Bug#1066094: squidguard: Squidguard does not work with default squid apparmor profile
> I think we need an apparmor config file for squidguard. I suppose the same. Surely better then adding squidguard data to the squid apparmor profiles, as suggested by ubuntu bug. > I never have > written such a config, but perhaps you have an example of such a config > file? No, sorry: never done nothing on apparmor before this; to disable the profile i've simply followed the debian wiki: https://wiki.debian.org/AppArmor/HowToUse > Otherwise I need some time for testing to resolve this problem. If you provide some test apparmor profile i can try it and provide feedback. Thanks to you!
Bug#1066094: squidguard: Squidguard does not work with default squid apparmor profile
Package: squidguard Version: 1.6.0-2 Severity: normal Dear Maintainer, i've tried to use as 'usual' squidguard in my squid configuration, but squid simply start filling logs (syslog and squid's cache.log) with: 2024/03/01 14:22:59 kid1| Starting new helpers 2024/03/01 14:22:59 kid1| helperOpenServers: Starting 1/10 'squidGuard' processes 2024/03/01 14:22:59 kid2| ipcCreate: /usr/bin/squidGuard: (13) Permission denied 2024/03/01 14:22:59 kid2| WARNING: redirector #Hlpr175 exited after fiddling a bit, i've found that the guilty is apparmor squid profile (so, i've not clear if this is a squidguard or a squid bug, indeed ;-). I've simply done: aa-disable /etc/apparmor.d/usr.sbin.squid and now squid (and squidguard) run as expected. I've also looked around and seems that there's an ubuntu bug opened: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1787409 Thanks. -- System Information: Debian Release: 11.9 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-28-amd64 (SMP w/2 CPU threads) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages squidguard depends on: ii debconf [debconf-2.0] 1.5.77 ii libc6 2.31-13+deb11u8 ii libdb5.3 5.3.28+dfsg1-0.8 ii libldap-2.4-2 2.4.57+dfsg-3+deb11u1 Versions of packages squidguard recommends: ii liburi-perl 5.08-1 ii libwww-perl 6.52-1 ii squid4.13-10+deb11u3 Versions of packages squidguard suggests: pn ldap-utils pn squidguard-doc -- Configuration Files: /etc/squidguard/squidGuard.conf.default [Errno 2] File o directory non esistente: '/etc/squidguard/squidGuard.conf.default' -- debconf information: squidguard/dbreload: true
Bug#913310: nfs-common: Systemd does not correctly read /etc/default/nfs-common
Mandi! Ben Hutchings In chel di` si favelave... > What is the actual problem you are trying to solve? digging harder on my email folders... in october 2018 i was trying to make NFSv4 work in a Samba/AD/Kerberos environment. Probably after that i've found a way to circumvent the need, probably switching to CIFS. Some more hint on samba mailing list thread starting at: https://lists.samba.org/archive/samba/2018-October/218969.html https://lists.samba.org/archive/samba/2018-November/219218.html Sorry, i don't remember more...
Bug#983633: debian-installer: Debian installer (also doc) misses info about that is using screen in serial terminal installation, and info about shortcut keys...
Package: debian-installer Severity: minor I've recently installed an ARM system via serial terminal (but i suppose this is not ARM specific, all serial installation as OOB system is the same) and was unable to switch 'virtual console' that are listed on the first row of the screen. After looking and asking around i've finally found that installer in serial terminal mode use 'screen', and so it was sufficient to use screen keybind. But this is NOT reported on debian-installer manual, nor on a 'welcome' screen. Could be added? Thanks.
Bug#978395: sympa: Debconf upgrade script does not take into account on mounted arc subdir
Package: sympa Version: 6.2.40~dfsg-1+deb10u1 Severity: normal Dear Maintainer, I've tried to upgrade sympa, and lead to debocnf error because i've mounted a filesystem for 'arc' subdir: root@mail:~# df -h File system Dim. Usati Dispon. Uso% Montato su /dev/loop1 2,9G 1,9G904M 68% / /dev/loop11 9,8G 744M8,6G 8% /home /dev/loop12 4,9G 1,6G3,1G 35% /var/lib/sympa/arc and debconf complain that cannot chown 'lost+found' dir (and indeed is true). I've tried to modify the postinst script, and at last i've commented the guilty find, let debconf to end: --- /var/lib/dpkg/info/sympa.postinst.dist 2020-12-10 14:39:54.0 +0100 +++ /var/lib/dpkg/info/sympa.postinst 2020-12-26 23:01:15.342509840 +0100 @@ -221,9 +221,9 @@ # It's better to search files and directories with wrong owner/group and fix # them instead of recursively doing it, even if it's not needed (see #630384) -find /var/spool/sympa /var/lib/sympa \ -\( -not -user sympa -or -not -group sympa \) \ --exec chown sympa:sympa {} \; +#find /var/spool/sympa /var/lib/sympa \ +#\( -not -user sympa -or -not -group sympa \) -not -name 'lost+found' \ +#-exec chown sympa:sympa {} \; # Fix permissions on CGI wrappers chown sympa:sympa /usr/lib/cgi-bin/sympa/wwsympa-wrapper.fcgi \ I think a better find have to be setup, but i was not able to do that... Thanks. -- System Information: Debian Release: 10.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.15.18-14-pve (SMP w/2 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages sympa depends on: ii adduser3.118 ii ca-certificates20200601~deb10u1 ii dbconfig-common2.0.11+deb10u1 ii debconf [debconf-2.0] 1.5.71 ii exim4-daemon-heavy [mail-transport-agent] 4.92-8+deb10u4 ii fonts-font-awesome 5.0.10+really4.7.0~dfsg-1 ii libarchive-zip-perl1.64-1 ii libc6 2.28-10 ii libcgi-fast-perl 1:2.13-1 ii libcgi-pm-perl 4.40-1 ii libclass-singleton-perl1.5-1 ii libcrypt-eksblowfish-perl 0.009-2+b5 ii libcrypt-openssl-x509-perl 1.8.12-1 ii libcrypt-smime-perl0.25-1+b1 ii libdatetime-format-mail-perl 0.4030-1 ii libdbd-csv-perl0.5300-1 ii libdbd-mysql-perl 4.050-2 ii libdbd-pg-perl 3.7.4-3 ii libdbd-sqlite3-perl1.62-3 ii libdbi-perl1.642-1+deb10u1 ii libfcgi-perl 0.78-2+b3 ii libfile-copy-recursive-perl0.44-1 ii libfile-nfslock-perl 1.29-1 ii libhtml-format-perl2.12-1 ii libhtml-stripscripts-parser-perl 1.03-2 ii libhtml-tree-perl 5.07-2 ii libintl-perl 1.26-2 ii libio-stringy-perl 2.111-3 ii libjs-jquery 3.3.1~dfsg-3 ii libjs-jquery-migrate-1 1.4.1-1 ii libjs-jquery-minicolors2.2.6+dfsg-3 ii libjs-jquery-ui1.12.1+dfsg-5 ii libmail-dkim-perl 0.54-1 ii libmailtools-perl 2.18-1 ii libmime-charset-perl 1.012.2-1 ii libmime-encwords-perl 1.014.3-2 ii libmime-lite-html-perl 1.24-3 ii libmime-tools-perl 5.509-1 ii libnet-cidr-perl 0.19-1 ii libnet-dns-perl1.19-1 ii libnet-ldap-perl 1:0.6500+dfsg-1 ii libnet-netmask-perl1.9104-1 ii libregexp-common-perl 2017060201-1 ii libsoap-lite-perl 1.27-1 ii libtemplate-perl 2.27-1+b1 ii libterm-progressbar-perl 2.22-1 ii libunicode-linebreak-perl 0.0.20190101-1 ii libxml-libxml-perl 2.0134+dfsg-1 ii lsb-base 10.2019051400 ii mhonarc2.6.19-2 ii perl 5.28.1-6+deb10u1 ii rsyslog [system-log-daemon]8.1901.0-1 ii sqlite33.27.2-3+deb10u1 Versions of packages sympa recommends: ii apache2-suexec-custom [apache2-suexec] 2.4.38-3+deb10u4 ii
Bug#971090: asterisk: syslog logging print double linees, one with colouring escapes...
Package: asterisk Version: 1:16.2.1~dfsg-1+deb10u2 Severity: minor Dear Maintainer, I've just installed asterisk in buster, and i've enabled syslog logging, adding/decommenting in 'logger.conf' the row: syslog.local0 => notice,warning,error After that, i found in syslog the asterisk row (as expected), but most of the row are dupes, and one of them have ANSI colour escaping code, an example: Sep 27 09:02:06 vpbxlpb1 asterisk[363]: NOTICE[1337]: chan_sip.c:24888 in handle_response_peerpoke: Peer '213' is now Reachable. (92ms / 200ms) Sep 27 09:02:06 vpbxlpb1 asterisk[363]: [Sep 27 09:02:06] #033[1;33mNOTICE#033[0m[1337]: #033[1;37mchan_sip.c#033[0m:#033[1;37m24888#033[0m #033[1;37mhandle_response_peerpoke#033[0m: Peer '213' is now Reachable. (92ms / 200ms) I've removed 'notice' from syslog row, and now double lines seems not appear anymore, but probably because i've not so frequent warnings and errors. ;-) Could be that these lines come from systemd? Anyway, using ANSI colour code in syslog is really a bad thing. ;-) Thanks. -- System Information: Debian Release: 10.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-11-amd64 (SMP w/2 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages asterisk depends on: ii adduser 3.118 ii asterisk-config 1:16.2.1~dfsg-1+deb10u2 ii asterisk-core-sounds-en 1.6.1-1 ii asterisk-modules 1:16.2.1~dfsg-1+deb10u2 ii libc62.28-10 ii libcap2 1:2.25-2 ii libedit2 3.1-20181209-1 ii libjansson4 2.12-1 ii libpopt0 1.16-12 ii libsqlite3-0 3.27.2-3 ii libssl1.11.1.1d-0+deb10u3 ii libsystemd0 241-7~deb10u4 ii liburiparser10.9.1-1 ii libuuid1 2.33.1-0.1 ii libxml2 2.9.4+dfsg1-7+b3 ii libxslt1.1 1.1.32-2.2~deb10u1 ii lsb-base 10.2019051400 Versions of packages asterisk recommends: ii asterisk-moh-opsound-gsm 2.03-1 ii asterisk-voicemail [asterisk-voicemail-storage] 1:16.2.1~dfsg-1+deb10u2 ii sox 14.4.2+git20190427-1 Versions of packages asterisk suggests: pn asterisk-dahdi ii asterisk-dev 1:16.2.1~dfsg-1+deb10u2 pn asterisk-doc pn asterisk-ooh323 pn asterisk-opus pn asterisk-vpb -- no debconf information
Bug#946829: Patch works!
I can confirm that patch works as expected. Patch does not apply cleanly on my SA (3.4.2-1~deb9u2) but only for cosmetic differences, attached a patch that wok on SA 3.4.2-1~deb9u2. Thanks! -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) --- Greylisting.pm.orig 2019-12-19 11:27:35.535866138 +0100 +++ Greylisting.pm 2019-12-19 11:30:59.132703809 +0100 @@ -21,6 +21,7 @@ use strict; use Mail::SpamAssassin::Plugin; +use Mail::SpamAssassin::Util qw(untaint_var); use NetAddr::IP; use File::Path qw(mkpath); our @ISA = qw(Mail::SpamAssassin::Plugin); @@ -71,9 +72,25 @@ } Mail::SpamAssassin::Plugin::dbg("GREYLISTING: called function"); -$optionhash =~ s/;/,/g; +#$optionhash =~ s/;/,/g; # This is safe, right? (users shouldn't be able to set it in their config) -%option=eval $optionhash; +#%option=eval $optionhash; + +# ... no, evaling random strings is not safe!!! +# Ditch eval and parse hash string manually to maintain backwards compatibility +$optionhash =~ s/^\s*\(\s*//; +$optionhash =~ s/\s*\)\s*$//; +foreach my $opt (split(/\s*;\s*/, $optionhash)) { + my @vals = split(/\s*=>\s*/, $opt, 2); + next unless defined $vals[1]; + # Sanitize away quotes and any unneeded characters, then untaint + foreach (@vals) { + s/[^\w\/-]//gs; + $_ = untaint_var($_); + } + $option{$vals[0]} = $vals[1]; +} + $self->{'rangreylisting'}=1; foreach my $reqoption (qw ( method greylistsecs dontgreylistthreshold
Bug#946829: Added upstream.
https://sourceforge.net/p/sa-exim/bugs/3/
Bug#946829: sa-exim: After upgrade SA: GREYLIST_ISWHITE skipped, insecure dependencies
Package: sa-exim Version: 4.2.1-16 Severity: normal Dear Maintainer, After upgrading SA (security update, 3.4.2-1~deb9u2) i got on logs a flood of: Dec 16 10:04:53 vdmpp1 spamd[15196]: rules: failed to run GREYLIST_ISWHITE test, skipping: Dec 16 10:04:53 vdmpp1 spamd[15196]: (Insecure dependency in eval while running with -T switch at /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm line 76. Dec 16 10:04:53 vdmpp1 spamd[15196]: ) probably, the security changes added into the upgraded SA 'broke' something on sa-exim. -- System Information: Debian Release: 9.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages sa-exim depends on: ii debconf [debconf-2.0]1.5.61 ii exim4-daemon-heavy [exim4-localscanapi-2.0] 4.89-2+deb9u6 ii libc62.24-11+deb9u4 ii libnetaddr-ip-perl 4.079+dfsg-1+b1 ii spamc3.4.2-1~deb9u2 Versions of packages sa-exim recommends: ii perl 5.24.1-3+deb9u5 Versions of packages sa-exim suggests: ii spamassassin 3.4.2-1~deb9u2 -- debconf information: sa-exim/purge_spool: false
Bug#942172: clamav-daemon: After upgrade, clamd cannon create /var/run/clamav/clamd.ctl and stop.
Mandi! Hugo Lefeuvre In chel di` si favelave... > thanks for your time. I have done some more tests myself and went ahead > with the upload, I hope everything will be fine now. Sorry for the trouble. I canconfirm that now the bug is solved. Thanks! -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Bug#928647: Solved...
Looking at similar traouble with OpenVPN, i've found: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876979 and a similar solution seems to work also for arpwatch, eg it is needed to create the file: /etc/systemd/system/arpwatch.service.d/after-network-online.conf With the content: [Unit] After=network-online.target Wants=network-online.target
Bug#928647: arpwatch: systemd start arpwatch before interfaces...
Package: arpwatch Version: 2.1a15-2+b1 Severity: normal Dear Maintainer, I've just upgraded some little servers used as firewalls to stretch. On reboot 'arpwatch' does not start up, and on logs i catch: May 7 18:32:41 fouc arpwatch: bad interface eth0: eth0: no IPv4 address assigned - assuming unconfigured interface May 7 18:32:41 fouc arpwatch[556]: Starting Ethernet/FDDI station monitor daemon: (chown arpwatch /var/lib/arpwatch/eth0.dat) arpwatch-eth0. May 7 18:32:41 fouc arpwatch: pcap open eth0: eth0: That device is not up May 7 18:32:42 fouc arpwatch: bad interface eth0.3: SIOCGIFADDR: eth0.3: No such device - assuming unconfigured interface May 7 18:32:42 fouc arpwatch[556]: Starting Ethernet/FDDI station monitor daemon: (chown arpwatch /var/lib/arpwatch/eth0.3.dat) arpwatch-eth0.3. May 7 18:32:42 fouc arpwatch: bad interface vlan99: SIOCGIFADDR: vlan99: No such device - assuming unconfigured interface May 7 18:32:42 fouc arpwatch[556]: Starting Ethernet/FDDI station monitor daemon: (chown arpwatch /var/lib/arpwatch/vlan99.dat) arpwatch-vlan99. May 7 18:32:42 fouc arpwatch: bad interface vlan11: SIOCGIFADDR: vlan11: No such device - assuming unconfigured interface May 7 18:32:42 fouc arpwatch[556]: Starting Ethernet/FDDI station monitor daemon: (chown arpwatch /var/lib/arpwatch/vlan11.dat) arpwatch-vlan11. May 7 18:32:42 fouc arpwatch: bad interface vlan22: SIOCGIFADDR: vlan22: No such device - assuming unconfigured interface May 7 18:32:42 fouc arpwatch[556]: Starting Ethernet/FDDI station monitor daemon: (chown arpwatch /var/lib/arpwatch/vlan22.dat) arpwatch-vlan22. May 7 18:32:42 fouc arpwatch: bad interface vlan191: SIOCGIFADDR: vlan191: No such device - assuming unconfigured interface May 7 18:32:42 fouc arpwatch[556]: Starting Ethernet/FDDI station monitor daemon: (chown arpwatch /var/lib/arpwatch/vlan191.dat) arpwatch-vlan191. May 7 18:32:42 fouc arpwatch: pcap open eth0.3: eth0.3: No such device exists (SIOCGIFHWADDR: No such device) May 7 18:32:42 fouc arpwatch: pcap open vlan99: vlan99: No such device exists (SIOCGIFHWADDR: No such device) May 7 18:32:42 fouc arpwatch: pcap open vlan11: vlan11: No such device exists (SIOCGIFHWADDR: No such device) May 7 18:32:42 fouc arpwatch: pcap open vlan22: vlan22: No such device exists (SIOCGIFHWADDR: No such device) May 7 18:32:42 fouc arpwatch: pcap open vlan191: vlan191: No such device exists (SIOCGIFHWADDR: No such device) Seems to me simply that 'arpwatch' get started by systemd *BEFORE* interfaces get bought up, so simply does not find it. After system booted, a: systemctl restart arpwatch make arpwatch work again. For now, i've added that on /etc/rc.local. Thanks. -- System Information: Debian Release: 9.9 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages arpwatch depends on: ii adduser 3.115 ii libc6 2.24-11+deb9u4 ii libpcap0.8 1.8.1-3 arpwatch recommends no packages. arpwatch suggests no packages. -- Configuration Files: /etc/arpwatch.conf changed: eth0-Q eth0.3 -Q vlan99 -m root vlan11 -m root vlan22 -m root vlan191 -m root -- no debconf information
Bug#660223: Reproducible?
> Are you able to reproduce this bug on latest jessie > (2:4.2.14+dfsg-0+deb8u11) or latest stretch (2:4.5.16+dfsg-1)? This > would be good if you tested it on latest buster (2:4.9.4+dfsg-3, -2 is ok). Ahem, no, sorry. I've switched all the infrastructure to AD (using debian/samba! ;-), so no more openldap here...
Bug#914536: lua-cyrussasl: Package built only for lua 5.1
Package: lua-cyrussasl Version: 1.0.0-6 Severity: important Dear Maintainer, your package seems built only for lua 5.1, so does not work with lua 5.2. Please, rebuild it also for lua 5.2 (and lua 5.3, indeed), or at least rename it 'lua5.1-cyrussasl'. Thanks. -- System Information: Debian Release: 8.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-6-amd64 (SMP w/2 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages lua-cyrussasl depends on: ii libc6 2.19-18+deb8u10 ii libsasl2-2 2.1.26.dfsg1-13+deb8u1 ii multiarch-support 2.19-18+deb8u10 lua-cyrussasl recommends no packages. lua-cyrussasl suggests no packages. -- no debconf information
Bug#913310: nfs-common: Systemd does not correctly read /etc/default/nfs-common
Package: nfs-common Version: 1:1.3.4-2.1 Severity: important Dear Maintainer, I'm trying to play with NFSv4 with my just-installed or just-upgraded stretch system. I've found that: a) is impossible to set daemons flags in /etc/default/nfs-common, because systemd does not read it. b) it is not possible to restart nfs common daemon, because nfs-common is disabled (and this seems intended) and nfs-client is a target, so seems can be run only at boot. [probably this is a consequence of a)] For a), seems that the 'nfs-config' systemd stanza correctly build up '/run/sysconfig/nfs-utils' environment files, but then, there's no 'EnvironmentFile=' row in 'nfs-client' and 'nfs-server' so environment varialbles are not read. Thanks. -- Package-specific info: -- rpcinfo -- program vers proto port service 104 tcp111 portmapper 103 tcp111 portmapper 102 tcp111 portmapper 104 udp111 portmapper 103 udp111 portmapper 102 udp111 portmapper 1000111 udp996 rquotad 1000112 udp996 rquotad 1000111 tcp996 rquotad 1000112 tcp996 rquotad 151 udp 41830 mountd 151 tcp 34919 mountd 152 udp 55161 mountd 152 tcp 35583 mountd 153 udp 40521 mountd 153 tcp 59835 mountd 133 tcp 2049 nfs 134 tcp 2049 nfs 1002273 tcp 2049 133 udp 2049 nfs 134 udp 2049 nfs 1002273 udp 2049 1000211 udp 46276 nlockmgr 1000213 udp 46276 nlockmgr 1000214 udp 46276 nlockmgr 1000211 tcp 35009 nlockmgr 1000213 tcp 35009 nlockmgr 1000214 tcp 35009 nlockmgr -- /etc/default/nfs-common -- NEED_STATD=no STATDOPTS= NEED_IDMAPD=yes NEED_GSSD=yes RPCGSSDOPTS="-v" -- /etc/idmapd.conf -- [General] Verbosity = 5 Pipefs-Directory = /run/rpc_pipefs Domain = ad.fvg.lnf.it Local-Realm = AD.FVG.LNF.IT [Mapping] Nobody-User = nobody Nobody-Group = nogroup [Translation] Method = nsswitch,static GSS-Methods = nsswitch,static [Static] vdmpp1$@AD.FVG.LNF.IT = root -- /etc/fstab -- -- System Information: Debian Release: 9.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'oldstable-updates'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages nfs-common depends on: ii adduser 3.115 ii init-system-helpers 1.48 ii keyutils 1.5.9-9 ii libc62.24-11+deb9u3 ii libcap2 1:2.25-1 ii libcomerr2 1.43.4-2 ii libdevmapper1.02.1 2:1.02.137-2 ii libevent-2.0-5 2.0.21-stable-3 ii libgssapi-krb5-2 1.15-1+deb9u1 ii libk5crypto3 1.15-1+deb9u1 ii libkeyutils1 1.5.9-9 ii libkrb5-31.15-1+deb9u1 ii libmount12.29.2-1+deb9u1 ii libnfsidmap2 0.25-5.1 ii libtirpc10.2.5-1.2 ii libwrap0 7.6.q-26 ii lsb-base 9.20161125 ii rpcbind 0.2.3-0.6 ii ucf 3.0036 Versions of packages nfs-common recommends: ii python 2.7.13-2 Versions of packages nfs-common suggests: pn open-iscsi pn watchdog Versions of packages nfs-kernel-server depends on: ii init-system-helpers 1.48 ii keyutils 1.5.9-9 ii libblkid12.29.2-1+deb9u1 ii libc62.24-11+deb9u3 ii libcap2 1:2.25-1 ii libsqlite3-0 3.16.2-5+deb9u1 ii libtirpc10.2.5-1.2 ii libwrap0 7.6.q-26 ii lsb-base 9.20161125 ii netbase 5.4 ii ucf 3.0036 -- Configuration Files: /etc/default/nfs-common changed: NEED_STATD=no STATDOPTS= NEED_IDMAPD=yes NEED_GSSD=yes RPCGSSDOPTS="-v" -- no debconf information
Bug#901529: cups: SystemGroup options cannot work with account/group NSS providers if don't enumerate groups
Package: cups Version: 1.7.5-11+deb8u2 Severity: normal Dear Maintainer, I've found that setting 'SystemGroup' opton in cups-files.conf does not work if the NSS provider does not enumerate group (eg, 'getent group ' does not return the list of users). Some examples: a) using winbind nss providers. My user is correctly in 'printops' group: root@vdmsv1:~# id gaio uid=1(gaio) gid=10513(domain users) gruppi=10513(domain users),11001(sir),10999(unixadm),10998(printops),5001(BUILTIN\users),5000(BUILTIN\administrators) but if i check 'printops' groups there's no 'gaio' users: root@vdmsv1:~# getent group printops printops:x:10998: and this is normal, Samba team suggest to disable users and group enumeration for performance reasons. b) using pam_groups (eg /etc/security/group.conf) to assign some local groups to users: gaio@vdmsv1:~$ id uid=1(gaio) gid=10513(domain users) gruppi=10513(domain users),4(adm),20(dialout),24(cdrom),25(floppy),46(plugdev),5000(BUILTIN\administrators),5001(BUILTIN\users),10998(printops),10999(unixadm),11001(sir) but still no group enumeration: gaio@vdmsv1:~$ getent group lpadmin lpadmin:x:119: and this is again normal, pam_groups add group membership dynamically on logon (pam auth context). In both way, eg, trying to use 'printops' group or 'lpadmin' group as SystemGroup does not work, eg i can login to CUPS web interface with user gaio, but without '@SYSTEM' privileges. -- System Information: Debian Release: 8.10 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages cups depends on: ii cups-client1.7.5-11+deb8u2 ii cups-common1.7.5-11+deb8u2 ii cups-core-drivers 1.7.5-11+deb8u2 ii cups-daemon1.7.5-11+deb8u2 ii cups-filters 1.0.61-5+deb8u3 ii cups-ppdc 1.7.5-11+deb8u2 ii cups-server-common 1.7.5-11+deb8u2 ii debconf [debconf-2.0] 1.5.56+deb8u1 ii ghostscript9.06~dfsg-2+deb8u6 ii libavahi-client3 0.6.31-5 ii libavahi-common3 0.6.31-5 ii libc-bin 2.19-18+deb8u10 ii libc6 2.19-18+deb8u10 ii libcups2 1.7.5-11+deb8u2 ii libcupscgi11.7.5-11+deb8u2 ii libcupsimage2 1.7.5-11+deb8u2 ii libcupsmime1 1.7.5-11+deb8u2 ii libcupsppdc1 1.7.5-11+deb8u2 ii libgcc11:4.9.2-10+deb8u1 ii libstdc++6 4.9.2-10+deb8u1 ii libusb-1.0-0 2:1.0.19-1 ii lsb-base 4.1+Debian13+nmu1 ii poppler-utils 0.26.5-2+deb8u4 ii procps 2:3.3.9-9+deb8u1 Versions of packages cups recommends: ii avahi-daemon 0.6.31-5 ii colord 1.2.1-1+b2 ii cups-filters [ghostscript-cups] 1.0.61-5+deb8u3 ii printer-driver-gutenprint5.2.10-3 Versions of packages cups suggests: pn cups-bsd pn cups-pdf pn foomatic-db-compressed-ppds | foomatic-db ii hplip 3.14.6-1+deb8u1 ii printer-driver-hpcups 3.14.6-1+deb8u1 ii smbclient 2:4.5.12+dfsg-2+deb9u2~bpo8+1 ii udev 215-17+deb8u7 -- debconf information: * cupsys/backend: lpd, socket, usb, snmp, dnssd * cupsys/raw-print: true
Bug#888512: clamav-daemon: Clamd suddenly eat up all file descriptors, 'Too many open files' error
> This is an issue in daily.cld 24256+ (released around this morning). I've searched extensively with google, but found nothing apart some old similar trouble dated 2015 or later... sorry... > A workaround is described here: > http://lists.clamav.net/pipermail/clamav-users/2018-January/005715.html I confirm, workaround works. Thanks.
Bug#888512: clamav-daemon: Clamd suddenly eat up all file descriptors, 'Too many open files' error
Package: clamav-daemon Version: 0.99.2+dfsg-0+deb8u2 Severity: important Dear Maintainer, Today, in my servers (at least 3 servers), starting from circa 9.00 local time (Europe/Rome) clamav stop working, like: Jan 26 12:57:02 lupus freshclam[2423]: Received signal: wake up Jan 26 12:57:02 lupus freshclam[2423]: ClamAV update process started at Fri Jan 26 12:57:02 2018 Jan 26 12:57:02 lupus freshclam[2423]: WARNING: Your ClamAV installation is OUTDATED! Jan 26 12:57:02 lupus freshclam[2423]: WARNING: Local version: 0.99.2 Recommended version: 0.99.3 Jan 26 12:57:02 lupus freshclam[2423]: DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav Jan 26 12:57:02 lupus freshclam[2423]: main.cld is up to date (version: 58,sigs: 4566249, f-level: 60, builder: sigmgr) Jan 26 12:57:02 lupus freshclam[2423]: daily.cld is up to date (version: 24257, sigs: 1835982, f-level: 63, builder: neo) Jan 26 12:57:02 lupus freshclam[2423]: bytecode.cld is up to date (version: 319, sigs: 75, f-level: 63, builder: neo) Jan 26 13:01:23 lupus clamd[2479]: ERROR: accept() failed: Jan 26 13:01:23 lupus clamd[2479]: ERROR: accept() failed: [...] Jan 26 13:01:23 lupus clamd[2479]: ERROR: accept() failed: Jan 26 13:01:23 lupus clamd[2479]: LibClamAV Error: cli_gentempfd: Can't create temporary file /tmp/clamav-6587ca997bc2adfefc247ee13543538e.tmp: Too many open files Doing repetedly (after a restart): root@lupus:~# ls -1 /proc/$(pidof clamd)/fd/ |wc -l 159 it is clear that clamav does not close anymore file descriptors, and sooner or later eats all of that. I've tried to cleanup database, but nothing changed. See also: https://bugzilla.clamav.net/show_bug.cgi?id=12017 Thanks. -- Package-specific info: --- configuration --- Checking configuration files in /etc/clamav Config file: clamd.conf --- LogFile = "/var/log/clamav/clamav.log" StatsHostID = "auto" StatsEnabled disabled StatsPEDisabled = "yes" StatsTimeout = "10" LogFileUnlock disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogClean disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" ExtendedDetectionInfo = "yes" PidFile disabled TemporaryDirectory disabled DatabaseDirectory = "/var/lib/clamav" OfficialDatabaseOnly disabled LocalSocket = "/var/run/clamav/clamd.ctl" LocalSocketGroup = "clamav" LocalSocketMode = "666" FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled MaxConnectionQueueLength = "15" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "12" ReadTimeout = "180" CommandReadTimeout = "5" SendBufTimeout = "200" MaxQueue = "100" IdleTimeout = "30" ExcludePath disabled MaxDirectoryRecursion = "15" FollowDirectorySymlinks disabled FollowFileSymlinks disabled CrossFilesystems = "yes" SelfCheck = "3600" DisableCache disabled VirusEvent disabled ExitOnOOM disabled AllowAllMatchScan = "yes" Foreground disabled Debug disabled LeaveTemporaryFiles disabled User = "clamav" AllowSupplementaryGroups disabled Bytecode = "yes" BytecodeSecurity = "TrustSigned" BytecodeTimeout = "6" BytecodeUnsigned disabled BytecodeMode = "Auto" DetectPUA disabled ExcludePUA disabled IncludePUA disabled AlgorithmicDetection = "yes" ScanPE = "yes" ScanELF = "yes" DetectBrokenExecutables disabled ScanMail = "yes" ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" PhishingAlwaysBlockCloak disabled PhishingAlwaysBlockSSLMismatch disabled PartitionIntersection disabled HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" OLE2BlockMacros disabled ScanPDF = "yes" ScanSWF = "yes" ScanXMLDOCS = "yes" ScanHWP3 = "yes" ScanArchive = "yes" ArchiveBlockEncrypted disabled ForceToDisk disabled MaxScanSize = "104857600" MaxFileSize = "26214400" MaxRecursion = "16" MaxFiles = "1" MaxEmbeddedPE = "10485760" MaxHTMLNormalize = "10485760" MaxHTMLNoTags = "2097152" MaxScriptNormalize = "5242880" MaxZipTypeRcg = "1048576" MaxPartitions = "50" MaxIconsPE = "100" MaxRecHWP3 = "16" PCREMatchLimit = "1" PCRERecMatchLimit = "5000" PCREMaxFileSize = "26214400" ScanOnAccess disabled OnAccessMountPath disabled OnAccessIncludePath disabled OnAccessExcludePath disabled OnAccessExcludeUID disabled OnAccessMaxFileSize = "5242880" OnAccessDisableDDD disabled OnAccessPrevention disabled OnAccessExtraScanning disabled DevACOnly disabled DevACDepth disabled DevPerformance disabled DevLiblog disabled DisableCertCheck disabled Config file: freshclam.conf --- StatsHostID disabled StatsEnabled disabled StatsTimeout disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" PidFile disabled DatabaseDirectory = "/var/lib/clamav" Foreground disabled Debug disabled
Bug#819717: ntopng crash and restart with error *** stack smashing detected ***
Ciao Ludovico. > If you are still experiencing the issue, would you be able to provide me with > a > traffic capture that would cause the issue when replayed on an network > interface? > And/or maybe install ntopng-dbgsym, capture the failure inside gdb, and send > me > a stack trace? (command: "thread apply all bt") Ahem, i've completely forgot about this bug report. ;( In the meantime i've changed hardware that run my firewalls (and also ntopng) and probably many more things. Now ntopng run flawlessy... When i've fired up that bug, i've just upgraded my firewalls from wheezy to jessie, and from ntop to ntopng. I don't know if both the tools share some files/dirs/database/... and so this can be the source of trouble. Anyway, sorry. I think you can safely close the bug. Thanks.
Bug#869182: php-common: Trouble running phpsessionclean.service on a LXC Container...
Package: php-common Version: 1:49 Severity: normal I've setup a LXC stretch container in a Proxmox virtualization cluster, and after installing apache/PHP i've start to have in logs of the container rows like: Jul 21 10:09:14 vglpi systemd[1]: phpsessionclean.service: Failed to reset devices.list: Operation not permitted Jul 21 10:09:14 vglpi systemd[24929]: phpsessionclean.service: Failed at step NETWORK spawning /usr/lib/php/sessionclean: Permission denied Jul 21 10:09:14 vglpi systemd[1]: phpsessionclean.service: Main process exited, code=exited, status=225/NETWORK Jul 21 10:09:14 vglpi systemd[1]: Failed to start Clean php session files. Jul 21 10:09:14 vglpi systemd[1]: phpsessionclean.service: Unit entered failed state. Jul 21 10:09:14 vglpi systemd[1]: phpsessionclean.service: Failed with result 'exit-code'. Jul 21 10:39:14 vglpi systemd[1]: phpsessionclean.service: Failed to reset devices.list: Operation not permitted Jul 21 10:39:14 vglpi systemd[24948]: phpsessionclean.service: Failed at step NETWORK spawning /usr/lib/php/sessionclean: Permission denied Jul 21 10:39:14 vglpi systemd[1]: phpsessionclean.service: Main process exited, code=exited, status=225/NETWORK Jul 21 10:39:14 vglpi systemd[1]: Failed to start Clean php session files. Jul 21 10:39:14 vglpi systemd[1]: phpsessionclean.service: Unit entered failed state. Jul 21 10:39:14 vglpi systemd[1]: phpsessionclean.service: Failed with result 'exit-code'. and, on the same time, on the host that run the container: Jul 21 10:09:14 tessier kernel: [22515856.189072] audit: type=1400 audit(1500624554.627:384): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=20780 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none Jul 21 10:09:14 tessier kernel: [22515856.189077] audit: type=1400 audit(1500624554.627:385): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=20780 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none Jul 21 10:09:14 tessier kernel: [22515856.189082] audit: type=1400 audit(1500624554.627:386): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=20780 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none Jul 21 10:09:14 tessier kernel: [22515856.189085] audit: type=1400 audit(1500624554.627:387): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=20780 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none Jul 21 10:39:14 tessier kernel: [22517656.161803] audit: type=1400 audit(1500626354.625:388): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=23425 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none Jul 21 10:39:14 tessier kernel: [22517656.161808] audit: type=1400 audit(1500626354.625:389): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=23425 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none Jul 21 10:39:14 tessier kernel: [22517656.161812] audit: type=1400 audit(1500626354.625:390): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=23425 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none Jul 21 10:39:14 tessier kernel: [22517656.161815] audit: type=1400 audit(1500626354.625:391): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=23425 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none I've tried to run the script by hand, as root, and no error appears (on container and on host). For now, i've disabled the service: root@vglpi:~# systemctl disable phpsessionclean Thanks. -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.4.21-1-pve (SMP w/2 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages php-common depends on: ii init-system-helpers 1.48 ii psmisc 22.21-2.1+b2 ii sed 4.4-1 php-common recommends no packages. php-common suggests no packages. -- no debconf information
Bug#772154: closed by Mathieu Parent <math.par...@gmail.com> (Re: Bug#772154: process_usershare_file: stat of/var/lib/samba/usershares/netlogo failed. No such file or directory)
> > I missing the first time : Can't find include file /etc/samba/smb.conf. > > whats loading, uh.. whats not loading there. Sorry, forgot to specify: in smb.conf i've a: include = /etc/samba/smb.conf.%m that i use to enable debugging for specific host: eg, for 'testparm' %m is '', and the file tipically does not exist at all. > > But if this Marco, is the Marco Gaiarin with GPG : 240A3D66 ;-) then i say > > close. i know its you Marco :-p > > Marco hase moved to debian stretch. ;-) I confirm. Bug closed, or better, ignored. ;-)
Bug#687149: Still here in jessie!
> Because it is not a bug in spamassassin and due to the age of the > report I am reassigning this ticket to the sa-exim package. OK. Looking at the bug (i think i've missed some old messages, or probably i've simply forgot about them...) seems that there's a more specific bug in sa-exim fired up, with patch and marked as solved: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760860 so i think this bug can be marked duplicate of #760860 and closed. Sorry for the fuss.
Bug#687149: Still here in jessie!
Control: reopen -1 Tags: jessie Version: 3.4.0-6 Ahem, this little annoying bug is still here in jessie. Attached current patch for jessie. --- /tmp/spamassassin 2015-01-31 00:00:00.0 +0100 +++ /etc/cron.daily/spamassassin 2017-01-04 09:40:08.701957763 +0100 @@ -36,7 +36,7 @@ if [ -x /usr/bin/re2c -a -x /usr/bin/sa-compile ]; then env -i LANG="$LANG" PATH="$PATH" start-stop-daemon \ --chuid debian-spamd:debian-spamd --start \ ---exec /usr/bin/sa-compile -- --quiet +--exec /usr/bin/sa-compile -- --quiet > /dev/null 2>&1 # Fixup perms -- group and other should be able to # read and execute, but never write. Works around @@ -78,7 +78,7 @@ # got updates! env -i LANG="$LANG" PATH="$PATH" start-stop-daemon \ --chuid debian-spamd:debian-spamd --start \ ---exec /usr/bin/spamassassin -- --lint 2>&1 || die_with_lint +--exec /usr/bin/spamassassin -- --lint > /dev/null 2>&1 || die_with_lint do_compile reload ;;
Bug#754339: Bug confirmation...
I've just upgraded to jessie, (samba/winbind 2:4.2.14+dfsg-0+deb8u2), and i can confirm the bug. Directory (on TMPFS) /run/samba/winbindd_privileged have correct permission but is empty: root@rita:~# ls -la /run/samba/winbindd_privileged/ totale 0 drwxr-x--- 2 root winbindd_priv 40 gen 3 12:43 . drwxr-xr-x 6 root root 480 gen 5 15:15 .. while directory /var/lib/samba/winbindd_privileged have incorrect permission, and the pipe get created within: root@rita:~# ls -la /var/lib/samba/winbindd_privileged/ totale 8 drwxr-x--- 2 root root 4096 gen 5 15:15 . drwxr-xr-x 7 root root 4096 gen 11 15:18 .. srwxrwxrwx 1 root root0 gen 5 15:15 pipe Fixing the permission solves the trouble, of course. Thanks.
Bug#821811: Still bug present... and 'client ipc signing' reported as not valid option...
I've tried to update to latest version, 2:3.6.6-6+deb7u10, but as previous version after some hours/days all client refuse to authenticate users, seems to me because was not able to update the machine account password (so join get invalid). Also, a note, as stated in subject, testparm say me that 'client ipc signing' is a invalid option, and this sound strange to me, because that option are cited in changelog. Anyway, rolled back to 2:3.6.6-6+deb7u7 (pre-badlock), now all work as expected. Thanks.
Bug#821811: Another confirmation...
I manage some samba 3.6 network on wheezy, and i can confirm this bug: i was forced to rollback to pre-badlock samba version, because, sooner or later, all clients (windows 7 pro) refuse the user logon. Error it is not everitime the same. I get (sorry for italian... damned microsoft that translate log messages!): May 5 16:31:16 GIUSEPPE microsoft-windows-security-auditing[failure] 4625 Accesso di un account non riuscito.Soggetto:#011ID sicurezza:#011#011S-1-5-18#011Nome account:#011#011GIUSEPPE$#011Dominio account:#011#011ACPN#011ID accesso:#011#0110x3e7Tipo di accesso:#011#011#0117Account il cui accesso non riuscito:#011ID sicurezza:#011#011S-1-0-0#011Nome account:#011#011ramona#011Dominio account:#011#011ACPNInformazioni sull'errore:#011Motivo dell'errore:#011#011%2304#011Stato:#011#011#0110xc18d#011Stato secondario:#011#0110x0Informazioni sul processo:#011ID processo chiamante:#0110x228#011Nome processo chiamante:C:\Windows\System32\lsass.exeInformazioni di rete:#011Nome workstation:#011GIUSEPPE#011Indirizzo di rete di origine:#011-#011Porta di origine:#011#011-Informazioni di autenticazione dettagliate:#011Processo di accesso:#011#011Negotiat#011Pacchetto di autenticazione:#011Negotiate#011Servizi transitati:#011-#011Nome pacchetto (solo NTLM):#011-#011Lunghezza chiave:#011#0110Questo evento viene generato quando una richiesta diaccesso non ha esito positivo. Viene generato nel computerin cui stato tentato l'accesso.Il campo Soggetto indica l'account nel sistema l May 5 16:31:16 GIUSEPPE netlogon[error] 3210 Autenticazione non riuscita con \\RITA, un controller didominio di Windows per il dominio ACPN, pertanto possibile che le richieste di accesso vengano negate.L<92>impossibilit di autenticare pu essere dovuta al mancatoriconoscimento di un altro computer connesso alla stessarete tramite lo stesso nome o la stessa password perl<92>account di questo computer. Se questo messaggio vienevisualizzato di nuovo, contattare l'amministratore disistema. (eg, roughly 'trust relationshipt not valid'), but also: May 5 17:42:27 GIUSEPPE netlogon[error] 5783 L'installazione della sessione sul controller di dominio diWindows NT o di Windows 2000 \\RITA per il dominio ACPN nonrisponde. La chiamata RPC corrente effettuata da Netlogonsu \\GIUSEPPE a \\RITA stata annullata. (eg, roughly 'domain not found'). Note that if i remove the trust relationship on the workstation, and then i rejoin it, the join work. But still there's no auth at subsequent reboot (eg, join works but is ineffective). I've tried all combination of: ntlm auth = server signing = client signing = client ipc signing = but nothing work. Thanks.
Bug#820982: Trouble with joined win7pro client...
I've updated some of my wheezy/samba3 networks, hit the 'i cannot talk to myself' bug, and so added: client ipc signing = no to solve. But after some days, as stated by Vladislav Kurz, i've started to get errors about trust relationships failed or domain controller not avaliable. I've testet *ALL* combination of: ntlm auth = server signing = client signing = client ipc signing = and i've done may time the unjoin and rejoin operation of the client, nothing changed. I've reverted to old package: apt-get install samba=2:3.6.6-6+deb7u7 samba-common=2:3.6.6-6+deb7u7 winbind=2:3.6.6-6+deb7u7 libwbclient0=2:3.6.6-6+deb7u7 smbclient=2:3.6.6-6+deb7u7 libnss-winbind=2:3.6.6-6+deb7u7 libpam-winbind=2:3.6.6-6+deb7u7 samba-common-bin=2:3.6.6-6+deb7u7 samba-doc=2:3.6.6-6+deb7u7 and samba get back at work as expected. I hope on u10... but as Vladislav say, i'm asking if there's also some registry tweaks to update client-side... Thanks.
Bug#821069: samba: Client and server side signing mismatches after upgrade...
Package: samba Version: 2:3.6.6-6+deb7u9 Followup-For: Bug #821069 I prefere to reply to this bug, but also client cannot logon to the domain so clearly this is a duplicate of bug #820982. As stated in #820982, the culprit came from a mismatch in ''signing'' between clent and server. Some command line sessions: BEFORE UPGRADE: root@lupus:~# net rpc testjoin Join to 'SVCORSI' is OK root@lupus:~# testparm > /tmp/smb.conf.before Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: The "enable privileges" option is deprecated Can't find include file /etc/samba/smb.conf. Processing section "[printers]" Processing section "[baleno]" Processing section "[print$]" Processing section "[netlogon]" Processing section "[homes]" Processing section "[profiles]" Processing section "[wpkg]" Processing section "[larpch]" Processing section "[Users]" Processing section "[Media]" Processing section "[Software]" Processing section "[web]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions AFTER UPGRADE: root@lupus:~# net rpc testjoin Connection failed: NT_STATUS_ACCESS_DENIED Join to domain 'SVCORSI' is not valid: NT_STATUS_ACCESS_DENIED root@lupus:~# net -d 10 rpc testjoin INFO: Current debug levels: all: 10 [...] Connecting to 10.5.7.1 at port 445 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 16384 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 Substituting charset 'UTF-8' for LOCALE cli_negprot: SMB signing is mandatory and the server doesn't support it. failed negprot: NT_STATUS_ACCESS_DENIED Cannot connect to server (anonymously). Error was NT_STATUS_ACCESS_DENIED lang_tdb_init: /usr/share/samba/it_IT.UTF-8.msg: File o directory non esistente Connection failed: NT_STATUS_ACCESS_DENIED Join to domain 'SVCORSI' is not valid: NT_STATUS_ACCESS_DENIED return code = -1 Note the 'cli_negprot: SMB signing is mandatory and the server doesn't support it.'. But also note that, whitout notice, a default opton changed: root@lupus:~# testparm > /tmp/smb.conf.after Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: The "enable privileges" option is deprecated Can't find include file /etc/samba/smb.conf. Processing section "[printers]" Processing section "[baleno]" Processing section "[print$]" Processing section "[netlogon]" Processing section "[homes]" Processing section "[profiles]" Processing section "[wpkg]" Processing section "[larpch]" Processing section "[Users]" Processing section "[Media]" Processing section "[Software]" Processing section "[web]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions root@lupus:~# diff -ud /tmp/smb.conf.before /tmp/smb.conf.after --- /tmp/smb.conf.before2016-04-15 17:32:57.062343755 +0200 +++ /tmp/smb.conf.after 2016-04-15 17:35:46.310718374 +0200 @@ -9,6 +9,7 @@ syslog = 0 log file = /var/log/samba/log.%m time server = Yes + client signing = required socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups add user script = /usr/sbin/smbldap-useradd "%u" eg, now 'client signing = required'. Instead of adding 'client signing = no' as stated in bug #820982, i've added: server signing = auto for now, and all works as expected; but i've to experiment a bit with the suggested: server signing = mandatory ntlm auth = no before implementing it. A little note: debconf of the samba3 upgrade does not warn about the upgrade as the samba4 upgrade in jessie, so users can get even more confused about. Thanks. -- System Information: Debian Release: 7.10 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages samba depends on: ii adduser3.113+nmu3 ii debconf [debconf-2.0] 1.5.49 ii dpkg 1.16.17 ii libacl12.2.51-8 ii libattr1 1:2.4.46-8 ii libc6 2.13-38+deb7u10 ii libcap21:2.22-1.2 ii libcomerr2 1.42.5-1.1+deb7u1 ii libcups2 1.5.3-5+deb7u6 ii libgssapi-krb5-2 1.10.1+dfsg-5+deb7u7 ii libk5crypto3 1.10.1+dfsg-5+deb7u7 ii libkrb5-3 1.10.1+dfsg-5+deb7u7 ii libldap-2.4-2
Bug#625796: Bug still here...
Just upgraded to jessie: tank:~# apt-cache show arpwatch | grep ^Version: Version: 2.1a15-1.3 Bug is still here.
Bug#819717: ntopng crash and restart with error *** stack smashing detected ***
Package: ntopng Version: 1.2.1+dfsg1-1.1 Severity: normal Dear Maintainer, I've just installed 'ntopng', but roughly 4-6 times/hour, the daemon bombs out with the error at subject. I've tried to limit the number of interfaces to listen to, but nothing changed. Attached, an excerption of syslog. -- System Information: Debian Release: 8.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.16.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ntopng depends on: ii init-system-helpers 1.22 ii libc62.19-18+deb8u3 ii libgcc1 1:4.9.2-10 ii libgeoip11.6.2-4 ii libhiredis0.10 0.11.0-4 ii libjson-c2 0.11-4 ii libluajit-5.1-2 2.0.3+dfsg-3 ii libndpi1a1.5.0-1 ii libpcap0.8 1.6.2-2 ii librrd4 1.4.8-1.2 ii libsqlite3-0 3.8.7.1-1+deb8u1 ii libstdc++6 4.9.2-10 ii libzmq3 4.0.5+dfsg-2+deb8u1 ii ntopng-data 1.2.1+dfsg1-1.1 ii redis-server 2:2.8.17-1+deb8u3 ntopng recommends no packages. Versions of packages ntopng suggests: ii geoip-database-contrib 1.17+nmu1 -- Configuration Files: /etc/default/ntopng changed: INTERFACES="eth0 eth0.3" HTTP_PORT=3000 ADD_ARGS="" -- no debconf information Apr 1 12:30:01 tank sh[27592]: *** stack smashing detected ***: /usr/sbin/ntopng terminated Apr 1 12:30:01 tank sh[27592]: === Backtrace: = Apr 1 12:30:01 tank sh[27592]: /lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x6c773)[0xb712b773] Apr 1 12:30:01 tank sh[27592]: /lib/i386-linux-gnu/i686/cmov/libc.so.6(__fortify_fail+0x45)[0xb71bbb85] Apr 1 12:30:01 tank sh[27592]: /lib/i386-linux-gnu/i686/cmov/libc.so.6(+0xfcb3a)[0xb71bbb3a] Apr 1 12:30:01 tank sh[27592]: /usr/sbin/ntopng(_fini+0x0)[0xb770e174] Apr 1 12:30:01 tank sh[27592]: /usr/sbin/ntopng(+0xf61c)[0xb76da61c] Apr 1 12:30:01 tank sh[27592]: /usr/sbin/ntopng(+0x18f54)[0xb76e3f54] Apr 1 12:30:01 tank sh[27592]: /usr/sbin/ntopng(+0x27347)[0xb76f2347] Apr 1 12:30:01 tank sh[27592]: /usr/sbin/ntopng(+0x2efd2)[0xb76f9fd2] Apr 1 12:30:01 tank sh[27592]: /usr/lib/i386-linux-gnu/libluajit-5.1.so.2(+0x65ff)[0xb75bb5ff] Apr 1 12:30:01 tank sh[27592]: /usr/lib/i386-linux-gnu/libluajit-5.1.so.2(lua_pcall+0x44)[0xb75fed24] Apr 1 12:30:01 tank sh[27592]: /usr/sbin/ntopng(+0x33015)[0xb76fe015] Apr 1 12:30:01 tank sh[27592]: /usr/sbin/ntopng(+0x10413)[0xb76db413] Apr 1 12:30:01 tank sh[27592]: /usr/sbin/ntopng(+0x106c3)[0xb76db6c3] Apr 1 12:30:01 tank sh[27592]: /usr/sbin/ntopng(+0x106fc)[0xb76db6fc] Apr 1 12:30:01 tank sh[27592]: /lib/i386-linux-gnu/i686/cmov/libpthread.so.0(+0x6efb)[0xb73c8efb] Apr 1 12:30:01 tank sh[27592]: /lib/i386-linux-gnu/i686/cmov/libc.so.6(clone+0x5e)[0xb71aaede] Apr 1 12:30:01 tank sh[27592]: === Memory map: Apr 1 12:30:01 tank sh[27592]: ae50-ae59 rw-p 00:00 0 Apr 1 12:30:01 tank sh[27592]: ae59-ae60 ---p 00:00 0 Apr 1 12:30:01 tank sh[27592]: ae70-ae90 rw-p 00:00 0 Apr 1 12:30:01 tank sh[27592]: ae90-aea0 rw-p 00:00 0 Apr 1 12:30:01 tank sh[27592]: aeafe000-aeaff000 ---p 00:00 0 Apr 1 12:30:01 tank sh[27592]: aeaff000-af2ff000 rwxp 00:00 0 [stack:27610] Apr 1 12:30:01 tank sh[27592]: af2ff000-af30 ---p 00:00 0 Apr 1 12:30:01 tank sh[27592]: af30-afb0 rwxp 00:00 0 [stack:27609] Apr 1 12:30:01 tank sh[27592]: afb0-afb25000 rw-p 00:00 0 Apr 1 12:30:01 tank sh[27592]: afb25000-afc0 ---p 00:00 0 Apr 1 12:30:01 tank sh[27592]: afc3e000-afcfe000 rw-p 00:00 0 Apr 1 12:30:01 tank sh[27592]: afcfe000-afcff000 ---p 00:00 0 Apr 1 12:30:01 tank sh[27592]: afcff000-b04ff000 rwxp 00:00 0 [stack:27605] Apr 1 12:30:01 tank sh[27592]: b04ff000-b050 ---p 00:00 0 Apr 1 12:30:01 tank sh[27592]: b050-b0d0 rwxp 00:00 0 [stack:27604] Apr 1 12:30:01 tank sh[27592]: b0d0-b0e0 rw-p 00:00 0 Apr 1 12:30:01 tank sh[27592]: b0e09000-b0ee9000 rw-p 00:00 0 Apr 1 12:30:01 tank kernel: [63254.162285] device eth0.3 left promiscuous mode Apr 1 12:30:01 tank sh[27592]: b0ee9000-b0efc000 r-xp 08:01 146471 /lib/i386-linux-gnu/i686/cmov/libresolv-2.19.so Apr 1 12:30:01 tank sh[27592]: b0efc000-b0efd000 r--p 00012000 08:01 146471 /lib/i386-linux-gnu/i686/cmov/libresolv-2.19.so Apr 1 12:30:01 tank sh[27592]: b0efd000-b0efe000 rw-p 00013000 08:01 146471 /lib/i386-linux-gnu/i686/cmov/libresolv-2.19.so Apr 1 12:30:01 tank sh[27592]: b0efe000-b0f0 rw-p 00:00 0 Apr 1 12:30:01 tank sh[27592]: b0f0-b0f25000 rw-p 00:00 0 Apr 1 12:30:01 tank sh[27592]:
Bug#760393: Some feedback...
> > Machine survive with wheezy kernel for a week, so seems to me that > > firmware upgrade (and/or wheezy kernel upgrades ;) cure the trouble. > It'd be appreciated if you can inform the version of running kernel > and version of upgraded firmware. > This may be helpful to those having the same hardware. It is true, i was sure i've just post on that bug the info, but... clearly no. The controller was (is): Smart Array 641 in Slot 3 Bus Interface: PCI Slot: 3 Serial Number: P92270P9SSC1BM RAID 6 (ADG) Status: Disabled Controller Status: OK Hardware Revision: B Firmware Version: 2.34 Rebuild Priority: Low Expand Priority: Low Surface Scan Delay: 15 secs Surface Scan Mode: Idle Post Prompt Timeout: 0 secs Cache Board Present: True Cache Status: OK Cache Ratio: 100% Read / 0% Write Total Cache Size: 64 MB Total Cache Memory Available: 32 MB No-Battery Write Cache: Disabled Battery/Capacitor Count: 0 SATA NCQ Supported: False so was firmware 2.34, now upgraded to latest (2.84). Kernel was (is) linux-image-3.2.0-4-686-pae, version 3.2.68-1+deb7u4.
Bug#760393: Some feedback...
I've finally decomissioned the server, so i've get some time (and courage ;) to upgrade controller firmware to latest version (2.84) and do some test (server was off network, but with service online and with clamscan running on a loop continuously). Machine survive with wheezy kernel for a week, so seems to me that firmware upgrade (and/or wheezy kernel upgrades ;) cure the trouble. Probably the server will be trashed, anyway...
Bug#816601: squid3: After last LTS upgrade, squid crash with 'assertion failed: forward.cc:298: "fd == server_fd"' error
Package: squid3 Version: 3.1.6-1.2+squeeze6 Severity: important After applying the last 'squeeze-lts' update, eg upgrading to, 3.1.6-1.2+squeeze6, squid3 start to complain about the error on subject: 'assertion failed: forward.cc:298: "fd == server_fd" in cache.log; normally squid ''resume'' from that error (probably, restarting), but sooner or later die. No other error happen on cache.log, nor there's change in configuration before and after the upgrade. Thanks. -- System Information: Debian Release: 6.0.10 APT prefers squeeze-lts APT policy: (500, 'squeeze-lts'), (500, 'oldoldstable-updates'), (500, 'oldoldstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages squid3 depends on: ii adduser 3.112+nmu2 add and remove users and groups ii libc6 2.11.3-4+deb6u11 Embedded GNU C Library: Shared lib ii libcap2 1:2.19-3 support for getting/setting POSIX. ii libcomerr21.41.12-4+deb6u2 common error description library ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [ ii libexpat1 2.0.1-7+squeeze2 XML parsing C library - runtime li ii libgcc1 1:4.4.5-8 GCC support library ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze11 MIT Kerberos runtime libraries - k ii libk5crypto3 1.8.3+dfsg-4squeeze11 MIT Kerberos runtime libraries - C ii libkrb5-3 1.8.3+dfsg-4squeeze11 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.23-7.3+deb6u2 OpenLDAP libraries ii libltdl7 2.2.6b-2 A system independent dlopen wrappe ii libpam0g 1.1.1-6.1+squeeze1 Pluggable Authentication Modules l ii libsasl2-22.1.23.dfsg1-7 Cyrus SASL - authentication abstra ii libstdc++64.4.5-8The GNU Standard C++ Library v3 ii libxml2 2.7.8.dfsg-2+squeeze16 GNOME XML library ii logrotate 3.7.8-6Log rotation utility ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii netbase 4.45 Basic TCP/IP networking system ii squid3-common 3.1.6-1.2+squeeze6 A full featured Web Proxy cache (H squid3 recommends no packages. Versions of packages squid3 suggests: pn resolvconf (no description available) ii smbclient2:3.5.6~dfsg-3squeeze13 command-line SMB/CIFS clients for pn squid-cgi (no description available) ii squidclient 3.1.6-1.2+squeeze6 A full featured Web Proxy cache (H -- Configuration Files: /etc/squid3/squid.conf changed [not included] -- no debconf information
Bug#811402: isc-dhcp-server: dhcpd now look at /etc/dhcpd.conf for config file...
Package: isc-dhcp-server Version: 4.1.1-P1-15+squeeze9 Severity: important I've upgraded the package using squeeze-lts, but the newer version does not start, complaining about: Jan 15 08:21:55 opitergium dhcpd: Can't open /etc/dhcpd.conf: No such file or directory Seems to me a packaging error, the config file is on /etc/dhcp/dhcpd.conf! I've quickly fixed with a simbolic link, but i thing that need to be repackaged... -- System Information: Debian Release: 6.0.10 APT prefers squeeze-lts APT policy: (500, 'squeeze-lts'), (500, 'oldoldstable-updates'), (500, 'oldoldstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages isc-dhcp-server depends on: ii debconf [debconf-2. 1.5.36.1 Debian configuration management sy ii debianutils 3.4 Miscellaneous utilities specific t ii isc-dhcp-common 4.1.1-P1-15+squeeze9 common files used by all the isc-d ii libc6 2.11.3-4+deb6u8 Embedded GNU C Library: Shared lib ii lsb-base3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip isc-dhcp-server recommends no packages. Versions of packages isc-dhcp-server suggests: pn isc-dhcp-server-ldap (no description available) -- Configuration Files: /etc/dhcp/dhcpd.conf changed [not included] -- debconf information: isc-dhcp-server/config_warn: isc-dhcp-server/interfaces: eth0
Bug#658120: Applied RH patch and works!!!
I've tried Ubuntu patch but does not apply cleanly, probably is old... I've applied insted the RH one (plain patch on: http://pkgs.fedoraproject.org/cgit/cdrkit.git/plain/cdrkit-1.1.9-efi-boot.patch ) and recompiled cdrkit 1.1.11-3 sources: compile flawlessy and works as expected. Please, add this patch!!!
Bug#658120: Another patch source...
I'm asking too to add EFI boot support; another patch (but, probably the same) came from RH-based distro: http://pkgs.fedoraproject.org/cgit/cdrkit.git/tree/cdrkit-1.1.9-efi-boot.patch Please, add EFI boot support! Thanks.
Bug#799259: cups-filters: Messy dependencies between cups-filters and foomatic-filters...
Mandi! Till Kamppeter In chel di` si favelave... Only two note. > 2. beh with standard permissions only works with backends with > standard permissions. root-only backends (with executable bit only > for root) only work through beh if one assigns the same root-only > permissions to beh, making also normal backends used through beh > running as root. Any suggestions for handling this permission > problem are welcome. This ''permission mess'' on cups backend is another story, and another bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702227 really, i've not understood why there's permission restriction, and how circumvent it. I admit that using ''chained backend'' is not a common setup, but cups support it, while seems that breaks their ''security model''. It is at least not clear. Probably is an upstream thing, but... > As a quick solution on the side of the distribution I would split > the binary packages of foomatic-filters to have one containing > foomatic-rip (for the rare non-CUPS printing system users) and one > containing beh (for the rare cups+beh users). Consider also to simply add a row on README.Debian or something like that: 'beh' is a very simply perl script, with no exotic perl deps, so probably some row that explain how to download and install perl will suffices, at least for now. Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/25/index.php/component/k2/item/123 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Bug#799259: cups-filters: Messy dependencies between cups-filters and foomatic-filters...
> Indeed, it seems that you can't. I can confirm that cups and > foomatic-filters are not coinstallable, at least since jessie. Many thanks for the info. > Till: should 'beh' be shipped in cups-filters too, or is there an > alternative to it between cups and cups-filters. Alternatively, should > we split 'beh' off foomatic-filters? And also for that, whatever option you choose. ;-)
Bug#799259: cups-filters: Messy depenedencies between cups-filters and foomatic-filters...
Package: cups-filters Version: 1.0.61-5+deb8u1 Severity: normal Dear Maintainer, i've just installed my first 'jessue' server, and trying to configure CUPS i've it a trouble. Little note: i've found in past year (and debian version) some trouble handling some printer: it is normally due to firmware or driver (windows driver) bugs, but in some case i use the 'beh' backend (backend error handler, http://www.linuxfoundation.org/collaborate/workgroups/openprinting/database/backenderrorhandler) to cure or at least circumvent that trouble. Normally, on older debian revision, beh get installed by default. Not on jessie. Looking on file search: https://packages.debian.org/search?searchon=contents=beh=path=stable=any i've found that the 'beh' backend is in the 'foomatic-filters' package. Good. But: root@brucaliffo:/tmp/mailto# LANG=C apt-get install foomatic-filters Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: cups cups-filters printer-driver-gutenprint The following NEW packages will be installed: foomatic-filters 0 upgraded, 1 newly installed, 3 to remove and 0 not upgraded. Need to get 159 kB of archives. After this operation, 2673 kB disk space will be freed. Do you want to continue? [Y/n] Not so good. The trouble seems to come from a dependency mess, eg: root@brucaliffo:/tmp/mailto# apt-cache show cups | egrep "^(Depends|Recommends|Conflicts):" Depends: libavahi-client3 (>= 0.6.16), libavahi-common3 (>= 0.6.16), libc6 (>= 2.16), libcups2 (= 1.7.5-11+deb8u1), libcupscgi1 (>= 1.4.2), libcupsimage2 (>= 1.4.0), libcupsmime1 (>= 1.4.0), libcupsppdc1 (>= 1.4.0), libgcc1 (>= 1:4.1.1), libstdc++6 (>= 4.1.1), libusb-1.0-0 (>= 2:1.0.8), debconf (>= 1.2.9) | debconf-2.0, libc-bin (>= 2.13), cups-core-drivers (>= 1.7.5-11+deb8u1), cups-daemon (>= 1.7.5-11+deb8u1), poppler-utils (>= 0.12), procps, ghostscript (>= 9.02~), lsb-base (>= 3.2-14~), cups-common (>= 1.7.5-11+deb8u1), cups-server-common (>= 1.7.5-11+deb8u1), cups-client (>= 1.7.5-11+deb8u1), cups-ppdc, cups-filters (>= 1.0.24-3~) Recommends: avahi-daemon, colord, cups-filters (>= 1.0.42) | foomatic-filters (>= 4.0), printer-driver-gutenprint, cups-filters (>= 1.0.36) | ghostscript-cups (>= 9.02~) root@brucaliffo:/tmp/mailto# apt-cache show cups-filters | egrep "^(Depends|Recommends|Conflicts):" Depends: libc6 (>= 2.15), libcups2 (>= 1.7.0), libcupsfilters1 (>= 1.0.58), libcupsimage2 (>= 1.4.0), libfontconfig1 (>= 2.11), libfontembed1 (>= 1.0.31), libgcc1 (>= 1:4.1.1), libijs-0.35 (>= 0.35), liblcms2-2 (>= 2.2+git20110628), libpoppler46 (>= 0.26.5), libqpdf13 (>> 5.0.0~), libstdc++6 (>= 4.1.1), cups-filters-core-drivers (>= 1.0.61-5+deb8u1), bc, ghostscript (>= 9.02~) Recommends: colord Conflicts: foomatic-filters, ghostscript-cups root@brucaliffo:/tmp/mailto# apt-cache show foomatic-filters | egrep "^(Depends|Recommends|Conflicts):" Depends: libc6 (>= 2.14), libdbus-1-3 (>= 1.0.2), debconf (>= 0.5) | debconf-2.0, ucf (>= 0.30) Recommends: cups-client | lpr | lprng | rlpr, ghostscript, cups | enscript | a2ps | mpage, poppler-utils (>= 0.11.2), colord eg, cups both depends and recommend 'cups-filters', cups-filters conflicts with foomatic-filters and foomatic-filters recommends cups. Seems so strange to me... how can i install the 'beh' backend? Thanks. -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/12 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages cups-filters depends on: ii bc 1.06.95-9 ii cups-filters-core-drivers 1.0.61-5+deb8u1 ii ghostscript9.06~dfsg-2+deb8u1 ii libc6 2.19-18+deb8u1 ii libcups2 1.7.5-11+deb8u1 ii libcupsfilters11.0.61-5+deb8u1 ii libcupsimage2 1.7.5-11+deb8u1 ii libfontconfig1 2.11.0-6.3 ii libfontembed1 1.0.61-5+deb8u1 ii libgcc11:4.9.2-10 ii libijs-0.350.35-10 ii liblcms2-2 2.6-3+b3 ii libpoppler46 0.26.5-2 ii libqpdf13 5.1.2-2 ii libstdc++6 4.9.2-10 Versions of packages cups-filters recommends: ii colord 1.2.1-1+b2 Versions of packages cups-filters suggests: pn foomatic-db-compressed-ppds | foomatic-db -- no debconf information
Bug#659261: linux: Re: [linux-headers-3.2.0-1-common] Dangling symlink to Kbuild
The 'scripts' symlinks break if you make /usr/src a symlink to somewhere else. Don't do that. AARRGGHH! Sorry!!! I've really not minded about the /usr/src link, that, it is true, i do on /var/src. Again, sorry... ;((( -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/25/index.php/component/k2/item/123 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#760303: squid3: squid 3.3.8-1.2 segfaults during initscript start/restart
Package: squid3 Version: 3.4.8-6 Followup-For: Bug #760303 Dear Maintainer, I confirm mee too the bug, using c-ical 0.3.5 and squidclamav recompiled/repackaged from latest source: root@brucaliffo:~# dpkg -l | grep icap ii c-icap 1:0.3.5-0gaio1 amd64ICAP server implementation ii libc-icap-mod-squidclamav 6.12-0gaio1 amd64ICAP Antivirus Service for c-icap ii libicapapi-dev 1:0.3.5-0gaio1 amd64ICAP API library development files ii libicapapi31:0.3.5-0gaio1 amd64ICAP API library my current relevant squid configuration: root@brucaliffo:~# grep -v ^# /etc/squid3/conf.d/80extension.conf | grep -v ^$ url_rewrite_program /usr/bin/squidGuard -c /etc/squid3/guard/squidGuard.conf url_rewrite_children 10 icap_enableon adaptation_send_client_ip on adaptation_send_username on icap_preview_enableon icap_preview_size 5 MB icap_service service_av_req reqmod_precache bypass=1 icap://localhost:1344/squidclamav icap_service service_av_resp respmod_precache bypass=1 icap://localhost:1344/squidclamav adaptation_service_set class_av_req service_av_req adaptation_service_set class_av_resp service_av_resp adaptation_access class_av_req deny CONNECT adaptation_access class_av_req allow all adaptation_access class_av_resp deny CONNECT adaptation_access class_av_resp allow all I hope also i on a point release with the patch that solve this trouble. Thanks. -- System Information: Debian Release: 8.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/12 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages squid3 depends on: ii adduser 3.113+nmu3 ii libc62.19-18 ii libcap2 1:2.24-8 ii libcomerr2 1.42.12-1.1 ii libdb5.3 5.3.28-9 ii libecap2 0.2.0-3 ii libexpat12.1.0-6+b3 ii libgcc1 1:4.9.2-10 ii libgssapi-krb5-2 1.12.1+dfsg-19 ii libk5crypto3 1.12.1+dfsg-19 ii libkrb5-31.12.1+dfsg-19 ii libldap-2.4-22.4.40+dfsg-1 ii libltdl7 2.4.2-1.11 ii libnetfilter-conntrack3 1.0.4-1 ii libnettle4 2.7.1-5 ii libpam0g 1.1.8-3.1 ii libsasl2-2 2.1.26.dfsg1-13 ii libstdc++6 4.9.2-10 ii libxml2 2.9.1+dfsg1-5 ii logrotate3.8.7-1+b1 ii lsb-base 4.1+Debian13+nmu1 ii netbase 5.3 ii squid3-common3.4.8-6 squid3 recommends no packages. Versions of packages squid3 suggests: pn resolvconf none ii smbclient2:4.1.17+dfsg-2 pn squid-cginone pn squid-purge none ii squidclient 3.4.8-6 pn ufw none pn winbindd none -- Configuration Files: /etc/squid3/squid.conf changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#659261: linux: Re: [linux-headers-3.2.0-1-common] Dangling symlink to Kbuild
Package: linux-headers-3.16.0-4-common Version: 3.16.7-ckt11-1 Followup-For: Bug #659261 Dear Maintainer, I've still found that trouble on current kernel version for jessie. Seems to me that relative links is the culprit. I've quickly fixed with: cd /usr/src/linux-headers-3.16.0-4-common rm scripts; ln -s /usr/lib/linux-kbuild-3.16/scripts . cd /usr/src/linux-headers-3.16.0-4-amd64 rm scripts; ln -s /usr/lib/linux-kbuild-3.16/scripts . (yes, the bug apply also to linux-headers-3.16.0-4-amd64). After that, my modules (Oracle VirtualBox debian packages) compile flawlessy. Thanks. -- System Information: Debian Release: 8.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/12 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#793196: squidguard: /usr/sbin/update-squidguard does not run, now the shell of the 'proxy' user is invalid
Package: squidguard Version: 1.5-4 Severity: important Dear Maintainer, I've installed and configured squidguard, adding some loca custom lists and some lists from common repository. But squidguard does not run, and squid3 ''crash'' because of repeated failures of the redirector. After fiddling a bit, i've found that database get not built, because the script /usr/sbin/update-squidguard cannot run the update process: root@brucaliffo:~# bash -x /usr/sbin/update-squidguard + set -e + '[' 0 -gt 0 ']' + CONFDIR=/etc/squidguard + CONFOLD=/etc/squid + CONFFILE=squidGuard.conf + DATADIR= + DBVFILE= + DB_ACT= + DB_OLD= + REBUILD=y + INITRUN= + test '!' -e /etc/squidguard/squidGuard.conf + '[' '!' -z ']' + test -d /etc/squidguard + test '!' -e /etc/squidguard/squidGuard.conf + chown proxy:proxy /etc/squidguard/squidGuard.conf + chmod 0640 /etc/squidguard/squidGuard.conf ++ grep '^dbhome' /etc/squidguard/squidGuard.conf ++ cut '-d ' -f2 + DATADIR=/var/lib/squidguard/db + DBVFILE=/var/lib/squidguard/db/../dbversion + '[' '!' -z ']' + test -d /var/lib/squidguard/db ++ ls -1 /var/lib/squidguard/db ++ wc -l + '[' 4 -eq 0 ']' + chown -R proxy:proxy /var/lib/squidguard/db + find /var/lib/squidguard/db -type d + xargs chmod 2750 + '[' '!' -z ']' ++ squidGuard -v ++ sed 's/.*DB\ \(.*\):.*/\1/' + DB_ACT=5.3.28 + '[' '!' -z ']' + '[' y = y ']' + echo 'Rebuild SquidGuard database - this can take a while.' Rebuild SquidGuard database - this can take a while. + su - proxy -c 'squidGuard -C all' This account is currently not available. After fiddling a bit, i've found the culprit: now the shell of the 'proxy' user is invalid: root@brucaliffo:~# getent passwd proxy proxy:x:13:13:proxy:/bin:/usr/sbin/nologin A simple patch solves the trouble. Attached. -- System Information: Debian Release: 8.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/12 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages squidguard depends on: ii debconf [debconf-2.0] 1.5.56 ii libc6 2.19-18 ii libdb5.3 5.3.28-9 ii libldap-2.4-2 2.4.40+dfsg-1 Versions of packages squidguard recommends: ii liburi-perl 1.64-1 ii libwww-perl 6.08-1 ii squid3 3.4.8-6 Versions of packages squidguard suggests: ii ldap-utils 2.4.40+dfsg-1 pn squidguard-doc none -- Configuration Files: /etc/squidguard/squidGuard.conf.default [Errno 13] Permesso negato: u'/etc/squidguard/squidGuard.conf.default' -- debconf information: squidguard/dbreload: true --- /usr/sbin/update-squidguard.orig 2015-07-22 11:59:24.239042429 +0200 +++ /usr/sbin/update-squidguard 2015-07-22 12:00:19.403036392 +0200 @@ -91,7 +91,7 @@ # rebuild database if needed if [ $REBUILD = y ]; then echo Rebuild SquidGuard database - this can take a while. 2 - su - proxy -c squidGuard ${VBPAR} -C all + su -s /bin/sh -c 'squidGuard ${VBPAR} -C all' - proxy # update info file with Berkeley DB version echo ${DB_ACT} ${DBVFILE} [ ! -z $VERBOSE ] echo Rebuild done. 2
Bug#785130: Newer version available, new upstream mantainer
Package: clamav-unofficial-sigs Version: 3.7.2-2 As announced in sanesecurity_announce list: https://www.freelists.org/post/sanesecurity_announce/Download-Script-eXtremeSHOK,1 project got a new mantainer and got version 4: https://github.com/extremeshok/clamav-unofficial-sigs Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#779133: Ok, solved, but still a strange thing...
After updating also the NFS server, after fiddling a bit with NFS parameters, after hitting my head around the room... i've found a solution. AFAIK NFSv3 use a ''nonstandard'' ACL mechanism that works well only for POSIX ACL, while NFSv4 use a more complex one, suited to take into account different ACL schemas. I use POSIX ACL, so NFSv3 is well suited for me. Simply i've had in /etc/fstab: dixie:/srv/wviola/sources /srv/wviola/sources nfs acl 0 0 and worked perfeclty[1] just before rebooting the NFS client machine. Now i was forced to put instead: dixie:/srv/wviola/sources /srv/wviola/sources nfs nfsvers=3,acl 0 0 so seems to me that ''something'' changed the default NFS version from 3 to 4. Trying to downgrade lead me to the suspect that the guilty is not the kernel; but really i've gone back on upgrade history and found nothing related to NFS of mount upgraded recently... Boh... [1]: i was sure because i've a cron script that hourly try to mangle ACLs, and never complained about missing ACL before the reboot... -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#779133: linux-image-3.2.0-4-amd64: After latest security upgrade, acl on NFS exported share stop working
Package: src:linux Version: 3.2.65-1+deb7u2 Severity: important Dear Maintainer, I've just upgrade this server with the lates security packages, most notably the latest kernel. This server act as a NFS *client* mounting nfs shares with ACL. After rebooting the box, shares get mounted but without ACL, and whithout any error/warning. On source server (also a debian wheezy) and filesystem nothing changed, and ACL are correctly there. Thanks. -- Package-specific info: ** Version: Linux version 3.2.0-4-amd64 (debian-ker...@lists.debian.org) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.65-1+deb7u2 ** Command line: BOOT_IMAGE=/boot/vmlinuz-3.2.0-4-amd64 root=UUID=b9da6c4b-9450-4a85-9ff3-30210ce219cd ro quiet ** Tainted: O (4096) * Out-of-tree module has been loaded. ** Kernel log: [5.460114] [TTM] Initializing DMA pool allocator [5.460139] [drm] radeon: 16M of VRAM memory ready [5.460141] [drm] radeon: 512M of GTT memory ready. [5.460166] [drm] GART: num cpu pages 131072, num gpu pages 131072 [5.461029] [drm] radeon: ib pool ready. [5.481520] [drm] PCIE GART of 512M enabled (table at 0x3708). [5.481554] radeon :0f:02.0: WB disabled [5.481558] [drm] fence driver on ring 0 use gpu addr 0xb000 and cpu addr 0x880037034000 [5.481562] [drm] Supports vblank timestamp caching Rev 1 (10.10.2010). [5.481564] [drm] Driver supports precise vblank timestamp query. [5.481580] [drm] radeon: irq initialized. [5.481650] [drm] Loading R100 Microcode [5.522851] platform radeon_cp.0: firmware: agent loaded radeon/R100_cp.bin into memory [5.523391] [drm] radeon: ring at 0xB0001000 [5.523414] [drm] ring test succeeded in 1 usecs [5.523832] [drm] ib test succeeded in 0 usecs [5.524069] [drm] No TV DAC info found in BIOS [5.524072] [drm] No valid Ext TMDS info found in BIOS [5.524111] [drm] Radeon Display Connectors [5.524113] [drm] Connector 0: [5.524115] [drm] VGA [5.524117] [drm] DDC: 0x60 0x60 0x60 0x60 0x60 0x60 0x60 0x60 [5.524119] [drm] Encoders: [5.524121] [drm] CRT1: INTERNAL_DAC1 [5.524123] [drm] Connector 1: [5.524124] [drm] DVI-I [5.524126] [drm] HPD2 [5.524128] [drm] DDC: 0x6c 0x6c 0x6c 0x6c 0x6c 0x6c 0x6c 0x6c [5.524130] [drm] Encoders: [5.524131] [drm] CRT2: INTERNAL_DAC2 [5.524133] [drm] DFP2: INTERNAL_DVO1 [5.561093] [drm] fb mappable at 0xD004 [5.561095] [drm] vram apper at 0xD000 [5.561097] [drm] size 786432 [5.561098] [drm] fb depth is 8 [5.561100] [drm]pitch is 1024 [5.561177] fbcon: radeondrmfb (fb0) is primary device [6.039650] Console: switching to colour frame buffer device 128x48 [6.047151] fb0: radeondrmfb frame buffer device [6.047153] drm: registered panic notifier [6.047159] [drm] Initialized radeon 2.16.0 20080528 for :0f:02.0 on minor 0 [6.551594] EXT3-fs (md0): using internal journal [6.764051] loop: module loaded [7.320640] it87: Found IT8718F chip at 0x290, revision 1 [7.320650] it87: VID is disabled (pins used for GPIO) [7.320824] it87 it87.656: Detected broken BIOS defaults, disabling PWM interface [7.332092] md: md1 stopped. [7.354889] md: bindsdb2 [7.368900] md: bindsda2 [7.370264] md/raid1:md1: active with 2 out of 2 mirrors [7.370290] md1: detected capacity change from 0 to 10001842176 [7.385703] md1: unknown partition table [7.532131] md: md2 stopped. [7.533581] md: bindsdb5 [7.533728] md: bindsda5 [7.567358] md/raid1:md2: active with 2 out of 2 mirrors [7.567386] md2: detected capacity change from 0 to 50001346560 [7.581088] md2: unknown partition table [7.846632] md: md3 stopped. [7.848571] md: bindsdb6 [7.848753] md: bindsda6 [7.883843] md/raid1:md3: active with 2 out of 2 mirrors [7.883867] md3: detected capacity change from 0 to 500082 [7.885668] md3: unknown partition table [8.115196] md: md4 stopped. [8.116543] md: bindsdb7 [8.116716] md: bindsda7 [8.208678] md/raid1:md4: active with 2 out of 2 mirrors [8.208706] md4: detected capacity change from 0 to 184048746496 [8.210441] md4: unknown partition table [8.828770] Adding 4883644k swap on /dev/md3. Priority:-1 extents:1 across:4883644k [9.374570] kjournald starting. Commit interval 5 seconds [9.374593] EXT3-fs (md1): mounted filesystem with ordered data mode [9.444277] SGI XFS with ACLs, security attributes, realtime, large block/inode numbers, no debug enabled [9.444608] SGI XFS Quota Management subsystem [9.463478] XFS (md2): Mounting Filesystem [9.560922] XFS (md2): Ending clean mount [9.604153] XFS (md4): Mounting Filesystem [9.750919] XFS (md4): Ending clean mount [ 10.964268] e1000e :04:00.0: irq 68 for MSI/MSI-X [ 11.068055] e1000e :04:00.0: irq 68 for MSI/MSI-X [ 11.069273]
Bug#779133: Reverted back, still NO ACL... Boh...
I've downloaded, installed by hand the previous kernel, and rebooted the server. After that: invernomuto:~# uname -a Linux invernomuto 3.2.0-4-amd64 #1 SMP Debian 3.2.65-1+deb7u1 x86_64 GNU/Linux so i'm using the old kernel, but still ACL on NFS does not work... So i've downloaded from snapshot the kernel that run the NFS server, and now: invernomuto:~# uname -a Linux invernomuto 3.2.0-4-amd64 #1 SMP Debian 3.2.63-2+deb7u2 x86_64 GNU/Linux but still with that kernel ACL is missing... i'm confused... -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#740718: rkhunter: i18n db update of lang en keyword NETWORK_PROMISC_NO_IP missing
Package: rkhunter Version: 1.4.0-1 Followup-For: Bug #740718 Dear Maintainer, just upgraded to wheezy, i can confirm the bug, at every daily run i get: Error: Invalid display - keyword cannot be found: Display line: display --to LOG --type INFO NETWORK_PORTS_DISABLE_PATHS Error: Invalid display - keyword cannot be found: Display line: display --to LOG --type INFO NETWORK_PORTS_DISABLE_PATHS I've simply fixed that adding to /var/lib/rkhunter/db/i18n/en something like: NETWORK_PORTS_DISABLE_PATHS:Don't bother me. Thanks. -- System Information: Debian Release: 7.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rkhunter depends on: ii binutils 2.22-8+deb7u2 ii debconf [debconf-2.0] 1.5.49 ii file 5.11-2+deb7u7 ii net-tools 1.60-24.2 ii perl 5.14.2-21+deb7u2 ii ucf3.0025+nmu3 Versions of packages rkhunter recommends: ii exim4-daemon-light [mail-transport-agent] 4.80-7+deb7u1 ii iproute1:3.16.0-2~bpo70+1 pn lsof none ii lynx 2.8.8dev.12-2 ii unhide 20110113-4 ii wget 1.13.4-3+deb7u2 Versions of packages rkhunter suggests: ii bsd-mailx [mailx] 8.1.2-0.2006cvs-1+deb7u1 pn libdigest-whirlpool-perl none ii liburi-perl 1.60-1 ii libwww-perl 6.04-1 ii mailx 1:20071201-3 pn powermgmt-basenone pn tripwire none -- Configuration Files: /etc/default/rkhunter changed [not included] -- debconf information: rkhunter/apt_autogen: rkhunter/cron_daily_run: yes rkhunter/cron_db_update: yes -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775939: ntop: segfault in libntop-4.99.3
Package: ntop Version: 3:4.99.3+ndpi5517+dfsg3-1 Severity: normal Caro Ludovico, I've just upgraded a firewall from squeeze (using ntop from backports) to wheezy, and now (keeping the same config) ntop run for about a minute, then sigsev (even not accessing at all the web interface): Jan 21 11:12:15 tank kernel: [59862.329359] ntop[11288]: segfault at 30 ip b755d440 sp b1707e10 error 6 in libntop-4.99.3.so[b7529000+7d000] Say me if more info are needed. Thanks. -- System Information: Debian Release: 7.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ntop depends on: ii adduser3.113+nmu3 ii debconf [debconf-2.0] 1.5.49 ii libc6 2.13-38+deb7u6 ii libgdbm3 1.8.3-11 ii libgeoip1 1.4.8+dfsg-3 ii libpcap0.8 1.3.0-1 ii libpython2.7 2.7.3-6+deb7u2 ii librrd41.4.7-2 ii net-tools 1.60-24.2 ii ntop-data 3:4.99.3+ndpi5517+dfsg3-1 ii passwd 1:4.1.5.1-1 ii python-mako0.7.0-1.1 ii zlib1g 1:1.2.7.dfsg-13 ntop recommends no packages. Versions of packages ntop suggests: pn graphviz none ii gsfonts 1:8.11+urwcyr1.0.7~pre44-4.2 -- Configuration Files: /etc/default/ntop changed: ENABLED=1 GETOPT=-n 0 --no-interface-merge \ --http-server 10.5.1.254:3000 --refresh-time 300 /etc/ntop/protocol.list changed: FTP=ftp|ftp-data,PROXY=3128|8080,HTTP=http|www|https,DNS=name|domain,Mail=pop-2|pop-3|kpop|pop3s|smtp|imap|imap2|imaps,SNMP=snmp|snmp-trap,SSH=ssh,RDP=3389,ICA=1494|1604,VNC=5800-5806|5900-5906,DB=mysql|postgresql|1521,SecureLOG=720,Messenger=1863|5000|5001|5190-5193,Jabber=5222|5223 -- debconf information: ntop/admin_password_again: (password omitted) ntop/admin_password: (password omitted) ntop/password_mismatch: * ntop/user: ntop ntop/password_empty: * ntop/password_reset: false * ntop/interfaces: eth0,eth0.3 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695004: squid3: segfault on external_acl, i can confirm it!
Package: squid3 Version: 3.1.20-2.2+deb7u2 Followup-For: Bug #695004 Caro Luigi, I've had previously commented bug #486211, and i don't know if they are the same, but surely the trouble came from 'external_acl'. In that comment i say that in two similar system depicted the trouble, the other no: clearly, only on the troubling one i've defined my 'skype' ACL... I've in use an ACL to prevent skype use, apart some hosts (with fixed IP) or by some users (some group membership). My configuration is: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=SANVITO --require-membership-of=SANVITO\\domusers auth_param ntlm children 5 external_acl_type check_ntgroup %LOGIN /usr/lib/squid3/wbinfo_group.pl acl auth_required proxy_auth REQUIRED acl CONNECT method CONNECT acl block_skype url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ acl users_skype external check_ntgroup ispac ced dirammre acl skype src /etc/squid3/lists/skype.list acl apertura time MTWHF 08:00-18:00 http_access allow CONNECT block_skype apertura skype http_access allow CONNECT block_skype apertura auth_required users_skype http_access deny CONNECT block_skype apertura With this setup, everytime i try to access Skype (or, indeed, an https site using ip literal) squid require me auth, seems to accept it but refuse to connect. After testing all pieces of tools (eg, /usr/bin/ntlm_auth and /usr/lib/squid3/wbinfo_group.pl) and found it working, i've finally correlated the missing access with the sigsev, founding it fully reproducible. So, i've tried substituting ACL: http_access allow CONNECT block_skype apertura auth_required users_skype with: http_access allow CONNECT block_skype apertura auth_required and now skype works, ans squid does not sigsev. Setting debug to 9 for external ACL i can see in cache.log: 2015/01/21 16:41:07.920| aclMatchExternal: acl=check_ntgroup 2015/01/21 16:41:07.920| aclMatchExternal: check_ntgroup(gaio ispac ced dirammre) = lookup needed 2015/01/21 16:41:07.920| aclMatchExternal: gaio ispac ced dirammre: entry=@0, age=0 2015/01/21 16:41:07.920| aclMatchExternal: gaio ispac ced dirammre: queueing a call. 2015/01/21 16:41:07.920| aclMatchExternal: gaio ispac ced dirammre: return -1. 2015/01/21 16:41:07.920| externalAclLookup: lookup in 'check_ntgroup' for 'gaio ispac ced dirammre' 2015/01/21 16:41:07.920| externalAclLookup: looking up for 'gaio ispac ced dirammre' in 'check_ntgroup'. 2015/01/21 16:41:07.920| externalAclLookup: will wait for the result of 'gaio ispac ced dirammre' in 'check_ntgroup' (ch=0x7fc85b0128c8). 2015/01/21 16:41:07.997| externalAclHandleReply: reply=OK 2015/01/21 16:41:07.997| external_acl_cache_add: Adding 'gaio ispac ced dirammre' = 1 2015/01/21 16:41:07.997| aclMatchExternal: acl=check_ntgroup 2015/01/21 16:41:07.997| aclMatchExternal: check_ntgroup = 1 2015/01/21 16:41:11| Starting Squid Cache version 3.1.20 for x86_64-pc-linux-gnu... so, squid run correctly the external ACL script and only AFTER that hang. Trying to put all ACL in debug mode, i've hit: 2015/01/21 17:24:05.849| ACL::FindByName 'users_skype' 2015/01/21 17:24:05.849| ACLChecklist::asyncInProgress: 0x7f330a6df098 async set to 1 2015/01/21 17:24:05.849| aclmatchAclList: async=1 nodeMatched=0 async_in_progress=1 lastACLResult() = 0 finished() = 0 2015/01/21 17:24:05.926| ACLChecklist::asyncInProgress: 0x7f330a6df098 async set to 0 2015/01/21 17:24:05.926| ACLChecklist::preCheck: 0x7f330a6df098 checking 'http_access allow CONNECT block_skype apertura auth_required users_skype' 2015/01/21 17:24:05.926| ACLList::matches: checking CONNECT 2015/01/21 17:24:05.926| ACL::checklistMatches: checking 'CONNECT' 2015/01/21 17:24:05.926| ACL::ChecklistMatches: result for 'CONNECT' is 1 2015/01/21 17:24:05.926| ACLList::matches: result is true 2015/01/21 17:24:05.926| ACLList::matches: checking block_skype 2015/01/21 17:24:05.926| ACL::checklistMatches: checking 'block_skype' 2015/01/21 17:24:05.926| aclRegexData::match: checking '151.49.25.89:443' 2015/01/21 17:24:05.926| aclRegexData::match: looking for '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' 2015/01/21 17:24:05.926| aclRegexData::match: match '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' found in '151.49.25.89:443' 2015/01/21 17:24:05.926| ACL::ChecklistMatches: result for 'block_skype' is 1 2015/01/21 17:24:05.926| ACLList::matches: result is true 2015/01/21 17:24:05.926| ACLList::matches: checking apertura 2015/01/21 17:24:05.926| ACL::checklistMatches: checking 'apertura' 2015/01/21 17:24:05.926| aclMatchTime: checking 1044 in 0-0, weekbits=0 2015/01/21 17:24:05.926| aclMatchTime: checking 1044 in 480-1080, weekbits=3e 2015/01/21 17:24:05.926| ACL::ChecklistMatches: result for 'apertura' is 1 2015/01/21 17:24:05.926| ACLList::matches: result is true 2015/01/21 17:24:05.926| ACLList::matches: checking auth_required 2015/01/21 17:24:05.926| ACL::checklistMatches: checking 'auth_required'
Bug#772154: process_usershare_file: stat of /var/lib/samba/usershares/netlogo failed. No such file or directory
Package: samba Version: 2:3.6.6-6+deb7u4 Severity: minor After upgrading from debian squeeze to debian wheezy (samba version 3.6.6-6+deb7u4; but i get the same thing on a newly installed debian wheezy server), i can see on the logs many row like: [2014/11/29 09:29:07.026230, 0] param/loadparm.c:9114(process_usershare_file) process_usershare_file: stat of /var/lib/samba/usershares/netlogo failed. No such file or directory note that: 1) i've no 'usershares' defined in smb.conf: root@armitage:~# testparm | grep usershare Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Can't find include file /etc/samba/smb.conf. Processing section [printers] Processing section [print$] Processing section [netlogon] Processing section [larpch] Processing section [homes] Processing section [profiles] Processing section [wpkg] Processing section [Users] Loaded services file OK. Server role: ROLE_DOMAIN_BDC Press enter to see a dump of your service definitions 2) note the missing last character, eg '/var/lib/samba/usershares/netlogo' and not '/var/lib/samba/usershares/netlogon'. Apart log flood, all works as expected, it is only annoying. Thanks. (reported upstream as https://bugzilla.samba.org/show_bug.cgi?id=10987) -- System Information: Debian Release: 7.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages samba depends on: ii adduser3.113+nmu3 ii debconf [debconf-2.0] 1.5.49 ii dpkg 1.16.15 ii libacl12.2.51-8 ii libattr1 1:2.4.46-8 ii libc6 2.13-38+deb7u6 ii libcap21:2.22-1.2 ii libcomerr2 1.42.5-1.1 ii libcups2 1.5.3-5+deb7u4 ii libgssapi-krb5-2 1.10.1+dfsg-5+deb7u2 ii libk5crypto3 1.10.1+dfsg-5+deb7u2 ii libkrb5-3 1.10.1+dfsg-5+deb7u2 ii libldap-2.4-2 2.4.31-1+nmu2 ii libpam-modules 1.1.3-7.1 ii libpam-runtime 1.1.3-7.1 ii libpam0g 1.1.3-7.1 ii libpopt0 1.16-7 ii libtalloc2 2.0.7+git20120207-1 ii libtdb11.2.10-2 ii libwbclient0 2:3.6.6-6+deb7u4 ii lsb-base 4.1+Debian8+deb7u1 ii procps 1:3.3.3-3 ii samba-common 2:3.6.6-6+deb7u4 ii update-inetd 4.43 ii zlib1g 1:1.2.7.dfsg-13 Versions of packages samba recommends: ii logrotate 3.8.1-4 ii tdb-tools 1.2.10-2 Versions of packages samba suggests: pn ctdb none pn ldb-tools none ii openbsd-inetd [inet-superserver] 0.20091229-2 ii smbldap-tools 0.9.10-0gaio3.1 -- debconf information: samba/run_mode: daemons samba-common/title: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#658707: samba: NTLM CRAP authentication for workstation fails with NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT
Package: winbind Version: 2:3.6.6-6+deb7u4 Followup-For: Bug #658707 I can confirm that this bug is present on wheezy, i've just upgraded from squeeze to wheezy and hit that. Googling around about that lead me to: [1] http://www.packetfence.org/bugs/view.php?id=1318 and so to: [2] https://lists.samba.org/archive/samba/2011-September/163991.html but i've tried to dig around samba git repository to found the patch that [1] say supposed fixed in 3.6.8, but i've not found it. Someone can help me? Thanks. -- System Information: Debian Release: 7.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages winbind depends on: ii adduser 3.113+nmu3 ii dpkg 1.16.15 ii libc6 2.13-38+deb7u6 ii libcap2 1:2.22-1.2 ii libcomerr21.42.5-1.1 ii libgssapi-krb5-2 1.10.1+dfsg-5+deb7u2 ii libk5crypto3 1.10.1+dfsg-5+deb7u2 ii libkrb5-3 1.10.1+dfsg-5+deb7u2 ii libldap-2.4-2 2.4.31-1+nmu2 ii libpam0g 1.1.3-7.1 ii libpopt0 1.16-7 ii libtalloc22.0.7+git20120207-1 ii libtdb1 1.2.10-2 ii libwbclient0 2:3.6.6-6+deb7u4 ii lsb-base 4.1+Debian8+deb7u1 ii samba-common 2:3.6.6-6+deb7u4 ii zlib1g1:1.2.7.dfsg-13 Versions of packages winbind recommends: pn libnss-winbind none pn libpam-winbind none winbind suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#760754: Debian freeradius consider all files in modules/ folder, also *.dpkg-* ones...
Package: freeradius Version: 2.1.12+dfsg-1.2 I've just upgrade from squeeze to wheezy, and after upgrading freeradius the service does not start. After fiddling a bit with log and '-X' mode, i've found the culprit: the upgrade process create two *.dpkg-dist files on modules/ subfolder, file that i've modify to suit my needs. But the daemon read *all* the file in modules/ dir, also the *.dpkg-* ones, and this clearly can be a bit confusing for freeradius (specifically: there was an ldap file and a ldap.dkpg-dist with wrong parameters). I think, as other debian package, only files with a specific extension have to be read (*.conf?), or at least that sources of trouble have to be added to debian documentation (README.Debian and something like that). Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#760393: Kernel 3.2 hang on a HP ProLiant ML350 G4p, Smart Array 641 controller
Package: linux-image-3.2.0-4-686-pae Version: 3.2.60-1+deb7u3 I've just upgrade a server as in subject from squeeze to wheezy: the server run squeeze for years, without troubles or unexpected reboots/failures. Upgrade went well, but after rebooting to the new kernel system became instable and hang ''randomly'' after some hours or some days (2-3 max). Clearly, the server is in production and on a remote location. ;( I've managed to reboot it on the old 2.6 kernel, and the server is now stable as before, so i suppose is a kernel trouble. Some sparse info: 1) server hang because /var ''desappear''; i've managed to go on console, and what i see is only some gereric error like: task : blocked for more than 120 seconds. echo 0 /proc/sgs/kernel/hung_task_timeout_secs disables this message. no PANIC or something like that. 2) /var is a XFS filesystem. 3) because my log is on /var, i've no more info to provide... Attached the boot log of the two kernels; the only strage thing i note is: Aug 12 13:59:03 rita kernel: [1.231468] HP CISS Driver (v 3.6.26) Aug 12 13:59:03 rita kernel: [1.231583] cciss :09:02.0: PCI IRQ 72 - rerouted to legacy IRQ 16 Aug 12 13:59:03 rita kernel: [1.231665] cciss :09:02.0: Controller reports max supported commands of 0, an obvious lie. Using 16. Ensure that firmware is up to date. But i don't know if is related. Say me if more info are needed. Thanks. rita-2.6-good.klog.gz Description: Binary data rita-3.2-bad.klog.gz Description: Binary data
Bug#751484: c-icap: installing a recompiled c-icap on debian wheezy ends in a broken system
Mandi! Mathieu Parent In chel di` si favelave... Seems to me a dupe of #743202 ... No this is a regression of #743202. This comes from the bashism IFS=$'\n'. I have not found a solution yet. Patch welcome (a workaound is to use #!/bin/bash as shebang). Ok; anyway the culprit came from: for variable in `egrep -v '^[[:space:]]*(#|$)' $CONFFILE | awk '{print $1}'`; do value=`grep ^$variable $CONFFILE | head -n1 | awk '{print $2}'` if [ -n $value ]; then export config_$variable=$value fi done but, effectively the only config options used as a avariables are config_PidFile, config_CommandsSocket, config_User and config_Group, that does not make trouble, because the value is clearly have no space. Why not simply substitute with: for variable in PidFile CommandsSocket User Group; do value=`grep ^$variable $CONFFILE | head -n1 | awk '{print $2}'` if [ -n $value ]; then export config_$variable=$value fi done ?! I think can fix and simplify all the stuff. PS: also, i suppose that c-icap.conf is caseless on options name, so probably it is safe to put all the variable in lower or UPPER case, eg: for variable in PIDFILE COMMANDSSOCKET USER GROUP; do value=`grep -i ^$variable $CONFFILE | head -n1 | awk '{print $2}'` if [ -n $value ]; then export config_$variable=$value fi done -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/chi_siamo/5xmille.php (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#743202: c-icap: /etc/init.d/c-icap does not work if there's an option in c-icap.conf with a dot
Package: c-icap Version: 1:0.3.3-0gaio1 Severity: important I've recompiled c-icap in wheezy, without further modification. I've also compiled and i'm using 'squidclamav', and i've hit a little trouble (too verbose log), that squidclamav author say me to insert in c-icap.conf, right after the squidclamav module load, the entry: squidclamav.PreviewSize 1024 but when i tried to restart the service i got: root@lupus:~# /etc/init.d/c-icap start /etc/init.d/c-icap: 65: export: config_squidclamav.PreviewSize: bad variable name After fiddling a bit, i've understood that the trouble came from the /etc/init.d/c-icap script, that try to export some variables bult from c-icap.conf file, and fail with the new one (presumibly for the dot). I've done a simple modification to the script: root@lupus:~# diff -ud /etc/init.d/c-icap~ /etc/init.d/c-icap --- /etc/init.d/c-icap~ 2014-03-12 08:07:27.0 +0100 +++ /etc/init.d/c-icap 2014-03-31 14:40:57.0 +0200 @@ -58,7 +58,7 @@ config_Group=c-icap if [ -f $CONFFILE ]; then - for variable in `egrep -v '^[[:space:]]*(#|$)' $CONFFILE | awk '{print $1}'`; do + for variable in `egrep -v '^[[:space:]]*(#|$)' $CONFFILE | awk '{print $1}' | egrep -v '\.'`; do value=`grep ^$variable $CONFFILE | head -n1 | awk '{print $2}'` if [ -n $value ]; then and clearly now works, but i don't know if there's a better way... More info on: https://github.com/darold/squidclamav/issues/17 Thanks. -- System Information: Debian Release: 7.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages c-icap depends on: ii adduser 3.113+nmu3 ii libc62.13-38+deb7u1 ii libdb5.1 5.1.29-5 ii libicapapi3 1:0.3.3-0gaio1 ii lsb-base 4.1+Debian8+deb7u1 c-icap recommends no packages. Versions of packages c-icap suggests: pn libc-icap-module none ii squid33.1.20-2.2 -- Configuration Files: /etc/c-icap/c-icap.conf changed [not included] /etc/default/c-icap changed [not included] /etc/init.d/c-icap changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#486211: Squid3 crashed with Segfault
Package: squid3 Version: 3.1.20-2.2 Followup-For: Bug #486211 I've just upgraded two servers from squeeze to wheezy, and i've hit this bug in one of that. I repeatedlt receive: Mar 25 12:33:02 kaa kernel: [943353.343797] squid3[16919]: segfault at 58 ip 7fd34cea2396 sp 7fff192e1b60 error 4 in squid3[7fd34ccaf000+301000] Mar 25 12:33:02 kaa squid[40048]: Squid Parent: child process 16919 exited due to signal 11 with status 0 roughly 5-10 time at distance of some minutes, then nothing for hour... and happens roughly 10-50 times at day. Both server (kaa and lupus) are 64bit debian wheezy. lupus seems does not have that trouble; configuration are roughly the same. The only difference between kaa and lupus, is that kaa is a medium-heavy-loaded server, while lupus does little job, so seems ''load-related''. Say me if more info are needed... thanks. -- System Information: Debian Release: 7.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages squid3 depends on: ii adduser 3.113+nmu3 ii libc6 2.13-38+deb7u1 ii libcap2 1:2.22-1.2 ii libcomerr21.42.5-1.1 ii libdb5.1 5.1.29-5 ii libexpat1 2.1.0-1+deb7u1 ii libgcc1 1:4.7.2-5 ii libgssapi-krb5-2 1.10.1+dfsg-5+deb7u1 ii libk5crypto3 1.10.1+dfsg-5+deb7u1 ii libkrb5-3 1.10.1+dfsg-5+deb7u1 ii libldap-2.4-2 2.4.31-1+nmu2 ii libltdl7 2.4.2-1.1 ii libpam0g 1.1.3-7.1 ii libsasl2-22.1.25.dfsg1-6+deb7u1 ii libstdc++64.7.2-5 ii libxml2 2.8.0+dfsg1-7+nmu2 ii logrotate 3.8.1-4 ii lsb-base 4.1+Debian8+deb7u1 ii netbase 5.0 ii squid3-common 3.1.20-2.2 squid3 recommends no packages. Versions of packages squid3 suggests: pn resolvconf none ii smbclient2:3.6.6-6+deb7u2 pn squid-cginone ii squidclient 3.1.20-2.2 pn ufw none -- Configuration Files: /etc/squid3/squid.conf changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#741979: sympa: Missing it.mo file
Package: sympa Version: 6.1.11~dfsg-5 Severity: normal Simply i've found that in (at lewast this) version of sympa the 'it.mo' message catalog file is missing from the archive, eg the file: /usr/lib/sympa/locale/it/LC_MESSAGES/sympa.mo does not exist in the .deb archive, so italian translation does not ''work''. Thanks. -- System Information: Debian Release: 7.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages sympa depends on: ii adduser3.113+nmu3 ii ca-certificates20130119 ii dbconfig-common1.8.47+nmu1 ii debconf [debconf-2.0] 1.5.49 ii dpkg 1.16.12 ii exim4-daemon-heavy [mail-transport-agent] 4.80-7 ii libarchive-zip-perl1.30-6 ii libc6 2.13-38+deb7u1 ii libcgi-fast-perl 5.14.2-21+deb7u1 ii libcgi-pm-perl 3.61-2 ii libdbd-mysql-perl 4.021-1+b1 ii libdbd-pg-perl 2.19.2-2 ii libdbd-sqlite3-perl1.37-1 ii libdbd-sybase-perl 1.14-1 ii libdbi-perl1.622-1 ii libfcgi-perl 0.74-1+b1 ii libfile-copy-recursive-perl0.38-1 ii libhtml-format-perl2.10-1 ii libhtml-stripscripts-parser-perl 1.03-1 ii libhtml-tree-perl 5.02-1 ii libintl-perl 1.20-1 ii libio-stringy-perl 2.110-5 ii libmailtools-perl 2.09-1 ii libmime-charset-perl 1.009.2-1 ii libmime-encwords-perl 1.012.4-1 ii libmime-lite-html-perl 1.23-1.1 ii libmime-tools-perl 5.503-1 ii libmsgcat-perl 1.03-5+b2 ii libnet-ldap-perl 1:0.4400-1 ii libnet-netmask-perl1.9016-1 ii libregexp-common-perl 2011121001-1 ii libtemplate-perl 2.24-1 ii libterm-progressbar-perl 2.13-1 ii libunicode-linebreak-perl 0.0.20120401-1 ii libxml-libxml-perl 2.0001+dfsg-1 ii lsb-base 4.1+Debian8+deb7u1 ii mhonarc2.6.18-2 ii perl 5.14.2-21+deb7u1 ii perl-modules [libcgi-pm-perl] 5.14.2-21+deb7u1 ii rsyslog [system-log-daemon]5.8.11-3 ii sqlite33.7.13-1+deb7u1 Versions of packages sympa recommends: ii apache2-suexec 2.2.22-13+deb7u1 pn doc-base none ii libapache2-mod-fcgid 1:2.3.6-1.2+deb7u1 ii libcrypt-ciphersaber-perl 0.61-4 ii libfile-nfslock-perl 1.21-1 ii libio-socket-ssl-perl 1.76-2 ii libmail-dkim-perl 0.39-1 ii libsoap-lite-perl 0.714-1 ii locales2.13-38+deb7u1 ii logrotate 3.8.1-4 ii mysql-server 5.5.35+dfsg-0+wheezy1 Versions of packages sympa suggests: ii apache2-mpm-prefork [httpd-cgi] 2.2.22-13+deb7u1 pn libauthcas-perl none pn libdbd-oracle-perl none pn libtext-wrap-perlnone ii openssl 1.0.1e-2+deb7u4 -- Configuration Files: /etc/sympa/topics.conf changed [not included] -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#741019: php5-ffmpeg: module emit '[NULL @ 0x1f02280] Value 4707126720094797824.000000 for parameter 'probesize' out of range' errors and sigsev
Package: php5-ffmpeg Version: 0.6.0-2.2 Severity: important I've just updated two of my servers that run a webapp, WViola: http://code.google.com/p/wviola/ after upgrading, a php script (cli) that use heavily php5-ffmpeg start to sigsev: Mar 7 13:30:44 baloo kernel: [ 6954.637368] php[25138]: segfault at 8 ip 7f815e00a14d sp 7fff8e24b190 error 4 in ffmpeg.so[7f815e006000+9000] Mar 7 14:00:44 baloo kernel: [ 8754.083901] php[31779]: segfault at 8 ip 7f65c8ada14d sp 7fff7dc27870 error 4 in ffmpeg.so[7f65c8ad6000+9000] and produce the output: [NULL @ 0x2d6c080] Value 4707126720094797824.00 for parameter 'probesize' out of range [NULL @ 0x2d6c080] Value 4707126720094797824.00 for parameter 'analyzeduration' out of range [NULL @ 0x2d6c080] Value 4697254411347427328.00 for parameter 'indexmem' out of range [NULL @ 0x2d6c080] Value 4703785510416416768.00 for parameter 'rtbufsize' out of range [NULL @ 0x2d6c080] Value -4616189618054758400.00 for parameter 'fpsprobesize' out of range [NULL @ 0x2d6c080] Value 4607182418800017408.00 for parameter 'f_err_detect' out of range [NULL @ 0x2d6c080] Value 4607182418800017408.00 for parameter 'err_detect' out of range [NULL @ 0x2d6cba0] Value 4686111960511545344.00 for parameter 'b' out of range [NULL @ 0x2d6cba0] Value 4683532506232782848.00 for parameter 'ab' out of range [NULL @ 0x2d6cba0] Value 4705844345939427328.00 for parameter 'bt' out of range [NULL @ 0x2d6cba0] Value 4617315517961601024.00 for parameter 'me_method' out of range [NULL @ 0x2d6cba0] Value 4622945017495814144.00 for parameter 'g' out of range [NULL @ 0x2d6cba0] Value 4611686018427387904.00 for parameter 'qmin' out of range [NULL @ 0x2d6cba0] Value 4629418941960159232.00 for parameter 'qmax' out of range [NULL @ 0x2d6cba0] Value 4613937818241073152.00 for parameter 'qdiff' out of range [NULL @ 0x2d6cba0] Value -4616189618054758400.00 for parameter 'wpredp' out of range [NULL @ 0x2d6cba0] Value 4607182418800017408.00 for parameter 'bug' out of range [...] the only thing i make a note is that i use 'debian multimedia' repository. Thanks. -- System Information: Debian Release: 7.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages php5-ffmpeg depends on: ii libapache2-mod-php5 [phpapi-20100525] 5.4.4-14+deb7u8 ii libavcodec53 7:0.10.3-dmo1 ii libavformat53 7:0.10.3-dmo1 ii libc6 2.13-38+deb7u1 ii libswscale28:1.0.8-dmo1 ii php5-cli [phpapi-20100525] 5.4.4-14+deb7u8 Versions of packages php5-ffmpeg recommends: ii php5-gd 5.4.4-14+deb7u8 php5-ffmpeg suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#738588: closed by Jeremy Lainé jeremy.la...@m4x.org (Bug#738588: fixed in asterisk 1:11.8.0~dfsg-1)
Source: asterisk Source-Version: 1:11.8.0~dfsg-1 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive. ...some hope that this fix will backported to wheezy, eg on some next point release? Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#687149: cron.daily maintenance/upgrade script emit warnings...
I will tag this ticket as squeeze since it seems to only apply to the Squeeze 6 version. This is true. Sorry but i'm a bit late in debian versions, so i've started in these days the upgrate to wheezy, and still no one with a SA setup. I've only do some test and noted that newer SA use a dedicated users, not 'nobody'. So, please, wait some time and i will comment this bug, and adding a specific one for the 'SA_UPDATE_OPTS' variable to manage plugin/external repository. Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#740729: rkhunder cron.daily emit errors: Error: Invalid display - keyword cannot be found: Display line: display --to LOG --type INFO NETWORK_PORTS_DISABLE_PATHS
Package: rkhunter Version: 1.4.0-1 By some days, rkhunter daily cron script emit a mail like: Date: Tue, 04 Mar 2014 14:04:54 +0100 From: root root@localdomain To: root@localdomain Subject: [rkhunter] eraldo.localdomain - Daily report Error: Invalid display - keyword cannot be found: Display line: display --to LOG --type INFO NETWORK_PORTS_DISABLE_PATHS Error: Invalid display - keyword cannot be found: Display line: display --to LOG --type INFO NETWORK_PORTS_DISABLE_PATHS looking around with google, seems that there's a ''incompatibilities'' between the db (updated by cron scripts) and the language file (AFAIK, provided by package). I'm seeking some feedback... thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#687149: cron.daily maintenance/upgrade script emit warnings...
Sep 10 11:34:23.133 [15754] warn: Couldn't get Connecting IP header X-SA-Exim-Connect-IP for message 1347269660@lint_rules, skipping greylisting call Is this still a problem for you? There have been a number of package Ahem, i'm still mostly on squeeze, and all of my spamassassin installation ws not just migrated to wheezy. So... i cannot reply. ;-) the bug should be reassigned to exim4 as an exim problem. No, it is not exim4 trouble, better a sa-exim trouble, but i think it is generic, so robably other SA plugin (not only sa-exim) could trigger that... -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#738588: 'smsq' SMS helper missing from Asterisk 1.8 till sid: missing dependencies?
Package: asterisk Version: 1:1.8.13.1~dfsg1-3+deb7u3 I've upgraded my squeeze home server to wheezy, and after some weeks i've noted that SMS in asterisk stop working. After some fiddling, i've found that simply the 'smsq' SMS queue helper is missing from the packages; i've tried using 'packages.debian.org' and seems missing from wheezy (asterisk 1.8) till unstable, while is present in asterisk 1.6 (squeeze). I've simply done: apt-get source asterisk apt-get build-dep asterisk then: cd asterisk-1.8.13.1~dfsg1/utils/ some trial and error, and some googling ... POPT_LIB=-lpopt make smsq strip smsq cp smsq /usr/sbin/ and smsq compile and run as expected; clearly i've had (previously, indeed) installed libpopt-dev package, so seems to me that simply asterisk got a missing dependencies on libpopt-dev, and so smsq does not compile. Considering the easy fix, could be backported to stable and so forth? Thanks -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#708615: Smokeping email's date are in current locale
Package: smokeping Version: 2.3.6-5+squeeze1 Smokeping email about network trouble start with the 'Date:' files written in current locale, eg (in italian): Date: ven, 5 apr 2013 14:57:10 +0200 (ven(erdì) = friday, apr(ile) = april). This confuse most MUA, and indeed is a RFC violation, AFAIK. Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#702227: Permission of the backend too strict for a backend chain (beh, jasmine)
Ok for 'jasmine', but 'beh' is a rather ''standard'' backend, that i use extensively for some ''broken'' printers or print servers... very useful if you don't want to be called on saturday morning at home... Is 'beh' not working correctly when used as printer backend? ?! Sorry, i've really not understood your question... 'beh' (in package foomatic-filters) it is a simple perl script that change the behaviour of the cups queue management: some printers (mostly USB, but also some networked one) are broken, reply to cups backend in some strange way and cups (correctly) disable the queue (put the printer queue in pause). 'beh' simply ignore backend error, do some retry, and then discard the print. It is some sort of ''last resort'' for some situation, but because restarting a printer queue is a privileged operation, it is very handy in a 'non-personal computing' setup. Quoting Till on that one: access (files, network resources). Opening up the permissions so that lp can run the backends makes the backends stop working. What alwyas works would be setting the wrapper backends 750 root.root, but this can lead to some non-root backends being run as root. also 'jasmine' backend is a perl script, but to make it run i do: cd /usr/lib/cups/backend-available chown .lp dnssd http ipp lpd serial usb chmod 751 dnssd http ipp lpd chmod 554 serial usb and all the printer, eg: neuromante:~# grep jasmine /etc/cups/printers.conf DeviceURI jasmine:ipp://arcdisanmarc/ipp DeviceURI jasmine:ipp://arcoiris/ipp DeviceURI jasmine:socket://i3pps-1:9102 DeviceURI jasmine:ipp://elladan/printer DeviceURI jasmine:ipp://elrohir/printer DeviceURI jasmine:socket://hp4000 DeviceURI jasmine:socket://hpljp2055-1 DeviceURI jasmine:socket://hpljp2055-2 DeviceURI jasmine:socket://hpljp3015-1 DeviceURI jasmine:ipp://kmmc4650dn/ipp DeviceURI jasmine:socket://i3pps-1:9103 DeviceURI jasmine:socket://10.5.1.235 DeviceURI jasmine:ipp://sscx4833fd-1/printer works like a charme. My currently permission setup is: neuromante:~# ls -la /usr/lib/cups/backend totale 400 drwxr-xr-x 2 root root 4096 3 mar 20.23 . drwxr-xr-x 10 root root 4096 22 dic 2009 .. -rwxr-xr-x 1 root root 7250 6 mar 2012 beh -rwx-- 1 root root 22320 18 giu 2010 cups-pdf -rwxr-x--x 2 root lp 18352 12 gen 18.11 dnssd -rwxr-xr-x 1 root root 16968 3 dic 2011 hp -rwxr-xr-x 1 root root 8393 3 dic 2011 hpfax -rwxr-x--x 3 root lp 48160 12 gen 18.11 http -rwxr-x--x 3 root lp 48160 12 gen 18.11 ipp -rwxr-x--- 1 root lp 20395 5 nov 12.01 jasmine -rwxr-x--x 2 root lp 44056 12 gen 18.11 lpd -rwxr-xr-x 1 root root 4988 2 nov 19.14 mailto -r-xr-xr-x 2 root root 30728 12 gen 18.11 parallel lrwxrwxrwx 1 root root21 5 feb 20.28 smb - ../../../bin/smbspool -r-xr-xr-x 2 root root 26544 12 gen 18.11 snmp -r-xr-xr-x 2 root root 34824 12 gen 18.11 socket -r-xr-xr-- 2 root lp 43016 12 gen 18.11 usb 'jasmine' cointain the password for the mysql db, so it is 750. So, as I would rather not try to fix something not broken for most standard Debian uses, and as I haven't been convinced that fixing that is an improvement over the current situation, I'm hereby tagging this bug as wontfix. Probably i'm missing something. But i'm only trying to understand... PS: there's some sort of doc, manual, HOWTO, REDAME... that explain backend permission setup? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#702248: Non-optimal boot priority/dependency of service 'cups'
One-line patch attached. Many thanks. I've not reboot the server (and so, test your fix) but i've checked the boot dependencies before and afer running the 'insserv -v' command, and they are correctly taken into account. So should work. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#702227: Permission of the backend too strict for a backend chain (beh, jasmine)
As far as I can tell, all chained configurations that go through cups are working correctly, so that's definitely a minor issue for standard use cases. Ok for 'jasmine', but 'beh' is a rather ''standard'' backend, that i use extensively for some ''broken'' printers or print servers... very useful if you don't want to be called on saturday morning at home... @Till: do you have an opinion on this bug ? I tend to think that as the default chaining through cups works, it's not worth fixing, but I'd welcome your input there. I've a question: why (for example...) the 'ipp' backend have permission: gaio@eraldo:~$ ls -la /usr/lib/cups/backend/ipp -rwxr--r-- 3 root root 43328 15 gen 04.08 /usr/lib/cups/backend/ipp 744 root.root? It really brake the CUPS security model to have it root.lp, 754 (or 750)? Probably i don't know CUPS (and indeed it is true ;), but i don't understood why the 'lp' group have to not execute the backend... while for example the 'socket' backend: gaio@eraldo:~$ ls -la /usr/lib/cups/backend/socket -r-xr-xr-x 2 root root 29988 15 gen 04.08 /usr/lib/cups/backend/socket it is even executable by everyone? I restate: i'm an ignorant, but seems to me that simply backend permission is a mess... ;-))) Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#702227: Permission of the backend too strict for a backend chain (beh, jasmine)
Package: cups Version: 1.4.4-7+squeeze2 If i need to chain some backend, eg because i need the Backend Error Handler (beh, in the package 'foomatic-filters') or the 'jasmine' backend (http://jasmine.berlios.de/dokuwiki/doku.php, non packaged) i've found that the second backend cannot be launched. Seems to me that cups drop privilege running the first backend as user 'lp', but some of the backend (eg, ipp) are set as 750 root.root, so cannot get executed. I've simply done (trying to disrupt original permission as little as possible, so probably these permission are still wrong): cd /usr/lib/cups/backend-available chown .lp dnssd http ipp lpd serial usb chmod 751 dnssd http ipp lpd chmod 554 serial usb but at every cups upgrade owner and mode of the backend get restored, and chained backend stop to work. I hope that this things can be fixed, or at least explained a bit in a README.Debian. Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#702248: Non-optimal boot priority/dependency of service 'cups'
Package: cups Version: 1.4.4-7+squeeze2 To permit an effective management of the printer queue, i've setup in /etc/cups/cups-files.conf a line like: SystemGroup printops where 'printops' is a group in my LDAP setup (slapd, libnss/libpam-ldapd). Every time i reboot a server, cups complain in error_log about: E [25/Feb/2013:18:24:28 +0100] Unknown SystemGroup printops on line 17 of /etc/cups/cups-files.conf. and start in an ''half-working'' way, eg daemon run but does not work; i have to restart cups to get it back. So, i think that cups service have to boot-depend on slapd/nslcd services. Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#687149: Again new patch...
I would not be opposed to an *option* to ignore all errors. But it should not be the default. Only a little note, to say that after some more test seems that the ''offending'' command that have to be redirected are only two: gaio@lily:~/conf/spamassassin$ diff -ud spamassassin.squeeze spamassassin --- spamassassin.squeeze2012-12-03 18:05:41.516864040 +0100 +++ spamassassin2012-12-03 18:05:25.540863905 +0100 @@ -29,7 +29,7 @@ # Compile, if rules have previously been compiled, and it's possible if [ -x /usr/bin/re2c -a -x /usr/bin/sa-compile \ -a -d /var/lib/spamassassin/compiled ]; then -sa-compile --quiet +sa-compile --quiet /dev/null 21 # Fixup perms -- group and other should be able to # read and execute, but never write. Works around # sa-compile's failure to obey umask. @@ -61,12 +61,12 @@ # Update umask 022 -sa-update +sa-update $SA_UPDATE_OPTS case $? in 0) # got updates! -spamassassin --lint || die_with_lint +spamassassin --lint /dev/null 21 || die_with_lint do_compile reload ;; 'spamassassin --lint /dev/null 21 || die_with_lint' i think it is plausible, because if 'spamassassin --lint', they are recalled without any redirection, so sysadmin got the info. 'sa-compile --quiet /dev/null 21' probably have to be digged better, and handled with more care (also the exit status...). Not related, see the 'sa-update $SA_UPDATE_OPTS', where '$SA_UPDATE_OPTS' are defined on /etc/default/spamassassin to load additional rules (rulesemporium, but does not care). Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#693981: smb_acl_to_posix: ACL is invalid for set (Invalid argument)
Package: samba Version: 2:3.5.6~dfsg-3squeeze8 After migrate some server from lenny to squeeze (better later then ever...) i've hit this bug: https://bugzilla.samba.org/show_bug.cgi?id=7509 it is very annoying, an so i'll hope the patch will be added to the next squeeze point release. Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692480: pam-auth-config, lib(pam|nss)-ldapd broke again 'pam' authentication in postgres.
Package: postgresql-common Version: 113+squeeze1 An old issue come back, see: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217891 I've just migrated from lenny to squeeze (better later then ever... ;), and so moved from lib(pam|nss)-ldap and custom /etc/pam.d/common-* files to lib(pam|nss)-ldapd, nslcd and pam-auth-update. After doing that, pam, auth does not work anymore in postgres, i got: Nov 5 09:00:00 dixie unix_chkpwd[28119]: check pass; user unknown Nov 5 09:00:00 dixie unix_chkpwd[28119]: password check failed for user (aleggi) Nov 5 09:00:00 dixie .5.2.219(1308) authentication: pam_unix(postgresql:auth): authentication failure; logname= uid=110 euid=110 tty= ruser= rhost= user=aleggi Nov 5 09:00:00 dixie unix_chkpwd[28120]: could not obtain user info (aleggi) After fiddling a bit, i've created /etc/pam.d/postgresql with inside: auth required pam_ldap.so minimum_uid=1000 account requiredpam_ldap.so minimum_uid=1000 password required pam_deny.so session requiredpam_permit.so I don't need/use /etc/(passwd|shadow) auth, so i've used only ldap, and i've disabled session because i don't need session management in postgres, and because the culprit seems to come from here. Feel free to ask more feedback, it was a production server and so... i need a quick fix. ;) Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#687149: Again new patch...
Mandi! Bob Proulx In chel di` si favelave... Please, one thread for each bug. This is a different problem and it should have a different bug ticket. I consider the ''bug'' as: «squeeze /etc/cron.daily/spamassassin is a bit more verbose/annoying then lenny one», and sa-exim only a ''side effect'' of that. http: GET http://daryl.dostech.ca/sa-update/asf/1387911.tar.gz request failed: 404 Not Found: !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title404 Not Found/title /headbody h1Not Found/h1 pThe requested URL /sa-update/asf/1387911.tar.gz was not found on this server./p hr addressApache/2.2.6 (Fedora) Server at daryl.dostech.ca Port 80/address /body/html But it is an error. It should not be silenced simply by redirecting errors to /dev/null. Instead the root cause of the problem should be addressed and fixed. Probably i've understimated this, but i think that cronjobs have (to try) to be as quiter as possible, because are mostly unreadable and confusing. Therefore I am opposed to this patch being included. It doesn't fix the problem but is just ignoring it. Mine was only a proposal. AFAI've understood the script, it try insted to ''pass over'' to catch errors, and if an error occur, restart the update with ''--lint'' to make a better informative ''log''. All my ''example patch'' say that, other than error, there's also some warnings (or not so understood errors ;). I don't know very well SA, so i don't know if the error handling are excellent or poor, and so, if the warning can be safely ignored (as i've done in my patch) or taken into account. For me, give to the users the choice to ignore warnings or send them, eg, redirecting all output of scripts to a file, check if it was empty and eventually send to the user (better, filtering with a regexp). -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/chi_siamo/5xmille.php (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#687149: Again new patch...
One more redirection, by some day, the update script emit: http: GET http://daryl.dostech.ca/sa-update/asf/1387911.tar.gz request failed: 404 Not Found: !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title404 Not Found/title /headbody h1Not Found/h1 pThe requested URL /sa-update/asf/1387911.tar.gz was not found on this server./p hr addressApache/2.2.6 (Fedora) Server at daryl.dostech.ca Port 80/address /body/html generated by sa-update. PS: $SA_UPDATE_OPTS is a variable i've defined on /etc/default/spamassassin. --- /tmp/spamassassin 2012-09-10 11:46:09.597794514 +0200 +++ /etc/cron.daily/spamassassin 2012-09-21 12:14:23.0 +0200 @@ -29,7 +29,7 @@ # Compile, if rules have previously been compiled, and it's possible if [ -x /usr/bin/re2c -a -x /usr/bin/sa-compile \ -a -d /var/lib/spamassassin/compiled ]; then -sa-compile --quiet +sa-compile --quiet /dev/null 21 # Fixup perms -- group and other should be able to # read and execute, but never write. Works around # sa-compile's failure to obey umask. @@ -43,9 +43,9 @@ reload() { # Reload if which invoke-rc.d /dev/null 21; then - invoke-rc.d spamassassin reload /dev/null + invoke-rc.d spamassassin reload /dev/null 21 else - /etc/init.d/spamassassin reload /dev/null + /etc/init.d/spamassassin reload /dev/null 21 fi if [ -d /etc/spamassassin/sa-update-hooks.d ]; then run-parts --lsbsysinit /etc/spamassassin/sa-update-hooks.d @@ -61,12 +61,12 @@ # Update umask 022 -sa-update $SA_UPDATE_OPTS +sa-update $SA_UPDATE_OPTS /dev/null 21 case $? in 0) # got updates! -spamassassin --lint || die_with_lint +spamassassin --lint /dev/null 21 || die_with_lint do_compile reload ;;
Bug#687149: New patch.
Ops, i've forgot a redirect also for sa-compile. Attached a new patch. --- /tmp/spamassassin 2012-09-10 11:46:09.597794514 +0200 +++ /etc/cron.daily/spamassassin 2012-09-13 12:14:33.0 +0200 @@ -29,7 +29,7 @@ # Compile, if rules have previously been compiled, and it's possible if [ -x /usr/bin/re2c -a -x /usr/bin/sa-compile \ -a -d /var/lib/spamassassin/compiled ]; then -sa-compile --quiet +sa-compile --quiet /dev/null 21 # Fixup perms -- group and other should be able to # read and execute, but never write. Works around # sa-compile's failure to obey umask. @@ -43,9 +43,9 @@ reload() { # Reload if which invoke-rc.d /dev/null 21; then - invoke-rc.d spamassassin reload /dev/null + invoke-rc.d spamassassin reload /dev/null 21 else - /etc/init.d/spamassassin reload /dev/null + /etc/init.d/spamassassin reload /dev/null 21 fi if [ -d /etc/spamassassin/sa-update-hooks.d ]; then run-parts --lsbsysinit /etc/spamassassin/sa-update-hooks.d @@ -66,7 +66,7 @@ case $? in 0) # got updates! -spamassassin --lint || die_with_lint +spamassassin --lint /dev/null 21 || die_with_lint do_compile reload ;;
Bug#687149: cron.daily maintenance/upgrade script emit warnings...
Package: spamassassin Version: 3.3.1-1 Really, i don't know if this is a SA bug or a sa-exim bug, so feel free to move de bug where appropriate. Indeed, i don't know if this is a real bug... ;) sa-exim plugin, at every spamassassin restart, print a row like: Sep 10 11:34:23.133 [15754] warn: Couldn't get Connecting IP header X-SA-Exim-Connect-IP for message 1347269660@lint_rules, skipping greylisting call AFAI've understood, this is a side effect of how the sa-exim module are initialized, not a bug. Anyway, migrating from lenny to squeeze, /etc/cron.daily/spamassassin script start to complain every day about that; looking at lenny script, seems to me that all restart command to SA are redirected to /dev/null (STDOUT and STDERR). Squeeze version have one more, SA call, with --lint. Anyway, this little patch solve all the trouble. Hope this help, thanks. --- /tmp/spamassassin 2012-09-10 11:46:09.597794514 +0200 +++ /etc/cron.daily/spamassassin 2012-09-10 11:36:22.0 +0200 @@ -43,9 +43,9 @@ reload() { # Reload if which invoke-rc.d /dev/null 21; then - invoke-rc.d spamassassin reload /dev/null + invoke-rc.d spamassassin reload /dev/null 21 else - /etc/init.d/spamassassin reload /dev/null + /etc/init.d/spamassassin reload /dev/null 21 fi if [ -d /etc/spamassassin/sa-update-hooks.d ]; then run-parts --lsbsysinit /etc/spamassassin/sa-update-hooks.d @@ -66,7 +66,7 @@ case $? in 0) # got updates! -spamassassin --lint || die_with_lint +spamassassin --lint /dev/null 21 || die_with_lint do_compile reload ;;
Bug#660223: Confirmation, but probably need to be reassigned...
Since the original bug was reported against the squeeze version of nslcd it probably affects winbind 2:3.5.6~dfsg-3squeeze7. Marco, can you confirm the version of winbind? Ops, sorry, i've forgot to wrote it down. 2:3.5.6~dfsg-3squeeze7, yes. Tnx. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669235: Incorrect/unoptimal ACL prevent nss/shadow to work with anonymous bind
Package: slapd Version: 2.4.23-7.2 [I still use the slapd.conf file, not cn=schema, but i think that it is the same...] The default configuration file slapd.conf (supplied/handled by debconf on /etc/ldap/, or provided as example on /usr/share/doc/slapd/examples/slapd.conf) usa an unoptimal ACL: access to attrs=userPassword,shadowLastChange by dn=@ADMIN@ write by anonymous auth by self write by * none this ACL prevent the anonymous (read) access to 'shadowLastChange', preventing nss (i've tested libnss-ldap and libnss-ldaps/nslcd, it is the same), if configured to use anonymous bind, to correctly handle password expiration saved on LDAP. With libnss-ldap, you can set 'rootbinddn', with libnss-ldaps/nslcd you are forced to bind with sufficient privileges. I think that 'shadowLastChange' is an information that does't need more privacy then others Shadow* ones, so i propose this new ACL: access to attrs=userPassword by dn=@ADMIN@ write by anonymous auth by self write by * none access to attrs=shadowLastChange by dn=@ADMIN@ write by self write by * read Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#643970: Confirmation, but probably need to be reassigned...
I can confirm this, i've also the logs hogged by error like these. I can confirm also that seems a ''client'' problem, not server one. But after some test, and after blame the wrong client (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660223), i've stopped 'winbind' daemon and error desappeared. Restarted, and come back. So, for me this bug can be merged with #660223, and reassigned to winbind. Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#625796: Bug confirmation, was not on lenny, added by squeeze
I can confirm this bug, and i can confirm that was not present on lenny's arpwatch version, appeared only on squeeze (2.1a15-1.1). As possible, i've worked out the trouble at switch level, modifying the configuration and removing at the source unwanted traffic. But there's no possible to do that generally, and i've had to disable arpwatch on some server to prevent logfile hog, because i've a ''duble LAN configuration, one on a phisical interface (eth0) and one on a vlan over that (eth0.666). I hope it will be fixed soon. I don't know if there's some iptables rule that are able to filter VLAN-ed ARP request on the main interface, without breaking all the ARP resolution protocol. ;-) Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#432701: Some inconsistencies in pam configuration...
Mandi! Christoph Berg In chel di` si favelave... The solution here might be to ship /etc/pam.d/postgresql in postgresql-common. Otoh, there is an other file that should take care of pam entries in pg_hba.conf. pam auth works here without the extra file, but it might make sense to provide it anyway. I'll do some research and report back here. Oh, i've forget about this bug, really. I'm now on lenny, switching to squeeze, and seems to me that /etc/pam.d/postgresql are no more needed. But probably because i've found that it is true that pam_unix are ''nss enabled'', but some things (eg, password expiration) does not work, so i've switched on using pam_ldap on every context. Really, now i use 'pam-auth-update' on squeeze. For me, you can safely close this issue. Sorry, i completely forgot about them. ;( -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#660223: Nonfatal connection trouble with ldapi:///
Mandi! Arthur de Jong In chel di` si favelave... Can you provide some more details on your nslcd.conf? Also, can you uid nslcd gid nslcd uri ldapi:/// base dc=corsi,dc=sv,dc=lnf,dc=it binddn cn=admin,dc=corsi,dc=sv,dc=lnf,dc=it bindpw ops! ;) include the output of nslcd -d while this is happening? It is hard to match debug output and syslog, because the debug output are not timestamped, but i've got on debug: nslcd: [138641] DEBUG: connection from pid=1508 uid=0 gid=0 nslcd: [138641] DEBUG: nslcd_passwd_byname(assemblaggio1) nslcd: [138641] DEBUG: myldap_search(base=dc=corsi,dc=sv,dc=lnf,dc=it, filter=((objectClass=posixAccount)(uid=assemblaggio1))) nslcd: [138641] DEBUG: ldap_result(): end of results nslcd: [7ff521] DEBUG: connection from pid=1508 uid=0 gid=0 nslcd: [7ff521] DEBUG: nslcd_passwd_byname(autonomia1) nslcd: [7ff521] DEBUG: myldap_search(base=dc=corsi,dc=sv,dc=lnf,dc=it, filter=((objectClass=posixAccount)(uid=autonomia1))) nslcd: [7ff521] DEBUG: ldap_result(): end of results nslcd: [3dbd3d] DEBUG: connection from pid=1508 uid=0 gid=0 nslcd: [3dbd3d] DEBUG: nslcd_passwd_byname(monica) nslcd: [3dbd3d] DEBUG: myldap_search(base=dc=corsi,dc=sv,dc=lnf,dc=it, filter=((objectClass=posixAccount)(uid=monica))) nslcd: [3dbd3d] DEBUG: ldap_result(): end of results nslcd: [7b8ddc] DEBUG: connection from pid=1508 uid=0 gid=0 nslcd: [7b8ddc] DEBUG: nslcd_passwd_byname(oggettistica) nslcd: [7b8ddc] DEBUG: myldap_search(base=dc=corsi,dc=sv,dc=lnf,dc=it, filter=((objectClass=posixAccount)(uid=oggettistica))) nslcd: [7b8ddc] DEBUG: ldap_result(): end of results nslcd: [eaf087] DEBUG: connection from pid=1508 uid=0 gid=0 nslcd: [eaf087] DEBUG: nslcd_passwd_byname(ceramica) nslcd: [eaf087] DEBUG: myldap_search(base=dc=corsi,dc=sv,dc=lnf,dc=it, filter=((objectClass=posixAccount)(uid=ceramica))) nslcd: [eaf087] DEBUG: ldap_result(): end of results nslcd: [221a70] DEBUG: connection from pid=1508 uid=0 gid=0 nslcd: [221a70] DEBUG: nslcd_passwd_byname(cultura1) nslcd: [221a70] DEBUG: myldap_search(base=dc=corsi,dc=sv,dc=lnf,dc=it, filter=((objectClass=posixAccount)(uid=cultura1))) nslcd: [221a70] DEBUG: ldap_result(): end of results nslcd: [16dde9] DEBUG: connection from pid=1508 uid=0 gid=0 nslcd: [16dde9] DEBUG: nslcd_passwd_byname(monet) nslcd: [16dde9] DEBUG: myldap_search(base=dc=corsi,dc=sv,dc=lnf,dc=it, filter=((objectClass=posixAccount)(uid=monet))) nslcd: [16dde9] DEBUG: ldap_result(): end of results nslcd: [06c83e] DEBUG: connection from pid=1508 uid=0 gid=0 nslcd: [06c83e] DEBUG: nslcd_passwd_byname(giotto) nslcd: [06c83e] DEBUG: myldap_search(base=dc=corsi,dc=sv,dc=lnf,dc=it, filter=((objectClass=posixAccount)(uid=giotto))) nslcd: [06c83e] DEBUG: ldap_result(): end of results nslcd: [4fd4a1] DEBUG: connection from pid=1508 uid=0 gid=0 nslcd: [4fd4a1] DEBUG: nslcd_passwd_byname(botticelli) nslcd: [4fd4a1] DEBUG: myldap_search(base=dc=corsi,dc=sv,dc=lnf,dc=it, filter=((objectClass=posixAccount)(uid=botticelli))) nslcd: [4fd4a1] DEBUG: ldap_result(): end of results (that, indeed, seems to me normal) and on syslog the infamous: Apr 16 17:26:42 mouse slapd[1869]: connection_read(46): no connection! Apr 16 17:27:44 mouse slapd[1869]: connection_read(43): no connection! Apr 16 17:27:44 mouse slapd[1869]: connection_read(43): no connection! After updating my (last) i386 server, i can confirm this on amd64 and i386 architecture; the amd64 was fresh installed, i386 upgraded from lenny. Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#660223: Nonfatal connection trouble with ldapi:///
Package: nslcd Version: 0.7.15+squeeze1 I'm moving from debian lenny to debian squeeze, and from lib(pam|nss)-ldap to lib(pam|nss)-ldapd. I've configured nslcd.conf using: uri ldapi:/// and authentication access (binddn/bindpw) and now i've the logs flowed by message like: Feb 17 14:51:16 kaa slapd[1846]: connection_read(17): no connection! Feb 17 14:51:16 kaa slapd[1846]: connection_read(17): no connection! Feb 17 14:51:17 kaa slapd[1846]: connection_read(17): no connection! Feb 17 14:51:17 kaa slapd[1846]: connection_read(17): no connection! Feb 17 14:51:21 kaa nslcd[1901]: [4b7f08] error writing to client: Broken pipe Feb 17 14:51:25 kaa slapd[1846]: connection_read(40): no connection! Feb 17 14:51:25 kaa slapd[1846]: connection_read(40): no connection! looking on google for the slapd message, lead me to, for esample, to: http://www.openldap.org/lists/openldap-software/200811/msg00079.html so seems that nslcd do the wrong thing not unbinding before disconnection; i thnk, i hope, that the 'error writing to client: Broken pipe' of nslcd is a consequence of that. Anyway, all seems to work well. Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#614786: A different solution/approach...
I've hit the same issue switching from lenny/asterisk1.6 from backport to squeeze/asterisk1.6 ''mainline'', but i've found a different solution, i think. Digging around the web, i've found a page (sorry, i've lost the link) that, roughly, say that the newer bluetooth daemon plugin setup are loosely configured and bluetoothd load plugin that are not so useful, plugin that tend to confuse/complicate the setup. Anyway (i really understand very little of that things...), i've follow the advice to disable unused modules, adding to /etc/bluetooth/main.conf: DisablePlugins = network,input,pnat (probably even better DisablePlugins = network,input,pnat,hal), i've restarted bluetoothd and... asterisk connect to the phone flawlessy. Just i'm here, i make another little note. I've seen that on machine reboot, asterisk have no chan_mobile loaded; if i restart asterisk, the module are loaded fine. I've supposed that, on boot sequence, asterisk start before bluetoothd, so probably chan_mobile refuse to load. I've added 'bluetooth' to 'Should-Start:' on /etc/init.d/asterisk, really i've not rebooted the box after that, so probably i've not fixed this issue. Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#512590: Newer set of italian voices out
Here: http://www.voip.ammdomus.it/index.php?option=com_contentview=articleid=9:vociasterisk142220110907catid=3:set-voci-asterisk-1-4-xItemid=4 http://www.voip.ammdomus.it/voci-italiane-asterisk/voci-rel-1-4/10-download-voci-asterisk-extra-1-4-11-20110915 (in italian) can be found the newer set of italian voices for asterisk. I hope can be repackaged for debian. Thanks. PS: see also bug #553399 . -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#315035: I this that this bug can be safely closed...
...i use ldapi:/// in smbldap-tools in lenny, with no trouble at all, so i think that this bug can be safely closed. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#617798: Securiteinfo databases changed, script are no more compatible, package on lenny-backports need update
Package: clamav-unofficial-sigs Version: 3.3-2~bpo50+1 I'm using clamav-unofficial-sigs on lenny, from lenny-backports, and triying to use the newer lists from SecuritèInfo: http://www.securiteinfo.com/services/clamav_unofficial_malwares_signatures.shtml I've tried to use the new lists, adding to /etc/clamav-unofficial-sigs.conf the lists: si_dbs= honeynet.hdb securiteinfoelf.hdb securiteinfosh.hdb securiteinfopdf.hdb securiteinfooffice.hdb securiteinfohtml.hdb securiteinfodos.hdb securiteinfobat.hdb securiteinfo.hdb as the link above suggest, but i get only: Clamscan reports SecuriteInfo securiteinfoelf.hdb database integrity tested BAD - SKIPPING Clamscan reports SecuriteInfo securiteinfosh.hdb database integrity tested BAD - SKIPPING Clamscan reports SecuriteInfo securiteinfopdf.hdb database integrity tested BAD - SKIPPING Clamscan reports SecuriteInfo securiteinfooffice.hdb database integrity tested BAD - SKIPPING Clamscan reports SecuriteInfo securiteinfohtml.hdb database integrity tested BAD - SKIPPING Clamscan reports SecuriteInfo securiteinfodos.hdb database integrity tested BAD - SKIPPING Clamscan reports SecuriteInfo securiteinfobat.hdb database integrity tested BAD - SKIPPING Asking feedback from SecuritèInfo staff, i've had the reply: that's not good, script is too old. Please update it from http://www.sanesecurity.com/download_scripts_linux.htm So i'm firing this bug. Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#609440: madwifi-source: Debian Lenny Madwifi and Hostapd stability issues
used in future. Unfortunately ath5k doesn't yet work in accesspoint mode, but that is apparently coming soon. I can confirm this bug. But i've switched, roughly one year ago, to the kernel in backport (linux-image-2.6.32-bpo.5-686) and i've recompiled hostapd from testing (1:0.6.10-2), switching to ath5k and all works flawlessy, no more stability troubles. I suggest to do that, or switch directly to squeeze. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#599908: [Pkg-clamav-devel] Bug#599908: clamav return errors on corrupted PDF
Mandi! Michael Tautschnig In chel di` si favelave... Thanks for reporting this issue; from your report I guess that this is perfectly reproducible and you can probably just use clamscan to reproduce the problem. Could you do a clamscan --debug YOUR_FILE and send the output? I think this should not disclose and private information. Really, really, strange. I've buld up a script that weekly scan most of my disk space with clamav, and move on quarantine infected files. The script lastly execute: nice -20 clamscan --quiet --infected --stdout --no-summary --recursive \ --max-filesize=50M --max-scansize=250M --exclude=/.inbox --exclude-dir=/srv/users/.cestino --exclude-dir=/srv/media/.cestino --log=/tmp/sysscan.log.HOOPjNpC --max-dir-recursion=1000 /home /srv/users /srv/media and check return code, if different from 0 or 1 bump an error. But if i try to scan manually the file: mouse:~# clamscan --stdout --no-summary --recursive --max-filesize=50M --max-scansize=250M /srv/users/OVCI/cose vecchie/Recupero pc Ale Giardina dopo furto/normale/842-98_SP500_GE.pdf; echo $? /srv/users/OVCI/cose vecchie/Recupero pc Ale Giardina dopo furto/normale/842-98_SP500_GE.pdf: OK 0 work well. Boh. Anyway i attach the ''debug run'', hoping will be useful. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/chi_siamo/5xmille.php (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) clamdebug.log.gz Description: Binary data
Bug#599908: clamav return errors on corrupted PDF
Package: clamav Version: 0.96.3+dfsg-2~volatile1 After upgrading to 0.96.3+dfsg-1~volatile1 (and same thing for this 0.96.3+dfsg-2~volatile1) from volatile repository on a debian lenny, clamav start to exit with and error status (not 0 or 1) and print some warning: LibClamAV Error: cli_writen: write error: Bad address LibClamAV Error: cli_pdf: failed to write output file /srv/users/OVCI/cose vecchie/Recupero pc Ale Giardina dopo furto/normale/842-98_SP500_GE.pdf: Can't write to file ERROR /srv/users/OVCI/cose vecchie/Recupero pc Ale Giardina dopo furto/normale/842-98_SP500_GE.pdf:Zone.Identifier: OK Looking at the file seems to that is simply a corrupted PDF: g...@lily:~$ evince 842-98_SP500_GE.pdf Error: PDF file is damaged - attempting to reconstruct xref table... Error: Top-level pages object is wrong type (null) Error: Couldn't read page catalog Error: PDF file is damaged - attempting to reconstruct xref table... Error: Top-level pages object is wrong type (null) Error: Couldn't read page catalog This is an example of one server, but have some half-dozen servers, some i386, some amd64, all with this trouble. Probably something changed in libclamav in the PDF area, but i think it is wrong to return error for a corrupted file. I'm looking around in my server to find a .pdf that i'm sure does not contain sensitive data, but for now i've not found it. If the offending pdf are needed, please say me and i'll send in private. Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/chi_siamo/5xmille.php (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#589019: Ok, added upstream.
https://sourceforge.net/tracker/?func=detailaid=3037155group_id=6663atid=106663 Many thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#589019: pam_group does not support NSS groups...
Mandi! Steve Langasek In chel di` si favelave... Ah - have read the upstream post now, and understand that this is about adding users to groups based on whether they're already a member of another group. Yes. That doesn't make sense to me, frankly; I think it makes more sense to grant the *original* group access to the resources on the system. So I'm not I've tried to setup pam_group on some server debian-based i manage. On some of these i need to lend log-watching permission (eg, group ''adm'') to some unrestricted user, possibly without using complex sudo setups (they have to read, not execute something). pam_group works, but i've to list explicitly all users i need, insted of using the LDAP/Samba group they belong to. This is and error-prone task, and i can easily forgot some users in pam_group list... Also... AFAI've understood, pam_group support add local group to nisgroup because as the time was written the NIS technology was the ''leader'' in complex networks setup, lead position now gone. I think that adding network group users to a local group is a perfectly good option, as was for netgroups. inclined to take this patch before it's been applied upstream. Ok, the best way is: http://sourceforge.net/tracker/?group_id=6663atid=106663 or there's a better one? Many thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/chi_siamo/5xmille.php (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#589019: pam_group does not support NSS groups...
Package: libpam-modules Version: 1.0.1-5+lenny1 Severity: wishlist Tags: patch pam_group support NIS netgroups to assign (local) group to (indeed) netgroups. But today NIS setup are really uncommon, and enable the NIS netgroup ''layer'' (objectclasses) and stuffs in LDAP only to manage this... Please, consider patching pam_group debian package to include support for NSS group. Googling around i've found these patches (that seems to me the same): https://bugs.launchpad.net/ubuntu/+source/pam/+bug/297408 http://www.redhat.com/archives/pam-list/2009-December/msg0.html Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#442214: [Pkg-aide-maintainers] Bug#442214: Still this on lenny...
Mandi! Hannes von Haugwitz In chel di` si favelave... Marc has recently uploaded the latest version to lenny-backports. Please try this version and provide feedback if that solves your problem. I've simply updated to the backport version, and let the weekend pass. No, same problem, i hit modifications on syslog and exim logs, as before. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#578861: -T option incorrectly split parameters
Package: smbldap-tools Version: 0.9.4-1 The '-T' parameter suffer some bugs, by the way of how smbldap-tools handle parsing. 1) help and manpage say that -T parameter can have a list of email comma separated, but: smbldap-usermod -T cristina,someaccount...@gmail.com cristina failed to modify entry: mailRoutingAddress: multiple values provided at /usr/sbin/smbldap-usermod line 617. 2) if i have to reset the email forwarding, i have to use: smbldap-usermod -T , cristina if i use -T does nothing. Both trouble arise from the fact that mailRoutingAddress are single-valued, so have to take a string and not an array as input. Quick patch/hack attached, that probably have to be adapted also for smbldap-useradd (i've not tested). --- smbldap-usermod.orig 2010-04-23 10:02:56.0 +0200 +++ smbldap-usermod 2010-04-23 10:09:11.0 +0200 @@ -398,9 +398,10 @@ $mailobj = 1; } -if ($tmp= $Options{'T'}) { +if (defined($tmp= $Options{'T'})) { my $action= ''; my @old; +my $suserMailTo; # action si + or - for adding or deleting an entry if ($tmp =~ s/^([+-])+\s*//) { $action= $1; @@ -414,7 +415,8 @@ } elsif ($action eq '-') { @userMailTo = list_minus(\...@old, \...@usermailto); } -push(@mods, 'mailRoutingAddress', [ @userMailTo ]); +$suserMailTo = join(',', @userMailTo); +push(@mods, 'mailRoutingAddress' = $suserMailTo ); $mailobj = 1; } if ($mailobj) {
Bug#442214: Still this on lenny...
I'm hitting this bug on lenny, aide 0.13.1-10. Clearly i've: COMMAND=update COPYNEWDB=ifnochange But still sporadically i got: --- Added files: --- added: /var/log/exim4/mainlog.2.gz added: /var/log/exim4/rejectlog.2.gz added: /var/log/syslog.2.gz added: /var/log/user.log.2.gz --- Removed files: --- removed: /var/log/ntop/access.log.4.gz removed: /var/log/exim4/mainlog.10.gz removed: /var/log/exim4/rejectlog.10.gz removed: /var/log/user.log.4.gz --- Changed files: --- changed: /var/log/exim4/mainlog changed: /var/log/exim4/rejectlog changed: /var/log/exim4/mainlog.1 changed: /var/log/exim4/rejectlog.1 changed: /var/log/syslog changed: /var/log/syslog.1 changed: /var/log/user.log.1 changed: /var/log/user.log changed: /var/log/syslog.7.gz But if i look at /var/log/exim4 now (after some hours...): tank:~# ls -la /var/log/exim4/ totale 2784 drwxr-s--- 2 Debian-exim adm4096 8 apr 06:34 . drwxr-xr-x 13 rootroot 4096 8 apr 06:34 .. -rw-r- 1 Debian-exim adm 87293 8 apr 09:22 mainlog -rw-r- 1 Debian-exim adm 552522 8 apr 06:34 mainlog.1 -rw-r- 1 Debian-exim adm 88305 30 mar 06:34 mainlog.10.gz -rw-r- 1 Debian-exim adm 101723 7 apr 06:33 mainlog.2.gz -rw-r- 1 Debian-exim adm 66851 6 apr 06:33 mainlog.3.gz -rw-r- 1 Debian-exim adm 79894 5 apr 06:33 mainlog.4.gz -rw-r- 1 Debian-exim adm 75787 4 apr 06:34 mainlog.5.gz -rw-r- 1 Debian-exim adm 85616 3 apr 06:34 mainlog.6.gz -rw-r- 1 Debian-exim adm 118557 2 apr 06:34 mainlog.7.gz -rw-r- 1 Debian-exim adm 104152 1 apr 06:34 mainlog.8.gz -rw-r- 1 Debian-exim adm 112329 31 mar 06:34 mainlog.9.gz -rw-r- 1 Debian-exim adm 0 5 feb 17:41 paniclog -rw-r- 1 Debian-exim adm 87683 8 apr 09:22 rejectlog -rw-r- 1 Debian-exim adm 458763 8 apr 06:27 rejectlog.1 -rw-r- 1 Debian-exim adm 77745 30 mar 06:33 rejectlog.10.gz -rw-r- 1 Debian-exim adm 87661 7 apr 06:30 rejectlog.2.gz -rw-r- 1 Debian-exim adm 56135 6 apr 06:31 rejectlog.3.gz -rw-r- 1 Debian-exim adm 65614 5 apr 06:29 rejectlog.4.gz -rw-r- 1 Debian-exim adm 59657 4 apr 06:33 rejectlog.5.gz -rw-r- 1 Debian-exim adm 77438 3 apr 06:30 rejectlog.6.gz -rw-r- 1 Debian-exim adm 91157 2 apr 06:30 rejectlog.7.gz -rw-r- 1 Debian-exim adm 79454 1 apr 06:33 rejectlog.8.gz -rw-r- 1 Debian-exim adm 97203 31 mar 06:25 rejectlog.9.gz /var/log/exim4/mainlog.10.gz are there, could be simply that last run of aide (not this night, but last night) got scheduled between log rotation? Speaking clearly: seems to me that the trouble here arise when aide got scheduled not before, not after but *between* a log rotation task. This mangle the ANF and ARF rules, and next run bump this message. I got these aide messages mostly on weekends (where weekly rotation occur and probably load on machine is bigger), but also appears randomly on workdays. Note that i use aide on my firewalls, old (PII/PIII) box with not so much horsepower, so probably on 'modern' and performant hardware this could be very tricky to trigger. /etc/cron.daily/aide seems too complicated for my scripting skills, there's an easy way to make sure aide does not run between log rotation? Many thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/chi_siamo/5xmille.php (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#568855: Proposed configuration of sa-exim exclusions/overrides can get better...
Package: sa-exim Version: 4.2.1-11 In /usr/share/doc/sa-exim/README.gz the readme correctly proposed to add some exclusions/overrides that prevent spamassassin run against locally generated or 'trusted' senders. I was caming from an old, mosly sarge based setup, and i moved from the header-type exclusion to acl variable exclusion, but found that what proposed on file above, section: EXIM4 INTEGRATION / NOT SCANNING YOUR OWN MAILS does not work very well, scan every local generated email. After some exim documentation reeding (ok, and a bit of google ;) i've added in main section of exim4.conf: acl_not_smtp = acl_check_local_mail and on acl section: acl_check_local_mail: warn set acl_m0 = do-not-scan accept With this setup again sa-exim stop to check ocal submitted email. Also this remove the flooding of: Can only handle IPv4 addresses; skipping greylisting call for message from spamd, because seems that the only source of ipv6 traffic, at least in italy, are localhost. ;-) Many thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#568259: Race condition in smbldap-tools when stopping nscd
Package: smbldap-tools Version: 0.9.4-1 Description of the bug and proposed patch upstream. https://gna.org/bugs/?13098 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#519551: Confirmation and patch.
I an confirm the bug, moving from etch to lenny really confuse me, and i think this can be really considered a security bug. [if i reset a password to a shared/simple one i suppose using '-B' that the user will change it, but they are not forced to do so...] Easy patch, i hope will be integrated soon. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/chi_siamo/5xmille.php (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) --- smbldap-passwd.orig 2010-02-01 15:25:45.0 +0100 +++ smbldap-passwd 2010-02-01 15:22:03.0 +0100 @@ -222,13 +222,13 @@ } } if ($force_update_samba_passwd == 1) { - # To force a user to change his password: - # . the attribut sambaPwdLastSet must be != 0 + # To force a user to change his password (in samba = 3.2): + # . the attribut sambaPwdLastSet must be == 0 # . the attribut sambaAcctFlags must not match the 'X' flag my $winmagic = 2147483647; my $valacctflags = [U]; push(@mods, 'sambaPwdMustChange' = 0); - push(@mods, 'sambaPwdLastSet' = $winmagic); + push(@mods, 'sambaPwdLastSet' = 0); push(@mods, 'sambaAcctFlags' = $valacctflags); } # Let's change nt/lm passwords --- smbldap-useradd.orig 2010-02-01 15:16:40.0 +0100 +++ smbldap-useradd 2010-02-01 15:22:16.0 +0100 @@ -429,10 +429,10 @@ if (defined($tmp = $Options{'B'})) { if ($tmp != 0) { $valpwdmustchange = 0; - # To force a user to change his password: - # . the attribut sambaPwdLastSet must be != 0 + # To force a user to change his password (in samba = 3.2): + # . the attribut sambaPwdLastSet must be == 0 # . the attribut sambaAcctFlags must not match the 'X' flag - $valpwdlastset=$winmagic; + $valpwdlastset= 0; $valacctflags = [U]; } else { $valpwdmustchange = $winmagic; --- smbldap-usermod.orig 2010-02-01 15:01:02.0 +0100 +++ smbldap-usermod 2010-02-01 15:08:28.0 +0100 @@ -494,8 +494,8 @@ if ($samba == 1) { if ($tmp != 0) { $_sambaPwdMustChange=0; - # To force a user to change his password: - # . the attribut sambaPwdLastSet must be != 0 + # To force a user to change his password (in samba = 3.2): + # . the attribut sambaPwdLastSet must be == 0 # . the attribut sambaAcctFlags must not match the 'X' flag my $_sambaAcctFlags; my $flags = $user_entry-get_value('sambaAcctFlags'); @@ -509,8 +509,8 @@ push(@mods, 'sambaAcctFlags' = $_sambaAcctFlags); } my $_sambaPwdLastSet = $user_entry-get_value('sambaPwdLastSet'); - if ($_sambaPwdLastSet == 0) { - push(@mods, 'sambaPwdLastSet' = $winmagic); + if ($_sambaPwdLastSet != 0) { + push(@mods, 'sambaPwdLastSet' = 0); } } else { $_sambaPwdMustChange=$winmagic;