Bug#1055991: /usr/share/autofs/conffiles/auto.net: /etc/auto.net comments for nfsv4 are unclear

Package: autofs Version: 5.1.8-2+deb12u2 Severity: minor File: /usr/share/autofs/conffiles/auto.net Upstream /etc/auto.net looks like this: # add "nosymlink" here if you want to suppress symlinking local filesystems # add "nonstrict" to make it OK for some filesystems to not mount

Bug#1052392: libpam-sss: Please ship a PAM config file for pam_sss_gss.so

Package: libpam-sss Version: 2.8.2-4 Severity: wishlist Here's the config file I am using: $ cat /usr/share/pam-configs/sss-gss Name: Authenticate if the user can obtain a valid Kerberos ticket for the local host Default: yes Priority: 512 Auth-Type: Primary Auth:

Bug#1050346: gnome-control-center: Segfault when editing properties of Wi-Fi connection

Package: gnome-control-center Version: 1:43.6-2~deb12u1 Severity: normal X-Debbugs-Cc: s...@robots.org.uk When I try to edit a particular Wi-Fi connection I get a segfault. (gdb) r Starting program: /usr/bin/gnome-control-center [Thread debugging using libthread_db enabled] Using host

Bug#984879: podman does not work on Debian with selinux loaded

On Wed, Jun 21, 2023 at 06:04:14PM +0100, Sam Morris wrote: > On Wed, Jun 21, 2023 at 05:28:48PM +0100, Sam Morris wrote: > > refpolicy has a 'container' module that appears to work, it's just not > > built by default. > > BTW, the existance of /etc/selinux/default/contexts

Bug#704180: p11-kit: provide package that diverts libnssckbi.so and replaces it with p11-kit-trust.so

On Tue, Jun 27, 2023 at 04:33:06PM +0100, Sam Morris wrote: > On Fri, Mar 03, 2023 at 02:43:48PM +0000, Sam Morris wrote: > > Commands to divert the original file and replace it with a symlink: > > > > # dpkg-divert --add --rename /usr/lib/x86_64-linux-gnu/libnssckbi.so &g

Bug#704180: p11-kit: provide package that diverts libnssckbi.so and replaces it with p11-kit-trust.so

On Fri, Mar 03, 2023 at 02:43:48PM +, Sam Morris wrote: > Commands to divert the original file and replace it with a symlink: > > # dpkg-divert --add --rename /usr/lib/x86_64-linux-gnu/libnssckbi.so > # ln -sr /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so > /usr/lib/x

Bug#1039571: gnome-software: "Loading application details" displayed forever

Package: gnome-software Version: 43.4-1 Severity: important X-Debbugs-Cc: s...@robots.org.uk When I click on any application from the default screen, information never loads. The "Loading application details" mesasge is displayed forever. If I click on a category instead of an application, the

Bug#1039570: flatpak: 'flatpak upgrade' repeatedly installs, removes, installs some obsolete runtimes

Package: flatpak Version: 1.14.4-1 Severity: normal X-Debbugs-Cc: s...@robots.org.uk Each time I run 'flatpak uprade' it installs and removes a couple of obsolete runtimes, over and over. According to 'flatpak list' the following flatpaks are installed: root@fragarach:~# flatpak list

Bug#984879: podman does not work on Debian with selinux loaded

On Wed, Jun 21, 2023 at 05:28:48PM +0100, Sam Morris wrote: > refpolicy has a 'container' module that appears to work, it's just not > built by default. BTW, the existance of /etc/selinux/default/contexts/lxc_contexts is what causes Podman to try to label containers. Which prevents it from

Bug#984879: podman does not work on Debian with selinux loaded

module -i debian/build-default/container.pp' 4. Start a container with 'podman run --rm -it docker.io/library/debian:11 sleep inf' 5. Check the context of the sleep process with 'ps -Z ' Any chance that module could be built by default? -- Sam Morris <https://robots.org.uk/> PGP: rsa4096/CA

Bug#1038164: RFP: container-selinux -- SELinux policy module for containers

Package: wnpp Severity: wishlist -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package name: container-selinux URL : https://github.com/containers/container-selinux License : GPL Description : SELinux policy confinement of containers This package is needed

Bug#926388: let Firefox trust /etc/ssl/certs/ca-certificates.crt

of Debian 12 ("bookworm"), firefox-esr and thunderbird no longer ship their own libnssckbi.so files: <https://packages.debian.org/search?searchon=contents=libnssckbi.so> So I thing this bug can be resolved as a duplicate of <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=

Bug#704180: p11-kit: provide package that diverts libnssckbi.so and replaces it with p11-kit-trust.so

On Fri, Mar 03, 2023 at 02:43:48PM +, Sam Morris wrote: > FYI, the file paths in the original bug report are no longer accurate > for Debian 12 ("bookworm"). > > Old path: /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so > New path: /usr/lib/x86_64-linux-gnu/li

Bug#905745: util-linux: tty hijacking possible in "su" via TIOCSTI ioctl

Package: util-linux Followup-For: Bug #905745 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Linux 6.2 introduces a sysctl dev.tty.legacy_tiocsti sysctl which can be used to disable TIOCSTI. The default value of the sysctl is set at build time with CONFIG_LEGACY_TIOCSTI.

Bug#628843: login: tty hijacking possible in "su" via TIOCSTI ioctl

Source: shadow Followup-For: Bug #628843 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 su/runuser are provided by util-linux these days. Can this bug be closed? - -- System Information: Debian Release: 12.0 APT prefers testing APT policy: (530, 'testing'), (520, 'unstable'), (500,

Bug#1034002: ldapvi: Chase referrals option [-C, --chase] not documented

Package: ldapvi Version: 1.7-10+b6 Severity: minor There is a rather useful -C option which can be used to disable referral chasing: $ ldapvi -C no $ ldapvi --chase=no It's not in the --help output nor the man page. -- System Information: Debian Release: 12.0 APT prefers testing APT

Bug#1033673: buildah: Not build with libsubid

Package: buildah Followup-For: Bug #1033673 Here's a merge request: https://salsa.debian.org/go-team/packages/golang-github-containers-buildah/-/merge_requests/2/ -- System Information: Debian Release: 12.0 APT prefers testing APT policy: (530, 'testing'), (520, 'unstable'), (500,

Bug#1033673: buildah: Not build with libsubid

Package: buildah Version: 1.28.2+ds1-1+b2 Severity: normal Tags: patch Similar to podman's #1019929, buildah is not built with libsubid support. So users with subordinate UID/GIDs stored in an LDAP directory can't use buildah without being root. Merge request with patch on the way... -- System

Bug#1032515: libsoup-3.0-0: Can't download from https://www.bing.com - connection reset by peer

Package: libsoup-3.0-0 Version: 3.2.2-2 Severity: normal X-Debbugs-Cc: s...@robots.org.uk With the following python script I get: $ python3 bing.py Traceback (most recent call last): File "/tmp/bing.py", line 7, in ses.send_and_read(mes) gi.repository.GLib.GError:

Bug#1030310: python3-poetry: 'poetry check' requires python3-trove-classifiers

Package: python3-poetry Version: 1.3.2+dfsg-3 Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 There's a missing dependency on python3-trove-classifiers in order for 'poetry check' to work. $ poetry check No module named 'trove_classifiers' - -- System Information:

Bug#1029070: /usr/lib/python3/dist-packages/ipalib/x509.py: Broken by python3-cryptography API break in 38.0.1

Package: python3-ipalib Followup-For: Bug #1029070 Control: forwarded -1 https://pagure.io/freeipa/issue/9160 Control: tags -1 + fixed-upstream patch Seems this is fixed in 4.9 and later versions. There's a patch for 4.9 at

Bug#1029070: /usr/lib/python3/dist-packages/ipalib/x509.py: Broken by python3-cryptography API break in 38.0.1

Package: python3-ipalib Version: 4.9.8-1 Severity: important File: /usr/lib/python3/dist-packages/ipalib/x509.py $ ipa vault-find Traceback (most recent call last): File "/usr/bin/ipa", line 27, in from ipaclient.__main__ import main File

Bug#389183: passwd: 'passwd -l/-u' should edit the shadow account expiry field *in addition* to editing the password field as they do know

Package: shadow,libpam-modules Followup-For: Bug #389183 A note to software archeologists: this was reverted in June 2007 by shadow 1:4.1.1-3, with the following remarks in the changelog: * debian/patches/494_passwd_lock-no_account_lock: Restore the previous behavior of passwd -l (which

Bug#1014463: podman-toolbox: Toolbox only works with fedora-toolbox:34

Package: podman-toolbox Version: 0.0.99.3-1 Followup-For: Bug #1014463 X-Debbugs-Cc: s...@robots.org.uk I think the log messages are a red herring and the underlying issue is that the toolbox binary is not able to run inside the container. Toolbox appears to work by bind-mounting

Bug#1023393: policykit-1: Not prompted to authenticate with my own identity any more

On 03/11/2022 15:17, Sam Morris wrote: But I suppose this should become a bug against polkitd-pkla since in practice its 49-polkit-pkla-compat.rules will never be called since 40-debian-sudo.rules is called first. Perhaps one solution would be to renumber to << 40, an

Bug#1023393: policykit-1: Not prompted to authenticate with my own identity any more

On 03/11/2022 13:39, Simon McVittie wrote: On Thu, 03 Nov 2022 at 11:51:52 +, Sam Morris wrote: Here's my configuration: # cat /etc/polkit-1/localauthority.conf.d/60-sam.conf [Configuration] AdminIdentities=unix-user:sam.mor...@domain.example.com Is that really your Unix

Bug#1023393: policykit-1: Not prompted to authenticate with my own identity any more

Package: polkitd Version: 122-1 Severity: important X-Debbugs-Cc: s...@robots.org.uk Since updating to 122, polkit authentication prompts ask me to authenticate as "Administrator" (root?) rather than my own user. Here's my configuration: # cat /etc/polkit-1/localauthority.conf.d/60-sam.conf

Bug#1022956: jmeter: fails to start: Unable to make field private static java.lang.String sun.awt.X11.XToolkit.awtAppClassName accessible: module java.desktop does not "opens sun.awt.X11" to unnamed m

Package: jmeter Version: 2.13-5 Severity: important X-Debbugs-Cc: s...@robots.org.uk jmeter fails to start: $ jmeter An error occurred: Unable to make field private static java.lang.String sun.awt.X11.XToolkit.awtAppClassName accessible: module java.desktop does not "opens sun.awt.X11" to

Bug#1019929: podman: Subordinate UID/GID ranges not fetched from libsubid

Control: tag -1 + patch On Fri, Sep 16, 2022 at 12:10:43PM +0100, Sam Morris wrote: > ... but it looks like podman doesn't use this library yet: I've prepared a patch that builds libpod against libsubid: <https://salsa.debian.org/debian/libpod/-/merge_requests/6> Regards, -- S

Bug#1020683: usbutils: Please include lsusbs.py

ge for your consideration. I've not renamed the command, but if the above doesn't convince you, how about /usr/bin/lsusb-py? (of course, the man page also has to be renamed, which makes it harder to send upstream...) Cheers, -- Sam Morris <https://robots.org.uk/> PGP: rsa4096/CAAA AA1A C

Bug#1020683: usbutils: Please include lsusbs.py

Package: usbutils Version: 1:014-1 Severity: wishlist usbutils includes a lsusbs.py command which gives much more readable output than lsusb. Looks like only 'usr/bin/lsusb.py' has to be added to debian/install to get it included in the binary package. -- System Information: Debian Release:

Bug#1020424: krb5: Versioned dependencies are needed in order to avoid version skew

Source: krb5 Version: 1.20-1 Severity: normal X-Debbugs-Cc: s...@robots.org.uk When using a container image that has an older version of some of the binary packages from krb5 in it, installing krb5-user results in binary packages being installed that are a mix of the newer and older version. The

Bug#1019929: podman: Subordinate UID/GID ranges not fetched from libsubid

Package: podman Version: 4.2.0+ds1-3 Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I've not got anything in /etc/subuid or /etc/subgid because subordinate id range info is stored in LDAP. $ grep ^subid: /etc/nsswitch.conf subid: sss This is transparent to clients using

Bug#1019917: /usr/bin/getsubids: Segfaults when nsswitch.conf refers to a libsubid_*.so library that does not exist

Package: uidmap Version: 1:4.11.1+dfsg1-2 Severity: normal File: /usr/bin/getsubids -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 With: $ grep ^subid: /etc/nsswitch.conf subid: sss I get: $ getsubids sam Segmentation fault (core dumped) GDB reveals that this is happening

Bug#958805: onedrive: SEGV and core dump on error (401)

Package: onedrive Version: 2.4.18-0.1+b1 Followup-For: Bug #958805 X-Debbugs-Cc: s...@robots.org.uk According to , > This issue is caused by the way the 'onedrive'

Bug#1019263: Audio capture (e.g., in MS Teams) doesn't work

It turns out this was caused by the audio_capture_enable setting which made its way into my profile. -- Sam Morris <https://robots.org.uk/> PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9

Bug#1019263: chromium: Audio capture (e.g., in MS Teams) doesn't work

Package: chromium Version: 105.0.5195.102-1 Severity: normal X-Debbugs-Cc: s...@robots.org.uk When I try to join a Teams meeting, I get the mesasge Are you sure you don't want audio or video? If you change your mind, select the camera icon by your address bar and then _Always allow_.

Bug#1015317: /lib/systemd/system/podman-auto-update.service: podman-auto-update.service broken - can't find /bin/podman

Package: podman Version: 4.1.1+ds1-2 Severity: normal File: /lib/systemd/system/podman-auto-update.service Jul 18 00:15:01 systemd[1]: Starting Podman auto-update service... Jul 18 00:15:01 systemd[3185620]: podman-auto-update.service: Failed to locate executable /bin/podman: No such file or

Bug#668462: network-manager: Wrong default for IPv6 Privacy Extensions

s this still the case? NetworkManager.conf(5) says: ipv6.ip6-privacy If ipv6.ip6-privacy is unset, use the content of "/proc/sys/net/ipv6/conf/default/use_tempaddr" as last fallback. -- Sam Morris <https://robots.org.uk/> PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9

Bug#1010889: network-manager: Please ship additional NM config examples found in examples/nm-conf.d/

Package: network-manager Version: 1.37.92-1 Severity: wishlist examples/nm-conf.d has a couple of drop-in example config files that it would be nie to find in /usr/share/doc/network-manager/examples. In particular, 30-anon.conf shows how to configure NM so that it won't leak information to the

Bug#1001644: [Pkg-sssd-devel] Bug#1001644: libpam-sss: OTP-enabled users do not recieve OTP prompts from pam_sss.so

On Wed, Dec 15, 2021 at 11:19:23AM +0200, Timo Aaltonen wrote: > On 13.12.2021 19.39, Sam Morris wrote: > > Package: libpam-sss > > Version: 2.6.1-1 > > Severity: normal > > > > In the default configuration, /etc/pam.d/common-auth contains: > > &g

Bug#656339: From: Felix Geyer

On Fri, Mar 23, 2012 at 01:24:03PM +, Sam Morris wrote: > > Could you please test if this is still a problem with version 4.1.8-dfsg-2? > > > > mesa didn't load the dri module as it wasn't installed into the multiarch > > directory. > > Sadly this is still the

Bug#1001644: libpam-sss: OTP-enabled users do not recieve OTP prompts from pam_sss.so

Package: libpam-sss Version: 2.6.1-1 Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 In the default configuration, /etc/pam.d/common-auth contains: auth [success=2 default=ignore] pam_unix.so nullok auth [success=1 default=ignore] pam_sss.so use_first_pass

Bug#995730: [Pkg-sssd-devel] Bug#995730: libnss-sss: sssd protocol is not stable; libnss-sss and so on need stricter dependencies

able sssd' in order to upgrade just sssd so I could drop my patch for pam_sss_gss.so which was included in 2.5.2. Sometimes I do run into the odd dependency issue like this as a result... :) -- Sam Morris <https://robots.org.uk/> PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9

Bug#995730: libnss-sss: sssd protocol is not stable; libnss-sss and so on need stricter dependencies

Package: libnss-sss Version: 2.5.2-3 Severity: normal I upgraded sssd today, and found that netgroup lookups no longer worked. See for the details. The underlying reason was that I had not upgraded libnss-sss, and the older libnss_sss.so.2 was unable to

Bug#989986: network-manager: NetworkManager exited and now I have no networking

Package: network-manager Version: 1.30.0-2 Severity: important X-Debbugs-Cc: s...@robots.org.uk NetworkManager.service has Restart=on-failure, but if something sends SIGTERM to NetworkManager then it exits with status 0. Anyway, this user expects NetworkManager expects NM to be up & the network

Bug#922945: [Pkg-shadow-devel] Bug#922945: /var/log/lastlog is a 110 TByte sparse file, seriously affecting backup

On Fri, Apr 16, 2021 at 01:30:36PM +0200, Bálint Réczey wrote: > Control: severity -1 wishlist > Control: tags -1 confirmed upstream > > Hi Sam, > > Sam Morris ezt írta (időpont: 2021. ápr. 13., K, 19:45): > > > > On Tue, 2021-04-13 at 15:26 +

Bug#922945: [Pkg-shadow-devel] Bug#922945: /var/log/lastlog is a 110 TByte sparse file, seriously affecting backup

in any case changing login.defs wouldn't be sufficient. -- Sam Morris <https://robots.org.uk/> PGP: rsa4096/CAAA AA1A CA69 A83A 892B  1855 D20B 4202 5CDA 27B9 signature.asc Description: This is a digitally signed message part

Bug#922945: /var/log/lastlog is a 110 TByte sparse file, seriously affecting backup

Package: login Followup-For: Bug #922945 X-Debbugs-Cc: s...@robots.org.uk Control: affects -1 libpam-modules Control: tag -1 patch There is a hint as to what's going on in login.defs(5). LASTLOG_UID_MAX (number) Highest user ID number for which the lastlog entries should be

Bug#966198: gdm3: Defunct gdm-session-worker processes occationally remains unhandled.

Package: gdm3 Version: 3.38.2.1-1 Followup-For: Bug #966198 X-Debbugs-Cc: s...@robots.org.uk I've noticed quite a few of these processes hanging around: $ pgrep gdm-session-worker -f | xargs ps -o pid,ppid,user,unit,uunit,args PIDPPID USER UNIT

Bug#982288: podman: Can't run caontainers - failed to connect to container's attach socket - fixed!

--the wonders of large enterprises... :) -- Sam Morris <https://robots.org.uk/> PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9 signature.asc Description: This is a digitally signed message part

Bug#982288: podman: Can't run caontainers - failed to connect to container's attach socket

Package: podman Version: 3.0.0~rc2+dfsg1-2+b1 Severity: grave Justification: renders package unusable X-Debbugs-Cc: s...@robots.org.uk After upgrading to podman 3, I can't run any containers any more. $ podman run --rm -it docker.io/library/debian:10 Error: failed to connect to

Bug#980167: /usr/lib/python3/dist-packages/syncthing_gtk/nautilusplugin.py: Errors from nautilus extension: AttributeError: 'str' object has no attribute 'decode'

Package: syncthing-gtk Version: 0.9.4.4+ds+git20201209+c46fbd8-1 Severity: normal File: /usr/lib/python3/dist-packages/syncthing_gtk/nautilusplugin.py With the extension enabled, nautilus outputs the following repeatedly: Traceback (most recent call last): File

Bug#962994: pcp: cron jobs launch pcp in cron's cgroup

Package: pcp Version: 5.2.3-1 Followup-For: Bug #962994 This doesn't appear to be fixed. I can see init scripts & cron job definitions but not systemd units present in the pcp package: $ dpkg -L pcp | grep systemd /usr/lib/pcp/pmdas/systemd /usr/lib/pcp/pmdas/systemd/Install

Bug#971424: gsd-usb-protection fails to add rule to allow USB devices

Package: gnome-settings-daemon Version: 3.38.1-2 Followup-For: Bug #971424 I'm still seeing this. The workaround is to stop (remove) usbguard, then disable usb protection on any newly-attached devices: for x in /sys/bus/usb/devices/usb*/authorized_default; do echo 1 > $x; done and then

Bug#970230: freeipa FTBFS on non-nodejs architectures

Package: src:freeipa Followup-For: Bug #970230 Control: tag -1 + patch This should let freeipa build on armel again: $ diff -u debian/rules.old debian/rules --- debian/rules.old2020-11-11 13:26:32.112603329 + +++ debian/rules2020-11-11 13:26:37.020620794 + @@ -99,7 +99,7 @@

Bug#971424: gsd-usb-protection fails to add rule to allow USB devices

Source: gnome-settings-daemon Version: 3.38.0-2 Severity: normal As I understand it, gsd-usb-protection adds a rule to allow any USB device but only while the system is not locked. On my system, gsd-usb-protection is unable to add the rule. $ /usr/libexec/gsd-usb-protection -v

Bug#967946: gnome-settings-daemon: pulls in usbguard, even though GNOME has no GUI for it and silently blocks devices

Source: gnome-settings-daemon Followup-For: Bug #967946 gnome-settings-daemon only Suggests: usbguard - so it's not pulled in by default (unless apt is configured to install suggested packages by default)? -- System Information: Debian Release: 10.6 APT prefers stable-updates APT policy:

Bug#968390: virtualbox-guest-x11: VBoxDRMClient missing

Package: virtualbox-guest-x11 Version: 6.1.12-dfsg-9 Severity: important -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 VirtualBox guest additions now includes a VBoxDRMClient program that is missing from the Debian package. I believe this is used for 3d acceleration under Wayland. I've not

Bug#874191: gdm3 started users start in wrong context

On Wed, Apr 01, 2020 at 11:48:29AM +0100, Sam Morris wrote: > Patches available: > > https://salsa.debian.org/selinux-team/libselinux/-/merge_requests/2 This one isn't needed now that libselinux 3.1 is in unstable. > https://salsa.debian.org/selinux-team/refpolicy/-/merge_requests/

Bug#965143: sssd: SSSD 2.3 won't let log in or use sudo

Source: sssd Followup-For: Bug #965143 Control: -1 + fixed-upstream patch Upstream things this is https://github.com/SSSD/sssd/pull/5222 which has been fixed upstream. https://patch-diff.githubusercontent.com/raw/SSSD/sssd/pull/5222.patch -- System Information: Debian Release: 10.4 APT

Bug#965143: sssd: SSSD 2.3 won't let log in or use sudo

Package: sssd Version: 2.3.0-2 Severity: grave Justification: renders package unusable This locks me out of my systems. $ sudo -l [sudo] password for sam.morris@ad.domain.example: Sorry, try again. [sudo] password for sam.morris@ad.domain.example: Sorry, try again.

Bug#965059: Syntax warnings with Python 3.8

Package: python3-yubico Version: 1.3.3-0.3 Severity: normal $ ipa user-find sam /usr/lib/python3/dist-packages/netaddr/strategy/__init__.py:189: SyntaxWarning: "is not" with a literal. Did you mean "!="? if word_sep is not '': /usr/lib/python3/dist-packages/yubico/yubikey_usb_hid.py:288:

Bug#964388: 'replicated server' entries with CIFS don't work

Source: autofs Version: 5.1.6-2 Severity: normal I'm trying to make DFS-replicated CIFS file shares available. In auto.master I have: /dfsfile:/etc/auto.dfs browse and in auto.dfs I have: /dfs/HD-fstype=cifs,sec=krb5i,cruid=$UID,multiuser ://server1.domain.example/HD

Bug#795281: autofs: Please provide a mechanism to make automount root mount points shared

fs/blob/master/f/autofs-5.1.6-make-bind-mounts-propagation-slave-by-default.patch In addition to making 'slave' the default, it also adds a 'shared' mount option. -- Sam Morris <https://robots.org.uk/> CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9

Bug#693782: auto.master.d documentation

e of file to be included must be ended with ".autofs". A file will be ignored if its name is not ended with the suffix. In addition a dot file, a file which name is started with "." is also ignored. -- Sam Morris <https://robots.org.uk/> CAAA AA1A

Bug#963899: Build smbclient against MIT krb5

Package: smbclient Version: 2:4.9.5+dfsg-1 Severity: wishlist I don't know how sane this might be, but you don't find out of if you don't ask, right? I run into lots of problems trying to use smbclient in my workplace. They boil down to the fact that Samba's bundled Heimdal library has a number

Bug#860151: keepalived: System loses virtual ip address after each systemd-networkd restart

Package: keepalived Followup-For: Bug #860151 I think this is no longer an issue since systemd 243, which adds the KeepConfiguration= network option. If set to 'yes' then networkd won't remove VIPS and such from managed interfaces when it (re)starts. -- System Information: Debian Release: 10.4

Bug#963692: /usr/share/info/gnupg.info.gz: Documentation regarding default RSA key size is out of date

Package: gnupg Version: 2.2.20-1 Severity: minor File: /usr/share/info/gnupg.info.gz The documentation for ---default-new-key-algo says that the default is rsa2048/cert,sign+rsa2048/encr but gpg-default-to-3072-bit-RSA-keys.patch changes this to rsa3072/cert,sign+rsa3072/encr. I suggest

Bug#962994: [pcp] Bug#962994: pcp: cron jobs launch pcp in cron's cgroup

still runnable in order to handle the case where the package has been removed (which removes the program) but not purged. In this case, conffiles such as cron jobs will still be present, and root will receive lots of mail from cron about the missing program. :) -- Sam Morris <https://robots.org.uk/> CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9

Bug#962994: pcp: cron jobs launch pcp in cron's cgroup

Package: pcp Version: 5.1.1-1 Severity: normal $ systemctl status cron ● cron.service - Regular background program processing daemon Loaded: loaded (/lib/systemd/system/cron.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2020-06-17 09:03:18 BST; 2min 5s

Bug#668538: RFP: vdsm -- Virtual Desktop and Server Manager

Followup-For: Bug #668538 Updated URL about building VDSM on Debian: https://www.ovirt.org/develop/developer-guide/vdsm/on-debian.html The changeset for debian packaging is here: https://gerrit.ovirt.org/#/c/49257/ This was merged, but the debian packaging was removed from vdsm Git in April

Bug#960947: sensors-applet: Please switch from libpanel-applet to libgnome-panel

Thank you for taking care of this! Sam

Bug#446036: exim4: please compile against openssl instead of gnutls

elicensing makes the political reason to stay with GnuTLS less important (I'll of course defer to the opinions of the maintainers here!) Anyway, if the maintainers would reconsider switching to OpenSSL once 3.0 enters Debian then I'd like to help! -- Sam Morris <https://robots.org.uk/>

Bug#733094: uvcdynctrl still filling the disk

implementation. -- Sam Morris

Bug#958025: gnome-shell: Wayland session never starts

On Fri, 2020-04-17 at 17:08 +0100, Sam Morris wrote: > Anyway... I'll keep upgrading things and follow up if I figure out > which package fixes things... Upgrading libatspi2.0-0 improved things. Although gnome-shell still hangs, the backtrace is now: #0 0x7ff4b79b8b4f in __GI___pol

Bug#958025: gnome-shell: Wayland session never starts

irly rare) occasions where problems are caused by version skew accross a source package I upgrade packages that apt missed by hand. > On Fri, 17 Apr 2020 at 15:48:51 +0100, Sam Morris wrote: > > Apr 17 15:16:09 gnome-session-binary[26371]: WARNING: Error > > creating FIFO: File ex

Bug#958025: gnome-shell: Wayland session never starts

Package: gnome-shell Version: 3.36.1-5 Severity: important Since upgrading to 3.36, once GDM starts the login screen does not for 90 seconds. During this time trying to switch to a different VTY with Ctrl+Alt+F5 etc. doesn't work. With 'journalctl _UID=$(id -u Debian-gdm)' I see: Apr 17

Bug#958017: libpango-1.0-0: Crash in pango_font_get_hb_font

Package: libpango-1.0-0 Version: 1.44.7-3 Followup-For: Bug #958017 Control: -1 severity minor After upgrading libpangocairo-1.0-0 to the version in unstable, pango-view gives some more useful messages: (pango-view:303404): GLib-GObject-WARNING **: 13:40:03.869: specified class size for

Bug#958017: libpango-1.0-0: Crash in pango_font_get_hb_font

Package: libpango-1.0-0 Version: 1.44.7-3 Severity: grave Justification: renders package unusable After upgrading libpango-1.0-0 from version 1.42.4-7~deb10u1 to version 1.44.7, gnome-terminal-server will no longer start. It crashes with: #0 0x in ?? () #1

Bug#955541: Login fails for a user name with non-ascii characters

Package: systemd Followup-For: Bug #955541 Control: affects -1 + sssd This also prevents logging in using Active Directory credentials with sssd. This is because sssd synthesizes an AD user's user name with: CONCAT(SAM-Account-Name, '@', DNS Domain Name) This also applies to group names. It's

Bug#874191: gdm3 started users start in wrong context

Package: selinux-policy-default Followup-For: Bug #874191 Patches available: https://salsa.debian.org/selinux-team/libselinux/-/merge_requests/2 https://salsa.debian.org/selinux-team/refpolicy/-/merge_requests/10 -- System Information: Debian Release: 10.3 APT prefers stable-updates APT

Bug#874191: gdm3 started users start in wrong context

Package: selinux-policy-default Version: 2:2.20190201-7 Followup-For: Bug #874191 Control: -1 + patch I have fixed this by making the following changes: 1. Patch libselinux with 2. Modify

Bug#874191: gdm3 started users start in wrong context

Package: selinux-policy-default Version: 2:2.20190201-7 Followup-For: Bug #874191 I realised that the log messages I provided above refer to gdm's systemd --user instance. Looking more carefully, on the Fedora system I see: systemd[1]: Starting User Manager for UID 167301...

Bug#874191: gdm3 started users start in wrong context

Package: selinux-policy-default Version: 2:2.20190201-7 Followup-For: Bug #874191 I've noticed that the processes that are part of my login session have the correct label. But systemd --user (and the processes underneath it) largely run with init_t and initrc_t. Adding 'verbose debug' to the

Bug#953070: RFP: source-to-image -- toolkit for building reproducible container images from source code

Package: wnpp Severity: wishlist -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 * Package name: source-to-image Version : 1.2.0 Upstream Author : Various * URL : https://github.com/openshift/source-to-image * License : Apache 2.0 Programming Lang: Go

Bug#950831: cockpit: Should recommend realmd

Package: cockpit Version: 212-1 Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 My machine is joined to a FreeIPA realm, but Cockpit isn't aware of this. After I installed realmd, Cockpit correctly shows information about the realm. I think cockpit should Recommend realmd so

Bug#946843: virtualbox-guest-x11: VBoxClient --clipboard terminates silently

Package: virtualbox-guest-x11 Version: 6.1.0-dfsg-3 Followup-For: Bug #946843 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I started seeing this too at around the same time. VBoxClient outputs the following: $ VBoxClient -v --clipboard -f Shared Clipboard: Starting X11 event thread

Bug#911289: ca-certificates: How to handle certificates distrusted in gecko?

Package: ca-certificates Followup-For: Bug #911289 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I think this comment[0] leads me to the place where the Symantec distrust is implemented. And it's not in NSS itself, but in browsers themselves [1, 2]. I don't know where this leaves

Bug#911289: ca-certificates: Symantec cert still included in Debian

Package: ca-certificates Followup-For: Bug #911289 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I'm trying to find a list of the distrusted certificates and it's not easy... going by [0], the last entry on the list is: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008

Bug#945532: RFP: python-urllib-gssapi -- GSSAPI over HTTP Negotiate/SPNEGO support for urllib/urllib2

Package: wnpp Severity: wishlist * Package name: python-urllib-gssapi Version : 1.0.1 * URL : https://github.com/pythongssapi/urllib-gssapi/ * License : Apache License 2.0 Programming Lang: Python Description : GSSAPI over HTTP Negotiate/SPNEGO support

Bug#945274: ca-certificates: Deal with multiple certificates per .crt file

Control: tag -1 + patch Here's a first draft at implementing this: https://salsa.debian.org/debian/ca-certificates/merge_requests/3 -- Sam Morris

Bug#945274: ca-certificates: Deal with multiple certificates per .crt file

Package: ca-certificates Version: 20190110 Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 When joining a machine to a FreeIPA domain, the domain's trusted certificates are placed in for integration with ca-certificates. If multiple certificates exist in FreeIPA's trust store,

Bug#944232: /lib/systemd/system/virtlogd.service: Please add needrestart overrides

Package: libvirt-daemon-system Version: 5.6.0-2 Severity: normal File: /lib/systemd/system/virtlogd.service needrestart currently defaults to restarting virtlogd when it detects that the service needs a restart. According to the man page and systemd unit, a reload operation will re-exec the

Bug#944157: geoclue-2.0: Segfaults when location services are not available

Package: geoclue-2.0 Version: 2.5.2-1 Severity: normal I see this a lot on my laptops: -- Logs begin at Tue 2019-07-23 14:37:14 BST, end at Tue 2019-11-05 10:43:48 GMT. -- Oct 22 14:53:25 geoclue[1582]: Failed to query location: Error resolving “location.services.mozilla.com”: Name or

Bug#931831: cups: http://localhost:631/ is served with HTTP Content-Type: text/plain

Package: cups Followup-For: Bug #931831 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I'm not seeing this with 2.3.0-5: $ curl -sSi http://localhost:631/ | grep ^Content-Type Content-Type: text/html; charset=utf-8 - -- System Information: Debian Release: 10.1 APT prefers

Bug#942368: libvirt-daemon: firewall rules lost when firewalld restarts

Package: libvirt-daemon Version: 5.6.0-2 Severity: normal My virtual machines often lose connectivity to external networks. This seems to be because libvirt's iptables rules are missing: root@fragarach:~# iptables -nv -L FORWARD Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts

Bug#942367: openipmi: Bashisms in init script

Source: openipmi Version: 2.0.25-2 Severity: normal /etc/init.d/openipmi uses /bin/sh but uses some features that require bash: $ checkbashisms debian/openipmi.init possible bashism in debian/openipmi.init line 55 (should be 'b = a'): if [ "${kernel}" == "2.4" ]; then possible

Bug#942369: sysbench: --warmup-time option is not implemented

Package: sysbench Version: 1.0.17+ds-1 Severity: normal Although documented, the --warmup-time option doesn't actually work: $ sysbench --warmup-time=5 cpu run sysbench 1.0.17 (using system LuaJIT 2.1.0-beta3) invalid option: --warmup-time=5 -- System Information: Debian Release:

Bug#941577: nextcloud-desktop: Please build against libcloudproviders

Package: nextcloud-desktop Version: 2.5.3-1 Severity: normal Currently users of Nextcloud are missing a convenient way to see the status of synchronization or access settings. libcloudproviders is the 'proper' way to do that in GNOME. When it is used, there is no longer any need for the user to

  1   2   3   4   5   6   7   8   9   10   >