Nikolaus Rath, le Thu 25 Sep 2014 17:26:40 -0700, a écrit :
> Samuel Thibault writes:
> > Matthias Urlichs, le Thu 25 Sep 2014 21:17:58 +0200, a écrit :
> >> Samuel Thibault:
> >> > Sounds crazy to me.
> >> >
> >> Definitely. This is now out in the wild; exploits which simply replace
> >> echo or
Brian May, le Fri 26 Sep 2014 11:40:00 +1000, a écrit :
> On 26 September 2014 10:26, Nikolaus Rath <[1]nikol...@rath.org> wrote:
>
> Wasn't there some web server that used to put query script variables
> into the environment of the CGI script? Or am I confusing that with
> PHP's evil
On Thu, 25 Sep 2014, shawn wilson wrote:
> In that case, I'd think busybox's sh is *much* more minimalist. Why dash
> over busybox?
There is something called bugs. The busybox implementation
is artificially limited. Also, it uses the busybox common
code, which makes its codebase rather large.
Th
Brian May wrote:
On 26 September 2014 14:15, Russ Allbery wrote:
That would surprise me. In one case, you're setting an
environment
variable and then running sudo. In the other case,
you're telling sudo to
On 2014-09-26 09:19:17 +0200, Samuel Thibault wrote:
> Nikolaus Rath, le Thu 25 Sep 2014 17:26:40 -0700, a écrit :
> > Wasn't there some web server that used to put query script variables
> > into the environment of the CGI script?
>
> Well, that ought to have been fixed a long time ago already,
>
Juliusz Chroboczek wrote:
Just to make things clear -- you're advocating #!/bin/sh and running
dash
as /bin/sh?
(Likely alternatives include at least ksh and mksh, formerly pdksh.)
I think this has already happened wherever it was easy. So to
remove /bin/bash sc
On 2014-09-26 10:33:20 +0200, Josselin Mouette wrote:
> Brian May wrote:
> No, I don't think that is the case. I believe sudo interprets
> those assignments itself (as also shown in man page), and the
> error I got clearly shows this to be the case.
>
> b
On Sep 25, 2014 3:18 PM, "Matthias Urlichs" wrote:
>
> Hi,
>
> Samuel Thibault:
> > Sounds crazy to me.
> >
> Definitely. This is now out in the wild; exploits which simply replace
> echo or cat-without-/bin are going to happen. :-/
>
Actually, what I've seen reported in the wild have been wget a
Brian May wrote:
On 26 September 2014 09:32, Matthias Urlichs
wrote:
True, the usecases overlap somewhat, but they're still
different.
I wouldn't want to install n-m (and the 30 libraries it
On Sep 26, Josselin Mouette wrote:
> As Vincent explained, NM works in a similar way.
> The problem on servers is that you need advanced features such as
> bridging, VLANs, bonding… and NM already does all of that.
But it has a significant list of dependencies, which is obviously tuned
for a des
On Fri, 26 Sep 2014 10:58:22 +0200, Josselin Mouette
wrote:
>The problem on servers is that you need advanced features such as
>bridging, VLANs, bonding… and NM already does all of that.
Is there documentation about that? Does NM have hooks like wicd used
to have?
Greetings
Marc
--
Hi,
I noticed that you appear to be filing several RC bugs against packages
which use /bin/bash shebangs in their scripts.
These bugs are *not* RC. The packages themselves do not have security
issues. The interpreter they choose to use {may,does}, but that is not a
bug in grep, xz-utils or gzip.
Marc Haber wrote:
On Fri, 26 Sep 2014 10:58:22 +0200, Josselin Mouette
wrote:
>The problem on servers is that you need advanced features such as
>bridging, VLANs, bonding… and NM already does all of that.
Is there documentation about that?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am Fr den 26. Sep 2014 um 11:28 schrieb Adam D. Barratt:
> I noticed that you appear to be filing several RC bugs against packages
> which use /bin/bash shebangs in their scripts.
Only against that 3 tools that most likely are also used from ne
On 11/09/14 14:36, Ben Hutchings wrote:
> On Wed, 2014-09-10 at 21:36 +, Nick Phillips wrote:
> [...]
>> Debian has a good and hard-earned reputation for not messing up
>> sysadmins' changes; upgrading to systemd - however wonderful it is (and
>> I confess to having no opinion on that) - withou
On Fri, 2014-09-26 at 11:36 +0100, Klaus Ethgen wrote:
> Am Fr den 26. Sep 2014 um 11:28 schrieb Adam D. Barratt:
> > I noticed that you appear to be filing several RC bugs against packages
> > which use /bin/bash shebangs in their scripts.
>
> Only against that 3 tools that most likely are also u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Fr den 26. Sep 2014 um 12:05 schrieb Adam D. Barratt:
> > I don't think that 3 bugs are "mass bug filling". I manually checked
> > where such a bug report is needed.
>
> There were three bugs within 20 minutes or so; I assumed that more were
> co
On Thu, Sep 25, 2014 at 10:23:19PM +0800, Thomas Goirand wrote:
> On 09/25/2014 06:02 PM, Wouter Verhelst wrote:
> > What about the buildd machines that your packages are being built on?
[...]
> Also, only OpenStack specific packages are compressed with -z9, other
> Python modules which may be used
* Klaus Ethgen , 2014-09-26, 11:36:
I don't think that 3 bugs are "mass bug filling". I manually checked
where such a bug report is needed.
I was once accused of doing an unannounced MBF after filing a single
bug. :> It's not necessarily the bug volume that triggers anti-MBF
defence mechanism
On Fri, Sep 26, 2014 at 12:01:27PM +0200, Marc Haber wrote:
> On Fri, 26 Sep 2014 10:58:22 +0200, Josselin Mouette
> wrote:
> >The problem on servers is that you need advanced features such as
> >bridging, VLANs, bonding… and NM already does all of that.
>
> Is there documentation about that? Doe
On Fri, 2014-09-26 at 13:04 +0200, Carlos Alberto Lopez Perez wrote:
> On 11/09/14 14:36, Ben Hutchings wrote:
> > On Wed, 2014-09-10 at 21:36 +, Nick Phillips wrote:
> > [...]
> >> Debian has a good and hard-earned reputation for not messing up
> >> sysadmins' changes; upgrading to systemd - h
On Fri, 26 Sep 2014, Klaus Ethgen wrote:
> > bug in grep, xz-utils or gzip.
> Only against that 3 tools that most likely are also used from network
For what it’s worth, OpenBSD/MirBSD have BSD-licenced
implementations of tools like zgrep, zless, etc. that
can be used (with s/gzip/xz/g) for xz as
Svante Signell writes ("Re: upgrades must not change the installed init system
[was: Re: Cinnamon environment now available in testing]"):
> As you can see from that bug report the systemd maintainers overrides
> every attempt to change severity of that bug to wishlist and wontfix.
>
> Is it poss
On Thu, Sep 25, 2014 at 04:29:05PM +0100, Ian Jackson wrote:
> I have prepared bash packages which do not honour any shell functions
> they find in the environment. IMO that is a crazy feature, which
> ought to be disabled. (I'm running this on chiark now and nothing has
> visibly broken yet.)
T
Package: wnpp
Owner: Dimitri John Ledkov
Severity: wishlist
* Package name: obs-build
Version : 20140918
Upstream Author : Adrian Schröter
* URL or Web page : https://github.com/openSUSE/obs-build
* License : GPL-2+
Description : scripts for building RPM/debian pack
On Fri, 26 Sep 2014 14:19:24 +0100
Dimitri John Ledkov wrote:
> Package: wnpp
> Owner: Dimitri John Ledkov
> Severity: wishlist
>
> * Package name: obs-build
> Version : 20140918
> Upstream Author : Adrian Schröter
> * URL or Web page : https://github.com/openSUSE/obs-build
> *
On Fri, 26 Sep 2014 13:25:13 +0200, Wouter Verhelst
wrote:
>On Fri, Sep 26, 2014 at 12:01:27PM +0200, Marc Haber wrote:
>> On Fri, 26 Sep 2014 10:58:22 +0200, Josselin Mouette
>> wrote:
>> >The problem on servers is that you need advanced features such as
>> >bridging, VLANs, bonding… and NM alre
On 09/26/2014 02:39 PM, Thorsten Glaser wrote:
> For what it’s worth, OpenBSD/MirBSD have BSD-licenced
> implementations of tools like zgrep, zless, etc. that
> can be used (with s/gzip/xz/g) for xz as well.
these utilities should not be in any compressor specific package int he
first place, see z
Hi,
shawn wilson:
> > Maybe we should add the patched version, with an appropriate NEWS entry,
> > to backports?
> >
>
> Maybe?
"Maybe we" as a shorthand for "IMHO, the maintainer of bash should".
Better? :-)
Also, '-p' (privileged mode, i.e. ignore functions in the environment, as
well as a b
On Fri, Sep 26, 2014 at 01:32:26AM +0200, Matthias Urlichs wrote:
> Hi,
>
> Guido Günther:
> > The overlap between n-m and systemd-networkd saddens me. n-m got
> > support for team/bond interfaces, VLANs, etc a while ago and now we get
> > to see yet another tool from systemd-* to redo this.
>
>
Jonathan Dowland wrote:
> Thank you very much for doing this. I would love to see Debian transition to
> having this facility disabled by default at some point in the future.
Florian Weimer's patch doesn't go that far, instead environment
variables have to have special BASH_FUNC_FOO() names before
Package: wnpp
Severity: wishlist
Owner: Darryl Pierce
* Package name: pyngus
Version : 1.1.0
Upstream Author : Qpid Development Team
* URL : http://github.com/kgiusti/pyngus
* License : Apache-2.0
Programming Lang: Python
Description : A connection or
Joey Hess writes ("Re: bash without importing shell functions from the
environment"):
> Jonathan Dowland wrote:
> > Thank you very much for doing this. I would love to see Debian
> > transition to having this facility disabled by default at some
> > point in the future.
>
> Florian Weimer's patch
Package: wnpp
Severity: wishlist
Owner: "Iain R. Learmonth"
* Package name: aprsg
Version : 1.4
Upstream Author : Tapio, OH2GVE
* URL : http://www.pakettiradio.net/aprsg/
* License : GPL
Programming Lang: C
Description : APRS Gateway
aprsg is an APRS I
Package: wnpp
Severity: wishlist
Owner: "Iain R. Learmonth"
* Package name: libfap
Version : 1.3
Upstream Author : Tapio Aaltonen, OH2GVE
* URL : http://www.pakettiradio.net/libfap/
* License : GPL
Programming Lang: C
Description : APRS parser
libfap i
Hello List,
I am currently refresh the Debian package for sympow [1].
In the README file, we read:
The mesh files are stored in binary form, and thus endian-ness
is a worry when moving from one platform to another.
The executable that generates these data file is a binary exectable (C sourc
> The mesh files are stored in binary form, and thus endian-ness
> is a worry when moving from one platform to another.
[...]
> What is not clear to me right now is how to [store] those data files:
> is there an endian triplet ?
Jérôme,
Please try to work with upstream to fix the issue. Byte swa
37 matches
Mail list logo
