Re: Uploading linux (6.6.15-1)
Hi, On Sat, Feb 03, 2024 at 12:32:08AM +0100, Cyril Brulebois wrote: > Salvatore Bonaccorso (2024-02-02): > > One thing is still unresolved, thus additonally to the explicit CC to > > kibi, as well including debian-boot. We have the armel d-i situation > > not yet resolved, debian-boot folks, do you have any imput on the > > situation from the thread in > > https://lists.debian.org/debian-release/2024/01/msg00089.html ? > > My gut feeling from what was discussed is that nobody will ever use > > the d-i on armel. > > I'm not sure how much time armel will stick around (for existing > systems), but it looks to me that d-i/armel is no longer relevant. Thanks for your reply on d-i side of this. So i suggest we move ahead with transitioning 6.6.y to testing accordingly. Thanks a lot! Regards, Salvatore
Uploading linux (6.6.15-1)
Hi,
I would like to upload linux version 6.6.15-1 ideally over the weekend
to unstable. The new version imports two versions of the 6.6.y stable
series (which is upstream an LTS) up to 6.6.15. It contains a larger
amount of changes as it consisted of versions released after the merge
window upstream for 6.8. Some CVEs are addressed in this update:
CVE-2023-46838, CVE-2023-50431, CVE-2024-1085 and CVE-2024-1085.
As there is an upcoming pont release on weekend of 10th of february
and as the linux uploads for both bullseye 11.9 and bookworm 12.5
needs to be ready over the weekend, those should get priority in terms
of having the signed packages available (the rest is done). So maybe
6.6.15-1 should be accetepd to be build and then signed packages done
only after we have the linux-signed-{i386,amd64,arm64} for both
bullseye-pu and bookworm-pu.
One thing is still unresolved, thus additonally to the explicit CC to
kibi, as well including debian-boot. We have the armel d-i situation
not yet resolved, debian-boot folks, do you have any imput on the
situation from the thread in
https://lists.debian.org/debian-release/2024/01/msg00089.html ?
My gut feeling from what was discussed is that nobody will ever use
the d-i on armel.
There are no other packaging changes apart patches refresh (and
upstream applied patches) for the rt featureset due to the 6.6.14 and
6.1.15 imports.
Regards,
Salvatore
signature.asc
Description: PGP signature
Bug#1035973: unblock: linux/6.1.27-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: li...@packages.debian.org, k...@debian.org, debian-boot@lists.debian.org, b...@debian.org, car...@debian.org Control: affects -1 + src:linux Hi Release team, hi Cyril for debian-boot/d-i, Please unblock package linux The upload was announced in https://lists.debian.org/debian-release/2023/05/msg00287.html and summarizing consists of importing new stable series. But in particular addressing recent CVEs, covering CVE-2023-31436 and CVE-2023-2002. Additionally the fix for CVE-2023-32233 is cherry-picked. The package has been only 3 days, but I'm asking for an unblock and aging due to CVE-2023-32233 in particular. *Unless* it is going to block d-i RC3 release, then let's wait after that. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [ ] attach debdiff against the package in testing Not attaching the debdiff. Regards, Salvatore
Re: Bug#1035316: [pre-approval request] unblock: firmware-nonfree/20230210-5
Hi, On Mon, May 01, 2023 at 06:36:01PM +0200, Cyril Brulebois wrote: > Hi, > > Salvatore Bonaccorso (2023-04-30): > > [ Other info ] > > As beeing the firmware-nonfree package, I'm explicitly CC'ing as well > > Cyril on this pre-approval request. > > Thanks for that. > > > Furthermore the attached debdiff still contains the UNRELEASED > > changelog entry, which will be switched for the upload. > > ACK. > > With both my d-i and release hats: looks good to me, please go ahead. Thanks Cyril for the review. Just uploaded. Regards, Salvatore
Bug#1035316: [pre-approval request] unblock: firmware-nonfree/20230210-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: firmware-nonf...@packages.debian.org, k...@debian.org, debian-boot@lists.debian.org, debian-ker...@lists.debian.org, car...@debian.org Control: affects -1 + src:firmware-nonfree Dear release team, Please unblock package firmware-nonfree [ Reason ] A piuparts run from Andreas found that we had broken symlink for two firmware files in firmware-brcm80211, cf. #1035282. The reason was that we missed a rename back in upstream 20220411, included in the upload in Debian as 20210208-1. [ Impact ] Loading of firmware for Rock960 Cypress 4356 WiFi, and those using VIM2 4356 WiFi devices would not work. [ Tests ] None additional done specifically to the change apart the packaging build pipeline and verifying that the links are now correctly placed. [ Risks ] Adds the missing symlinks for the firmware files. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] As beeing the firmware-nonfree package, I'm explicitly CC'ing as well Cyril on this pre-approval request. Furthermore the attached debdiff still contains the UNRELEASED changelog entry, which will be switched for the upload. The upload adds as well one further additional link for brcmfmac4356-sdio.firefly,firefly-rk3399.txt to mirror all changes upstream did with https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=4ffcf980a535c1f26aa994ecf64a1b9d1ed6216e . unblock firmware-nonfree/20230210-5 Regards, Salvatore diff -Nru firmware-nonfree-20230210/debian/changelog firmware-nonfree-20230210/debian/changelog --- firmware-nonfree-20230210/debian/changelog 2023-03-11 15:15:03.0 +0100 +++ firmware-nonfree-20230210/debian/changelog 2023-04-30 07:31:54.0 +0200 @@ -1,3 +1,11 @@ +firmware-nonfree (20230210-5) UNRELEASED; urgency=medium + + * brcm80211: brcm: rename Rock960 NVRAM to AP6356S and link devices to it +(Closes: #1035282) + * Update to linux-support 6.1.0-8 + + -- Salvatore Bonaccorso Sun, 30 Apr 2023 07:31:54 +0200 + firmware-nonfree (20230210-4) unstable; urgency=medium * iwlwifi: Add missing files entry for iwlwifi-so-a0-hr-b0-72.ucode. diff -Nru firmware-nonfree-20230210/debian/config/brcm80211/defines firmware-nonfree-20230210/debian/config/brcm80211/defines --- firmware-nonfree-20230210/debian/config/brcm80211/defines 2023-03-11 14:25:34.0 +0100 +++ firmware-nonfree-20230210/debian/config/brcm80211/defines 2023-04-30 07:30:52.0 +0200 @@ -59,8 +59,10 @@ brcm/brcmfmac4356-pcie.clm_blob brcm/brcmfmac4356-sdio.bin brcm/brcmfmac4356-sdio.clm_blob - brcm/brcmfmac4356-sdio.vamrs,rock960.txt + brcm/brcmfmac4356-sdio.AP6356S.txt + brcm/brcmfmac4356-sdio.firefly,firefly-rk3399.txt brcm/brcmfmac4356-sdio.khadas,vim2.txt + brcm/brcmfmac4356-sdio.vamrs,rock960.txt brcm/brcmfmac4358-pcie.bin brcm/brcmfmac43602-pcie.ap.bin brcm/brcmfmac43602-pcie.bin @@ -192,8 +194,8 @@ [brcm/brcmfmac4356-pcie.gpd-win-pocket.txt_base] desc: Broadcom BCM4356-PCIe NVRAM for GPD Pocket and Win -[brcm/brcmfmac4356-sdio.vamrs,rock960.txt_base] -desc: Rock960 Cypress 4356 WiFi +[brcm/brcmfmac4356-sdio.AP6356S.txt_base] +desc: Broadcom AP6356S WiFi module NVRAM [brcm/brcmfmac4358-pcie.bin_base] desc: Broadcom BCM4358 firmware diff -Nru firmware-nonfree-20230210/debian/control firmware-nonfree-20230210/debian/control --- firmware-nonfree-20230210/debian/control2023-03-11 15:15:03.0 +0100 +++ firmware-nonfree-20230210/debian/control2023-04-30 07:31:54.0 +0200 @@ -1407,6 +1407,11 @@ * Broadcom BCM43569 firmware (brcm/brcmfmac43569.bin) * Broadcom BCM4356-PCIe NVRAM for GPD Pocket and Win (brcm/brcmfmac4356-pcie.gpd-win-pocket.txt) + * Broadcom AP6356S WiFi module NVRAM +(brcm/brcmfmac4356-sdio.AP6356S.txt, +brcm/brcmfmac4356-sdio.firefly,firefly-rk3399.txt, +brcm/brcmfmac4356-sdio.khadas,vim2.txt, +brcm/brcmfmac4356-sdio.vamrs,rock960.txt) * Broadcom BCM4358 firmware (brcm/brcmfmac4358-pcie.bin) * Broadcom BCM43602 AP-mode firmware (brcm/brcmfmac43602-pcie.ap.bin) * Broadcom BCM43602 firmware (brcm/brcmfmac43602-pcie.bin) diff -Nru firmware-nonfree-20230210/debian/control.md5sum firmware-nonfree-20230210/debian/control.md5sum --- firmware-nonfree-20230210/debian/control.md5sum 2023-03-11 15:15:03.0 +0100 +++ firmware-nonfree-20230210/debian/control.md5sum 2023-04-30 07:31:54.0 +0200 @@ -1,5 +1,5 @@ 756f19279d2cfa999df58e6455f10465 debian/bin/gencontrol.py -2ef82c26fcd61901f230fcbd975e12c5 debian/build/version-info +292ee54d1efa3dd0e5f82b863b8c46c6 debian/build/version-info 29c8d86cbba7d798701946b1d990539e debian/templates/control.binary.in c03e4b00d7d344da35e815e921d78018 debian/templates/control.extra.in
Bug#1031643: marked as pending in preseed
Hi Cyril, On Sun, Apr 09, 2023 at 11:45:42PM +, Cyril Brulebois wrote: > Control: tag -1 pending > > Hello, > > Bug #1031643 in preseed reported by you has been fixed in the > Git repository and is awaiting an upload. You can see the commit > message below and you can check the diff of the fix at: > > https://salsa.debian.org/installer-team/preseed/-/commit/c916fca7c381648073115edf8d31315ef087cb1f > > > env2debconf: restore support for the hostname alias (Closes: #1031643, > #1034062). > > Detect and propagate as needed. > > Many thanks to Andreas B. Mundt! > Tested with your artifacts provided, and my original test case with virt-install'ing a bookworm machine unattended with hostname= passing works again. Thank you! Regards, Salvatore
Bug#1031643: preseeding hostname=foo via the kernel command line seems to be ignored
Hi, On Sun, Feb 19, 2023 at 07:39:02PM +0100, Cyril Brulebois wrote: > Package: preseed > Version: 1.113 > Severity: normal > X-Debbugs-Cc: Salvatore Bonaccorso > > Filing this against preseed for visibility, after Salvatore Bonaccorso > reported that D-I Bookworm Alpha 1 was dealing with preseeding > hostname=foo just fine, and that it's no longer the case with D-I > Bookworm Alpha 2: the hostname question is asked, with either the > default value (“debian”) or a value determined from the DHCP hostname > (if any). > > The relevant code didn't change on the installer side, but Linux > mainline got a relevant commit: 5a704629f2 (first released in v6.0-rc1): > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5a704629f2c1ba33bbb444cb18e6957e97c76e8f > > At first glance, a side effect is that the kernel seems to “eat” the > hostname=foo parameter instead of leaving it alone as it did in earlier > versions, possibly hiding it from the installer: > > -Unknown kernel command line parameters "--- > BOOT_IMAGE=/install.amd/vmlinuz vga=788 hostname=miaou", will be passed to > userspace > +Unknown kernel command line parameters "--- > BOOT_IMAGE=/install.amd/vmlinuz vga=788", will be passed to userspace > > > Now, parameters might be added before or after the '---' marker, and > moving hostname=foo from after to before this marker makes this issue go > away. > > Checking the story behind that marker, i.e. debian-installer-utils > version 1.109 first published in jessie to fix #762007, I'm not sure > what to think about it… A cursory look at it suggests parameters found > after that marker should be visible to both the installer and the > kernel, but that's not the case here. > > Looking at the user-space side, I'm still seeing “hostname=foo” at the > end of /proc/cmdline, but calling user-params only returns “quiet”, and > that's the case for both D-I Bookworm Alpha 1 and Alpha 2. Both images > have the same /etc/preseed_aliases, which dictates what user-params > does. > > > Adding DEBCONF_DEBUG=developer on the kernel command line, searching for > lines with “cdebconf” and “hostname”, the big difference is that line, > only in Alpha 1: > > debconf: Adding [ID] -> [netcfg/get_hostname] > > It happens early in the boot process (at start-up), and that comes from > debconf's question_variable_add() function. Right after that, there's an > extra “frontend” line (not “cdebconf” this time) marking that question > as seen, which means the hostname prompt is skipped down the line. > > Why the difference? The actual consequence of the Linux change is not in > /proc/cmdline or user-params or preseed, it's just just about early > start-up: /init is run without hostname=foo in its environment, which > explains why the debconf preseeding is no longer happening. > > > I'm not sure where to go from here though. Compensate for this change by > adding a special case for this parameter in env2debconf? The existing > code seems unfriendly enough as it is… maybe implement /proc/cmdline > lookup from netcfg instead? Not doing anything? All three options seem > suboptimal to me… First, this was a real use case which triggered noticing the issue with the D-I Bookworm Alpha 1 while doing some pre-testing. But if there is no reasy technical way to continue having the hostname alias support for preseed, would a pracmatic solution be to drop support for the hostname= alias, cleanup as well the documentation on it, and have people use the longer netcfg/get_hostname instead? Regards, Salvatore
Bug#1010264: CVE-2022-28391
Hi, On Thu, Apr 28, 2022 at 09:04:52AM +0200, Moritz Muehlenhoff wrote: > On Wed, Apr 27, 2022 at 11:29:00PM -0400, Theodore Ts'o wrote: > > Neither seems to be security related. Are you sure this was correctly > > filed against e2fsprogs? > > Apologies, I reported multiple incoming new issues from the CVE feed > and I must have mis-pasted the wrong Emacs buffer into the report. > > The correct references are > https://bugzilla.redhat.com/show_bug.cgi?id=2069726 > https://bugzilla.redhat.com/show_bug.cgi?id=2068113 > > And the proposed patch was already posted at: > https://lore.kernel.org/linux-ext4/20220421173148.20193-1-lczer...@redhat.com/T/#u Theodore, btw the BTS reference for the e2fsprogs issue is #1010263 and the CVE id CVE-2022-1304. #1010264 and CVE-2022-28391 is respectively for busybox. the bug already reassigned accordingly earlier. Regards, Salvatore
Bug#1005693: Bug#1005884: iwlwifi bug fix
Hi Bernhard, On Tue, Feb 22, 2022 at 07:34:17AM +, Bernhard wrote: > Hello Holger > Hello Salvatore > > This bugfix also closes my installation report #1005693. > Do you think, you can release 5.16.10-2 with this bugfix in the next > days? > Without this bugfix, installation of sid with iwlwifi card present in > the system is not possible. Not sure yet. While I have already cherry-picked the respective commit (cf. https://salsa.debian.org/kernel-team/linux/-/commit/ec0760c7cc4bbaccc913df3e22fd3e296c519936) for the next upload, I'm actually pondering to move on the next stable import (5.16.11, to be released tomorrow). Regards, Salvatore
Bug#991947: apt-setup: Consider adding $codename-updates configuration to /etc/apt/sources.list (if available even if yet $codename is testing)
Source: apt-setup Version: 1:0.166 Severity: wishlist Tags: d-i X-Debbugs-Cc: car...@debian.org Dear Debian Install System Team, When installing bullseye with the current RC3 I noticed that while the debconf menu suggests (and has selected) to add release updates suites ($codename-updates) to the sources.list in case when bullseye is yet testing, they are not added via generators/92updates because generators/90services-select in case of the suite not beeng stable or odstable, does not select it: updates=y if [ "$suite" != stable ] && [ "$suite" != oldstable ]; then disable_service updates || true updates=n fi I wonder if this could be handled in times before a stable release is planned, and the suite is already present on the mirrors (this is at some time before a stable release prepartion when release team starts to interact with infrastructure teams I think to setup what is needed for the next stable release) The reason I ask this, is that the coverage would be bigger for people having it in the sources.list if they install it in time shortly before a stable release is released, and we strongly rely on updates to be possible to push via the stable-updates mechanism, see for instance https://lists.debian.org/debian-stable-announce/2021/06/msg1.html ? Cyril mentioned two ideas how this can be done. Either having a flag which can be enabled one we switch from an Alpha to some RC Release for d-i once the installer matured enough and infrastructure is set up in perspective of a future stable release. One other alternative would be to do an online test if the suite is already present and only add it in that case. What do you think of this idea? If you think it's nonsense, feel free to mark it straight as wontfix and close it. Regards, Salvatore
Bug#989863: debian-installer: Firmware problems in bullseye
HI Cyril, On Mon, Jul 26, 2021 at 06:14:09AM +0200, Cyril Brulebois wrote: > @KT: > > I haven't uploaded it since I'm seeing iwlwifi requesting what appears > to be a debug-only firmware (iwl-debug-yoyo.bin), that's even requested > via an aptly-named firmware_request_nowarn() function in linux.git; I'd > like to check with the kernel maintainers whether it's expected for this > message to show up in dmesg still (given the name and comments in > linux.git, I'm not sure it should). In any cases, it's slightly sad to > pause and prompt users from firmware files we don't ship anywhere > (AFAICT), that they don't actually need. > > Therefore, I'm tempted to blacklist this firmware file in hw-detect > (i.e. pretend it was never requested). This reminds me of the long(ish) standing bug report #969264 and #966218. Regards, Salvatore
Bug#961056: debian-installer: qemu-system-s390x installation fails due to incorrect serial device
Hi, On Tue, May 19, 2020 at 08:24:27PM +0200, Valentin Vidić wrote: > On Tue, May 19, 2020 at 07:23:21PM +0200, John Paul Adrian Glaubitz wrote: > > Please see #926539 [1]. > > Thanks, I have sent the patch for the driver instead: > > https://lkml.org/lkml/2020/5/19/854 This appears to be applied upstream in 5.14-rc1 https://git.kernel.org/linus/b7d91d230a119fdcc334d10c9889ce9c5e15118b and got backported to 5.10.52, 4.19.198 and 4.9.276. Regards, Salvatore
Re: Bug#990897: unblock: linux/5.10.46-1
Control: retitle -1 unblock: linux/5.10.46-2 On Sun, Jul 11, 2021 at 10:35:15PM +0200, Paul Gevers wrote: > Control: tags -1 d-i > > Hi, > > On 10-07-2021 22:15, Salvatore Bonaccorso wrote: > > Hi release team, hi Cyril (specifically for d-i) > > So, let's add him (via d-boot) in. > > > Please unblock package linux > > > > It contained a rebase of the 5.10.y series to 5.10.46 upstream and > > included the following changes relevant to add additional HW support > > and bugfxes. The upstream import to 5.10.46 contained fixes for > > various CVEs. > > Ack. This now needs to be 5.10.46-2 which includes most notably the fix for CVE-2021-33909, which could lead to a local privilege escalation, see DSA 4941-1. We do not have yet the signed packages that said, but once present ideally the package get's aged as well to have fixes asap in bullseye. Regards, Salvatore
Re: Bug#988442: unblock: linux/5.10.40-1
Hi Cyril, Paul, On Fri, May 28, 2021 at 10:54:32AM +0200, Salvatore Bonaccorso wrote: > Control: retitle -1 unblock: linux/5.10.40-1 > > Hi Paul, hi Cyril, > > On Thu, May 27, 2021 at 11:04:14AM +0200, Cyril Brulebois wrote: > > Paul Gevers (2021-05-27): > > > Control: tags -1 confirmed d-i > > > > > > @boot: needs d-i ACK. As I believe you are aware of, the upload has > > > already happened. > > > > > > @kibi: feel free to age it if/when you see fit > > > > We've just discussed that (with Salvatore) on IRC minutes ago, and it > > seems like this unblock request will be withdrawn/recycled for another > > version, that version needs fixing. > > So let's give some background. Whilst it would have bee good to > finally move linux/5.10.38-1 to testing because it contained many > needed bugfixes and in particular as well the CVE fixes for the bpf > issues, doing so would have introduced the worse bpf issue > CVE-2021-33200. > > Cf. https://www.openwall.com/lists/oss-security/2021/05/27/1 > > I uploaded now 5.10.40-1 which contains those fixes for CVE-2021-33200 > in the upload, we should ensure those fixes go into bullseye. > > Assuming we notice no issues with that upload, once Cyril is fine with > it as well from d-i perspective, please let it migrate to bullseye. The version is not 4 days in unstable, looks good to me to let it migrate to testing (unless Cyril spotted issues in recent d-i tests). The FragAttack CVE fixes were now queued upstream as well for the stable series, so I expect I can followup soon with a follow up for those as well "soonish". But we should first let 5.10.40-1 enter bullseye in any case. Thanks all for your work! Regards, Salvatore
Re: Bug#988442: unblock: linux/5.10.40-1
Control: retitle -1 unblock: linux/5.10.40-1 Hi Paul, hi Cyril, On Thu, May 27, 2021 at 11:04:14AM +0200, Cyril Brulebois wrote: > Paul Gevers (2021-05-27): > > Control: tags -1 confirmed d-i > > > > @boot: needs d-i ACK. As I believe you are aware of, the upload has > > already happened. > > > > @kibi: feel free to age it if/when you see fit > > We've just discussed that (with Salvatore) on IRC minutes ago, and it > seems like this unblock request will be withdrawn/recycled for another > version, that version needs fixing. So let's give some background. Whilst it would have bee good to finally move linux/5.10.38-1 to testing because it contained many needed bugfixes and in particular as well the CVE fixes for the bpf issues, doing so would have introduced the worse bpf issue CVE-2021-33200. Cf. https://www.openwall.com/lists/oss-security/2021/05/27/1 I uploaded now 5.10.40-1 which contains those fixes for CVE-2021-33200 in the upload, we should ensure those fixes go into bullseye. Assuming we notice no issues with that upload, once Cyril is fine with it as well from d-i perspective, please let it migrate to bullseye. Regards, Salvatore
Bug#926539: rootskel: steal-ctty no longer works on s390x
Is this bug still valid to be open? The mentioned commit landed in 5.3-rc1, 4.19.54 and as well 4.9.183. Regards, Salvatore
Re: Bug#965377: buster-pu: package libinput/1.12.6-2+deb10u1
Hi Cyril, hi Adam, On Wed, Jul 22, 2020 at 07:24:39PM +0200, Cyril Brulebois wrote: > Adam D. Barratt (2020-07-22): > > This looks OK to me but, as libinput produces a udeb, it will need a > > KiBi-ack. > > Out of the top of my head, I still haven't managed to get stuff into > place from a hack back in… Montreal; so that udeb still isn't being used > at the moment. Feel free to go ahead, I'll get back to you folks if it > turns out my memory was faulty here. Many thanks for both. I just have uploaded libinput for buster-proposed-updates. In case it turns out it causes problems for d-i please let me know! Regards, Salvatore
Re: Bug#877258: stretch-pu: package busybox/1:1.22.0-19+deb9u1
Hi, On Sun, Aug 11, 2019 at 02:19:47PM +0100, Jonathan Wiltshire wrote: > Hi, > > On Wed, Mar 20, 2019 at 08:43:08PM +0100, Christoph Biedl wrote: > > Cyril Brulebois wrote... > > > > > p-u NEW usually gets frozen a week before the point release. Having the > > > package to review/test a week before that (so 2 weeks before the point > > > release date) would be awesome. Depending on external things, I could > > > still make time if that's only a few days before the freeze, but a full > > > week should help ensure reviewing/testing happens in time. > > > > Okay, I'll try to get this finally done within the next week. > > How's that going? Is this still something we should try to get into stretch (now to late for 9.12 but might be possible for 9.13)? Regards, Salvatore
Bug#918846: busybox: CVE-2018-20679
Source: busybox Version: 1:1.27.2-3 Severity: normal Tags: patch security upstream Forwarded: https://bugs.busybox.net/show_bug.cgi?id=11506 Hi, The following vulnerability was published for busybox. CVE-2018-20679[0]: | An issue was discovered in BusyBox before 1.30.0. An out of bounds read | in udhcp components (consumed by the DHCP server, client, and relay) | allows a remote attacker to leak sensitive information from the stack | by sending a crafted DHCP message. This is related to verification in | udhcp_get_option() in networking/udhcp/common.c that 4-byte options are | indeed 4 bytes. Note that the only once commit initially referenced for CVE-2018-20679 is incomplete, but see security-tracker for further notes. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-20679 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20679 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Re: Scheduling 9.5
Hi Cyril, On Tue, May 15, 2018 at 10:49:46PM +0200, Cyril Brulebois wrote: > Heya, > > Jonathan Wiltshire (2018-05-14): > > We're due a point release any day now. Please indicate your > > availablility out of: > > > > - May 26th (meaning freeze this coming weekend, which might be a big > >ask) > > - Jun 2nd (which may require an unusual SRM) > > - Jun 9th (getting quite a way out of cadence, but maybe that can't > >be helped) > > I'm fine with any pick. > > I don't think we have any pending ABI bump for linux (this time), and > the stretch branch in debian-installer.git seems quiet, so binNMUing d-i > might be sufficient. I might have missed pu requests for d-i components > though, but hopefully debian-boot@ will correct me if I'm wrong on this. Adding Kernel team list explicitly to the loop only for this later part, dropping other recipients which might not be interested for this reply specifically. Currently we are cherry-picking secrutiy fixes in our stretch-security branch. In parallel there is work on the stretch branch to update to a newer 4.9.x stable release and to have it included in the next point release. Now if the later turns out to be the case earlier than any DSA, then there will actually likely be a ABI bump for the kernel (the update will be at least up to 4.9.102 and there are too many ABI changes as they would be possible to avoid). Context: https://salsa.debian.org/kernel-team/linux/merge_requests/30 Regards, Salvatore
Bug#882258: busybox: CVE-2017-16544: lineedit: do not tab-complete any strings which have control characters
Hi On Mon, Feb 05, 2018 at 11:52:28AM +0100, Chris Boot wrote: > Version: 1:1.27.2-2 > > Hi Salvatore, > > This was fixed in the last upload of busybox but the bug wasn't closed, > sorry. I see that the security tracker has been updated already, though. Thanks for the notice! Yes we did already update the tracker (which presumalby was after we checked the 1:1.27.2-2 upload). Regards, Salvatore
Bug#882258: busybox: CVE-2017-16544: lineedit: do not tab-complete any strings which have control characters
Source: busybox Version: 1:1.27.2-1 Severity: grave Tags: security Hi, the following vulnerability was published for busybox. I realize you know of the issue already but just filling to have a tracking bug as well in the BTS. CVE-2017-16544[0]: | In the add_match function in libbb/lineedit.c in BusyBox through | 1.27.2, the tab autocomplete feature of the shell, used to get a list | of filenames in a directory, does not sanitize filenames and results in | executing any escape sequence in the terminal. This could potentially | result in code execution, arbitrary file writes, or other attacks. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-16544 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544 [1] https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8 Please adjust the affected versions in the BTS as needed, only unstable checked so far. Regards, Salvatore
Re: Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1
Hi Sven, On Thu, Sep 07, 2017 at 08:20:34PM +0200, Sven Joachim wrote: > On 2017-09-07 05:32 +0200, Salvatore Bonaccorso wrote: > > > Not a must, and note that is just a comment on my side, I'm not a SRM: > > if possible add a bug closer as well to the changelog entry so that > > when the point release happends, the correct fixed version is as well > > propagated to the BTS bugs. > > Heh, it was you who had marked these bugs as found in 6.0+20170715-2 in > the first place. ;-) Anyway, I have updated the changelog and also Yes, let me explain. That was just because at that point it was clear that the bugs are in that version, no checks for older versions were made. Then you did further work, and found the jessie and stretch version as well as affected. So only later updated the BTS with the repsective other found versions. Hope this explains. But we are maybe side-tracking the SRM now, so I shut up! Regards and thanks for your work! Salvatore
Re: Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1
Hi Sven
On Wed, Sep 06, 2017 at 06:52:36PM +0200, Sven Joachim wrote:
> On 2017-07-19 20:30 +0200, Sven Joachim wrote:
>
> > Control: tags -1 - moreinfo
> >
> > On 2017-07-15 12:50 +0200, Sven Joachim wrote:
> >
> >> Control: tags -1 - confirmed
> >> Control: tags -1 + moreinfo
> >>
> >> On 2017-07-15 11:04 +0100, Adam D. Barratt wrote:
> >>
> >>> Control: tags -1 + confirmed d-i
> >>>
> >>> On Sun, 2017-07-09 at 19:30 +0200, Sven Joachim wrote:
> Recently a few flaws in the tic program and the tic library have been
> detected: null pointer dereference, buffer overflow, stack smashing, you
> name it. Six bugs have been reported in the Red Hat bugtracker and four
> CVEs assigned. Fortunately there are rather few users who would run
> affected programs at all, so it was decided that no DSA would be
> necessary.
> >>
> >> Unfortunately the fixes have caused a regression in infocmp, see
> >> #868266. I expect an upstream fix this night, but to properly test it
> >> and prepare new packages taking a bit more time seems advisable. So I
> >> guess we'll have to defer that for 9.2.
> >
> > The changes from the 20170715 patchlevel were a bit larger than I would
> > have liked, but applied with minimal tweaking to the stretch version.
> > Running "infocmp -C" on all the terminfo files in ncurses-{base,term}
> > showed no difference compared to the infocmp version currently in
> > stretch.
>
> Meanwhile seven new CVEs in the tic library and programs have been
> reported, and I would like to fix those as well, see the attached new
> debdiff. It contains all the library changes from the 20170826 upstream
> patchlevel and the program fixes of the 20170902 patchlevel. I have
> also attached the test cases for the 13 bugs reported in the Red Hat
> bugtracker.
Not a must, and note that is just a comment on my side, I'm not a SRM:
if possible add a bug closer as well to the changelog entry so that
when the point release happends, the correct fixed version is as well
propagated to the BTS bugs.
Regards,
Salvatore
Bug#833442: busybox: CVE-2016-6301: NTP server denial of service flaw
Source: busybox Version: 1:1.22.0-9 Severity: normal Tags: security upstream patch Hi, the following vulnerability was published for busybox. The config CONFIG_NTPD is not enabled by default, so this only would affect rebuild packages. It is thus marked unimportant in the security-tracker. Opened the bug to track the issue in BTS. CVE-2016-6301[0]: NTP server denial of service flaw If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-6301 Regards, Salvatore
Bug#818499: busybox: CVE-2016-2147: OOB heap write due to integer underflow
Source: busybox Version: 1:1.20.0-7 Severity: normal Tags: security upstream fixed-upstream Hi, the following vulnerability was published for busybox, filling for tracking purpose. CVE-2016-2147[0]: OOB heap write due to integer underflow If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-2147 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Bug#818497: busybox: CVE-2016-2148: heap overflow in OPTION_6RD parsing
Source: busybox Version: 1:1.20.0-7 Severity: normal Tags: security upstream fixed-upstream Hi, the following vulnerability was published for busybox, filling for tracking purpose. CVE-2016-2148[0]: heap overflow in OPTION_6RD parsing If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-2148 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Re: Bug#774358: libxml2: CVE-2014-3660 patch makes installation-guide FTBFS
Hi Samuel, On Mon, Apr 06, 2015 at 10:03:22PM +0200, Samuel Thibault wrote: Hello, Salvatore Bonaccorso, le Sat 04 Apr 2015 11:14:24 +0200, a écrit : I prepared an update adding the two additional commits which seem required as basis for the patch for CVE-2014-3660. They seem to be the two required commits indeed. I have uploaded it here: https://people.debian.org/~carnil/tmp/libxml2/ Would appreciate some additonal testing to them before we release a regression update for libxml2. The manual seems to being going fine indeed. Thanks for confirming. Will finalize the regression update possibly tomorrow. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150406203650.GC10840@eldamar.local
Re: Bug#774358: libxml2: CVE-2014-3660 patch makes installation-guide FTBFS
Hi Cyril, hi Samuel, On Fri, Apr 03, 2015 at 11:34:06PM +0200, Cyril Brulebois wrote: Hi people, (adding debian-boot@ for reference.) Samuel Thibault sthiba...@debian.org (2015-03-26): Samuel Thibault, le Thu 26 Mar 2015 02:17:01 +0100, a écrit : Control: found -1 2.8.0+dfsg1-7+wheezy3 This is still an issue in stable, the proposed patch was not applied there, and thus installation-guide still FTBFS on wheezy, notably on our dillon.debian.org machine, thus making http://d-i.debian.org/manual/ completely out of date. Could this be proposed for stable update? I have attached the proposed patch again. Just to insist: while the symptoms of my report (#774358) may look like #768089, the *actual* bug is *not* the same. Please read my bug report and the proposed patch again: the issue is that the security fix for CVE-2014-3660 from a newer version of libxml2 (2.9.x) was backported into the libxml2 of wheezy (2.8.x) without noticing the subtle source code difference which does matter a lot. As one of the guys receiving a notification of the FTBFS every time the crontab entry is triggered, and who would like to make sure the installation guide is actually buildable *and* up-to-date, I really would like to get a fix for this regression ASAP. It's been more than 3 months since this bug report about ***stable being broken*** has been opened. Thanks already. I prepared an update adding the two additional commits which seem required as basis for the patch for CVE-2014-3660. I have uploaded it here: https://people.debian.org/~carnil/tmp/libxml2/ Would appreciate some additonal testing to them before we release a regression update for libxml2. The installation guide would build now but a second pair of eyes over the changes would really be appreciated. Regards, Salvatore signature.asc Description: Digital signature
Re: Bug#774358: libxml2: CVE-2014-3660 patch makes installation-guide FTBFS
On Sat, Apr 04, 2015 at 11:14:24AM +0200, Salvatore Bonaccorso wrote:
Hi Cyril, hi Samuel,
On Fri, Apr 03, 2015 at 11:34:06PM +0200, Cyril Brulebois wrote:
Hi people,
(adding debian-boot@ for reference.)
Samuel Thibault sthiba...@debian.org (2015-03-26):
Samuel Thibault, le Thu 26 Mar 2015 02:17:01 +0100, a ?crit :
Control: found -1 2.8.0+dfsg1-7+wheezy3
This is still an issue in stable, the proposed patch was not applied
there, and thus installation-guide still FTBFS on wheezy, notably on our
dillon.debian.org machine, thus making http://d-i.debian.org/manual/
completely out of date. Could this be proposed for stable update?
I have attached the proposed patch again.
Just to insist: while the symptoms of my report (#774358) may look like
#768089, the *actual* bug is *not* the same. Please read my bug report
and the proposed patch again: the issue is that the security fix for
CVE-2014-3660 from a newer version of libxml2 (2.9.x) was backported
into the libxml2 of wheezy (2.8.x) without noticing the subtle source
code difference which does matter a lot.
As one of the guys receiving a notification of the FTBFS every time
the crontab entry is triggered, and who would like to make sure the
installation guide is actually buildable *and* up-to-date, I really
would like to get a fix for this regression ASAP. It's been more than
3 months since this bug report about ***stable being broken*** has
been opened.
Thanks already.
I prepared an update adding the two additional commits which seem
required as basis for the patch for CVE-2014-3660. I have uploaded it
here:
https://people.debian.org/~carnil/tmp/libxml2/
For reference, attached as well the debdiff.
Regards,
Salvatore
diff -Nru libxml2-2.8.0+dfsg1/debian/changelog
libxml2-2.8.0+dfsg1/debian/changelog
--- libxml2-2.8.0+dfsg1/debian/changelog2015-02-04 20:12:17.0
+0100
+++ libxml2-2.8.0+dfsg1/debian/changelog2015-04-04 11:01:39.0
+0200
@@ -1,3 +1,18 @@
+libxml2 (2.8.0+dfsg1-7+wheezy4) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Add missing required patches for CVE-2014-3660.
+The two upstream commits a3f1e3e5712257fd279917a9158278534e8f4b72 and
+cff2546f13503ac028e4c1f63c7b6d85f2f2d777 are required in addition to the
+commit be2a7edaf289c5da74a4f9ed3a0b6c733e775230 to fix CVE-2014-3660 due
+to changes in the use of ent-checked.
+Fixes libxml2: CVE-2014-3660 patch makes installation-guide FTBFS.
+(Closes: #774358)
+ * Refresh cve-2014-3660.patch patch
+ * Refresh cve-2014-3660-bis.patch patch
+
+ -- Salvatore Bonaccorso car...@debian.org Sat, 04 Apr 2015 11:01:18 +0200
+
libxml2 (2.8.0+dfsg1-7+wheezy3) wheezy-security; urgency=high
* Do not fetch external parsed entities unless asked to do so. This
diff -Nru
libxml2-2.8.0+dfsg1/debian/patches/0001-Avoid-extra-processing-on-entities.patch
libxml2-2.8.0+dfsg1/debian/patches/0001-Avoid-extra-processing-on-entities.patch
---
libxml2-2.8.0+dfsg1/debian/patches/0001-Avoid-extra-processing-on-entities.patch
1970-01-01 01:00:00.0 +0100
+++
libxml2-2.8.0+dfsg1/debian/patches/0001-Avoid-extra-processing-on-entities.patch
2015-04-04 11:01:39.0 +0200
@@ -0,0 +1,62 @@
+From a3f1e3e5712257fd279917a9158278534e8f4b72 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard veill...@redhat.com
+Date: Mon, 11 Mar 2013 13:57:53 +0800
+Subject: [PATCH] Avoid extra processing on entities
+
+If an entity has already been checked for correctness no
+need to check it on every reference
+---
+ SAX2.c| 6 --
+ parser.c | 8 ++--
+ result/att11.sax | 2 --
+ result/att11.sax2 | 2 --
+ 4 files changed, 10 insertions(+), 8 deletions(-)
+
+--- a/SAX2.c
b/SAX2.c
+@@ -574,6 +574,7 @@ xmlSAX2GetEntity(void *ctx, const xmlCha
+* parse the external entity
+*/
+ xmlNodePtr children;
++ unsigned long oldnbent = ctxt-nbentities;
+
+ val = xmlParseCtxtExternalEntity(ctxt, ret-URI,
+ret-ExternalID, children);
+@@ -586,8 +587,9 @@ xmlSAX2GetEntity(void *ctx, const xmlCha
+ return(NULL);
+ }
+ ret-owner = 1;
+- if (ret-checked == 0)
+- ret-checked = 1;
++ if (ret-checked == 0) {
++ ret-checked = ctxt-nbentities - oldnbent + 1;
++ }
+ }
+ return(ret);
+ }
+--- a/parser.c
b/parser.c
+@@ -3953,9 +3953,13 @@ xmlParseAttValueComplex(xmlParserCtxtPtr
+* entities problems
+*/
+ if ((ent-etype != XML_INTERNAL_PREDEFINED_ENTITY)
+- (ent-content != NULL)) {
++ (ent-content != NULL) (ent-checked == 0)) {
++ unsigned long oldnbent = ctxt-nbentities;
++
+ rep = xmlStringDecodeEntities(ctxt, ent-content
Bug#712907: grub-installer: No longer installs automatically on a normal machine with one hard drive
Hi Sam, On Sat, Mar 07, 2015 at 09:02:17AM +1100, Sam McLeod wrote: Thanks Cyril, I did indeed miss that, that's great - I'll test it today. It looks like the example pressed hasn't been updated to include this feature: https://www.debian.org/releases/jessie/example-preseed.txt This seems to be fixed in VCS at http://anonscm.debian.org/viewvc/d-i?view=revisionrevision=69554 (so should be in the final version for jessie) Regards, Salvatore -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150310173334.GA3999@eldamar.local
Bug#776186: busybox: CVE-2014-9645: modprobe wrongly accepts paths as module names
Source: busybox Version: 1:1.20.0-7 Severity: normal Tags: security patch upstream fixed-upstream Hi, the following vulnerability was published for busybox. CVE-2014-9645[0]: modprobe wrongly accepts paths as module names Upstream report is at [1] with fix at [2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-9645 [1] https://bugs.busybox.net/show_bug.cgi?id=7652 [2] http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b Regards, Salvatore -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150125070417.17788.49948.report...@lorien.valinor.li
Bug#767480: d-i fails to install grub to first disk/partition with preseeding (hd0) or (hd0,0)
Hi Florian, On Fri, Oct 31, 2014 at 12:41:34PM +0100, Florian Lohoff wrote: Package: debian-installer Version: daily-20141030 Architecture: amd64 Hi, i am using the daily build of the netboot images as of yesterday. The Documentation at: https://www.debian.org/releases/jessie/amd64/apbs04.html.en say that preseeding Grub with: d-i grub-installer/bootdev string (hd0,0) Should install grub in the first partition. Currently this fails with Unable to install GRUB in (hd0,0) Executing 'grub-install (hd0,0) failed. This is a fatal error. My hd0 is a virtio block device /dev/vda in a KVM host and its the only disk. Also d-i grub-installer/bootdev string (hd0) Does not work. Not preseeding this value will display a manual entry box. As with wheezy the first disk (and in my case only disk) will always be used as default, this doesnt seem to work anymore. Preseeding with /dev/vda will work though Your problem seen to be the same as for https://bugs.debian.org/712907 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141031120435.GA28937@eldamar.local
Bug#712907: grub-installer: No longer installs automatically on a normal machine with one hard drive
Hi KiBi, hi Petter, On Thu, Oct 17, 2013 at 02:26:49PM +0200, Cyril Brulebois wrote: Petter Reinholdtsen p...@hungry.com (2013-06-20): Package: grub-installer Version: 1.86 Severity: important User: debian-...@lists.debian.org Usertags: debian-edu We discovered this in Debian Edu based on testing using d-i udebs from unstable. See URL: http://jenkins.debian.net/view/edu/job/g-i-installation_debian-edu_jessie_standalone/ for a automatic test of such installation. The change introduced in version 1.86 added a new question in Debian Installer, causing the installation to hang at the end asking where to install grub. This used to work automatically, but now require people to fill in a value, and [enter] do not work. Not in every case, that's why the question was added in the first place! I haven't looked whether one can preseed it like other questions. If it isn't possible, that should be fixed. It looks bootdev could be preseeded[1], at least for a test for a VM preseed the following worked for me: d-i grub-installer/bootdev string /dev/vda [1] https://bugs.debian.org/666974 But having string (hd0) does not seem to work here (have not checked why), which would be nicer to have more generalised preseed files as previous possible (for say when having machines having a /dev/vda or a /dev/sda ...). Petter, does this also work for you? Regards, Salvatore -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140320134139.ga22...@lorien.valinor.li
Bug#712907: grub-installer: No longer installs automatically on a normal machine with one hard drive
Hi
I have a very similar problem, adding it here as it seems to have the same
origin. As mentioned by Petter, 1.86 introduced the follwoing change:
grub-installer (1.86) unstable; urgency=low
[ Vincent McIntyre ]
* Support menu selection of GRUB boot disk. Closes: #706112
-- Cyril Brulebois k...@debian.org Mon, 29 Apr 2013 13:53:27 +0200
I used to have a small preseed file and a virt-install invocation
like, described by Guido here, doing a net install:
http://honk.sigxcpu.org/con/Preseeding_Debian_virtual_machines_with_virt_install.html
virt-install --connect=qemu:///system \
--location=http://ftp.us.debian.org/debian/dists/unstable/main/installer\-amd64
\
--initrd-inject=${HOME}/virt/d-i/preseed.cfg \
--extra-args=auto keymap=us hostname=${NAME}
netcfg/get_ipaddress=${IP} suite=${SUITE} -- console=tty0
console=ttyS0,115200n8 \
--name $NAME \
--ram=$RAM \
--disk=pool=default,size=${DISKSIZE},format=qcow2,bus=virtio,cache=writeback
beeing able to quickly do tests in newly created vms, the preeseed.cfg
look like:
cut-cut-cut-cut-cut-cut-
d-i debian-installer/language string en
d-i debian-installer/country string US
d-i debian-installer/locale string en_US.UTF-8
d-i keymapselect us
d-i netcfg/choose_interface select auto
d-i netcfg/disable_autoconfig boolean true
d-i netcfg/get_netmask string 255.255.255.0
d-i netcfg/get_gateway string 192.168.122.1
d-i netcfg/get_domain string unassigned-domain
d-i netcfg/get_nameservers string 192.168.122.1
d-i netcfg/confirm_static boolean true
d-i mirror/countrystring manual
d-i mirror/http/hostname string cdn.debian.net
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
d-i passwd/make-user boolean false
d-i passwd/root-password password r00tme
d-i passwd/root-password-again password r00tme
d-i time/zone string US/Eastern
d-i clock-setup/utc boolean true
d-i clock-setup/ntp boolean true
d-i partman-auto/method string regular
#d-i partman-auto/method string lvm
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-auto/choose_recipe select atomic
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
tasksel tasksel/first multiselect
d-i pkgsel/include string openssh-server
d-i pkgsel/upgrade select full-upgrade
popularity-contest popularity-contest/participate boolean false
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i finish-install/reboot_in_progress note
cut-cut-cut-cut-cut-cut-
It happens with both
d-i partman-auto/method string lvm
or
d-i partman-auto/method string regular
The installer stops at the new question: [!] Install the GRUB boot
loader on a hard disk.
Interestingly it stoppend only to work for me some days ago, IIRC it
was one of the days after the wheezy point release (some installer
components where updated then, IIRC). So I don't know (yet) if one
other part of the installer updated is involved causing this.
Regards,
Salvatore
--
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131017121754.GA648@eldamar.local
Bug#706103: installation-guide: Refer to isc-dhcp-server Debian package (instead of dhcp3-server)
Package: installation-guide Severity: normal Tags: patch Hi During re-reading the installation-guide appendix it looks like there are some reference to the old dhcp3-server package, renamed to isc-dhcp-server. Attached is proposed patch for the english version. Regards, Salvatore Index: appendix/preseed.xml === --- appendix/preseed.xml (revision 68603) +++ appendix/preseed.xml (working copy) @@ -582,7 +582,7 @@ to netboot, but if it appears to be an URL then installation media that support network preseeding will download the file from the URL and use it as a preconfiguration file. Here is an example of how to set it up in the dhcpd.conf -for version 3 of the ISC DHCP server (the dhcp3-server debian; package). +for version 4 of the ISC DHCP server (the isc-dhcp-server debian; package). /para Index: install-methods/tftp/bootp.xml === --- install-methods/tftp/bootp.xml (revision 68603) +++ install-methods/tftp/bootp.xml (working copy) @@ -9,7 +9,7 @@ There are two BOOTP servers available for GNU/Linux. The first is CMU commandbootpd/command. The other is actually a DHCP server: ISC commanddhcpd/command. In debian-gnu; these are contained in the -classnamebootp/classname and classnamedhcp3-server/classname +classnamebootp/classname and classnameisc-dhcp-server/classname packages respectively. /parapara @@ -65,8 +65,8 @@ will probably be able to get away with simply adding the userinputallow bootp/userinput directive to the configuration block for the subnet containing the client in -filename/etc/dhcp3/dhcpd.conf/filename, and restart -commanddhcpd/command with userinput/etc/init.d/dhcp3-server +filename/etc/dhcp/dhcpd.conf/filename, and restart +commanddhcpd/command with userinput/etc/init.d/isc-dhcp-server restart/userinput. /para Index: install-methods/tftp/dhcp.xml === --- install-methods/tftp/dhcp.xml (revision 68603) +++ install-methods/tftp/dhcp.xml (working copy) @@ -6,9 +6,9 @@ para One free software DHCP server is ISC commanddhcpd/command. -For debian-gnu;, the classnamedhcp3-server/classname package is +For debian-gnu;, the classnameisc-dhcp-server/classname package is recommended. Here is a sample configuration file for it (see -filename/etc/dhcp3/dhcpd.conf/filename): +filename/etc/dhcp/dhcpd.conf/filename): informalexamplescreen option domain-name example.com; @@ -45,7 +45,7 @@ /parapara After you have edited the commanddhcpd/command configuration file, -restart it with userinput/etc/init.d/dhcp3-server restart/userinput. +restart it with userinput/etc/init.d/isc-dhcp-server restart/userinput. /para
Bug#691164: installation-guide: Small typo in network configuration preseed example snippet
Package: installation-guide Version: 20120826 Severity: minor Tags: patch -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi There is a small typo in the network configuration preseed example snipped where we read the commented out entry as #di netcfg/link_detection_timeout string 10 where the owner should be 'd-i'. Attached is a patch for this. Regards, Salvatore - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQhT44AAoJEHidbwV/2GP+MyIP/iPLtFdGQTm9QdM/aqqINBkh XT8VDYkYGb4Qa9VDYOsVGjYp/qm+5/j+TwSPnhnEUf0NegBlpJqp9xSRd+6ji3Ll 14hbCeZK72ZN0KNfp+bR7i7K4eT4lyJxUzc2gO51FXtMfHdYO+dX7h29xX7CAucm 9+kg0ZMxPd+YXAorgHnLNSpjgzRuOOuvHEgs4ly+DGAb7IzZ07jXQMnRb+Fyp6kK 432Pi0sgIe+QKRtv52BC72tGMepLlZFirc0OgWpBGKNCCyjlb5+oAqffD4qpNDcl iGOP5hSN3mVHx95MMEFqL5a70tQzTK/B2J0zxX4lvzbPat+1/GZ//ylh+GUcbFms aZ2kkSFmZRKDSV5rNJmpWgmVAP7CAfOXIbXtw/4zYtHlzIoXnJcp1KvFWvsssdw+ xlc2D2A/cMgCz7DM2njmlNoPaZQU23W4iAD8XJ+Ottipl4aBf26A1cCyQSEyNzhU ekIegYusi00pMYqYV+5lQmrm1WXPK3hODEtI7O+Y63Jd0S8FhSYkTAZarn7qVhSo CbUI0sqDPa+e+3ML44FcrnmLehbHgx3Yaey7Q7o8nNv3NakORpRBJyvn35d2CDp5 tm3JBcvEm3DNDF3PFfGhCcDAAs8ZFcybQgAv/AKVWPv2FrsThLoyG0ksu6QtJMdA Xs2iNkBnkjG+nPXkz+qB =3YcB -END PGP SIGNATURE- Index: manual/en/appendix/preseed.xml === --- manual/en/appendix/preseed.xml (revision 68283) +++ manual/en/appendix/preseed.xml (working copy) @@ -852,7 +852,7 @@ # To set a different link detection timeout (default is 3 seconds). # Values are interpreted as seconds. -#di netcfg/link_detection_timeout string 10 +#d-i netcfg/link_detection_timeout string 10 # If you have a slow dhcp server and the installer times out waiting for # it, this might be useful. Index: manual/fr/appendix/preseed.xml === --- manual/fr/appendix/preseed.xml (revision 68283) +++ manual/fr/appendix/preseed.xml (working copy) @@ -820,7 +820,7 @@ # Pour augmenter le délai de détection de lien (par défaut, 3 secondes). # Valeur en seconde : -#di netcfg/link_detection_timeout string 10 +#d-i netcfg/link_detection_timeout string 10 # Quand le serveur dhcp est lent et que l'installateur s'arrête pour l'attendre, # ceci peut être utile : Index: manual/it/appendix/preseed.xml === --- manual/it/appendix/preseed.xml (revision 68283) +++ manual/it/appendix/preseed.xml (working copy) @@ -1549,7 +1549,7 @@ # Values are interpreted as seconds. --# Per impostare il tempo di attesa della rilevazione del collegamento # (il valore predefinito è 3 secondi). Valore espresso in secondi. -#di netcfg/link_detection_timeout string 10 +#d-i netcfg/link_detection_timeout string 10 !-- # If you have a slow dhcp server and the installer times out waiting for Index: manual/po/sv/preseed.po === --- manual/po/sv/preseed.po (revision 68283) +++ manual/po/sv/preseed.po (working copy) @@ -1601,7 +1601,7 @@ \n # To set a different link detection timeout (default is 3 seconds).\n # Values are interpreted as seconds.\n -#di netcfg/link_detection_timeout string 10\n +#d-i netcfg/link_detection_timeout string 10\n \n # If you have a slow dhcp server and the installer times out waiting for\n # it, this might be useful.\n Index: manual/po/ja/preseed.po === --- manual/po/ja/preseed.po (revision 68283) +++ manual/po/ja/preseed.po (working copy) @@ -1460,7 +1460,7 @@ \n # To set a different link detection timeout (default is 3 seconds).\n # Values are interpreted as seconds.\n -#di netcfg/link_detection_timeout string 10\n +#d-i netcfg/link_detection_timeout string 10\n \n # If you have a slow dhcp server and the installer times out waiting for\n # it, this might be useful.\n @@ -1513,7 +1513,7 @@ \n # To set a different link detection timeout (default is 3 seconds).\n # Values are interpreted as seconds.\n -#di netcfg/link_detection_timeout string 10\n +#d-i netcfg/link_detection_timeout string 10\n \n # If you have a slow dhcp server and the installer times out waiting for\n # it, this might be useful.\n Index: manual/po/fi/preseed.po === --- manual/po/fi/preseed.po (revision 68283) +++ manual/po/fi/preseed.po (working copy) @@ -1588,7 +1588,7 @@ \n # To set a different link detection timeout (default is 3 seconds).\n # Values are interpreted as seconds.\n -#di netcfg/link_detection_timeout string 10\n +#d-i netcfg/link_detection_timeout string 10\n \n # If you have a slow
Bug#609704: debian-installer: preseed partitioning and configure RAID1 always ask for confirmation
Hi Christian On Wed, Jan 12, 2011 at 06:04:36PM +0100, Christian PERRIER wrote: reassign 609704 installation-guide retitle 609704 Please document how to use preseed values to skip RAID1 confirmation question thanks Quoting Salvatore Bonaccorso (car...@debian.org): severity 609704 normal tag 609704 + patch thanks Hi I'm lowering the severity for the bugreport I have opened, it surely more 'normal' with the following. Documentation is if I see correctly the 'issue' missing the partman-md/confirm_nooverwrite and partman-lvm/confirm_nooverwrite parts. Also reassigning this bug report and retitling it appropriately. My 'patch' was not correct, there was a missing '\n', for the pot file. Attached is corrected version. Bests Salvatore Index: en/appendix/preseed.xml === --- en/appendix/preseed.xml (revision 66312) +++ en/appendix/preseed.xml (working copy) @@ -1229,6 +1229,7 @@ # This makes partman automatically partition without confirmation. d-i partman-md/confirm boolean true +d-i partman-md/confirm_nooverwrite boolean true d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i partman/confirm boolean true Index: po/pot/preseed.pot === --- po/pot/preseed.pot (revision 66312) +++ po/pot/preseed.pot (working copy) @@ -1216,6 +1216,7 @@ \n # This makes partman automatically partition without confirmation.\n d-i partman-md/confirm boolean true\n + d-i partman-md/confirm_nooverwrite boolean true\n d-i partman-partitioning/confirm_write_new_label boolean true\n d-i partman/choose_partition select finish\n d-i partman/confirm boolean true\n signature.asc Description: Digital signature
Bug#609704: debian-installer: preseed partitioning and configure RAID1 always ask for confirmation
severity 609704 normal tag 609704 + patch thanks Hi I'm lowering the severity for the bugreport I have opened, it surely more 'normal' with the following. Documentation is if I see correctly the 'issue' missing the partman-md/confirm_nooverwrite and partman-lvm/confirm_nooverwrite parts. If I add d-ipartman-md/confirm_nooverwrite boolean true to the preseed file then the question will not be asked again. Bests Salvatore Index: trunk/manual/en/appendix/preseed.xml === --- trunk/manual/en/appendix/preseed.xml (revision 66238) +++ trunk/manual/en/appendix/preseed.xml (working copy) @@ -1229,6 +1229,7 @@ # This makes partman automatically partition without confirmation. d-i partman-md/confirm boolean true +d-i partman-md/confirm_nooverwrite boolean true d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i partman/confirm boolean true Index: trunk/manual/po/pot/preseed.pot === --- trunk/manual/po/pot/preseed.pot (revision 66238) +++ trunk/manual/po/pot/preseed.pot (working copy) @@ -1216,6 +1216,7 @@ \n # This makes partman automatically partition without confirmation.\n d-i partman-md/confirm boolean true\n + d-i partman-md/confirm_nooverwrite boolean true d-i partman-partitioning/confirm_write_new_label boolean true\n d-i partman/choose_partition select finish\n d-i partman/confirm boolean true\n signature.asc Description: Digital signature
Bug#609704: debian-installer: preseed partitioning and configure RAID1 always ask for confirmation
Package: debian-installer
Severity: important
Tags: d-i
Hi
Trying to preseed RAID1 partitioning leads always to have to confirm
question before partitioning. The error is like
---(error)--
Partition disks
---
Before RAID can be configured, the changes have to be written to the storage
devices. These changes cannot be undone.
When RAID is configured, no additional changes to the partitions in the disks
containing physical volumes are allowed. Please convince yourself that you are
satisfied with the current partitioning scheme in these disks.
The partition tables of the following devices are changed:
SCSI1 (0,0,0) (sda)
SCSI2 (0,0,0) (sdb)
Write the changes to the storage devices and configure RAID?
1. Yes 2. No [*]
The preseed configuration looks as follows. The preseed.cfg is
following the examples given and the same configuration works fine
with the Debian Installer for Lenny.
---(preseed.cfg)
# preseed.cfg
#--#
# Frontend setup
d-i debconf/frontendstring text
d-i debconf/priorityselect critical
#--#
# Localization
# Need en_US.UTF-8 in Lenny?
d-i debian-installer/locale string en_US.UTF-8
d-i console-keymaps-at/keymap select us
d-i countrychooser/country-name select Switzerland
d-i countrychooser/shortlistselect other
#--#
# Network configuration
d-i netcfg/choose_interface select
d-i netcfg/dhcp_failed note
d-i netcfg/dhcp_options select Configure network manually
d-i netcfg/bad_ipaddresserror
d-i netcfg/errorerror
d-i netcfg/gateway_unreachable error
d-i netcfg/get_gateway string
d-i netcfg/get_ipaddressstring
d-i netcfg/confirm_static boolean true
d-i netcfg/invalid_hostname error
# Disable that annoying WEP key dialog
d-i netcfg/wireless_wep string
# Try to load non-free firmware when needed without prompting
d-i hw-detect/load-firmware boolean true
#--#
# Mirror settings
d-i mirror/country string CH
d-i mirror/http/hostnamestring ftp.ch.debian.org
d-i mirror/http/directory string /debian
d-i mirror/suitestring squeeze
#--#
# Clock and time zone setup
d-i clock-setup/utc boolean true
d-i time/zone string Europe/Zurich
d-i clock-setup/ntp boolean true
#--#
# Partitioning
# this only makes partman automatically partition without confirmation:
d-i partman-md/device_remove_md boolean true
d-i partman-md/confirm boolean true
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-lvm/confirm boolean true
d-i partman-partitionining/confirm_write_new_label boolean true
d-i partman/choose_partitionselect finish
d-i partman/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
# Controlling how partitions are mounted: style: uuid, traditional or
# label (default: uuid)
# d-i partman/mount_style select traditional
#--#
# APT setup
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true
# local repository: backports.debian.org
d-i apt-setup/local1/repository string
http://backports.debian.org/debian-backports squeeze-backports main contrib
non-free
d-i apt-setup/local1/commentstring backports.org
d-i apt-setup/local1/source boolean true
#--#
# Boot Loader Installation
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_osboolean true
# Install grub to multiple disks:
d-i grub-installer/bootdev string (hd0,0) (hd1,0)
#--#
# Finish up the installation
d-i finish-install/keep-consolesboolean true
d-i finish-install/reboot_in_progress note
#--#
# Partitioning
d-i partman-auto/method string raid
d-i partman-auto/disk string /dev/sda /dev/sdb
# Next specify the physical partitions that will be used.
d-i partman-auto/expert_recipe string \
multiraid :: \
100 1000 4 raid \
$lvmignore{ } \
$primary{ }\
Bug#609704: debian-installer: preseed partitioning and configure RAID1 always ask for confirmation
Hi One further note: I will try to provide more information tomorrow again having access to machine on which I tested this. Bests Salvatore signature.asc Description: Digital signature
Bug#606318: rootskel: continue installation remotely result in broken terminal due typo in S40term-kfreebsd
Package: rootskel Version: 1.92 Severity: normal Hi Installing squeeze (kfreebsd-amd64) with d-i Squeeze installer, beta2 when using method to continue installation remotely via SSH result then in a 'broken' looking terminal, after logging in via ssh, giving an error like: S40term-kfreebsd: line 3: Â [: command not found I have attached a patch against S40term-kfreebsd to fix that. Thanks for your work on the d-i and towards releasing Squeeze. Bests Salvatore -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Index: S40term-kfreebsd === --- S40term-kfreebsd (revision 65870) +++ S40term-kfreebsd (working copy) @@ -1,6 +1,6 @@ export LANG=C -if [ $TERM = cons25 ] || [ $TERM = xterm ] || [ $TERM = linux ] ; then +if [ $TERM = cons25 ] || [ $TERM = xterm ] || [ $TERM = linux ] ; then # Enable UTF-8 locale if it is available if [ -d /usr/lib/locale/C.UTF-8 ]; then TERM_UTF8=yes
