e most appropriate?
RC with 'sid' tag seems like it could be appropriate, but maybe not
necessary?
Thanks
noah
Package: dovecot-ldap
Version: 1:2.4.1+dfsg1-1
Severity: grave
Tags: pending
Justification: renders package unusable
dovecot-ldap fails to configure with:
Setting up dovecot-ldap (1:2.4.1+dfsg1-1) ...
Error: The new file /usr/share/dovecot/dovecot-ldap.conf.ext does not exist!
dpkg: error p
Control: severity -1 serious
With dovecot 2.4.1 now in unstable, this is release critical. Adjusting
severity accordingly.
Source: dovecot-antispam
Version: 2.0+20171229-1
Severity: important
Tags: ftbfs upstream
dovecot-antispam does not currently build against dovecot 2.4 (currently in
experimental). Logs from an attempted build are included below.
The upstream status of this project is unclear, given that the las
vides from
> dovecot-core IIUC) makes me want to defer to Release Team member colleagues
> who handle much more transitions than I do.
I did notify the maintainer privately, before realizing that they seem
MIA, but didn't follow up with a bug report. I've now opened #1104033
for better visibility.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104033
noah
On Fri, Apr 11, 2025 at 04:07:28PM +0200, Bastian Blank wrote:
> The Ec2 and Azure datasources generate netplan config with "set-name".
> Ec2 uses the same name that udev already set, Azure generates a new
> "ethX". This instructs netplan to forcibly change the name, even if
> there is a link unit
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: google-guest-ag...@packages.debian.org, Andrew Jorgensen
, Leandro (Leo) Dorileo
Control: affects -1 + src:google-guest-agent
Please unblock package google-guest-agent
[ Rea
found for
> prompt_toolkit
It does appear that python3-prompt-toolkit 3.0.51-1 introduces this
regression, so I'm reassigning the bug there. The version in trixie is
3.0.50-1 and awscli works as expected there. Updating to 3.0.51-1 with
no other changes introduces the regression.
Autopkgtest has also identified the problem, as visible at
https://ci.debian.net/packages/a/awscli/testing/amd64/60175397/
noah
an reproduce this on sid, but not on trixie. Since they both have
the same version of awscli, I suspect a regression in one of the
dependencies. Not exactly clear which yet, though.
python3-prompt-toolkit has a newer version in sid, so that's a
possibility...
noah
Control: tags -1 + pending
Fix in
https://salsa.debian.org/noahm/waagent/-/commit/93d300d8b40b1c3db1c4b4e00caff57848add732
Control: tags -1 + pending
Fix is pending review in
https://salsa.debian.org/cloud-team/google-guest-agent/-/merge_requests/2
Fix is in
https://salsa.debian.org/noahm/dovecot/-/commit/e30a611fc3b58d7ed18e53d69b2ebf0b69d28b06
noah
On Wed, Apr 16, 2025 at 01:11:34PM -0400, Noah Meyerhans wrote:
> > Do you have any upstream statement how they will handle the 2.3.y
> > series after their 2.4 release? Do they plan to still backport CVE
> > fixes for the 2.3 series or is it considered officially end of life?
rimental. I've been running them for some time now and find them to
be stable (more so than 2.4.0), but more testing in different
environments would be very helpful.
noah
s, bugs from users?
>
> Sorry that are not very specific questions.
I haven't seen a public statement on 2.3.x support, but upstream has
noted on their mailing lists that it's "on life support". I've reached
out for clarification...
noah
t get ahead of ourselves. I think Stefano was simply
pointing out something that had happned in the past, not any new DAM
involvement.
Keeping systemd-resolved in place is vastly preferable to any
cloud-specific workaround. We used to have such a thing, before moving
to systemd-networkd/resolved, and are not excited about the prospect of
going back thered.
noah
@bsd.network/114242208525201480
> https://fosstodon.org/@paradegrotes...@mastodon.sdf.org/114242559527495102
>
> So, just one simple question: why the should I even bother
> anymore?
Please try to ignore them; they're not contributing anything of value to
the conversation. I assert that they also represent a tiny minority.
Within the cloud team, I certainly can't recall any users complaining
about our choice to enable systemd-resolved, and there are a lot of
them.
noah
networkd altogether, should it come to that, but I'd hope we
don't get to that point.
noah
On Tue, Apr 01, 2025 at 09:35:02PM +, Luca Boccassi wrote:
> > > > Please let's not get ahead of ourselves. I think Stefano was simply
> > > > pointing out something that had happned in the past, not any new DAM
> > > > involvement.
> > >
> > > Sorry I should have been clearer: when I said war
ie
is the worst possible outcome of this discussion so far.
noah
gt; DAM's involvement is not the result of any discussion on any MR.
Is the TC opposed to Luca's earlier proposal to add back
systemd-resolved with a Conflicts relationship on avahi-daemon?
noah
Control: tags -1 + security
Control: fixed -1 2:7.2-1
Note that this has been assigned CVE-2025-2312
o late to change any minds there. I don't know
what to suggest to the TC at this point, but the current situation risks
leaving a fairly large subset of our users without a clear path forward.
I don't agree with Luca's decision to drop systemd-resolved altogether
in response to the TC's decision, but I do recognize that he's the one
who's going to be on the receiving end of the hate mail from user's when
their DNS breaks when upgrading from bookworm, so I'm somewhat
sympathetic to his position.
noah
st manages the contents of /etc/resolv.conf
and is not directly involved in the name resolution process at all.
That's how we use it in the bookworm cloud images, and it has proven
reliable.
So I don't consider our usage of systemd-resolved to be a mistake any
more than I consider our usage of systemd-networkd to be one. Removing
it would not benefit our users in any way.
noah
xperimental where various bugs
were identified and squashed.
The complete debdiff is at
https://people.debian.org/~noahm/dovecot_2.4.1+dfsg1-1~exp1.debdiff
The debian/changelog diff between testing and experimental is attached.
Thanks
noah
1. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100
On Mon, Mar 17, 2025 at 10:27:46AM -0400, Noah Meyerhans wrote:
> 2. Dovecot 2.4 does not build on 32-bit architectures. My intent was to
> drop i386 anyway, but I did put out a call for help on debian-arm@lists.d.o
> in case anybody wants to fix the issues as they impact 3
The match makes sense to me, but I'd prefer if it gets merged upstream
first. Is there any chance you could submit it there using their
bugzilla system? https://bz.apache.org/SpamAssassin/
Thanks
noah
Package: wnpp
Severity: wishlist
Owner: Noah Meyerhans
X-Debbugs-Cc: debian-de...@lists.debian.org, debian-cl...@lists.debian.org
* Package name: azure-proxy-agent
Version : 1.0.25
* URL : https://github.com/Azure/GuestProxyAgent
* License : MIT
Programming
elease, getting into trixie would
also be ideal. I'd consider that a second transition for this package, as
we're currently working with 2.4.0, but I do want to mention it.
Thanks
noah
Ben file:
title = "dovecot";
is_affected = .depends ~ "dovecot-dev" | .depends ~
Package: cloud.debian.org
Severity: important
This has so far only been observed on Azure. It's not clear whether it's
impacted other cloud environments or not.
Cloud-init is not consistently being enabled during VM provisioning on
Microsoft Azure. The external symptom is that the launch times
short circuits the error handling and kills
> off all other generators.
Yep, that's basically the path I was on, too. That explains the
intermittent nature of the failures, too, since it's possible for the
ABRT to happen after some generators have already completed
successfully.
I wonder what's going on with netplan-generator...
noah
On Thu, Mar 13, 2025 at 06:21:13PM +0100, Bastian Blank wrote:
> "systemd.log_level=debug systemd.log_target=console" on the kernel
> command line gives some more insight. But this is a lot of output, so
> requires serial console output.
Yep. One of my earlier updates contains the full debug outp
s, which we can discuss further once it's packaged.
noah
I can confirm that systemd is sending a TERM to (at least) the
cloud-init-generator process. However, I'm not yet sure why:
* The cloud-init-generator process typically runs in approximately 30ms,
and is sometimes killed.
* I've been able to insert an artificial 2s pause in the middle of the
d execution of restart.
> | Errors were encountered while processing:
> | dovecot-core_1%3a2.4.0+dfsg1-1~exp2_amd64.deb
>
> I suspect dovecot-core needs Breaks+Replaces for dovecot-sieve.
Hm. I suspect the migration of the file to dovecot-core was a mistake.
noah
Control: tags -1 + moreinfo
On Mon, Mar 10, 2025 at 12:46:41PM +0100, Santiago Vila wrote:
> In my tests, this fails 100% of the time on
> single-CPU systems and 40% of the time on systems
> with 2 CPUs. I think that's bad enough.
I have not been able to reproduce this, even with single-CPU build
n behavior.
noah
://lists.samba.org/archive/samba-technical/2025-February/139330.html
Thanks!
noah
-- System Information:
Debian Release: 12.9
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
age if that would help.
> >
> > Thanks I will shortly have a look at that as I'm rebasing 6.1.y for
> > bookworm for the next upload.
>
> Investigating this further I believe we have the same problem as well
> for CVE-2024-42069.
Yes, that seems likely.
noah
top of our patched 6.1 kernel with an
offset. [3]
I didn't propose a fix to the security-tracker data because I don't know
the file format well enough.
I can prepare a merge request to the kernel package if that would help.
Thanks
noah
1. https://security-tracker.debian.org/tracker/CVE-
ange to the upstream project at
https://github.com/aya-rs/aya? Maintaining this set of
architecture-specific bindings over the long term is impactical.
noah
10.y. Can
> > > you re-ping upstream to make sure it get included in the 5.10.y
> > > series? Once this has happened as we follow the 5.10.y series it will
> > > be included (or can be included in advance once it has been queued).
> >
> > Yes, I forgot to reset the
forgot to reset the date on the commit that I sent upstream,
which is why it looks like it's been around since 2021. I requested
that upstream apply the fix to 5.10.y last week, and will ping them in
another week or two if it hasn't been acknowledged either way...
noah
races in nvme_setup_io_queues"), so this only impacts
oldstable. I have provided a backport of this commit upstream in
https://lore.kernel.org/stable/E1tj8vO-00471h-2H@lore/
I'm requesting that this commit be included in a bullseye kernel update.
Thanks
noah
SCSI subsystem initialized
[1.1
On Sun, Feb 16, 2025 at 02:06:31PM +0100, Felix Zielcke wrote:
> > I've just uploaded dovecot 1:2.4.0+dfsg1-1~exp1 to experimental.
> Please
> > test to the extent that you're able.
> >
> [...]
> > noah
> >
>
> thanks for doing the 2.4 uplo
issues on (at least) i386, which
look on first glance like they're related to the 64 bit time_t change.
I'm not sure it's worth fixing those, but am happy to hear other
opinions and/or review patches.
noah
es cause
some problems. The fact that upstream doesn't provide a working example
config equivalent to the one provided with 2.3.x does help. If you'd
like to contribute, porting the old default config to the new version
would be extremely helpful.
noah
1. https://salsa.debian.org/
Control: tags -1 + patch
Please consider the merge request at
https://salsa.debian.org/debian/debhelper/-/merge_requests/135
Package: src:cloud-init
Version: 24.4.1-1
Severity: important
User: cloud.debian@packages.debian.org
Usertags: image azure
Azure allows the user to provide a root password for the default account when a
VM is created. (see the --authentication-type and --admin-password options to
the `az vm c
ously suggested. I can look into implementing the trigger handler
in mimedefang if that'd be helpful.
noah
)" condition there.
--no-start is important during installation, because we don't want the
service to start, but presumably some users will later enable the
service (otherwise, why ship it at all?). During package removal,
though, we do need to stop it.
noah
nd (Reason: Unit prometheus-node-exporter-smartraid.timer
> not found.)
> Active: failed (Result: resources)
> Trigger: n/a
This has also been observed in src:spamassassin. See
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090826
Thanks
noah
Control: tags -1 + upstream confirmed
I've confirmed that this is still present in 4.0.1. I've pinged
upstream via https://bz.apache.org/SpamAssassin/show_bug.cgi?id=5663 and
we'll see if they have anything to say...
noah
On Wed, Jan 01, 2025 at 07:53:55AM -0500, Noah Meyerhans wrote:
> I should be able to incorporate it into a stable update (there’s a
> bookworm point release scheduled for a couple weeks from now). Please
> keep me posted about the effectiveness of your local patching.
Sorry, this of co
I should be able to incorporate it into a stable update (there’s a bookworm
point release scheduled for a couple weeks from now). Please keep me posted
about the effectiveness of your local patching.
> On Jan 1, 2025, at 2:09 AM, Timo van Roermund wrote:
>
> According to the upstream bug rep
On Tue, Dec 24, 2024 at 09:38:01AM -0500, Noah Meyerhans wrote:
> > > > During a rebuild of all packages in sid, this package failed to build
> > > > on armhf.
> >
> > > The problem seems related to libunwind. Dovecot builds successfully in
> > >
pstream resolves this failure. I'm not sure
about the other libunwind bugs.
I have amd64 and armhf builds of libunwind 1.8.1 at
https://people.debian.org/~noahm/repo/ if anybody else is looking to
test against it.
noah
known issues on amd64 or arm64 according to recent (a
> couple
> days ago) rebuilds.
The problem seems related to libunwind. Dovecot builds successfully in
trixie, but if we update libunwind packages to the sid versions, it
fails.
Trixie has libunwind 1.6.2-3.1; Sid has 1.7.2-1.
noah
dated yet.
Yes, I think you're right. In fact, I think that's the only place that
actually matters. For consistency it should happen in the package as
well. The ftpmaster override request is in #1091099
noah
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: override
X-Debbugs-Cc: debian-b...@lists.debian.org
linux-sysctl-defaults should be installed by default on typical Debian systems.
See #1090811 for background.
Thanks
noah
ader context.
>
> FWIW, we have added linux-sysctl-defaults to the sid/trixie VM images
> built by the cloud team.
>
> noah
>
>I think "Priority: important" is probably appropriate here?
>
> [2]https://salsa.debian.org/installer-team/
ime I start planning my migration, then. ;)
Thank you!
noah
.rp_filter and others).
These are system-wide settings that we don't want changed with the
installation of some package after the fact.
There are at least a couple of ways we can accomplish this:
* Raise the linux-sysctl-defaults priority to 'standard', which will get
it installed by tasksel under d-i while still leaving it out of other
debootstrapped installations (containers, etc)
* Raise its priority to 'important', in which case debootstrap will
install it
And there are probably more.
noah
DESCRIPTION
● spamassassin-maintenance.timer not-found failed failed
spamassassin-maintenance.timer
i think that if the package is removed (and not purged) the timer should
also be removed/disabled.
Thanks for your work !
I've confirmed that this impacts sid.
noah
moving one or more older ones?
noah
r.
In any case, your point still stands. I'll re-assign this to general
for now, and we can discuss the options in a broader context.
FWIW, we have added linux-sysctl-defaults to the sid/trixie VM images
built by the cloud team.
noah
o update their package sets in their
> configuration management tool, but this is true for each and every
> release.
I've opened #1090811 to start the conversation with the d-i maintainers
about adding linux-sysctl-defaults to the default install.
noah
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090811
s.debian.org/cgi-bin/bugreport.cgi?bug=1089626
Thanks
noah
On Fri, Dec 13, 2024 at 08:53:09PM +0100, Andre Klärner wrote:
> it would be nice if the change from this bug would be mentioned in
> NEWS.Debian.
Agreed, this should happen. It also needs to be mentioned in release
notes for Debian 13.
Here's an initial proposal for NEWS text, let me know if it
Proposed patch is at https://salsa.debian.org/debian/sysstat/-/merge_requests/3
Thanks
noah
sandboxed process to make
changes to (and in some cases observe the state of) the system on which it's
running. This helps to protect against impact of bugs in the software, whether
they're triggered accidentally or maliciously.
noah
-- System Information:
Debian Release: trixie/sid
A
Package: dh-make-golang
Version: 0.7.0-1
Severity: important
Forwarded: https://github.com/Debian/dh-make-golang/issues/231
`dh-make-golang estimate` fails with:
noahm@scratch:~$ dh-make-golang estimate github.com/Debian/dh-make-golang
go get: 0.00 KiBgo: -d flag is deprecated. -d=true is a no-o
that the
software works as you expect. The simplest way to do this is with
something like /sbin/sysctl -w net.ipv4.ping_group_range="0 2147483647"
noah
Control: tags -1 + patch
The attached patch resolves the issue in (at least) the lxc autopkgtest
environment.
noah
>From da1b5c83e3d730c3f2aa63297bc9e994c0a9b237 Mon Sep 17 00:00:00 2001
From: Noah Meyerhans
Date: Tue, 3 Dec 2024 15:18:21 -0500
Subject: [PATCH] autopkgtest:
severity back up so it's appropriately tracked while we
investigate.
noah
by the way.
I've asked the www team to host the proposed text on www.debian.org.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086579
If they can't/won't do that, we can consider hosting it on
cloud.debian.org.
noah
exact
distribution terms for each program are described in the individual files
in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Thanks
noah
ut it does resolve the
issue when run with autopkgtest. See the attached patch for one possible
implementation of this change.
For background on the iputils change, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008281
noah
-- System Information:
Debian Release: 12.7
APT prefers s
Control: tags -1 + patch
See https://salsa.debian.org/ha-team/fence-agents/-/merge_requests/8 for
a proposed fix.
Thanks
noah
group_range="0 2147483647"
Note that the resolution of #1085160 may eventually eliminate the need to do
this.
noah
On Sun, Oct 20, 2024 at 04:17:33PM +0200, Paride Legovini wrote:
> This is fixed in autopkgtest master; I'll try to cut a new version of
> autopkgtest with the fix in the next few days.
Thank you!
noah
7; and
run:
echo "0 1073741823" | sudo tee /proc/sys/net/ipv4/ping_group_range
from the test script. That feels like a bit arcane of a thing to
require random packages to do just to be able to invoke ping in their
tests.
noah
On Sat, Oct 19, 2024 at 07:56:37PM +0200, Paul Gevers wrote:
> Hi,
>
> On 18-10-2024 22:42, Noah Meyerhans wrote:
> > linux-sysctl-defaults should be pulled in as a Recommends (assuming you
> > haven't overriden that), which should then apply the new setting.
> As Rec
Package: autopkgtest
Version: 5.39
Severity: normal
This bug is somewhat similar to #1080981 and may be resolved by the same
fix, but I'm not sure.
While investigating an autopkgtest failure in the fence-agents package,
I encountered a situation in which an apparently valid test
configuration fai
-defaults or a Debian
> policy not to apply sysctl settings on package install?
This is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085160
noah
nd
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084135 for instances
of issues caused during upgrades.
noah
On Fri, Oct 18, 2024 at 09:35:04PM +0200, Paul Gevers wrote:
> Hi,
>
> On 18-10-2024 21:09, Noah Meyerhans wrote:
> > That'll work, obviously, but I do think it should be considered
> > system-wide on the debci lxc environment. On a common Debian
> > installation
m-wide on the debci lxc environment. On a common Debian
installation, this isn't something a package maintainer or user should
need to care about, as the defaults should result in ping working out of
the box.
noah
On Fri, Oct 18, 2024 at 07:48:43PM +0200, Paul Gevers wrote:
> Hi Noah,
>
> On 18-10-2024 19:43, Noah Meyerhans wrote:
> > In bookworm and earlier, ping uses CAP_NET_RAW file capabilities in
> > order to obtain permission to transmit ICMP. The version in trixie and
> >
-default.conf?ref_type=heads#L39-45
Re-assigning this to the debci package so the change can be made there.
noah
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
azure-nvme-utils has been replaced by azure-vm-utils, both upstream
and now in Debian. Please remove azure-nvme-utils from the archive.
noah
Package: dpkg-source-gitarchive
Version: 0.2.1
Severity: normal
dpkg-source-gitarchive does not properly handle ~ (or presumably other
characters that are valid in version strings but not in git tags).
https://salsa.debian.org/noahm/waagent/-/jobs/6417314#L139 shows an example of
a failure to con
Control: tags -1 + fixed-upstream
On Thu, Oct 03, 2024 at 04:10:44PM -0400, Noah Meyerhans wrote:
> waagent is missing a dependency on python3-setuptools, causing it to crash on
> startup on current sid Azure images.
The 2.12 upstream release branch resolves this issue by eliminating the
Source: waagent
Version: 2.9.1.1-2
Severity: grave
Justification: renders package unusable
waagent is missing a dependency on python3-setuptools, causing it to crash on
startup on current sid Azure images.
noahm@scratch:~$ apt policy waagent
waagent:
Installed: 2.9.1.1-2
Candidate: 2.9.1.1-2
r than dhcpcd,
and the cloud-images should ensure that only -base is installed.
noah
for multiple [Route] sections (Closes: #1052535)
+
+ -- Noah Meyerhans Tue, 17 Sep 2024 11:08:48 -0400
+
cloud-init (22.4.2-1+deb12u1) bookworm; urgency=medium
* Add Conflicts/Replaces relationship on cloud-init-22.4.2
diff -Nru
cloud-init-22.4.2/debian/patches
ngelog 2022-11-27 02:29:56.0 -0500
+++ iputils-20221126/debian/changelog 2024-09-24 13:00:36.0 -0400
@@ -1,3 +1,10 @@
+iputils (3:20221126-1+deb12u1) bookworm; urgency=medium
+
+ * Import upstream fix for incorrect ping receiving packets intended for other
+processes (Clos
Control: fixed -1 3:20150815-1
This has been done for years...
On Mon, Sep 23, 2024 at 07:32:05PM +0200, Alexandre Detiste wrote:
> I seen 1 remaining refererence
>
> tests/common/test_cgroupconfigurator.py:from nose.plugins.attrib import attr
Yeah, but we don't actually fail on test failures currently, so dropping
the dependency would not introduce a regres
used in the build process anymore.
noah
1 - 100 of 1070 matches
Mail list logo
