Bug#1070736: Compose key broken in gnome-terminal (and others)
Another thing that might well be the same underlying problem: Using version 2.74.6-2+deb12u1, a Compose sequence like 'Compose " a' enters nothing in gnome-terminal and emacs. Using version 2.74.6-2, the same sequence enters an "ä". Arne
Bug#1067488: mirror listing update for mirror.lon.macarne.com
Package: mirrors Severity: minor User: mirr...@packages.debian.org Usertags: mirror-list Submission-Type: update Site: mirror.lon.macarne.com Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 hurd-amd64 i386 mips mips64el mipsel powerpc ppc64el riscv64 s390x Archive-http: /debian/ Archive-rsync: debian/ Maintainer: Arne Country: GB United Kingdom Location: London Sponsor: Macarne LLC https://macarne.com Comment: We've done a tiny firewall hardening and it broke the 80/443 open connections. Please re-enable the mirror on your end ;) Much obliged. eu...@macarne.com Trace Url: http://mirror.lon.macarne.com/debian/project/trace/ Trace Url: http://mirror.lon.macarne.com/debian/project/trace/ftp-master.debian.org Trace Url: http://mirror.lon.macarne.com/debian/project/trace/mirror.lon.macarne.com
Bug#1064431: Info received (Bug#1064431: mirror submission for mirror.fra.macarne.com)
Hi, could we get an update here? Thanks Arne Sent from my iPhone > On Feb 23, 2024, at 8:03 AM, Debian Bug Tracking System > wrote: > > Thank you for the additional information you have supplied regarding > this Bug report. > > This is an automatically generated reply to let you know your message > has been received. > > Your message is being forwarded to the package maintainers and other > interested parties for their attention; they will reply in due course. > > Your message has been sent to the package maintainer(s): > Debian Mirrors Team > > If you wish to submit further information on this problem, please > send it to 1064...@bugs.debian.org. > > Please do not send mail to ow...@bugs.debian.org unless you wish > to report a problem with the Bug-tracking system. > > -- > 1064431: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064431 > Debian Bug Tracking System > Contact ow...@bugs.debian.org with problems smime.p7s Description: S/MIME cryptographic signature
Bug#1057767: pipewire: Last upgrade completely broke bluetooth connection: : org.bluez.Error.Failed br-connection-unknown
Source: pipewire Version: 1.0.0-1 Severity: important Tags: a11y Dear Maintainer, after a recent upgrade, my BT headset (for lack of a better word, see below) won't connect anymore. I always get Failed to connect: org.bluez.Error.Failed br-connection-unknown * What led up to the situation? On Dec 6 I upgraded and since the my BT thingy does not connect to my PC anymore. I am hearing impaired and need to use a BT thingy called RemoteMic+ (by Starkey) to be able to listen to music or make calls/attend meetings via PC. So, this is a major issue for me. Among others these packages were upgraded: firmware-iwlwifi libpipewire-0.3-0 libpipewire-0.3-common libspa-0.2-bluetooth libspa-0.2-modules * What exactly did you do (or not do) that was effective (or ineffective)? First I downgraded firmware-iwlwifi to version 20230210-5 -- to no avail. Next, I downgraded libpipewire-0.3-0 libpipewire-0.3-common libspa-0.2-bluetooth libspa-0.2-modules to version 0.3.85-1 again -- and things started to work again. Since those packages depend on another, I couldn't downgrade just one, hence the report on the source package -- but I suspect a change in libspa-0.2-bluetooth to be responsible. BT adapter: ID 8087:0029 Intel Corp. AX200 Bluetooth -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 6.5.0-5-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE=en_IE:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#1040902: libfreefem++: Paths in /etc/freefem++.pref do not match installation paths
Package: libfreefem++ Version: 4.11+dfsg1-3 Severity: normal Dear Maintainer, The conffile /etc/freefem++.pref contains the following lines loadpath += "/usr/lib/ff++/4.9/lib" includepath += "/usr/lib/ff++/4.9/idp" which do not match where files are actually installed. This leads to errors like: nordmark@deedee:~$ FreeFem++ /usr/share/doc/freefem++/examples/3d/beam-3d.edp -- FreeFem++ v4.9 ( - git no git) Load: lg_fem lg_mesh lg_mesh3 eigenvalue 1 : load "medit" Load error: medit fail: dlerror : /usr/lib/ff++/4.9/lib/medit.so: cannot open shared object file: No such file or directory list prefix: './' '/usr/lib/ff++/4.9/lib/' list suffix: '' , '.so' current line = 1 Load error : medit line number :1, medit error Load error : medit line number :1, medit code = 2 mpirank: 0 The lines should probably be loadpath += "/usr/lib/freefem++" includepath += "/usr/include/freefem++/idp" instead. With the changed conffile below, the example seems to work OK. Best regards Arne -- System Information: Debian Release: 12.0 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-10-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages libfreefem++ depends on: ii coinor-libipopt1v5 3.11.9-2.3+b1 ii libatlas3-base [liblapack.so.3]3.10.3-13 ii libblas3 [libblas.so.3]3.11.0-2 ii libc6 2.36-9 ii libfftw3-double3 3.3.10-1 ii libgcc-s1 12.2.0-14 ii libgfortran5 12.2.0-14 ii libgsl27 2.7.1+dfsg-5 ii liblapack3 [liblapack.so.3]3.11.0-2 ii libmetis5 5.1.0.dfsg-7 ii libmumps-seq-5.5 5.5.1-1 ii libopenblas0-pthread [liblapack.so.3] 0.3.21+ds-4 ii libopenmpi34.1.4-3+b1 ii libptscotch-7.07.0.3-2 ii libstdc++6 12.2.0-14 ii libsuperlu55.3.0+dfsg1-2+b1 ii libtet1.5 1.5.0-5 ii libumfpack51:5.12.0+dfsg-2 libfreefem++ recommends no packages. libfreefem++ suggests no packages. -- Configuration Files: /etc/freefem++.pref changed: loadpath += "./" loadpath += "/usr/lib/ff++/4.9/lib" includepath += "/usr/lib/ff++/4.9/idp" loadpath += "/usr/lib/freefem++" includepath += "/usr/include/freefem++/idp" -- debconf-show failed
Bug#1035803: resolvconf: dns-search entries for lo.inet are absent from /run/resolvconf/interface/lo.inet file
Package: resolvconf Version: 1.91+nmu1 Severity: normal Dear Maintainer, Lines like iface lo inet loopback dns-search a.example.com b.example.com in /etc/network/interfaces no longer causes the corresponding entries to show up in /etc/resolv.conf in bookworm, while they did show up in bullseye. The file /run/resolvconf/interface/lo.inet contains just a single newline after running "ifdown lo; ifup lo". >From what I can see, the update script /etc/network/if-up.d/000resolvconf runs >succesfully, creating the expected lo.inet file, but then that file is somehow >immediately replaced by the nearly empty file. A workaround is to make the entries end up in lo.inet6 instead: iface lo inet6 loopback dns-search a.example.com b.example.com which seems to work fine. I am sorry I have not beeen able to nail down the cause of this problem, but thanks for maintaining resolvconf in Debian. Arne -- System Information: Debian Release: 12.0 APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-8-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages resolvconf depends on: ii debconf [debconf-2.0] 1.5.82 ii lsb-base 11.6 ii sysvinit-utils [lsb-base] 3.06-4 resolvconf recommends no packages. resolvconf suggests no packages. -- debconf-show failed
Bug#1035800: unbound: Resolvconf update script exits with return code 1 when no nameservers are found
Package: unbound Version: 1.17.1-2 Severity: normal Dear Maintainer, When booting with resolvconf installed and the resolvconf update script (/etc/resolvconf/update.d/unbound) executable, the unbound-resolvconf service fails: maj 09 10:47:20 systemd[1]: Started unbound-resolvconf.service - Unbound asyncronous resolvconf update helper. maj 09 10:47:20 unbound-helper[1291]: run-parts: /etc/resolvconf/update.d/unbound exited with return code 1 maj 09 10:47:20 systemd[1]: unbound-resolvconf.service: Main process exited, code=exited, status=1/FAILURE maj 09 10:47:20 systemd[1]: unbound-resolvconf.service: Failed with result 'exit-code'. At this point in booting, the network is not fully configured yet, and no file in /run/resolvconf/interface contains any non-local nameserver info. If the unbound-resolvconf service is restarted after nameserver info has been added, it starts normally. Could this behaviour be due to the exit code from "egrep -v" causing the script to fail, since the script is started with "#!/bin/sh -e"? Thanks for maintaining unbound in Debian. Arne -- System Information: Debian Release: 12.0 APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-8-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages unbound depends on: ii adduser3.132 ii init-system-helpers1.65.2 ii libc6 2.36-9 ii libevent-2.1-7 2.1.12-stable-8 ii libnghttp2-14 1.52.0-1 ii libprotobuf-c1 1.4.1-1+b1 ii libpython3.11 3.11.2-6 ii libssl33.0.8-1 ii libsystemd0252.6-1 ii lsb-base 11.6 ii sysvinit-utils [lsb-base] 3.06-4 Versions of packages unbound recommends: ii dns-root-data 2023010101 Versions of packages unbound suggests: ii apparmor 3.0.8-3 ii openssl 3.0.8-1 -- debconf-show failed
Bug#1031979: libnss-ldapd: Entries for passwd and shadow are cleared on upgrade when system locale is sv_SE.UTF-8
Den 2023-04-02 kl. 16:22, skrev Arthur de Jong: On Sun, 2023-02-26 at 10:50 +0100, Arne Nordmark wrote: The search for enabled services in /etc/nsswitch.conf breaks when using the Swedish locale. LANG=C sed -n 's/^[[:space:]]*\([a-z]*\)[[:space:]]*:.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' /etc/nsswitch.conf | xargs gives "passwd group shadow" which is correct, whereas LANG=sv_SE.UTF-8 sed -n 's/^[[:space:]]*\([a-z]*\)[[:space:]]*:.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' /etc/nsswitch.conf | xargs gives "group". Interestingly, I cannot reproduce this on unstable (I generated the proper locale and use LC_ALL instead of LANG to override all LC_* variables I had set), also minimising the problem doesn't show this issue: echo "shadow: " | LC_ALL=C sed -n 's/^[[:space:]]*\([a-z]*\)[[:space:]]*:.*/\1/p' echo "shadow: " | LC_ALL=sv_SE.UTF-8 sed -n 's/^[[:space:]]*\([a-z]*\)[[:space:]]*:.*/\1/p' (both return the same output for me) Indeed, something has changed between buster and bookworm, probably the locale. So, depending on the unpacking order, this may not even affect all upgrades from buster to bookworm. Anyway, I'll change the maintainer scripts to force the C locale so we have consistent rexex processing by sed, grep and other tools. Thank you again. Arne
Bug#1031979: libnss-ldapd: Entries for passwd and shadow are cleared on upgrade when system locale is sv_SE.UTF-8
Package: libnss-ldapd Version: 0.9.12-3 Severity: normal Dear Maintainer, The search for enabled services in /etc/nsswitch.conf breaks when using the Swedish locale. In the debconf ".config" script we have the nss_list_configured() function. Compare the output in the "C" and the Swedish locale: LANG=C sed -n 's/^[[:space:]]*\([a-z]*\)[[:space:]]*:.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' /etc/nsswitch.conf | xargs gives passwd group shadow which is correct, whereas LANG=sv_SE.UTF-8 sed -n 's/^[[:space:]]*\([a-z]*\)[[:space:]]*:.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' /et\ c/nsswitch.conf | xargs gives group and the difference seems to come from the presence of the "w" character. Thus the passwd and shadow entries are turned off in /etc/nsswitch.conf on each package upgrade. Replacing the character class [a-z] by [[:alpha:]] seems to restore functionality: LANG=C sed -n 's/^[[:space:]]*\([[:alpha:]]*\)[[:space:]]*:.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' /etc/nsswitch.conf | xargs passwd group shadow LANG=sv_SE.UTF-8 sed -n 's/^[[:space:]]*\([[:alpha:]]*\)[[:space:]]*:.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' /etc/nsswitch.conf | xargs passwd group shadow Found this on a bullseye-bookworm test upgrade. For some reason, checking the nsswitch file did not occur to me until after lots of checks for LDAP/SSL/Database problems etc. Then I remembered the same thing happend a few years ago on the buster->bullseye upgrade. Thus I really should have isolated and reported the problem years ago. Sorry about that. Thanks for maintaining (and being upstream) for this package. Arne -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-3-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages libnss-ldapd depends on: ii debconf [debconf-2.0] 1.5.82 ii libc6 2.36-8 ii nslcd [nslcd-2]0.9.12-3 libnss-ldapd recommends no packages. libnss-ldapd suggests no packages. -- debconf-show failed
Bug#1030263: telegram-desktop: Telegram-Desktop ignores Shift-Key
Package: telegram-desktop
Version: 4.5.3+ds-1+b1
Severity: normal
Hi.
Since the latest upgrade, telegram-desktop ignores the shift-modifier on my
system.
cu
AW
-- Package-specific info:
-- System Information:
Debian Release: 11.1
APT prefers testing
APT policy: (90, 'testing'), (90, 'stable'), (50, 'unstable'), (40,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.4 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_GB.iso885915, LC_CTYPE=en_GB.iso885915 (charmap=ISO-8859-15),
LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages telegram-desktop depends on:
ii libabsl20220623 20220623.1-1
ii libavcodec59 7:5.1.2-1
ii libavformat59 7:5.1.2-1
ii libavutil57 7:5.1.2-1
ii libc6 2.36-8
ii libgcc-s1 10.2.1-6
ii libglib2.0-0 2.74.5-1
ii libglibmm-2.68-1 2.74.0-2
ii libhunspell-1.7-0 1.7.0-3
ii libjpeg62-turbo 1:2.1.2-1+b1
ii libkf5coreaddons5 5.101.0-1
ii liblz4-1 1.9.3-2
ii libminizip1 1.1-8+b1
ii libopenal11:1.19.1-2
ii libopus0 1.3.1-0.1
ii libqrcodegencpp1 1.6.0-1
ii libqt5core5a [qtbase-abi-5-15-8] 5.15.8+dfsg-2
ii libqt5gui55.15.8+dfsg-2
ii libqt5network55.15.8+dfsg-2
ii libqt5qml55.15.8+dfsg-2
ii libqt5quickwidgets5 5.15.8+dfsg-2
ii libqt5svg55.15.8-2
ii libqt5waylandcompositor5 5.15.8-2
ii libqt5widgets55.15.8+dfsg-2
ii librlottie0-1 0.1+dfsg-2
ii libsigc++-3.0-0 3.4.0-1
ii libssl3 3.0.7-2
ii libstdc++612.2.0-14
ii libswresample47:5.1.2-1
ii libswscale6 7:5.1.2-1
ii libvpx7 1.12.0-1
ii libwayland-client01.21.0-1
ii libx11-6 2:1.8.3-3
ii libxcb-keysyms1 0.4.0-1+b2
ii libxcb-record01.14-3
ii libxcb-screensaver0 1.14-3
ii libxcb1 1.14-3
ii libxcomposite11:0.4.5-1
ii libxdamage1 1:1.1.5-2
ii libxext6 2:1.3.3-1.1
ii libxfixes31:5.0.3-2
ii libxrandr22:1.5.1-1
ii libxtst6 2:1.2.3-1.1
ii libxxhash00.8.0-2
ii qt5-image-formats-plugins 5.15.2-2
ii zlib1g1:1.2.11.dfsg-2+deb11u2
Versions of packages telegram-desktop recommends:
ii fonts-open-sans 1.11-1.1
ii libwebkit2gtk-4.0-37 2.38.3-1~deb11u1
telegram-desktop suggests no packages.
Versions of packages telegram-desktop is related to:
pn xdg-desktop-portal
pn xdg-desktop-portal-backend
-- no debconf information
[2023.02.01 11:50:25] Launched version: 4005003, install beta: [FALSE], alpha:
0, debug mode: [FALSE]
[2023.02.01 11:50:25] Executable dir: /usr/bin/, name: telegram-desktop
[2023.02.01 11:50:25] Initial working dir: /home/aw/
[2023.02.01 11:50:25] Working dir: /home/aw/.local/share/TelegramDesktop/
[2023.02.01 11:50:25] Command line: telegram-desktop
[2023.02.01 11:50:25] Executable path before check: /usr/bin/telegram-desktop
[2023.02.01 11:50:25] Logs started
[2023.02.01 11:50:25] Launcher filename: org.telegram.desktop.desktop
[2023.02.01 11:50:25] We use allocator from /lib/x86_64-linux-gnu/libc.so.6
[2023.02.01 11:50:25] Connecting local socket to
/tmp/87a6964082b9339a3cac3aa763854bc5-{87A94AB0-E370-4cde-98D3-ACC110C5967D}...
[2023.02.01 11:50:25] This is the only instance of Telegram, starting server
and app...
[2023.02.01 11:50:25] Moved logging from
'/home/aw/.local/share/TelegramDesktop/log_start0.txt' to
'/home/aw/.local/share/TelegramDesktop/log.txt'!
[2023.02.01 11:50:25] Primary screen DPI: 96.2922
[2023.02.01 11:50:25] System tray available: [FALSE]
[2023.02.01 11:50:25] Icon theme: hicolor
[2023.02.01 11:50:25] Fallback icon theme: hicolor
[2023.02.01 11:50:25] App Info: reading settings...
[2023.02.01 11:50:25] App Info: reading encrypted settings...
[2023.02.01 11:50:26] Lang Info: Loaded cached, keys: 4561
[2023.02.01 11:50:26] Audio Info: Failed to load pipewire 0.3 stubs.
[2023.02.01 11:50:26] OpenAL Logging Level: (not set)
[2023.02.01 11:50:26] Audio Playback Devices: ALSA Default;HDA Intel PCH,
ALC892 Analog (CARD=PCH,DEV=0);HDA Intel PCH, ALC892 Digital
(CARD=PCH,DEV=1);HDA Intel PCH, HDMI 0 (CARD=PCH,DEV=3);HDA Intel PCH, HDMI 1
(CARD=PCH,DEV=7);HDA Intel PCH, HDMI 2 (CARD=PCH,DEV=8)
Bug#1016963: u-boot on A20-MICRO
I was successfully able to install the SD image for stable and unstable (daily with u-boot from 2023-01-18. Then I upgraded stable to testing und updated u-boot to 2023.01+dfsg1. Arne
Bug#1020404: luakit: aborts at start
Moin,
begin quotation from Markus Demleitner (in
<20220921185014.db6o56sxwieo3vnm@victor>):
> On Wed, Sep 21, 2022 at 11:36:08AM +0200, Arne Wichmann wrote:
> > Bail out! ERROR:common/util.c:67:strip_ansi_escapes: assertion failed (err
> > == NULL): Error while compiling regular expression
> > ?[\u001b\u009b][[()#;?]*(?:[0-9]{1,4}(?:;[0-9]{0,4})*)?[0-9A-ORZcf-nqry=><]?
> > at char 3: unrecognised character following \ (g-regex-error-quark, 103)
>
> Argl. That's quite certainly the upstream bug
> https://github.com/luakit/luakit/issues/1005
Thanks for making me notice that. ;)
I will not comment there because I would have to create an account at
Microsoft for this.
[...]
> luakit http://www.tfiu.de/log-escape.html |& cat
[...]
> Can you build from https://salsa.debian.org/debian/luakit.git and see
> whether the thing (a) builds and (b) whether luakit's log messages
> are b/w when filtered through cat as above?
... lots of warnings later...
(a) it builds
(b) the log messages are b/w
And it does not crash anymore, so I can use it until something newer is
uploaded.
Thanks again for the help.
cu
AW
--
[...] If you don't want to be restricted, don't agree to it. If you are
coerced, comply as much as you must to protect yourself, just don't support
it. Noone can free you but yourself. (crag, on Debian Planet)
Arne Wichmann (a...@saar.de)
signature.asc
Description: PGP signature
Bug#1020404: luakit: aborts at start
Package: luakit
Version: 1:2.2.1-1
Severity: grave
Justification: renders package unusable
Luakit aborts saying:
Bail out! ERROR:common/util.c:67:strip_ansi_escapes: assertion failed (err ==
NULL): Error while compiling regular expression
?[\u001b\u009b][[()#;?]*(?:[0-9]{1,4}(?:;[0-9]{0,4})*)?[0-9A-ORZcf-nqry=><]? at
char 3: unrecognised character following \ (g-regex-error-quark, 103)
-- System Information:
Debian Release: 11.1
APT prefers testing
APT policy: (90, 'testing'), (90, 'stable'), (50, 'unstable'), (40,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.18.16 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_GB.iso885915, LC_CTYPE=en_GB.iso885915 (charmap=ISO-8859-15),
LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages luakit depends on:
ii libc6 2.34-7
ii libcairo2 1.16.0-5
ii libgdk-pixbuf2.0-0 2.40.2-2
ii libglib2.0-02.73.3-3
ii libgtk-3-0 3.24.24-4+deb11u2
ii libjavascriptcoregtk-4.0-18 2.36.7-1~deb11u1
ii libluajit-5.1-2 2.1.0~beta3+dfsg-5.3
ii libpango-1.0-0 1.50.9+ds-1
ii libsoup2.4-12.74.2-3
ii libsqlite3-03.34.1-3
ii libwebkit2gtk-4.0-372.36.7-1~deb11u1
ii lua-filesystem [lua5.1-filesystem] 1.8.0-1
luakit recommends no packages.
luakit suggests no packages.
-- no debconf information
Bug#1014793: linux-image-5.10.0-16-amd64: Kernel crashes while serving NFS
Den 2022-07-15 kl. 21:58, skrev Salvatore Bonaccorso:
I would be interested to either pinpoint the regressing commit
upstream beween 5.10.120 and 5.10.127 or conversely the fixing commit
beween 5.10.127 upstream and 5.10.130 where you are not able anymore
to reproduce the error. What I can say, I have already imported
5.10.130 for furture upload (cf.
https://salsa.debian.org/kernel-team/linux/-/merge_requests/506).
Bisection for the regression proved too hard.
Bisection for the fix went better, I can get a crash with 5.10.128-00010
but not yet with 5.10.128-00011. This indicates that the fixing commit
was probably:
commit 6a0b9512a6aa7b7835d8138f5ffdcb4789c093d4
Author: Chuck Lever
Date: Thu Jun 30 16:48:18 2022 -0400
SUNRPC: Fix READ_PLUS crasher
which indeed seems to touch code involved in NFS service.
Consequently, the breaking commit was probably:
6c254bf3b637 ("SUNRPC: Fix the calculation of xdr->end in
xdr_get_next_encode_buffer()")
Bisection would be a new experience for me, even compiling the kernel seem
like ages ago ... (using Debian since 0.93R6).
Would the following help?
https://wiki.debian.org/DebianKernel/GitBisect
Do you need any more specifc help to get it rolling?
That was indeed helpful.
Regards,
Salvatore
Thanks
Arne
Bug#1014793: linux-image-5.10.0-16-amd64: Kernel crashes while serving NFS
Sorry for the late reply. Den 2022-07-13 kl. 12:07, skrev Salvatore Bonaccorso: Control: tags -1 + moreinfo Hello Arne, ... As you seem to reliably reproduce the issue, do you have the possiblity (on the nonproduction instance) to try to bisect down the problem? Additionally to the bisect, on a testinstance were the issue is reproducible, can you run a selfcompiled 5.10.130 upstream to see if the problem is still present? I have now set up a test environment, and been able to reproduce NFS crashes with the Debian linux-image-5.10.0-16-amd64 and self-compiled upstream v5.10.127 kernels. I have not been able to get a self-compiled upstream v5.10.130 to crash. As for bisection, I am not entirely clear what is expected from me. Do you mean bisect the upstream kernels? Between which points? v5.10.120 to v5.10.127? Bisection would be a new experience for me, even compiling the kernel seem like ages ago ... (using Debian since 0.93R6). Regards, Salvatore Thanks again, Arne
Bug#1014376: OpenVPN 2.6 in Debian
Upstream here: - Dropping of --cipher is not a sudden change in 2.6. OpenVPN 2.5 was already warning about this. Furthermore unless you have a OpenVPN 2.3 peer (quite old 2.4.0 come out 2016) or deliberately configured 2.4+ in a wacky way, server and client will negotiate AES-256-GCM. So proper VPN configurations should not be affected. More details about the cipher negotiation can be read here: https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/cipher-negotiation.rst - OpenVPN master is a development branch, so even our branch should be stable at all time, it is not as well tested. The version that is in Debian *additionally* uses an experimental patch set on top of that. From my understand as well, this version was never intended to make into any stable distribution but was more for testing/getting it stable. For the deprecations and changes. OpenVPN 2.5 already drops --ciphers if not set to avoid using/allowing BF-CBC. OpenSSL 3.0 just accelerated the process and I backported a number of patches from master to the 2.5 to address the most pressing issues with OpenSSL 3.0. Just reverting 65f6da8ee in master is a really bad idea as other parts of OpenVPN (especially with the DCO patches on top) already make assumptions that --cipher no longer specifies a valid cipher. Furthermore, the configs are broken that rely on this. You should rather advise users to use compat-mode instead (https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/generic-options.rst) Arne
Bug#1014793: linux-image-5.10.0-16-amd64: Kernel crashes while serving NFS
py async_pq async_xor async_tx xor raid6_pq libcrc32c crc32c_generic raid0 multipath linear dm_mod raid1 md_mod sd_mod hid_generic t10_pi ata_generic crc_t10dif crct10dif_generic st crct10dif_common usbhid pata_marvell hid ahci libahci mpt3sas firewire_ohci firewire_core aic7xxx crc_itu_t libata skge ehci_pci uhci_hcd scsi_transport_spi lpc_ich i2c_i801 sky2 ehci_hcd psmouse i2c_smbus raid_class scsi_transport_sas usbcore scsi_mod usb_common floppy jul 10 08:35:13 ano4 kernel: ---[ end trace 159cb95f57d30ea5 ]--- jul 10 08:35:13 ano4 kernel: RIP: 0010:fsnotify+0x2d9/0x570 jul 10 08:35:13 ano4 kernel: Code: 78 08 44 0b 30 44 0b 68 40 48 83 c1 01 48 83 f9 04 75 d9 66 66 66 66 90 44 8b 4c 24 1c 44 89 e8 f7 d0 45 21 f1 41 85 c1 74 4f <49> 8b 3f 48 8b 07 48 85 c0 0f 84 0a 01 00 00 48 8d 7c 24 38 44 89 jul 10 08:35:13 ano4 kernel: RSP: 0018:abe901fa3bc8 EFLAGS: 00010202 jul 10 08:35:13 ano4 kernel: RAX: bab6aebe RBX: 0001 RCX: 0004 jul 10 08:35:13 ano4 kernel: RDX: 00035a00 RSI: 0001 RDI: 2f48514544455145 jul 10 08:35:13 ano4 kernel: RBP: abe901fa3c20 R08: 0001 R09: 0002 jul 10 08:35:13 ano4 kernel: R10: 0002 R11: 0002 R12: 0002 jul 10 08:35:13 ano4 kernel: R13: 45495141 R14: 424d6757 R15: 2f48514544455145 jul 10 08:35:13 ano4 kernel: FS: () GS:939527d0() knlGS: jul 10 08:35:13 ano4 kernel: CS: 0010 DS: ES: CR0: 80050033 jul 10 08:35:13 ano4 kernel: CR2: 560b8cee4000 CR3: 0001034da000 CR4: 000406e0 jul 10 08:35:21 ano4 kernel: general protection fault, probably for non-canonical address 0xb1c8a36300fbcf32: [#3] SMP PTI jul 10 08:35:21 ano4 kernel: CPU: 1 PID: 1239 Comm: nfsd Tainted: G D 5.10.0-16-amd64 #1 Debian 5.10.127-1 jul 10 08:35:21 ano4 kernel: Hardware name: System manufacturer System Product Name/P5Q DELUXE, BIOS 220105/21/2009 jul 10 08:35:21 ano4 kernel: RIP: 0010:kmem_cache_alloc+0x89/0x1f0 jul 10 08:35:21 ano4 kernel: Code: 1e 18 72 49 8b 00 49 83 78 10 00 48 89 04 24 0f 84 42 01 00 00 48 85 c0 0f 84 39 01 00 00 41 8b 4c 24 28 49 8b 3c 24 48 01 c1 <48> 8b 19 48 89 ce 49 33 9c 24 b8 00 00 00 48 8d 4a 01 48 0f ce 48 jul 10 08:35:21 ano4 kernel: RSP: 0018:abe900f3fd50 EFLAGS: 00010282 jul 10 08:35:21 ano4 kernel: RAX: b1c8a36300fbcee2 RBX: 939403b58070 RCX: b1c8a36300fbcf32 After reverting to boot the servers on kernel linux-image-5.10.0-15-amd64 5.10.120-1 (but still using linux-image-5.10.0-16-amd64 on the clients) the servers are stable again. From client mount output: type nfs4 (rw,nosuid,nodev,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp6,timeo=600,retrans=2,sec=krb5p,local_lock=none Thanks Arne -- Package-specific info: ** Kernel log: boot messages should be attached ** Model information sys_vendor: System manufacturer product_name: System Product Name product_version: System Version chassis_vendor: Chassis Manufacture chassis_version: Chassis Version bios_vendor: American Megatrends Inc. bios_version: 1701 board_vendor: ASUSTeK Computer INC. board_name: P8P67-M board_version: Rev x.0x ** PCI devices: 00:00.0 Host bridge [0600]: Intel Corporation 2nd Generation Core Processor Family DRAM Controller [8086:0100] (rev 09) Subsystem: ASUSTeK Computer Inc. P8P67/P8H67 Series Motherboard [1043:844d] Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- Latency: 0 Capabilities: Kernel driver in use: snb_uncore 00:01.0 PCI bridge [0604]: Intel Corporation Xeon E3-1200/2nd Generation Core Processor Family PCI Express Root Port [8086:0101] (rev 09) (prog-if 00 [Normal decode]) Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+ Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- Latency: 0, Cache Line Size: 64 bytes Interrupt: pin A routed to IRQ 24 Bus: primary=00, secondary=01, subordinate=01, sec-latency=0 I/O behind bridge: e000-efff [size=4K] Memory behind bridge: fe60-fe6f [size=1M] Prefetchable memory behind bridge: e000-f01f [size=258M] Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- BridgeCtl: Parity- SERR+ NoISA- VGA+ VGA16+ MAbort- >Reset- FastB2B- PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn- Capabilities: Kernel driver in use: pcieport 00:16.0 Communication controller [0780]: Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1 [8086:1c3a] (rev 04) Subsystem: ASUSTeK Computer Inc. P8 series motherboard [1043:844d] Control: I/O- Mem+ BusMaster+ SpecCycle- MemWIN
Bug#994182: headset functionality broken after recent update
Switched to pipewire as per Wiki, problem persists. In headset mode, both output and input are muted and there's no way to change that -- output and input appear as working devices though, but only silence is recorded and played. After some research it seems to do with a change to the bluetooth handling in the kernel and affects a lot of people.
Bug#994182: pulseaudio: headset functionality broken after recent update
omatically when needed" module.version = "15.0" Module #23 Name: module-bluez5-device Argument: path=/org/bluez/hci0/dev_9C_9C_1D_06_A0_8C autodetect_mtu=0 output_rate_refresh_interval_ms=500 avrcp_absolute_volume=1 Usage counter: 3 Properties: module.author = "João Paulo Rechi Vita" module.description = "BlueZ 5 Bluetooth audio sink and source" module.version = "15.0" Sink #3 State: RUNNING Name: bluez_sink.9C_9C_1D_06_A0_8C.handsfree_head_unit Description: 00 Remote Mic+ Driver: module-bluez5-device.c Sample Specification: s16le 1ch 8000Hz Channel Map: mono Owner Module: 23 Mute: no Volume: mono: 59413 / 91% balance 0.00 Base Volume: 65536 / 100% Monitor Source: bluez_sink.9C_9C_1D_06_A0_8C.handsfree_head_unit.monitor Latency: 133752 usec, configured 28750 usec Flags: HARDWARE HW_VOLUME_CTRL LATENCY Properties: bluetooth.protocol = "handsfree_head_unit" bluetooth.codec = "CVSD" device.intended_roles = "phone" device.description = "00 Remote Mic+" device.string = "9C:9C:1D:06:A0:8C" device.api = "bluez" device.class = "sound" device.bus = "bluetooth" device.form_factor = "headset" bluez.path = "/org/bluez/hci0/dev_9C_9C_1D_06_A0_8C" bluez.class = "0x240404" bluez.alias = "00 Remote Mic+" device.icon_name = "audio-headset-bluetooth" Ports: headset-output: Headset (type: Headset, priority: 0, available) Active Port: headset-output Formats: pcm Source #3 State: RUNNING Name: bluez_sink.9C_9C_1D_06_A0_8C.handsfree_head_unit.monitor Description: Monitor of 00 Remote Mic+ Driver: module-bluez5-device.c Sample Specification: s16le 1ch 8000Hz Channel Map: mono Owner Module: 23 Mute: no Volume: mono: 83369 / 127% / 6.27 dB balance 0.00 Base Volume: 65536 / 100% / 0.00 dB Monitor of Sink: bluez_sink.9C_9C_1D_06_A0_8C.handsfree_head_unit Latency: 0 usec, configured 28750 usec Flags: DECIBEL_VOLUME LATENCY Properties: device.description = "Monitor of 00 Remote Mic+" device.class = "monitor" device.string = "9C:9C:1D:06:A0:8C" device.api = "bluez" device.bus = "bluetooth" device.form_factor = "headset" bluez.path = "/org/bluez/hci0/dev_9C_9C_1D_06_A0_8C" bluez.class = "0x240404" bluez.alias = "00 Remote Mic+" device.icon_name = "audio-headset-bluetooth" device.intended_roles = "phone" Formats: pcm Source #4 State: RUNNING Name: bluez_source.9C_9C_1D_06_A0_8C.handsfree_head_unit Description: 00 Remote Mic+ Driver: module-bluez5-device.c Sample Specification: s16le 1ch 8000Hz Channel Map: mono Owner Module: 23 Mute: no Volume: mono: 58327 / 89% / -3.04 dB balance 0.00 Base Volume: 65536 / 100% / 0.00 dB Monitor of Sink: n/a Latency: 29914 usec, configured 28750 usec Flags: HARDWARE DECIBEL_VOLUME LATENCY Properties: bluetooth.protocol = "handsfree_head_unit" bluetooth.codec = "CVSD" device.intended_roles = "phone" device.description = "00 Remote Mic+" device.string = "9C:9C:1D:06:A0:8C" device.api = "bluez" device.class = "sound" device.bus = "bluetooth" device.form_factor = "headset" bluez.path = "/org/bluez/hci0/dev_9C_9C_1D_06_A0_8C" bluez.class = "0x240404" bluez.alias = "00 Remote Mic+" device.icon_name = "audio-headset-bluetooth" Ports: headset-input: Headset (type: Headset, priority: 0, available) Active Port: headset-input Formats: pcm Sink Input #0 Driver: protocol-native.c Owner Module: 11 Client: 1 Sink: 3 Sample Specification: float32le 2ch 44100Hz Cha
Bug#990814: krita: desktop file defines invalid MIME type jpeg/jfif
Package: krita
Version: 1:4.4.2+dfsg-1
Severity: minor
Dear Maintainer,
while installing a package yesterday I got the error message:
Error in file "/usr/share/applications/krita_jpeg.desktop": "jpeg/jfif" is an
invalid MIME type ("jpeg" is an unregistered media type)
the offending line would be
MimeType=image/jpeg;jpeg/jfif
w/o further research, I presume it should be
MimeType=image/jpeg;image/jfif
if at all.
-- System Information:
Debian Release: 11.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_USER, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages krita depends on:
ii krita-data1:4.4.2+dfsg-1
ii libc6 2.31-13
ii libexiv2-27 0.27.3-3
ii libfftw3-double3 3.3.8-2
ii libgcc-s1 10.2.1-6
ii libgif7 5.1.9-2
ii libgsl25 2.6+dfsg-2
ii libheif1 1.11.0-1
ii libilmbase25 2.5.4-1
ii libjpeg62-turbo 1:2.0.6-4
ii libkf5completion5 5.78.0-3
ii libkf5configcore5 5.78.0-4
ii libkf5configgui5 5.78.0-4
ii libkf5coreaddons5 5.78.0-4
ii libkf5crash5 5.78.0-3
ii libkf5guiaddons5 5.78.0-3
ii libkf5i18n5 5.78.0-2
ii libkf5itemviews5 5.78.0-2
ii libkf5widgetsaddons5 5.78.0-2
ii libkf5windowsystem5 5.78.0-2
ii liblcms2-22.12~rc1-2
ii libopencolorio1v5 1.1.1~dfsg0-7
ii libopenexr25 2.5.4-2
ii libopenjp2-7 2.4.0-3
ii libpng16-16 1.6.37-3
ii libpoppler-qt5-1 20.09.0-3.1
ii libpython3.9 3.9.2-1
ii libqt5concurrent5 5.15.2+dfsg-9
ii libqt5core5a 5.15.2+dfsg-9
ii libqt5dbus5 5.15.2+dfsg-9
ii libqt5gui55.15.2+dfsg-9
ii libqt5multimedia5 5.15.2-3
ii libqt5network55.15.2+dfsg-9
ii libqt5printsupport5 5.15.2+dfsg-9
ii libqt5qml55.15.2+dfsg-6
ii libqt5quick5 5.15.2+dfsg-6
ii libqt5quickwidgets5 5.15.2+dfsg-6
ii libqt5svg55.15.2-3
ii libqt5widgets55.15.2+dfsg-9
ii libqt5x11extras5 5.15.2-2
ii libqt5xml55.15.2+dfsg-9
ii libquazip5-1 0.9.1-1
ii libraw20 0.20.2-1
ii libstdc++610.2.1-6
ii libtiff5 4.2.0-1
ii libx11-6 2:1.7.1-1
ii zlib1g1:1.2.11.dfsg-2
Versions of packages krita recommends:
pn krita-gmic
ii python3-pyqt55.15.2+dfsg-3
ii python3-sip 4.19.25+dfsg-1
ii qml-module-qtmultimedia 5.15.2-3
Versions of packages krita suggests:
pn colord
ii ffmpeg 10:4.4-dmo3
pn krita-l10n
-- no debconf information
Bug#990417: small C code snipplet to reproduce the error
In order to reproduce the error I took the code from here (also
attached):
https://gist.github.com/chergert/eb6149916b10d3bf094c
and commented out the #include .
and compiled it with
gcc vdso-getcpu.c -ldl
running the resulting a.out will crash on a s390x qemu guest, but on
ppc64el guest not.
I hope this narrows the scope a bit.
#include
#include
//#include
#include
int (*test_getcpu) (unsigned *cpu,
unsigned *node,
void *cache);
void *
get_vdso_sym (const char *name)
{
static const char *vdso_names[] = {
"linux-vdso.so.1",
"linux-vdso32.so.1",
"linux-vdso64.so.1",
NULL
};
int i;
for (i = 0; vdso_names [i]; i++)
{
void *lib;
void *symbol;
lib = dlopen (vdso_names [i], RTLD_NOW | RTLD_GLOBAL);
if (lib == NULL)
continue;
symbol = dlsym (lib, name);
if (symbol == NULL)
goto cleanup;
if (*(void **)symbol == NULL)
goto cleanup;
return symbol;
cleanup:
dlclose (lib);
}
}
int
main (int argc,
char *argv[])
{
int ret;
int cpu = -1;
test_getcpu = get_vdso_sym ("__kernel_getcpu");
if (test_getcpu == NULL)
test_getcpu = get_vdso_sym ("__vdso_getcpu");
ret = test_getcpu (, NULL, NULL);
printf ("ret = %d cpu = %d\n", ret, cpu);
return 0;
}
Bug#990417: openjdk-11-jre-headless: running java in qemu s390 gives a SIGILL at C [linux-vdso64.so.1+0x6f8] __kernel_getcpu+0x8
I installed on an debian stable/unstable x86_64 the vm with: sudo virt-install --name debian-s390x --disk size=20 --memory=2000 -- arch=s390x --location http://ftp.debian.org/debian/dists/stretch/main/installer-s390x/ then I upgraded to stable (using stable for installation causes the new vm to freeze during install - another bug?) and installed the openjdk- 11-jre-headless. just execution the command /usr/lib/jvm/java-11-openjdk-s390x/bin/java crashes. This is how to reproduce the bug. This happens with debian stable/unstable on x86_64 as host and/or debian stable/unstable and ubuntu bionic/groovy as guest. Am Dienstag, dem 29.06.2021 um 10:01 +0200 schrieb Matthias Klose: > Control: reassign -1 src:qemu > > works for me on a native machine. You should also provide a test > case. > > > On 6/28/21 7:28 PM, Arne Plöse wrote: > > Package: openjdk-11-jre-headless > > Version: 11.0.11+9-1~deb10u1 > > Severity: grave > > Justification: renders package unusable > > > > Dear Maintainer, > > > > I tried tu run java in an qemu emulated s390 debian VM. > > The bug accects also unstabel and te openjdk versions 15, 16 and > > 17, but not version 1.8 > > > > The outcome is a hs_err_pid632.log. > > # > > # A fatal error has been detected by the Java Runtime Environment: > > # > > # SIGILL (0x4) at pc=0x03ff88c7e6f4, pid=587, tid=588 > > # > > # JRE version: (11.0.11+9) (build ) > > # Java VM: OpenJDK 64-Bit Server VM (11.0.11+9-post-Debian- > > 1deb10u1, mixed mode, sharing, tiered, compressed oops, g1 gc, > > linux-s390x) > > # Problematic frame: > > # C [linux-vdso64.so.1+0x6f8] __kernel_getcpu+0x8 > > # > > # No core dump will be written. Core dumps have been disabled. To > > enable core dumping, try "ulimit -c unlimited" before starting Java > > again > > # > > # > > > > --- S U M M A R Y > > > > Command Line: > > > > Host: 2964, 2 cores, 1G, Debian GNU/Linux 10 (buster) > > Time: Mon Jun 28 19:13:29 2021 CEST elapsed time: 0.099756 seconds > > (0d 0h 0m 0s) > > > > --- T H R E A D --- > > > > Current thread is native thread > > > > Stack: [0x03ff8748,0x03ff8758], > > sp=0x03ff8757e940, free space=1018k > > Native frames: (J=compiled Java code, A=aot compiled Java code, > > j=interpreted, Vv=VM code, C=native code) > > C [linux-vdso64.so.1+0x6f8] __kernel_getcpu+0x8 > > > > > > siginfo: si_signo: 4 (SIGILL), si_code: 5 (ILL_PRVOPC), si_addr: > > 0x03ff88c7e6f4 > > > > > > > > -- System Information: > > Debian Release: 10.10 > > APT prefers stable-updates > > APT policy: (500, 'stable-updates'), (500, 'stable') > > Architecture: s390x > > > > Kernel: Linux 4.19.0-17-s390x (SMP w/2 CPU cores) > > Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C > > (charmap=UTF-8) > > Shell: /bin/sh linked to /bin/dash > > Init: systemd (via /run/systemd/system) > > LSM: AppArmor: enabled > > > > Versions of packages openjdk-11-jre-headless depends on: > > ii ca-certificates-java 20190405 > > ii java-common 0.71 > > ii libasound2 1.1.8-1 > > ii libc6 2.28-10 > > ii libcups2 2.2.10-6+deb10u4 > > ii libfontconfig1 2.13.1-2 > > ii libfreetype6 2.9.1-3+deb10u2 > > ii libgcc1 1:8.3.0-6 > > ii libharfbuzz0b 2.3.1-1 > > ii libjpeg62-turbo 1:1.5.2-2+deb10u1 > > ii liblcms2-2 2.9-3 > > ii libnss3 2:3.42.1-1+deb10u3 > > ii libpcsclite1 1.8.24-1 > > ii libstdc++6 8.3.0-6 > > ii util-linux 2.33.1-0.1 > > ii zlib1g 1:1.2.11.dfsg-1 > > > > openjdk-11-jre-headless recommends no packages. > > > > Versions of packages openjdk-11-jre-headless suggests: > > pn fonts-dejavu-extra > > pn fonts-indic > > pn fonts-ipafont-gothic > > pn fonts-ipafont-mincho > > pn fonts-wqy-microhei | fonts-wqy-zenhei > > pn libnss-mdns > > > > -- no debconf information > > >
Bug#990417: openjdk-11-jre-headless: running java in qemu s390 gives a SIGILL at C [linux-vdso64.so.1+0x6f8] __kernel_getcpu+0x8
Package: openjdk-11-jre-headless Version: 11.0.11+9-1~deb10u1 Severity: grave Justification: renders package unusable Dear Maintainer, I tried tu run java in an qemu emulated s390 debian VM. The bug accects also unstabel and te openjdk versions 15, 16 and 17, but not version 1.8 The outcome is a hs_err_pid632.log. # # A fatal error has been detected by the Java Runtime Environment: # # SIGILL (0x4) at pc=0x03ff88c7e6f4, pid=587, tid=588 # # JRE version: (11.0.11+9) (build ) # Java VM: OpenJDK 64-Bit Server VM (11.0.11+9-post-Debian-1deb10u1, mixed mode, sharing, tiered, compressed oops, g1 gc, linux-s390x) # Problematic frame: # C [linux-vdso64.so.1+0x6f8] __kernel_getcpu+0x8 # # No core dump will be written. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again # # --- S U M M A R Y Command Line: Host: 2964, 2 cores, 1G, Debian GNU/Linux 10 (buster) Time: Mon Jun 28 19:13:29 2021 CEST elapsed time: 0.099756 seconds (0d 0h 0m 0s) --- T H R E A D --- Current thread is native thread Stack: [0x03ff8748,0x03ff8758], sp=0x03ff8757e940, free space=1018k Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code) C [linux-vdso64.so.1+0x6f8] __kernel_getcpu+0x8 siginfo: si_signo: 4 (SIGILL), si_code: 5 (ILL_PRVOPC), si_addr: 0x03ff88c7e6f4 -- System Information: Debian Release: 10.10 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: s390x Kernel: Linux 4.19.0-17-s390x (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openjdk-11-jre-headless depends on: ii ca-certificates-java 20190405 ii java-common 0.71 ii libasound21.1.8-1 ii libc6 2.28-10 ii libcups2 2.2.10-6+deb10u4 ii libfontconfig12.13.1-2 ii libfreetype6 2.9.1-3+deb10u2 ii libgcc1 1:8.3.0-6 ii libharfbuzz0b 2.3.1-1 ii libjpeg62-turbo 1:1.5.2-2+deb10u1 ii liblcms2-22.9-3 ii libnss3 2:3.42.1-1+deb10u3 ii libpcsclite1 1.8.24-1 ii libstdc++68.3.0-6 ii util-linux2.33.1-0.1 ii zlib1g1:1.2.11.dfsg-1 openjdk-11-jre-headless recommends no packages. Versions of packages openjdk-11-jre-headless suggests: pn fonts-dejavu-extra pn fonts-indic pn fonts-ipafont-gothic pn fonts-ipafont-mincho pn fonts-wqy-microhei | fonts-wqy-zenhei pn libnss-mdns -- no debconf information
Bug#988205: bluez "forgets" device after hibernate/resume
Package: bluez Version: 5.55-3 Severity: normal Dear Maintainer, frequently after hibernating and resuming my computer, BlueZ has forgotten the headset i use daily. Other devices, some I haven't used in months, still are listed upon # bluetoothctl devices After # service bluetooth restart the headset is listed again and can be connected. -- System Information: Debian Release: 11.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-6-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_USER, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages bluez depends on: ii dbus 1.12.20-2 ii init-system-helpers 1.60 ii kmod 28-1 ii libasound2 1.2.4-1.1 ii libc62.31-12 ii libdbus-1-3 1.12.20-2 ii libdw1 0.183-3 ii libglib2.0-0 2.66.8-1 ii libreadline8 8.1-1 ii libudev1 247.3-5 ii lsb-base 11.1.0 ii udev 247.3-5 bluez recommends no packages. Versions of packages bluez suggests: ii pulseaudio-module-bluetooth 14.2-2 -- no debconf information
Bug#987784: luakit: Luakit should provide more information why it does not like a certificate
Package: luakit Version: 1:2.2.1-1 Severity: wishlist Tags: upstream When I view a HTTPS-page with no usable certificate, I get a message like the following: Your connection may be insecure! A problem occurred while loading the URL https://[...] Unacceptable TLS certificate: The certificate does not match the expected identity of the site that it was retrieved from. The certificate has expired. In the typical case when that happens, I want to find out what is wrong in more detail. Including a link to a summary of the certificate data would be very helpful. cu AW -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (90, 'testing'), (60, 'stable'), (50, 'unstable'), (40, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.28 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=en_GB.iso885915, LC_CTYPE=en_GB.iso885915 (charmap=ISO-8859-15), LANGUAGE=en_GB.iso885915 (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages luakit depends on: ii libc6 2.31-11 ii libcairo2 1.16.0-5 ii libgdk-pixbuf2.0-0 2.40.2-2 ii libglib2.0-02.66.8-1 ii libgtk-3-0 3.24.24-3 ii libjavascriptcoregtk-4.0-18 2.32.0-2 ii libluajit-5.1-2 2.1.0~beta3+dfsg-5.1 ii libpango-1.0-0 1.46.2-3 ii libsoup2.4-12.72.0-3 ii libsqlite3-03.34.1-3 ii libwebkit2gtk-4.0-372.32.0-2 ii lua-filesystem [lua5.1-filesystem] 1.6.3-1 luakit recommends no packages. luakit suggests no packages. -- no debconf information
Bug#981372: keepassxc: New upstream release 2.6.3
Package: keepassxc Version: 2.6.2+dfsg.1-1 Followup-For: Bug #981372 What about _SID_? 2.6.4 now. -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-4-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_USER, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages keepassxc depends on: ii libargon2-10~20171227-0.2 ii libc6 2.31-9 ii libgcrypt201.8.7-3 ii libqrencode4 4.1.1-1 ii libqt5concurrent5 5.15.2+dfsg-5 ii libqt5core5a 5.15.2+dfsg-5 ii libqt5dbus55.15.2+dfsg-5 ii libqt5gui5 5.15.2+dfsg-5 ii libqt5network5 5.15.2+dfsg-5 ii libqt5svg5 5.15.2-2 ii libqt5widgets5 5.15.2+dfsg-5 ii libqt5x11extras5 5.15.2-2 ii libsodium231.0.18-1 ii libstdc++6 10.2.1-6 ii libx11-6 2:1.7.0-2 ii libxi6 2:1.7.10-1 ii libxtst6 2:1.2.3-1 ii libykpers-1-1 1.20.0-3 ii libzxcvbn0 2.4+dfsg-2 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages keepassxc recommends: ii fonts-font-awesome 5.0.10+really4.7.0~dfsg-4 Versions of packages keepassxc suggests: ii webext-keepassxc-browser 1.7.4+repack1-2 ii xclip 0.13-2 -- no debconf information
Bug#984566: linux-image-5.10.0-4-amd64: kernel upgrade breaks next hibernation
Package: src:linux
Version: 5.10.19-1
Severity: important
Dear Maintainer,
after updating the kernel and the going into hibernation, the next time the
computer starts with a clean boot, that is, does NOT resume the hibernated
session, thus causing data loss without a warning.
This seems to be a recent development, I experienced it today the second time
and again it was connected to the update of linux-image-...
On a different computer with Ubuntu after an upgrade of linux-image-...
a) earlier the computer simply refused to hibernate, indicating an issue and
thus let me save my data
b) nowadays the computer just hibernates and resumes regardless
Going down w/o any indication that the next boot will be a clean one, making me
loose data is a rather serious thing.
-- Package-specific info:
** Version:
Linux version 5.10.0-4-amd64 (debian-ker...@lists.debian.org) (gcc-10 (Debian
10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 SMP
Debian 5.10.19-1 (2021-03-02)
** Command line:
BOOT_IMAGE=/boot/vmlinuz-5.10.0-4-amd64
root=UUID=d6749aee-a551-4983-ae00-67f83eccb899 ro libata.force=noncq
i915.enable_fbc=0
** Tainted: UOE (12352)
* taint requested by userspace application
* externally-built ("out-of-tree") module was loaded
* unsigned module was loaded
** Kernel log:
Unable to read kernel log; any relevant messages should be attached
** Model information
sys_vendor: LENOVO
product_name: 20BE0087GE
product_version: ThinkPad T540p
chassis_vendor: LENOVO
chassis_version: Not Available
bios_vendor: LENOVO
bios_version: GMET70WW (2.18 )
board_vendor: LENOVO
board_name: 20BE0087GE
board_version: SDK0E50510 Pro
** Loaded modules:
rfcomm
cmac
algif_hash
algif_skcipher
af_alg
bnep
cpufreq_conservative
cpufreq_userspace
cpufreq_ondemand
cpufreq_powersave
8021q
garp
stp
mrp
llc
uinput
binfmt_misc
snd_hda_codec_hdmi
hid_logitech_hidpp
intel_rapl_msr
intel_rapl_common
btusb
btrtl
btbcm
btintel
bluetooth
x86_pkg_temp_thermal
intel_powerclamp
coretemp
jitterentropy_rng
drbg
kvm_intel
kvm
snd_hda_codec_realtek
snd_hda_codec_generic
irqbypass
snd_hda_intel
snd_intel_dspcfg
bbswitch(OE)
soundwire_intel
aes_generic
hid_logitech_dj
ghash_clmulni_intel
soundwire_generic_allocation
iwlmvm
sdhci_pci
aesni_intel
snd_soc_core
cqhci
crypto_simd
snd_compress
cryptd
soundwire_cadence
hid_generic
joydev
mei_wdt
sdhci
glue_helper
mac80211
nouveau
ansi_cprng
libarc4
snd_hda_codec
rapl
snd_hda_core
usbhid
ecdh_generic
mxm_wmi
ecc
snd_hwdep
i915
hid
iwlwifi
intel_cstate
soundwire_bus
libaes
ttm
snd_pcm_oss
intel_uncore
thinkpad_acpi
snd_mixer_oss
drm_kms_helper
rmi_smbus
iTCO_wdt
snd_pcm
rmi_core
cfg80211
evdev
intel_pmc_bxt
nvram
pcspkr
snd_timer
cec
serio_raw
iTCO_vendor_support
mei_me
watchdog
i2c_algo_bit
ledtrig_audio
at24
mei
sg
wmi_bmof
snd
tpm_tis
soundcore
tpm_tis_core
rfkill
ac
tpm
rng_core
button
loop
firewire_sbp2
firewire_core
crc_itu_t
msr
parport_pc
ppdev
lp
drm
parport
fuse
configfs
ip_tables
x_tables
autofs4
ext4
crc16
mbcache
jbd2
crc32c_generic
sd_mod
sr_mod
cdrom
t10_pi
crc_t10dif
crct10dif_generic
rtsx_pci_sdmmc
mmc_core
ahci
xhci_pci
libahci
xhci_hcd
libata
ehci_pci
ehci_hcd
crct10dif_pclmul
crct10dif_common
e1000e
usbcore
crc32_pclmul
crc32c_intel
scsi_mod
i2c_i801
psmouse
i2c_smbus
rtsx_pci
ptp
lpc_ich
pps_core
usb_common
wmi
video
battery
** PCI devices:
00:00.0 Host bridge [0600]: Intel Corporation Xeon E3-1200 v3/4th Gen Core
Processor DRAM Controller [8086:0c04] (rev 06)
Subsystem: Lenovo Xeon E3-1200 v3/4th Gen Core Processor DRAM
Controller [17aa:2210]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR-
Kernel modules: ie31200_edac
00:01.0 PCI bridge [0604]: Intel Corporation Xeon E3-1200 v3/4th Gen Core
Processor PCI Express x16 Controller [8086:0c01] (rev 06) (prog-if 00 [Normal
decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- TAbort- Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities:
Kernel driver in use: pcieport
00:02.0 VGA compatible controller [0300]: Intel Corporation 4th Gen Core
Processor Integrated Graphics Controller [8086:0416] (rev 06) (prog-if 00 [VGA
controller])
Subsystem: Lenovo 4th Gen Core Processor Integrated Graphics Controller
[17aa:221e]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR-
Kernel driver in use: i915
Kernel modules: i915
00:03.0 Audio device [0403]: Intel Corporation Xeon E3-1200 v3/4th Gen Core
Processor HD Audio Controller [8086:0c0c] (rev 06)
Subsystem: Lenovo Xeon E3-1200 v3/4th Gen Core Processor
Bug#982911: nxproxy: copy and paste broken -- slow and unreliable
Package: nxproxy Version: 2:3.5.99.26-1 Severity: normal Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these template lines *** I use x2go to individually access remotely running applications (Thunderbird, Eclipse, Vivaldi, ...) -- _not_ a whole desktop! Since about two weeks to copy and paste directly from one of the remote applications to the other is more or less broken: - copying puts an entry in the local clipboard applet as expected, but pasting freezes the receiving remote application for several seconds, and eventually only inserts a white space -- at the same time the local clipboard applet suddenly also contains an empty entry - after the second or third attempty mostly it pastes without freezing - as far as I can tell, there's no difference between simply selecting by highlighting or explicitly highlighting and using CTRL+C or "Copy" from the context menu Workaround currently is to copy in the remote source application, paste into a local editor, copy into the remote target application. Since I don't know what part (server or client) is responsible, and experiencing it on the client, I report against the client package. -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-3-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_USER, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages nxproxy depends on: ii libc6 2.31-9 ii libxcomp3 2:3.5.99.26-1 nxproxy recommends no packages. nxproxy suggests no packages. -- no debconf information
Bug#974652: plasma-desktop-data: Plasma systemsettings "Plasma Style": Error loading QML file due to missing knewstuff
Package: plasma-desktop-data Version: 4:5.19.5-3 Severity: normal Dear Maintainer, open Plasma systemsettings open Appearance/Plasma Style window goes gray, shows Error loading QML file. file:///usr/share/kpackage/kcms/kcm_desktoptheme/contents/ui/main.qml:27 module "org.kde.newstuff" is not installed the package qml-module-org-kde-newstuff is missing, but no dependency is declared. once installed the panel loads correctly. -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.9.0-2-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_CPU_OUT_OF_SPEC, TAINT_USER, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages plasma-desktop-data depends on: ii python3 3.8.6-1 Versions of packages plasma-desktop-data recommends: ii plasma-framework 5.74.0-2 ii plasma-workspace 4:5.19.5-4 ii qml-module-org-kde-activities 5.74.0-2 ii qml-module-org-kde-kwindowsystem 5.74.0-2 ii qml-module-qtquick-dialogs5.15.1-2 plasma-desktop-data suggests no packages. -- no debconf information
Bug#958296: openvpn 2.4.9 seems to fail loading/reading client certificates
>> I am attaching my /etc/ssl/openssl.cnf (if for some reason it fails, I will >> paste the contents instead). As far as I know, this is the default >> /etc/ssl/ openssl.cnf file that comes with Debian, except the "MinProtocol" >> parameter, which I had to change for one specific VPN to work (it was using >> TLSv1.0 instead of TLSv1.2). > > It seems that the culprit is the (non-default) setting MinProtocol = TLSv1.0, > which I had to modify to be able to use a specific VPN server. Changing the > value to "MinProtocol = TLSv1.2" does not produce the error anymore. Sidenote. That MinProtocol = TLSv1.0 is wrong. It needs to be MinProtocol = TLSv1 for obvious reasons :P Anyway here is a patch that fixes the problem of not loading certificates: https://patchwork.openvpn.net/patch/1095/ Arne
Bug#958296: openvpn 2.4.9 seems to fail loading/reading client certificates
Hey, OpenVPN developer here. >From this output in the original bug report: > Mon Apr 20 11:02:29 2020 OpenSSL: error:14187180:SSL routines:ssl_do_config:bad value > Mon Apr 20 11:02:29 2020 OpenSSL: error:0909006C:PEM routines:get_name:no start line it looks like there is still an error on the OpenSSL error stack that we have no cleared/etc. And since our certificate loading got a little bit stricter in OpenVPN 2.4.9, we now stumble upon this. The ssl_do_config error sounds like there is something in the (system wide) OpenSSL configuration that upsets OpenSSL and triggers the error. Could you attach your /etc/ssl/openssl.cnf so I can try reproduce that bug? Arne
Bug#939585: installation-reports: Unable to boot from LVM on encrypted volume - missing cryptsetup in initramfs
Package: installation-reports Severity: important Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? Installation using manually partioned disk by installer containing LVM on encrypted volume * What exactly did you do (or not do) that was effective (or Manually partition drive by installer: - primary boot partition - encrypted volume - LVM on encrypted volume containing root and swap partitions Continue installation to the end. An alternative would be trying to encrypt the whole disk. This fails in a more complete way. This used to work fine with buster as testing release already. * What was the outcome of this action? After reboot and some error messages about missing LVM volumes you will be dropped to an initramfs shell. Obviously cryptsetup is missing although installed by d-i with no errors and there are no errors reported by d-i during generaton of initramfs. * What outcome did you expect instead? A working installation where cryptsetup with or without plymouth asking for passphrase and setting up encrypted volumes. Cause: cryptsetup-initramfs is not installed. I was able to fix the situation by chroot and installing it in the end of the installation. -- System Information: Debian Release: bullseye/sid APT prefers: - APT policy: - Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.2.02-generic Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: -
Bug#934236: openafs-fileserver: postinst uses akeyconvert, but the package does not depend on openafs-krb5
Den 2019-08-09 kl. 03:10, skrev Benjamin Kaduk: > On Thu, Aug 08, 2019 at 03:16:31PM +0200, Arne Nordmark wrote: > I will think a bit about whether it is better to leave the akeyconvert > invocation in openafs-fileserver and make it conditional on akeyconvert's > presence, add the openafs-krb5 dependency, or move the call to the > openafs-krb5 maintainer script. As input for that, in my case the file servers running stretch did not have openafs-krb5 installed, only a copied rxkad.keytab, so options 1 and 3 I guess would have left the file servers non-functional (lacking the KeyFileExt). Depending on the error messages, this may have been hard to track down. Thanks again Arne
Bug#934236: openafs-fileserver: postinst uses asetkey, but the package does not depend on openafs-krb5
Package: openafs-fileserver Version: 1.8.2-1 Severity: normal The stanza if [ -r /etc/openafs/server/rxkad.keytab ] ; then akeyconvert fi in the postinst will fail if openafs-krb5 is not installed or is of version 1.6. This happens for example when doing a partial upgrade from stretch to buster using apt-get upgrade. A dependency on openafs-krb5 should be added to the package. Thanks Arne -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8), LANGUAGE=sv_SE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openafs-fileserver depends on: ii debconf [debconf-2.0] 1.5.71 ii libc6 2.28-10 ii libhcrypto4-heimdal7.5.0+dfsg-3 ii libroken18-heimdal 7.5.0+dfsg-3 ii lsb-base 10.2019051400 ii openafs-client 1.8.2-1 Versions of packages openafs-fileserver recommends: pn ntp | time-daemon Versions of packages openafs-fileserver suggests: pn openafs-doc
Bug#830255: bug not solved in buster
After updating from stretch to buster I could no longer log in as root in my containers. I added following to /etc/securetty in my containers # systemd containers pts/0 pts/1 pts/2 pts/3 pts/4 pts/5 pts/6 pts/7 pts/8 pts/9 and everything works again. I can log in as root several times. Arne
Bug#731656: /etc/securetty used in buster systemd-containers
I had to modify /etc/securetty in buster systemd-containers in order to be able to log in as root. systemd-container still uses this file. I added # systemd containers pts/0 pts/1 pts/2 pts/3 pts/4 pts/5 pts/6 pts/7 pts/8 pts/9 to /etc/securetty in my containers
Bug#926644: xpat2: debian/watch should be updated
begin quotation from Axel Beckert (in <20190408114259.gl25...@sym.noone.org>): > uscan on xpat2's source directory bails out as follows: > > > In watch file debian/watch, reading FTP > > directory ftp://sunsite.unc.edu/pub/Linux/games/solitaires/ failed: > > 500 Connection refused > > It seems as if https://www.ibiblio.org/pub/Linux/games/solitaires/ > would a good replacement. Thank you for the pointer. Whenever I do another upload I will consider this. cu AW -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (a...@saar.de) signature.asc Description: PGP signature
Bug#897917: Stretch kernel 4.9.88-1 breaks startup of RPC, KDC services
I have also seen this on a couple of SSD-only systems. I think the problem is that the random number generator takes about two minutes to initialize, long enough for systemd to give up on these processes. Unbound is similar, but there unit file keeps trying until the random numbers are available. >From the log: May 5 10:19:02 ano2 kernel: [ 126.436729] random: crng init done Pressing the keyboard a few times (thus providing entropy) will allow the boot to continue. This definitely seems to be a kernel problem. Arne
Bug#892723: dehydrated: Dehydrated broken in stable due to unhandled redirect
Package: dehydrated Version: 0.3.1-3+deb9u1 Severity: normal Since recently, updating a cert no longer works. The challenge works, and the new cert is created, but creating the cert chain fails: ... + Creating fullchain.pem... + ERROR: An error occurred while sending get-request to http://cert.int-x3.letsencrypt.org/ (Status 301) ... The new cert is consequently not "actived" by symlinks, and the deploy scripts are not run. The reason is a new redirect at Let's Encrypt, and curl does not follow redirects unless the "-L" switch is given. This was fixed upstrem by <https://github.com/lukas2511/dehydrated/commit/7a0e71c6c2ccc6e98abca5ea1c7de28053e90c02> Arne -- System Information: Debian Release: 9.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 4.9.0-6-686-pae (SMP w/1 CPU core) Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8), LANGUAGE=sv_SE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages dehydrated depends on: ii ca-certificates 20161130+nmu1 ii curl 7.52.1-5+deb9u4 ii openssl 1.1.0f-3+deb9u1 dehydrated recommends no packages. dehydrated suggests no packages. -- no debconf information
Bug#887637: rsyslog-gnutls: TLS server does not send intermediate certificates, breaking verification
On Thu, 18 Jan 2018 16:27:35 +0100 Arne Nordmark <nordm...@mech.kth.se>
wrote:
>
> gtlsLoadOurCertKey() uses gnutls_x509_crt_import() on the file data,
and this function only handles one cert.
>
If one uses gnutls_x509_crt_list_import() instead, intermediate certs
could be supported. With the attached patch,
the server sends all certificates in the file.
Arne
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -173,6 +173,7 @@
gnutls_datum_t data = { NULL, 0 };
uchar *keyFile;
uchar *certFile;
+ int lenRcvd;
ISOBJ_TYPE_assert(pThis, nsd_gtls);
@@ -192,9 +193,12 @@
/* try load certificate */
CHKiRet(readFile(certFile, ));
- CHKgnutls(gnutls_x509_crt_init(>ourCert));
+ pThis->nOurCerts=sizeof(pThis->pOurCerts);
+ lenRcvd=gnutls_x509_crt_list_import(pThis->pOurCerts, >nOurCerts, , GNUTLS_X509_FMT_PEM,0);
+ if (lenRcvd<0) {
+ CHKgnutls(lenRcvd);
+ }
pThis->bOurCertIsInit = 1;
- CHKgnutls(gnutls_x509_crt_import(pThis->ourCert, , GNUTLS_X509_FMT_PEM));
free(data.data);
data.data = NULL;
@@ -210,7 +214,9 @@
if(data.data != NULL)
free(data.data);
if(pThis->bOurCertIsInit) {
- gnutls_x509_crt_deinit(pThis->ourCert);
+ for (int i=0; inOurCerts; ++i) {
+gnutls_x509_crt_deinit(pThis->pOurCerts[i]);
+ }
pThis->bOurCertIsInit = 0;
}
if(pThis->bOurKeyIsInit) {
@@ -255,8 +261,8 @@
#else
st->type = GNUTLS_CRT_X509;
#endif
- st->ncerts = 1;
- st->cert.x509 = >ourCert;
+ st->ncerts = pThis->nOurCerts;
+ st->cert.x509 = pThis->pOurCerts;
st->key.x509 = pThis->ourKey;
st->deinit_all = 0;
@@ -1204,7 +1210,9 @@
}
if(pThis->bOurCertIsInit)
- gnutls_x509_crt_deinit(pThis->ourCert);
+ for (int i=0; inOurCerts; ++i) {
+ gnutls_x509_crt_deinit(pThis->pOurCerts[i]);
+ }
if(pThis->bOurKeyIsInit)
gnutls_x509_privkey_deinit(pThis->ourKey);
if(pThis->bHaveSess)
--- a/runtime/nsd_gtls.h
+++ b/runtime/nsd_gtls.h
@@ -25,6 +25,7 @@
#include "nsd.h"
#define NSD_GTLS_MAX_RCVBUF 8 * 1024 /* max size of buffer for message reception */
+#define NSD_GTLS_MAX_CERT 10 /* max number of certs in our chain */
typedef enum {
gtlsRtry_None = 0, /**< no call needs to be retried */
@@ -56,7 +57,8 @@
* set to 1 and changed to 0 after the first report. It is changed back to 1 after
* one successful authentication. */
permittedPeers_t *pPermPeers; /* permitted peers */
- gnutls_x509_crt_t ourCert; /**< our certificate, if in client mode (unused in server mode) */
+ gnutls_x509_crt_t pOurCerts[NSD_GTLS_MAX_CERT]; /**< our certificate, if in client mode (unused in server mode) */
+ unsigned int nOurCerts; /* number of certificates in our chain */
gnutls_x509_privkey_t ourKey; /**< our private key, if in client mode (unused in server mode) */
short bOurCertIsInit; /**< 1 if our certificate is initialized and must be deinit on destruction */
short bOurKeyIsInit; /**< 1 if our private key is initialized and must be deinit on destruction */
Bug#887637: rsyslog-gnutls: TLS server does not send intermediate certificates, breaking verification
Package: rsyslog-gnutls Version: 8.24.0-1 Severity: normal The setup consists of a TLS-enabled rsyslog server and TLS-enbled rsyslog clients without using client certificate authentication. When DefaultNetstreamDriverCertFile on the server specifies a file with a single cert (which is signed by a top level cert available to the clients), clients can connect. When DefaultNetstreamDriverCertFile on the server specifies a file with a cert followed by an intermediate cert (which is signed by a top level cert available to the clients), clients fail to connect. Using "openssl s_client" reveals that only the server cert is sent, not the intermediate cert, and thus clients will fail server cert verification since the intermediate certificate is not available. The relevant code is in runtime/nsd_gtls.c. Interestingly enough there are two separate functions that read the certificate: gtlsAddOurCert() uses gnutls_certificate_set_x509_key_file(), which will handle intermediate certs correctly. gtlsLoadOurCertKey() uses gnutls_x509_crt_import() on the file data, and this function only handles one cert. The later function seems meant to be used in clients to read the client certificate when using client authentication, but is also called in gtlsInitSession(). If one changes gtlsInitSession() to read #if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION && 0 thus disabling the call to gtlsLoadOurCertKey(), the server will present the intermediate cert and clients will be able to connect. Arne -- System Information: Debian Release: 9.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8), LANGUAGE=sv_SE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages rsyslog-gnutls depends on: ii libc62.24-11+deb9u1 ii libgnutls30 3.5.8-5+deb9u3 ii rsyslog 8.24.0-1 rsyslog-gnutls recommends no packages. Versions of packages rsyslog-gnutls suggests: ii gnutls-bin 3.5.8-5+deb9u3 -- no debconf information
Bug#886768: Acknowledgement (linux-headers-3.16.0-5-amd64: inode_change_ok() missing, breaks openafs module build)
Newer OpenAFS versions replace code = inode_change_ok(inode, ); by code = setattr_prepare(file_dentry(afile->filp), ); The file_dentry() helper is not present in linux-headers-3.16.0-5 either, but code = setattr_prepare(afile->filp->f_path.dentry, ); at least seems to compile. Is this the correct replacement? Arne
Bug#886768: (no subject)
Control: reassign -1 src:linux
Bug#886768: linux-headers-3.16.0-5-amd64: inode_change_ok() missing, breaks openafs module build
Package: linux-headers-3.16.0-5-amd64 Version: 3.16.51-3+deb8u1 Severity: normal Since the latest jessie security update, the OpenAFS module (from openafs-modules-source, version 1.6.9-2+deb8u6) no longer builds. The error seems to be: CC [M] /usr/src/modass/usr_src/modules/openafs/src/libafs/MODLOAD-3.16.0-5-amd64-SP/osi_file.o /usr/src/modass/usr_src/modules/openafs/src/libafs/MODLOAD-3.16.0-5-amd64-SP/osi_file.c: In function ‘osi_UFSTruncate’: /usr/src/modass/usr_src/modules/openafs/src/libafs/MODLOAD-3.16.0-5-amd64-SP/osi_file.c:187:5: error: implicit declaration of function ‘inode_change_ok’ [-Werror=implicit-function-declaration] code = inode_change_ok(inode, ); ^ cc1: some warnings being treated as errors /usr/src/linux-headers-3.16.0-5-common/scripts/Makefile.build:262: receptet för målet ”/usr/src/modass/usr_src/modules/openafs/src/libafs/MODLOAD-3.16.0-5-amd64-SP/osi_file.o” misslyckades make[8]: *** [/usr/src/modass/usr_src/modules/openafs/src/libafs/MODLOAD-3.16.0-5-amd64-SP/osi_file.o] Fel 1 This is a regression, since the module builds fine with linux-headers-3.16.0-4-amd64. Arne -- System Information: Debian Release: 8.10 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/12 CPU cores) Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages linux-headers-3.16.0-5-amd64 depends on: ii linux-compiler-gcc-4.8-x86 3.16.51-3+deb8u1 ii linux-headers-3.16.0-5-common 3.16.51-3+deb8u1 ii linux-kbuild-3.16 3.16.7-ckt20-1 linux-headers-3.16.0-5-amd64 recommends no packages. linux-headers-3.16.0-5-amd64 suggests no packages. -- no debconf information
Bug#886719: linux-headers-3.2.0-5-amd64: inode_change_ok() missing, breaks openafs module build
Package: linux-headers-3.2.0-5-amd64 Version: 3.2.96-3 Severity: normal Since the latest wheezy security update, the OpenAFS module (from openafs-modules-source, version 1.6.1-3+deb7u8) no longer builds. The error seems to be: CC [M] /usr/src/modass/usr_src/modules/openafs/src/libafs/MODLOAD-3.2.0-5-amd64-SP/osi_file.o /usr/src/modass/usr_src/modules/openafs/src/libafs/MODLOAD-3.2.0-5-amd64-SP/osi_file.c: In function ‘osi_UFSTruncate’: /usr/src/modass/usr_src/modules/openafs/src/libafs/MODLOAD-3.2.0-5-amd64-SP/osi_file.c:184:5: error: implicit declaration of funct ion ‘inode_change_ok’ [-Werror=implicit-function-declaration] cc1: some warnings being treated as errors make[8]: *** [/usr/src/modass/usr_src/modules/openafs/src/libafs/MODLOAD-3.2.0-5-amd64-SP/osi_file.o] Fel 1 This is a regression, since the module builds fine with linux-headers-3.2.0-4-amd64. Arne -- System Information: Debian Release: 7.11 APT prefers oldoldstable-updates APT policy: (500, 'oldoldstable-updates'), (500, 'oldoldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/12 CPU cores) Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages linux-headers-3.2.0-5-amd64 depends on: ii gcc-4.6 4.6.3-14 pn linux-headers-3.2.0-5-common ii linux-kbuild-3.2 3.2.17-1 linux-headers-3.2.0-5-amd64 recommends no packages. linux-headers-3.2.0-5-amd64 suggests no packages.
Bug#878940: xpat2: Windows should be large enough to fit contents
Hi, begin quotation from Andrej Mernik (in <150827088179.9737.3627721575484887746.reportbug@andrej-namizni>): > currently, the game starts in a window which is wide/tall enough for some > games, but too narrow for the others (Spider, Seahaven, Monte Carlo, Midnight > Oil, etc.). This can cause confusion. > > Ideally, the game should start in a window with dimensions big enough to fit > all games. > > The same problem also applies to the help popup window which is tiny by > default (see screenshot). This window should also be at least as big as > the main window. Thanks for the report. I will probably not do much about this in the next months - as there is no upstram and I am not a programmer (even though I can read and write C) I tend to avoid doing bigger changes to the package. Patches are welcome though. cu AW -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (a...@saar.de) signature.asc Description: PGP signature
Bug#865962: openafs-fileserver: Periodic restarts configured in BosConfig causes bosserver to be shut down
Package: openafs-fileserver Version: 1.6.20-2 Severity: normal Dear Maintainer, This Sunday morning, the bosserver process on all stretch machines was found to have stopped. BosLog contained: Sun Jun 25 04:01:06 2017: Core limits now -1 -1 Sun Jun 25 04:01:06 2017: Server directory access is okay Sun Jun 25 04:01:06 2017: fs started pid 15456: /usr/lib/openafs/fileserver Sun Jun 25 04:01:06 2017: fs started pid 15457: /usr/lib/openafs/volserver Sun Jun 25 04:01:06 2017: vlserver started pid 15458: /usr/lib/openafs/vlserver Sun Jun 25 04:01:06 2017: ptserver started pid 15459: /usr/lib/openafs/ptserver Sun Jun 25 04:01:06 2017: Listening on 0.0.0.0:7007 Sun Jun 25 04:01:06 2017: fs:vol exited on signal 15 Sun Jun 25 04:01:06 2017: vlserver exited on signal 15 Sun Jun 25 04:01:06 2017: ptserver exited on signal 15 Sun Jun 25 04:01:06 2017: fs:file exited on signal 3 (core dumped) Sun Jun 25 04:01:06 2017: Shutdown of BOS server and processes in response to signal 15 The time is consistent with the restarttime entry in /etc/openafs/BosConfig: restarttime 11 0 4 0 0 checkbintime 3 0 5 0 0 bnode fs fs 1 parm /usr/lib/openafs/fileserver parm /usr/lib/openafs/volserver parm /usr/lib/openafs/salvager end bnode simple vlserver 1 parm /usr/lib/openafs/vlserver end bnode simple ptserver 1 parm /usr/lib/openafs/ptserver end The reason why a restarttime entry is present is lost in the mists of time, but might well have been a default setting once. Using the bos command to restart bosserver manually gives the same result: # bos restart -server localhost -bosserver -localauth causes bosserver to shut down, again with the same log entry. This is definitely a regression compared to jessie. As I interpret the log entry, a signal 15 is sent from the outside. The most obvious difference (compared to jessie) is the presence of a systemd unit file in the stretch version. Is systemd process control clashing with how bos tries to restart itself? Thanks for maintaining the Debian OpenAFS packages Arne Nordmark -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8), LANGUAGE=sv_SE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openafs-fileserver depends on: ii debconf [debconf-2.0] 1.5.61 ii init-system-helpers1.48 ii libc6 2.24-11+deb9u1 ii libcomerr2 1.43.4-2 ii libk5crypto3 1.15-1 ii libkrb5-3 1.15-1 ii lsb-base 9.20161125 ii openafs-client 1.6.20-2 Versions of packages openafs-fileserver recommends: ii ntp 1:4.2.8p10+dfsg-3 Versions of packages openafs-fileserver suggests: pn openafs-doc
Bug#849100: Is initializing exit_status to 0 really correct?
Note that the man page for dhclient-script says: The exit status of dhclient-script will be passed to dhclient-exit-hooks in the exit_sta‐ tus shell variable, and will always be zero if the script succeeded at the task for which it was invoked. The rest of the environment as described previously for dhclient-enter- hooks is also present. The /etc/dhcp/dhclient-exit-hooks and /etc/dhcp/dhclient-exit- hooks.d/* scripts can modify the value of exit_status to change the exit status of dhclient-script. This seems to be in conflict with the implemented fix of setting exit_status=0 before calling the hooks. If the man page is correct, each script in turn should have the chance to update exit_status, and the value after calling the final script is the one to use for return. Arne
Bug#737679: autofs does not appear to support IPv6 hostname lookups for NFS mounts
For the record: Version 5.1.2-1 (currently in stretch), still shows this problem, and building --with-libtirpc still resolves the problem. Are there any known downsides to using libtirpc? Arne
Bug#845425: DataSource no longer accessible since jessie security update
Den 2016-12-07 kl. 17:35, skrev Emmanuel Bourg:
> Le 7/12/2016 à 13:28, Arne Nordmark a écrit :
>
> Thanks for the info. I'm trying to reproduce the same error but I
> haven't succeeded so far. Here is was I did:
>
...
> 9. Create a test page /var/lib/tomcat7/webapps/ROOT/test.jsp with:
>
> <%@page import="javax.naming.*,javax.sql.*" %>
> <%
> Context initContext = new InitialContext();
> Context envContext = (Context) initContext.lookup("java:/comp/env");
> DataSource ds = (DataSource) envContext.lookup("jdbc/test");
>
> out.println("DataSource: " + ds);
> %>
>
> There is still something different with your setup but I don't know what.
If I add
out.println("Loaded by: " + ds.getClass().getClassLoader());
to test.jsp I get
Loaded by: org.apache.catalina.loader.StandardClassLoader@4876e0
so the WebappClassLoader is not being used in this example, probably
because there are no classes in the webapp.
>
>
>> Am I correct in understanding that you want me to add the loop on top of
>> version 7.0.56-3+deb8u5 without the other changes from upstream 7.0.73?
>
> Yes please.
OK. I first built 7.0.56-3+deb8u5 as disatributed, installed, and
verified that your example works but not my webapp. Then I added the
loop to validateGlobalResourceAccess() (patch attached), reinstalled
libtomcat7-java, restarted tomcat7, and verified that both webapps now work.
>
> Emmanuel Bourg
>
Thanks for your patience,
Arne
--- a/java/org/apache/naming/factory/ResourceLinkFactory.java
+++ b/java/org/apache/naming/factory/ResourceLinkFactory.java
@@ -116,9 +116,12 @@
private static boolean validateGlobalResourceAccess(String globalName) {
ClassLoader cl = Thread.currentThread().getContextClassLoader();
-Map<String,String> registrations = globalResourceRegistrations.get(cl);
-if (registrations != null && registrations.containsValue(globalName)) {
-return true;
+while (cl != null) {
+Map<String,String> registrations = globalResourceRegistrations.get(cl);
+if (registrations != null && registrations.containsValue(globalName)) {
+return true;
+}
+cl = cl.getParent();
}
return false;
}
Bug#845425: DataSource no longer accessible since jessie security update
Den 2016-12-07 kl. 11:38, skrev Emmanuel Bourg:
Hi Arne,
Were is located the jar of your JDBC driver?
I have put a symlink in /var/lib/tomcat7/common, so that would be loaded
by the "Common" class loader.
The default Debian configuration in /etc/tomcat7/catalina.properties
seem to be slightly broken here, so in the "common.loader" I had to
change from ${catalina.home}/common/... to ${catalina.base}/common/...
I can build and run Debian tomcat7 on both wheezy and jessie, so if you
would like me to make any further tests, please let me know.
Would you be able to try again with the missing loop?
Am I correct in understanding that you want me to add the loop on top of
version 7.0.56-3+deb8u5 without the other changes from upstream 7.0.73?
Emmanuel Bourg
Arne
Bug#845425: DataSource no longer accessible since jessie security update
Den 2016-12-04 kl. 15:00, skrev Markus Koschany:
> On 04.12.2016 09:22, Arne Nordmark wrote:
>> Unfortunately, the newly released wheezy security update 7.0.28-4+deb7u7
>> also suffers from this problem.
>>
>> Can it be so that the important part missing is the loop traversing the
>> class loaders in validateGlobalResourceAccess():
>>
>> while (cl != null) {
>> ...
>> cl = cl.getParent();
>> }
>
> Hello,
>
> I have prepared the update for Wheezy. Since you confirmed that using the
> ResourceLinkFactory class
> from 7.x trunk works for you, we have replaced the current version with this
> one. At the moment I
> fail to understand what we are missing because upstream's fix for
> CVE-2016-6797 is relatively
> straightforward [1] and we have already taken your bug report into account.
>
> Could you elaborate in which file the code from above is missing?
Sorry if I was unclear. In the ResourceLinkFactory class,
CVE-2016-6797.patch adds among other things the new method
private static boolean validateGlobalResourceAccess(String globalName)
However, the upstream version 7.0.73 there is another change to this new
method, which is the loop over the parent class loaders I was referring
to above.
It seems that when preparing CVE-2016-6797-part2.patch, this change was
left out, but it may be the change that actually makes things work.
I can build and run Debian tomcat7 on both wheezy and jessie, so if you
would like me to make any further tests, please let me know.
Thanks,
Arne
>
> Thanks,
>
> Markus
>
>
> [1] https://svn.apache.org/viewvc?view=revision=1757275
>
>
>
>
>
Bug#845425: DataSource no longer accessible since jessie security update
Unfortunately, the newly released wheezy security update 7.0.28-4+deb7u7
also suffers from this problem.
Can it be so that the important part missing is the loop traversing the
class loaders in validateGlobalResourceAccess():
while (cl != null) {
...
cl = cl.getParent();
}
Arne
Bug#845425: DataSource no longer accessible since jessie security update
Den 2016-11-23 kl. 17:52, skrev Emmanuel Bourg:
> Would you be able to rebuild with this version of the
> ResourceLinkFactory class and see if it works better?
>
> https://raw.githubusercontent.com/apache/tomcat70/TOMCAT_7_0_73/java/org/apache/naming/factory/ResourceLinkFactory.java
>
Indeed, with this file, things seem to work (crossing my fingers that I
have understood how to use quilt, and thus built correctly). I had to
make one change to line 43 to make it compile.
I am attaching the refreshed version of CVE-2016-6797.patch for reference.
Merci beaucoup,
Arne
Description: Fixes CVE-2016-6797: The ResourceLinkFactory did not limit web
application access to global JNDI resources to those resources explicitly
linked to the web application. Therefore, it was possible for a web
application to access any global JNDI resource whether an explicit
ResourceLink had been configured or not.
Origin: backport, https://svn.apache.org/r1757275
--- a/java/org/apache/catalina/core/NamingContextListener.java
+++ b/java/org/apache/catalina/core/NamingContextListener.java
@@ -41,6 +41,7 @@
import org.apache.catalina.ContainerEvent;
import org.apache.catalina.ContainerListener;
import org.apache.catalina.Context;
+import org.apache.catalina.Engine;
import org.apache.catalina.Host;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleEvent;
@@ -68,6 +69,7 @@
import org.apache.naming.ResourceRef;
import org.apache.naming.ServiceRef;
import org.apache.naming.TransactionRef;
+import org.apache.naming.factory.ResourceLinkFactory;
import org.apache.tomcat.util.modeler.Registry;
import org.apache.tomcat.util.res.StringManager;
@@ -344,6 +346,11 @@
registry.unregisterComponent(objectName);
}
}
+
+javax.naming.Context global = getGlobalNamingContext();
+if (global != null) {
+ResourceLinkFactory.deregisterGlobalResourceAccess(global);
+}
} finally {
objectNames.clear();
@@ -1167,6 +1174,17 @@
logger.error(sm.getString("naming.bindFailed", e));
}
+ResourceLinkFactory.registerGlobalResourceAccess(
+getGlobalNamingContext(), resourceLink.getName(), resourceLink.getGlobal());
+}
+
+
+private javax.naming.Context getGlobalNamingContext() {
+if (container instanceof Context) {
+Engine e = (Engine) ((Context) container).getParent().getParent();
+return e.getService().getServer().getGlobalNamingContext();
+}
+return null;
}
@@ -1270,6 +1288,7 @@
logger.error(sm.getString("naming.unbindFailed", e));
}
+ResourceLinkFactory.deregisterGlobalResourceAccess(getGlobalNamingContext(), name);
}
--- a/java/org/apache/naming/factory/ResourceLinkFactory.java
+++ b/java/org/apache/naming/factory/ResourceLinkFactory.java
@@ -5,20 +5,21 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- */
-
-
+ */
package org.apache.naming.factory;
+import java.util.HashMap;
import java.util.Hashtable;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
import javax.naming.Context;
import javax.naming.Name;
@@ -28,35 +29,32 @@
import javax.naming.spi.ObjectFactory;
import org.apache.naming.ResourceLinkRef;
-
+import org.apache.naming.StringManager;
/**
* Object factory for resource links.
- *
+ *
* @author Remy Maucherat
*/
-public class ResourceLinkFactory
-implements ObjectFactory {
-
-
-// --- Constructors
-
+public class ResourceLinkFactory implements ObjectFactory {
// --- Static Variables
+private static final StringManager sm = StringManager.getManager(Constants.Package);
/**
* Global naming context.
*/
private static Context globalContext = null;
+private static Map<ClassLoader,Map<String,String>> globalResourceRegistrations =
+new ConcurrentHashMap<ClassLoader,Map<String,String>>();
// - Public Methods
-
/**
* Set the global context (note: can only be used once).
- *
+ *
* @p
Bug#845425: DataSource no longer accessible since jessie security update
Den 2016-11-23 kl. 17:52, skrev Emmanuel Bourg: > > Would you be able to rebuild with this version of the > ResourceLinkFactory class and see if it works better? > > https://raw.githubusercontent.com/apache/tomcat70/TOMCAT_7_0_73/java/org/apache/naming/factory/ResourceLinkFactory.java > I take it you mean this in addition to the other changes in CVE-2016-6797.patch? Will do. Arne
Bug#845425: DataSource no longer accessible since jessie security update
Yet another data point: I rebuilt 7.0.56-3+deb8u5 with CVE-2016-6797.patch deleted, and again the problem goes away. Arne
Bug#845425: DataSource no longer accessible since jessie security update
Den 2016-11-23 kl. 14:09, skrev Emmanuel Bourg: > Did you enable the security manager? I have not changed that part of /etc/default/tomcat7, so it still reads #TOMCAT7_SECURITY=no which should imply that the security manager is not enabled. Arne
Bug#845425: DataSource no longer accessible since jessie security update
Den 2016-11-23 kl. 12:36, skrev Emmanuel Bourg: > Hi Arne, > > Thank you for reporting this issue. Could you check if it also occurs > with the tomcat7 package from jessie-backports please? Thanks for the quick reply. No, with version 7.0.73-1~bpo8+1 I do not have this problem. I guess this indicates a problem with backporting the patch to 7.0.56. > > Emmanuel Bourg > Arne
Bug#845425: DataSource no longer accessible since jessie security update
Package: tomcat7 Version: 7.0.56-3+deb8u5 Severity: normal After the security update 7.0.56-3+deb8u5, I get an error message: ALLVARLIG: Servlet.service() for servlet [Faces Servlet] in context with path [/mech] threw exception [Filter execution threw an exception] with root cause org.hibernate.HibernateException: Unable to determine appropriate DataSource to use This seems likely to be connected with the fix for bug #842666, but I am not expert enough to determine whether this is due to misconfiguration, a problem with the fix, a problem in Hibernate, or ... It used to work with 7.0.56-3+deb8u4, and downgrading to 7.0.56-3+deb8u3 from stable also restores the functionality. /etc/tomcat7/server.xml: ... ... ... ... webapp/META-INF/context.xml: Thanks, Arne
Bug#818262: xpat2: Buffer overflow when saving a game in xpat2
Package: xpat2 begin quotation from letouzey (in <20160301115822.16629.45548.report...@septem.inria.fr>): > Trying to save any game in xpat2 under Debian Jessie always triggers a crash > with the following message: Ack - I will look at this as time permits. (Just so you know I received this although the mail probably bounced.) cu AW -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (a...@saar.de) signature.asc Description: Digital signature
Bug#799122: [Pkg-xen-devel] Bug#799122: xen-hypervisor-4.4-amd64: Networking of domUs stops working after a few minutes
We tested the current lenny kernel linux-image-3.16.0-4-amd64 as well as the backport linux-image-4.1.0-0.bpo.1-amd64 on the dom0 as well as the domU. (I suppose you meant s/lenny/jessie/ ;-) Oops, yes :) These are kernel ABI versions, the package release versions are things like 3.16.7-ckt17-1 or 4.2.5-1~bpo8+1, which yu can either get from dpkg or from /proc/version (at the end, before the date, I think). If you can let me know the versions then I can more sensibly reassign this to the kernel packages. It will also give some baselines to see what if any fixes we do or don't have. Thank you. The tested versions on dom0 and domU in which the problem occurs are: 4.1.3-1~bpo8+1 3.16.7-ckt11-1+deb8u5 I posted the problem also to the xen-user mailing list, but did not get a reply there. And I have to update one of the observations: It seems that not all domUs started after the problem occurs for the first time are broken. After several restarts (without any changes) one of the domUs started working again.
Bug#799122: xen-hypervisor-4.4-amd64: Networking of domUs stops working after a few minutes
Package: xen-hypervisor-4.4-amd64 Version: 4.4.1-9+deb8u1 Severity: important A few minutes after starting a domU, network access is no longer possible from and to it. This does not always happen and is not easily reproducible, but seems to occur in all newly started domUs from some point in time on. However, also restarting the dom0 does not necessarily prevent the problem. At the moment when the network in the domU completely stops working, there is the error message [2178752.854380] vif vif-33-0 vif33.0: Guest Rx stalled visible in dmesg in the dom0. It is sometimes possible to for example ping the domU for a longer time than pinging any host from the domU. Also pings may still be possible for a few minutes, while SSH sessions do no longer work. We tested the current lenny kernel linux-image-3.16.0-4-amd64 as well as the backport linux-image-4.1.0-0.bpo.1-amd64 on the dom0 as well as the domU. The problem happens with newly created domUs via 'xen-create-image', as well as with older domUs which have been migrated from a debian wheezy dom0. It happens with the vif-route as well as the vif-bridge script in the domU configuration. When the network stops working, the ARP tables are no longer filled on dom0 and domU, for example: Address HWtype HWaddress Flags MaskIface x.y.z.v (incomplete) vif33.0 -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.1.0-0.bpo.1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) xen-hypervisor-4.4-amd64 depends on no packages. Versions of packages xen-hypervisor-4.4-amd64 recommends: ii xen-utils-4.4 4.4.1-9+deb8u1 xen-hypervisor-4.4-amd64 suggests no packages. -- no debconf information
Bug#798020: libgsmme1c2a: gsmsendsms stopped sending sms after upgrade to jessie
Package: libgsmme1c2a Version: 1.10+20120414.gita5e5ae9a-0.2 Severity: normal Dear Maintainer, after upgrade to jessie gsmsendsms program, which uses this library stopped working with my modem. Downgrade to wheezy version of gsm-utils didn't help. Downgrade to wheezy version of gsm-utils AND libgsmme1c2a worked and sms are being sent normally. gsmsendsms sends following commands to my modem: root@sith(0)bin# strace -e trace=write -f -s 1000 gsmsendsms -b 9600 --sca +420603052000 -d /dev/ttyS0 "+420732673195" "hello" write(3, "ATZ\r", 4)= 4 write(3, "ATE0\r", 5) = 5 write(3, "AT+CMEE=1\r", 10) = 10 write(3, "AT+CMGF=0\r", 10) = 10 write(3, "AT+CGMI\r", 8)= 8 write(3, "AT+CGMM\r", 8)= 8 write(3, "AT+CGMR\r", 8)= 8 write(3, "AT+CGSN\r", 8)= 8 write(3, "AT+CSMS?\r", 9) = 9 write(3, "AT+CSCS=\"GSM\"\r", 14) = 14 write(3, "AT+CSMS=1\r", 10) = 10 write(3, "AT+CMGS=19\0\r", 11) = 12 write(2, "gsmsendsms", 10gsmsendsms) = 10 write(2, "[ERROR]: ", 9[ERROR]: )= 9 write(2, "timeout when reading from TA (errno: 0/Success)", 47timeout when reading from TA (errno: 0/Success)) = 47 write(2, "\n", 1) = 1 +++ exited with 1 +++ whereas wheezy's version doesn't send \0 in AT+CMGS=19 command and it works like charm. Seems my modem doen't take \0 well in AT+CMGS=... in wheezy, the strace ends like this: [...] write(3, "AT+CSMS=1\r", 10) = 10 write(3, "AT+CMGS=19\r", 11)= 11 write(3, "079124603050020015000C91247023761359A805E8329BFD06\32", 55) = 55 +++ exited with 0 +++ there's my modem info: AT+CGMI WAVECOM MODEM OK AT+CGMM MULTIBAND 900E 1800 OK AT+CGMR 430a09gm.2C 1208244 110801 19:19 OK AT+CGSN 332055330434650 OK AT+CSMS? +CSMS: 1,1,1,1 OK Your sincerely, Arne Rusek -- System Information: Debian Release: 8.1 APT prefers stable APT policy: (990, 'stable'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'oldstable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages libgsmme1c2a depends on: ii libc6 2.19-18 ii libgcc11:4.9.2-10 ii libstdc++6 4.9.2-10 ii multiarch-support 2.19-18 libgsmme1c2a recommends no packages. libgsmme1c2a suggests no packages. -- no debconf information
Bug#795014: mpd fails to start because of a symbol mismatch with libadplug-2.2.1.so.0body=On Sun, 09 Aug 2015 16:36:51 +0200 Xavier Guerrin lt;xav...@kindwolf.orggt; wrote:gt; Package: mpdgt; Ver
Same problem here on Debian unstable.mpd: symbol lookup error: mpd: undefined symbol: _ZN7CAdPlug7factoryERKSsP4CoplRK8CPlayersRK13CFileProvider
Bug#753732: NFS sec=krb5 does not work with cross-realm
On Fri, 04 Jul 2014 16:36:12 +0200 Jaap Winius jwin...@umrk.nl wrote: Package: nfs-common Version: 1.2.6-4 NFS with sec=krb5i or sec=krb5p using MIT Kerberos does not work when cross-realm authentication is used -- only when clients have an Kerberos ticket for the same realm. This happens consistently and in cases when cross-realm authentication does work with other services on the same machine, such as SSH. ... The second set involves a user account with the same name, jwinius, but with a Kerberos ticket from a different, albeit trusted realm: UMRK.NL. This always results in an authentication failure: ... The user experience ends with a Permission denied message, although the client does receive a Kerberos service ticket despite the failure. The rpc.idmapd daemon seems to translate the jwin...@umrk.nl account to jwin...@dapadam.nl with user ID 1. In some situations this might be incorrect, but here it's okay because both accounts belong to the same person. When authentication fails, the only evidence that I can see for this in the server's log output is in the fifth line shown: nss_gss_princ_to_ids: Local-Realm 'UMRK.NL': NOT FOUND. Apparently, the local Kerberos KDC is not interrogated and the trust entry for the UMRK.NL realm is never discovered. You have not included the content of /etc/idmapd.conf. There are several options for translating principals, and if user names are the same in both realms a simple line like Local-Realms: DAPADAM.NL, UMRK.NL might do it. Arne Nordmark -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 [reformatted] begin quotation from Sebastian Ramacher (in 20150518184906.ga22...@ramacher.at): On 2015-05-18 20:01:47, Alessandro Ghedini wrote: On Sat, May 16, 2015 at 03:43:37PM +0200, Alessandro Ghedini wrote: On Sat, May 16, 2015 at 03:07:57PM +0200, Sebastian Ramacher wrote: On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: On 2015-05-14 20:41:15, Arne Wichmann wrote: Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html A similar commit to the one maintained in this mailing list post was applied to 11.3. So closing with that version. Do you mean the patch at [0]? Honestly it doesn't look like the ffmpeg patch at all, and the commit message doesn't even mention the bug fix. How can you be so sure that the bug is fixed? I might have read the commit wrong. Do you have a sample for this CVE? Unfortunately the reproducer isn't public. I contacted ffmpeg-security about it, I'll keep you posted. I got the reproducer from ffmpeg and it seems that libav in sid isn't affected like Sebastian said. So yeah, this bug should stay closed. I don't know if the patch linked above is what fixed the issue though. Great! Thank you for checking. I am not amused about the closedness with that this was handled - but I am very sure that you are not to blame for this. cu AW - -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (a...@linux.de) -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJVWwSMAAoJEENYfBy4DUs+lIEP+wQPZB4LPpuc9IfA94jAfEuy 4NY3lGOcF7EZmMKqD0Ha2xhrO1IINTwT7Ifkz/cseJMnqaibP+7FHC2dFoPgQNYR AabT7oGvT3nsWidFJhlnWS2UlRu2oq2MAS2cvCy4bD98EyOl6CGs+Bnv6ZlUVClM qadtfa+s+xGIfrLVntRP5ZGp+pkcYYQcVFCKnR5KVIuYzA0iryw2tORB4bEV56Bi xwEFFXvCta9z8VQs4D6dnmSvIvLBhcyP5zzSQFrqRNXIxbNHSDNyWxQHy5ACzm8Z 9vAL0wZPv6tpCkjrfYlF6pkewtlcUdlnU7pZObpfXfOnc3qS6SJHLnPe77KSWMQ8 TOqneKXtLH2Py0Vt0PxE/vAP5O6rcDl5ixIsDwcdkYQMBNgUTBTlaFCuK3zVSr0Q s4y7fNoMQ/ruff9L3CNuWLvTtMgzM5HwY+krNvl70ctXj0ah2WZatNvF8D0BQ85C O+p79rxfwNWN5pwL7KxkarppwGktZDF7ekjQeNutZwZ+NccCJaaxOGpUbWPFEcya m4ceYsU3tp+QufOCGv9kGrvuxeI6Hz17xN3+bF2uc6A76/nj3gtjRjghnYtzOPzX Fr6y5Ecd44rxy74nkRYCpcvxfSe63GR7/u4VJwCGJ1D3wygnEAloJxFJHIq3UjEJ xn5UfNHp+Ho4XMVSHUfP =3job -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 begin quotation from Sebastian Ramacher (in 20150516130757.ga21...@ramacher.at): On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On 2015-05-14 20:41:15, Arne Wichmann wrote: Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html A similar commit to the one maintained in this mailing list post was applied to 11.3. So closing with that version. Do you mean the patch at [0]? Honestly it doesn't look like the ffmpeg patch at all, and the commit message doesn't even mention the bug fix. How can you be so sure that the bug is fixed? I might have read the commit wrong. Do you have a sample for this CVE? There is one referenced in various messages relating to CVE-2014-7937: asan_heap-uaf_18dac2b_9_asan_heap-uaf_22eb375_208_beta3_test_small.ogg unfortunately it is not publicly available AFAICS. You might ask upstream about it. cu AW - -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (a...@linux.de) -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJVV0YMAAoJEENYfBy4DUs++FAP/j6NA8gP37qu4hHTFK9rKc+3 ddj3sClTKQ3d8aC2xq3+rgxjUo35YiPgY3sdcTb4Sni5rm8acHpo0NdDlkpPdFS4 gR3nx3t0GEAqe55aLzUls6Rq9U9fWwHrhjl+Kbhr6zNR+XtXoDMj12GA3ICcJp7J ucvMZtpbJhaTJwvqsljn7IAvjgdikAdtxiRqPXHbeAAwKYJkU5Bdlu9eB+YtXABF IAHU8Qyc4PaJ4o/kbv+C5IBk8ILqhZPjTNSdljJryJTPBkH/R5P9VFjJs/rcSh8O nB2bUmXcRX/+tw5GFcLvYrpivylCpQPLebp2gQjoAUuj8ARS931pGEiFxThqffP+ 53F+lG/tIXpO53Yn/CpoOkGm0sjgApSRDgCwJsgy2HkUi8CN66mBt03nciEfPvG6 om60Oa0Mj+BoevtiQeaXRgXI/bsKDz57sUuhOlGY6LbfNbAWew90ns+q1CWTDW/8 uAsi8SgKjVKp3lM8f3TR73GIOMVn8lNAgnSyrbVVGke7nHO0AjwdeV/Ld6So6fWG 1ELvZyzkn/BI6V3W29IjcKlo7ncS9bv6CU1z+vToW2FPUitazS3P2cdr069KyKyH bU8hQPkqDp2jwMMk4DDojS5ue8VhFj0yazhMKYJB7KSzjf57qgegjipEvKQlN5HT FFVJBtD94jGVHzspGh0s =lqqu -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html cu AW -- System Information: Debian Release: stretch/sid APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.7-ckt9 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages libavcodec56 depends on: ii libavresample2 6:11.3-2 ii libavutil546:11.3-2 ii libc6 2.19-18 ii libgsm11.0.13-4 ii libmp3lame03.99.5+repack1-7 ii libopenjpeg5 1:1.5.2-3 ii libopus0 1.1-2 ii libschroedinger-1.0-0 1.0.11-2.1 ii libspeex1 1.2~rc1.2-1 ii libtheora0 1.1.1+dfsg.1-6 ii libva1 1.5.1-2 ii libvorbis0a1.3.4-2 ii libvorbisenc2 1.3.4-2 ii libvpx11.3.0-3 ii libx264-1422:0.142.2431+gita5831aa-1+b2 ii libx265-43 1.5-1 ii libxvidcore4 2:1.3.3-1 ii multiarch-support 2.19-18 ii zlib1g 1:1.2.8.dfsg-2+b1 libavcodec56 recommends no packages. libavcodec56 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774643: can't cast Hash to text
Hi
There still seems to be some problems with stored configs, in a test
deployment I have the following minimal node manifest:
define foo($params) {
}
node 'test.adm.easyconnect.no' {
@@foo {'bar': params = {foo = 1, bar = 2} }
}
We use this kind of pattern in quite a few places where it would be
inconvenient to flatten it before exporting, and it works fine on wheezy.
The first run of the agent works fine, and the following value is
written to the database: {foo=1, bar=2}
The second (and third, fourth, ...) run fails: Error: Could not retrieve
catalog from remote server: Error 400 on SERVER: can't cast Hash to text
Enabling as much debug as I know how to on the master it logs this on
the first (successful) run:
Notice: Compiled catalog for test.adm.easyconnect.no in environment
vagrant in 1.20 seconds
Info: Caching catalog for test.adm.easyconnect.no
Debug: Searched for resources in 0.01 seconds
Debug: Searched for resource params and tags in 0.00 seconds
Debug: Resource removal in 0.00 seconds
Debug: Resource merger in 0.00 seconds
Debug: Added resources(initialization) in 0.01 seconds
Debug: Added resources(parameters) in 0.01 seconds
Debug: Added resources(tags) in 0.02 seconds
Debug: Resource addition in 0.06 seconds
Debug: Performed resource comparison in 0.06 seconds
Debug: Using cached facts for test.adm.easyconnect.no
Info: Caching node for test.adm.easyconnect.no
While for the second run:
Info: Caching node for test.adm.easyconnect.no
Notice: Compiled catalog for test.adm.easyconnect.no in environment
vagrant in 0.03 seconds
Info: Caching catalog for test.adm.easyconnect.no
Debug: Searched for resources in 0.01 seconds
Debug: Searched for resource params and tags in 0.00 seconds
Debug: Resource removal in 0.00 seconds
Error: can't cast Hash to text
Agent version doesn't seem to matter, I've tried both 2.7 and 3.7.
Master is on 3.7.2-3 from jessie.
--
Knut Arne Bjørndal, Tekniker Easy Connect AS - http://1890.no
E-post: knut.arne.bjorn...@easyconnect.no
signature.asc
Description: OpenPGP digital signature
Bug#717544: Workaround for CVE-2013-2207
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 So, as this seems to be around for a bit longer I thing mentioning the workarounds would be helpful: - - Make sure user_allow_other is not set in /etc/fuse.conf - - Remove the SUID bit from /usr/lib/pt_chown This is mostly inferred from [1]. Does this work? When does this not work? Any comment? [1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2207 cu AW - -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (a...@linux.de) -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJVBs5EAAoJEENYfBy4DUs+5vgP/07qI3cTAKOeTbPH5BcBS+XB fNJFmOtTUdXaC9FW0YMAf/kLDtCeI5WXypY0gERyaoh4OaIdEhiWQ1nEIcBD/C0T Z09s0D1L/1lypK3sCz+PO34IlFHmkRNTwlF0TLsYE/8oGAIQgWLEfj9Zxg1szr96 FX+QaM4+IVl9ZYMzrsq8uGZil24X5rkSyBItG+Av+4KqkelD/5wDT91f+YNhWAIN j5zXGzTMPPNpYl1Owux2wltPc1Yd90ZUdn0ZSR8nFPfarlx00TvB4Y7pc3EA1cPi dS8KWzqueswbleilhyMSjpq505rcbBTsMKl45cY4cKa6n7WVn/ruLLU4AfgZ1mB5 EkeYBp+v1BmXP0FtLIbOnTKQD21mVaXIAN7HCsvw8NFJaTf+fQm2FXzbp5MVi/vo MZnyzXIUFxmhgr/CJf1ICviFdIawm7ISGdqdf9yjVgLBbPC1Cl5Kdd9G2wCEx4U1 wJhrGDmpVzU+r+nsNUswyAO9aCLkmGfLHx27s0OX5VjzLo18YW/nSmI9t/MC8/g1 xc+BV9QR2LXewxfT46THQwidCT0yFveFd1N2yBSugEKT1yrvx3+61p/Ox+i+DGUn TCANbn818IEm4H9Nji42n2uOTyYS0vR6aWVbnCeAsTijrky1oBCNAmiGbWd30fBO p87pLEBhfA+Tf8daTnDP =TtDT -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#698920: fvwm: In FvwmWinList, the list shows the title names instead of the icon names
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 begin quotation from Vincent Lefevre (in 20150219170837.ga18...@xvii.vinc17.org): On 2015-02-19 16:20:55 +, Thomas Adam wrote: This looks as though it was fixed by being commented out. Note that this is not desirable and as the person who seems to have introduced the bug, I might look into it at some point in the future. What is it you're expecting in terms of confirmation? It'll be in the next FVWM release whenever that is. I thought that there could be a backport for 2.6.5 (which is what Debian is using). Because of this bug, I'm still using an old fvwm version. That would be cool - I pinned fvwm at the wheezy version for the time being. Having a newer version would be charming. cu AW - -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (a...@linux.de) -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJU6FXNAAoJEENYfBy4DUs+4jAP/03iI0NGp/xfhkQC/TaJ/paM RWoE3Sbn62j9XL4C1Q3qHW9hkJFNKYaOIDIIjkdoZsNxy83PejSHDL0G/LzUBurK 9r7YjBJmeXxRb0Lx9YoAd/s2orPwlvtR2W6MmgoQrYgxOHUVqOZkjpBcVyMgOiVu CxvRYEQQvo/moO7XBkipkv7y2GbV3klsOst9CABRpH392doL2AFbT8CJDwuBL+DX sWNYjvtcuS6NvygaxYCBBQllN1qV3a/fRD3j6k3ToDk8mqY3Ns2PCEh7zYTZlgJc lGtogQltQY2gOz+R5p/62IX4ELvjRmPz1Se9KUzC3TMCDDwzjfo9GYW1pRpOd2S3 egpwnPwmhU5MiamnKUqc6nf20PWGiRxM/uQMQ/XHPktGuBRa0ruGg+2T6ZgXzo7v +3RrLIe9zG0b0SXJaR2y5HE+b6pDfYC9znLB0nt7PDn4FxJcsaUjiI++TEUpI7CF YQG5vZCzzWRptAf1wF/6+GjhfyFbj16q+WVl57F8ORH5dr7jKo/USZ0Sb7jtXPiK H2hvUnnXe36/dWKJh5nREUxD2c+dAkNiqsGFkRMufSmGzyYssmIYch8sl3LUVEL+ F/7VgnZHkJ2fLSPf2sheKg1e/zhtvmPqccfhrUdu8tFJQAgYg24o50QOqn3JuPq7 otC54709gnUtefq3iKHn =7MXK -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773610: libapache2-svn: apache2 restart failed: mod_dav_svn.so: undefined symbol:, dav_svn__new_error
Package: libapache2-svn Version: 1.6.17dfsg-4+deb7u7 Severity: grave Justification: renders package unusable The wheezy-security upload breaks libapache2-svn in exactly the same way as the previous upload 1.6.17dfsg-4+deb7u5, which was fixed in 1.6.17dfsg-4+deb7u6, see bug number 741314 for more details. service apache2 start [ ok ] Starting web server: apache2. apache2: Syntax error on line 244 of /etc/apache2/apache2.conf: Syntax error on line 2 of /etc/apache2/mods-enabled/dav_svn.load: Cannot load /usr/lib/apache2/modules/mod_dav_svn.so into server: /usr/lib/apache2/modules/mod_dav_svn.so: undefined symbol: dav_svn__new_error Arne Nordmark -- System Information: Debian Release: 7.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#508087: closed by Bastian Blank wa...@debian.org (no bug)
Moin! As far as i remember, it was deinstalled automatically during a system upgrade... greetings, arne 2014-09-06 20:30 GMT+02:00 Debian Bug Tracking System ow...@bugs.debian.org: This is an automatic notification regarding your Bug report which was filed against the lvm2 package: #508087: lvm2: should not uninstall when the system is using lvm It has been closed by Bastian Blank wa...@debian.org. Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Bastian Blank wa...@debian.org by replying to this email. -- 508087: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508087 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- Weitergeleitete Nachricht -- From: Bastian Blank wa...@debian.org To: 508087-d...@bugs.debian.org Cc: Date: Sat, 6 Sep 2014 20:28:11 +0200 Subject: no bug A user is allowed to shoot itself in the feet. Bastian -- Those who hate and fight must stop themselves -- otherwise it is not stopped. -- Spock, Day of the Dove, stardate unknown -- Weitergeleitete Nachricht -- From: Arne Wichmann arnew-report...@rasentrimmer.org To: Debian Bug Tracking System sub...@bugs.debian.org Cc: Date: Sun, 07 Dec 2008 20:18:40 +0100 Subject: lvm2: should not uninstall when the system is using lvm Package: lvm2 Version: 2.02.39-2 Severity: wishlist maybe a question whether one really wants to uninstall lvm2 when the system is using volumes would me good? -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (900, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages lvm2 depends on: ii libc62.7-16 GNU C Library: Shared libraries ii libdevmapper1.02.1 2:1.02.27-4 The Linux Kernel Device Mapper use ii libreadline5 5.2-3 GNU readline and history libraries lvm2 recommends no packages. Versions of packages lvm2 suggests: ii dmsetup 2:1.02.27-4 The Linux Kernel Device Mapper use -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#758557: network-manager: not authorized to control networking
Package: network-manager
Version: 0.9.10.0-1.1
Severity: important
Dear Maintainer,
one of the last updates drastically limited network-manager's usability --
whenever i try to up or down a connection via the kde applet, all i get is not
authorized to control networking (in /var/log/syslog and since the latest
update today at least also a popup).
looks like #657279 -- but further research indicated that it ay be related to
systemd (and maybe KDM, there are reports, the GDM users do not experience such
issues).
the users trying to access nm are in the groups
dialout cdrom floppy audio video plugdev netdev powerdev scanner nvram
vboxusers bluetooth pulse-access pulse-rt fuse subversion
and unless there's yet another networking related group, this should cover it.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages network-manager depends on:
ii adduser3.113+nmu3
ii dbus 1.8.6-1
ii init-system-helpers1.20
ii isc-dhcp-client4.3.1-1
ii libc6 2.19-9
ii libdbus-1-31.8.6-1
ii libdbus-glib-1-2 0.102-1
ii libgcrypt111.5.4-2
ii libglib2.0-0 2.40.0-4
ii libgnutls-deb0-28 3.2.16-1
ii libgudev-1.0-0 208-7
ii libmm-glib01.2.0-1
ii libndp01.4-1
ii libnewt0.520.52.17-1
ii libnl-3-2003.2.24-2
ii libnl-genl-3-200 3.2.24-2
ii libnl-route-3-200 3.2.24-2
ii libnm-glib40.9.10.0-1.1
ii libnm-util20.9.10.0-1.1
ii libpam-systemd 208-7
ii libpolkit-gobject-1-0 0.110-2
ii libreadline6 6.3-8
ii libsoup2.4-1 2.46.0-2
ii libsystemd-daemon0 208-7
ii libsystemd-login0 208-7
ii libuuid1 2.20.1-5.8
ii lsb-base 4.1+Debian13
ii policykit-10.110-2
ii udev 208-7
ii wpasupplicant 1.1-1
Versions of packages network-manager recommends:
pn crda none
pn dnsmasq-base none
ii iptables 1.4.21-2
ii modemmanager 1.2.0-1
ii ppp 2.4.6-2
Versions of packages network-manager suggests:
pn avahi-autoipd none
-- Configuration Files:
/etc/NetworkManager/NetworkManager.conf changed:
[main]
plugins=ifupdown,keyfile
no-auto-default=54:EE:75:0F:9F:A6,
[ifupdown]
managed=false
/etc/init.d/network-manager changed:
echo nm /tmp/nm.txt
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC=network connection manager
NAME=NetworkManager
DAEMON=/usr/sbin/$NAME
PIDFILE=/var/run/$NAME/$NAME.pid
SCRIPTNAME=/etc/init.d/network-manager
test -x $DAEMON || exit 0
.. /lib/lsb/init-functions
test -f /etc/default/NetworkManager . /etc/default/NetworkManager
d_start() {
start-stop-daemon --start --quiet --pidfile $PIDFILE \
--exec $DAEMON -- $DAEMON_OPTS
}
d_stop() {
start-stop-daemon --stop --retry 15 --pidfile $PIDFILE --exec $DAEMON
}
case $1 in
start)
echo start /tmp/nm.txt
log_daemon_msg Starting $DESC $NAME
d_start
case $? in
0) log_end_msg 0; echo 0 /tmp/nm.txt ;;
1) log_progress_msg already started
log_end_msg 0 ; echo 1 /tmp/nm.txt;;
*) log_end_msg 1 ; echo * /tmp/nm.txt;;
esac
;;
stop)
echo stop /tmp/nm.txt
log_daemon_msg Stopping $DESC $NAME
d_stop
case $? in
0) log_end_msg 0 ;;
1) log_progress_msg already stopped
log_end_msg 0 ;;
*) log_end_msg 1 ;;
esac
;;
restart|force-reload)
echo restart /tmp/nm.txt
$0 stop
$0 start
;;
status)
status_of_proc -p $PIDFILE $DAEMON $NAME exit 0 || exit $?
;;
*)
echo Usage: $SCRIPTNAME {start|stop|restart|force-reload|status} 2
exit 1
;;
esac
exit 0
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#758557: [Pkg-utopia-maintainers] Bug#758557: network-manager: not authorized to control networking
How do you start your X session? kdm via /etc/init.d/ (and whatever systemd does with it) What's the output of loginctl show-session $XDG_SESSION_ID Id=1 Timestamp=Mon 2014-08-18 21:13:44 CEST TimestampMonotonic=143765718 VTNr=7 Display=:0 Remote=no Service=kdm Scope=session-1.scope Leader=1651 Audit=1 Type=x11 Class=user Active=yes State=active IdleHint=no IdleSinceHint=0 IdleSinceHintMonotonic=0 Name=username -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#755781: mysql-server-5.5 fails to start after security upgrade from 5.5.37-0+wheezy1 to 5.5.38-0+wheezy1
Hi Enrico, for me, upgrade was w/o problems. Jul 23 10:11:45 debian mysqld: 140723 10:11:45 InnoDB: Initializing buffer pool, size = 128.0M Jul 23 10:11:45 debian mysqld: InnoDB: mmap(137363456 bytes) failed; errno 12 Jul 23 10:11:45 debian mysqld: 140723 10:11:45 InnoDB: Completed initialization of buffer pool Jul 23 10:11:45 debian mysqld: 140723 10:11:45 InnoDB: Fatal error: cannot allocate memory for the buffer pool Your logs indicate you ran out of memory ;-) # perror 12 OS error code 12: Cannot allocate memory -- Regards(); return Arne Rusek; -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#550676: please make bash-completion falling back to path completion if nothing else is found
Package: bash-completion Version: 1:2.1-4 Followup-For: Bug #550676 Dear Maintainer, the issue reported still exists -- i was playing around with a bunch of files which are all ZIP archives though with an arbitrary suffix other than .zip. with none of the tools (file-roller or just unzip) did a file name complete although, given manually both were able to open the files. as the OP wrote -- if nothing can be completed by the compeltion mechanism, jsut fall back and complete the files in the current directory. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.14-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages bash-completion depends on: ii bash 4.3-7 ii dpkg 1.17.10 bash-completion recommends no packages. bash-completion suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#754510: mpv: segfaults on too short tracks
On Sun, 13 Jul 2014 16:35:10 +0200, Alessandro Ghedini gh...@debian.org wrote: On Fri, Jul 11, 2014 at 11:37:39PM +0200, arne anka wrote: Package: mpv Version: 1:0.4.1-dmo1 Could you please stop filing bugs for versions that are not in Debian? It happened in the past that bugs filed for versions of packages from deb-multimedia were not present in the official Debian packages. dpkg -s mpv ... Maintainer: Christian Marillat maril...@deb-multimedia.org Bugs: mailto:maril...@deb-multimedia.org ... i am still under the impression, that these tags designate the receiver of bug reports -- if that is wrong, there's obviously a bug in reportbug -- and nevertheless it certainly wouldn't hurt to make your issue clear in a less offensive way. you did not yet say anything about that, unless i am supposed to read that from uhmm! Severity: normal Dear Maintainer, lsdvd dvdimage Title: 01, Length: 00:22:04.000 Chapters: 01, Cells: 01, Audio streams: 06, Subpictures: 12 Title: 02, Length: 00:21:54.400 Chapters: 01, Cells: 01, Audio streams: 06, Subpictures: 12 Title: 03, Length: 00:21:52.000 Chapters: 01, Cells: 01, Audio streams: 06, Subpictures: 12 Title: 04, Length: 00:00:00.480 Chapters: 01, Cells: 01, Audio streams: 06, Subpictures: 12 Title: 05, Length: 00:00:12.800 Chapters: 01, Cells: 01, Audio streams: 06, Subpictures: 12 Title: 06, Length: 00:00:00.480 Chapters: 01, Cells: 01, Audio streams: 06, Subpictures: 12 Title: 07, Length: 00:03:14.000 Chapters: 01, Cells: 01, Audio streams: 06, Subpictures: 12 Longest track: 01 playing mpv -dvd-image dvdimage dvd://3 The dvd-image option doesn't exist, did you mean --dvd-device? causes mpv to segfault (since mpv starts with 0 whereas lsdvd starts at 1, track 3 for mpv is track 4 of lsdvd output) let me know what i can do to provide more info. I can't reproduce. Would it be possible for you to upload this dvd image somewhere so I can test this? Or even an image with only the affected track, if it still causes the bug. It would be also useful if you could provide a backtrace of the crash (using gdb) with the mpv-dbg package installed. Cheers -- Schon vor dem Come-Back von Modern Talking wusste ich: Dieter Bohlen ist der Preis der Freiheit. Heinz Rudolf Kunze -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#754510: mpv: segfaults on too short tracks
Package: mpv Version: 1:0.4.1-dmo1 Severity: normal Dear Maintainer, lsdvd dvdimage Title: 01, Length: 00:22:04.000 Chapters: 01, Cells: 01, Audio streams: 06, Subpictures: 12 Title: 02, Length: 00:21:54.400 Chapters: 01, Cells: 01, Audio streams: 06, Subpictures: 12 Title: 03, Length: 00:21:52.000 Chapters: 01, Cells: 01, Audio streams: 06, Subpictures: 12 Title: 04, Length: 00:00:00.480 Chapters: 01, Cells: 01, Audio streams: 06, Subpictures: 12 Title: 05, Length: 00:00:12.800 Chapters: 01, Cells: 01, Audio streams: 06, Subpictures: 12 Title: 06, Length: 00:00:00.480 Chapters: 01, Cells: 01, Audio streams: 06, Subpictures: 12 Title: 07, Length: 00:03:14.000 Chapters: 01, Cells: 01, Audio streams: 06, Subpictures: 12 Longest track: 01 playing mpv -dvd-image dvdimage dvd://3 causes mpv to segfault (since mpv starts with 0 whereas lsdvd starts at 1, track 3 for mpv is track 4 of lsdvd output) let me know what i can do to provide more info. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.14-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages mpv depends on: ii libasound2 1.0.28-1 ii libass5 0.10.2-3 ii libavcodec5510:2.2.4-dmo3 ii libavdevice55 10:2.2.4-dmo3 ii libavfilter410:2.2.4-dmo3 ii libavformat55 10:2.2.4-dmo3 ii libavresample1 10:2.2.4-dmo3 ii libavutil52 10:2.2.4-dmo3 ii libbluray1 2:0.6.0-dmo2 ii libbs2b03.1.0+dfsg-2 ii libc6 2.19-5 ii libcaca00.99.beta19-2 ii libcdio-cdda1 0.83-4.1 ii libcdio-paranoia1 0.83-4.1 ii libcdio13 0.83-4.1 ii libdvdnav4 4.2.1-3 ii libdvdread4 4.2.1-2 ii libegl1-mesa [libegl1-x11] 10.2.3-1 ii libenca01.15-2 ii libgl1-mesa-glx [libgl1]10.2.3-1 ii libguess1 1.2-dmo2 ii libjack-jackd2-0 [libjack-0.116]1.9.10+20140610git97e0e80b~dfsg-1 ii libjpeg88d1-1 ii liblcms2-2 2.6-3 ii liblircclient0 0.9.0~pre1-1 ii liblua5.2-0 5.2.3-1 ii libmpg123-0 1.20.0-1 ii libncurses5 5.9+20140118-1 ii libopenal1 1:1.14-4 ii libpostproc52 10:2.2.4-dmo3 ii libpulse0 5.0-2 ii libquvi70.4.1-2.1 ii libsmbclient2:4.1.9+dfsg-1 ii libswscale2 10:2.2.4-dmo3 ii libtinfo5 5.9+20140118-1 ii libv4l-01.2.1-2 ii libva-glx1 1.3.1-3 ii libva-x11-1 1.3.1-3 ii libva1 1.3.1-3 ii libvdpau1 0.7-2 ii libwayland-client0 1.5.0-1 ii libwayland-cursor0 1.5.0-1 ii libwayland-egl1-mesa [libwayland-egl1] 10.2.3-1 ii libx11-62:1.6.2-2 ii libxext62:1.3.2-1 ii libxinerama12:1.1.3-1 ii libxkbcommon0 0.4.0-1 ii libxss1 1:1.2.2-1 ii libxv1 2:1.0.10-1 ii libxxf86vm1 1:1.1.3-1 ii zlib1g 1:1.2.8.dfsg-1 mpv recommends no packages. mpv suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#754511: mpv: after each track it either displays dvd menu or copyright blurb
Package: mpv Version: 1:0.4.1-dmo1 Severity: normal Dear Maintainer, having a dvd image with 3 tracks, i play it via mpv -dvd-image dvdimage dvd://0-2 but instead of siwtching seamlessly to the next track, after track 0 and 1 i get the dvd menu and after track 2 it plays the copyright blurb. while after the blurb at leats it finishes, it stays at the menu unless i intervene. i'd expect it to behave like mplayer does: play all tracks after each automatically other without -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.14-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages mpv depends on: ii libasound2 1.0.28-1 ii libass5 0.10.2-3 ii libavcodec5510:2.2.4-dmo3 ii libavdevice55 10:2.2.4-dmo3 ii libavfilter410:2.2.4-dmo3 ii libavformat55 10:2.2.4-dmo3 ii libavresample1 10:2.2.4-dmo3 ii libavutil52 10:2.2.4-dmo3 ii libbluray1 2:0.6.0-dmo2 ii libbs2b03.1.0+dfsg-2 ii libc6 2.19-5 ii libcaca00.99.beta19-2 ii libcdio-cdda1 0.83-4.1 ii libcdio-paranoia1 0.83-4.1 ii libcdio13 0.83-4.1 ii libdvdnav4 4.2.1-3 ii libdvdread4 4.2.1-2 ii libegl1-mesa [libegl1-x11] 10.2.3-1 ii libenca01.15-2 ii libgl1-mesa-glx [libgl1]10.2.3-1 ii libguess1 1.2-dmo2 ii libjack-jackd2-0 [libjack-0.116]1.9.10+20140610git97e0e80b~dfsg-1 ii libjpeg88d1-1 ii liblcms2-2 2.6-3 ii liblircclient0 0.9.0~pre1-1 ii liblua5.2-0 5.2.3-1 ii libmpg123-0 1.20.0-1 ii libncurses5 5.9+20140118-1 ii libopenal1 1:1.14-4 ii libpostproc52 10:2.2.4-dmo3 ii libpulse0 5.0-2 ii libquvi70.4.1-2.1 ii libsmbclient2:4.1.9+dfsg-1 ii libswscale2 10:2.2.4-dmo3 ii libtinfo5 5.9+20140118-1 ii libv4l-01.2.1-2 ii libva-glx1 1.3.1-3 ii libva-x11-1 1.3.1-3 ii libva1 1.3.1-3 ii libvdpau1 0.7-2 ii libwayland-client0 1.5.0-1 ii libwayland-cursor0 1.5.0-1 ii libwayland-egl1-mesa [libwayland-egl1] 10.2.3-1 ii libx11-62:1.6.2-2 ii libxext62:1.3.2-1 ii libxinerama12:1.1.3-1 ii libxkbcommon0 0.4.0-1 ii libxss1 1:1.2.2-1 ii libxv1 2:1.0.10-1 ii libxxf86vm1 1:1.1.3-1 ii zlib1g 1:1.2.8.dfsg-1 mpv recommends no packages. mpv suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#754512: mpv: dvd:// plays second track
Package: mpv Version: 1:0.4.1-dmo1 Severity: normal Dear Maintainer, playing a dvd image with 7 tracks (0-3 are episodes, 4-6 are just the usual fillers) via mpv -dvd-image dvdimage dvd:// plays the second track, not the first. i am not quite sure what exactly to expect (just playing or presenting the dvd menu or something entirely different), but i think it shouldn't skip the first track. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.14-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages mpv depends on: ii libasound2 1.0.28-1 ii libass5 0.10.2-3 ii libavcodec5510:2.2.4-dmo3 ii libavdevice55 10:2.2.4-dmo3 ii libavfilter410:2.2.4-dmo3 ii libavformat55 10:2.2.4-dmo3 ii libavresample1 10:2.2.4-dmo3 ii libavutil52 10:2.2.4-dmo3 ii libbluray1 2:0.6.0-dmo2 ii libbs2b03.1.0+dfsg-2 ii libc6 2.19-5 ii libcaca00.99.beta19-2 ii libcdio-cdda1 0.83-4.1 ii libcdio-paranoia1 0.83-4.1 ii libcdio13 0.83-4.1 ii libdvdnav4 4.2.1-3 ii libdvdread4 4.2.1-2 ii libegl1-mesa [libegl1-x11] 10.2.3-1 ii libenca01.15-2 ii libgl1-mesa-glx [libgl1]10.2.3-1 ii libguess1 1.2-dmo2 ii libjack-jackd2-0 [libjack-0.116]1.9.10+20140610git97e0e80b~dfsg-1 ii libjpeg88d1-1 ii liblcms2-2 2.6-3 ii liblircclient0 0.9.0~pre1-1 ii liblua5.2-0 5.2.3-1 ii libmpg123-0 1.20.0-1 ii libncurses5 5.9+20140118-1 ii libopenal1 1:1.14-4 ii libpostproc52 10:2.2.4-dmo3 ii libpulse0 5.0-2 ii libquvi70.4.1-2.1 ii libsmbclient2:4.1.9+dfsg-1 ii libswscale2 10:2.2.4-dmo3 ii libtinfo5 5.9+20140118-1 ii libv4l-01.2.1-2 ii libva-glx1 1.3.1-3 ii libva-x11-1 1.3.1-3 ii libva1 1.3.1-3 ii libvdpau1 0.7-2 ii libwayland-client0 1.5.0-1 ii libwayland-cursor0 1.5.0-1 ii libwayland-egl1-mesa [libwayland-egl1] 10.2.3-1 ii libx11-62:1.6.2-2 ii libxext62:1.3.2-1 ii libxinerama12:1.1.3-1 ii libxkbcommon0 0.4.0-1 ii libxss1 1:1.2.2-1 ii libxv1 2:1.0.10-1 ii libxxf86vm1 1:1.1.3-1 ii zlib1g 1:1.2.8.dfsg-1 mpv recommends no packages. mpv suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#753265: mpv: dvd tracks index starts at 0 instead of 1
Package: mpv Version: 1:0.4.0-dmo1 Severity: normal Dear Maintainer, recent version suddenly starts to enumerate dvd tracks at 0 instead of the usual 1, which means that dvd://1-3 will play tracks 2-4 -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.14-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages mpv depends on: ii libasound2 1.0.27.2-4 ii libass4 0.10.1-3 ii libavcodec5510:2.2.4-dmo1 ii libavdevice55 10:2.2.4-dmo1 ii libavfilter410:2.2.4-dmo1 ii libavformat55 10:2.2.4-dmo1 ii libavresample1 10:2.2.4-dmo1 ii libavutil52 10:2.2.4-dmo1 ii libbluray1 2:0.6.0-dmo2 ii libbs2b03.1.0+dfsg-2 ii libc6 2.19-4 ii libcaca00.99.beta19-2 ii libcdio-cdda1 0.83-4.1 ii libcdio-paranoia1 0.83-4.1 ii libcdio13 0.83-4.1 ii libdvdnav4 4.2.1-3 ii libdvdread4 4.2.1-2 ii libegl1-mesa [libegl1-x11] 10.2.1-2 ii libenca01.15-2 ii libgl1-mesa-glx [libgl1]10.2.1-2 ii libguess1 1.2-dmo2 ii libjack-jackd2-0 [libjack-0.116]1.9.10+20140610git97e0e80b~dfsg-1 ii libjpeg88d-2 ii liblcms2-2 2.6-3 ii liblircclient0 0.9.0~pre1-1 ii liblua5.2-0 5.2.3-1 ii libmpg123-0 1.18.0-1 ii libncurses5 5.9+20140118-1 ii libopenal1 1:1.14-4 ii libpostproc52 10:2.2.4-dmo1 ii libpulse0 5.0-2 ii libquvi70.4.1-2.1 ii libsmbclient2:4.1.9+dfsg-1 ii libswscale2 10:2.2.4-dmo1 ii libtinfo5 5.9+20140118-1 ii libv4l-01.2.0-2 ii libva-glx1 1.3.1-3 ii libva-x11-1 1.3.1-3 ii libva1 1.3.1-3 ii libvdpau1 0.7-2 ii libwayland-client0 1.5.0-1 ii libwayland-cursor0 1.5.0-1 ii libwayland-egl1-mesa [libwayland-egl1] 10.2.1-2 ii libx11-62:1.6.2-2 ii libxext62:1.3.2-1 ii libxinerama12:1.1.3-1 ii libxkbcommon0 0.4.0-1 ii libxss1 1:1.2.2-1 ii libxv1 2:1.0.10-1 ii libxxf86vm1 1:1.1.3-1 ii zlib1g 1:1.2.8.dfsg-1 mpv recommends no packages. mpv suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#749072: obnam: MemoryError in create_generation
Package: obnam
Version: 1.8-1
Severity: important
Dear Lars,
I'm running into a MemoryError when trying to do a backup:
sudo obnam --config .obnam.conf backup .
[sudo] password for arne:
05h18m27s 742799 files 86.79 GiB scanned: making checkpoint: starting a new
generationTraceback (most recent call last):
File /usr/lib/python2.7/dist-packages/cliapp/app.py, line 190, in _run
self.process_args(args)
File /usr/lib/python2.7/dist-packages/obnamlib/app.py, line 201, in
process_args
cliapp.Application.process_args(self, args)
File /usr/lib/python2.7/dist-packages/cliapp/app.py, line 568, in
process_args
method(args[1:])
File /usr/lib/python2.7/dist-packages/obnamlib/plugins/backup_plugin.py,
line 370, in backup
self.backup_roots(roots)
File /usr/lib/python2.7/dist-packages/obnamlib/plugins/backup_plugin.py,
line 560, in backup_roots
pathname, metadata)
File /usr/lib/python2.7/dist-packages/obnamlib/plugins/backup_plugin.py,
line 909, in backup_file_contents
self.make_checkpoint()
File /usr/lib/python2.7/dist-packages/obnamlib/plugins/backup_plugin.py,
line 659, in make_checkpoint
self.client_name)
File /usr/lib/python2.7/dist-packages/obnamlib/fmt_6/repo_fmt_6.py, line
490, in create_generation
client_name, open_client_info)
File /usr/lib/python2.7/dist-packages/obnamlib/fmt_6/repo_fmt_6.py, line
455, in _refresh_open_client_info_cached_generation_ids
for gen_number in client_info.client.list_generations()]
File /usr/lib/python2.7/dist-packages/obnamlib/fmt_6/clientmetadatatree.py,
line 246, in list_generations
genid = self._get_generation_id_or_None(t)
File /usr/lib/python2.7/dist-packages/obnamlib/fmt_6/clientmetadatatree.py,
line 285, in _get_generation_id_or_None
return self.get_generation_id(tree)
File /usr/lib/python2.7/dist-packages/obnamlib/fmt_6/clientmetadatatree.py,
line 281, in get_generation_id
return self._lookup_int(tree, self.genkey(self.GEN_ID))
File /usr/lib/python2.7/dist-packages/obnamlib/fmt_6/clientmetadatatree.py,
line 207, in _lookup_int
return struct.unpack('!Q', tree.lookup(key))[0]
File /usr/lib/python2.7/dist-packages/larch/tree.py, line 142, in lookup
node = self._get_node(node[k])
File /usr/lib/python2.7/dist-packages/larch/tree.py, line 111, in _get_node
return self.node_store.get_node(node_id)
File /usr/lib/python2.7/dist-packages/larch/nodestore_disk.py, line 235, in
get_node
encoded = self.journal.cat(name)
File /usr/lib/python2.7/dist-packages/larch/journal.py, line 162, in cat
return self.fs.cat(filename)
File /usr/lib/python2.7/dist-packages/obnamlib/fmt_6/repo_fmt_6.py, line
57, in cat
data = self.fs.cat(filename)
File /usr/lib/python2.7/dist-packages/obnamlib/vfs_local.py, line 299, in
cat
chunk = f.read(self.chunk_size)
File /usr/lib/python2.7/dist-packages/obnamlib/vfs_local.py, line 45, in
read
data = file.read(self, amount)
MemoryError
As you can see, it took quite some time for ~87GiB. That is because
there are a lot of small files (ca. 1.8mil files over all).
This is the second backup with obnam, the first one worked just
fine. There is also another backup from a different computer in the
repository.
I'm making the backups to a USB-attached HDD.
Thank you for this software (other than this bug, it rocks)
Arne
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (900, 'unstable'), (800, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.13-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages obnam depends on:
ii libc6 2.18-4
ii python2.7.5-5
ii python-cliapp 1.20140315-1
ii python-fuse 2:0.2.1-9
ii python-larch 1.20131130-1
ii python-paramiko 1.10.1-1
ii python-tracing0.8-1
ii python-ttystatus 0.23-1
obnam recommends no packages.
obnam suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#741701: turses: deb package missing versioned dependency on tweepy
Package: turses Version: 0.2.20-1 Severity: normal Dear Maintainer, I have wheezy as default distribution however jessie sid are in my apt sources. I did: # apt-get install turses Turses was installed from sid however dependencies were taken from wheezy. when trying to start turses: [...exception...] pkg_resources.DistributionNotFound: tweepy=2.1 If turses depends on tweepy=2.1 it should be specified in deb package so the required version is installed automatically. After apt-get install python-tweepy=2.1-1 turses works as expected, please, add versioned dependency to turses' deb package -- System Information: Debian Release: 7.4 APT prefers stable APT policy: (990, 'stable'), (800, 'unstable'), (750, 'experimental'), (400, 'oldstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-xen-686 (SMP w/2 CPU cores) Locale: LANG=cs_CZ.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages turses depends on: ii python2.7.3-4+deb7u1 ii python-oauth2 1.5.211-2 ii python-pkg-resources 0.6.24-1 ii python-tweepy 1.7.1-2 ii python-urwid 1.0.1-2 Versions of packages turses recommends: ii turses-doc 0.2.20-1 turses suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#737679: needs to be built with libtirpc
It looks like this is down to autofs not handling names using only IPv6 addresses. Not sure why this happens given that I would have expected it to just pass this directly to mount(8) but it's presumably doing more than that. Not sure exactly what the cause is, though /usr/lib/x86_64-linux-gnu/autofs/mount_nfs.so is using getaddrinfo and I can't see any obvious defect with a quick glance over the sources. Autofs does some initial NFS probing of its own, as part of handling server replication. From the debug output for a successful mount from a dual-stack server, we can also see that get_nfs_info() is only using the IPv4 address(es) of the server. IPv6 support seems to need libtirpc. If autofs is rebuilt using --with-libtirpc, both IPv6 and IPv4 addresses are used in get_nfs_info(), and the IPv6 only case now works. In wheezy at least, the following patch (or something similar): --- a/lib/rpc_subs.c +++ b/lib/rpc_subs.c @@ -34,6 +34,7 @@ #include pthread.h #include poll.h +/* #ifdef WITH_LIBTIRPC #undef auth_destroy #define auth_destroy(auth) \ @@ -43,6 +44,7 @@ ((*((auth)-ah_ops-ah_destroy))(auth));\ } while (0) #endif +*/ #include mount.h #include rpc_subs.h which removes a redefinition of auth_destroy() is also needed. The redefinition seems to have been an attempt to avoid a symbol clash on log_debug(), but in the wheezy macro there is no symbol clash, and the redefinition instead creates an undefined symbol auth_put(). Arne -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#717544: Patch for CVE-2013-2207
begin quotation from Moritz Muehlenhoff (in 20140301122144.ga11...@inutil.org): Version: 2.18-1 On Fri, Aug 23, 2013 at 02:13:40PM +0200, Arne Wichmann wrote: tags #717544 + patch Hi. A patch for CVE-2013-2207 is available on http://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2013-2207 Fixed in sid with commit https://sourceware.org/git/?p=glibc.git;a=commit;h=e4608715e6e1dd2adc91982fd151d5ba4f761d69 What about stable? cu AW -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (a...@linux.de) signature.asc Description: Digital signature
Bug#739580: does not run
Package: gnome-system-monitor Version: 3.10.2-2 Severity: grave # gnome-system-monitor glibtop: Non-standard uts for running kernel: release 3.12-1-amd64=3.12.0 gives version code 199680 -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gnome-system-monitor depends on: ii dconf-gsettings-backend [gsettings-backend] 0.18.0-1 ii libc62.17-97 ii libcairo21.12.16-2 ii libgcc1 1:4.8.2-15 ii libgdk-pixbuf2.0-0 2.30.4-1 ii libglib2.0-0 2.38.2-5 ii libglibmm-2.4-1c2a 2.36.2-1 ii libgtk-3-0 3.10.7-1 ii libgtkmm-3.0-1 3.8.1-1 ii libgtop2-7 2.28.5-2 ii libpango-1.0-0 1.36.0-1+b1 ii libpangocairo-1.0-0 1.36.0-1+b1 ii librsvg2-2 2.40.0-1 ii libsigc++-2.0-0c2a 2.2.11-3 ii libstdc++6 4.8.2-15 ii libsystemd-login0204-7 ii libwnck-3-0 3.4.7-1 Versions of packages gnome-system-monitor recommends: ii gvfs 1.16.3-2 gnome-system-monitor suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#739261: libhdf5-openmpi-dev: Version in stable (wheezy) does not work with gfortran from stable
Package: libhdf5-openmpi-dev Version: 1.8.8-9 Severity: normal The current version in wheezy was not built using the current version of gfortran in wheezy, and compilation fails: prompt h5fc h5_crtdat.f90 h5_crtdat.f90:26.6: USE HDF5 ! This module contains all necessary modules 1 Fatal Error: Wrong module version '6' (expected '9') for file 'hdf5.mod' -- The first line of /usr/include/hdf5.mod reads: GFORTRAN module version '6' created from ../../../../fortran/src/HDF5mpio.f90 on Thu Mar 8 11:40:49 2012 This is issue #630986 manifesting itself again, and a rebuild in a current wheezy environment is enough to solve this problem. It would be nice to see such a rebuilt in upcoming stable (wheezy) releases. Thanks Arne Nordmark -- System Information: Debian Release: 7.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libhdf5-openmpi-dev depends on: ii hdf5-helpers1.8.8-9 ii libhdf5-openmpi-7 1.8.8-9 ii libjpeg8-dev [libjpeg-dev] 8d-1 ii libopenmpi-dev 1.4.5-1 ii zlib1g-dev 1:1.2.7.dfsg-13 libhdf5-openmpi-dev recommends no packages. Versions of packages libhdf5-openmpi-dev suggests: pn libhdf5-doc none -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#738973: invoke-rc.d: unknown initscript, /etc/init.d/dictd not found.
Package: dict-freedict-nld-deu Version: 2014.02.02-1 Severity: grave Preparing to unpack .../dict-freedict-nld-deu_2014.02.02-1_all.deb ... Unpacking dict-freedict-nld-deu (2014.02.02-1) ... Setting up dict-freedict-nld-deu (2014.02.02-1) ... invoke-rc.d: unknown initscript, /etc/init.d/dictd not found. dpkg: error processing package dict-freedict-nld-deu (--configure): subprocess installed post-installation script returned error exit status 100 Errors were encountered while processing: dict-freedict-nld-deu Other dict-freedict-packages also. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash dict-freedict-nld-deu depends on no packages. dict-freedict-nld-deu recommends no packages. Versions of packages dict-freedict-nld-deu suggests: pn dict | opendict | kdict | gnome-dictionary none pn dictd | serpentonone -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#646020: Ping: CVE-2011-3624
begin quotation from Antonio Terceiro (in 20140212131039.ga2...@debian.org): On Mon, Feb 10, 2014 at 03:49:31PM +0100, Arne Wichmann wrote: There has been no action on this bug for over a year now. Is there any plan to do something about this? not quite - there is no patch for this anywhere - webrick is hardly something that anyone with a little bit of sanity would use in production I see. Maybe there should just be a clear warning against using this (for example by syslogging a warning) and then it could be marked as unimportant in the security tracker... cu AW -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (a...@linux.de) signature.asc Description: Digital signature
Bug#739031: invoke-rc.d: unknown initscript, /etc/init.d/dictd not found.
Package: dict-freedict-eng-rus Version: 2014.02.02-1 Severity: serious Preparing to unpack .../dict-freedict-eng-rus_2014.02.02-1_all.deb ... Unpacking dict-freedict-eng-rus (2014.02.02-1) ... Setting up dict-freedict-eng-rus (2014.02.02-1) ... invoke-rc.d: unknown initscript, /etc/init.d/dictd not found. dpkg: error processing package dict-freedict-eng-rus (--configure): subprocess installed post-installation script returned error exit status 100 Errors were encountered while processing: dict-freedict-eng-rus -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash dict-freedict-eng-rus depends on no packages. dict-freedict-eng-rus recommends no packages. Versions of packages dict-freedict-eng-rus suggests: pn dict | opendict | kdict | gnome-dictionary none pn dictd | serpentonone -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#646020: Ping: CVE-2011-3624
Hi! There has been no action on this bug for over a year now. Is there any plan to do something about this? cu AW -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (a...@linux.de) signature.asc Description: Digital signature
Bug#738572: libav-tools: CVE-2011-3935
Package: libav-tools Version: 6:9.11-1 Severity: grave Tags: security Justification: user security hole Hi... As far as I can see, CVE-2011-3935 [1] applies to libav-tools. As the descriptions for the problem are bit low on information I use a high severity - feel free to lower it if that is not appropriate. A fix for ffmpeg is at [2]. [1] https://security-tracker.debian.org/tracker/CVE-2011-3935 [2] http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=668494acd8b20f974c7722895d4a6a14c1005f1e cu AW -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (40, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.12.9 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages libav-tools depends on: ii dpkg 1.17.6 ii libavcodec54 6:9.11-1 ii libavdevice53 6:9.10-2 ii libavfilter3 6:9.10-2 ii libavformat54 6:9.11-1 ii libavresample1 6:9.11-1 ii libavutil526:9.11-1 ii libbz2-1.0 1.0.6-5 ii libc6 2.17-97 ii libgnutls262.12.23-10+b1 ii libgsm11.0.13-4 ii libmp3lame03.99.5+repack1-3 ii libopenjpeg2 1.3+dfsg-4.7+b1 ii libopus0 1.1-1 ii librtmp0 2.4+20121230.gitdf6c518-1 ii libschroedinger-1.0-0 1.0.11-2 ii libsdl1.2debian1.2.15-8 ii libspeex1 1.2~rc1.1-1 ii libswscale26:9.11-1 ii libtheora0 1.1.1+dfsg.1-3.1 ii libva1 1.2.1-2 ii libvorbis0a1.3.2-1.3 ii libvorbisenc2 1.3.2-1.3 ii libvpx11.3.0-2 ii libx264-1332:0.133.2339+git585324f-2+b1 ii libxvidcore4 2:1.3.2-9 ii zlib1g 1:1.2.8.dfsg-1 libav-tools recommends no packages. Versions of packages libav-tools suggests: pn frei0r-plugins none -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#736325: dh-make-drupal: Developer versions are detected as recommended
Package: dh-make-drupal Version: 1.7-1 Severity: normal Developer versions of modules are detected as both recommended and developer, and selected over recommended versions, when scanning the Drupal site. kaipak[nordmark]~/tmp dh-make-drupal -D --debug 3 date D:Parsed options: --- d_ver: 7 min_status: :recommended force_overwrite: false debug: '3' report_only: false debianize: false skip_build: false skip_recommend: false switches: -us -uc tarball: false proj_version: proj_type: Modules mangle_version: true provides: project: date D:Preparing package for 'date' for Drupal 7, status = recommended D:Fetching project information from https://drupal.org/project/date D:Project type for date: Modules D:Found version 7.x-2.7 (recommended) D:This release was uploaded on 2013-12-21 00:00:00 +0100 D:Found version 6.x-2.9 (recommended) D:This release was uploaded on 2012-04-27 00:00:00 +0200 D:Found version 8.x-1.x-dev (recommended) D:This release was uploaded on 2013-09-30 00:00:00 +0200 D:Found version 7.x-2.x-dev (recommended) D:This release was uploaded on 2014-01-06 00:00:00 +0100 D:Found version 6.x-2.x-dev (recommended) D:This release was uploaded on 2013-10-21 00:00:00 +0200 D:Found version 8.x-1.x-dev (developer) D:This release was uploaded on 2013-09-30 00:00:00 +0200 D:Found version 7.x-2.x-dev (developer) D:This release was uploaded on 2014-01-06 00:00:00 +0100 D:Found version 6.x-2.x-dev (developer) D:This release was uploaded on 2013-10-21 00:00:00 +0200 D:Going over 8 available releases, searching for compatibility with Drupal 7, minimum development status recommended (2) I: Found #DrupalProject::Project:0x00014a2a30 version 2~~dev (status: recommended) D:Download URL: http://ftp.drupal.org/files/projects/date-7.x-2.x-dev.tar.gz D:Retreiving remote file http://ftp.drupal.org/files/projects/date-7.x-2.x-dev.tar.gz D:Attempting to save in drupal7-mod-date_2~~dev.orig.tar.gz D:Skipping Debian package creation as requested at command line Note that version 7.x-2.x-dev is listed twice, first as (recommended), and secondly as (developer). This is the sid version of dh-make-drupal, running on a wheezy system, since the wheezy version no longer parses the Drupal site at all. Thanks, Arne -- System Information: Debian Release: 7.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages dh-make-drupal depends on: ii build-essential 11.5 ii debhelper9.20120909 ii libruby 1:1.9.3 ii ruby 1:1.9.3 ii ruby-hpricot 0.8.6-3 dh-make-drupal recommends no packages. Versions of packages dh-make-drupal suggests: pn drupal6 | drupal7 none -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#726578: Ping: pwgen: Multiple vulnerabilities in passwords generation
Thank you for reacting quickly!
begin quotation from Theodore Ts'o (in 20140112234500.ga15...@thunk.org):
On Sun, Jan 12, 2014 at 09:27:14PM +0100, Arne Wichmann wrote:
This grave problem is now open for more than two months. Is there any plan
to resolve this?
First, the CVE about having the unavailability of /dev/random fail
hard -- sure, that should be a separate bug since that's a fix that I
think is reasonable at this point. We can now guarantee that
/dev/random exists everywhere. (And by that same token, if an
attacker can cause /dev/random not to be present, they probably have
root, so you're probably toast anyway. So I don't think it's going to
really improve things to remove the drand() fallback, but I don't have
strong feelings about that.)
So you might clone a new bug for this...
Secondly, I'll note that one of the CVE's were rejected as not a
vulnerability. (In general it would have been better to have opened
seperate bugs for each CVE.)
Different maintainers have different preferences here - I will note that
you want seperate bugs (as we do for a number of other packages).
Finally, whether you think the other two CVE's justify this to be
serious, let alone grave bug really depends on what you think the
goals of pwgen are. To quote from the manual page:
This is your decision - we try to use a fitting severity for every problem,
but sometimes the cases are not so clear.
The pwgen program generates passwords which are designed to be easily
memorized by humans, while being as secure as possible. Human-memo???
rable passwords are never going to be as secure as completely com???
pletely random passwords. In particular, passwords generated by pwgen
without the -s option should not be used in places where the password
could be attacked via an off-line brute-force attack.On the other
hand, completely randomly generated passwords have a tendency to be
written down, and are subject to being compromised in that fashion.
So we could change the defaults to be pwgen -csy 20, in which case
you would get passwords like tihs:
L}U@lc_~i^n|ro!4uI- 1`;yXlYVMW%?E9)3A7G **}6BoBu=!~3)y?3v]Or
=:PC;H?E7*+6$c-QH URGgjUNG[\dSw\p7F-] _AXZ~(HYd8Q#%b!]'u:
~)0I-{)}_Ya*Q2nlWN; ^#t~1/'sf@*xz9GOhBuv e_[-_Fe{CD#]DY8@M^a
I'm not sure that would be an improvement, as simply no one would use
them.
OK, how about this? (Generated using pwgen -s).
vQ6uwkMk lSswO2MB tA8dYPpl KU1pQ2Xh 2XfxRyrC Za2xKx7h psPwHZ0c dOsC0JBX
JY3udA9c t6LzoiUq M0jR3AoS GOHkNE7G TeThsZz1 6cVi4ayY Poe4hPj7 o2a7OpPC
Xh24cRLO 1chQyseV 6c2k0O3B OkdgRxy4 K6Vc4JY2 ylO3IE9B gVvNxw6B 7wjcOXwF
Again, this will make the professional paranoids happy (although
perhaps not as happy as =:PC;H?E7*+6$c-QH), but its not clear that
real users would be any less likely to write ylO3IE9B on a sticky
note which is pasted to their monitor, or just in a passwords file
in their home directory.
I do not have a really good idea on how to handle this. Some ideas come to
mind, mostly inspired by [1]:
- Improve the algorithm to be less biased. Though I see that would not be
easy.
- Warn about the bias
- Use -s as default
[2] suggests, that there is a patch out there, but I have not yet looked at
it.
So ultimately, a lot of this is about an argument over defaults, and I
think the higher level problem is that no matter what password policy
you use, passwords are doomed as a technology. Anything which is
secure against a brute force attack is impossible for a user to use,
unless they share passwords across multiple sites so they only have to
remember one password such as ylO3IE9B --- at which point they get
toast once some web site screws up in some way and gets penetrated by
bad guys.
I see the point, but that does not make the problem go away, and in many
cases you do not have so much of a choice, so the program does still have
its points.
CVE-2013-4440 has an easy fix, isn't it?
[1] http://www.openwall.com/lists/oss-security/2012/01/19/24
[2] http://marc.info/?l=oss-securitym=138015793928431w=2
cu
AW
--
[...] If you don't want to be restricted, don't agree to it. If you are
coerced, comply as much as you must to protect yourself, just don't support
it. Noone can free you but yourself. (crag, on Debian Planet)
Arne Wichmann (a...@linux.de)
signature.asc
Description: Digital signature
Bug#735287: logcheck: invent conditional logging
Package: logcheck Version: 1.3.15 Severity: wishlist Hi... There is one thing I would like to have in logcheck for quite a long time already: Invent a mechanism by which a pattern is only mailed (or not mailed) if another pattern was seen a given time before it (or also possibly after it). For example I would like to make reboots invisible on some machines, but I do want to see it if the sshd terminates as long as the machine is not rebooting. cu AW -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (40, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.12.6 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages logcheck depends on: ii adduser3.113+nmu3 ii cron 3.0pl1-124 ii exim4-daemon-light [mail-transport-agent] 4.82-3 ii lockfile-progs 0.1.17 ii logtail1.3.15 pn mime-construct none ii rsyslog [system-log-daemon]7.4.4-1 Versions of packages logcheck recommends: ii logcheck-database 1.3.15 Versions of packages logcheck suggests: pn syslog-summary none -- Configuration Files: /etc/logcheck/logcheck.conf changed [not included] /etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles' -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#735105: libnss3: CVE-2013-1741 in wheezy
Package: libnss3 Version: 2:3.14.5-1 Severity: important Tags: security, wheezy, squeeze Hi! You recently fixed CVE-2013-1741 in unstable, but it is still open for wheezy and squeeze. cu AW -- System Information: Debian Release: 7.3 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages libnss3 depends on: ii libc6 2.13-38 ii libnspr4 2:4.9.2-1+deb7u1 ii libnspr4-0d2:4.9.2-1+deb7u1 ii libsqlite3-0 3.7.13-1+deb7u1 ii multiarch-support 2.13-38 ii zlib1g 1:1.2.7.dfsg-13 libnss3 recommends no packages. libnss3 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#735105: libnss3: CVE-2013-1741 in wheezy
control: retitle 735105 CVE-2013-1741 and CVE-2013-5606 in wheezy Hi. The same applies to CVE-2013-5606. (Oops, I sent too fast.) cu AW -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (a...@linux.de) signature.asc Description: Digital signature
Bug#726578: Ping: pwgen: Multiple vulnerabilities in passwords generation
Hi! This grave problem is now open for more than two months. Is there any plan to resolve this? cu AW -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (a...@linux.de) signature.asc Description: Digital signature
Bug#722540: Ping: CVE-2013-4289 CVE-2013-4290
Hi. Is there any progress on this bug? This grave issue is now open for three months. cu AW -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (a...@linux.de) signature.asc Description: Digital signature
