> The obvious solution is to add this binary to "abstractions" and reload
> apparmor.
Confirmed that adding the following
/usr/libexec/qemu-system-i386 rmix,
to
/etc/apparmor.d/abstractions/libvirt-qemu
in bookworm 12.7 gets past this error. (At or about line 174 looks
reasonable.)
And th
ing config file /etc/default/grub with new version
Installing for x86_64-efi platform.
grub-install: error: attempt to install to encrypted disk without cryptodisk
enabled. Set `GRUB_ENABLE_CRYPTODISK=y' in file `/etc/default/grub'.
Failed: grub-install --target=x86_64-efi
WARNING: Boot
d of August.
>
> Yes, I am indeed interested. What about Brian who is listed as uploader?
> Is he still active / interested? Adding an explicit CC to him to check
> what his take on this is.
I have not looked at or used Rabbitmq in any way shape or form for years
now.
--
Brian May @ Debian
eport about license incompatability between
libreadline (GPL) and openssl, but AFAIK we no longer use libreadline so
that shouldn't be an issue anymore.
--
Brian May @ Debian
Hello Maintainer,
Update: I figured out why firefox was hanging, because pipewire was not
running. When I added pipewire to my Xsession file, firefox esr starts with no
issue. Still kinda weird that it hangs, maybe its not supposed to do that?
Thank you,
Olivia
Package: firefox-esr
Version: 115.10.0esr-1~deb12u1
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: olivia@tuta.io
Dear Maintainer,
I'm using devuan daedalus with openrc, using an unforked firefox-esr package
(meaning it's identical to the debian package). When I try to
running the
wrong command.
Any thoughts?
Maybe I should ask the MIT kerberos maintainer for opinions here also.
--
Brian May @ Debian
1:2.11.1-5+deb11u1) oldstable; urgency=medium
+
+ * CVE-2024-28054: Handle multiple boundary parameters that contain
+conflicting values.
+
+ -- Brian May Sun, 31 Mar 2024 18:16:32 +1100
+
amavisd-new (1:2.11.1-5) unstable; urgency=medium
* Add missing dependency on libnet-snmp-pe
ew (1:2.13.0-3+deb12u1) stable; urgency=medium
+
+ * Fix race condition in postinst. Closes: #1064349.
+ * CVE-2024-28054: Handle multiple boundary parameters that contain
+conflicting values.
+
+ -- Brian May Fri, 01 Mar 2024 09:56:51 +1100
+
amavisd-new (1:2.13.0-3) unstable; urgency=m
#x27;t exist. I
> haven't checked it on Debian 11 but we use amavis on Debian 10
> sysvinit.
If all goes to plan, I am about to upload version 1:2.13.0-4 which I
think should fix this problem.
It seems to work OK for me, but would appreciate it if you can test it
and confirm it works for you.
If it fails, please reopen the bug report.
--
Brian May @ Debian
ave conflicting opinions here. But if we
wanted to get rid of them, now would probably be a really good time.
--
Brian May @ Debian
first before it sets the dpkg-statoverride stuff.
But if that is the case, I would have thought it would fail with systemd
also.
Just my random thoughts, I don't have time to look at this right now.
--
Brian May @ Debian
ound correct?
Although maybe this does not matter, I see that there is already a
serious bug against openafs anyway since
August... https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043131
--
Brian May @ Debian
Samuel Thibault writes:
> I checked all *_amd64.so packages, apparently libafsauthent2 is using
> rk_strlcpy and rk_strlcat from libroken, so a Breaks transition is
> needed for that.
Whaat is the process for a breaks transition?
--
Brian May @ Debian
Package: fluidsynth
Version: 2.3.1-2
Severity: critical
Justification: breaks unrelated software
X-Debbugs-Cc: dusthillresid...@gmail.com
Dear Maintainer,
I installed rosegarden, lmms, and the fluidsynth package. (I'm not sure which
of these did it but presumably it's fluidsynth.)
Upon reboot,
This bug was fixed in kernel version 6.1.33 by commit
e8631d84c01ece34670af0d300a6f88d86d12f70. I compiled from source and confirm
that the problem is indeed fixed in 6.1.33.
The root of the problem is that the "family" in the SMBIOS is "Lenovo
ThinkSystem HR330A/HR350A" not "eMAG", so a worka
Upon further investigation, this problem appears to be related to the kernel
version (6.1.0-9-arm64).
After booting into my new Debian 12 installation, efibootmgr hung with no
output when I attempted to delete a boot entry (`sudo efibootmgr -Bb 0006`). I
downloaded the Bullseye kernel deb pack
s:1000444k SSFS
[ 398.952999] EXT4-fs (sda2): mounted filesystem with ordered data mode. Quota
mode: none.
[ 398.963417] FAT-fs (sda1): Volume was not properly unmounted. Some data may
be corrupt. Please run fsck.
[ 850.581829] fuse: init (API version 7.37)
[ 887.150168] rcu: INFO: rcu_sched det
Johannes Schauer Marin Rodrigues writes:
> thank you! Would you like me to take care of filing the unblock request with
> release.debian.org or would you like to take care of that yourself?
Can you please do this?
Thanks
--
Brian May @ Debian
Salvatore Bonaccorso writes:
> Version: 7.8.git20221117.28daf24+dfsg-1.1
Are you sure this applies to the unstable version?
I can only find one out of two chunks in the patch. Maybe it was already
fixed in the stable branch which we use for unstable?
--
Brian May @ Debian
ent. If somebody wants to
contribute a tested merge request to
https://salsa.debian.org/debian/heimdal to do this, that would be
appreciated :-)
--
Brian May
\
--with-libedit=/usr \
--enable-kcm \
--with-hdbdir=/var/lib/heimdal-kdc \
--without-openssl \
--without-krb4
--
Brian May
Helmut Grohne writes:
> Is there a significant advantage over "apt-get build-dep -y ./"?
I wasn't aware that apt-get build-dep could now use a local source
directory. Thanks, will try that,
--
Brian May
ge provides it. It comes from heimdal itself and is added by
> my patch. So you first need to perform a native build and then once that
> native build is accessible, you can perform a cross build.
Hmmm. Not entirely convinced here. If you look at the messages, it is
clearly trying to locate a package called "" in addition to the
correct package name.
--
Brian May
n
E: Unable to locate package
Is "heimdal-multidev-bin ," correct syntax? If so, maybe
apt-get-build-depends doesn't support it.
--
Brian May
o believe this is an openldap issue.
--
Brian May
his file. Which breaks Debian
packages.
If you don't agree with me, then assign this bug back to sshuttle and I
will deal with it. In fact latest upstream sshuttle removes
setuptools-scm support anyway.
--
Brian May
On Sat, Aug 06, 2022 at 03:57:47PM +0200, julien.pu...@gmail.com wrote:
> reassign 1015044 sshutle 1.0.1-1
errr, typo here in the package name.
--
Brian May
where it was found that we had to use
/var/lib/heimdal-kdc/heimdal.mkey not /var/lib/heimdal-kdc/m-key
I am guessing that the default must have changed somewhere.
--
Brian May
heimdal-1.2.dfsg.1/lib/hdb/hdb-ldap.c.
>
> Its now calculated dynamically. sambaPwdLastSet + sambaMaxPwdAge
This was forwarded upstream, but probably lost many years ago.
Do we need to open a new upstream bug report?
--
Brian May
On Sat, Jul 03, 2010 at 01:23:36PM +0200, Per Olofsson wrote:
> This bug still exists in the latest version.
Over 10 years later, is this still an issue?
If so we need to create a new upstream report.
If not we need to close this bug report.
--
Brian May
d dif (which is probably totally wrong and shouldn't be
> applied anywhere outside of a test instance) to Heimdal 1.5 makes the
> kdc work again with no error.
Over 10 years later, anyone know if this is still an issue?
If no response, will assume fixed and close this bug report.
Otherwise we should open a new upstream bug report.
--
Brian May
ackage maintainer I
have tagged this "wontfix".
--
Brian May
an release. Even if there has not been any
stable releases in years.
And I think cherry-picking a change from the git branch isn't any better
either. Maybe worse, we won't automatically get bug fixes for the change
we cherry-picked.
--
Brian May
On Mon, Aug 15, 2022 at 11:32:45AM +1000, Brian May wrote:
> Actaully, I am confused, how come this list here is different from the
> list in #1016884?
Sorry, too much multi-tasking here..
That does show the exact same symbol rk_closefrom was removed.
This is a duplicate bug.
--
Brian May
verride_dh_makeshlibs] Error 25
Actaully, I am confused, how come this list here is different from the
list in #1016884?
--
Brian May
I think this is a duplicate of #1016884.
--
Brian May
.0 1.4.0+git20110226
> +#MISSING: 7.7.0+dfsg-4+b1# rk_closefrom@HEIMDAL_ROKEN_1.0 1.4.0+git20110226
What would be considered an acceptable solution here?
Presumably I can't just delete the symbol, that might break stuff.
Also see https://github.com/heimdal/heimdal/issues/1006
--
Brian May
p/version.py 2022-07-26 07:58:22.490171539 +1000
@@ -1,5 +1,5 @@
# coding: utf-8
# file generated by setuptools_scm
# don't change, don't track in version control
-version = '1.1.0'
-version_tuple = (1, 1, 0)
+__version__ = version = '1.1.0'
+__version_tuple__ = version_tuple = (1, 1, 0)
--
Brian May
gt; can keep up with the solution of this issue.
I think this was fixed when the following was merged:
https://github.com/sshuttle/sshuttle/pull/712
But there hasn't been a release since. I guess this needs to be
rectified.
--
Brian May
SONAME [1].
Are you sure about that?
I have not seen any soname change in any version of Heimdal that has
been released, and no reference to a change until version 8.0, which has
not been released.
https://github.com/heimdal/heimdal/issues/279
--
Brian May
Brian May writes:
> * Patch breaks compilation on latest Heimdal release:
https://github.com/heimdal/heimdal/issues/849
Upstream solution is use the git version :-(
--
Brian May
'
make[1]: *** [debian/rules:38: override_dh_auto_configure] Error 2
Anyway, just my status for now. Help appreciated :-)
--
Brian May
Bastien ROUCARIES writes:
> Whitout source image it is hard to say...
>
> Please join source images
What is the preferred way to supply you copies of the image?
I don't think I can send large files to the BTS (unless I am mistaken).
--
Brian May
ot;Waiting for br0 to come online" would
have really helped.
--
Brian May
Package: network-manager
Version: 1.30.0-2
Severity: important
File: NetworkManager-wait-online.service
$ systemctl status NetworkManager-wait-online.service
● NetworkManager-wait-online.service - Network Manager Wait Online
Loaded: loaded (/lib/systemd/system/NetworkManager-wait-online.serv
Package: imagemagick-6.q16
Version: 8:6.9.11.60+dfsg-1.3
Severity: important
File: /usr/bin/mogrify-im6.q16
$ mogrify -verbose -write /dev/null
/home/brian/photos/images/orig/1990/04/01/flood001.tif
/home/brian/photos/images/orig/1990/04/01/flood001.tif TIFF 6639x3984
6639x3984+0+0 8-bit TrueCo
Package: imagemagick-6.q16
Version: 8:6.9.11.60+dfsg-1.3
Severity: important
File: /usr/bin/mogrify-im6.q16
$ /usr/bin/mogrify-im6.q16 -verbose -write /dev/null
/home/brian/photos/images/orig/2005/03/19/IMG_4706.CR2
'ufraw-batch' --silent --create-id=also --out-type=png --out-depth=16
--output='
Package: ftp.debian.org
Severity: important
Similar to #974877 in fact:
=== cut ===
packer_0.10.2+dfsg-6+deb9u1_amd64.deb: Built-Using refers to non-existing
source package golang-fsnotify (= 1.4.2-1)
===
Please feel free to respond to this email if you don't understand why
were rejected, or if you upload new files which address our
concerns.
=== cut ===
As instructed I responded to the email:
=== cut ===
Brian May (Tue. 16:52) (lts watch)
Subject: Re: rclone_1.35-1+deb8u1_amd64.changes REJECTED
To: Debian FTP Masters ,
d...@security.debia
cripts/-/commit/4164cdce33b5d668b0ae3435eaa7028c4d172590
Thanks!
--
Brian May
Mattia Rizzolo writes:
> You should be able to do that with -D already.
For the record, that only helps set the distribution field. The
automatically generated version number is still wrong (+deb8u1 instead
of +deb9u1).
--
Brian May
Package: devscripts
Version: 2.20.4
Severity: normal
File: /usr/bin/debchange
dch --lts hardcodes Jessie. But Jessie is no longer correct, Stretch is
the current lts distribution
It would be good if it was possible to override the default somehow.
e.g. via another command line argument.
=== cut
ll keep a note of it for future.
--
Brian May
Package: kdenlive
Version: 20.08.2-1
Severity: grave
Justification: renders package unusable
If I try to start kdenlive on a new system that has never run kdenlive
before, it aborts with an error.
$ kdenlive
Using modified system locale without group separator for numbers
NEW LC_ALL en_AU.UTF-8
M
Dmitry Shachnev writes:
> I would be happy to update the packaging to the latest upstream
> release (1.1) and upload it, if the maintainer (Brian) wants so.
That is good with me.
Thanks.
--
Brian May
Charles Goyard writes:
> Please find attached a patch that updates the documentation with this
> respect.
Thanks. Now uploaded new version.
--
Brian May
- is adding the clamav user to the amavis group enough?
> - should the amavis group should be made primary to clamav as of now?
> - or any other correct configuration path?
Patches welcome to fix this. I believe (but 100% certain) that you
follow the instructions as is, but skip the AllowSupplementaryGroups
which isn't required anymore.
--
Brian May
ugs.debian.org/954300 - this also includes a reference to
the upstream fix which will fix the breakage and expose the security
issue here.
Regardless, I created an upstream bug, see:
https://github.com/keplerproject/cgilua/issues/17
--
Brian May
severity 954300 important
thanks
On Fri, Mar 20, 2020 at 07:54:45AM +1100, Brian May wrote:
> As far as I can tell - please do say if I am wrong - this package is
> completely useless with LUA5.1, as packaged.
I was forgetting that lua-cgi is more then just the session management.
Package: lua-cgi
Version: 5.2~alpha2-1
Severity: serious
Justification: renders package useless
As far as I can tell - please do say if I am wrong - this package is
completely useless with LUA5.1, as packaged.
When run with the following code:
=== cut ===
session = require("cgilua.session")
sess
ing to help here, this is a known issue.
Regards
--
Brian May
myself.
How does the following (attached) look?
I am wondering if I should just drop amavis-mc. It looks like it is just
a supervisor for amavisd-new, which systemd provides anyway. Also it
looks like a required dependency may not be in buster (libzeromq-perl
AFAIK).
Actually, I accidentally
Brian May
is looks like it could be non-trivial to fix.
--
Brian May
to be incomplete,
lintian complains with the following errors:
E: amavisd-new: omitted-systemd-service-for-init.d-script amavis-mc
E: amavisd-new: omitted-systemd-service-for-init.d-script amavisd-snmp-subagent
Maybe we need some sort of disabled by default systemd file for these
services too?
--
Brian May
Holger Levsen writes:
> awesome, merged, thank you! Do you think we can close this bug now?
Fine with me...
--
Brian May
Brian May writes:
> Is it OK if we simply delete this line?
Done by https://salsa.debian.org/webmaster-team/webwml/merge_requests/298
--
Brian May
Brian May writes:
> When I just tested it I found that the index contains entries for both
> files, however the DSA--2 entry is incorrectly titled as DSA- instead
> of DSA--2.
Actually it looks like this was deliberate.
The file template/debian/recent_list_security.wm
-2 entry is incorrectly titled as DSA- instead
of DSA-nnnn-2.
--
Brian May
Mark Hindley writes:
> Since this upload was an LTS NMU, I should have copied you in.
Thanks for the report. It looks like the fix for CVE-2019-10871 might be
broken, and I might have to revert this change.
--
Brian May
Brian May writes:
> If it is not needed anymore, and nobody has the time to maintain it,
> might be best to remove it.
Removal request sent, see Bug#940923.
--
Brian May
Package: ftp.debian.org
Severity: normal
This package is no longer required, and has no interest.
See #916614.
LA-607?
Oops. I looked at it, then forgot to finish.
See https://salsa.debian.org/webmaster-team/webwml/merge_requests/222
Not sure why you referenced dla-377 - is there something wrong with this
one?
--
Brian May
ing for DLA 145-2
I believe all of these have now been resolved.
--
Brian May
fix was reverted, which means in turn means that
CVE-2015-TEMP-1 was not fixed despite DLA 145-1 declaring otherwise,
however no point worrying about that now :-)
Where to from here? Should I invent an appropriate DLA-145-2 based on
the information above?
--
Brian May
n't run that command myself.
Thanks
--
Brian May
ython 2 unless we reverted package to Django
1.11.x.
--
Brian May
Hilmar Preuße writes:
> Are you still interested in having this issue solved? If yes I'd find
> out, where the bug is located (I guess xmltex is correct as you found
> out) and then report @upstream.
I am no longer using docbook stuff in Debian.
Regards
--
Brian May
https://lin
non PKINIT.
+Closes: #929064.
+ * Update test certificates to pre 2038 expiry. Closes: #923930.
+
+ -- Brian May Tue, 21 May 2019 18:04:35 +1000
+
+heimdal (7.5.0+dfsg-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload
+ * Add patch to create headers before building (Closes: 906623)
+
Jeffrey Altman writes:
> The following commit has been merged to heimdal-7-1-branch.
>
> ...
>
> commit 8ed97b8583e000288b40a14efb901cbaf4c5d5c7 (origin/heimdal-7-1-branch)
> Author: Quanah Gibson-Mount
> Date: Thu May 23 15:06:33 2019 +
>
> Regenerate certs
Brian May writes:
> This implies it should be possible for ap application to request 64 bit
> time_t, but not sure how.
I see proposals to setting _TIME_BITS=64 from 2015, however I don't
actually see any reference to this being implemented yet.
https://lwn.net/Articles/664800/
--
Brian May
Brian May writes:
> My vague understanding is that this might already be possible by
> defining __USE_TIME_BITS64.
I may not have got this exactly right:
/*
* The event structure itself
* Note that __USE_TIME_BITS64 is defined by libc based on
* application's request to use 64
is might already be possible by
defining __USE_TIME_BITS64.
Having problems trying to verify this right now however.
--
Brian May
b.com/quanah/heimdal/commit/e3cd069e5c40b455541508b81ffeb0563e882aed
--
Brian May
of Jessie and Stretch security updates
here).
=== cut ===
From: Brian May
Date: Wed, 22 May 2019 17:19:48 +1000
Subject: Disable tests that are failing due to expired cert
See https://bugs.debian.org/923930
---
lib/hx509/Makefile.am | 3 ---
tests/kdc/Makefile.am | 3 ---
2 files changed, 6 d
On Mon, May 20, 2019 at 09:53:27PM +0200, Giovanni Mascellani wrote:
> Upstream confirms that an update that handles 32 bit archs is not on the
> radar soon. I don't know what it is the best way forward now, but if it
> is decided that it is ok the ignore the error for 32 bit archs
Salvatore Bonaccorso writes:
> Ah right, this is #923930?
Yes, looks like it. I didn't get the recent emails, thanks for the
reference. I have now followed up there.
--
Brian May
e[1]: Leaving directory '/<>'
make: *** [debian/rules:7: build] Error 2
dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2
----
Build finished at 2019-05-21T08:56:44Z
=== cut ===
--
Brian May
amp;self);
+ kdc_log(context, config, 0, "Reject PA-S4U2Self with unkeyed
checksum");
+ ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
+ goto out;
+ }
+
ret = _krb5_s4u2self_to_checksumdata(context, &self, &datack);
if (ret)
goto out;
--
Brian May
sent
after DLA-578-1, before DLA-582-1, and the package name matches, and the
security tracker has similar title.
I can't find the original DLA that caused the breakage however.
I also noticed this other email without a DLA:
https://lists.debian.org/debian-lts-announce/2016/08/msg00010.html
As
On 2019-04-10 09:32, MK wrote:
Any chance of having this pushed into debian-release for buster via an unblock request?
This seems important to anyone running a mail server with amavis in buster.
I believe it was unblocked already:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926580
It
Tobias Frost writes:
> I've prepared an NMU for amavisd-new (versioned as 1:2.11.0-6.1) and
> uploaded it to DELAYED/10. Please feel free to tell me if I
> should delay it longer.
Thanks. This looks good to me. Feel free to upload immediately without
the delay if you want.
--
Brian May
Package: python-rdflib-tools
Version: 4.2.2-2
Severity: normal
(sid-amd64-default)root@silverfish:/home/brian# csv2rdf
Traceback (most recent call last):
File "/usr/bin/csv2rdf", line 6, in
from pkg_resources import load_entry_point
ModuleNotFoundError: No module named 'pkg_resources'
I su
ment
from upstream. The problem has been fixed in the latest RC version of
celery.
I have a suspicion that the stable version of celery will work fine with
billiard 3.6.0.0, but not tested it.
--
Brian May
-d
>
> https://salsa.debian.org/exim-team/exim4/commit/7d69adc64e5006ce1d033acbd51681dc8aa3640d
>
> Alternatively (or additionally) setting --user should also work.
OK, thanks for this. I hadn't realized you could resolve this by passing
--exec and/or --user.
Hmmm. Presumably --exec may not be so
a result, I don't know how to fix #921016.
--
Brian May
> I don't know whether this is an issue from amavisd-new or dpkg
> (start-stop-daemon) but feel free to assign it properly.
Bug #921557 is relevant here.
--
Brian May
report.
I thought I had fixed the problem when I applied the patch in #913548
because there is no mention in that bug report that the patch is not
sufficient.
I really do not have any time to waste on such matters.
Regards
--
Brian May
Pierre-Elliott Bécue writes:
> Brian, do you have an issue with me releasing this upstream version?
No objections.
Thanks!
--
Brian May
1 - 100 of 1345 matches
Mail list logo
