Bug#831427: ITP: ipv6pref -- preloadable library and wrapper script to influence address selection for IPv6 programs
Package: wnpp Severity: wishlist Owner: Stefan Tomanek <stefan.tomanek+deb...@wertarbyte.de> * Package name: ipv6pref Version : 1.0.0 Upstream Author : Stefan Tomanek <stefan.toma...@wertarbyte.de> * URL : https://github.com/wertarbyte/ipv6pref * License : GPLv3 Programming Lang: C Description : preloadable library and wrapper script to influence address selection for IPv6 programs Many systems that support IPv6 connectivity employ Privacy Extensions during address configuration. This loads to periodic reconfiguration of the IPv6 address used for establishing connections. In some cases it is desirable to use the permanent address instead, e.g. for long-running connections (SSH sessions come to mind). 'ipv6pref.so' is a small library that wraps around the socket() function and - once hooked into the program via LD_PRELOAD - takes the value of an environment variable (IPV6PREF_ADDR) into account: if set to 'pub', it advices the kernel to use the permanent, non-random address for the newly created socket, if set to 'tmp', it defaults to the privacy-enhanced addresses. A small wrapper script 'ipv6pref' (symlinked to 'v6pub' and 'v6tmp') is supplied to simplify the address selection for single commands.
Bug#827149: RFS: triggerhappy/0.4.0-1
Good morning, Dies schrieb Sean Whitton (spwhit...@spwhitton.name): > On Sun, Jun 12, 2016 at 11:59:34PM +0200, Stefan Tomanek wrote: > > Changes since the last upload: > > > >* update to version 0.4.0 (closes: bug#827079, bug#769184) > > Although this bug closing syntax is acceptable, it's marked as "not > preferred" Developer's Reference section 5.8.4. You might consider the > more usual syntax: > > Closes: #769184, #827079 > > and you should perhaps mention that 0.4.0 is a new *upstream* version. > > >* adapt to newer debian packaging standards > > Could you be more verbose here, please? What you wrote could mean a lot > of things! Thanks for your input, I adjusted the changelog accordingly and reuploaded the package.
Bug#827149: RFS: triggerhappy/0.4.0-1
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "triggerhappy" * Package name: triggerhappy Version : 0.4.0-1 Upstream Author : Stefan Tomanek <stefan.tomanek...@wertarbyte.de> * URL : https://github.com/wertarbyte/triggerhappy * License : GPLv3 Section : utils It builds those binary packages: triggerhappy - global hotkey daemon for Linux To access further information about this package, please visit the following URL: https://mentors.debian.net/package/triggerhappy Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/t/triggerhappy/triggerhappy_0.4.0-1.dsc More information about hello can be obtained from https://www.example.com. Changes since the last upload: * update to version 0.4.0 (closes: bug#827079, bug#769184) * adapt to newer debian packaging standards Regards, Stefan Tomanek
Bug#729578: keepassx: Store location of key file in bookmark
Package: keepassx Version: 0.4.3+dfsg-0.1 Severity: wishlist Tags: patch upstream Dear Maintainer, I am using keepassx on a regular basis to store my credentials using multiple databases. I am using passphrases as well as key files to secure the individual kdb files, however switching between the different databases is a hassle due to the need to re-select the key file everytime. With the attached patch applied, keepassx optionally stores the path to the appropiate keyfile with each bookmark, making switching between the different databases easier. -- System Information: Debian Release: 7.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages keepassx depends on: ii libc6 2.13-38 ii libgcc1 1:4.7.2-5 ii libqt4-xml 4:4.8.2+dfsg-11 ii libqtcore4 4:4.8.2+dfsg-11 ii libqtgui4 4:4.8.2+dfsg-11 ii libstdc++6 4.7.2-5 ii libx11-62:1.5.0-1+deb7u1 ii libxtst62:1.2.1-1+deb7u1 keepassx recommends no packages. keepassx suggests no packages. -- no debconf information From 35348384cfa4cb46d3184723dde504865c3a5463 Mon Sep 17 00:00:00 2001 From: Stefan Tomanek stefan.toma...@wertarbyte.de Date: Thu, 14 Nov 2013 15:03:32 +0100 Subject: [PATCH] store keyfile location in bookmark This patch adds the location of the keyfile used to unlock the database to the bookmark entry. This is especially useful if you use multiple databases and switch between them on a regular basis. --- src/dialogs/AddBookmarkDlg.cpp | 18 +++--- src/dialogs/AddBookmarkDlg.h |3 ++- src/dialogs/ManageBookmarksDlg.cpp |2 +- src/dialogs/PasswordDlg.cpp| 12 +--- src/dialogs/PasswordDlg.h |2 ++ src/forms/AddBookmarkDlg.ui| 23 --- src/lib/bookmarks.cpp | 12 ++-- src/lib/bookmarks.h|6 -- src/mainwindow.cpp | 10 +++--- src/mainwindow.h |1 + 10 files changed, 71 insertions(+), 18 deletions(-) diff --git a/src/dialogs/AddBookmarkDlg.cpp b/src/dialogs/AddBookmarkDlg.cpp index c7337fb..78b1116 100644 --- a/src/dialogs/AddBookmarkDlg.cpp +++ b/src/dialogs/AddBookmarkDlg.cpp @@ -21,11 +21,12 @@ #include AddBookmarkDlg.h -AddBookmarkDlg::AddBookmarkDlg(QWidget* parent, QString DefaultFilename, int _ItemID):QDialog(parent) +AddBookmarkDlg::AddBookmarkDlg(QWidget* parent, QString DefaultFilename, QString DefaultKeyFilename, int _ItemID):QDialog(parent) { setupUi(this); ItemID=_ItemID; connect(Button_Browse,SIGNAL(clicked()),this,SLOT(OnButtonBrowse())); + connect(Button_Keyfile_Browse,SIGNAL(clicked()),this,SLOT(OnKeyfileButtonBrowse())); connect(buttonBox-button(QDialogButtonBox::Ok),SIGNAL(clicked()),this,SLOT(OnButtonOk())); connect(buttonBox-button(QDialogButtonBox::Cancel),SIGNAL(clicked()),this,SLOT(reject())); if(ItemID==-1){ @@ -35,12 +36,16 @@ AddBookmarkDlg::AddBookmarkDlg(QWidget* parent, QString DefaultFilename, int _It QMetaObject::invokeMethod(this, OnButtonBrowse, Qt::QueuedConnection); else Edit_Filename-setText(DefaultFilename); + + if(!DefaultFilename.isEmpty()) + Edit_Keyfile-setText(DefaultKeyFilename); } else { createBanner(BannerPixmap,getPixmap(bookmark_edit),tr(Edit Bookmark),width()); Edit_Title-setText(KpxBookmarks::title(ItemID)); Edit_Filename-setText(KpxBookmarks::path(ItemID)); + Edit_Keyfile-setText(KpxBookmarks::keypath(ItemID)); setWindowTitle(tr(Edit Bookmark)); } } @@ -59,10 +64,17 @@ void AddBookmarkDlg::OnButtonBrowse(){ Edit_Filename-setText(path); } +void AddBookmarkDlg::OnKeyfileButtonBrowse(){ + QString path=KpxFileDialogs::openExistingFile(this,AddBookmarkDlg, tr(Add Bookmark), + QStringList() tr(All Files (*))); + if(path!=QString()) + Edit_Keyfile-setText(path); +} + void AddBookmarkDlg::OnButtonOk(){ if(ItemID==-1) - ItemID=KpxBookmarks::add(Edit_Title-text(),Edit_Filename-text()); + ItemID=KpxBookmarks::add(Edit_Title-text(),Edit_Filename-text(),Edit_Keyfile-text()); else - KpxBookmarks::edit(Edit_Title-text(),Edit_Filename-text(),ItemID); + KpxBookmarks::edit(Edit_Title-text(),Edit_Filename-text(),Edit_Keyfile-text(),ItemID); accept(); } diff --git a/src/dialogs/AddBookmarkDlg.h b/src/dialogs/AddBookmarkDlg.h index 7786a62..26888f8 100644 --- a/src/dialogs/AddBookmarkDlg.h +++ b/src/dialogs/AddBookmarkDlg.h @@ -27,7 +27,7 @@ class AddBookmarkDlg : public QDialog, private Ui::AddBookmarkDlg Q_OBJECT public: - AddBookmarkDlg (QWidget* parent=0, QString DefaultFilename=QString(), int ItemID=-1); + AddBookmarkDlg (QWidget* parent=0, QString DefaultFilename=QString(), QString DefaultKeyFilename=QString(), int ItemID=-1); int ItemID; private: @@ -37,6 +37,7 @@ class
Bug#725411: gnupg: gpg blindly imports keys from keyserver responses
Package: gnupg Version: 1.4.12-7+deb7u1 Severity: normal Dear Maintainer, the current release versions of gnupg (1.4 a swell as 2) blindly import anything returned from a keyserver; even when requesting a key by its most specific identifier (full fingerprint), the server is free to return anything - a different key, or even a bunch of keys. Up until today, it was even possible to inject secret keys into a system by just running an mitm attack against the keyserver or its client (a patch has been included to prevent this). While the trust model of gpg prevents the worst, being able to pollute the keyring of a victim with unwanted keys creates a situation that might confuse the user and lead to mistakes compromising security (e.g. by selecting a wrong and possible falsified key). Gnupg should check any keys returned from a keyserver request for plausibility with the initial request and reject anything not matching the criteria set. The attached patch provides this functionality. -- System Information: Debian Release: 7.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gnupg depends on: ii dpkg 1.16.10 ii gpgv 1.4.12-7+deb7u1 ii install-info 4.13a.dfsg.1-10 ii libbz2-1.01.0.6-4 ii libc6 2.13-38 ii libreadline6 6.2+dfsg-0.1 ii libusb-0.1-4 2:0.1.12-20+nmu1 ii zlib1g1:1.2.7.dfsg-13 Versions of packages gnupg recommends: pn gnupg-curl none ii libldap-2.4-2 2.4.31-1+nmu2 Versions of packages gnupg suggests: ii eog 3.4.2-1+build1 pn gnupg-doc none ii imagemagick 8:6.7.7.10-5+deb7u2 ii libpcsclite1 1.8.4-1+deb7u1 -- no debconf information From a521598c9850566fab9c6e5065ea0bda9ec45872 Mon Sep 17 00:00:00 2001 From: Stefan Tomanek toma...@internet-sicherheit.de Date: Thu, 12 Sep 2013 12:07:50 +0200 Subject: [PATCH] filter and verify keyserver responses This changes introduces import functions that apply a constraining filter to imported keys. These filters can verify the fingerprints of the keys returned before importing them into the keyring, ensuring that the keys fetched from the keyserver are in fact those selected by the user beforehand. It also prevents the accidental import of secret keys through key server responses. --- g10/import.c| 47 --- g10/keyserver.c | 45 +++-- g10/main.h |4 +++- 3 files changed, 78 insertions(+), 18 deletions(-) diff --git a/g10/import.c b/g10/import.c index 90fc2d6..75f211a 100644 --- a/g10/import.c +++ b/g10/import.c @@ -59,14 +59,17 @@ struct stats_s { static int import( IOBUF inp, const char* fname,struct stats_s *stats, - unsigned char **fpr,size_t *fpr_len,unsigned int options ); + unsigned char **fpr,size_t *fpr_len,unsigned int options, + import_filter filter, void *filter_arg ); static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ); static void revocation_present(KBNODE keyblock); static int import_one(const char *fname, KBNODE keyblock,struct stats_s *stats, unsigned char **fpr,size_t *fpr_len, - unsigned int options,int from_sk); + unsigned int options,int from_sk, + import_filter filter, void *filter_arg); static int import_secret_one( const char *fname, KBNODE keyblock, - struct stats_s *stats, unsigned int options); + struct stats_s *stats, unsigned int options, + import_filter filter, void *filter_arg ); static int import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats); static int chk_self_sigs( const char *fname, KBNODE keyblock, @@ -163,7 +166,8 @@ import_release_stats_handle (void *p) static int import_keys_internal( IOBUF inp, char **fnames, int nnames, void *stats_handle, unsigned char **fpr, size_t *fpr_len, - unsigned int options ) + unsigned int options, + import_filter filter, void *filter_arg ) { int i, rc = 0; struct stats_s *stats = stats_handle; @@ -172,7 +176,7 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames, stats = import_new_stats_handle (); if (inp) { -rc = import( inp, [stream], stats, fpr, fpr_len, options); +rc = import( inp, [stream], stats, fpr, fpr_len, options, filter, filter_arg); } else { int once = (!fnames !nnames); @@ -192,7 +196,7 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames, log_error(_(can't open `%s': %s\n), fname, strerror(errno) ); else { - rc = import( inp2, fname, stats, fpr, fpr_len, options ); + rc = import( inp2, fname, stats, fpr
Bug#650749: arpspoof: poison both communication partners
Package: dsniff Version: 2.4b1+debian-21.1 Severity: wishlist Tags: patch upstream To intercept the complete communication of many protocols, it is helpful to create a complete mitm attack. The attached patch adds a -r switch to make arpspoof send arp packets to both systems (host target), guiding the complete traffic through the attacking system. From 8fbf0ac15e5fe2df427e3e028f9aa8d96788986a Mon Sep 17 00:00:00 2001 From: Stefan Tomanek ste...@pico.ruhr.de Date: Sun, 6 Nov 2011 22:44:54 +0100 Subject: [PATCH 1/3] arpspoof: add -r switch to poison both directions Signed-off-by: Stefan Tomanek ste...@pico.ruhr.de --- arpspoof.8 |5 - arpspoof.c | 59 +++ 2 files changed, 51 insertions(+), 13 deletions(-) diff --git a/arpspoof.8 b/arpspoof.8 index a05b5d3..544e06c 100644 --- a/arpspoof.8 +++ b/arpspoof.8 @@ -9,7 +9,7 @@ intercept packets on a switched LAN .na .nf .fi -\fBarpspoof\fR [\fB-i \fIinterface\fR] [\fB-t \fItarget\fR] \fIhost\fR +\fBarpspoof\fR [\fB-i \fIinterface\fR] [\fB-t \fItarget\fR] [\fB-r\fR] \fIhost\fR .SH DESCRIPTION .ad .fi @@ -26,6 +26,9 @@ Specify the interface to use. .IP \fB-t \fItarget\fR Specify a particular host to ARP poison (if not specified, all hosts on the LAN). +.IP \fB-r\fR +Poison both hosts (host and target) to capture traffic in both directions. +(only valid in conjuntion with -t) .IP \fIhost\fR Specify the host you wish to intercept packets for (usually the local gateway). diff --git a/arpspoof.c b/arpspoof.c index 7cdbbf8..f51b699 100644 --- a/arpspoof.c +++ b/arpspoof.c @@ -7,6 +7,8 @@ * Copyright (c) 1999 Dug Song dugs...@monkey.org * * $Id: arpspoof.c,v 1.5 2001/03/15 08:32:58 dugsong Exp $ + * + * Improved 2011 by Stefan Tomanek st...@pico.ruhr.de */ #include config.h @@ -31,12 +33,13 @@ static libnet_t *l; static struct ether_addr spoof_mac, target_mac; static in_addr_t spoof_ip, target_ip; static char *intf; +static int poison_reverse; static void usage(void) { fprintf(stderr, Version: VERSION \n - Usage: arpspoof [-i interface] [-t target] host\n); + Usage: arpspoof [-i interface] [-t target] [-r] host\n); exit(1); } @@ -133,18 +136,30 @@ arp_find(in_addr_t ip, struct ether_addr *mac) static void cleanup(int sig) { + int fw = arp_find(spoof_ip, spoof_mac); + int bw = poison_reverse target_ip arp_find(target_ip, target_mac); int i; - - if (arp_find(spoof_ip, spoof_mac)) { - for (i = 0; i 3; i++) { - /* XXX - on BSD, requires ETHERSPOOF kernel. */ + + fprintf(stderr, Cleaning up and re-arping targets...\n); + for (i = 0; i 5; i++) { + /* XXX - on BSD, requires ETHERSPOOF kernel. */ + if (fw) { arp_send(l, ARPOP_REPLY, (u_int8_t *)spoof_mac, spoof_ip, (target_ip ? (u_int8_t *)target_mac : NULL), target_ip); + /* we have to wait a moment before sending the next packet */ + sleep(1); + } + if (bw) { + arp_send(l, ARPOP_REPLY, +(u_int8_t *)target_mac, target_ip, +(u_int8_t *)spoof_mac, +spoof_ip); sleep(1); } } + exit(0); } @@ -156,11 +171,12 @@ main(int argc, char *argv[]) char pcap_ebuf[PCAP_ERRBUF_SIZE]; char libnet_ebuf[LIBNET_ERRBUF_SIZE]; int c; - + intf = NULL; spoof_ip = target_ip = 0; - - while ((c = getopt(argc, argv, i:t:h?V)) != -1) { + poison_reverse = 0; + + while ((c = getopt(argc, argv, ri:t:h?V)) != -1) { switch (c) { case 'i': intf = optarg; @@ -169,6 +185,9 @@ main(int argc, char *argv[]) if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) usage(); break; + case 'r': + poison_reverse = 1; + break; default: usage(); } @@ -178,7 +197,12 @@ main(int argc, char *argv[]) if (argc != 1) usage(); - + + if (poison_reverse !target_ip) { + errx(1, Spoofing the reverse path (-r) is only available when specifying a target (-t).); + usage(); + } + if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) usage(); @@ -191,18 +215,29 @@ main(int argc, char *argv[]) if (target_ip != 0 !arp_find(target_ip, target_mac)) errx(1, couldn't arp for host %s
Bug#650751: arpspoof: specify multiple target hosts
Package: dsniff Version: 2.4b1+debian-21.1 Severity: wishlist Tags: patch upstream This patch allows multiple targets to be imitated simultaniously by arpspoof. From 25c761ebb1a8001d05da8b3dba36e96ac07ad586 Mon Sep 17 00:00:00 2001 From: Stefan Tomanek ste...@pico.ruhr.de Date: Mon, 7 Nov 2011 17:40:50 +0100 Subject: [PATCH 2/3] arpspoof: allow use of of multiple targets Signed-off-by: Stefan Tomanek ste...@pico.ruhr.de --- arpspoof.8 |2 +- arpspoof.c | 102 2 files changed, 69 insertions(+), 35 deletions(-) diff --git a/arpspoof.8 b/arpspoof.8 index 544e06c..af7ff63 100644 --- a/arpspoof.8 +++ b/arpspoof.8 @@ -25,7 +25,7 @@ same, e.g. fragrouter(8)) must be turned on ahead of time. Specify the interface to use. .IP \fB-t \fItarget\fR Specify a particular host to ARP poison (if not specified, all hosts -on the LAN). +on the LAN). Repeat to specify multiple hosts. .IP \fB-r\fR Poison both hosts (host and target) to capture traffic in both directions. (only valid in conjuntion with -t) diff --git a/arpspoof.c b/arpspoof.c index f51b699..a819678 100644 --- a/arpspoof.c +++ b/arpspoof.c @@ -29,9 +29,14 @@ extern char *ether_ntoa(struct ether_addr *); +struct host { + in_addr_t ip; + struct ether_addr mac; +}; + static libnet_t *l; -static struct ether_addr spoof_mac, target_mac; -static in_addr_t spoof_ip, target_ip; +static struct host spoof = {0}; +static struct host *targets; static char *intf; static int poison_reverse; @@ -133,30 +138,46 @@ arp_find(in_addr_t ip, struct ether_addr *mac) return (0); } +static int arp_find_all() { + struct host *target = targets; + while(target-ip) { + if (arp_find(target-ip, target-mac)) { + return 1; + } + target++; + } + + return 0; +} + static void cleanup(int sig) { - int fw = arp_find(spoof_ip, spoof_mac); - int bw = poison_reverse target_ip arp_find(target_ip, target_mac); + int fw = arp_find(spoof.ip, spoof.mac); + int bw = poison_reverse targets[0].ip arp_find_all(); int i; fprintf(stderr, Cleaning up and re-arping targets...\n); for (i = 0; i 5; i++) { - /* XXX - on BSD, requires ETHERSPOOF kernel. */ - if (fw) { - arp_send(l, ARPOP_REPLY, -(u_int8_t *)spoof_mac, spoof_ip, -(target_ip ? (u_int8_t *)target_mac : NULL), -target_ip); - /* we have to wait a moment before sending the next packet */ - sleep(1); - } - if (bw) { - arp_send(l, ARPOP_REPLY, -(u_int8_t *)target_mac, target_ip, -(u_int8_t *)spoof_mac, -spoof_ip); - sleep(1); + struct host *target = targets; + while(target-ip) { + /* XXX - on BSD, requires ETHERSPOOF kernel. */ + if (fw) { + arp_send(l, ARPOP_REPLY, +(u_int8_t *)spoof.mac, spoof.ip, +(target-ip ? (u_int8_t *)target-mac : NULL), +target-ip); + /* we have to wait a moment before sending the next packet */ + sleep(1); + } + if (bw) { + arp_send(l, ARPOP_REPLY, +(u_int8_t *)target-mac, target-ip, +(u_int8_t *)spoof.mac, +spoof.ip); + sleep(1); + } + target++; } } @@ -171,10 +192,15 @@ main(int argc, char *argv[]) char pcap_ebuf[PCAP_ERRBUF_SIZE]; char libnet_ebuf[LIBNET_ERRBUF_SIZE]; int c; + int n_targets; + spoof.ip = 0; intf = NULL; - spoof_ip = target_ip = 0; poison_reverse = 0; + n_targets = 0; + + /* allocate enough memory for target list */ + targets = calloc( argc+1, sizeof(struct host) ); while ((c = getopt(argc, argv, ri:t:h?V)) != -1) { switch (c) { @@ -182,7 +208,7 @@ main(int argc, char *argv[]) intf = optarg; break; case 't': - if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) + if ((targets[n_targets++].ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) usage(); break
Bug#650752: arpspoof: allow the selection of source hw address
Package: dsniff Version: 2.4b1+debian-21.1 Severity: wishlist Tags: patch upstream In certain networks, sending with the wrong hardware source address can jeopardize the network connection of the host running arpspoof. This patch makes it possible to specify whether arpspoof should use the own hardware address or the one of the real host when resetting the arp table of the target systems; it is also possible to use both. From 21773ccf18a5fc49d35e510a8797b0a1e83858c4 Mon Sep 17 00:00:00 2001 From: Stefan Tomanek ste...@pico.ruhr.de Date: Sun, 20 Nov 2011 21:32:53 +0100 Subject: [PATCH 3/3] arpspoof: allow selection of source hw address In certain networks, sending with the wrong hardware source address can jeopardize the network connection of the host running arpspoof. This patch makes it possible to specify whether arpspoof should use the own hardware address or the one of the real host when resetting the arp table of the target systems; it is also possible to use both. Signed-off-by: Stefan Tomanek ste...@pico.ruhr.de --- arpspoof.8 |9 +- arpspoof.c | 90 ++- 2 files changed, 72 insertions(+), 27 deletions(-) diff --git a/arpspoof.8 b/arpspoof.8 index af7ff63..f735d14 100644 --- a/arpspoof.8 +++ b/arpspoof.8 @@ -9,7 +9,7 @@ intercept packets on a switched LAN .na .nf .fi -\fBarpspoof\fR [\fB-i \fIinterface\fR] [\fB-t \fItarget\fR] [\fB-r\fR] \fIhost\fR +\fBarpspoof\fR [\fB-i \fIinterface\fR] [\fB-c \fIown|host|both\fR] [\fB-t \fItarget\fR] [\fB-r\fR] \fIhost\fR .SH DESCRIPTION .ad .fi @@ -23,6 +23,13 @@ same, e.g. fragrouter(8)) must be turned on ahead of time. .SH OPTIONS .IP \fB-i \fIinterface\fR Specify the interface to use. +.IP \fB-c \fIown|host|both\fR +Specify which hardware address t use when restoring the arp configuration; +while cleaning up, packets can be send with the own address as well as with +the address of the host. Sending packets with a fake hw address can disrupt +connectivity with certain switch/ap/bridge configurations, however it works +more reliably than using the own address, which is the default way arpspoof +cleans up afterwards. .IP \fB-t \fItarget\fR Specify a particular host to ARP poison (if not specified, all hosts on the LAN). Repeat to specify multiple hosts. diff --git a/arpspoof.c b/arpspoof.c index a819678..ab127f9 100644 --- a/arpspoof.c +++ b/arpspoof.c @@ -40,37 +40,36 @@ static struct host *targets; static char *intf; static int poison_reverse; +static uint8_t *my_ha = NULL; +static uint8_t *brd_ha = \xff\xff\xff\xff\xff\xff; + +static int cleanup_src_own = 1; +static int cleanup_src_host = 0; + static void usage(void) { fprintf(stderr, Version: VERSION \n - Usage: arpspoof [-i interface] [-t target] [-r] host\n); + Usage: arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host\n); exit(1); } static int -arp_send(libnet_t *l, int op, u_int8_t *sha, -in_addr_t spa, u_int8_t *tha, in_addr_t tpa) +arp_send(libnet_t *l, int op, + u_int8_t *sha, in_addr_t spa, + u_int8_t *tha, in_addr_t tpa, + u_int8_t *me) { int retval; - if (sha == NULL - (sha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) { - return (-1); - } - if (spa == 0) { - if ((spa = libnet_get_ipaddr4(l)) == -1) - return (-1); - } - if (tha == NULL) - tha = \xff\xff\xff\xff\xff\xff; - + if (!me) me = sha; + libnet_autobuild_arp(op, sha, (u_int8_t *)spa, tha, (u_int8_t *)tpa, l); - libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, l, 0); + libnet_build_ethernet(tha, me, ETHERTYPE_ARP, NULL, 0, l, 0); fprintf(stderr, %s , - ether_ntoa((struct ether_addr *)sha)); + ether_ntoa((struct ether_addr *)me)); if (op == ARPOP_REQUEST) { fprintf(stderr, %s 0806 42: arp who-has %s tell %s\n, @@ -129,7 +128,7 @@ arp_find(in_addr_t ip, struct ether_addr *mac) /* XXX - force the kernel to arp. feh. */ arp_force(ip); #else - arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip); + arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip, NULL); #endif sleep(1); } @@ -156,17 +155,23 @@ cleanup(int sig) int fw = arp_find(spoof.ip, spoof.mac); int bw = poison_reverse targets[0].ip arp_find_all(); int i; + int rounds = (cleanup_src_own*5 + cleanup_src_host*5); fprintf(stderr, Cleaning up and re-arping targets...\n); - for (i = 0; i 5; i++) { + for (i = 0; i rounds; i++) { struct host *target = targets; while(target-ip) { + uint8_t *src_ha = NULL; + if (cleanup_src_own (i%2 || !cleanup_src_host
Bug#647949: driftnet: does not read sniffed data from pcap file
Package: driftnet Version: 0.1.6-9+b1 Severity: normal Tags: patch upstream The version supplied in Debian lacks the option of reading packet data from a pcap file, requiring root privileges to use the X11 software. There are forks of driftnet implementing this feature which I'd like to see included in the debian release as well: https://github.com/wertarbyte/driftnet Since sniffing and displaying the data can be separated that way, these changes greatly increase the usefulness of the software package. -- System Information: Debian Release: 6.0.3 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-vserver-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages driftnet depends on: ii libatk1.0-01.30.0-1 The ATK accessibility toolkit ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra pn libgif4none(no description available) ii libglib2.0-0 2.24.2-1 The GLib library of C routines ii libgtk2.0-02.20.1-2 The GTK+ graphical user interface ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG ii libpango1.0-0 1.28.3-1+squeeze2 Layout and rendering of internatio ii libpcap0.8 1.1.1-2+squeeze1 system interface for user-level pa ii libpng12-0 1.2.44-1+squeeze1 PNG library - runtime driftnet recommends no packages. driftnet suggests no packages. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#647583: POP decoder in dsniff broken
Package: dsniff Version: 2.4b1+debian-21.1 Severity: normal Tags: patch upstream The POP decoder included in the dsniff program fails to extract authentication information from a connection made by thunderbird/icedove using AUTH PLAIN; instead, random data is printed to the screen. The attached patch rewrites the decoder to implement correct extraction of USER/PASS, AUTH PLAIN and AUTH LOGIN credentials. -- System Information: Debian Release: 6.0.3 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-vserver-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages dsniff depends on: ii libc6 2.11.2-10Embedded GNU C Library: Shared lib pn libdb4.6none (no description available) pn libnet1 none (no description available) pn libnids1.21 none (no description available) ii libpcap0.8 1.1.1-2+squeeze1 system interface for user-level pa ii libssl0.9.8 0.9.8o-4squeeze3 SSL shared libraries ii openssl 0.9.8o-4squeeze3 Secure Socket Layer (SSL) binary a Versions of packages dsniff recommends: ii libx11-6 2:1.3.3-4 X11 client-side library dsniff suggests no packages. From b05e27ba9b0ba9ef00ad2183933652e08d8c89af Mon Sep 17 00:00:00 2001 From: Stefan Tomanek ste...@pico.ruhr.de Date: Sat, 29 Oct 2011 20:48:55 +0200 Subject: [PATCH] rewrite and modernize POP decoder Signed-off-by: Stefan Tomanek ste...@pico.ruhr.de --- decode_pop.c | 96 ++--- 1 files changed, 77 insertions(+), 19 deletions(-) diff --git a/decode_pop.c b/decode_pop.c index 04044f5..767da41 100644 --- a/decode_pop.c +++ b/decode_pop.c @@ -6,6 +6,8 @@ * Copyright (c) 2000 Dug Song dugs...@monkey.org * * $Id: decode_pop.c,v 1.4 2001/03/15 08:33:02 dugsong Exp $ + * + * Rewritten by Stefan Tomanek 2011 ste...@pico.ruhr.de */ #include config.h @@ -45,32 +47,88 @@ int decode_pop(u_char *buf, int len, u_char *obuf, int olen) { char *p; + char *s; + int n; int i, j; + char *user; + char *password; + enum { + NONE, + AUTHPLAIN, + AUTHLOGIN, + USERPASS + } mode = NONE; + obuf[0] = '\0'; for (p = strtok(buf, \r\n); p != NULL; p = strtok(NULL, \r\n)) { - if (strncasecmp(p, AUTH PLAIN, 10) == 0 || - strncasecmp(p, AUTH LOGIN, 10) == 0) { - strlcat(obuf, p, olen); - strlcat(obuf, \n, olen); - - /* Decode SASL auth. */ - for (i = 0; i 2 (p = strtok(NULL, \r\n)); i++) { -strlcat(obuf, p, olen); -j = base64_pton(p, p, strlen(p)); -p[j] = '\0'; -strlcat(obuf, [, olen); -strlcat(obuf, p, olen); -strlcat(obuf, ]\n, olen); + if (mode == NONE) { + user = NULL; + password = NULL; + if (strncasecmp(p, AUTH PLAIN, 10) == 0) { +mode = AUTHPLAIN; +continue; + } + if (strncasecmp(p, AUTH LOGIN, 10) == 0) { +mode = AUTHLOGIN; +continue; + } + if (strncasecmp(p, USER , 5) == 0) { +mode = USERPASS; +/* the traditional login cuts right to the case, + * so no continue here + */ } } - /* Save regular POP2, POP3 auth info. */ - else if (strncasecmp(p, USER , 5) == 0 || - strncasecmp(p, PASS , 5) == 0 || - strncasecmp(p, HELO , 5) == 0) { - strlcat(obuf, p, olen); - strlcat(obuf, \n, olen); + printf((%d) %s\n, mode, p); + if (mode == USERPASS) { + if (strncasecmp(p, USER , 5) == 0) { +user = p[5]; + } else if (strncasecmp(p, PASS , 5) == 0) { +password = p[5]; + } + } + + if (mode == AUTHPLAIN) { + j = base64_pton(p, p, strlen(p)); + p[j] = '\0'; + n = 0; + s = p; + /* p consists of three parts, divided by \0 */ + while (s = p[j] n=3) { +if (n == 0) { + /* we do not process this portion yet */ +} else if (n == 1) { + user = s; +} else if (n == 2) { + password = s; +} +n++; +while (*s) s++; +s++; + } + } + + if (mode == AUTHLOGIN) { + j = base64_pton(p, p, strlen(p)); + p[j] = '\0'; + if (! user) { +user = p; + } else { +password = p; +/* got everything we need :-) */ + } + } + + if (user password) { + strlcat(obuf, \nusername [, olen); + strlcat(obuf, user, olen); + strlcat(obuf, ] password [, olen); + strlcat(obuf, password, olen); + strlcat(obuf, ]\n, olen); + + mode = NONE; } } return (strlen(obuf)); -- 1.7.5.4
Bug#594191: command line compilation with libraries
Since I wasn't able to find a Makefile that successfully integrates the library sources, I modified the Makefile found at http://mjo.tc/atelier/2009/02/acli/arduino-mk_0.4.tar.gz I added the necessary targets to build the object files from the sources of the requested libraries, so that projects using those can be build with the package structure supplied by Debian. You can retrieve the modified Makefile from github: https://github.com/wertarbyte/arduino-make I also attached the modified Arduino.mk. # # Arduino command line tools Makefile # System part (i.e. project independent) # # Copyright (C) 2010 Martin Oldfield m...@mjo.tc, based on work that is # Copyright Nicholas Zambetti, David A. Mellis Hernando Barragan # # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as # published by the Free Software Foundation; either version 2.1 of the # License, or (at your option) any later version. # # Adapted from Arduino 0011 Makefile by M J Oldfield # # Original Arduino adaptation by mellis, eighthave, oli.keller # # Version 0.1 17.ii.2009 M J Oldfield # # 0.2 22.ii.2009 M J Oldfield # - fixes so that the Makefile actually works! # - support for uploading via ISP # - orthogonal choices of using the Arduino for #tools, libraries and uploading # # 0.3 21.v.2010 M J Oldfield # - added proper license statement # - added code from Philip Hands to reset #Arduino prior to upload # # 0.4 25.v.2010 M J Oldfield # - tweaked reset target on Philip Hands' advice # # 0.5 23.iii.2011 Stefan Tomanek # - added ad-hoc library building # # # STANDARD ARDUINO WORKFLOW # # Given a normal sketch directory, all you need to do is to create # a small Makefile which defines a few things, and then includes this one. # # For example: # # ARDUINO_DIR = /Applications/arduino-0013 # # TARGET = CLItest # ARDUINO_LIBS = LiquidCrystal # # MCU = atmega168 # F_CPU= 1600 # ARDUINO_PORT = /dev/cu.usb* # # include /usr/local/share/Arduino.mk # # Hopefully these will be self-explanatory but in case they're not: # #ARDUINO_DIR - Where the Arduino software has been unpacked #TARGET - The basename used for the final files. Canonically # this would match the .pde file, but it's not needed # here: you could always set it to xx if you wanted! #ARDUINO_LIBS - A list of any libraries used by the sketch (we assume # these are in $(ARDUINO_DIR)/hardware/libraries #MCU,F_CPU- The target processor description #ARDUINO_PORT - The port where the Arduino can be found (only needed # when uploading # # Once this file has been created the typical workflow is just # # $ make upload # # All of the object files are created in the build-cli subdirectory # All sources should be in the current directory and can include: # - at most one .pde file which will be treated as C++ after the standard #Arduino header and footer have been affixed. # - any number of .c, .cpp, .s and .h files # # Included libraries are built in the build-cli/libs subdirectory. # # Besides make upload you can also # make- no upload # make clean - remove all our dependencies # make depends- update dependencies # make reset - reset the Arduino by tickling DTR on the serial port # make raw_upload - upload without first resetting # # # ARDUINO WITH OTHER TOOLS # # If the tools aren't in the Arduino distribution, then you need to # specify their location: # #AVR_TOOLS_PATH = /usr/bin #AVRDUDE_CONF = /etc/avrdude/avrdude.conf # # # ARDUINO WITH ISP # # You need to specify some details of your ISP programmer and might # also need to specify the fuse values: # # ISP_PROG = -c stk500v2 # ISP_PORT = /dev/ttyACM0 # # ISP_LOCK_FUSE_PRE = 0x3f # ISP_LOCK_FUSE_POST = 0xcf # ISP_HIGH_FUSE = 0xdf # ISP_LOW_FUSE = 0xff # ISP_EXT_FUSE = 0x01 # # I think the fuses here are fine for uploading to the ATmega168 # without bootloader. # # To actually do this upload use the ispload target: # #make ispload # # # Some paths # ifneq (ARDUINO_DIR,) ifndef AVR_TOOLS_PATH AVR_TOOLS_PATH= $(ARDUINO_DIR)/hardware/tools/avr/bin endif
Bug#604462: ITP: ifupdown-scripts-wa -- collection of useful extension scripts for ifupdown
Dies schrieb Javier Fernandez-Sanguino (j...@computer.org): Would it be possible to integrate these tools with the ifupdown-extra? It looks like both packages have common goals. Sure, why not. I'd be open to that. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#603842: esekeyd and triggerhappy (Re: RFS: triggerhappy)
Dies schrieb Jonathan Nieder (jrnie...@gmail.com): This information could be useful for both package descriptions. (Maybe, for triggerhappy: That is, this is similar to esekeyd but it also supports such and such, allowing you to such and such. and for esekeyd: This package does not do such and such; for that, see triggerhappy. In the simple situations it does handle, esekeyd is {simpler to configure | compatible with the old funkey daemon | more conservative in its use of resources | providing a different interface that existing users might be used to | whatever}. OK, I don't know esekeyd enough to include it into a direct comparison, but I tweaked my package description to better reflect the main aspects of triggerhappy and its features. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#603842: esekeyd and triggerhappy (Re: RFS: triggerhappy)
Dies schrieb Jonathan Nieder (jrnie...@gmail.com): I think esekeyd can only handle KEY events, while triggerhappy can also process Switch and button events. I am also unsure whether esekeyd support the hotplugging of input devices (done in triggerhappy by a udev script) or daemon control via socket. From what I see, esekeyd also lacks the support for modes, which can modify the button assignment depending on the state the daemon is in. Thanks, that helps. Next comes a question that might sound off-topic. Would it be easy and would it be sensible to teach esekeyd these features? I looked through the esekey source code, and from what I've seen esekey can handle only one input device at a time, while triggerhappy can open multiple devices simultanously. This is important for supporting devices that might not even be there when the daemon is started (bluetooth remote, USB keypad). What I am trying to figure out is whether esekeyd and triggerhappy occupy different niches or if it is an accident of history that you are not already working on the same codebase. IIUC triggerhappy is very young so there might be a chance to merge or make the user interfaces compatible before users grow irrationally attached to the quirks of one or the other. Of course I am in favor of _my_ pet project (who wouldn't?), but I think merging the two programs would be difficult. Although young, triggerhappy has accumulated quite a few features that would require a redesigning many aspects of esekeyd (multiple devices, command socket, multiple config files). -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#604447: ITP: tartarus -- script based extendable backup system
Package: wnpp Severity: wishlist Owner: Stefan Tomanek ste...@pico.ruhr.de * Package name: tartarus Version : 0.9.4-2 Upstream Author : Stefan Tomanek stefan.tomanek+tarta...@wertarbyte.de * URL : http://wertarbyte.de/tartarus.shtml * License : GPLv3 Programming Lang: Bash, Perl Description : script based extendable backup system Tartarus is a script based backup system that relies on default utilities available on most regular Linux systems. It supports on-the-fly upload to an FTP server, compression, encryption and can easily be extended by hooks. It is used on many dedicated server systems providing a FTP backup space. -- System Information: Debian Release: 5.0.6 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#604462: ITP: ifupdown-scripts-wa -- collection of useful extension scripts for ifupdown
Package: wnpp Severity: wishlist Owner: Stefan Tomanek stefan.tomanek+deb...@wertarbyte.de * Package name: ifupdown-scripts-wa Version : 0.4.1-1 Upstream Author : Stefan Tomanek stefan.tomanek+deb...@wertarbyte.de * URL : https://github.com/wertarbyte/ifupdown-scripts * License : GPLv3 Programming Lang: Shell Description : collection of useful extension scripts for ifupdown This package includes the following scripts extending the ifupdown system with useful features. All scripts are configured through additional statements in /etc/network/interfaces and integrate nicely: * addresses allows multiple addresses to be added to an network device in a convenient CIDR notation * reachable add additional networks reachable thourgh a configured interface, either directly or by using a connected gateway * conflicts automatically (de)configures an interface when another one comes up or goes down * pan connects your computer to an Bluetooth PAN access point before configuring the interface * vpnc controls a cisco VPN connect through ifupdown * wireless-tools-snooze waits for association with the access point before retrieving an IP address for the wireless network * ifupdown-network pm-utils script that shuts down specified network devices during suspend and restores them during resume -- System Information: Debian Release: 5.0.6 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) -- ste...@pico.ruhr.de GPG available and welcome http://stefans.datenbruch.de/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#604447: ITP: tartarus -- script based extendable backup system
Dies schrieb Olivier Berger (olivier.ber...@it-sudparis.eu): Just for my information, how does it compare to backupninja, that is already packaged in Debian, and seems quite similar from the provided description ? Hm, I didn't know Backupninja until now, but tartarus was developed out of necessity; one of its main features is the on-the-fly-upload of the backup archive to the FTP server making it quite popular here. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#603842: RFP: triggerhappy -- a system-wide hotkey and input event daemon
Package: wnpp Severity: wishlist * Package name: triggerhappy Version : 0.1.3 Upstream Author : Stefan Tomanek stefan.tomanek...@wertarbyte.de * URL : https://github.com/wertarbyte/triggerhappy * License : GPL Programming Lang: C Description : a system-wide hotkey and input event daemon Triggerhappy is a hotkey daemon that operates on a system wide scale. Instead of relying on a specific user being logged in and running the daemon in his X session, the triggerhappy daemon attaches directly to the input device files and interprets the event data received. Upon noticing configured events, it executes the programs specified in its configuration. By doing so, it ensures that certain functions (like regulating volume, activating the network etc.) are available regardless of a specific user being logged in as well as makes them controllable on a headless system (e.g. an embedded media player system). The daemon supports hotplugging by employing a simple client program being called by udev. The software is available through its git repository, a (simple) debian/ directory is also available in the debian branch. -- System Information: Debian Release: 5.0.6 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#597627: curl SFTP upload causes segfault after ~2GB
Package: curl Version: 7.18.2-8lenny4 Severity: important Uploading a file by using an SFTP connection causes curl to segfault after around 2GB. r...@zirkel:/etc/tartarus# cat /dev/urandom | curl -v -u USER:PASS --upload-file - sftp://FOO.your-backup.de/random; * About to connect() to FOO.your-backup.de port 22 (#0) * Trying FOO... connected * Connected to FOO.your-backup.de (FOO) port 22 (#0) * SSH authentication methods available: publickey,password * Using ssh public key file /home/stefan/.ssh/id_dsa.pub * Using ssh private key file /home/stefan/.ssh/id_dsa * SSH public key authentication failed: Unable to open public key file * Initialized password authentication * Authentication complete } [data not shown] % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 2028M0 00 2028M 0 3458k --:--:-- 0:10:00 --:--:-- 3736kSpeicherzugriffsfehler r...@zirkel:/etc/tartarus# curl -V curl 7.18.2 (x86_64-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.8 libssh2/0.18 Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz (for some reason, LANG=de, so Speicherzugriffsfehler == Segmentation Fault) Uploading large files by using FTP works fine. -- System Information: Debian Release: 5.0.6 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages curl depends on: ii libc6 2.7-18lenny4 GNU C Library: Shared libraries ii libcurl3 7.18.2-8lenny4Multi-protocol file transfer libra ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime curl recommends no packages. curl suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#341976: patch for apt-key adding interactive mode and keyserver support
Dies schrieb Julian Andres Klode (j...@debian.org): apt-key --interactive fetch keyid will download the specified key from a keyserver, presenting its data to the user and awaiting confirmation before adding the key. Without --interactive/-i, the fetch command will be denied due to security considerations. I don't see a reason to do this. This is a command-line tool which only works as root and limiting the root user is non-sense. He could just point gpg to APT's keyring and add the key without apt-key, thus there is no security benefit in requiring interactiveness. I added this requirement to keep people from blindly retrieving keys from a keyserver without verifying them or thinking about the trust they put into the people behind the keys. (see also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341976#17) However, I think either removing the --interactive requirement or adding a --force/--noverify option to override it could be worthy of discussion. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#341976: patch for apt-key adding interactive mode and keyserver support
tags 341976 + patch Greetings, I created the attached patch that adds the following features to apt-key: apt-key --interactive add filename will show the keys that are to be imported with their fingerprints, making it possible to inspect them before adding them to the keyring and without polluting the personal key ring with keys that will never be used. apt-key --interactive fetch keyid will download the specified key from a keyserver, presenting its data to the user and awaiting confirmation before adding the key. Without --interactive/-i, the fetch command will be denied due to security considerations. The patch implements these new features by creating a temporary GnuPG directory, importing the keys there and preparing them for inspection. diff --git a/cmdline/apt-key b/cmdline/apt-key index 7bb3024..b3ffdfe 100755 --- a/cmdline/apt-key +++ b/cmdline/apt-key @@ -18,6 +18,27 @@ ARCHIVE_KEYRING_URI= ARCHIVE_KEYRING=/usr/share/keyrings/debian-archive-keyring.gpg REMOVED_KEYS=/usr/share/keyrings/debian-archive-removed-keys.gpg +cmd_add() { +local FILE=$1 +if [ $INTERACTIVE = 0 ]; then +add_keys_to_keyring $FILE +else +prepare_tmp +$GPG_TMP --batch --import $FILE || return 1 +confirm_tmpkeys add_tmpkeys_to_keyring +destroy_tmp +fi +} + +add_keys_to_keyring() { +local FILE=$1 +$GPG --quiet --batch --import $FILE echo OK +} + +add_tmpkeys_to_keyring() { +$GPG_TMP -q --no-tty --export | add_keys_to_keyring - +} + add_keys_with_verify_against_master_keyring() { ADD_KEYRING=$1 MASTER=$2 @@ -102,9 +123,89 @@ update() { done } +# variables for handling temporary key data +TMP= +TMP_GPGHOME= +GPG_TMP= + +prepare_tmp() { +if [ -n $TMP ]; then +echo prepare_temp() called twice, aborting +exit 1 +fi +TMP=$(mktemp -d -t apt-key.XX) +TMP_GPGHOME=$TMP/gpg + +trap destroy_tmp EXIT INT + +mkdir -p $TMP_GPGHOME +chmod go-rwx $TMP_GPGHOME +# create empty keyrings + $TMP_GPGHOME/pubring.gpg + $TMP_GPGHOME/secring.gpg + +GPG_TMP=gpg --homedir $TMP_GPGHOME --no-options --no-default-keyring --batch +} + +destroy_tmp() { + if [ -z $TMP ]; then +echo destroy_tmp() called without prepare_tmp() before, aborting +exit 1 +fi +# uninstall handler +trap - EXIT INT + +rm -fr $TMP +TMP= +TMP_GPGHOME= +GPG_TMP= +} + +fetch() { +local KEYID=$1 +local KEYSERVER=wwwkeys.de.pgp.net + +if [ $INTERACTIVE = 0 ]; then +echo For security reasons, fetching keys from a keyserver does only work in --interactive mode. +return 1 +fi + +if [ -z $KEYID ]; then +echo Nothing to fetch +return 1 +fi + +$GPG_TMP -q --no-tty --keyserver $KEYSERVER --recv-keys $KEYID || return 1 + +if confirm_tmpkeys; then +# keys confirmed, import them in the keyring +add_tmpkeys_to_keyring +else +echo Aborted +return 1 +fi +} + +confirm_tmpkeys() { +echo +echo Please compare the key identities and fingerprints below to an +echo independent source to confirm their integrity. +echo + +$GPG_TMP --fingerprint + +CONFIRMATION=Yes, I will + +echo Do your trust this key and wish to add it to your apt keyring? +echo So answer with '$CONFIRMATION'. +read -pANSWER + +[ $ANSWER = $CONFIRMATION ] +} + usage() { -echo Usage: apt-key [command] [arguments] +echo Usage: apt-key [--interactive|-i] [command] [arguments] echo echo Manage apt's list of trusted keys echo @@ -116,10 +217,18 @@ usage() { echo apt-key net-update - update keys using the network echo apt-key list- list keys echo apt-key finger - list fingerprints -echo apt-key adv - pass advanced options to gpg (download key) +echo apt-key -i fetch keyid- fetch key from keyserver (required interactive mode) +echo apt-key adv - pass advanced options to gpg echo } +INTERACTIVE=0 + +if [ $1 = --interactive ] || [ $1 = -i ]; then +INTERACTIVE=1 +shift +fi + command=$1 if [ -z $command ]; then usage @@ -135,8 +244,7 @@ fi case $command in add) -$GPG --quiet --batch --import $1 -echo OK +cmd_add $1 ;; del|rm|remove) $GPG --quiet --batch --delete-key --yes $1 @@ -164,6 +272,11 @@ case $command in echo Executing: $GPG $* $GPG $* ;; +fetch) +prepare_tmp; +fetch $* +destroy_tmp; +;; help) usage ;;
Bug#547240: /usr/sbin/vapt-get: provide a --mark option to vapt-get (see attached patch)
Package: util-vserver Version: 0.30.216~r2772-6 Severity: wishlist File: /usr/sbin/vapt-get Tags: patch When using vapt-get to update multiple vservers, admistrators have two options: either use --all to apply the command to all servers, or specify vservers manually. With a larger number of heterogeneous vservers, this gets uncomfortable; while most of the systems may need updates, several system might not even run debian or should be excluded from the procedure for other reasons, e.g. if the root user of the vserver takes care of updates himself. The attached patch included a --mark option that allows to limit the vapt-get operation to hosts tagged with a keyword in /etc/vserver/$SERVER/apps/apt/mark Using that file, instances you wish to use vapt-get on can be tagged with a special tag: TAG=debian for SERVER in foo bar baz; do mkdir -p /etc/vserver/$SERVER/apps/apt/ echo $TAG /etc/vserver/$SERVER/apps/apt/mark done after tagging the hosts, vapt-get can be called with a simple command line: vapt-get --mark debian -- -u upgrade This command will run the upgrade procedure on all hosts tagged debian (foo, bar and baz in this example) -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-vserver-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages util-vserver depends on: ii debconf 1.5.24 Debian configuration management sy ii iproute 20080725-2 networking and traffic control too ii libbeecrypt6 4.1.2-7open source C library of cryptogra ii libc6 2.7-18 GNU C Library: Shared libraries ii make 3.81-5 The GNU version of the make util ii net-tools 1.60-22The NET-3 networking toolkit ii util-linux2.13.1.1-1 Miscellaneous system utilities Versions of packages util-vserver recommends: ii binutils2.18.1~cvs20080103-7 The GNU assembler, linker and bina ii debootstrap 1.0.10lenny1 Bootstrap a basic Debian system Versions of packages util-vserver suggests: ii iptables 1.4.2-6administration tools for packet fi ii linux-image-2.6.26-2-vserver- 2.6.26-19 Linux 2.6.26 image on AMD64, Linux ii module-init-tools 3.4-1 tools for managing Linux kernel mo ii procps1:3.2.7-11 /proc file system utilities pn vlan none (no description available) ii wget 1.11.4-2 retrieves files from the web pn yum none (no description available) -- debconf information excluded -- ste...@pico.ruhr.de GPG available and welcome http://stefans.datenbruch.de/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#544883: wireless-tools: if-up.d script breaks association
Package: wireless-tools Version: 29-2 Severity: normal Tags: patch For some time now, wireless-tools installs two identical configuration scripts in /etc/network/if-pre-up.d/ and /etc/network/if-up.d/. A while ago I noticed that I lost network connectivity right after dhclient fetched an address from ser DHCP server. After debugging this, I noticed that the script /etc/network/if-up.d/wireless-tools reconfigured my wlan card and thus broke the association with the access points - which was of course not needed, since a connection was already established. I thought about simply deleting the unused script, however I created a small patch to add a configuration option to specify when configuration should take place. Adding wireless-postconf no or wireless-preconf no to the network configuration will now disable the specified script, the default case is still to run both scripts. I am however unsure how that if-up script is supposed to work - assuming dhcp is used, a wlan connection must have been established prior to the script run. Otherwise, the user would have to wait quite a long time until dhclient withdraws into background. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.30-1-686 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages wireless-tools depends on: ii libc6 2.9-25 GNU C Library: Shared libraries ii libiw29 29-1.1 Wireless tools - library wireless-tools recommends no packages. wireless-tools suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#539448: /usr/sbin/newvserver: newvserver fails to identify the IP address of the host
Dies schrieb Ola Lundqvist (o...@debian.org): Thanks a lot for the description and the fix. Please try the new attached version to see if that works for you. Looks good to me :-) -- ste...@pico.ruhr.de GPG available and welcome http://stefans.datenbruch.de/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#437127: Info received (xen-utils-common: vif-common fails to identify ip address of ethernet device)
Anything new here? The bug still perisists and is quiet annoying, especially when considering the simplicity of its fix. On a side note, vserver-debiantools had a similiar problem which got fixed within 2 days (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539448), while the faulty line of shell code still resides in vif-common after 2 years and several confirmations. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#539448: /usr/sbin/newvserver: newvserver fails to identify the IP address of the host
Package: vserver-debiantools Version: 0.6.3 Severity: normal File: /usr/sbin/newvserver Tags: patch When installing a new vserver with newvserver, the script copies the file /etc/resolv.conf from the host to the installation directory. It tries to replace the loopback address 127.0.0.1 in that file with the real address of the server, however it fails to identify this address in some situations. These lines (561ff) are used to obtain the ip address: # grab DNS servers from the host-server for `resolv.conf' HOST_IP=$(ip -o addr show dev $INTERFACE primary scope global | \ sed -n 's;.*inet \([^/]*\)/.*;\1;p' | head -1) The code failes to correctly extract the address when it is run on a host configured with a pointopoint connection (/32), since ip addr does not show a / at the position expected: ste...@zirkel:~$ ip -o addr show dev eth0 primary scope global 2: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000\link/ether 00:24:21:57:33:76 brd ff:ff:ff:ff:ff:ff 2: eth0inet 188.40.44.137 peer 188.40.44.129/32 brd 188.40.255.255 scope global eth0 As you can see, the prefix length does not appear directly at the configured address, but at the peer address. Using newvserver on such a system results in a rather strange /etc/resolv.conf: nameserver 188.40.44.137 peer 188.40.44.129 I propose replacing the ip/sed-call with the following call: HOST_IP=$(ip -4 -o addr show primary scope global dev $INTERFACE| \ awk '$3 == inet {split($4,i,/); print i[1]; exit}') The scripts supplied by XEN do have the same issue, see #437127 for more details (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437127) Sincerly Stefan Tomanek -- System Information: Debian Release: 5.0.2 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-vserver-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages vserver-debiantools depends on: ii binutils2.18.1~cvs20080103-7 The GNU assembler, linker and bina ii debootstrap 1.0.10lenny1 Bootstrap a basic Debian system ii iproute 20080725-2 networking and traffic control too ii rsync 3.0.6-1~bpo50+1 fast remote file copy program (lik ii util-vserver0.30.216~r2772-6 user-space tools for Linux-VServer Versions of packages vserver-debiantools recommends: ii dnsutils 1:9.5.1.dfsg.P3-1 Clients provided with BIND vserver-debiantools suggests no packages. -- no debconf information -- ste...@pico.ruhr.de GPG available and welcome http://stefans.datenbruch.de/ 562,563c562,564 HOST_IP=$(ip -o addr show dev $INTERFACE primary scope global | \ sed -n 's;.*inet \([^/]*\)/.*;\1;p' | head -1) --- HOST_IP=$(ip -4 -o addr show primary scope global dev $INTERFACE | \ awk '$3 == inet {split($4,i,/); print i[1]; exit}')
Bug#522756: acpid: ACPID terminates if input devices are removed
Package: acpid Version: 1.0.10-2 Severity: normal I can confirm this bug. Removing an input device that was present when acpid was started inevitably crashes the daemon since it does not simply drop the single device, but terminates completely. So an instance of acpid started (possibly during system boot) with an USB keyboard plugged in will terminate the moment the keyboard is removed, due to further read attempts on the former device fiel failing. This is a major issue for notebook computers, since device files are often recreated during suspend/resume cycles, thus breaking acpid. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.30-1-686 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages acpid depends on: ii libc6 2.9-12 GNU C Library: Shared libraries ii lsb-base 3.2-22 Linux Standard Base 3.2 init scrip ii module-init-tools 3.7-pre9-1 tools for managing Linux kernel mo Versions of packages acpid recommends: ii acpi-support-base 0.123-1scripts for handling base ACPI eve acpid suggests no packages. -- debconf information: acpid/modules: ac processor battery button fan thermal acpid/noacpi: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#522756: Disabling input layer access in acpid
Package: acpid Version: 1.0.10-2 Severity: normal I've created a small patch to acpid that adds an command line switch --noinput/-i to the daemon that prohibits it from accessing the input device files. Therefore, it won't crash when devices are removed, however, it cannot react to button presses. The SW_LID, KEY_POWER, KEY_SLEEP and KEY_SUSPEND must be handled elsewhere. I did this using my daemon magmakeys I originally created to handle thinkpad event keys that ceased to generate ACPI events some time ago, it can also handle the cases named above quite fine. acpid patch: http://wertarbyte.de/debian/acpid-noinput.diff magmakeys: http://stefans.datenbruch.de/magmakeys/ debs: http://wertarbyte.de/apt/ The patch is also attached to this message. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#536670: hibernate: Integrate with HAL and/or pm-tools
Package: hibernate Version: 1.99-1 Severity: normal Suspending and hibernating the system can (and in fact is) triggered through HAL/DBUS by XFCE: The scripts (e.g. /usr/lib/hal/scripts/linux/hal-system-power-suspend-linux) are using the tools supplied by the package pm-tools. In my opinion, hibernate should include similar scripts that can be used instead of the pm-tools ones, e.g. by using /etc/alternatives. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.30-1-686 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages hibernate depends on: ii console-tools1:0.2.3dbs-65.1 Linux console and font utilities Versions of packages hibernate recommends: ii dash 0.5.5.1-2 POSIX-compliant shell ii hdparm8.9-3 tune hard disk parameters for high ii uswsusp 0.7-1.2tools to use userspace software su ii vbetool 1.1-2 run real-mode video BIOS code to a Versions of packages hibernate suggests: pn 915resolution none (no description available) ii vlock 2.2.2-3Virtual Console locking program ii xscreensaver 5.05-3 Automatic screensaver for X -- no debconf information -- debsums errors found: debsums: no md5sums for hibernate -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#536251: icewm: IceWM fails to handle a secondary display above the primary screen
Package: icewm Version: 1.2.37+1.3.4pre2-2 Severity: normal Using the nvidia tools, adding a secondary display to my thinkpad works fine. However, arranging the external display _above_ the primary display results in icewm awkwardness: When designating the builtin display as primary and restarting icewm, the taskbar is correctly aligned in it. However, opening an icewm menu (rightclicking the background, opening a window menu) on the secondary, external screen pops up the menu on the builtin display where the task bar resides. Another problem is maximizing a window on the secondary screen: instead of filling the screen the window currently resides on, it gets moved to the primary display. Not being able to maximize a window an the secondary display is a major issue for giving a presentation using a video projector with icewm. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.30-1-686 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages icewm depends on: ii icewm-common 1.2.37+1.3.4pre2-2 wonderful Win95-OS/2-Motif-like wi ii libc6 2.9-12 GNU C Library: Shared libraries ii libesd0 0.2.41-4 Enlightened Sound Daemon - Shared ii libfontconfig12.6.0-3generic font configuration library ii libgcc1 1:4.4.0-5 GCC support library ii libglib2.0-0 2.20.1-2 The GLib library of C routines ii libgtk2.0-0 2.16.1-2 The GTK+ graphical user interface ii libice6 2:1.0.5-1 X11 Inter-Client Exchange library ii libsm62:1.1.0-2 X11 Session Management library ii libx11-6 2:1.2.1-1 X11 client-side library ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar ii libxft2 2.1.13-3 FreeType-based font drawing librar ii libxinerama1 2:1.0.3-2 X11 Xinerama extension library ii libxrandr22:1.3.0-2 X11 RandR extension library icewm recommends no packages. Versions of packages icewm suggests: pn icewm-gnome-support none (no description available) ii ttf-bitstream-vera1.10-7 The Bitstream Vera family of free -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#521280: [Pkg-acpi-devel] Bug#521280: Input daemon supplementing acpid
Dies schrieb Michael Meskes (mes...@debian.org): So even if kacpimon does display them, I haven't found out how to handle the events using acpid - that's why I wrote the hotkey daemon. I'd prefer to figure out why acpid is not reacting to that event. This is not meant to diminish your effort, but I'd prefer to not have yet another daemon running. I think acpid does not react to EV_KEY events - and it also does not support hotplugging, so it won't detect an USB keyboard added to the system after boot. If all ACPI events are also transported through the input layer (like the POWER button), I wonder if its not even easier to abandon acpid in favour of a more generic input-event daemon than to introduce acpid to hal and rest of the hotplugging infrastructure. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#521280: Input daemon supplementing acpid
I encountered the same problems of losing my system wide hotkeys when upgrading to 2.6.29. I created a small perl daemon that uses HAL to watch all available input devices and wait for certain key events. It's only a quick shot, but polishing it could yield a nice little tool to handle hotkeys in a global way instead of relying on the users window manager or desktop environment. I uploaded magmakey.pl along with an example configuration to my website at http://stefans.datenbruch.de/magmakey/ - feel free to see whether the script suits your needs; It needs some polishing though. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#529882: guessnet-ifupdown fails to identify network
Package: guessnet Version: 0.49-1 Severity: normal For some time now, guessnet-ifupdown fails to identify the network my notebook (thinkpad r61, e1000e) is connected to. I am using this stripped down /etc/network/interfaces: auto lo iface lo inet loopback mapping lan script guessnet-ifupdown map default: none map timeout: 3 map init-time: 5 map verbose: true map debug: true iface home inet dhcp test peer address 78.47.193.113 mac 00:06:25:e8:73:8a iface is inet dhcp test peer address 134.91.35.1 mac 00:0e:0c:05:7c:bb However, ifup lan just yields the following lines: r...@nano:/etc/network# ifup lan guessnet: Added startable with priority 100 guessnet: Added startable with priority 200 guessnet: Added startable with priority 4294967295 guessnet: Added startable with priority 4294967295 guessnet: 2 candidates found in input guessnet: Guessnet 0.49 starting... guessnet: Trying MII detection guessnet: 0 candidate profiles guessnet: Added default test none guessnet: Trying MII detection guessnet: Initialized test subsystems guessnet: Starting all 3 startables guessnet: Starting elements with priority 100 guessnet: Starting elements with priority 200 guessnet: Starting net sender guessnet: Starting elements with priority 4294967295 guessnet: Sending 10 ARP probes, 1 every second... guessnet: Sending 10 ARP probes, 1 every second... guessnet: Started tests guessnet: 3 candidates guessnet: Got ARP reply from 78.47.193.113 00:06:25:ea:d2:bc guessnet: Got ARP reply from 78.47.193.113 00:06:25:ea:d2:bc Unknown pcap error. Context: getting a new packet from the network. Quitting NetWatcher thread. No such process. Context: Cancelling generic thread when shutting down NetWatcher Ignoring unknown interface lan=none. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages guessnet depends on: ii libc6 2.9-4 GNU C Library: Shared libraries ii libgcc1 1:4.4.0-4 GCC support library ii libiw29 29-1.1 Wireless tools - library ii libnet1 1.1.2.1-5 library for the construction and h ii libpcap0.81.0.0-1system interface for user-level pa ii libstdc++64.4.0-4The GNU Standard C++ Library v3 guessnet recommends no packages. Versions of packages guessnet suggests: ii ifplugd 0.28-15configuration daemon for ethernet ii pppoe 3.8-3 PPP over Ethernet driver pn waproamd none (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#521280: [Pkg-acpi-devel] Bug#521280: Input daemon supplementing acpid
Dies schrieb Michael Meskes (mes...@debian.org): On Thu, May 21, 2009 at 02:46:11PM +0200, Stefan Tomanek wrote: I encountered the same problems of losing my system wide hotkeys when upgrading to 2.6.29. On which system are you? The new acpid is supposed to read the whole input layer, i.e. also the key events. Having said that, I haven't checked whether hotkeys still create *any* event in the input layer or where HAL gets its information from. acpid does indeed poll the input layer when started with -n, however, I wasn't able to make it react to arbitrary key events. I suppose the daemon only handles ACPI events, but since 2.6.29 the thinkpad hotkeys that formerly triggered ACPI messages are handing out ordinary key presses, hiding from acpid. Please correct me if I'm wrong about that. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#521280: [Pkg-acpi-devel] Bug#521280: Input daemon supplementing acpid
Dies schrieb Michael Meskes (mes...@debian.org): On Fri, May 22, 2009 at 03:10:26AM +0200, Stefan Tomanek wrote: acpid does indeed poll the input layer when started with -n, however, I wasn't able to make it react to arbitrary key events. I suppose the daemon only handles ACPI events, but since 2.6.29 the thinkpad hotkeys that formerly triggered ACPI messages are handing out ordinary key presses, hiding from acpid. Please correct me if I'm wrong about that. Does kacpimon display the hotkey event? It does, but it does display _every_ input event on the system, not only ACPI related ones. So even if kacpimon does display them, I haven't found out how to handle the events using acpid - that's why I wrote the hotkey daemon. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#529530: bluez-utils: pand fails to connect to phone with 2.6.29*
Package: bluez-utils Version: 3.36-3 Severity: important Since upgrading to kernel 2.6.29, I cannot connect to the internet using my phone and pand. Although pand acknowledges the connection, no network device bnep0 is created; pand then dies silently: r...@nano:~# /usr/bin/pand -n -c 00:1D:28:DE:E3:11 pand[7084]: Bluetooth PAN daemon version 3.36 pand[7084]: Connecting to 00:1D:28:DE:E3:11 pand[7084]: bnep0 connected r...@nano:~# ifconfig bnep0 bnep0: error fetching interface information: Device not found r...@nano:~# ps ax | grep pand 7118 pts/1S+ 0:00 grep pand r...@nano:~# pand -l r...@nano:~# -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.29-2-686 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages bluez-utils depends on: ii dbus 1.2.12-1simple interprocess messaging syst ii libbluetooth23.36-1 Library to use the BlueZ Linux Blu ii libc62.9-4 GNU C Library: Shared libraries ii libdbus-1-3 1.2.12-1simple interprocess messaging syst ii libglib2.0-0 2.20.0-2The GLib library of C routines ii libusb-0.1-4 2:0.1.12-13 userspace USB programming library ii lsb-base 3.2-22 Linux Standard Base 3.2 init scrip ii makedev 2.3.1-88creates device files in /dev ii module-init-tools3.7-pre9-1 tools for managing Linux kernel mo ii udev 0.141-1 /dev/ and hotplug management daemo Versions of packages bluez-utils recommends: ii bluez-audio 3.36-3 Bluetooth audio support ii obex-data-server 0.3.4-1D-Bus service for OBEX client and Versions of packages bluez-utils suggests: pn bluez-firmwarenone (no description available) ii bluez-gnome 0.27-1 Bluetooth utilities for GNOME -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510976: fortunes-mod: fortune not terminating when using -s
Package: fortunes-mod Severity: normal When using -s to display only short cookies while specifying a cookie file that does not contain such, fortune gets into an infinite loop. I can reproduce this with fortune -s de/suppe on several systems. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-xen-vserver-amd64 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510523: getfacl should have an option to skip non-ACL files
Package: acl Version: 2.2.41-1 Severity: wishlist I tried to use getfacl to save any ACLs I might have set on files before running a backup with tar, however the file got extremely large (600MB) - although nearly 99% of the files only had traditional unix permissions. I'd welcome a command line option that skipped over files in -R mode that only have the common ugo permissions. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-xen-vserver-amd64 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages acl depends on: ii libacl12.2.41-1 Access control list shared library ii libattr1 2.4.32-1 Extended attribute shared library ii libc6 2.3.6.ds1-13etch8 GNU C Library: Shared libraries acl recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#403983: additional if-pre-up.d script to wait for and trigger association
I had the same problem of getting my iwl4965 to associate to various access points. By accident I noticed that iwconfig $dev ap any did trigger that process (I now read that essid works as well). I created a script that hooks into if-pre-up.d and waits for the wireless interface to come up. That way, the connection will be ready when dhcpclient comes along. I also included a triggering mechanism that tries to force reassociation when no access point is found. After a timeout of around 10 seconds, the script passes on, whether an agreement with the ap could be reached or not. I attached the script to this mail and uploaded it to http://wertarbyte.de/debian/wireless-tools-snooze I hope it helps :-) #!/bin/sh # # wireless-tools-snooze # # This script can be placed in /etc/network/if-pre-up.d/ to buy # some more time for access point association. Some wifi chipsets # also give up after missing one association, so the script does # trigger a configurable number of reassociations. # # By Stefan Tomanek [EMAIL PROTECTED] # http://wertarbyte.de/ IWCONFIG=/sbin/iwconfig if [ ! -x $IWCONFIG ]; then exit 0 fi if [ $IF_WIRELESS != yes ]; then exit 0 fi if [ $IF_WIRELESS_MODE != managed ]; then echo Not a managed interface, snooze disabled 2 exit 0 fi is_associated() { [ $(/sbin/iwgetid --raw --ap $IFACE) != 00:00:00:00:00:00 ] } trigger_association() { $IWCONFIG $IFACE ap ${IF_WIRELESS_AP:-any} essid ${IF_WIRELESS_ESSID:-any} } COUNTDOWN=10 while ! is_associated [ $COUNTDOWN -ge 0 ]; do echo Device $IFACE is not yet associated, waking it... ($COUNTDOWN tries left) 2 trigger_association let COUNTDOWN-- sleep 1 done if is_associated; then echo Successfully triggered $IFACE association 2 else echo Giving up on interface $IFACE 2 fi
Bug#499323: Additional regular expressions for openvpn/logcheck
I've created some additional regular expressions for use with logcheck and openVPN; The existing ones do not expect OpenVPN to log the clients name and address, which these do: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?Data Channel (En|De)crypt: Cipher '[[:alnum:]-]+' initialized with [0-9]+ bit key$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?Data Channel (En|De)crypt: Using [0-9]+ bit message hash '[[:alnum:]-]+' for HMAC authentication$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?TLS: Username/Password authentication succeeded for username '\w+' (\[CN SET\])?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?Control Channel: TLSv1, cipher TLSv1/SSLv3 [[:alnum:]-]+, [0-9]+ bit RSA$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?(Data|Control) Channel MTU parms \[[[:upper:]:0-9 ]+\]$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?(Local|Expected Remote) Options hash \(VER=V[0-9]+\): '[0-9a-f]+'$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?Peer Connection Initiated with [0-9.]{7,15}:[0-9]+$ I hope these get integrated in a future update of logcheck-database. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#499323: logcheck-database: Logcheck fails to ignore certain OpenVPN messages
Package: logcheck-database Version: 1.2.54 Severity: normal Tags: patch Logcheck fails to ignore certain lines generated by OpenVPN; the attached patch fixes several regular expressions: * OpenVPN does not print the full path to ifconfig or route (at least here) * The interface name can also contain dots and does not always start with tun * The startup messages now gets suppressed as well -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-xen-vserver-amd64 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages logcheck-database depends on: ii debconf [debconf-2.0]1.5.11etch2 Debian configuration management sy logcheck-database recommends no packages. -- debconf information: logcheck-database/conffile-cleanup: false 12c12 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: Preserving previous TUN/TAP instance: [[:alnum:]-]+$ --- ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: Preserving previous TUN/TAP instance: [[:alnum:].-]+$ 34c34 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: /sbin/route del -net [.[:digit:]]{7,15} netmask [.[:digit:]]{7,15}$ --- ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (/sbin/)?route del -net [.[:digit:]]{7,15} netmask [.[:digit:]]{7,15}$ 39c39 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: /sbin/ifconfig tun[[:digit:]]+ [.[:digit:]]{7,15} pointopoint [.[:digit:]]{7,15} mtu [[:digit:]]+$ --- ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (/sbin/)?ifconfig [-._[:alnum:]]+ [.[:digit:]]{7,15} pointopoint [.[:digit:]]{7,15} mtu [[:digit:]]+$ 53a54 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: OpenVPN [[:digit:].]+ [[:alnum:]_-]+ (\[[A-Z]+\] )*built on [[:alpha:]]{3} [[:digit:]]{2} [[:digit:]]{4}$
Bug#496591: ifupdown: Adding multiple IP addresses to an interface
Package: ifupdown Version: 0.6.8 Severity: wishlist Tags: patch Greetings, a lot of setups require the addition of multiple ip addresses to a single network interface. The default ifupdown system debian employs offers no configuration directives to achieve this. The attached script in conjunction with the iproute package enables the configuration file /etc/network/interfaces to solve this issue by the introduction of a new parameter calles addresses: iface eth0 inet static # the usual configuration address 192.168.0.1 netmask 255.255.255.0 # additional addresses, even multiple per line addresses 192.168.1.5/24 192.168.1.6/24 # multiple lines can be added by using an appended label addresses-sslsites 192.168.10.1/24 192.168.10.4/24 addresses-debug 10.0.0.2/8 The script (http://wertarbyte.de/debian/addresses) is placed in the directory /etc/network/if-up.d/ and a symlink towards it in if-down.d interprets the new parameters, merges all specified addresses and adds them by using ip. When deconfiguring the interface, the addresses are removed as well. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-xen-vserver-amd64 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages ifupdown depends on: ii debconf [debconf-2.0] 1.5.11etch2 Debian configuration management sy ii libc6 2.3.6.ds1-13etch7 GNU C Library: Shared libraries ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip ii net-tools 1.60-17 The NET-3 networking toolkit ifupdown recommends no packages. -- debconf information: ifupdown/convert-interfaces: true addresses Description: application/shellscript
Bug#494992: acpi calculating (dis)charging time incorrectly
Package: acpi Version: 1.1-1 Severity: normal Hello, I noticed today that the command acpi reported strange charging and dicharging times for my thinkpad: [EMAIL PROTECTED]:~$ acpi Battery 0: Discharging, 83%, 00:02:07 remaining [EMAIL PROTECTED]:~$ acpi Battery 0: Charging, 83%, 00:00:14 until charged While investigating the issue further, I noticed that the correct values were shifted to the right, so instead of displaying a charging time of 14 minutes, acpi calculated a remaining time of 14 seconds. I traced the issue down to the lines 289 and 297 in the file acpi.c: seconds = 60 * (design_capacity - remaining_capacity) / present_rate; [...] seconds = 60 * remaining_capacity / present_rate; Instead of converting the expression to the unit of seconds, it returns the value in minutes (since design_capacity has the unit of Wh). Replacing the 60 with the correct value of 3600 should fix the problem. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash Versions of packages acpi depends on: ii libc6 2.7-10 GNU C Library: Shared libraries acpi recommends no packages. acpi suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#463779: gkrellm: Battery handling broken with linux-image 2.6.24-1
Package: gkrellm Version: 2.3.1-1 Severity: important With kernel version 2.6.24-1, the Debian kernel packages does not support the /proc interface for ACPI_POWER devices. Therefore, /proc/acpi/battery does not exist. gkrellm should switch to the /sys interface replacing the obsolete one. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-xen-vserver-amd64 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#437127: xen-utils-common: vif-common fails to identify ip address of ethernet device
I did some fine tuning on the command line, and this one should be an even better alternative: ip -4 -o addr show primary dev $1 | awk '$3 == inet {print $4; exit}' | sed 's!/.*!!' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#437127: xen-utils-common: vif-common fails to identify ip address of ethernet device
Package: xen-utils-common Version: 3.0.3-0-2 Severity: normal On my systen, the script vif-common fails to retrieve the primary IP address of my ethernet device, preventing a domU from starting. I tracked this issue down to the file /etc/xen/script/vif-common. The function ip_of uses the following shell code to extract the address: ip addr show $1 | awk /^.*inet.*$1\$/{print \$2} | sed -n '1 s,/.*,,p' This code however fails if no slash is present in the address, which is the case in my configuration: [EMAIL PROTECTED]:/etc/xen/scripts$ ip addr show dev eth0 2: eth0: BROADCAST,MULTICAST,UP,1 mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:16:17:90:b4:35 brd ff:ff:ff:ff:ff:ff inet 88.198.12.XXX peer 88.198.12.XXX/32 brd 88.255.255.255 scope global eth0 [...] I changed the line to: ip addr show dev $1 | awk '/^ *inet / {print $2; exit}' | sed 's#/.*##' This works fine for me. Hopefully this special case gets taken care of in future releases. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-xen-vserver-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages xen-utils-common depends on: ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip ii udev 0.105-4/dev/ and hotplug management daemo xen-utils-common recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406225: xtradius: Add wildcard ability to /etc/raddb/clients
Package: xtradius Version: 1.2.1-beta2-1 Severity: wishlist For one of my projects, I need the ability to add wildcard to the list of accepted clients, so that any host can use the radius service. I created a small patch that can achieve this by adding an entry like * secret to the clients file. However, I am not a C programmer, so anyone familiar with that language (and xtradius) should check that patch, although it is working fine for me. The patch has to be applied to the file src/files.c. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.18-3-xen-vserver-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages xtradius depends on: ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an -- no debconf information 1390,1391c1390,1402 c-ipaddr = get_ipaddr(hostnm); --- // This introduces * as a fallback wildcard for clients // Stefan Tomanek [EMAIL PROTECTED] if ( strcmp(hostnm, *) != 0 ) { c-ipaddr = get_ipaddr(hostnm); strNcpy(c-longname, ip_hostname(c-ipaddr), sizeof(c-longname)); } else { log(L_INFO, Creating a wildcard client entry); // wildcard: we do not know anything about the IP address yet // An IP adress of 0 serves as a marker c-ipaddr = (UINT4)0; c-longname[0] = 0; } 1394,1395d1404 strNcpy(c-longname, ip_hostname(c-ipaddr), sizeof(c-longname)); 1405d1413 1416a1425,1457 // So we did not find a matching entry, let's check again if we have // a wildcard record // Stefan Tomanek [EMAIL PROTECTED] if (! cl) { // client default (*) RADCLIENT *cd; // Let's see whether we can find a default entry in the list for(cd = clients; cd; cd = cd-next) { // An IP adress of 0 serves as a marker if(cd-ipaddr == 0) { // create a new client struct RADCLIENT *cn; if ((cn = malloc(sizeof(RADCLIENT))) == NULL) { log(L_INFO, Out of memory while processing wildcard client); return NULL; } else { log(L_INFO, Creating a new client entry due to wildcard match); cn-ipaddr = ipaddr; // Now we copy all the important data over from the default template strNcpy(cn-secret, cd-secret, sizeof(cn-secret)); strNcpy(cn-shortname, cd-shortname, sizeof(cn-shortname)); strNcpy(cn-longname, ip_hostname(ipaddr), sizeof(cn-longname)); // Now we place the new RADCLIENT struct in the linked list cn-next = cd-next; cd-next = cn; // This is the entry we want to return cl = cn; } } } }
Bug#360691: ICEWM
Dies schrieb Niv Altivanik ([EMAIL PROTECTED]): This bug seems to be ICEWM's busyness, the message reports that the running WM doesn't repport itself as beeing NETWM Compilant, maybe ICEWM launches his ~/.icewm/startup, before launching itself ? That indeed could be the case, can you move the bug to the IceWM package, or should I reopen a new bug? -- .:[EMAIL PROTECTED] | [EMAIL PROTECTED] | GPG: finger [EMAIL PROTECTED] °:. |_ http://stefans.datenbruch.de/__ __| | Wer Header fälscht oder verfälscht oder gefälschte oder verfälschte Header | `-__in_Umlauf_bringt_wird_mit_Scorefile_nicht_unter_-500_Punkten_bestraft__-' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#360691: skippy: Skippy does not start when launched from ~/.icewm/startup
Package: skippy Version: 0.5.1rc1-4 Severity: normal When starting Skippy from the autostart file of IceWM (~/.icewm/startup), Skippy will not load; The log file .xsession-errors contains the following error message: FATAL: WM not NETWM or GNOME WM Spec compliant. However, starting skippy manually afterwardsworks fine, so this might be as well an IceWM issue. Thanks in advance for your help :-) -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15.3-tm292 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages skippy depends on: ii libc6 2.3.6-3GNU C Library: Shared libraries an ii libfontconfig12.3.2-1.1 generic font configuration library ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib ii libimlib2 1.2.1-2powerful image loading and renderi ii libpcre3 6.4-1.1Perl 5 Compatible Regular Expressi ii libx11-6 6.9.0.dfsg.1-4 X Window System protocol client li ii libxext6 6.9.0.dfsg.1-4 X Window System miscellaneous exte ii libxft2 2.1.8.2-3 FreeType-based font drawing librar ii libxinerama1 6.9.0.dfsg.1-4 X Window System multi-head display ii libxrender1 1:0.9.0.2-1X Rendering Extension client libra ii xlibs 6.9.0.dfsg.1-4 X Window System client libraries m ii zlib1g1:1.2.3-11 compression library - runtime skippy recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#324112: rhythmbox: Sometimes freezes on startup if rhyhmlet desklet is running
Dies schrieb Loïc Minier ([EMAIL PROTECTED]): Rhythmbox sometimes freezes on startup while loading the music database. It seems like this issue is associated with the rhythmlet gdesklet, since all other desklets are blocked (no reaction, no redraw) until the stalled rhythmbox is killed. The issue cannot be reproduced reliably. Do you still have this problem? It never occured to me in the last time, looks like some of the last releases fixed it. -- .:[EMAIL PROTECTED] | [EMAIL PROTECTED] | GPG: finger [EMAIL PROTECTED] °:. |___ http://localhost.ruhr.de/~stefan/ __| | Wer Header fälscht oder verfälscht oder gefälschte oder verfälschte Header | `-__in_Umlauf_bringt_wird_mit_Scorefile_nicht_unter_-500_Punkten_bestraft__-' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#349686: rhythmbox: Command line control brings up Rhythmbox window
Package: rhythmbox Version: 0.9.2-3 Severity: normal I noticed that calling rhythmbox with options like --print-playing-album, --next or --print-playing-path brings the running rhythmbox window to top. I think this behaviour is wrong and should be treated as a bug, since it is really annoying if the window pops everytime some homemade script queries the current track. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14.2-tm292 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages rhythmbox depends on: ii avahi-daemon 0.6.4-1 Avahi mDNS/DNS-SD daemon ii dbus 0.60-5 simple interprocess messaging syst ii gconf2 2.12.1-8GNOME configuration database syste ii gstreamer0.8-alsa [gstre 0.8.11-2ALSA plugin for GStreamer ii gstreamer0.8-artsd [gstr 0.8.11-2aRtsd plugin for GStreamer ii gstreamer0.8-esd [gstrea 0.8.11-2Enlightened Sound Daemon plugin fo ii gstreamer0.8-flac0.8.11-2FLAC plugin for GStreamer ii gstreamer0.8-gnomevfs0.8.11-2Gnome VFS plugin for GStreamer ii gstreamer0.8-jack [gstre 0.8.8-3 JACK plugin for GStreamer ii gstreamer0.8-mad 0.8.11-2MAD MPEG audio decoder plugin for ii gstreamer0.8-misc0.8.11-2Collection of various GStreamer pl ii gstreamer0.8-oss [gstrea 0.8.11-2OSS plugin for GStreamer ii gstreamer0.8-polypaudio 0.8.11-2polypaudio plugin for GStreamer ii gstreamer0.8-vorbis 0.8.11-2Vorbis plugin for GStreamer ii libart-2.0-2 2.3.17-1Library of functions for 2D graphi ii libatk1.0-0 1.10.3-1The ATK accessibility toolkit ii libaudiofile00.2.6-6 Open-source version of SGI's audio ii libavahi-client3 0.6.4-1 Avahi client library ii libavahi-common3 0.6.4-1 Avahi common library ii libavahi-compat-howl00.6.4-1 Avahi Howl compatibility library ii libavahi-glib1 0.6.4-1 Avahi glib integration library ii libbonobo2-0 2.10.1-1Bonobo CORBA interfaces library ii libbonoboui2-0 2.10.1-1The Bonobo UI library ii libc62.3.5-8 GNU C Library: Shared libraries an ii libcairo21.0.2-3 The Cairo 2D vector graphics libra ii libdbus-1-2 0.60-5 simple interprocess messaging syst ii libdbus-glib-1-2 0.60-5 simple interprocess messaging syst ii libesd0 0.2.36-1Enlightened Sound Daemon - Shared ii libexpat11.95.8-3XML parsing C library - runtime li ii libfontconfig1 2.3.2-1.1 generic font configuration library ii libfreetype6 2.1.7-2.4 FreeType 2 font engine, shared lib ii libgconf2-4 2.12.1-8GNOME configuration database syste ii libgcrypt11 1.2.2-1 LGPL Crypto library - runtime libr ii libglade2-0 1:2.5.1-2 library to load .glade files at ru ii libglib2.0-0 2.8.5-1 The GLib library of C routines ii libgnome-keyring00.4.6-2 GNOME keyring services library ii libgnome2-0 2.10.1-1The GNOME 2 library - runtime file ii libgnomecanvas2-02.12.0-2A powerful object-oriented display ii libgnomeui-0 2.10.1-1The GNOME 2 libraries (User Interf ii libgnomevfs2-0 2.12.2-5GNOME virtual file-system (runtime ii libgnutls11 1.0.16-14 GNU TLS library - runtime library ii libgpg-error01.1-4 library for common error values an ii libgpod0 0.3.0-2 a library to read and write songs ii libgstreamer-gconf0.8-0 0.8.11-2GConf support for GStreamer ii libgstreamer0.8-00.8.11-3Core GStreamer libraries, plugins, ii libgtk2.0-0 2.8.9-2 The GTK+ graphical user interface ii libhal1 0.5.5.1-5 Hardware Abstraction Layer - share ii libice6 6.8.2.dfsg.1-11 Inter-Client Exchange library ii libjpeg626b-11 The Independent JPEG Group's JPEG ii libmusicbrainz4c2a 2.1.2-2 Second generation incarnation of t ii libnautilus-burn22.12.2-3Nautilus Burn Library - runtime ve ii liborbit21:2.12.4-1 libraries for ORBit2 - a CORBA ORB ii libpango1.0-01.10.2-1Layout and rendering of internatio ii libpng12-0 1.2.8rel-5 PNG library - runtime ii libpopt0 1.7-5 lib for parsing cmdline parameters ii libsm6 6.8.2.dfsg.1-11 X
Bug#341534: icewm: Logout does not close gdesklets correctly
Package: icewm Version: 1.2.23-1 Severity: normal When I logout from my icewm-session, icewm makes gdesklets put a window for every installed desklet on my asking me whether I'm sure about removing that desklet (permanantly). Obviously, icewm does not tryto terminate the gdesklet daemon on logout, but instead tries to close every single desklet window. Is there a way to change that behaviour? -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14.2-tm292 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages icewm depends on: ii icewm-common 1.2.23-1 wonderful Win95-OS/2-Motif-like wi ii imlib11 1.9.14-26 Imlib is an imaging library for X ii libaudiofile0 0.2.6-6Open-source version of SGI's audio ii libc6 2.3.5-8GNU C Library: Shared libraries an ii libesd0 0.2.36-1 Enlightened Sound Daemon - Shared ii libfontconfig12.3.2-1generic font configuration library ii libfreetype6 2.1.7-2.4 FreeType 2 font engine, shared lib ii libgcc1 1:4.0.2-4 GCC support library ii libice6 6.8.2.dfsg.1-7 Inter-Client Exchange library ii libjpeg62 6b-10 The Independent JPEG Group's JPEG ii libpng12-01.2.8rel-5 PNG library - runtime ii libsm66.8.2.dfsg.1-7 X Window System Session Management ii libtiff4 3.7.4-1Tag Image File Format (TIFF) libra ii libungif4g4.1.4-1shared library for GIF images (run ii libx11-6 6.8.2.dfsg.1-7 X Window System protocol client li ii libxext6 6.8.2.dfsg.1-7 X Window System miscellaneous exte ii libxft2 2.1.7-1FreeType-based font drawing librar ii libxinerama1 6.8.2.dfsg.1-7 X Window System multi-head display ii libxrandr26.8.2.dfsg.1-7 X Window System Resize, Rotate and ii libxrender1 1:0.9.0-2 X Rendering Extension client libra ii xlibs 6.8.2.dfsg.1-7 X Window System client libraries m ii zlib1g1:1.2.3-8 compression library - runtime icewm recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#335888: xfree86-driver-synaptics: syndaemon does not recognize Windows key as modifier
Package: xfree86-driver-synaptics Version: 0.14.3-1 Severity: normal The syndaemon does not recognize the windows key as an modifier key. Since I placed most of my window management command on this key, I propose that not only this key should be accepted as meta key, but also key combinations with it: So Windows+2 (which switches to desktop #2 on my system) should not block the touchpad. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13.4-tm292 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages xfree86-driver-synaptics depends on: ii libc6 2.3.5-6GNU C Library: Shared libraries an ii libx11-6 6.8.2.dfsg.1-7 X Window System protocol client li ii libxext6 6.8.2.dfsg.1-7 X Window System miscellaneous exte ii libxi66.8.2.dfsg.1-7 X Window System Input extension li ii xlibs 6.8.2.dfsg.1-7 X Window System client libraries m ii xserver-xorg [xserver-xfr 6.8.2.dfsg.1-7 the X.Org X server xfree86-driver-synaptics recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#335888: xfree86-driver-synaptics: syndaemon does not recognize Windows key as modifier
Dies schrieb Mattia Dongili ([EMAIL PROTECTED]): This is a different issue (this is a wishlist bug). If you agree I could implement and/or suggest upstream to add a -K (capital 'K') option that ignores modifiers combos. That sounds great, I strongly agree with that :-) -- .:[EMAIL PROTECTED] | [EMAIL PROTECTED] | GPG: finger [EMAIL PROTECTED] °:. |___ http://localhost.ruhr.de/~stefan/ __| | Wer Header fälscht oder verfälscht oder gefälschte oder verfälschte Header | `-__in_Umlauf_bringt_wird_mit_Scorefile_nicht_unter_-500_Punkten_bestraft__-' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#324112: rhythmbox: Sometimes freezes on startup if rhyhmlet desklet is running
Package: rhythmbox Version: 0.8.8-13 Severity: normal Rhythmbox sometimes freezes on startup while loading the music database. It seems like this issue is associated with the rhythmlet gdesklet, since all other desklets are blocked (no reaction, no redraw) until the stalled rhythmbox is killed. The issue cannot be reproduced reliably. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11.11-tm292 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages rhythmbox depends on: ii gconf2 2.10.1-1GNOME configuration database syste ii gstreamer0.8-alsa [gstre 0.8.8-3 ALSA plugin for GStreamer ii gstreamer0.8-artsd [gstr 0.8.8-3 aRtsd plugin for GStreamer ii gstreamer0.8-esd [gstrea 0.8.8-3 Enlightened Sound Daemon plugin fo ii gstreamer0.8-flac0.8.8-3 FLAC plugin for GStreamer ii gstreamer0.8-gnomevfs0.8.8-3 Gnome VFS plugin for GStreamer ii gstreamer0.8-jack [gstre 0.8.8-3 JACK plugin for GStreamer ii gstreamer0.8-mad 0.8.8-3 MAD MPEG audio decoder plugin for ii gstreamer0.8-misc0.8.8-3 Collection of various GStreamer pl ii gstreamer0.8-oss [gstrea 0.8.8-3 OSS plugin for GStreamer ii gstreamer0.8-vorbis 0.8.8-3 Vorbis plugin for GStreamer ii libart-2.0-2 2.3.17-1Library of functions for 2D graphi ii libatk1.0-0 1.10.1-2The ATK accessibility toolkit ii libaudiofile00.2.6-6 Open-source version of SGI's audio ii libbonobo2-0 2.10.0-1Bonobo CORBA interfaces library ii libbonoboui2-0 2.8.1-2 The Bonobo UI library ii libc62.3.2.ds1-22GNU C Library: Shared libraries an ii libesd0 0.2.36-1Enlightened Sound Daemon - Shared ii libgconf2-4 2.10.1-1GNOME configuration database syste ii libgcrypt11 1.2.1-4 LGPL Crypto library - runtime libr ii libglade2-0 1:2.5.1-2 library to load .glade files at ru ii libglib2.0-0 2.6.5-1 The GLib library of C routines ii libgnome-keyring00.4.3-1 GNOME keyring services library ii libgnome2-0 2.8.1-2 The GNOME 2 library - runtime file ii libgnomecanvas2-02.10.2-2A powerful object-oriented display ii libgnomeui-0 2.8.1-3 The GNOME 2 libraries (User Interf ii libgnomevfs2-0 2.10.1-5The GNOME virtual file-system libr ii libgnutls11 1.0.16-13.1 GNU TLS library - runtime library ii libgpg-error01.1-4 library for common error values an ii libgstreamer-gconf0.8-0 0.8.8-3 GConf support for GStreamer ii libgstreamer0.8-00.8.10-1Core GStreamer libraries, plugins, ii libgtk2.0-0 2.6.8-1 The GTK+ graphical user interface ii libice6 4.3.0.dfsg.1-14 Inter-Client Exchange library ii libjpeg626b-10 The Independent JPEG Group's JPEG ii liborbit21:2.12.2-3 libraries for ORBit2 - a CORBA ORB ii libpango1.0-01.8.2-1 Layout and rendering of internatio ii libpopt0 1.7-5 lib for parsing cmdline parameters ii libsm6 4.3.0.dfsg.1-14 X Window System Session Management ii libtasn1-2 0.2.13-1Manage ASN.1 structures (runtime) ii libx11-6 4.3.0.dfsg.1-14 X Window System protocol client li ii libxml2 2.6.20-1GNOME XML library ii xlibs4.3.0.dfsg.1-14 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-4 compression library - runtime Versions of packages rhythmbox recommends: ii scrollkeeper 0.3.14-10 A free electronic cataloging syste ii yelp 2.6.5-1Help browser for GNOME 2 -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#323464: gdesklets-data: Trouble with IceWM logout
Package: gdesklets-data Version: 0.35.3-1 Severity: normal Since upgrading to this version of gdesklets-data, logging out from my icewm-session results in dialoges popping up for every display whether I want to remove this specific desklets. This happens everytime I click on the logout function of IceWM. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11.11-tm292 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages gdesklets-data depends on: ii gdesklets 0.35.2-1 Architecture for desktop applets ii python2.3.5-3An interactive high-level object-o Versions of packages gdesklets-data recommends: ii gnome-panel 2.10.2-1 launcher and docking facility for pn hddtemp none (no description available) ii libwww-search-perl 2.46-1 Perl modules which provide an API ii python-imaging 1.1.4-3.1Python Imaging Library ii python-soappy 0.11.3-1 SOAP Support for Python (SOAP.py) ii python-xdg 0.14-2 A python library to access freedes ii python-xml 0.8.4-1 XML tools for Python [dummy packag ii python-xmms 2.04-2 Python interface to XMMS ii xmms1.2.10+cvs20050209-2 Versatile X audio player that look -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#322875: gdesklets-data: Rhythmlet desklets do not scale cover images
Package: gdesklets-data Version: 0.35.2-2 Severity: normal The rhythmbox desklets do not scale the album covers anymore, so instead of displaying a small icon of it, they just show a section of it, sometimes covering their own user interface with the picture. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11.11-tm292 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages gdesklets-data depends on: ii gdesklets 0.35.2-1 Architecture for desktop applets ii python2.3.5-3An interactive high-level object-o Versions of packages gdesklets-data recommends: ii gnome-panel 2.10.2-1 launcher and docking facility for pn hddtemp none (no description available) ii libwww-search-perl 2.46-1 Perl modules which provide an API ii python-imaging 1.1.4-3.1Python Imaging Library ii python-soappy 0.11.3-1 SOAP Support for Python (SOAP.py) ii python-xdg 0.14-2 A python library to access freedes ii python-xml 0.8.4-1 XML tools for Python [dummy packag ii python-xmms 2.04-2 Python interface to XMMS ii xmms1.2.10+cvs20050209-2 Versatile X audio player that look -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#321161: gdesklets-data: Missing pixmaps in some LTCandy desklets
Package: gdesklets-data Version: 0.35.2-2 Severity: normal Since my upgrade to this version, the border pixmaps around the LTCandy Weather desklet and the LTCandy Clock Desklet do not display thir border pixmaps, and the clock desklet also does not display the clock icon anymore (just the hands). -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11.11-tm292 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages gdesklets-data depends on: ii gdesklets 0.35.2-1 Architecture for desktop applets ii python2.3.5-3An interactive high-level object-o Versions of packages gdesklets-data recommends: ii gnome-panel 2.10.2-1 launcher and docking facility for pn hddtemp none (no description available) ii libwww-search-perl 2.46-1 Perl modules which provide an API ii python-imaging 1.1.4-3.1Python Imaging Library ii python-soappy 0.11.3-1 SOAP Support for Python (SOAP.py) ii python-xdg 0.14-2 A python library to access freedes ii python-xml 0.8.4-1 XML tools for Python [dummy packag ii python-xmms 2.04-2 Python interface to XMMS ii xmms1.2.10+cvs20050209-2 Versatile X audio player that look -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#316530: gdesklets-data: starterbar only shows a small rectangle
Package: gdesklets-data Version: 0.32 Severity: normal Since today, the starterbar desklet ceased to work on my system. Since I haven't restarted it for some time now, I don't whether the cause of this issue occured some time ago. When I start the gdesklets suite, all displays work flawlessly, except starterbar, which only displays a shaded, ca. 10x10 pixel sized rectangle. There are no Icons, even if i try to add a new starter. There also aren't any interesting messages in the terminal I start gdesklets from, only stuff like (gDesklets:11583): Gdk-WARNING **: Couldn't match property type STRING to UTF8_STRING All packages are at their most recent version, I also tried the python-xdg from unstable, however with no result. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11.11-tm292 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages gdesklets-data depends on: ii gdesklets 0.33.1-2 an advanced architecture for deskt ii python2.3.5-3An interactive high-level object-o -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]