Hi Rafael,
On Sat, Apr 20, 2024 at 09:13:58PM +0200, Rafael Laboissière wrote:
> Dear Maintainer,
>
> blhc triggers a NONVERBOSE BUILD error in src:fim
>
> https://salsa.debian.org/debian/fim/-/jobs/5618524
>
> [snip]
> $ blhc --debian --line-numbers --color ${SALSA_CI_BLHC_ARGS}
>
Hi,
On Fri, Apr 05, 2024 at 12:48:19AM -0400, Yogeswaran Umasankar wrote:
> eribe...@debian.org, Matthias Geiger
> Bcc: Subject: Re: false positive NONVERBOSE BUILD for rust code in Python
> modules
> Reply-To: Hi,
>
> I am having similar issue in another package 'python-cotengrust' [0].
> The
Hi,
On Wed, Apr 10, 2024 at 09:09:13PM +, aquilamac...@riseup.net wrote:
> The ${RELEASE} variable in the context of this issue refers to the
> specific Debian release being used during the Salsa CI process. One
> potential solution that has been considered is to ensure that
> blhc:${RELEASE}
Hi,
0.14 fixed some rust related issues. Could you please retest with
the latest version?
If it still fails please provide the full build log so I can
easily replicate it (didn't find an obvious way to download the
raw build log from salsa).
Best,
Simon
--
+ privacy is necessary
+ using gnupg
Hallo Emanuele,
On Thu, Aug 31, 2023 at 01:29:44PM +0200, Emanuele Rocca wrote:
> Hi,
>
> the flag -mbranch-protection=standard has been added to the default
> build flags for arm64, and -fcf-protection for amd64, since dpkg 1.22.0.
>
> It would be great if blhc could add support for both.
>
>
Hi,
sorry for the late response.
On Thu, Aug 31, 2023 at 01:24:04PM +0200, Emanuele Rocca wrote:
> Hi,
>
> the flag -fstack-clash-protection has been added to the default build
> flags for amd64, arm64, armhf, and armel in dpkg 1.22.0.
>
> It would be great if blhc could add support for it.
>
>
Hi Marco,
sorry for the late response.
On Sat, Aug 12, 2023 at 02:14:37PM +0200, Marco Mattiolo wrote:
> Dear Maintainer,
>
> while building an app (Calindori, calendar for Plasma mobile) to be included
> in Debian, I found what I think is an issue with blhc: in [1] it is found
>
>
Hi Soren,
sorry for the late response.
On Fri, Dec 15, 2023 at 01:16:38AM -0700, Soren Stoutner wrote:
> [snip]
>
> # cmake checking for compiler flags without setting CPPFLAGS
> next if $line =~ m{^\s*/usr/(bin|lib)/(ccache/)?c\+\+ -dM -E -c
> /usr/share/cmake-\S+/
>
On Thu, Aug 31, 2023 at 01:29:17PM -0300, Joao Eriberto Mota Filho wrote:
> Dear Simon Ruderich,
>
> Currently blhc fails to build from source in Debian Sid. This issue was
> detected in Salsa[1].
>
> [1] https://salsa.debian.org/debian/blhc/-/jobs/4635438
Hi Eriberto,
should b
Hi Uwe,
On Sun, May 07, 2023 at 09:17:48AM +0200, Uwe Kleine-König wrote:
> The idea is to have several ignore-line-regexp specs, where each is simpler
> and can be documented individually. However that doesn't work as blhc only
> uses one of them (don't remember, probably the first or the last).
On Wed, May 03, 2023 at 12:21:02PM +0200, Uwe Kleine-König wrote:
> Do you have a nice idea how to fix the test that does involve neither
> disabling the blhc tests nor disabling the perf tests? One idea is to
> not check debug builds (-Og or -O0) for the fortify stuff. Another is to
> allow
On Wed, Mar 15, 2023 at 11:31:01PM +0100, Andreas Beckmann wrote:
> Hi,
>
> blhc seems to misparse nvcc compilation as linking, reporting missing
> LDFLAGS:
Hi Andreas,
should be fixed in 21f2f4 [1].
Best,
Simon
[1]:
Hi,
upgrading to xpra 3.1.3 (latest 3.1 release) also fixes this bug.
The existing debian/ builds fine with 3.1.3, only the
systemd.patch needs to be removed (no longer necessary as
upstream now uses /etc/default/xpra).
Best,
Simon
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+
On Tue, Dec 27, 2022 at 05:48:20PM +0100, Christian Göttsche wrote:
> Please recognize -D_FORTIFY_SOURCE=3 as fortification enabled.
Hi,
should be implemented with [1]. Please test.
Best,
Simon
[1]
On Fri, Sep 30, 2022 at 11:19:16AM +0200, IOhannes m zmoelnig wrote:
> i've bumped into this with my 'o2' builds (which also uses "-fortify") on
> salsa, so it is not really "fixed" (as of 2022-09)
>
> of course i could add a 'blhc: ignore-line-regexp:', but in practice that
> would disable the
On Wed, Dec 21, 2022 at 11:00:56AM -0300, Eriberto wrote:
> Hi Simon,
>
> Could you check the patch below?
>
> Regards,
>
> Eriberto
>
> Em qua., 21 de dez. de 2022 às 03:51, Ross Vandegrift
> escreveu:
>>
>> Package: blhc
>> Version: 0.13-2
>> Followup-For: Bug #1019521
>> X-Debbugs-Cc:
On Sat, Jul 02, 2022 at 01:58:06AM -0400, Ben Westover wrote:
> It turns out that the debian/rules line works if I remove the start and end
> characters (in this case the quotes).
> This should either be changed so that --ignore-line and the debian/rules
> string use the same format, or it should
On Fri, Jul 01, 2022 at 03:28:51AM -0400, Ben Westover wrote:
> I attempted to make blhc ignore this by echoing
> "blhc: ignore-line-regexp: \.S", but it didn't work. I also tried to run
> blhc with the actual --ignore-line flag, but it was still picking up
> those lines. I even did a simplified
Hello,
the attached patch works for me as workaround for Bullseye. It adds the
missing file and updates the #include path to it. Apply it with
cd / && patch -p1 < /path/to/patch
With the patch I can successfully build kernels which use GCC
plugins on Bullseye.
Is it possible to apply a
On Tue, Oct 05, 2021 at 05:42:47PM -0300, Eriberto wrote:
> Em ter., 5 de out. de 2021 às 07:41, Simon Ruderich
> escreveu:
>>
>> On Wed, Sep 15, 2021 at 06:23:12PM -0300, Eriberto Mota wrote:
>>> Complementing, my local build jail uses /usr/bin/c++, but Salsa
On Tue, Oct 05, 2021 at 09:32:21PM +0200, Fabian Wolff wrote:
> On 10/5/21 1:48 PM, Simon Ruderich wrote:
>> Could you test the attached patch and tell me if this works for
>> you for real builds?
>
> Thankfully, I still had the full log file lying around in which I
&g
03336797f42295d1980827 Mon Sep 17 00:00:00 2001
Message-Id: <5cb3ea785d8c4602a703336797f42295d1980827.1633434227.git.si...@ruderich.org>
From: Simon Ruderich
Date: Tue, 5 Oct 2021 13:43:29 +0200
Subject: [PATCH] Strip (basic) environment variables before compiler detection
---
bin/blhc | 20 ++
On Sun, Feb 21, 2021 at 03:24:26PM -0500, Olek Wojnar wrote:
> I have run into this exact issue with bazel-bootstrap builds. [1] I love
> what blhc does so I'd rather not disable it due to these false positives,
> but I also like for the Salsa CI to let me know when a recent commit has
> caused a
On Wed, Sep 15, 2021 at 06:23:12PM -0300, Eriberto Mota wrote:
> Complementing, my local build jail uses /usr/bin/c++, but Salsa uses
> /usr/lib/ccache/c++. Consequently, my current rule in debian/rules is:
>
> @echo 'blhc: ignore-line-regexp: /usr/(bin|lib)/(ccache/)?c\+\+ -dM -E
> -c
Package: golang-1.16
Version: 1.16.3-1
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: si...@ruderich.org
Hello,
since the update to 1.16.3-1 I cannot build any packages with
go-1.16:
$ printf 'package main\nmain(){}' > x.go
$ /usr/lib/go-1.16/bin/go run x.go
#
On Tue, Nov 24, 2020 at 05:16:03PM +0100, Fabian Wolff wrote:
> Dear maintainer,
>
> consider the following warnings emitted by blhc (line breaks are mine;
> see the attached "test.log" file for an input that reproduces this
> problem):
>
> [snip]
Hello Fabian,
thanks for the sample log to
Package: anki
Version: 2.1.15+dfsg-2
Severity: normal
Tags: patch
Hello,
since the update to python3.9 Anki fails with the following
exception when reviewing more complex HTML templates:
: 'HTMLParser' object has no attribute 'unescape'
The following patch fixes this issue for me:
---
Hello,
it would be great if this makes it into Bullseye. BTF is not only
relevant for tracing but for all BPF-related tasks, including for
example XDP.
According to [1], most other distributions (Fedora 31+, RHEL
8.2+, Arch Linux, Ubuntu 20.10+) already enable BTF. Having this
in the next Debian
On Sat, Jan 04, 2020 at 03:35:04PM -0300, Eriberto wrote:
> Em sáb., 4 de jan. de 2020 às 08:18, Simon Ruderich
> escreveu:
>>
>> thanks for the build log, fixed in f0a9d41 ("Fix false positive
>> in `dwz` lines", 2020-01-04) [1].
>
> Hi Simon,
>
&g
On Sat, Jan 04, 2020 at 11:57:02AM +0100, Raphael Hertzog wrote:
> Hi,
>
> On Sat, 04 Jan 2020, Simon Ruderich wrote:
>> On Fri, Jan 03, 2020 at 10:44:10AM +0100, Raphaël Hertzog wrote:
>>> https://salsa.debian.org/pkg-security-team/aflplusplus/-/jobs/481494/raw
>>
&g
On Fri, Jan 03, 2020 at 10:44:10AM +0100, Raphaël Hertzog wrote:
> https://salsa.debian.org/pkg-security-team/aflplusplus/-/jobs/481494/raw
Hello,
could you please provide me with the full raw (= text-only) build
log so I can reproduce this?
Regards
Simon
--
+ privacy is necessary
+ using
On Wed, Dec 11, 2019 at 06:41:15PM -0800, Joseph Herlant wrote:
> Hi Simon,
>
> I'd be interested in your use case. Do you have some examples of what
> you call "proper localization with support for multiple languages and
> flexibility through additional config files"?
>
> I also work with
Package: asciidoc
Version: 8.6.10+git20190307.51d7c14-1
Severity: normal
Tags: patch
Hello,
using asciidocapi with the following small script (also attached)
#!/usr/bin/python3
import io
import sys
sys.path.append('/usr/share/asciidoc')
import asciidocapi
infile =
Hello,
please keep asciidoc in Debian. With the current python3 port it
will continue to work even when Python 2 is removed.
I'm using asciidoc for a few (private) projects which depend on
some features not yet provided by asciidoctor (e.g. proper
localization with support for multiple languages
On Sun, Oct 06, 2019 at 12:40:22PM +0200, Yves-Alexis Perez wrote:
> On Sun, 2019-10-06 at 11:47 +0200, Simon Ruderich wrote:
>> Now I'm somewhat confused. I think the issue in this case is not
>> "libtool: relink:" because I get no errors for those lines when
>>
On Sun, Oct 06, 2019 at 11:22:57AM +0200, Yves-Alexis Perez wrote:
> Or a “real” build log from the buildd network:
> https://buildd.debian.org/status/fetch.php?pkg=strongswan=amd64=5.8.0-1=1566867301=0
Thanks, that's the link I was looking for.
> Here's an example:
>
> libtool: warning:
On Sun, Oct 06, 2019 at 09:47:11AM +0200, Yves-Alexis Perez wrote:
> Package: blhc
> Version: 0.09-2
> Severity: normal
>
> Hi,
>
> blhc running on salsaci for strongSwan reports failure
> (https://salsa.debian.org/debian/strongswan/-/jobs/350397/raw) at the
> blhc step because of lines like
Package: ocrmypdf
Version: 9.0.1+dfsg-1
Severity: important
Tags: patch
Hello,
running ocrmypdf (ocrmypdf --lang deu --deskew) fails with the
following error
ERROR - GPL Ghostscript RELEASE CANDIDATE 2 9.28: Setting Overprint Mode to
1
not permitted in PDF/A-2, overprint mode not set
On Sat, Sep 07, 2019 at 08:23:53AM +0200, Picca Frédéric-Emmanuel wrote:
> Dear Maintainer,
>
> When using cythonizing .pyx files, we got this message from blhc.
>
> 718:NONVERBOSE BUILD: Compiling pyzoltan/core/carray.pyx because it changed.
>
> [snip]
Hello,
thanks for the report. Should be
On Fri, Aug 30, 2019 at 10:48:48PM +0200, Daniel Leidert wrote:
>> Could you provide me with a full build log so I can reproduce the
>> issue?
>
> https://salsa.debian.org/debichem-team/xcrysden/-/jobs/263080
Thanks, I took the full build log from
On Tue, Jul 16, 2019 at 12:51:44PM -0400, Daniel Kahn Gillmor wrote:
> But this is all pretty complicated and i'm not convinced that it is
> worthwhile. It might make more sense for blhc to be able to detect
> and skip these local helper tools.
Hello Daniel,
while I think it would be nice if
On Mon, Jun 24, 2019 at 09:53:37AM +0100, Simon McVittie wrote:
>> 487:NONVERBOSE BUILD: compiling catalog tap/locale/ja/LC_MESSAGES/tappy.po
>> to tap/locale/ja/LC_MESSAGES/tappy.mo
>> 488:NONVERBOSE BUILD: compiling catalog tap/locale/nl/LC_MESSAGES/tappy.po
>> to
On Tue, Mar 12, 2019 at 11:49:14AM +0100, Christoph Berg wrote:
> Package: blhc
> Severity: normal
>
> Hi,
>
> I've recently activated the salsa ci infrastructure for the wsjtx
> package which includes some Fortran files. The blhc check complains
> about missing flags:
>
> [snip]
>
> The -Wformat
Package: certspotter
Version: 0.8-1+b1
Severity: normal
Hello,
please update to the latest upstream release, currently 0.9,
which removes support for now non-functional logs fixing the
following error messages:
certspotter: ct.startssl.com: 2018/05/22 16:40:07 Error retrieving STH from
On Sat, May 19, 2018 at 07:57:26PM +0200, Kurt Roeckx wrote:
> Package: blhc
> Version: 0.07+20170817+gita232d32-0.1
>
> https://qa.debian.org/bls/packages/o/openssl.html currently
> reports among other things:
> dpkg-buildflags-missing CPPFLAGS 3 (of 1664), CFLAGS 1 (of 1662), LDFLAGS 2
> (of
On Thu, May 10, 2018 at 07:32:54PM +0900, Mike Hommey wrote:
> [snip]
>
> CPPFLAGS missing (-D_FORTIFY_SOURCE=2): /usr/bin/gcc -std=gnu99 -o
> xptcinvoke_asm_x86_64_unix.o -DNDEBUG=1 -DTRIMMED=1
> -DSTATIC_EXPORTABLE_JS_API -DMOZ_HAS_MOZGLUE -DMOZILLA_INTERNAL_API
> -DIMPL_LIBXUL -g -fPIC
On Thu, May 10, 2018 at 07:28:08PM +0900, Mike Hommey wrote:
> [snip]
>
> As you can see, -D_FORTIFY_SOURCE=2 is actually *not* missing. It's
> enabled, but then disabled, which I guess why blhc is complaining, but
> it's then re-enabled (and re-disabled, and re-enabled again)
Hey Mike,
Thanks
0/debian/changelog
--- kpatch-0.3.2/debian/changelog 2017-04-01 21:33:40.0 +0200
+++ kpatch-0.5.0/debian/changelog 2018-04-13 15:56:07.615948149 +0200
@@ -1,3 +1,9 @@
+kpatch (0.5.0-0.1) unstable; urgency=medium
+
+ * Package 0.5.0.
+
+ -- Simon Ruderich <si...@ruderich.org> Fri, 13 Apr 2018
+++ libseccomp-2.3.3/debian/changelog 2018-04-11 12:09:58.258096960 +0200
@@ -1,3 +1,10 @@
+libseccomp (2.3.3-0.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * New upstream release.
+
+ -- Simon Ruderich <si...@ruderich.org> Wed, 11 Apr 2018 12:09:39 +0200
+
libseccomp (2.3
On Fri, Feb 09, 2018 at 12:14:40PM +0100, Simon Ruderich wrote:
> On Fri, Feb 09, 2018 at 09:07:06AM +, Nico Schlömer wrote:
>> Perhaps it's useful to report which are the offending lines in the build
>> log. For Trilinos [1], for example, a hidden flags are reported, but I have
On Fri, Feb 09, 2018 at 09:07:06AM +, Nico Schlömer wrote:
> Perhaps it's useful to report which are the offending lines in the build
> log. For Trilinos [1], for example, a hidden flags are reported, but I have
> no idea why. Can you help me out?
Hi Nico,
Not sure how I missed this mail,
On Fri, Feb 09, 2018 at 09:07:06AM +, Nico Schlömer wrote:
> Perhaps it's useful to report which are the offending lines in the build
> log. For Trilinos [1], for example, a hidden flags are reported, but I have
> no idea why. Can you help me out?
Hello,
Running blhc on the build log lists
Package: postfix
Version: 3.2.3-1
Severity: normal
Hello,
On upgrade to this version journald warned my about:
Configuration file /lib/systemd/system/postfix@.service is
marked executable. Please remove executable permission bits.
Proceeding anyway.
Regards
Simon
--
+ privacy is
On Tue, Sep 05, 2017 at 12:37:01PM -0300, Eriberto wrote:
>> blhc doesn't check for bindnow (and PIE) per default unless you
>> use the --bindnow (or --all) option. I get the same output for
>> the following commands (which report the missing -Wl,-z,now):
>>
>> blhc --bindnow
On Thu, Aug 17, 2017 at 10:35:01AM -0300, Eriberto Mota wrote:
> Hi Simon,
>
> Thanks for your reply. I did a test over nload package and I think
> that blhc --debian is ignoring all lines with "PIE". I removed the
> option line from debian/rules file (export DEB_BUILD_MAINT_OPTIONS =
>
Package: golang-github-lib-pq-dev
Version: 0.0~git20151007.0.ffe986a-1
Severity: wishlist
The current version in Debian is quite old and misses important
features like Arrays. Please consider packaging the latest
Git version.
Regards
Simon
--
+ privacy is necessary
+ using gnupg
Package: anki
Version: 2.1.0+dfsg~a12-0.1
Severity: normal
Hello,
Since the latest pyqt5 update to 5.7+dfsg-6 the shortcuts (like
pressing 1, 2, 3 to select Again, Hard, Good) have no effect.
Only selecting the currently highlighted element with space
continues to work.
Regards
Simon
-- System
Source: pyqt5
Version: 5.7+dfsg-5
Severity: important
Tags: patch
Hello,
With the latest update to Qt 5.9 pyqt5 fails to build from source
blocking the update of many Qt packages on my system.
The attached two patches seem to fix the build, but I think the
latest pyqt5 upstream version should
On Thu, Aug 17, 2017 at 10:21:26AM +0200, Simon Ruderich wrote:
> - Add patch to fix uname -p (which always returns unknown on my
> systems); I think this should be upstreamed.
> fix-uname-p.patch
> - Add patch to respect CPPFLAGS. Should be upstreamed as well.
> respect-cppfl
On Mon, Jul 24, 2017 at 03:50:34PM -0300, Eriberto wrote:
> I think that you can create a new option '--debian' to ignore PIE.
> What you think about this?
I'm not totally satisfied with a new option (would be nice if it
could happen by default but still prevent false negatives) but
can't think
/debian/patches/fix-uname-p.patch2017-08-12
12:43:07.884688093 +0200
@@ -0,0 +1,18 @@
+Description: detect architecture properly
+ uname -p returns unknown for unknown reasons. uname -m seems to work
+Author: Simon Ruderich <si...@ruderich.org>
+Last-Update: 2017-08-11
+
+Index: kpatch
On Tue, Nov 22, 2016 at 02:13:01PM -0200, Joao Eriberto Mota Filho wrote:
> Hi,
>
> The blhc --all is saying about PIE absence in some packages. However, the
> current dpkg version changed the usage policy for PIE.
Hello,
Sorry for the (really) late reply.
This should be partially fixed in
On Mon, Jan 30, 2017 at 10:30:04PM +0100, Boud Roukema wrote:
> Package: blhc
> Version: 0.07+20161116+gitbf41976
> Severity: normal
>
> Dear Maintainer,
>
> SUMMARY: On https://qa.debian.org/bls/packages/m/mpgrafic.html,
> blhc, which is presumably the version of blhc presently in sid, i.e.
>
On Sun, Oct 30, 2016 at 11:00:06PM +0100, Joerg Dorchain wrote:
> [snip]
>
> Is there a chance to build a debian package --without-unbound,
> using /etc/resolv then, which can point to a locally running
> unbound for those people wanting/needing a fast resolver only,
> even it is it slightly more
solute) path to the non-setuid binary and not to a possibly
installed setuid-wrapper (which requires root or login on a tty).
Auto-dection fails as Xorg is not installed in the build environment.
.
As the Xorg setuid wrapper is Debian specific (and might be removed in the
future) there's no need to upstrea
Package: xpra
Version: 0.17.6+dfsg-1
Severity: important
Tags: patch
Hello,
the version in Debian is very old and according to the upstream
maintainer contains multiple security relevant bugs (therefore
the important severity; sadly there's no specific list
available). Please update the package
On Mon, Jun 05, 2017 at 12:38:15PM +0300, Adrian Bunk wrote:
> How would that break things for *jessie* users?
>
> The runit-init package is not in jessie, and the runit package in jessie
> does not provide /sbin/init
Ah, sorry for that. I thought that runit-init was already in
Jessie and didn't
Package: runit
Version: 2.1.2-9.2
Severity: grave
Justification: renders package unusable
Hello,
With the recent removal of runit-init in -9.1 /sbin/init is no
longer provided breaking the boot for users depending on runit as
init system. So a user happily running runit in Jessie will have
a
On Sat, Feb 04, 2017 at 08:46:42PM +0100, Cyril Brulebois wrote:
> Hi,
>
> I think this is the first time I've ever toyed with the serial
> console and kvm, but at least editing the 'Install' menu option and
> adding “ console=ttyS0,9600,n8” at the end of the command line lets
> me have serial in
severity 852398 important
thanks
Package: chromium
Version: 56.0.2924.76-3
Followup-For: Bug #852398
Hello,
Setting the option in a environment variables seems to work as
workaround for me:
CHROMIUM_FLAGS='--enable-remote-extensions' chromium
However I urge you to change the default back
Package: chromium
Version: 55.0.2883.75-5
Severity: important
Hello,
After updating to 55.0.2883.75-5 all my extensions are gone! This
includes custom locally installed extensions and extensions
installed from the Chrome webstore.
Even after reading the NEWS article, restoring my old chrome
On Sun, Jan 01, 2017 at 12:06:39PM +0100, Ferenc Wágner wrote:
> Dear Maintainer,
>
> https://qa.debian.org/bls/bytag/I-no-compiler-commands.html says:
>
> Possible issues this might hint at:
> * A package being Architecture: all, though it only contains architecture
> independent data.
>
On Tue, Nov 15, 2016 at 08:47:41AM +0100, Johannes Schauer wrote:
> Hi,
>
> recently, dpkg switched from the triplettable to architecture
> quadruplets. When now trying to run blhc with the new libdpkg-perl, one
> will get:
>
> Undefined subroutine ::Arch::debarch_to_debtriplet called at
>
Hello again,
Just noticed another update issue. All the paths given in the
update README are not correct on Debian. I noticed at least
/var/opendnssec vs. /var/lib/opendnssec on Debian.
Regards
Simon
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
Package: opendnssec
Version: 1:2.0.3-1
Severity: important
Hello,
I followed the update instructions for 2.0 and tried to run
ods-migrate, however it failed with the following error:
Failed to load sqlite3 library. dlerror(): libsqlite3.so: cannot open
shared object file: No such file or
Package: opendnssec
Version: 1:2.0.3-1
Severity: important
Hello,
First a minor issue, the path to the README mentioned in the
update notification doesn't work, the directory
/usr/share/opendnssec/1.4-2.0_db_convert is empty.
But the bigger problem is that convert_sqlite doesn't work
because
On Mon, Oct 03, 2016 at 11:07:59PM +0200, up201407...@alunos.dcc.fc.up.pt wrote:
> It's an invasion of privacy, as I said, for normal users.
Sure, but that's not my use case.
> In your case, if you're changing to an unprivileged user without a shell nor
> password, probably some sort of "locked"
On Mon, Oct 03, 2016 at 09:58:23PM +0200, up201407...@alunos.dcc.fc.up.pt wrote:
> Anyways, it is bad admin practice and/or an invasion of privacy to su to an
> unprivileged user.
Please explain to me why this is bad admin practice.
Lets assume I have an unprivileged user which is used to
On Mon, Oct 03, 2016 at 09:49:08PM +0200, Karel Zak wrote:
> Yes, I'm thinking about this way (as discussed on util-linux
> mailing list), but it's relatively complex.
I have a working solution here. It's a standalone program and not
very well tested, but works fine for me. Just tell me if you
On Mon, Oct 03, 2016 at 09:22:50PM +0200, up201407...@alunos.dcc.fc.up.pt wrote:
> Loss of job control in the shell.
I'm confused. I'm not talking about removing the controlling
terminal, but instead spawning a new session, opening a new pts
and connecting that to the program. This way the
On Mon, Oct 03, 2016 at 04:22:47PM +0200, Karel Zak wrote:
> The problem is that we don't want to use setsid() in all situations,
> because it will introduce regressions. From util-linux ReleaseNotes:
Hello,
Thanks for your quick reply.
In which situations will this cause regressions? I tried
On Mon, Oct 03, 2016 at 04:11:41PM +0200, up201407...@alunos.dcc.fc.up.pt wrote:
> Btw, at least in redhat based systems, su uses setsid() when the -c option
> is given, just like use_pty in sudo. Not sure if this is true in debian.
Yes, that's true in Debian as well.
Regards
Simon
--
+ privacy
Source: sudo
Followup-For: Bug #657784
Hello,
Any news on this? The default still doesn't include use_pty which
makes sudo vulnerable.
The security-tracker lists this bug as fixed [1], however sudo in
sid (and stable) is still affected.
Regards
Simon
[1]:
On Sun, Oct 02, 2016 at 10:54:06AM +0200, up201407...@alunos.dcc.fc.up.pt wrote:
> Hello Simon,
>
> This has been recently patched by using seccomp to blacklist this ioctl.
>
> https://github.com/karelzak/util-linux/commit/8e4925016875c6a4f2ab4f833ba66f0fc57396a2
Hello,
This is an awful hack!
Package: login
Version: 1:4.2-3+deb8u1
Followup-For: Bug #628843
Hello,
Any news on this?
I'm deeply worried that this security issue in su was not fixed
since it was reported over 5 years ago! It still affects jessie
and sid. And the possible implications are not mentioned in the
man page.
As
On Sat, Sep 10, 2016 at 10:31:39PM -0300, Eriberto Mota wrote:
> Control: reassign 837368 hardening-includes
>
> Hi Simon,
>
> Thanks a lot for your explantion below. I am forwarding this bug to
> package hardening-includes, which provides hardening-check.
Hello Eriberto,
As I said, there's
On Sat, Sep 10, 2016 at 09:15:43PM -0300, Joao Eriberto Mota Filho wrote:
> Hi,
>
> When building my package magicrescue in Sid, lintian says:
>
> I: magicrescue: hardening-no-fortify-functions
> usr/lib/magicrescue/tools/safecat
>
> Using hardening-check, I can see:
>
> # hardening-check
>
On Sat, Sep 10, 2016 at 09:07:13PM -0300, Eriberto wrote:
> Please, release a new version and I will do a NMU quickly. I wil open
> a new bug now. Please, check it before release a new version.
Hi,
New version 0.07 released: https://ruderich.org/simon/blhc/
Regards
Simon
--
+ privacy is
On Thu, Aug 25, 2016 at 11:59:05PM +0200, Nicolas Boulenguez wrote:
> Here is what should be implemented:
> When * the source file name matches "*.ad[abs]",
> or * the command line contains " -x ada ",
> we are compiling an Ada source.
> Then * no CPPFLAGS should be used at all,
> * all
Package: softhsm
Severity: normal
Hello,
After migrating from softhsm to softhsm2 I purged softhsm.
However this removed the softhsm group which is still in use by
softhsm2 thus breaking opendnssec which is now no longer in this
group and can't access the hsm.
Btw. why is a static gid (999)
On Mon, Jun 27, 2016 at 10:26:55PM +0200, Mathieu Parent wrote:
> Hello,
>
> blhc outputs:
> CPPFLAGS missing (-D_FORTIFY_SOURCE=2): 19:49:25 runner
> ../source3/script/build_env.sh /build/samba-4.4.4+dfsg/source3
> /build/samba-4.4.4+dfsg/source3 /usr/bin/gcc >
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wed, Aug 10, 2016 at 05:37:26PM +0200, Nicolas Boulenguez wrote:
> Hello, it's me again :-)
Oh no ;-)
> Here is again a false positive about --format options missing during
> an Ada compilation, similar to #719656 and #680117:
>
Package: debian-installer
Version: 8.5.0
Severity: normal
Hello,
I can't boot the debian installer via serial console in qemu:
qemu-system-x86_64 -boot d -cdrom debian-8.5.0-amd64-netinst.iso -nographic
I'd expect a prompt from isolinux on the serial console which
lets me change the boot
Package: python3-django
Version: 1:1.10-2
Severity: normal
Hello,
django-admin startproject foo
creates manage.py with the following shebang:
#!/usr/bin/env python
However on Debian python is python2 and not python3, therefore
running manage.py fails because it can't find the django
On Mon, Jun 27, 2016 at 11:15:26PM +0100, Simon McVittie wrote:
> On Thu, 11 Feb 2016 at 17:03:22 +0100, Simon Ruderich wrote:
>> Without network mediation local UNIX access is a big
>> problem (DBUS).
>
> [snip]
>
> Normal filesystem-backed Unix sockets are medi
>On Fri, Jun 10, 2016 at 09:31:47PM +0200, Simon Ruderich wrote:
>> Instead of installing the helper as setuid one could also install
>> it as setgid with a specific kerberos group which can read the
>> keytab. Then in the worst case the keytab is compromised. The
>&
On Fri, Jun 10, 2016 at 10:47:16AM -0700, Russ Allbery wrote:
> I'm too nervous about the many possible attack approaches to setuid
> binaries to be entirely comfortable with this approach. My tentative
> thought about the right way to approach this was to instead add a daemon
> that listens on a
.si...@ruderich.org>
From: Simon Ruderich <si...@ruderich.org>
Date: Fri, 10 Jun 2016 17:16:43 +0200
Subject: [PATCH] Add setuid helper to allow TGT verification by non-root
processes
To prevent KDB spoofing the Kerberos option verify_ap_req_nofail = true
can be used to verify that the ticket ori
://gnupg.org
+ public key id: 0x1972F726F0D556E7
From 01139eb31b3f3f6c41b425e492d5146499b4e0e2 Mon Sep 17 00:00:00 2001
Message-Id: <01139eb31b3f3f6c41b425e492d5146499b4e0e2.1465566262.git.si...@ruderich.org>
From: Simon Ruderich <si...@ruderich.org>
Date: Fri, 10 Jun 2016 14:48:02 +0200
Sub
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sun, Jun 05, 2016 at 12:36:30AM +0200, gregor herrmann wrote:
> Yup, Pod::Usage changed its output in 1.65:
>
> https://metacpan.org/diff/file?target=MAREKR%2FPod-Usage-1.65%2F=MAREKR%2FPod-Usage-1.64%2F#lib/Pod/Usage.pm
>
> Attached is a
1 - 100 of 487 matches
Mail list logo