gt;
No worries. We are all here to help and learn.
Regards,
-Roberto
--
Roberto C. Sánchez
uot; or any other package based on vulnerable "zlib1g" in
> bookworm, that may be a security risk, right?
The minizip package in bookworm does not come from zlib1g, so this
particular vulnerability still does not apply.
Regards,
-Roberto
--
Roberto C. Sánchez
a vulnerability.
If fixing it is important to you personally, then you are welcome to
figure out the patch or patches that apply, apply them, test the
resulting package, and the communicate with the security team and
release managers to have it included in the next stable point release
(which will probably be sometime in March).
Regards,
-Roberto
--
Roberto C. Sánchez
On Wed, Jan 29, 2025 at 08:43:12AM -0500, Dan Ritter wrote:
>
> Most recently: https://daniel.haxx.se/blog/2025/01/23/cvss-is-dead-to-us/
I was going to post a link to this very article when I saw that you
already had :-)
Regards,
-Roberto
--
Roberto C. Sánchez
vileges). And for "stable" it definitely leans hard
toward "no behavior change at all when possible, and only minimal change
when change is unavoidable".
If your needs for "secure" and "stable" don't line up with how the
Debian Security Team approaches those things, then it is worth
considering alternatives.
I hope this helps you to understand the overall approach.
Regards,
-Roberto
--
Roberto C. Sánchez
e rest of us would thank you
kindly for availing yourself of one or more of those options.
Regards,
-Roberto
--
Roberto C. Sánchez
ially from
what was released in Debian stable. In other words, they may break your
existing whatever (programs you are compiling in the case of a library,
scripts you've written in the case of an interperter, etc).
Regards,
-Roberto
--
Roberto C. Sánchez
s not yet available, or
> available somewhere else.
>
> This problem is always sorted out by the passing of time. How much you want
> to wait is subjective to you I would think.
>
> Time is the revelator.
>
> --
> C.
>
>
t; >
>
> I know the answer, the question was to the person I replied to.
>
> Can YOU answer that question?
>
> It is why I use a rolling release distribution for anything important
>
And that is your choice.
Others, for various reasons, choose a stable distribution to which
security patches are backported.
Each has its place.
Regards,
-Roberto
--
Roberto C. Sánchez
I have Debian 12 installed on a server with NVIDIA ADA RTX4500 GPUs (used
for machine learning with Tensorflow via Docker images). When I upgrade
("sudo apt upgrade"), I get the message that a number of packages (all
related to Nvidia) have been "kept back".
I am not sure what to do: should I upgr
\] ]]; then BAD=1; break; fi;
done < /proc/mdstat;
echo $BAD
Note that I changed to a regex match, and also added a 'break;' after
assigning BAD=1, because there is no need to continue processing the
input at that point.
Regards and Merry Christmas,
-Roberto
--
Roberto C. Sánchez
affic,
perform whatever filtering the organization's policy requires, and then
pass it on to the destination.
Does the same sort of prompt appear when attempting to view a web page
over HTTPS?
If that is what is going on, most likely a self-signed certificate is
being used and you would need to explicitly trust the certificate.
Regards,
-Roberto
--
Roberto C. Sánchez
transition:
https://tracker.debian.org/pkg/dolphin
What you have done is, well, not a generally good approach. Testing
transitions are done for good reason and if as a user you choose to use
testing then it is best to exercise patience when it comes to
transitions.
Regards,
-Roberto
--
Roberto C. Sánchez
to
tweak the behavior of debconf.
Regards,
-Roberto
[0] https://manpages.debian.org/buster/debconf-doc/debconf.7.en.html
--
Roberto C. Sánchez
present (e.g., specific MAC address on the
network hardware, specific USB devices present, etc) then those things
may break. However, you should have a sufficiently functional system to
be able to deal with those things.
Regards,
-Roberto
--
Roberto C. Sánchez
Dear Andrew,
Thanks for your confirmation.
Regards,
Mahendiran C
Mob.: 91-9677305572 | E-mail: mailto:mahendi...@velankanigroup.com
Work: 91-8046537132
Velankani Electronics and Automotive Pvt Ltd.,
43, Electronics City| Hosur Road| Bengaluru| Karnataka 560100
Dear Sir/Madam,
Have a Great Day!!
May I have support for the below trail request to get server hardware
certification for DEBIAN OS.
Regards,
Mahendiran C
Mob.: 91-9677305572 | E-mail: mailto:mahendi...@velankanigroup.com
Work: 91-8046537132
Velankani Electronics and
of 16 x 2.5" NVMe and 8 x 2.5" SATA SSD drives.
Regards,
Mahendiran C
Mob.: 91-9677305572 | E-mail: mailto:mahendi...@velankanigroup.com
Work: 91-8046537132
Velankani Electronics and Automotive Pvt Ltd.,
43, Electronics City| Hosur Road| Bengaluru| Karnataka 560100.
On Tue, Aug 20, 2024 at 08:18:44PM -0400, Greg Wooledge wrote:
> On Tue, Aug 20, 2024 at 20:04:11 -0400, Roberto C. Sánchez wrote:
> > sync && sync && sync && swapoff
> >
> > I couldn't tell why I have sync 3 times, but I know that it's
amp;& swapoff
I couldn't tell why I have sync 3 times, but I know that it's how I've
called swapoff since as far back as I can remember.
Regards,
-Roberto
--
Roberto C. Sánchez
3, 4, or 5 years old Debian
release, you should really question whether that is a good idea. And
then realize that if you decide to install anyways that support will
become progressively more challenging.
Regards,
-Roberto
--
Roberto C. Sánchez
On Sun, Aug 4, 2024 at 3:12 AM George at Clug wrote:
>
>
> On Sunday, 04-08-2024 at 16:15 john doe wrote:
> > On 8/4/24 06:48, jeremy ardley wrote:
> > >
> > > On 4/08/2024 12:26 pm, George at Clug wrote:
> > >>
> > >> If I go to the local coffee shop and connect my laptop to their WiFi,
> > >> w
On Fri, Aug 02, 2024 at 10:45:21AM -0400, Jeffrey Walton wrote:
> On Fri, Aug 2, 2024 at 10:37 AM Roberto C. Sánchez wrote:
> >
> > On Fri, Aug 02, 2024 at 10:16:51AM -0400, Jeffrey Walton wrote:
> > > On Fri, Aug 2, 2024 at 9:13 AM Brian wrote:
> > > >
> &
might be "bind9 update 9.16.50 -- too many record" from
> the debian-security mailing list at
> <https://lists.debian.org/debian-security/2024/07/msg3.html>.
>
Which seems unlikely on a system running buster.
--
Roberto C. Sánchez
On Fri, Aug 02, 2024 at 10:55:55AM -0300, Eduardo M KALINOWSKI wrote:
> On 02/08/2024 10:44, Roberto C. Sánchez wrote:
> > On Fri, Aug 02, 2024 at 10:15:38AM -0300, Eduardo M KALINOWSKI wrote:
> > > Maybe related to https://kb.isc.org/docs/rrset-limits-in-zones ?
> > >
ced in that particular DSA.
Brian, can you provide more details about what specific packages were
updated and from what version to what version? You can find that
information in /var/log/dpkg.log*.
Regards,
-Roberto
--
Roberto C. Sánchez
Apart from that, you look like you are configured properly and should be
able to use bullseye until the end of its LTS support period
(2026-08-31) [0].
Regards,
-Roberto
[0] https://wiki.debian.org/LTS
--
Roberto C. Sánchez
On Thu, Jun 20, 2024 at 3:57 PM Jeffrey Walton wrote:
>
> On Thu, Jun 20, 2024 at 9:23 AM Bhasker C V wrote:
> >
> > I generated a pr/pk pair and the kernel is signed. Placed them in the
> > kernel tree and compiled the kernel.
>
> I don't think you are
between PE/COFF sections?
signature 1
image signature issuers:
- /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft
Corporation UEFI CA 2011
image signature certificates:
- subject: /C=US/ST=Washington/L=Redmond/O=Microsoft
Corporation/OU=MOPR/CN=Microsoft Windows UEFI Driver Publisher
;
> does date command has this option?
>
> Thanks.
>
You probably want:
$ date +%a
Mon
$ date +%A
Monday
--
Roberto C. Sánchez
t;
It seems like an extremely obvious thing, the sort of thing that we
wouldn't let happen. But then this XKCD from a year or two ago wouldn't
be such an accurate representation of so many projects:
https://xkcd.com/2347/
(I'm sure it's probably been linked in a 1,000 different threads in a
1,000 different forums related to this problem by now.)
Regards,
-Roberto
--
Roberto C. Sánchez
c4ad3b
>
> https://metadata.ftp-master.debian.org/changelogs//main/u/util-linux/util-linux_2.39.3-11_changelog
>
The fix has also been made to stable and oldstable:
https://lists.debian.org/debian-security-announce/2024/msg00058.html
Regards,
-Roberto
--
Roberto C. Sánchez
id and other leading edge distros.)
> >
> > Thanks,
> > Andy
>
> O-o, is there any simple test to check if I have infected version or
> not?
> KJ
Yes. It is mentioned in Andres' email and provided as an attachement at
the end.
Regards,
-Roberto
--
Roberto C. Sánchez
re not subscribed to
debian-security-announce.
Regards,
-Roberto
--
Roberto C. Sánchez
w me to become my own CA.
>
> The man page states that the cert needs to have a suffix of .crt.
>
> By definition certs ending are in der format.
>
> Will pem format type certs work?
>
Have you looked at the examples?
/usr/share/doc/ca-certificates/examples/ca-certifica
https://packages.debian.org/search?keywords=firmware-nvidia-gsp
You won't get version 525.147.05 in stable (which is what 12.3 is).
Regards,
-Roberto
--
Roberto C. Sánchez
ieb Bhasker C V:
> > I forgot to answer the question on why I am doing this
> > I am experimenting on a no-log system where there is no writes
> > what-so-ever to /var/log (except for mails) or systemd journal
> > (currently kept volatile)
> > /tmp/ is tmpfs mounted
> &g
, so I wanted dual
storage. If you can get by without that, then this much cheaper machine
might work for you:
https://www.newegg.com/p/2SW-006Y-00079
I haven't purchased either one yet, but I plan to purchase the first in
the coming weeks.
Regards,
-Roberto
--
Roberto C. Sánchez
, Nov 12, 2023 at 1:46 PM Michael Biebl wrote:
> Am 12.11.23 um 08:18 schrieb Bhasker C V:
> > Hi,
> > I have tried removing PrivateTmp=no in the rsyslog service file and it
> > still doesnt work
>
> I assume you mean PrivateTmp=yes?
>
> > I have removed the
Hi,
I have tried removing PrivateTmp=no in the rsyslog service file and it
still doesnt work
I have removed the service file which I had created too.
I found that when I run the daemon manually, it works well. Hence I have
disabled rsyslog and I have put the daemon startup in my rc-local
But yes,
000, Bhasker C V wrote:
>
> > I moved my syslog to a different location '/tmp/server.log'
>
> A rather strange decision, since /tmp is usually pruned on reboot.
>
> > This was working all fine until I moved to selinux in enforcing mode.
> >
> > I have t
n the internet (and which is free as in beer)?
>
KeePassXC (or KeePassX if you're still on buster).
Regards,
-Roberto
--
Roberto C. Sánchez
Hi,
I moved my syslog to a different location '/tmp/server.log'
This was working all fine until I moved to selinux in enforcing mode.
I have the file context as system_u:object_r:syslogd_runtime_t:s0
now, the file is empty
Strangely ...
lsof shows rsyslog is using this file
rsyslogd 25561 root
only
> I am trying to use a one liner like:
> cat "${IFL}" | grep "${DESC_DIR}" | tail -c+$_DESC_DIR
> but this one liner repeats the output and the tail
>
The way that -c operates for tail is based on 'each file' provided as
input:
-c, --bytes=
ormation, but that is probably the
simplest.
Regards,
-Roberto
--
Roberto C. Sánchez
libvirt and for the life of mine I could not find why
the other xml file doesnt work and why this does.
Happy libvirt-ing
On Thu, Sep 21, 2023 at 2:58 PM Bhasker C V wrote:
> Hi,
> I have tried that too and that did not help either (i.e adding the format
> type=gpt)
> The outpu
t/WINDOWS/WIN11-BASE
protocol type: file
file length: 60 GiB (64424509440 bytes)
disk size: 26.5 GiB
```
On Thu, Sep 21, 2023 at 2:52 PM Peter Krempa wrote:
> On Thu, Sep 21, 2023 at 10:50:07 +0100, Bhasker C V wrote:
> > Attaching win11.xml
> > Please note that this u
Attaching win11.xml
Please note that this used to work fine. It is failing now on libvirt-
9.7.0-1
On Thu, Sep 21, 2023 at 9:13 AM Peter Krempa wrote:
> On Thu, Sep 21, 2023 at 09:05:43 +0100, Bhasker C V wrote:
> > Adding libvirt mailing list
> > apologies for cross-posting
>
Adding libvirt mailing list
apologies for cross-posting
libvirt version: 9.7.0-1
On Thu, Sep 21, 2023 at 8:39 AM john doe wrote:
> On 9/21/23 09:32, Bhasker C V wrote:
> > I am getting an error with libivrt when I create a VM
> >
> > ```
> > $ sudo virsh create ./
I am getting an error with libivrt when I create a VM
```
$ sudo virsh create ./win11.xml
error: Failed to create domain from ./win11.xml
error: internal error: mishandled storage format 'none'
```
This is after I have done a dist-upgrade (was working fine before)
debian trixie.
error message
under my homedir .
Has anyone faced this problem?
What is this daemon-init program and why does it want access to my home
thunderbird directory ?
Regards
Bhasker C V
our use case? What will you
do with that information? What decision will you make? What action will
you take?
Regards,
-Roberto
--
Roberto C. Sánchez
For future reference
There is another package mailutils which also provides /usr/bin/mail.
This is working fine with selinux in enforcing mode.
This is a good alternative
On Mon, Aug 21, 2023 at 2:56 AM Bhasker C V wrote:
> Thanks Nicholas
> However, it doesnt to my knowledge looks l
, Aug 21, 2023 at 12:58 AM Nicholas Geovanis
wrote:
> On Sun, Aug 20, 2023, 9:20 AM Bhasker C V wrote:
>
>> Finally i switched on the enforcing mode on my linux system
>> Pretty much everything is working except
>>
>> ```
>> $ echo hello | mail -s test x...@y
Finally i switched on the enforcing mode on my linux system
Pretty much everything is working except
```
$ echo hello | mail -s test x...@yyy.xyz
2023-08-20 14:39:30 1qXieQ-000Bpa-1P 1qXieQ-000Bpa-1P no recipients found
in headers
Can't send mail: sendmail process failed with error code 1
```
howe
the account from the device, re-install the
CA root cert (the one that issued the server cert), and re-add the
account to the device. At that point it started to work. :shrug:
Regards,
-Roberto
--
Roberto C. Sánchez
again.
One thing, however, that I can point out is that upgrading by skipping
major releases is not recommended or supported at all. You should really
upgrade from 9.9 -> 9.13 first, then to 10, then to 11.
Regards,
-Roberto
[0] https://www.catb.org/esr/faqs/smart-questions.html
--
Roberto C. Sánchez
cess the server and the account without issue.
Regards,
-Roberto
--
Roberto C. Sánchez
oject Funding initiative and it was accepted and work was done on it
for several months:
https://salsa.debian.org/freexian-team/project-funding/-/issues/19
However, it seems like there are rather serious blocking issues that
have halted progress.
Regards,
-Roberto
--
Roberto C. Sánchez
All of that to say, Andy, that you are 100% right that if someone wants
things the Debian way, they can use Debian and if someone wants things
not-the-Debian way, there are a great multitude of non-Debian options
out there.
Regards,
-Roberto
--
Roberto C. Sánchez
CVE-2023-1393 ?
Thanks,
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
wishlist a bug against the libembree-dev
requesting inclusion of the static .a. When static archives are shipped
they are generally shipped in the -dev package.
Regards,
-Roberto
--
Roberto C. Sánchez
wnloaded data will contain all updates in a format understood by APT and
this data can be used by apt-offline to update the non-networked machine.
That sounds to me like your exact use case.
Regards,
-Roberto
--
Roberto C. Sánchez
but you might find other parts of the discussion
illuminating as well.
Regards,
-Roberto
--
Roberto C. Sánchez
orrectly (or at all), and so you are forced to start by
unpacking each team in order to have a clean build. The correct
solution is to fix the 'clean' target so that you can repeatedly run the
build without having to remove the package directory and unpack it
again.
Regards,
-Roberto
--
Roberto C. Sánchez
specific or detailed
recommendation.
Regards,
-Roberto
--
Roberto C. Sánchez
Thanks Dan, i did that anyway. I compiled 1.1 and decrypted and
re-encrypted them. My data is back.
I didnt know that there is such backward compatibility issues with 3.x
On Fri, Oct 28, 2022 at 12:16 PM Dan Ritter wrote:
> Bhasker C V wrote:
> > Hi,
> >
> >
> > C
ith
legacy provider.
I have tried fips, base, legacy
--
Bhasker C V
Secure Mails:http://keys.gnupg.net/pks/lookup?op=get&search=0x4D05FEEC54E47413
Registered Linux User: #306349
icon in the top left and type in
"click". That should get you the accessbility-releated options in one
of the results and you can adjust it there.
Regards,
-Roberto
--
Roberto C. Sánchez
erparts in $HOME for setting it
on a per-user basis.
Regards,
-Roberto
--
Roberto C. Sánchez
heir
dependencies (which can happen when mixing packages from different
Debian releases).
Regards,
-Roberto
--
Roberto C. Sánchez
nks
>Tim
>--
>⢀⣴⠾⠻⢶⣦⠀
>⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
>⢿⡄⠘⠷⠚⠋⠀ [1]https://www.debian.org/
>⠈⠳⣄⠀⠀
>
> References
>
>Visible links
>1. https://www.debian.org/
--
Roberto C. Sánchez
r/CVE-2022-24675
>7. https://security-tracker.debian.org/tracker/CVE-2022-28327
>8. https://www.servicenow.com/
>9. https://www.linkedin.com/company/servicenow
> 10. https://twitter.com/servicenow
> 11. https://www.youtube.com/user/servicenowinc
> 12. https://www.facebook.com/servicenow
--
Roberto C. Sánchez
On Mon, Jun 27, 2022 at 10:44:25PM +0100, Tim Woodall wrote:
> On Mon, 27 Jun 2022, Roberto C. S?nchez wrote:
>
> > On Mon, Jun 27, 2022 at 03:31:01PM +0100, Tim Woodall wrote:
> > > Hi,
> > >
> > > apt-get --only-source --download-only source
> >
without downloading the package and parsing the
> dsc?
>
If you are not opposed to installing the devscripts package, then you
can do this:
$ rmadison -u debian -a source -s unstable firefox-esr
firefox-esr | 91.10.0esr-1 | unstable | source
Regards,
-Roberto
--
Roberto C. Sánchez
abilities. That information is necessary for the Debian security
team to properly support packages in a stable release.
Regards,
-Roberto
--
Roberto C. Sánchez
e, requesting
> opinion or suggestions here.
>
Have you read the release notes? That should be considered an
obligatory step.
Regards,
-Roberto
--
Roberto C. Sánchez
are getting?
Regards,
-Roberto
--
Roberto C. Sánchez
On Thu, May 19, 2022 at 10:31:44PM -0400, Roberto C. Sánchez wrote:
> For those following along, a little while ago the problem "went away".
> That is, context menus, tooltips, and application menus now all show in
> the expected places in Firefox. I really hope that this i
On Wed, May 18, 2022 at 04:17:12PM -0400, Roberto C. Sánchez wrote:
> On Wed, May 18, 2022 at 10:09:10PM +0200, Linux-Fan wrote:
> > Roberto C. Sánchez writes:
> >
> > > I have recently decommissioned my main desktop workstation and switched
> > > to using my l
On Wed, May 18, 2022 at 10:09:10PM +0200, Linux-Fan wrote:
> Roberto C. Sánchez writes:
>
> > I have recently decommissioned my main desktop workstation and switched
> > to using my laptop for daily work (rather than only when travelling). I
> > acquired a USB-C &q
I have recently decommissioned my main desktop workstation and switched
to using my laptop for daily work (rather than only when travelling). I
acquired a USB-C "docking station" and have connected two external
monitors (which were formerly attached to my desktop machine).
For so
18 in
>Debian? It was released last month.
>[1]https://jdk.java.net/18/
>--
>Dale Harris
>[2]rod...@gmail.com
>/.-)
>
> References
>
>Visible links
>1. https://jdk.java.net/18/
> 2. mailto:rod...@gmail.com
--
Roberto C. Sánchez
hine
> "into the wild" :-)
>
I very much agree with Tomas. After having tried a few different
solutions years ago, I have settled on this one and I am convinced it is
still the best available solution to this particular problem.
Regards,
-Roberto
--
Roberto C. Sánchez
On Sat, Apr 09, 2022 at 05:42:43PM -0400, Felix Miata wrote:
> Roberto C. Sánchez composed on 2022-04-09 17:16 (UTC-0400):
>
> > Have you tried the option to manually enter the mirror information? In
> > the past I have successfully used this point at archive.debian.org for
&
n
archive sub-directory. The contents of archive.debian.org are not the
installers themselves, but the actual package archive.
Regards,
-Roberto
--
Roberto C. Sánchez
ian.org for
an installation of an older version of Debian. You should be able to
use the URL http://archive.debian.org/debian/ (IIRC).
Regards,
-Roberto
--
Roberto C. Sánchez
ackage installed, but you would need to keep the database
updated manually.
Regards,
-Roberto
--
Roberto C. Sánchez
Regards,
-Roberto
--
Roberto C. Sánchez
now what the next logcheck report will contain
(e.g., because you've tweaked the ignore filters and you want to make
sure that it excludes the right thing), you can do something like this:
sudo -u logcheck -s /usr/sbin/logcheck -t -o
Regards,
-Roberto
--
Roberto C. Sánchez
age [0].
Regards,
-Roberto
[0] https://packages.debian.org/gcc-doc
--
Roberto C. Sánchez
, embedded Perl interpreter,
and the content scanning extension (formerly known as "exiscan-acl") for
integration of virus scanners and spamassassin."
Perhaps you installed exim4-daemon-heavy when you intended to install
exim4-daemon-light.
Regards,
-Roberto
--
Roberto C. Sánchez
Sending this message to both groups:
-- Forwarded Message --
Subject: Screen not blanking
Date: Saturday 05 February 2022, 03:13:19 pm
From: "c. marlow"
To: us...@trinitydesktop.org
Fresh install of Debian 11 ( as of yesterday)
Trinity Desktop 14
My screen is no
On Saturday 05 February 2022 06:23:47 am gene heskett wrote:
> That, in the case of firefox is not a flatpack issue, debians latest is
> the same, every video played has muted sound until you find the gd mixer
> and unmute and bring up the gain of that channel, even if you reload the
> page to
Fresh install of Debian 11 ( installed yesterday)
TDE 14 ( Trinity Desktop)
Hi,
I am having problems with flatpak installations.
Firefox, VLC, and Telegram has no sound at all when you try to play something.
But reverting back to the repo version of Firefox ESR and VLC, the sound works
fine
particular
invidual in a somewhat threatning way.
Regards,
-Roberto
--
Roberto C. Sánchez
roblem in
this case in addition to delpotes.
Could you perhaps describe precisely what offense was caused or what
boundary was skirted in this instance?
In the future, messages such as yours would appear less menacing and
more constructive with this additional bit of information added.
Regards,
-Roberto
--
Roberto C. Sánchez
Hi all,
Please could someone help me with what I am doing wrong ?
I am running example.local domain on my interface(192.168.2.1) (bind9)
The domain is resolving fine. However I want to use 1.1.1.1 public DNS
server for looking up other domains (external domains)
Hence I have put both servers
On Fri, Jan 21, 2022 at 04:08:00PM +0100, Jerome BENOIT wrote:
>
>
> On 21/01/2022 15:59, Roberto C. Sánchez wrote:
> > On Fri, Jan 21, 2022 at 02:49:09PM +0100, Steve Keller wrote:
> > > I see that on my Debian systems there is a user group "users" with GID
know the group "users" which every user was
> a member of, by default.
>
New users have gid 100 set as their primary group by default. So, new
users are members of the group without having to be added to the group
in /etc/groups.
Regards,
-Roberto
--
Roberto C. Sánchez
1 - 100 of 6151 matches
Mail list logo
