Bug#966621: Make /tmp/ a tmpfs and cleanup /var/tmp/ on a timer by default [was: Re: systemd: tmpfiles.d not cleaning /var/tmp by default]
Luca Boccassi writes: > Defaults are defaults, they are trivially and fully overridable where > needed if needed. Especially container and VM managers these days can > super trivially override them via SMBIOS Type11 strings or > Credentials, ephemerally and without changing the guest image at all. That argument goes both ways and I prefer safe defaults. What you/upstream propose are unsafe defaults, as was shown by several comments in this thread. Whoever wants the unsafe defaults of deleting old files and risking OOM situations can than "trivially and fully override" the safe defaults.
Bug#1052049: bacula-director: Please amend bacula-dir.conf to include subfiles
Hi Niels, "Niels S. Richthof" writes: > The bacula director configuration file can get very big and messy, especially > when backing up many clients. [...] > 1. Create a new (empty) directory "/etc/bacula/bacula-dir.conf.d/" > 2. Add the following snipped to "/etc/bacula/bacula-dir.conf": > ># Include subfiles associated with configuration of clients. ># They define the bulk of the Clients, Jobs, and FileSets. ># Remember to "reload" the Director after adding a client file. ># >@|"sh -c 'for f in /etc/bacula/bacula-dir.conf.d/*.conf ; do echo @${f} ; > done'" I agree that this is good practice, I myself manage my configurations in a similar way. My feeling is that it's up to the local administrator to decide how they want to manage their configurations and implement it accordingly. One of the gains from the strategy of configuration directories is that the main configuration does not need to be touched by the local administrator and so local configuration changes do not conflict with updated configuration files that are provided in the packages. In the case of Bacula, all installations I manage have modified main configuration files because I deviate from many things that are configured in the default configuration. If the main config file would be mostly empty or defaults could be overridden, I'd be in favour of this change, but as it stands now, I'd rather leave it to the local admin. As an aside, I'm aware that getting asked to replace the configuration files on each update is not handy and finding a solution is on my todo list. Regards Carsten
Bug#1057044: xymon: ntpdate no longer supports the -p option
Hi Axel, >> If you prefer, I can also commit directly to salsa. > > Fine for me, thanks! I just realized that I messed it up, I'll fix it (the change is in upstream code...) Regards Carsten
Bug#1057044: xymon: ntpdate no longer supports the -p option
Package: xymon Version: 4.3.30-1 Severity: normal Tags: patch Dear maintainers, ntpdate emits a warning when called with the -p option. I've attached a patch to drop that option from xymonserver.cfg. If you prefer, I can also commit directly to salsa. Regards Carsten >From 6df3ff8215dd4c3d848f9ec22de3f94d84767a95 Mon Sep 17 00:00:00 2001 From: Carsten Leonhardt Date: Tue, 28 Nov 2023 16:15:16 +0100 Subject: [PATCH] xymon: update xymonserver.cfg: ntpdate no longer supports the "-p" option (cf. #926877). --- debian/changelog | 2 ++ xymond/etcfiles/xymonserver.cfg.DIST | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index b83b5d6..c440bc8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -34,6 +34,8 @@ xymon (4.3.30-2) UNRELEASED; urgency=medium [ Carsten Leonhardt ] * Update xymon-client.init: add "reload" to usage message as that is supported, too. + * xymon: update xymonserver.cfg: ntpdate no longer supports the "-p" +option. -- Axel Beckert Mon, 10 Aug 2020 04:39:28 +0200 diff --git a/xymond/etcfiles/xymonserver.cfg.DIST b/xymond/etcfiles/xymonserver.cfg.DIST index 53ff592..3a9229b 100644 --- a/xymond/etcfiles/xymonserver.cfg.DIST +++ b/xymond/etcfiles/xymonserver.cfg.DIST @@ -134,7 +134,7 @@ NONETPAGE="" # Network tests that go YELLOW upon failure FPING="@FPING@" # Path and options for the ping program. FPINGOPTS="-Ae" # Standard options to fping/xymonping NTPDATE="ntpdate"# Path to the 'ntpdate' program -NTPDATEOPTS="-u -q -p 1" # Standard options to ntpdate +NTPDATEOPTS="-u -q"# Standard options to ntpdate TRACEROUTE="traceroute" # How to do traceroute on failing ping tests. Requires "trace" in hosts.cfg . TRACEROUTEOPTS="-n -q 2 -w 2 -m 15" # Standard options to traceroute XYMONROUTERTEXT="router" # What to call a failing intermediate network device. -- 2.39.2
Bug#1055184: python3-kerberos: Please update to at least version 1.2.4
Package: python3-kerberos Version: 1.1.14-3.1+b7 Severity: wishlist X-Debbugs-Cc: l...@debian.org Dear maintainer, starting with at least version 1.2.1 pykerberos gained the ability to do message encryption. This is very useful when trying to setup ansible to control windows hosts. See e.g. https://github.com/diyan/pywinrm/issues/300 I have locally packaged version 1.2.4 that I'm using without problems so far. You may want to have a look at https://pypi.org/project/kerberos/ too. Regards Carsten
Bug#1020506: RM: pound -- ROM; No further development and support from upstream after the end of the year, should not be part of the next Debian stable release
Package: ftp.debian.org Severity: normal
Bug#1012301: bacula: Corruption of File media during concurrent backups
Hi Julien, Julien Chiaramello writes: > This bug did not happen before we implemented Concurrent Jobs > > The bug has been declared upstream : https://bugs.bacula.org/view.php?id=2664 thanks for your bug report. Just one thing - can you confirm the upstream bug number? Currently the highest bug number is 2659, so you probably have a typo in there. Regards Carsten
Bug#1017417: Exceptions for needrestart
Package: needrestart Version: 3.5-4+deb11u2 Severity: wishlist Dear Patrick, I maintain the package "bacula", a backup program. It consists of several daemons that shouldn't be restarted while a backup is running. Today I've once again accidentally restarted the main daemon during a backup run, which brings me to my wish: Please either add the daemons to the override_rc list or (my preference) make it possible for packages to contain config snippets to manage the default selection. Maybe it's already possible to do with a config snippet in /etc/needrestart/conf.d/ - in that case some documentation or an example would be great. The daemons are: bacula-dir bacula-sd bacula-fd Best Regards, Carsten
Bug#1008978: bsdjson segmentation fault
Control: forwarded -1 https://bugs.bacula.org/view.php?id=2669 > Error message: bacula-sd: bsdjson.c:530-0 No Storage resource defined in /. > Cannot continue. 05-апр 16:42 bacula-sd JobId 0: Error: bsdjson.c:530 No > Storage resource defined in /. Cannot continue. bacula-sd: bsdjson.c:541-0 No > Director resource defined in /. Cannot continue. 05-апр 16:42 bacula-sd JobId > 0: Error: bsdjson.c:541 No Director resource defined in /. Cannot continue. > bacula-sd: bsdjson.c:546-0 No Device resource defined in /. Cannot continue. > 05-апр 16:42 bacula-sd JobId 0: Error: bsdjson.c:546 No Device resource > defined in /. Cannot continue. > Segmentation fault Hi Эрик, thanks for your bug report, I have forwared it to upstreams bug tracker. Regards Carsten
Bug#1000174: reassign to dbconfig-pgsql
Control: reassign 1000174 dbconfig-pgsql Control: reassign 1000176 dbconfig-pgsql Hi Paul, these two bugs happen during the dbconfig actions, so I'm reassigning them there. Regards Carsten
Bug#999985: [pound] Bug#999985: pound: depends on obsolete pcre3 library
Hi Robert, indeed, the package names in Debian are a bit confusing. Debian's libpcre3-dev contains "pcreposix.h" and libpcre2-dev contains pcre2posix.h. The latter, as you note, is not picked up by configure. For the moment I'll disable linking to pcre in Debian unstable until pcre2posix.h works automatically. Thanks Carsten Robert Segall via pound writes: > Hallo Carsten > > Thank you for the information. A few points: > > - Pound uses pcreposix, which in turn pulls in whatever version of pcre > is available. There is no usage of pcre per se. > > - The component is optional. If pcreposix is not found, Pound will > happily use the libc regex. > > I'll add a test for pcre2posix if available to the build process.
Bug#999985: pound: depends on obsolete pcre3 library
Hi Robert, apparently the pcre library (named pcre3 in Debian) is obsolete and it is recommended to switch to pcre2. See the Debian bug report below. "Bookworm" is the next Debian release, which is planned for 2023. "In time for the release of Bookworm" would probably mean a removal from the development version of Debian in 2022. As Ubuntu and probably other Debian derivatives base themselves on Debian's development version, this might affect those distributions earlier than 2023. Regards Carsten Matthew Vernon writes: > Source: pound > Severity: important > User: matthew-pcre...@debian.org > Usertags: obsolete-pcre3 > > Dear maintainer, > > Your package still depends on the old, obsolete PCRE3[0] libraries > (i.e. libpcre3-dev). This has been end of life for a while now, and > upstream do not intend to fix any further bugs in it. Accordingly, I > would like to remove the pcre3 libraries from Debian, preferably in > time for the release of Bookworm. > > The newer PCRE2 library was first released in 2015, and has been in > Debian since stretch. Upstream's documentation for PCRE2 is available > here: https://pcre.org/current/doc/html/ > > Many large projects that use PCRE have made the switch now (e.g. git, > php); it does involve some work, but we are now at the stage where > PCRE3 should not be used, particularly if it might ever be exposed to > untrusted input. > > This mass bug filing was discussed on debian-devel@ in > https://lists.debian.org/debian-devel/2021/11/msg00176.html > > Regards, > > Matthew [0] Historical reasons mean that old PCRE is packaged as > pcre3 in Debian
Bug#995251: xymon-client: missing /etc/xymon/graphs.d/mq.cfg
Package: xymon-client Version: Severity: normal Dear Maintainer, the plugin mq reports data for graphing, but there is no corresponding file for the server side (/etc/xymon/graphs.d/mq.cfg). Since one of the maintainers wrote the plugin, maybe you have the file and just forgot to include it? Regards Carsten
Bug#992452: Links between documents broken
Package: bacula-doc Version: 9.6.7-1 Links between the documents point to, for example, ../utility/utility.pdf but in the package the directory structure isn't used and the pdfs are gzipped. Example: main.pdf.gz, Chapter 25.1, there are links to bextract and bscan.
Bug#990774: runit-init: /lib/runit/shutdown does nothing when called with parameters
Package: runit-init Version: 2.1.2-40 Severity: important Hi Lorenzo, running runit as PID 1, my habitual "shutdown -r now" doesn't work, it does nothing at all. This also prevents acpi-support-base from handling the pressing of the power button to shutdown, the package calls /sbin/shutdown -h -P now "Power button pressed" (see /etc/acpi/powerbtn-acpi-support.sh) In extension, that prevents libvirt to shutdown/reboot a VM running with runit-init ("virsh shutdown "). That's the reason I switched back to sysvinit-core for now. Regards, Carsten -- System Information: Debian Release: 11.0 APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-7-amd64 (SMP w/4 CPU threads) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages runit-init depends on: pn getty-run ii initscripts 2.96-7 pn runit ii sysv-rc 2.96-7 runit-init recommends no packages. runit-init suggests no packages.
Bug#987285: pound FTCBFS: runs cmake for the build architecture
Hi Helmut, > Source: pound > Version: 3.0-2 > Tags: patch > User: debian-cr...@lists.debian.org > Usertags: ftcbfs > > pound fails to cross build from source since the 3.0-2 upload to > unstable, because it does not pass cross flags to cmake. The easiest way > of doing so - using dh_auto_configure - makes pound cross buildable. > Please consider applying the attached patch. thanks for the patch - do you think I should try to get this into bullseye? Regards Carsten
Bug#930931: [pkg-bacula-devel] Bug#930931: /usr/sbin/btape: btape crashes on "fill" test
Hi Sebastian, more than a year ago you reported a crash in btape. Would you be able to re-test if the problem still exists in the newest version in backports for Debian 10? Upstream said they couldn't reproduce it in the newest version. Regards, Carsten
Bug#971381: bacula-director-mysql: db_name assignement properly
Hi Josu, > Please, do db_name assignement properly for scripts in > /usr/share/bacula-director/ as in package bacula-director-pgsql > > It should be db_name=${db_name:-bacula} instead of db_name=@db_name@ in > order to use enviroment variables > > As is, scritps can not be used thank you for taking the time to report this bug. However, it seems that you have answered the debconf questions about your database. Your databases should have been set up / updated automatically. What exactly were you trying to do? And what is the exact error you are getting? The scripts you found there are only for people that don't want to have their database handled automatically. Regards, Carsten
Bug#970025: squid: configuration reads *~ files from /etc/squid/conf.d
Package: squid Version: 4.6-1+deb10u4 Severity: normal Dear Maintainer, in /etc/squid/squid.conf the directive include /etc/squid/conf.d/* also loads backup files created by editors (files ending with "~"). That's at least surprising, to avoid unintended results it shouldd be changed to something like include /etc/squid/conf.d/*.conf Otherwise it's necessary to always check if the editor created a backup file and delete it before squid reads it's configuration. The location to patch would be in: debian/patches/0001-Default-configuration-file-for-debian.patch As the fix is trivial, I'm not including a patch. Regards, Carsten -- System Information: Debian Release: 10.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-10-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages squid depends on: ii adduser 3.118 ii libc62.28-10 ii libcap2 1:2.25-2 ii libcom-err2 1.44.5-1+deb10u3 ii libdb5.3 5.3.28+dfsg1-0.5 ii libdbi-perl 1.642-1+b1 ii libecap3 1.0.1-3.2 ii libexpat12.2.6-2+deb10u1 ii libgcc1 1:8.3.0-6 ii libgnutls30 3.6.7-4+deb10u5 ii libgssapi-krb5-2 1.17-3 ii libkrb5-31.17-3 ii libldap-2.4-22.4.47+dfsg-3+deb10u2 ii libltdl7 2.4.6-9 ii libnetfilter-conntrack3 1.0.7-1 ii libnettle6 3.4.1-1 ii libpam0g 1.3.1-5 ii libsasl2-2 2.1.27+dfsg-1+deb10u1 ii libstdc++6 8.3.0-6 ii libxml2 2.9.4+dfsg1-7+b3 ii logrotate3.14.0-4 ii lsb-base 10.2019051400 ii netbase 5.6 ii squid-common 4.6-1+deb10u4 Versions of packages squid recommends: ii ca-certificates 20200601~deb10u1 ii libcap2-bin 1:2.25-2 Versions of packages squid suggests: pn resolvconf pn smbclient pn squid-cgi pn squid-purge pn squidclient pn ufw pn winbind -- no debconf information
Bug#969272: buster-pu: package bacula/9.4.2-2
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Dear Release Team, I'd like to fix CVE-2020-11061 for bacula in buster. The DSA team recommends fixing it via point release (according to the security tracker). The version in testing/unstable already includes the fix. Stretch was fixed by the LTS team. Thanks, Carsten bacula_9.4.2-2+deb10u1.debdiff Description: Binary data
Bug#881871: stretch-pu: package bacula/7.4.4+dfsg-6
Julien Cristau writes: > Control: tag -1 confirmed > Sorry for the delay, please go ahead. For information, I've uploaded the package some time ago and it's waiting in the NEW queue for FTP master review. Regards, Carsten
Bug#962918: ITP: bacula-libs3 -- S3 library for Bacula
Package: wnpp Severity: wishlist Owner: Carsten Leonhardt * Package name: bacula-libs3 Version : 0~20200523 Upstream Author : Bryan Ischo , modified by Bacula Systems * URL : https://www.bacula.org/downloads/ * License : LGPL 3+ Programming Lang: C Description : S3 library for Bacula This is a C library to access S3 storage with Bacula. This version is modified version of libs3 and maintained by Bacula Systems to work with Bacula. We, the Debian Bacula Packaging Team are packaging and will be maintaining this as an enhancement for Bacula. The possibility to use S3 storage is often asked about on the Bacula mailing lists and is also mentioned in #928343. To not get in the way of the libs3 package, we plan to use a private location for the library.
Bug#954987: ITP: locker -- Container
Hi Amit, "Amit" writes: > Package: wnpp > Severity: wishlist > Owner: Amit > > * Package name: locker > Version : 0.0~git20200313.1210f0e-1 > Upstream Author : amit > * URL : https://www.gitlab.com/amit-yuval/locker > * License : Apache-2.0 > Programming Lang: Go > Description : Container please include a description that explains what the package is for. Thanks, Carsten
Bug#954971: should not try to send a traceback in production
Antoine Beaupré writes: >> Could you explain how you would want this improved? > > I would prefer that no email is sent at all, or have that > configurable. I would prefer, in fact, that TRACEBACK is disabled at > compile time, unless the debugging symbols are shipped. At compile time we can't know if debugging symbols will be available later, as they are installable anytime from the -dbgsym packages. What would be possible is to adapt the script "btraceback" to not send the email if so requested by some mechanism. I don't think embedding a parser for the configuration file in the script would make sense, it would need to be something simple like checking the existence of a file "/etc/bacula/no_tracebacks_please". I'm curious though to understand your motivation for not wanting the emails, would you care to explain? Best regards, Carsten
Bug#954971: should not try to send a traceback in production
Hi Antoine, > Bacula seems to be configured to unconditionnally send a backtrace > when it crashes. The TRACEBACK define seems to be unconditionnally set > in `version.h`, regardless of any configuration flag. (Same with > DEBUG, by the way.) > > Production software should require us to ship with debugging > symbols. If it fails and crashes and burn, it should send a proper, > actionable, error message instead of going crazy. the crash you see happens after clear error messages are given, see the transcript at the end. Even if not run in the foreground, clear error messages are sent to syslog. It's neither required to have debugging symbols installed nor to have gdb installed. The report will just be less useful for debugging purposes. Usually an email is generated when a crash happens, whatever the exact content is, it does alert the admin to the fact that there is a problem. Could you explain how you would want this improved? Regards, Carsten # /usr/sbin/bacula-fd -f -c /etc/bacula/bacula-fd.conf cixi: Warning: Cannot bind port 22: ERR=Address already in use: Retrying ... cixi: ABORTING due to ERROR in bnet_server.c:132 Cannot bind port 22: ERR=Address already in use. 26-Mar 19:59 cixi: ABORTING due to ERROR in bnet_server.c:132 Cannot bind port 22: ERR=Address already in use. Bacula interrupted by signal 11: Segmentation violation Kaboom! bacula-fd, cixi got signal 11 - Segmentation violation at 26-Mar-2020 19:59:48. Attempting traceback. Kaboom! exepath=/usr/sbin/ Calling: /usr/sbin/btraceback /usr/sbin/bacula-fd 4576 /var/lib/bacula It looks like the traceback worked... LockDump: /var/lib/bacula/bacula.4576.traceback cixi: lockmgr.c:1221-0 lockmgr disabled free(): invalid next size (fast)
Bug#949366: bacula-fd: bacula-rd crashes if can't bind to port
Control: forwarded -1 https://bugs.bacula.org/view.php?id=2528 Hi Lukas, > bacula-fd crashes with SIGSEGV if it can't bind to the configure port on the > configured network interface. thanks for your report, I've forwarded it upstream. Out of curiosity: the standard port 9102 is registered with IANA for use with bacula-fd. What is conflicting with it? Regards, Carsten
Bug#953030: bacula-sd.postinst fails on systems with protected_regular=2 enabled
Control: tag -1 pending Hi, > bacula-sd.postinst currently uses mktemp, chowns to bacula.bacula, and > then attempts to write to the temporary file using a shell redirection. > > If a system has /proc/sys/fs/protected_regular set to 2, then this > fails[1]. thanks for the patch. I've commited a change to our git repository based on it. For consistency I changed the order in similar postinst files too. Regards, Carsten
Bug#662942: New upstream version and new upstream location
Hi, the upstream project is now located at: https://github.com/chaos/powerman and the latest version is 2.3.25 at the moment. The next person to upload this package should update the location. - Carsten
Bug#930931: /usr/sbin/btape: btape crashes on "fill" test with kernel panic
Hi, Sebastian Suchanek writes: > Update 2019-12-08: I've forwarded your additional information to upstream's bug tracker: https://bugs.bacula.org/view.php?id=2480 - Carsten
Bug#945990: RM: inosync -- ROM; Dead upstream, Python 2
Package: ftp.debian.org Severity: normal Please remove the package "inosync", upstream is dead and it's still using python 2. Thanks.
Bug#931610: stretch-pu: package pound/2.7-1.3+deb9u1
Control: tags -1 - confirmed Hi Adam, > On Sat, 2019-07-13 at 12:36 +0200, Carsten Leonhardt wrote: >> Control: tags -1 - moreinfo >> >> Hi, >> >> attached is a new debdiff, the only change is that I removed some >> cruft >> from the "Origin" field in the patch metadata. >> >> I've deployed this version on live servers this morning and tested >> them. >> > > Please go ahead; thanks. longer testing revealed a regression (CPU load built up slowly, finally reaching 100%). I found a fix and have applied it, the fixed version is running on live servers since at least a week now, without a sign of abnormal CPU load. To see just the fix: https://salsa.debian.org/debian/pound/commit/bdd20196df7ff52f65c57c83c1ae5a56e74bca03 A full debdiff is attached. Sorry for the complication, I should have written earlier. Regards, Carsten diff -Nru pound-2.7/debian/changelog pound-2.7/debian/changelog --- pound-2.7/debian/changelog 2017-02-19 14:13:02.0 + +++ pound-2.7/debian/changelog 2019-07-07 21:44:04.0 + @@ -1,3 +1,10 @@ +pound (2.7-1.3+deb9u1) stretch; urgency=medium + + * Fix request smuggling via crafted headers, CVE-2016-10711 +(Closes: #888786). + + -- Carsten Leonhardt Sun, 07 Jul 2019 23:44:04 +0200 + pound (2.7-1.3) unstable; urgency=medium * Non-maintainer upload. diff -Nru pound-2.7/debian/patches/0003-CVE-2016-1071.patch pound-2.7/debian/patches/0003-CVE-2016-1071.patch --- pound-2.7/debian/patches/0003-CVE-2016-1071.patch 1970-01-01 00:00:00.0 + +++ pound-2.7/debian/patches/0003-CVE-2016-1071.patch 2019-07-07 21:44:04.0 + @@ -0,0 +1,210 @@ +Description: Backport fix for CVE-2016-10711 +Author: Robert Segall +Origin: upstream, http://www.apsis.ch/pound/Pound-2.8a.tgz +Last-Update: 2019-07-07 +--- a/http.c b/http.c +@@ -31,7 +31,8 @@ + static char *h500 = "500 Internal Server Error", + *h501 = "501 Not Implemented", + *h503 = "503 Service Unavailable", +-*h414 = "414 Request URI too long"; ++*h414 = "414 Request URI too long", ++*h400 = "Bad Request"; + + static char *err_response = "HTTP/1.0 %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\nExpires: now\r\nPragma: no-cache\r\nCache-control: no-cache,no-store\r\n\r\n%s"; + +@@ -83,7 +84,7 @@ + safe_url, safe_url); + snprintf(rep, sizeof(rep), + "HTTP/1.0 %d %s\r\nLocation: %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\n\r\n", +-code, code_msg, safe_url, strlen(cont)); ++code, code_msg, safe_url, (int)strlen(cont)); + BIO_write(c, rep, strlen(rep)); + BIO_write(c, cont, strlen(cont)); + BIO_flush(c); +@@ -126,11 +127,11 @@ + get_line(BIO *const in, char *const buf, const int bufsize) + { + chartmp; +-int i, n_read; ++int i, n_read, seen_cr; + + memset(buf, 0, bufsize); +-for(n_read = 0;;) +-switch(BIO_gets(in, buf + n_read, bufsize - n_read - 1)) { ++for(i = 0, seen_cr = 0; i < bufsize - 1; i++) ++switch(BIO_read(in, , 1)) { + case -2: + /* BIO_gets not implemented */ + return -1; +@@ -138,24 +139,49 @@ + case -1: + return 1; + default: +-for(i = n_read; i < bufsize && buf[i]; i++) +-if(buf[i] == '\n' || buf[i] == '\r') { +-buf[i] = '\0'; ++if(seen_cr) ++if(tmp != '\n') { ++/* we have CR not followed by NL */ ++do { ++if(BIO_read(in, , 1) < 0) ++return 1; ++} while(tmp != '\n'); ++return 1; ++} else { ++buf[i - 1] = '\0'; + return 0; + } +-if(i < bufsize) { +-n_read = i; ++ ++if(!iscntrl(tmp) || tmp == '\t') { ++buf[i] = tmp; ++continue; ++} ++ ++if(tmp == '\r') { ++seen_cr = 1; + continue; + } +-logmsg(LOG_NOTICE, "(%lx) line too long: %s", pthread_self(), buf); +-/* skip rest of "line" */ +-tmp = '\0'; +-while(tmp != '\n') +-if(BIO_read(in, , 1) != 1) ++ ++if(tmp == '\n') { ++/* line ends in NL only (no CR) */ ++buf[i] = 0; ++return 0; ++} ++ ++/* all other control characters cause an error */ ++do { ++if(BIO_read(in, , 1) < 0) + return 1; +-break; ++} while(tmp != '\n'); ++return 1; + } +-r
Bug#930931: /usr/sbin/btape: btape crashes on "fill" test with segmentation fault
Control: tag -1 + upstream Control: forwarded -1 https://bugs.bacula.org/view.php?id=2480 Hi Sebastian, thank you for your bug report. Because this is an upstream issue, I've forwarded it to the Bacula bug tracker at https://bugs.bacula.org/view.php?id=2480. To view it, you can log in with user and password "anonymous". In case you want to add comments there yourself, you need to create a login. Regards, Carsten
Bug#931610: stretch-pu: package pound/2.7-1.3+deb9u1
Control: tags -1 - moreinfo Hi, attached is a new debdiff, the only change is that I removed some cruft from the "Origin" field in the patch metadata. I've deployed this version on live servers this morning and tested them. Also, the bug is now fixed in sid. Regards, Carsten diff -Nru pound-2.7/debian/changelog pound-2.7/debian/changelog --- pound-2.7/debian/changelog 2017-02-19 14:13:02.0 + +++ pound-2.7/debian/changelog 2019-07-07 21:44:04.0 + @@ -1,3 +1,10 @@ +pound (2.7-1.3+deb9u1) stretch; urgency=medium + + * Fix request smuggling via crafted headers, CVE-2016-10711 +(Closes: #888786). + + -- Carsten Leonhardt Sun, 07 Jul 2019 23:44:04 +0200 + pound (2.7-1.3) unstable; urgency=medium * Non-maintainer upload. diff -Nru pound-2.7/debian/patches/0003-CVE-2016-1071.patch pound-2.7/debian/patches/0003-CVE-2016-1071.patch --- pound-2.7/debian/patches/0003-CVE-2016-1071.patch 1970-01-01 00:00:00.0 + +++ pound-2.7/debian/patches/0003-CVE-2016-1071.patch 2019-07-07 21:44:04.0 + @@ -0,0 +1,210 @@ +Description: Backport fix for CVE-2016-10711 +Author: Robert Segall +Origin: upstream, http://www.apsis.ch/pound/Pound-2.8a.tgz +Last-Update: 2019-07-07 +--- a/http.c b/http.c +@@ -31,7 +31,8 @@ + static char *h500 = "500 Internal Server Error", + *h501 = "501 Not Implemented", + *h503 = "503 Service Unavailable", +-*h414 = "414 Request URI too long"; ++*h414 = "414 Request URI too long", ++*h400 = "Bad Request"; + + static char *err_response = "HTTP/1.0 %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\nExpires: now\r\nPragma: no-cache\r\nCache-control: no-cache,no-store\r\n\r\n%s"; + +@@ -83,7 +84,7 @@ + safe_url, safe_url); + snprintf(rep, sizeof(rep), + "HTTP/1.0 %d %s\r\nLocation: %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\n\r\n", +-code, code_msg, safe_url, strlen(cont)); ++code, code_msg, safe_url, (int)strlen(cont)); + BIO_write(c, rep, strlen(rep)); + BIO_write(c, cont, strlen(cont)); + BIO_flush(c); +@@ -126,11 +127,11 @@ + get_line(BIO *const in, char *const buf, const int bufsize) + { + chartmp; +-int i, n_read; ++int i, n_read, seen_cr; + + memset(buf, 0, bufsize); +-for(n_read = 0;;) +-switch(BIO_gets(in, buf + n_read, bufsize - n_read - 1)) { ++for(i = 0, seen_cr = 0; i < bufsize - 1; i++) ++switch(BIO_read(in, , 1)) { + case -2: + /* BIO_gets not implemented */ + return -1; +@@ -138,24 +139,49 @@ + case -1: + return 1; + default: +-for(i = n_read; i < bufsize && buf[i]; i++) +-if(buf[i] == '\n' || buf[i] == '\r') { +-buf[i] = '\0'; ++if(seen_cr) ++if(tmp != '\n') { ++/* we have CR not followed by NL */ ++do { ++if(BIO_read(in, , 1) < 0) ++return 1; ++} while(tmp != '\n'); ++return 1; ++} else { ++buf[i - 1] = '\0'; + return 0; + } +-if(i < bufsize) { +-n_read = i; ++ ++if(!iscntrl(tmp) || tmp == '\t') { ++buf[i] = tmp; ++continue; ++} ++ ++if(tmp == '\r') { ++seen_cr = 1; + continue; + } +-logmsg(LOG_NOTICE, "(%lx) line too long: %s", pthread_self(), buf); +-/* skip rest of "line" */ +-tmp = '\0'; +-while(tmp != '\n') +-if(BIO_read(in, , 1) != 1) ++ ++if(tmp == '\n') { ++/* line ends in NL only (no CR) */ ++buf[i] = 0; ++return 0; ++} ++ ++/* all other control characters cause an error */ ++do { ++if(BIO_read(in, , 1) < 0) + return 1; +-break; ++} while(tmp != '\n'); ++return 1; + } +-return 0; ++ ++/* line too long */ ++do { ++if(BIO_read(in, , 1) < 0) ++return 1; ++} while(tmp != '\n'); ++return 1; + } + + /* +@@ -393,22 +419,16 @@ + + /* HTTP/1.1 allows leading CRLF */ + memset(buf, 0, MAXBUF); +-while((res = BIO_gets(in, buf, MAXBUF - 1)) > 0) { +-has_eol = strip_eol(buf); ++while((res = get_line(in, buf, MAXBUF)) == 0) + if(buf[0]) + break; +-} + +-if(res <= 0) { ++if(res < 0) { + /* this is expected to occur only on client reads */ + /* logmsg(LOG_NOTICE, "headers: bad starting
Bug#931743: developers-reference: Improve documentation for stable updates (5.5.1)
Package: developers-reference Version: 3.4.25 Severity: normal It would be helpful if chapter 5.5.1 would include more information, especially either explicitly the update criteria that can be found in the message below or a link/reference leading there. https://lists.debian.org/debian-devel-announce/2018/04/msg7.html (linked from https://release.debian.org ) Making these criteria more accessible would probably also reduce the workload of the release-team. Regards, Carsten
Bug#931610: stretch-pu: package pound/2.7-1.3+deb9u1
Control: tags -1 - moreinfo > On 2019-07-08 09:40, Carsten Leonhardt wrote: >> pound is affected by non-dsa CVE-2016-10711. > > The metadata for #888786 indicates that the issue affects the package > in unstable, and is not yet fixed there. Is that correct? No, the package was removed from unstable. I reintroduced it only in experimental so far. Regards, Carsten
Bug#931610: stretch-pu: package pound/2.7-1.3+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu pound is affected by non-dsa CVE-2016-10711. Attached is the diff, backported from pound 2.8a, same as the diff being used by SUSE. (c.f. https://security-tracker.debian.org/tracker/CVE-2016-10711 ) Thanks! diff --git a/debian/changelog b/debian/changelog index d5946a9..d59d80c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +pound (2.7-1.3+deb9u1) stretch; urgency=medium + + * Fix request smuggling via crafted headers, CVE-2016-10711 +(Closes: #888786). + + -- Carsten Leonhardt Sun, 07 Jul 2019 23:44:04 +0200 + pound (2.7-1.3) unstable; urgency=medium * Non-maintainer upload. diff --git a/debian/patches/0003-CVE-2016-1071.patch b/debian/patches/0003-CVE-2016-1071.patch new file mode 100644 index 000..09da940 --- /dev/null +++ b/debian/patches/0003-CVE-2016-1071.patch @@ -0,0 +1,210 @@ +Description: Backport fix for CVE-2016-10711 +Author: Robert Segall +Origin: upstream, http://www.apsis.ch/pound/Pound-2.8a.tgz +Last-Update: 2019-07-07 +--- a/http.c b/http.c +@@ -31,7 +31,8 @@ + static char *h500 = "500 Internal Server Error", + *h501 = "501 Not Implemented", + *h503 = "503 Service Unavailable", +-*h414 = "414 Request URI too long"; ++*h414 = "414 Request URI too long", ++*h400 = "Bad Request"; + + static char *err_response = "HTTP/1.0 %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\nExpires: now\r\nPragma: no-cache\r\nCache-control: no-cache,no-store\r\n\r\n%s"; + +@@ -83,7 +84,7 @@ + safe_url, safe_url); + snprintf(rep, sizeof(rep), + "HTTP/1.0 %d %s\r\nLocation: %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\n\r\n", +-code, code_msg, safe_url, strlen(cont)); ++code, code_msg, safe_url, (int)strlen(cont)); + BIO_write(c, rep, strlen(rep)); + BIO_write(c, cont, strlen(cont)); + BIO_flush(c); +@@ -126,11 +127,11 @@ + get_line(BIO *const in, char *const buf, const int bufsize) + { + chartmp; +-int i, n_read; ++int i, n_read, seen_cr; + + memset(buf, 0, bufsize); +-for(n_read = 0;;) +-switch(BIO_gets(in, buf + n_read, bufsize - n_read - 1)) { ++for(i = 0, seen_cr = 0; i < bufsize - 1; i++) ++switch(BIO_read(in, , 1)) { + case -2: + /* BIO_gets not implemented */ + return -1; +@@ -138,24 +139,49 @@ + case -1: + return 1; + default: +-for(i = n_read; i < bufsize && buf[i]; i++) +-if(buf[i] == '\n' || buf[i] == '\r') { +-buf[i] = '\0'; ++if(seen_cr) ++if(tmp != '\n') { ++/* we have CR not followed by NL */ ++do { ++if(BIO_read(in, , 1) < 0) ++return 1; ++} while(tmp != '\n'); ++return 1; ++} else { ++buf[i - 1] = '\0'; + return 0; + } +-if(i < bufsize) { +-n_read = i; ++ ++if(!iscntrl(tmp) || tmp == '\t') { ++buf[i] = tmp; ++continue; ++} ++ ++if(tmp == '\r') { ++seen_cr = 1; + continue; + } +-logmsg(LOG_NOTICE, "(%lx) line too long: %s", pthread_self(), buf); +-/* skip rest of "line" */ +-tmp = '\0'; +-while(tmp != '\n') +-if(BIO_read(in, , 1) != 1) ++ ++if(tmp == '\n') { ++/* line ends in NL only (no CR) */ ++buf[i] = 0; ++return 0; ++} ++ ++/* all other control characters cause an error */ ++do { ++if(BIO_read(in, , 1) < 0) + return 1; +-break; ++} while(tmp != '\n'); ++return 1; + } +-return 0; ++ ++/* line too long */ ++do { ++if(BIO_read(in, , 1) < 0) ++return 1; ++} while(tmp != '\n'); ++return 1; + } + + /* +@@ -393,22 +419,16 @@ + + /* HTTP/1.1 allows leading CRLF */ + memset(buf, 0, MAXBUF); +-while((res = BIO_gets(in, buf, MAXBUF - 1)) > 0) { +-has_eol = strip_eol(buf); ++while((res = get_line(in, buf, MAXBUF)) == 0) + if(buf[0]) + break; +-} + +-if(res <= 0) { ++if(res < 0) { + /* this is expected to occur only on client reads */ + /* logmsg(LOG_NOTICE, "headers: bad starting read"); */ + return NULL; +-} else if(!has_eol) { +-/* check for request length limit */ +-lo
Bug#931328: RFA: inosync -- notification-based directory synchronization daemon
Package: wnpp Severity: normal I request an adopter for the inosync package. It is written in Python 2 and the original upstream maintainer hasn't been active in more than four years. If nobody picks this package up, it will probably be removed when Python 2 will be removed. The package description is: The inosync daemon uses the inotify service available in recent Linux kernels to monitor and synchronize changes within directories to remote nodes using rsync. . System administrators have relied on cron+rsync for years to constantly synchronize files and directories to remote machines. It is not feasible to let authors wait for their content to get synchronized every x hours with regard to the enormous pace of articles and podcasts nowadays.
Bug#923444: bacula: autopkgtest regressed in buster
Hi all, Paul Gevers writes: >> Or are we trying to fix a problem at the whole wrong level? > > I am not sure about the answer. If anybody has the time and energy, > maybe they can check with the dpkg maintainers if they are aware of the > situation and if that is intentional. Maybe they consider this issue > something they can (and should) fix. I encountered a solution to a problem that might be similar. While installing an apache module, I got the message: "Package apache2 is not configured yet. Will defer actions by package xyz." It's source is: https://salsa.debian.org/apache-team/apache2/blob/master/debian/debhelper/apache2-maintscript-helper#L80 Maybe there's something to be learned from there? (I don't have time to have a closer look in the next days, so putting it into the bug report to not have it forgotten.) Regards, Carsten
Bug#923511: [pkg-bacula-devel] Bug#923511: make_catalog_backup.pl doesn't sanitize $args{db_name}
Control: tags -1 upstream Control: forwarded -1 https://bugs.bacula.org/view.php?id=2458 Hi Sergio, > /etc/bacula/scripts/make_catalog_backup.pl uses a temporary file with a name > based on $args{db_name}. This fails if the database name contains / > characters, > as it well might if it is a URI like > postgresql://host/db?sslmode=verify-full=/etc/ssl/certs/host-ca.crt I've written a patch to base the filename on the catalog name as you suggested (although I'm not good at perl), but the script "delete_catalog_backup" needs to be changed too. I've submitted your bug report upstream. Regards, Carsten --- make_catalog_backup-orig.pl 2018-09-22 20:24:38.0 +0200 +++ make_catalog_backup.pl 2019-03-03 12:48:04.217637851 +0100 @@ -30,11 +30,15 @@ my $dir_conf='/usr/sbin/dbcheck -B -c /etc/bacula/bacula-dir.conf'; my $wd = "/var/lib/bacula"; +# sanitize catalog name for use as filename +my $dump_filename = $cat; +$dump_filename =~ s/[^A-Za-z0-9_\-]//g; + sub dump_sqlite3 { my %args = @_; -exec("echo .dump | sqlite3 '$wd/$args{db_name}.db' > '$wd/$args{db_name}.sql'"); +exec("echo .dump | sqlite3 '$wd/$args{db_name}.db' > '$wd/$dump_filename.sql'"); print "Error while executing sqlite dump $!\n"; return 1; } @@ -69,7 +73,7 @@ { my %args = @_; setup_env_pgsql(%args); -exec("HOME='$wd' pg_dump -c > '$wd/$args{db_name}.sql'"); +exec("HOME='$wd' pg_dump -c > '$wd/$dump_filename.sql'"); print "Error while executing postgres dump $!\n"; return 1; # in case of error } @@ -117,7 +121,7 @@ my %args = @_; setup_env_mysql(%args); -exec("HOME='$wd' mysqldump -f --opt $args{db_name} > '$wd/$args{db_name}.sql'"); +exec("HOME='$wd' mysqldump -f --opt $args{db_name} > '$wd/$dump_filename.sql'"); print "Error while executing mysql dump $!\n"; return 1; }
Bug#923444: bacula: autopkgtest regressed in buster
Hi Paul, Paul Gevers writes: > On 02-03-2019 15:34, Carsten Leonhardt wrote: >> maybe using a trigger can help us: > > This sounds like an idea we should try to implement in dbconfig-common, > to enable other packages to benefit from it as well. If done, this is > for after buster release though. I already found that we're not the first to run into this problem. >> In bacula-director-psql/mysql postinst, pseudo code: >> >> 1 if (database server is being installed in the same run) >> 2 then (install trigger to postpone database setup) >> 3 else (setup database now) >> 4 if triggered: (setup database now) >> >> Thoughts/explanations: >> Step 1: I haven't researched yet if it's possible to reliably detect >> that >> Step 3: set up now as we won't get triggered later >> Step 4: But what to trigger on exactly? > > Why not delay configuration until the end in all cases? I don't like the > added complexity much, unless it has real value. I haven't used triggers yet so I'm not aware of all the details. If we can be sure that the setup will be executed even when no local database server will be installed because a remote server is used, then I'm all for doing it at the end. >> An simple but stupid and unelegant alternative would be to generate meta >> packages "bacula-director-local-psql/mysql" that _depend_ on the database >> server packages. > > I rather propose that we accept the current regression of the bacula > autopkgtest and we fix the situation properly (in autopkgtest and/or > dbconfig-common) after the buster release. Can you live with that? Yes, we can live with that as long as the CI-people can, as Sven already said. Would you like me to file a wishlist bug against dbconfig-common? - Carsten
Bug#923444: bacula: autopkgtest regressed in buster
Hi, maybe using a trigger can help us: In bacula-director-psql/mysql postinst, pseudo code: 1 if (database server is being installed in the same run) 2 then (install trigger to postpone database setup) 3 else (setup database now) 4 if triggered: (setup database now) Thoughts/explanations: Step 1: I haven't researched yet if it's possible to reliably detect that Step 3: set up now as we won't get triggered later Step 4: But what to trigger on exactly? An simple but stupid and unelegant alternative would be to generate meta packages "bacula-director-local-psql/mysql" that _depend_ on the database server packages. - Carsten
Bug#923444: [pkg-bacula-devel] Bug#923444: bacula: autopkgtest regressed in buster
Hi Paul, > Somewhere on 2019-02-26 your package bacula started to fail its > autopkgtest in testing/buster (it started failing in unstable somewhere > between 23 and 25 February). thanks for your research. The autopkgtests work in Gitlab's CI, so I guess there must be some difference in the test environment. We'll investigate. Regards, Carsten
Bug#920519: ITA: mtx -- controls tape autochangers
Control: retitle -1 ITA: mtx -- controls tape autochangers I'm going to adopt mtx, probably as part of the Bacula packaging team.
Bug#922025: latex2html: -prefix option broken with math formulas
Control: tags -1 +upstream +confirmed Hi Sébastien, > The -prefix option of latex2html is broken. I attach a minimal LaTeX file > (foo.tex), to replicate the problem. If I run: I've forwarded the report to the upstream Author. Regards, Carsten
Bug#921076: ITP: pound -- reverse proxy, load balancer and HTTPS front-end for Web servers
Package: wnpp Severity: wishlist Owner: Carsten Leonhardt * Package name: pound Version : 2.8 Upstream Author : Robert Segall * URL : http://www.apsis.ch/pound/ * License : GPL with OpenSSL exemption Programming Lang: C Description : reverse proxy, load balancer and HTTPS front-end for Web servers Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound can also issue HTTP redirects. This is to reintroduce pound into the archive after it had been removed in February 2018. The problem had been that it didn't build with OpenSSL 1.1, but patches exist now. If the previous maintainer (Cc'ed) is still interested, I suggest a co-maintainership.
Bug#918951: ipv6calc: Please add a package for mod_ipv6calc
Source: ipv6calc Severity: wishlist Dear maintainer, Please consider adding a package containing mod_ipv6calc. (Please also consider enhancing the existing package description so that searching for a tool to anonymize IP addresses, ipv6loganon can be found more easily) Thanks, Carsten
Bug#917654: texlive-latex-base: xr.sty v5.03 causes bacula-doc to FTBFS
Dear texlive-maintainers, please update texlive-latex-base to include the newest version of xr (v5.04), the current version (v5.03) causes bacula-doc to FTBFS. Regards, Carsten
Bug#915831: zfsutils-linux: Upgrading to 0.7.12 breaks during dpkg --configure
Hi, Chris Zubrzycki writes: > Here is the fix, or you can move zfs-share to zfs-zed for some reason: I can confirm this patch works. Aron Xu writes: > I'm temped to not ship init.d scripts for Buster if there is any > important issue open when freeze approaches (e.g. bug #915831). Please let's just stick to fixing bugs instead of introducing new ones (c.f. policy 9.11.). Best Regards, Carsten
Bug#917654: bacula-doc: FTBFS (LaTeX Error: Missing begin{document})
Control: merge 917654 917735 Hi, I'm sorry for having used your time by not reporting this myself. As far as I can say, one of the last TeX updates introduced this FTBFS. I have yet to find the exact cause. Regards, Carsten
Bug#916197: libpaper1: postrm fails, uses ucf unconditionally
Package: libpaper1 Version: 1.1.25 Severity: serious Dear Maintainer, the postrm fails because it uses ucf unconditionally. When executing the postrm, dependencies are not guaranteed to be installed. Please see /usr/share/doc/ucf/examples/postrm on how to do it corretly. See also https://piuparts.debian.org/sid/fail/libpaper1_1.1.25.log Regards, Carsten
Bug#840388: fusedav non-functional
Control: severity -1 grave This software appears to be non-functional. A tcpdump confirms that no network traffic between the client and the server is being generated. Tested on a current Debian 8.11. Only the fuse debug option makes it emit something. # fusedav -D -t 10 -o debug -u username -p password https://webdav/path /mnt FUSE library version: 2.9.3 nullpath_ok: 0 nopath: 0 utime_omit_ok: 0 unique: 1, opcode: INIT (26), nodeid: 0, insize: 56, pid: 0 INIT: 7.23 flags=0x0003fffb max_readahead=0x0002 INIT: 7.19 flags=0x0010 max_readahead=0x0002 max_write=0x0002 max_background=0 congestion_threshold=0 unique: 1, success, outsize: 40 ^C*** Caught signal *** Exiting cleanly.
Bug#881871: stretch-pu: package bacula/7.4.4+dfsg-6
Hi, is there a chance the fixed package will be accepted? Maybe you would prefer separate fixes for the two problems? Regards, Carsten
Bug#914254: bacula: fails to restore properly
Package: src:bacula Version: 9.2.2-1 Severity: serious On 20.11.18 21:59, Sven Hartge wrote: [...] when "-u root -g root -k" is set, even though the process runs as root, it doesn't have the proper capabilities anymore.
Bug#913825: bacula: FTBFS on mips and mipsel
Package: src:bacula Version: 9.2.2-1 Severity: serious postgresql-server-dev-11 depends on clang-7, this depends on libclang-common-7-dev and this contains 64bit libraries which makes it in turn depends on other 64bit libraries. Hence the "if test -d /usr/lib64" in db.m4 https://sources.debian.org/src/bacula/9.2.2-1/autoconf/bacula-macros/db.m4/#L288-L294 succeeds, leading to /usr/bin/g++ -fPIC -DPIC -shared -nostdlib /usr/lib/gcc/mipsel-linux-gnu/8/../../../mipsel-linux-gnu/crti.o /usr/lib/gcc/mipsel-linux-gnu/8/crtbeginS.o .libs/sqlite.o -L/usr/lib64 /usr/lib/mipsel-linux-gnu/libsqlite3.so -L/usr/lib/gcc/mipsel-linux-gnu/8 -L/usr/lib/gcc/mipsel-linux-gnu/8/../../../mipsel-linux-gnu -L/usr/lib/gcc/mipsel-linux-gnu/8/../../../../lib -L/lib/mipsel-linux-gnu -L/lib/../lib -L/usr/lib/mipsel-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mipsel-linux-gnu/8/../../.. -lstdc++ -lm -lc -lgcc_s /usr/lib/gcc/mipsel-linux-gnu/8/crtendS.o /usr/lib/gcc/mipsel-linux-gnu/8/../../../mipsel-linux-gnu/crtn.o -Wl,-z -Wl,relro -Wl,-soname -Wl,libbaccats-sqlite3-9.2.2.so -o .libs/libbaccats-sqlite3-9.2.2.so /usr/bin/ld: /usr/lib64/libgcc_s.so.1: error adding symbols: file in wrong format Note the "-L/usr/lib64". autoconf/bacula-macros/db.m4 needs to be fixed.
Bug#913795: lsof: new upstream version available
Package: lsof Version: 4.89+dfsg-0.1 Severity: wishlist Dear Maintainer, there is a new upstream version available (4.91) from http://www.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/unix/lsof/ or one of the other mirrors (see "mirrors" on the site). Also you apparently have missed the alioth -> salsa migration. Additionally, your own last upload was in 2009 which leads to the question if you are still interested in maintaining the package. Do you expect to put work into it, maybe even before the buster freeze? Or is it time to orphan it? Regards, Carsten
Bug#837351: tar: FTBFS on kfreebsd: --numeric-owner basic tests FAILED
Control: tags -1 + patch Hi, at the moment it's difflink.at (test number 92) that is failing for kFreeBSD. The test assumes "ln -L" is default behaviour, which seems to be correct on Linux, but not on BSD, where "ln -P" seems to be default (tested on kFreeBSD, FreeBSD and OpenBSD). The attached patch adds an explicit "-P" to make sure the correct link is created. Build tested successfully on kfreebsd-amd64. Regards, Carsten commit a74558ec0a5f83f952663c706b95905a642fea63 Author: Carsten Leonhardt Date: Wed Nov 14 18:39:37 2018 +0100 fix kfreebsd FTBS diff --git a/debian/patches/fix-for-difflink.at-failure.diff b/debian/patches/fix-for-difflink.at-failure.diff index 25f1549..471cdeb 100644 --- a/debian/patches/fix-for-difflink.at-failure.diff +++ b/debian/patches/fix-for-difflink.at-failure.diff @@ -5,8 +5,9 @@ index eadfb088..4e011760 100644 @@ -21,7 +21,7 @@ mkdir a genfile -f a/x ln -s x a/y - ln a/y a/z +-ln a/y a/z -tar cf a.tar a ++ln -P a/y a/z +tar cf a.tar a/x a/y a/z rm a/z ln -s x a/z
Bug#911932: micro-httpd: new upstream version available
Package: micro-httpd Version: 20051212-15.1 Severity: wishlist There is a new upstream version available (20140814) from http://www.acme.com/software/micro_httpd/
Bug#899306: latex2html: Some tables incorrectly translated
Control: reassign -1 latex2html 2015-debian1-1 Control: retitle -1 Some tables incorrectly translated Translation of some tables seems broken. For example, for the table http://www.bacula.org/git/cgit.cgi/docs/tree/docs/manuals/en/main/table_runscriptshortcuts.tex only the first column is translated and as second row a spurious "Â" is displayed: http://www.bacula.org/9.2.x-manuals/en/main/Configuring_Director.html#SECTION00193 (the table after the text "You can use these following shortcuts:")
Bug#826994: [Pkg-zfsonlinux-devel] Bug#826994: Bug#826994: Missing init-script(s)?
Aron Xu writes: > As said by "upstream", please have all the init scripts incorporated > to upstream ZoL repository and I can enable them quickly. You can find > that systemd support is shipped by upstream directly and we don't have > Debian local changes. I don't want to apply a big patch introducing > something not blessed by upstream, nor being actively used/tested > myself. Isn't this the upstream repository? https://github.com/zfsonlinux/zfs/tree/master/etc/init.d Did you look at Chris Dos' patch? It's quite small and as I wrote earlier, only touches one upstream file, where you made a change for systemd support too (because of the changed zed location). Regards, Carsten
Bug#826994: [Pkg-zfsonlinux-devel] Bug#826994: Missing init-script(s)?
Dear Aron, > I'm not against LSB support, please make it upstream. I think this > statement is clear enough. Great. In that case, please apply the patch that's being maintained by Chris Dos for quite some time now. You find it in this bug's history. It doesn't touch upstream except in zfs-functions.in, and that's only because the debian package modifies the install location of zed. The init-scripts are in the upstream source already for a long time. Quite probably longer than systemd support. > Control: severity -1 wishlist > > Please don't ping-pong here by changing the severity again, wishlist > is the final priority set for this bug. Quote from "severity levels" section: serious is a severe violation of Debian policy (roughly, it violates a "must" or "required" directive), or, in the package maintainer's or release manager's opinion, makes the package unsuitable for release. Regards, Carsten
Bug#909788: rng-tools5: Missing init script
Control: severity -1 serious Control: tags -1 + patch Not shipping init scripts equivalent to the service files violates policy 9.11, therefore the bug severity is serious. I've now attached a patch. diff -Nur rng-tools5-5/debian/changelog rng-tools5-5-patched/debian/changelog --- rng-tools5-5/debian/changelog 2018-10-16 23:41:15.0 +0200 +++ rng-tools5-5-patched/debian/changelog 2018-10-16 23:47:35.85600 +0200 @@ -1,3 +1,10 @@ +rng-tools5 (5-4) unstable; urgency=low + + [Carsten Leonhardt] + * Add init script. (Closes: #909788) + + -- Carsten Leonhardt Tue, 16 Oct 2018 23:45:50 +0200 + rng-tools5 (5-3) unstable; urgency=low * adds check so the daemon exits properly after receiving a diff -Nur rng-tools5-5/debian/rngd.init rng-tools5-5-patched/debian/rngd.init --- rng-tools5-5/debian/rngd.init 1970-01-01 01:00:00.0 +0100 +++ rng-tools5-5-patched/debian/rngd.init 2018-10-16 23:41:52.27200 +0200 @@ -0,0 +1,21 @@ +#!/bin/sh +# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing. +if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then +set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script +fi +### BEGIN INIT INFO +# Provides: rngd +# Required-Start:$remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: entropy gathering daemon (rngd) +# Description: Check and feed random data from hardware device +#to kernel random device + +### END INIT INFO + +# Author: Carsten Leonhardt + +DESC="entropy gathering daemon" +DAEMON=/usr/sbin/rngd
Bug#826994: Missing init-script(s)?
Control: severity -1 serious Not shipping init scripts equivalent to the service files violates policy 9.11, therefore the bug severity is serious.
Bug#909788: rng-tools5: Missing init script
Package: rng-tools5 Version: 5-1 Severity: important Dear Maintainer, the daemon doesn't start automatically because there's no init script included. I've attached a working example. Regards, Carsten #!/bin/sh # kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing. if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script fi ### BEGIN INIT INFO # Provides: rngd # Required-Start:$remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: entropy gathering daemon (rngd) # Description: Check and feed random data from hardware device #to kernel random device ### END INIT INFO # Author: Carsten Leonhardt DESC="entropy gathering daemon" DAEMON=/usr/sbin/rngd
Bug#909460: Trouble with the sqlite3 upgrade path
Hi, I found the source. Upstream commit ac391519c8e4125db0662dea92e7550d95bd9a16 "Permit catalog to contain negative FileIndexes", added shortly before the 9.2.1 release. This makes me wonder about how these schema updates would reach people that are already on db version 16. For us, we can fix that by adding yet more manual snippets for dbconfig... Sven Hartge wrote: > Looking at the code, it seems we have to create a temp table with the > new schema and then select everything from the old table into it, then > removing the old table and finally renaming the temp table. > > Just like it was done with basefiles_temp. Yes, when I read your mail I remembered having done that before... I'll take care of this, but probably after fixing latex2html and bacula-docs. - Carsten
Bug#909460: Trouble with the sqlite3 upgrade path
Source: bacula Version: 9.2.1-1 Severity: serious Hi, according to piuparts: applying upgrade sql for 7.4.4+dfsg-6 -> 9.0.0. Error: near line 84: near "MODIFY": syntax error Error: near line 85: near "MODIFY": syntax error Error: near line 86: near "MODIFY": syntax error https://piuparts.debian.org/stable2sid/fail/bacula-director-sqlite3_9.2.1-1.log The version in stretch-backports contains the 9.0.0 update too but stretch2bpo works ok. - Carsten
Bug#899306: bacula-doc: Broken table in HTML version
Package: bacula-doc Version: 9.0.5-1 Severity: normal The file "main.pdf" has a table in section "Configuring the Director", subsection "The Job Resource", item "RunScript" after the text "You can use these following shortcuts:" (currently on page 160). This table is broken/incomplete in the HTML-version (main/Configuring_Director.html). I'm not sure yet if the problem is in bacula-doc or in latex2html.
Bug#869655: approx frequently FTBFS with test failures
On Tue, 25 Jul 2017 14:36:03 +0300 Adrian Bunkwrote: > Source: approx > Version: 5.9-1 > Severity: serious > > Not sure whether there's a pattern when it fails > or whether tests fail randomly (and frequently): > > https://buildd.debian.org/status/package.php?p=approx=sid > https://tests.reproducible-builds.org/debian/history/approx.html > https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/approx.html I don't see build failures for current version 5.10-1 in any of the referenced locations. Is there a reason to not close this bug? - Carsten
Bug#893591: e2fsprogs: circular build dependency block build on kfreebsd
"Theodore Y. Ts'o"writes: > On Wed, Mar 21, 2018 at 09:47:41AM +0100, Ansgar Burchardt wrote: >> There no longer are any kfreebsd buildds, see >> https://lists.debian.org/debian-bsd/2017/12/msg8.html > > Does that mean the kfreebsd port has been discontinued, and a whole > bunch of dashboards and web/wikipages are out of date? There are or have been people wanting to set up new buildds. But the reality seems to be that the former core developers no longer have time to work on kfreebsd and nobody else has stepped in so far. Regards, Carsten
Bug#881871: stretch-pu: package bacula/7.4.4+dfsg-6
Control: tags -1 - moreinfo "Adam D. Barratt" <a...@adam-barratt.org.uk> writes: > - --oknodo --exec $DAEMON --chuid $BUSER:$BGROUP -- -c $CONFIG > + --oknodo --exec $DAEMON -- -g $BUSER -g $BGROUP -c $CONFIG > > The first of those "-g" is presumably supposed to be "-u". I realise > this may seem a small point, but it does make me wonder how it wasn't > caught in testing. Thank you for your work and for catching this. A new version of the patch is attached. Regards, Carsten diff --git a/debian/bacula-common.preinst b/debian/bacula-common.preinst index 056c2944..d0b323fa 100644 --- a/debian/bacula-common.preinst +++ b/debian/bacula-common.preinst @@ -12,6 +12,14 @@ case "$1" in echo "Ok." fi ;; + install|upgrade) + # purging bacula-director-common can mistakenly delete bacula-dir.conf + # neutralize the offending line in its postrm; see bug #880529 for details + if dpkg-query -l bacula-director-common > /dev/null 2>&1 && \ + [ -e /var/lib/dpkg/info/bacula-director-common.postrm ]; then + sed -i 's/rm -f $CONFFILE $CONFFILE.dist/#disabled: bug #880529# rm -f $CONFFILE $CONFFILE.dist/' /var/lib/dpkg/info/bacula-director-common.postrm + fi + ;; esac # dh_installdeb will replace this with shell code automatically diff --git a/debian/bacula-director.init b/debian/bacula-director.init index 8ac7c36a..89cfbe65 100644 --- a/debian/bacula-director.init +++ b/debian/bacula-director.init @@ -67,7 +67,7 @@ do_start() { if $DAEMON -u $BUSER -g $BGROUP -t -c $CONFIG > /dev/null 2>&1; then start-stop-daemon --start --quiet --pidfile $PIDFILE \ - --oknodo --exec $DAEMON --chuid $BUSER:$BGROUP -- -c $CONFIG + --oknodo --exec $DAEMON -- -u $BUSER -g $BGROUP -c $CONFIG return 0 else log_progress_msg "- the configtest" diff --git a/debian/bacula-fd.init b/debian/bacula-fd.init index 649b9cc1..698e4ea3 100644 --- a/debian/bacula-fd.init +++ b/debian/bacula-fd.init @@ -54,7 +54,7 @@ do_start() { if $DAEMON -u $BUSER -g $BGROUP -t -c $CONFIG > /dev/null 2>&1; then start-stop-daemon --start --quiet --pidfile $PIDFILE \ - --oknodo --exec $DAEMON --chuid $BUSER:$BGROUP -- -c $CONFIG + --oknodo --exec $DAEMON -- -u $BUSER -g $BGROUP -c $CONFIG return 0 else log_progress_msg "- the configtest" diff --git a/debian/bacula-sd.init b/debian/bacula-sd.init index 47c3d07d..8559f335 100644 --- a/debian/bacula-sd.init +++ b/debian/bacula-sd.init @@ -51,9 +51,9 @@ PIDFILE=/run/bacula/$NAME.$PORT.pid do_start() { - if $DAEMON -g $BUSER -g $BGROUP -t -c $CONFIG > /dev/null 2>&1; then + if $DAEMON -u $BUSER -g $BGROUP -t -c $CONFIG > /dev/null 2>&1; then start-stop-daemon --start --quiet --pidfile $PIDFILE \ - --oknodo --exec $DAEMON --chuid $BUSER:$BGROUP -- -c $CONFIG + --oknodo --exec $DAEMON -- -u $BUSER -g $BGROUP -c $CONFIG return 0 else log_progress_msg "- the configtest" diff --git a/debian/changelog b/debian/changelog index d0a4ac54..81b0627a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,21 @@ +bacula (7.4.4+dfsg-6+deb9u1) stretch; urgency=medium + + [Sven Hartge] + * Let PID files be owned by root. Mitigates a minor security problem +similar to CVE 2017-14610. Note that this change disables automatic +tracebacks. + + [Carsten Leonhardt] + * Added transitional package bacula-director-common, the old leftover +package can't be safely purged otherwise (it deletes +/etc/bacula/bacula-dir.conf in postrm which now belongs to the +bacula-director package). For the case when the package + bacula-director-common is deinstalled but not purged, we neutralize +the offending postrm script when upgrading bacula-common. (Closes: +#880529) + + -- Carsten Leonhardt <l...@debian.org> Wed, 15 Nov 2017 22:55:15 +0100 + bacula (7.4.4+dfsg-6) unstable; urgency=medium [Sven Hartge] diff --git a/debian/control b/debian/control index 19418610..7c310185 100644 --- a/debian/control +++ b/debian/control @@ -357,3 +357,13 @@ Description: network backup service - Bacula Administration Tool . This GUI interface has been designed to ease restore operations as much as possible as compared to the basic text console. + +Package: bacula-director-common +Section: oldlibs +Architecture: any +Pre-Depends: ${misc:Pre-Depends} +Depends: + bacula-common (= ${binary:Version}), + ${misc:Depends} +Description: transitional package + This is a transitional package. It can safely be removed. diff --git a/debian/patches/non-forking-systemd-units.patch b/debian/patches/non-forking-systemd-units.patch index 636c9153..03cdabd7 100644 --- a/debian/patches/non-forking-systemd-units.patch +++ b/debian/patches/non-forking-systemd-units.patch @@ -20,13 +20,13 @@ Author: Sven Hartge <s...@svenhartge.de> -PIDFile=@piddir@/bacula-dir.@dir_port@.pid -E
Bug#881871: stretch-pu: package bacula/7.4.4+dfsg-6
Hi, here is a new version of the patch. I now additionally let bacula-common.preinst check for the existence of bacula-director-common.postrm and comment out the offending line if found (first chunk in the diff). I chose to use bacula-common because it is depended upon by all other bacula packages. I've also amended the text in the changelog, otherwise the rest of the patch is the same as the previous version. The patch is also viewable at https://salsa.debian.org/bacula-team/bacula/compare/debian%2F7.4.4+dfsg-6...stretch Thanks, Carsten diff --git a/debian/bacula-common.preinst b/debian/bacula-common.preinst index 056c2944..d0b323fa 100644 --- a/debian/bacula-common.preinst +++ b/debian/bacula-common.preinst @@ -12,6 +12,14 @@ case "$1" in echo "Ok." fi ;; + install|upgrade) + # purging bacula-director-common can mistakenly delete bacula-dir.conf + # neutralize the offending line in its postrm; see bug #880529 for details + if dpkg-query -l bacula-director-common > /dev/null 2>&1 && \ + [ -e /var/lib/dpkg/info/bacula-director-common.postrm ]; then + sed -i 's/rm -f $CONFFILE $CONFFILE.dist/#disabled: bug #880529# rm -f $CONFFILE $CONFFILE.dist/' /var/lib/dpkg/info/bacula-director-common.postrm + fi + ;; esac # dh_installdeb will replace this with shell code automatically diff --git a/debian/bacula-director.init b/debian/bacula-director.init index 8ac7c36a..89cfbe65 100644 --- a/debian/bacula-director.init +++ b/debian/bacula-director.init @@ -67,7 +67,7 @@ do_start() { if $DAEMON -u $BUSER -g $BGROUP -t -c $CONFIG > /dev/null 2>&1; then start-stop-daemon --start --quiet --pidfile $PIDFILE \ - --oknodo --exec $DAEMON --chuid $BUSER:$BGROUP -- -c $CONFIG + --oknodo --exec $DAEMON -- -u $BUSER -g $BGROUP -c $CONFIG return 0 else log_progress_msg "- the configtest" diff --git a/debian/bacula-fd.init b/debian/bacula-fd.init index 649b9cc1..698e4ea3 100644 --- a/debian/bacula-fd.init +++ b/debian/bacula-fd.init @@ -54,7 +54,7 @@ do_start() { if $DAEMON -u $BUSER -g $BGROUP -t -c $CONFIG > /dev/null 2>&1; then start-stop-daemon --start --quiet --pidfile $PIDFILE \ - --oknodo --exec $DAEMON --chuid $BUSER:$BGROUP -- -c $CONFIG + --oknodo --exec $DAEMON -- -u $BUSER -g $BGROUP -c $CONFIG return 0 else log_progress_msg "- the configtest" diff --git a/debian/bacula-sd.init b/debian/bacula-sd.init index 47c3d07d..e3863840 100644 --- a/debian/bacula-sd.init +++ b/debian/bacula-sd.init @@ -53,7 +53,7 @@ do_start() { if $DAEMON -g $BUSER -g $BGROUP -t -c $CONFIG > /dev/null 2>&1; then start-stop-daemon --start --quiet --pidfile $PIDFILE \ - --oknodo --exec $DAEMON --chuid $BUSER:$BGROUP -- -c $CONFIG + --oknodo --exec $DAEMON -- -g $BUSER -g $BGROUP -c $CONFIG return 0 else log_progress_msg "- the configtest" diff --git a/debian/changelog b/debian/changelog index d0a4ac54..81b0627a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,21 @@ +bacula (7.4.4+dfsg-6+deb9u1) stretch; urgency=medium + + [Sven Hartge] + * Let PID files be owned by root. Mitigates a minor security problem +similar to CVE 2017-14610. Note that this change disables automatic +tracebacks. + + [Carsten Leonhardt] + * Added transitional package bacula-director-common, the old leftover +package can't be safely purged otherwise (it deletes +/etc/bacula/bacula-dir.conf in postrm which now belongs to the +bacula-director package). For the case when the package +bacula-director-common is deinstalled but not purged, we neutralize + the offending postrm script when upgrading bacula-common. (Closes: +#880529) + + -- Carsten Leonhardt <l...@debian.org> Wed, 15 Nov 2017 22:55:15 +0100 + bacula (7.4.4+dfsg-6) unstable; urgency=medium [Sven Hartge] diff --git a/debian/control b/debian/control index 19418610..7c310185 100644 --- a/debian/control +++ b/debian/control @@ -357,3 +357,13 @@ Description: network backup service - Bacula Administration Tool . This GUI interface has been designed to ease restore operations as much as possible as compared to the basic text console. + +Package: bacula-director-common +Section: oldlibs +Architecture: any +Pre-Depends: ${misc:Pre-Depends} +Depends: + bacula-common (= ${binary:Version}), + ${misc:Depends} +Description: transitional package + This is a transitional package. It can safely be removed. diff --git a/debian/patches/non-forking-systemd-units.patch b/debian/patches/non-forking-systemd-units.patch index 636c9153..03cdabd7 100644 --- a/debian/patches/non-forking-systemd-units.patch +++ b/debian/patches/non-forking-systemd-units.patch @@ -20,13 +20,13 @@ Author: Sven Hartge <s...@svenhartge.de> -PIDFile=@piddir@/bacula-dir.@dir_port@.pid -ExecReload=@sbindir@/bacula-dir -t -c @sysconfdir@/bacula-dir.conf +Type=simple -+User=bacula -+Group=bacula ++User=root ++Group=roo
Bug#881871: stretch-pu: package bacula/7.4.4+dfsg-6
Julien Cristau <jcris...@debian.org> writes: > On 01/15/2018 08:32 AM, Carsten Leonhardt wrote: >> Julien Cristau <jcris...@debian.org> writes: >> >>> Control: tag -1 moreinfo >>> >>> On Thu, Nov 16, 2017 at 00:02:29 +0100, Carsten Leonhardt wrote: >>> >>>> 2) Bug #880529: When updating from jessie to stretch, the package >>>> "bacula-director-common" will be removed, but the postrm will stay >>>> around. Upon purging this package, postrm unconditionally removes the >>>> main bacula configuration file /etc/bacula/bacula-dir.conf, leaving >>>> bacula unusable. We fix this by introducing a transitional package that >>>> can then be safely removed. >>>> >>> It sounds like this won't solve the issue for anyone who has already >>> upgraded but hasn't yet purged bacula-director-common. Couldn't >>> bacula-director's postinst neuter the old postrm instead? >> >> Are you sure? I'd say that these people will get the upgrade to the >> transitional package and this will remove the old postrm. >> > How would they get an update to a removed package? (Yes, I'm pretty sure.) I see your point now. My proposed solution only helps people that still have the package installed. I'll work on a better solution. Regards, Carsten
Bug#881871: stretch-pu: package bacula/7.4.4+dfsg-6
Julien Cristau <jcris...@debian.org> writes: > Control: tag -1 moreinfo > > On Thu, Nov 16, 2017 at 00:02:29 +0100, Carsten Leonhardt wrote: > >> 2) Bug #880529: When updating from jessie to stretch, the package >> "bacula-director-common" will be removed, but the postrm will stay >> around. Upon purging this package, postrm unconditionally removes the >> main bacula configuration file /etc/bacula/bacula-dir.conf, leaving >> bacula unusable. We fix this by introducing a transitional package that >> can then be safely removed. >> > It sounds like this won't solve the issue for anyone who has already > upgraded but hasn't yet purged bacula-director-common. Couldn't > bacula-director's postinst neuter the old postrm instead? Are you sure? I'd say that these people will get the upgrade to the transitional package and this will remove the old postrm. Regards, Carsten
Bug#881871: stretch-pu: package bacula/7.4.4+dfsg-6
Hi, is there anything else I can do to help this into the next stable update? Or at least only one of the changes? Regards, Carsten
Bug#881871: stretch-pu: package bacula/7.4.4+dfsg-6
Hi, > 2) Bug #880529: When updating from jessie to stretch, the package > "bacula-director-common" will be removed, but the postrm will stay > around. Upon purging this package, postrm unconditionally removes the > main bacula configuration file /etc/bacula/bacula-dir.conf, leaving > bacula unusable. We fix this by introducing a transitional package that > can then be safely removed. I just noticed that I left out a detail that might help understand the problem: the configuration file used to be owned by the package "bacula-director-common", but ownership moved to the new package "bacula-director". Regards, Carsten
Bug#881871: stretch-pu: package bacula/7.4.4+dfsg-6
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hi, we would like to fix the following two problems in stable: 1 ) The bacula packages are vulnerable to a security problem similar to CVE 2017-14610 (PID files not owned by root). On the downside this change disables a bacula feature that permits automatic tracebacks on a crash. I've mailed the security team about this, they recommended a stable update. 2) Bug #880529: When updating from jessie to stretch, the package "bacula-director-common" will be removed, but the postrm will stay around. Upon purging this package, postrm unconditionally removes the main bacula configuration file /etc/bacula/bacula-dir.conf, leaving bacula unusable. We fix this by introducing a transitional package that can then be safely removed. Regards, Carsten -- System Information: Debian Release: 9.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'oldstable-updates'), (500, 'oldoldstable'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) diff -Nru bacula-7.4.4+dfsg/debian/bacula-director.init bacula-7.4.4+dfsg/debian/bacula-director.init --- bacula-7.4.4+dfsg/debian/bacula-director.init 2017-02-26 13:39:25.0 +0100 +++ bacula-7.4.4+dfsg/debian/bacula-director.init 2017-11-15 22:55:15.0 +0100 @@ -67,7 +67,7 @@ { if $DAEMON -u $BUSER -g $BGROUP -t -c $CONFIG > /dev/null 2>&1; then start-stop-daemon --start --quiet --pidfile $PIDFILE \ - --oknodo --exec $DAEMON --chuid $BUSER:$BGROUP -- -c $CONFIG + --oknodo --exec $DAEMON -- -u $BUSER -g $BGROUP -c $CONFIG return 0 else log_progress_msg "- the configtest" diff -Nru bacula-7.4.4+dfsg/debian/bacula-fd.init bacula-7.4.4+dfsg/debian/bacula-fd.init --- bacula-7.4.4+dfsg/debian/bacula-fd.init 2017-02-26 13:39:25.0 +0100 +++ bacula-7.4.4+dfsg/debian/bacula-fd.init 2017-11-15 22:55:15.0 +0100 @@ -54,7 +54,7 @@ { if $DAEMON -u $BUSER -g $BGROUP -t -c $CONFIG > /dev/null 2>&1; then start-stop-daemon --start --quiet --pidfile $PIDFILE \ - --oknodo --exec $DAEMON --chuid $BUSER:$BGROUP -- -c $CONFIG + --oknodo --exec $DAEMON -- -u $BUSER -g $BGROUP -c $CONFIG return 0 else log_progress_msg "- the configtest" diff -Nru bacula-7.4.4+dfsg/debian/bacula-sd.init bacula-7.4.4+dfsg/debian/bacula-sd.init --- bacula-7.4.4+dfsg/debian/bacula-sd.init 2017-02-26 13:39:25.0 +0100 +++ bacula-7.4.4+dfsg/debian/bacula-sd.init 2017-11-15 22:55:15.0 +0100 @@ -53,7 +53,7 @@ { if $DAEMON -g $BUSER -g $BGROUP -t -c $CONFIG > /dev/null 2>&1; then start-stop-daemon --start --quiet --pidfile $PIDFILE \ - --oknodo --exec $DAEMON --chuid $BUSER:$BGROUP -- -c $CONFIG + --oknodo --exec $DAEMON -- -g $BUSER -g $BGROUP -c $CONFIG return 0 else log_progress_msg "- the configtest" diff -Nru bacula-7.4.4+dfsg/debian/changelog bacula-7.4.4+dfsg/debian/changelog --- bacula-7.4.4+dfsg/debian/changelog 2017-02-26 13:39:25.0 +0100 +++ bacula-7.4.4+dfsg/debian/changelog 2017-11-15 22:55:15.0 +0100 @@ -1,3 +1,17 @@ +bacula (7.4.4+dfsg-6+deb9u1) stretch; urgency=medium + + [Sven Hartge] + * Let PID files be owned by root. Mitigates a minor security problem +similar to CVE 2017-14610. Note that this change disables automatic +tracebacks. + + [ Carsten Leonhardt ] + * Added transitional package bacula-director-common, the old leftover +package can't be safely purged otherwise (it deletes +/etc/bacula/bacula-dir.conf in postrm) (Closes: #880529) + + -- Carsten Leonhardt <l...@debian.org> Wed, 15 Nov 2017 22:55:15 +0100 + bacula (7.4.4+dfsg-6) unstable; urgency=medium [Sven Hartge] diff -Nru bacula-7.4.4+dfsg/debian/control bacula-7.4.4+dfsg/debian/control --- bacula-7.4.4+dfsg/debian/control 2017-02-26 13:39:25.0 +0100 +++ bacula-7.4.4+dfsg/debian/control 2017-11-15 22:55:15.0 +0100 @@ -357,3 +357,13 @@ . This GUI interface has been designed to ease restore operations as much as possible as compared to the basic text console. + +Package: bacula-director-common +Section: oldlibs +Architecture: any +Pre-Depends: ${misc:Pre-Depends} +Depends: + bacula-common (= ${binary:Version}), + ${misc:Depends} +Description: transitional package + This is a transitional package. It can safely be removed. diff -Nru bacula-7.4.4+dfsg/debian/patches/non-forking-systemd-units.patch bacula-7.4.4+dfsg/debian/patches/non-forking-systemd-units.patch --- bacula-7.4.4+dfsg/debian/patches/non-forking-systemd-units.patch 2017-02-26 13:39:25.0 +0100 +++ bacula-7.4.4+dfsg/debian/patches/non-forking-systemd-units.patch 2017-11-15 22:55:15.
Bug#874836: [bacula] Future Qt4 removal from Buster
Control: tag -1 - patch The upstream patch is incomplete and not yet useable.
Bug#874836: [bacula] Future Qt4 removal from Buster
Control: tag -1 patch There's a patch to support Qt5 in upstream's git repository, I'll check it and upload a fixed version if it's ok.
Bug#881271: [pkg-bacula-devel] Bug#881271: bacula: FTBFS on hurd-i386: XACL_Hurd not declared
Control: tag -1 patch There's a patch in upstream's git repository, I'll check it and upload a fixed version if it's ok.
Bug#850895: bacula: Please migrate to openssl1.1 in buster
Sebastian Andrzej Siewior <sebast...@breakpoint.cc> writes: > On 2017-11-10 00:48:34 [+0100], Carsten Leonhardt wrote: >> Sebastian Andrzej Siewior <sebast...@breakpoint.cc> writes: >> adding that patch on top of the others I get the following error when >> trying to compile: >> >> Compiling openssl.c >> openssl.c: In function 'int init_crypto()': >> openssl.c:289:11: error: invalid conversion from 'int (*)(const char*, >> stat*) throw ()' to 'int' [-fpermissive] >> return stat; > > grml. The attached version should do it. This version didn't throw an error while compiling, thanks. >> The first set of 5 patches seem to work though, a backup run with them >> is almost finished now without apparent problems. > > Okay. So if it works and you so no problems we could throw them at > upsteam, right? I'll wait until tomorrow before contacting upstream again, to see if another backup run works without problems. The patched version is in experimental, btw. Regards, Carsten
Bug#850895: bacula: Please migrate to openssl1.1 in buster
Sebastian Andrzej Siewiorwrites: Hi, > oh boy. Yes, definitely. Something like that in the attached patch? > (this time not even compile tested). adding that patch on top of the others I get the following error when trying to compile: Compiling openssl.c openssl.c: In function 'int init_crypto()': openssl.c:289:11: error: invalid conversion from 'int (*)(const char*, stat*) throw ()' to 'int' [-fpermissive] return stat; ^~~~ Makefile:182: recipe for target 'openssl.lo' failed make[3]: *** [openssl.lo] Error 1 The first set of 5 patches seem to work though, a backup run with them is almost finished now without apparent problems. Regards, Carsten
Bug#881271: bacula: FTBFS on hurd-i386: XACL_Hurd not declared
Control: tag -1 upstream confirmed Hi Aaron, > Builds of bacula 9.0.x for hurd-i386 (admittedly not a release > architecture) have been failing: [...] > xacl.c:1323:15: error: 'XACL_Hurd' was not declared in this scope [...] > Could you please take a look? I'm aware of this - it's due to an upstream change/bug. I'll report it to the upstream bug tracker shortly. Regards, Carsten
Bug#850895: bacula: Please migrate to openssl1.1 in buster
Hi Sebastian, Sebastian Andrzej Siewiorwrites: > please find attached a few patches :) I can compile against 1.0.2 and > 1.1 with them applied. Please do some testing. There is no testsuite so… first a big thanks! I'll give it some testing and will point upstream to your patches. (There's actually an extensive test suite, but sadly it's not yet integrated in our packaging.) Regards, Carsten
Bug#880529: Conffile bacula-dir.conf can be lost; unowned conffiles
Source: bacula Version: 5.2.6+dfsg-9.3 Severity: serious The main configuration files (bacula-{dir,sd,fd}.conf, bconsole.conf, bat.conf) in the bacula packages aren't registered as belonging to their respective packages. This leads to the following problem: Due to the restructuring of the packaging (which happened in version 7.4.3+dfsg-3), when upgrading to the packages 7.4.3+dfsg-3 or later, the conffile /etc/bacula/bacula-dir.conf will be deleted when the obsoleted package "bacula-director-common" is purged. This is an error as the file should be owned by the new package "bacula-director".
Bug#880369: [pkg-bacula-devel] Bug#880369: bacula: missing package location
Hi, >* What led up to the situation? > > trying to re-install bacula, bacula-dir test program is missing and I cannot > locate the package it is in >* What outcome did you expect instead? > > to get /usr/sbin/bacula-dir installed the package "bacula-director" contains the program /usr/sbin/bacula-dir. You can also use the search at https://packages.debian.org. If this answer doesn't help, please clarify your problem more precisely. Regards, Carsten
Bug#850895: [pkg-bacula-devel] Bug#850895: Bug#850895: bacula: Please migrate to openssl1.1 in buster
Hi Sebastian, > Arch, Fedora and Gentoo provide OpenSSL 1.1. They are also stucked with > 1.0 as compatibility layer. > >> Lastly, the bug is tagged "help" for quite some time already, but help >> doesn't seem to be forthcoming. > > Could please check if one of the three distos I mentioned has patch? If > not, please ping me again and I take a look at the code. I've checked all three distros, Fedora and Arch use OpenSSL 1.0 to build bacula. For Gentoo I'm not sure I can parse the ebuild-files correctly, but I think they use LibreSSL - in any case there's no patch to enable building with OpenSSL 1.1. Regards, Carsten
Bug#850895: [pkg-bacula-devel] Bug#850895: bacula: Please migrate to openssl1.1 in buster
Hi Sebastian, > this is a remainder about the openssl transition [0]. We really want to > remove libssl1.0-dev from unstable for Buster. I will raise the severity > of this bug to serious in a month. Please react before that happens. I'm not sure what my reaction should be. I myself will not attempt to migrate bacula to the new OpenSSL API, as my programming experience is insufficient to touch this security sensitive code. Upstream does not see a pressing need because OpenSSL version 1.0.2 is supported until 2019-12-31 - significantly longer than 1.0.2. Are there any other distributions that already dropped, or will drop OpenSSL v1.0 support in the near future that I can use as an argument for upstream? Lastly, the bug is tagged "help" for quite some time already, but help doesn't seem to be forthcoming. Regards, Carsten
Bug#728582: bacula-sd on kFreeBSD: unable to use tape drive
Control: tags -1 + unreproducible Hi, FreeBSD has some notes about using bacula: https://github.com/freebsd/freebsd-ports/blob/master/sysutils/bacula-server/files/pkg-message.server.in In particular the following part: > Due to lack of some features in the FreeBSD tape driver implementation > you MUST add some OS dependent options to the bacula-sd.conf file: > Hardware End of Medium = no; > Backward Space Record = no; > Backward Space File= no; > With 2 filemarks at EOT (see man mt): > Fast Forward Space File = no; > BSF at EOM = yes; > TWO EOF= yes; > With 1 filemarks at EOT (see man mt): > Fast Forward Space File = yes; > BSF at EOM = no; > TWO EOF = no; > NOTE: YOU CAN SWITCH EOT model ONLY when starting from scratch with > EMPTY tapes." Would you be able to confirm whether following this advice makes tape drives useable under kFreeBSD? Regards, Carsten
Bug#835120: lintian: false positive: virtual-package-depends-without-real-package-depends for bacula-director
Chris Lambwrites: > Mattia Rizzolo wrote: > >> trying to regenerate [the list] drops the bacula-director and >> bacula-sd-tools packages and adds bacula-director-database. > > Is that incorrect? No, that would be correct. Regards, Carsten
Bug#835120: lintian: false positive: virtual-package-depends-without-real-package-depends in experimental
Mattia Rizzolowrites: > Then it just needs to be removed from that list. > I'd attach a patch, but that list is actually automatically generated, > and indeed trying to regenerate it it drops the baula-director and > bacula-sd-tools packages and adds bacula-director-database. So I guess that this list should be regenerated from time to time. Is there a reason to not update it during build? Regards, Carsten
Bug#835120: lintian: false positive: virtual-package-depends-without-real-package-depends in experimental
Dear Maintainer, just to let you know that lintian still reports bacula-server W virtual-package-depends-without-real-package-depends depends: bacula-director which I have overridden, but it also reports this for the automatic package bacula-director-dbgsym where I don't see how I could override it using debhelper. So it had nothing to do with experimental as I suspected first. Reminder: bacula-director was a virtual package in jessie and older but is a real package in stretch and newer. - Carsten
Bug#874836: [pkg-bacula-devel] Bug#874836: [bacula] Future Qt4 removal from Buster
Control: forwarded -1 https://sourceforge.net/p/bacula/mailman/bacula-devel/thread/87r2v9tt7s.fsf%40arioch.leonhardt.eu/#msg36038406 Control: tag -1 + upstream Hi, > Hi! As you might know we the Qt/KDE team are preparing to remove Qt4 > as [announced] in: I've reported this to the upstream devel list for now. - Carsten
Bug#486131: [pkg-bacula-devel] Bug#486131: Problem still exists in wheezy 5.2.6
Hi Pierre, do you still experience bacula-sd crashing if an FD is unreachable, and can you reproduce the problem in bacula 7.4.4 from Debian 9 (stretch)? With that version, backtraces should be working. - Carsten
Bug#863799: ITP: redtick -- tiny pomodoro timer for Emacs
Sean Whittonwrites: > Description : tiny pomodoro timer for Emacs I'm curious to see the long description, as I don't see the relationship between tomatoes and timers. - Carsten
Bug#857979: approx: does not start on sysvinit system
Hi, you could add a depends on "systemd-sysv | update-inetd" and configure inetd only if it's installed: [ -x /usr/sbin/update-inetd ] And I'd recommend getting the fix into stretch, otherwise non-systemd approx users will have a surprise when they dist-upgrade. - Carsten
Bug#858194: unblock: libsecret/0.18.5-3.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package libsecret This version fixes ##855951 "libsecret FTBFS with test failures on many architectures". I've included the debdiff between the last version in testing and this proposed new version. unblock libsecret/0.18.5-3.1 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) diff -Nru libsecret-0.18.5/debian/changelog libsecret-0.18.5/debian/changelog --- libsecret-0.18.5/debian/changelog 2016-09-04 12:16:44.0 +0200 +++ libsecret-0.18.5/debian/changelog 2017-03-18 16:56:31.0 +0100 @@ -1,3 +1,25 @@ +libsecret (0.18.5-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * debian/patches/0004-tests-collection-add-setup-delay.patch: ++ Fix failing test "collection/delete-sync" by correctly placing + the delay. Closes: #855951. + + -- Carsten Leonhardt <l...@debian.org> Sat, 18 Mar 2017 15:56:31 + + +libsecret (0.18.5-3) unstable; urgency=medium + + [ Jeremy Bicha ] + * Add basic autopkgtest to run upstream build tests + + [ Emilio Pozuelo Monfort ] + * debian/patches/0004-tests-collection-add-setup-delay.patch: ++ Add some delay for the test bus to go up and down. Fixes a test + that otherwise may fail, especially when running on a single cpu + machine. Closes: #837067. + + -- Emilio Pozuelo Monfort <po...@debian.org> Tue, 21 Feb 2017 22:57:01 +0100 + libsecret (0.18.5-2) unstable; urgency=medium * Drop --disable-silent-rules from debian/rules. This is now handled by dh diff -Nru libsecret-0.18.5/debian/control libsecret-0.18.5/debian/control --- libsecret-0.18.5/debian/control 2016-09-04 12:16:44.0 +0200 +++ libsecret-0.18.5/debian/control 2017-03-18 16:56:31.0 +0100 @@ -6,7 +6,7 @@ Section: devel Priority: optional Maintainer: Debian GNOME Maintainers <pkg-gnome-maintain...@lists.alioth.debian.org> -Uploaders: Andreas Henriksson <andr...@fatal.se>, Michael Biebl <bi...@debian.org>, Sjoerd Simons <sjo...@debian.org> +Uploaders: Andreas Henriksson <andr...@fatal.se>, Emilio Pozuelo Monfort <po...@debian.org>, Michael Biebl <bi...@debian.org> Build-Depends: debhelper (>= 9), dh-autoreconf, intltool (>= 0.35.0), diff -Nru libsecret-0.18.5/debian/patches/0004-tests-collection-add-setup-delay.patch libsecret-0.18.5/debian/patches/0004-tests-collection-add-setup-delay.patch --- libsecret-0.18.5/debian/patches/0004-tests-collection-add-setup-delay.patch 1970-01-01 01:00:00.0 +0100 +++ libsecret-0.18.5/debian/patches/0004-tests-collection-add-setup-delay.patch 2017-03-18 16:55:44.0 +0100 @@ -0,0 +1,27 @@ +Author: Emilio Pozuelo Monfort <po...@debian.org> +Bug: https://bugzilla.gnome.org/show_bug.cgi?id=779041 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837067 + +Update by Carsten Leonhardt <l...@debian.org>: move sleep(1) to the +beginning of teardown() to address bug #855951 + +Index: libsecret-0.18.5/libsecret/test-collection.c +=== +--- libsecret-0.18.5.orig/libsecret/test-collection.c libsecret-0.18.5/libsecret/test-collection.c +@@ -56,12 +56,15 @@ setup (Test *test, + test->service = secret_service_get_sync (SECRET_SERVICE_NONE, NULL, ); + g_assert_no_error (error); + g_object_add_weak_pointer (G_OBJECT (test->service), (gpointer *)>service); ++ ++ sleep(1); + } + + static void + teardown (Test *test, + gconstpointer unused) + { ++ sleep(1); + g_object_unref (test->service); + secret_service_disconnect (); + g_assert (test->service == NULL); diff -Nru libsecret-0.18.5/debian/patches/series libsecret-0.18.5/debian/patches/series --- libsecret-0.18.5/debian/patches/series 2016-09-04 01:19:53.0 +0200 +++ libsecret-0.18.5/debian/patches/series 2017-02-21 22:56:07.0 +0100 @@ -1,3 +1,4 @@ 0001-build-Port-to-Python-3.patch 0002-libsecret-Get-rid-of-PyGI-warnings-about-unspecified.patch 0003-Makefile.am-Compile-vala-unstable-tests-with-SECRET_.patch +0004-tests-collection-add-setup-delay.patch diff -Nru libsecret-0.18.5/debian/tests/build libsecret-0.18.5/debian/tests/build --- libsecret-0.18.5/debian/tests/build 1970-01-01 01:00:00.0 +0100 +++ libsecret-0.18.5/debian/tests/build 2016-09-05 22:30:15.0 +0200 @@ -0,0 +1,2 @@ +#!/bin/sh +env -u LD_PRELOAD dbus-run-session -- make check diff -Nru libsecret-0.18.5/debian/tests/control libsecret-0.18.5/debian/tests/control --- libsecret-0.18.5/debian/tests/control 1970-01-01 01:00:00.0 +0100 +++ libsecret-0.18.5/deb
Bug#855951: Bug #855951: libsecret: diff for NMU version 0.18.5-3.1
Michael Bieblwrites: > I don't remember seeing the test suite to get stuck completely (as it > apparently did on kfreebsd-* now). It could well be a general problem of the kfreebsd buildds, as they regularly get completely stuck during the build of gcc-6 in the last weeks. Should I go ahead and request the unblock? - Carsten
Bug#855951: Bug #855951: libsecret: diff for NMU version 0.18.5-3.1
Hi, > The changes in 0.18.5-3 were supposed to fix #837067, i.e. the test > suite failing to pass on a single CPU machine. > > Did you test that as well? I did now, on a virtual single CPU kfreebsd-amd64 machine. 6 test runs, no failures. Or is this too modern? $ sysctl hw | head -n 3 hw.machine: amd64 hw.model: Intel Core i7 9xx (Nehalem Class Core i7) hw.ncpu: 1 I've never looked at this package before the BSP this weekend, does it have a history of getting stuck during the tests, like the buildds of kfreebsd did just now? - Carsten
Bug#855951: Bug #855951: libsecret: diff for NMU version 0.18.5-3.1
Michael Bieblwrites: > If you are sure it fixes the issue, feel free to upload without delay. I've made a dozen test runs of the collection tests on arm64, all passed. After double checking the buildd logs, I noticed a different failing test on mipsel, I've made 5 complete test runs there without failure. I'll move it to delayed/0 shortly. - Carsten
Bug#855951: Bug #855951: libsecret: diff for NMU version 0.18.5-3.1
Control: tags -1 patch pending Dear maintainer, I've prepared an NMU for libsecret (versioned as 0.18.5-3.1) and am about to upload it to DELAYED/5. Please feel free to tell me if I should delay it longer. After the package enters unstable, I'll open another bug for the release team to unblock it. - Carsten diff -Nru libsecret-0.18.5/debian/changelog libsecret-0.18.5/debian/changelog --- libsecret-0.18.5/debian/changelog 2017-02-21 22:57:01.0 +0100 +++ libsecret-0.18.5/debian/changelog 2017-03-18 16:56:31.0 +0100 @@ -1,3 +1,12 @@ +libsecret (0.18.5-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * debian/patches/0004-tests-collection-add-setup-delay.patch: ++ Fix failing test "collection/delete-sync" by correctly placing + the delay. Closes: #855951. + + -- Carsten Leonhardt <l...@debian.org> Sat, 18 Mar 2017 15:56:31 + + libsecret (0.18.5-3) unstable; urgency=medium [ Jeremy Bicha ] diff -Nru libsecret-0.18.5/debian/patches/0004-tests-collection-add-setup-delay.patch libsecret-0.18.5/debian/patches/0004-tests-collection-add-setup-delay.patch --- libsecret-0.18.5/debian/patches/0004-tests-collection-add-setup-delay.patch 2017-02-21 22:56:07.0 +0100 +++ libsecret-0.18.5/debian/patches/0004-tests-collection-add-setup-delay.patch 2017-03-18 16:55:44.0 +0100 @@ -2,9 +2,14 @@ Bug: https://bugzilla.gnome.org/show_bug.cgi?id=779041 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837067 a/libsecret/test-collection.c -+++ b/libsecret/test-collection.c -@@ -56,6 +56,8 @@ +Update by Carsten Leonhardt <l...@debian.org>: move sleep(1) to the +beginning of teardown() to address bug #855951 + +Index: libsecret-0.18.5/libsecret/test-collection.c +=== +--- libsecret-0.18.5.orig/libsecret/test-collection.c libsecret-0.18.5/libsecret/test-collection.c +@@ -56,12 +56,15 @@ setup (Test *test, test->service = secret_service_get_sync (SECRET_SERVICE_NONE, NULL, ); g_assert_no_error (error); g_object_add_weak_pointer (G_OBJECT (test->service), (gpointer *)>service); @@ -13,11 +18,10 @@ } static void -@@ -67,6 +69,7 @@ - g_assert (test->service == NULL); - - mock_service_stop (); + teardown (Test *test, + gconstpointer unused) + { + sleep(1); - } - - static void + g_object_unref (test->service); + secret_service_disconnect (); + g_assert (test->service == NULL);
Bug#857296: hol88-library is an empty package on arm64, hppa, and m68k
> Something weired seems to have happend to hol88-library. On some > architectures (arm64, hppa, m68k), the package is simply empty. Upon > closer inspection it turns out that the upstream build system simply > hides build failures. > > https://sources.debian.net/src/hol88/2.02.19940316-32/Makefile/#L291 > | (date; $(MAKE) hol; date; $(MAKE) library; date) > > Thus technically, hol88 fails to build from source, it violates policy > by not detecting such failure and it is dysfunctional by shipping > empty packages. I've discussed this bug with release team member Ivo De Decker. Currently the package builds ok on arm64, which means the underlying problem is probably in gcl. Nonetheless the build system needs to catch the build errors and abort. - Carsten