-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Package: linux-image-3.11-2-486
Version: 3.11.10-1
Tags: security
When executing code in virtual-8086 mode via vm86 syscall, kernel
seems to perform incomplete CPU state sanitation when switching tasks,
thus causing OOPSes or complete machine lockup.
Bastian Blank wrote:
> Control: tag -1 moreinfo
>
> On Sun, Dec 29, 2013 at 09:12:35PM +, halfdog wrote:
>> When executing code in virtual-8086 mode via vm86 syscall, kernel
>> seems to perform incomplete CPU state sanitation when switching tasks,
>> thus causing
Here is some more information from my latest tests:
* Although first observed with virtual-8086 mode, the bug is not
specific to virtual-8086 mode, it can be triggered with normal x86
userspace code also, even with better reproducibility.
* It seems, that when changing the FPU control word with "
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ben Hutchings wrote:
> On Fri, 2014-01-03 at 23:20 +0000, halfdog wrote:
>> Here is some more information from my latest tests:
>>
>> * Although first observed with virtual-8086 mode, the bug is not
>> specific to v
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This issue was assigned CVE-2014-1438 and has now been fixed in kernel
mainline. Since analysis showed, that it is not specific to vm86-mode,
new bug description could be similar to OSVDB: "restore_fpu_checking
Function Unhandled FPU Exception Local Do
Just out of interest:
Is this really a namespace conflict? As I understand the code, xpdf and
libpoppler should want to use an object of same class from the same
namespace, but due to some reason, the class code was duplicated to
xpdf. I'm not c++ expert, but perhaps this was to make linking of xp
Hi Andreas,
It took me quite a while to address all your remarks...
Andreas Henriksson wrote:
> Hello halfdog,
>
> Thanks for your interest in debian packaging
>
> On Fri, Dec 30, 2016 at 03:16:55PM +, halfdog wrote:
> > Package: sponsorship-requests
> > Sev
Hello Andreas,
I did not hear from you after the last mails, see messages from
04 May 2017 21:59, 23 Jun 2017 05:59. Are you still interested
in doing the (quite tricky) review?
I have now also tested the build procedures and the software on
Debian Stretch, see today's upload of package to mentor
seful for other Debian users, I hope, that someone else has the
time to continue the review. The whole review state was captured
in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849754 and
should be good groundwork for the next review.
Best regards,
hd
> On Thu, Aug 31, 2017 at 05:00:
Package will also fail to install on IPv6 disabled:
Aug 05 17:14:40 localhost xrdp-sesman[16878]: (16878)(-1222109440)[DEBUG]
libscp initialized
Aug 05 17:14:40 localhost xrdp-sesman[16879]: (16879)(-1222109440)[INFO ]
starting xrdp-sesman with pid 16879
Aug 05 17:14:40 localhost xrdp-sesman[168
Package: ulogd2
Version: 2.0.4-2+deb8u1
Severity: serious
Tags: security
After a fresh install of ulogd2, logging directory has following
permissions:
# ls -al /var/log/ulog
total 8
drwxr-xr-x 2 root root 4096 Dec 3 16:22 .
drwxr-xr-x 10 root root 4096 Dec 3 16:22 ..
-rw-r--r-- 1 root root
Package: wnpp
Severity: wishlist
Package name: guerillabackup
Version: 0.0.0
Upstream Author: halfdog
URL: https://github.com/halfdog/guerillabackup
Sources URL: https://github.com/halfdog/guerillabackup.git
License: LGPLv3
Programming Lang: Python
Description: guerillabackup supports backup
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "guerillabackup"
* Package name: guerillabackup
Version : 0.0.0-1
Upstream Author : halfdog
* URL : https://github.com/halfdog/guerillabackup
.
* Fixed Debian FHS violation pedantic lintian warning.
Now I am looking for a sponsor for my package "guerillabackup":
* Package name : guerillabackup
Version : 0.3.0-1
Upstream contact : m...@halfdog.net
* URL : https://github.com/halfdog/guerillabackup
Dear mentors,
I am looking for a sponsor for my package "guerillabackup":
* Package name : guerillabackup
Version : 0.4.0-1
Upstream contact : m...@halfdog.net
* URL : https://github.com/halfdog/guerillabackup
* License : LGPL-3
Dear mentors,
A new version of the package is uploaded at mentors with the
following changes compared with the previous version uploaded:
* Upstream integration of improvements from Debian RFS review process,
see merge on previous version v0.4.0-1:
https://salsa.debian.org/halfdog-guest
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Package: kernel-package
Version: 12.036
When installing home-built kernel packages, I observed error similar to
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561287
Searching for the cause, I found an anomaly in
./usr/share/kernel-package/pkg/imag
Hi,
Debian Bug Tracking System writes:
> Processing commands for cont...@bugs.debian.org:
>
> > retitle 849754 RFS: guerillabackup/0.0.1-1 [ITP]
> Bug #849754 [sponsorship-requests] RFS: guerillabackup/0.0.1-1/0.0.1-1 [ITP]
> Changed Bug title to 'RFS: guerillabackup/0.0.1-1 [ITP]' from 'RFS:
> g
Hello Mentors,
While the package in question (see [0]) is working 24/7 on multiple
machines without problems, having created and transfered about
10k of data elements so far, also surviving updates, reboots,
both the inclusion process but also the purging of obsolete RFS
seems stuck.
Should anoth
Package: bugs.debian.org
Running a data deduplication tool on all sent and received messages
detected an anomaly regarding a message from bugs.debian.org
dating back to 2018-01-22.
The exact cause is unknown but might be related to a lone "."
in a message truncating it. It is also unclear which c
Rebuilt package to see the gbp/salsa still works on Debian Buster
build host, uploaded to mentors.
~
Package: sponsorship-requests
Severity: wishlist
Dear mentors,
I am looking for a sponsor for my package "guerillabackup":
* Package name: guerillabackup
Version : 0.1.0-1
Upstream Author : m...@halfdog.net
* URL : https://github.com/halfdog/guer
Package: exim4-daemon-light
Version: 4.94-19
Severity: grave
Yesterdays 21nails update causes Exim to fail delivery of any
messages. This might be related to using syslogging only without
any file logging configured:
Core was generated by `/usr/sbin/exim4 -Mc 1ldzSC-0001yw-RY'.
Program terminated
Salvatore Bonaccorso writes:
> Hi,
>
> On Wed, May 05, 2021 at 06:58:02AM +, halfdog wrote:
>> Package: exim4-daemon-light
>> Version: 4.94-19
>> Severity: grave
>>
>> Yesterdays 21nails update causes Exim to fail delivery of any
>> messages. T
This is weird: I have only bullseye/bullseye-updates/bullseye-security
in my sources list. I applied all updates on 2nd of May with
no Exim package available. Then after the 21nails disclosure
I run the updates (timestamps in UTC):
2021-05-02 07:05:31 status installed initramfs-tools:all 0.140
...
Adam D. Barratt writes:
> On Wed, 2021-05-05 at 11:07 +0000, halfdog wrote:
>> This is weird: I have only bullseye/bullseye-updates/bullseye-
>> security
>> in my sources list. I applied all updates on 2nd of May with
>> no Exim package available. Then after the 21na
Also 4.94.2-1 crashes, e.g. calling "exim4 -qff":
(gdb) bt
#0 0x55ebf469d87c in log_open_already_exim (name=0x7ffcc589d560 "")
at log.c:288
#1 0x55ebf469dadf in log_open_as_exim (name=name@entry=0x7ffcc589d560 "")
at log.c:416
#2 0x55ebf469de8d in open_log (fd=fd@entry=0x55e
Andreas Metzler writes:
> On 2021-05-05 Andreas Metzler wrote: [...]
>> The breakage is caused by the relevant change in -18/-19 (Pull
>> patches to temporarily add an option to turn taint errors
>> into warnings.)
>
> Could you give 4.94.2-2 a spin? It should hit the mirrors in
> a couple of hour
Package: devscripts
Version: 2.20.4
Severity: normal
According to Debian Bullseye manpage "debsign" should handle the
"DEBSIGN_PROGRAM" environment variable as follows:
DEBSIGN_PROGRAM
Setting this is equivalent to giving a -p option.
The "-p" should replace the gpg program:
Adam D. Barratt writes:
> On Wed, 2020-10-28 at 15:03 +0000, halfdog wrote:
> > According to Debian Bullseye manpage "debsign" should handle the
> > "DEBSIGN_PROGRAM" environment variable as follows:
> >
> >DEBSIGN_PROGRAM
> >
Package: sponsorship-requests
Severity: wishlist
Dear mentors,
I am looking for a sponsor for my package "guerillabackup":
* Package name: guerillabackup
Version : 0.0.2-1
Upstream Author : m...@halfdog.net
* URL : https://github.com/halfdog/guer
Hello Michael,
Thanks for you detailed review.
Michael Lustfield wrote:
> I reviewed this packaging and came up with some issues:
>
> - The description does nothing to explain what makes this solution unique.
> + Why is this special?
> + How does it even work?
> + This should be easily gle
Package: mount
Version: 2.29.2-1
Severity: normal
Tags: security
Debugging of libmount can be activated, also in SUID
binaries, thus spilling out the heap addresses. Note that "CXT"
structure contains function pointers to overwrite.
Test:
LIBMOUNT_DEBUG=all /bin/umount /
Output:
2401: libmount
In response to discussion, packaging was adjusted:
* Added lintian override to ignore non-standard directory perms
explaining the read restrictions
* Ignore possible-unindented-list-in-extended-description (false
positive)
* Added docstrings to systemd service files, reported when using
lint
ch should build
the package using "gbp", hence also no upstream changes. But I
did not manage to get gbp running from the documentation, e.g.
trying the following did not work out and the various (sometimes
contradictory) recommendations from IRC did not really improve
the situation. You ca
Package: iptables
Version: 1.8.4-2
Severity: grave
Tags: security
After upgrading from "1.8.3-2", iptables-restore handles empty
lines differently and does not restore the rules. Thus old rulesets
stored with save and then annotated for better readability (to
avoid loads of "iptables -A" calls), d
Rebuilt package to see the gbp/salsa still works on Debian Buster
build host, uploaded to mentors.
Rebuilt package to see the gbp/salsa still works on Debian Buster
build host, uploaded to mentors.
Package: qemu-system-x86
Version: 1:3.1+dfsg-2
Invoking migrate twice (accidentially) will cause QEMU to abort
and current virtual machine state is lost.
Reproduce:
Start qemu with monitor enabled, e.g. "-monitor stdio".
Stop the machine and invoke migrate twice:
(qemu) stop
(qemu) migrate "ex
Package: qemu-system-gui
Version: 1:3.1+dfsg-2
When running a Qemu machine with "-display gtk" then selecting
Menu-bar -> View -> Detach tab
and
Menu-bar -> View -> Fullscreen
will then display the menu bar into fullscreen mode, not the virtual
machine window.
Package: qemu-system-gui
Version: 1:3.1+dfsg-2
After upgrading from Debian Stretch to Buster, thus changing
the qemu version on host, "-display gtk" has to be used instead
of "sdl" as the later is not available with Buster any more.
Since that switch the mouse behaviour changed, making guest mach
Package: qemu-system-gui
Version: 1:3.1+dfsg-2
When running a Qemu machine with "-display gtk" then selecting
Menu-bar -> View -> Detach tab
and closing the detached window (thus reattaching it to the base
GTK window), then everything looks nice afterwards but keybord
events are not forwarded to
Michael Tokarev writes:
> 12.01.2019 14:51, halfdog wrote:
> > Package: qemu-system-gui
> > Version: 1:3.1+dfsg-2
> >
> > After upgrading from Debian Stretch to Buster, thus changing
> > the qemu version on host, "-display gtk" has to be used instead
Michael Tokarev writes:
> 13.01.2019 0:46, halfdog wrote:
> > Michael Tokarev writes:
> []
> >> There's no need to explicitly enable gtk/sdl display, it is the
> >> default if the system has all the necessary packages installed
> >> and if X env
Rebuilt package to see the gbp/salsa still works on Debian Buster
build host, uploaded to mentors.
Package: nmh
Version: 1.7.1-2+deb8u1
Severity: serious
No matter which password is entered, inc will always send the
password string "(null)" to the server, thus failing authentication.
It is easily reproducible on fresh installs: First emulate a POP3
server using socat:
$ socat TCP4-LISTEN:
illabackup
Version : 0.0.1-1
Upstream Author : m...@halfdog.net
* URL : https://github.com/halfdog/guerillabackup
* License : LGPL-3.0+
* Vcs : https://salsa.debian.org/halfdog-guest/guerillabackup
Section : misc
It builds those binar
Package: sponsorship-requests
Severity: wishlist
Dear mentors,
I am looking for a sponsor for my package "guerillabackup":
* Package name: guerillabackup
Version : 0.1.1-1
Upstream Author : m...@halfdog.net
* URL : https://github.com/halfdog/guer
Reusing old bug report, not opening new one as discussed on IRC.
Dear mentors,
I am looking for a sponsor for my package "guerillabackup":
* Package name: guerillabackup
Version : 0.1.1-1
Upstream Author : m...@halfdog.net
* URL : https://github.c
debian/sid --upstream-branch upstream
https://salsa.debian.org/halfdog-guest/guerillabackup.git
cd guerillabackup
git config user.email "your mail"
git config user.name "your name"
git checkout debian/sid
gbp buildpackage --git-pbuilder --git-pbuilder-options=--source-only-change
to work now without problems. To build and review the
package, following commands work:
gbp clone --debian-branch debian/sid --upstream-branch upstream
https://salsa.debian.org/halfdog-guest/guerillabackup.git
cd guerillabackup
git config user.email "your mail"
git config user.name
Dear mentors,
I am looking for a sponsor for my package "guerillabackup":
* Package name: guerillabackup
Version : 0.2.0-1
Upstream Author : m...@halfdog.net
* URL : https://github.com/halfdog/guerillabackup
* License : LGPL-3
Package: xpdf
Version: 3.04-13
Severity: normal
Tag: security
On Debian Bullseye this crashes xpdf with coredump:
touch x.pdf; xpdf x.pdf
Funny, after a 2-byte Virtualbox (and now qemu) crash, this is
the shortest input for a DoS-bug I have seen so far :-)
For xpdf this bug itself is not reall
Rebuilt package to see the gbp/salsa still works on Debian Buster
build host and after "mentors.debian.net upgraded to buster" [0].
[0] https://lists.debian.org/debian-mentors/2019/04/msg00116.html
54 matches
Mail list logo
