On Sat, Feb 10, 2024 at 01:33:15PM +0100, Johannes Schauer Marin Rodrigues
wrote:
>
> there as a binNMU "Rebuild to sync binNMU versions" for krb5 and that
> failed for arm64, armel and ppc64el:
>
> https://buildd.debian.org/status/package.php?p=krb5
>
> The error logs look very similar:
> ***
tags -1 + fixed-upstream patch
thanks
On Tue, Jan 16, 2024 at 10:30:40AM +0100, Andreas Beckmann wrote:
> Package: openafs-modules-dkms
> Version: 1.8.10-2
> Severity: important
>
> Hi,
>
> openafs-modules-dkms fails to build a module for Linux 6.7 that was just
> uploaded to experimental:
Package: lintian
Version: 2.116.3
Severity: normal
X-Debbugs-Cc: ka...@mit.edu
I maintain openafs, which for some time has been reporting an error-level
diagnostic from lintian for missing-build-dependency-for-dh_-command ("dh_dkms
(does not satisfy dkms:any | dh-sequence-dkms:any)
Hi Gergely,
On Wed, Dec 20, 2023 at 04:26:55PM +0100, Gergely Riskó wrote:
> Hey all,
>
> Yes, OpenAFS is always a pain to work with both on the server and the
> client side. :(
>
> This time I think the client installation is harder than usual, we
> have to apply 5 patches.
Yes, there's a lot
On Wed, Sep 14, 2022 at 05:36:00PM +0100, Jose M Calhariz wrote:
> Hi
>
> I am creating a new OpenAFS cell for testing purposes and found the
> the file README.server.gz with some instructions a bit out of date.
> This makes the new cell setup dificult to a inexperienced OpenAFS
> sysadmin.
>
>
On Sun, Aug 13, 2023 at 09:21:04PM +0200, Lucas Nussbaum wrote:
> Source: openafs
> Version: 1.8.10-1
> Severity: minor
> Tags: trixie sid ftbfs
> User: lu...@debian.org
> Usertags: ftbfs-sab-20230813 ftbfs-source-after-build
> User: debian...@lists.debian.org
> Usertags: qa-doublebuild
>
> Hi,
>
Hmm, on my local machines (one running Debian, one running Ubuntu) I appear
to be seeing the expected default /tmp/krb5cc_%{uid} behavior.
I couldn't quite follow how your credentials were obtained; were they
perhaps obtained as part of the login process? The PAM configuration might
well be
tags 1010764 upstream fixed-upstream pending
thanks
On Wed, May 18, 2022 at 01:55:00AM +, Jeremy Stanley wrote:
> The fix for this appears to have merged upstream in January, so
> could probably be backported in Salsa:
>
> https://gerrit.openafs.org/14882
Indeed, upstream has been getting
I'm pretty sure that changing the master key encryption type used for new
databases has basically no upgrade considerations and could be "just done".
Updating the encryption type for that key on existing databases will have
nontrivial upgrade considerations (and in fact will not be possible to do
Hi Ben,
Thanks for detecting and reporting the build errors.
I'm a bit confused as to how this is "grave", though -- I would have
classified it as merely "serious" as for, e.g., 970258 and 995134.
For upstream, we went with a slightly different patch owing to the
unreliability of the linux
severity 995134 serious
tags 995134 upstream fixed-upstream pending
thanks
On Sun, Sep 26, 2021 at 05:07:44PM -0400, Ryan Kavanagh wrote:
> Package: openafs-modules-dkms
> Version: 1.8.6-5
> Severity: grave
> Justification: Renders package unusable
>
> The openafs dkms modules fail to build on
Package: krb5-kdc
Version: 1.15-1
Tags: security fixed-upstream
quoting from
https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
CVE-2021-37750:
In MIT krb5 releases 1.14 and later, an authenticated attacker can
cause a null dereference in the KDC by sending a FAST TGS
Yes, I started working on an upload for buster, but got a bit sidetracked
since the 1.17-3+deb10u1 in the archive was not imported into the packaging
repo previously.
I expect to make progress today.
-Ben
angelog
--- krb5-1.18.3/debian/changelog2021-03-28 10:43:01.0 -0700
+++ krb5-1.18.3/debian/changelog2021-07-21 11:07:07.0 -0700
@@ -1,3 +1,10 @@
+krb5 (1.18.3-6) unstable; urgency=high
+
+ * Pull in upstream patch to fix CVE-2021-36222 (KDC NULL dereference),
+C
It looks like the leak was independently(?) reported to upstream and fixed
in a somewhat different way, see
https://github.com/krb5/krb5/commit/593e16448e1af23eef74689afe06a7bcc86e79c7
.
The fix is marked for pullup to the stable branches, so it should get fixed
in Debian when we next import an
On Wed, Jul 21, 2021 at 07:13:49PM +0200, Salvatore Bonaccorso wrote:
>
> On Wed, Jul 21, 2021 at 10:01:23AM -0600, Sam Hartman wrote:
>
> About buster: Given the above we can fix via the upcoming point
> release for buster, I guess that can be enough in this case. What
> would happen if the
o argue for important, although if you want to push to
> serious, I won't fight it.
> I'm busy with Family obligat scattered throughout the day ions, but it
> sounded like Benjamin Kaduk
> might be available to help.
Yes, I have some time to help.
Given that Salvatore filed the report, I am ass
reopen 987690
thanks
This looks to be a typo in the changelog closer.
-Ben
On Mon, May 03, 2021 at 06:51:03PM +, Debian Bug Tracking System wrote:
> Your message dated Mon, 03 May 2021 18:48:29 +
> with message-id
> and subject line Bug#987690: fixed in libass 1:0.15.0-2
> has caused
On Fri, Apr 09, 2021 at 03:29:48PM -0400, Chaskiel Grundman wrote:
> Package: openafs-fileserver
> Version: 1.8.2-1+deb10u1
> Severity: important
>
> Dear Maintainer,
> While upgrading a system from stretch (9.9) to buster (10.9), I had a
> failure in this package:
>
> Setting up
On Mon, Mar 15, 2021 at 06:27:41AM +, Witold Baryluk wrote:
> Package: openafs-modules-dkms
> Version: 1.8.6-5
> Followup-For: Bug #985254
> X-Debbugs-Cc: witold.bary...@gmail.com
>
> Actually after digging more, it is not due to HIGHMEM. In fact the
> kmap_atomic takes single argument since
Hi Andreas,
Thanks for filing 984929.
Do you have a sense for what the cutoff should be for trying to get 984929
resolved vs. just uploading a workaround in the dkms-consuming packages
(e.g., openafs)?
Thanks,
Ben
On Wed, Mar 10, 2021 at 01:09:06PM +, Debian Bug Tracking System wrote:
>
Hi Adam,
On Sat, Feb 06, 2021 at 02:40:02PM +, Adam D. Barratt wrote:
> On Fri, 2021-02-05 at 09:17 -0800, Benjamin Kaduk wrote:
> > On Fri, Feb 05, 2021 at 05:11:31PM +, Adam D. Barratt wrote:
> > > Control: tags -1 + confirmed
> > >
> > > On Fri,
On Fri, Feb 05, 2021 at 05:11:31PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Fri, 2021-02-05 at 08:38 -0800, Benjamin Kaduk wrote:
> > All upstream openafs releases from the 1.8.x series, prior to 1.8.7,
> > contain a "time bomb" bug tha
On Wed, Feb 03, 2021 at 01:05:38PM -0800, Benjamin Kaduk wrote:
> >
> > Do you still have this on your radar? While as discussed this is not a
> > DSA candidate a fix can be released out of order from a point release
> > via the stable-updates mechanism, and t
gelog 2021-01-26 20:13:14.0 -0800
@@ -1,3 +1,10 @@
+openafs (1.8.2-1+deb10u1) buster; urgency=high
+
+ * Pull in upstream patches to fix outgoing connections after unix
+epoch time 0x6000 (Closes: #980115, #980116)
+
+ -- Benjamin Kaduk Tue, 26 Jan 2021 20:13:14 -0800
+
Hi Salvatore,
On Wed, Feb 03, 2021 at 09:39:25PM +0100, Salvatore Bonaccorso wrote:
> HI Benjamin,
>
> On Mon, Jan 18, 2021 at 07:19:14PM -0800, Benjamin Kaduk wrote:
> > On Mon, Jan 18, 2021 at 06:04:39PM +, Jeremy Stanley wrote:
> > > Thanks for pulling this i
On Mon, Jan 18, 2021 at 06:04:39PM +, Jeremy Stanley wrote:
> Thanks for pulling this into unstable and testing! Is there any work
> in progress to fix it in stable as well? I took a quick peek in
> Salsa and didn't see any merge requests or an obvious branch for
> Buster's 1.8.2 (just the
Package: openafs-client
Version: 1.8.2-1
Severity: grave
Control: clone -1 -2
Control: reassign -2 openafs-fileserver
The Rx RPC stack requires a connection identifier for each new connection a
system initiates. In 2014 support to generate the initial identifier
randomly was added to the core Rx
Hi Robert,
On Mon, Oct 26, 2020 at 07:08:41PM +0100, Robert Senger wrote:
> Package: openafs-modules-dkms
> Version: 1.8.6-3
> Severity: serious
> Tags: ftbfs
> Justification: fails to build from source (but built successfully in the past)
>
> DKMS fails to build module on bullseye with kernel
tags 970258 fixed-upstream
thanks
On Wed, Sep 16, 2020 at 09:27:30AM +0200, Malte Eggers wrote:
> I'm (unsurprisingly) experiencing the same problem on sid. This appears to be
> the relevant section of the make.log
Indeed, this is not surprising -- the patches for kernel 5.8 compatibility
On Tue, Sep 01, 2020 at 03:43:37PM +0100, Jose M Calhariz wrote:
> Package: openafs-client
> Version: 1.8.6-1~dsi10+1
> Severity: normal
>
> I am using a private backport of openafs from testing. On this server I
> am getting multiples strange errors about openafs cache. This server
> is
Hi Jose,
Sorry that I missed this when it first came in.
A couple notes inline, if you still remember much about the original
report...
On Sat, Aug 08, 2020 at 06:32:07PM +0100, Jose M Calhariz wrote:
> Package: openafs-client
> Version: 1.8.6-1~dsi10+1
> Severity: normal
>
> Hi,
>
> I have
tags 926321 moreinfo
thanks
On Sat, Apr 06, 2019 at 10:10:57AM -0500, Benjamin Kaduk wrote:
> Hi Paul,
>
> On Wed, Apr 03, 2019 at 01:06:08PM +0100, Paul Martin wrote:
> > Source: openafs
> > Version: 1.6.20-2+deb9u2
> > Severity: normal
> > Tags: patch, ftbfs,
tags 966881 fixed-upstream
thanks
On Mon, Aug 03, 2020 at 10:04:57AM +0200, Lucas Nussbaum wrote:
> Source: openafs
> Version: 1.8.6-1
> Severity: serious
> Justification: FTBFS on amd64
> Tags: bullseye sid ftbfs
> Usertags: ftbfs-20200802 ftbfs-bullseye
>
> Hi,
>
> During a rebuild of all
tags 964027 pending fixed-upstream
thanks
On Tue, Jun 30, 2020 at 12:48:41PM -0400, Ryan Kavanagh wrote:
> Package: openafs-modules-dkms
> Version: 1.8.6~pre1-3
> Severity: grave
> Justification: package is not compatible with the current kernel
>
> The package cannot successfully be installed
On Thu, Apr 30, 2020 at 03:40:30AM +0100, peter green wrote:
> On 29/04/2020 17:47, Jochen Sprickerhof wrote:
> >
> > What I found up to now:
> >
> > - pkg-config=0.29.2-1:
> >
> > $ pkg-config --cflags-only-I libzmq
> > -isystem /usr/include/mit-krb5 -I/usr/include/pgm-5.2
> >
> > - Whereas
severity 956358 important
tags 956358 + moreinfo
thanks
On Fri, Apr 10, 2020 at 11:30:10AM +0300, Adrian Bunk wrote:
>
> https://piuparts.debian.org/sid/source/o/openafs.html
>
> ...
> Loading new openafs-1.8.6pre1 DKMS files...
> It is likely that 4.19.0-8-amd64 belongs to a chroot's host
On Sat, Feb 29, 2020 at 02:17:49PM +0100, Beatrice Torracca wrote:
> Package: openafs
> Severity: wishlist
> Tags: patch l10n
>
> Hi.
>
> Please find attached the Italian translation of openafs debconf messages
>
>
> Please include it in your next upload.
Thanks, Beatrice, I will do so.
-Ben
On Sun, Feb 09, 2020 at 09:53:26AM +, Witold Baryluk wrote:
> Package: openafs
> Followup-For: Bug #948307
>
> Dear Maintainer,
>
> The 1.8.5-1 fails to compile with kernel 5.3.0-2-amd64:
>
> Setting up openafs-modules-dkms (1.8.5-1) ...
> Loading new openafs-1.8.5 DKMS files...
> It is
On Tue, Dec 10, 2019 at 03:03:02PM +0100, Frédéric Bonnard wrote:
> Package: src:openafs
> Version: 1.8.5-1
>
> --
>
> Dear maintainer,
> thanks for enabling ppc64el. It seems some more changes are needed for
> openafs to build properly :
>
On Tue, Dec 10, 2019 at 01:19:11PM +0100, Andreas Beckmann wrote:
> Please check my reply on #946497 which is about the same problem in
> zfs-dkms. Perhaps both of you find a solution that will work for the two
> packages.
Thanks for the pointer.
I think that having dkms set CC/etc.
Hi Andreas,
On Tue, Nov 26, 2019 at 02:38:21AM +0100, Andreas Beckmann wrote:
> Package: openafs-modules-dkms
> Version: 1.8.5-1
> Severity: serious
> Tags: ftbfs
> Justification: fails to build from source
> User: debian...@lists.debian.org
> Usertags: piuparts
>
> Hi,
>
>
On Thu, Oct 03, 2019 at 03:03:55PM +0200, Frédéric Bonnard wrote:
> Package: src:openafs
> Version: 1.8.4~pre1-1
>
> --
>
> Dear maintainer,
> is there any reason that openafs isn't built on ppc64el(maybe linux-any) ?
> I tested on ppc64el and with minor modifications (arch verifications in
>
On Sun, Aug 25, 2019 at 10:04:30PM -0400, Aaron M. Ucko wrote:
> Package: openafs-modules-source
> Version: 1.8.4~pre1-1
> Severity: normal
>
> Attempting to build modules from openafs-modules-source (or,
> presumably, -dkms) with ctfutils installed fails because the build
> system tries to use
severity 934758 important
tags 934758 + fixed-upstream pending
thanks
On Wed, Aug 14, 2019 at 09:53:40AM -0400, Ryan Kavanagh wrote:
> Package: openafs-modules-dkms
> Version: 1.8.2-1
> Severity: grave
> Justification: renders package unusable
>
> The openafs DKMS module fails to build for Linux
On Thu, Aug 08, 2019 at 03:16:31PM +0200, Arne Nordmark wrote:
> Package: openafs-fileserver
> Version: 1.8.2-1
> Severity: normal
>
> The stanza
>
> if [ -r /etc/openafs/server/rxkad.keytab ] ; then
> akeyconvert
> fi
>
> in the postinst will fail if openafs-krb5 is not installed or is of
On Tue, Jul 23, 2019 at 12:09:29PM -0700, Felix Lechner wrote:
> On Tue, Jul 16, 2019 at 8:07 AM Greg Hudson wrote:
> >
> > Candidate patch here:
>
> Thank you. The update works great, although I now have problems with
> idmap not working on a kerberized NFSv4 mount.
>
> I write with
On Fri, Jul 05, 2019 at 07:25:26PM +0300, Martin-Éric Racine wrote:
> It is very much expected to be resolved.
Expected by whom?
> Please see:
>
> https://manpages.debian.org/wheezy/dpkg/dpkg-maintscript-helper.1.en.html
I read most of this; it gives some general guidance that conffiles should
On Wed, Jul 10, 2019 at 04:05:39PM -0400, Sam Hartman wrote:
> Hi.
> In krb5 1.17-4, DES is entirely removed.
>
> src/aklog/aklog.c makes it look like openafs still requires
> des-cbc-crc. If so, please upgrade this bug to RC.
> Kaduk thinks that's probably not the case though.
>
> If not,
On Fri, Jul 05, 2019 at 06:35:20PM +0300, Martin-Éric Racine wrote:
>
> This issue is still not resolved in Buster, which is scheduled to become the
> new STABLE release tomorrow.
To me the bug history implies that it is not expected to be resolved, ever.
Do you think otherwise? If so, what
Hi Paul,
On Wed, Apr 03, 2019 at 01:06:08PM +0100, Paul Martin wrote:
> Source: openafs
> Version: 1.6.20-2+deb9u2
> Severity: normal
> Tags: patch, ftbfs, stretch
>
> It would be nice if openafs were to be available on ARM64 architecture
> in Debian Stretch and Ubuntu Bionic.
>
> The
On Fri, Oct 05, 2018 at 08:01:04AM +0800, Paul Wise wrote:
>
> The recent upgrade did not deal with obsolete conffiles properly.
> Please use the dpkg-maintscript-helper support provided by
> dh_installdeb to remove these obsolete conffiles on upgrade.
>
>
I think I am experiencing the same issue as Thomas Maaß, though I am
not convinced that it is the same behavior as the initial report.
Namely, sometimes the display does not turn on when light-locker should be
prompting for a password (I think I have seen this both when returning from
hibernation
On Tue, Sep 11, 2018 at 10:02:20PM +0200, Salvatore Bonaccorso wrote:
> Hey!
>
> On Tue, Sep 11, 2018 at 02:30:51PM -0500, Benjamin Kaduk wrote:
> > Source: openafs
> > Version: 1.6.9-2+deb8u7
> > Tags: security
> > Severity: serious
> >
> > OpenA
Source: openafs
Version: 1.6.9-2+deb8u7
Tags: security
Severity: serious
OpenAFS upstream released security releases 1.6.23 and 1.8.2 today, fixing:
http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt
http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt
(ditto)
On Wed, May 30, 2018 at 11:18:11AM -0500, Benjamin Kaduk wrote:
> (resetting autoremoval timer)
>
> On Fri, May 11, 2018 at 12:44:01PM -0500, Benjamin Kaduk wrote:
> > ping?
> >
> > I cannot reproduce locally either on bare metal or in schroot.
> >
(resetting autoremoval timer)
On Fri, May 11, 2018 at 12:44:01PM -0500, Benjamin Kaduk wrote:
> ping?
>
> I cannot reproduce locally either on bare metal or in schroot.
>
> -Ben
>
> On Fri, May 04, 2018 at 09:15:51AM -0500, Benjamin Kaduk wrote:
> > Hi Lucas,
&g
ping?
I cannot reproduce locally either on bare metal or in schroot.
-Ben
On Fri, May 04, 2018 at 09:15:51AM -0500, Benjamin Kaduk wrote:
> Hi Lucas,
>
> On Wed, May 02, 2018 at 10:52:53PM +0200, Lucas Nussbaum wrote:
> >
> > During a rebuild of all packages in sid
On Tue, May 08, 2018 at 09:28:08AM -0400, Sam Hartman wrote:
> Benjamin> Now, we have getrandom(), which is a great API and is
> Benjamin> pretty much exactly what you want (again, at least in this
> Benjamin> worldview). IIUC Ted says that you should "just use
> Benjamin>
On Mon, May 07, 2018 at 05:10:27PM +0100, Ben Hutchings wrote:
> On Mon, 2018-05-07 at 11:57 -0400, Sam Hartman wrote:
>
> There are basically three "strengths" of random numbers available now:
>
> Weak: /dev/urandom
> Medium: getrandom(flags=0)
> Strong: /dev/random,
On Sun, May 06, 2018 at 07:05:56PM -0700, Russ Allbery wrote:
> Benjamin Kaduk <ka...@mit.edu> writes:
> > On Sun, May 06, 2018 at 08:43:13PM +0100, Ben Hutchings wrote:
> >> On Sun, 2018-05-06 at 14:02 -0500, Benjamin Kaduk wrote:
>
> >>> Arguably mor
On Sun, May 06, 2018 at 08:43:13PM +0100, Ben Hutchings wrote:
> On Sun, 2018-05-06 at 14:02 -0500, Benjamin Kaduk wrote:
> > Hi Ben,
> >
> > On Sun, May 06, 2018 at 06:56:08PM +0100, Ben Hutchings wrote:
> > > I've cloned this bug as #898073 and reassigned t
Hi Ben,
On Sun, May 06, 2018 at 06:56:08PM +0100, Ben Hutchings wrote:
> I've cloned this bug as #898073 and reassigned that to krb5.
>
> krb5 is using the new(ish) getrandom() system call to read random bits,
> with the code comment "This ensures strong randomness while only
> blocking during
Hi Lucas,
On Wed, May 02, 2018 at 10:52:53PM +0200, Lucas Nussbaum wrote:
>
> During a rebuild of all packages in sid, your package failed to build on
> amd64.
>
> Relevant part (hopefully):
> > rx/perf.ok
> > volser/vos-man..ok
> > volser/vos..FAILED 5
> >
On Sun, Feb 18, 2018 at 08:18:48PM +, Adam D. Barratt wrote:
> Control: tags -1 + pending
>
> Uploaded and flagged for acceptance.
Thanks!
> On a side note, the diff as uploaded reverts a couple of bug closures
> from the previous security upload:
>
> openafs (1.6.9-2+deb8u6)
On Thu, Jan 25, 2018 at 09:21:48AM -0800, deb...@lewenberg.com wrote:
>
> The patch you provide works fine with jessie and the 1.6.9 source
> packages. However, I cannot get it to work with wheezy.
>
> I compile the openafs source package against wheezy and the compilation
> completes without
The SRU request for jessie is in #887857.
I don't think there is a way to get a fix into jessie-backports, so
I think we will need to remove openafs-modules-source and
openafs-modules-dkms from jessie-backports and pull the version from
buster into jessie-backports-sloppy (which will be a trip
-proposed-updates; urgency=high
+
+ * Apply upstream patches needed to fix kernel module build against
+linux 3.16.51-3+deb8u1 kernels after security update-induced ABI changes.
+(Closes: #886719)
+
+ -- Benjamin Kaduk <ka...@mit.edu> Sat, 20 Jan 2018 11:48:09 -0600
+
openafs (1
Hi Erik
On Fri, Jan 19, 2018 at 08:46:11PM +0100, Pfannenstein Erik wrote:
> Hi Ben,
>
> thanks for pointing this out, but I can't find any changes between the
> revision I attached to my report and 1.8.0-pre4 (apart from the ones I made).
Oh, sorry for making you do the extra work, but thanks
On Thu, Jan 18, 2018 at 10:24:40PM +0100, Pfannenstein Erik wrote:
> Package: openafs
> Version: 1.6.21-3
Thanks for the update. We did recently take a big update, to
1.8.0~pre4-1, if you have a chance to look at the changes it
introduced.
-Ben
signature.asc
Description: PGP signature
On Sun, Jan 14, 2018 at 06:45:08PM +, Debian Bug Tracking System wrote:
> Processing commands for cont...@bugs.debian.org:
>
> > severity 886768 serious
Could you say a bit more about why you feel that all binary packages
from src:openafs should be subject to autoremoval when only the
reassign 887018 src:openafs
severity 887018 important
merge 886719 887018
retitle 886719 meltdown/spectre kernel (old)stable-security kernel breaks
openafs module
thanks
On Fri, Jan 12, 2018 at 09:29:52AM -0600, Chad Seys wrote:
> Package: openafs-modules-dkms
> Version: 1.6.18.2-1~bpo8+1
>
Hi folks,
Thanks for all the interest and proposed patches.
I just want to note that the openafs fix will need to go through as
a SRU (Stable Release Update), which requires preapproval from the
stable release managers, and will not actually appear in
stable/oldstable until the next point
On Tue, Jan 09, 2018 at 02:40:23PM -0800, Adam Lewenberg wrote:
> Package: openafs-modules-dkms
> Version: 1.6.9-2+deb8u4~bpo70+1
> Severity: important
>
> After upgrading wheezy kernel to 3.2.0-5-amd64 openafs-modules-dkms could not
> rebuild
> OpenAFS kernel module.
>
> Here is the error
Hi Aaron,
On Mon, Jan 08, 2018 at 08:14:11PM -0500, Aaron M. Ucko wrote:
> Source: openafs
> Version: 1.8.0~pre4-1
> Severity: important
> Tags: upstream
> Justification: fails to build from source (but built successfully in the past)
> User: debian-al...@lists.debian.org
> Usertags: alpha
>
>
On Sun, Dec 17, 2017 at 04:28:36PM +0100, Yves-Alexis Perez wrote:
> On Sat, 2017-12-16 at 09:40 -0600, Benjamin Kaduk wrote:
> > After my latest upgrade/reboot, the behavior of lightdm has changed.
> > Previously, on fresh boot and lock screen I would be
> > presented wit
Package: lightdm-gtk-greeter
Version: 2.0.3-1
After my latest upgrade/reboot, the behavior of lightdm has changed.
Previously, on fresh boot and lock screen I would be
presented with a username/password entry dialog with empty username,
empty password, and focus on username. The new behavior has
On Thu, Dec 14, 2017 at 08:38:49PM -0500, Aaron M. Ucko wrote:
> Source: openafs
> Version: 1.6.22-2
> Severity: important
> Tags: upstream
>
> Thanks for looking into #884276. The module now builds successfully,
> but encounters an Oops on load, as detailed below. The issue appears
> to be
tags 884276 pending upstream fixed-upstream
thanks
Hi Andreas,
Upstream has a fix queued, but it got bumped by last week's security
release (1.6.22) and the release containing it is not out yet.
But it's easy enough to pull the patches in locally until that
happens.
Thanks,
Ben
tags 883916 pending
thanks
Hi Lev,
On Sat, Dec 09, 2017 at 03:25:12PM +0500, Lev Lamberov wrote:
>
> Dear Maintainer,
>
> please find attached the updated Russian debconf translation for openafs.
Thanks! I've put it into our version control so it should appear in
the next upload.
-Ben
Source: openafs
Version: 1.6.1-3+deb7u7
Tags: security upstream fixed-upstream pending
Severity: important
Upstream OpenAFS released security advisory OPENAFS-SA-2017-001
today; insufficient validation of data contained in Rx ack packets
leads to the use of an invalid MTU value, ultimately
On Sun, Nov 19, 2017 at 07:07:45PM -0500, Sam Hartman wrote:
>
> Why do you want to replace krb5-config with pkg-config?
> That seems like a good option if we can sell upstream on the idea, but
> something requiring more thought otherwise.
I believe we can consider upstream sold.
pkg-config is
On Mon, Nov 13, 2017 at 10:51:10AM -0800, Russ Allbery wrote:
>
> I'm not sure how best to fix this other than no longer using krb5-config
> and shipping a pkgconfig script or something. One could move the
> krb5-config script into an architecture-specific directory, but that just
> moves the
On Sun, Oct 29, 2017 at 01:02:56PM +0100, Salvatore Bonaccorso wrote:
> Hi
>
> On Fri, Oct 27, 2017 at 08:25:04PM -0500, Benjamin Kaduk wrote:
> > I think upstream actually did the backport earlier today, already.
>
> I retitled the bug (Red Hat has assigned a CVE f
I think upstream actually did the backport earlier today, already.
-Ben
tags 871698 upstream pending
thanks
Upstream has committed a patch to use dynamic allocation to master at
https://github.com/krb5/krb5/pull/707 .
The backport is not entirely trivial, but we should be able to get
a version in (whether our own or upstream's) fairly soon.
-Ben
Just noting that David Benjamin has put together a pull request for upstream
at https://github.com/nodejs/node/pull/16130 .
-Ben
I am inclined to just put it in unstable and not backport, but
created the bug to see if the security team felt otherwise.
If you look at the pull request history for the upstream commit,
it seems that it was languishing there for a while before getting
merged, as well.
-Ben
Package: libgssapi-krb5-2
Version: 1.15-1
Tags: security
Upstream has committed a change that causes libgssapi-krb5 to not
automatically free a security context when an error is encountered on
the second or subsequent call to gss_init_sec_context() or
gss_accept_sec_context(), as this is
On Mon, Jul 17, 2017 at 04:35:24PM +1000, Paul Wise wrote:
>
> Sounds like a file that should not have been placed in /etc and
> should be removed from /etc during upgrades.
Some further discussion about the role of this file is in #861218
On Sun, Jul 16, 2017 at 12:53:18PM +1000, Paul Wise wrote:
> On Wed, 12 Jul 2017 04:53:35 -0400 Sam Hartman wrote:
>
> > I'm not actually sure I particularly want it removed from the system.
>
> Policy indicates that old conffiles should be removed on upgrade:
It's not really clear that this
On Mon, Jun 26, 2017 at 12:08:29PM -0500, Benjamin Kaduk wrote:
>
> This does seem likely to be an issue with the systemd integration, yes.
> (Not using the weekly restarts, I didn't observe it in testing.)
>
> Thanks for the report; I'll take a look.
It seems that any ReBozo
On Mon, Jun 26, 2017 at 09:26:01AM +0200, Arne Nordmark wrote:
> Package: openafs-fileserver
> Version: 1.6.20-2
> Severity: normal
>
> Dear Maintainer,
>
> This Sunday morning, the bosserver process on all stretch machines was found
> to have stopped.
>
[snip]
>
> The reason why a
On Wed, May 24, 2017 at 11:44:12AM -0700, Russ Allbery wrote:
>
> Kai Wohlfahrt writes:
>
> > Package: kstart
> > Version: 4.2-1
> > Severity: important
> > Tags: upstream
>
> > Dear Maintainer,
>
> > The k5start program repeats attempts to contact the KDC server if it
On Tue, May 02, 2017 at 10:12:35AM +0100, Rowland Penny wrote:
>
> Samba is moving to MIT kerberos instead of Heimdal. Unless the version of MIT
> is raised to 1.15.1, it will become impossible to create an AD DC on Debian
> when Samba 5.0.0 is released and that may be sooner than you think.
>
It seems like an /etc/gss/mech.d/README-- (or similar)
would alleviate the technical problems with having a single file
named README, and would be glob-able for consuming software that is
adapted to know about a broader convention. It would, of course, be
slightly confusing to users even if there
Hi Helmut,
On Wed, Apr 26, 2017 at 06:52:58AM +0200, Helmut Grohne wrote:
> Package: libgssapi-krb5-2
> Version: 1.15-1
> Severity: serious
> Justification: violates policy section 8.2
>
> libgssapi-krb5-2 is a shared library package and contains
> /etc/gss/mech.d/README. The latter filename
On Sat, Apr 01, 2017 at 02:30:22AM +0300, Timo Aaltonen wrote:
> Package: krb5-otp
> Severity: wishlist
>
> Hi,
>
> Freeipa server includes a socket-activated daemon for OTP, and it
> listens to {/var}/run/krb5kdc/DEFAULT.socket. But /run/krb5kdc is not
> available, so AIUI it should be created
On Fri, Feb 17, 2017 at 11:21:49AM +0100, Sergio Gelato wrote:
> I'm testing the attached patch. So far it seems to work, although it should
> really be reviewed by someone more familiar with kernel development history.
>
> (I looked at the implementation of file_dentry() in 4.6 and simplified
>
This bug report has been quiet for some time; does that imply that the
status quo is that I should assume that de facto I can only use the
toplevel NEWS.Debian and not binary-package-specific NEWS files?
I ask because openafs is putting out a new major release (currently
in experimental) and the
1 - 100 of 308 matches
Mail list logo