should this remain RESOLVED FIXED if the patches have been reverted?
I'm sorry i haven't followed the changes closely enough upstream. Is
there a version where these fixes have landed?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
h
afaict, this is a bug in the ubuntu CI infrastructure, not in the
wireguard package. As [autopkgtest](https://salsa.debian.org/ci-
team/autopkgtest/blob/master/doc/README.package-tests.rst)
documentation says:
Debian's production CI infrastructure allows unrestricted network
access, in Ub
fwiw, this should be fixed in more modern releases of GnuPG. I believe
this is related to 2.1.11 (in xenial) only.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1772457
Title:
ed25519 (option 1) mi
On a well-managed system, DNSSEC resolution should depend on the system-
installed and system-maintained DNSSEC root, not on using icann-ca.pem
for individual packages to separately update their root stores via
sidechannel mechanisms.
Recent versions of knot-resolver should depend directly on the
I think this is the same as https://bugs.debian.org/894580 which should
have been fixed in 2.3.0-3
** Bug watch added: Debian Bug tracker #894580
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894580
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is su
** Bug watch added: Debian Bug tracker #772479
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772479
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579548
Title:
OTR plugin does not load in Xe
note that a similar issue is fixed for the xmpp plugin in debian's
https://bugs.debian.org/772479, by a rebuild.
it will be fixed in a more prinicipled way once the irssi package
Provides: an abi-specific virtual package name. (see the discussion in
that debian bug for more details).
note that Dependencies.txt says that libgcrypt20 is 1.6.5-2ubuntu0.5.
Curve25519 was added to libgcrypt20 in version 1.7.0.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1778770
Title:
GnuPG segfau
libs?
maybe i'm misunderstanding something about the build of
kf5-kdepim-apps-libs. can you explain more?
--dkg
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1647204
Title
during key generation is often due to lack of entropy on the
system. Can you ensure that the system isn't entropy-starved somehow?
--dkg
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/16472
any temporary GNUPGHOME homedirs, the subprocesses should notice
the deletion and terminate promptly. This might depend on relatively
recent versions of "modern" GnuPG, though (debian's currently shipping
2.1.17, fwiw).
--dkg
--
You received this bug notificati
hould track debian's improvements in pie
hardening for qt.
--dkg
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1647204
Title:
1.8.0-2 FTBFS in zesty 17.04
To manage notifications about t
** Bug watch added: bugs.gnupg.org/gnupg/ #2312
http://bugs.gnupg.org/gnupg/issue2312
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1565963
Title:
gpg secret keys not migrated after upgrade to gn
or the followup, Werner.
--dkg
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1565963
Title:
gpg secret keys not migrated after upgrade to gnupg 2.1
To manage notifications abou
g-agent should be allowed to change the permissions.
Shall i open an issue in https://bugs.gnupg.org/ about this?
--dkg
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1565963
Title:
gpg secret keys not migr
that's something that either:
a) gpg-agent could clean up on its own, or
b) should cause gpg-agent to not create the .gpg-v21-migrated marker
file
wdyt?
--dkg
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs
In the default import process, i don't think i ended up needing to enter
any passwords at all. I can understand why you might need to enter
passwords when importing secret keys that weren't already in your
keyring, in general, but it seems like if being able to import them
cleanly (without passwor
Mario pointed me to this bug, and i'm surprised that this happened. I
also am not sure how to debug it because it's not something i've been
able to reproduce myself, and it sounds like once it's fixed for
someone, they have no incentive to go back and reproduce it themselves.
Can anyone provide a
This is not a good reason to move to gnupg 2.1.
It is a good reason to apply upstream git commit
044847a0e2013a2833605c1a9f80cfa6ef353309 to the gnupg2 2.0.24 package in
ubuntu:
http://git.gnupg.org/cgi-
bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=044847a0e2013a2833605c1a9f80cfa6ef353309
--
You r
** Also affects: launchpad
Importance: Undecided
Status: New
** No longer affects: ubuntu
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1262922
Title:
launchpad behaves poorly on timeout
Public bug reported:
i've been getting lots of timeout errors on launchpad today. I can
discern no pattern to when they happen.
As a webapp, this is a serious problem: It's frustrating because going
back in my web browser clears the form, and i've lost the entire report
i typed.
** Affects: ubun
Public bug reported:
in http://bugs.debian.org/729431, i asked for icedove-dev to ship a
few more python files from the icedove source to make it easier to
build enigmail on debian. This was fixed in 24.1.1-1 on debian.
It would be great if thunderbird-dev could follow suit.
the files in the so
I'm glad to see you rejecting the short keyid.
If you're doing this work to make the apt-key fetching possibilities
cryptographically sound, please rely only on full OpenPGPv4
fingerprints, not on the long keyid. And ensure that the received key
is an OpenPGP v4 key, since v3 fingerprints are the
zooko, i'm pretty sure you want your comment 6 (above) to follow up on
https://launchpad.net/bugs/815480 , not on this bug report.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1016643
Title:
add-ap
I don't think this bug is fixed. it looks to me like the keyserver
operator (or anyone who can MITM the keyserver) can still inject
arbitrary keys here.
/usr/share/pyshared/softwareproperties/ppa.py appears to run "apt-key
adv --keyserver $whatever --recv $fingerprint"
and "apt-key adv" is just
Whoop, it's synced already. thanks.
** Changed in: msva-perl (Ubuntu)
Status: New => Fix Released
--
please sync msva-perl 0.3-1 from debian testing
https://bugs.launchpad.net/bugs/594955
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
0.3-1 is now in debian-testing. please sync!
** Summary changed:
- please sync msva-perl 0.3-1 from debian
+ please sync msva-perl 0.3-1 from debian testing
--
please sync msva-perl 0.3-1 from debian testing
https://bugs.launchpad.net/bugs/594955
You received this bug notification because you
Public bug reported:
Binary package hint: msva-perl
msva-perl 0.2-2 appears to have a pretty serious incompatibility with
gnome-session: http://bugs.debian.org/585506
https://labs.riseup.net/code/issues/2414
This issue appears to be resolved with the recent 0.3 release:
http://web.monkeyspher
maihacke: just to be clear: are you using the nobrl option to the cifs
mount on your 10.04 installation as well?
--
cannot use sqlite3 on cifs mount
https://bugs.launchpad.net/bugs/117730
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I just subscribed ubuntu-sponsors, as suggested in
https://wiki.ubuntu.com/SyncRequestProcess.
I note that xml2rfc 1.35 is now in debian testing as well as unstable.
--
Please sync xml2rfc 1.35 from debian
https://bugs.launchpad.net/bugs/569371
You received this bug notification because you are
Public bug reported:
Debian testing and unstable both have msva-perl 0.2-2. It would be
great if ubuntu had this package as well.
** Affects: ubuntu
Importance: Undecided
Status: New
--
Please sync msva-perl 0.2-2 from debian testing
https://bugs.launchpad.net/bugs/571405
You rec
Version 0.30-1 is now in both debian testing and unstable. Please sync
for Lucid!
** Summary changed:
- Please sync monkeysphere 0.29 from Debian
+ Please sync monkeysphere 0.30 from Debian
--
Please sync monkeysphere 0.30 from Debian
https://bugs.launchpad.net/bugs/545696
You received this bu
I'm sorry, but i have no upload privileges to ubuntu, so it doesn't make
sense to assign this to me. i packaged xml2rfc 1.35 and uploaded it to
debian on the 18th of April.
Maybe ubuntu should consider this a sync request?
** Summary changed:
- New version 1.35 available
+ Please sync xml2rfc 1
This has come up in discussion on pkg-mozext-maintainers:
http://lists.alioth.debian.org/pipermail/pkg-mozext-
maintainers/2010-April/000511.html (and following messages in that
thread)
perhaps the pkg-config files for xulrunner in ubuntu need to be updated
to fix this properly?
--
firegpg FTBF
This machine is no longer exhibiting this behavior because i turned off
hardware acceleration for X11 with the following /etc/X11/xorg.conf:
Section "Device"
Identifier "Configured Video Device"
Driver "intel"
Option "NoAccel" "true"
EndSection
(i arrived at this thanks to
Public bug reported:
Binary package hint: monkeysphere
Lucid currently contains monkeysphere 0.26-1. debian testing and
unstable both contain monkeysphere 0.28-1.
Please sync monkeysphere from debian. Thanks!
** Affects: monkeysphere (Ubuntu)
Importance: Undecided
Status: New
-
the 1.2.0 is pretty clearly a typo -- it's a typo long-unfixed in the
debian packaging info stored in upstream's repository.
no changes have been made to upstream svn (other than some stuff to fix
the build process on windows) since the version that's currently in
debian unstable (1.0.2+svn16259-2
This seems to be related to http://bugs.debian.org/450793
** Bug watch added: Debian Bug tracker #450793
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450793
--
Not possible to change permissions of a LVM partition using udev
https://bugs.launchpad.net/bugs/257638
You received this bug not
fwiw, for volume group VGX, logical volume LVX, matching against
NAME=="mapper/VGX-LVX" *does* work for me on jaunty.
--
Not possible to change permissions of a LVM partition using udev
https://bugs.launchpad.net/bugs/257638
You received this bug notification because you are a member of Ubuntu
Bu
Public bug reported:
Binary package hint: kbd
I'm using ubuntu jaunty, and after a few sessions of the graphical
interface, the video console goes dark. ctrl-alt-F1 does not switch to
a textmode console. (a getty is listening on /dev/tty1)
i can ssh into the machine, but when i try to chvt 1 t
Changing from "Fix Released" back to "Confirmed" because syncing 0.25-1
doesn't resolve the potential FTBFS that Ilya raises, while 0.26-1
should have a cleverer test suite that can complete without failure even
when running under /tmp or other directories with loose permissions.
(it does this by s
It appears that 0.25-1 was synced, but it will have the same problem
with rebuilding under /tmp (and thus with pbuilder) that Ilya points out
in #6, above. 0.26-1 was placed in unstable a few days ago, and is the
specific requested version in this bug report:
http://packages.qa.debian.org/m/mon
0.26-1 (now in debian unstable main) should be able to be built under
pbuilder (or from within a directory like /tmp with loose permissions).
This is due to a new STRICT_MODES feature in monkeysphere, and a revised
test suite which determines the permissions of the parent directory, and
selectivel
** Summary changed:
- please sync monkeysphere 0.25 from debian unstable
+ please sync monkeysphere 0.26 from debian unstable
** Description changed:
Binary package hint: monkeysphere
I noticed that monkeysphere 0.22 is in the ubuntu archive for Jaunty.
If it's not too late, please sync
The package builds and tests fine as long as it is not built under a
path with loose permissions, due to sshd limitations. :/
should we disable the tests during build for ubuntu? That would mean
that ubuntu users wouldn't get the same assurance that the package works
as intended.
--
please syn
To be clear, I'm requesting a sync of 0.25-1 from the main component of
debian unstable.
--
please sync monkeysphere 0.25 from debian unstable
https://bugs.launchpad.net/bugs/345054
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubu
Please sync with 0.25 before the release of karmic! It would really be
a shame if karmic released with monkeysphere 0.22.
** Summary changed:
- please sync monkeysphere 0.24 from debian unstable
+ please sync monkeysphere 0.25 from debian unstable
** Description changed:
Binary package hint:
Hey folks -- please update monkeysphere to 0.24! It's bad enough that
Jaunty released with 0.22, but now Karmic has the same package present.
Please do not release Karmic with monkeysphere 0.22.
Thanks,
--dkg
--
please sync monkeysphere 0.24 from debian unstable
https://bugs.launchpa
(i just made this public: this report contains nothing that is not
already widely known)
--
firegpg version 0.5 is insecure
https://bugs.launchpad.net/bugs/345141
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing li
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: iceweasel-firegpg
The version of firegpg that is marked for inclusion in jaunty is
0.5.dfsg-1. However, upstream says (at
http://getfiregpg.org/install.html):
Versions prior to 0.6 are affected by
Public bug reported:
Binary package hint: monkeysphere
I noticed that monkeysphere 0.22 is in the ubuntu archive for Jaunty.
If it's not too late, please sync 0.24 from debian unstable, as it
resolves a number of bugs (including one mostly-theoretical security
concern), removes some flakey depend
Daniel T Chen's proposed debdiff above looks good to me, though i
haven't tested it explicitly. The problem is still causing trouble in
dapper->hardy upgrades.
--
missing versioned dependency of xfonts-utils aborts distribution upgrade from
dapper/edgy at xfonts-scalable
https://bugs.launchpad.
Public bug reported:
Binary package hint: hwtest
upgrading from dapper to hardy, hwtest 0.1-0ubuntu10 wanted to be
installed.
However, it failed with:
Traceback (most recent call last):
File "/usr/share/hwtest/install/config", line 13, in
from debconf import Debconf, DebconfCommunicator
I think i agree with trochee here. Those four bugs were filed within a
few hours of each other, the result of a quick audit. If, as Ryan says,
these are trivial to fix, it makes me wonder how many more serious, non-
trivial problems would be uncovered by a more in-depth audit.
Since these trivia
I think this *is* a security risk. The danger is not only limited to
accidental absent-minded twittering: when the keyboard input is not
"grabbed", any application (malicious or not) can eavesdrop on the
keyboard input stream. This allows a trivial non-privileged userspace
keylogger running in th
I just posted a blog entry about this particular problem on debian:
https://www.debian-administration.org/users/dkg/weblog/37
You may also want to look at debian's eeepc-acpi-scripts package, which
adds some modprobe configuration:
0 pip:~# cat /etc/modprobe.d/eeepc
# module options spe
Just to follow up here: this current problem seems to be associated with
CIFS's byte-range locking, which behaves in unexpected ways. If i use
the "nobrl" option during the CIFS mount, i can cleanly use sqlite (this
comes at the cost of not having advisory locks propagate across the
network, thoug
I created the database like this:
echo 'create table foo (x int); insert into foo (x) values (1);' |
sqlite3 testdb
and tested it like this:
echo 'select * from foo;' | sqlite3 testdb
This worked fine on a tmpfs, but not on a cifsmount. I've tested this
against a debian etch samba version
This looks like it's still a problem on hardy to me. The following was
gathered from an up-to-date ubuntu 8.04 installation with a user's home
directory mounted via CIFS
Even worse than just sqlite3, since firefox 3 uses sqlite internally, it
looks like it's making firefox fail to function at all
I'm seeing this problem with tracker 0.6.3-0ubuntu3 on a freshly-updated
gutsy install as well.
in my case, the logs are filled with:
30 Oct 2007, 17:43:19:732 - ERROR: unknown service Applications
30 Oct 2007, 17:43:19:732 - ERROR: unknown service Applications
30 Oct 2007, 17:43:19:736 - ERROR:
I haven't verified the bug, but if it exists, I think it does compromise
security. If i make a 30-character passphrase, i'm counting on the
length of the passphrase to protect me against cracking attempts.
But if my passphrase is "debonair exploits of the daunting carousels"
(it isn't, don't worr
Public bug reported:
This is the exact same bug as debian bug 30:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=30
This is already fixed in edgy (because of folding in the upstream
changes), but dapper still has the problem.
This is a severe problem, because of the potential for data
62 matches
Mail list logo
