Bug#935082: openjdk-7: Missed sun.security.ec package
I can confirm that this recent security update: https://tracker.debian.org/news/1054999/accepted-openjdk-7-7u231-2619-1deb8u1-source-amd64-all-into-oldoldstable/ breaks our application (Shibboleth IdP) with: java.lang.NoClassDefFoundError: sun/security/ec/ECParameters I'm not sure if this regression is a mandatory side-effect of the security fixes. Regards
Bug#925918: linux-image-amd64: linux-image-3.16.0-8-amd64 - unpredictable reboots / kernel panics?
Can confirm this with two other observations: - reproducible "corrupted page table" messages for Java processes [0] - CPU hangs on VMware virtualization infrastructure [1] Interesting though: To be sure I first made the upgrade on some almost identical test machines, and most of them run fine. On the productive machines this kernel is a disaster, so maybe the errors are only induced by a certain level of workload or RAM usage. Regards Matthias [0] Mar 28 20:31:31 vdxi kernel: [ 1286.392819] java: Corrupted page table at address 7f8ea7bf79e0 Mar 28 20:31:31 vdxi kernel: [ 1286.394269] PGD 8000bae36067 PUD bae88067 PMD 1398c3067 PTE 80a3094f6da3a5f9 Mar 28 20:31:31 vdxi kernel: [ 1286.395431] Bad pagetable: 0009 [#3] SMP Mar 28 20:31:31 vdxi kernel: [ 1286.396601] Modules linked in: nfnetlink_queue nfnetlink_log nfnetlink bluetooth 6lowpan_iphc rfkill ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables ipt_REJECT xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack iptable_filter ip_tables x_tables pcspkr vmw_balloon ppdev evdev serio_raw processor vmwgfx parport_pc ttm drm_kms_helper drm vmw_vmci battery thermal_sys parport shpchp ac button autofs4 ext4 crc16 mbcache jbd2 sd_mod crc_t10dif crct10dif_generic sg sr_mod cdrom crct10dif_common ata_generic psmouse vmxnet3 vmw_pvscsi i2c_piix4 i2c_core ata_piix libata scsi_mod floppy Mar 28 20:31:31 vdxi kernel: [ 1286.405404] CPU: 0 PID: 1479 Comm: java Tainted: G B D 3.16.0-8-amd64 #1 Debian 3.16.64-1 Mar 28 20:31:31 vdxi kernel: [ 1286.406942] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 09/19/2018 Mar 28 20:31:31 vdxi kernel: [ 1286.408214] task: 880139a10050 ti: 88013984 task.ti: 88013984 Mar 28 20:31:31 vdxi kernel: [ 1286.408865] RIP: 0010:[] [] __get_user_8+0x25/0x2f Mar 28 20:31:31 vdxi kernel: [ 1286.409513] RSP: 0018:880139843d08 EFLAGS: 00010206 Mar 28 20:31:31 vdxi kernel: [ 1286.410141] RAX: 7f8ea7bf79e7 RBX: 8800b93cf800 RCX: 02b0 Mar 28 20:31:31 vdxi kernel: [ 1286.410775] RDX: RSI: 8800b93cf800 RDI: 880139a10050 Mar 28 20:31:31 vdxi kernel: [ 1286.411409] RBP: 880139a10050 R08: 0006 R09: 05c7 Mar 28 20:31:31 vdxi kernel: [ 1286.412038] R10: 88013a65fd00 R11: 0246 R12: 7f8ea7bf79e0 Mar 28 20:31:31 vdxi kernel: [ 1286.412665] R13: 00c0 R14: 0008 R15: 880139a10050 Mar 28 20:31:31 vdxi kernel: [ 1286.413301] FS: 7f8ea7bf7700() GS:88013fc0() knlGS: Mar 28 20:31:31 vdxi kernel: [ 1286.413947] CS: 0010 DS: ES: CR0: 80050033 Mar 28 20:31:31 vdxi kernel: [ 1286.414592] CR2: 7f8ea7bf79e0 CR3: 00013a602000 CR4: 0770 Mar 28 20:31:31 vdxi kernel: [ 1286.415288] Stack: Mar 28 20:31:31 vdxi kernel: [ 1286.415945] 810dceec 0282 8800b93cf800 Mar 28 20:31:31 vdxi kernel: [ 1286.416616] 880139a10050 00c0 0008 Mar 28 20:31:31 vdxi kernel: [ 1286.417288] 880139a10050 8106a4ed 8800b93cf800 8800b99bc4c0 Mar 28 20:31:31 vdxi kernel: [ 1286.417964] Call Trace: Mar 28 20:31:31 vdxi kernel: [ 1286.418631] [] ? exit_robust_list+0x2c/0x120 Mar 28 20:31:31 vdxi kernel: [ 1286.419320] [] ? mm_release+0xfd/0x140 Mar 28 20:31:31 vdxi kernel: [ 1286.419993] [] ? do_exit+0x155/0xae0 Mar 28 20:31:31 vdxi kernel: [ 1286.420660] [] ? do_group_exit+0x39/0xb0 Mar 28 20:31:31 vdxi kernel: [ 1286.421331] [] ? get_signal_to_deliver+0x2ac/0x690 Mar 28 20:31:31 vdxi kernel: [ 1286.422010] [] ? do_signal+0x41/0xba0 Mar 28 20:31:31 vdxi kernel: [ 1286.422680] [] ? SYSC_recvfrom+0xfe/0x140 Mar 28 20:31:31 vdxi kernel: [ 1286.423355] [] ? __schedule+0x22f/0x750 Mar 28 20:31:31 vdxi kernel: [ 1286.424063] [] ? __schedule+0x223/0x750 Mar 28 20:31:31 vdxi kernel: [ 1286.424709] [] ? __schedule+0x22f/0x750 Mar 28 20:31:31 vdxi kernel: [ 1286.425326] [] ? __schedule+0x223/0x750 Mar 28 20:31:31 vdxi kernel: [ 1286.425928] [] ? __schedule+0x22f/0x750 Mar 28 20:31:31 vdxi kernel: [ 1286.426500] [] ? __schedule+0x223/0x750 Mar 28 20:31:31 vdxi kernel: [ 1286.427048] [] ? __schedule+0x22f/0x750 Mar 28 20:31:31 vdxi kernel: [ 1286.427574] [] ? __schedule+0x223/0x750 Mar 28 20:31:31 vdxi kernel: [ 1286.428083] [] ? __schedule+0x22f/0x750 Mar 28 20:31:31 vdxi kernel: [ 1286.428569] [] ? do_notify_resume+0x78/0xa0 Mar 28 20:31:31 vdxi kernel: [ 1286.429043] [] ? int_signal+0x12/0x17 Mar 28 20:31:31 vdxi kernel: [ 1286.429495] Code: 66 66 90 c3 66 90 48 83 c0 07 72 29 65 48 8b 14 25 40 44 00 00 48 81 ea d8 3f 00 00 48 3b 42 20 73 13 48 19 d2 48 21 d0 66 66 90 <48> 8b 50 f9 31 c0 66 66 90 c3 31 d2 48 c7 c0 f2 ff ff ff 66 66 Mar 28 20:31:31 vdxi kernel: [ 1286.430910] RIP [] __get_user_8+0x25/0x2f Mar 28 20:31:31 vdxi kernel: [ 1286.431358] RSP Mar 28
Bug#884183: Bug 884183 - DELL
Same here on DELL PowerEdges with megaraid_sas. Find a bootlog of a successful boot with the previous kernel attached. (The symbol errors seem to be related to the kernel downgrade.) Matthias [0.00] Initializing cgroup subsys cpuset [0.00] Initializing cgroup subsys cpu [0.00] Initializing cgroup subsys cpuacct [0.00] Linux version 3.16.0-4-amd64 (debian-ker...@lists.debian.org) (gcc version 4.8.4 (Debian 4.8.4-1) ) #1 SMP Debian 3.16.43-2+deb8u5 (2017-09-19) [0.00] Command line: BOOT_IMAGE=/boot/vmlinuz-3.16.43 root=UUID=0f974284-0e9a-4368-94de-d457a9070eda ro quiet [0.00] e820: BIOS-provided physical RAM map: [0.00] BIOS-e820: [mem 0x-0x0009dfff] usable [0.00] BIOS-e820: [mem 0x0010-0xbd2e] usable [0.00] BIOS-e820: [mem 0xbd2f-0xbd31bfff] reserved [0.00] BIOS-e820: [mem 0xbd31c000-0xbd35afff] ACPI data [0.00] BIOS-e820: [mem 0xbd35b000-0xbfff] reserved [0.00] BIOS-e820: [mem 0xe000-0xefff] reserved [0.00] BIOS-e820: [mem 0xfe00-0x] reserved [0.00] BIOS-e820: [mem 0x0001-0x00183fff] usable [0.00] NX (Execute Disable) protection: active [0.00] SMBIOS 2.7 present. [0.00] DMI: Google Inc Google Search Appliance/0JP31P, BIOS 2.5.4 01/22/2016 [0.00] e820: update [mem 0x-0x0fff] usable ==> reserved [0.00] e820: remove [mem 0x000a-0x000f] usable [0.00] AGP: No AGP bridge found [0.00] e820: last_pfn = 0x184 max_arch_pfn = 0x4 [0.00] MTRR default type: uncachable [0.00] MTRR fixed ranges enabled: [0.00] 0-9 write-back [0.00] A-B uncachable [0.00] C-CBFFF write-protect [0.00] CC000-D3FFF write-back [0.00] D4000-EBFFF uncachable [0.00] EC000-F write-protect [0.00] MTRR variable ranges enabled: [0.00] 0 base mask 3FFF8000 write-back [0.00] 1 base 8000 mask 3FFFC000 write-back [0.00] 2 base 0001 mask 3FFF write-back [0.00] 3 base 0002 mask 3FFE write-back [0.00] 4 base 0004 mask 3FFC write-back [0.00] 5 base 0008 mask 3FF8 write-back [0.00] 6 base 0010 mask 3FF8 write-back [0.00] 7 base 0018 mask 3FFFC000 write-back [0.00] 8 disabled [0.00] 9 disabled [0.00] x86 PAT enabled: cpu 0, old 0x7040600070406, new 0x7010600070106 [0.00] e820: update [mem 0xc000-0x] usable ==> reserved [0.00] e820: last_pfn = 0xbd2f0 max_arch_pfn = 0x4 [0.00] found SMP MP-table at [mem 0x000fe710-0x000fe71f] mapped at [880fe710] [0.00] Base memory trampoline at [88098000] 98000 size 24576 [0.00] Using GB pages for direct mapping [0.00] init_memory_mapping: [mem 0x-0x000f] [0.00] [mem 0x-0x000f] page 4k [0.00] BRK [0x01af6000, 0x01af6fff] PGTABLE [0.00] BRK [0x01af7000, 0x01af7fff] PGTABLE [0.00] BRK [0x01af8000, 0x01af8fff] PGTABLE [0.00] init_memory_mapping: [mem 0x183fe0-0x183fff] [0.00] [mem 0x183fe0-0x183fff] page 1G [0.00] init_memory_mapping: [mem 0x183c00-0x183fdf] [0.00] [mem 0x183c00-0x183fdf] page 1G [0.00] init_memory_mapping: [mem 0x18-0x183bff] [0.00] [mem 0x18-0x183bff] page 1G [0.00] init_memory_mapping: [mem 0x10-0x17] [0.00] [mem 0x10-0x17] page 1G [0.00] init_memory_mapping: [mem 0x0010-0xbd2e] [0.00] [mem 0x0010-0x001f] page 4k [0.00] [mem 0x0020-0x3fff] page 2M [0.00] [mem 0x4000-0x7fff] page 1G [0.00] [mem 0x8000-0xbd1f] page 2M [0.00] [mem 0xbd20-0xbd2e] page 4k [0.00] init_memory_mapping: [mem 0x1-0xf] [0.00] [mem 0x1-0xf] page 1G [0.00] RAMDISK: [mem 0x3620e000-0x370fefff] [0.00] ACPI: Early table checksum verification disabled [0.00] ACPI: RSDP 0x000F0C70 24 (v02 ) [0.00] ACPI: XSDT 0x000F0DB8 A4 (v01 0001 DELL 0001) [0.00] ACPI: FACP 0xBD33534C F4 (v03 0001 DELL 0001) [0.00] ACPI: DSDT 0xBD31C000 008029 (v01 0001 INTL 20110211) [0.00] ACPI: FACS 0xBD337000 40 [0.00] ACPI: FACS 0xBD337000 40 [0.00] ACPI: APIC 0xBD334478 0001EA (v01
Bug#835986: isc-dhcp-client: no default route set if dhcp server sends option rfc3442-classless-static-routes
Package: isc-dhcp-client Version: 4.3.4-1 Severity: normal Dear Maintainer, having a DHCP server that sends option 121 "classless static routes" leads to isc-dhcp-client not setting a default route on the DHCP client host. However, the classless static routes get set correctly. If "rfc3442-classless-static-routes" is removed from option "request" in dhclient.conf, the static routes are not set, but the default route. This is my current workaround. The leasefile in /var/lib/dhcp/dhclient.eth0.leases does contain the correct options configured in the DHCP server, including default route (option 003). It seems the default route just isn't applied. This bug currently also appears in the Jessie version. -- System Information: Debian Release: 8.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages isc-dhcp-client depends on: ii debianutils 4.4+b1 ii iproute2 3.16.0-2 ii libc6 2.19-18+deb8u4 ii libdns-export162 1:9.10.3.dfsg.P4-10.1 ii libisc-export160 1:9.10.3.dfsg.P4-10.1 Versions of packages isc-dhcp-client recommends: ii isc-dhcp-common 4.3.1-6+deb8u2 Versions of packages isc-dhcp-client suggests: pn avahi-autoipd pn isc-dhcp-client-ddns pn resolvconf -- no debconf information
Bug#765867: Request for Forward Secrecy
Package: perdition Version: 2.1-2 Severity: wishlist Perdition 2.1 can not use or offer cipher suites with forward secrecy. Please include attached patch in the package or in the upstream mercurial. The patch originates from Daniel Kahn Gillmor and was posted to the perdition mailing list in spring. I extended the patch to also support EC-DHE ciphers. It applies cleanly on 1.19rc5 as well as 2.1-2. Maybe the used EC curve should be made configurable. Regards Matthias --- perdition-1.19~rc5.orig/perdition/options.c +++ perdition-1.19~rc5/perdition/options.c @@ -464,6 +464,8 @@ int options(int argc, char **argv, flag_ TAG_SSL_CA_ACCEPT_SELF_SIGNED, NULL, NULL}, {ssl_cert_file, '\0', POPT_ARG_STRING, NULL, TAG_SSL_CERT_FILE, NULL, NULL}, +{ssl_dh_params_file, '\0', POPT_ARG_STRING, NULL, + TAG_SSL_DH_PARAMS_FILE, NULL, NULL}, {ssl_cert_accept_expired, '\0', POPT_ARG_NONE, NULL, TAG_SSL_CERT_ACCEPT_EXPIRED, NULL, NULL}, {ssl_cert_accept_not_yet_valid, '\0', POPT_ARG_NONE, NULL, @@ -594,6 +596,7 @@ int options(int argc, char **argv, flag_ opt_i((opt.ssl_ca_accept_self_signed), DEFAULT_SSL_CA_ACCEPT_SELF_SIGNED, i, 0, OPT_NOT_SET); opt_p((opt.ssl_cert_file), DEFAULT_SSL_CERT_FILE, i, 0, OPT_NOT_SET); +opt_p((opt.ssl_dh_params_file), DEFAULT_SSL_DH_PARAMS_FILE, i, 0, OPT_NOT_SET); opt_i((opt.ssl_cert_accept_expired), DEFAULT_SSL_CERT_ACCEPT_EXPIRED, i, 0, OPT_NOT_SET); opt_i((opt.ssl_cert_accept_not_yet_valid), @@ -920,6 +923,14 @@ int options(int argc, char **argv, flag_ NO_SSL_OPT(ssl_cert_file); #endif /* WITH_SSL_SUPPORT */ break; + case TAG_SSL_DH_PARAMS_FILE: +#ifdef WITH_SSL_SUPPORT +opt_p((opt.ssl_dh_params_file), optarg, (opt.ssl_mask), + MASK_SSL_DH_PARAMS_FILE, f); +#else /* WITH_SSL_SUPPORT */ + NO_SSL_OPT(ssl_dh_params_file); +#endif /* WITH_SSL_SUPPORT */ +break; case TAG_SSL_CERT_ACCEPT_EXPIRED: #ifdef WITH_SSL_SUPPORT opt_i((opt.ssl_cert_accept_expired), 1, (opt.ssl_mask), @@ -1755,6 +1766,7 @@ void usage(int exit_status){ OPT_STR(RECOMMENDED_SSL_CA_FILE), OPT_STR(DEFAULT_SSL_CA_PATH), OPT_STR(DEFAULT_SSL_CERT_FILE), +OPT_STR(DEFAULT_SSL_DH_PARAMS_FILE), DEFAULT_SSL_CERT_VERIFY_DEPTH, OPT_STR(DEFAULT_SSL_KEY_FILE), OPT_STR(DEFAULT_SSL_LISTEN_CIPHERS), --- perdition-1.19~rc5.orig/perdition/options.h +++ perdition-1.19~rc5/perdition/options.h @@ -167,6 +167,7 @@ #define DEFAULT_SSL_CA_ACCEPT_SELF_SIGNED0 #define DEFAULT_SSL_CERT_FILEPERDITION_SYSCONFDIR \ /perdition.crt.pem +#define DEFAULT_SSL_DH_PARAMS_FILE NULL #define DEFAULT_SSL_CERT_ACCEPT_EXPIRED 0 #define DEFAULT_SSL_CERT_ACCEPT_SELF_SIGNED 0 #define DEFAULT_SSL_CERT_ACCEPT_NOT_YET_VALID 0 @@ -236,6 +237,7 @@ typedef struct { char*ssl_ca_path; int ssl_ca_accept_self_signed; char*ssl_cert_file; + char*ssl_dh_params_file; int ssl_cert_accept_self_signed; int ssl_cert_accept_expired; int ssl_cert_accept_not_yet_valid; @@ -317,6 +319,7 @@ typedef struct { #define MASK_SSL_NO_CN_VERIFY (flag_t) 0x4000 #define MASK_SSL_PASSPHRASE_FD (flag_t) 0x8000 #define MASK_SSL_PASSPHRASE_FILE (flag_t) 0x0001 +#define MASK_SSL_DH_PARAMS_FILE(flag_t) 0x0002 #endif /* WITH_SSL_SUPPORT */ /* @@ -355,6 +358,7 @@ typedef struct { #define TAG_MANAGESIEVE_CAPABILITY (int) 155 #define TAG_POP_CAPABILITY (int) 156 #define TAG_TCP_KEEPALIVE (int) 157 +#define TAG_SSL_DH_PARAMS_FILE (int) 158 /*Flag values for options()*/ #define OPT_ERR (flag_t) 0x1 /*Print error to stderr, enable help*/ --- perdition-1.19~rc5.orig/perdition/ssl.c +++ perdition-1.19~rc5/perdition/ssl.c @@ -166,6 +166,11 @@ __perdition_ssl_passwd_cb(char *buf, int * concatenation of the various PEM-encoded CA Certificate * files, usually in certificate chain order. * Overrides ca_pat and ca_file + * dh_params_file: Diffie-Hellman parameters to use as a server + * May be NULL if not a server, if the DH params are + * appended to the cert file, or if EDH ciphersuites are + * not desired. Should be the path to a PEM file that + * contains DH PARAMETERS * ciphers: cipher list to use as per ciphers(1). * May be NULL in which case openssl's default is used. * flag: PERDITION_SSL_CLIENT or PERDITION_SSL_SERVER @@ -488,9 +493,14 @@ static long __perdition_verify_result(lo SSL_CTX *perdition_ssl_ctx(const char *ca_file, const char *ca_path,
Bug#660735: SEGFAULT in strcasestr when using sieve protocol
Package: perdition Version: 1.19~rc4-4 Severity: important Tags: upstream patch Hi, I have tried to use perdition as a proxy for the sieve protocol. Unfortunately, whenever an arbitrary user is connecting and authenticating the corresponding child process is terminated by a SEGFAULT. I originally discovered this issue in 1.19~rc4-2 and thought it is fixed in 1.19~rc4-4, but it is NOT the problem with too long credentials. This is the backtrace: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7faca09e9700 (LWP 7719)] 0x7fac9ed2b784 in strcasecmp () from /lib/libc.so.6 (gdb) bt #0 0x7fac9ed2b784 in strcasecmp () from /lib/libc.so.6 #1 0x0042189f in strcasestr (haystack=0x9febb0 PLAIN DIGEST-MD5, needle=0x426cef PLAIN) at str.c:732 #2 0x004218f6 in strcasedelimword (haystack=0x9febb0 PLAIN DIGEST-MD5, needle=0x426cef PLAIN, delim=0x426ca0 ) at str.c:761 #3 0x004112d0 in strcaseword (haystack=0x9febb0 PLAIN DIGEST-MD5, needle=0x426cef PLAIN) at str.h:397 #4 0x00411559 in managesieve_out_capability (rs_io=0x9fe930) at managesieve_out.c:82 #5 0x004115fb in managesieve_out_setup (rs_io=0x9fe930, eu_io=0x9fc9f0, UNUSED_auth=0x7fff16fed770, UNUSED_tag=0x0) at managesieve_out.c:135 #6 0x0041a9e5 in main (argc=1, argv=0x7fff16fefa68, envp=0x7fff16fefa78) at perdition.c:968 Further investigation showed something that is IMHO a severe error in the function strcasestr, which leads to an almost endless loop, running through memory looking for the needle, until a SEGFAULT stops the show. Additionally, under certain conditions the function may be unable to find needle in haystack at all. There is a patch attached. -- System Information: Debian Release: 6.0.4 Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages perdition depends on: ii libc6 2.11.3-2 ii libdb4.8 4.8.30-2 ii libgdbm3 1.8.3-9 ii libidn11 1.15-2 ii libpam0g 1.1.1-6.1+squeeze1 ii libpopt0 1.16-1 ii libssl0.9.8 0.9.8o-4squeeze7 ii libvanessa-adt1 0.0.9-1 ii libvanessa-logger00.0.10-1.1 ii libvanessa-socket20.0.12-1 diff -uwbr a/perdition/str.c b/perdition/str.c --- a/perdition/str.c 2010-09-01 09:13:30.0 +0200 +++ b/perdition/str.c 2012-02-21 11:06:22.0 +0100 @@ -728,8 +728,8 @@ haystack_len = strlen(haystack); needle_len = strlen(needle); - for (i = 0; haystack_len + i = needle_len; i++) - if (!strcasecmp(haystack + i, needle)) + for (i = 0; haystack_len - i = needle_len; i++) + if (!strncasecmp(haystack + i, needle, needle_len)) return haystack + i; return NULL;
Bug#581243: Non-free images used
Package: esteidutil Version: 0.9.18 In the source of this package under src/resources are some images, for example cert_invalid.gif, which look VERY similar to those used by Windows / IE 6. I bet that these images can not be used in a software that is released under GPL or BSD. The images should be replaced by some icons, for example from the Chrystal Clear icon set or something like that. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#469251: mcedit: terminal dependent vanishing or chameleon cursor over leading whitespace
Hi, I cannot find the bug in gnome-terminal. Is it already duplicated for them? thx -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]