Bug#1053821: bookworm patch?
Hey Faidon, I hope you are well! Since this bug affects the current version in bookworm, v1.8.1, would there be a possibility of adding the upstream patch to bookworm's version? I tested applying the patches atop v1.8.1 and they apply cleanly, and fix the issue as well. git checkout -b bookworm 1.8.1 git cherry-pick 57262a2710c83fa08767f0ce3ba7a80993515bb2 git cherry-pick 14afa8a46e2e83608a3a219402bce8ea8d071192 Yours kindly, Jesse Hathaway
Bug#409360: GSSAPIAuthentication should be disabled by default
I just ran into this issue when sshing to a server with GSSAPIAuthentication enabled. Even though I am not using GSSAPI auth, Debian's default on the client side added 15s to the login time. I agree with other folks that GSSAPI auth is unusual and should be disabled by default since it may cause significant delays. # With GSSAPIAuthentication on $ time ssh -v foo hostname debug1: Next authentication method: gssapi-with-mic debug1: No credentials were supplied, or the credentials were unavailable or inaccessible No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000) debug1: No credentials were supplied, or the credentials were unavailable or inaccessible No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000) real0m15.204s user0m0.010s sys 0m0.011s # With GSSAPIAuthentication off $ time ssh -v foo hostname real0m0.195s user0m0.014s sys 0m0.007s
Bug#1050389: puppetserver: ExecReload fails when kill is not installed
Package: puppetserver Version: 7.9.5-2 Severity: normal X-Debbugs-Cc: je...@mbuki-mvuki.org Dear Maintainer, The systemd unit's ExecReload tries to use the kill binary directly, but puppetserver does not depend on procps, it should either be added as a dependency or the kill statement should be wrapped in sh -c so that the kill shell builtin can be used instead: puppetserver.service: Failed at step EXEC spawning kill: No such file or directory -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.4.0-2-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages puppetserver depends on: ii default-jre-headless 2:1.17-74 pn facter ii jruby9.3.9.0+ds-8 pn libclj-time-clojure pn libclj-yaml-clojure pn libclojure-java pn libcomidi-clojure pn libcommons-exec-java ii libcommons-io-java 2.11.0-2 pn libcommons-lang-java pn libdropwizard-metrics-java pn libdujour-version-check-clojure pn libjruby-utils-clojure pn libkitchensink-clojure pn libliberator-clojure pn libprismatic-schema-clojure pn libpuppetlabs-http-client-clojure pn libpuppetlabs-i18n-clojure pn libpuppetlabs-ring-middleware-clojure pn libraynes-fs-clojure pn libsemver-clojure pn libshell-utils-clojure pn libslingshot-clojure pn libssl-utils-clojure pn libtrapperkeeper-authorization-clojure pn libtrapperkeeper-clojure pn libtrapperkeeper-comidi-metrics-clojure pn libtrapperkeeper-filesystem-watcher-clojure pn libtrapperkeeper-metrics-clojure pn libtrapperkeeper-scheduler-clojure pn libtrapperkeeper-status-clojure pn libtrapperkeeper-webserver-jetty9-clojure ii libyaml-snake-java 1.33-2 ii puppet-agent [hiera] 7.25.0-1bullseye ii ruby 1:3.1 pn ruby-deep-merge pn ruby-fast-gettext pn ruby-gettext pn ruby-hocon pn ruby-locale pn ruby-puppet-resource-api pn ruby-puppetserver-ca-cli pn ruby-semantic-puppet pn ruby-text Versions of packages puppetserver recommends: pn puppet-module-puppetlabs-augeas-core pn puppet-module-puppetlabs-cron-core pn puppet-module-puppetlabs-host-core pn puppet-module-puppetlabs-mount-core pn puppet-module-puppetlabs-selinux-core pn puppet-module-puppetlabs-sshkeys-core puppetserver suggests no packages.
Bug#1041731: groff-base: Tough bug to find
Package: groff-base Version: 1.23.0-2 Followup-For: Bug #1041731 X-Debbugs-Cc: je...@mbuki-mvuki.org Thanks for maintaining groff-base, I spent a half hour debugging why the example command in podman-images would not work and then another half hour debugging why my man pages were suddenly displaying U+2010 rather than U+002D. I sympathize with the desire for accurate typography, but the manner in which this change was introduced hurts users like myself. Please consider patching Debian's copy and investigating another why to encourage man page authors and tooling to use the correct hyphen.
Bug#1029152: systemd: Revisit disabling of bump fs.nr_open, bump-proc-sys-fs-nr-open=false
Package: systemd Version: 252.4-1 Severity: normal X-Debbugs-Cc: je...@mbuki-mvuki.org Dear Maintainer, Would it be possible to revisit the decision to disable bump-proc-sys-fs-nr-open, from commit, 084e84e33a403868b7f84159da745689e2ff0ba9 ^[1]? This recently caused me trouble when running a minikube instance on my laptop which used a bunch of file descriptors. It would be nice to not need to write sysctl values to bump it higher. Are there any paths to reverting this patch? Thanks for maintaining systemd!! [1]: https://salsa.debian.org/systemd-team/systemd/-/commit/084e84e33a403868b7f84159da745689e2ff0ba9. -- Package-specific info: -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-1-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages systemd depends on: ii libacl12.3.1-3 ii libaudit1 1:3.0.7-1.1+b2 ii libblkid1 2.38.1-4 ii libc6 2.36-8 ii libcap21:2.66-3 ii libcryptsetup122:2.6.0-2 ii libfdisk1 2.38.1-4 ii libgcrypt201.10.1-3 ii libkmod2 30+20221128-1 ii liblz4-1 1.9.4-1 ii liblzma5 5.4.1-0.0 ii libmount1 2.38.1-4 ii libp11-kit00.24.1-2 ii libseccomp22.5.4-1+b2 ii libselinux13.4-1+b4 ii libssl33.0.7-1 ii libsystemd-shared 252.4-1 ii libsystemd0252.4-1 ii libzstd1 1.5.2+dfsg2-3 ii mount 2.38.1-4 Versions of packages systemd recommends: ii dbus [default-dbus-system-bus] 1.14.4-1 ii systemd-timesyncd [time-daemon] 252.4-1 Versions of packages systemd suggests: ii libfido2-11.12.0-2 ii libqrencode4 4.1.1-1 ii libtss2-esys-3.0.2-0 3.2.1-2 ii libtss2-mu0 3.2.1-2 pn libtss2-rc0 ii policykit-1 122-1 ii polkitd 122-1 pn systemd-boot pn systemd-container pn systemd-homed ii systemd-resolved 252.4-1 pn systemd-userdbd Versions of packages systemd is related to: ii dbus-user-session 1.14.4-1 pn dracut ii initramfs-tools0.142 ii libnss-systemd 252.4-1 ii libpam-systemd 252.4-1 ii udev 252.4-1 -- Configuration Files: /etc/systemd/logind.conf changed [not included] -- no debconf information
Bug#1023760: openssh-client: scp should not be provided as an alternative to rcp
Package: openssh-client Version: 1:9.0p1-1+b2 Severity: minor X-Debbugs-Cc: je...@mbuki-mvuki.org Dear Maintainer, I needed to rcp a file to a legacy system, to my surprise it at first appeared that rcp was installed, but my invocation failed. After some investigation I found that scp was symlinked as an alternative to rcp. >From reading the manpage I was unable to discern a way to have scp perform a classic rcp transfer. If scp cannot perform an rcp transfer, should it be symlinked to /etc/alternatives/rcp? -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.0.0-1-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openssh-client depends on: ii adduser 3.129 ii dpkg 1.21.9+b1 ii libc6 2.36-4 ii libedit2 3.1-20221030-1 ii libfido2-11.12.0-1 ii libgssapi-krb5-2 1.20-1+b1 ii libselinux1 3.4-1+b2 ii libssl3 3.0.7-1 ii passwd1:4.12.3+dfsg1-3 ii zlib1g1:1.2.13.dfsg-1 Versions of packages openssh-client recommends: ii xauth 1:1.1.1-1 Versions of packages openssh-client suggests: pn keychain pn libpam-ssh pn monkeysphere pn ssh-askpass -- no debconf information
Bug#973581: apt: Occasional pipelined requests failing against localhost nginx mirror
On Tue, 8 Feb 2022 13:21:44 -0600 Jesse Hathaway wrote: > I hit this bug as well with our debian mirror, mirrors.wikimedia.org. > We also use nginx to serve our mirror and bullseye clients frequently > receive resets while pulling down packages. I tested reverting commit, > fa375493c5a4ed9c10d4e5257ac82c6e687862d3, and it does indeed stop the > connection resets. I also tested against apache2, but I was unable to > reproduce the issue, so it seems to be nginx specific. I am happy to provide > pcaps as well. Using the same script I was able to reproduce the issue against the following mirror as well: - http://ftp.us.debian.org/debian/ Server: nginx/1.18.0 - http://debian.unnoba.edu.ar/debian/ Server: nginx/1.18.0 - http://mirrors.tuna.tsinghua.edu.cn/debian/ Server: nginx/1.18.0 - http://repo.ialab.dsu.edu/debian/ Server: nginx/1.18.0 - http://mirror.us.leaseweb.net/debian/ Server: nginx - http://plug-mirror.rcac.purdue.edu/debian/ Server: nginx/1.14.2
Bug#973581: apt: Occasional pipelined requests failing against localhost nginx mirror
On Sun, 1 Nov 2020 20:55:36 -0800 Stefano Rivera wrote:
> Recently I noticed repeated sbuild failures during package installation,
> due to connection resets. Can't reproduce with apt 2.1.8 but can with
> >= 2.1.9, so presumably the regression is due to
> fa375493c5a4ed9c10d4e5257ac82c6e687862d3 disabling retries.
I hit this bug as well with our debian mirror, mirrors.wikimedia.org.
We also use nginx to serve our mirror and bullseye clients frequently
receive resets while pulling down packages. I tested reverting commit,
fa375493c5a4ed9c10d4e5257ac82c6e687862d3, and it does indeed stop the
connection resets. I also tested against apache2, but I was unable to
reproduce the issue, so it seems to be nginx specific. I am happy to provide
pcaps as well.
Here is the script I used to reproduce:
#!/bin/bash
set -o errexit
if [[ $EUID -ne 0 ]]; then
printf 'MUST BE ROOT\n' >&2
exit 1
fi
sed -i 's/deb.debian.org/mirrors.wikimedia.org/' /etc/apt/sources.list
apt-get update
while true; do
apt-get clean
declare -a install_opts=(--yes --download-only --no-install-recommends)
declare -a install_pkgs=(firefox-esr chromium)
if ! apt-get install "${install_opts[@]}" "${install_pkgs[@]}"; then
printf 'ERROR: We caught a fish!\n' >&2
tput bel
exit 1
fi
done
Here is how I built apt to test the revert:
#!/bin/bash
set -o errexit
echo 'deb-src http://deb.debian.org/debian bullseye main'
>>/etc/apt/sources.list
apt-get update
apt-get install --yes git build-essential
apt-get build-dep --yes apt
git clone https://salsa.debian.org/apt-team/apt.git
git config --global user.email "jhatha...@wikimedia.org"
git config --global user.name "Jesse Hathaway"
pushd apt
git checkout 2.2.4
git checkout -b butter
git revert --no-edit fa375493c5a4ed9c10d4e5257ac82c6e687862d3
dpkg-buildpackage -jauto -us -nc -b
popd
dpkg -i -- *.deb
I tested with buildah and this Dockerfile:
FROM docker.io/debian:bullseye
ENV LANG C.UTF-8
COPY build /root/
COPY resets /root/
Bug#980139: fc-cache failure
This still seems to be an issue, the script checks if the dejavu font is present and if it is not it continues, but then the call to build the fc-cache fails, presumably because no fonts are present in DESTDIR.
Bug#879786: apt-secure man page needs to provide useful pointers for Release file info changes
> IMO, the right answer would be to run "apt update" and confirm the > change when asked. I find it strange to recommend another tool, when there is a flag to confirm the change with apt-get. If the intent is to deprecate using apt-get interactively entirely, then that should be done at a more holistic level, such as a warning on every invocation, rather than when a specific error appears.
Bug#879786: apt-secure man page needs to provide useful pointers for Release file info changes
On Wed, Nov 7, 2018 at 12:12 PM Julian Andres Klode wrote: > > On Wed, Nov 07, 2018 at 10:50:05AM -0600, Jesse Hathaway wrote: > > Just ran into this issue with chrome package from Google: > > > > E: Repository 'http://dl.google.com/linux/chrome/deb stable > > Release' changed its 'Origin' value from 'Google, Inc.' to 'Google > > LLC' > > N: This must be accepted explicitly before updates for this > > repository can be applied. See apt-secure(8) manpage for details. > > > > Rather than adding information to apt-secure's man page, I think it > > would be more helpful to output the command the user needs to accept > > the change: > > > > E: Repository 'http://dl.google.com/linux/chrome/deb stable > > Release' changed its 'Origin' value from 'Google, Inc.' to 'Google > > LLC' > > N: If you would like to accept this change, please rerun apt-get > > update with the `--allow-releaseinfo-change` flag > > If you run it interactive, you get asked directly, and don't need > the flag. Just recommending the flag is probably not a good idea, > as it makes people add them to update scripts without thinking. What do you mean by running interactively? I ran `apt-get update` in my terminal and I was not prompted, it just showed those error messages. I also don't see why showing the flag is not helpful, that was the only way I was able to confirm the change?
Bug#879786: apt-secure man page needs to provide useful pointers for Release file info changes
Just ran into this issue with chrome package from Google: E: Repository 'http://dl.google.com/linux/chrome/deb stable Release' changed its 'Origin' value from 'Google, Inc.' to 'Google LLC' N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details. Rather than adding information to apt-secure's man page, I think it would be more helpful to output the command the user needs to accept the change: E: Repository 'http://dl.google.com/linux/chrome/deb stable Release' changed its 'Origin' value from 'Google, Inc.' to 'Google LLC' N: If you would like to accept this change, please rerun apt-get update with the `--allow-releaseinfo-change` flag
Bug#829245: /etc/os-release: Please specify VERSION_CODENAME
This would definitely simplify our bash scripts, we currently grab the
codename with this snippet:
#!/bin/bash
source /etc/os-release
IFS=' ()' read -r _ VERSION_CODENAME <<<"${VERSION}"
Thanks, Jesse
Bug#683971: dpkg-statoverride --remove fails if group no longer exists
Guillem, It appears that the patch for this issue has not made it into 1.17.10. Is the patch ready for inclusion or does it need further work? If the patch is ready when is it expected to be merged? If the patch is not ready, would it be possible to post the existing patch noting where further work is needed? Thanks, Jesse Hathaway
Bug#691770: New upstream release 2.2.0
Package: freeradius Version: 2.1.12+dfsg-1.1 Severity: wishlist There is a new upstream release of freeradius with numerous bug fixes, it would be great if it could be packaged. -- Jesse Hathaway, Systems Engineer Braintree 917-418-8423 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#654863: patch causes a regression with filenames with spaces
patch causes a regression with filenames with spaces: --- /home/jhathaway/tmp/xdg-open 2012-02-01 10:16:01.258018651 -0600 +++ /usr/bin/xdg-open 2012-02-01 10:12:31.305570388 -0600 @@ -549,7 +549,7 @@ command=`grep -E ^Exec(\[[^]=]*])?= $file | cut -d= -f 2- | first_word` command_exec=`which $command 2/dev/null` arguments=`grep -E ^Exec(\[[^]=]*])?= $file | cut -d= -f 2- | last_word` - local sed_escaped_url=$(echo $1 | sed -e 's/[\\]/\\/g') + local sed_escaped_url=$(echo $1 | sed -e 's/[\\]/\\/g') arguments_exec=`echo $arguments | sed -e 's*%[fFuU]*'$sed_escaped_url'*g'` if [ -x $command_exec ] ; then if echo $arguments | grep -iq '%[fFuU]' ; then Thanks, Jesse Hathaway -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#652067: xdg-utils: xdg-open uses eval rather than exec which breaks opening filenames with spaces
Package: xdg-utils Version: 1.1.0~rc1+git20111210-1 Severity: important Dear Maintainer, xdg-open no longer is able to open filenames with spaces, patch below: --- /usr/bin/xdg-open 2011-12-12 05:05:18.0 -0600 +++ xdg-open2011-12-14 09:10:00.791735160 -0600 @@ -552,9 +552,9 @@ arguments_exec=`echo $arguments | sed -e 's*%[fFuU]*'$1'*g'` if [ -x $command_exec ] ; then if echo $arguments | grep -iq '%[fFuU]' ; then -eval $command_exec $arguments_exec +exec $command_exec $arguments_exec else -eval $command_exec $arguments_exec $1 +exec $command_exec $arguments_exec $1 fi if [ $? -eq 0 ]; then Thanks, Jesse -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.1.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash xdg-utils depends on no packages. Versions of packages xdg-utils recommends: ii libfile-mimeinfo-perl 0.15-2 ii libnet-dbus-perl 1.0.0-1+b1 ii libx11-protocol-perl 0.56-2 ii x11-utils 7.6+4 ii x11-xserver-utils 7.6+3 Versions of packages xdg-utils suggests: pn gvfs-bin none -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#652066: xdg-utils: xdg-mime uses '==' bashism
Package: xdg-utils Version: 1.1.0~rc1+git20111210-1 Severity: important Dear Maintainer, The latest version of xdg-mime contains a bashism, patch below: --- /usr/bin/xdg-mime 2011-12-12 05:05:18.0 -0600 +++ xdg-mime2011-12-14 09:09:57.743611810 -0600 @@ -430,7 +430,7 @@ elif [ x$GNOME_DESKTOP_SESSION_ID != x ]; then DE=gnome; elif `dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager /dev/null 21` ; then DE=gnome; elif xprop -root _DT_SAVE_MODE 2 /dev/null | grep ' = \xfce4\$' /dev/null 21; then DE=xfce; -elif [ x$DESKTOP_SESSION == xLXDE ]; then DE=lxde; +elif [ x$DESKTOP_SESSION = xLXDE ]; then DE=lxde; else DE= fi } -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.1.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash xdg-utils depends on no packages. Versions of packages xdg-utils recommends: ii libfile-mimeinfo-perl 0.15-2 ii libnet-dbus-perl 1.0.0-1+b1 ii libx11-protocol-perl 0.56-2 ii x11-utils 7.6+4 ii x11-xserver-utils 7.6+3 Versions of packages xdg-utils suggests: pn gvfs-bin none -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#643670: apparix: New upstream release
Package: apparix Version: 07-261-1 Severity: wishlist Dear Maintainer, Please update this package with the newest release of apparix. The current one in Debian is not compatible with the bash functions provided by the author of the package on his homepage. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apparix depends on: ii libc6 2.13-21 apparix recommends no packages. apparix suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
