Bug#1071571: mdir: wrong byte count reported in summary

Package: mtools Version: 4.0.33-1+really4.0.32-1 Severity: normal Tags: upstream patch The overall byte count shown in the summary is truncated (from the left) to ten effective digits, and is therefore wrong as soon as it reaches 10 GB (10^10 B): $ mdir f:abc Volume in drive F has no label Volu

Bug#1064634: qemu-system-x86: possible race-condition in qemu nat layer or virtio-net

Package: qemu-system-x86 Version: 1:7.2+dfsg-7+deb12u5 Severity: normal X-Debbugs-Cc: g...@libero.it I believe I spotted a race condition in virtio-net or qemu/kvm (but only when virtio-net is involved). To replicate, one needs a virtualization environment similar to Host: - debian 12 x86_64 - c

Bug#1040458: bookworm: please document that /etc/init.d/rsyslog is gone

Package: release-notes Severity: wishlist On servers that run sysvinit instead of systemd, after upgrading from bullseye to bookworm rsyslogd doesn't start at boot anymore, unless orphan-sysvinit-packages is installed. Perhaps it's worth mentioning in the RN, otherwise people might discover that

Bug#1037039: rsyslog - SysV init file missing

Package: rsyslog Version: 8.2302.0-1 Followup-For: Bug #1037039 X-Debbugs-Cc: g...@libero.it In case someone lands on this bug after discovering that rsyslogd doesn't start at boot anymore after upgrading to bookworm: If you don't want to install orphan-sysvinit-scripts, you can use the following

Bug#1040453: rsyslog: please, make postrotate action work also under sysvinit

Package: rsyslog Version: 8.2302.0-1 Severity: wishlist X-Debbugs-Cc: g...@libero.it Dear Maintainer, in bookworm, logrotate post-action does not work under sysvinit, because /usr/lib/rsyslog/rsyslog-rotate invokes systemctl in order to send SIGHUP to the daemon. A workaround is to install orpha

Bug#1040364: orphan-sysvinit-scripts: add triggers to restart daemons

Source: orphan-sysvinit-scripts Version: 0.14 Severity: wishlist Tags: patch X-Debbugs-Cc: g...@libero.it Dear Maintainer, please consider adding triggers for restarting daemons when the executables change (usually at package upgrade). The following patch just mentions rsyslogd (newly orphaned s

Bug#1024416: unbound does not restart reliably under sysvinit with apparmor in enforcing mode

Package: unbound Version: 1.13.1-1 Severity: normal Tags: patch X-Debbugs-Cc: g...@libero.it Hi With the apparmor profile shipped with unbound, /usr/sbin/unbound is allowed to truncate and create its own pidfile /run/unbound.pid, but cannot remove it at exit or rewrite it when it starts again. A

Bug#996361: iitalian: Italian hash file not compatible with current version of ispell

Package: iitalian Version: 1:2.3-3+b1 Severity: grave Justification: renders package unusable $ echo albergo ciao | ispell -d american -l albergo $ echo albergo ciao | ispell -d italian -l Illegal format hash table /usr/lib/ispell/italian.hash - expected magic2 0x9602, got 0x5053 $ file -L /usr

Bug#992618: hdparm: /lib/udev/hdparm does not set APM options anymore when resuming from suspend

Package: hdparm Version: 9.60+ds-1 /lib/udev/rules.d/85-hdparm.rules invokes /lib/udev/hdparm when block devices matching /dev/sdX or /dev/hdX are added. /lib/udev/hdparm is supposed to extract options relevant to $DEVNAME and battery-vs-ac status from /etc/hdparm.conf and apply them using /sbin/

Bug#983606: base-files: umask is not set for superuser

Package: base-files Version: 10.3+deb10u8 Severity: normal In /usr/share/base-files/dot.bashrc (which is copied to /root/.bashrc at package installation) the umask command is commented out, with this explanation: # Note: PS1 and umask are already set in /etc/profile. You should not # need

Bug#950714: unbound: cache confusion results in NXDOMAIN for existing names

Package: unbound Version: 1.9.0-2+deb10u1 Severity: important Sometimes unbound replies to a query for a forward-zone using a spurious cache entry, resulting in bogus NXDOMAIN responses that persist for cache-max-negative-ttl seconds (1 hour, by default), effectively disrupting name resolution for

Bug#947771: unbound: cannot restart daemon under sysvinit-core when apparmor is enforced

Package: unbound Version: 1.9.0-2+deb10u1 Severity: normal Tags: patch At startup the daemon creates its pidfile (/run/unbound.pid) while running as root, chown()s it to unbound:unbound, then drops privileges and runs as user unbound. At shutdown, the pidfile is successfully truncated, but the fo

Bug#930247: grep: inconsistent behaviour with anchored regex containing back-references

Package: grep Version: 2.27-2 Severity: normal There seems to be a problem with beginning/end-of-line anchors in regex containing back-references: $ cat words ana deed ill stats Using -x to match whole line works: $ egrep -x '(.?)(.?).?\2\1' words ana deed stats Using explicit anchors emits fa

Bug#930245: libstdc++-6-dev: namespace pollution with low-level macros

Package: libstdc++-6-dev Version: 6.3.0-18+deb9u1 Severity: normal $ cat s.cc #include int major(int x) { return x & ~0x; } $ g++ -E -dD -ansi s.cc | grep -w major int major(int x) { return x & ~0x; } $ g++ -E -dDs.cc | grep -w major #define major(dev) gnu_dev_major (dev) With

Bug#928449: firefox-esr: Add-ons fail to install probably due to upstream certificate issue

Package: firefox-esr Version: 60.6.1esr-1~deb9u1 Followup-For: Bug #928449 The problem is caused by an expired intermediate certificate in the builtin chain of trust that the browser applies to verify signatures on addons. More details are available at https://blog.mozilla.org/addons/2019/05/04/u

Bug#882586: libc6-dev:amd64: pthread_rwlock_unlock segfaults in statically linked executable

Package: libc6-dev Version: 2.24-11+deb9u1 Severity: important A minimal program that exercises R/W locks crashes when linked statically: $ cat test-rwlock.c #include int main() { pthread_rwlock_t rw; if (pthread_rwlock_init(&rw, NULL)) return -1; if (pthread_rwlock_wrlock(&rw))

Bug#879058: cpio: crashes when reading ustar archives created by itself

Package: cpio Version: 2.11+dfsg-6 Severity: normal cpio is unable to read a USTAR archive created by itself: $ ls -ogl 4 -rw-r--r-- 1 30 Oct 18 21:35 x $ echo x | cpio -ovH ustar > x.cpio x 4 blocks $ cpio -ivtH ustar < x.cpio *** Error in `cpio': realloc(): invalid pointer: 0x0044cb20 *** ===

Bug#874798: libc6: mktime() does not set errno when it fails

Package: libc6 Version: 2.24-11+deb9u1 Severity: normal Tags: upstream When mktime() fails to convert a struct tm to a time_t, it returns -1. It should also set errno to EOVERFLOW in order to distinguish the failure from the legitimate case of converting "1 second before the epoch". The following

Bug#864598: python-reportbug: logic error in send_report()

Package: python-reportbug Version: 6.6.3 Severity: normal The condition elif outfile or not ((mta and os.path.exists(mta)) or smtphost): in /usr/lib/python2.7/dist-packages/reportbug/submit.py (line 315) is true also if outfile is None and mta is set to a non-existent path. The following l

Bug#864500: cpp-4.9: warnings from assert(strncmp(...) == 0) when using -O

Package: cpp-4.9 Version: 4.9.2-10 Severity: minor The following program, #include #include int main() { const char *a = "xyz", *b = a; assert(strncmp(a, b, 3) == 0); return 0; } compiles fine with "gcc -Wall -ansi -pedantic -Wprogram.c", bu

Bug#821759: Iceweasel does not warn about website asking to store data for offline use

Package: firefox-esr Version: 45.7.0esr-1~deb8u1 Followup-For: Bug #821759 I believe browser.offline-apps.notify (i.e. ask me for offline storage) is overridden by the offline-apps.allow_by_default, which is true by default (no pun intended). I got FF to ask me for permission after toggling the l

Bug#844089: e2fsprogs: e2image unable to restore metadata

Package: e2fsprogs Version: 1.42.12-2 Severity: normal Apparently, e2image is unable to restore metadata from its own image files: # mke2fs /tmp/scratch/b.img Creating filesystem with 262144 1k blocks and 65536 inodes Filesystem UUID: f1cd508c-ea95-420f-89c4-61b989a0890e Superblock backups store

Bug#844050: cryptsetup: /lib/cryptsetup/scripts/decrypt_ssl throws away the key it has just decrypted

Package: cryptsetup Version: 2:1.6.6-5 Severity: normal In /lib/cryptsetup/scripts/decrypt_ssl the relevant decryption command, /usr/bin/openssl enc -aes-256-cbc -d -salt -in $1 >/dev/null 2>&1 redirects output from openssl enc -d to /dev/null, rendering the script useless except for checking

Bug#838958: linux: mount(2) _silently_ ignores other mountflags when MS_BIND is set

Source: linux Severity: important Tags: upstream >From the mount(2) man page: MS_BIND (Linux 2.4 onward) Perform a bind mount, making a file or a directory subtree visible at another point within a filesystem. Bind mounts may cross filesystem boundaries and span chroot

Bug#838957: lxc: read-only bind mounts are in fact read/write

Package: lxc Version: 1:1.0.6-6+deb8u3 Severity: important To reproduce: root@debian-host# lxc-create -n bb -t busybox root@debian-host# cat /var/lib/lxc/bb/config lxc.network.type = empty lxc.rootfs = /var/lib/lxc/bb/rootfs lxc.haltsignal = SIGUSR1 lxc.utsname = bb lxc.tty = 1 lxc.pts = 1 lxc.

Bug#835421: mutt: Bug in POP3 authentication via SASL mechanism DIGEST-MD5

Package: mutt Version: 1.5.23-3 Severity: normal Tags: patch upstream According to , the DIGEST-MD5 authentication should proceed along a sequence similar to the following: 1. C: AUTH DIGEST-MD5 2. S: + base64-encoded-server-challenge 3. C: base64-en

Bug#825416: libssl1.0.0: upstream bug report

Package: libssl1.0.0 Followup-For: Bug #825416 https://rt.openssl.org/Ticket/Display.html?id=4546

Bug#825416: libssl1.0.0: EVP_{Encrypt, Decrypt, Cipher}Final() do not clean up cipher context

Package: libssl1.0.0 Version: 1.0.1k-3+deb8u5 Severity: important Tags: upstream The EVP_EncryptFinal(3ssl) man page reads: EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a similar way to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and EVP_CipherFinal_ex() exc

Bug#823222: gcc-4.9: reordering of signed int operations triggers overflow

Package: gcc-4.9 Version: 4.9.2-10 Severity: normal I compiled the program #include #include int main() { int s = 1 << 30; s += (s - 1); printf("%d\n%d\n%d\n", sizeof s, s, INT_MAX); return 0; } with "gcc -W -Wall -ansi -pedantic -O0 -fsanitize=u

Bug#787969: udev integration: overheating disk caused by mistakes in 85-hdparm.rules and hdparm-functions

Package: hdparm Version: 9.43-2 Severity: important Mistake in /lib/udev/rules.d/85-hdparm.rules: ACTION=="add", SUBSYSTEM=="block", KERNEL=="[sh]d[a-z]*", RUN+="/lib/udev/hdparm" should be ACTION=="add", SUBSYSTEM=="block", KERNEL=="[sh]d[a-z]", RUN+="/lib/udev/hdparm" As it is now, t

Bug#785307: xcolorsel: Crash in Grab color

st regards g1 -- System Information: Debian Release: 8.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.16.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shel

Bug#784143: pgrep: behaviour of '-lf' changed.

Package: procps Version: 2:3.3.9-9 Severity: normal In procps/wheezy, the combination of the '-l' and '-f' flags had a specific output, which IIRC was the same across *BSD, Solaris, and many versions of GNU/Linux: $ pgrep -lf iceweasel 6543 iceweasel --no-remote In jessie, the behaviour has chan

Bug#744942: a2ps: ap2s reads init file from current directory

Package: a2ps Version: 1:4.14-1.1+deb7u1 Severity: normal a2ps reads and parses ./.a2psrc, without checking ownership of the file/directory. This might be used to trick other users (even root) into executing crafted code, perhaps leading to local compromise. joe:~$ echo 'Variable: lp.default | /

Bug#743973: duplicity: make imap backend split files in chunks

Package: duplicity Version: 0.6.18-3 Severity: normal Tags: patch I implemented a set of changes to the imap backend, to work around the restrictions on message size that most IMAP providers impose on customer mailboxes: the code has been slightly simplified, and changed to transparently store and

Bug#735168: FILESAVE: LibreOffice corrupts XLSX file (upstream bug 49120)

Package: libreoffice-calc Version: 1:3.5.4+dfsg2-0+deb7u2 Followup-For: Bug #735168 This looks like an upstream bug, , which might have been resolved by this patch

Bug#694351: lsof: Please downgrade the dependency on perl to "Recommends"

mmends:". Best regards, g1 -- System Information: Debian Release: 7.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=

Bug#740221: cvs: configure --disable-rootcommit considered harmful

Package: cvs Version: 2:1.12.13+real-9 Severity: normal debian/rules configures the package with "--disable-rootcommit" (which is also the upstream default), to prevent root from committing to local repositories. That makes impossible for root to track his own files in a private local repository,

Bug#739853: bash: "hash -l" output not always reusable for input

Package: bash Version: 4.2+dfsg-0.1 Severity: minor Output from hash -l is not properly quoted, and might lead to surprises when a file name contains whitespace characters: $ add2path=`mktemp -d /tmp/XX` $ export PATH=$PATH:$add2path $ cp -p /bin/true "$add2path/t rue" $ "t rue" $ hash -l | t

Bug#731621: duplicity: verify does not really check file contents. it compares only inode information

Package: duplicity Version: 0.6.18-3 Severity: normal Tags: upstream The "verify" command of duplicity does not check file contents, it only compares modification time and size of files and directories. For example, if one issues the following commands, mkdir /tmp/src echo hello > /tmp/s

Bug#731330: libstdc++6: functions labelled FNV-1a in /usr/include/c++/4.7/tr1/functional_hash.h are not FNV-1a

Package: libstdc++6 Version: 4.7.2-5 Severity: minor As far as I know, the FNV and FNV-1a algorithms process octects, i.e. unsigned chars. (see e.g. http://tools.ietf.org/html/draft-eastlake-fnv-03#section-2 ) The implementations in /usr/include/c++/4.7/tr1/functional_hash.h work on chars, inste

Bug#730029: fdm does not match hostname/fqdn against Subject Alternative Name

Package: fdm Version: 1.6+cvs20111013-2 Severity: wishlist Tags: patch upstream fdm rejects the SSL certificate for one of the pop3s servers listed in my configuration, because the hostname does not match the CN in the X509 structure. However, the hostname does match one of the DNS names listed

Bug#725417: mbr: install-mbr wipes the disk-id portion of the MBR, rendering Windows 7 unbootable

Package: mbr Version: 1.1.11-5+b1 Severity: important Tags: upstream For years, I have run "install-mbr /dev/sda" on every hard disk where I wanted to install Linux to its own partition, in addition to a pre-existing Windows partition. Last time I did, it resulted in an unbootable Windows 7 syste

Bug#718205: e2fsprogs: integer overflow in e2freefrag leads to wrong max extent report

Package: e2fsprogs Version: 1.42.5-1.1 Severity: minor Tags: patch upstream e2freefrag report incoherent information on a large filesystem with large chunks of contiguous free space, due to integer overflow in computing max free extent. I did not check if it's really present upstream, but I belie

Bug#712969: spell does not default to reading from stdin when options are present (generalizes #323011)

Package: spell Version: 1.0-24 Severity: normal Tags: patch Dear Maintainer, consider this script: for i in "spell" "spell -" "spell -D italian" "spell -D italian - " ; do echo $i echo casa house sdfsdfhk | $i done and its output: spell casa sdfsdfhk spel

Bug#702605: icedove does not start if ~/.icedove is empty.

. A quick and dirty workaround consists in setting the environment variable LD_BIND_NOW=1 before launching the executable (see the following patch). Of course it would be much better to change the build script in order to add libxpcom.so to the libraries. Best regards, g1 PS: I see that

Bug#701083: nvi: 27support_C_locale.dpatch broke command history. please revert

Package: nvi Version: 1.81.6-8.1 Severity: normal When nvi is built with debian patch 27support_C_locale.dpatch included, the command history doesn't work: :set cedit=^P :%s/a/a :^P shows :^@^@^@s^@^@^@e^@^@^@t^@^@^@^@^@^@c^@^@^@e^@^@^@d^@^@^@i^@^@^@t^@^@^@=^@^@^@^P^@^@^@ :^@^@^@%^@^@^@s^@^@^@/

Bug#695143: mercurial removes directory when removing the last contained file.

Package: mercurial Version: 1.6.4-1 Severity: normal If I "hg remove" the last file in a directory, mercurial removes the directory on commit (see below). Perhaps it's an upstream bug. Perhaps it's a feature documented in the Definitive Guide, but I won't buy the book just to check this, and t