Bug#940799: rrd2whisper too
Same issue on running rrd2whisper --xFilesFactor="0.5" SSH.rrd Traceback (most recent call last): File "/usr/bin/rrd2whisper", line 161, in print(' migrating %d datapoints from archive %d' % (len(datapoints), archiveNumber)) ^^^ TypeError: object of type 'filter' has no len() Patch is attached. Greetings from Germany, Alexander Hosfeld --- rrd2whisper 2022-11-09 13:57:05.0 +0100 +++ rrd2whisper.fixed 2024-06-07 14:39:41.373712202 +0200 @@ -157,7 +157,7 @@ values = [row[column_index] for row in rows] timestamps = list(range(*time_info)) datapoints = zip(timestamps, values) -datapoints = filter(lambda p: p[1] is not None, datapoints) +datapoints = list(filter(lambda p: p[1] is not None, datapoints)) print(' migrating %d datapoints from archive %d' % (len(datapoints), archiveNumber)) archiveNumber -= 1 whisper.update_many(path, datapoints) signature.asc Description: PGP signature
Bug#759475: suricata: Missing dependency on python-simplejson
Package: suricata Version: 2.0.3-1 Severity: minor Dear Maintainer, suricata does not depend on python-simplejson resulting in an error message when running suricatasc: root@sid:~# suricatasc Traceback (most recent call last): File "/usr/bin/suricatasc", line 19, in from suricatasc import * File "/usr/lib/python2.7/dist-packages/suricatasc/__init__.py", line 2, in from suricatasc import * File "/usr/lib/python2.7/dist-packages/suricatasc/suricatasc.py", line 17, in import simplejson as json ImportError: No module named simplejson -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.14-2-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages suricata depends on: ii libc62.19-10 ii libcap-ng0 0.7.4-2 ii libgcrypt11 1.5.4-2 ii libgnutls26 2.12.23-17 ii libhtp1 0.5.12-1 ii libjansson4 2.6-1 ii libluajit-5.1-2 2.0.3+dfsg-3 ii libmagic11:5.19-1 ii libnet1 1.1.6+dfsg-3 ii libnetfilter-queue1 1.0.2-2 ii libnfnetlink01.0.1-3 ii libnspr4 2:4.10.7-1 ii libnss3 2:3.17-1 ii libpcap0.8 1.6.1-1 ii libpcre3 1:8.35-3 ii libprelude2 1.0.0-11.3+b1 ii libyaml-0-2 0.1.6-2 ii python 2.7.8-1 Versions of packages suricata recommends: ii oinkmaster 2.0-4 ii snort-rules-default 2.9.5.3-3 suricata suggests no packages. -- Configuration Files: /etc/suricata/suricata-debian.yaml changed: %YAML 1.1 --- host-mode: auto default-log-dir: /var/log/suricata/ unix-command: enabled: yes #filename: custom.socket <- snip -> -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#743332: Applying Patch
* Guillaume Lécroart wrote on 09 Apr 2014: > patch did not apply automatically though (patch -p1 at the root of the > src, got rejected) Sorry, vim slurped the tabs into spaces... Description: Fixed parsing of ID_DER_ASN1_DN in X.509 certificates The fix for CVE-2013-2053 (#709144) introduced a bug when parsing the ID_DER_ASN1_DN of a X.509 certificate (local and remote). In the atodn function a boundary check failed, when the full distinguished name if given in ipsec.conf (leftid or rightid). This results in a garbled peer id and in revoking connections. This patch fixes the boundary check. Bug-Debian: http://bugs.debian.org/743332 Origin: other Author: Alexander Hosfeld Last-Update: 2014-04-10 diff -ru openswan-2.6.37.orig/lib/libopenswan/x509dn.c openswan-2.6.37/lib/libopenswan/x509dn.c --- openswan-2.6.37.orig/lib/libopenswan/x509dn.c 2014-04-10 10:50:33.0 +0200 +++ openswan-2.6.37/lib/libopenswan/x509dn.c 2014-04-10 10:51:19.524173326 +0200 @@ -866,7 +866,6 @@ chunkcpy(dn_ptr, name); /* accumulate the length of the distinguished name sequence */ - dn_seq_len += 1 + asn1_rdn_set_len.len + rdn_set_len; dn_seq_len += rdn_len; /* reset name and change state */ signature.asc Description: Digital signature
Bug#743332: Info received (Patch for #743332)
* Guillaume Lécroart wrote on 09 Apr 2014: > It is my understanding that the patch supplied only fixes IDs for DNs > extracted from certs. No! The supplied patch is *not* limited for fixing IDs for DNs extracted from certs. The patch fixes the atodn() function. This function is used for *any* parsing of an ID_DER_ASN1_DN subject: - rightid/leftid in /etc/ipsec.conf - rightcert/leftcert in /etc/ipsec.conf - Parsing of remote Peer ID (on inbound connections) signature.asc Description: Digital signature
Bug#743332: Patch for #743332
The patches for fixing the pre-authentication buffer overflow in atodn() / atoid() (CVE-2013-2053) introduced a bug in parsing the ID_DER_ASN1_DN subject when using certificates and the full distinguished names for leftid and/or rightid in /etc/ipsec.conf Since the Peer ID_DER_ASN1_DN subject is garbled the appropriate entry from ipsec.conf cannot be found and the tunnel is revoked. Please note this bug is not limited to 2.6.28+dfsg-5+squeeze2, but was introducted in 2.6.37-3+deb7u1 (wheezy), too. In the attachment you find a patch for fixing the boundary check in lib/libopenswan/x509dn.c The patch is tested for 2.6.28+dfsg-5+squeeze2 (squeeze) and 2.6.37-3+deb7u1 (wheezy). @Paul Wouters: those *** have been substituted to remain anonymity. Sorry, I should have had mentioned this... Description: Fixed parsing of ID_DER_ASN1_DN in X.509 certificates The fix for CVE-2013-2053 (#709144) introduced a bug when parsing the ID_DER_ASN1_DN of a X.509 certificate (local and remote). In the atodn function a boundary check failed, when the full distinguished name if given in ipsec.conf (leftid or rightid). This results in a garbled peer id and in revoking connections. This patch fixes the boundary check. Bug-Debian: http://bugs.debian.org/743332 Origin: other Author: Alexander Hosfeld Last-Update: 2014-04-09 --- openswan-2.6.28+dfsg.orig/lib/libopenswan/x509dn.c +++ openswan-2.6.28+dfsg/lib/libopenswan/x509dn.c @@ -866,7 +866,6 @@ atodn(char *src, chunk_t *dn) chunkcpy(dn_ptr, name); /* accumulate the length of the distinguished name sequence */ - dn_seq_len += 1 + asn1_rdn_set_len.len + rdn_set_len; dn_seq_len += rdn_len; /* reset name and change state */ Description: Fixed parsing of ID_DER_ASN1_DN in X.509 certificates The fix for CVE-2013-2053 (#709144) introduced a bug when parsing the ID_DER_ASN1_DN of a X.509 certificate (local and remote). In the atodn function a boundary check failed, when the full distinguished name if given in ipsec.conf (leftid or rightid). This results in a garbled peer id and in revoking connections. This patch fixes the boundary check. Bug-Debian: http://bugs.debian.org/743332 Origin: other Author: Alexander Hosfeld Last-Update: 2014-04-09 --- openswan-2.6.37.orig/lib/libopenswan/x509dn.c +++ openswan-2.6.37/lib/libopenswan/x509dn.c @@ -866,7 +866,6 @@ atodn(char *src, chunk_t *dn) chunkcpy(dn_ptr, name); /* accumulate the length of the distinguished name sequence */ - dn_seq_len += 1 + asn1_rdn_set_len.len + rdn_set_len; dn_seq_len += rdn_len; /* reset name and change state */ signature.asc Description: Digital signature
Bug#743332: openswan: Error while parsing ID_DER_ASN1_DN subject when using certificates
Package: openswan Version: 2.6.28+dfsg-5+squeeze2 Severity: important After upgrading to 2.6.28+dfsg-5+squeeze2 we cannot establish some tunnel with X509 based authentication. There seems to be some parsing error of the the ID_DER_ASN1_DN subject. Here the relevant parts from /var/log/auth.log: Apr 1 11:24:20 hostname pluto[3498]: "connection" #227: Main mode peer ID is ID_DER_ASN1_DN: '0x3081E4310B3009060355040613024445310C300A060355040813034E525731193017060355040713103420477565746572736C6F6831183016060355040A130F4D61726B6F657474657220476D6248310C300A060355040B130345445631123010060355040313095061646572626F726E' After downgrading to 2.6.28+dfsg-5+squeeze1 all tunnel came up as expected: Apr 1 11:24:27 hostname pluto[3498]: "connection" #228: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, ST=NRW, L=4 Guetersloh, O=***, OU=***, CN=***' -- System Information: Debian Release: 6.0.9 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openswan depends on: ii bind9-host [hos 1:9.7.3.dfsg-1~squeeze11 Version of 'host' bundled with BIN ii bsdmainutils8.0.13 collection of more utilities from ii debconf [debcon 1.5.36.1 Debian configuration management sy ii host1:9.7.3.dfsg-1~squeeze11 Transitional package ii iproute 20100519-3 networking and traffic control too ii ipsec-tools 1:0.7.3-12 IPsec tools for Linux ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii libcurl37.21.0-2.1+squeeze7 Multi-protocol file transfer libra ii libgmp3c2 2:4.3.2+dfsg-1 Multiprecision arithmetic library ii libldap-2.4-2 2.4.23-7.3 OpenLDAP libraries ii libpam0g1.1.1-6.1+squeeze1 Pluggable Authentication Modules l ii openssl 0.9.8o-4squeeze14Secure Socket Layer (SSL) binary a openswan recommends no packages. Versions of packages openswan suggests: pn curl (no description available) pn openswan-doc (no description available) ii openswan-module 1:2.6.28+dfsg-5+squeeze2 Internet Key Exchange daemon - DKM -- Configuration Files: /etc/ipsec.conf changed [not included] /etc/ipsec.secrets changed [not included] -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#403569: Privacy hole dom.storage.enabled
Package: iceweasel Version: 2.0+dfsg-1 Hi, please set dom.storage.enabled to false. On 14 Dec the Web Hypertext Application Technology Working Group[1] submitted the Web Applications 1.0 Standard Working Draft[2]. This standard enables a cookie-like system for storing and retrieving private data through JavaScript ("client-side session and persistent storage"). Since firefox2 this function is implemented and enabled at default[4]. Since - this is providing a huge (!) privacy hole[3] - this is just an inofficial working draft - there is no way to change this behaviour in the iceweasel GUI - There is no way to en- or disable this setting for particular websites please set the default in iceweasel to false or remove this function from iceweasel. Cheers, Alexander [1] http://www.whatwg.org [2] http://www.whatwg.org/specs/web-apps/current-work/ [3] http://www.whatwg.org/specs/web-apps/current-work/#security0 [4] http://kb.mozillazine.org/Dom.storage.enabled -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#396913: bacula-common: Schedule "WeeklyCycle" should be "MonthlyCycle"
Package: bacula-common Version: 1.36.2-2sarge1 Severity: minor The standard Schedule "WeeklyCycle" is a monthy cycle and thus should be renamed. # # When to do the backups, full backup on first sunday of the month, # differential (i.e. incremental since full) every other sunday, # and incremental backups other days Schedule { Name = "WeeklyCycle" Run = Full 1st sun at 23:05 Run = Differential 2nd-5th sun at 23:05 Run = Incremental mon-sat at 23:05 } -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.16.2-hosi Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages bacula-common depends on: ii adduser 3.63 Add and remove users and groups ii debconf 1.4.30.13 Debian configuration management sy -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]