For those following along at home, I would suggest booting the grsec
enabled kernel once - then saving the output of `sudo lsmod` into a
file. Take every module you want (ie: all of them) and put the list
into /etc/initramfs-tools/modules - then you'll need to run
`dpkg-reconfigure linux-image-4.3.
I'm also running this kernel with AppArmor and it seems to work without issue.
I followed the steps on https://wiki.debian.org/AppArmor/HowToUse
which sets "apparmor=1 security=apparmor" on the kernel command line
as documented:
sudo perl -pi -e 's,GRUB_CMDLINE_LINUX="(.*)"$,GRUB_CMDLINE_LINUX="$
On 12/21/15, Mickaël Salaün wrote:
> On 21/12/2015 00:14, Jacob Appelbaum wrote:
>> I was left with:
>>
>> [ 1802.373906] grsec: denied untrusted exec (due to not being in
>> trusted group and file in non-root-owned directory) of
>> /run/user/1000/orcexec.bCtW
To make my Debian Jessie system work with pax, I had to set pax flags
for these three binaries:
paxctl -c -m /usr/bin/gnome-shell
paxctl -c -m /usr/bin/gnome-session
paxctl -c -m /usr/bin/pulseaudio
If you don't want to modify the binary, you can also set the
attributes in the file system:
It may make sense for us to have a package of paxrat with common
configurations for Debian users:
https://github.com/subgraph/paxrat
This would ensure that everyone can use this kernel and have xorg work
as expected, for example.
Otherwise, I think we will see a lot of people who just run:
On 12/19/15, Jacob Appelbaum wrote:
> On 12/19/15, Yves-Alexis Perez wrote:
>> On jeu., 2015-11-05 at 22:08 +0100, Yves-Alexis Perez wrote:
>>> On sam., 2015-10-10 at 21:55 +0200, Yves-Alexis Perez wrote:
>>> > This is really a work in progress and t
On 12/19/15, Yves-Alexis Perez wrote:
> On jeu., 2015-11-05 at 22:08 +0100, Yves-Alexis Perez wrote:
>> On sam., 2015-10-10 at 21:55 +0200, Yves-Alexis Perez wrote:
>> > This is really a work in progress and this mail a request for comment.
>> > Especially missing is:
>>
>> So, did any of you have
On 8/24/15, intrigeri wrote:
> Hi Ben, hi Jacob,
>
> Ben Bailess wrote (29 Jul 2015 15:55:12 GMT) :
>> I recently installed Torbirdy using the pkg xul-ext-torbirdy in order to
>> have
>> connection to system tor by default. When I open icedove, I do not see the
>>
>> typical green text at the bott
On 7/3/15, Bastian Neuburger wrote:
> Source: golang-xmpp-dev
> Severity: minor
>
> DUCK reported a problem with the homepage set in the source packages
> control file.
>
> Currently it points to https://www.github.com/agl/xmpp
That was the correct url at the time.
> However it seems that this c
I'd like to use a Debian server - which one would fit?
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
On 4/27/15, Rian Hunter wrote:
> Hi,
>
> This totally hosed all of my systems!!
>
Sorry to hear that this issue has caused you problems. :(
> I think relying on the internal "server_random" member of the ssl data
> structure is error prone and to me it's not unexpected that a server would
> rand
Hi Sebastian,
On 4/23/15, Sebastian Pipping wrote:
> Package: tlsdate
> Version: 0.0.12-2~bpo70+1
> Severity: normal
>
> When using debian.org for a host, time is somewhat stable:
>
> $ for i in {1..10}; do tlsdate --dont-set-clock --showtime -H debian.org ;
> done
> Thu Apr 23 13:06:59 CEST 2015
On 4/23/15, Kurt Roeckx wrote:
> Package: tlsdate
> Version: 0.0.12-2
> Severity: grave
>
> Hi,
>
> I found this in my syslog today:
> Apr 23 16:09:23 intrepid tlsdated[3408]: [event:action_run_tlsdate]
> requested re-run of tlsdate while tlsdate is running
> Apr 23 16:09:23 intrepid tlsdated[3408
as
it is simply not the security direction I'd like for tlsdate...
On 12/12/14, James Cowgill wrote:
> On Fri, 2014-12-12 at 14:29 +, Jacob Appelbaum wrote:
>> Thanks for the bug report!
>>
>> I think it might make sense to disable seccomp when building on that
>>
I know that I have access to this kind of porterbox. :)
I don't know if I have the time to work on this in the next few weeks.
I hope but am not sure.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.
Thanks for the bug report!
I think it might make sense to disable seccomp when building on that
platform until the next upstream release. I've not had access to a
mips64 box with seccomp - it may also be a trivial patch and I haven't
had any time to look into this specific issue yet.
Could you gi
Thank you for testing!
I plan to release a new tlsdate tonight - I'll tag a release and then
poke h0lger to upload it tomorrow.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
I've confirmed this issue. This bug should be fixed in the next release.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
I've prepared a fix in version 0.1.3-1 - this merges the latest
release and it also includes various packaging fixes. The new version
depends on Tor and it patches TorBirdy to use 9050 rather than 9150.
The package needs review (I'm hoping Lunar^ will review, tag and
upload) but I believe everythi
I'm aware of this issue with the AUR package of tlsdate - thanks for
confirming it also impacts Debian!
I'm planning a new upstream release for another minor fix - it will be
fixed in 0.0.12.
Could you confirm that it works with the following service file:
[Unit]
Description=Secure parasitic rdat
On 8/23/14, Holger Levsen wrote:
> package: tlsdate
>
> Hi,
>
> please acknowledge the 0.0.7-1.3 NMU aka pick the pull requests from git
> hub.
>
> Maybe also a new upstream release would be nice...
Agreed. Thanks for handling the upload!
All the best,
Jacob
--
To UNSUBSCRIBE, email to debian
On 6/12/14, Jonas Smedegaard wrote:
> Package: torbrowser-launcher
> Severity: serious
> Justification: Policy 2.2.1
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi,
>
> - From its package description, torbrowser-launcher fetches executable
> code from outside of Debian. That is expl
I am currently traveling in East Africa without access to my signing
keys. Furthermore, those signing keys have expired and new keys will
be generated in the near future after this trip. Pending a
regeneration of key signatures from some other Debian developers, I'll
upload a fix. If anyone wants t
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum
* Package name: blockfinder
Version : v1.0
Upstream Author : Jacob Appelbaum
* URL : https://github.com/ioerror/blockfinder/
* License : BSD-2-Clause
Programming Lang: Python
Description
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum
* Package name: novena-eeprom
Version : v1.0
Upstream Author : Sean Cross
* URL : https://github.com/xobs/novena-eeprom/
* License : BSD
Programming Lang: C
Description : novena eeprom editor
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum
* Package name: xmpp-client
Version : 0.1~20140304-1
Upstream Author : Adam Langley
* URL : http://www.github.com/agl/xmpp
* License : BSD
Programming Lang: Golang
Description : console XMPP
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum
* Package name: golang-xmpp-dev
Version : 0.0~20140304-1
Upstream Author : Adam Langley
* URL : http://www.github.com/agl/xmpp
* License : BSD
Programming Lang: Golang
Description : pure Golang
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum
* Package name: liborchid-java
Version : 1.0
Upstream Author : Bruce Leidl
* URL : http://www.subgraph.com/orchid.html
* License : BSD
Programming Lang: Java
Description : Orchid is a Tor client
I've uploaded a package - including the suggested VCS packaging
details - it is now in the new queue waiting for review by the Great
Debian Packaging Review Overlords:
https://ftp-master.debian.org/new.html
https://ftp-master.debian.org/new/torbirdy_0.1.2-1.html
I've also updated a related
That is incorrect.
tlsdate will continue to function, of course. There are already
non-compliant TLS servers that do not return time or return skewed
time. We attempt to compensate for that kind of server provided data
in a few different ways. There may also be new TLS servers that
implement Nick'
I've addressed this in the following git commit:
[debian-master 8dde3d4] call dh --with autotools_dev; closes Debian #727986
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
intrig...@debian.org:
> Package: tlsdate
> Version: 0.0.5-2
> Severity: wishlist
>
> It seems that Debian packaging work is published on GitHub:
>
> https://github.com/ioerror/tlsdate.git
>
> Could you please document this using the appropriate Vcs-* control
> fields, so that standard tools su
intrigeri:
> Hi,
>
> Moritz Muehlenhoff wrote (02 Aug 2013 12:26:16 GMT) :
>> attached is a patch which adds a systemd service file for tlsdate.
>
> FWIW: applied, rebuilt package => seems to work fine for me.
I've added a basic service file to the root of the tlsdate git repo.
I'll also add it
intrig...@debian.org:
> Package: tlsdate
> Version: 0.0.5-2
> Severity: important
>
> Hi,
>
> I'm starting tlsdate with "sudo service tlsdate start" on a Wheezy
> amd64 system with AppArmor enabled, and:
>
> 1. tlsdated does not start, hence the >>normal severity.
> 2. my syslog reads:
>kern
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum
* Package name: torbrowser-launcher
Version : 0.0.1
Upstream Author : Micah Lee
* URL : https://github.com/micahflee/torbrowser-launcher
* License : BSD
Programming Lang: Python
Description
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum
* Package name: torbirdy
Version : 0.0.13
Upstream Author : Jacob Appelbaum
* URL : https://www.github.com/ioerror/torbirdy
* License : BSD
Programming Lang: javascript
Description : configures
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum
* Package name: tlsdate
Version : 0.0.1
Upstream Author : Jacob Appelbaum
* URL : https://www.github.com/ioerror/tlsdate
* License : BSD
Programming Lang: C
Description : secure parasitic rdate
lspci reports the following devices (both before and after module
loading or driver breakage):
00:19.0 Ethernet controller: Intel Corporation 82566MM Gigabit Network
Connection (rev 03)
03:00.0 Network controller: Intel Corporation PRO/Wireless 4965 AG or
AGN [Kedron] Network Connection (rev ff)
I'm having the same problem with my laptop X61 Lenovo laptop running Lenny:
[54510.421880] iwlagn :03:00.0: MAC is in deep sleep!. CSR_GP_CNTRL
= 0x
[54510.433558] iwlagn :03:00.0: MAC is in deep sleep!. CSR_GP_CNTRL
= 0x
[54510.443506] iwlagn :03:00.0: BSM uCode veri
Additionally, I should note that if I attempt to rmmod the module and
modprobe it, I have the following errors logged by my kernel:
[55412.053721] iwlagn :03:00.0: PCI INT A disabled
[55427.285783] iwlagn: Intel(R) Wireless WiFi Link AGN driver for Linux,
1.3.27ks
[55427.285785] iwlagn: Copyri
Thanks for the catch! I've put the proper descriptions into the package,
uploaded the changes to git and I'm waiting on my sponsor to upload a
new package. Once that's done, I'll close this bug...
signature.asc
Description: OpenPGP digital signature
owner 495422 Debian Forensics <[EMAIL PROTECTED]>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum <[EMAIL PROTECTED]>
* Package name: biosmemimage
Version : 1.0.0
* URL : http://citp.princeton.edu/memory/code/
* License : BSD
Programming Lang: C
Description : Tools for capturing memory du
Package: wnpp
Severity: wishlist
Owner: Debian Forensics <[EMAIL PROTECTED]>
* Package name: AESFix
Version : 1.0.1
* URL : http://citp.princeton.edu/memory/code/
* License : BSD
Programming Lang: C++
Description : A tool for correcting bit errors in an AE
Package: wnpp
Severity: wishlist
Owner: Debian Forensics <[EMAIL PROTECTED]>
* Package name: RSAKeyFinder
Version : 1.0.0
* URL : http://citp.princeton.edu/memory/code/
* License : BSD
Programming Lang: C++
Description : A tool for locating RSA private and
Package: wnpp
Severity: wishlist
Owner: Debian Forensics <[EMAIL PROTECTED]>
* Package name: AESKeyFinder
Version : 1.0.0
* URL : http://citp.princeton.edu/memory/code/
* License : BSD
Programming Lang: C
Description : A tool for finding and repairing AES
Package: wnpp
Severity: wishlist
Owner: Jacob Appelbaum <[EMAIL PROTECTED]>
* Package name: ozymandns
Version : 0.0.1
Upstream Author : Dan Kaminsky <[EMAIL PROTECTED]>
* URL : http://www.doxpara.com/ozymandns_src_0.1.tgz
* License : (Currently con
Package: libgmp3-dev
Version: 2:4.2.1+dfsg-4
Severity: normal
It would be quite useful if this package or its corresponding
'libgmp3-doc' package included even a single simple man page.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i38
Package: mono
Version: 1.1.6-4
Severity: normal
This version of mono has fundamental garbage collection bugs that have
since been fixed. I highly recommend upgrading to at least mono 1.1.7,
which is what wikipedia has deployed. 1.1.8.2 would be even better, of
course.
Please upgrade this ASAP as
Package: dcraw
Version: 5.88-1
Followup-For: Bug #274603
The current version of dcraw in debian testing segfaults on a raw canon
20d .cr2 file:
dcraw -v img_8727.cr2
Loading Canon EOS 20D image from img_8727.cr2...
Scaling with black=0, pre_mul[] = 1.00 1.00 1.00
VNG interpolatio
50 matches
Mail list logo
