Re: [arch-general] gnupg 2.1 not stable

besides the upstream stable release discussion (which i will leave out here) i have two small questions: On 12/17/2014 03:03 PM, Ido Rosen wrote: On the gnupg-devel mailing list I've seen a few potentially serious security issues with it. No offense, but out of interest: Could you please point

Re: [arch-general] gnupg 2.1 not stable

On 12/17/2014 07:32 PM, Ido Rosen wrote: Several security patches went into 2.1 after its release, and there continue to be patches submitted for minor issues that are borderline security/usability issues in the bug fix category. Most of those bugs at worst result in DoSes, but two of them in