Bug#1005964: Successfully updated to ruleset v. 1898205
Confirmation as requested from someone impacted on Debian Buster: My machines running spamassassin 3.4.4-1~bpo10+1 and 5.28.1-6+deb10u1 successfully updated to ruleset version 1898205 this morning around 6:00 UTC. -- -- Andreas :-)
Bug#947689: iptables -Z invalid argument workaround
A workaround that avoids deleting rules is providing rules.
# chain=OUTPUT
# iptables -Z $chain
iptables v1.8.2 (nf_tables): RULE_REPLACE failed (Invalid argument):
rule in chain OUTPUT
# iptables -Z $chain 1
#
So, instead of `iptables -Z $chain` we could iterate over all
existing rules and use e.g.
# iptables -L $chain -n --line-numbers | awk '$1+0>0 {print $1}' \
| xargs -rL1 iptables -Z $chain
--
-- Andreas
:-)
Bug#866395: Dup of #853981 ?
The reported issue seams to be the same as the one in #853981 [ https://bugs.debian.org/853981 ] -- -- Andreas
Bug#888484: Updates for stretch/jessie not in security repo
On Wed, 31 Jan 2018, at 12:52, Klaus Keppler wrote: Many "sources.list" files do not contain the "-updates" repository Even more so: I do source -updates, however, only now I see why the update was not yet installed automagically: # apt-cache policy clamav clamav: Installed: 0.99.2+dfsg-0+deb8u2 Candidate: 0.99.2+dfsg-0+deb8u2 Version table: 0.99.2+dfsg-0+deb8u3 0 500 http://ftp2.de.debian.org/debian/ jessie-updates/main amd64 Packages *** 0.99.2+dfsg-0+deb8u2 0 990 http://ftp2.de.debian.org/debian/ jessie/main amd64 Packages 100 /var/lib/dpkg/status -- -- Andreas
Bug#823659: openssh-server: do not start on boot on systemd: missing privilege separation directory: /var/run/sshd
Dmitry, > IMHO the best way to fix this problem permanently would be to add > "debian/openssh-server.ssh.tmpfile" file with the following content: > d /var/run/sshd 0755 root root Isn't that what $ cat /usr/lib/tmpfiles.d/sshd.conf d /var/run/sshd 0755 root root is supposed to do? BTW, there are 2 similar bug reports: /run on tmpfs breaks sshd started from inetd https://bugs.debian.org/645788 systemd service does not automatically create /var/run/sshd https://bugs.debian.org/760422 -- -- Andreas :-)
Bug#840015: Workaround for Postfix
I was wondering how to properly fix this for users of Debian Jessie. Clearly, just re-compiling OpenDKIM including the patch would fix DKIM of folded headers on systems that do not use OpenDKIM < 2.11 for evaluating messages, but it would break exchange with other Debian Jessie servers which did not apply the patch. So, ideally, the patch should finds its way into Debian Jessie by updating the package. Until then, one workaround is to rewrite (i.e. to unfold) headers before OpenDKIM gets the messages for signing. With Postfix this can be achieved for instance with header_checks(5): -- main.cf -- header_checks = pcre:/etc/postfix/header_checks -- header_checks -- # squeeze whitespace if header is folded after the ":" to work around # OpenDKIM canonicalization bug, cf. https://bugs.debian.org/840015 /^([A-Za-z0-9-]+:)\s*\n\s+(.*)$/ REPLACE $1 $2 -- -- Andreas
Bug#840015: opendkim: Relaxed canonicalization of folded headers breaks signatures
Package: opendkim Version: 2.9.2-2 Severity: important Tags: patch OpenDKIM, or more precisely, libopendkim up to 2.10.3 fails to canonicalize folded mail headers according to the RFC 6376 "relaxed" algorithm when a header is folded (wrapped) right after the ":" as for instance in | Subject:\r\n |long subject text continued on subsequent lines ... https://tools.ietf.org/html/rfc6376#section-3.4 Section 3.4.2 requires that this is canonicalized into | subject:long subject text continued on subsequent lines ... but libopendkim produces (note the single space after ":") | subject: long subject text continued on subsequent lines ... Hence, DKIM signatures derived from such headers are broken for all systems other than OpenDKIM (up to and including 2.10.3), and OpenDKIM fails to verify valid signatures produced by systems other than OpenDKIM. For the "From:" header this has been reported upstream at #226 Bad signature of From:\r\n wrapped field https://sourceforge.net/p/opendkim/bugs/226/ but the bug affects canonicalization in general. The provided patches are trivial, see DEP-3 patch by A. Schulze at https://sourceforge.net/p/opendkim/bugs/_discuss/thread/d08319d2/bd34/attachment/ticket226.patch Quoting thereof for reference: -- dv-opendkim-2.10.3.orig/libopendkim/dkim-canon.c +++ dv-opendkim-2.10.3/libopendkim/dkim-canon.c @@ -388,7 +388,7 @@ dkim_canon_header_string(struct dkim_dst /* skip all spaces before first word */ - while (*p != '\0' && DKIM_ISWSP(*p)) + while (*p != '\0' && DKIM_ISLWSP(*p)) p++; The patch was applied upstream in opendkim-2.11.0.Alpha0 as of 2015-10-22. I was not yet able to assess which or how many mailers produce headers that wrap immediately after the header keyword. However, I want to mention that Debian's default configuration of OpenDKIM as in Jessie and Stretch is unfortunately more likely to produce invalid signatures due to the fact that headers such as "References:" and "In-Reply-To:" which are often wrapped are signed. This is a default setting by OpenDKIM left unchanged by Debian, cf. opendkim.conf(5) + https://tools.ietf.org/html/rfc6376#section-5.4 So, signers can somewhat mitigate this bug's consequences using "OmitHeaders". Receivers, though, need to apply the patch. -- System Information: Debian Release: 7.11 APT prefers oldstable-updates APT policy: (990, 'oldstable-updates'), (990, 'oldstable'), (500, 'stable') Architecture: amd64 (x86_64) Versions of packages opendkim depends on: ii adduser3.113+nmu3 ii libbsd00.4.2-1 ii libc6 2.19-18+deb8u6 ii libdb5.3 5.3.28-9 ii libldap-2.4-2 2.4.31-2+deb7u2 ii liblua5.1-05.1.5-4+deb7u1 ii libmemcached11 1.0.18-4 ii libmemcachedutil2 1.0.18-4 ii libmilter1.0.1 8.14.4-4+deb7u1 ii libopendbx11.4.6-8 ii libopendkim9 2.9.2-2 ii librbl12.9.2-2 ii libssl1.0.01.0.1t-1+deb8u5 ii libunbound21.4.17-3+deb7u2 ii libvbr22.9.2-2 ii lsb-base 4.1+Debian8+deb7u1 opendkim recommends no packages. Versions of packages opendkim suggests: ii opendkim-tools 2.9.2-2 -- Configuration Files: /etc/opendkim.conf changed [not included] -- no debconf information
Bug#770135: How do I detect the need to restart
Sometimes `checkrestart` tells me that systemd-logind is in need to be restarted, but apparently it needs to be restarted more often than `checkrestart` is able to detect. How can I programmatically detect that systemd-logind needs to be restarted? Or should we simply restart unconditionally on a daily basis until this bug gets fixed? -- -- Andreas
Bug#769415: munin-plugins-core: ping_ plugin does not honor ping env variable
Package: munin-plugins-core
Version: 2.0.6-4+deb7u2
Severity: normal
From the instructions in /usr/share/munin/plugins/ping_
The following environment variables are used by this plugin
[...]
ping- Ping program to use
However, ping_ has the program hard coded at
case $0 in
*ping6_*)
PING=ping6
[...]
respectively for *ping_*, and finally runs
${PING:-ping} ...
One way to fix this is to change the 2 PING= lines to honor the
environment variables
case $0 in
*ping6_*)
PING=${ping:-ping6}
file_host=${0##*/ping6_}
V=IPv6
;;
*ping_*)
PING=${ping:-ping}
file_host=${0##*/ping_}
V=IPv4
;;
esac
This applies to munin-plugins-core in stable and up to expirimental,
currently at 2.1.9-1
-- System Information:
Debian Release: 7.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/dash
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#749485: Patch for #749485
It's rather trivial but the maintainer asked me to provide a patch
nonetheless since we got no reply from upstream. See attachment.
--
-- Andreas
:-)
--- postfwd-1.35/sbin/postfwd 2013-04-18 22:31:23.0 +0200
+++ postfwd-1.35-bug749485/sbin/postfwd 2014-10-15 11:25:21.712460389 +0200
@@ -1572,7 +1572,7 @@
my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
my($myaction) = $default_action; my($stop) = 0;
my($ratetype,$ratecount,$ratetime,$ratecmd) = split /, $myarg, 4;
- my($rcount) = ( ($mycmd =~ /^size/) ? $request{size} : (($mycmd =~ /^rcpt/) ? $request{recipient_count} : 1 ) );
+ my($rcount) = ( ($mycmd =~ /^size/) ? ( $request{size} * ( $request{recipient_count} || 1 ) ) : (($mycmd =~ /^rcpt/) ? $request{recipient_count} : 1 ) );
if ($ratetype and $ratecount and $ratetime and $ratecmd and $rcount) {
my $crate = $Rules[$index]{$COMP_ID}.'+'.$ratecount.'_'.$ratetime;
if ( defined $request{$ratetype} ) {
Bug#749485: postfwd1: size limits (quotas) ignore number of recipients
Package: postfwd
Version: 1.35-2
Severity: normal
Postfwd1 counts the size of a message only once even if the number
of recipients is 1. For example
May 15 20:21:48 iac postfix/qmgr[5056]: CB2141329:
from=syl...@example.com, size=12229263, nrcpt=69 (queue active)
will add only 12229263 for a rule like
id=QUOTA ; action=size(sasl_username/2/86400/WARN ...)
It seems that in /usr/sbin/postfwd1 in %postfwd_actions at the line
my($rcount) = ( ($mycmd =~ /^size/) ? $request{size} :
(($mycmd =~ /^rcpt/) ? $request{recipient_count} : 1 ) );
recipient_count is ignored, i.e. it is always assumed to be 1 for
($mycmd =~ /^size/).
-- System Information:
Debian Release: 7.5
APT prefers stable
APT policy: (990, 'stable'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages postfwd depends on:
ii adduser 3.113+nmu3
ii libnet-dns-perl 0.66-2+b2
ii libnet-server-perl 2.006-1+deb7u1
ii perl5.14.2-21+deb7u1
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#748984: recode html..utf8 breaks existing UTF-8
Package: recode Version: 3.6-20 Severity: normal When converting text from HTML to UTF-8, existing and valid UTF-8 characters get mangled. Example shell session: $ cat sample.htm !doctype htmlhtmlhead meta http-equiv=Content-Type content=text/html; charset=UTF-8 /headbodypEntities: Auml;Uuml;Ouml;; UTF-8: ÄÜÖ/p/body/html $ file sample.htm sample.htm: HTML document, UTF-8 Unicode text $ recode html..utf8 sample.htm !doctype htmlhtmlhead meta http-equiv=Content-Type content=text/html; charset=UTF-8 /headbodypEntities: ÄÜÖ; UTF-8: Ã�Ã�Ã�/p/body/html The same works fine in case of ISO-8859-15 (and probably similar charsets but I have tried only l9). -- System Information: Debian Release: 7.5 APT prefers stable APT policy: (990, 'stable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages recode depends on: ii dpkg 1.16.14 ii install-info 4.13a.dfsg.1-10 ii libc6 2.18-5 ii librecode03.6-20 recode recommends no packages. recode suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#748984: recode html..utf8 breaks existing UTF-8
Hi François, Thanks a lot for your prompt reply. I was afraid about what you wrote. Unfortunately, I cannot take over. I hope others will. All the best to you! Thanks for pointing me at the -d option. Actually, I forgot to mention a workaround: $ recode -d utf8..html sample.htm | recode html..utf8 !doctype htmlhtmlhead meta http-equiv=Content-Type content=text/html; charset=UTF-8 /headbodypEntities: ÄÜÖ; UTF-8: ÄÜÖ/p/body/html -- -- Andreas :-) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#687447: No INBOX link in large folder trees (courier+dovecot)
In https://sourceforge.net/p/squirrelmail/bugs/2799/#ffc5 Thomas Baumann pointed out that the problem is apparently caused by inexisting yet subscribed folders. I can confirm that non-existing folders cause or can cause the link to the INBOX folder to be missing on Courier and Dovecot, probably also on other servers. In fact, the bug probably does not depend on the size of the folder tree. On my Dovecot server I could reproduce the problem even with a folder tree of only 20 entries. Removing the inexisting folders from .subscriptions (Dovecot) or courierimapsubscribed (Courier) works around the bug. -- -- Andreas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#687447: No INBOX link in large folder trees (courier+dovecot)
Found the same problem on an installation using Dovecot IMAPd
$ dpkg -l 'dovecot*' | grep ^.i | awk '{print $1,$2,$3}'
ii dovecot-core 1:2.1.7-2
ii dovecot-imapd 1:2.1.7-2
ii dovecot-pop3d 1:2.1.7-2
The folder tree of the affected user has 178 entries.
However, here, the workaround to add INBOX to '.subscriptions' helped!
--
-- Andreas
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#687447: squirrelmail: No INBOX link in large folder trees (courier)
Package: squirrelmail Version: 2:1.4.23~svn20120406-1 Severity: normal After upgrading squirrelmail from 2:1.4.21-2 (currently in Squeeze/stable) to 2:1.4.23~svn20120406-1 (currently Wheezy as in testing) I found that at least one of my users is missing the INBOX entry/link in the folder tree whereas the link is shown for other users. The particular user has a larger list of subscribed folders (390). If I reduce the list to 10 entries the INBOX link is shown. I have tried adding and removing the entry INBOX from the list of subscribed folders but to no avail. I have also tested upstream 1.4.23 SVN snapshot of 2012-09-12 with no success. The behavior is the same as with the version from testing. The folder tree appears correctly with the SVN development snapshot of 2012-09-12 (so version 1.5.2), though this was tested with a fresh config.php. -- System Information: Debian Release: 6.0.5 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages squirrelmail depends on: ii apache22.2.16-6+squeeze7 Apache HTTP Server metapackage ii apache2-mpm-prefork [h 2.2.16-6+squeeze7 Apache HTTP Server - traditional n ii libapache2-mod-php55.3.3-7+squeeze14 server-side, HTML-embedded scripti ii perl 5.10.1-17squeeze3 Larry Wall's Practical Extraction ii php5 5.3.3-7+squeeze14 server-side, HTML-embedded scripti ii php5-cgi 5.3.3-7+squeeze14 server-side, HTML-embedded scripti Versions of packages squirrelmail recommends: ii aspell [aspell-bin]0.60.6-4 GNU Aspell spell-checker ii php5-common [php5-mhas 5.3.3-7+squeeze14 Common files for packages built fr ii squirrelmail-locales 1.4.18-20090526-1 Translations for the SquirrelMail ii squirrelmail-viewashtm 3.8-3 SquirrelMail plugin: View mails as Versions of packages squirrelmail suggests: ii courier-imap [imap-ser 4.8.0-3 Courier mail server - IMAP server pn imapproxy none(no description available) ii php-pear 5.3.3-7+squeeze14 PEAR - PHP Extension and Applicati pn php5-ldap none(no description available) ii php5-recode5.3.3-7+squeeze14 recode module for php5 ii squirrelmail-decode1.2-1 SquirrelMail support for decoding -- Configuration Files: /etc/squirrelmail/apache.conf changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#687447: No INBOX link in large folder trees (courier)
I have also reported this upstream at https://sourceforge.net/tracker/?func=detailaid=3567126group_id=311atid=100311 -- -- Andreas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#603917: procmail-lib: Continuations of quoted assignments reported as error
Package: procmail-lib Version: 1:2004.1216-1 Severity: normal A quoted multi-line assignment such as LOG=some text is valid in terms of procmail but is reported as error by proclint. $ proclint -l samplerc Scanning file samplerc: 1:=NL= 2:E Bad recipe line: 3: 4:=LOG=some 5:Etext Bad recipe line: text $ cat samplerc NL= LOG=some text -- System Information: Debian Release: 5.0.6 APT prefers stable APT policy: (990, 'stable'), (500, 'oldstable'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/4 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash Versions of packages procmail-lib depends on: ii perl 5.10.1-16 Larry Wall's Practical Extraction ii procmail 3.22-16Versatile e-mail processor procmail-lib recommends no packages. procmail-lib suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#584881: NeilBrown added a cond_resched
Maybe someone can verify whether the patch contributed by Neil Brown [ http://www.ktrap.org/mailarchive/git-commits-head/2009/10/31/11499 ] fixes this? Should be available since 2.6.32. HTH. -- -- Andreas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510641: Patch against checkarray to skip auto-read-only arrays
The following diff might not be an ideal solution. Anyway, I had a system with a non-swap array in auto-read-only state (array_state = read-auto), indeed an array which currently is simply not used. Thus, I changed _checkarray_ to skip it with a warning (change $quiet -lt 2 to $quiet -lt 1 if you want the cronjob to be silent about it). --- checkarray.o2009-02-05 20:49:08.0 +0100 +++ /usr/share/mdadm/checkarray 2009-04-05 23:55:59.0 +0200 @@ -27,7 +27,7 @@ cat -_eof | column -s\ -t -a|--all check all assembled arrays (check /proc/mdstat). -c|--cron honour AUTOCHECK setting in /etc/default/mdadm. - -s|--status print redundancy check status of devices. + -s|--status print redundancy check and array status of devices. -x|--cancel queue a request to cancel a running redundancy check. -q|--quiet suppress informational messages. -Q|--real-quiet suppress all output messages, including warnings and errors. @@ -132,6 +132,7 @@ for array in $arrays; do SYNC_ACTION_CTL=/sys/block/$array/md/sync_action + ARRAY_STATE=/sys/block/$array/md/array_state if [ ! -e $SYNC_ACTION_CTL ]; then [ $quiet -lt 1 ] echo $PROGNAME: I: skipping non-redundant array $array. 2 @@ -139,9 +140,10 @@ fi cur_status=$(cat $SYNC_ACTION_CTL) + array_state=$(cat $ARRAY_STATE) if [ $action = status ]; then -echo $array: $cur_status +echo $array: $cur_status ($array_state) continue fi @@ -161,6 +163,10 @@ [ $quiet -lt 2 ] echo $PROGNAME: W: array $array not idle, skipping... 2 continue fi + if [ $array_state = read-auto ]; then +[ $quiet -lt 2 ] echo $PROGNAME: W: array $array is in auto-read-only state, skipping... 2 +continue + fi # queue request for the array. The kernel will make sure that these requests # are properly queued so as to not kill one of the array. HTH, -- -- Andreas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#505888: remind only shows options and usage page
Package: remind Version: 03.01.05-2 Severity: important Previous versions of remind had no ''rem'' command on Debian. There was only ''remind''. According to the current changelog.Debian.gz this was changed. ''remind'' previously assumed a default file ~/.reminders whereas the current version of ''remind'' does not. Hence, previously used command lines using ''remind'' cannot be used anymore. Assumingly, this affects also depending packages and third-party programs such as wxRemind. In general, it should be sufficient to now use ''rem'' instead of ''remind'' as the current package ships with a symbolic link ''rem'' pointing to ''remind''. I would suggest some README.Debian file or a warning shown when installing or updating the package. Sample of a shell session: [EMAIL PROTECTED]:~$ remind REMIND 03.01.05 (English version) Copyright 1992-1998 David F. Skoll Copyright 1999-2008 Roaring Penguin Software Inc. Usage: remind [options] filename [date] [time] [*rep] Options: -n Output next occurrence of reminders in simple format (...) [EMAIL PROTECTED]:~$ remind ~/.reminders Reminders for Sunday, 16th November, 2008 (today): (...) [EMAIL PROTECTED]:~$ rem Reminders for Sunday, 16th November, 2008 (today): (...) -- System Information: Debian Release: lenny/sid APT prefers oldstable APT policy: (500, 'oldstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/4 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash Versions of packages remind depends on: ii libc6 2.7-15 GNU C Library: Shared libraries remind recommends no packages. Versions of packages remind suggests: pn tkremind none (no description available) pn wyrd none (no description available) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
