Bug#1062531: bind9-doc: Stylesheets et cetera are misplaced.
Package: bind9-doc Version: 1:9.18.19-1~deb12u1 Severity: normal Dear Maintainer, When one of the HTML files of the Bind manual is opened in a browser, it's displayed with very little formatting because the theme isn't found. The HTML code references stylesheets and Javascript in a directory named "_static", but those files are instead in a directory named "_static/_static". All the files in /usr/share/doc/bind9-doc/arm/_static/_static should be moved to /usr/share/doc/bind9-doc/arm/_static. -- System Information: Debian Release: 12.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-27-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_WARN Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- no debconf information
Bug#1041007: linux-image-6.1.0-0.deb11.7-amd64: Please enable TPM hardware RNG support (CONFIG_HW_RANDOM_TPM)
Hello, has there been any progress with this? I just spent several days investigating why my random number generator disappeared. I'm now running Bookworm on a Bullseye kernel because of this regression. That's not a good long-term solution. Björn Persson pgprsFBGKORPm.pgp Description: OpenPGP digital signatur
Bug#1041107: opendkim: CVE-2022-48521
Package: opendkim Version: 2.11.0~beta2-8 Followup-For: Bug #1041107 To expand on the brief CVE description: When OpenDKIM removes fake Authentication-Results fields (as required in https://www.rfc-editor.org/rfc/rfc8601#section-5), it doesn't account for the fact that – at least in Postfix – this changes the ordinal numbers of the following header fields, so it passes the wrong number to the MTA for the second and following header fields it removes. If there are more than one fake Authentication-Results fields, then OpenDKIM leaves some of them in place. Thus a fake Authentication-Results field can bypass OpenDKIM, and be relied on by other programs as if it had been added by OpenDKIM. An email message may be accepted when by policy it should be rejected, and/or the recipient can be tricked into believing that the sender is someone they trust. It seems unlikely that the vulnerability will be fixed upstream. Sysadmins should know that Authentication-Results from OpenDKIM can't be trusted unless some other program removes fake Authentication-Results fields from incoming messages before OpenDKIM processes them. A note for anyone who wants to develop a patch: The Libmilter API documentation doesn't specify whether removing a header field renumbers the following header fields, so hypothetically different MTAs could do it differently without violating the API specification. The safe way to handle the ambiguity is to remove header fields in reverse order.
Bug#928340: Linux 4.9.0-9-686: Boot hangs on Geode LX.
Package: src:linux Version: 4.9.168-1 Severity: critical File: /boot/vmlinuz-4.9.0-9-686 Justification: breaks the whole system Dear Maintainer, Debian 9 fails to boot on a Soekris net5501 with a Geode LX processor. Debian 8 worked fine. Running Debian 9 on Linux 3.16.0-8-586 from Debian 8 works. (That's what I'm running Reportbug on.) Linux 4.9.0-7-686, 4.9.0-8-686 and 4.9.0-9-686 appear to hang early in the boot process. The disk activity light remains lit when the system hangs. I'm attaching a boot log acquired over a serial console. I'm reporting this against the kernel because replacing only the kernel works around the problem, but it looks like SystemD has been started when the hang occurs, so I suppose a userspace issue can't be completely ruled out. Given that a kernel compiled for i586 works and one compiled for i686 does not, one might suspect that the processor isn't i686-compatible. This seems to be rather unclear. According to the release notes this processor should still be supported. It has all of the flags that this script tests for: https://www.debian.org/releases/stretch/i386/release-notes/ch-information#i386-is-now-almost-i686 On the debian-user mailing list, some people say that support for Geode LX has been dropped. Others say it should work. If it is actually no longer supported, then please reassign this bug report to the release notes. In that case the release notes should be updated to document this, and provide an accurate test. As near as I can tell this processor is a Geode LX 800. The bios boot screen calls it "Geode LX 500 MHz". It looks very much like this: https://commons.wikimedia.org/wiki/File:AMD_Geode_LX_800_CPU.jpg The text on the processor is: AMD Geode ALXC800EETJCVC 0703CQA 2003-05 C1 TAIWAN $ cat /proc/cpuinfo processor : 0 vendor_id : AuthenticAMD cpu family : 5 model : 10 model name : Geode(TM) Integrated Processor by AMD PCS stepping: 2 microcode : 0x8b cpu MHz : 499.900 cache size : 128 KB fdiv_bug: no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 1 wp : yes flags : fpu de pse tsc msr cx8 sep pge cmov clflush mmx mmxext 3dnowext 3dnow vmmcall bogomips: 999.80 clflush size: 32 cache_alignment : 32 address sizes : 32 bits physical, 32 bits virtual power management: -- Package-specific info: ** Kernel log: boot messages should be attached ** Model information ** PCI devices: 00:01.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] CS5536 [Geode companion] Host Bridge [1022:2080] (rev 31) Subsystem: Advanced Micro Devices, Inc. [AMD] CS5536 [Geode companion] Host Bridge [1022:2080] Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap- 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- SERR- TAbort- SERR- TAbort- SERR- Kernel driver in use: via-rhine Kernel modules: via_rhine 00:07.0 Ethernet controller [0200]: VIA Technologies, Inc. VT6105M [Rhine-III] [1106:3053] (rev 96) Subsystem: VIA Technologies, Inc. VT6105M [Rhine-III] [1106:0106] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- SERR- Kernel driver in use: via-rhine Kernel modules: via_rhine 00:08.0 Ethernet controller [0200]: VIA Technologies, Inc. VT6105M [Rhine-III] [1106:3053] (rev 96) Subsystem: VIA Technologies, Inc. VT6105M [Rhine-III] [1106:0106] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- SERR- Kernel driver in use: via-rhine Kernel modules: via_rhine 00:09.0 Ethernet controller [0200]: VIA Technologies, Inc. VT6105M [Rhine-III] [1106:3053] (rev 96) Subsystem: VIA Technologies, Inc. VT6105M [Rhine-III] [1106:0106] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- SERR- Kernel driver in use: via-rhine Kernel modules: via_rhine 00:14.0 ISA bridge [0601]: Advanced Micro Devices, Inc. [AMD] CS5536 [Geode companion] ISA [1022:2090] (rev 03) Subsystem: Advanced Micro Devices, Inc. [AMD] CS5536 [Geode companion] ISA [1022:2090] Control: I/O+ Mem- BusMaster- SpecCycle+ MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap- 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- SERR- TAbort- SERR- TAbort- SERR- TAbort- SERR- ii grub-pc 2.02~beta3-5+deb9u1 pn linux-doc-4.9 Versions of packages linux-image-4.9.0-9-686 is related to: pn firmware-amd-graphics
Bug#712427: libmyodbc: Out-of-bounds read in sqlchar_as_sqlwchar
Package: libmyodbc Version: 5.1.10-2+b1 Severity: important Tags: upstream patch In debugging a crashing program I spent many hours investigating this error report from Valgrind: ==20611== Conditional jump or move depends on uninitialised value(s) ==20611==at 0x7DEEF11: sqlchar_as_sqlwchar (stringutil.c:97) ==20611==by 0x7DCE77E: SQLConnect (ansi.c:268) ==20611==by 0x6: ??? ==20611== Uninitialised value was created by a heap allocation ==20611==at 0x4028308: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==20611==by 0x88C493C: my_malloc (in /usr/lib/i386-linux-gnu/libmysqlclient.so.18.0.0) ==20611==by 0x7DEEFCA: sqlchar_as_sqlwchar (stringutil.c:71) ==20611==by 0x7DCE77E: SQLConnect (ansi.c:268) ==20611==by 0x6: ??? I found that the code on line 97 reads past the end of the string, looking for a terminating null character that isn't there and apparently isn't supposed to be there as the length of the string is kept in a separate variable. The code then tries to avoid a disaster by doing the right test after it has done the wrong test, but with a bit of bad luck the out-of-bounds read could cause a segmentation fault. Even if the error wouldn't affect the operation of the code, fixing it will save programmers from wasting their time chasing false alarms. This patch reverses the order of the two tests. I suppose checking for null characters is OK as an additional safety measure, but it needs to be done conditionally after the length test to avoid an out-of-bounds read. Having debugging information available would also have saved me a lot of time. Would it be possible to build a debug package? -- System Information: Debian Release: 7.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i586) Kernel: Linux 3.2.0-4-486 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libmyodbc depends on: ii debconf [debconf-2.0] 1.5.49 ii libc6 2.13-38 ii libmysqlclient18 5.5.31+dfsg-0+wheezy1 ii odbcinst1debian2 2.2.14p2-5 ii zlib1g 1:1.2.7.dfsg-13 Versions of packages libmyodbc recommends: ii libodbc1 2.2.14p2-5 libmyodbc suggests no packages. --- mysql-connector-odbc-5.1.10-src.orig/util/stringutil.c 2012-01-24 15:36:53.0 +0100 +++ mysql-connector-odbc-5.1.10-src/util/stringutil.c 2013-06-14 21:57:29.0 +0200 @@ -94,7 +94,7 @@ return NULL; } - for (pos= str, i= 0; *pos pos str_end; ) + for (pos= str, i= 0; pos str_end *pos; ) { if (sizeof(SQLWCHAR) == 4) {
Bug#712427: Acknowledgement (libmyodbc: Out-of-bounds read in sqlchar_as_sqlwchar)
The upstream bug report is http://bugs.mysql.com/bug.php?id=64105 . signature.asc Description: PGP signature
Bug#653311: Suggestion: mkcdir
Package: moreutils Version: 0.31 Severity: wishlist Tags: patch I have often wanted a command combining mkdir and cd. I looked around and found several blog and forum posts showing quick and dirty implementations, but none that were complete enough to include in a distribution, so I wrote this one. Do you think this would fit in the Moreutils collection? It is admittedly somewhat different from most of the other tools in that it can't be used in a pipeline. I was originally going to call it mkcd, but that's apparently a CD making program in Solaris and Mandriva. mcd is taken by Mtools, to I decided on mkcdir. The command is implemented as a shell function, as a child process can't change the working directory of its parent. I don't expect it to work in a plain Bourne shell, but I have tested it in Bash, Kornshell and the Z Shell. I don't have an implementation for the C Shell. That would have to be quite different. -- System Information: Debian Release: 5.0.9 APT prefers oldstable APT policy: (500, 'oldstable') Architecture: i386 (i586) Kernel: Linux 2.6.26-2-486 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages moreutils depends on: ii libc62.7-18lenny7GNU C Library: Shared libraries ii perl 5.10.0-19lenny5 Larry Wall's Practical Extraction moreutils recommends no packages. Versions of packages moreutils suggests: pn libtime-duration-perl none (no description available) ii libtimedate-perl 1.1600-9 Time and date functions for Perl -- no debconf information function mkcdir { # Declare local variables. typeset parameter= typeset name= typeset name_count=0 typeset print_version= typeset print_help= # Analyze the command line. for parameter in $@ ; do case ${parameter} in --version) print_version=on ;; --help) print_help=on ;; -*) # It's an option for mkdir. ;; *) # It's a directory name. name=${parameter} name_count=$(($name_count + 1)) ;; esac done # Print the version and/or help if requested. (This is implemented mostly to # catch those parameters and avoid passing them to mkdir.) if [ ${print_version} ] ; then echo 'mkcdir 1' echo fi if [ ${print_help} ] ; then echo 'mkcdir combines mkdir and cd; it makes a directory and goes into it.' echo 'Any options are passed along to mkdir.' echo 'Only the directory name is passed to cd.' echo fi if [ ${print_version} -o ${print_help} ] ; then return 0 fi # Check that exactly one directory name was passed. if [ $name_count -ne 1 ] ; then echo 'mkcdir requires one directory name.' 2 return 2 fi # Do the work. mkdir $@ cd ${name} }
Bug#653311: Suggestion: mkcdir
Joey Hess wrote: I don't think it really fits, since this kind of thing requires shell setup, and moreutils is about simple commands that just work. It doesn't require any setup in Fedora at least. A Fedora package would simply install the file as /etc/profile.d/mkcdir.sh. It would only be available in shells started after the package was installed, but other than that it would just work. If other distributions don't have /etc/profile.d and don't allow packages to edit /etc/profile automatically, then I guess some manual configuration will be necessary. (In case you're wondering: I submitted this to the Debian bug tracker because I got the impression that Moreutils uses the Debian bug tracker instead of having its own, not because I'm primarily a Debian user.) Oh well, if you don't want it I'll find some other way of distributing it. Björn Persson signature.asc Description: This is a digitally signed message part.
Bug#538643: libgnadeodbc1.6.1: Compare the size of objects instead of subtypes.
Package: libgnadeodbc1.6.1 Version: 1.6.1-2lenny1 Severity: normal Tags: patch *** Please type your report below this line *** The generic versions of SQLBindCol and SQLBindParameter in GNU.DB.SQLCLI.IntegerBinding compare the sizes of subtypes instead of the size of the actual object that was passed in. If I instantiate a package like this: package Natural_Binding is new IntegerBinding(Natural); then I get a Constraint_Error because SQLBindCol and SQLBindParameter expect the subtype's size to be 8, 16, 32 or 64, but Natural'Size is 31. Checking the size of the object would work better. If I declare N : Natural then N'Size is 32, so it will be treated as an SQLINTEGER. Upstream report: http://sf.net/tracker/?func=detailaid=1875874group_id=23045atid=377333 --- dbi/odbc/gnu-db-sqlcli.gpb.orig 2008-01-19 23:08:19.0 +0100 +++ dbi/odbc/gnu-db-sqlcli.gpb 2008-01-20 02:33:11.0 +0100 @@ -826,14 +826,15 @@ return SQLRETURN; pragma Import ($CALLCONVENTION, BindCol, SQLBindCol); DT : SQL_C_DATA_TYPE; + Size : constant Positive := TargetValue.all'Size; begin - if Int'Size = SQLTINYINT'Size then + if Size = SQLTINYINT'Size then DT := SQL_C_TINYINT; - elsif Int'Size = SQLSMALLINT'Size then + elsif Size = SQLSMALLINT'Size then DT := SQL_C_SHORT; - elsif Int'Size = SQLINTEGER'Size then + elsif Size = SQLINTEGER'Size then DT := SQL_C_LONG; - elsif Int'Size = SQLBIGINT'Size then + elsif Size = SQLBIGINT'Size then DT := SQL_C_SBIGINT; else raise Constraint_Error; @@ -842,7 +843,7 @@ ColumnNumber, DT, TargetValue, - SQLINTEGER (Int'Size / 8), + SQLINTEGER (Size / 8), IndPtr); end SQLBindCol; @@ -872,20 +873,21 @@ C_DataType : SQL_C_DATA_TYPE; SQL_DataType : SQL_DATA_TYPE; ColumnSize : SQLUINTEGER; + Size : constant Positive := Value.all'Size; begin - if Int'Size = SQLTINYINT'Size then + if Size = SQLTINYINT'Size then C_DataType := SQL_C_TINYINT; SQL_DataType := SQL_TINYINT; ColumnSize := 3; - elsif Int'Size = SQLSMALLINT'Size then + elsif Size = SQLSMALLINT'Size then C_DataType := SQL_C_SHORT; SQL_DataType := SQL_SMALLINT; ColumnSize := 5; - elsif Int'Size = SQLINTEGER'Size then + elsif Size = SQLINTEGER'Size then C_DataType := SQL_C_LONG; SQL_DataType := SQL_INTEGER; ColumnSize := 10; - elsif Int'Size = SQLBIGINT'Size then + elsif Size = SQLBIGINT'Size then C_DataType := SQL_C_SBIGINT; SQL_DataType := SQL_BIGINT; ColumnSize := 19; @@ -939,14 +941,15 @@ return SQLRETURN; pragma Import ($CALLCONVENTION, BindCol, SQLBindCol); DT : SQL_C_DATA_TYPE; + Size : constant Positive := TargetValue.all'Size; begin - if Unsigned'Size = SQLTINYINT'Size then + if Size = SQLTINYINT'Size then DT := SQL_C_UTINYINT; - elsif Unsigned'Size = SQLSMALLINT'Size then + elsif Size = SQLSMALLINT'Size then DT := SQL_C_USHORT; - elsif Unsigned'Size = SQLINTEGER'Size then + elsif Size = SQLINTEGER'Size then DT := SQL_C_ULONG; - elsif Unsigned'Size = SQLBIGINT'Size then + elsif Size = SQLBIGINT'Size then DT := SQL_C_UBIGINT; else raise Constraint_Error; @@ -955,7 +958,7 @@ ColumnNumber, DT, TargetValue, - SQLINTEGER (Unsigned'Size / 8), + SQLINTEGER (Size / 8), IndPtr); end SQLBindCol; @@ -987,20 +990,21 @@ C_DataType : SQL_C_DATA_TYPE; SQL_DataType : SQL_DATA_TYPE; ColumnSize : SQLUINTEGER; + Size : constant Positive := Value.all'Size; begin - if Unsigned'Size = SQLTINYINT'Size then + if Size = SQLTINYINT'Size then C_DataType := SQL_C_UTINYINT; SQL_DataType := SQL_TINYINT; ColumnSize := 3; - elsif Unsigned'Size = SQLSMALLINT'Size then + elsif Size = SQLSMALLINT'Size then C_DataType := SQL_C_USHORT; SQL_DataType := SQL_SMALLINT; ColumnSize := 5; - elsif Unsigned'Size = SQLINTEGER'Size then + elsif Size = SQLINTEGER'Size then C_DataType := SQL_C_ULONG; SQL_DataType := SQL_INTEGER; ColumnSize :=