Bug#93200: PermitEmptyPasswords conflicts with nullok_secure
Just for clarity, I just ran into this (pretty old !) issue and found the culprit. Even though you can configure PermitEmptyPasswords in the sshd_config file, pam will not allow any passwordless authentication from a non secure tty (from /etc/securetty). "ssh" is per definition a non-secure tty. Hence no matter what you put in your sshd_config file, password less authentication via ssh is not possible unless you either - replace "nullok_secure" with "nullok" in /etc/pam.d/common-auth, or - add "ssh" to /etc/securetty. What was the point of the nullok_secure at the first place ? Having a second "line-of-defense" against configurations like mine who wish passwordless (keyless) ssh access ? Regards, Ben. PS: Just for the record, I don't allow world-access to my system, I have the following in my configuration: Match User omp PermitEmptyPasswords yes ForceCommand /usr/bin/socat UNIX-CONNECT:/path/to/the/socket.sock - pgpPFkujVb9Jh.pgp Description: OpenPGP digital signature
Bug#849659: hd44780 driver linked with wrong sem_wait
Package: lcdproc Version: 0.5.7-2 Severity: grave Using the hd44780 driver with connectiontype=8bit consistently triggers a segmentation fault. The drivers of lcdproc define their own sem_get, sem_wait, sem_signal, ... (See server/drivers/lcd_sem.h). Unfortunately, the linux's version of sem_wait (3) is being used, leading to a segmentation fault. Program received signal SIGSEGV, Segmentation fault. sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:44 44 ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S: No such file or directory. (gdb) bt #0 sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:44 #1 0x774049d7 in lcdtime_HD44780_senddata (p=p@entry=0x631d00, displayID=displayID@entry=0 '\000', flags=flags@entry=1 '\001', ch=ch@entry=48 '0') at hd44780-ext8bit.c:153 #2 0x77404c7f in hd_init_ext8bit (drvthis=0x630810) at hd44780-ext8bit.c:112 #3 0x774022a1 in HD44780_init (drvthis=0x630810) at hd44780.c:373 #4 0x004109a0 in driver_load (name=name@entry=0x6220d0 "hd44780", filename=filename@entry=0x6307d0 "/usr/lib/x86_64-linux-gnu/lcdproc/hd44780.so") at driver.c:153 #5 0x0040fddf in drivers_load_driver (name=0x6220d0 "hd44780") at drivers.c:85 #6 0x00407df5 in init_drivers () at main.c:670 #7 0x0040635b in main (argc=, argv=) at main.c:2 Regards, Ben pgp9E9A6d_LLa.pgp Description: OpenPGP digital signature
Bug#803465: Acknowledgement (lxc-debian creates a lxc-multiarch file that breaks dpkg)
Upstream issue: https://github.com/lxc/lxc/issues/616 Corresponding Pull-request: https://github.com/lxc/lxc/pull/643 Should be in version 1.1.4 pgp_XouU_knmL.pgp Description: OpenPGP digital signature
Bug#782630: libgnutls26: Issue parsing some server certificates
Package: libgnutls26 Version: 2.12.20-8+deb7u2 Severity: important Dear Maintainer, I discovered that gnutls on wheezy is having trouble parsing some server certificates. If I add the leaf certificate to my list of CA it works fine, but with the (provided by ca-certificates) CA, it refuses to establish the connection. The issue can be reproduced with:: wget https://oval.mitre.org/rep-data/5.10/org.mitre.oval/m/oval.xml Which goes wrong (unknown issuer). The following goes well (Where ``EntrustCertificationAuthority-L1K`` is a local copy of the ``Entrust Certification Authority - L1K`` certificate):: wget https://oval.mitre.org/rep-data/5.10/org.mitre.oval/m/oval.xml --ca-certificate=EntrustCertificationAuthority-L1K GnuTLS seems to be unable to parse the certificate for Entrust Root Certification Authority - G2 correctly. A similar trouble seems to be described here: http://www.linuxquestions.org/questions/debian-26/wget-certificate-error-4175495817/ Let me know If I can provide you with more information. Best Regards, Ben. [ This issue was reported to the GnuTLS Maintainer ML here first: http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/2015-April/006457.html] Information: Debian Release: 7.8 Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages libgnutls26 depends on: ii libc6 2.13-38+deb7u8 ii libgcrypt111.5.0-5+deb7u2 ii libp11-kit00.20.2-1~bpo70+1 ii libtasn1-3 2.13-2+deb7u1 ii multiarch-support 2.13-38+deb7u8 ii zlib1g 1:1.2.7.dfsg-13 libgnutls26 recommends no packages. libgnutls26 suggests no packages. -- no debconf information -- Benoît Allard (B30A05B0)|Greenbone Networks GmbH|http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner signature.asc Description: OpenPGP digital signature
Bug#781309: (no subject)
I see, thanks for the update, that means I won't have to fill a bug for each of the packages ! Other affected packages: - libirs-export91 and dependencies (from isc-dhcp-client) - libcap2-bin (from systemd) - libpsl0 (from wget) And probably some others. Regards, Ben. -- Benoît Allard (B30A05B0)|Greenbone Networks GmbH|http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner signature.asc Description: OpenPGP digital signature