Bug#733295: gnutls-bin: please compile GnuTLS with DANE support
On Tue, 2015-03-24 at 18:52 -0400, Robert Edmonds wrote: 4. Design and implement a D-Bus interface for securely retrieving DNSSEC-validated records that have been validated *on the system*. Patch daemons (Unbound, BIND, et al) to answer to this interface. Patch clients (libdane, et al) to request records using this interface. This is sort of analogous to the security you would get in having a plain validating DNS server listening on localhost and a nameserver 127.0.0.1 line (and no others) in /etc/resolv.conf and requiring the AD bit in responses, but the big advantage would be that the security guarantee from doing DNSSEC validation directly on the endpoint is guaranteed by the definition of the interface, and not from the happenstance of local configuration. This would: * Avoid licensing issues. * Avoid extra TLS/crypto related library dependencies in clients. * Allow other validators that are not written in the form of a library (e.g., BIND, PowerDNS) to be used with clients that need DNSSEC-secured answers. And for validators that do have a library API, do you really want to have each client have its own #ifdef mess to support multiple APIs? * Allow system-wide, not just process-wide caching. (Even if your direct-libunbound client is pointed at a resolver on 127.0.0.1 that has the answers in cache, it still may need to do many send/recv system calls to obtain each needed record, because DNS can only return one answer at a time per query/response.) * Insulate the client from needing to know how to configure the DNSSEC-lookup library. (E.g., remote DNS servers, trust anchors, etc.) Hi, The D-BUS interface is not really necessary because DNS provides already this functionality. What we need is a convention for applications in the system to discover the local trusted (for dnssec) nameservers. My attempt to use c-ares for dnssec resolving would have the same effect as the ones you mention and is much cleaner and straightforward than D-BUS. However, it is blocked by the fact that there is no commonly acceptable convention for reading the trusted nameservers. My current solution was to use /etc/resolv-sec.conf, but it is pretty much arbitrary and that's why c-ares upstream blocked it. If Debian would set such a convention, I think it would allow software use DNSSEC easier. https://github.com/bagder/c-ares/pulls regards, Nikos -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781131: [debhelper-devel] Bug#781131: dh_compress: please improve --exclude (-X) option
Control: tags -1 -patch On 2015-03-25 00:12, Dmitry Smirnov wrote: Package: debhelper Version: 9.20150101 Severity: minor Tags: patch I'm working on package where I install *.cfg files as examples. Because those files are used as configuration templates I do not want to compress them so I added the following to debian/rules: override_dh_compress: dh_compress --exclude=.cfg Unfortunately this also prevents compression of *.cfg.5 man pages and cause lintian error manpage-not-compressed. [...] but that's ugly for more than one file. IMHO the problem is that \Q...\E constraints (see dh_compress line 137) do not allow me to use regex in the exclude pattern. Another problem is that excluded substring is not anchored so unexpected matches occur if exclude string is present anywhere in the file name. IMHO the minimum workaround would be to anchor exclusion pattern to the end of the file name as follows: [...] Hi, Unfortunately, the proposed change (anchoring the exclusion pattern) could break any number of packages, where the maintainer only used a substring as parameter for --exclude. Also, --exclude is used in a number of different tools that would need a similar change (with the same possible breakage). More robust and flexible solution would be to add new --rexclude option to allow regex exclusion patterns. [...] A new argument is a much safer choice from my PoV. ~Niels -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781131: [debhelper-devel] Bug#781131: dh_compress: please improve --exclude (-X) option
On Wed, 25 Mar 2015 07:03:37 Niels Thykier wrote: A new argument is a much safer choice from my PoV. True but since old --exclude argument is somewhat broken, perhaps it could be fixed with next compatibility level bump? Just a thought... -- Regards, Dmitry Smirnov. --- Continuous effort - not strength or intelligence - is the key to unlocking our potential. -- Winston Churchill signature.asc Description: This is a digitally signed message part.
Bug#779898: [LCFC] templates://diaspora-installer/{templates}
This is the last call for comments for the review of debconf templates for diaspora-installer. The reviewed templates will be sent on Friday, March 27, 2015 to this bug report and a mail will be sent to this list with [BTS] as a subject tag. -- Template: diaspora-installer/url Type: string Default: localhost _Description: Host name for this instance of Diaspora: Please choose the host name which should be used to access this instance of Diaspora. . This should be the fully qualified name as seen from the Internet, with the domain name that will be used to access the pod. . If a reverse proxy is used, give the hostname that the proxy server responds to. . This host name should not be modified after the initial setup because it is hard-coded in the database. Source: diaspora-installer Section: ruby Priority: optional Maintainer: Debian Ruby Extras Maintainers pkg-ruby-extras-maintain...@lists.alioth.debian.org Uploaders: Pirate Praveen prav...@debian.org Build-Depends: debhelper (= 9), gem2deb (= 0.7.5~), po-debconf Standards-Version: 3.9.6 Vcs-Git: git://anonscm.debian.org/pkg-ruby-extras/diaspora-installer.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-ruby-extras/diaspora-installer.git;a=summary Homepage: http://wiki.debian.org/Diaspora XS-Ruby-Versions: all Package: diaspora-installer Architecture: all XB-Ruby-Versions: ${ruby:Versions} Pre-Depends: postgresql-client, dbconfig-common, adduser Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter, diaspora-common, nodejs, curl, postgresql, redis-server, sudo, ruby-rspec, bundler, ruby-dev, libpq-dev, build-essential, libssl-dev, libcurl4-openssl-dev, libxml2-dev, libxslt-dev, imagemagick, ghostscript, libmagickwand-dev, net-tools, nginx Conflicts: diaspora Replaces: diaspora Description: distributed social networking service - installer Diaspora (currently styled diaspora* and formerly styled DIASPORA*) is a free personal web server that implements a distributed social networking service. Installations of the software form nodes (termed pods) which make up the distributed Diaspora social network. . Diaspora is intended to address privacy concerns related to centralized social networks by allowing users to set up their own server (or pod) to host content; pods can then interact to share status updates, photographs, and other social data. It allows its users to host their data with a traditional web host, a cloud-based host, an ISP, or a friend. The framework, which is being built on Ruby on Rails, is free software and can be experimented with by external developers. . Learn more about Diaspora at http://diasporafoundation.org . This package helps to install Diaspora using rubygems. Package: diaspora-common Architecture: all XB-Ruby-Versions: ${ruby:Versions} Pre-Depends: postgresql-client, dbconfig-common, adduser Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter, nodejs, curl, postgresql, redis-server, sudo, ruby-rspec, bundler, ruby-dev, libpq-dev, build-essential, libssl-dev, libcurl4-openssl-dev, libxml2-dev, libxslt-dev, imagemagick, ghostscript, libmagickwand-dev, net-tools, nginx Description: distributed social networking service - common files Diaspora (currently styled diaspora* and formerly styled DIASPORA*) is a free personal web server that implements a distributed social networking service. Installations of the software form nodes (termed pods) which make up the distributed Diaspora social network. . Diaspora is intended to address privacy concerns related to centralized social networks by allowing users to set up their own server (or pod) to host content; pods can then interact to share status updates, photographs, and other social data. It allows its users to host their data with a traditional web host, a cloud-based host, an ISP, or a friend. The framework, which is being built on Ruby on Rails, is free software and can be experimented with by external developers. . Learn more about Diaspora at http://diasporafoundation.org . This package provides common files for the diaspora and diaspora-installer packages. signature.asc Description: Digital signature
Bug#781136: RFS: pyqso/0.2-1 [ITP]
I am looking for a sponsor for my package pyqso That's great! I'm not a DD, so I can't sponsor your package, but here are my thoughts: d/changelog: -As this is a new package, priority should be low. d/copyright: -Remove the copyright symbol. -If you worked on the package this year, you should probably add 2015 to the years. Similarly, upstream development has continued past 2013 so you should probably give 2013-2015 as the years for the non-Debian parts. d/docs: -Include README.md as well. d/pyqso.1: -You should try submitting this upstream. General: -I got the below error when building. Have you forgotten a build-depends, or is this message to be expected? ERROR:root:Could not import a non-standard Python module needed by the GreyLine class, or the version of the non-standard module is too old. Check that all the PyQSO dependencies are satisfied. ERROR:root:Could not import the Hamlib module! ERROR:root:Could not import the Hamlib module! reading sources... Good luck getting your package into Debian, Riley pgptW5643ndgA.pgp Description: PGP signature
Bug#781081: [Pkg-openssl-devel] Bug#781081: Openssl updates introduces backward incompatibilities - breaks voms
tis 2015-03-24 klockan 18:42 +0100 skrev Kurt Roeckx: With the current openssl 1.0.1k-1: I'm not sure what you mean with current 1.0.1k-1 and previous 1.0.1k-1. Either it's 1.0.1k-1 or it's not. This was an unfortunate cut-and-paste error. It should have been the current 1.0.1k-2 and the previous 1.0.1k-1. Anyway, thank you for dropping the patch that caused the problems. The voms clients are working again with openssl 1.0.1k-3. Mattias signature.asc Description: This is a digitally signed message part
Bug#700178: unattended-upgrades: minor corruption caused by Content-Transfer-Encoding: quoted-printable
Control: fixed -1 0.83.3 Hi, as far as I can tell this is fixed in (at least) the version in Jessie. Not exactly sure when it was fixed first, the changelog is inconclusive. Bernhard -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#780659: Bug#780659: insighttoolkit only built on amd64 and i386
On 03/25/2015 08:28 AM, Andreas Tille wrote: Hi, On Tue, Mar 24, 2015 at 04:27:02PM -0400, Paul Novotny wrote: On Tue, 2015-03-17 at 14:53 +0100, Matthias Klose wrote: Package: src:insighttoolkit4 Version: 4.6.0-3 insighttoolkit is only built on amd64 and i386, while insighttoolkit3 worked on some more architectures. any reason for not trying to build that? Sure, it needs 50g - 100g disk for the build, a 500mb log file, and such. given the alternative to remove binaries for other architectures before the next Ubuntu release, I gave it a try ... I looked at this a while back. From what I could tell, some of the tests were failing because GDCM was reading files incorrectly on big-endian systems. The GDCM package is built with its tests off, so I think that is how GDCM can be built for big endian architectures. Upstream GDCM lists big endian support as a major missing feature, and unlikely to work [1]. I personally creating packages with tests switch of because we know the tests will fail for certain architectures does not make any sense. We do not provide packages to fill in gaps in our package x architecture matrix but to serve users. We also should not trust on users on those architectures since these leaf packages are usually run on mainstream architectures and thus the packages with failed test would just fill space on our ftpserver with no use at all. but who do you trust to build on i386 with warnings like: warning: converting to non-pointer type warning: iteration 3u invokes undefined behavior -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781148: libqt5gui5: Please make GTK2 to dependency optional
Package: qtbase-opensource-src Version: 5.3.2+dfsg-4 Severity: wishlist Tags: patch ldd /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5|wc 28 1082144 ldd /usr/lib/x86_64-linux-gnu/qt5/plugins/platformthemes/libqgtk2.so|wc 59 2324767 This one pluging brings in 31 dependencies that Qt itself does not need. For embedded and mobile systems considerable amount of storage can be saved by making installing this plugin optional. The attached patch against experimental is one possible way for splitting the theme plugin out. From 9bd8db1f1b812f330edad4a704bfa7de63883651 Mon Sep 17 00:00:00 2001 From: Riku Voipio riku.voi...@linaro.org Date: Wed, 25 Mar 2015 10:57:07 +0200 Subject: [PATCH] Split libqgtk2 to a separate package Saves some space on on systems where GTK2 isn't installed. Signed-off-by: Riku Voipio riku.voi...@linaro.org --- debian/control | 13 - debian/libqt5gui5.install-common | 1 - debian/libqt5libqgtk2.install| 1 + 3 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 debian/libqt5libqgtk2.install diff --git a/debian/control b/debian/control index 1409d64..6ba0c4a 100644 --- a/debian/control +++ b/debian/control @@ -88,12 +87,24 @@ Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: fontconfig, ${misc:Depends}, ${shlibs:Depends} +Recommends: libqt5libqgtk2 Description: Qt 5 GUI module Qt is a cross-platform C++ application framework. Qt's primary feature is its rich set of widgets that provide standard GUI functionality. . The QtGui module extends QtCore with GUI functionality. +Package: libqt5libqgtk2 +Architecture: any +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: Qt 5 GTK2 platform theme + Qt is a cross-platform C++ application framework. Qt's primary feature + is its rich set of widgets that provide standard GUI functionality. + . + The libqgtk2 module provides GTK2 theme compatability + Package: libqt5network5 Architecture: any Multi-Arch: same diff --git a/debian/libqt5gui5.install-common b/debian/libqt5gui5.install-common index 7e9533a..aa36b09 100644 --- a/debian/libqt5gui5.install-common +++ b/debian/libqt5gui5.install-common @@ -7,4 +7,3 @@ usr/lib/*/qt5/plugins/platforminputcontexts/libibusplatforminputcontextplugin.so usr/lib/*/qt5/plugins/platforms/libqminimal.so usr/lib/*/qt5/plugins/platforms/libqoffscreen.so usr/lib/*/qt5/plugins/platforms/libqxcb.so -usr/lib/*/qt5/plugins/platformthemes/libqgtk2.so diff --git a/debian/libqt5libqgtk2.install b/debian/libqt5libqgtk2.install new file mode 100644 index 000..2ce6d35 --- /dev/null +++ b/debian/libqt5libqgtk2.install @@ -0,0 +1 @@ +usr/lib/*/qt5/plugins/platformthemes/libqgtk2.so -- 2.1.4
Bug#781145: UEFI boot issues
Package: installation-reports Boot method: USB Flashdrive UEFI Image version: debian-7.8.0-amd64-netinst Date: March 24, 2015 Machine: Lenovo G585 Processor: AMD E-300 Memory: 4096MB Partitions: Unknown Output of lspci -knn (or lspci -nn): Base System Installation Checklist: [O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it Initial boot: [E] Detect network card:[ ] Configure network: [ ] Detect CD: [ ] Load installer modules: [ ] Detect hard drives: [ ] Partition hard drives: [ ] Install base system:[ ] Clock/timezone setup: [ ] User/password setup:[ ] Install tasks: [ ] Install boot loader:[ ] Overall install:[ ] Comments/Problems: I have video issues when trying to install Debian using UEFI. I tried using both the system's internal boot menu and rEFInd to boot the installer. Both have video issues.The computer boots fine if I use Windows so hardware failure is not the cause. For reference: http://i.imgur.com/FKopKE0.jpg http://i.imgur.com/gOwkuwk.jpg
Bug#780712: squeeze update of flightgear?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Raphael, On 03/23/2015 03:18 PM, Raphael Hertzog wrote: the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of flightgear: https://security-tracker.debian.org/tracker/source-package/flightgear Would you like to take care of this yourself? We are still understaffed so any help is always highly appreciated. I'm sorry, I don't think I'll have time to work on this, myself. (Nor do I think games are an important part of an LTS distribution. YMMV, of course.) Kind Regards Markus Wanner -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJVEnGRAAoJEOhoLRs/Memz1uggAN+kgigCQ7wOZNgqPdLC5YaC rOBmBIUT4xXEIvNz2UTWoywQykHFaoi5od/RvnJIci2Q/pzk/rhZYsUn1D1qf6L2 n53CvzT+gBtzpoTZo0bUr8mcYt9wnX1m2ZEQGKc6SlZo9iRSNYxQ2R7OdQ3icLV3 7RR3o2K8Xx4paEvOZp0WFqq3bvP8ZCa6fO+Ps5/Lcrk4nxmHBUkW85pGBOjv7AfM v4Lw7SQJcp/dztbRr1GzzaHhQ0nMlMy4EOT1auKlEiSKmSorovVzgGeryoQ+Zq0q RJNsED8WxC6HDNsYXZSIDtuIgqwamw86d4Qvt2IfpnUR3LMvyCU+DLh9C0PcqQEj xAiwaLr+hj22pLRwXOd+3JvMeTMTrNuxTuCdAyn83WfuIIumXPpNZT6hEsotTSHj 8eFBww7soY514xEcpxalj6GManbNEO9WPr788I8ogLvL4DndK1sNbB1VLMHk2nyT Bex/v6etT9c+8MKLYA58fFm024rIQl/JuDDOlOCpO1GEW1Z/tQ7xM/M+c7STZwEF lHbB+h84DI8oUuioM4zoYyW56lbo/TBUjvyMi70bt+XvTvT8/vYc193IVWfEe60x jdapqWDXDdVTaiPUIKX5APkjG7iJBBUm5XOgAvy0qUqcRUJDviHX9kMh+SrnwNog S2Wn7NUg4omEJBWYfJJspEgikeZEr+vCtg51SjKhzk5UXJLG55BjQ5RU00mu5qKi llCVZ/P6T9kwfoymB/myGngXxenywOKcJhYHagur0a73BEK4z8tcNA5Rp4HoPBwl GY4avzbx19+AVh8/9DCeAXcz8aSQYch9og9i1BOtExCBraTpvioNuaqKsHjWpvY4 vLXRv5uqxQ6PjjUzwISiPSJE5xHof0Rfu6X5dYw62+AP8Tzu4P5y0txX9xD8lUaV UXKwAQK42qIzAQ+FHkQyMC2EzY6FsSnRYRbZOG22N9UXI0/rhJST9fh1sCWawVef BerjSQWFg5N5bqCxEUziKLu37AD2iEzQ70Vl10tvJIRoeOUSZo6Qgd3M1wyiGGC0 rUDLy5xtU39rnFxg5t5niV/Z0gM3bHCU/RQ+lwtc9kg2fndLPe4BWJ3OCpZlppCC szbA7EuKhPBsTx4qffhO5PXQSdTwVxrZ9JSELqS9s4Qz/dzaBADs1SzGSaLKqOGa unqqtNVsSH2/R9X+E7mB8mToZ8ed+b0t5jZHJxu54qr74AJ2AHYu1JQOp//EOcVT rALaqzY+Uk51ZczVqOnO1wMyR31M9bJv8CIYlEyy6/e9RjVhJ7tUmO91ruGelc0w AoTT1I8Few6qU5KKv+bDHlp7+6ewPNlieGR9222r5l6U0PWPZcNOysSAzt+jOi0= =5PH0 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781136: RFS: pyqso/0.2-1 [ITP]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/25/2015 01:41 AM, Iain R. Learmonth wrote: Dear mentors, I am looking for a sponsor for my package pyqso I do sponsoring on a regular basis and I am also an aspiring ham radio operator. I'd be happy to help. Adrian - -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJVEneVAAoJEHQmOzf1tfkTegIP/RcVXoXZ1If75Ak7piwLWooS 9QaCe0dWIETMAjE8jHzee2/tNodjwzEjdS0hdnqB9OOAVvzbpoajUWuR4e+/QUSv o1AR5ZW5arM0cFPVHTM2vMLWe8E79xVHOm8LtfSp0iZ5bdTEC6BMl6/6uKG5nqEW kk5/76iEQTmKSZhyUZFEfsfJtCfILnu5KyNIsrY5VCnIxeq8rnvGTivqsSx5mfya Mm9okhmST0WaxErQ6oWOu8BJge8rYql52l7k1Bwu/AqSZloMFJVdQPTYaekz/LcQ rL6w93lb9ijZHG/Q6AfFZekOtv1TpqK87Ky5G0/ydirdNyvfkyhRIeG0w2+DFoyE YozOkmgniKR/6v+yE3VvN1qD80fYMpnad7+kagy+qD0RxzanCotN2TxQZJCy0Egy Q0mC31DqfoGCyXenGI9kANBi60xChOmE8nSic3sAvFM9Zc8vbLc6vYBoiM+lrIM7 GZ3SlVKY2J2oLdsFnRlBQiXA1+BdzI2kX1ll1UlRH5XpFRRbpgmW1Um3wHuXPUZ2 +MuqBsPaah+CzdMgmvba6KkEMJQlg6//0FbLjLY+7zr4X58dIATn8UwA1m7Smd+F mrs1BjQY+igq8FiyF393wnyhpz0ZQe7IUxzHmAlILT4AF59Ope9TEXvZcm7mNehj /fsaHGxEA4MEDoS/5GP/ =VdtF -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#780659: Bug#780659: insighttoolkit only built on amd64 and i386
Hi, On Tue, Mar 24, 2015 at 04:27:02PM -0400, Paul Novotny wrote: On Tue, 2015-03-17 at 14:53 +0100, Matthias Klose wrote: Package: src:insighttoolkit4 Version: 4.6.0-3 insighttoolkit is only built on amd64 and i386, while insighttoolkit3 worked on some more architectures. any reason for not trying to build that? Sure, it needs 50g - 100g disk for the build, a 500mb log file, and such. given the alternative to remove binaries for other architectures before the next Ubuntu release, I gave it a try ... I looked at this a while back. From what I could tell, some of the tests were failing because GDCM was reading files incorrectly on big-endian systems. The GDCM package is built with its tests off, so I think that is how GDCM can be built for big endian architectures. Upstream GDCM lists big endian support as a major missing feature, and unlikely to work [1]. I personally creating packages with tests switch of because we know the tests will fail for certain architectures does not make any sense. We do not provide packages to fill in gaps in our package x architecture matrix but to serve users. We also should not trust on users on those architectures since these leaf packages are usually run on mainstream architectures and thus the packages with failed test would just fill space on our ftpserver with no use at all. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781146: Please add Ruben Undheim as a Debian Maintainer
Package: debian-maintainers Severity: normal Dear Maintainer, Please add Ruben Undheim ruben.undh...@gmail.com to the keyring. The jetring changeset is attached. Best regards, Ruben add-E69822C7E02958CD Description: Binary data
Bug#781141: jessie-pu: package dulwich/0.9.7-2
retitle 781141 unblock: dulwich/0.9.7-2 user release.debian@packages.debian.org usertags 781141 = unblock tags 781141 + moreinfo thanks On 2015-03-25 1:31, Jelmer Vernooij wrote: [...] User: release.debian@packages.debian.org Usertags: pu Updates via t-p-u are unblocks; pu is intended for stable updates. I realise that this apparently isn't clear from the reportbug wording. Hello, I'd like to upload a new version of dulwich to testing-proposed-updates. unstable already has a new upstream version (0.9.8) from an upload in November, and has diverged from testing. This upload would fix two serious security bugs: #780958 CVE-2015-0838: buffer overflow in C implementation of pack apply_delta() #780989 CVE-2014-9706: does not prevent to write files in commits with invalid paths to working tree +dulwich (0.9.7-3) unstable; urgency=medium s/unstable/jessie/ :) The patches look okay, but according to the BTS metadata both bugs affect the package in unstable and are not yet fixed there. If that's correct, please fix unstable and then get back to us; if it's not, please fix the metadata to indicate where the bugs are fixed. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781125: [php-maint] Bug#781125: php5: Segmentation fault in version 5.4.39-0+deb7u1
Hi Nicolas, thank you for your report. I have pulled the patch from: https://github.com/php/php-src/commit/76c1ec5e96640e3076c105bde2cccfceb7557690 Ccing security team - I am preparing deb7u2 with just this patch pulled. Cheers, Ondrej On Tue, Mar 24, 2015, at 20:40, Nicolas Baradakis wrote: Package: php5 Version: 5.4.39-0+deb7u1 Severity: important Tags: wheezy, upstream, patch Dear Maintainer, After installing the last wheezy-security update, my servers crash with segmentation fault because there is a regression in upstream release 5.4.39. https://bugs.php.net/bug.php?id=69288 A patch is provided on php.net bug system and I think it should be included in Debian package because a security update in stable is not supposed to break a live system running Wheezy. Thanks for your help. -- Nicolas Baradakis ___ pkg-php-maint mailing list pkg-php-ma...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#780659: Bug#780659: insighttoolkit only built on amd64 and i386
Hi, On Wed, Mar 25, 2015 at 09:34:24AM +0100, Matthias Klose wrote: I personally creating packages with tests switch of because we know the tests will fail for certain architectures does not make any sense. We do not provide packages to fill in gaps in our package x architecture matrix but to serve users. We also should not trust on users on those architectures since these leaf packages are usually run on mainstream architectures and thus the packages with failed test would just fill space on our ftpserver with no use at all. but who do you trust to build on i386 with warnings like: warning: converting to non-pointer type warning: iteration 3u invokes undefined behavior I have not said that I trust these and I have no idea why you mix up this with the other case we discussed in this bug report. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781147: unblock: resiprocate/1.9.7-5
Package: release.debian.org User: release.debian@packages.debian.org UserTags: unblock This is a proposed upload to unstable for jessie The main reason for this unblock request: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780979 and also helps resolve: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780980 The main reason for fixing 780979 is that the assert() can lead to a crash of the process, as described in the bug report. These fixes come from the master branch upstream: https://github.com/resiprocate/resiprocate/commits/master diff -Nru resiprocate-1.9.7/debian/changelog resiprocate-1.9.7/debian/changelog --- resiprocate-1.9.7/debian/changelog 2014-12-10 07:28:30.0 +0100 +++ resiprocate-1.9.7/debian/changelog 2015-03-22 20:02:23.0 +0100 @@ -1,3 +1,11 @@ +resiprocate (1:1.9.7-5) unstable; urgency=medium + + * Make ensureWritable more tolerant. (Closes: #780979) + * Stop logging errors when TLS is shut down cleanly by peer. +(Closes: #780980) + + -- Daniel Pocock dan...@pocock.pro Sun, 22 Mar 2015 19:30:31 +0100 + resiprocate (1:1.9.7-4) unstable; urgency=medium * Use SSLv23_method instead of TLSv1_method and diff -Nru resiprocate-1.9.7/debian/patches/0003-log-tls-clean-shutdown.patch resiprocate-1.9.7/debian/patches/0003-log-tls-clean-shutdown.patch --- resiprocate-1.9.7/debian/patches/0003-log-tls-clean-shutdown.patch 1970-01-01 01:00:00.0 +0100 +++ resiprocate-1.9.7/debian/patches/0003-log-tls-clean-shutdown.patch 2015-03-22 19:43:14.0 +0100 @@ -0,0 +1,30 @@ +diff --git a/resip/stack/ssl/TlsConnection.cxx b/resip/stack/ssl/TlsConnection.cxx +index c3537aa..fb80323 100644 +--- a/resip/stack/ssl/TlsConnection.cxx b/resip/stack/ssl/TlsConnection.cxx +@@ -445,6 +445,12 @@ TlsConnection::read(char* buf, int count ) + return 0; + } + break; ++ case SSL_ERROR_ZERO_RETURN: ++ { ++DebugLog( Got SSL_ERROR_ZERO_RETURN (TLS shutdown by peer)); ++return -1; ++ } ++ break; + default: + { + handleOpenSSLErrorQueue(bytesRead, err, SSL_read); +@@ -532,6 +538,12 @@ TlsConnection::write( const char* buf, int count ) + return 0; + } + break; ++ case SSL_ERROR_ZERO_RETURN: ++ { ++DebugLog( Got SSL_ERROR_ZERO_RETURN (TLS shutdown by peer)); ++return -1; ++ } ++ break; + default: + { + handleOpenSSLErrorQueue(ret, err, SSL_write); diff -Nru resiprocate-1.9.7/debian/patches/0004-make-ensureWritable-more-tolerant.patch resiprocate-1.9.7/debian/patches/0004-make-ensureWritable-more-tolerant.patch --- resiprocate-1.9.7/debian/patches/0004-make-ensureWritable-more-tolerant.patch 1970-01-01 01:00:00.0 +0100 +++ resiprocate-1.9.7/debian/patches/0004-make-ensureWritable-more-tolerant.patch 2015-03-22 19:43:14.0 +0100 @@ -0,0 +1,55 @@ +diff --git a/resip/stack/Connection.cxx b/resip/stack/Connection.cxx +index 567c105..1f01ecc 100644 +--- a/resip/stack/Connection.cxx b/resip/stack/Connection.cxx +@@ -88,13 +88,35 @@ Connection::performWrite() + { +if(transportWrite()) +{ +- assert(mInWritable); +- getConnectionManager().removeFromWritable(this); +- mInWritable = false; +- return 0; // What does this transportWrite() mean? ++ // If we get here it means: ++ // a. on a previous invocation, SSL_do_handshake wanted to write ++ // (SSL_ERROR_WANT_WRITE) ++ // b. now the handshake is complete or it wants to read ++ if(mInWritable) ++ { ++ getConnectionManager().removeFromWritable(this); ++ mInWritable = false; ++ } ++ else ++ { ++ WarningLog(performWrite invoked while not in write set); ++ } ++ return 0; // Q. What does this transportWrite() mean? ++// A. It makes the TLS handshake move along after it ++//was waiting in the write set. ++ } ++ ++ // If the TLS handshake returned SSL_ERROR_WANT_WRITE again ++ // then we could get here without really having something to write ++ // so just return, remaining in the write set. ++ if(mOutstandingSends.empty()) ++ { ++ // FIXME: this needs to be more elaborate with respect ++ // to TLS handshaking but it doesn't appear we can do that ++ // without ABI breakage. ++ return 0; +} + +- assert(!mOutstandingSends.empty()); +switch(mOutstandingSends.front()-command) +{ +case SendData::CloseConnection: +@@ -272,7 +294,8 @@ Connection::ensureWritable() + { +if(!mInWritable) +{ +- assert(!mOutstandingSends.empty()); ++ //assert(!mOutstandingSends.empty()); // empty during TLS handshake ++ // therefore must be careful to check mOutstandingSends later + getConnectionManager().addToWritable(this); + mInWritable = true; +}
Bug#781125: [php-maint] Bug#781125: Bug#781125: php5: Segmentation fault in version 5.4.39-0+deb7u1
Thanks, I've also added a comment upstream to make sure the fix will be part of the next version (at the moment only fixed for 5.5+). Kaplan On Wed, Mar 25, 2015 at 10:29 AM, Ondřej Surý ond...@sury.org wrote: Hi Nicolas, thank you for your report. I have pulled the patch from: https://github.com/php/php-src/commit/76c1ec5e96640e3076c105bde2cccfceb7557690 Ccing security team - I am preparing deb7u2 with just this patch pulled. Cheers, Ondrej On Tue, Mar 24, 2015, at 20:40, Nicolas Baradakis wrote: Package: php5 Version: 5.4.39-0+deb7u1 Severity: important Tags: wheezy, upstream, patch Dear Maintainer, After installing the last wheezy-security update, my servers crash with segmentation fault because there is a regression in upstream release 5.4.39. https://bugs.php.net/bug.php?id=69288 A patch is provided on php.net bug system and I think it should be included in Debian package because a security update in stable is not supposed to break a live system running Wheezy. Thanks for your help. -- Nicolas Baradakis ___ pkg-php-maint mailing list pkg-php-ma...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server ___ pkg-php-maint mailing list pkg-php-ma...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint
Bug#781152: unblock (pre-approval): evolution-data-server/3.12.9~git20141128.5242b0-2+deb8u2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi release team, I'm seeking approval to upload e-d-s with a backported fix for a bug that makes IMAP shared folders completely unusable when syncing is enabled. https://bugzilla.gnome.org/show_bug.cgi?id=743533 (reported by me). The bug will unsubscribe any shared folder your account is subscribed to, and in general will drop changes made to the folders. It is also known to confuse evolution in general up to a point that it makes it unresponsive. This is the upstream commit: https://git.gnome.org/browse/evolution-data-server/commit/?id=c64b95c59e5774a6eb335805122fae5cd54f0bbf Attached is the debdiff of the full update, which consists only of a backported version of the above commit, plus changelog addition. The fix has been in use internally in my company for over a month and no regressions have been found. unblock evolution-data-server/3.12.9~git20141128.5242b0-2+deb8u2 -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru evolution-data-server-3.12.9~git20141128.5242b0/debian/changelog evolution-data-server-3.12.9~git20141128.5242b0/debian/changelog --- evolution-data-server-3.12.9~git20141128.5242b0/debian/changelog 2015-01-30 00:57:21.0 +0100 +++ evolution-data-server-3.12.9~git20141128.5242b0/debian/changelog 2015-02-12 11:00:28.0 +0100 @@ -1,3 +1,10 @@ +evolution-data-server (3.12.9~git20141128.5242b0-2+deb8u2) UNRELEASED; urgency=medium + + * d/p/05_imapx-Shared-folders-removed-folder-list-refresh.patch: Fix shared +IMAP folders disappearing in some situations. + + -- Jordi Mallach jo...@debian.org Thu, 12 Feb 2015 10:59:19 +0100 + evolution-data-server (3.12.9~git20141128.5242b0-2+deb8u1) unstable; urgency=medium * d/p/03_Use-after-free-gpg-verif.patch: Fix crash during GPG signature diff -Nru evolution-data-server-3.12.9~git20141128.5242b0/debian/patches/03_Use-after-free-gpg-verif.patch evolution-data-server-3.12.9~git20141128.5242b0/debian/patches/03_Use-after-free-gpg-verif.patch --- evolution-data-server-3.12.9~git20141128.5242b0/debian/patches/03_Use-after-free-gpg-verif.patch 2015-01-29 23:49:10.0 +0100 +++ evolution-data-server-3.12.9~git20141128.5242b0/debian/patches/03_Use-after-free-gpg-verif.patch 2015-02-12 12:19:19.0 +0100 @@ -4,11 +4,11 @@ Subject: Bug 741434 - Use-after-free after error in GPG signature verification -diff --git a/camel/camel-gpg-context.c b/camel/camel-gpg-context.c -index 742e943..0b694a7 100644 a/camel/camel-gpg-context.c -+++ b/camel/camel-gpg-context.c -@@ -1888,6 +1888,7 @@ gpg_verify_sync (CamelCipherContext *context, +Index: evolution-data-server-3.12.9~git20141128.5242b0/camel/camel-gpg-context.c +=== +--- evolution-data-server-3.12.9~git20141128.5242b0.orig/camel/camel-gpg-context.c evolution-data-server-3.12.9~git20141128.5242b0/camel/camel-gpg-context.c +@@ -1889,6 +1889,7 @@ gpg_verify_sync (CamelCipherContext *con g_object_unref (filter); g_object_unref (istream); @@ -16,6 +16,3 @@ g_seekable_seek (G_SEEKABLE (canon_stream), 0, G_SEEK_SET, NULL, NULL); --- -cgit v0.10.1 - diff -Nru evolution-data-server-3.12.9~git20141128.5242b0/debian/patches/05_imapx-Shared-folders-removed-folder-list-refresh.patch evolution-data-server-3.12.9~git20141128.5242b0/debian/patches/05_imapx-Shared-folders-removed-folder-list-refresh.patch --- evolution-data-server-3.12.9~git20141128.5242b0/debian/patches/05_imapx-Shared-folders-removed-folder-list-refresh.patch 1970-01-01 01:00:00.0 +0100 +++ evolution-data-server-3.12.9~git20141128.5242b0/debian/patches/05_imapx-Shared-folders-removed-folder-list-refresh.patch 2015-02-12 12:18:43.0 +0100 @@ -0,0 +1,77 @@ +From c64b95c59e5774a6eb335805122fae5cd54f0bbf Mon Sep 17 00:00:00 2001 +From: Milan Crha mc...@redhat.com +Date: Wed, 11 Feb 2015 18:13:37 +0100 +Subject: Bug 743533 - [IMAPx] Shared folders removed on folder list refresh + + +Index: evolution-data-server-3.12.9~git20141128.5242b0/camel/providers/imapx/camel-imapx-store.c +=== +--- evolution-data-server-3.12.9~git20141128.5242b0.orig/camel/providers/imapx/camel-imapx-store.c evolution-data-server-3.12.9~git20141128.5242b0/camel/providers/imapx/camel-imapx-store.c +@@ -1425,8 +1425,6 @@ sync_folders (CamelIMAPXStore *imapx_sto + { + CamelIMAPXServer *server; + GHashTable *folder_info_results; +- GPtrArray *array; +- guint ii; + gboolean success; + + server = camel_imapx_store_ref_server (imapx_store, NULL, FALSE,
Bug#764084:
Hi, I've the same problem. And, indeed, my eth0 is configured for DHCP, and it is not connected at boot when the problem happens. I'll dig for more information about NetworkManager and ifplugd to fix my problem, but, do you really think it's working as designed when avahi-autoipd creates a new default route to an unconnected interface (see original post - I've the exact same behaviour-)? Because that really is the problem: When I delete this route, my wireless connectivity works again. Best regards, Cyrille
Bug#770397: Acknowledgement (linux-image-3.16.0-4-amd64: suspend drains the battery as if it's not)
Thanks Zachary, I confirm your workaround seems to make this work correctly. I'm not sure that these modules are important for a personal usage, but maybe I miss something here? -- Julien On 21 November 2014 at 00:12, Debian Bug Tracking System ow...@bugs.debian.org wrote: Thank you for filing a new Bug report with Debian. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Debian Kernel Team debian-ker...@lists.debian.org If you wish to submit further information on this problem, please send it to 770...@bugs.debian.org. Please do not send mail to ow...@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. -- 770397: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770397 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#781150: Info received (Bug#781150: Acknowledgement (linux-image-3.16.0-4-amd64: Integrated Screen switches off when plugging in an external HDMI screen))
However: * Signing off didn't work: nothing happens. (LIkely a Gnome issue) * Switching to the VT, it's cloned on both screens. * Restarting gdm3 with the HDMI cable still plugged in don't change anything: Integrated Screen is off while External Screen is on, when in X. * But restarting gdm3 with the HDMI cable off make the Integrated Screen work again.
Bug#772823: ITP: kimchi -- HTML5 baseITP: kimchi -- HTML5 based management tool for KVM.d management tool for KVM.
Hi Julien, thanks for this one. I added it to the lastest packaging I pushed on mentors.debian.net . I also added a patch that I sent for review on @kimchi-devel which should make possible to use http://server/kimchi with a sub-site configuration file in nginx based on commentis of Robie Basak to comply better with : http://webapps-common.alioth.debian.org/draft/html/ch-httpd.html F. On Sun, 22 Mar 2015 23:37:44 +1100, Julien Goodwin jgood...@studio442.com.au wrote: One more missing dep that slipped through, novnc is missing from the package deps. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781136: RFS: pyqso/0.2-1 [ITP]
Hi Riley, On Wed, Mar 25, 2015 at 05:15:36PM +1100, Riley Baird wrote: That's great! I'm not a DD, so I can't sponsor your package, but here are my thoughts: Thanks for the review. d/changelog: -As this is a new package, priority should be low. Added to my pre-upload checklist. I make pre-release uploads for testing to a private repository for my friends and upstream mailing lists. Looks like this got changed somewhere by dch. d/copyright: -Remove the copyright symbol. -If you worked on the package this year, you should probably add 2015 to the years. Similarly, upstream development has continued past 2013 so you should probably give 2013-2015 as the years for the non-Debian parts. Years have been updated. I've had the copyright symbol in my other packages, and this is part of the Debian Med package template created by tille. If the copyright symbol is against policy, I have a lot of things to fix as will others. Left it in for now. d/docs: -Include README.md as well. Good point. Done. d/pyqso.1: -You should try submitting this upstream. Already done. General: -I got the below error when building. Have you forgotten a build-depends, or is this message to be expected? ERROR:root:Could not import a non-standard Python module needed by the GreyLine class, or the version of the non-standard module is too old. Check that all the PyQSO dependencies are satisfied. ERROR:root:Could not import the Hamlib module! ERROR:root:Could not import the Hamlib module! reading sources... Yep. The software includes the modules if they're available, and they are dependencies of the binary package, but not required during the build. Might ask upstream to change ERROR to Warning so it's a bit less scary. The new package has been uploaded to mentors.d.o. Thanks, Iain. -- e: i...@fsfe.orgw: iain.learmonth.me x: i...@jabber.fsfe.org t: EPVPN 2105 c: 2M0STB g: IO87we p: 1F72 607C 5FF2 CCD5 3F01 600D 56FF 9EA4 E984 6C49 pgp9_UWB3HE8l.pgp Description: PGP signature
Bug#781136: RFS: pyqso/0.2-1 [ITP]
Hi, On Wed, Mar 25, 2015 at 09:53:41AM +0100, John Paul Adrian Glaubitz wrote: I do sponsoring on a regular basis and I am also an aspiring ham radio operator. I'd be happy to help. Awesome. I believe the package on mentors.d.o is ready for upload. The initial package I uploaded had a couple of issues with it wrt dates not mentioning 2015 (I initially did this packaging work last year) and README.md not appearing in d/docs. I have tested the functionality of the package, as has the upstream author, and we both find it to be working. Upstream also tested the package on a fresh install to ensure all the dependencies were present. Thanks, Iain. -- e: i...@fsfe.orgw: iain.learmonth.me x: i...@jabber.fsfe.org t: EPVPN 2105 c: 2M0STB g: IO87we p: 1F72 607C 5FF2 CCD5 3F01 600D 56FF 9EA4 E984 6C49 pgpQV8bYBwY1W.pgp Description: PGP signature
Bug#780748: Change merged upstream
Any update on this? The change has now been merged upstream: http://code.qt.io/cgit/qt/qtwebkit.git/commit/?h=5.4id=2810aea1f6c9cca48b93130a7c245f9a2f85637e Florian -- http://www.the-compiler.org | m...@the-compiler.org (Mail/XMPP) GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc I love long mails! | http://email.is-not-s.ms/ pgpofOjy8LjfH.pgp Description: PGP signature
Bug#781149: ITP: python-mistralclient -- OpenStack Workflow as a Service client
Package: wnpp Severity: wishlist Owner: Thomas Goirand z...@debian.org * Package name: python-mistralclient Version : 2015.1~b3 Upstream Author : OpenStack Foundation openstack-...@lists.openstack.org * URL : https://github.com/stackforge/python-mistralclient * License : Apache-2.0 Programming Lang: Python Description : OpenStack Workflow as a Service client Mistral is a task management service. It is also known as Workflow as a Service. Most business processes consist of multiple distinct interconnected steps that need to be executed in a particular order in a distributed environment. One can describe such process as a set of tasks and task relations and upload such description to Mistral so that it takes care of state management, correct execution order, task distribution and high availability. Mistral also provides flexible task scheduling so that we can run a process according to a specified schedule (i.e. every Sunday at 4.00pm) instead of running it immediately. We call such set of tasks and dependencies between them a workflow. Independent routes in a workflow (which, in fact, is a graph) are called flows and Mistral can execute them in parallel. Note: This is a new dependency of Murano, which graduated from incubation. The project Mistral itself, is IMO not yet ready for an upload in Debian. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775850: timblserver: FTBFS in unstable: error: 'class Timbl::GetOptClass' has no member named 'getLogFile'
Hi, On Wed, 2015-03-25 at 06:46 +0100, Joost van Baal-Ilić wrote: On Tue, Jan 20, 2015 at 05:23:22PM +, James Cowgill wrote: Source: timblserver Version: 1.7-4 Severity: serious Tags: sid Hi, timblserver FTBFS in unstable (but not in testing) on amd64 with the following error: [...] I'll get to this soonish. It'll get fixed with the upcoming upload of new upstream 1.9. (Note to self: first convert repo from svn to git.) Thanks for reporting! Bye, Joost PS: do you happen to know if this endangers timblserver in jessie? I'd guess not... No it doesn't - timblserver builds fine on jessie. The 'sid' tag should prevent anything bad happening. Thanks, James signature.asc Description: This is a digitally signed message part
Bug#781150: linux-image-3.16.0-4-amd64: Integrated Screen switches off when plugging in an external HDMI screen
Package: src:linux Version: 3.16.7-ckt7-1 Severity: normal Hi, I have a Lenovo Thinkpad Yoga. This is a laptop. As soon as I plug-in an external HDMI screen, the Integrated Screen switches off. Yet xrandr and gnome's screen preference window still says it's on. I tried switching it off and on using these commands: xrandr --output eDP1 --off xrandr --output eDP1 --auto When I input that last command I clearly see that the Integrated Screen flashes with Gnome's lockscreen before being off again. When I unplug the external HDMI screen, it's not back to normal. Rarely suspending/resuming the laptop make it work again. I tried the workaround of adding a script in /etc/pm/sleep.d/ that runs chvt 1; chvt 7 but this changed nothing. Please also note that merely booting to the older kernel linux- image-3.14-2-amd64 (I have version 3.14.15-2) makes it work perfectly. That's why I think it's a kernel bug. Here is the current xrandr output with an external HDMI screen and my integrated screen off (despite xrandr saying otherwise): $ xrandr Screen 0: minimum 320 x 200, current 3840 x 1080, maximum 8192 x 8192 eDP1 connected primary 1920x1080+1920+0 (normal left inverted right x axis y axis) 276mm x 156mm 1920x1080 60.04*+ 59.93 1680x1050 59.9559.88 1600x1024 60.17 1400x1050 59.98 1280x1024 60.02 1440x900 59.89 1280x960 60.00 1360x768 59.8059.96 1152x864 60.00 1024x768 60.00 800x600 60.3256.25 640x480 59.94 DP1 disconnected (normal left inverted right x axis y axis) HDMI1 disconnected (normal left inverted right x axis y axis) HDMI2 connected 1920x1080+0+0 (normal left inverted right x axis y axis) 1060mm x 626mm 1920x1080 60.00*+ 50.0059.9430.0025.0024.0029.97 23.98 1920x1080i60.0050.0059.94 1680x1050 59.88 1600x900 59.98 1280x1024 75.0260.02 1440x900 59.90 1366x768 59.79 1280x800 59.91 1152x864 75.00 1280x720 60.0050.0059.94 1440x576i 50.00 1024x768 75.0870.0760.00 1440x480i 60.0059.94 832x624 74.55 800x600 72.1975.0060.32 720x576 50.00 720x480 60.0059.94 640x480 75.0072.8166.6760.0059.94 720x400 70.08 Here is a trace I _sometimes_ get when I plug in an external HDMI screen: [ 7925.045494] [ cut here ] [ 7925.045536] WARNING: CPU: 0 PID: 1821 at /build/linux- SAvLSw/linux-3.16.7-ckt7/drivers/gpu/drm/i915/intel_pm.c:5992 intel_display_power_put+0x127/0x150 [i915]() [ 7925.045539] Modules linked in: nls_utf8 nls_cp437 vfat fat ctr ccm option usb_wwan usbserial wacom hid_sensor_magn_3d hid_sensor_incl_3d hid_sensor_gyro_3d hid_sensor_accel_3d hid_sensor_rotation hid_sensor_als hid_sensor_trigger industrialio_triggered_buffer kfifo_buf hid_sensor_iio_common industrialio hid_sensor_hub cpufreq_userspace cpufreq_powersave cpufreq_conservative cpufreq_stats bnep snd_hda_codec_hdmi nfsd auth_rpcgss oid_registry nfs_acl nfs lockd fscache sunrpc ecb qmi_wwan cdc_wdm usbnet mii usb_storage hid_multitouch uvcvideo videobuf2_vmalloc videobuf2_memops btusb videobuf2_core v4l2_common usbhid videodev bluetooth media hid 6lowpan_iphc joydev arc4 x86_pkg_temp_thermal intel_powerclamp intel_rapl coretemp kvm_intel kvm crc32_pclmul iTCO_wdt iTCO_vendor_support ghash_clmulni_intel [ 7925.045604] iwlmvm mac80211 aesni_intel efi_pstore snd_hda_codec_conexant snd_hda_codec_generic iwlwifi aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd evdev psmouse serio_raw pcspkr efivars rtsx_pci_ms cfg80211 memstick i915 i2c_i801 tpm_tis lpc_ich wmi tpm thinkpad_acpi nvram rfkill snd_hda_intel battery drm_kms_helper snd_hda_controller ac snd_hda_codec drm snd_hwdep snd_pcm video i2c_algo_bit i2c_core snd_timer snd intel_smartconnect shpchp soundcore mei_me processor mei button fuse autofs4 ext4 crc16 mbcache jbd2 sg sd_mod crc_t10dif crct10dif_generic rtsx_pci_sdmmc mmc_core crct10dif_pclmul crct10dif_common crc32c_intel ahci libahci libata ehci_pci ehci_hcd xhci_hcd scsi_mod rtsx_pci mfd_core usbcore thermal usb_common thermal_sys [ 7925.045690] CPU: 0 PID: 1821 Comm: Xorg Tainted: GW 3.16.0-4-amd64 #1 Debian 3.16.7-ckt7-1 [ 7925.045693] Hardware name: LENOVO 20CDCTO1WW/20CDCTO1WW, BIOS GQET34WW (1.14 ) 02/26/2014 [ 7925.045696] 0009 81509e7c 81067727 [ 7925.045702] 8802159a002c 8802159a 8802159a 880214168000 [ 7925.045708] 8802159a8520 a03c3127 000b 8802159a [ 7925.045714] Call Trace: [ 7925.045724] [81509e7c] ? dump_stack+0x41/0x51 [ 7925.045732] [81067727] ? warn_slowpath_common+0x77/0x90 [ 7925.045751] [a03c3127] ? intel_display_power_put+0x127/0x150 [i915] [ 7925.045777] [a0409434] ?
Bug#781150: Acknowledgement (linux-image-3.16.0-4-amd64: Integrated Screen switches off when plugging in an external HDMI screen)
Additional info: I booted with the HDMI cable in: at the login session, both screens were working. But as soon as I logged in to Gnome the integrated screen switched off. So maybe the Linux kernel is not the only culprit here.
Bug#781128: security.debian.org: GeoDNS load balancing of Debian Security mirrors + out of date mirrors means you cant patch
* Sam McLeod: 4) Mirror given by GeoDNS for security.debian.org was: - nashira.anu.edu.au (Located in Canberra, Australia) - Out of date and did not contain the patch. As far as I can tell, the Australian mirror is in sync now: $ wget -q -O- --header Host: security.debian.org http://gluck.debian.org/debian-security/dists/wheezy/updates/ | grep InRelease trtd valign=topimg src=/icons/unknown.gif alt=[ ]/tdtda href=InReleaseInRelease/a/tdtd align=right24-Mar-2015 21:32 /tdtd align=right101K/td/tr Either this was temporary, or the issue had a different cause. Note that mirror update is not instantaneous around the globe. In some cases, the debian-security-announce message will arrive some time before packages are available. In other cases, the message arrives afterwards. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781153: [zanshin] Fix compatibility with zanshin development version
Package: zanshin Version: 0.2.1-1+b2 Severity: grave I had data loss when using a mix of the Debian version and the current development version of zanshin. The problem is that the zanshin in Debian fails to handle the projects of the current development zanshin. This problem was fixed in http://commits.kde.org/zanshin/325ebf25a5de3cfeb02c4cd71deacfea3dc767e3 (the only difference between zanshin 0.2.1 and 0.2.2 - for some reason the 0.2.2 was tagged but never uploaded to http://files.kde.org/zanshin/ ) --- System information. --- Architecture: amd64 Kernel: Linux 3.16.0-4-amd64 Debian Release: 8.0 500 testinghttp.debian.net --- Package information. --- Package's Depends field is empty. Package's Recommends field is empty. Package's Suggests field is empty. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#746580: sysv-rc: [patch] much improved update-rc.d integration w/ systemd
Control: severity -1 serious On Sat, 21 Mar 2015, Florian Schlichting wrote: I think the severity should be raised - the working of update-rc.d ought to be improved for jessie. Done now. I will file a separate bug on openbsd-inetd for the problem I encountered. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781154: ITP: libphpcpp -- a C++ library for developing PHP extensions
Package: wnpp Severity: wishlist Owner: Rafal Goslawski rafal.goslaw...@copernica.com * Package name: libphpcpp Version : 1.3.1 Upstream Author : Emiel Bruijntjes emiel.buijnt...@copernica.com * URL : http://www.php-cpp.com/ * License : Apache Programming Lang: C++ Description : a C++ library for developing PHP extensions The PHP-CPP library is a C++ library for developing PHP extensions. It offers a collection of well documented and easy-to-use classes that can be used and extended to build native extensions for PHP. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669735: dpkg-www: transition towards Apache 2.4
Control: tags -1 patch Attached is a fix. It's also available on mentors at: https://mentors.debian.net/package/dpkg-www diff -Nru dpkg-www-2.54+nmu1/debian/changelog dpkg-www-2.55/debian/changelog --- dpkg-www-2.54+nmu1/debian/changelog 2008-05-30 22:47:16.0 +0200 +++ dpkg-www-2.55/debian/changelog 2015-03-25 11:17:24.0 +0100 @@ -1,3 +1,20 @@ +dpkg-www (2.55) unstable; urgency=medium + + * QA upload: +- d/control: Set maintainer address to QA. + * Apache2.4 transition (Closes: #669735): +- d/control: Build-depends on dh-apache2, change hard Depends on apache2 + to use of misc:Recommends. +- d/rules: Add dh_apache2. +- New d/dpkg-www.apache2 to handle apache configuration, renamed + src/apache.conf to debian/dpkg-www.conf. +- d/maintscript: rm_conffile in /etc/apache for apache1, mv_conffile to + conf-available. +- Makefile: No longer handling apache2 conf. +- d/postinst: No longer handling apache2 conf. File deleted. + + -- Jean-Michel Nirgal Vourgère jmv_...@nirgal.com Wed, 25 Mar 2015 11:04:14 +0100 + dpkg-www (2.54+nmu1) unstable; urgency=low * Non-maintainer upload. diff -Nru dpkg-www-2.54+nmu1/debian/control dpkg-www-2.55/debian/control --- dpkg-www-2.54+nmu1/debian/control 2008-06-28 21:07:04.0 +0200 +++ dpkg-www-2.55/debian/control 2015-03-25 10:56:39.0 +0100 @@ -1,13 +1,14 @@ Source: dpkg-www Section: doc Priority: optional -Maintainer: Massimo Dal Zotto d...@debian.org -Build-Depends: debhelper (= 4.1.16) +Maintainer: Debian QA Group packa...@qa.debian.org +Build-Depends: debhelper (= 4.1.16), dh-apache2 Standards-Version: 3.5.8 Package: dpkg-www Architecture: all -Depends: apt, dwww, info2www, perl | perl5, apache2 | httpd +Depends: apt, dwww, info2www, perl | perl5 +Recommends: ${misc:Recommends} Suggests: dlocate, grep-dctrl, mozilla-firefox | www-browser, man2html, tasksel Description: Web based Debian package browser With the dpkg cgi-bin you can browse Debian packages on a local or diff -Nru dpkg-www-2.54+nmu1/debian/dpkg-www.apache2 dpkg-www-2.55/debian/dpkg-www.apache2 --- dpkg-www-2.54+nmu1/debian/dpkg-www.apache2 1970-01-01 01:00:00.0 +0100 +++ dpkg-www-2.55/debian/dpkg-www.apache2 2015-03-25 10:53:27.0 +0100 @@ -0,0 +1 @@ +conf debian/dpkg-www.conf diff -Nru dpkg-www-2.54+nmu1/debian/dpkg-www.conf dpkg-www-2.55/debian/dpkg-www.conf --- dpkg-www-2.54+nmu1/debian/dpkg-www.conf 1970-01-01 01:00:00.0 +0100 +++ dpkg-www-2.55/debian/dpkg-www.conf 2005-10-07 13:18:06.0 +0200 @@ -0,0 +1,11 @@ +# Apache config for dpkg-www + +# Disable execution of dpkg from remote hosts +Location /cgi-bin/dpkg +order deny,allow +deny from all +allow from localhost 127.0.0.1 +# allow from .your_domain.com +/Location + +# End dpkg-www config diff -Nru dpkg-www-2.54+nmu1/debian/maintscript dpkg-www-2.55/debian/maintscript --- dpkg-www-2.54+nmu1/debian/maintscript 1970-01-01 01:00:00.0 +0100 +++ dpkg-www-2.55/debian/maintscript 2015-03-25 10:31:06.0 +0100 @@ -0,0 +1,2 @@ +rm_conffile /etc/apache/conf.d/dpkg-www 2.55~ +mv_conffile /etc/apache2/conf.d/dpkg-www /etc/apache2/conf-available/dpkg-www.conf 2.55~ diff -Nru dpkg-www-2.54+nmu1/debian/postinst dpkg-www-2.55/debian/postinst --- dpkg-www-2.54+nmu1/debian/postinst 2006-09-26 14:13:39.0 +0200 +++ dpkg-www-2.55/debian/postinst 1970-01-01 01:00:00.0 +0100 @@ -1,29 +0,0 @@ -#!/bin/sh - -set -e - -case $1 in -configure) - ;; -abort-upgrade|abort-remove|abort-deconfigure) - exit 0 - ;; -*) -echo postinst called with unknown argument \`$1' 2 - exit 1 - ;; -esac - -for server in apache2 apache apache-ssl; do -apachectl=/usr/sbin/${server}ctl -apachepid=/var/run/${server}.pid -if [ -x $apachectl -a -f $apachepid ]; then - echo Restarting $server... 2 - $apachectl restart 2 /dev/null || true -fi -done - -#DEBHELPER# -exit 0 - -# end of file diff -Nru dpkg-www-2.54+nmu1/debian/:q dpkg-www-2.55/debian/:q --- dpkg-www-2.54+nmu1/debian/:q 1970-01-01 01:00:00.0 +0100 +++ dpkg-www-2.55/debian/:q 2015-03-25 11:18:48.0 +0100 @@ -0,0 +1,744 @@ +dpkg-www (2.55) unstable; urgency=medium + + * QA upload: +- d/control: Set maintainer address to QA. + * Apache2.4 transition (Closes: #669735): +- d/control: Build-depends on dh-apache2, change hard Depends on apache2 + to use of misc:Recommends. +- d/rules: Add dh_apache2. +- New d/dpkg-www.apache2 to handle apache configuration, renamed + src/apache.conf to debian/dpkg-www.conf. +- d/maintscript: rm_conffile in /etc/apache for apache1, mv_conffile to + conf-available. +- Makefile: No longer handling apache2 conf. +- d/postinst: No longer handling apache2 conf. File deleted. + + -- Jean-Michel Nirgal Vourgère jmv_...@nirgal.com Wed, 25 Mar 2015 11:04:14 +0100 + +dpkg-www (2.54+nmu1) unstable; urgency=low + + * Non-maintainer upload. + * Lintian-based changes: +
Bug#781161: dovecot-core: Can't log in via imap on kFreeBSD amd64 (Auth request missing a file descriptor)
Package: dovecot-core Version: 1:2.2.15-1 Severity: important Dear Maintainer, After upgrading my Debian kFreeBSD machine from Wheezy to Jessie, dovecot imap stopped working. The version from experiemental was also broken in the same way. After I attempt to sign in with valid information, the following messages are logged: dovecot: imap: Error: Auth request missing a file descriptor dovecot: imap-login: Error: read(imap) failed: Remote closed connection (service's process_limit reached?) When direcly invoking imap (mutt's set tunnel=/usr/lib/dovecot/imap), all is well. When I attempt to sign in with invalid information, the incorrect password is diagnosed. So this problem is not actually with authentication. I was not able to determine the exact cause of the problem, but I did determine that the problems pertains to the fd-passing code, fd_send() / fd_read(). In the imap process, fd_read succeeds but CHECK_CMSG(cmsg) is false. Neither defining BUGGY_CMSG_MACROS nor redefining CHECK_CMSG as for LINUX20 resolved the problem; doing the latter caused read_fd to fill out *fd with an invalid file number. Anyway, fdpass.c looks substantially similar from 2.1 to 2.2 so perhaps the problem lies elsewhere and this was a red herring. [most information below pertains to the *working version*, 1:2.1.7-7+deb7u1] -- Package-specific info: dovecot configuration - # 2.1.7: /etc/dovecot/dovecot.conf # OS: GNU/kFreeBSD 10.1-0-amd64 x86_64 auth_verbose = yes debug_log_path = /tmp/dovecot.debug disable_plaintext_auth = no lda_mailbox_autocreate = yes mail_location = maildir:~/Maildir namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = failure_show_msg=yes driver = pam } passdb { args = /etc/dovecot/extra.passwd driver = passwd-file } postmaster_address = postmas...@unpythonic.net protocols = imap ssl = required ssl_cert = /etc/dovecot/ssl/dovecot.cert ssl_key = /etc/dovecot/ssl/dovecot.key userdb { driver = passwd } userdb { args = /etc/dovecot/extra.passwd driver = passwd-file } verbose_ssl = yes -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (990, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: kfreebsd-amd64 (x86_64) Kernel: kFreeBSD 10.1-0-amd64 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages dovecot-core depends on: ii adduser 3.113+nmu3 ii libbz2-1.0 1.0.6-7+b2 ii libc0.1 2.19-15 ii libpam-runtime 1.1.8-3.1 ii libpam0g1.1.8-3.1 ii libssl1.0.0 1.0.1k-1 ii openssl 1.0.1k-1 ii ucf 3.0030 ii zlib1g 1:1.2.8.dfsg-2+b1 dovecot-core recommends no packages. Versions of packages dovecot-core suggests: pn dovecot-gssapinone ii dovecot-imapd 1:2.1.7-7+deb7u1 pn dovecot-ldap none pn dovecot-lmtpd none pn dovecot-managesieved none pn dovecot-mysql none pn dovecot-pgsql none pn dovecot-pop3d none pn dovecot-sieve none pn dovecot-solr none pn dovecot-sqlitenone ii ntp 1:4.2.6.p5+dfsg-5 Versions of packages dovecot-core is related to: ii dovecot-core [dovecot-common] 1:2.1.7-7+deb7u1 pn dovecot-dbgnone pn dovecot-devnone pn dovecot-gssapi none ii dovecot-imapd 1:2.1.7-7+deb7u1 pn dovecot-ldap none pn dovecot-lmtpd none pn dovecot-managesieved none pn dovecot-mysql none pn dovecot-pgsql none pn dovecot-pop3d none pn dovecot-sieve none pn dovecot-sqlite none -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#772823: ITP: kimchi -- HTML5 baseITP: kimchi -- HTML5 based management tool for KVM.d management tool for KVM.
On 25/03/15 21:01, Frederic Bonnard wrote: Hi Julien, thanks for this one. I added it to the lastest packaging I pushed on mentors.debian.net . I also added a patch that I sent for review on @kimchi-devel which should make possible to use http://server/kimchi with a sub-site configuration file in nginx based on commentis of Robie Basak to comply better with : http://webapps-common.alioth.debian.org/draft/html/ch-httpd.html Yep, been seeing those come through. On Sun, 22 Mar 2015 23:37:44 +1100, Julien Goodwin jgood...@studio442.com.au wrote: One more missing dep that slipped through, novnc is missing from the package deps. signature.asc Description: OpenPGP digital signature
Bug#781159: [Pkg-lyx-devel] Bug#781159: lyx-common: two dangling symlinks
On Wed, Mar 25, 2015 at 01:00:53PM +0100, Manolo Díaz wrote: Hi, /usr/share/lyx/thes -- ../mythes Ah I think I remember that is a compat symlink to the mythes files. So if you install for example mythes-de for german thesaurus files the destination is there. So IMO that's a won't fix issue because we would have an insanely long Suggest: list with a non helpful default for one language. Plus not everyone would like to install a thesaurus at all. Sven -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781155: Alternative solution
On Wed, 25 Mar 2015, Raphael Hertzog wrote: Hello, while discussing on #debian-systemd we have found another possible way to have the service managed under two names: And a tested version of this hack courtesy of Didier Roche (with foo.service the real service file, and bar.service the aliased variant): foo.service: [Unit] BindsTo=bar.service [Service] ExecStart=/bin/sleep 300 [Install] Also=bar.service WantedBy=multi-user.target bar.service: [Unit] BindsTo=foo.service [Service] Type=oneshot ExecStart=/bin/true RemainAfterExit=True [Install] Also=foo.service WantedBy=multi-user.target Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#764084: ifplugd NetworkManager
Ok, As I couldn't understand to configure NM to disable this zeroconf/ipv4ll stuff (where's the doc?!?), I've tried to use ifplugd. It's a neat package, but there are gotcha: 1- you need to configure it, because by default it won't monitor any interface, despite what's writen in its man page (option -i); 2- you need to uninstall avahi-autoipd, as otherwise, it will do its thing and you'll end up with a default route to 169.254 So, in my case, by uninstalling avahi-autoipd and installing and configuring ifplugd, I could overcome this issue. So, now, I've a nice system that automatically set up my ethernet network interface when needed (ie: when there's a cable plugged in), but without ipv4ll (RFC3927) support. Cyrille
Bug#781159: [Pkg-lyx-devel] Bug#781159: lyx-common: two dangling symlinks
On Wednesday, Mar 25 2015 at 13:32 UTC+1, Sven Hoexter wrote: On Wed, Mar 25, 2015 at 01:00:53PM +0100, Manolo Díaz wrote: Hi, /usr/share/lyx/thes -- ../mythes Ah I think I remember that is a compat symlink to the mythes files. So if you install for example mythes-de for german thesaurus files the destination is there. Confirmed. After installing mythes-en-us (unfortunately there is no mythes-es* packages) /usr/share/lyx/the is not a dangling symlink any more. It seems I ran apt-file search with a wrong path. Sorry. So IMO that's a won't fix issue because we would have an insanely long Suggest: list with a non helpful default for one language. Plus not everyone would like to install a thesaurus at all. Agreed. Thanks for your quick response. Best Regards, -- Manolo Díaz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781166: ifplugd doesn't monitor eth0 by default as documented
Package: ifplugd Version: 0.28-19 Severity: normal Dear Maintainer, According to ifplugd's man page, it should monitor eth0 by default (see documentation of the -i option). However, this was not the case when I installed ifplugd. And, I had to set the INTERFACES variable to eth0 in /etc/default/ifplugd to get ifplugd running. When I leave the INTERFACES variable empty, ifplugd doesn't start. To be in-line with the documentation, the INTERFACES variable should be set to eth0 at package's installation. Best regards, Cyrille *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these template lines *** -- Package-specific info: /sys/class/net/ interfaces: /sys/class/net/eth0/ /sys/class/net/lo/ /sys/class/net/wlan0/ -- System Information: Debian Release: 8.0 APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ifplugd depends on: ii debconf [debconf-2.0] 1.5.56 ii libc6 2.19-15 ii libdaemon0 0.14-6 ii lsb-base 4.1+Debian13+nmu1 Versions of packages ifplugd recommends: ii ifupdown 0.7.53.1 Versions of packages ifplugd suggests: ii wpasupplicant 2.3-1 -- debconf information: ifplugd/args: -q -f -u0 -d10 -w -I ifplugd/interfaces: ifplugd/hotplug_interfaces: ifplugd/suspend_action: stop -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#779731: dleyna-server: Dleyna saturating cpu
Package: dleyna-server Version: 0.4.0-1 Followup-For: Bug #779731 Dear Maintainer, I have a similar problem. On my core2duo machine, when I start playing an audio- or video-file in Totem (Gnome Video), the Dleyna server starts. It fully saturates one of my cores. As a result the system will eventually lock-up in say a couple of minutes, presumably due to the other processor not being able to keep up with both processing the video (Totem's processes) and handling all other processing on the system. The only cure I have is to kill the process (/usr/lib/dleyna-server/dleyna-server-service), which frees up the processor again. The service doesn't seem to come up again when continuing to play the video or audio file in Totem. When restarting Totem Dleyna will be present once again, starting to saturate my processor. -- System Information: Debian Release: 8.0 APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages dleyna-server depends on: ii libc6 2.19-15 ii libdleyna-connector-dbus-1.0-1 0.2.0-1 ii libdleyna-core-1.0-30.4.0-1 ii libglib2.0-02.42.1-1 ii libgssdp-1.0-3 0.14.10-1 ii libgupnp-1.0-4 0.20.12-1 ii libgupnp-av-1.0-2 0.12.6-1 ii libgupnp-dlna-2.0-3 0.10.2-1 ii libsoup2.4-12.48.0-1 dleyna-server recommends no packages. dleyna-server suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781159: [Pkg-lyx-devel] Bug#781159: lyx-common: two dangling symlinks
On Wed, Mar 25, 2015 at 01:00:53PM +0100, Manolo Díaz wrote: Hi, Two symlinks in lyx-common point to files no provided by any debian package, at least in the Jessie branch: /usr/share/lyx/thes -- ../mythes /usr/share/icons/hicolor/48x48/apps/lyx.png -- ../../../../lyx/images/lyx.png I haven't found any use impact, though. The icon issue is fixed with the latest package in unstable but back then the fix wasn't accepted by the release team. (The package would've introduced other issues as we learned later, but the fix would've been rejected anyway.) The thes - mythes thing is still open and should be fixed. Thanks for the report. Sven -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781160: RM: libcapsinetwork -- ROM; obsolete, no upstream, IPv4 only
Package: ftp.debian.org Severity: normal Hello, please remove libcapsinetwork from unstable and if possible also from the testing distribution. If it is necessary to contact the release team about that, please let me know. Reasons for removing libcapsinetwork from Debian: * no upstream release since 2005 * libcapsinetwork supports only IPv4 * This network library is obsolete and was partly integrated into monopd, the reason why it was packaged after all. The new upstream developer of monopd does not intend to work on libcapsinetwork and also recommends to remove it from Debian. New networking features will be integrated into monopd. * libcapsinetwork has no further reverse-dependencies See also https://bugs.debian.org/781044 for reference. Regards, Markus -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781162: slapd segfaults on pass-through SASL authentication
Package: slapd Version: 2.4.31-1+nmu2 Severity: grave Justification: renders package unusable Dear Maintainer, I'm trying to set up pass-through authentication against Kerberos Realm for our LDAP Directory. For that I installed saslauthd and confirmed the operation with sasl-sample-client/server and testsaslauthd. * What led up to the situation? To pass off authentication, set the userPassword attribute to {SASL}Username@KRBREALM in the LDAP directory, as explained on http://www.openldap.org/doc/admin24/security.html * What exactly did you do (or not do) that was effective (or ineffective)? After doing so, slapd crashes on log-in. * What was the outcome of this action? I'm attaching a gdb trace as good as I was able to create * What outcome did you expect instead? Functioning log-in operation. -- Syslog message Mar 25 12:47:34 server slapd[16578]: slap_listener(ldap:///) Mar 25 12:47:34 server slapd[16578]: conn=1004 fd=21 ACCEPT from IP=139.*.*.*:51272 (IP=0.0.0.0:389) Mar 25 12:47:34 server slapd[16578]: connection_get(21): got connid=1004 Mar 25 12:47:34 server slapd[16578]: connection_read(21): checking for input on id=1004 Mar 25 12:47:34 server slapd[16578]: op tag 0x60, time 1427284054 Mar 25 12:47:34 server slapd[16578]: conn=1004 op=0 do_bind Mar 25 12:47:34 server slapd[16578]: dnPrettyNormal: cn=*,ou=People,dc=,dc=org Mar 25 12:47:34 server slapd[16578]: dnPrettyNormal: cn=*,ou=People,dc=,dc=org, cn=*,ou=people,dc=,dc=org Mar 25 12:47:34 server slapd[16578]: conn=1004 op=0 BIND dn=*,ou=People,dc=,dc=org method=128 Mar 25 12:47:34 server slapd[16578]: do_bind: version=3 dn=cn=*,ou=People,dc=,dc=org method=128 Mar 25 12:47:34 server slapd[16578]: bdb_dn2entry(cn=*,ou=people,dc=,dc=org) Mar 25 12:47:34 server slapd[16578]: = hdb_dn2id(ou=people,dc=,dc=org) Mar 25 12:47:34 server slapd[16578]: = hdb_dn2id: got id=0x4 Mar 25 12:47:34 server slapd[16578]: = hdb_dn2id(cn=*,ou=people,dc=,dc=org) Mar 25 12:47:34 server slapd[16578]: = hdb_dn2id: got id=0x237 Mar 25 12:47:34 server slapd[16578]: entry_decode: Mar 25 12:47:34 server slapd[16578]: = entry_decode() Mar 25 12:47:34 server kernel: [571560.569822] slapd[16598]: segfault at 0 ip 7f83289a735a sp 7f8323a47db8 error 4 in libc-2.13.so[7f8328929000+181000] -- Stack trace #0 __strcmp_sse2 () at ../sysdeps/x86_64/multiarch/../strcmp.S:214 No locals. #1 0x7effc77d14ec in select_backend (dn=dn@entry=0x7effc0aa4f28, noSubs=noSubs@entry=1) at ../../../../servers/slapd/backend.c:697 j = optimized out len = optimized out dnlen = 0 be = 0x7effc8a79c30 #2 0x7effc78168a3 in slap_auxprop_lookup (glob_context=optimized out, sparams=optimized out, flags=0, user=optimized out, ulen=optimized out) at ../../../../servers/slapd/sasl.c:345 cb = {sc_next = 0x0, sc_response = 0x7effc7815fb0 sasl_ap_lookup, sc_cleanup = 0, sc_private = 0x7effc0aa4e40} opbuf = {ob_op = {o_hdr = 0x0, o_tag = 0, o_time = 0, o_tincr = 0, o_bd = 0x0, o_req_dn = {bv_len = 0, bv_val = 0x0}, o_req_ndn = {bv_len = 0, bv_val = 0x0}, o_request = {oq_add = {rs_modlist = 0x0, rs_e = 0x0}, oq_bind = { rb_method = 0, rb_cred = {bv_len = 0, bv_val = 0x0}, rb_edn = {bv_len = 0, bv_val = 0x0}, rb_ssf = 0, rb_mech = {bv_len = 0, bv_val = 0x0}}, oq_compare = {rs_ava = 0x0}, oq_modify = {rs_mods = {rs_modlist = 0x0, rs_no_opattrs = 0 '\000'}, rs_increment = 0}, oq_modrdn = {rs_mods = {rs_modlist = 0x0, rs_no_opattrs = 0 '\000'}, rs_deleteoldrdn = 0, rs_newrdn = {bv_len = 0, bv_val = 0x0}, rs_nnewrdn = {bv_len = 0, bv_val = 0x0}, rs_newSup = 0x0, rs_nnewSup = 0x0}, oq_search = {rs_scope = 0, rs_deref = 0, rs_slimit = 0, rs_tlimit = 0, rs_limit = 0x0, rs_attrsonly = 0, rs_attrs = 0x0, rs_filter = 0x0, rs_filterstr = {bv_len = 0, bv_val = 0x0}}, oq_abandon = {rs_msgid = 0}, oq_cancel = {rs_msgid = 0}, oq_extended = {rs_reqoid = {bv_len = 0, bv_val = 0x0}, rs_flags = 0, rs_reqdata = 0x0}, oq_pwdexop = {rs_extended = {rs_reqoid = {bv_len = 0, bv_val = 0x0}, rs_flags = 0, rs_reqdata = 0x0}, rs_old = {bv_len = 0, bv_val = 0x0}, rs_new = {bv_len = 0, bv_val = 0x0}, rs_mods = 0x0, rs_modtail = 0x0}}, o_abandon = 0, o_cancel = 0, o_groups = 0x0, o_do_not_cache = 0 '\000', o_is_auth_check = 0 '\000', o_dont_replicate = 0 '\000', o_acl_priv = ACL_NONE, o_nocaching = 0 '\000', o_delete_glue_parent = 0 '\000', o_no_schema_check = 0 '\000', o_no_subordinate_glue = 0 '\000', o_ctrlflag = '\000' repeats 31 times, o_controls = 0x0, o_authz = {sai_method = 0, sai_mech = {bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len = 0, bv_val = 0x0}, sai_ndn = {bv_len = 0, bv_val = 0x0}, sai_ssf = 0, sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf = 0}, o_ber = 0x0, o_res_ber = 0x0,
Bug#781151: boot often stalls with two A start job is running messages: binfmt and schroot sessions
Control: tags -1 moreinfo Dear Thibaud, Am 25.03.2015 um 10:39 schrieb Thibaut Paumard: About each time I reboot my computer, boot stalls with two start jobs unable to complete: A start job is running for Enable support for additional binary formats ([...] / no limit) A start job is running for LSB: Recover schroot sessions ([...] / no limit) When that happens, I have to forcibly halt the computer (an Apple MacBook Pro) by holding the power button. Next boot usually goes fine. This has been happening since at least end of December 2014. It looks random, with a fairly high probability (~50%). Can you boot with the following added to your kernel command line (man kerne-command-line) systemd.debug-shell. This will start a debug shell on tty9. If your system hang during boot, please switch to tty9, then save the output of ps aux systemctl list-jobs systemd-cgls Thanks, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#781145: UEFI boot issues
On Tue, Mar 24, 2015 at 11:43:17PM -0800, Patrick Brooks wrote: I have video issues when trying to install Debian using UEFI. I tried using both the system's internal boot menu and rEFInd to boot the installer. Both have video issues.The computer boots fine if I use Windows so hardware failure is not the cause. For reference: http://i.imgur.com/FKopKE0.jpg http://i.imgur.com/gOwkuwk.jpg Right. This looks like video corruption I've seen myself in testing on various platforms with Wheezy builds. Depending on the system, the video setup would *sometimes* work if retried - is this consistent for you on every boot? Also: we've moved on a long way since then. Could you try a current Jessie netinst and see how that works for you please? -- Steve McIntyre, Cambridge, UK.st...@einval.com Welcome my son, welcome to the machine. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781164: apport: more unicode errors
Package: apport Version: 2.16.2-1 Severity: normal Have a look at the attachment -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.19.2 (SMP w/4 CPU cores) Locale: LANG=en_IN.utf8, LC_CTYPE=en_IN.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages apport depends on: ii gir1.2-glib-2.0 1.42.0-2.2 ii lsb-base 4.1+Debian13+nmu1 ii python3 3.4.2-2 ii python3-apport 2.16.2-1 ii python3-gi 3.14.0-1 pn python:any none Versions of packages apport recommends: ii policykit-1 0.105-8 Versions of packages apport suggests: ii apport-gtk 2.16.2-1 -- Configuration Files: /etc/apport/crashdb.conf changed: default = 'debian-debug' databases = { 'ubuntu': { 'impl': 'launchpad', 'bug_pattern_url': 'http://people.canonical.com/~ubuntu-archive/bugpatterns/bugpatterns.xml', 'dupdb_url': 'http://people.canonical.com/~ubuntu-archive/apport-duplicates', 'distro': 'ubuntu', 'escalation_tag': 'bugpattern-needed', 'escalated_tag': 'bugpattern-written', }, 'fedora': { # NOTE this will change Fall '07 when RHT switches to bugzilla 3.x! 'impl': 'rhbugzilla', 'bug_pattern_url': 'http://qa.fedoraproject.org/apport/bugpatterns.xml', 'distro': 'fedora' }, 'debian': { 'impl': 'debian', 'distro': 'debian', 'smtphost': 'reportbug.debian.org', 'recipient': 'sub...@bugs.debian.org', 'sender': '' }, 'debian-debug': { 'impl': 'debian', 'distro': 'debian', 'smtphost': 'localhost', 'recipient': 'r...@debian.org', 'sender': 'r...@researchut.com' }, 'debug': { # for debugging 'impl': 'memory', 'bug_pattern_url': '/tmp/bugpatterns.xml', 'distro': 'debug' }, } -- no debconf information ERROR: apport (pid 12764) Wed Mar 25 16:14:46 2015: called for pid 12721, signal 11, core limit 0 ERROR: apport (pid 12764) Wed Mar 25 16:14:46 2015: Unhandled exception: Traceback (most recent call last): File /usr/share/apport/apport, line 347, in module info.add_proc_info(pid) File /usr/lib/python3/dist-packages/apport/report.py, line 544, in add_proc_info ret = self.get_logind_session(pid) File /usr/lib/python3/dist-packages/apport/report.py, line 1595, in get_logind_session for l in f.read().split('\0'): File /usr/lib/python3.4/encodings/ascii.py, line 26, in decode return codecs.ascii_decode(input, self.errors)[0] UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 2303: ordinal not in range(128) ERROR: apport (pid 12764) Wed Mar 25 16:14:46 2015: pid: 12764, uid: 1000, gid: 1000, euid: 0, egid: 0 ERROR: apport (pid 12764) Wed Mar 25 16:14:46 2015: environment: environ({}) ERROR: apport (pid 12985) Wed Mar 25 16:18:06 2015: called for pid 12977, signal 11, core limit 0 ERROR: apport (pid 12985) Wed Mar 25 16:18:06 2015: Unhandled exception: Traceback (most recent call last): File /usr/share/apport/apport, line 347, in module info.add_proc_info(pid) File /usr/lib/python3/dist-packages/apport/report.py, line 544, in add_proc_info ret = self.get_logind_session(pid) File /usr/lib/python3/dist-packages/apport/report.py, line 1595, in get_logind_session for l in f.read().split('\0'): File /usr/lib/python3.4/encodings/ascii.py, line 26, in decode return codecs.ascii_decode(input, self.errors)[0] UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 2305: ordinal not in range(128) ERROR: apport (pid 12985) Wed Mar 25 16:18:06 2015: pid: 12985, uid: 1000, gid: 1000, euid: 0, egid: 0 ERROR: apport (pid 12985) Wed Mar 25 16:18:06 2015: environment: environ({}) ERROR: apport (pid 13088) Wed Mar 25 16:20:06 2015: called for pid 13079, signal 11, core limit 0 ERROR: apport (pid 13088) Wed Mar 25 16:20:06 2015: Unhandled exception: Traceback (most recent call last): File /usr/share/apport/apport, line 347, in module info.add_proc_info(pid) File /usr/lib/python3/dist-packages/apport/report.py, line 544, in add_proc_info ret = self.get_logind_session(pid) File /usr/lib/python3/dist-packages/apport/report.py, line 1595, in get_logind_session for l in f.read().split('\0'): File /usr/lib/python3.4/encodings/ascii.py, line 26, in decode return codecs.ascii_decode(input, self.errors)[0] UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 2305: ordinal not in range(128) ERROR: apport (pid 13088) Wed Mar 25 16:20:06 2015: pid: 13088, uid: 1000, gid: 1000, euid: 0, egid: 0 ERROR: apport (pid 13088) Wed Mar 25 16:20:06 2015: environment: environ({}) ERROR: apport (pid 13289) Wed Mar 25 16:23:59 2015: called for pid 13282, signal 11, core limit 0 ERROR: apport (pid
Bug#781163: unblock (pre-approved): util-linux/2.25.2-5.1
Package: release.debian.org Severity: important User: release.debian@packages.debian.org Usertags: unblock, confirmed, moreinfo Hello up there, Recently I've discovered that `unshare -r`, though it used to work in 2014, stopped working for Jessie: https://bugs.debian.org/780841 The fix was pre-ack'ed by util-linux maintainer (Andreas Henriksson) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780841#10 and pre-approved by RT member Niels Thykier on debian-release@l.d.o: https://lists.debian.org/debian-release/2015/03/msg00661.html Niels asked to file an unblock request with full intended debdiff, which I do here. It is an NMU, because there is no reply from Andreas for several days. Hope it is ok. Thanks beforehand, Kirill diff --git a/debian/changelog b/debian/changelog index 7850238..0d80c1b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +util-linux (2.25.2-5.1) unstable; urgency=medium + + * Non-maintainer upload. + * Cherry-pick `unshare -r` fix from upstream. (Closes: #780841) + + -- Kirill Smelkov k...@nexedi.com Wed, 25 Mar 2015 16:23:34 +0300 + util-linux (2.25.2-5) unstable; urgency=medium * Revert Trigger update of initramfs on upgrades (Closes: #773354) diff --git a/debian/patches/series b/debian/patches/series index 6428b26..577ad52 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -17,3 +17,4 @@ Update-Japanese-translation.patch Update-Russian-translation.patch Trivial-unfuzzy.patch libblkid-care-about-unsafe-chars-in-cache.patch +unshare-Fix-map-root-user-to-work-on-new-kernels.patch diff --git a/debian/patches/unshare-Fix-map-root-user-to-work-on-new-kernels.patch b/debian/patches/unshare-Fix-map-root-user-to-work-on-new-kernels.patch new file mode 100644 index 000..9a469c1 --- /dev/null +++ b/debian/patches/unshare-Fix-map-root-user-to-work-on-new-kernels.patch @@ -0,0 +1,71 @@ +From: Eric W. Biederman ebied...@xmission.com +Date: Wed, 17 Dec 2014 17:06:03 -0600 +Subject: [PATCH] unshare: Fix --map-root-user to work on new kernels +Origin: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit?id=0bf159413bdb9e324864a422b7aecb081e739119 + +In rare cases droping groups with setgroups(0, NULL) is an operation +that can grant a user additional privileges. User namespaces were +allwoing that operation to unprivileged users and that had to be +fixed. + +Update unshare --map-root-user to disable the setgroups operation +before setting the gid_map. + +This is needed as after the security fix gid_map is restricted to +privileged users unless setgroups has been disabled. + +Signed-off-by: Eric W. Biederman ebied...@xmission.com +--- + include/pathnames.h | 1 + + sys-utils/unshare.c | 19 +++ + 2 files changed, 20 insertions(+) + +diff --git a/include/pathnames.h b/include/pathnames.h +index 0d21b98..cbc93b7 100644 +--- a/include/pathnames.h b/include/pathnames.h +@@ -93,6 +93,7 @@ + + #define _PATH_PROC_UIDMAP /proc/self/uid_map + #define _PATH_PROC_GIDMAP /proc/self/gid_map ++#define _PATH_PROC_SETGROUPS /proc/self/setgroups + + #define _PATH_PROC_ATTR_CURRENT /proc/self/attr/current + #define _PATH_PROC_ATTR_EXEC /proc/self/attr/exec +diff --git a/sys-utils/unshare.c b/sys-utils/unshare.c +index fccdba2..9fdce93 100644 +--- a/sys-utils/unshare.c b/sys-utils/unshare.c +@@ -39,6 +39,24 @@ + #include pathnames.h + #include all-io.h + ++static void disable_setgroups(void) ++{ ++ const char *file = _PATH_PROC_SETGROUPS; ++ const char *deny = deny; ++ int fd; ++ ++ fd = open(file, O_WRONLY); ++ if (fd 0) { ++ if (errno == ENOENT) ++ return; ++ err(EXIT_FAILURE, _(cannot open %s), file); ++ } ++ ++ if (write_all(fd, deny, strlen(deny))) ++ err(EXIT_FAILURE, _(write failed %s), file); ++ close(fd); ++} ++ + static void map_id(const char *file, uint32_t from, uint32_t to) + { + char *buf; +@@ -181,6 +199,7 @@ int main(int argc, char *argv[]) + } + + if (maproot) { ++ disable_setgroups(); + map_id(_PATH_PROC_UIDMAP, 0, real_euid); + map_id(_PATH_PROC_GIDMAP, 0, real_egid); + } -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781123: Looks similar to upstream bug #960
Just my 2c here - quicly looking at Valgrind backtrace, and the code - looks like the issue is that with attached crafted .riff file RiffVideo::tagDecoder() gets unsigned long as its' 2nd argument, which is then passed further to RiffVideo::dateTimeOriginal() as long. I'm not a CPP guru, but other functions there might suffer from the same issue: junkHandler aviHeaderTagsHandler streamHandler streamDataTagHandler Jakub, did you report this upsream already? Thanks. -- Vasyl Kaigorodov | Red Hat Product Security PGP: 0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828 pgpdIgRCMmpIt.pgp Description: PGP signature
Bug#762465: KREDIT
-- Grüß Gott, Sie brauchen dringend Darlehen? oder eine finanzielle Unterstützung? wir alle können von Darlehen mit einem sehr geringen Zinssatz, wenn Sie interessiert sind, sich ein Darlehen, kontaktieren Sie uns heute per E-Mail wernermiller...@hotmail.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774660: [Alexander Cherepanov chere...@mccme.ru] Bug#774660: Directory traversal through symlinks
On Thu, Feb 19, 2015 at 11:08:43PM +0100, Mohammed Adnène Trojette wrote: tags 774660 + upstream forwarded thanks Hi! The bug mentioned below was reported to Debian. Did you receive a reply from upstream? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781165: RFP: prospector -- Python code analysis tool
Package: wnpp Severity: wishlist * Package name: prospector Version : 0.9.9 Upstream Author : Carl Crowder * URL : https://github.com/landscapeio/prospector * License : GPL-2+ Programming Lang: Python Description : Python code analysis tool Prospector is a tool to analyse Python code and output information about errors, potential problems, convention violations and complexity. It brings together the functionality of other Python analysis tools such as pylint, pep8 and McCabe complexity. More information and a complete list of supported tools is available on the documentation site. The primary aim of Prospector is to be useful 'out of the box'. A common complaint of other Python analysis tools is that it takes a long time to filter through which errors are relevant or interesting to your own coding style. Prospector provides some default profiles, which hopefully will provide a good starting point and will be useful straight away, and adapts the output depending on the libraries your project uses. It would be nice to have this available to help check one's own Python code. -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#780816: tophat: embedded samtools copy
Dear Maintainer, Tophat 2.0.13 started to include a convience copy of samtools 0.1.18, I believe this is technically a violation of Debian policy. Though I'm not sure how hard it would be properly fix the issue. Diane Trout Hi Diane, Please see this thread for more details: https://lists.debian.org/debian-med/2014/10/msg4.html Until we have a solution we need to ship samtools 0.1.18 with tophat. Regards, Alex -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#228380:
In my case, I'm trying to get rid of the ipv4ll configuration. I wanted to use dhcpcd5 because we can disable its ipv4ll support. But eventually, I couldn't uninstall isc-dhcp-client because network-manager depends on it. So, I can't use dhcpcd5 without uninstalling network-manager (which I don't want to do atm). Cyrille
Bug#731439: linux: unable to handle kernel paging request at ffffffffffffffb8 when trying to remove a file in a checkpoint directory of a NFSv4 mount from a EMC VNx Storage
Control: retitle -1 BUG: unable to handle kernel paging request at ffb8 when trying to remove a file in a checkpoint directory of a NFSv4 mount from a EMC VNx Storage Control: found -1 3.2.14-1 Control: severity -1 important Hi Kernel Team! It looks that this is a 3.2.x specific regression introduced between 3.2.13-1 and 3.2.14-1. I failed for now to isolate the correct commit, but hope you might help in that. Using a 3.2.13-1 the bug does not appear, and trying to remove a file from such a checkpoint directory just gives rm: cannot remove `foo': Input/output error. Updating 3.2.14-1 and retrying the procedure panics the kernel. (I increased the severity beeing a regression from 3.2.13-1 and which could cause basically a DoS against other users on a multiuser system.) Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781162: [Pkg-openldap-devel] Bug#781162: slapd segfaults on pass-through SASL authentication
Control: severity -1 important Control: tags -1 confirmed Hi, Thanks for the report. You referred to saslauthd in your original message, but I noticed that the crash only happens if pwcheck_method in /etc/ldap/sasl2/slapd.conf is set to auxprop (or not set at all; auxprop is the default), whereas for pass-through authentication, AFAIK one would normally choose the saslauthd method (which, for me, works correctly and does not crash). Is that configuration by you intentional? The SASL configuration is mentioned in the upstream docs: http://www.openldap.org/doc/admin24/security.html#Configuring%20slapd%20to%20use%20an%20authentication%20provider -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774643: can't cast Hash to text
Hi There still seems to be some problems with stored configs, in a test deployment I have the following minimal node manifest: define foo($params) { } node 'test.adm.easyconnect.no' { @@foo {'bar': params = {foo = 1, bar = 2} } } We use this kind of pattern in quite a few places where it would be inconvenient to flatten it before exporting, and it works fine on wheezy. The first run of the agent works fine, and the following value is written to the database: {foo=1, bar=2} The second (and third, fourth, ...) run fails: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: can't cast Hash to text Enabling as much debug as I know how to on the master it logs this on the first (successful) run: Notice: Compiled catalog for test.adm.easyconnect.no in environment vagrant in 1.20 seconds Info: Caching catalog for test.adm.easyconnect.no Debug: Searched for resources in 0.01 seconds Debug: Searched for resource params and tags in 0.00 seconds Debug: Resource removal in 0.00 seconds Debug: Resource merger in 0.00 seconds Debug: Added resources(initialization) in 0.01 seconds Debug: Added resources(parameters) in 0.01 seconds Debug: Added resources(tags) in 0.02 seconds Debug: Resource addition in 0.06 seconds Debug: Performed resource comparison in 0.06 seconds Debug: Using cached facts for test.adm.easyconnect.no Info: Caching node for test.adm.easyconnect.no While for the second run: Info: Caching node for test.adm.easyconnect.no Notice: Compiled catalog for test.adm.easyconnect.no in environment vagrant in 0.03 seconds Info: Caching catalog for test.adm.easyconnect.no Debug: Searched for resources in 0.01 seconds Debug: Searched for resource params and tags in 0.00 seconds Debug: Resource removal in 0.00 seconds Error: can't cast Hash to text Agent version doesn't seem to matter, I've tried both 2.7 and 3.7. Master is on 3.7.2-3 from jessie. -- Knut Arne Bjørndal, Tekniker Easy Connect AS - http://1890.no E-post: knut.arne.bjorn...@easyconnect.no signature.asc Description: OpenPGP digital signature
Bug#781168: Workarounds for Google being evil with .ics feeds
Package: akonadi-server Version: 1.13.0-2 Severity: normal Hello, I have as a calendar source an .ics served by Google, with an address like this: https://www.google.com/calendar/ical/person%40gmail.com/private-12341234123412341234123412341234/basic.ics It looks like Google is being evil by breaking all the assumptions that allow an efficient update of that data feed. Not only they did not implement neither If-Modified-Since nor a sensible modification date for their ical server: Current date/time: Wed, 25 Mar 2015 14:34:24 + Headers for a HEAD request on the ics url: Content-Type: text/calendar; charset=UTF-8 X-Content-Type-Options: nosniff Pragma: no-cache Content-Length: 312906 Alternate-Protocol: 443:quic,p=0.5 Server: GSE Cache-Control: no-cache, no-store, max-age=0, must-revalidate Expires: Fri, 01 Jan 1990 00:00:00 GMT Date: Wed, 25 Mar 2015 14:34:24 GMT X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN But also the content is significantly different. This is the list of what I have observed Gmail doing to an unchanged ical feed: - DTSTAMP of each element is always now - VTIMEZONE entries appear in random order - ORGANIZER CN entries randomly change between full name and plus.google.com user ID - ATTENDEE entries randomly change between having a CN or not having it - TRIGGER entries change spontaneously - CREATED entries change spontaneously This causes akonadi to download and reprocess the entire ical feed every single time. In this case we are talking about 300Kb, which is a lot of ical data, and I end up with akonadi and the database working more often than not, a hot an noisy laptop, and an unhealthy amount of anger. I am now working on a smart diff between ical files that should be able to tell when two .ics files mangled that way are still actually the same. I'll try to keep you posted. Thank you, Enrico -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.19.0-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages akonadi-server depends on: ii akonadi-backend-postgresql 1.13.0-2 ii libakonadiprotocolinternals11.13.0-2 ii libboost-program-options1.55.0 1.55.0+dfsg-3 ii libc6 2.19-15 ii libgcc1 1:4.9.2-10 ii libqt4-dbus 4:4.8.6+git64-g5dc8b2b+dfsg-3 ii libqt4-network 4:4.8.6+git64-g5dc8b2b+dfsg-3 ii libqt4-sql 4:4.8.6+git64-g5dc8b2b+dfsg-3 ii libqt4-xml 4:4.8.6+git64-g5dc8b2b+dfsg-3 ii libqtcore4 4:4.8.6+git64-g5dc8b2b+dfsg-3 ii libqtgui4 4:4.8.6+git64-g5dc8b2b+dfsg-3 ii libstdc++6 4.9.2-10 akonadi-server recommends no packages. Versions of packages akonadi-server suggests: pn akonadi-backend-mysql none ii akonadi-backend-postgresql 1.13.0-2 pn akonadi-backend-sqlite none -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781167: claws-mail-pgpinline: pgpinline encrypts an e-mail, then cannot decrypt the same e-mail in it's own Sent folder
Package: claws-mail-pgpinline Version: 3.11.1-3 Severity: normal For e-mail in Sent folder, claws reports Couldn't decrypt: Decryption failed. If I save the encrypted attachment and then do a gpg --decrypt filename then gpg reports gpg: decryption failed: secret key not available No feedback yet from recipient as to whether he was able to decrypt. -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (800, 'testing'), (700, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages claws-mail-pgpinline depends on: ii claws-mail 3.11.1-3 ii claws-mail-pgpmime [claws-mail-pgpcore] 3.11.1-3 ii libarchive13 3.1.2-11 ii libassuan0 2.1.2-2 ii libatk1.0-0 2.14.0-1 ii libc62.19-15 ii libcairo21.14.0-2.1 ii libdb5.3 5.3.28-9 ii libetpan17 1.5-2 ii libfontconfig1 2.11.0-6.3 ii libfreetype6 2.5.2-3 ii libgdk-pixbuf2.0-0 2.31.1-2+b1 ii libglib2.0-0 2.42.1-1 ii libgnutls-deb0-283.3.8-6 ii libgpg-error01.17-3 ii libgpgme11 1.5.1-6 ii libgtk2.0-0 2.24.25-3 ii liblockfile1 1.09-6 ii libpango-1.0-0 1.36.8-3 ii libpangocairo-1.0-0 1.36.8-3 ii libpangoft2-1.0-01.36.8-3 ii libsasl2-2 2.1.26.dfsg1-13 ii zlib1g 1:1.2.8.dfsg-2+b1 claws-mail-pgpinline recommends no packages. claws-mail-pgpinline suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781169: Checkinstall fails to add files to dpkg conffiles
Package: checkinstall Version: 1.6.2-4 Severity: normal Tags: patch Dear Maintainer, checkinstall 1.6.2-4 does not tag conffiles of packages it creates as such. Therefore, files of a created package in /etc will be deleted when the package is removed. This has already been reported for Ubuntu: https://bugs.launchpad.net/ubuntu/+source/checkinstall/+bug/1304760 A patch is attached to fix this problem. -- System Information: Debian Release: 7.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages checkinstall depends on: ii dpkg-dev 1.16.15 ii file 5.11-2+deb7u3 ii libc6 2.13-38+deb7u1 Versions of packages checkinstall recommends: ii make 3.81-8.2 Versions of packages checkinstall suggests: pn gettext none -- no debconf information checkinstall.patch Description: Binary data
Bug#781151: boot often stalls with two A start job is running messages: binfmt and schroot sessions
Am 25.03.2015 um 16:55 schrieb Thibaut Paumard: Le 25/03/2015 14:52, Michael Biebl a écrit : If your system hang during boot, please switch to tty9, then save the output of ps aux systemctl list-jobs systemd-cgls Thanks Michael, the output of each command is attached in the corresponding file. Looks like a some kind of bug in schroot to me, which causes a dead lock. I assume, if you disable the schroot.service (update-rc.d disable schroot), the problem is gone? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#774660: [Alexander Cherepanov chere...@mccme.ru] Bug#774660: Directory traversal through symlinks
Unfortunately no reply at all :-/ -- Adnène Le 25/03/2015 15:12, Moritz Muehlenhoff a écrit : On Thu, Feb 19, 2015 at 11:08:43PM +0100, Mohammed Adnène Trojette wrote: tags 774660 + upstream forwarded thanks Hi! The bug mentioned below was reported to Debian. Did you receive a reply from upstream? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#533233: relates to bug 764084
This bug relates to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764084 I like the simple solution proposed in message #26 ( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=533233#26) where the metric for RFC3927 subnet is raised above the wireless connexions' default metric (1024). However, a definitive solution would be that avahi-autoipd doesn't assign a RFC3927 address when no cable is connected to the ethernet interface. Maybe the ifupdown-extra could help here? See also bug 764084 for more on this RFC3927 problem. Cyrille
Bug#780841: Please approve `unshare -r` fix for Jessie
FYI, I've filed an unblock request for this fix: http://bugs.debian.org/781163 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781168: Workarounds for Google being evil with .ics feeds
On Wed, Mar 25, 2015 at 04:24:40PM +0100, Enrico Zini wrote: I am now working on a smart diff between ical files that should be able to tell when two .ics files mangled that way are still actually the same. I'll try to keep you posted. Done! I'm attaching the script that I'm using at the moment. Enrico -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini enr...@enricozini.org #!/usr/bin/python3 # # Copyright © 2015 Enrico Zini enr...@enricozini.org # This work is free. You can redistribute it and/or modify it under the # terms of the Do What The Fuck You Want To Public License, Version 2, # as published by Sam Hocevar. See http://www.wtfpl.net/ for more details. # # Work around Google being evil in ical feeds. # # This is the list of what I have observed Gmail doing to an ical feed to make # it hard to sync with its contents efficiently: # # - HTTP Date header is always now # - If-Modified-Since is not supported # - DTSTAMP of each element is always now # - VTIMEZONE entries appear in random order # - ORGANIZER CN entries randomly change between full name and plus.google.com #user ID # - ATTENDEE entries randomly change between having a CN or not having it # - TRIGGER entries change spontaneously # - CREATED entries change spontaneously import requests import tempfile import os import re import argparse import time class atomic_writer(object): Atomically write to a file def __init__(self, fname, mode, osmode=0o644, sync=True, **kw): self.fname = fname self.osmode = osmode self.sync = sync dirname = os.path.dirname(self.fname) self.fd, self.abspath = tempfile.mkstemp(dir=dirname, text=b not in mode) self.outfd = open(self.fd, mode, closefd=True, **kw) def __enter__(self): return self.outfd def __exit__(self, exc_type, exc_val, exc_tb): if exc_type is None: self.outfd.flush() if self.sync: os.fdatasync(self.fd) os.fchmod(self.fd, self.osmode) os.rename(self.abspath, self.fname) else: os.unlink(self.abspath) self.outfd.close() return False class Field: def __init__(self, content): # Field name and value self.name, self.value = content.split(:, 1) def __str__(self): Reserialize the field. return {}:{}\n.format(self.name, self.value) def parse_ical(fd): Parse an ical feed in a sequence of Field elements. lines = [] for line in fd: if line[0] != : # Field start if lines: yield Field(.join(lines)) lines = [line] else: # Continuation line if not lines: raise RuntimeError(feed starts with a continuation line) lines.append(line[1:]) if lines: yield Field(.join(lines)) def drop_vtimezones(feed): Skip VTIMEZONE fields in_vtimezone = False for field in feed: if field.value == VTIMEZONE: if field.name == BEGIN: in_vtimezone = True continue elif field.name == END: in_vtimezone = False continue if in_vtimezone: continue yield field re_nondet = re.compile(r^(?:DTSTAMP|ORGANIZER|ATTENDEE|TRIGGER|CREATED)) def remove_nondeterminism(content): Return the string content without all the DTSTAMP lines res = [] for field in drop_vtimezones(parse_ical(content.splitlines())): if re_nondet.match(field.name): continue res.append(str(field)) return .join(res) def download(url, target): Download a new version of an ical feed, without touching the existing file if it has not changed. res = requests.get(url) if os.path.exists(target): with open(target, rt) as fd: old_content = fd.read() if remove_nondeterminism(res.text) == remove_nondeterminism(old_content): # Update not needed return False #else: # Uncomment for debugging #with open(old, wt) as out: #out.write(remove_nondeterminism(old_content)) #with open(new, wt) as out: #out.write(remove_nondeterminism(res.text)) with atomic_writer(target, wt) as fd: # Update needed fd.write(res.text) return True if __name__ == __main__: parser = argparse.ArgumentParser( description=Download a gmail ics feed, leaving the destination untouched if it has not changed) parser.add_argument('url', help=url to download) parser.add_argument('dest', help=destination file name) parser.add_argument('--log', action=store, help=log actual updates to this file) args = parser.parse_args() if download(args.url, args.dest): if args.log: with open(args.log, at) as fd: print({}: updated
Bug#781151: boot often stalls with two A start job is running messages: binfmt and schroot sessions
Le 25/03/2015 14:52, Michael Biebl a écrit : If your system hang during boot, please switch to tty9, then save the output of ps aux systemctl list-jobs systemd-cgls Thanks Michael, the output of each command is attached in the corresponding file. Kind regards, Thibaut. USER PID %CPU %MEMVSZ RSS TTY STAT START TIME COMMAND root 1 5.8 0.0 30840 6588 ?Ss 16:01 0:11 /sbin/init root 2 0.0 0.0 0 0 ?S16:01 0:00 [kthreadd] root 3 1.2 0.0 0 0 ?S16:01 0:02 [ksoftirqd/0] root 4 0.0 0.0 0 0 ?S16:01 0:00 [kworker/0:0] root 5 0.0 0.0 0 0 ?S 16:01 0:00 [kworker/0:0H] root 6 0.1 0.0 0 0 ?S16:01 0:00 [kworker/u16:0] root 7 0.2 0.0 0 0 ?S16:01 0:00 [rcu_sched] root 8 0.0 0.0 0 0 ?S16:01 0:00 [rcu_bh] root 9 0.0 0.0 0 0 ?S16:01 0:00 [migration/0] root10 0.0 0.0 0 0 ?S16:01 0:00 [watchdog/0] root11 0.2 0.0 0 0 ?S16:01 0:00 [watchdog/1] root12 0.0 0.0 0 0 ?S16:01 0:00 [migration/1] root13 0.0 0.0 0 0 ?S16:01 0:00 [ksoftirqd/1] root14 0.0 0.0 0 0 ?S16:01 0:00 [kworker/1:0] root15 0.0 0.0 0 0 ?S 16:01 0:00 [kworker/1:0H] root16 0.0 0.0 0 0 ?S16:01 0:00 [watchdog/2] root17 0.0 0.0 0 0 ?S16:01 0:00 [migration/2] root18 0.0 0.0 0 0 ?S16:01 0:00 [ksoftirqd/2] root19 0.0 0.0 0 0 ?S16:01 0:00 [kworker/2:0] root20 0.0 0.0 0 0 ?S 16:01 0:00 [kworker/2:0H] root21 0.0 0.0 0 0 ?S16:01 0:00 [watchdog/3] root22 0.0 0.0 0 0 ?S16:01 0:00 [migration/3] root23 0.2 0.0 0 0 ?S16:01 0:00 [ksoftirqd/3] root24 0.0 0.0 0 0 ?S16:01 0:00 [kworker/3:0] root25 0.0 0.0 0 0 ?S 16:01 0:00 [kworker/3:0H] root26 0.0 0.0 0 0 ?S16:01 0:00 [watchdog/4] root27 0.0 0.0 0 0 ?S16:01 0:00 [migration/4] root28 0.1 0.0 0 0 ?S16:01 0:00 [ksoftirqd/4] root29 0.0 0.0 0 0 ?S16:01 0:00 [kworker/4:0] root30 0.0 0.0 0 0 ?S 16:01 0:00 [kworker/4:0H] root31 0.0 0.0 0 0 ?S16:01 0:00 [watchdog/5] root32 0.0 0.0 0 0 ?S16:01 0:00 [migration/5] root33 0.0 0.0 0 0 ?S16:01 0:00 [ksoftirqd/5] root34 0.0 0.0 0 0 ?S16:01 0:00 [kworker/5:0] root35 0.0 0.0 0 0 ?S 16:01 0:00 [kworker/5:0H] root36 0.0 0.0 0 0 ?S16:01 0:00 [watchdog/6] root37 0.0 0.0 0 0 ?S16:01 0:00 [migration/6] root38 0.0 0.0 0 0 ?S16:01 0:00 [ksoftirqd/6] root39 0.0 0.0 0 0 ?S16:01 0:00 [kworker/6:0] root40 0.0 0.0 0 0 ?S 16:01 0:00 [kworker/6:0H] root41 0.0 0.0 0 0 ?S16:01 0:00 [watchdog/7] root42 0.0 0.0 0 0 ?S16:01 0:00 [migration/7] root43 0.2 0.0 0 0 ?S16:01 0:00 [ksoftirqd/7] root44 0.0 0.0 0 0 ?S16:01 0:00 [kworker/7:0] root45 0.0 0.0 0 0 ?S 16:01 0:00 [kworker/7:0H] root46 0.0 0.0 0 0 ?S 16:01 0:00 [khelper] root47 0.0 0.0 0 0 ?S16:01 0:00 [kdevtmpfs] root48 0.0 0.0 0 0 ?S 16:01 0:00 [netns] root49 0.0 0.0 0 0 ?S16:01 0:00 [khungtaskd] root50 0.0 0.0 0 0 ?S 16:01 0:00 [writeback] root51 0.0 0.0 0 0 ?SN 16:01 0:00 [ksmd] root52 0.0 0.0 0 0 ?SN 16:01 0:00 [khugepaged] root53 0.0 0.0 0 0 ?S 16:01 0:00 [crypto] root54 0.0 0.0 0 0 ?S 16:01 0:00 [kintegrityd] root55 0.0 0.0 0 0 ?S 16:01 0:00 [bioset] root56 0.0 0.0 0 0 ?S 16:01 0:00 [kblockd] root57 0.0 0.0 0 0 ?S16:01 0:00 [kworker/7:1] root58 0.0 0.0 0 0 ?S16:01 0:00 [kworker/6:1] root59 0.0 0.0 0 0 ?S16:01 0:00 [kworker/5:1] root60 0.0 0.0 0 0 ?
Bug#781162: [Pkg-openldap-devel] Bug#781162: slapd segfaults on pass-through SASL authentication
Control: severity -1 normal Control: found -1 2.4.40-4 Control: retitle -1 slapd: crash with SASL auxprop pwcheck_method and empty suffix On Wed, Mar 25, 2015 at 05:13:52PM +0100, Simon Bin wrote: thanks for the quick response. Indeed it was a configuration mistake (pwcheck_method not set in the right file). The crash was a bit further misleading me... Everything is working fine now with the proper config. OK, thanks for confirming. Meanwhile I reproduced the crash in jessie as well. It seems to require that the database suffix be empty, though, which I think is an unusual configuration. Is that actually the case in your setup? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#779318: Update for SSH Tests
I just installed the latest update to Lynis 2.0 on my Sid workstation. When I installed the package, your note was present by apt-listchanges. Thanks for highlighting my submission. However, one point in your note jumped out to my attention and that was the idea that updates to the tests should be included in the Debian plugin whenever possible. And that makes a lot of sense for these tests, especially the DebianBanner test. Therefore, if you will hold off on testing these tests, I will work to move them into the Debian plugin and hopefully submit the updates before another update to Lynis is in the works. With any luck, I will have these ready for resubmission in a day or two but no promises. Wish me luck! -- Dave VehrsEmail: dve...@gmail.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781173: ITP: crmsh -- Command-line interface for High-Availability cluster management on GNU/Linux systems
Package: wnpp Severity: wishlist Owner: Richard B Winters r...@mmogp.com * Package name: crmsh Version : 2.2.0~rc2+git.115.g0e24f25 Upstream Author : Dejan Muhamedagic de...@suse.de, Kristoffer Gronlund kgronl...@suse.com * URL : https://github.com/ClusterLabs/crmsh * License : GPL-2+ Programming Lang: Python Description : CLI for HA cluster management Command-line interface for High-Availability cluster management on GNU/Linux systems crmsh is one of several command-line interfaces for managing the pacemaker/corosync High-Availability cluster stack. It was at one time bundled with cman, but as cman is no longer used or supported in the modern stack; crmsh needs its own package. RHEL only used cman until corosync was able to handle quorum on its own. In Debian, crmsh is bundled with cman. Both are considered out-of-date. I've authored changes upstream, and plan to keep in close contact with the upstream team. I intend to maintain this package via sponsorship - unless debian-ha would like to sponsor the package and allow me to join the team. If debian-ha is inactive, though, I'd like to get it going again. It will be uploaded to mentors.debian.org if nothing else, and awaiting sponsorship. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781174: thunar: unable to mount password protected shares (jessie)
Package: thunar Version: 1.6.3-2 Severity: normal Dear Maintainer, I have some password protected shares in my /etc/fstab that are mounted by unprivileged users, e. g. //192.168.1.2/Data /media/Data cifs vers=3.0,users,username=user,noauto,file_mode=0640,dir_mode=0750 0 0 When mounting the share with the 'mount' command a password is prompted as intended. However, mounting the share with thunar fails: On the first access thunar tries to mount the share and a graphical password prompt *should* appear. Instead an error message is shown: Failed to create password file: Permission denied After some investigation I found out that the ask-password functionality from systemd is used. Therefore a file has to be created in /run/systemd/ask-password and password agents watching the directory might prompt for the password. See [1] for reference. Creating the password file fails, as /run/systemd/ask-password is only writable by root. As this functionality is intended to be used for system-level passwords only, I guess it shouldn't be world writable. To mount the volume, thunar seems to rely on libglib2 (Thunar calls g_volume_mount). See [2], [3] for the source code. I don't really understand how that code works and why systemd ask-password is used - I didn't manage to find the corresponding code. Im not sure if this bug can be fixed in thunar or if either systemd or glib2 are to blame, but I hope you can help to track down the root cause. Probably systemd shouldn't be used at all for mounting shares in thunar. To reproduce this bug you don't need an actual share - you can add a fake entry to your fstab. Janis [1] http://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/ [2] http://git.xfce.org/xfce/thunar/tree/thunar/thunar-device.c?h=thunar-1.6.3 [3] https://git.gnome.org/browse/glib/tree/gio/gvolume.c?h=glib-2-42 -- System Information: Debian Release: 8.0 APT prefers testing-updates APT policy: (990, 'testing-updates'), (990, 'testing'), (50, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4+custom-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages thunar depends on: ii desktop-file-utils 0.22-1 ii exo-utils 0.10.2-4 ii libatk1.0-0 2.14.0-1 ii libc6 2.19-15 ii libcairo2 1.14.0-2.1 ii libdbus-1-3 1.8.16-1 ii libdbus-glib-1-20.102-1 ii libexo-1-0 0.10.2-4 ii libgdk-pixbuf2.0-0 2.31.1-2+b1 ii libglib2.0-02.42.1-1 ii libgtk2.0-0 2.24.25-3 ii libgudev-1.0-0 215-12 ii libice6 2:1.0.9-1+b1 ii libnotify4 0.7.6-2 ii libpango-1.0-0 1.36.8-3 ii libsm6 2:1.2.2-1+b1 ii libthunarx-2-0 1.6.3-2 ii libxfce4ui-1-0 4.10.0-6 ii libxfce4util6 4.10.1-2 ii libxfconf-0-2 4.10.0-3 ii shared-mime-info1.3-1 ii thunar-data 1.6.3-2 Versions of packages thunar recommends: ii dbus-x11 1.8.16-1 ii gvfs 1.22.2-1 ii libfontconfig1 2.11.0-6.3 ii libfreetype6 2.5.2-3 ii libpangocairo-1.0-0 1.36.8-3 ii libpangoft2-1.0-01.36.8-3 ii thunar-volman0.8.0-4 ii tumbler 0.1.30-1+b1 ii xdg-user-dirs0.15-2 ii xfce4-panel 4.10.1-1 Versions of packages thunar suggests: ii thunar-archive-plugin 0.3.1-3 ii thunar-media-tags-plugin 0.2.1-1 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#771433: RFS: xastir/2.06-1
Hi John, You previously commented on my RFS for Xastir in January. The lintian issues regarding hardening have been resolved. There are now no lintian errors or warnings on the package. Thanks, Iain. -- e: i...@fsfe.orgw: iain.learmonth.me x: i...@jabber.fsfe.org t: EPVPN 2105 c: 2M0STB g: IO87we p: 1F72 607C 5FF2 CCD5 3F01 600D 56FF 9EA4 E984 6C49 pgphHqrvpILxY.pgp Description: PGP signature
Bug#779612: [pkg-cryptsetup-devel] Bug#779612: systemd-sysv,cryptsetup: systemd-sysv, cryptsetup should recommend plymouth; without plymouth cryptsetup prompts are unusable
Am 25.03.2015 um 17:40 schrieb Gordon Morehouse: On 03/25/2015 09:29 AM, Jonas Meurer wrote: [snip] Seems like there's some more discussion needed in order to fix the reported bug: a) do we want cryptsetup to recommend plymouth? this way at least for manual installation of cryptsetup, plymouth would be pulled in, fixing destroyed nasty boot-password-prompts introduced that were introduced by the switch to systemd. b) do we want plymouth to be installed per default on new installs? to my knowledge it's not _required_ for systemd to work, but as soon as an initscript with user interaction is invoked, apparently plymouth is required. This *is* an argument for installing plymouth by default. c) do we want any of the above to be fixed/changed in time for jessie? I'm Just A User(tm) but I really think this should be fixed in time for jessie, because it looks really, really terrible. Yes, there's a fix - if you can get your system booted, which takes me on average 3-5 tries with only two interactive password prompts. If I were a sysadmin and ran into this after installing jessie, I'd think strongly about uninstalling it and going with something else. It can't even boot right?! is the first question that came to mind after my first install of jessie - really unacceptable UX for a release soon to be marked stable and a distribution which people have relied upon for stability for well over a decade, including myself. I'll drop it after this, but I urge release maintainers to take the above into consideration and fix this in time for jessie. Thanks for all your hard work. New installation, when choosing the LVM+cryptsetup setup, will have a single cryptsetup prompt, which is run in the initramfs. So new installations are not affected, i.e, this only affects custom setups. As for upgrades, we do document this issue in the release notes [1], and when upgrading, you'll still have sysvinit around as fallback (which can be chosen from grub from the extended menu). So your system is hardly unbootable. As for adding plymouth to recommends: No matter if we add that to systemd to cryptsetup, it doesn't really solve the problem, as you'll need to add splash to the kernel command line. [1] https://www.debian.org/releases/testing/amd64/release-notes/ch-information.de.html#plymouth-required-for-boot-prompts -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#772272: systemd: Journalctl fail to print logs from user session
Package: systemd Version: 215-12 Followup-For: Bug #772272 I am also experiencing this issue. I have multiple services running as systemd user services, and I don't have access to the logs of any of them: music@rippy:~ 1$ systemctl --user status mopidy ● mopidy.service - Mopidy Music Server Loaded: loaded (/home/music/.config/systemd/user/mopidy.service; enabled) Active: active (running) since Tue 2015-03-24 22:22:54 PDT; 11h ago Main PID: 910 (mopidy) CGroup: /user.slice/user-1001.slice/user@1001.service/mopidy.service └─910 /usr/bin/python /usr/bin/mopidy music@rippy:~ 0$ journalctl --user No journal files were found. music@rippy:~ 1$ journalctl --user-unit=mopidy.service No journal files were found. music@rippy:~ 1$ This user is not in the systemd-journal group. However, the journalctl man page declares that this should not be necessary (from journalctl(1)): All users are granted access to their private per-user journals. However, by default, only root and users who are members of the systemd-journal group get access to the system journal and the journals of other users. Thanks. jamie. -- Package-specific info: -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (600, 'testing'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages systemd depends on: ii acl 2.2.52-2 ii adduser 3.113+nmu3 ii initscripts 2.88dsf-58 ii libacl1 2.2.52-2 ii libaudit1 1:2.4-1+b1 ii libblkid1 2.25.2-5 ii libc6 2.19-15 ii libcap2 1:2.24-7 ii libcap2-bin 1:2.24-7 ii libcryptsetup4 2:1.6.6-5 ii libgcrypt20 1.6.2-4+b1 ii libkmod218-3 ii liblzma55.1.1alpha+20120614-2+b3 ii libpam0g1.1.8-3.1 ii libselinux1 2.3-2 ii libsystemd0 215-12 ii mount 2.25.2-5 ii sysv-rc 2.88dsf-58 ii udev215-12 ii util-linux 2.25.2-5 Versions of packages systemd recommends: ii dbus1.9.8-1 ii libpam-systemd 215-12 Versions of packages systemd suggests: ii systemd-ui 3-2 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#706522: pcs - Pacemaker/Corosync configuration system
On Fri, 19 Dec 2014 11:23:24 -0800 Jeff Welling jeff.well...@hootsuite.com wrote: Bump - Any progress on this? Or alternatives? @Jeff @Madkiss @Everyone else I've submitted an ITP for crmsh (an alternative to pcs). This was do-able because a package specific for crmsh doesn't exist for Debian yet, as it's bundled with the old version of cman sitting in stable. However, I also intend to package pcs/pcsd, corosync, and pacemaker as well. I'm not sure what's going on with debian-ha - they should have been the ones to sponsor this package to begin with and to have helped maintain it. Upstream states madkiss is the only developer they've seen active in a very long time. The problem the other packages, is that while those packages exist (corosync, pcs, pacemaker), I need the maintainers to either sponsor my contributions or allow me to join the team as a maintainer. I don't NEED to make new packages, but we do need to clean things up and get everything up to date. I've poked debian-ha asking to join the team, and I've let it be known to the devel mailing list that I want to get debian-ha going again if its inactive. I've been in contact with clusterlabs and feist (feist is the author of pcs/pcsd). I've authored upstream changes and contributed to both crmsh and pcs/pcsd. The current stack available in Debian needs updating, as the stack has changed significantly over the years. How we bundle the software can even be drastically changed so its much simpler, I'm hoping to get everything rolling again - or at least help if debian-ha isn't in fact inactive. As far as that alternative is concerned...crmsh would be it - though you'd need an updated pacemaker and corosync as well, due to the drastic API changes. The same would go for pcs/pcsd as well. @Madkiss The last dev post on this was in 2013: Please let me know if I can help with pcs/pcsd (maintain, adopt, anything really). Thanks :) -- Rik signature.asc Description: This is a digitally signed message part
Bug#781151: boot often stalls with two A start job is running messages: binfmt and schroot sessions
Le 25/03/2015 17:22, Michael Biebl a écrit : Am 25.03.2015 um 17:10 schrieb Michael Biebl: Am 25.03.2015 um 16:55 schrieb Thibaut Paumard: Le 25/03/2015 14:52, Michael Biebl a écrit : If your system hang during boot, please switch to tty9, then save the output of ps aux systemctl list-jobs systemd-cgls Thanks Michael, the output of each command is attached in the corresponding file. Looks like a some kind of bug in schroot to me, which causes a dead lock. I assume, if you disable the schroot.service (update-rc.d disable schroot), the problem is gone? https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677811 looks related, although this bug is marked as fixed. You could try disabling the /etc/schroot/setup.d/15binfmt hook script, to narrow down the problem. Dear Michael, Thanks, indeed it does look like a race condition between this script and systemd support for binfmt. I guess the schroot service should somehow depend on binfmt support to have terminated. It is not so easy for me to check though, because the boot process tends to run smoothly when I reboot several times in a row. Any solution will take several days at least to be confirmed. I rebooted several times with no problem after disabling schroot, but then again with no problem after re-enabling it. Kind regards, Thibaut. -- signature.asc Description: OpenPGP digital signature
Bug#774171: unrar: symlink directory traversal
On 23.03.2015 23:15, Felix Geyer wrote: It looks like upstream attempted to fix / work around the issue. From the WinRAR Version 5.21 changelog: 4. Now by default WinRAR skips symbolic links with absolute paths in link target when extracting. You can enable creating such links with Allow absolute paths in symbolic links option on Advanced page of extraction dialog or with -ola command line switch. Such links pointing to folders outside of extraction destination folder can present a security risk. Enable their extraction only if you are sure that archive contents is safe, such as your own backup. The -ola switch and related changes are part of 5.2.5 but I can still reproduce the problem with this version. I've notified upstream about the incomplete fix. Attached are patches for 5.0.10 and 5.2.5. Review would be appreciated. Cheers, Felix --- unrar-nonfree-5.0.10.orig/extinfo.cpp +++ unrar-nonfree-5.0.10/extinfo.cpp @@ -60,6 +60,37 @@ void SetExtraInfo(CommandData *Cmd,Archi +bool IsRelativeSymlinkSafe(const wchar *SrcName,const wchar *TargetName) +{ + if (IsFullRootPath(SrcName)) +return false; + int AllowedDepth=0; + while (*SrcName!=0) + { +if (IsPathDiv(SrcName[0]) SrcName[1]!=0 !IsPathDiv(SrcName[1])) +{ + bool Dot=SrcName[1]=='.' (IsPathDiv(SrcName[2]) || SrcName[2]==0); + bool Dot2=SrcName[1]=='.' SrcName[2]=='.' (IsPathDiv(SrcName[3]) || SrcName[3]==0); + if (!Dot !Dot2) +AllowedDepth++; +} +SrcName++; + } + if (IsFullRootPath(TargetName)) // Catch root dir based /path/file paths. +return false; + for (int Pos=0;*TargetName!=0;Pos++) + { +bool Dot2=TargetName[0]=='.' TargetName[1]=='.' + (IsPathDiv(TargetName[2]) || TargetName[2]==0) + (Pos==0 || IsPathDiv(*(TargetName-1))); +if (Dot2) + AllowedDepth--; +TargetName++; + } + return AllowedDepth=0; +} + + bool ExtractSymlink(CommandData *Cmd,ComprDataIO DataIO,Archive Arc,const wchar *LinkName) { #if defined(SAVE_LINKS) defined(_UNIX) --- unrar-nonfree-5.0.10.orig/extinfo.hpp +++ unrar-nonfree-5.0.10/extinfo.hpp @@ -1,6 +1,7 @@ #ifndef _RAR_EXTINFO_ #define _RAR_EXTINFO_ +bool IsRelativeSymlinkSafe(const wchar *SrcName,const wchar *TargetName); bool ExtractSymlink(CommandData *Cmd,ComprDataIO DataIO,Archive Arc,const wchar *LinkName); #ifdef _UNIX void SetUnixOwner(Archive Arc,const wchar *FileName); --- unrar-nonfree-5.0.10.orig/pathfn.cpp +++ unrar-nonfree-5.0.10/pathfn.cpp @@ -593,6 +593,12 @@ bool IsFullPath(const wchar *Path) } +bool IsFullRootPath(const wchar *Path) +{ + return IsFullPath(Path) || IsPathDiv(Path[0]); +} + + bool IsDiskLetter(const wchar *Path) { wchar Letter=etoupperw(Path[0]); --- unrar-nonfree-5.0.10.orig/pathfn.hpp +++ unrar-nonfree-5.0.10/pathfn.hpp @@ -31,6 +31,7 @@ wchar* UnixSlashToDos(wchar *SrcName,wch wchar* DosSlashToUnix(wchar *SrcName,wchar *DestName=NULL,size_t MaxLength=NM); void ConvertNameToFull(const wchar *Src,wchar *Dest,size_t MaxSize); bool IsFullPath(const wchar *Path); +bool IsFullRootPath(const wchar *Path); bool IsDiskLetter(const wchar *Path); void GetPathRoot(const wchar *Path,wchar *Root,size_t MaxSize); int ParseVersionFileName(wchar *Name,bool Truncate); --- unrar-nonfree-5.0.10.orig/ulinks.cpp +++ unrar-nonfree-5.0.10/ulinks.cpp @@ -24,6 +24,12 @@ static bool UnixSymlink(const char *Targ } +static bool IsFullPath(const char *PathA) // Unix ASCII version. +{ + return *PathA==CPATHDIVIDER; +} + + bool ExtractUnixLink30(ComprDataIO DataIO,Archive Arc,const wchar *LinkName) { char Target[NM]; @@ -42,6 +48,9 @@ bool ExtractUnixLink30(ComprDataIO Data if (!DataIO.UnpHash.Cmp(Arc.FileHead.FileHash,Arc.FileHead.UseHashKey ? Arc.FileHead.HashKey:NULL)) return true; +if (IsFullPath(Target) || !IsRelativeSymlinkSafe(Arc.FileHead.FileName,Arc.FileHead.RedirName)) + return false; + return UnixSymlink(Target,LinkName); } return false; @@ -55,10 +64,14 @@ bool ExtractUnixLink50(const wchar *Name if (hd-RedirType==FSREDIR_WINSYMLINK || hd-RedirType==FSREDIR_JUNCTION) { // Cannot create Windows absolute path symlinks in Unix. Only relative path -// Windows symlinks can be created here. -if (strncmp(Target,\\??\\,4)==0) +// Windows symlinks can be created here. RAR 5.0 used \??\ prefix +// for Windows absolute symlinks, since RAR 5.1 /??/ is used. +// We escape ? as \? to avoid trigraph warning +if (strncmp(Target,\\??\\,4)==0 || strncmp(Target,/\?\?/,4)==0) return false; DosSlashToUnix(Target,Target,ASIZE(Target)); } + if (IsFullPath(Target) || !IsRelativeSymlinkSafe(hd-FileName,hd-RedirName)) +return false; return UnixSymlink(Target,Name); } --- unrar-nonfree-5.2.5.orig/ulinks.cpp +++ unrar-nonfree-5.2.5/ulinks.cpp @@ -56,6 +56,7 @@ bool ExtractUnixLink30(CommandData *Cmd, if (!Cmd-AbsoluteLinks
Bug#779612: [pkg-cryptsetup-devel] Bug#779612: systemd-sysv,cryptsetup: systemd-sysv, cryptsetup should recommend plymouth; without plymouth cryptsetup prompts are unusable
Am 25.03.2015 um 18:04 schrieb Michael Biebl: New installation, when choosing the LVM+cryptsetup setup, will have a single cryptsetup prompt, which is run in the initramfs. So new installations are not affected, i.e, this only affects custom setups. As for upgrades, we do document this issue in the release notes [1], and when upgrading, you'll still have sysvinit around as fallback (which can be chosen from grub from the extended menu). So your system is hardly unbootable. As for adding plymouth to recommends: No matter if we add that to systemd to cryptsetup, it doesn't really solve the problem, as you'll need to add splash to the kernel command line. Gordon, can you try systemd v219 from experimental? It has some tricks to suppress output from other jobs while a password prompt is running. I dunno how well that works, though so having someone with such a setup test this would be appreciated. If v219 works reasonably well (without plymouth), we might consider backporting those patches (depending on how invasive they are). Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#781172: base: Stock Debian Jessie - can't boot off degraded raid1?
Package: base Severity: important Dear Maintainer, Install a Wheezy VM using debian-7.8.0-amd64-netinst.iso create a raid1 mirror in the drive setup mount / on /dev/md0 and install base system to it login grub-install /dev/vdb poweroff disable either drive /dev/vda or /dev/vdb (give VM access to only 1 drive) computer boots # cat /proc/mdstat Personalities : [raid1] md0 : active raid1 vda1[1] 8382400 blocks super 1.2 [2/1] [_U] Sweet. Install a Jessie VM using debian-jessie-DI-rc1-amd64-netinst.iso create a raid1 mirror in the drive setup mount / on /dev/md0 and install base system to it login grub-install /dev/vdb poweroff disable either drive /dev/vda or /dev/vdb (give VM access to only 1 drive) ALERT! /dev/disk/by-uuid/ does not exist. Dropping to a shell! (where is the uuid of /dev/md0) # cat /proc/mdstat Personalities : md0 : inactive vda1[0](S) 8382464 blocks super 1.2 Both refer to md0 by UUID in fstab. When I remove the quiet from the kernel boot args, this is the last line I see repeated over and over again until finally I get the error I described above: running /scripts/local-block I'm admitedly not a raid expert, but this seems to be really missing the point. Part of the reason I want a raid1 is so it can survive this type of scenario. I googled around and surprisingly came up with very few leads. I found a Ubuntu wiki (https://help.ubuntu.com/community/Installation/SoftwareRAID#Boot_from_Degraded_Disk) that discussed how to force it to boot a degraded raid but seemed to do nothing here on debian. I found a kernel boot arg that promised to do the same (http://serverfault.com/questions/196445/boot-debian-while-raid-array-is-degraded), but it didn't work either. What am I missing here? Shouldn't this work by default? I think a lot of people will get caught off guard by this thinking their startup drive is mirrored but the server won't boot without some manual intervention? Actually, I was not able to get it to boot at all. -- System Information: Debian Release: 7.8 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-0.bpo.4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#772272: systemd: Journalctl fail to print logs from user session
Am 25.03.2015 um 17:54 schrieb Jameson Graef Rollins: Package: systemd Version: 215-12 Followup-For: Bug #772272 I am also experiencing this issue. I have multiple services running as systemd user services, and I don't have access to the logs of any of them: music@rippy:~ 1$ systemctl --user status mopidy ● mopidy.service - Mopidy Music Server Loaded: loaded (/home/music/.config/systemd/user/mopidy.service; enabled) Active: active (running) since Tue 2015-03-24 22:22:54 PDT; 11h ago Main PID: 910 (mopidy) CGroup: /user.slice/user-1001.slice/user@1001.service/mopidy.service └─910 /usr/bin/python /usr/bin/mopidy music@rippy:~ 0$ journalctl --user No journal files were found. music@rippy:~ 1$ journalctl --user-unit=mopidy.service No journal files were found. music@rippy:~ 1$ This user is not in the systemd-journal group. However, the journalctl man page declares that this should not be necessary (from journalctl(1)): All users are granted access to their private per-user journals. However, by default, only root and users who are members of the systemd-journal group get access to the system journal and the journals of other users. This requires persistent journal with v215 from jessie/sid (see /usr/share/doc/systemd/README.Debian). With v219 from experimental, we do also apply the ACLs to the journal files in /run/journal. Can you test if either of these two works for you? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#781175: packagekit: when purging packagekit it leaves some files in /etc/Packagekit behind.
Source: packagekit Version: 1.0.1-2 Severity: normal Dear Maintainer, I was purging packagekit and it still left some things. See Removing packagekit (1.0.1-2) ... D01: ensure_diversions: same, skipping D01: removal_bulk package packagekit:amd64 D01: ensure_diversions: same, skipping D01: removal_bulk cleaning info directory D01: removal_bulk purging? foundpostrm=1 Purging configuration files for packagekit (1.0.1-2) ... D01: ensure_diversions: same, skipping dpkg: warning: while removing packagekit, directory '/etc/PackageKit' not empty so not removed D01: removal_bulk purge done, removing list '/var/lib/dpkg/info/packagekit.list' D01: removal_bulk purge done, removing postrm '/var/lib/dpkg/info/packagekit.postrm' D01: removal done I had to manually remove the contents within /etc/Packagekit. Don't know if this is an oversight or a feature ? It would be nice if all the events and transactions are moved to apt in case packagekit is purged. -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (600, 'testing'), (500, 'testing-updates'), (1, 'experimental'), (1, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- Regards, Shirish Agarwal शिरीष अग्रवाल My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781176: byobu: fails to start when using shared NFS home
Package: byobu Version: 5.87-1 Severity: serious Justification: possible user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Byobu fails to behave well in an environment where multiple hosts share home directories through NFS. Doing the following provokes malicious behaviour: 1. Set byobu to automatically start on login 2. Login to host A and let byobu set up its environment 3. Login to host B in some way, with host B using the same home directory The expected result would be byobu running flawlessly on both hosts. The actual result is byobu wreaking havoc because it finds a running session in ~/.byobu and tries to join it. This fails at the point where it tries to get to its state in /dev/shm: /usr/lib/byobu/include/dirs:52: no matches found: /dev/shm/byobu-nik-* mkdir: cannot create directory „/cache.tmux“: Permission denied There are at least two bugs: 1. byobu should not try to join a session running on another host 2. Failure to find the /dev/shm directory should result in immediate failure, not have byobu go on with an empty variable and try to create stuff in / This bug is possibly security relevant because the intention of the script, namely separating user directories in /dev/shm, is entirely defeated. As a matter of lucky fact, / is not writable by regular users. However, this will break even more once root decides to use byobu and succeeds in creating /cache.tmux (or whatever byobu will create for other backends). Please find out whether this is exploitable in any way. - -- System Information: Debian Release: 8.0 APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 3.16.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages byobu depends on: ii debconf [debconf-2.0] 1.5.55 ii gawk 1:4.1.1+dfsg-1 ii gettext-base 0.19.3-2 ii python 2.7.8-4 ii python-newt0.52.17-1+b1 ii screen 4.2.1-3 ii tmux 1.9-6 Versions of packages byobu recommends: pn run-one none ii screen 4.2.1-3 ii tmux 1.9-6 Versions of packages byobu suggests: pn apport none pn cczenone ii lsb-release 4.1+Debian13+nmu1 ii po-debconf 1.0.16+nmu3 pn ttf-ubuntu-font-family none pn update-notifier-common none ii vim 2:7.4.488-4 pn w3m none pn wireless-tools none - -- debconf information: byobu/launch-by-default: false -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQJOBAEBCAA4BQJVEu6QMRpodHRwczovL3d3dy5kb21pbmlrLWdlb3JnZS5kZS9n cGctcG9saWN5LnR4dC5hc2MACgkQt5o8FqDE8pY5jg/+ILvnidZ4h8l1jSSC+B02 G1vIQqq41BKjNnnZBdL2hPFmmD2Nn6pK0xYrARNMDh9hKMbOC6RqXwl5+iiT3GSZ CsDbFpW5bG6KYwaBsMMSTPLh3D6XjHKkbyEmYuPDX4mO2tg066TjmjQXZwFAZfY+ 1wjbBvVnwQNku4BuI0xtNDUAh2gXiPNCY8p0kyQLg3ScofteyEZntysoPF3Q4gfA FZnLwECrz7h0hlrGgO7fAcCB4hPOag/Gv6mNcqqIzNuL+nvc9LIKkGIBEH6lCIMn x9o5M4rZmX5AuxsYS/8q8yKN0Hvl0/FOVOzJYObr+uS0m4s34QHbFJAdfJUG51ZV VScdU9VupvpJJ4yqBFdWK+4FcGZO6HuEMM0FuRaAknBBxtRRpwUZRadgl4vr9UgQ QpBLyotkiXJUR+C8Tbcp6inAHEX9eIqrdE0+IQqKTYmRGuh/V8uCiq42AbrPeJr7 dS/neqMrBYCTRRpABzXuvquBuyehWtwiv9EzS+LM1qORbLHBjE4MJr+nfk1kbQRP w00fy5VQT4bg+IqLyrAhCXIBZNzHTmDOJhHHF6SCm8fSvoCsQkuPEIK0j5VERre+ iDRFjl0DxQ7wa09X8WdQazEPv5M+FP8c6dnIYKvnWI8wp8luZtwc7OYMuMfEUm10 lbG5by1gE9RPDEiDZzwq7rA= =sd4f -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#779612: [pkg-cryptsetup-devel] Bug#779612: systemd-sysv,cryptsetup: systemd-sysv, cryptsetup should recommend plymouth; without plymouth cryptsetup prompts are unusable
On 03/25/2015 09:29 AM, Jonas Meurer wrote: [snip] Seems like there's some more discussion needed in order to fix the reported bug: a) do we want cryptsetup to recommend plymouth? this way at least for manual installation of cryptsetup, plymouth would be pulled in, fixing destroyed nasty boot-password-prompts introduced that were introduced by the switch to systemd. b) do we want plymouth to be installed per default on new installs? to my knowledge it's not _required_ for systemd to work, but as soon as an initscript with user interaction is invoked, apparently plymouth is required. This *is* an argument for installing plymouth by default. c) do we want any of the above to be fixed/changed in time for jessie? I'm Just A User(tm) but I really think this should be fixed in time for jessie, because it looks really, really terrible. Yes, there's a fix - if you can get your system booted, which takes me on average 3-5 tries with only two interactive password prompts. If I were a sysadmin and ran into this after installing jessie, I'd think strongly about uninstalling it and going with something else. It can't even boot right?! is the first question that came to mind after my first install of jessie - really unacceptable UX for a release soon to be marked stable and a distribution which people have relied upon for stability for well over a decade, including myself. I'll drop it after this, but I urge release maintainers to take the above into consideration and fix this in time for jessie. Thanks for all your hard work. Best, -Gordon M. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#779310: TODO Update for new DEB-#### numbers
With the new update to Lynis 2 and the inclusion of the Debian Plugin, this patch needs to be reworked. Rather than suppressing the URLs when is found for an issue number, it should look for an issue number that starts with DEB- and then either suppress the display of the URL or use an URL base somewhere within the Debian Wiki or other documentation. I will start on the first case (suppressing the URL) and resubmit this patch. -- Dave VehrsEmail: dve...@gmail.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781171: tiger: Aufs (docker) is not recognised as valid filesystem
Package: tiger Version: 1:3.2.3-10 Severity: normal Dear Maintainer, *** Please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these lines *** Tiger does not recognised aufs as a valid filesystem. Based on this report https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653416 Its seems adding the following line in gen_mounts fix this issue : [ $1 = aufs ] LOCAL=1 But there is three files and I don't know which one update : /usr/lib/tiger/systems/Linux/0/gen_mounts /usr/lib/tiger/systems/Linux/1/gen_mounts /usr/lib/tiger/systems/Linux/2/gen_mounts Here is the email send by tiger : --CONFIG-- [con010c] Filesystem 'aufs' used by 'none' is not recognised as a valid filesystem --CONFIG-- [con010c] Filesystem 'aufs' used by 'none' is not recognised as a valid filesystem --CONFIG-- [con010c] Filesystem 'aufs' used by 'none' is not recognised as a valid filesystem -- System Information: Debian Release: 7.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-0.bpo.4-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages tiger depends on: ii binutils 2.22-8+deb7u2 ii bsdmainutils 9.0.3 ii debconf [debconf-2.0] 1.5.49 ii libc6 2.13-38+deb7u8 ii net-tools 1.60-24.2 ii ucf3.0025+nmu3 Versions of packages tiger recommends: ii chkrootkit 0.49-4.1+deb7u2 ii john1.7.8-1 ii postfix [mail-transport-agent] 2.9.6-2 pn tripwire | aide none Versions of packages tiger suggests: ii lsof 4.86+dfsg-1 -- debconf information: tiger/mail_rcpt: root tiger/policy_adapt: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#779612: [pkg-cryptsetup-devel] Bug#779612: systemd-sysv,cryptsetup: systemd-sysv, cryptsetup should recommend plymouth; without plymouth cryptsetup prompts are unusable
Hello, Am 2015-03-20 16:49, schrieb Gordon Morehouse: On 03/19/2015 06:58 PM, Michael Biebl wrote: As pointed out, a recommends does not really help for new installs, since they have no effect when installing the base system. A recommends at least provides users a pointer towards fixing a really nasty problem (which they shouldn't even have, but, they currently will). Also, what Julien said. Therefor, I wonder if this bug report is useful in this form and if there's a point, keeping it open. Perhaps you could open a more appropriate bug to fix the problem for new installs? I'm not familiar enough with Debian to do so. Leaving this bug completely untouched is not a good idea. It makes Debian look cartoonishly bad when it bites. Seems like there's some more discussion needed in order to fix the reported bug: a) do we want cryptsetup to recommend plymouth? this way at least for manual installation of cryptsetup, plymouth would be pulled in, fixing destroyed nasty boot-password-prompts introduced that were introduced by the switch to systemd. b) do we want plymouth to be installed per default on new installs? to my knowledge it's not _required_ for systemd to work, but as soon as an initscript with user interaction is invoked, apparently plymouth is required. This *is* an argument for installing plymouth by default. c) do we want any of the above to be fixed/changed in time for jessie? I'm happy to implement the outcome of this discussion into the cryptsetup package, and I'm happy to prepare a quick upload with an added recommends on plymouth targeted at jessie. But at the moment I'm unsure which is the best solution, waiting for more opinions and especially for comments by the RMs ;) Cheers, jonas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768050: python-cairocffi: New upstream version: 0.6
Hi, I think python-xcffib is going into debian unstable now, so it should be possible to package python-cairocffi 0.6: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776178 Tycho -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#733295: gnutls-bin: please compile GnuTLS with DANE support
Hi, Nikos: Nikos Mavrogiannopoulos wrote: The D-BUS interface is not really necessary because DNS provides already this functionality. What we need is a convention for applications in the system to discover the local trusted (for dnssec) nameservers. What do you mean by local? A nameserver listening on localhost, or only a nameserver on the local network? My attempt to use c-ares for dnssec resolving would have the same effect as the ones you mention and is much cleaner and straightforward than D-BUS. However, it is blocked by the fact that there is no commonly acceptable convention for reading the trusted nameservers. My current solution was to use /etc/resolv-sec.conf, but it is pretty much arbitrary and that's why c-ares upstream blocked it. If Debian would set such a convention, I think it would allow software use DNSSEC easier. https://github.com/bagder/c-ares/pulls If I understand this pull request correctly, it only checks that the AD bit is set in responses; in the language of RFC 4033, that makes this a Non-Validating Security-Aware Stub Resolver. libunbound, OTOH, is a Validating Stub Resolver (it can also do full recursion if no forwarders are configured). A tool that uses libunbound can guarantee that the result is cryptographically authentic, to the limits of the integrity of the local system. So, I disagree with you if you are saying that trusting the AD bit without validating from a nameserver on the local network (even if it has been marked as trusted by local policy) has the same effect as validating on the endpoint (whether it be by a trusted process or by a nameserver bound to a privileged port, etc.). Maybe better than a D-BUS service would be DNS transport over an AF_LOCAL / SOCK_DGRAM socket; that can also guarantee that validation happens on the local system by a trusted process. Though, I wonder why danetool / libdane must perform the DNS lookup itself. Couldn't it also have an interface for accepting fetched TLSA records that have already been validated by an external tool? (I see that it can fetch certificates from remote servers, too, so I guess it wants to be an all-in-one tool.) E.g., unbound-host can securely fetch TLSA records: $ unbound-host -v -f /usr/share/dns/root.key -t TLSA _443._tcp.www.nic.cz _443._tcp.www.nic.cz has TLSA record 3 1 1 AA7B93DAAB084536530BD3256E9CEFF4557CB43512640F7AB64487DC9CA14FAB (secure) $ Also, unrelated to this discussion, I notice that gnutls hardcodes the path to the root trust anchor file at compile time: AC_ARG_WITH(unbound-root-key-file, AS_HELP_STRING([--with-unbound-root-key-file], [specify the unbound root key file]), unbound_root_key_file=$withval, if test $have_win = yes; then unbound_root_key_file=C:\\Program Files\\Unbound\\root.key else if test -f /var/lib/unbound/root.key;then unbound_root_key_file=/var/lib/unbound/root.key else unbound_root_key_file=/etc/unbound/root.key fi fi ) This is not right; a buildd environment won't have a running unbound daemon and thus won't have a /var/lib/unbound/root.key file, and /etc/unbound/root.key won't normally exist on a Debian system. (There is a package in Debian that ships the root trust anchor, though: dns-root-data.) -- Robert Edmonds edmo...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781170: bsd-mailx: Error message references invalid option -t
Package: bsd-mailx Version: 8.1.2-0.20141216cvs-1 Severity: minor Dear Maintainer, Running the following command produces the given error: $ echo test | mail -b t...@example.com -s test mail: You must specify direct recipients with -t when -s, -c, or -b is used bsd-mailx does not have a -t option. I believe the suggestion to use -t was introduced with the fix for bug #327809, which was to fix a previously confusing but correct error message. Maybe the wording You must specify to-addr recipients when using -s, -c, or -b would be better? Dan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781162: [Pkg-openldap-devel] Bug#781162: slapd segfaults on pass-through SASL authentication
Constrol: severity -2 minor Hi Ryan, You referred to saslauthd in your original message, but I noticed that the crash only happens if pwcheck_method in /etc/ldap/sasl2/slapd.conf is set to auxprop (or not set at all; auxprop is the default), whereas for pass-through authentication, AFAIK one would normally choose the saslauthd method (which, for me, works correctly and does not crash). Is that configuration by you intentional? thanks for the quick response. Indeed it was a configuration mistake (pwcheck_method not set in the right file). The crash was a bit further misleading me... Everything is working fine now with the proper config. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781151: boot often stalls with two A start job is running messages: binfmt and schroot sessions
Am 25.03.2015 um 17:10 schrieb Michael Biebl: Am 25.03.2015 um 16:55 schrieb Thibaut Paumard: Le 25/03/2015 14:52, Michael Biebl a écrit : If your system hang during boot, please switch to tty9, then save the output of ps aux systemctl list-jobs systemd-cgls Thanks Michael, the output of each command is attached in the corresponding file. Looks like a some kind of bug in schroot to me, which causes a dead lock. I assume, if you disable the schroot.service (update-rc.d disable schroot), the problem is gone? https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677811 looks related, although this bug is marked as fixed. You could try disabling the /etc/schroot/setup.d/15binfmt hook script, to narrow down the problem. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#760107: gthumb: missing gth_image_viewer_page_get_type symbol loading extensions
Package: gthumb Version: 3:3.3.3-2 Followup-For: Bug #760107 Dear Maintainer, this bug affects 3.3.3.2 either. I can not upload photos to picasa ** (gthumb:2905): WARNING **: Could not load the 'picasaweb' extension: Could not open the module `picasaweb`: /usr/lib/i386-linux- gnu/gthumb/extensions/libimage_rotation.so: undefined symbol: gth_image_viewer_page_get_type Thanks Luca -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 3.16.0-4-686-pae (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages gthumb depends on: ii gsettings-desktop-schemas 3.14.1-1 ii gthumb-data 3:3.3.3-2 ii libatk1.0-0 2.14.0-1 ii libc6 2.19-17 ii libcairo-gobject2 1.14.0-2.1 ii libcairo2 1.14.0-2.1 ii libclutter-1.0-01.20.0-1 ii libclutter-gtk-1.0-01.6.0-1 ii libcogl-pango20 1.18.2-3 ii libcogl-path20 1.18.2-3 ii libcogl20 1.18.2-3 ii libdrm2 2.4.58-2 ii libegl1-mesa [libegl1-x11] 10.4.2-2 ii libexiv2-13 0.24-4.1 ii libgbm1 10.4.2-2 ii libgcc1 1:4.9.2-10 ii libgdk-pixbuf2.0-0 2.31.1-2+b1 ii libglib2.0-02.42.1-1 ii libgstreamer-plugins-base1.0-0 1.4.4-2 ii libgstreamer1.0-0 1.4.4-2 ii libgtk-3-0 3.14.5-1 ii libjavascriptcoregtk-3.0-0 2.4.8-1 ii libjpeg62-turbo 1:1.3.1-12 ii libjson-glib-1.0-0 1.0.2-1 ii libpango-1.0-0 1.36.8-3 ii libpangocairo-1.0-0 1.36.8-3 ii libpng12-0 1.2.50-2+b2 ii librsvg2-2 2.40.5-1 ii libsecret-1-0 0.18-1+b1 ii libsoup2.4-12.48.0-1 ii libstdc++6 4.9.2-10 ii libtiff54.0.3-12.3 ii libwayland-client0 1.6.0-2 ii libwayland-cursor0 1.6.0-2 ii libwayland-egl1-mesa [libwayland-egl1] 10.4.2-2 ii libwayland-server0 1.6.0-2 ii libwebkit2gtk-3.0-252.4.8-1 ii libwebp50.4.1-1.2+b2 ii libx11-62:1.6.2-3 ii libxcomposite1 1:0.4.4-1 ii libxdamage1 1:1.1.4-2+b1 ii libxext62:1.3.3-1 ii libxfixes3 1:5.0.1-2+b2 ii libxi6 2:1.7.4-1+b2 ii libxkbcommon0 0.4.3-2 ii libxrandr2 2:1.4.2-1+b1 ii multiarch-support 2.19-17 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages gthumb recommends: ii bison 2:3.0.2.dfsg-2 ii flex2.5.39-8+b1 ii gstreamer0.10-gnomevfs 0.10.36-2 ii gvfs-bin1.22.2-1 ii libgphoto2-62.5.4-1.1+b2 ii libgphoto2-port12 2.5.7-2 gthumb suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781120: perl: handling of non-readable directories on @INC
On Tue, Mar 24, 2015 at 10:04:15PM +0200, Niko Tyni wrote: Bug #780830 against spamassassin highlights a 5.18 change in handling non-readable directories on @INC. In wheezy (Perl 5.14), 'require' (and therefore 'use' as well) would skip such entries when searching for modules. The current jessie (5.20) behaviour will croak on them: % perl -I/root -e 'require strict' Can't locate strict.pm: Permission denied at -e line 1. This may have unfortunate effects if site directories in /usr/local are not world readable for some reason. The #780830 reporter had at least one such directory (/usr/local/lib/site_perl), but it's currently unknown where that came from. It seems possible to me that /usr/bin/cpan has at some point created such directories in some configurations, but I haven't really investigated this. If somebody has non-world-readable @INC directories in /usr/local and can trace their origins, reports would be welcome. Cc'ing the debian-perl for likely candidates. No specific ideas on this, sorry - but any number of tools could have done this at various points, either intentionally or respecting the user's umask. Backporting upstream commit http://perl5.git.perl.org/perl.git/commit/e2ce0950e5e4b86c6fcbc488c37dd61d082b3e0d from 5.21.7 would help a bit as it improves the diagnostics in the error message by reporting the name of the directory missing permissions. I'm inclined to add this for jessie but I'd welcome other opinions on this. Yes, I'm in favour of this too - this is probably all we can do in the perl package in terms of resolving this. Mentioning this in the release notes might also make sense. Yep. Volunteers for this part welcome! Filing as 'serious' for now as I suppose this can be considered a regression from wheezy. I can work on a new perl package tomorrow afternoon; I also need to include the remaining versioned Breaks on packages depending on perl-modules. Dominic. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781147: unblock: resiprocate/1.9.7-5
Control: tags -1 confirmed moreinfo On 2015-03-25 09:23, Daniel Pocock wrote: Package: release.debian.org User: release.debian@packages.debian.org UserTags: unblock This is a proposed upload to unstable for jessie The main reason for this unblock request: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780979 and also helps resolve: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780980 The main reason for fixing 780979 is that the assert() can lead to a crash of the process, as described in the bug report. These fixes come from the master branch upstream: https://github.com/resiprocate/resiprocate/commits/master Seems reasonable, please upload it to unstable and remove the moreinfo tag once it has been accepted. ~Niels -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781110: e2fsprogs: e2fsck does not detect corruption
Could you send me the output of running the debugfs commands stat 4458532, ls 4458532, and hash 4458532, please? Thanks!! - Ted -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781180: [youtube-dl] Error fetch video from youtube
Package: youtube-dl Version: 2014.08.05-1+deb8u1 Severity: normal --- Please enter the report below this line. --- Debian jessie 64-bit, youtube-dl from repo. I can't fetch info of this video: http://www.youtube.com/watch?v=5DetbOolnQ8 Bugreport on youtube-dl closed due outdated version in jessie (#5284 https://github.com/rg3/youtube-dl/issues/5284). $ youtube-dl --verbose https://youtu.be/5DetbOolnQ8 [debug] System config: [] [debug] User config: [] [debug] Command-line args: ['--verbose', 'https://youtu.be/5DetbOolnQ8'] [debug] Encodings: locale UTF-8, fs UTF-8, out UTF-8, pref UTF-8 [debug] youtube-dl version 2014.08.05 [debug] Python version 2.7.9 - Linux-3.16.0-4-amd64-x86_64-with-debian-8.0 [debug] Proxy map: {} [youtube] Setting language [youtube] 5DetbOolnQ8: Downloading webpage [youtube] 5DetbOolnQ8: Downloading video info webpage [youtube] 5DetbOolnQ8: Extracting video information [youtube] 5DetbOolnQ8: Encrypted signatures detected. [youtube] {22} signature length 43.42, html5 player en_US-vflSp2y2y [youtube] 5DetbOolnQ8: Downloading js player vflSp2y2y ERROR: Signature extraction failed: Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/youtube_dl/extractor/youtube.py, line 479, in _decrypt_signature video_id, player_url, s File /usr/lib/python2.7/dist-packages/youtube_dl/extractor/youtube.py, line 383, in _extract_signature_function res = self._parse_sig_js(code) File /usr/lib/python2.7/dist-packages/youtube_dl/extractor/youtube.py, line 454, in _parse_sig_js u'Initial JS player signature function name') File /usr/lib/python2.7/dist-packages/youtube_dl/extractor/common.py, line 391, in _search_regex raise RegexNotFoundError(u'Unable to extract %s' % _name) RegexNotFoundError: Unable to extract Initial JS player signature function name; please report this issue on https://yt-dl.org/bug . Be sure to call youtube-dl with the --verbose flag and include its complete output. Make sure you are using the latest version; type youtube-dl -U to update. ; please report this issue on https://yt-dl.org/bug . Be sure to call youtube-dl with the --verbose flag and include its complete output. Make sure you are using the latest version; type youtube-dl -U to update. Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/youtube_dl/extractor/youtube.py, line 479, in _decrypt_signature video_id, player_url, s File /usr/lib/python2.7/dist-packages/youtube_dl/extractor/youtube.py, line 383, in _extract_signature_function res = self._parse_sig_js(code) File /usr/lib/python2.7/dist-packages/youtube_dl/extractor/youtube.py, line 454, in _parse_sig_js u'Initial JS player signature function name') File /usr/lib/python2.7/dist-packages/youtube_dl/extractor/common.py, line 391, in _search_regex raise RegexNotFoundError(u'Unable to extract %s' % _name) RegexNotFoundError: Unable to extract Initial JS player signature function name; please report this issue on https://yt-dl.org/bug . Be sure to call youtube-dl with the --verbose flag and include its complete output. Make sure you are using the latest version; type youtube-dl -U to update. Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/youtube_dl/YoutubeDL.py, line 516, in extract_info ie_result = ie.extract(url) File /usr/lib/python2.7/dist-packages/youtube_dl/extractor/common.py, line 170, in extract return self._real_extract(url) File /usr/lib/python2.7/dist-packages/youtube_dl/extractor/youtube.py, line 860, in _real_extract encrypted_sig, video_id, player_url, age_gate) File /usr/lib/python2.7/dist-packages/youtube_dl/extractor/youtube.py, line 489, in _decrypt_signature u'Signature extraction failed: ' + tb, cause=e) ExtractorError: Signature extraction failed: Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/youtube_dl/extractor/youtube.py, line 479, in _decrypt_signature video_id, player_url, s File /usr/lib/python2.7/dist-packages/youtube_dl/extractor/youtube.py, line 383, in _extract_signature_function res = self._parse_sig_js(code) File /usr/lib/python2.7/dist-packages/youtube_dl/extractor/youtube.py, line 454, in _parse_sig_js u'Initial JS player signature function name') File /usr/lib/python2.7/dist-packages/youtube_dl/extractor/common.py, line 391, in _search_regex raise RegexNotFoundError(u'Unable to extract %s' % _name) RegexNotFoundError: Unable to extract Initial JS player signature function name; please report this issue on https://yt-dl.org/bug . Be sure to call youtube-dl with the --verbose flag and include its complete output. Make sure you are using the latest version; type youtube-dl -U to update. ; please report this issue on https://yt-dl.org/bug . Be sure to call youtube-dl with the --verbose flag and include its complete output. Make sure
Bug#781110: e2fsprogs: e2fsck does not detect corruption
On Wed, Mar 25, 2015 at 02:08:14PM -0400, Theodore Ts'o wrote: Could you send me the output of running the debugfs commands stat 4458532, ls 4458532, and hash 4458532, please? debugfs: stat 4458532 Inode: 4458532 Type: directoryMode: 0755 Flags: 0x8 Generation: 1757173038Version: 0x:009a User: 0 Group: 0 Size: 4096 File ACL: 0Directory ACL: 0 Links: 2 Blockcount: 8 Fragment: Address: 0Number: 0Size: 0 ctime: 0x54a8f27d:90751f48 -- Sun Jan 4 09:57:49 2015 atime: 0x54a8f27d:90751f48 -- Sun Jan 4 09:57:49 2015 mtime: 0x54a8db75:6a6edc50 -- Sun Jan 4 08:19:33 2015 crtime: 0x50ae6f0f:8e2e476c -- Thu Nov 22 20:29:35 2012 Size of extra inode fields: 28 EXTENTS: (0):17834239 debugfs: ls 4458532 4458532: EXT2 directory corrupted debugfs: hash 4458532 Hash of 4458532 is 0xc9957416 (minor 0x0) Thanks!! - Ted -- Antti Salmela -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781134: /usr/lib/ispell/american-large.hash in /var/lib/ispell/american-large.remove not found. Upgrading info.
On Wed, Mar 25, 2015 at 08:19:25AM +0800, 積丹尼 Dan Jacobson wrote: Package: dictionaries-common Version: 1.23.17 These maybe are just one-time informational messages that the user need not worry about. Alas they look like warnings. Processing triggers for dictionaries-common (1.23.17) ... ispell-autobuildhash: /usr/lib/ispell/american-large.hash in /var/lib/ispell/american-large.remove not found. Upgrading info. ispell-autobuildhash: Processing 'american-large' dict. ispell-autobuildhash: /usr/lib/ispell/american.hash in /var/lib/ispell/american.remove not found. Upgrading info. ispell-autobuildhash: Processing 'american' dict. ispell-autobuildhash: /usr/lib/ispell/british.hash in /var/lib/ispell/british.remove not found. Upgrading info. ispell-autobuildhash: Processing 'british' dict. Hi, Dan This is harmless, but I should indeed make that message not look like a warning, but just as info, something like ispell-autobuildhash: info: /usr/lib/ispell/american.hash ... Thanks for reminding, -- Agustin -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org