Hi,
On Wed, 06 Nov 2024 at 09:31:36 +0900, Charles Plessy wrote:
> So if you know a good way to enable debci to provide the needed locale
> to debci, please let me know.
I believe that the thread starting with
https://lists.debian.org/msgid-search/yqgfe7ef7wux9...@torres.zugschlus.de
was for test
On Mon, 04 Nov 2024 at 17:43:07 +, Tj wrote:
> This really is not an lvm problem; lvm never should try to activate an
> incomplete volume group especially if some of the logical volumes span
> the physical volume that is missing - and that is the case here due to
> the cryptroot hook script not
Control: unarchive 1018730
Control: reassign -1 lvm2 2.03.15-1
Control: forcemerge 1018730 -1
Control: affects -1 cryptsetup-initramfs
On Sun, 03 Nov 2024 at 20:25:18 +, Tj wrote:
> As a result VG fails to activate.
That's https://bugs.debian.org/1034836#75 . You can use the ‘initramfs’
cryp
Control: tag -1 unreproducible moreinfo
On Thu, 12 Sep 2024 at 20:12:17 +0200, Paweł Bogusławski wrote:
> if one creates /etc/initramfs-tools/scripts/local-top/crypti, crypti
> won't be called before cryptroot on boot.
Works here, on bookworm as well as sid systems. Which files do you have in
sc
On Tue, 10 Sep 2024 at 13:40:06 +0200, Alexandre Rossi wrote:
>>> Bug #1076420 [src:uwsgi] uwsgi: move away from cdbs
>>> […]
>>> Added blocking bug(s) of 1076420: 1078557
>>
>> Wrong bug number? #1078557 is for a leaf package and has nothing to do
>> with uwsgi or CDBS.
>
> Sorry for that, fixing
Control: unblock 1076420 by 1078557
On Tue, 10 Sep 2024 at 11:33:07 +, Debian Bug Tracking System wrote:
> Processing commands for cont...@bugs.debian.org:
>> block 1076420 by 1078557
> Bug #1076420 [src:uwsgi] uwsgi: move away from cdbs
> […]
> Added blocking bug(s) of 1076420: 1078557
Wrong
Hi,
On Sat, 31 Aug 2024 at 15:14:42 +, Johannes Berg wrote:
> Since I have four devices with the same passphrase (they end
> up building a btrfs array, so they're all needed), it'd be
> nice to (try) using the passphrase for the first, so I don't
> have to enter it four times.
See /usr/share/
Hi Paul,
On Sun, 25 Aug 2024 at 09:56:59 +0200, Paul Gevers wrote:
> Well, if those are currently only run on amd64 and i386, it might be worth
> indeed to stop marking them flaky and only run on amd64 (or mark them
> skippable and only "exit 77" on i386 on failure, such that failure on amd64
> is
On Sat, 24 Aug 2024 at 21:25:03 +0200, Paul Gevers wrote:
> On 24-08-2024 20:53, Guilhem Moulin wrote:
>> Awesome, thanks! Right now these tests have “Architecture: amd64 i386”,
>> is the runner able to run i386 too or should I remove it from the list?
>
> Tests with isolat
On Sat, 24 Aug 2024 at 19:16:01 +0200, Paul Gevers wrote:
> On 24-08-2024 19:10, Guilhem Moulin wrote:
>> Great news that would be much appreciated, thanks!
>
> Done.
>
> I triggered a migration-reference/0 run in testing.
Awesome, thanks! Right now these tests have “Arc
Hi Paul,
On Sat, 24 Aug 2024 at 17:50:22 +0200, Paul Gevers wrote:
> On Sun, 04 Aug 2024 22:19:30 + Debian FTP Masters
> wrote:
>> * DEP-8: Mark cryptroot-* as flaky. To be re-evaluated if/when the
>> tests only run on environment where KVM is available. (Closes: #1073052)
>
> On amd64 we
Control: tag -1 moreinfo
Hi,
On Fri, 23 Aug 2024 at 13:22:01 +1200, jfp wrote:
> I get the decrypt prompt on the console, I enter the passphrase then the boot
> continues.
You enter the passphrase a local console not from an SSH client right?
Note that if you don't need remote unlocking you can
On Mon, 19 Aug 2024 at 22:40:32 -0400, briag...@disroot.org wrote:
> I tried again on a new machine. I was able to reproduce the issue by
> following the steps I outlined before. I then did a full reinstall - but
> this time after switching to the sid repos and running full-upgrade I
> installed sy
On Mon, 19 Aug 2024 at 15:01:38 -0400, Brian Smith wrote:
> I decided to do a fresh install to diagnose the issue. I grabbed the latest
> mini.iso and did a fresh install with encryped LVM. I was able to boot with no
> issues. I then updated my apt sources to point to sid instead of trixie and
> r
Hi,
On Thu, 15 Aug 2024 at 22:03:26 +, Einhard Leichtfuß wrote:
> when exporting an addressbook via the Roundcube web UI ("Export all"),
> any group without members is silently ignored.
Looks like this issue and the others 3 you just reported are upstream
issues, please report them at the ups
Package: autopkgtest
Version: 5.39
Severity: normal
Tags: patch
Hi,
It appears that running autopkgtest-build-qemu on a sid system produces
unbootable images for bullseye LTS and older suites.
AFAICT that's because autopkgtest-build-qemu creates the guest's root
filestem using the host's mkfs.ex
> $ pullimap --debug SECTION
> No such directory: /home/user/.local/share at
> /usr/share/perl5/Net/IMAP/InterIMAP.pm line 102.
>
> If you need a certain directory and it does not exist... create it?
Per the XDG Base Directory Specification $XDG_DATA_HOME/pullimap (or
~/.local/share/pullimap if X
Package: roundcube-core
Version: 1.6.8+dfsg-1
Severity: normal
Tags: upstream pending
Control: found -1 1.6.5+dfsg-1+deb12u3
Control: forwarded -1 https://github.com/roundcube/roundcubemail/issues/9571
The upstream fix for CVE-2024-42008 (from 1.6.8 and backported to
1.6.5+dfsg-1+deb12u3)
sets a
Source: roundcube
Version: 1.6.7+dfsg-1
Severity: important
Found: -1 1.4.15+dfsg.1-1+deb11u3
Found: -1 1.6.5+dfsg-1+deb12u2
Tags: upstream security
Roundcube webmail upstream has recently released 1.6.8 [0] which fixes
the following vulnerabilities:
* CVE-2024-42008: XSS vulnerability in servin
: #1066058)
+ * Fix CVE-2024-2494: Missing check for negative array lengths in RPC server
+de-serialization routines. (Closes: #1067461)
+ * Fix CVE-2024-2496: NULL pointer dereference in the
+udevConnectListAllInterfaces() function.
+
+ -- Guilhem Moulin Tue, 30 Jul 2024 21:35:28 +0200
Hi,
On Fri, 12 Jul 2024 at 15:05:03 +, Mark Brandis wrote:
> the computer boots from an encrypted partition which works fine. During
> startup an additional NVMe is mounted decrypted via crypttab and then
> mounted to /data.
>
> This no longer works. I have to login as root and execute the fol
On Tue, 09 Jul 2024 at 14:20:59 +0200, Guilhem Moulin wrote:
> On Sat, 29 Jun 2024 at 15:52:49 +0200, Lee Garrett wrote:
>> Hi Guilhem, could you give quick feedback on this? I'm also happy to prepare
>> a NMU for bookworm if you can't find the time for it.
>
>
when the
+‛-k’ flag (or ‛no-port-forwarding’ authorized_keys(5) restriction) was
+used. (Closes: #1069768)
+
+ -- Guilhem Moulin Tue, 09 Jul 2024 15:51:42 +0200
+
dropbear (2020.81-3+deb11u1) bullseye; urgency=medium
* Fix CVE-2021-36369: Due to a non-RFC-compliant check of the
+‛-k’ flag (or ‛no-port-forwarding’ authorized_keys(5) restriction) was
+used. (Closes: #1069768)
+
+ -- Guilhem Moulin Tue, 09 Jul 2024 14:22:02 +0200
+
dropbear (2022.83-1+deb12u1) bookworm; urgency=medium
* Fix CVE-2023-48795: (terrapin attack): The SSH transport protocol with
On Sat, 29 Jun 2024 at 15:52:49 +0200, Lee Garrett wrote:
> Hi Guilhem, could you give quick feedback on this? I'm also happy to prepare
> a NMU for bookworm if you can't find the time for it.
In my view this issue doesn't warrant an (o)s-pu upload on its own, but
the fix is trivial so I can do it
Hi Sakari,
On Fri, 05 Jul 2024 at 08:23:56 +, Sakari Ailus wrote:
> The removal of the intermediate certificates (or not including the current
> ones) however is an issue as the server using the issued certificate still
> needs to provide them to the clients.
The path pointed to by ‛certifica
nment.
+ * d/gbp.conf: Set 'debian-branch = debian/bookworm'.
+
+ -- Guilhem Moulin Fri, 14 Jun 2024 01:20:13 +0200
+
lacme (0.8.2-1) unstable; urgency=medium
* New upstream bugfix release.
diff -Nru lacme-0.8.2/debian/gbp.conf lacme-0.8.2/debian/gbp.conf
--- lacme-0.8.2/debian/gbp.conf 2023-
nst current Let's Encrypt staging environment.
+
+ -- Guilhem Moulin Thu, 13 Jun 2024 19:19:07 +0200
+
lacme (0.8.0-2+deb11u1) bullseye; urgency=medium
* client: Handle "ready" → "processing" → "valid" status change during
diff -Nru lacme-0.8.0/debian/patche
+ * Non-maintainer upload.
+ * Fix CVE-2024-3651: Specially crafted inputs to idna.encode() can consume
+significant resources, which may lead to denial of service.
+(Closes: #1069127)
+
+ -- Guilhem Moulin Thu, 30 May 2024 14:31:22 +0200
+
python-idna (3.3-1) unstable; urgency=medium
ency=high
+
+ * Non-maintainer upload.
+ * Fix CVE-2024-3651: Specially crafted inputs to idna.encode() can consume
+significant resources, which may lead to denial of service.
+(Closes: #1069127)
+
+ -- Guilhem Moulin Thu, 30 May 2024 13:49:43 +0200
+
python-idna (2.10-1) unstable; urgenc
Package: lacme
Version: 0.8.2-1
Severity: grave
Justification: renders package unusable
Let's Encrypt has recently rotated its intermediate certificates [0].
The previous intermediate certificates (lets-encrypt-r[34].pem and
lets-encrypt-e[12].pem) are concatenated along side the roots
(isrgrootx1
On Mon, 03 Jun 2024 at 00:14:39 +0100, Luca Boccassi wrote:
> On Mon, 3 Jun 2024 at 00:09, Guilhem Moulin wrote:
>> On Sun, 02 Jun 2024 at 23:35:57 +0100, Luca Boccassi wrote:
>>> I gather the initramfs scripts are not calling a deferred close after
>>> mounting the r
On Sun, 02 Jun 2024 at 23:35:57 +0100, Luca Boccassi wrote:
> Yes, the purpose of the option is to leave that device alone, as it
> cannot be closed from the host os, as programs will be running from
> it.
It doesn't leave the device alone though as it still tries to detach it.
> I gather the ini
Control: tag -1 = pending
Hi,
On Mon, 27 May 2024 at 23:32:13 +0100, Luca Boccassi wrote:
> Please consider applying the same change in the initramfs-tools
> cryptsetup scripts, so that x-initrd.attach is recognized (and no
> warning is printed), and so that it is added if missing. Thanks.
While
Source: roundcube
Version: 1.6.6+dfsg-2
Severity: important
Control: found -1 1.6.5+dfsg-1~deb12u1
Control: found -1 1.4.15+dfsg.1-1~deb11u2
Control: found -1 1.3.17+dfsg.1-1~deb10u5
Tags: security upstream
Roundcube webmail upstream has recently released 1.6.7 [0] which fixes
the following vulner
Hi,
On Tue, 16 Apr 2024 at 21:35:22 +0200, Salvatore Bonaccorso wrote:
> The following vulnerability was published for python-idna.
>
> CVE-2024-3651[0]:
> | potential DoS via resource consumption via specially crafted inputs to
> | idna.encode()
I'm preparing an update for this issue for Buster
Control: tag -1 pending
Hi,
On Tue, 26 Mar 2024 at 13:44:28 +0100, Simon Chopin wrote:
> interimap is packing structs that are sensible to the time_t transition.
> Please see the attached debdiff as a *very* crude attempt to fix it in
> Ubuntu. I'm hoping it'll be possible to come up with a neate
Package: release-notes
Severity: wishlist
Hi,
cryptsetup 2:2.7.0~rc0-1 has a backward incompatible change for plain
mode when relying on defaults cipher and password hashing algorithm.
The change affects users upgrading from bookworm to trixie. Plain mode
is generally advised against but it sti
Hi Tomasz,
On Fri, 5 Apr 2024 at 01:11:41 +0200, Tomasz Buchert wrote:
> Looking into older versions and appropriately patching them will take
> more time.
I'm preparing an update for this issue for Buster LTS and can hand
tested debdiffs over to the Security Team for newer suites if you'd
like.
On Sat, 27 Apr 2024 at 02:07:21 +0200, Christoph Anton Mitterer wrote:
> So you say it's a glibc thingy, that this doesn't show up anymore?
Yup, that's what I wrote https://bugs.debian.org/1032235#97
| It was intentional, see the article
|
https://developers.redhat.com/articles/2021/12/17/why-gl
Hi,
On Sat, 27 Apr 2024 at 00:33:51 +0200, Christoph Anton Mitterer wrote:
> Now the problem is that argon2 is statically linked, so there's no
> libpthread showing up in its ldd, and thus copy_exec doesn't realise it
> needs to invoke copy_libgcc.
Even it weren't, libpthread wouldn't show up sin
Control: reassign -1 dropbear-bin 2022.83-1+deb12u1
Control: retitle -1: The 'no-agent-forwarding' key restriction disables server
alive message support
Control: tag -1 upstream
On Wed, 24 Apr 2024 at 18:38:26 +0200, Guilhem Moulin wrote:
> On Wed, 24 Apr 2024 at 17:10:57 +0200, G
Control: tag -1 - moreinfo unreproducible
On Wed, 24 Apr 2024 at 17:10:57 +0200, Guilhem Moulin wrote:
>> It should be trivially reproducible by running `ssh -o ServerAliveCountMax=3
>> -o ServerAliveInterval=1 root@yourdropbearserver`. The client should then
>> disconne
On Wed, 24 Apr 2024 at 16:32:09 +0200, Lee Garrett wrote:
> Although the dropbear man page is not explicit, I'm assuming it refers to
> TCP keepalive.
I think this assumption is incorrect:
https://sources.debian.org/src/dropbear/2024.84-1/src/common-session.c/#L497
> It should be trivially reprod
Control: tag -1 unreproducible moreinfo
Hi,
On Wed, 24 Apr 2024 at 14:42:43 +0200, Lee Garrett wrote:
> After some debugging, it turns out that ServerAliveInterval != 0 will cause
> the
> ssh client to reset the connection, which dropbear will count as unlock
> attempt,
> and after three tries
Hi Chris,
On Mon, 22 Apr 2024 at 01:43:26 +0200, Chris Hofstaedtler wrote:
> I've prepared an NMU for netcat-openbsd (versioned as 1.226-1.1) and
> uploaded it to DELAYED/7. Please feel free to tell me if I
> should delay it longer.
Ooops sorry, that bug fell off-screen. No issue with the NMU, f
Control: reopen -1
Control: tag -1 - unreproducible moreinfo
On Sun, 14 Apr 2024 at 21:26:25 +0200, Guilhem Moulin wrote:
> At this point something triggered rebuilding a new initramfs image, but
> that's not src:cryptsetup as none of its binary packages have been
> upgraded y
On Sat, 13 Apr 2024 at 10:06:32 -0400, Wesley Schwengle wrote:
> I had the same issue a while back, because of the t64 transitioning I chaulked
> it up to that. I fixed it as described in Ubuntu bug:
>
> https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1958594
libcryptsetup12 doesn't
On Fri, 12 Apr 2024 at 14:37:16 +0200, Guilhem Moulin wrote:
> What is that “GUI” view? src:cryptsetup doesn't provide that, I wonder
> if it might be what needs libphtread.
FWIW, I later noticed you used a splash screen (plymouth) and thought it
might be because of that, but I s
Control: tag -1 + unreproducible moreinfo
On Fri, 12 Apr 2024 at 12:45:09 +0200, Milan Broz wrote:
> Just FYI (for upstream code): if cryptsetup/libcryptsetup is linked with
> OpenSSL >= 3.2,
> it does not need libphtread (as threads are implemented in OpenSSL for Argon2
> internally).
Thanks f
On Sat, 06 Apr 2024 at 13:37:23 +0200, Christian Schwamborn wrote:
> Just out of curiosity: Why aren't those patches the current stable
> bookworm package of roundcube-plugins-extra included?
Because the issues were not fixed in time for the Bookworm freeze. An
upload to bookworm-backports might
On Tue, 19 Mar 2024 at 13:50:34 +0100, Daniel Gröber wrote:
> Ah, that makes sense. Well that's easy enough for me to fix then not sure
> how I missed that while staring at the hook script. I really should have my
> green tea before reporting bugs ;)
>
> Sorry for the noise.
No worries :-) I beli
Control: tag -1 moreinfo
Hi,
On Tue, 19 Mar 2024 at 12:37:08 +0100, Daniel Gröber wrote:
> In that setup there's really no point to reusing the hosts' private
> keys and expose them in the initrd unencrypted.
Agreed, but AFAICT that's not the case anymore since 2015.68-1. New
host keys are gene
Hi Sebastian,
Great to hear OpenSSL 3.2 will soon be entering sid! :-)
On Wed, 06 Mar 2024 at 07:59:53 +0100, Sebastian Andrzej Siewior wrote:
> I'm currently puzzled where to look at. Could you please have a look?
It seems openssl-req(1ssl) now generates X.509 version 3 certificates by
default.
Hi Helmut,
On Tue, 27 Feb 2024 at 14:28:33 +0100, Helmut Grohne wrote:
> Please reupload the patch to experimental (with a version higher than
> unstable) assuming that cryptsetup-nuke-password will use version 5 as I
> am in contact with Raphael Hertzog.
Done in 2:2.7.0-1+exp2. Note though that
ound in the ‘cryptsetup’ binary
package have spewed a loud warning for plain devices from crypttab(5)
where ‘cipher=’ or ‘hash=’ are not explicitly specified. The
cryptsetup(8) executable now issue such a warning as well.
-- Guilhem Moulin Wed, 29 Nov 2023 17:19:10 +0100
Also
On Tue, 27 Feb 2024 at 13:19:16 +0100, Helmut Grohne wrote:
> Can you explain why you reverted? We need this change in unstable
> sooner rather than later to move forward with base-files and I already
> announced my intention to NMU.
The first message of this bug reads:
| * Please upload these c
On Wed, 14 Feb 2024 at 13:58:00 +, Patrick Schleizer wrote:
> This is not a bug in a downstream distribution.
> […]
> Could this be fixed in Debian please?
I don't see how this would be a bug in cryptsetup-initramfs when
mkinitramfs(8) explicitely says DESTDIR should not be mounted with the
no
Control: reassign -1 roundcube-mysql
Control: tag - 1 unreproducible
On Tue, 13 Feb 2024 at 11:47:12 +, Andrew Gallagher via
Pkg-roundcube-maintainers wrote:
> When upgrading roundcube to the latest version, the mariadb schema
> upgrade fails due to a missing table "roundcube.filestore".
> Th
Control: tag -1 moreinfo
Hi,
On Fri, 02 Feb 2024 at 18:44:43 -0500, abrasamji wrote:
> update-initramfs log excerpt with set -x:
>
> Calling hook cryptkeyctl
> + PREREQ=cryptroot
> + . /usr/share/initramfs-tools/hook-functions
> + [ ! -x /tmp/user/0/mkinitramfs_LhQz6c/lib/cryptsetup/scripts/decry
On Thu, 01 Feb 2024 at 17:08:39 +0100, Jordi Mallach wrote:
> Upstream fixed this in
> https://github.com/roundcube/roundcubemail/commit/504cdb89a5ed2c0c3491f99abb206dfb42b1200b
> and the patch applies well to the bookworm branch.
That branch aims at following upstream's 1.6.x so I'm reluctant to
On Thu, 25 Jan 2024 at 04:44:12 +0100, Guilhem Moulin wrote:
> [ Changes ]
>
> Fix CVE-2023-34194: Reachable assertion (and application exit) via a
> crafted XML document with a '\0' located after whitespace.
Per https://bugs.debian.org/1061473#12 I guess you'd like C
Control: tags -1 - moreinfo
On Mon, 29 Jan 2024 at 21:55:37 +, Adam D. Barratt wrote:
>
> On Thu, 2024-01-25 at 04:45 +0100, Guilhem Moulin wrote:
>> Fix CVE-2023-34194: Reachable assertion (and application exit) via a
>> crafted XML document with a '\0&#x
Control: reassign -1 roundcube-core 1.6.6+dfsg-1
Control: forwarded -1 https://github.com/roundcube/roundcubemail/issues/5051
Control: tag -1 upstream
On Sat, 27 Jan 2024 at 15:38:43 +0100, BohwaZ wrote:
> I am suggesting this patch here as upstream doesn't want to fix
> this longstanding issue:
>
size to 4G as the previous size was
+too small for bullseye-security updates (kernel etc.).
+ * Salsa CI: Target bullseye and disable lintian job.
+
+ -- Guilhem Moulin Fri, 26 Jan 2024 12:00:26 +0100
+
dropbear (2020.81-3) unstable; urgency=medium
* Initramfs: Use 10 placeholders in
ently end up with a
+connection for which some security features have been downgraded or
+disabled, aka a Terrapin attack. (Closes: #1059001)
+
+ -- Guilhem Moulin Fri, 26 Jan 2024 10:01:00 +0100
+
dropbear (2022.83-1) unstable; urgency=medium
* New upstream release 2022.83. Suppor
ument with a '\0' located after whitespace.
+ (Closes: #1059315)
+
+ -- Guilhem Moulin Thu, 25 Jan 2024 04:27:36 +0100
+
tinyxml (2.6.2-6) unstable; urgency=medium
* Import fix for CVE-2021-42260.
diff -Nru tinyxml-2.6.2/debian/patches/CVE-2023-34194.patch
tinyxml-2.6.2/
d XML document with a '\0' located after whitespace.
+ (Closes: #1059315)
+
+ -- Guilhem Moulin Thu, 25 Jan 2024 04:12:05 +0100
+
tinyxml (2.6.2-4+deb11u1) bullseye; urgency=medium
* Import fix for CVE-2021-42260.
diff -Nru tinyxml-2.6.2/debian/patches/CVE-2023-34194.patch
tinyxml-
On Thu, 25 Jan 2024 at 03:54:46 +0100, Guilhem Moulin wrote:
> [x] attach debdiff against the package in oldstable
Oops, doing that now :-)
--
Guilhem.
diffstat for xerces-c-3.2.3+debian xerces-c-3.2.3+debian
changelog |
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: xerce...@packages.debian.org
Control: affects -1 + src:xerces-c
[ Reason ]
xerces-c 3.2.3+debian-3 is vulnerable to CVE-2023-37536 (Integer
overflows in DFAContentMo
Hi,
On Tue, 19 Dec 2023 at 09:08:00 +0100, Salvatore Bonaccorso wrote:
> The following vulnerability was published for dropbear.
>
> CVE-2023-48795[0]:
> […]
> Dropbear commit [1] implements the Strict KEX mode as well. In my
> understanding of [2] the issue might be less of a security concern for
Hi,
On Tue, 23 Jan 2024 at 10:15:02 +0100, Raphael Hertzog wrote:
> when do you plan to upload a cryptsetup moving the files to /usr?
I can have a look after the week-end or in early February. There are
other issues I'd like to fix in the next upload.
| I see that this may sound scary. We'll ge
On Sun, 31 Dec 2023 at 22:07:07 +0800, YunQiang Su wrote:
> systemd-cryptsetup doesn't have suspend support.
> cryptsetup-suspend will fails.
Hence a wishlish bug? :-) FWIW I'm part of the cryptsetup packaging
team, which is upstream for cryptsetup-suspend. cryptsetup-suspend
supports all unlock
On Sun, 31 Dec 2023 at 21:22:36 +0800, YunQiang Su wrote:
>> Is there any reason to not just use systemd-cryptenroll?
>
> Yes. I tried to use systemd-cryptenroll, while it cannot work with
> cryptsetup-suspend.
> I need a way to suspend or hibernate without disks decrypted.
Seems like this should
Hi,
On Sun, 31 Dec 2023 at 18:49:30 +0800, YunQiang Su wrote:
> 2 mthods are supported for 2 FA:
> - Yubikey Challenge
> - TPM2 Keypair
If your concern is to make these work with cryptsetup-initramfs, there
are #1023700 and #1031254 open against src:cryptsetup. The plan is to
have that in trixie
Hi,
On Thu, 28 Dec 2023 at 13:28:53 -0500, de...@blough.us wrote:
> Thanks for doing this.
>
> I don't have a lot of free time at the moment, so please feel free to NMU.
Thanks for the fast reply! 3.2.4+debian-1.1 is now in trixie, you'll
find the commits and tag at
https://salsa.debian.org/lts-
On Sat, 30 Dec 2023 at 21:02:16 +0100, Felix Geyer wrote:
> There are some minor changes staged in the salsa git repo. It would be good
> to include them as well. Feel free to push the patch to git and upload.
> Alternatively a merge request works as well of course.
Thanks for the fast response!
d in buster-security, bullseye, bookworm and sid, evade the
infinite loop by blindly advancing the pointer.
Cheers,
--
Guilhem.
[0] https://www.forescout.com/resources/sierra21-vulnerabilities
From: Guilhem Moulin
Date: Sat, 30 Dec 2023 14:15:54 +0100
Subject: Avoid reachable assertion via crafte
Hi,
Upstream has now released 3.2.5 which fixes the issue
https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12352411&styleName=Text&projectId=10510
The fix can be found at
https://github.com/apache/xerces-c/pull/54
https://github.com/apache/xerces-c/commit/e0024267504188e42
Control: tag -1 - moreinfo
Hi,
On Thu, 21 Dec 2023 at 21:59:40 +, Jonathan Wiltshire wrote:
> On Mon, Dec 18, 2023 at 02:10:20PM +0100, Guilhem Moulin wrote:
>> [ Reason ]
>>
>> 1. cryptsetup-suspend 2:2.6.1-4~deb12u1 was found incompatible with
>> systemd 254.1
: #1036049, #1057441)
+
+ [ Guilhem Moulin ]
+ * add_modules(): Change suffix drop logic to match initramfs-tools.
+ * Fix DEP-8 tests with kernels shipping compressed modules.
+ * d/salsa-ci.yml: Set RELEASE=bookworm.
+
+ -- Guilhem Moulin Mon, 18 Dec 2023 03:41:04 +0100
+
cryptsetup (2:2.6.1-4~deb12u
On Sun, 10 Dec 2023 at 19:05:05 +0100, Daniel Huhardeaux via
Pkg-roundcube-maintainers wrote:
> root@wwwmail11:/etc/roundcube# ls -l /etc/roundcube/plugins/jqueryui/
> total 20
> -rw-r--r-- 1 root root 1030 14 oct. 18:34 composer.json
> -rw-r--r-- 1 root root 307 14 oct. 18:34 config.inc.php.di
Control: tag -1 moreinfo unreproducible
Hi,
On Sat, 09 Dec 2023 at 16:37:58 +0100, tootai via Pkg-roundcube-maintainers
wrote:
> -- Configuration Files:
> /etc/roundcube/defaults.inc.php changed:
Hmm I guess we shouldn't ship that file as a conffile, but since
1.4.1+dfsg.1-1 its header reads
Control: tag -1 moreinfo unreproducible
On Thu, 23 Nov 2023 at 12:26:21 +0100, Harald Dunkel wrote:
> If you upgrade your Laptop from Debian 11 to 12, then resume from an
> encrypted swap partition is broken. There is a passphrase dialog at
> boot time as usual, but the image on the swap partition
Control: tag -1 - wontfix
On Thu, 30 Nov 2023 at 00:22:45 +0100, Guilhem Moulin wrote:
> On Thu, 30 Nov 2023 at 00:13:44 +0100, Dmitry Katsubo wrote:
>> For the subsequent calls I ma not sure – I've got an impression that
>> this service is run only once at system startup.
&
On Thu, 30 Nov 2023 at 00:13:44 +0100, Dmitry Katsubo wrote:
> For the subsequent calls I ma not sure – I've got an impression that
> this service is run only once at system startup.
No, it's supposed to run once a day at 00:05 local time, see the
associated .timer unit.
If the impact is only tha
On Wed, 29 Nov 2023 at 19:48:09 +0100, Dmitry Katsubo wrote:
> After= is not the same as Requires=
> If the service is not present, it is just noop.
> You might wish to add all supported RDBMS into After=.
One could also imagine systems where one (or more) of these .service
files exists but isn't
On Wed, 29 Nov 2023 at 14:11:09 +0100, William Desportes wrote:
> I had put an interface name: ens9.123 thinking it would take the VLAN tag.
> But it triggered the crash. Removing the ".123" fixes it.
That's #1015287.
As written in msg#42 dropbear-initramfs doesn't configure the network by
itself
Control: tag -1 moreinfo
On Wed, 29 Nov 2023 at 01:14:27 +0100, Dmitry Katsubo via
Pkg-roundcube-maintainers wrote:
> The service roundcube-cleandb should be run after MySQL/MariaDB is started:
>
> === file /lib/systemd/system/roundcube-cleandb.service ===
>
> [Unit]
> After=mariadb.service
>
> =
On Mon, 20 Nov 2023 at 11:24:00 +0100, Yannik Sembritzki wrote:
> I just had a look at your patch. I think it's the right idea to rather use
> what is already there, instead of always creating our own stuff/overwriting
> existing /etc/passwd and /etc/nsswitch.
>
> Thank you!
You're welcome :-)
>
On Mon, 20 Nov 2023 at 10:42:30 +0100, Yannik Sembritzki wrote:
> Would you be open to a two step approach like this:
>
> 1. fix the reproducibility bug
> 2. improve the root directory creation process (I can create another bug to
> track this)
Just pushed
https://salsa.debian.org/debian/dropbear
Control: retitle -1 dropbear-initramfs makes initramfs non-reproducible
Control: severity -1 wishlist
Control: tag -1 - patch
Hi,
On Sun, 19 Nov 2023 at 15:45:22 +0100, Yannik Sembritzki wrote:
> One solution would be to simply always use /root-dropbear-initramfs.
I'm not in favour of that solut
Control: tag -1 wontfix
Hi,
On Tue, 07 Nov 2023 at 10:38:49 +0100, Marco Emilio Poleggi wrote:
> It looks like the file 'opengpg.js.min' for the 'enigma' plugin is
> missing.
This is intentional, see roundcube-plugins.NEWS:
https://salsa.debian.org/roundcube-team/roundcube/-/blob/debian/latest/d
Source: roundcube
Version: 1.6.4+dfsg-1
Severity: important
Control: found -1 1.6.4+dfsg-1~deb12u1
Tags: security upstream
Roundcube webmail upstream has recently released 1.6.5 which fixes the
following vulnerability:
* Fix cross-site scripting (XSS) vulnerability in setting
Content-Type/Con
Source: roundcube
Version: 1.6.3+dfsg-2
Severity: important
Tags: security upstream
Control: found -1 1.3.17+dfsg.1-1~deb10u3
Control: found -1 1.4.14+dfsg.1-1~deb11u1
Control: found -1 1.6.3+dfsg-1~deb12u1
Control: forwarded -1 https://github.com/roundcube/roundcubemail/issues/9168
In a recent po
On Thu, 28 Sep 2023 at 18:53:46 +0100, Adam D. Barratt wrote:
> --- a/CHANGELOG.md
> +++ b/CHANGELOG.md
> @@ -1,5 +1,54 @@
> # Changelog Roundcube Webmail
>
> +## Unreleased
> +
>
> That seems wrong, given that you're uploading a released version.
Well spotted but that one is upstream's, see
htt
On Thu, 28 Sep 2023 at 18:26:07 +0300, Martin Dosch via
Pkg-roundcube-maintainers wrote:
> Are there plans to also upload it to stable-pu?
See #1052629
--
Guilhem.
lseye; urgency=high
+
+ * New security/bugfix upstream release:
++ Fix CVE-2023-43770: cross-site scripting (XSS) vulnerability in handling
+ of linkrefs in plain text messages. (Closes: #1052059)
++ Enigma: Fix initial synchronization of private keys.
+ * d/u/signing-key.asc: Add Ale
Control: tag -1 + moreinfo unreproducible
Hi,
On Sun, 24 Sep 2023 at 14:42:27 +0200, Eduard Bloch wrote:
> we have a problem here. After latest upgrades, I am no longer able to
> boot into a system with LUKS-encrypted rootfs. This worked just fine a few
> weeks ago. I jumped in circles in the sea
On Fri, 22 Sep 2023 at 10:56:59 +0300, Guilhem Moulin wrote:
> I'll suggest debdiffs targetting {bullseye,bookworm}-security after
> the week-end.
Oh, didn't see the Security Team tagged this as no-dsa. Will target
{bullseye,bookworm} then.
--
Guilhem.
signature.asc
1 - 100 of 1024 matches
Mail list logo
