Bug#773832: systemd: LSB job raise network interfaces hangs with allow-hotplug and no cable
On 2014-12-24 10:34, Michael Biebl wrote: Am 23.12.2014 um 21:22 schrieb Hugh Davenport: Package: systemd Version: 215-7 Severity: normal Dear Maintainer, * What led up to the situation? Recently updated, and now boot hangs on LSB job raise network interfaces. Waited several minutes and still hanging. Says it has no limit. * What exactly did you do (or not do) that was effective (or ineffective)? Plugging in cable made it work. No cable it hanged. interfaces file had allow-hotplug, and NOT auto * What was the outcome of this action? When I commented out allow-hotplug, booted fine, with and without cable. With allow-hotplug, cable had to be in, otherwise would hang. * What outcome did you expect instead? Boot to happen with no delay, even if no cable plugged in. Maybe similar to bug #754218? My interfaces file is now: # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface # BUG: commented as hung on boot #allow-hotplug eth0 iface eth0 inet dhcp iface wlan0 inet dhcp wpa-essid redacted wpa-psk redacted Can you please try ifupdown 0.7.51 from unstable. It is supposed to fix this issue. That worked. This bug is a dup of bug #771943 it seems then. Sorry! -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#656640: (no subject)
Also happens for me, the packages provided in message 58 fix it. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697162: cryptsetup: Add support for a initramfs option
Package: cryptsetup Version: 2:1.1.3-4squeeze2 Severity: wishlist Tags: patch Hi, I have a system where the root device is *not* encrypted, but another device *is* encrypted and mounted during boot. This device is unlocked during the early phase of cryptsetup, but at this point there is no SSH daemon running to allow remote unlocking without the console. If the device was the root device, or a resume device, then it would be unlocked during the initramfs stage, which allows using a SSH daemon such as dropbear to be used to remotely unlock the device. The attached patch adds a new option initramfs which allows arbitrary devices to be able to be unlocked during the initramfs stage. The patch is applies cleanly to stable, testing, and unstable. Cheers, Hugh -- Package-specific info: -- /proc/cmdline BOOT_IMAGE=/boot/vmlinuz-2.6.32-5-amd64 root=UUID=0a7d3b19-2450-4f9d-95ec-9d61f1e07f2b ro console=tty0 console=ttyS0,115200 debug -- /etc/crypttab # target name source device key file options swap /dev/vda5 /dev/urandom swap vdb_crypt /dev/vdb none luks,initramfs -- /etc/fstab # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # file system mount point type options dump pass proc/proc procdefaults0 0 # / was on /dev/vda1 during installation UUID=0a7d3b19-2450-4f9d-95ec-9d61f1e07f2b / ext4 errors=remount-ro 0 1 # swap was on /dev/vda5 during installation #UUID=7fa4b1ae-f150-44e4-8a9b-39d23689baf0 noneswapsw 0 0 /dev/mapper/swap none swap sw 0 0 # /dev/mapper/vdb_crypt UUID=22e77b9e-9e69-41b1-a4d8-14be9a8a325a /mnt ext4 errors=remount-ro 0 2 -- lsmod Module Size Used by loop 11799 0 sha256_generic 8692 4 aes_x86_64 7340 4 aes_generic25714 1 aes_x86_64 cbc 2539 2 snd_pcm60487 0 snd_timer 15598 1 snd_pcm snd46526 2 snd_pcm,snd_timer soundcore 4598 1 snd joydev 8459 0 psmouse49985 0 snd_page_alloc 6249 1 snd_pcm evdev 7352 2 serio_raw 3752 0 pcspkr 1699 0 i2c_piix4 8328 0 i2c_core 15819 1 i2c_piix4 virtio_balloon 2961 0 button 4650 0 processor 29935 0 ext4 288382 2 mbcache 5050 1 ext4 jbd2 67111 1 ext4 crc16 1319 1 ext4 usbhid 33292 0 hid63257 1 usbhid dm_crypt 10664 2 dm_mod 53946 5 dm_crypt ata_generic 3239 0 virtio_net 10573 0 uhci_hcd 18521 0 ata_piix 21124 0 virtio_blk 4209 4 ehci_hcd 32097 0 libata133776 2 ata_generic,ata_piix floppy 49087 0 thermal11674 0 thermal_sys11942 2 processor,thermal scsi_mod 126725 1 libata usbcore 123271 4 usbhid,uhci_hcd,ehci_hcd nls_base6377 1 usbcore virtio_pci 5511 0 virtio_ring 3258 1 virtio_pci virtio 3309 4 virtio_balloon,virtio_net,virtio_blk,virtio_pci -- System Information: Debian Release: 6.0.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages cryptsetup depends on: ii dmsetup 2:1.02.48-5 The Linux Kernel Device Mapper use ii libc62.11.3-4Embedded GNU C Library: Shared lib ii libdevmapper1.02.1 2:1.02.48-5 The Linux Kernel Device Mapper use ii libpopt0 1.16-1 lib for parsing cmdline parameters ii libuuid1 2.17.2-9Universally Unique ID library cryptsetup recommends no packages. Versions of packages cryptsetup suggests: ii busybox 1:1.17.1-8 Tiny utilities for small and embed pn dosfstoolsnone (no description available) ii initramfs-tools [linux-initra 0.98.8 tools for generating an initramfs ii udev 164-3 /dev/ and hotplug management daemo -- no debconf information From d13ff91c8b360360c8654d7805e0fb4f701e1959 Mon Sep 17 00:00:00 2001 From: Hugh Davenport h...@davenport.net.nz Date: Wed, 2 Jan 2013 14:18:36 +1300 Subject: [PATCH] crypttab: Add support for initramfs option The option
Bug#695749: whois: If IPv6 times out after connection, IPv4 is not tried
Package: whois Version: 5.0.10 Severity: important Tags: ipv6 Hi, This is similar to bug #408096. So my IPv6 setup is slightly broken it seems... but that is another story. But it stops some connections staying open. If a do a whois lookup of google.com it goes to whois.crsnic.net over IPv6, gets a bit, then disconnects. Sample transcripts are below. Now it is a bit weird that if half goes through, as it works fine on firewall... just not in the internal network. IPv6 seems to work for everything else... (indeed, a whois of google.co.uk which goes to whois.nic.uk/2a01:618:8009:0:92d:f97:4c90:2b79 works fine...) I don't rely on whois that much, just found it odd so thought I would file a bug. Cheers, Hugh $ whois --verbose google.com Using server whois.crsnic.net. Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Timeout. $ $ telnet whois.crsnic.net 43 Trying 2001:503:7bbf:1060::74... Connected to whois.crsnic.net. Escape character is '^]'. google.com Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. (nothing happens for minutes) $ telnet whois.crsnic.net 43 -4 Trying 199.7.61.74... Connected to WHOIS.ANYCAST-FO.FRA2.VERISIGN.COM. Escape character is '^]'. google.com Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. GOOGLE.COM.ZZZ.LOVE.AND.TOLERANCE.THE-WONDERBOLTS.COM snip Registrars.Connection closed by foreign host. $ -- System Information: Debian Release: 6.0.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages whois depends on: ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii libidn11 1.15-2 GNU Libidn library, implementation whois recommends no packages. whois suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695749: whois: If IPv6 times out after connection, IPv4 is not tried
I see similar issues were also had at http://forums.gentoo.org/viewtopic-t-922026-start-0.html -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695759: Providers entries cause shorewall6 start to fail
Package: shorewall6 Version: 4.4.11.6-1+squeeze1 Severity: important Tags: ipv6 Hi, I have put in a few entries into the providers file (which I was previously not using), and now a shorewall6 start fails with the following error: Adding Providers... Error: an inet prefix is expected rather than cache. ERROR: Command ip -6 route add table 1 cache mtu 1280 advmss 1220 hoplimit 4294967295 Failed Let me know what I can do to help debug this, in the mean time I have disabled the providers entries. FWIW, the providers entries were for the two tunnels I have, a SixXs and a HE tunnel. Cheers, Hugh -- System Information: Debian Release: 6.0.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages shorewall6 depends on: ii debconf [debconf-2.0 1.5.36.1Debian configuration management sy ii iproute 20100519-3 networking and traffic control too ii iptables 1.4.8-3 administration tools for packet fi ii libio-socket-inet6-p 2.65-1.1Object interface for AF_INET6 doma ii shorewall4.4.11.6-3+squeeze1 Shoreline Firewall, netfilter conf shorewall6 recommends no packages. Versions of packages shorewall6 suggests: ii linux-image-2.6.32-5-amd64 [l 2.6.32-46 Linux 2.6.32 for 64-bit PCs pn make none (no description available) pn shorewall-doc none (no description available) -- Configuration Files: /etc/default/shorewall6 changed: startup=1 OPTIONS= /etc/shorewall6/shorewall6.conf changed: STARTUP_ENABLED=Yes VERBOSITY=1 LOGFILE=/var/log/messages STARTUP_LOG=/var/log/shorewall6-init.log LOG_VERBOSITY=2 LOGFORMAT=Shorewall:%s:%s: LOGTAGONLY=No LOGRATE= LOGBURST= LOGALLNEW= BLACKLIST_LOGLEVEL= TCP_FLAGS_LOG_LEVEL=info SMURF_LOG_LEVEL=info IP6TABLES= IP= TC= IPSET= PERL=/usr/bin/perl PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK= MODULESDIR= CONFIG_PATH=/etc/shorewall6:/usr/share/shorewall6:/usr/share/shorewall RESTOREFILE= LOCKFILE= DROP_DEFAULT=Drop REJECT_DEFAULT=Reject ACCEPT_DEFAULT=none QUEUE_DEFAULT=none NFQUEUE_DEFAULT=none RSH_COMMAND='ssh ${root}@${system} ${command}' RCP_COMMAND='scp ${files} ${root}@${system}:${destination}' IP_FORWARDING=On TC_ENABLED=No TC_EXPERT=No TC_PRIOMAP=2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2 CLEAR_TC=No MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No MUTEX_TIMEOUT=60 ADMINISABSENTMINDED=Yes BLACKLISTNEWONLY=Yes MODULE_SUFFIX=ko FASTACCEPT=No IMPLICIT_CONTINUE=No HIGH_ROUTE_MARKS=No OPTIMIZE=1 EXPORTPARAMS=Yes EXPAND_POLICIES=Yes KEEP_RT_TABLES=Yes DELETE_THEN_ADD=Yes DONT_LOAD= AUTO_COMMENT=Yes MANGLE_ENABLED=Yes AUTOMAKE=No WIDE_TC_MARKS=No TRACK_PROVIDERS=Yes ZONE2ZONE=2 ACCOUNTING=Yes OPTIMIZE_ACCOUNTING=No DYNAMIC_BLACKLIST=Yes LOAD_HELPERS_ONLY=No FORWARD_CLEAR_MARK=yes BLACKLIST_DISPOSITION=DROP TCP_FLAGS_DISPOSITION=DROP -- debconf information: shorewall6/major_release: shorewall6/dont_restart: shorewall6/invalid_config: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695502: beef: Add support for EsoAPI
Package: beef Version: 0.0.6-2 Severity: wishlist Tags: patch There is an extension to Brainfuck (as well as other esoterical languages) called EsoAPI (mentioned http://esolangs.org/wiki/EsoAPI, defined http://kidsquid. 99k .org/programs/esoapi/esoapi.html, example implemention http://esolangs.org/wiki/User:JayCampbell/weave.rb). I've attached a patch to add support for this API to the beef source. I haven't yet done it for the version in experimental (1.0.0) yet. You can test via the attache esoapi-hello.bf. Before the patch it will print EsoAPI required\n, and after the patch will print Hello World!\n Cheers, Hugh -- System Information: Debian Release: 6.0.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages beef depends on: ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib beef recommends no packages. beef suggests no packages. -- no debconf information *** beef-esoapi.patch commit 9c0ddfd01319544e5861cf9678a554f56f4e Author: Hugh Davenport h...@fir.torus.co.nz Date: Sun Dec 9 22:55:39 2012 +1300 Add EsoAPI diff --git a/src/beef.h b/src/beef.h index b3937f1..5bb7309 100644 --- a/src/beef.h +++ b/src/beef.h @@ -26,6 +26,8 @@ #include stdlib.h #include ctype.h #include string.h +#include unistd.h +#include fcntl.h /* Program name and version */ #define PROGRAM_NAME beef @@ -42,6 +44,8 @@ #define ON '1' #define OFF '0' +#define SECTOR_SIZE 512 + /* This struct defines an istruction */ struct instruction { char type; @@ -66,7 +70,7 @@ struct instruction *code; /* Various functions */ struct tape_cell *new_cell (); struct instruction *load (FILE *fp, char debug); -void eval (struct instruction *code, char on_eof); +void eval (struct instruction *code, char on_eof, int esoapidsk, char lastprinted); void tape_dump (); void code_dump (struct instruction *code, long indent); diff --git a/src/eval.c b/src/eval.c index 38c9038..7aedafa 100644 --- a/src/eval.c +++ b/src/eval.c @@ -20,9 +20,12 @@ #include beef.h -void eval (struct instruction *current, char on_eof) +void eval (struct instruction *current, char on_eof, int esoapidsk, char lastprinted) { - long i; + long i, j; + ssize_t size; + struct tape_cell *temp; + char buffer[SECTOR_SIZE]; /* Continue as long as the istruction is not the last */ while (current-type != ']') { @@ -73,8 +76,53 @@ void eval (struct instruction *current, char on_eof) case '.': /* Repeat current-quantity times */ for (i = 0; i (current-quantity); i++) { - /* Print the char which is in the current cell */ - fputc (tape-content, stdout); + if (esoapidsk != -1 lastprinted == 0) { +switch (tape-content) { + case 1: +lseek (esoapidsk, SECTOR_SIZE, SEEK_CUR); +break; + case 2: +lseek (esoapidsk, -SECTOR_SIZE, SEEK_CUR); +break; + case 3: +size = read (esoapidsk, buffer, SECTOR_SIZE); +/* temp points to the current cell */ +temp = tape; +for (j = 0; j size; j++) { + if (temp-next == NULL) { +/* Create new cell if necessary */ +temp-next = new_cell (); +(temp-next)-previous = temp; + } + /* Move forward one cell */ + temp = temp-next; + temp-content = buffer[j]; +} +break; + case 4: +/* temp points to the current cell */ +temp = tape; +for (size = 0; temp-next != NULL size SECTOR_SIZE; size++) { + temp = temp-next; + buffer[size] = temp-content; +} +write (esoapidsk, buffer, size); +break; + case 5: +lseek (esoapidsk, 0, SEEK_SET); +break; + case 8: +tape-content = 0; +break; + default: +/* Print the char which is in the current cell */ +fputc (tape-content, stdout); +} + } else { +/* Print the char which is in the current cell */ +fputc (tape-content, stdout); + } + lastprinted = tape-content; } break; case ',': @@ -107,7 +155,7 @@ void eval (struct instruction *current, char on_eof) /* Repeat as long as the current cell is not empty */ while (tape-content != '\0') { /* Run the loop */ - eval (current-loop, on_eof); + eval (current-loop, on_eof, esoapidsk
Bug#695533: cifs-utils: mount.cifs errors on mount option _netdev
Package: cifs-utils Version: 2:4.5-2+squeeze1 Severity: important Hi, From mount(8), under FILESYSTEM INDEPENDENT MOUNT OPTIONS there is a mount option _netdev which is meant to require the network to be up before attempting to mount. Full description is below. When the system is booted, I get the following in my error log: Dec 10 09:42:03 fir kernel: [ 21.068520] CIFS: Unknown mount option _netdev Dec 10 09:42:03 fir kernel: [ 21.116416] CIFS VFS: Error connecting to socket. Aborting operation Dec 10 09:42:03 fir kernel: [ 21.116423] CIFS VFS: cifs_mount failed w/return code = -111 Dec 10 09:42:03 fir kernel: [ 21.116459] CIFS: Unknown mount option _netdev The filesystem is not mounted. Once I get a shell, I can `mount -a` and the mount comes up correctly. This has worked on mount.nfs, but not on mount.cifs. A bit of googling found the following bug report in redhat that has been resolved. https://bugzilla.redhat.com/show_bug.cgi?id=607309 I also found the following from the debian-users mailing list which didn't help. http://comments.gmane.org/gmane.linux.debian.user/391641 Cheers, Hugh From mount(8): _netdev The filesystem resides on a device that requires network access (used to prevent the system from attempting to mount these filesystems until the network has been enabled on the system). -- System Information: Debian Release: 6.0.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages cifs-utils depends on: ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii libkeyutils1 1.4-1 Linux Key Management Utilities (li ii libkrb5-3 1.8.3+dfsg-4squeeze6 MIT Kerberos runtime libraries ii libtalloc22.0.1-1hierarchical pool based memory all ii samba-common 2:3.5.6~dfsg-3squeeze8 common files used by both the Samb cifs-utils recommends no packages. Versions of packages cifs-utils suggests: ii smbclient 2:3.5.6~dfsg-3squeeze8 command-line SMB/CIFS clients for -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695533: cifs-utils: Workaround
Package: cifs-utils Version: 2:4.5-2+squeeze1 Severity: normal A workaround is this: in /etc/network/interfaces, change allow-hotplug eth0 to auto eth0 (default install puts allow-hotplug) in /etc/rc.local, put mount -a -O _netdev Cheeers, Hugh -- System Information: Debian Release: 6.0.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages cifs-utils depends on: ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii libkeyutils1 1.4-1 Linux Key Management Utilities (li ii libkrb5-3 1.8.3+dfsg-4squeeze6 MIT Kerberos runtime libraries ii libtalloc22.0.1-1hierarchical pool based memory all ii samba-common 2:3.5.6~dfsg-3squeeze8 common files used by both the Samb cifs-utils recommends no packages. Versions of packages cifs-utils suggests: ii smbclient 2:3.5.6~dfsg-3squeeze8 command-line SMB/CIFS clients for -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#693958: postgresql-common: Upgrade fails when /var/lib/postgres is a NFS mount point
Package: postgresql-common Version: 134wheezy2 Followup-For: Bug #693958 Hi, Please find attached a patch Cheers, Hugh *** postgresql-common-mount.patch diff -Naur postgresql-common-134wheezy2/debian/postgresql-common.postinst postgresql-common-134wheezy2-new/debian/postgresql-common.postinst --- postgresql-common-134wheezy2/debian/postgresql-common.postinst 2012-10-04 09:18:46.0 +1300 +++ postgresql-common-134wheezy2-new/debian/postgresql-common.postinst 2012-11-27 07:43:46.063087069 +1300 @@ -27,7 +27,9 @@ # ensure home directory ownership mkdir -p /var/lib/postgresql -chown postgres:postgres /var/lib/postgresql +su - postgres -c test -O /var/lib/postgresql +test -G /var/lib/postgresql || \ +chown postgres:postgres /var/lib/postgresql # nicer log directory permissions mkdir -p /var/log/postgresql -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages postgresql-common depends on: ii adduser 3.113+nmu3 ii debconf [debconf-2.0] 1.5.46 ii logrotate 3.8.1-4 ii lsb-base 4.1+Debian8 ii postgresql-client-common 134wheezy2 ii procps1:3.3.3-2 ii ssl-cert 1.0.32 postgresql-common recommends no packages. postgresql-common suggests no packages. -- Configuration Files: /etc/sysctl.d/30-postgresql-shm.conf changed: kernel.shmmax = 147431424 -- debconf information: postgresql-common/obsolete-major: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#693958: postgresql-common: Upgrade fails when /var/lib/postgres is a NFS mount point
Package: postgresql-common Version: 134wheezy2 Severity: important Hi, I was upgrading my system, and postgresql-common failed to configure with the following error: Setting up postgresql-common (134wheezy2) ... chown: changing ownership of `/var/lib/postgresql': Operation not permitted dpkg: error processing postgresql-common (--configure): subprocess installed post-installation script returned error exit status 1 My /var/lib/postgresql is a NFS mount point, with the following options: box:/srv/nfs/gum/postgresql/ on /var/lib/postgresql type nfs (rw,relatime,vers=3,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.0.1.3,mountvers=3,mountport=32767,mountproto=udp,local_lock=none,addr=10.0.1.3) If I unmount the /var/lib/postgresql before upgrading, then I get this error: Setting up postgresql-common (134wheezy2) ... /bin/df: `/var/lib/postgresql/9.1/main': No such file or directory /bin/df: no file systems processed [] Starting PostgreSQL 9.1 database server: main[] Error: /var/lib/postg[FAIL/9.1/main is not accessible or does not exist ... failed! failed! invoke-rc.d: initscript postgresql, action start failed. dpkg: error processing postgresql-common (--configure): subprocess installed post-installation script returned error exit status 1 For the first error, having a look at what it is doing, it seems it is does a chown postgres:postgres /var/lib/postgresql on line 30 of debian/postgresql-common.postinst I think this should first check what the permissions of that directory are and only do a chown if they are not correct. As for second error, I would expect that if no database is present, but I included it in the report just in case. Cheers, Hugh -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages postgresql-common depends on: ii adduser 3.113+nmu3 ii debconf [debconf-2.0] 1.5.46 ii logrotate 3.8.1-4 ii lsb-base 4.1+Debian8 ii postgresql-client-common 134wheezy2 ii procps1:3.3.3-2 ii ssl-cert 1.0.32 postgresql-common recommends no packages. postgresql-common suggests no packages. -- Configuration Files: /etc/sysctl.d/30-postgresql-shm.conf changed: kernel.shmmax = 147431424 -- debconf information: postgresql-common/obsolete-major: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#693549: nfs-kernel-server: NFS Exports with domain names don't load at reboot
Package: nfs-kernel-server Version: 1:1.2.2-4squeeze2 Severity: normal Hi, Similar to bug #598493. Setup: - NFS server with an export that has a DNS name in it - Separate DNS server - NFS server has allow-hotplug in /etc/network/interfaces Problem: On reboot, the NFS server doesn't have any exports. After reboot, if you login and run exportfs -r then it will load them fine. Errors: exportfs complains that each name in /etc/exports has non-inet addr Temporary Solution: If you change allow-hotplug to auto in /etc/network/interfaces then all works fine. Note allow-hotplug is default for fresh installs. Is there some way to make the init script require that the network device is up before running exportfs? Cheers, Hugh -- System Information: Debian Release: 6.0.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages nfs-kernel-server depends on: ii libblkid1 2.17.2-9 block device id library ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii libcomerr2 1.41.12-4stable1 common error description library ii libgssapi-krb5-21.8.3+dfsg-4squeeze6 MIT Kerberos runtime libraries - k ii libgssglue1 0.1-4mechanism-switch gssapi library ii libk5crypto31.8.3+dfsg-4squeeze6 MIT Kerberos runtime libraries - C ii libkrb5-3 1.8.3+dfsg-4squeeze6 MIT Kerberos runtime libraries ii libnfsidmap20.23-2 An nfs idmapping library ii librpcsecgss3 0.19-2 allows secure rpc communication us ii libwrap07.6.q-19 Wietse Venema's TCP wrappers libra ii lsb-base3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii nfs-common 1:1.2.2-4squeeze2NFS support files common to client ii ucf 3.0025+nmu1 Update Configuration File: preserv nfs-kernel-server recommends no packages. nfs-kernel-server suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#630581: dropbear: Initramfs hook uses wrong path to libnss_*
Package: initramfs-tools Version: 0.106 Followup-For: Bug #630581 Just noting that if you add another architecture to your install then the patch from #20 will fail. Attached is a patch on top of that. Cheers, Hugh -- Package-specific info: -- initramfs sizes -- /proc/cmdline BOOT_IMAGE=/vmlinuz-3.2.0-2-amd64 root=/dev/mapper/hugh--desktop--encrypted-root ro quiet -- resume RESUME=/dev/mapper/hugh--desktop--encrypted-swap -- /proc/filesystems ext4 ext2 ext3 reiserfs xfs jfs msdos vfat ntfs minix hfs hfsplus qnx4 ufs btrfs fuseblk -- lsmod Module Size Used by pci_stub 12429 1 vboxpci19066 0 vboxnetadp 25443 0 vboxnetflt 23571 0 vboxdrv 190105 3 vboxnetflt,vboxnetadp,vboxpci fuse 61981 1 btrfs 505480 0 crc32c 12656 1 libcrc32c 12426 1 btrfs zlib_deflate 25638 1 btrfs ufs58774 0 qnx4 13184 0 hfsplus71571 0 hfs45877 0 minix 27580 0 ntfs 163839 0 vfat 17316 0 msdos 17077 0 fat45642 2 msdos,vfat jfs 137196 0 xfs 594991 0 reiserfs 192077 0 ext3 161867 0 jbd56902 1 ext3 joydev 17266 0 powernow_k817574 1 mperf 12453 1 powernow_k8 cpufreq_stats 12866 0 cpufreq_powersave 12454 0 cpufreq_conservative13147 0 cpufreq_userspace 12576 0 parport_pc 22364 0 ppdev 12763 0 lp 17149 0 parport31858 3 lp,ppdev,parport_pc rfcomm 33656 0 bnep 17567 2 bluetooth 119406 10 bnep,rfcomm binfmt_misc12957 1 nfsd 211858 2 nfs 312191 0 nfs_acl12511 2 nfs,nfsd auth_rpcgss37143 2 nfs,nfsd fscache36739 1 nfs lockd 67328 2 nfs,nfsd sunrpc173671 6 lockd,auth_rpcgss,nfs_acl,nfs,nfsd ext2 59231 1 loop 22641 0 firewire_sbp2 17993 0 arc4 12458 0 snd_hda_codec_hdmi 30783 1 snd_hda_codec_via 41160 1 snd_hda_intel 26345 4 snd_hda_codec 78031 3 snd_hda_codec_via,snd_hda_intel,snd_hda_codec_hdmi snd_hwdep 13186 1 snd_hda_codec radeon643284 0 ttm48725 1 radeon drm_kms_helper 27227 1 radeon snd_pcm63900 4 snd_hda_codec,snd_hda_intel,snd_hda_codec_hdmi drm 167670 3 drm_kms_helper,ttm,radeon zd1211rw 52161 0 mac80211 192768 1 zd1211rw sp5100_tco 12900 0 snd_page_alloc 13003 2 snd_pcm,snd_hda_intel power_supply 13475 1 radeon i2c_algo_bit 12841 1 radeon i2c_piix4 12536 0 edac_mce_amd 17103 0 snd_seq45093 0 i2c_core 23876 5 i2c_piix4,i2c_algo_bit,drm,drm_kms_helper,radeon snd_seq_device 13176 1 snd_seq snd_timer 22917 2 snd_seq,snd_pcm snd52850 16 snd_timer,snd_seq_device,snd_seq,snd_pcm,snd_hda_codec_via,snd_hwdep,snd_hda_codec,snd_hda_intel,snd_hda_codec_hdmi edac_core 35258 0 psmouse64455 0 k10temp12611 0 asus_atk0110 17297 0 cfg80211 137140 2 mac80211,zd1211rw evdev 17562 9 serio_raw 12931 0 processor 28106 1 powernow_k8 pcspkr 12579 0 rfkill 19012 4 cfg80211,bluetooth soundcore 13065 1 snd wmi13243 0 thermal_sys18040 1 processor button 12937 0 ext4 350411 6 crc16 12343 2 ext4,bluetooth jbd2 62015 1 ext4 mbcache13065 3 ext4,ext2,ext3 sha256_generic 16797 2 cryptd 14517 0 aes_x86_64 16796 12 aes_generic33026 1 aes_x86_64 cbc12754 6 dm_crypt 22586 1 dm_mod 63545 28 dm_crypt usbhid 36379 0 hid81288 1 usbhid uhci_hcd 26865 0 sd_mod 36136 5 crc_t10dif 12348 1 sd_mod ata_generic12479 0 ohci_hcd 22467 0 pata_atiixp12736 0 pata_jmicron 12472 0 firewire_ohci 35772 0 firewire_core 48407 2 firewire_ohci,firewire_sbp2
Bug#680949: genisoimage should provide mkisofs as well as replacing
Package: genisoimage Version: 9:1.1.11-2 Severity: normal Tags: patch I believe that genisoimage should Provide as well as Replace the package mkisofs thus making it virtual Attached is a patch -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-2-amd64 (SMP w/6 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages genisoimage depends on: ii libbz2-1.0 1.0.6-3 ii libc6 2.13-33 ii libmagic1 5.11-1 ii zlib1g 1:1.2.7.dfsg-13 genisoimage recommends no packages. Versions of packages genisoimage suggests: pn cdrkit-doc none pn wodim none -- no debconf information diff -Naur a/cdrkit-1.1.11/debian/changelog b/cdrkit-1.1.11/debian/changelog --- a/cdrkit-1.1.11/debian/changelog 2012-07-10 01:16:31.0 +1200 +++ b/cdrkit-1.1.11/debian/changelog 2012-07-10 01:00:28.152325335 +1200 @@ -1,3 +1,9 @@ +cdrkit (9:1.1.11-2hughdavenport) unstable; urgency=low + + * Add link to mkisofs. + + -- Hugh Davenport h...@davenport.net.nz Tue, 10 Jul 2012 12:59:00 +1200 + cdrkit (9:1.1.11-2) unstable; urgency=low * Modify build-dependencies to better support kFreeBSD folks. Thanks to diff -Naur a/cdrkit-1.1.11/debian/control b/cdrkit-1.1.11/debian/control --- a/cdrkit-1.1.11/debian/control 2012-07-10 01:16:31.0 +1200 +++ b/cdrkit-1.1.11/debian/control 2012-07-10 01:14:25.100307245 +1200 @@ -26,6 +26,7 @@ Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Suggests: wodim, cdrkit-doc +Provides: mkisofs ( 9:1.0) Replaces: mkisofs ( 9:1.0) Conflicts: mkhybrid, mkisofs ( 9:1.0) Description: Creates ISO-9660 CD-ROM filesystem images diff -Naur a/cdrkit-1.1.11/debian/genisoimage.links b/cdrkit-1.1.11/debian/genisoimage.links --- a/cdrkit-1.1.11/debian/genisoimage.links 2012-07-10 01:16:31.0 +1200 +++ b/cdrkit-1.1.11/debian/genisoimage.links 2012-07-10 00:57:29.852329188 +1200 @@ -1,3 +1,5 @@ +usr/bin/genisoimage usr/bin/mkisofs +usr/share/man/man1/genisoimage.1 usr/share/man/man1/mkisofs.1 usr/share/man/man1/isoinfo.1 usr/share/man/man1/isodump.1 usr/share/man/man1/isoinfo.1 usr/share/man/man1/isovfy.1 usr/share/man/man1/isoinfo.1 usr/share/man/man1/devdump.1
Bug#681015: x11vnc: CAPS lock key doesn't work when viewing remote server
Package: x11vnc Version: 0.9.13-1 Severity: normal Hi, I started using x11vnc and have noticed that the CAPS lock key does funky stuff. When viewing a remote server (started with tsvnc, or manually with x11vnc and using any vncviewer to view it), the caps lock key appears to do nothing. Then when I go back to host computer, CAPS is indeed toggled, though this wasn't noticeable on the remote view. If i use CAPS in the host machine, then go to the viewer, CAPS is toggled. This means I can get into a state where the host has CAPS off and remote has CAPS on (or vice versa). Doesn't have this issue with tightvncserver. Only tried with x11vnc reusing the host DISPLAY, not creating a new one. Viewers tried were tightvncviewer and the vncviewer that comes with ssvnc Let me know if I can help more. Cheers, Hugh -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-2-amd64 (SMP w/6 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages x11vnc depends on: ii libavahi-client3 0.6.31-1 ii libavahi-common3 0.6.31-1 ii libc6 2.13-33 ii libgcrypt11 1.5.0-3 ii libgnutls26 2.12.20-1 ii libjpeg8 8d-1 ii libssl1.0.0 1.0.1c-3 ii libvncserver0 0.9.9+dfsg-1 ii libx11-6 2:1.5.0-1 ii libxdamage1 1:1.1.3-2 ii libxext6 2:1.3.1-2 ii libxfixes31:5.0-4 ii libxinerama1 2:1.1.2-1 ii libxrandr22:1.3.2-2 ii libxtst6 2:1.2.1-1 ii openssl 1.0.1c-3 ii tk8.5.0-2 ii x11vnc-data 0.9.13-1 ii zlib1g1:1.2.7.dfsg-13 x11vnc recommends no packages. x11vnc suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#630581: dropbear: Initramfs hook uses wrong path to libnss_*
Package: dropbear Version: 2012.55-1 Followup-For: Bug #630581 Attached is a multiplatform patch I couldn't figure out a clean way to work out the -linux-gnu part without getting autoconf involved, so a * should be practical in most setups Cheers, Hugh -- System Information: Debian Release: wheezy/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/6 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages dropbear depends on: ii libc6 2.13-33 ii zlib1g 1:1.2.7.dfsg-11 dropbear recommends no packages. Versions of packages dropbear suggests: ii openssh-client 1:6.0p1-1 pn runit none ii udev175-3.1 pn xauth none -- no debconf information diff -Naur dropbear-2012.55/debian/initramfs/dropbear-hook dropbear-2012.55.new/debian/initramfs/dropbear-hook --- dropbear-2012.55/debian/initramfs/dropbear-hook 2012-06-18 22:11:12.0 +1200 +++ dropbear-2012.55.new/debian/initramfs/dropbear-hook 2012-06-18 22:10:40.727881086 +1200 @@ -27,7 +27,7 @@ else rm -f ${DESTDIR}/sbin/dropbear copy_exec /usr/sbin/dropbear /sbin/ - cp /lib/libnss_* ${DESTDIR}/lib/ + cp /lib/$(arch)*/libnss_* ${DESTDIR}/lib/ echo root:x:0:0:root:/root:/bin/sh ${DESTDIR}/etc/passwd for keytype in dss rsa; do if [ ! -f /etc/initramfs-tools/etc/dropbear/dropbear_${keytype}_host_key ]; then
Bug#676297: finch: can't copy paste from finch when mouse is enabled
Hi Ari, Nothing seems to happen when I hold down ctrl or shift (or both), while text is selected, or right clicking etc. Any other ideas? Cheers, Hugh On 07/06/12 01:08, Ari Pollak wrote: What happens if you hold down ctrl or shift? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#425790: icedove: clicking links does not spawn web browser
Package: icedove Version: 10.0.4-1 Followup-For: Bug #425790 Dear Maintainer, * What led up to the situation? Installed new version of debian testing, with LXDE as window manager Set up icedove with an imap server, tried clicking on a link, and also right clicking and opening in browser. Neither worked. Going `x-www-browser linkgoeshere` works fine from shell. The config setting in icedove for http handlers is x-www-browser I have tried setting x-www-browser to both /usr/bin/x-www-browser and /etc/alternatives/x-www-browser I have also tried `icedove linkgoeshere` which doesn't work ii lxde-common 0.5.5-6 ii chromium 18.0.1025.151~r130497-1 -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages icedove depends on: ii debianutils 4.3 ii fontconfig2.9.0-5 ii libasound21.0.25-3 ii libatk1.0-0 2.4.0-2 ii libc6 2.13-32 ii libcairo2 1.12.2-1 ii libdbus-1-3 1.5.12-1 ii libdbus-glib-1-2 0.98-1 ii libevent-2.0-52.0.19-stable-2 ii libffi5 3.0.10-3 ii libfontconfig12.9.0-5 ii libfreetype6 2.4.9-1 ii libgcc1 1:4.7.0-8 ii libgdk-pixbuf2.0-02.26.1-1 ii libglib2.0-0 2.32.3-1 ii libgtk2.0-0 2.24.10-1 ii libhunspell-1.3-0 1.3.2-4 ii libjpeg8 8d-1 ii libnspr4-0d 2:4.9-3 ii libnss3-1d2:3.13.4-3 ii libpango1.0-0 1.30.0-1 ii libpixman-1-0 0.24.4-1 ii libsqlite3-0 3.7.12.1-1 ii libstartup-notification0 0.12-1 ii libstdc++64.7.0-8 ii libvpx1 1.1.0-1 ii libx11-6 2:1.4.99.901-2 ii libxext6 2:1.3.1-2 ii libxrender1 1:0.9.7-1 ii libxt61:1.1.3-1 ii psmisc22.16-1 ii zlib1g1:1.2.7.dfsg-11 Versions of packages icedove recommends: ii hunspell-en-us [hunspell-dictionary] 20070829-5 Versions of packages icedove suggests: pn gconf-service 3.2.5-1 pn libgconf-2-4 3.2.5-1 pn libgssapi-krb5-2 1.10.1+dfsg-1 pn libnotify40.7.5-1 pn ttf-lyx none -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#676297: finch: can't copy paste from finch when mouse is enabled
Package: finch Version: 2.10.4-1.1 Severity: important Dear Maintainer, I am using finch using lxterminal. When mouse support is enabled, I can't copy anything to the clipboard This is either with right click-copy, or selecting text and middle click for paste buffer. Without mouse enabled, it works as expected when I select text. I can use the right click-copy, and also the middle click paste buffer. I enabled mouse by putting the following in my .gntrc [Finch] mouse = 1 [general] mouse = 1 ii lxterminal 0.1.11-4 -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages finch depends on: ii libc6 2.13-32 ii libglib2.0-02.32.3-1 ii libgstreamer0.10-0 0.10.36-1 ii libncursesw55.9-7 ii libpurple0 2.10.4-1.1 ii libtinfo5 5.9-7 ii libxml2 2.7.8.dfsg-9.1 ii pidgin-data 2.10.4-1.1 finch recommends no packages. Versions of packages finch suggests: ii libx11-6 2:1.4.99.901-2 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#633640: quicksorter doesn't work with relative domains for $INCLUDE directives
Package: opendnssec-signer Version: 1.2.1.dfsg-1~bpo60+1 Severity: normal Hi Ondrej, Thanks for your quick reply. I have tried out the backport, and it seems that it didn't support different origins after an $INCLUDE directive at all. I have attached a patch that will support these, wasn't sure whether that warranted a seperate bug, let me know if it does. With this patch, the auditor will still fail, due to bug #633427. The patch supplied there won't apply directly upstream for this version though. I will work on a patch for that and submit to that bug. Cheers, Hugh -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (950, 'stable'), (850, 'stable-updates'), (50, 'testing'), (25, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages opendnssec-signer depends on: ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libldns1 1.6.9-2~bpo60+1 ldns library for DNS programming ii libxml22.7.8.dfsg-2+squeeze1 GNOME XML library pn opendnssec-common none(no description available) Versions of packages opendnssec-signer recommends: pn opendnssec-auditornone (no description available) pn opendnssec-enforcer none (no description available) Versions of packages opendnssec-signer suggests: pn opendnssec none (no description available) ii softhsm 1.2.0-2~bpo60+1 a cryptographic store accessible t ---BeginMessage--- --- signer/src/adapter/adfile.c | 81 +-- 1 files changed, 78 insertions(+), 3 deletions(-) diff --git a/signer/src/adapter/adfile.c b/signer/src/adapter/adfile.c index bc1b120..d210097 100644 --- a/signer/src/adapter/adfile.c +++ b/signer/src/adapter/adfile.c @@ -301,27 +301,102 @@ adfile_read_line: } else if (strncmp(line, $INCLUDE, 8) == 0 isspace(line[8])) { /* dive into this file */ +char tmpc; offset = 9; while (isspace(line[offset])) { offset++; } -fd_include = se_fopen(line + offset, NULL, r); +char* filename = (line + offset); +while (line[offset] !isspace(line[offset])) { +offset++; +} +if (line[offset]) { +tmpc = line[offset]; +line[offset] = 0; /* terminate filename */ +filename = strdup(filename); +line[offset] = tmpc; +if (!filename) { +se_log_error(Can't allocate memory for filename\n); +*status = LDNS_STATUS_MEM_ERR; +return NULL; +} +offset++; +while (isspace(line[offset])) { +offset++; +} +} +else { +filename = strdup(filename); +if (!filename) { +se_log_error(Can't allocate memory for filename\n); +*status = LDNS_STATUS_MEM_ERR; +return NULL; +} +} + +fd_include = se_fopen(filename, NULL, r); if (fd_include) { +ldns_rdf* domain = NULL; +ldns_rdf* orig = zone_in-dname; +if (line[offset] line[offset] != ';') { +char* domainname = line + offset; +while (line[offset] !isspace(line[offset])) { +offset++; +} +tmpc = line[offset]; +line[offset] = 0; /* terminate domain */ +domain = ldns_dname_new_frm_str(domainname); +line[offset] = tmpc; +if (!domain) { +se_log_error(Couldn't creaate dname from string); +*status = LDNS_STATUS_SYNTAX_DNAME_ERR; +free(filename); +return NULL; +} +if (line[offset - 1] != '.') { +ldns_rdf* tmp = ldns_dname_cat_clone(domain, + orig); +ldns_rdf_free(domain); +if
Bug#633416: A $INCLUDE directive doesn't set ORIGIN correctly
Package: opendnssec-signer-tools Severity: normal Hi, Just adding that this problem is still present on the backported version, but for different reasons. I have attached a bug to bug #633640 to fix the new problem. The patch on this bug will only apply to the stable version. Cheers, Hugh -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (950, 'stable'), (850, 'stable-updates'), (50, 'testing'), (25, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#633640: opendnssec-signer-tools: quicksorter doesn't work with relative domains for $INCLUDE directives
Package: opendnssec-signer-tools Severity: normal Tags: patch RFC 1035 states that an $INCLUDE directive is as follows (page 33) $INCLUDE file-name [domain-name] [comment] where domain-name is stated as follows (bottom of page 33) . Domain names which do not end in a dot are called relative; the actual domain is the concatenation of the relative part with an origin specified in a $ORIGIN, $INCLUDE, or as an argument to the master file loading routine. opendnssec quicksorter util doesn't use the domain-name attached to an $INCLUDE directive as a possible relative domain, and assumes it is absolute. The patch attached checks whether a dot (.) is present, and appends the origin if nessessary. This won't be able to be applied upstream, as they no longer use the quicksorter, but I would believe a similar problem exists. -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (950, 'stable'), (850, 'stable-updates'), (50, 'testing'), (25, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---BeginMessage--- --- signer/tools/quicksorter.c |7 +++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/signer/tools/quicksorter.c b/signer/tools/quicksorter.c index 36855e7..a622d6d 100644 --- a/signer/tools/quicksorter.c +++ b/signer/tools/quicksorter.c @@ -407,6 +407,12 @@ int read_file(char* filename, while (*p !isspace(*p)) p++; *p = 0; /* terminate domain name */ +if (*(p - 1) != '.') { +char tmp[MAX_NAME_LEN]; +strcpy(tmp, domain); +strcat(strcat(tmp, .), origin); +domain = tmp; +} } else { domain = origin; -- ---End Message---
Bug#633534: nsd3: an $INCLUDE directive with a relative origin set isn't used as relative
Package: nsd3 Severity: normal Tags: upstream patch RFC 1035 states that an $INCLUDE directive is as follows (page 33) $INCLUDE file-name [domain-name] [comment] where domain-name is stated as follows (bottom of page 33) Domain names which do not end in a dot are called relative; the actual domain is the concatenation of the relative part with an origin specified in a $ORIGIN, $INCLUDE, or as an argument to the master file loading routine. nsd doesn't use the domain-name attached to an $INCLUDE directive as a possible relative domain, and assumes it is absolute. The patch attached checks whether a dot (.) is present, and appends the origin if nessessary. The patch should also apply cleanly upstream. -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (950, 'stable'), (850, 'stable-updates'), (50, 'testing'), (25, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---BeginMessage--- --- zlexer.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/zlexer.c b/zlexer.c index 4c69bd1..c326ff2 100644 --- a/zlexer.c +++ b/zlexer.c @@ -971,6 +971,11 @@ YY_RULE_SETUP strip_string(yytext); dname = dname_parse(parser-region, tmp + 1); + if (dname *(tmp + strlen(tmp + 1)) != '.') { + dname = dname_concatenate(parser-region, + dname, + domain_dname(origin)); + } if (!dname) { zc_error(incorrect include origin '%s', tmp + 1); -- ---End Message---
Bug#633416: quicksorter: A $INCLUDE directive doesn't set ORIGIN correctly
Package: opendnssec-signer-tools Severity: normal Tags: patch In the quicksorter file, if you have an $INCLUDE directive without an explicit ORIGIN after the filename, it incorrectly takes the first token on the next line as the origin. When an origin is not specified, it should use the currect origin for the included file I have attached a patch to fix this. -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (950, 'stable'), (850, 'stable-updates'), (50, 'testing'), (25, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---BeginMessage--- This patch fixes two problems First, if an $INCLUDE directive did not have an explicit origin after the path, then the first token from the next line was used (unless there was a ; as the next token). This is because the program assumes the filename is followed by something else, so skips over the next charater (which was a NULL character, previously a new line character) This patch fixes this by checking if we are at the end of the line already then not getting the next token. Second, if the directive doesn't have an explicit origin, then no origin was set in the next file. This patch fixes this by setting it to the currect origin if none was provided. --- signer/tools/quicksorter.c | 11 --- 1 files changed, 8 insertions(+), 3 deletions(-) diff --git a/signer/tools/quicksorter.c b/signer/tools/quicksorter.c index ee718ba..36855e7 100644 --- a/signer/tools/quicksorter.c +++ b/signer/tools/quicksorter.c @@ -394,10 +394,12 @@ int read_file(char* filename, char* filename = p; while (*p !isspace(*p)) p++; -*p = 0; /* terminate filename */ -p++; -while (*p isspace(*p)) +if (*p) { +*p = 0; /* terminate filename */ p++; +while (*p isspace(*p)) +p++; +} char* domain = NULL; if (*p *p != ';') { @@ -406,6 +408,9 @@ int read_file(char* filename, p++; *p = 0; /* terminate domain name */ } +else { +domain = origin; +} read_file(filename, domain, default_ttl, dnskey_ttl, g); goto next_line; } -- ---End Message---
Bug#633427: opendnssec-auditor: Auditor doesn't allow input files with $INCLUDE directives
Package: opendnssec-auditor Severity: normal Tags: patch Hi, When you have an unsigned zone with $INCLUDE directives, the auditor doen't work correctly, complaining about entries in the signed file that weren't present in the unsigned file. I have attached a patch that does the following Take the sorted file based on the input file that the signer produces, run it through the finalizer command to move the SOA to the top (a bit overkill, but makes for a cleaner patch), write the output in zone.sorted2 file It also modifies the auditor to take the input from the zone.sorted2 file instead of zone.unsorted This works around the issue of having atomicity on the input file as noted in the KNOWN_ISSUES file of the 1.3.0rc3 release. This problem is upstream, but this patch will probably not work, as versions after 1.1.0 (stable on debian) do all the sorting and stuff in memory, so don't have a nice input file with the $INCLUDE's processed TMK. -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (950, 'stable'), (850, 'stable-updates'), (50, 'testing'), (25, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---BeginMessage--- Call the finalizer on the sorted import file that was signed. This makes the input file atomic including all the $INCLUDE directives. This file needs to have the SOA record as the first in the file, so pass it through the finalizer script before passing the to auditor --- auditor/lib/kasp_auditor.rb |2 +- signer/signer_engine/Zone.py | 17 + 2 files changed, 18 insertions(+), 1 deletions(-) diff --git a/auditor/lib/kasp_auditor.rb b/auditor/lib/kasp_auditor.rb index ddf9288..63b59e0 100644 --- a/auditor/lib/kasp_auditor.rb +++ b/auditor/lib/kasp_auditor.rb @@ -141,7 +141,7 @@ module KASPAuditor syslog.log(LOG_INFO, Auditor starting on #{config.name}) print(Auditor starting on #{config.name}\n) # Override this with @unsigned_zone if present -input_file = signer_working_folder + File::Separator + config.name + .unsorted +input_file = signer_working_folder + File::Separator + config.name + .sorted2 if ((@zone_name == config.name) (@unsigned_zone)) input_file = @unsigned_zone end diff --git a/signer/signer_engine/Zone.py b/signer/signer_engine/Zone.py index c65cb30..31bc793 100644 --- a/signer/signer_engine/Zone.py +++ b/signer/signer_engine/Zone.py @@ -800,6 +800,23 @@ class Zone: syslog.syslog(syslog.LOG_ERR, No resource records in output) return False output.close() +cmd = [self.get_tool_filename(finalizer), + -f, self.get_zone_tmp_filename(.sorted), + ] +finalize_p = Util.run_tool(cmd) +if not finalize_p: +return False +output = open(self.get_zone_tmp_filename(.sorted2), w) +if not output: +syslog.syslog(syslog.LOG_ERR, + Error opening finalized zone file: + + self.get_zone_tmp_filename(.sorted2)) +return False +for line in finalize_p.stdout: +output.write(line) +for line in finalize_p.stderr: +output.write(line) +output.close() return True def move_output(self): -- ---End Message---
Bug#633064: snort: IPv6 support is not enabled
Package: snort Severity: wishlist Hi, I was wondering whether there was a reason that IPv6 is not enabled in snort by default. Cheers, Hugh -- System Information: Debian Release: 6.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#633066: snort: Decoding raw packets assumes IPv4 packet
Package: snort Severity: minor Tags: upstream patch ipv6 When using snort on a interface without a link level layer, for example a AIYIA tunnel for IPv6 through SixXs, then snort assumes that the packets will be IPv4. I have a patch that adds a check on the IP version number in the header, and if it is not an IPv4 packet, try decoding as IPv6. Without this patch, listening on such an interface will result in warning messages as below. Not IPv4 datagram! ([ver: 0x6][len: 0x0]) Patch is attached -- System Information: Debian Release: 6.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash From a118ba3f93757ff2c924a5481317d97b36d8da2d Mon Sep 17 00:00:00 2001 From: Hugh Davenport h...@davenport.net.nz Date: Fri, 8 Jul 2011 10:46:17 +1200 Subject: [PATCH 1/4] snort: Enable IPv6 decoding for raw packets --- src/decode.c |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/src/decode.c b/src/decode.c index 0caf78d..e0ee343 100644 --- a/src/decode.c +++ b/src/decode.c @@ -3009,7 +3009,10 @@ void DecodeRawPkt(Packet * p, const struct pcap_pkthdr * pkthdr, const uint8_t * DEBUG_WRAP(DebugMessage(DEBUG_DECODE, Packet!\n);); -DecodeIP(pkt, p-pkth-caplen, p); +if (IP_VER((IPHdr *)pkt) != 4) +DecodeIPV6(pkt, p-pkth-caplen, p); +else +DecodeIP(pkt, p-pkth-caplen, p); PREPROC_PROFILE_END(decodePerfStats); return; -- 1.7.2.5