Last News

nginx (1.10.3-adr1~jessie)

medium
UTC Sun, 12 Mar 2017 15:18:03
  • New upstream release (1.10.3)
  • Bugfix: in the "add_after_body" directive when used with the "sub_filter" directive.
  • Bugfix: unix domain listen sockets might not be inherited during binary upgrade on Linux.
  • Bugfix: graceful shutdown of old worker processes might require infinite time when using HTTP/2.
  • Bugfix: when using HTTP/2 and the "limit_req" or "auth_request" directives client request body might be corrupted; the bug had appeared in 1.10.2.
  • Bugfix: a segmentation fault might occur in a worker process when using HTTP/2; the bug had appeared in 1.10.2.
  • Bugfix: an incorrect response might be returned when using the "sendfile" directive on FreeBSD and macOS; the bug had appeared in 1.7.8.
  • Bugfix: a truncated response might be stored in cache when using the "aio_write" directive.
  • Bugfix: a socket leak might occur when using the "aio_write" directive.

terminology (1.0.0-1+adr2~jessie)

low
UTC Sun, 12 Mar 2017 15:24:00
  • Add patches from git:
    • 01: terminology tabs resize - fix access of invalid memory beyond bounds
    • 02: controls: clean up code
    • 03: win: double click on tab title to change it. Closes T3143
    • 04: pty: fallback to ~ or / when creating new term if current dir is not available. Closes T5186
    • 05: may fix mouse motion reporting. T4874
    • 06: termio: remove dead code. CID1371738
    • 07: termio: reset size when size looks boggus.

bind9 (1:9.9.5.dfsg-9+deb8u10+adr10~jessie)

medium
UTC Sun, 05 Mar 2017 19:13:43
  • Merge 9.9.5.dfsg-9+deb8u7 from Debian:
    • [Florian Weimer] CVE-2016-2775: lwresd crash with long query name. Backport of upstream commit 38cc2d14e218e536e0102fa70deef99461354232. Closes: #831796.
    • [Florian Weimer] CVE-2016-2776: assertion failure due to unspecified crafted query. Fix based on 43139-9-9.patch from ISC. Closes: #839010.
  • Merge 9.9.5.dfsg-9+deb8u8 from Debian:
    • [Florian Weimer] CVE-2016-8864: Fix assertion failure in DNAME processing with patch provided by ISC.
  • Merge 9.9.5.dfsg-9+deb8u9 from Debian:
    • [Florian Weimer] Apply patches from ISC.
    • [Florian Weimer] CVE-2016-9131: Assertion failure related to caching of TKEY records in upstream DNS responses.
    • [Florian Weimer] CVE-2016-9147: Processing of RRSIG records in upstream DNS response without corresponding signed data could lead to an assertion failure.
    • [Florian Weimer] CVE-2016-9444: Missing RRSIG records in the authority section of upstream responses could lead to an assertion failure.
    • [Florian Weimer] RT #43779: Fix handling of CNAME/DNAME responses. (Regression due to the CVE-2016-8864 fix.)
  • Merge 9.9.5.dfsg-9+deb8u10 from Debian:
    • [Michael Gilbert] Fix regression caused by the fix for CVE-2016-8864 (closes: #855540).
    • [Michael Gilbert] Fix CVE-2017-3135: a malicously crafted query can cause named to crash if both DNS64 and RPZ are being used (closes: #855520).
  • Create new patch from Debian diff

curl (7.52.1-adr1~jessie)

high
UTC Sun, 05 Mar 2017 19:01:20
  • Merge patches from Debian
  • New upstream release 7.52.1:
    • Make SSL_VERIFYSTATUS work again as per CVE-2017-2629 https://curl.haxx.se/docs/adv_20170222.html
    • Fix HTTPS connection timeout with OpenSSL (Closes: #852317)
    • Fix printf floating point buffer overflow as per CVE-2016-9586 (Closes: #848958)
  • New upstream release 7.51.0:
    • Fix cookie injection for other servers as per CVE-2016-8615 https://curl.haxx.se/docs/adv_20161102A.html
    • Fix case insensitive password comparison as per CVE-2016-8616 https://curl.haxx.se/docs/adv_20161102B.html
    • Fix OOB write via unchecked multiplication as per CVE-2016-8617 https://curl.haxx.se/docs/adv_20161102C.html
    • Fix double-free in curl_maprintf as per CVE-2016-8618 https://curl.haxx.se/docs/adv_20161102D.html
    • Fix double-free in krb5 code as per CVE-2016-8619 https://curl.haxx.se/docs/adv_20161102E.html
    • Fix glob parser write/read out of bounds as per CVE-2016-8620 https://curl.haxx.se/docs/adv_20161102F.html
    • Fix curl_getdate read out of bounds as per CVE-2016-8621 https://curl.haxx.se/docs/adv_20161102G.html
    • Fix URL unescape heap overflow via integer truncation as per CVE-2016-8622 https://curl.haxx.se/docs/adv_20161102H.html
    • Fix use-after-free via shared cookies as per CVE-2016-8623 https://curl.haxx.se/docs/adv_20161102I.html
    • Fix invalid URL parsing with '#' as per CVE-2016-8624 https://curl.haxx.se/docs/adv_20161102J.html
    • Fix IDNA 2003 makes curl use wrong host https://curl.haxx.se/docs/adv_20161102K.html
    • Fix escape and unescape integer overflows as per CVE-2016-7167 (Closes: #837945) https://curl.haxx.se/docs/adv_20160914.html
    • Fix incorrect reuse of client certificates (NSS backend) as per CVE-2016-7141 (Closes: #836918) https://curl.haxx.se/docs/adv_20160907.html
  • New upstream release 7.50.0:
    • Fix TLS session resumption client cert bypass as per CVE-2016-5419 https://curl.haxx.se/docs/adv_20160803A.html
    • Fix re-using connection with wrong client cert as per CVE-2016-5420 https://curl.haxx.se/docs/adv_20160803B.html
    • Fix use of connection struct after free as per CVE-2016-5421 https://curl.haxx.se/docs/adv_20160803C.html
    • Support OpenSSL 1.1 (Closes: #828127)

ansible (2.2.1.0-1+adr1~jessie)

medium
UTC Sun, 29 Jan 2017 13:27:13
  • Merge patches from Debian
  • New upstream release 2.2.1.0:
    • Security fix for CVE-2016-9587 - An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server as the user and group Ansible is running as.
    • Fixes a bug where undefined variables in with_* loops would cause a task failure even if the when condition would cause the task to be skipped.
    • Fixed a bug related to roles where in certain situations a role may be run more than once despite not allowing duplicates.
    • Fixed some additional bugs related to atomic_move for modules.
    • Fixes multiple bugs related to field/attribute inheritance in nested blocks and includes, as well as task iteration logic during failures.
    • Fixed pip installing packages into virtualenvs using the system pip instead of the virtualenv pip.
    • Fixed dnf on systems with dnf-2.0.x (some changes in the API).
    • Fixed traceback with dnf install of groups.
    • Fixes a bug in which include_vars was not working with failed_when.
    • Fix for include_vars only loading files with .yml, .yaml, and .json extensions. This was only supposed to apply to loading a directory of vars files.
    • Fixes several bugs related to properly incrementing the failed count in the host statistics.
    • Fixes a bug with listening handlers which did not specify a name field.
    • Fixes a bug with the play_hosts internal variable, so that it properly reflects the current list of hosts.
    • Fixes a bug related to the v2_playbook_on_start callback method and legacy (v1) plugins.
    • Fixes an openssh related process exit race condition, related to the fact that connections using ControlPersist do not close stderr.
    • Improvements and fixes to OpenBSD fact gathering.
    • Updated make deb to use pbuilder. Use make local_deb for the previous non-pbuilder build.
    • Fixed Windows async to avoid blocking due to handle inheritance.
    • Fixed bugs in the mount module on older Linux kernels and *BSDs
    • Various minor fixes for Python 3
    • Inserted some checks for jinja2-2.9, which can cause some issues with Ansible currently.
  • New upstream release 2.2.0.0:
  • Somes fixes and changes:
    • Security fix for CVE-2016-8628 - Command injection by compromised server via fact variables. In some situations, facts returned by modules could overwrite connection-based facts or some other special variables, leading to injected commands running on the Ansible controller as the user running Ansible (or via escalated permissions).
    • Security fix for CVE-2016-8614 - apt_key module not properly validating keys in some situations.
    • Added the listen feature for modules. This feature allows tasks to more easily notify multiple handlers, as well as making it easier for handlers from decoupled roles to be notified.
    • Added support for binary modules
    • Added the ability to specify serial batches as a list (serial: [1, 5, 10]), which allows for so-called "canary" actions in one play.
    • Fixed 'local type' plugins and actions to have a more predictable relative path. Fixes a regression of 1.9 (PR #16805). Existing users of 2.x will need to adjust related tasks.
    • meta tasks can now use conditionals.
    • raw now returns changed: true to be consistent with shell/command/script modules. Add changed_when: false to raw tasks to restore the pre-2.2 behavior if necessary.n
    • Added a new meta option: end_play, which can be used to skip to the end of a play.
    • roles can now be included in the middle of a task list via the new include_role module, this also allows for making the role import 'loopable' and/or conditional.
    • The service module has been changed to use system specific modules if they exist and fall back to the old service module if they cannot be found or detected.
    • Add ability to specify what ssh client binary to use on the controller. This can be configured via ssh_executable in the ansible config file or by setting ansible_ssh_executable as an inventory variable if different ones are needed for different hosts.
  • Network:
    • Refactored all network modules to remove duplicate code and take advantage of Ansiballz implementation
    • All functionality from *_template network modules have been combined into *_config module
    • Network *_command modules not longer allow configuration mode statements
  • Some new modules:
    • apache2_mod_proxy
    • digital_ocean_block_storage
    • docker (docker_network)
    • include_role
    • jenkins (jenkins_job, jenkins_plugin)
    • kibana_plugin
    • lxd (lxd_profile, lxd_container)
    • github (github_key, github_release)
    • google (gcdns_record, gcdns_zone, gce_mig)
    • vmware (vmware_guest, vmware_local_user_manager, vmware_vmotion)
  • Incompatible Changes:
    • Use of _fixup_perms with recursive=True (the default) is no longer supported. Custom action plugins using _fixup_perms will require changes unless they already use recursive=False. Use _fixup_perms2 if support for previous releases is not required. Otherwise use _fixup_perms with recursive=False.

terminology (1.0.0-1+adr1)

low
UTC Sun, 29 Jan 2017 13:10:10
  • New upstream release 1.0.0
  • Bold/Italic support (on by default)
  • Add keybinding shift+home to go to the top of the backlog
  • Add keybinding shift+end to reset scroll
  • Add keybinding shift+left/right to switch between tabs
  • Add keybinding ctrl+alt+t to change terminal's title
  • Add ability to copy links on right-click menu
  • Font size can be changed by escape sequence
  • Rewrite link detection to be more efficient
  • Sanitize SHELL environment variable when using it
  • Fix selections
  • Fixes about escape sequences managing tabs
  • Many fixes

nginx (1.10.2-adr1~jessie)

medium
UTC Tue, 01 Nov 2016 10:47:38
  • New upstream release (1.10.2)
  • Change: the "421 Misdirected Request" response now used when rejecting requests to a virtual server different from one negotiated during an SSL handshake; this improves interoperability with some HTTP/2 clients when using client certificates.
  • Change: HTTP/2 clients can now start sending request body immediately; the "http2_body_preread_size" directive controls size of the buffer used before nginx will start reading client request body.
  • Bugfix: a segmentation fault might occur in a worker process when using HTTP/2 and the "proxy_request_buffering" directive.
  • Bugfix: the "Content-Length" request header line was always added to requests passed to backends, including requests without body, when using HTTP/2.
  • Bugfix: "http request count is zero" alerts might appear in logs when using HTTP/2.
  • Bugfix: unnecessary buffering might occur when using the "sub_filter" directive; the issue had appeared in 1.9.4.
  • Bugfix: socket leak when using HTTP/2.
  • Bugfix: an incorrect response might be returned when using the "aio threads" and "sendfile" directives; the bug had appeared in 1.9.13.
  • Workaround: OpenSSL 1.1.0 compatibility.

efl (1.17.2-adr3~jessie)

medium
UTC Tue, 01 Nov 2016 11:15:09
  • Add patches from git:
    • 15: evas and ecore_x shm segment management - fix over allocation and perms
    • 16: eina: populate memory in the right limit.

elementary (1.17.1-adr2~jessie)

medium
UTC Sun, 24 Jul 2016 19:19:08
  • Add patches from git:
    • 01: clear callbacks before destroying object to avoid crash.
    • 02: win: Set proper flag when EDC specifies win "alpha"
    • 03: win: Set window alpha when changing theme

efl (1.17.2-adr2~jessie)

medium
UTC Sun, 24 Jul 2016 18:40:17
  • Add patches from git:
    • 01: efl - ecore c+ ecore-imf - fix odd case input when faking a real event
    • 02: evas event handling - fix incorrect object reporting
    • 03: evas event handling2 - fix incorrect object reporting
    • 04: evas event handling3 - fix yet more corner cases for clipped objects
    • 05: efreet - fix mime file path messing with short paths like /
    • 06: efl - threads and signals - make efl work on "insane" os's with signals
    • 07: git merge conflict
    • 08: evas event handling4- fix more corner cases where bounding is bad
    • 09: eina thread - fix window build with sigprocmask
    • 10: eina thread create - use pthread_sigmask as this can be called from thread
    • 11: evas: Fix cutout regions with transparent images
    • 12: evas: Some more opacity check fixes
    • 13: evas: Also fix was_opaque for rect & image
    • 14: evas: fix compile problem with wrong function signature

Less dependent on SystemD...

UTC Mon, 06 Jun 2016 04:30:00

Like many people I don't like SystemD. Really don't like.

I want to be less dependent on SystemD... until to be no dependant at all!

From now, I will remove all SystemD requirment of packages I compile. I know it's relatively easy for servers packages, and quite hard for desktop packages (udev issue!).

Next step: test and validate this repository with Devuan and Debian.

EFL Universe (EFLU) new upgrade

UTC Web, 06 Jan 2016 20:25:00

New year, new upgrade of the EFLU (it's been a long time (again)...), and new storage policy.

First, happy new year! \o/

Second, upgrade versions of libraries and softwares.

And third, more important, split the repository in two :

  1. altern-jessie: server packages (nginx, php, mariadb, etc.);
  2. eflu-jessie: specific repository for the EFL Universe (and relatives).

EFL Universe (EFLU) big upgrade

UTC Sat, 11 Jul 2015 08:43:07

The big upgrade of the EFLU. It's been a long time...

First, upgrade to version 1.14 of the libraries (EFL, Elementary, Python-EFL, Evas-loaders) and add a new one (Emotion-players).

Second, somes Enlightenment apps are upgraded (Rage, Enventor and Eflete), fixed from git (Terminology), or added (EDI, Etrophy and Elemines). Although some applications are really still in development...

And the next step, E19!

Full LAMP stack with LibreSSL

UTC Sat, 09 May 2015 19:59:21

My full LAMP stack is available with LibreSSL (with A for Nginx, M for MariaDB and P for PHP or HHVM).

It's the version 1.8.0 of Nginx (with some more modules for the full and extra packages), the version 10.0.19 for MariaDB (soon will arrive the Cassandra Engine plugin), and the version 5.6.7 for PHP (no changes with Debian except SSL library).

I will add Apache 2.4 in near future, just compiled with LibreSSL inseatd of OpenSSL.

Altern-DEB.com is opened

UTC Fri, 01 May 2015 12:00:00

Migration from my own personal fake domain to altern-deb.com. This private repository become a public one.

Until now, only I and a few friends knowing what to add in the host file could use this repository.

I open it to the whole world ... even though I know I'll probably be the only user :)

HHVM is in the place!

UTC Tue, 28 Apr 2015 08:23:17

The HHVM package provided by HHVM team on hhvm.com website is `strange'. It depends to libgd2-xpm-dev while this is not a development package.

Anyway, I recompiled this package to link it to libssl and libcrypto from LibreSSL, so I fix this dependance mistake.

I also provided /etc/hhvm/server.ini and /etc/hhvm/php.ini more complete than original.

Migration to LibreSSL

UTC Tue, 17 Mar 2015 17:29:01

I want to migrate to LibreSSL library, to replace OpenSSL. Unfortunately, GNU/Debian does not offer this possibility.

Today, I just compile LibreSSL version 2.1.5 in 5 packages:

  • libressl: the libssl, libcrypto and libtls shared libraries
  • libressl-dev: the development files (development libraries, header files, and manpages for libraries)
  • libressl-openssl: the 'openssl' cryptographic utility
  • libressl-dbg: the debug information
  • libressl-doc: the development documentation

The resulting library and 'openssl' utility is largely API-compatible with OpenSSL 1.0.1. However, it is not ABI compatible - I need to relink programs to LibreSSL in order to use it.

So... it's just the beginning. Soon, I'll add several packages using OpenSSL recompiled for using LibreSSL (like nginx, curl, php5, postfix, etc.).

Enlightenment, libraries and softwares

UTC Sat, 13 Dec 2014 11:22:35

I'm an E17 user. But GNU/Debian is not really, even in jessie/testing.

So I started to package new version of E17, some softwares and, necessarily, all requirements.

Fist EFL, Elementary, python-efl. Then, Enlightenment 17 and modules for E17. And finally, some tools like terminology and econnman.

News from [2017] [2016] [2015] [2014]