[INFO] Key 39278DA8109E6244 not changed
gpg: key 39278DA8109E6244: "Guilhem Moulin" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
[DEBUG] gpg --batch --no-tty --homedir /tmp/caff/gnupghome
--trust-model=always --no-options --use-agent
--k
Control: tag -1 pending
Got it! I couldn't reproduce it because I have
“$CONFIG{'keys-from-gnupg'} = 1;” in my ~/.caffrc. The regression was
introduced in r864 (2.4-1) and the enclosed patch fixes it.
---
diff --git a/caff/caff b/caff/caff
index 6dacd57..e920bba 100755
--- a/caff/caff
+++ b/caf
Hi Petr,
On Fri, 25 Dec 2015 at 13:02:31 +0100, Jonas Meurer wrote:
> Am 25.10.2015 um 19:30 schrieb Petr Vorel:
>> I have LVM on the top cryptsetup on my system. A week ago after upgrade my
>> initramfs
>> changed and now I have to wait few minutes at the beginning of the boot
>> before cryptse
Hi Thomas,
On Tue, 23 Feb 2016 at 19:27:43 +0200, Thomas Anderson wrote:
>> From time to time, my unlocked cryptsetup enabled USB disk becomes
>> locked, without any apparent reason. When I try to unlock it again,
>> after I type my passport, following error message appears and device
>> cannot be
Control: reassign -1 systemd
Control: forcemerge 618862 -1
Hi Marc,
On Mon, 14 Mar 2016 at 11:17:01 +0100, Marc Lehmann wrote:
> First I get asked "Caching passphrase..." (or something to that effect)
> in the initrd, which then unlocks /. Later, after systemd kicks in, I get
> asked the passphra
Control: tag -1 moreinfo
Hi François,
On Wed, 13 Apr 2016 at 13:29:41 +0200, François Scala wrote:
> While working on a Debian installation based on ZFS root with LUKS
> encryption (see https://github.com/arcenik/debian-zfs-root) I've encountered
> some problem with the initramfs cryptroot script
Hi Wayne,
On Fri, 19 Aug 2016 at 22:20:17 -0700, Wayne Warren wrote:
> Does anyone else even use encrypted swap?
Sure, many, but I guess most don't specify both ‘luks’ and ‘swap’ in
crypttab(5)'s 4th field :-)
Specifying ‘swap’ runs mkswap(8) on the created device. The swap device
is reinitia
Package: debian-maintainers
Severity: normal
Hi there,
This is my annual ping. I'm still active in Debian, so please keep my
key in the DM keyring.
Cheers,
--
Guilhem.
signature.asc
Description: PGP signature
Hi Andre,
On Sat, 16 Jul 2016 at 15:02:40 -0300, Andre wrote:
> During the installation process of setting up my operating system, I
> chose as the default keyboard layout the Portuguese (Brazilian), then
> set up the encryption of disk volumes and then set an encryption
> password using accented
Control: reopen -1
Control: found -1 4.0-1
Hi there,
On Sat, 10 Sep 2016 at 22:58:56 +0300, Gerasimos Melissaratos wrote
> Virt-viewer 4.0-1, and the bug is still there. Something else I
> noticed, if I zoom in or out, all works fine. If I'm in Normal Size,
> it's dead. Frozen.
Reopening as I'
Unfortunately systemd's cryptsetup implementation currently doesn't
support keyscripts (cf. #618862).
--
Guilhem.
signature.asc
Description: PGP signature
(Adding the BTS to CC, hopefully you didn't mean to reply to me
privately.)
On Tue, 13 Sep 2016 at 22:47:12 +0200, François Scala wrote:
> I don't understand why do you need an Debian installer package for ZFS.
We test for regressions by making an automated (preseeded), throw-away,
minimal instal
On Wed, 14 Sep 2016 at 08:01:31 -0300, André Cardoso wrote:
> Maybe you will need to talk to someone from Debian to define a better
> sequence for loading the modules at the boot time.
Assuming the KEYMAP variable is set to “y” in the initramfs
configuration (cryptsetup forces this), and assuming
Control: unmerge -1
Control: tag -1 - patch
Control: retitle -1 can't a use key file stored on an encrypted rootfs to
unlock the resume device at initramfs stage
Control: severity -1 wishlist
Control: tag 776409 pending
I just added support for unlocking devices at initramfs stage using a
key fil
On Tue, 29 Oct 2013 at 13:09:08 +0100, Milan Kral wrote
> The problem is that in /etc/rcS.d the scripts S07cryptdisks-early,
> S09cryptdisks are run before S13urandom. We are trying to read from
> /dev/urandom before the Linux random number generator is properly
> seeded. This can lead to predict
Package: gnupg
Version: 2.1.15-3
Severity: important
Dear Maintainer,
I think it's actually an upstream bug since
‘d/patches/0020-gpg-print-fingerprint-regardless-of-keyid-format.patch’
seems to have been merged upstream, but in doubt I report this here.
~$ gpg --no-options --list-key 6294BE
Hi Richard,
On Fri, 16 Sep 2016 at 04:32:24 -0500, Richard Laager wrote:
> The attached patch adds ZFS support to cryptsetup.
Thanks the patch. Unfortunately I can't test it easily, and I know
nothing about ZFS, but I'll try to review your patch anyway.
> + zfs list -H -o name,canmount,moun
On Sat, 17 Sep 2016 at 19:37:23 -0500, Richard Laager wrote:
> I have changes all ready-to-go for supporting LUKS, but this "bug"
> (read: feature request) is a blocker. It is possible to work-around this
> with (otherwise unused) /etc/fstab entries, but I don't want to
> encourage that in the wild
On Mon, 19 Sep 2016 at 00:51:45 -0500, Richard Laager wrote:
> On 09/18/2016 02:13 PM, Guilhem Moulin wrote:
>> The kernel parameters
>> approach and the /etc/fstab approach are both FS-agnostic, and I'd
>> rather not have FS-specific code to find out which device
On Mon, 19 Sep 2016 at 06:39:35 -0500, Richard Laager wrote:
> On 09/19/2016 04:48 AM, Guilhem Moulin wrote:
>> On Mon, 19 Sep 2016 at 00:51:45 -0500, Richard Laager wrote:
>>> On 09/18/2016 02:13 PM, Guilhem Moulin wrote:
>> Alright, thanks! I think a more robust AWK or
Control: severity -1 wishlist
On Mon, 19 Sep 2016 at 08:21:13 -0500, Richard Laager wrote:
> On 09/19/2016 07:21 AM, Guilhem Moulin wrote:
>> Interesting, worksforme™ both with gawk(1) and mawk(1). Perhaps an
>> issue with TAB vs spaces? Could you redirect the output of `zfs sta
Hi Marc,
On Sun, 21 Aug 2016 at 12:30:08 +0200, Marc Haber wrote:
> caff calls gpg-agent and dirmngr with --homedir set to its own home
> directory and proceeds to search for the two sockets in this directory.
>
> With gnupg 2.1.14, the sockets are created in /run/user/$UID/gnupg,
> where caff fi
Hi Roger,
On Mon, 08 Aug 2016 at 01:20:48 +0900, Roger Shimizu wrote:
>
> $ENV{'PERL_MAILERS'} = 'sendmail:/usr/bin/msmtp';
> $CONFIG{'mailer-send'} = [ 'sendmail' ];
>
You don't need to set ‘$CONFIG{'mailer-send'}’ on debian, as the method
already defaults to 'sendmail'. An alternativ
On Fri, 26 Aug 2016 at 19:36:31 +0900, Roger Shimizu wrote:
> However, when set it to the example you gave:
>
>> $CONFIG{'mailer-send'} = [ '/usr/bin/msmtp' ];
>
> it will return the following error:
>
> Bareword "usr" not allowed while "strict subs" in use at (eval 269)
> line 1, line 2.
> B
On Mon, 04 Apr 2016 at 14:47:43 +0200, Thomas Leuxner wrote:
> Complete debdiff against 3.1.0-1 attached. Please consider importing.
I'd like to second this; I'm also able to create and query LMDB maps
after applying the patch. Just one remark though: although harmless,
the conditional ‘delmap’ i
Hi there,
On Mon, 20 Jun 2016 at 22:19:06 +0200, Guilhem Moulin wrote:
> On Wed, 15 Jun 2016 at 22:30:18 -0400, Harlan Lieberman-Berg wrote:
>> Guilhem Moulin writes:
>>> I am looking for a sponsor for my package "lacme"
>>
>> This looks like a well-De
On Fri, 27 May 2016 at 11:53:13 +0200, Yuri D'Elia wrote:
> Given only one plugin actually needs pspell, I would advocate to downgrade the
> current dependency of php-spell to a Recommends instead.
In fact it's currently listed as Depends following #793857. But I guess
we could change the logic t
Package: btrfs-progs
Version: 4.5.2-1
Severity: normal
Tags: patch
Dear Maintainer,
Here is a patch to copy libgcc_s into the initrd. Without it,
btrfs-scrub(8) (and also btrfs-check(8)) aborts:
(initramfs) btrfs scrub start -B /root
scrub done for ----
On Thu, 01 Feb 2024 at 17:08:39 +0100, Jordi Mallach wrote:
> Upstream fixed this in
> https://github.com/roundcube/roundcubemail/commit/504cdb89a5ed2c0c3491f99abb206dfb42b1200b
> and the patch applies well to the bookworm branch.
That branch aims at following upstream's 1.6.x so I'm reluctant to
Control: tag -1 moreinfo
Hi,
On Fri, 02 Feb 2024 at 18:44:43 -0500, abrasamji wrote:
> update-initramfs log excerpt with set -x:
>
> Calling hook cryptkeyctl
> + PREREQ=cryptroot
> + . /usr/share/initramfs-tools/hook-functions
> + [ ! -x /tmp/user/0/mkinitramfs_LhQz6c/lib/cryptsetup/scripts/decry
On Tue, 27 Feb 2024 at 13:19:16 +0100, Helmut Grohne wrote:
> Can you explain why you reverted? We need this change in unstable
> sooner rather than later to move forward with base-files and I already
> announced my intention to NMU.
The first message of this bug reads:
| * Please upload these c
ound in the ‘cryptsetup’ binary
package have spewed a loud warning for plain devices from crypttab(5)
where ‘cipher=’ or ‘hash=’ are not explicitly specified. The
cryptsetup(8) executable now issue such a warning as well.
-- Guilhem Moulin Wed, 29 Nov 2023 17:19:10 +0100
Also
Hi Helmut,
On Tue, 27 Feb 2024 at 14:28:33 +0100, Helmut Grohne wrote:
> Please reupload the patch to experimental (with a version higher than
> unstable) assuming that cryptsetup-nuke-password will use version 5 as I
> am in contact with Raphael Hertzog.
Done in 2:2.7.0-1+exp2. Note though that
Control: tag -1 pending
On Sun, 09 Jul 2023 at 13:13:55 -0400, David Mandelberg via
Pkg-roundcube-maintainers wrote:
> I tried setting up oauth2 in roundcube, but when the OIDC provider redirects
> back to roundcube, I get an "Oops... something went wrong!" page. When that
> happens, /var/log/rou
Hi Sakari,
On Fri, 05 Jul 2024 at 08:23:56 +, Sakari Ailus wrote:
> The removal of the intermediate certificates (or not including the current
> ones) however is an issue as the server using the issued certificate still
> needs to provide them to the clients.
The path pointed to by ‛certifica
On Sat, 29 Jun 2024 at 15:52:49 +0200, Lee Garrett wrote:
> Hi Guilhem, could you give quick feedback on this? I'm also happy to prepare
> a NMU for bookworm if you can't find the time for it.
In my view this issue doesn't warrant an (o)s-pu upload on its own, but
the fix is trivial so I can do it
+‛-k’ flag (or ‛no-port-forwarding’ authorized_keys(5) restriction) was
+used. (Closes: #1069768)
+
+ -- Guilhem Moulin Tue, 09 Jul 2024 14:22:02 +0200
+
dropbear (2022.83-1+deb12u1) bookworm; urgency=medium
* Fix CVE-2023-48795: (terrapin attack): The SSH transport protocol with
when the
+‛-k’ flag (or ‛no-port-forwarding’ authorized_keys(5) restriction) was
+used. (Closes: #1069768)
+
+ -- Guilhem Moulin Tue, 09 Jul 2024 15:51:42 +0200
+
dropbear (2020.81-3+deb11u1) bullseye; urgency=medium
* Fix CVE-2021-36369: Due to a non-RFC-compliant check of the
On Tue, 09 Jul 2024 at 14:20:59 +0200, Guilhem Moulin wrote:
> On Sat, 29 Jun 2024 at 15:52:49 +0200, Lee Garrett wrote:
>> Hi Guilhem, could you give quick feedback on this? I'm also happy to prepare
>> a NMU for bookworm if you can't find the time for it.
>
>
Hi,
On Fri, 12 Jul 2024 at 15:05:03 +, Mark Brandis wrote:
> the computer boots from an encrypted partition which works fine. During
> startup an additional NVMe is mounted decrypted via crypttab and then
> mounted to /data.
>
> This no longer works. I have to login as root and execute the fol
: #1066058)
+ * Fix CVE-2024-2494: Missing check for negative array lengths in RPC server
+de-serialization routines. (Closes: #1067461)
+ * Fix CVE-2024-2496: NULL pointer dereference in the
+udevConnectListAllInterfaces() function.
+
+ -- Guilhem Moulin Tue, 30 Jul 2024 21:35:28 +0200
Source: roundcube
Version: 1.6.7+dfsg-1
Severity: important
Found: -1 1.4.15+dfsg.1-1+deb11u3
Found: -1 1.6.5+dfsg-1+deb12u2
Tags: upstream security
Roundcube webmail upstream has recently released 1.6.8 [0] which fixes
the following vulnerabilities:
* CVE-2024-42008: XSS vulnerability in servin
Control: retitle -1 dropbear-initramfs makes initramfs non-reproducible
Control: severity -1 wishlist
Control: tag -1 - patch
Hi,
On Sun, 19 Nov 2023 at 15:45:22 +0100, Yannik Sembritzki wrote:
> One solution would be to simply always use /root-dropbear-initramfs.
I'm not in favour of that solut
On Mon, 20 Nov 2023 at 10:42:30 +0100, Yannik Sembritzki wrote:
> Would you be open to a two step approach like this:
>
> 1. fix the reproducibility bug
> 2. improve the root directory creation process (I can create another bug to
> track this)
Just pushed
https://salsa.debian.org/debian/dropbear
On Mon, 20 Nov 2023 at 11:24:00 +0100, Yannik Sembritzki wrote:
> I just had a look at your patch. I think it's the right idea to rather use
> what is already there, instead of always creating our own stuff/overwriting
> existing /etc/passwd and /etc/nsswitch.
>
> Thank you!
You're welcome :-)
>
Control: tag -1 moreinfo
On Wed, 29 Nov 2023 at 01:14:27 +0100, Dmitry Katsubo via
Pkg-roundcube-maintainers wrote:
> The service roundcube-cleandb should be run after MySQL/MariaDB is started:
>
> === file /lib/systemd/system/roundcube-cleandb.service ===
>
> [Unit]
> After=mariadb.service
>
> =
On Wed, 29 Nov 2023 at 14:11:09 +0100, William Desportes wrote:
> I had put an interface name: ens9.123 thinking it would take the VLAN tag.
> But it triggered the crash. Removing the ".123" fixes it.
That's #1015287.
As written in msg#42 dropbear-initramfs doesn't configure the network by
itself
On Wed, 29 Nov 2023 at 19:48:09 +0100, Dmitry Katsubo wrote:
> After= is not the same as Requires=
> If the service is not present, it is just noop.
> You might wish to add all supported RDBMS into After=.
One could also imagine systems where one (or more) of these .service
files exists but isn't
On Thu, 30 Nov 2023 at 00:13:44 +0100, Dmitry Katsubo wrote:
> For the subsequent calls I ma not sure – I've got an impression that
> this service is run only once at system startup.
No, it's supposed to run once a day at 00:05 local time, see the
associated .timer unit.
If the impact is only tha
Control: tag -1 - wontfix
On Thu, 30 Nov 2023 at 00:22:45 +0100, Guilhem Moulin wrote:
> On Thu, 30 Nov 2023 at 00:13:44 +0100, Dmitry Katsubo wrote:
>> For the subsequent calls I ma not sure – I've got an impression that
>> this service is run only once at system startup.
&
Control: tag -1 moreinfo unreproducible
On Thu, 23 Nov 2023 at 12:26:21 +0100, Harald Dunkel wrote:
> If you upgrade your Laptop from Debian 11 to 12, then resume from an
> encrypted swap partition is broken. There is a passphrase dialog at
> boot time as usual, but the image on the swap partition
Control: tag -1 = pending
Hi,
On Mon, 27 May 2024 at 23:32:13 +0100, Luca Boccassi wrote:
> Please consider applying the same change in the initramfs-tools
> cryptsetup scripts, so that x-initrd.attach is recognized (and no
> warning is printed), and so that it is added if missing. Thanks.
While
On Sun, 02 Jun 2024 at 23:35:57 +0100, Luca Boccassi wrote:
> Yes, the purpose of the option is to leave that device alone, as it
> cannot be closed from the host os, as programs will be running from
> it.
It doesn't leave the device alone though as it still tries to detach it.
> I gather the ini
On Mon, 03 Jun 2024 at 00:14:39 +0100, Luca Boccassi wrote:
> On Mon, 3 Jun 2024 at 00:09, Guilhem Moulin wrote:
>> On Sun, 02 Jun 2024 at 23:35:57 +0100, Luca Boccassi wrote:
>>> I gather the initramfs scripts are not calling a deferred close after
>>> mounting the r
Package: lacme
Version: 0.8.2-1
Severity: grave
Justification: renders package unusable
Let's Encrypt has recently rotated its intermediate certificates [0].
The previous intermediate certificates (lets-encrypt-r[34].pem and
lets-encrypt-e[12].pem) are concatenated along side the roots
(isrgrootx1
ency=high
+
+ * Non-maintainer upload.
+ * Fix CVE-2024-3651: Specially crafted inputs to idna.encode() can consume
+significant resources, which may lead to denial of service.
+(Closes: #1069127)
+
+ -- Guilhem Moulin Thu, 30 May 2024 13:49:43 +0200
+
python-idna (2.10-1) unstable; urgenc
+ * Non-maintainer upload.
+ * Fix CVE-2024-3651: Specially crafted inputs to idna.encode() can consume
+significant resources, which may lead to denial of service.
+(Closes: #1069127)
+
+ -- Guilhem Moulin Thu, 30 May 2024 14:31:22 +0200
+
python-idna (3.3-1) unstable; urgency=medium
nst current Let's Encrypt staging environment.
+
+ -- Guilhem Moulin Thu, 13 Jun 2024 19:19:07 +0200
+
lacme (0.8.0-2+deb11u1) bullseye; urgency=medium
* client: Handle "ready" → "processing" → "valid" status change during
diff -Nru lacme-0.8.0/debian/patche
nment.
+ * d/gbp.conf: Set 'debian-branch = debian/bookworm'.
+
+ -- Guilhem Moulin Fri, 14 Jun 2024 01:20:13 +0200
+
lacme (0.8.2-1) unstable; urgency=medium
* New upstream bugfix release.
diff -Nru lacme-0.8.2/debian/gbp.conf lacme-0.8.2/debian/gbp.conf
--- lacme-0.8.2/debian/gbp.conf 2023-
: #1036049, #1057441)
+
+ [ Guilhem Moulin ]
+ * add_modules(): Change suffix drop logic to match initramfs-tools.
+ * Fix DEP-8 tests with kernels shipping compressed modules.
+ * d/salsa-ci.yml: Set RELEASE=bookworm.
+
+ -- Guilhem Moulin Mon, 18 Dec 2023 03:41:04 +0100
+
cryptsetup (2:2.6.1-4~deb12u
Control: tag -1 - moreinfo
Hi,
On Thu, 21 Dec 2023 at 21:59:40 +, Jonathan Wiltshire wrote:
> On Mon, Dec 18, 2023 at 02:10:20PM +0100, Guilhem Moulin wrote:
>> [ Reason ]
>>
>> 1. cryptsetup-suspend 2:2.6.1-4~deb12u1 was found incompatible with
>> systemd 254.1
Hi,
Upstream has now released 3.2.5 which fixes the issue
https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12352411&styleName=Text&projectId=10510
The fix can be found at
https://github.com/apache/xerces-c/pull/54
https://github.com/apache/xerces-c/commit/e0024267504188e42
d in buster-security, bullseye, bookworm and sid, evade the
infinite loop by blindly advancing the pointer.
Cheers,
--
Guilhem.
[0] https://www.forescout.com/resources/sierra21-vulnerabilities
From: Guilhem Moulin
Date: Sat, 30 Dec 2023 14:15:54 +0100
Subject: Avoid reachable assertion via crafte
On Sat, 30 Dec 2023 at 21:02:16 +0100, Felix Geyer wrote:
> There are some minor changes staged in the salsa git repo. It would be good
> to include them as well. Feel free to push the patch to git and upload.
> Alternatively a merge request works as well of course.
Thanks for the fast response!
Hi,
On Thu, 28 Dec 2023 at 13:28:53 -0500, de...@blough.us wrote:
> Thanks for doing this.
>
> I don't have a lot of free time at the moment, so please feel free to NMU.
Thanks for the fast reply! 3.2.4+debian-1.1 is now in trixie, you'll
find the commits and tag at
https://salsa.debian.org/lts-
Hi,
On Sun, 31 Dec 2023 at 18:49:30 +0800, YunQiang Su wrote:
> 2 mthods are supported for 2 FA:
> - Yubikey Challenge
> - TPM2 Keypair
If your concern is to make these work with cryptsetup-initramfs, there
are #1023700 and #1031254 open against src:cryptsetup. The plan is to
have that in trixie
On Sun, 31 Dec 2023 at 21:22:36 +0800, YunQiang Su wrote:
>> Is there any reason to not just use systemd-cryptenroll?
>
> Yes. I tried to use systemd-cryptenroll, while it cannot work with
> cryptsetup-suspend.
> I need a way to suspend or hibernate without disks decrypted.
Seems like this should
On Sun, 31 Dec 2023 at 22:07:07 +0800, YunQiang Su wrote:
> systemd-cryptsetup doesn't have suspend support.
> cryptsetup-suspend will fails.
Hence a wishlish bug? :-) FWIW I'm part of the cryptsetup packaging
team, which is upstream for cryptsetup-suspend. cryptsetup-suspend
supports all unlock
Control: tag -1 moreinfo
Hi,
On Tue, 19 Mar 2024 at 12:37:08 +0100, Daniel Gröber wrote:
> In that setup there's really no point to reusing the hosts' private
> keys and expose them in the initrd unencrypted.
Agreed, but AFAICT that's not the case anymore since 2015.68-1. New
host keys are gene
On Tue, 19 Mar 2024 at 13:50:34 +0100, Daniel Gröber wrote:
> Ah, that makes sense. Well that's easy enough for me to fix then not sure
> how I missed that while staring at the hook script. I really should have my
> green tea before reporting bugs ;)
>
> Sorry for the noise.
No worries :-) I beli
Source: roundcube
Version: 1.6.6+dfsg-2
Severity: important
Control: found -1 1.6.5+dfsg-1~deb12u1
Control: found -1 1.4.15+dfsg.1-1~deb11u2
Control: found -1 1.3.17+dfsg.1-1~deb10u5
Tags: security upstream
Roundcube webmail upstream has recently released 1.6.7 [0] which fixes
the following vulner
Control: tag -1 unreproducible moreinfo
Hi,
On Wed, 24 Apr 2024 at 14:42:43 +0200, Lee Garrett wrote:
> After some debugging, it turns out that ServerAliveInterval != 0 will cause
> the
> ssh client to reset the connection, which dropbear will count as unlock
> attempt,
> and after three tries
On Wed, 24 Apr 2024 at 16:32:09 +0200, Lee Garrett wrote:
> Although the dropbear man page is not explicit, I'm assuming it refers to
> TCP keepalive.
I think this assumption is incorrect:
https://sources.debian.org/src/dropbear/2024.84-1/src/common-session.c/#L497
> It should be trivially reprod
Control: tag -1 - moreinfo unreproducible
On Wed, 24 Apr 2024 at 17:10:57 +0200, Guilhem Moulin wrote:
>> It should be trivially reproducible by running `ssh -o ServerAliveCountMax=3
>> -o ServerAliveInterval=1 root@yourdropbearserver`. The client should then
>> disconne
Control: reassign -1 dropbear-bin 2022.83-1+deb12u1
Control: retitle -1: The 'no-agent-forwarding' key restriction disables server
alive message support
Control: tag -1 upstream
On Wed, 24 Apr 2024 at 18:38:26 +0200, Guilhem Moulin wrote:
> On Wed, 24 Apr 2024 at 17:10:57 +0200, G
Hi,
On Sat, 27 Apr 2024 at 00:33:51 +0200, Christoph Anton Mitterer wrote:
> Now the problem is that argon2 is statically linked, so there's no
> libpthread showing up in its ldd, and thus copy_exec doesn't realise it
> needs to invoke copy_libgcc.
Even it weren't, libpthread wouldn't show up sin
On Sat, 27 Apr 2024 at 02:07:21 +0200, Christoph Anton Mitterer wrote:
> So you say it's a glibc thingy, that this doesn't show up anymore?
Yup, that's what I wrote https://bugs.debian.org/1032235#97
| It was intentional, see the article
|
https://developers.redhat.com/articles/2021/12/17/why-gl
Hi Tomasz,
On Fri, 5 Apr 2024 at 01:11:41 +0200, Tomasz Buchert wrote:
> Looking into older versions and appropriately patching them will take
> more time.
I'm preparing an update for this issue for Buster LTS and can hand
tested debdiffs over to the Security Team for newer suites if you'd
like.
Package: release-notes
Severity: wishlist
Hi,
cryptsetup 2:2.7.0~rc0-1 has a backward incompatible change for plain
mode when relying on defaults cipher and password hashing algorithm.
The change affects users upgrading from bookworm to trixie. Plain mode
is generally advised against but it sti
Control: tag -1 pending
Hi,
On Tue, 26 Mar 2024 at 13:44:28 +0100, Simon Chopin wrote:
> interimap is packing structs that are sensible to the time_t transition.
> Please see the attached debdiff as a *very* crude attempt to fix it in
> Ubuntu. I'm hoping it'll be possible to come up with a neate
Hi,
On Tue, 16 Apr 2024 at 21:35:22 +0200, Salvatore Bonaccorso wrote:
> The following vulnerability was published for python-idna.
>
> CVE-2024-3651[0]:
> | potential DoS via resource consumption via specially crafted inputs to
> | idna.encode()
I'm preparing an update for this issue for Buster
On Sat, 06 Apr 2024 at 13:37:23 +0200, Christian Schwamborn wrote:
> Just out of curiosity: Why aren't those patches the current stable
> bookworm package of roundcube-plugins-extra included?
Because the issues were not fixed in time for the Bookworm freeze. An
upload to bookworm-backports might
Control: tag -1 + unreproducible moreinfo
On Fri, 12 Apr 2024 at 12:45:09 +0200, Milan Broz wrote:
> Just FYI (for upstream code): if cryptsetup/libcryptsetup is linked with
> OpenSSL >= 3.2,
> it does not need libphtread (as threads are implemented in OpenSSL for Argon2
> internally).
Thanks f
On Fri, 12 Apr 2024 at 14:37:16 +0200, Guilhem Moulin wrote:
> What is that “GUI” view? src:cryptsetup doesn't provide that, I wonder
> if it might be what needs libphtread.
FWIW, I later noticed you used a splash screen (plymouth) and thought it
might be because of that, but I s
On Sat, 13 Apr 2024 at 10:06:32 -0400, Wesley Schwengle wrote:
> I had the same issue a while back, because of the t64 transitioning I chaulked
> it up to that. I fixed it as described in Ubuntu bug:
>
> https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1958594
libcryptsetup12 doesn't
Control: reopen -1
Control: tag -1 - unreproducible moreinfo
On Sun, 14 Apr 2024 at 21:26:25 +0200, Guilhem Moulin wrote:
> At this point something triggered rebuilding a new initramfs image, but
> that's not src:cryptsetup as none of its binary packages have been
> upgraded y
Hi Chris,
On Mon, 22 Apr 2024 at 01:43:26 +0200, Chris Hofstaedtler wrote:
> I've prepared an NMU for netcat-openbsd (versioned as 1.226-1.1) and
> uploaded it to DELAYED/7. Please feel free to tell me if I
> should delay it longer.
Ooops sorry, that bug fell off-screen. No issue with the NMU, f
Hi Guido,
On Wed, 01 Mar 2023 at 12:14:51 +0100, Guido Günther wrote:
> On Tue, Aug 09, 2022 at 01:07:34PM +0200, Guilhem Moulin wrote:
>> That'd work for me, thanks! Some ideas to cover other use-cases if
>> desired:
>>
>> - Always strip ‘+ds(\.\d*)?’ and
Control: clone -1 -2
Control: severity -2 important
Control: done -1 2:2.6.1-2
On Wed, 08 Mar 2023 at 13:42:53 +0100, Christoph Anton Mitterer wrote:
> @Guilhem, I'm reopening this for now.
No please don't, #-1 is RC so that would block transitioning into
Bookworm which only supports merged-usr…
On Wed, 08 Mar 2023 at 14:11:05 +0100, Christoph Anton Mitterer wrote:
> On Wed, 2023-03-08 at 14:04 +0100, Guilhem Moulin wrote:
>> No please don't, #-1 is RC so that would block transitioning into
>> Bookworm which only supports merged-usr… Will fix that later during
>&
Control: tag -1 pending
On Wed, 08 Mar 2023 at 14:04:42 +0100, Guilhem Moulin wrote:
> On Wed, 08 Mar 2023 at 13:42:53 +0100, Christoph Anton Mitterer wrote:
>> @Guilhem, I'm reopening this for now.
>
> No please don't, #-1 is RC so that would block transitioning i
Control: reassign -1 cryptsetup-bin 2:2.6.1-2
Control: severity -1 important
Control: tag -1 upstream
Control: forwarded -1
https://gitlab.com/cryptsetup/cryptsetup/-/issues/802#note_1287298872
Hi,
On Sat, 11 Mar 2023 at 08:26:27 -0500, Jérôme Charaoui wrote:
> Today I upgraded a small KVM machi
Control: found -1 2:2.1.0-5+deb10u2
Control: tag -1 moreinfo
Hi kibi,
On Sat, 11 Mar 2023 at 15:16:01 +0100, Cyril Brulebois wrote:
> Guilhem Moulin (2023-03-11):
>> On Sat, 11 Mar 2023 at 08:26:27 -0500, Jérôme Charaoui wrote:
>>> Today I upgraded a small KVM machine with
Control: tag -1 - moreinfo
Control: severity -1 important
Control: retitle -1 Argon2 memory cost is not future proof and might OOM on
dist-upgrade on memory-constrained systems
On Sat, 11 Mar 2023 at 14:53:37 -0500, Jérôme Charaoui wrote:
>> Jérôme, what memory cost is the keyslot using? (Paste
Hi,
On Wed, 15 Mar 2023 at 22:43:31 +0100, Bastian Germann wrote:
> Am 15.03.23 um 22:39 schrieb Paul Gevers:
>> Do I understand correctly that:
>> 1) argon2 in testing isn't affected
>> 2) this bug isn't solved yet, despite the closure?
>> 3) the issue for cryptsetup is worked around in cryptsetu
Hi,
On Thu, 16 Mar 2023 at 09:13:44 +0100, Paul Gevers wrote:
> On 15-03-2023 23:28, Guilhem Moulin wrote:
>> Yes there is, namely the fact that libargon2-1 no longer links against
>> libpthread, which in turn caused a major regression in
>> cryptsetup-initramfs (mitigate
On Thu, 16 Mar 2023 at 16:01:47 +0100, Paul Gevers wrote:
> On 16-03-2023 14:31, Guilhem Moulin wrote:
>>> cryptsetup can only migrate when argon2 migrates,
>>
>> I see that in the excuse page now but don't understand the reason why,
>
> It took me a while a
Hi,
On Thu, 16 Mar 2023 at 13:44:11 +0100, Paul Gevers wrote:
>> As I already mentioned on this or some related bug, I would find it nice
>> for #1014110 to be fixed in bookworm (threaded argon2 executable) but I
>> do not insist on it.
>
> cryptsetup can only migrate when argon2 migrates,
I see
Hi,
On Fri, 28 Oct 2022 at 14:03:51 +0100, Luca Boccassi wrote:
> Yesterday I uploaded sytemd/252~rc3 to unstable, and cryptsetup
> autopkgtests have started failing.
Thanks for the poke. AFAICT the failure comes from the fact that
`udeadm settle` calls now requires a proc(5) pseudo filesystem m
Control: tag -1 moreinfo unreproducible
Hi,
On Tue, 08 Nov 2022 at 22:36:39 +0100, Hauke Mehrtens wrote:
> Unlocking and mounting of the root partitions does not work any more
> from the initramfs. When I call cryptroot-unlock and provide the disk
> password I see some error messages about mdadm,
301 - 400 of 1122 matches
Mail list logo
