On 2024-05-09 15:14:54 [+0300], Odysseas Romanos wrote:
> Dear Sebastian
Hi,
> Thank you very much for your support. I will try manually as you
> suggested. Do you need me to keep you updated or leave it as it is?
You can let me know how it went but the bug report closed and does not
require
On 2024-05-07 12:20:51 [+0300], Odysseas Romanos wrote:
> Old Trixie —> new trixie. Bug 1065135 seems unrelated to me. I am noob
> to this so I apologize if I am not clear on my reporting
That is okay. Just make sure you don't lose the Cc: so we have a public
record.
Now. We did (still do) have a
+ Steve Langasek, Benjamin Drung
On 2024-05-07 00:02:11 [+0300], Odysseas Romanos wrote:
> Package: libssl3
> Version: 3.1.5-1
> Severity: important
> X-Debbugs-Cc: oromanos2...@gmail.com
>
> Dear Maintainer,
>
> *** Reporter, please consider answering these questions, where appropriate ***
>
On 2024-04-25 13:38:51 [+0200], Michael Braun wrote:
> Hi,
Hi,
> I'm scanning incoming mails using clamav-daemon and clamav-milter.
> From time to time, my mailserver stops working due to clamav-daemon locking
> up.
>
> The clamav logs read:
>
>6889 Apr 25 11:28:12 gate clamd[939931]: Thu
On 2024-04-21 19:30:21 [+0200], Paul Gevers wrote:
> Hi
Hi,
> > Could britney be hinted to migrate both at the same time? This should
> > solve the issue you pointed out.
>
> There is no "please test together" knob if that's what you mean (is that
> what you mean?).
Yes, it is/ was.
>
On 2024-04-21 13:42:03 [+0200], Paul Gevers wrote:
> opensslfrom testing3.2.1-3
> libcrypt-smime-perlfrom testing0.28-1
> all others from testingfrom testing
>
> I copied some of the output at the bottom of this report.
>
> Currently this regression
On 2024-04-07 23:46:28 [+0200], To Adam D. Barratt wrote:
> On 2024-03-24 20:06:12 [+], Adam D. Barratt wrote:
> >
> > Sorry for not getting to this sooner. Is this still the case?
>
> So. This happened #1068045 (yapet broke with 1.0 format) due to the
> update. On the bright side it has
t file.
Further testing is welcome by actual users ;)
I can NMU if needed just yell.
Sebastian
From a54b5e81a61aa7e77e45a970ce88b9b4269fde7d Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior
Date: Mon, 8 Apr 2024 18:03:30 +0200
Subject: [PATCH 1/2] crypt/blowfish: Remove EVP_CIPHER_CTX_set_key_
On 2024-03-24 20:06:12 [+], Adam D. Barratt wrote:
>
> Sorry for not getting to this sooner. Is this still the case?
So. This happened #1068045 (yapet broke with 1.0 format) due to the
update. On the bright side it has been broken in unstable but unnoticed.
Looking into it but also sleeping
On 2024-04-07 15:36:37 [+0800], Sean Whitton wrote:
> Hello,
Hi,
> On Sat 06 Apr 2024 at 03:24pm +02, Salvatore Bonaccorso wrote:
>
> > As it is a regression caused by libssl3 3.0.11 based to 3.0.13, why is
> > it reassigned to yapet? (the regression is as well present in
> > unstable).
>
> I
On 2024-04-06 17:17:45 [+0800], Sean Whitton wrote:
> Hello,
Hi,
> It looks like the problem is opening YAPET1.0-format databases, which
> the manpage explicitly says is meant to work.
>
> I've made a sample YAPET1.0 database using a stretch VM. Using the
> attached:
>
> - On bookworm, invoke
On 2024-04-04 00:14:27 [+0200], Guillem Jover wrote:
> Hi!
Hi,
> I initially was thinking that a conditionally triggered activation
> when upgrading from the affected versions would be sufficient, but if
> people have already upgraded, then that will still leave them with the
> malicious stuff in
On 2024-02-29 20:37:25 [-0800], Steve Langasek wrote:
> This is definitely not the behavior we want. However, the good thing is
> that the dependency from coreutils to libssl is new since bookworm. As a
> result, while this can affect users on upgrades from testing, it will not
> affect upgrades
On 2024-04-02 14:34:20 [+0200], Guillem Jover wrote:
> (Please do not take this mail as endorsing any specific action, just
> wanted to clarify/correct the above.)
Right, same here. The 5.4.x series has threaded decompression which I
would like to keep. The 5.6.x series has branchless
On 2024-04-03 19:16:25 [+0200], Carsten Schoenert wrote:
> I did a few more working on some of the packages I maintain and I did not
> encounter similar problems with wrong hash ids like a few days back. Given
> the troubled times around the liblzma versions I'm not sure the initial
> issue about
On 2024-03-31 19:42:24 [+], tony mancill wrote:
> Given what has unfolded over the past few days regarding xz-utils and
> CVE-2024-3094 [0], should we revisit the patches applied here and for
> #1063252? Are they still needed?
Not with the fallback to pre 5.4.x series but *I* don't think
On 30 March 2024 13:14:37 CET, Sean Whitton wrote:
>Hello,
Hi,
>I downgraded, changed the password for my database to 'asdf',
>changed it back to the password it had before, upgraded libssl3,
>and the bug did not appear.
>
>I reverted to my original db, downgraded again, deleted an entry
On 2024-03-30 09:25:27 [+0800], Sean Whitton wrote:
> Package: libssl3
> Version: 3.0.13-1~deb12u1
> Severity: grave
> Justification: renders package unusable
> X-Debbugs-Cc: t...@security.debian.org
> Control: affects -1 + yapet
>
> Dear maintainer,
>
> This version of libssl3 from
On 26 March 2024 23:11:19 CET, Thorsten Glaser wrote:
>Very much *not* a fan of NMUs doing large changes such as
>new upstream versions.
Most of the changes are part of current -2. Ppl complainted about valgrind
reports which are addressed in the new upstream version.
>But this does give us
On 2024-03-24 20:06:12 [+], Adam D. Barratt wrote:
> On Mon, 2024-03-04 at 07:38 +0100, Sebastian Andrzej Siewior wrote:
> > This is an update to the current stable OpenSSL release in the 3.0.x
> > series. It addresses the following CVE reports which were postponed
> >
Package: nodejs
Version: 18.19.1+dfsg-6
Severity: important
Tags: sid
control: affects -1 src:openssl
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: openssl-3.2
Hi,
I rebuilt nodejs in unstable against openssl 3.2 in experimental an a
few tests failed:
| Failed tests:
| ./node
Package: rust-parsec-tool
Version: 0.7.0-3
Severity: important
Tags: sid patch
control: affects -1 src:openssl
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: openssl-3.2
The testsuite fails with openssl 3.2. Please find attached upstream
commit 8948077e106a0 ("parsec-cli-tests.sh:
control -1 tags patch
the patch attached fixes the warnings in check_memcached.l.
Sebastian
>From 155e35ace12f41bbaa42e4ea19bfea6de416bd95 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior
Date: Fri, 22 Mar 2024 19:48:09 +0100
Subject: [PATCH] Compile warnings.
Address various comp
Package: nagios-plugins-contrib
Version: 45.20231212
Severity: important
Tags: sid patch
control: affects -1 src:openssl
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: openssl-3.2
The package fails the debci testsuite with OpenSSL 3.2 due to output on
stderr. The patch attached is a
On 2019-03-08 22:10:10 [+0100], Carsten Schoenert wrote:
> Hello Guido,
Hi,
> On Tue, Jan 30, 2018 at 07:19:48AM +0100, Carsten Schoenert wrote:
> > > We should not do more options. Multi threaded should be on when:
> > >
> > > - not using pristine-tar
> > > - iff pristine-tar can handle it
On 2024-03-12 09:26:32 [-0400], Jeremy Bícha wrote:
> > Could someone check this, please?
>
> Did you try running autopkgtests on this version? The autopkgtests fail for
> me.
autopkgtests were the first thing that pointed me here and they passed.
If you say they fail for you then I may have
On 2024-03-11 21:23:03 [+], Amin Bandali wrote:
> Hi,
Hi,
> On Mon, Mar 11, 2024 at 05:55:31PM +0100, Sebastian Andrzej Siewior wrote:
> > On 2024-03-11 00:05:54 [+], Amin Bandali wrote:
> > > Hi Sebastian, all,
> > Hi,
> >
> > > Will this fix
On 2024-03-11 13:29:10 [+0100], Maciej Bogucki wrote:
> Hi,
Hi,
> When I use stiati compiled openssl form different system I can have the
> connection
>
> root@nsd-sdproxy1:~# /tmp/openssl version
> OpenSSL 1.0.1t 3 May 2016
that is stone age.
> root@nsd-sdproxy1:~# /tmp/openssl s_client
On 2024-03-11 00:05:54 [+], Amin Bandali wrote:
> Hi Sebastian, all,
Hi,
> Will this fix be enough for addressing all cases, though?
I think so. Do you have a test case for me to check?
> I'm thinking specifically of cases where tarball repacking
> is involved, for example when using
On 2024-03-10 00:12:46 [+0100], Andrea Pappacoda wrote:
> Hi, thanks for your fix!
Hi,
> Unfortunately it seems that your patch has broke tarball generation for one
> of the packages I maintain, dynarmic.
>
>$ gbp export-orig
>gbp:info: Creating
; urgency=medium
+
+ * Non-maintainer upload.
+ * Preoperly account -T parameter for xz. Thanks to Jia Tan for the hint.
+(Closes: #1065751).
+
+ -- Sebastian Andrzej Siewior Sun, 10 Mar 2024 21:38:16 +0100
+
pristine-tar (1.50+nmu1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru
On 2024-03-08 07:38:10 [+], Adam D. Barratt wrote:
> On Fri, 2024-02-09 at 23:12 +0100, Sebastian Andrzej Siewior wrote:
> > This is an update to the latest clamav release in the 1.0.x series.
>
> One small thing you may want to fix for any follow-up updates:
>
>
On 2024-03-06 15:27:50 [+0100], Guilhem Moulin wrote:
> Hi Sebastian,
Hi,
> Great to hear OpenSSL 3.2 will soon be entering sid! :-)
>
> On Wed, 06 Mar 2024 at 07:59:53 +0100, Sebastian Andrzej Siewior wrote:
> > I'm currently puzzled where to look at. Could you please have a l
Package: interimap
Version: 0.5.7-2
Severity: important
Tags: sid
control: affects -1 src:openssl
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: openssl-3.2
interimap's testsuite fails with OpenSSL 3.2, which is currently in
experimental, for the tests:
On 2024-03-04 12:01:55 [+0100], Maciej Bogucki wrote:
> I have just attached pcap file.
the remote side rude. The client sent a "Client Hello". The remote side
didn't like it and just closed the connection. Rude behaviour is rude.
My guess is RSA+SHA1 is missing and is the only accepted
On 2024-03-04 11:16:14 [+0100], Maciej Bogucki wrote:
> When I invoke `/usr/bin/openssl s_client -connect 192.168.92.95:636`
So you get no reply? That is odd. There has to be reply. A "Connected"
line is something I would have expected. If there is nothing then I
would assume that the port is
On 2024-02-09 23:12:18 [+0100], To sub...@bugs.debian.org wrote:
> Package: release.debian.org
> Control: affects -1 + src:clamav
> X-Debbugs-Cc: cla...@packages.debian.org
> User: release.debian@packages.debian.org
> Usertags: pu
> Tags: bookworm
> Severity: normal
>
> This is an update to
Package: release.debian.org
Control: affects -1 + src:openssl
X-Debbugs-Cc: open...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: bookworm
X-Debbugs-Cc: sebast...@breakpoint.cc
Severity: normal
This is an update to the current stable OpenSSL release in the
On 2024-02-26 20:46:43 [+0100], Guillem Jover wrote:
> > > Ignoring stderr could be a workaround, but I'd need to do something as
> > > well for the libdpkg code and the perl code calling xz, which will get
> > > very annoying.
> > >
> > > This is also going to get in the way of migrating both xz
On 2024-02-26 19:23:58 [+0100], Guillem Jover wrote:
> Hi!
Hi Guillem,
> > | 89s +xz: Reduced the number of threads from 16 to 8 to not exceed the
> > memory usage limit of 1400 MiB
> > | 89s +xz: Reduced the number of threads from 16 to 8 to not exceed the
> > memory usage limit of 1400 MiB
>
Package: unar
Version: 1.10.7+ds1+really1.10.1-2
Severity: important
xz-utils 5.6.0 has been uploaded to unstable. A changed behaviour of
`xz' is now that mutlti threaded compress/ decompression is now enabled
by default. This in turn leads to warnings if the requested amount of
memory exceeds
Package: dpkg
Version: 1.22.4
Severity: important
xz-utils 5.6.0 has been uploaded to unstable. A changed behaviour of
`xz' is now that mutlti threaded compress/ decompression is now enabled
by default. This in turn leads to warnings if the requested amount of
memory exceeds the available amount.
Package: ftp.debian.org
Control: affects -1 + src:r-bioc-rhtslib
X-Debbugs-Cc: r-bioc-rhts...@packages.debian.org
User: ftp.debian@packages.debian.org
Usertags: remove
Severity: normal
Hi,
starting with 2.4.1+dfsg-2 the r-bioc-rhtslib package no longer builds
for 32bit archs. The previously
3.2 and so the test for
verify fails because the memory BIO "ended".
The attached patch fixes the issue.
Sebastian
>From 08308043d7ce8bb645996c8cb29655a23ead43a4 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior
Date: Tue, 13 Feb 2024 17:47:22 +0100
Subject: [PATCH] test/smim
;
+j += strlen(FILENAME_DISABLED_MESSAGE);
i++;
} else {
buffer_cmd[j++] = opt->strarg[i];
diff --git a/common/optparser.c b/common/optparser.c
index a7bdbee..1be7afe 100644
--- a/common/optparser.c
+++ b/common/optparser.c
@@ -333,7 +333,7 @@ co
On 2024-02-06 12:52:51 [-0500], Hubert Pineault wrote:
> I got the same problem on bullseye.
>
> the package was upgraded from 17.0.9+9-1~deb11u1 to 17.0.10+7-1~deb11u1
> on the 6th of february (with unattended-upgrades). It broke my jenkins
> instance because it could not fetch git repo anymore.
bastian
>From ea404fcd433147bd8328836fe96928b8643a56f6 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior
Date: Mon, 5 Feb 2024 22:10:07 +0100
Subject: [PATCH] pristine-xz: Add -T1 if nothing was specified.
Signed-off-by: Sebastian Andrzej Siewior
---
pristine-xz | 13 -
1
On 2024-01-31 09:16:02 [+], Steve Langasek wrote:
> If you have any concerns about this patch, please reach out ASAP. Although
> this package will be uploaded to experimental immediately, there will be a
> period of several days before we begin uploads to unstable; so if information
> becomes
On 2024-01-31 20:37:18 [+0100], Christoph Biedl wrote:
> Thanks. As upstream is about to do another release, this issue will
> resolve automatically. If however you plan to upload to unstable
> really soon, making ngircd FTBFS, go ahead and drop me a line, I'll
> do what's necessary then.
Don't
Package: wireless-regdb
Version: 2022.06.06-1
Severity: important
Tags: sid
control: affects -1 src:openssl
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: openssl-3.2
OpenSSL 3.2 adds output on stderr if no input file as been specified and
input from stdin is expected. This additional
included a space around
the fields which is not the case for `utf8'.
Patch attaches fixes the issue for OpenSSL 3.2 while it still works with
earlier versions.
Sebastian
From: Sebastian Andrzej Siewior
Date: Tue, 30 Jan 2024 22:03:19 +0100
Subject: [PATCH] debian/tests: Pass -nameopt to openssl
Package: src:ngircd
Version: 26.1-1
Severity: important
Tags: sid patch
control: affects -1 src:openssl
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: openssl-3.2
The testsuite fails with openssl 3.2. Please find attached upstream
commit 287770666008b ("Test suite: Update for OpenSSL
if there is no -x509
The 'openssl req' ignores the '-extensions' option without '-x509'.
OpenSSL versions prior 3.2 simply ignored it. Starting with version 3.2
an error is generated.
There are two patches attached: One against sssd and one against
debian/tests for debci.
Sebastian
From: Sebastian Andrzej Siewior
ly ignored that argument, openssl 3.2
throws an error now, see
https://ci.debian.net/packages/g/gdm3/unstable/amd64/
https://ci.debian.net/packages/g/gdm3/unstable/amd64/41875309/
Sebastian
From: Sebastian Andrzej Siewior
Date: Wed, 24 Jan 2024 21:32:49 +0100
Subject: [PATCH] debian: A
On 2024-01-17 22:00:49 [+0100], To Trent W. Buck wrote:
> > 2. clamav's Depends/Conflicts/Replaces are subtly bugged, and should be
> > "fixed"; or
>
> The multi-arch fields could be wrong. Let me check that.
I fixed this in unstable. Given that the memory on i386 are almost the
same as on
On 2024-01-16 17:59:21 [+1100], Trent W. Buck wrote:
> Package: clamav-base
> Version: 1.0.3+dfsg-1~deb12u1
> Severity: minor
>
> When trying to install clamav for non-default architecture,
> I get this error from apt:
>
> The following packages have unmet dependencies:
>
On 2024-01-09 10:09:46 [+0100], p-berger wrote:
> Package: clamav
> Version: 0.103.10+dfsg-0+deb11u1
>
>
> The daily logs tell that clamav installation is outdated. I suggest to
> bump the oldstable version to a current version like 0.103.11 which is
> suggested in the error message.
>
>
Package: release.debian.org
Control: affects -1 + src:dar
User: release.debian@packages.debian.org
Usertags: binnmu
Severity: normal
Hi,
if I see this correctly then dar 2.7.13-2 won't migrate to testing
because it was built using openssl 3.0.12-1. This version isn't in
testing and if
control: tags -1 patch fixed-upstream
On 2023-10-02 17:12:53 [+0200], Julian Andres Klode wrote:
> Being subscribed to the mailing list, grabbing the patch and applying
> it and shipping it isn't hard, but if you were wondering why it's
There are different views here. But Daniel was nice enough
On 2023-10-25 23:17:06 [+0200], Guillem Jover wrote:
> Hi!
Hi,
> Ah, thanks! I had in my mind getting back to this ITP, given that the
> zlib-ng project has continued to gain traction and seems to have
> consolidated most of the other forks around it.
>
> So I'll draft another mail to Mark and
ew OpenSSL vesion then it should be okay to
apply the original commit.
Sebastian
From: Sebastian Andrzej Siewior
Date: Sun, 5 Nov 2023 13:08:23 +0100
Subject: [PATCH] test: Alter error message.
This is variant of upstream's commit
8eea2d3709090 ("test: fix crypto-dh error message for OpenSSL
On October 28, 2023 1:05:06 PM GMT+02:00, Bastian Germann
wrote:
>I am uploading a NMU to DELAYED/10 in order to fix this.
>Please find the debdiff attached.
Hi,
I am team clamav but I don't feel responsible for clamsmtp. The last upload was
a NMU. That said, I don't mind if you reschudule
Package: openssl
Version: 3.0.12-1
Severity: serious
Control: affects -1 + src:libp11
Control: forwarded -1 https://github.com/openssl/openssl/issues/22508
At least for libp11 the engine interface seems to be broken.
Sebastian
On 2023-10-20 13:49:01 [+0800], WANG Xuerui wrote:
> Hi,
Hi,
> This is likely upstream issue
> https://github.com/openssl/openssl/issues/21340, manifesting on Debian due
> to the packaged binutils not having Loongson SIMD support yet, and fixed by
> upstream commit
On 2023-10-17 22:08:07 [+0200], Jérémy Lal wrote:
> I did not forget about this. Really sorry for the delay.
> Currently I'd be more willing to help someone maintain nodejs than doing it
> myself.
> However, I'll probably deal with the next 18.x update very soon, including
> your patch.
Thank
Package: openssl
Version: 3.1.2-1
Severity: wishlist
Tags: ftbfs
User:debian-de...@lists.debian.org
Usertags: loongarch64
OpenSSL 3.1.x in experimental FTBFS on loong64:
|crypto/aes/vpaes-loongarch64.S: Assembler messages:
|crypto/aes/vpaes-loongarch64.S:24: Error: no match insn: vori.b
3.1 error codes (Closes: #1051795).
+
+ -- Sebastian Andrzej Siewior Tue, 17 Oct 2023 21:44:49 +0200
+
m2crypto (0.38.0-4) unstable; urgency=high
[ Stefano Rivera ]
diff -Nru m2crypto-0.38.0/debian/patches/0005-Force-enable-tlsv1-for-the-tls1-tests.patch m2crypto-0.38.0/debian/patches/0005
On 2023-09-22 22:52:48 [+0200], Jérémy Lal wrote:
> Thanks, will include it soon.
Thanks. Any update on this?
I added two patches. The first one is a cherry-pick from upstream, the
second has been forwarded upstream via
https://github.com/nodejs/node/pull/49885
but upstream has no
On 2023-10-02 13:41:17 [+0200], Cyril Brulebois wrote:
> Adam D. Barratt (2023-10-02):
> > Unfortunately, the version format change from -0+deb11uX to -0~deb11uX
> > has broken the installer.
> >
> > The udebs end up with dependencies of the form ">= 1.1.1w", which
> > 1.1.1w-0~deb11u1 doesn't
On 2023-09-27 21:45:03 [-0400], Jon DeVree wrote:
> I posted an updated v3 version of the patch:
>
> https://lists.gnu.org/archive/html/grub-devel/2023-09/msg00110.html
Just rebuilt grub with v3 of the patch and I can confirm that it works.
Thank you.
Referencing the message-id or the link to
Package: release.debian.org
Control: affects -1 + src:openssl
X-Debbugs-Cc: open...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: bookworm
X-Debbugs-Cc: sebast...@breakpoint.cc
Severity: normal
This is an update of the openssl package to the 3.0.11 version, a
On 2023-09-23 20:39:32 [+0100], Adam D. Barratt wrote:
> Please go ahead.
Thanks, done.
> Regards,
>
> Adam
Sebastian
On 2023-09-22 17:59:51 [+0200], To sub...@bugs.debian.org wrote:
> Now I'm about to test this… But it looks promising ;)
Okay, builds.
Sebastian
-by: Sebastian Andrzej Siewior
---
test/common/index.js | 6 +-
.../test-https-agent-session-eviction.js | 1 +
test/parallel/test-tls-alert.js | 1 +
test/parallel/test-tls-getprotocol.js| 16 +---
test/parallel/test-tls
Package: libcrypt-openssl-pkcs12-perl
Version: 1.9-2
severity: serious
I reported FTBFS against openssl 3.0 in #1006386 and now it kind of
falls apart again. The check in patch is
| $major eq "3.1" and $minor <= 2) or ($major eq "3.0" and $minor <= 10)
and I have now 3.1.3 in experimental and
Package: release.debian.org
Control: affects -1 + src:mutt
X-Debbugs-Cc: m...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: bookworm
X-Debbugs-Cc: sebast...@breakpoint.cc
Severity: normal
This is an update mutt package as provided by upstream to version
On 2023-09-15 15:51:51 [+0200], Felix Zielcke wrote:
> Hi Sebastian,
Hi Felix,
> there's now a patch from Jon DeVree upstream, which might fix this for
> you. Is it possible for you to test his patch?
>
> https://lists.gnu.org/archive/html/grub-devel/2023-09/msg00059.html
Yes it sovles the
On 2023-09-14 21:52:25 [+0100], Adam D. Barratt wrote:
>
> That's now out, as SUA-240-1.
Thank you Adam.
> Regards,
>
> Adam
Sebastian
On 2023-09-14 06:31:26 [+0100], Adam D. Barratt wrote:
> On Wed, 2023-09-13 at 22:01 +0200, Sebastian Andrzej Siewior wrote:
> > On 2023-09-13 17:26:46 [+0100], Adam D. Barratt wrote:
> > > How does this sound for an SUA?
> [...]
> > This sounds entirely fine to me. I do
ain a copy
@@ -82,13 +82,16 @@
if (!rsa_param_encode(pkey, , ))
return 0;
penclen = i2d_RSAPublicKey(pkey->pkey.rsa, );
-if (penclen <= 0)
+ if (penclen <= 0) {
+ASN1_STRING_free(str);
return 0;
+}
if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->
On 2023-09-13 17:26:46 [+0100], Adam D. Barratt wrote:
> How does this sound for an SUA?
>
> ===
> Package : clamav
> Version : 1.0.3+dfsg-1~deb12u1 [bookworm]
>0.103.10+dfsg-0+deb11u1 [bullseye]
> Importance : medium
>
> ClamAV
Package: m2crypto
Version: 0.38.0-4
Severity: important
Control: affects -1 + src:openssl
Control: tags -1 + upstream patch fixed-upstream
Hi,
As far as I can tell, m2crypto compiles and passes the testsuite if
compiled and run against openssl 3.0 or 3.1. What currently fails is if
m2crypto is
On 2023-09-12 15:43:34 [+0200], Daniel Kiper wrote:
> Hey,
Hi,
> Adding Lidong...
>
> Sebastian, Lidong is working on a fix for this issue.
ach great.
> Lidong, please keep Sebastain in the loop.
>
> Daniel
Sebastian
Hi Antonio!
On 2023-09-10 15:57:58 [+0200], Antonio Radici wrote:
> On Sun, Sep 10, 2023 at 01:38:33PM +0200, Salvatore Bonaccorso wrote:
> > Hi Antonio,
> >
> > FWIW, I have done the bookworm-security upload already to
> > security-master, and still working on the bullseye-security one (with
>
On 2023-09-10 15:57:13 [+0200], Antonio Radici wrote:
Hi Antonio,
> On Sun, Sep 10, 2023 at 01:47:30PM +0200, Salvatore Bonaccorso wrote:
> > Hi Antonio,
> >
> > On Sun, Sep 10, 2023 at 01:24:10PM +0200, Antonio Radici wrote:
> > > On Sun, Sep 10, 2023 at 01:05:31PM +0200, Antonio Radici wrote:
-1.0.3+dfsg/debian/changelog 2023-09-09 16:36:13.0 +0200
@@ -1,3 +1,10 @@
+clamav (1.0.3+dfsg-1~deb12u1) bookworm; urgency=medium
+
+ * Import 1.0.3
+ * Remove unnecessary warning messages in freshclam during update.
+
+ -- Sebastian Andrzej Siewior Sat, 09 Sep 2023 16:36:13 +0200
https://github.com/Cisco-Talos/clamav/issues], [clamav], [https://www.clamav.net/])
dnl put configure auxiliary into config
AC_CONFIG_AUX_DIR([config])
diff -Nru clamav-0.103.9+dfsg/debian/changelog clamav-0.103.10+dfsg/debian/changelog
--- clamav-0.103.9+dfsg/debian/changelog 2023-08-27 11:57:11.
Package: grub2
Version: 2.12~rc1-9
Severity: Serious
control: forwarded -1 https://savannah.gnu.org/bugs/?64376
I have a single XFS partition which contains the root filesystem and the
boot partition. Since the recent upgrade to the 2.12 series I can't boot
anymore because grub complains that it
On 2023-09-04 21:18:35 [+0200], To Adam D. Barratt wrote:
> > The next point release for both bullseye and bookworm is in a month.
> > Were you looking to have the clamav updates published via -updates
> > before that point?
>
> I almost started preparing 0.103.10 I think it will be easier to go
On 2023-08-26 14:50:09 [+0200], To sub...@bugs.debian.org wrote:
> This is an update of the openssl package to the 1.1.1v version, a patch
> release
Upstream announced to release 1.1.1w on 11th September. They said it is
a "security-fix" with the highest severity defined as "low". This is
also
On 2023-09-05 17:36:41 [+0100], Jonathan Wiltshire wrote:
>
> Please go ahead.
Thanks, done.
> Thanks,
Sebastian
On 2023-09-04 19:52:23 [+0100], Adam D. Barratt wrote:
> On Sun, 2023-08-27 at 13:20 +0200, Sebastian Andrzej Siewior wrote:
> > This is a stable update from clamav upstream in the 0.103.x series.
> > It fixes the following CVE
> > - CVE-2023-20197 (Possible Do
for version update.
+ * Fix package description. (Closes: #1028585)
+
+ -- Sebastian Andrzej Siewior Sat, 02 Sep 2023 15:29:41 +0200
+
kernelshark (2.2.0-2) unstable; urgency=medium
* Fix symlink names. (Closes: #1035449)
diff -Nru kernelshark-2.2.0/debian/control kernelshark-2.2.1/debian
R([config])
diff -Nru clamav-0.103.8+dfsg/debian/changelog clamav-0.103.9+dfsg/debian/changelog
--- clamav-0.103.8+dfsg/debian/changelog 2023-02-17 21:43:57.0 +0100
+++ clamav-0.103.9+dfsg/debian/changelog 2023-08-27 11:57:11.0 +0200
@@ -1,3 +1,10 @@
+clamav (0.103.9+dfsg-0+deb11
On 2023-03-21 08:42:00 [+0100], Giancarlo Giesa wrote:
> description: the clamav upgrade via apt-get failed
> the reason seems to be that the file /var/log/clamav/freshclam.log is not
> detected but instead this exists
Is this still valid? Asking because…
> proceeding with the command dpkg
On 2023-08-13 17:42:29 [+0200], Andreas Guenther wrote:
> you can clearly see that the service is triggered by the associated
> socket! This was not the case with Debian Linux Bullseye!
>
> The only currently working solution is this:
>
> systemctl disable --now
On 2022-09-07 15:26:44 [-0500], Tim McConnell wrote:
> --log="$HOME/.clamtk/history/$(date +\%b-\%d-\%Y).log" 2>/dev/null # clamtk-
> scan"
> Loaded: loaded (/var/spool/cron/crontabs/tmick; generated)
> Active: failed (Result: exit-code) since Wed 2022-09-07 04:39:26 CDT; 1s
> ago
>
On 2023-06-12 08:39:53 [+0300], Martin-Éric Racine wrote:
> Syslog already suggests what the fix should be:
>
> $ grep Clamonacc /var/log/syslog
> 2023-06-12T08:33:40.562184+03:00 p8h61 clamonacc[248359]: ERROR:
> Clamonacc: at least one of OnAccessExcludeUID, OnAccessExcludeUname,
> or
On 2023-06-26 18:10:57 [+0100], Jonathan Wiltshire wrote:
> Control: tag -1 moreinfo
>
> You're both going to have to help me a) understand what is the user-facing
> problem you're solving which is necessary to fix in stable and b) whether
> you're both agreed on how to fix it.
a) The bpo of
control: retitle -1 unblock: openssl/3.0.9-1
On 2023-05-30 22:16:53 [+0200], To sub...@bugs.debian.org wrote:
>
> Please unblock package openssl.
>
> The 3.0.9 release contains security and non-security related fixes for
> the package. There are five new CVEs in total that has been addressed.
>
1 - 100 of 1860 matches
Mail list logo
