Bug#1059808: [Debian-ha-maintainers] Bug#1059808: ocfs2-tools: isolation-machine autopkgtest fails: Internal logic failure while mounting /dev/loop0 on /mnt
On Tue, Mar 12, 2024 at 07:54:52PM +0100, Valentin Vidic wrote: > On Mon, Jan 01, 2024 at 07:57:38PM +0100, Paul Gevers wrote: > > 47s === mount === > > 47s mount.ocfs2: Internal logic failure while mounting /dev/loop0 on /mnt. > > Check 'dmesg' for more information on this error 22. > > 47s umount: /mnt: not mounted. > > Thanks for the report, I'm seeing the same problem on a local KVM > instance. The test still works with older kernel versions and show be > fixed for new kernels once they have these two patches: > > Alexander Aring [PATCH 1/2] dlm: fix user space lkb refcounting > Alexander Aring [PATCH 2/2] dlm: fix off-by-one waiters refcount handling > The problem should be resolved now with a new kernel version: Linux 6.7.12-amd64 works correctly for me again. -- Valentin
Bug#1059808: [Debian-ha-maintainers] Bug#1059808: ocfs2-tools: isolation-machine autopkgtest fails: Internal logic failure while mounting /dev/loop0 on /mnt
On Mon, Jan 01, 2024 at 07:57:38PM +0100, Paul Gevers wrote: > 47s === mount === > 47s mount.ocfs2: Internal logic failure while mounting /dev/loop0 on /mnt. > Check 'dmesg' for more information on this error 22. > 47s umount: /mnt: not mounted. Thanks for the report, I'm seeing the same problem on a local KVM instance. The test still works with older kernel versions and show be fixed for new kernels once they have these two patches: Alexander Aring [PATCH 1/2] dlm: fix user space lkb refcounting Alexander Aring [PATCH 2/2] dlm: fix off-by-one waiters refcount handling -- Valentin
Bug#1064429: ITP: glome -- Generic Low Overhead Message Exchange
Package: wnpp Severity: wishlist Owner: Valentin Vidic X-Debbugs-Cc: debian-de...@lists.debian.org * Package name: glome Version : 0.1 * URL : https://github.com/google/glome * License : Apache-2.0 Programming Lang: C Description : Generic Low Overhead Message Exchange Generic Low Overhead Message Exchange (GLOME) is a protocol providing secure authentication and authorization for low dependency environments. It resembles one-time authorization codes (aka OTPs) but is different from HOTP and TOTP in the following ways: * It is stateless (unlike HOTP). * It does not depend on time unlike TOTP). * It does not require predefined secret sharing (unlike HOTP and TOTP). These properties make it a good choice for low dependency environments (e.g., devices with no persistent storage a real-time clock). It can be also useful for managing access to a large fleet of hosts where synchronising state or sharing predefined secrets can be a challenge. The package provides a PAM module, login(1) replacement, CLI utility and a shared library.
Bug#1055036: bookworm-pu: package crmsh/4.4.1-1+deb12u1
On Mon, Feb 12, 2024 at 06:21:52PM +, Jonathan Wiltshire wrote:
> This will happen on every package update, no? What if the local
> administrator has set other properties on the log file (e.g. to allow other
> users to read it)?
Thanks, I have updated the postinst to only make the changes if
the logs don't exist. Updated debdiff attached below...
--
Valentin
diff -Nru crmsh-4.4.1/debian/changelog crmsh-4.4.1/debian/changelog
--- crmsh-4.4.1/debian/changelog 2023-03-03 22:48:41.0 +0100
+++ crmsh-4.4.1/debian/changelog 2023-10-29 20:46:13.0 +0100
@@ -1,3 +1,10 @@
+crmsh (4.4.1-1+deb12u1) bookworm; urgency=medium
+
+ * d/postinst: create a logging directory (Closes: #1042448)
+ * d/patches: add patch for log file error
+
+ -- Valentin Vidic Sun, 29 Oct 2023 20:46:13 +0100
+
crmsh (4.4.1-1) unstable; urgency=medium
[ Bas Couwenberg ]
diff -Nru crmsh-4.4.1/debian/control crmsh-4.4.1/debian/control
--- crmsh-4.4.1/debian/control 2023-03-03 22:46:48.0 +0100
+++ crmsh-4.4.1/debian/control 2023-10-29 20:46:13.0 +0100
@@ -43,6 +43,7 @@
Breaks: pacemaker (<< 1.1.12)
Suggests:
bash-completion,
+ cluster-glue,
csync2,
dmidecode,
fdisk | util-linux (<< 2.29.2-3~),
diff -Nru crmsh-4.4.1/debian/crmsh.postinst crmsh-4.4.1/debian/crmsh.postinst
--- crmsh-4.4.1/debian/crmsh.postinst 1970-01-01 01:00:00.0 +0100
+++ crmsh-4.4.1/debian/crmsh.postinst 2023-10-29 20:46:13.0 +0100
@@ -0,0 +1,50 @@
+#!/bin/sh
+# postinst script for crmsh
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#* `configure'
+#* `abort-upgrade'
+#* `abort-remove' `in-favour'
+#
+#* `abort-deconfigure' `in-favour'
+#`removing'
+#
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+#
+
+case "$1" in
+configure)
+if [ ! -e /var/log/crmsh ]; then
+mkdir /var/log/crmsh
+chown hacluster:haclient /var/log/crmsh
+chmod 0775 /var/log/crmsh
+fi
+
+if [ ! -e /var/log/crmsh/crmsh.log ]; then
+touch /var/log/crmsh/crmsh.log
+chown hacluster:haclient /var/log/crmsh/crmsh.log
+chmod 0664 /var/log/crmsh/crmsh.log
+fi
+;;
+
+abort-upgrade|abort-remove|abort-deconfigure)
+
+;;
+
+*)
+echo "postinst called with unknown argument \`$1'" >&2
+exit 1
+;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff -Nru crmsh-4.4.1/debian/crmsh.postrm crmsh-4.4.1/debian/crmsh.postrm
--- crmsh-4.4.1/debian/crmsh.postrm 1970-01-01 01:00:00.0 +0100
+++ crmsh-4.4.1/debian/crmsh.postrm 2023-10-29 20:46:13.0 +0100
@@ -0,0 +1,41 @@
+#!/bin/sh
+# postrm script for crmsh
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#* `remove'
+#* `purge'
+#* `upgrade'
+#* `failed-upgrade'
+#* `abort-install'
+#* `abort-install'
+#* `abort-upgrade'
+#* `disappear'
+#
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+purge)
+rm -rf /var/log/crmsh
+;;
+
+remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+;;
+
+*)
+echo "postrm called with unknown argument \`$1'" >&2
+exit 1
+;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff -Nru crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch
--- crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch 1970-01-01 01:00:00.0 +0100
+++ crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch 2023-10-29 20:46:13.0 +0100
@@ -0,0 +1,52 @@
+From b4abe21d2fd55ced0f56baff5c4892a4826aa0f7 Mon Sep 17 00:00:00 2001
+From: nicholasyang
+Date: Tue, 25 Oct 2022 13:28:40 +0800
+Subject: [PATCH] fix: log: fail to open log file even if user is in haclient
+ group (bsc#1204670)
+
+The file had been created with umask 0022 in usual so that it was not
+group-writable.
+
+Call chown and chmod explicitly to fix it.
+---
+ crmsh/log.py | 21 ++---
+ 1 file changed, 10 insertions(+), 11 deletions(-)
+
+--- a/crmsh/log.py
b/crmsh/log.py
+@@ -423,14 +423,6 @@
+ self.logger.info("offending xml: %s", xml)
+
+
+-def setup_directory_for_logfile():
+-"""
+-Create log file's parent directory
+-"""
+-_dir = os.path.dirname(CRMSH_LOG_FILE)
+-os.makedirs(_dir, exist_ok=True)
+-
+-
+ def setup_logging(only_help=False):
+ """
+
Bug#1061552: crmsh broken with python3-parallax 1.0.6
On Sat, Jan 27, 2024 at 01:56:40PM +0100, wf...@debian.org wrote: > Indeed, parallax.run was added only in version 1.0.7 by > https://github.com/krig/parallax/commit/38bac0eb3cb20e9df8cbbf585cf9353793ffdba2. Thanks, it seems the watch file for parallax did not find new versions so we are behind there. But also crmsh 4.6.0 drops parallax as a dependency so I will try to upload that. -- Valentin
Bug#1055419: bookworm-pu: package pcs/0.11.5-1+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: p...@packages.debian.org
Control: affects -1 + src:pcs
[ Reason ]
Running the 'crm resource move' command results in a Python
stack trace due to missing arguments in a function call. The
bug was introduced in version 0.11.5 and fixed upstream in
0.11.6.
[ Impact ]
'crm resource move' command does not work correctly.
[ Tests ]
Package tests pass for the updated package and also manual
test confirm the move command works correctly now.
[ Risks ]
The code change is simple (adding the missing function argument),
so the risk should be low.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Function calls to tools.get_tmp_file() are replaced with
tools.get_tmp_file(None) to avoid the error:
TypeError: get_tmp_file() missing 1 required positional argument: 'data'
diff -Nru pcs-0.11.5/debian/changelog pcs-0.11.5/debian/changelog
--- pcs-0.11.5/debian/changelog 2023-03-03 08:57:59.0 +0100
+++ pcs-0.11.5/debian/changelog 2023-11-05 16:27:07.0 +0100
@@ -1,3 +1,9 @@
+pcs (0.11.5-1+deb12u1) bookworm; urgency=medium
+
+ * d/patches: add fix for resource move (Closes: #1042893)
+
+ -- Valentin Vidic Sun, 05 Nov 2023 16:27:07 +0100
+
pcs (0.11.5-1) unstable; urgency=medium
* New upstream version 0.11.5
diff -Nru pcs-0.11.5/debian/patches/Fix-resource-move.patch
pcs-0.11.5/debian/patches/Fix-resource-move.patch
--- pcs-0.11.5/debian/patches/Fix-resource-move.patch 1970-01-01
01:00:00.0 +0100
+++ pcs-0.11.5/debian/patches/Fix-resource-move.patch 2023-11-05
16:27:07.0 +0100
@@ -0,0 +1,25 @@
+--- a/pcs/lib/pacemaker/live.py
b/pcs/lib/pacemaker/live.py
+@@ -384,7 +384,10 @@
+ string cib_xml -- CIB XML to simulate
+ """
+ try:
+-with tools.get_tmp_file() as new_cib_file, tools.get_tmp_file() as
transitions_file:
++with (
++tools.get_tmp_file(None) as new_cib_file,
++tools.get_tmp_file(None) as transitions_file,
++):
+ cmd = [
+ __exec("crm_simulate"),
+ "--simulate",
+--- a/pcs_test/tools/custom_mock.py
b/pcs_test/tools/custom_mock.py
+@@ -98,7 +98,7 @@
+ except StopIteration:
+ pass
+
+-def _mock_side_effect(self, data=None, binary=False):
++def _mock_side_effect(self, data, binary=False):
+ def _seek_callback(offset):
+ if offset != 0:
+ raise AssertionError(
diff -Nru pcs-0.11.5/debian/patches/series pcs-0.11.5/debian/patches/series
--- pcs-0.11.5/debian/patches/series1970-01-01 01:00:00.0 +0100
+++ pcs-0.11.5/debian/patches/series2023-11-05 16:27:07.0 +0100
@@ -0,0 +1 @@
+Fix-resource-move.patch
Bug#1055036: bookworm-pu: package crmsh/4.4.1-1+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: cr...@packages.debian.org Control: affects -1 + src:crmsh [ Reason ] As reported in #1042448, crmsh has a regression in the bookworm release if the command is run by a non-root user. [ Impact ] Running the command as non-root user results in a permission error while in Debian 11 this worked correctly: PermissionError: [Errno 1] Operation not permitted: '/var/log/crmsh/crmsh.log' [ Tests ] Updated package was tested with autopkgtest and manually to check if the permissions error is handled correctly by the command. [ Risks ] The change is simple and applied in the upstream and unstable package for a while now. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Log file is now created by the postinst with the correct permissions and the code is updated to not fail if the owner of the log file cannot be updated (as in the case of non-root user). diff -Nru crmsh-4.4.1/debian/changelog crmsh-4.4.1/debian/changelog --- crmsh-4.4.1/debian/changelog2023-03-03 22:48:41.0 +0100 +++ crmsh-4.4.1/debian/changelog2023-10-29 20:46:13.0 +0100 @@ -1,3 +1,10 @@ +crmsh (4.4.1-1+deb12u1) bookworm; urgency=medium + + * d/postinst: create a logging directory (Closes: #1042448) + * d/patches: add patch for log file error + + -- Valentin Vidic Sun, 29 Oct 2023 20:46:13 +0100 + crmsh (4.4.1-1) unstable; urgency=medium [ Bas Couwenberg ] diff -Nru crmsh-4.4.1/debian/control crmsh-4.4.1/debian/control --- crmsh-4.4.1/debian/control 2023-03-03 22:46:48.0 +0100 +++ crmsh-4.4.1/debian/control 2023-10-29 20:46:13.0 +0100 @@ -43,6 +43,7 @@ Breaks: pacemaker (<< 1.1.12) Suggests: bash-completion, + cluster-glue, csync2, dmidecode, fdisk | util-linux (<< 2.29.2-3~), diff -Nru crmsh-4.4.1/debian/crmsh.postinst crmsh-4.4.1/debian/crmsh.postinst --- crmsh-4.4.1/debian/crmsh.postinst 1970-01-01 01:00:00.0 +0100 +++ crmsh-4.4.1/debian/crmsh.postinst 2023-10-29 20:46:13.0 +0100 @@ -0,0 +1,46 @@ +#!/bin/sh +# postinst script for crmsh +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +#* `configure' +#* `abort-upgrade' +#* `abort-remove' `in-favour' +# +#* `abort-deconfigure' `in-favour' +#`removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package +# + +case "$1" in +configure) +mkdir -p /var/log/crmsh +chown hacluster:haclient /var/log/crmsh +chmod 0775 /var/log/crmsh + +touch /var/log/crmsh/crmsh.log +chown hacluster:haclient /var/log/crmsh/crmsh.log +chmod 0664 /var/log/crmsh/crmsh.log +;; + +abort-upgrade|abort-remove|abort-deconfigure) + +;; + +*) +echo "postinst called with unknown argument \`$1'" >&2 +exit 1 +;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff -Nru crmsh-4.4.1/debian/crmsh.postrm crmsh-4.4.1/debian/crmsh.postrm --- crmsh-4.4.1/debian/crmsh.postrm 1970-01-01 01:00:00.0 +0100 +++ crmsh-4.4.1/debian/crmsh.postrm 2023-10-29 20:46:13.0 +0100 @@ -0,0 +1,41 @@ +#!/bin/sh +# postrm script for crmsh +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +#* `remove' +#* `purge' +#* `upgrade' +#* `failed-upgrade' +#* `abort-install' +#* `abort-install' +#* `abort-upgrade' +#* `disappear' +# +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in +purge) +rm -rf /var/log/crmsh +;; + +remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) +;; + +*) +echo "postrm called with unknown argument \`$1'" >&2 +exit 1 +;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff -Nru crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch --- crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch1970-01-01 01:00:00.0 +0100 +++ crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch2023-10-29 20:46:13.0 +0100 @@ -0,0 +1,52 @@ +From b4abe21d2fd55ced0f56baff5c4892a4826aa0f7 Mon Sep 17 00:00:00 2001 +From: nicholasyang +Date: Tue, 25 Oct 2022 13:28:40 +0800 +Subject: [PATCH] fix: log: fail to open log file even if user
Bug#1053353: dacite: please make the build reproducible
On Wed, Oct 25, 2023 at 08:00:43AM +0100, Chris Lamb wrote: > Hm, after fiddling for a few minutes I can't quite work it out. What > happens when you build it locally? Locally I also don't see these files being created, so the updated package has the same contents as version in unstable. -- Valentin
Bug#1053353: dacite: please make the build reproducible
On Mon, Oct 02, 2023 at 02:29:34PM +0200, Chris Lamb wrote: > Whilst working on the Reproducible Builds effort [0], we noticed that > dacite could not be built reproducibly. > > This is because it shipped a bunch of nondeterminstic ~temporary build > files in the binary package, such as benchmarks (in addition to > benchmark.json) and test caches. > > Patch attached that removes them in a way paralleling the existing > removal method in debian/rules. > > [0] https://reproducible-builds.org/ > > > Regards, > > -- > ,''`. > : :' : Chris Lamb > `. `'` la...@debian.org / chris-lamb.co.uk >`- > --- a/debian/rules2023-10-02 14:23:18.762168493 +0200 > --- b/debian/rules2023-10-02 14:27:11.902512609 +0200 > @@ -7,3 +7,5 @@ > override_dh_auto_install: > dh_auto_install > rm debian/python3-dacite/usr/lib/python3*/dist-packages/benchmark.json > + rm -rf debian/python3-dacite/usr/lib/python3*/dist-packages/.benchmarks > + rm -rf > debian/python3-dacite/usr/lib/python3*/dist-packages/.pytest_cache Hi, thanks for the patch, but it seems like the normal build does not contain these files, for example: File list of package python3-dacite in sid of architecture all /usr/lib/python3/dist-packages/dacite-1.8.1.egg-info/PKG-INFO /usr/lib/python3/dist-packages/dacite-1.8.1.egg-info/dependency_links.txt /usr/lib/python3/dist-packages/dacite-1.8.1.egg-info/requires.txt /usr/lib/python3/dist-packages/dacite-1.8.1.egg-info/top_level.txt /usr/lib/python3/dist-packages/dacite/__init__.py /usr/lib/python3/dist-packages/dacite/cache.py /usr/lib/python3/dist-packages/dacite/config.py /usr/lib/python3/dist-packages/dacite/core.py /usr/lib/python3/dist-packages/dacite/data.py /usr/lib/python3/dist-packages/dacite/dataclasses.py /usr/lib/python3/dist-packages/dacite/exceptions.py /usr/lib/python3/dist-packages/dacite/frozen_dict.py /usr/lib/python3/dist-packages/dacite/py.typed /usr/lib/python3/dist-packages/dacite/types.py /usr/share/doc/python3-dacite/README.md.gz /usr/share/doc/python3-dacite/changelog.Debian.gz /usr/share/doc/python3-dacite/changelog.gz /usr/share/doc/python3-dacite/copyright Not sure why whould reproducible build have these files included? -- Valentin
Bug#1054326: [Debian-ha-maintainers] Bug#1054326: Can't start golbal heartbeat when drbd device is on top LVM device
On Sun, Oct 22, 2023 at 11:38:56PM +0200, Daniel Smolik wrote: > But when use local heartbeat mode I can mount ocfs but not work in cluster > mode. I mean that without global heartbeat you didn't have shared storage. If I understand correctly with local heartbeat there is one heartbeat running per ocfs2 mount and this should still allow cluster storage to work. Global heartbeat only optimizes this to run one or more heartbeat devices for all ocfs2 mounts, so it should not be a strong requirement for running a shared cluster storage. -- Valentin
Bug#1054326: [Debian-ha-maintainers] Bug#1054326: Can't start golbal heartbeat when drbd device is on top LVM device
On Sun, Oct 22, 2023 at 12:11:19PM +0200, Daniel Smolik wrote: > Yes no problem. There it is. Thanks. My best guess is that the problem happens because the region UUID is visible on both drbd and the lower device, so the global heartbeat might work if drbd device is selected first (for example in the case of md). Since I don't know if it possible to specify the device directly, your best bet now is probably to use the local heartbeat mode (that should work without the regions being specified). -- Valentin
Bug#1054326: [Debian-ha-maintainers] Bug#1054326: Can't start golbal heartbeat when drbd device is on top LVM device
On Sat, Oct 21, 2023 at 11:19:50PM +0200, Dan Smolik wrote: > in virtual enviroment I try build 2 node ocfs cluster. When drbd > device is on top of md device all works. But when drbd device is on > top LVM device global heartbeat doesn't start. > > Using config file '/etc/ocfs2/cluster.conf' Maybe you can share more info, like what the cluster.conf looks like in this setup? -- Valentin
Bug#1042448: [Debian-ha-maintainers] Bug#1042448: closed by Debian FTP Masters (reply to Valentin Vidic ) (Bug#1042448: fixed in crmsh 4.5.0-1)
On Wed, Oct 11, 2023 at 01:34:08PM +0200, Florent Carli wrote: > This bug report is about bookworm (stable) version, so the fact that it has > been fixed in unstable is nice, but should not resolve this. > Since it's about a real regression, I think this fix should be eligible for > a backport don't you think? Right, but the bug needs to be fixed in unstable before it can be proposed for stable. So I will prepare stable update as a followup. -- Valentin
Bug#1051411: fcoe-utils: Cyclic systemd unit dependencies
On Sun, Sep 10, 2023 at 10:23:21AM -0700, tony mancill wrote: > I also don't have access to the hardware to test it. My assumption is > that upstream would see bug reports if the race condition still exists, > but that's merely conjecture on my part. > > Do you have any concerns with an upload to unstable (or experimental) to > revert the unit file change? No worries, please go ahead with the upload, we can always revert the change if someone reports a problem with this. -- Valentin
Bug#1051411: fcoe-utils: Cyclic systemd unit dependencies
On Thu, Sep 07, 2023 at 07:55:56PM -0700, tony mancill wrote: > Thank you for the bug report. My initial instinct is to use the same > unit file and service dependencies as upstream. Looking at the history > of Debian's patch [2] of the unit file, and specifically this commit > [3], it appears that the change was made to resolve an issue. > > The patch to the systemd unit file predates my involvement with this > package, so Valentin may be able to provide more context. Perhaps > there was a bug in fcoe-utils that necessitated the change at that time, > but we can now revert to the unit file patch? > > Valentin, do you have any insight on this? Without a link to the > original bug, I'm unsure what regression reverting to the upstream unit > file dependencies might cause. Hi, as the comment on commit 1519b5cd suggests, I think there was some race condition with getting FCoE working reliably on boot. It is possible this is not required and can be reverted, but I don't have access to the hardware anymore to test it. Another option would be to move both services to start before the network, if the testing shows that this is still required. -- Valentin
Bug#1039737: reportbug: lxc-copy --ephemeral always fails
Package: lxc Version: 1:5.0.2-1 Severity: normal Dear Maintainer, After the upgrade to bookworm starting ephemeral container with lxc-copy command always fails with an error: # lxc-copy -n autopkgtest-sid -e -l TRACE Created autopkgtest-sid_uFBocY as clone of autopkgtest-sid lxc-copy: autopkgtest-sid: ../src/lxc/lxccontainer.c: wait_on_daemonized_start: 878 Received container state "ABORTING" instead of "RUNNING" lxc-copy: autopkgtest-sid: ../src/lxc/af_unix.c: lxc_abstract_unix_recv_fds_iov: 218 Connection reset by peer - Failed to receive response lxc-copy: autopkgtest-sid: ../src/lxc/commands.c: lxc_cmd_rsp_recv_fds: 128 Failed to receive file descriptors for command "get_state" lxc-copy: autopkgtest-sid: ../src/lxc/utils.c: _recursive_rmdir: 160 No such file or directory - Failed to delete "/var/lib/lxc/autopkgtest-sid_uFBocY/overlay/delta/etc" lxc-copy: autopkgtest-sid: ../src/lxc/utils.c: _recursive_rmdir: 160 No such file or directory - Failed to delete "/var/lib/lxc/autopkgtest-sid_uFBocY/overlay/delta" lxc-copy: autopkgtest-sid: ../src/lxc/lxccontainer.c: container_destroy: 3007 Error destroying rootfs for autopkgtest-sid_uFBocY The log contains some more information: lxc-copy autopkgtest-sid 20230628192725.772 DEBUGstorage - ../src/lxc/storage/storage.c:get_storage_by_name:209 - Detected rootfs type "overlay" lxc-copy autopkgtest-sid 20230628192725.772 ERRORconf - ../src/lxc/conf.c:lxc_rootfs_init:569 - Bad file descriptor - Failed to open "overlay:/var/lib/lxc/autopkgtest-sid/rootfs:/var/lib/lxc/autopkgtest-sid_uFBocY/overlay/delta" lxc-copy autopkgtest-sid 20230628192725.772 ERRORstart - ../src/lxc/start.c:__lxc_start:2079 - Failed to handle rootfs pinning for container "autopkgtest-sid_uFBocY" lxc-copy autopkgtest-sid 20230628192725.772 TRACEstart - ../src/lxc/start.c:lxc_serve_state_socket_pair:544 - Sent container state "ABORTING" to 5 lxc-copy autopkgtest-sid 20230628192725.772 TRACEstart - ../src/lxc/start.c:lxc_serve_state_clients:483 - Set container state to ABORTING lxc-copy autopkgtest-sid 20230628192725.772 TRACEstart - ../src/lxc/start.c:lxc_serve_state_clients:486 - No state clients registered lxc-copy autopkgtest-sid 20230628192725.772 TRACEstart - ../src/lxc/start.c:lxc_serve_state_clients:483 - Set container state to STOPPING lxc-copy autopkgtest-sid 20230628192725.772 TRACEstart - ../src/lxc/start.c:lxc_serve_state_clients:486 - No state clients registered lxc-copy autopkgtest-sid 20230628192725.772 ERRORlxccontainer - ../src/lxc/lxccontainer.c:wait_on_daemonized_start:878 - Received container state "ABORTING" instead of "RUNNING" lxc-copy autopkgtest-sid 20230628192726.369 WARN cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_payload_destroy:555 - Uninitialized limit cgroup lxc-copy autopkgtest-sid 20230628192726.643 TRACEcgfsng - ../src/lxc/cgroups/cgfsng.c:__cgroup_tree_create:727 - Created 10(lxc.pivot) cgroup lxc-copy autopkgtest-sid 20230628192726.644 TRACEcgfsng - ../src/lxc/cgroups/cgfsng.c:__cgroup_tree_create:742 - Opened newly created cgroup lxc.pivot as 4 lxc-copy autopkgtest-sid 20230628192726.113 WARN cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_monitor_destroy:926 - Device or resource busy - Failed to destroy 10(lxc.monitor.autopkgtest-sid_uFBocY) lxc-copy autopkgtest-sid 20230628192726.113 TRACEstart - ../src/lxc/start.c:lxc_end:963 - Closed command socket lxc-copy autopkgtest-sid 20230628192726.113 ERRORaf_unix - ../src/lxc/af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Connection reset by peer - Failed to receive response lxc-copy autopkgtest-sid 20230628192726.113 TRACEstart - ../src/lxc/start.c:lxc_end:974 - Set container state to "STOPPED" lxc-copy autopkgtest-sid 20230628192726.113 ERRORcommands - ../src/lxc/commands.c:lxc_cmd_rsp_recv_fds:128 - Failed to receive file descriptors for command "get_state" lxc-copy autopkgtest-sid 20230628192726.113 DEBUGstorage - ../src/lxc/storage/storage.c:get_storage_by_name:209 - Detected rootfs type "overlay" lxc-copy autopkgtest-sid 20230628192726.113 TRACEcommands - ../src/lxc/commands.c:lxc_cmd:521 - Opened new command socket connection fd 5 for command "get_state" lxc-copy autopkgtest-sid 20230628192726.113 DEBUGstorage - ../src/lxc/storage/storage.c:get_storage_by_name:209 - Detected rootfs type "overlay" lxc-copy autopkgtest-sid 20230628192726.113 ERRORutils - ../src/lxc/utils.c:_recursive_rmdir:118 - No such file or directory - Failed to stat "/var/lib/lxc/autopkgtest-sid_uFBocY/overlay/delta/etc/hosts" lxc-copy autopkgtest-sid 20230628192726.113 ERRORutils - ../src/lxc/utils.c:_recursive_rmdir:160 - No such file or directory - Failed to delete "/var/lib/lxc/autopkgtest-sid_uFBocY/overlay/delta/etc" lxc-copy autopkgtest-sid 20230628192726.113 ERRORstart - ../src/lxc/start.c:lxc_destroy_container_on_signal:2236 - Error destroying rootfs for container "autopkgtest-sid_uFBocY"
Bug#1034475: unblock: resource-agents/1:4.12.0-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package resource-agents
New release includes an upstream patch for IPv6addr agent problem
reported in #1034280 and refreshes existing patches.
[ Reason ]
Patch fixes a bug where IPv6addr agent does not work correctly in
some situations.
[ Impact ]
Specific agent might not work reliably.
[ Tests ]
IPv6addr is currently not covered by autopkgtest, so only
manual tests.
[ Risks ]
The code change is small and does does not affect other agents
so the risk should be low.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
Already uploaded to unstable as I did not realize it was
a key package due to some dependency.
unblock resource-agents/1:4.12.0-2
diff -Nru resource-agents-4.12.0/debian/changelog
resource-agents-4.12.0/debian/changelog
--- resource-agents-4.12.0/debian/changelog 2023-01-26 00:44:32.0
+0100
+++ resource-agents-4.12.0/debian/changelog 2023-04-13 21:43:52.0
+0200
@@ -1,3 +1,10 @@
+resource-agents (1:4.12.0-2) unstable; urgency=medium
+
+ * debian/patches: add IPv6addr-delay.patch (Closes: #1034280)
+ * debian/patches: refresh patches offsets
+
+ -- Valentin Vidic Thu, 13 Apr 2023 21:43:52 +0200
+
resource-agents (1:4.12.0-1) unstable; urgency=medium
* New upstream version 4.12.0
diff -Nru resource-agents-4.12.0/debian/patches/01_docbook_patch.patch
resource-agents-4.12.0/debian/patches/01_docbook_patch.patch
--- resource-agents-4.12.0/debian/patches/01_docbook_patch.patch
2020-12-14 15:52:50.0 +0100
+++ resource-agents-4.12.0/debian/patches/01_docbook_patch.patch
2023-04-13 21:40:59.0 +0200
@@ -3,9 +3,8 @@
Last-Update: 2011-10-20
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
-diff -ruN ClusterLabs-resource-agents-dc69db5.orig/doc/man/Makefile.am
ClusterLabs-resource-agents-dc69db5/doc/man/Makefile.am
ClusterLabs-resource-agents-dc69db5.orig/doc/man/Makefile.am
2012-10-05 19:27:22.0 +
-+++ ClusterLabs-resource-agents-dc69db5/doc/man/Makefile.am2012-10-09
11:20:26.009849098 +
+--- a/doc/man/Makefile.am
b/doc/man/Makefile.am
@@ -26,7 +26,7 @@
CLEANFILES = $(man_MANS) $(xmlfiles) metadata-*.xml
diff -Nru resource-agents-4.12.0/debian/patches/gitignore.patch
resource-agents-4.12.0/debian/patches/gitignore.patch
--- resource-agents-4.12.0/debian/patches/gitignore.patch 2022-04-06
22:06:34.0 +0200
+++ resource-agents-4.12.0/debian/patches/gitignore.patch 2023-04-13
21:41:02.0 +0200
@@ -8,7 +8,7 @@
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/.gitignore
+++ b/.gitignore
-@@ -122,7 +122,6 @@
+@@ -123,7 +123,6 @@
MISC_ERRORS
cscope.files
cscope.out
@@ -16,7 +16,7 @@
updates
logs
-@@ -134,8 +133,6 @@
+@@ -135,8 +134,6 @@
*.gz
*.xz
*.sed
diff -Nru resource-agents-4.12.0/debian/patches/IPv6addr-delay.patch
resource-agents-4.12.0/debian/patches/IPv6addr-delay.patch
--- resource-agents-4.12.0/debian/patches/IPv6addr-delay.patch 1970-01-01
01:00:00.0 +0100
+++ resource-agents-4.12.0/debian/patches/IPv6addr-delay.patch 2023-04-13
21:41:03.0 +0200
@@ -0,0 +1,69 @@
+From 729aec1924a700bcadbcf77ae4351da9acbd8c3e Mon Sep 17 00:00:00 2001
+From: Richard Fuchs
+Date: Thu, 30 Mar 2023 07:37:02 -0400
+Subject: [PATCH] IPv6addr: expect ping/pong delay
+
+Under heavy network load, the echo response to an echo request that was
+just sent may not immediately be available for reading, with
+recvmsg(MSG_DONTWAIT) failing with EAGAIN. This leads to occasional
+false positive "not running" events.
+
+This wraps the recvmsg() within a poll() loop with a short timeout (10
+ms) and retries reading the echo response up to 3 times, in case poll()
+was interrupted by some other event (e.g. EINTR).
+
+Closes #1855
+---
+ heartbeat/IPv6addr.c | 25 +
+ 1 file changed, 21 insertions(+), 4 deletions(-)
+
+--- a/heartbeat/IPv6addr.c
b/heartbeat/IPv6addr.c
+@@ -104,6 +104,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+
+
+@@ -606,6 +607,8 @@
+ struct ioveciov;
+ u_char packet[MINPACKSIZE];
+ struct msghdr msg;
++ int i;
++ struct pollfd pfd;
+
+ if ((icmp_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6)) == -1) {
+ return -1;
+@@ -644,12 +647,26 @@
+ msg.msg_control = NULL;
+ msg.msg_controllen = 0;
+
+- ret = recvmsg(icmp_sock, , MSG_DONTWAIT);
+- if (0 >= ret) {
+- return -1;
++ for (i = 0; i < 3; i++) {
++ pfd.fd = icmp_sock;
++ pfd
Bug#414092: airport-utils: Tools start and quit immediately without working
I just did a quick check and the tools work for me on the current stable (11.6) and unstable. The only time they don't start is when X11 is not available like in an ssh session: $ java -verbose:class -jar /usr/share/java/airport-utils/AirportBaseStationConfig.jar ... [0.170s][info][class,load] sun.awt.MostRecentKeyValue source: jrt:/java.desktop [0.170s][info][class,load] sun.awt.PostEventQueue source: jrt:/java.desktop [0.171s][info][class,load] java.util.Vector source: jrt:/java.base [0.171s][info][class,load] java.awt.Window$Type source: jrt:/java.desktop [0.171s][info][class,load] java.lang.UnsupportedOperationException source: jrt:/java.base [0.171s][info][class,load] java.awt.HeadlessException source: jrt:/java.desktop [0.171s][info][class,load] java.util.IdentityHashMap$IdentityHashMapIterator source: shared objects file [0.171s][info][class,load] java.util.IdentityHashMap$KeyIterator source: shared objects file [0.171s][info][class,load] java.lang.Shutdown source: shared objects file [0.171s][info][class,load] java.lang.Shutdown$Lock source: shared objects file I suppose the startup scripts could somehow check if X11 is not available and print a warning? -- Valentin
Bug#1023319: stockfish: Please upgrade to stockfish 15
Package: stockfish Version: 14.1-1 Severity: normal Dear Maintainer, New version has been released this year: 2022-04-18: Stockfish 15 Please update the package for bookworm release :) -- Valentin
Bug#1018930: [Debian-ha-maintainers] Bug#1018930: marked as done (pcs: CVE-2022-2735: Obtaining an authentication token for hacluster user leads to privilege escalation)
I checked pcs 0.10.1-2 in buster and it turns out it is not vulnerable to CVE-2022-2735. Separate ruby daemon with a world writable UNIX socket was introduced later in 0.10.5: https://salsa.debian.org/ha-team/pcs/-/commits/master/pcsd/pcsd-ruby.service.in Before that version python code runs ruby commands and they communicate by sending json responses on stdin/stdout. https://salsa.debian.org/ha-team/pcs/-/blob/38330deb0d849d6a1945856b24323043f6a7839b/pcs/daemon/ruby_pcsd.py -- Valentin
Bug#1008909: RM: fence-virt -- ROM; source merged into fence-agents
Package: ftp.debian.org Severity: normal Upstream repo contains the following notice: https://github.com/ClusterLabs/fence-virt fence-virt has moved to https://github.com/ClusterLabs/fence-agents as source of the fence-virt package has been merged into fence-agents. As a maintainer of both fence-virt and fence-agents, I would like to request the removal of the source package fence-virt from unstable, so I can upload the new version of fence-agents containing fence-virt. The binary packages will remain the same as before the merge: fence-agents, fence-virt and fence-virtd. -- Valentin
Bug#1007141: BUG Report - OCFS2 Hangs when mount volume in second node
On Sun, Mar 13, 2022 at 03:19:55PM +0100, Valentin Vidic wrote: > Thanks for the report, I will try to reproduce the problem with the > versions in unstable, but it would be good if you could share the errors > that are being reported and perhaps also the cluster configuration for > reproducing this problem. Ok, it seems I can reproduce the problem with linux-image-5.16.0-4-amd64 (5.16.12-1) and ocfs2-tools (1.8.7-1). It is caused by FS features usrquota and grpquota enabled by --fs-feature-level=max-features. If these are not enabled the filesystem mounts without problems. Otherwise the error is as follows: [ 389.111864] ocfs2: Mounting device (254,16) on (node 2, slot 0) with ordered data mode. [ 389.160182] BUG: kernel NULL pointer dereference, address: 0398 [ 389.160295] #PF: supervisor read access in kernel mode [ 389.160343] #PF: error_code(0x) - not-present page [ 389.160390] PGD 0 P4D 0 [ 389.160432] Oops: [#1] PREEMPT SMP PTI [ 389.160477] CPU: 0 PID: 836 Comm: mount.ocfs2 Not tainted 5.16.0-4-amd64 #1 Debian 5.16.12-1 [ 389.160591] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 [ 389.160714] RIP: 0010:ocfs2_qinfo_lock_res_init+0x44/0x50 [ocfs2] [ 389.161290] Code: 00 00 00 48 63 b3 b8 01 00 00 e8 87 bb ff ff 49 89 d8 48 89 ee ba 08 00 00 00 48 8b 83 b0 01 00 00 48 c7 c1 a0 e0 dc c0 5b 5d <48> 8b b8 98 03 00 00 e9 70 c4 ff ff 0f 1f 44 00 00 41 56 41 89 ce [ 389.161460] RSP: 0018:b2c0c0047be8 EFLAGS: 00010282 [ 389.161510] RAX: RBX: RCX: c0dce0a0 [ 389.161619] RDX: 0008 RSI: 8b685c343c30 RDI: b2c0c0047bb8 [ 389.161747] RBP: 8b685c343c00 R08: 8b685c343c00 R09: [ 389.161809] R10: b2c0c0047bb0 R11: c0d8f030 R12: 8b685c343c18 [ 389.161868] R13: 8b68462d3ec8 R14: R15: 8b6848fb6800 [ 389.161929] FS: 7f7956901c00() GS:8b687ec0() knlGS: [ 389.162009] CS: 0010 DS: ES: CR0: 80050033 [ 389.162060] CR2: 0398 CR3: 0554a004 CR4: 00370ef0 [ 389.162129] Call Trace: [ 389.162184] [ 389.162211] ocfs2_local_read_info+0xb9/0x6f0 [ocfs2] [ 389.162479] ? ocfs2_local_check_quota_file+0x197/0x390 [ocfs2] [ 389.162774] dquot_load_quota_sb+0x216/0x470 [ 389.162849] ? preempt_count_add+0x68/0xa0 [ 389.162895] dquot_load_quota_inode+0x85/0x100 [ 389.162943] ocfs2_enable_quotas+0xa0/0x1c0 [ocfs2] [ 389.163151] ocfs2_fill_super.cold+0xc8/0x1bf [ocfs2] [ 389.163374] mount_bdev+0x185/0x1b0 [ 389.163431] ? ocfs2_initialize_super.isra.0+0xf40/0xf40 [ocfs2] [ 389.163673] legacy_get_tree+0x27/0x40 [ 389.163726] vfs_get_tree+0x25/0xb0 [ 389.163764] path_mount+0x465/0xac0 [ 389.163804] __x64_sys_mount+0x103/0x140 [ 389.163844] do_syscall_64+0x3b/0xc0 [ 389.163919] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 389.164016] RIP: 0033:0x7f7956e0258a [ 389.164057] Code: 48 8b 0d e9 28 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b6 28 0d 00 f7 d8 64 89 01 48 [ 389.164206] RSP: 002b:7fff9be78718 EFLAGS: 0246 ORIG_RAX: 00a5 [ 389.164273] RAX: ffda RBX: RCX: 7f7956e0258a [ 389.164334] RDX: 55bffbe230ae RSI: 55bffc7ec370 RDI: 55bffc7f33f0 [ 389.164395] RBP: 7fff9be788d0 R08: 55bffc7f3390 R09: 7fff9be76110 [ 389.164454] R10: R11: 0246 R12: 55bffbe230ae [ 389.164514] R13: 55bffc7ec301 R14: 7fff9be787c0 R15: 7fff9be78740 [ 389.166469] [ 389.168355] Modules linked in: ocfs2 quota_tree ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue sctp ip6_udp_tunnel udp_tunnel libcrc32c intel_rapl_msr intel_rapl_common intel_pmc_core_pltdrv intel_pmc_core kvm_intel kvm irqbypass ghash_clmulni_intel snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi aesni_intel crypto_simd qxl snd_hda_codec cryptd drm_ttm_helper rapl snd_hda_core ttm snd_hwdep snd_pcm serio_raw snd_timer iTCO_wdt pcspkr intel_pmc_bxt iTCO_vendor_support drm_kms_helper snd virtio_rng rng_core soundcore virtio_balloon virtio_console cec evdev joydev i6300esb rc_core watchdog qemu_fw_cfg button auth_rpcgss sunrpc drm fuse configfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic hid_generic usbhid hid virtio_net net_failover failover virtio_blk ahci xhci_pci libahci libata xhci_hcd crct10dif_pclmul crct10dif_common crc32_pclmul crc32c_intel virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev [ 389.168645] virtio psmouse usbcore scsi_mod i2c_i801 i2c_smbus scsi_common lpc_ich usb_common virtio_ring [ 389.187016] CR2: 0398 [ 389.188963] ---[ end trace 571e3ca036b59855 ]--- [ 389.190493] RIP: 0010:ocfs2_qinfo
Bug#1007141: BUG Report - OCFS2 Hangs when mount volume in second node
On Fri, Mar 11, 2022 at 06:45:32PM -0300, Dayvison wrote: > Package: ocfs2-tools > Version: 8.7.1 and 8.6.6 > > Hi, I'm sending this email to report a problem: > > OCFS2 filesystem with more than 1 node is not working with Debian 11 > with 5.13, 5.15 and newer kernels. > > OK, what's the problem behavior? Answer: When you mount ocfs2 on the > second node with the "mount" command, the second node is stuck and > unresponsive at the prompt, when viewing /var/log/syslog, there are > several error messages in /var/log/syslog and no mounting the ocfs > volume on the second node. Thanks for the report, I will try to reproduce the problem with the versions in unstable, but it would be good if you could share the errors that are being reported and perhaps also the cluster configuration for reproducing this problem. Also I assume you mean ocfs2-tools versions 1.8.6-6 and 1.8.7-1 that are available in stable and testing, since the versions you listed (8.7.1 and 8.6.6) do not exist in Debian? -- Valentin
Bug#1002051: bullseye-pu: package heartbeat/1:3.0.6-11+deb11u1
On Sat, Feb 19, 2022 at 06:59:58PM +, Adam D. Barratt wrote: > Please go ahead. Thanks, just uploaded. -- Valentin
Bug#1004045: drbd-utils 9.15.0-1 uses drbd kernel module 8.4
On Wed, Jan 19, 2022 at 02:11:24PM -0700, Ben Fiedler wrote: > I would guess that either linux-image or drbd-utils packages need to > be updated to include and reference a newer module (drbd9.ko)? I don't think drbd9 kernel module is currently included in Debian, so you would need to build it yourself or use packages provided by LINBIT. -- Valentin
Bug#1003548: transition: libwebp
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hello Release Team, We would like to transition libwebp to a new upstream version 1.2.1-1 that is already uploaded and built in experimental. No build problems are expected in the reverse dependencies either. This was tested by rebuilding a subset of packages listed on the transition web page: https://release.debian.org/transitions/html/auto-libwebp.html Please let us know if we can proceed with the upload to unstable. Also a binNMU rebuild of reverse dependencies would be required afterwards. Ben file: title = "libwebp"; is_affected = .depends ~ "libwebp6" | .depends ~ "libwebp8"; is_good = .depends ~ "libwebp8"; is_bad = .depends ~ "libwebp6";
Bug#1002037: heartbeat: Heartbeat 3.0.6-11 will not start on bullseye
On Mon, Dec 20, 2021 at 06:23:38PM +, Adam Thorn wrote: > Could the fix from 3.0.6-12, which distributes > > /usr/lib/tmpfiles.d/heartbeat.conf > > as part of the deb, be backported/released for bullseye please? Yes, I have opened #1002051 to request heartbeat update in bullseye. -- Valentin
Bug#1002051: bullseye-pu: package heartbeat/1:3.0.6-11+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu [ Reason ] heartbeat deamon starts correctly after installation, but not after reboot because of missing /run/heartbeat directories. The change reintroduces a tempfiles configuration for creating the required directories on boot. [ Impact ] heartbeat fails to start correctly until the required directories in /run are created. [ Tests ] Manually tested by checking the service starts correctly after a reboot. [ Risks ] The change is simple and has already been released to unstable in #993575 and tested by users. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Change removes creating /run directories in postinst, since this masks the problem until reboot. Instead a tempfiles configuration is included for creating the required directories. [ Other info ] The bug only affects systemd installations since the init script recreates the required directories on every start. diff -Nru heartbeat-3.0.6/debian/changelog heartbeat-3.0.6/debian/changelog --- heartbeat-3.0.6/debian/changelog2021-01-20 21:59:42.0 +0100 +++ heartbeat-3.0.6/debian/changelog2021-12-20 23:51:42.0 +0100 @@ -1,3 +1,9 @@ +heartbeat (1:3.0.6-11+deb11u1) bullseye; urgency=medium + + * Use tmpfiles.d to create /run/heartbeat (Closes: #1002037) + + -- Valentin Vidic Mon, 20 Dec 2021 23:51:42 +0100 + heartbeat (1:3.0.6-11) unstable; urgency=medium [ Debian Janitor ] diff -Nru heartbeat-3.0.6/debian/heartbeat.postinst heartbeat-3.0.6/debian/heartbeat.postinst --- heartbeat-3.0.6/debian/heartbeat.postinst 2018-12-09 14:58:48.0 +0100 +++ heartbeat-3.0.6/debian/heartbeat.postinst 2021-12-20 23:50:08.0 +0100 @@ -33,7 +33,6 @@ fi for i in /var/lib/heartbeat/ccm /var/lib/heartbeat/crm \ - /run/heartbeat/ccm /run/heartbeat/crm \ /var/lib/heartbeat/pengine; do mkdir -p $i chmod 750 $i @@ -41,10 +40,6 @@ chgrp haclient $i done - # prepare agent state dir - mkdir -p /run/resource-agents - chmod 755 /run/resource-agents - chgrp haclient /usr/bin/cl_status chmod 2555 /usr/bin/cl_status diff -Nru heartbeat-3.0.6/debian/rules heartbeat-3.0.6/debian/rules --- heartbeat-3.0.6/debian/rules2020-08-22 23:04:27.0 +0200 +++ heartbeat-3.0.6/debian/rules2021-12-20 23:50:08.0 +0100 @@ -103,7 +103,7 @@ # move sysv init script and systemd service file to expected locations for dh_install ! test -e ./debian/tmp/usr/lib/tmpfiles.d/heartbeat.conf || \ - mv ./debian/tmp/usr/lib/tmpfiles.d/heartbeat.conf ./debian/heartbeat.tmpfile + mv ./debian/tmp/usr/lib/tmpfiles.d/heartbeat.conf ./debian/heartbeat.tmpfiles ! test -e ./debian/tmp/lib/systemd/system/heartbeat.service || \ mv ./debian/tmp/lib/systemd/system/heartbeat.service ./debian/heartbeat.service ! test -e ./debian/tmp/etc/init.d/heartbeat || \ @@ -129,6 +129,7 @@ dh_installexamples -a dh_installinit -a -n -u 'defaults 20 32' dh_installsystemd -a + dh_installtmpfiles -a dh_installman -a dh_installchangelogs -a `pwd`/doc/ChangeLog dh_installlogcheck -a
Bug#994418: ocfs2-tools: failing autopkgtest on one of ci.d.n amd64 workers
Hi Paul, On Thu, Sep 16, 2021 at 08:34:06AM +0200, Paul Gevers wrote: > It was pointed out to me on IRC that the mount of /tmp with `nodev` is > probably the issue here. I'm discussion if we should just drop that. The failing test does not use a device so this probably won't help. I tried updating the test to use losetup, but it turns out losetup does not work with lxc. It seems that O_DIRECT on tmpfs is a know problem and other software like mysql also doesn't work on tmpfs. There were some kernel patches to allow O_DIRECT on tmpfs, but they were probably not accepted. Perhaps it be possible not to use tmpfs for $AUTOPKGTEST_TMP, or was that the goal in the first place? -- Valentin
Bug#994418: ocfs2-tools: failing autopkgtest on one of ci.d.n amd64 workers
On Wed, Sep 15, 2021 at 09:24:08PM +0200, Paul Gevers wrote:
> I looked at the results of the autopkgtest of you package on amd64
> because with a recent upload of glibc the autopkgtest of ocfs2-tools
> fails in testing. It seems to me that the failures are related to the
> worker that the test runs on. ci-worker13 fails, while the other workers
> are OK. We recently changed the setup of ci-worker13, to have /tmp/ of
> the host on tmpfs as that speeds up testing considerably is a lot of
> cases. I copied some of the output at the bottom of this report, but I'm
> not 100% sure that the /tmp there (the one inside the lxc testbed) *is*
> on tmpfs.
>
> Don't hesitate to contact us at debian...@lists.debian.org if you need
> help debugging this issue.
>
> Paul
>
> https://ci.debian.net/data/autopkgtest/testing/amd64/o/ocfs2-tools/15277216/log.gz
>
>
> autopkgtest [19:14:22]: test basic: [---
>
> === disk ===
> 200+0 records in
> 200+0 records out
> 209715200 bytes (210 MB, 200 MiB) copied, 0.109005 s, 1.9 GB/s
>
> === mkfs ===
> mkfs.ocfs2 1.8.6
> mkfs.ocfs2: Could not open device
> /tmp/autopkgtest-lxc.8neywhcx/downtmp/autopkgtest_tmp/disk: Invalid argument
> autopkgtest [19:14:23]: test basic: ---]
Yes, tmpfs seems to be the problem since it doesn't support O_DIRECT that
is being requested here:
static void
open_device(State *s)
{
s->fd = open64(s->device_name, O_RDWR | O_DIRECT);
if (s->fd == -1) {
com_err(s->progname, 0,
"Could not open device %s: %s",
s->device_name, strerror (errno));
exit(1);
}
}
--
Valentin
Bug#993575: heartbeat: Heartbeat not starting due to missing directory after bullseye upgrade
On Fri, Sep 03, 2021 at 11:18:08AM +0200, Gael Le Mignot wrote: > After upgrading from buster to bullseye on several hosts, "heartbeat" > doesn't start. It tries to create a /run/heartbeat/register socket in > a non-existing /run/heartbeat/ directory. Thanks for the report, it seems we have lost this config in the latest version: /usr/lib/tmpfiles.d/heartbeat.conf and that will cause startup problems after reboot. I will restore it back now. -- Valentin
Bug#987441: s390x installation bugs
On Sun, Aug 01, 2021 at 09:45:00PM +0200, Valentin Vidic wrote: > Thanks, that does sound similar to what I was getting there. I will try > to see if it still happens with the latest installer. And since it > crashes on start I had no way to access the logs or dmesg of the > machine. Perhaps there is some installer option to help debug this kind > of thing? Just tested the rc3 installation with qemu-system-s390x. Installation went fairly quickly and without any problems. Great work everyone and happy release :))) -- Valentin
Bug#987788: debian-installer: qemu-system-s390x installation fails due to segfault in main-menu
Just to report I don't get the crash anymore with bullseye rc3 installer, so most probably this was the same problem as: #987368 Installer fails at first menu "Choose language" -- Valentin
Bug#987441: s390x installation bugs
On Sun, Aug 01, 2021 at 05:10:07PM +0200, Cyril Brulebois wrote: > Valentin Vidic (2021-08-01): > > No problem, I was not able to reproduce this reliably or get a core > > dump for this crash. It could just be an emulation problem with qemu > > or some timing issue for the first installer step. If there is no > > update on this problem I think we can even close it for now. > > Speaking of the first step, did anyone mention #987368 before, now fixed > in udpkg? Thanks, that does sound similar to what I was getting there. I will try to see if it still happens with the latest installer. And since it crashes on start I had no way to access the logs or dmesg of the machine. Perhaps there is some installer option to help debug this kind of thing? -- Valentin
Bug#987788: debian-installer: qemu-system-s390x installation fails due to segfault in main-menu
On Mon, May 03, 2021 at 06:38:05PM +0200, Samuel Thibault wrote: > How did you start it? I couldn't manage to make it start (with qemu from > unstable or from stable), I only got the kernel start and a couple of > lines. I was taking > > http://ftp.de.debian.org/debian/dists/bullseye/main/installer-s390x/current/images/generic/initrd.debian > http://ftp.de.debian.org/debian/dists/bullseye/main/installer-s390x/current/images/generic/kernel.debian > > and run > > qemu-system-s390x -kernel /tmp/s390x/kernel.debian -initrd > /tmp/s390x/initrd.debian -m 1G -serial stdio > > and got > > [..kernel logs..] > [4.349417] Run /init as init process > [5.499051] failover: module verification failed: signature and/or > required key missing - tainting kernel > [6.530501] virtio_net virtio0 enc0: renamed from eth0 > steal-ctty: No such file or directory > [ 83.282353] random: crng init done > > and nothing more. Hi, I start it with: virt-install --arch=s390x --name test --memory 1024 --disk size=3 -l http://ftp.de.debian.org/debian/dists/bullseye/main/installer-s390x/ --extra-args='BOOT_DEBUG=3' but it should be more or less the same thing as your command. The problem is you are hitting steal-ctty bug from #961056. I use BOOT_DEBUG=3 to get a shell before the installer starts and edit /sbin/reopen-console with this fix: https://salsa.debian.org/installer-team/rootskel/-/merge_requests/2/diffs After that installer should start and sometimes (but not always) fail in the first step (configuring network interfaces). The problem is I don't have a shell after that segfault to get more info from the logs or dmesg. -- Valentin
Bug#987441: s390x installation bugs
On Mon, May 03, 2021 at 08:36:58AM +0200, Cyril Brulebois wrote: > Also adding to the list of bugs to keep an eye on (again, possibly not > blocking the release on its being resolved; we could have the issue > listed in errata, and possibly fixed in a point release). Thanks, here is another one for s390x, should be relatively simple if you wish to link it here: linux: Debian installation fails in qemu-system-s390x due to missing virtio_blk module https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988005 -- Valentin
Bug#987788: debian-installer: qemu-system-s390x installation fails due to segfault in main-menu
On Mon, May 03, 2021 at 09:16:03AM +0200, Cyril Brulebois wrote: > Do we have any idea whether that could be something that's only > triggered within QEMU (maybe try other QEMU versions?), or something > that affects bare metal systems? I don't have access to real s390x hardware, but I tried to run the installation with QEMU 5.2 from unstable. Similar to QEMU 3.1 from stable the installation sometimes starts correctly but most often fails in the first step (Configure the network device). -- Valentin
Bug#988005: linux: Debian installation fails in qemu-system-s390x due to missing virtio_blk module
Source: linux Version: 5.10.28-1 Severity: normal Dear Maintainer, Debian installer for bullseye fails to find any disks for installation due to a missing module for virtio block device. Merge request for including virtio_blk (and other standard scsi modules) is here: https://salsa.debian.org/kernel-team/linux/-/merge_requests/355 -- Valentin
Bug#926539: Bug#987441: s390x installation bugs
On Mon, May 03, 2021 at 08:58:02AM +0200, John Paul Adrian Glaubitz wrote: > > The same issue exists on s390x but isn't apparently going to get fixed > > so we need to have d-i be smarter (hence the merge request)? > > Seems so. QEMU console might get fixed in the kernel, but it looks like LPAR could have a similar problem (don't have access to test this). So it seems better (and future proof) to fix this on the Debian side too. I have updated the merge request to trigger the new code only on s390x as suggested: https://salsa.debian.org/installer-team/rootskel/-/merge_requests/2 > > I'd suggest at least retitling the bug report to mention s390x (release > > arch, affected) instead of sparc64 (port arch, no longer affected), to > > lower the chances people could overlook this issue, thinking it's only > > about a port arch. > > We could also unmerge #926539 and #961056 again, then close the former bug > which was sparc64-specific. I have unmerged the bugs now, so the sparc one can be closed. -- Valentin
Bug#987441: s390x installation bugs
Hi, Probably not critical, but maybe these installation bugs on s390x could be fixed for the release? rootskel: steal-ctty no longer works on at least sparc64 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926539 debian-installer: qemu-system-s390x installation fails due to segfault in main-menu https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987788 -- Valentin
Bug#987788: debian-installer: qemu-system-s390x installation fails due to segfault in main-menu
Package: debian-installer Severity: important Dear Maintainer, Running the installation inside a QEMU instance does not work in bullseye: $ virt-install --arch=s390x --name test --memory 1024 --disk none -l http://ftp.de.debian.org/debian/dists/bullseye/main/installer-s390x/ ... ┌───┤ [!!] Configure the network device ├───┐ │ │ │ Installation step failed │ │ An installation step failed. You can try to run the failing item │ │ again from the menu, or skip it and choose something else. The│ │ failing step is: Configure the network device │ │ │ │ │ │ │ └───┘ [ 122.379000] User process fault: interruption code 003b ilc:3 in main-menu[2aa33f0+4000] [ 122.381112] Failing address: TEID: 0800 [ 122.381149] Fault in primary space mode while using user ASCE. [ 122.381239] AS:02ae01c7 R3:0024 Seems like a segfault in main-menu binary related to network detection? -- Valentin
Bug#926539: Bester installation image missing virtio net Modulen
On Tue, Apr 27, 2021 at 03:34:15PM +0200, Christian Borntraeger wrote:
> That is OK. I will try to test it then on LPAR and find someone that will test
> it on z/VM. Please remove the cc stable as I want to have this tested for
> a while. Hopefully it only affects the ttysclp0 console, which is not the
> default console for z/VM and LPAR. We would at least need to change the
> device driver and commands documentation. Anything else?
It would be great if someone can check if the debian-installer is also
broken on LPAR due to console name mismatch.
I have update and tested the patch for rootskel (also attached here for
review):
https://salsa.debian.org/installer-team/rootskel/-/merge_requests/2/diffs
--
Valentin
>From bbe911902ce1f3001efb8dac3302d17a332e3f87 Mon Sep 17 00:00:00 2001
From: Valentin Vidic
Date: Sun, 17 May 2020 14:39:18 +0200
Subject: [PATCH] Try to find console device by major,minor numbers
Console name does not match device name on qemu-system-s390x:
ttyS1-W- (EC p )4:65
crw--w1 root root4, 65 May 17 12:18 ttysclp0
---
src/sbin/reopen-console-linux | 30 +-
1 file changed, 21 insertions(+), 9 deletions(-)
diff --git a/src/sbin/reopen-console-linux b/src/sbin/reopen-console-linux
index 13b15a3..074c680 100755
--- a/src/sbin/reopen-console-linux
+++ b/src/sbin/reopen-console-linux
@@ -63,18 +63,30 @@ preferred=
# for which no device file exists
kernelconsoles="$(cat /proc/consoles)"
-for cons in $(echo "$kernelconsoles" | sed -n -r -e 's/(^.*) .*\((.*)\).*$/\1/p' )
+for cons in $(echo "$kernelconsoles" | sed -n -r -e 's/(^.*) .*\((.*)\).*$/\1/p')
do
log "Looking at console $cons from /proc/consoles"
- status=$(echo "$kernelconsoles" | grep $cons | sed -n -r -e 's/(^.*) *.*\((.*)\).*$/\2/p' )
- if [ -e "/dev/$cons" ] && [ $(echo "$status" | grep -o 'E') ]; then
- consoles="${consoles:+$consoles$NL}$cons"
- log " Adding $cons to possible consoles list"
+ device="$cons"
+ if [ ! -e "/dev/$device" ]; then
+ # Console device does not exist, try to find it by major:minor numbers
+ # ttyS1-W- (EC p )4:65
+ majorminor=$(echo "$kernelconsoles" | grep $cons | sed -n -r -e 's/.* ([0-9]+:[0-9]+)$/\1/p')
+ if [ "$majorminor" ] && [ -e "/sys/dev/char/$majorminor" ]; then
+ device=$(readlink "/sys/dev/char/$majorminor")
+ device=${device##*/}
+ fi
fi
- # 'C' console is 'most prefered'.
- if [ $(echo "$status" | grep -o 'C') ]; then
- preferred="$cons"
- log " $cons is preferred"
+ status=$(echo "$kernelconsoles" | grep $cons | sed -n -r -e 's/(^.*) *.*\((.*)\).*$/\2/p' )
+ if [ -e "/dev/$device" ]; then
+ if [ $(echo "$status" | grep -o 'E') ]; then
+ consoles="${consoles:+$consoles$NL}$device"
+ log " Adding $cons (/dev/$device) to possible consoles list"
+ fi
+ # 'C' console is 'most prefered'.
+ if [ $(echo "$status" | grep -o 'C') ]; then
+ preferred="$device"
+ log " $cons (/dev/$device) is preferred"
+ fi
fi
done
--
2.20.1
Bug#987472: unblock: consul/1.8.7+dfsg1-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package consul
New release only adds the patch for CVE-2020-25864 fixing the RC bug #987351.
debdiff below also includes the config for Salsa CI that was not present in
the previous version for some reason.
unblock consul/1.8.7+dfsg1-2
diff -Nru consul-1.8.7+dfsg1/debian/changelog
consul-1.8.7+dfsg1/debian/changelog
--- consul-1.8.7+dfsg1/debian/changelog 2021-01-10 16:37:17.0 +0100
+++ consul-1.8.7+dfsg1/debian/changelog 2021-04-24 12:06:56.0 +0200
@@ -1,3 +1,9 @@
+consul (1.8.7+dfsg1-2) unstable; urgency=medium
+
+ * Add patch for CVE-2020-25864 (Closes: #987351)
+
+ -- Valentin Vidic Sat, 24 Apr 2021 12:06:56 +0200
+
consul (1.8.7+dfsg1-1) unstable; urgency=medium
[ Arnaud Rebillout ]
diff -Nru consul-1.8.7+dfsg1/debian/.gitlab-ci.yml
consul-1.8.7+dfsg1/debian/.gitlab-ci.yml
--- consul-1.8.7+dfsg1/debian/.gitlab-ci.yml1970-01-01 01:00:00.0
+0100
+++ consul-1.8.7+dfsg1/debian/.gitlab-ci.yml2021-04-24 12:06:56.0
+0200
@@ -0,0 +1,37 @@
+---
+# https://docs.gitlab.com/ce/ci/yaml/#include
+include:
+ - remote: https://salsa.debian.org/onlyjob/ci/raw/master/onlyjob-ci.yml
+
+## "amd64-unstable" always runs by default followed by lintian.
+
+## Only for arch:all packages:
+binary-indep:
+ extends: .build-indep
+
+## Job to check Build-Depends versioning:
+amd64-testing_unstable:
+ extends: .build
+ variables:
+arch: amd64
+dist: testing_unstable
+
+i386-unstable:
+ extends: .build
+ variables:
+arch: i386
+dist: unstable
+
+amd64-experimental:
+ extends: .build
+ variables:
+arch: amd64
+dist: experimental
+
+amd64-stable:
+ extends: .build
+ when: manual
+ allow_failure: true
+ variables:
+arch: amd64
+dist: stable
diff -Nru consul-1.8.7+dfsg1/debian/patches/CVE-2020-25864.patch
consul-1.8.7+dfsg1/debian/patches/CVE-2020-25864.patch
--- consul-1.8.7+dfsg1/debian/patches/CVE-2020-25864.patch 1970-01-01
01:00:00.0 +0100
+++ consul-1.8.7+dfsg1/debian/patches/CVE-2020-25864.patch 2021-04-24
12:06:56.0 +0200
@@ -0,0 +1,139 @@
+From 447dd528f64d8bf481da9ac8445dd446bd4aa5c0 Mon Sep 17 00:00:00 2001
+From: Kent 'picat' Gruber
+Date: Wed, 14 Apr 2021 18:49:14 -0400
+Subject: [PATCH] Merge pull request #10023 from hashicorp/fix-raw-kv-xss
+
+Add content type headers to raw KV responses
+---
+ .changelog/10023.txt | 3 ++
+ agent/kvs_endpoint.go | 13 +--
+ agent/kvs_endpoint_test.go | 71 ++
+ 3 files changed, 85 insertions(+), 2 deletions(-)
+ create mode 100644 .changelog/10023.txt
+
+diff --git a/.changelog/10023.txt b/.changelog/10023.txt
+new file mode 100644
+index 000..92d85dbd0b9
+--- /dev/null
b/.changelog/10023.txt
+@@ -0,0 +1,3 @@
++```release-note:security
++Add content-type headers to raw KV responses to prevent XSS attacks
[CVE-2020-25864](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25864)
++```
+\ No newline at end of file
+diff --git a/agent/kvs_endpoint.go b/agent/kvs_endpoint.go
+index feb6b7bfd26..2b54fb783e2 100644
+--- a/agent/kvs_endpoint.go
b/agent/kvs_endpoint.go
+@@ -80,11 +80,20 @@ func (s *HTTPServer) KVSGet(resp http.ResponseWriter, req
*http.Request, args *s
+ return nil, nil
+ }
+
+- // Check if we are in raw mode with a normal get, write out
+- // the raw body
++ // Check if we are in raw mode with a normal get, write out the raw body
++ // while setting the Content-Type, Content-Security-Policy, and
++ // X-Content-Type-Options headers to prevent XSS attacks from malicious
KV
++ // entries. Otherwise, the net/http server will sniff the body to set
the
++ // Content-Type. The nosniff option then indicates to the browser that
it
++ // should also skip sniffing the body, otherwise it might ignore the
Content-Type
++ // header in some situations. The sandbox option provides another layer
of defense
++ // using the browser's content security policy to prevent code
execution.
+ if _, ok := params["raw"]; ok && method == "KVS.Get" {
+ body := out.Entries[0].Value
+ resp.Header().Set("Content-Length",
strconv.FormatInt(int64(len(body)), 10))
++ resp.Header().Set("Content-Type", "text/plain")
++ resp.Header().Set("X-Content-Type-Options", "nosniff")
++ resp.Header().Set("Content-Security-Policy", "sandbox")
+ resp.Write(body)
+ return nil, nil
+ }
+diff --git a/agent/kvs_endpoint_test.go b/agent/kvs_endpoint_test.go
+index ceb6d907f10..5a3017214a4 100644
+--- a/agent/kvs_endpoint_test.go
b/agent/kvs_endpoint_test.go
+@@ -422,6 +422,31 @@ func TestKVSEndpoint_GET_Raw(t
Bug#987351: claim bug
user debian-rele...@lists.debian.org usertags -1 + bsp-2021-04-AT-Salzburg thank you -- Valentin
Bug#987425: popularity-contest: Please update Croatian translation
Package: popularity-contest Severity: wishlist Dear Maintainer, Please update the Croatian translation in the package using the patch attached below. Thank you, Valentin From 05023c51e4d2b9d6e727fa3477732ec0c23d3d9e Mon Sep 17 00:00:00 2001 From: Valentin Vidic Date: Fri, 23 Apr 2021 18:20:31 +0200 Subject: [PATCH] Croatian translation update --- debian/po/hr.po | 22 +++--- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/debian/po/hr.po b/debian/po/hr.po index 566d675..c703981 100644 --- a/debian/po/hr.po +++ b/debian/po/hr.po @@ -4,18 +4,18 @@ msgstr "" "Project-Id-Version: Debian-installer HR\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2006-07-29 12:23+0200\n" -"PO-Revision-Date: 2006-09-27 12:50+0200\n" -"Last-Translator: Josip Rodin \n" +"PO-Revision-Date: 2021-04-23 18:20+0200\n" +"Last-Translator: Valentin Vidic \n" "Language-Team: Croatian \n" "MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=iso-8859-2\n" +"Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: boolean #. Description #: ../templates:4 msgid "Participate in the package usage survey?" -msgstr "Sudjelovati u anketi kori¹tenja paketa?" +msgstr "Sudjelovati u anketi koriÅ¡tenja paketa?" #. Type: boolean #. Description @@ -26,9 +26,9 @@ msgid "" "influences decisions such as which packages should go on the first " "distribution CD." msgstr "" -"Va¹ sustav mo¾e anonimno slati e-po¹tu razvijateljima distribucije sa " -"statistikama o paketima koje najvi¹e koristite. Ti podaci utjeèu na odluke " -"kao ¹to je izbor paketa koji æe biti stavljeni na prvi CD." +"Sustav može autorima distribucije anonimno slati statistiku o paketima " +"koji se najviÅ¡e koriste na ovom raÄunalu. Ti podaci utjeÄu na odluke " +"kao Å¡to je izbor paketa koji Äe se nalaziti na prvom CD-u distribucije." #. Type: boolean #. Description @@ -38,9 +38,9 @@ msgid "" "every week, sending statistics to the distribution developers. The collected " "statistics can be viewed on https://popcon.debian.org/.; msgstr "" -"Ako odluèite sudjelovati, automatska skripta æe se pokretati svaki tjedan " -"i slati statistike razvijateljima distribucije. Sabrane statistike se mogu " -"vidjeti na https://popcon.debian.org/.; +"Ako odluÄite sudjelovati, automatska skripta Äe jednom tjedno slati " +"statistike autorima distribucije. Sabrane statistike mogu se vidjeti na " +"https://popcon.debian.org/.; #. Type: boolean #. Description @@ -49,5 +49,5 @@ msgid "" "This choice can be later modified by running \"dpkg-reconfigure popularity-" "contest\"." msgstr "" -"Uvijek se mo¾ete predomisliti i promijeniti svoj izbor pokretanjem: " +"Uvijek se možete predomisliti i promijeniti svoj izbor pokretanjem naredbe: " "\"dpkg-reconfigure popularity-contest\"." -- 2.20.1
Bug#986014: buster-pu: package crmsh/4.0.0~git20190108.3d56538-3+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Hi,
This update contains the fix for CVE-2020-35459 - privilege escalation
for Hawk webserver using crmsh bug. Since Debian does not ship Hawk,
security team agreed that the fix for crmsh can go through stable
updates.
diff -Nru crmsh-4.0.0~git20190108.3d56538/debian/changelog
crmsh-4.0.0~git20190108.3d56538/debian/changelog
--- crmsh-4.0.0~git20190108.3d56538/debian/changelog2019-01-20
10:59:14.0 +0100
+++ crmsh-4.0.0~git20190108.3d56538/debian/changelog2021-03-27
19:07:26.0 +0100
@@ -1,3 +1,9 @@
+crmsh (4.0.0~git20190108.3d56538-3+deb10u1) buster; urgency=medium
+
+ * d/patches: include fix for CVE-2020-35459 (Closes: #985376)
+
+ -- Valentin Vidic Sat, 27 Mar 2021 19:07:26 +0100
+
crmsh (4.0.0~git20190108.3d56538-3) unstable; urgency=medium
* d/tests: disable regression tests for now
diff -Nru crmsh-4.0.0~git20190108.3d56538/debian/patches/CVE-2020-35459.patch
crmsh-4.0.0~git20190108.3d56538/debian/patches/CVE-2020-35459.patch
--- crmsh-4.0.0~git20190108.3d56538/debian/patches/CVE-2020-35459.patch
1970-01-01 01:00:00.0 +0100
+++ crmsh-4.0.0~git20190108.3d56538/debian/patches/CVE-2020-35459.patch
2021-03-27 19:05:37.0 +0100
@@ -0,0 +1,95 @@
+>From 1a4ed641835c6b6d45b2480c7ff2227e0611fe9d Mon Sep 17 00:00:00 2001
+From: liangxin1300
+Date: Fri, 18 Dec 2020 13:16:14 +0800
+Subject: [PATCH] Fix: history: use Path.mkdir instead of mkdir
+ command(bsc#117)
+
+And check if the directory name was sane
+---
+ crmsh/history.py | 10 ++
+ crmsh/utils.py | 14 --
+ 2 files changed, 14 insertions(+), 10 deletions(-)
+
+--- a/crmsh/history.py
b/crmsh/history.py
+@@ -465,6 +465,8 @@
+ return None
+
+ d = self._live_loc()
++if not utils.is_path_sane(d):
++return None
+ utils.rmdir_r(d)
+ tarball = "%s.tar.bz2" % d
+ to_option = ""
+@@ -473,8 +475,7 @@
+ nodes_option = ""
+ if self.setnodes:
+ nodes_option = "'-n %s'" % ' '.join(self.setnodes)
+-if utils.pipe_cmd_nosudo("mkdir -p %s" % os.path.dirname(d)) != 0:
+-return None
++utils.mkdirp(os.path.dirname(d))
+ common_info("Retrieving information from cluster nodes, please
wait...")
+ rc = utils.pipe_cmd_nosudo("%s -Z -Q -f '%s' %s %s %s %s" %
+(extcmd,
+@@ -981,6 +982,8 @@
+
+ def manage_session(self, subcmd, name):
+ session_dir = self.get_session_dir(name)
++if not utils.is_path_sane(session_dir):
++return False
+ if subcmd == "save" and os.path.exists(session_dir):
+ common_err("history session %s exists" % name)
+ return False
+@@ -988,8 +991,7 @@
+ common_err("history session %s does not exist" % name)
+ return False
+ if subcmd == "save":
+-if utils.pipe_cmd_nosudo("mkdir -p %s" % session_dir) != 0:
+-return False
++utils.mkdirp(session_dir)
+ if self.source == "live":
+ rc = utils.pipe_cmd_nosudo("tar -C '%s' -c . | tar -C '%s'
-x" %
+(self._live_loc(), session_dir))
+--- a/crmsh/utils.py
b/crmsh/utils.py
+@@ -15,6 +15,7 @@
+ import fnmatch
+ import gc
+ import ipaddress
++from pathlib import Path
+ from contextlib import contextmanager
+ from . import config
+ from . import userdir
+@@ -657,14 +658,14 @@
+
+
+ def is_path_sane(name):
+-if re.search(r"['`#*?$\[\]]", name):
++if re.search(r"['`#*?$\[\];]", name):
+ common_err("%s: bad path" % name)
+ return False
+ return True
+
+
+ def is_filename_sane(name):
+-if re.search(r"['`/#*?$\[\]]", name):
++if re.search(r"['`/#*?$\[\];]", name):
+ common_err("%s: bad filename" % name)
+ return False
+ return True
+@@ -793,10 +794,11 @@
+ rmdir_r(os.path.join(lockdir, _LOCKDIR))
+
+
+-def mkdirp(d, mode=0o777):
+-if os.path.isdir(d):
+-return True
+-os.makedirs(d, mode=mode)
++def mkdirp(directory, mode=0o777, parents=True, exist_ok=True):
++"""
++Same behavior as the POSIX mkdir -p command
++"""
++Path(directory).mkdir(mode, parents, exist_ok)
+
+
+ def pipe_cmd_nosudo(cmd):
diff -Nru crmsh-4.0.0~git20190108.3d56538/debian/patches/series
crmsh-4.0.0~git20190108.3d56538/debian/patches/series
--- crmsh-4.0.0~git20190108.3d56538/debian/patches/series 2019-01-19
14:56:34.0 +0100
+++ crmsh-4.0.0~git20190108.3d56538/debian/patches/series 2021-03-27
19:02:25.0 +0100
@@ -9,3 +9,4 @@
0013-Fix-cluster-bootstrap.patch
0014-Fix-cluster-stop-start.patch
0015-Fix-testsuite-errors.patch
+CVE-2020-35459.patch
Bug#979450: booth: autopkgtest fails on ci-worker-ppc64el-01 (but apparently not on other ppc64el workers)
On Thu, Jan 28, 2021 at 03:52:41PM +0100, Paul Gevers wrote: > Grr. I'm now sure they don't. Although we generate new containers every > day, it seems that the configuration of those containers in > /var/lib/lxc/* *doesn't* get refreshed. I have just destroyed all > containers before creating new ones, and now they contain this. So, > somehow our container recreation is flawed. > > I ran a booth, pdns and pdns-recursor autopkgtest manually on this host, > and they now pass. > > I've reassigned the bugs to autopkgtest, it needs to be fixed there IMHO. autopkgtest-build-lxc has an update mode where it only recreates rootfs for existing containers but not anything else outside of that. The safest way would probably be to create a container with a new name, run some tests and if it looks good rename over the previous container. -- Valentin
Bug#979450: booth: autopkgtest fails on ci-worker-ppc64el-01 (but apparently not on other ppc64el workers)
On Thu, Jan 28, 2021 at 09:05:55AM +0100, Paul Gevers wrote: > We generate fresh containers on a daily basis. I suppose you can check AppArmor logs, perhaps it is only enabled or configured differently on this host. -- Valentin
Bug#979450: booth: autopkgtest fails on ci-worker-ppc64el-01 (but apparently not on other ppc64el workers)
On Wed, Jan 27, 2021 at 10:37:56PM +0100, Paul Gevers wrote: > debian@ci-worker-ppc64el-01:~$ sudo cat /etc/lxc/default.conf > # MANAGED WITH CHEF; DON'T CHANGE BY HAND > lxc.net.0.type = veth > lxc.net.0.link = virbr0 > lxc.net.0.flags = up > lxc.apparmor.profile = generated > lxc.apparmor.allow_nesting = 1 I think this is only for new containers and for the existing ones these options would be in /var/lib/lxc//config. Also apparmor should log mount failures in kernel log or somewhere... -- Valentin
Bug#979450: booth: autopkgtest fails on ci-worker-ppc64el-01 (but apparently not on other ppc64el workers)
On Wed, Jan 27, 2021 at 09:56:34PM +0100, Paul Gevers wrote: > Please see: https://salsa.debian.org/-/snippets/520 Do you seen anything > weird? I don't think anything would show up in the mounts on the host itself. The problem is probably with some of the hardenings enabled in the corosync service, for example: https://salsa.debian.org/ha-team/corosync/-/blob/debian/master/debian/patches/Enable-PrivateTmp-in-the-systemd-service-files.patch I seem to remember having this problem on my machine too were apparmor was blocking the mount, and the solution was to add these to the config of all containers: # Apparmor enable lxc.apparmor.profile = generated lxc.apparmor.allow_nesting = 1 More details in /usr/share/doc/lxc/NEWS.Debian.gz -- Valentin
Bug#979450: booth: autopkgtest fails on ci-worker-ppc64el-01 (but apparently not on other ppc64el workers)
On Sat, Jan 09, 2021 at 06:31:06PM +0100, wf...@niif.hu wrote: > Not offhand. It certainly failed to start the Corosync daemon (which > should automatically start after installation, but that's beside the > point). So there's ample chance this is a Corosync peculiarity after > all; can't you see a similar pattern in the Corosync autopkgtest > results? I often find myself wishing the logs were available when > debugging autopkgtest failures. Before I'm starting to add journal > dumps everywhere: don't you think it would be sensible to automatically > add the created journal file (or something equivalent) to the test log > or artifacts? I added some more logging in the new package version and it seems to be a mount permission problem. Perhaps this worker has a different configuration somehow? autopkgtest [07:22:25]: host ci-worker-ppc64el-01; command line: /usr/bin/autopkgtest --no-built-binaries '--setup-commands=echo '"'"'booth unstable/ppc64el'"'"' > /var/tmp/debci.pkg 2>&1 || true' --user debci --apt-upgrade '--add-apt-source=deb http://incoming.debian.org/debian-buildd buildd-experimental main contrib non-free' --add-apt-release=experimental --pin-packages=experimental=src:glib2.0 --output-dir /tmp/tmp.KhiiPwYCbB/autopkgtest-incoming/unstable/ppc64el/b/booth/10042004 booth -- lxc --sudo --name ci-027-30fed9e8 autopkgtest-unstable-ppc64el ... Job for corosync.service failed because the control process exited with error code. See "systemctl status corosync.service" and "journalctl -xe" for details. ● corosync.service - Corosync Cluster Engine Loaded: loaded (/lib/systemd/system/corosync.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Wed 2021-01-27 07:35:33 UTC; 11ms ago Docs: man:corosync man:corosync.conf man:corosync_overview Process: 2431 ExecStart=/usr/sbin/corosync -f $COROSYNC_OPTIONS (code=exited, status=226/NAMESPACE) Main PID: 2431 (code=exited, status=226/NAMESPACE) Jan 27 07:35:33 ci-027-30fed9e8 systemd[1]: Starting Corosync Cluster Engine... Jan 27 07:35:33 ci-027-30fed9e8 systemd[2431]: corosync.service: Failed to set up mount namespacing: Permission denied Jan 27 07:35:33 ci-027-30fed9e8 systemd[2431]: corosync.service: Failed at step NAMESPACE spawning /usr/sbin/corosync: Permission denied Jan 27 07:35:33 ci-027-30fed9e8 systemd[1]: corosync.service: Main process exited, code=exited, status=226/NAMESPACE Jan 27 07:35:33 ci-027-30fed9e8 systemd[1]: corosync.service: Failed with result 'exit-code'. Jan 27 07:35:33 ci-027-30fed9e8 systemd[1]: Failed to start Corosync Cluster Engine. https://ci.debian.net/data/autopkgtest/unstable/ppc64el/b/booth/10042004/log.gz -- Valentin
Bug#917401: lvm2-lockd: please add cmirrord
Please include for bullseye release if possible: cmirrord is the daemon that tracks mirror log information in a cluster. It is specific to device-mapper based mirrors (and by extension, LVM cluster mirrors). Cluster mirrors are not possible without this daemon running. -- Valentin
Bug#975302: [Debian-ha-maintainers] Bug#975302: ocfs2-tools: Lacking IPv6 support
On Sat, Dec 05, 2020 at 02:08:16PM +0100, Valentin Vidic wrote: > Thank you for the report. I'm not sure if this is a supported use case > for ocfs2 (it is most often used in local cluster setups), but I > forwarded the request to upstream authors for review: > > https://github.com/markfasheh/ocfs2-tools/issues/49 Unfortunately, upstream replied that IPv6 is not supported and planned for o2cb at the moment. I will close this request as this is not something we can resolve on the Debian side. -- Valentin
Bug#975302: ocfs2-tools: Lacking IPv6 support
On Fri, Nov 20, 2020 at 09:19:52AM +0100, Benoit Panizzon wrote: > Due to the depletion of ipv4 addresses, more and more services use ipv6 and > NAT is wiedly in use. > > I am also in a situation where there is a central storage reachable via iscsi > and ipv6 and one > node has an ipv4 NAT ip address and native ipv6 address. > > It's not critical production situation, it's how I attempted to share a disk > at the office with my homeoffice > notebook behind NAT for easier data exchange :-) Yes there are other ways to > do this. But OCFS2 sounded nice. > > According to what I have read, the linux kernel ocfs2 implemenation is ipv6 > enabled, but it looks like > the configuration tools lack the knowledge of ipv6 addresses. I have not been > able to add a node > which is reachable via ipv6. > > Please consider adding ipv6 support to the o2cb tools soon. Thank you for the report. I'm not sure if this is a supported use case for ocfs2 (it is most often used in local cluster setups), but I forwarded the request to upstream authors for review: https://github.com/markfasheh/ocfs2-tools/issues/49 -- Valentin
Bug#975543: fence-agents autopkg tests time out
On Mon, Nov 23, 2020 at 11:46:54AM +0100, Matthias Klose wrote: > Package: src:fence-agents > Version: 4.6.0-2 > Severity: serious > Tags: sid bullseye > User: debian-pyt...@lists.debian.org > Usertags: python3.9 > > fence-agents autopkg tests time out, might not be Python 3.9 specific. Yup, this should be a dash wait hang tracked in #974705. -- Valentin
Bug#974705: fence-agents test hangs
One of autopkgtests in fence-agents package seems to be broken in the same way - just hangs in wait forever and using bash works: https://salsa.debian.org/ha-team/fence-agents/-/blob/master/debian/tests/delay -- Valentin
Bug#972517: dlm: autopkgtest passes but only reports errors
On Mon, Oct 19, 2020 at 08:57:37PM +0200, Paul Gevers wrote: > Your package dlm has an autopkgtest, great. However, I believe that it > should fail as the messages in the log suggest the test didn't succeed. > Failing autopkgtests are RC. Please fix your autopkgtest. Yes, unfortunately dlm requires a kernel component so the basic test that runs in containers can't check much other that the binaries start correctly. The second test (corosync) requires isolation-machine and does a better job but it requires a full kvm machine. -- Valentin
Bug#972471: ITP: osmid -- tool to convert MIDI to OSC and OSC to MIDI
Package: wnpp Severity: wishlist Owner: Valentin Vidic * Package name: osmid Version : 0.8.0 Upstream Author : Luis Lloret * URL : https://github.com/llloret/osmid * License : MIT Programming Lang: C++ Description : tool to convert MIDI to OSC and OSC to MIDI osmid aims to provide a lightweight, portable, easy to use tool to convert MIDI to OSC and OSC to MIDI. It is the software handling the communication with MIDI devices in Sonic Pi. osmid is divided in 2 tools: * m2o: MIDI to OSC conversion * o2m: OSC to MIDI conversion This package is required as a dependency for the new version of the sonic-pi package. The package will be maintained in the multimedia team on Salsa.
Bug#970084: corosync: Corosync becomes unresponsive and disconnects from the rest of the cluster when primary link is lost
On Mon, Sep 14, 2020 at 01:35:24PM +0200, Dominik Klein wrote: > we installed libknet1 from buster-backports and this fixed the described > problem. Great, thanks for confirming this is a knet issue. -- Valentin
Bug#970084: corosync: Corosync becomes unresponsive and disconnects from the rest of the cluster when primary link is lost
On Fri, Sep 11, 2020 at 11:45:54AM +0200, Valentin Vidic wrote: > This might be a knet problem. Can you test if just installing knet > libs from backports with corosync 3.0.1-2+deb10u1 solves the issue > you are seeing? Also knet update for buster has not been approved yet, but can be tracked here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950488 -- Valentin
Bug#970084: corosync: Corosync becomes unresponsive and disconnects from the rest of the cluster when primary link is lost
On Fri, Sep 11, 2020 at 11:22:19AM +0200, Eugen Wick wrote: > * Tests with Corosync 3.0.3 from debian testing. > We installed packages from debian testing and fulfilled dependencies from > debian backports. > > # > apt install libnozzle1=1.16-2~bpo10+1 libknet1=1.16-2~bpo10+1 libnl-3-200 > libnl-route-3-200 libknet-dev=1.16-2~bpo10+1 ./corosync_3.0.3-2_amd64.deb > ./libcorosync-common4_3.0.3-2_amd64.deb > # > The described problem does not occur with the 3.0.3 version from debian > testing. This might be a knet problem. Can you test if just installing knet libs from backports with corosync 3.0.1-2+deb10u1 solves the issue you are seeing? -- Valentin
Bug#968869: gem2deb-test-runner: missing depends for dpkg-parsechangelog
Package: gem2deb-test-runner Version: 1.2.1 Severity: normal Dear Maintainer, It seems that gem2deb-test-runner calls dpkg-parsechangelog but does not depend on dpkg-dev as shown by this failing test created by autopkgtest-pkg-ruby: autopkgtest [20:40:28]: test command1: gem2deb-test-runner --autopkgtest --check-dependencies 2>&1 autopkgtest [20:40:28]: test command1: [--- ┌──┐ │ Checking Rubygems dependency resolution on ruby2.7 │ └──┘ /usr/lib/ruby/vendor_ruby/gem2deb/metadata.rb:168:in ``': No such file or directory - dpkg-parsechangelog (Errno::ENOENT) from /usr/lib/ruby/vendor_ruby/gem2deb/metadata.rb:168:in `populate_gemspec_fields' from /usr/lib/ruby/vendor_ruby/gem2deb/metadata.rb:38:in `initialize' from /usr/lib/ruby/vendor_ruby/gem2deb/test_runner.rb:90:in `new' from /usr/lib/ruby/vendor_ruby/gem2deb/test_runner.rb:90:in `block in do_check_dependencies' from /usr/lib/ruby/vendor_ruby/gem2deb/test_runner.rb:89:in `each' from /usr/lib/ruby/vendor_ruby/gem2deb/test_runner.rb:89:in `do_check_dependencies' from /usr/lib/ruby/vendor_ruby/gem2deb/test_runner.rb:79:in `run_tests' from /usr/bin/gem2deb-test-runner:67:in `' autopkgtest [20:40:29]: test command1: ---] autopkgtest [20:40:29]: test command1: - - - - - - - - - - results - - - - - - - - - - command1 FAIL non-zero exit status 1 -- Valentin
Bug#963796: buster-pu: package resource-agents/1:4.2.0-2+deb10u2
On Thu, Jul 02, 2020 at 09:04:10PM +0100, Adam D. Barratt wrote: > Thanks for the quick explanation. Please go ahead. Thank you, just uploaded. -- Valentin
Bug#963796: buster-pu: package resource-agents/1:4.2.0-2+deb10u2
On Thu, Jul 02, 2020 at 08:51:39PM +0100, Adam D. Barratt wrote: > I assume these changes are no-ops, but why are they included? They > don't appear to actually relate to the issue - the first two even more > so. Right, the IP2UTIL change is not strictly needed but I preferred to use the upstream diff rather than making a custom one. IP2UTIL is also used in other agent scripts so it should not be a problem here. -- Valentin
Bug#963984: ITP: ruby-sys-proctable -- Ruby interface for gathering process informatio
Package: wnpp Severity: wishlist Owner: Valentin Vidic * Package name: ruby-sys-proctable Version : 1.2.5 Upstream Author : Daniel J. Berger * URL : https://github.com/djberg96/sys-proctable * License : Apache-2.0 Programming Lang: Ruby Description : Ruby interface for gathering process informatio The sys-proctable library provides an interface for gathering information about processes on your system, i.e. the process table. Most major platforms are supported and, while different platforms may return different information, the external interface is identical across platforms. This library is required as a dependency for the new version of the sonic-pi package. The package will be maintained in the ruby-team group on Salsa.
Bug#963906: ITP: ruby-aubio -- Ruby bindings for the aubio audio library
Package: wnpp Severity: wishlist Owner: Valentin Vidic * Package name: ruby-aubio Version : 0.3.3 Upstream Author : Xavier Riley * URL : https://github.com/xavriley/ruby-aubio * License : MIT Programming Lang: Ruby Description : Ruby bindings for the aubio audio library Aubio is a tool designed for the extraction of annotations from audio signals. Its features include segmenting a sound file before each of its attacks, performing pitch detection, tapping the beat and producing midi streams from live audio. This library is required as a dependency for the new version of the sonic-pi package. The package will be maintained in the ruby-team group on Salsa.
Bug#963874: ITP: ruby-rubame -- simple Ruby websocket game server
Package: wnpp Severity: wishlist Owner: Valentin Vidic * Package name: ruby-rubame Version : 0.0.2 Upstream Author : Mark Saward * URL : https://github.com/saward/Rubame * License : MIT Programming Lang: Ruby Description : simple Ruby websocket game server Rubame makes use of WebSocket Ruby to handle the websocket protocol and the standard Ruby sockets libraries for the actual network connections. This library is required as a dependency for the new version of the sonic-pi package. The package will be maintained in the ruby-team group on Salsa.
Bug#963796: buster-pu: package resource-agents/1:4.2.0-2+deb10u2
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Hi,
Please approve the following fix for IPsrcaddr agent in buster:
diff -Nru resource-agents-4.2.0/debian/changelog
resource-agents-4.2.0/debian/changelog
--- resource-agents-4.2.0/debian/changelog 2019-08-04 09:59:39.0
+0200
+++ resource-agents-4.2.0/debian/changelog 2020-06-27 13:26:42.0
+0200
@@ -1,3 +1,9 @@
+resource-agents (1:4.2.0-2+deb10u2) buster; urgency=medium
+
+ * debian/patches: add ipsrcaddr-proto.patch (Closes: #963691)
+
+ -- Valentin Vidic Sat, 27 Jun 2020 13:26:42 +0200
+
resource-agents (1:4.2.0-2+deb10u1) buster; urgency=medium
* debian/patches: drop xen-toolstack.patch
diff -Nru resource-agents-4.2.0/debian/patches/ipsrcaddr-proto.patch
resource-agents-4.2.0/debian/patches/ipsrcaddr-proto.patch
--- resource-agents-4.2.0/debian/patches/ipsrcaddr-proto.patch 1970-01-01
01:00:00.0 +0100
+++ resource-agents-4.2.0/debian/patches/ipsrcaddr-proto.patch 2020-06-27
13:24:37.0 +0200
@@ -0,0 +1,75 @@
+From 6052e8fd37d23f46db217f915b445c7e67dccb34 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen
+Date: Thu, 4 Apr 2019 13:31:27 +0200
+Subject: [PATCH] IPsrcaddr: make proto optional to fix regression when used
+ without NetworkManager
+
+---
+ heartbeat/IPsrcaddr | 21 +
+ 1 file changed, 17 insertions(+), 4 deletions(-)
+
+diff --git a/heartbeat/IPsrcaddr b/heartbeat/IPsrcaddr
+index 4ca3d2364..5a447196e 100755
+--- a/heartbeat/IPsrcaddr
b/heartbeat/IPsrcaddr
+@@ -50,12 +50,17 @@
+
+ ###
+ # Initialization:
+-
+ : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
+ . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
+
++# Defaults
++OCF_RESKEY_proto_default=""
++
++: ${OCF_RESKEY_proto=${OCF_RESKEY_proto_default}}
+ ###
+
++[ -z "$OCF_RESKEY_proto" ] && PROTO="" || PROTO="proto $OCF_RESKEY_proto"
++
+ USAGE="usage: $0 {start|stop|status|monitor|validate-all|meta-data}";
+
+ CMDSHOW="$IP2UTIL route show to exact 0.0.0.0/0"
+@@ -97,6 +102,14 @@ dotted quad notation 255.255.255.0).
+ Netmask
+
+
++
++
++
++Proto to match when finding network. E.g. "kernel".
++
++Proto
++
++
+
+
+
+@@ -172,7 +185,7 @@ srca_start() {
+ rc=$OCF_SUCCESS
+ ocf_log info "The ip route has been already set.($NETWORK,
$INTERFACE, $ROUTE_WO_SRC)"
+ else
+- ip route replace $NETWORK dev $INTERFACE src $1 || \
++ $IP2UTIL route replace $NETWORK dev $INTERFACE src $1 || \
+ errorexit "command 'ip route replace $NETWORK dev
$INTERFACE src $1' failed"
+
+ $CMDCHANGE $ROUTE_WO_SRC src $1 || \
+@@ -204,7 +217,7 @@ srca_stop() {
+
+ [ $rc = 2 ] && errorexit "The address you specified to stop does not
match the preferred source address"
+
+- ip route replace $NETWORK dev $INTERFACE || \
++ $IP2UTIL route replace $NETWORK dev $INTERFACE || \
+ errorexit "command 'ip route replace $NETWORK dev $INTERFACE'
failed"
+
+ $CMDCHANGE $ROUTE_WO_SRC || \
+@@ -473,7 +486,7 @@ rc=$?
+ }
+
+ INTERFACE=`echo $findif_out | awk '{print $1}'`
+-NETWORK=`ip route list dev $INTERFACE scope link proto kernel match
$ipaddress|grep -o '^[^ ]*'`
++NETWORK=`$IP2UTIL route list dev $INTERFACE scope link $PROTO match
$ipaddress|grep -m 1 -o '^[^ ]*'`
+
+ case $1 in
+ start) srca_start $ipaddress
diff -Nru resource-agents-4.2.0/debian/patches/series
resource-agents-4.2.0/debian/patches/series
--- resource-agents-4.2.0/debian/patches/series 2019-08-04 09:59:39.0
+0200
+++ resource-agents-4.2.0/debian/patches/series 2020-06-27 13:25:03.0
+0200
@@ -8,3 +8,4 @@
var-run.patch
ethmonitor-no-addr.patch
zfs-bashism.patch
+ipsrcaddr-proto.patch
Bug#963791: pacemaker-dev: missing pkg-config dependencies
Package: pacemaker-dev Version: 2.0.4-2 Severity: normal Dear Maintainer, The following two dependencies seem to be missing after installing pacemaker-dev on a clean build system: $ pkg-config --exists --print-errors libpacemaker Package ncurses was not found in the pkg-config search path. Perhaps you should add the directory containing `ncurses.pc' to the PKG_CONFIG_PATH environment variable Package 'ncurses', required by 'pacemaker-pe_status', not found $ pkg-config --exists --print-errors pacemaker-service Package dbus-1 was not found in the pkg-config search path. Perhaps you should add the directory containing `dbus-1.pc' to the PKG_CONFIG_PATH environment variable Package 'dbus-1', required by 'pacemaker-service', not found Maybe it would be nice to have an autopkgtest for this problem in the future? -- Valentin
Bug#962454: Link failures after upgrade to +deb10u1
On Mon, Jun 08, 2020 at 12:29:35PM +0200, Alberto Gonzalez Iniesta wrote: > Some weeks ago I upgraded corosync (3.0.1-2 -> 3.0.1-2+deb10u1) and > started to notice these messages in my nodes (two node cluster): > Jun 2 01:10:13 patty corosync[2346]: [KNET ] link: host: 2 link: 0 is down > Jun 2 01:10:13 patty corosync[2346]: [KNET ] host: host: 2 (passive) best > link: 1 (pri: 1) > Jun 2 01:10:14 patty corosync[2346]: [KNET ] rx: host: 2 link: 0 is up > Jun 2 01:10:14 patty corosync[2346]: [KNET ] host: host: 2 (passive) best > link: 0 (pri: 1) > Jun 3 03:11:07 patty corosync[2346]: [KNET ] link: host: 2 link: 1 is down > Jun 3 03:11:07 patty corosync[2346]: [KNET ] host: host: 2 (passive) best > link: 0 (pri: 1) > Jun 3 03:11:08 patty corosync[2346]: [KNET ] rx: host: 2 link: 1 is up > Jun 3 03:11:08 patty corosync[2346]: [KNET ] host: host: 2 (passive) best > link: 0 (pri: 1) Hi, can you confirm that downgrading to the previous version solves the link problem for you? -- Valentin
Bug#962362: cyrus-admin: sieveshell segfaults after quit command
Package: cyrus-admin
Version: 3.0.8-6+deb10u4
Severity: normal
Dear Maintainer,
The sieveshell command does not work correctly after the quit command:
$ sieveshell localhost
connecting to localhost
Please enter your password:
> list
main <- active script
> quit
> list
Segmentation fault
Rather than accepting further commands after quit, sieveshell should just exit
as $obj becomes NULL and is not usable anymore:
} elsif (($words[0] eq "quit") || ($words[0] eq "q")) {
sieve_logout($obj);
+ last;
}
This is a Debian specific problem, as the upstream version already has
exit 0 in place of last.
-- System Information:
Debian Release: 10.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-9-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages cyrus-admin depends on:
ii cyrus-common3.0.8-6+deb10u4
ii dpkg1.19.7
ii libcyrus-imap-perl 3.0.8-6+deb10u4
ii perl5.28.1-6
cyrus-admin recommends no packages.
Versions of packages cyrus-admin suggests:
ii sasl2-bin 2.1.27+dfsg-1+deb10u1
-- no debconf information
Bug#961057: debian-installer: qemu-system-s390x installation fails due to missing modules
Package: debian-installer Version: 20190702+deb10u4 Severity: important Dear Maintainer, Installer initrd does not include modules virtio_blk and virtio_net (+dependencies) preventing a successful installation inside a QEMU VM: $ virt-install --arch=s390x --name test --memory 1024 --disk test.img \ --extra-args=console=ttyS0 \ -l http://ftp.de.debian.org/debian/dists/buster/main/installer-s390x/ -- System Information: Debian Release: 10.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-9-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#961056: debian-installer: qemu-system-s390x installation fails due to incorrect serial device
Package: debian-installer Version: 20190702+deb10u4 Severity: important Dear Maintainer, Running the installation inside a QEMU instance does not work in buster: $ virt-install --arch=s390x --name test --memory 1024 --disk none \ --extra-args=console=ttyS0 \ -l http://ftp.de.debian.org/debian/dists/buster/main/installer-s390x/ Starting install... Retrieving file kernel.debian... | 3.3 MB 00:00:00 Retrieving file initrd.debian... | 9.7 MB 00:00:01 Allocating 'virtinst-kernel.debian.mnba14e7' | 3.3 MB 00:00:00 Transferring virtinst-kernel.debian.mnba14e7 | 3.3 MB 00:00:00 Allocating 'virtinst-initrd.debian.2q88l_1j' | 9.7 MB 00:00:00 Transferring virtinst-initrd.debian.2q88l_1j | 9.7 MB 00:00:00 Connected to domain test Escape character is ^] [1.785649] Linux version 4.19.0-9-s390x (debian-ker...@lists.debian.org) (gcc version 8.3.0 (Debian 8.3.0-6)) #1 +SMP Debian 4.19.118-2 (2020-04-29) [1.786919] setup: Linux is running under KVM in 64-bit mode [1.788555] setup: The maximum memory size is 1024MB [1.790050] cpu: 1 configured CPUs, 0 standby CPUs [1.822704] Write protected kernel read-only data: 8976k ... [6.148235] mip6: Mobile IPv6 [6.148389] NET: Registered protocol family 17 [6.149302] mpls_gso: MPLS GSO support [6.151503] registered taskstats version 1 [6.152310] zswap: loaded using pool lzo/zbud [6.154776] AppArmor: AppArmor sha1 policy hashing enabled [6.780329] Freeing unused kernel memory: 684K [6.780784] Write protected read-only-after-init data: 20k [6.780870] Run /init as init process steal-ctty: No such file or directory Than just hangs there because of the problem with the serial port name. Installer tries to use nonexistent serial device /dev/ttyS1, while the real name is /dev/ttysclp0. Proposed fix is here: https://salsa.debian.org/installer-team/rootskel/-/merge_requests/2/diffs -- System Information: Debian Release: 10.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-9-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#956155: buster-pu: package corosync-qdevice/3.0.0-4+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Due to missing Default-Start runlevels, corosync-qdevice cannot be enabled after installation: # systemctl enable corosync-qdevice Synchronizing state of corosync-qdevice.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable corosync-qdevice update-rc.d: error: corosync-qdevice Default-Start contains no runlevels, aborting. diff -Nru corosync-qdevice-3.0.0/debian/changelog corosync-qdevice-3.0.0/debian/changelog --- corosync-qdevice-3.0.0/debian/changelog 2019-02-04 00:33:24.0 +0100 +++ corosync-qdevice-3.0.0/debian/changelog 2020-04-07 23:10:01.0 +0200 @@ -1,3 +1,9 @@ +corosync-qdevice (3.0.0-4+deb10u1) buster; urgency=medium + + * [8de35d1] Set Default-Start runlevels for corosync-qdevice (Closes: #932346) + + -- Valentin Vidic Tue, 07 Apr 2020 23:10:01 +0200 + corosync-qdevice (3.0.0-4) unstable; urgency=medium * [c680521] Revert "Require pacemaker for qdevice autopkgtest" diff -Nru corosync-qdevice-3.0.0/debian/corosync-qdevice.init corosync-qdevice-3.0.0/debian/corosync-qdevice.init --- corosync-qdevice-3.0.0/debian/corosync-qdevice.init 2019-01-03 09:18:31.0 +0100 +++ corosync-qdevice-3.0.0/debian/corosync-qdevice.init 2020-04-07 22:52:15.0 +0200 @@ -7,7 +7,7 @@ # Provides:corosync-qdevice # Required-Start: $remote_fs $syslog corosync # Required-Stop: $remote_fs $syslog corosync -# Default-Start: +# Default-Start: 2 3 4 5 # Default-Stop:0 1 6 # Short-Description: Corosync Qdevice daemon # Description: Starts and stops Corosync Qdevice daemon.
Bug#955861: stretch-pu: package csync2/2.0-8-g175a01c-4+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hi, Please approve the following update for stretch fixing a CVE: diff -Nru csync2-2.0-8-g175a01c/debian/changelog csync2-2.0-8-g175a01c/debian/changelog --- csync2-2.0-8-g175a01c/debian/changelog 2016-10-23 15:38:46.0 +0200 +++ csync2-2.0-8-g175a01c/debian/changelog 2020-04-05 15:26:41.0 +0200 @@ -1,3 +1,9 @@ +csync2 (2.0-8-g175a01c-4+deb9u1) stretch; urgency=medium + + * Add patch for CVE-2019-15522 (Closes: #955445) + + -- Valentin Vidic Sun, 05 Apr 2020 15:26:41 +0200 + csync2 (2.0-8-g175a01c-4) unstable; urgency=medium [ Christoph Berg ] diff -Nru csync2-2.0-8-g175a01c/debian/patches/CVE-2019-15522.patch csync2-2.0-8-g175a01c/debian/patches/CVE-2019-15522.patch --- csync2-2.0-8-g175a01c/debian/patches/CVE-2019-15522.patch 1970-01-01 01:00:00.0 +0100 +++ csync2-2.0-8-g175a01c/debian/patches/CVE-2019-15522.patch 2020-04-05 15:25:58.0 +0200 @@ -0,0 +1,21 @@ +From 0ecfc333da51575f188dd7cf6ac4974d13a800b1 Mon Sep 17 00:00:00 2001 +From: Malte Kraus +Date: Tue, 13 Aug 2019 11:25:57 +0200 +Subject: [PATCH] fail HELLO command when SSL is required + +--- + daemon.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/daemon.c b/daemon.c +index 2d8407d..2a1a8af 100644 +--- a/daemon.c b/daemon.c +@@ -747,6 +747,7 @@ void csync_daemon_session() + goto conn_without_ssl_ok; + } + cmd_error = conn_response(CR_ERR_SSL_EXPECTED); ++ peer = NULL; + } + conn_without_ssl_ok:; + #endif diff -Nru csync2-2.0-8-g175a01c/debian/patches/series csync2-2.0-8-g175a01c/debian/patches/series --- csync2-2.0-8-g175a01c/debian/patches/series 2016-10-23 15:38:46.0 +0200 +++ csync2-2.0-8-g175a01c/debian/patches/series 2020-04-05 15:26:06.0 +0200 @@ -1,3 +1,4 @@ fix-MAXPATHLEN-for-hurd-i386.patch fix-libsqlite3-name.patch fix-xinetd.patch +CVE-2019-15522.patch
Bug#955860: buster-pu: package csync2/2.0-22-gce67c55-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hi, Please approve the following update for buster fixing a CVE: diff -Nru csync2-2.0-22-gce67c55/debian/changelog csync2-2.0-22-gce67c55/debian/changelog --- csync2-2.0-22-gce67c55/debian/changelog 2018-10-06 23:05:46.0 +0200 +++ csync2-2.0-22-gce67c55/debian/changelog 2020-04-05 12:55:07.0 +0200 @@ -1,3 +1,9 @@ +csync2 (2.0-22-gce67c55-1+deb10u1) buster; urgency=medium + + * Add patch for CVE-2019-15522 (Closes: #955445) + + -- Valentin Vidic Sun, 05 Apr 2020 12:55:07 +0200 + csync2 (2.0-22-gce67c55-1) unstable; urgency=medium * New upstream version 2.0-22-gce67c55 diff -Nru csync2-2.0-22-gce67c55/debian/patches/CVE-2019-15522.patch csync2-2.0-22-gce67c55/debian/patches/CVE-2019-15522.patch --- csync2-2.0-22-gce67c55/debian/patches/CVE-2019-15522.patch 1970-01-01 01:00:00.0 +0100 +++ csync2-2.0-22-gce67c55/debian/patches/CVE-2019-15522.patch 2020-04-05 12:51:42.0 +0200 @@ -0,0 +1,21 @@ +From 0ecfc333da51575f188dd7cf6ac4974d13a800b1 Mon Sep 17 00:00:00 2001 +From: Malte Kraus +Date: Tue, 13 Aug 2019 11:25:57 +0200 +Subject: [PATCH] fail HELLO command when SSL is required + +--- + daemon.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/daemon.c b/daemon.c +index 2d8407d..2a1a8af 100644 +--- a/daemon.c b/daemon.c +@@ -747,6 +747,7 @@ void csync_daemon_session() + goto conn_without_ssl_ok; + } + cmd_error = conn_response(CR_ERR_SSL_EXPECTED); ++ peer = NULL; + } + conn_without_ssl_ok:; + #endif diff -Nru csync2-2.0-22-gce67c55/debian/patches/series csync2-2.0-22-gce67c55/debian/patches/series --- csync2-2.0-22-gce67c55/debian/patches/series2018-04-18 22:30:48.0 +0200 +++ csync2-2.0-22-gce67c55/debian/patches/series2020-04-05 12:51:17.0 +0200 @@ -3,3 +3,4 @@ spelling.patch fix-manpage-header.patch fix-parallel-build.patch +CVE-2019-15522.patch -- Valentin
Bug#954956: ITP: dacite -- create data classes from dictionaries
Package: wnpp Severity: wishlist Owner: Valentin Vidic * Package name: dacite Version : 1.3.0 Upstream Author : Konrad Hałas * URL : https://github.com/konradhalas/dacite * License : MIT Programming Lang: Python Description : create data classes from dictionaries Python library that simplifies creation of data classes (PEP 557) from dictionaries. This module is required for the new version of the pcs package and will be maintained by the DPMT on salsa.
Bug#947674: ITP: prometheus-hacluster-exporter -- Prometheus exporter for HA cluster services
Package: wnpp Severity: wishlist Owner: Valentin Vidic * Package name: prometheus-hacluster-exporter Version : 0.4.0 Upstream Author : SUSE * URL : https://github.com/ClusterLabs/ha_cluster_exporter * License : GPL-3 Programming Lang: Go Description : Prometheus exporter for HA cluster services Prometheus exporter for Pacemaker cluster services, written in Go. This service scrapes status of Corosync, Pacemaker, SBD and DRBD services and exports them via HTTP for Prometheus consumption. This package is useful for integrating Pacemaker clusters with Prometheus monitoring. Exporter package will be maintained by the Debian HA Team.
Bug#947429: lintian: Can't use an undefined value as an ARRAY reference at /usr/share/lintian/checks/manpages.pm line 370
Package: lintian Version: 2.42.0 Severity: normal Dear Maintainer, Last version of lintian fails to check resource-agents package with runtime error: https://salsa.debian.org/ha-team/resource-agents/-/jobs/475012 Can't use an undefined value as an ARRAY reference at /usr/share/lintian/checks/manpages.pm line 370. internal error: cannot run manpages check on package binary:resource-agents/1:4.4.0-2/amd64 warning: skipping check of binary:resource-agents/1:4.4.0-2/amd64 I: resource-agents: capitalization-error-in-description apache Apache I: resource-agents: capitalization-error-in-description mysql MySQL I: ldirectord: conflicts-with-version libpils0 (<< 2.0.8-3) I: ldirectord: conflicts-with-version libstonith0 (<< 2.0.8-3) I: ldirectord: conflicts-with-version stonith (<< 2.0.8-3) I: resource-agents: conflicts-with-version cluster-agents (<= 1:1.0.4-1) I: resource-agents: conflicts-with-version resource-agents-dev (<< 1:3.9.6) I: resource-agents: conflicts-with-version rgmanager (<= 3.0.12-2+b1) I: ldirectord: debian-news-entry-uses-asterisk I: resource-agents: debian-news-entry-uses-asterisk I: ldirectord: extended-description-is-probably-too-short I: resource-agents: package-contains-documentation-outside-usr-share-doc usr/share/resource-agents/ocft/README I: resource-agents: package-contains-documentation-outside-usr-share-doc usr/share/resource-agents/ocft/README.zh_CN I: resource-agents: spelling-error-in-manpage usr/share/man/man7/ocf_heartbeat_exportfs.7.gz seperated separated I: resource-agents: unused-override binary-without-manpage usr/sbin/ocft I: resource-agents: unused-override binary-without-manpage usr/sbin/rhev-check.sh I: resource-agents: unused-override binary-without-manpage usr/sbin/sfex_stat P: ldirectord: copyright-refers-to-symlink-license usr/share/common-licenses/GPL P: resource-agents: copyright-refers-to-symlink-license usr/share/common-licenses/GPL N: 6 tags overridden (6 warnings) E: Lintian run failed (runtime error) -- Valentin
Bug#945881: bgpdump: Segmentation fault
Package: bgpdump Version: 1.6.0-1 Severity: grave Dear Maintainer, The program segfaults when started: $ bgpdump Segmentation fault Based on gdb info it seems like the call to log_to_stderr fails: (gdb) bt #0 0x2246 in ?? () #1 0x77fef5cf in main () (gdb) disas main Dump of assembler code for function main: 0x77fef5a0 <+0>: push %r15 0x77fef5a2 <+2>: xor%r15d,%r15d 0x77fef5a5 <+5>: push %r14 0x77fef5a7 <+7>: mov$0x1,%r14d 0x77fef5ad <+13>:push %r13 0x77fef5af <+15>:lea0xa055(%rip),%r13# 0x77ff960b 0x77fef5b6 <+22>:push %r12 0x77fef5b8 <+24>:mov%rsi,%r12 0x77fef5bb <+27>:push %rbp 0x77fef5bc <+28>:mov%edi,%ebp 0x77fef5be <+30>:push %rbx 0x77fef5bf <+31>:lea0xa7c2(%rip),%rbx# 0x77ff9d88 0x77fef5c6 <+38>:sub$0x18,%rsp => 0x77fef5ca <+42>:callq 0x77fef240 -- System Information: Debian Release: 10.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages bgpdump depends on: ii libbsd0 0.9.1-2 ii libbz2-1.0 1.0.6-9.2~deb10u1 ii libc6 2.28-10 ii zlib1g 1:1.2.11.dfsg-1 bgpdump recommends no packages. bgpdump suggests no packages. -- no debconf information
Bug#945378: ITP: fence-virt -- Pluggable fencing framework for virtual machines
Package: wnpp Severity: wishlist Owner: Valentin Vidic * Package name: fence-virt Version : 0.9.0 Upstream Author : Red Hat, Inc. * URL : https://github.com/ClusterLabs/fence-virt * License : GPLv2 Programming Lang: C Description : Pluggable fencing framework for virtual machines The fencing framework consists of the agent (fence_virt) and the host daemon (fence_virtd). The fence_virtd host daemon is responsible for processing fencing requests from fence_virt agents running in virtual machines and routing the requests to the appropriate physical machine for action. This package is useful for Corosync/Pacemaker clusters running inside virtual machines. The package will be maintained by the Debian HA Team .
Bug#941449: ITP: google-auth-httplib2 -- Google Authentication Library: httplib2 transport
Package: wnpp Severity: wishlist Owner: Valentin Vidic * Package name: google-auth-httplib2 Version : 0.0.3 Upstream Author : Google Cloud Platform * URL : https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2 * License : Apache 2.0 Programming Lang: Python Description : Google Authentication Library: httplib2 transport Python library providing a httplib2 transport for google-auth. This library is intended to help existing users of oauth2client migrate to google-auth. The intent of this package is to be used together with the existing python3-googleapi package (see #935562). The package will be maintained by the DPMT on salsa.
Bug#941350: stretch-pu: package fence-agents/4.0.25-1+deb9u2
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hi, Please allow an update for fence-agents package fixing occasional FTBFS reported in #934519. Patch for the change follows below. diff -Nru fence-agents-4.0.25/debian/changelog fence-agents-4.0.25/debian/changelog --- fence-agents-4.0.25/debian/changelog2019-06-30 19:01:55.0 +0200 +++ fence-agents-4.0.25/debian/changelog2019-09-29 12:27:01.0 +0200 @@ -1,3 +1,9 @@ +fence-agents (4.0.25-1+deb9u2) stretch; urgency=medium + + * Update patch for removing fence_amt_ws (Closes: #934519) + + -- Valentin Vidic Sun, 29 Sep 2019 12:27:01 +0200 + fence-agents (4.0.25-1+deb9u1) stretch; urgency=medium * fence_rhevm: add patch for CVE-2019-10153 (Closes: #930887) diff -Nru fence-agents-4.0.25/debian/patches/remove-fence_amt_ws fence-agents-4.0.25/debian/patches/remove-fence_amt_ws --- fence-agents-4.0.25/debian/patches/remove-fence_amt_ws 2019-06-30 19:01:55.0 +0200 +++ fence-agents-4.0.25/debian/patches/remove-fence_amt_ws 2019-09-29 12:27:01.0 +0200 @@ -1,16 +1,16 @@ --- a/configure.ac +++ b/configure.ac -@@ -142,6 +142,9 @@ if test "x$AGENTS_LIST" = xall; then - AGENTS_LIST=`find $srcdir/fence/agents -mindepth 2 -maxdepth 2 -name '*.py' -printf '%P ' | sed -e 's#lib/[A-Za-z_.]* ##g' -e 's#nss_wrapper/[A-Za-z_.]* ##g' -e 's#autodetect/[A-Za-z_.]* ##g'` +@@ -139,7 +139,8 @@ + fi + + if test "x$AGENTS_LIST" = xall; then +- AGENTS_LIST=`find $srcdir/fence/agents -mindepth 2 -maxdepth 2 -name '*.py' -printf '%P ' | sed -e 's#lib/[A-Za-z_.]* ##g' -e 's#nss_wrapper/[A-Za-z_.]* ##g' -e 's#autodetect/[A-Za-z_.]* ##g'` ++ # remove fence_amt_ws because we don't have openwsman (and sblim-sfcc) in Debian ++ AGENTS_LIST=`find $srcdir/fence/agents -mindepth 2 -maxdepth 2 -name '*.py' ! -name 'fence_amt_ws.py' -printf '%P ' | sed -e 's#lib/[A-Za-z_.]* ##g' -e 's#nss_wrapper/[A-Za-z_.]* ##g' -e 's#autodetect/[A-Za-z_.]* ##g'` fi -+# remove fence_amt_ws because we don't have openwsman (and sblim-sfcc) in Debian -+AGENTS_LIST=$(echo $AGENTS_LIST | sed -e "s!amt_ws/fence_amt_ws.py !!") -+ XENAPILIB=0 - if echo "$AGENTS_LIST" | grep -q xenapi; then - XENAPILIB=1 -@@ -163,7 +166,8 @@ AC_PYTHON_MODULE(suds, 1) +@@ -163,7 +164,8 @@ AC_PYTHON_MODULE(pexpect, 1) AC_PYTHON_MODULE(pycurl, 1) AC_PYTHON_MODULE(requests, 1)
Bug#941348: buster-pu: package fence-agents/4.3.3-2+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hi, Please allow an update for fence-agents package fixing ocassional FTBFS reported in #934519. Patch for the change follows below. diff -Nru fence-agents-4.3.3/debian/changelog fence-agents-4.3.3/debian/changelog --- fence-agents-4.3.3/debian/changelog 2019-06-23 19:53:35.0 +0200 +++ fence-agents-4.3.3/debian/changelog 2019-09-29 11:54:16.0 +0200 @@ -1,3 +1,9 @@ +fence-agents (4.3.3-2+deb10u1) buster; urgency=medium + + * Update patch for removing fence_amt_ws (Closes: #934519) + + -- Valentin Vidic Sun, 29 Sep 2019 11:54:16 +0200 + fence-agents (4.3.3-2) unstable; urgency=high * fence_rhevm: add patch for CVE-2019-10153 (Closes: #930887) diff -Nru fence-agents-4.3.3/debian/patches/remove-fence_amt_ws fence-agents-4.3.3/debian/patches/remove-fence_amt_ws --- fence-agents-4.3.3/debian/patches/remove-fence_amt_ws 2018-10-06 22:30:46.0 +0200 +++ fence-agents-4.3.3/debian/patches/remove-fence_amt_ws 2019-09-29 11:52:14.0 +0200 @@ -6,13 +6,13 @@ This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/configure.ac +++ b/configure.ac -@@ -176,6 +176,9 @@ - AGENTS_LIST=`find $srcdir/agents -mindepth 2 -maxdepth 2 -name 'fence_*.py' -print0 | xargs -0 | sed -e 's#[^ ]*/agents/##g' -e 's#lib/[A-Za-z_.]* ##g' -e 's#nss_wrapper/[A-Za-z_.]* ##g' -e 's#autodetect/[A-Za-z_.]* ##g'` +@@ -175,7 +175,8 @@ + fi + + if test "x$AGENTS_LIST" = xall; then +- AGENTS_LIST=`find $srcdir/agents -mindepth 2 -maxdepth 2 -name 'fence_*.py' -print0 | xargs -0 | sed -e 's#[^ ]*/agents/##g' -e 's#lib/[A-Za-z_.]* ##g' -e 's#nss_wrapper/[A-Za-z_.]* ##g' -e 's#autodetect/[A-Za-z_.]* ##g'` ++ # remove fence_amt_ws because we don't have openwsman (and sblim-sfcc) in Debian ++ AGENTS_LIST=`find $srcdir/agents -mindepth 2 -maxdepth 2 -name 'fence_*.py' ! -name fence_amt_ws.py -print0 | xargs -0 | sed -e 's#[^ ]*/agents/##g' -e 's#lib/[A-Za-z_.]* ##g' -e 's#nss_wrapper/[A-Za-z_.]* ##g' -e 's#autodetect/[A-Za-z_.]* ##g'` fi -+# remove fence_amt_ws because we don't have openwsman (and sblim-sfcc) in Debian -+AGENTS_LIST=$(echo $AGENTS_LIST | sed -e "s!amt_ws/fence_amt_ws.py !!") -+ XENAPILIB=0 - if echo "$AGENTS_LIST" | grep -q xenapi; then - XENAPILIB=1
Bug#939395: [Debian-ha-maintainers] Bug#939395: ocfs2-tools - FS can't mount at boot on drbd device
On Thu, Sep 05, 2019 at 11:42:18AM +0200, Ervin Hegedüs wrote: > Now looks like this works: > > # diff -ruN ocfs2.service /lib/systemd/system/ocfs2.service > --- ocfs2.service 2019-09-04 14:43:55.613155935 +0200 > +++ /lib/systemd/system/ocfs2.service 2019-09-05 10:59:12.552486408 +0200 > @@ -1,12 +1,13 @@ > [Unit] > Description=Mount ocfs2 Filesystems > Documentation=man:ocfs2(7) man:mount.ocfs2(8) > -Requires=o2cb.service > -After=o2cb.service > +Requires=dev-drbd0.device drbd.service o2cb.service > +After=dev-drbd0.device drbd.service o2cb.service > > [Service] > Type=oneshot > RemainAfterExit=yes > ExecStart=/usr/lib/ocfs2-tools/ocfs2 start > ExecStop=/usr/lib/ocfs2-tools/ocfs2 stop > ExecReload=/usr/lib/ocfs2-tools/ocfs2 restart > > so, the "dev-drbd0.device" and "drbd.service" dependencies added > to Requires and After fields solves my problem. > > How can I help you to propagate this solution? I mean, should I > edit the Wiki (when I got my access :)) here? Your solution will already be saved in this bug report :) > https://wiki.debian.org/DrBd This page describes a different use case of DRBD, but you can create a new one page for DRBD+OCFS2 configuration. -- Valentin
Bug#933839: buster-pu: package resource-agents/1:4.2.0-2+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Hi,
Please allow this buster update for the resource-agents package
fixing problems with some included scripts:
* ethmonitor: does not list interfaces without assigned IP address
* ZFS: monitoring action broken by a bashism bug
* Xen: toolstack detection generates warnings in the logs
Kind regards,
Valentin
diff -Nru resource-agents-4.2.0/debian/changelog
resource-agents-4.2.0/debian/changelog
--- resource-agents-4.2.0/debian/changelog 2018-12-09 21:04:49.0
+0100
+++ resource-agents-4.2.0/debian/changelog 2019-08-04 09:59:39.0
+0200
@@ -1,3 +1,11 @@
+resource-agents (1:4.2.0-2+deb10u1) buster; urgency=medium
+
+ * debian/patches: drop xen-toolstack.patch
+ * debian/patches: add ethmonitor-no-addr.patch (Closes: #927311)
+ * debian/patches: add zfs-bashism.patch (Closes: #933398)
+
+ -- Valentin Vidic Sun, 04 Aug 2019 09:59:39 +0200
+
resource-agents (1:4.2.0-2) unstable; urgency=medium
* debian/rules: fix build with merged-usr (Closes: #915848)
diff -Nru resource-agents-4.2.0/debian/patches/ethmonitor-no-addr.patch
resource-agents-4.2.0/debian/patches/ethmonitor-no-addr.patch
--- resource-agents-4.2.0/debian/patches/ethmonitor-no-addr.patch
1970-01-01 01:00:00.0 +0100
+++ resource-agents-4.2.0/debian/patches/ethmonitor-no-addr.patch
2019-08-04 09:54:06.0 +0200
@@ -0,0 +1,34 @@
+Description: ethmonitor does not list interfaces without assigned IP address
+ The is_interface() function in heartbeat/ethmonitor tries to match an
+ interface to a list obtained from the 'ip' tool. It lists interfaces
+ using the 'inet' family, which omits interfaces that don't have an IP
+ address assigned.
+ .
+ If the interface that we're looking for is e.g. a VLAN bridge that does
+ not have an IP address, it won't show up in the listing and
+ is_interface() will return false. ethmonitor will miss that interface,
+ and it won't be available for monitoring.
+Author: Heitor Alves de Siqueira
+Origin: upstream
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927311
+Applied-Upstream: https://github.com/ClusterLabs/resource-agents/pull/1306
+ https://github.com/ClusterLabs/resource-agents/pull/1322
+Reviewed-by: Valentin Vidic
+Last-Update: 2019-08-04
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+diff --git a/heartbeat/ethmonitor b/heartbeat/ethmonitor
+index 240eba4df..07403529f 100755
+--- a/heartbeat/ethmonitor
b/heartbeat/ethmonitor
+@@ -206,8 +206,8 @@ is_interface() {
+ #
+ # List interfaces but exclude FreeS/WAN ipsecN virtual interfaces
+ #
+- local iface=`$IP2UTIL -o -f inet addr show | grep " $1 " \
+- | cut -d ' ' -f2 | sort -u | grep -v '^ipsec[0-9][0-9]*$'`
++ local iface=`$IP2UTIL -o -f link addr show | grep " $1:" \
++ | cut -d ' ' -f2 | tr -d ':' | sort -u | grep -v
'^ipsec[0-9][0-9]*$'`
+ [ "$iface" != "" ]
+ }
+
diff -Nru resource-agents-4.2.0/debian/patches/series
resource-agents-4.2.0/debian/patches/series
--- resource-agents-4.2.0/debian/patches/series 2018-12-09 21:04:33.0
+0100
+++ resource-agents-4.2.0/debian/patches/series 2019-08-04 09:57:56.0
+0200
@@ -3,7 +3,8 @@
no-dirty-version
ipv6-linux-only
ocft-configs.patch
-xen-toolstack.patch
gitignore.patch
reproducible.patch
var-run.patch
+ethmonitor-no-addr.patch
+zfs-bashism.patch
diff -Nru resource-agents-4.2.0/debian/patches/xen-toolstack.patch
resource-agents-4.2.0/debian/patches/xen-toolstack.patch
--- resource-agents-4.2.0/debian/patches/xen-toolstack.patch2018-10-24
11:40:00.0 +0200
+++ resource-agents-4.2.0/debian/patches/xen-toolstack.patch1970-01-01
01:00:00.0 +0100
@@ -1,22 +0,0 @@
-Description: Use the toolstack selected in /etc/default/xen
- Xen agent should use the configured toolstack and not prefer xl.
- This patch can be dropped once there is only one supported toolstack.
-Author: Valentin Vidic
-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854276
-Forwarded: not-needed
-Last-Update: 2017-08-03
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
a/heartbeat/Xen
-+++ b/heartbeat/Xen
-@@ -46,8 +46,8 @@
- : ${OCF_RESKEY_autoset_utilization_cpu="false"}
- : ${OCF_RESKEY_autoset_utilization_hv_memory="false"}
-
--# prefer xl
--xentool=$(which xl 2> /dev/null || which xm)
-+# use /etc/default/xen
-+xentool=$(/usr/lib/xen-common/bin/xen-toolstack)
-
- meta_data() {
- cat <
+Author: Koen de Jonge
+Origin: upstream
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933398
+Applied-Upstream: https://github.com/ClusterLabs/resource-agents/pull/1372
+Reviewed-by: Valentin Vidic
+Last-Update: 2019-08-04
+---
+This patch header follows DEP-3: http://dep.debian.net/deps
Bug#931350: stretch-pu: package fence-agents/4.0.25-1
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
I would like to upload a new version of fence-agents to stretch in order
to fix the UTF-8 problem that was recently fixed for buster too. debdiff
of the change is attached.
-- System Information:
Debian Release: 9.9
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 4.9.0-9-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
diff -Nru fence-agents-4.0.25/debian/changelog
fence-agents-4.0.25/debian/changelog
--- fence-agents-4.0.25/debian/changelog2017-01-23 11:36:48.0
+0100
+++ fence-agents-4.0.25/debian/changelog2019-06-30 19:01:55.0
+0200
@@ -1,3 +1,9 @@
+fence-agents (4.0.25-1+deb9u1) stretch; urgency=medium
+
+ * fence_rhevm: add patch for CVE-2019-10153 (Closes: #930887)
+
+ -- Valentin Vidic Sun, 30 Jun 2019 19:01:55 +0200
+
fence-agents (4.0.25-1) unstable; urgency=medium
* Team upload.
diff -Nru fence-agents-4.0.25/debian/patches/CVE-2019-10153
fence-agents-4.0.25/debian/patches/CVE-2019-10153
--- fence-agents-4.0.25/debian/patches/CVE-2019-10153 1970-01-01
01:00:00.0 +0100
+++ fence-agents-4.0.25/debian/patches/CVE-2019-10153 2019-06-30
19:00:38.0 +0200
@@ -0,0 +1,34 @@
+Description: fence_rhevm fix for CVE-2019-10153
+ Import upstream security patches.
+Author: Oyvind Albrigtsen
+Origin: upstream
+Bug-RHEL: https://bugzilla.redhat.com/show_bug.cgi?id=1716286
+Reviewed-by: Valentin Vidic
+Last-Update: 2019-06-30
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/fence/agents/rhevm/fence_rhevm.py
b/fence/agents/rhevm/fence_rhevm.py
+@@ -87,7 +87,7 @@
+ ## send command through pycurl
+ conn = pycurl.Curl()
+ web_buffer = io.BytesIO()
+- conn.setopt(pycurl.URL, url)
++ conn.setopt(pycurl.URL, url.encode("UTF-8"))
+ conn.setopt(pycurl.HTTPHEADER, ["Content-type: application/xml",
"Accept: application/xml", "Prefer: persistent-auth", "Filter: true"])
+
+ if "cookie" in opt:
+@@ -121,10 +121,10 @@
+
+ opt["cookie"] = cookie
+
+- result = web_buffer.getvalue().decode()
++ result = web_buffer.getvalue().decode("UTF-8")
+
+- logging.debug("%s\n", command)
+- logging.debug("%s\n", result)
++ logging.debug("%s\n", command.encode("UTF-8"))
++ logging.debug("%s\n", result.encode("UTF-8"))
+
+ return result
+
diff -Nru fence-agents-4.0.25/debian/patches/series
fence-agents-4.0.25/debian/patches/series
--- fence-agents-4.0.25/debian/patches/series 2017-01-23 11:35:41.0
+0100
+++ fence-agents-4.0.25/debian/patches/series 2019-06-30 16:32:03.0
+0200
@@ -1,2 +1,3 @@
reproducible
remove-fence_amt_ws
+CVE-2019-10153
Bug#928771: unblock: sbd/1.4.0-18-g5e3283c-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package sbd New version contains upstream fixes for some usecases and updates package tests to work with Corosync/Pacemaker versions in buster. unblock sbd/1.4.0-18-g5e3283c-1 -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff -Nru sbd-1.4.0/debian/changelog sbd-1.4.0-18-g5e3283c/debian/changelog --- sbd-1.4.0/debian/changelog 2019-01-15 09:25:28.0 +0100 +++ sbd-1.4.0-18-g5e3283c/debian/changelog 2019-05-08 10:55:44.0 +0200 @@ -1,3 +1,12 @@ +sbd (1.4.0-18-g5e3283c-1) unstable; urgency=medium + + * New upstream version 1.4.0-18-g5e3283c (Closes: #925821) + * debian/sbd.lintian-overrides: update manpage line + * debian/patches: use /run for PIDFile location + * debian/tests: update for corosync v3 + + -- Valentin Vidic Wed, 08 May 2019 10:55:44 +0200 + sbd (1.4.0-1) unstable; urgency=medium * New upstream version 1.4.0 diff -Nru sbd-1.4.0/debian/patches/pidfile-in-runstatedir.patch sbd-1.4.0-18-g5e3283c/debian/patches/pidfile-in-runstatedir.patch --- sbd-1.4.0/debian/patches/pidfile-in-runstatedir.patch 1970-01-01 01:00:00.0 +0100 +++ sbd-1.4.0-18-g5e3283c/debian/patches/pidfile-in-runstatedir.patch 2019-05-08 10:55:20.0 +0200 @@ -0,0 +1,28 @@ +Description: Use /run for PIDFile location + systemd complains if PIDFile uses /var/run +Author: Valentin Vidic +Last-Update: 2019-04-26 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/src/sbd.service.in b/src/sbd.service.in +@@ -10,7 +10,7 @@ + + [Service] + Type=forking +-PIDFile=@localstatedir@/run/sbd.pid ++PIDFile=@runstatedir@/sbd.pid + EnvironmentFile=-@CONFIGDIR@/sbd + ExecStart=@sbindir@/sbd $SBD_OPTS -p @localstatedir@/run/sbd.pid watch + ExecStop=@bindir@/kill -TERM $MAINPID +--- a/src/sbd_remote.service.in b/src/sbd_remote.service.in +@@ -8,7 +8,7 @@ + + [Service] + Type=forking +-PIDFile=@localstatedir@/run/sbd.pid ++PIDFile=@runstatedir@/sbd.pid + EnvironmentFile=-@CONFIGDIR@/sbd + ExecStart=@sbindir@/sbd $SBD_OPTS -p @localstatedir@/run/sbd.pid watch + ExecStop=@bindir@/kill -TERM $MAINPID diff -Nru sbd-1.4.0/debian/patches/series sbd-1.4.0-18-g5e3283c/debian/patches/series --- sbd-1.4.0/debian/patches/series 1970-01-01 01:00:00.0 +0100 +++ sbd-1.4.0-18-g5e3283c/debian/patches/series 2019-05-08 10:55:20.0 +0200 @@ -0,0 +1 @@ +pidfile-in-runstatedir.patch diff -Nru sbd-1.4.0/debian/sbd.lintian-overrides sbd-1.4.0-18-g5e3283c/debian/sbd.lintian-overrides --- sbd-1.4.0/debian/sbd.lintian-overrides 2019-01-15 09:12:00.0 +0100 +++ sbd-1.4.0-18-g5e3283c/debian/sbd.lintian-overrides 2019-05-08 10:55:01.0 +0200 @@ -1 +1 @@ -manpage-has-errors-from-man usr/share/man/man8/sbd.8.gz 185: warning [p 1, 8.7i]: can't break line +manpage-has-errors-from-man usr/share/man/man8/sbd.8.gz 189: warning [p 1, 8.7i]: can't break line diff -Nru sbd-1.4.0/debian/tests/control sbd-1.4.0-18-g5e3283c/debian/tests/control --- sbd-1.4.0/debian/tests/control 2019-01-15 09:12:00.0 +0100 +++ sbd-1.4.0-18-g5e3283c/debian/tests/control 2019-05-08 10:55:28.0 +0200 @@ -14,10 +14,10 @@ Restrictions: needs-root, allow-stderr, isolation-machine Tests: regression -Depends: @, pacemaker, crmsh +Depends: @ Restrictions: needs-root, isolation-machine, breaks-testbed Tests: fence-external -Depends: @, pacemaker, crmsh, fence-agents +Depends: @ Restrictions: needs-root, isolation-machine, breaks-testbed Tests: fence-agents diff -Nru sbd-1.4.0/debian/tests/fence-agents sbd-1.4.0-18-g5e3283c/debian/tests/fence-agents --- sbd-1.4.0/debian/tests/fence-agents 2019-01-15 09:12:00.0 +0100 +++ sbd-1.4.0-18-g5e3283c/debian/tests/fence-agents 2019-05-08 10:55:28.0 +0200 @@ -14,21 +14,24 @@ LOOP=$(losetup --find --show $DISK) echo "=== create ===" +hostname node1 # must match corosync for fence to work sbd -d $LOOP create -echo "SBD_OPTS='-d $LOOP -W -W'" > /etc/default/sbd +sed -i "s|^#\\?\\(SBD_DEVICE=\\).*|\\1$LOOP|" /etc/default/sbd +sed -i "s|^\\(SBD_WATCHDOG_DEV=\\).*|\\1/dev/null|" /etc/default/sbd echo "=== cluster ===" -service corosync start -service pacemaker start -sleep 60 +apt-get --yes --quiet install pacemaker crmsh fence-agents service sbd status -crm status -echo "=== crm ===" -HOSTNAME=$(uname -n) -crm configure primitive sbd stonith:fence_sbd params devices=$LOOP plug=$HOSTNAME sbd_path=/usr/sbin/sbd +echo -n "Waiting for cluster to start... &
Bug#925354: [Debian-ha-maintainers] Bug#925354: pacemaker-dev: missing Breaks+Replaces: libcrmcluster1-dev
On Mon, Mar 25, 2019 at 03:45:58PM +0100, Andreas Beckmann wrote: > In that case you should probably add Breaks+Replaces against all of the > old -dev packages that were merged, just to be on the safe side. Yes, that is the plan. I think wferi will take care of it if he has time? -- Valentin
Bug#925354: [Debian-ha-maintainers] Bug#925354: pacemaker-dev: missing Breaks+Replaces: libcrmcluster1-dev
On Sat, Mar 23, 2019 at 05:19:59PM +0100, Andreas Beckmann wrote: > during a test with piuparts I noticed your package fails to upgrade from > 'wheezy' to 'jessie' to 'stretch' to 'buster'. > It installed fine in 'wheezy', and upgraded to 'jessie' and 'stretch' > successfully, > but then the upgrade to 'buster' failed. > > In case the package was not part of an intermediate stable release, > the version from the preceding stable release was kept installed. > > From the attached log (scroll to the bottom...): > > Selecting previously unselected package pacemaker-dev:amd64. > Preparing to unpack .../10-pacemaker-dev_2.0.1-1_amd64.deb ... > Unpacking pacemaker-dev:amd64 (2.0.1-1) ... > dpkg: error processing archive > /tmp/apt-dpkg-install-UW7jMV/10-pacemaker-dev_2.0.1-1_amd64.deb (--unpack): >trying to overwrite '/usr/include/pacemaker/crm/attrd.h', which is also in > package libcrmcluster1-dev 1.1.7-1 > dpkg-deb: error: paste subprocess was killed by signal (Broken pipe) > Errors were encountered while processing: >/tmp/apt-dpkg-install-UW7jMV/10-pacemaker-dev_2.0.1-1_amd64.deb Yep, all -dev packages were merged at one point into pacemaker-dev. Breaks+Replaces on old packages should do the trick here. -- Valentin
Bug#776246: Processed: severity of 776246 is grave
On Tue, Feb 19, 2019 at 10:26:09AM +0100, Christoph Martin wrote: > What can we do to not loose these packages (burp in my case)? > > librsync 2.0.2-1~exp1 was uploaded to experimental three days ago. csync2 seems to build fine with librsync2 from experimental so if you can upload that to unstable, maybe we can still save some of the affected packages. -- Valentin
Bug#776246: Processed: severity of 776246 is grave
On Tue, Feb 19, 2019 at 10:26:09AM +0100, Christoph Martin wrote: > What can we do to not loose these packages (burp in my case)? > > librsync 2.0.2-1~exp1 was uploaded to experimental three days ago. I guess librsync2 would need to go into unstable and testing. Than we can try to update our apps to the new API and also enter testing again. Not sure if this is realistic at this point in the release proces so that is why I suggested setting severity grave after buster is out. -- Valentin
Bug#776246: Processed: severity of 776246 is grave
Hi, Not sure why grave so late in the release process that we lose some packages (csync2 in my case)? grave after the release would give us more time to move to librsync2. -- Valentin
Bug#921265: [Debian-ha-maintainers] Bug#921265: corosync breaks corosync-qdevice autopkgtest: Could not initialize corosync configuration API error CS_ERR_LIBRARY
On Sun, Feb 03, 2019 at 08:53:03PM +0100, Paul Gevers wrote: > Currently this regression is blocking the migration of corosync to > testing [1]. Due to the nature of this issue, I filed this bug report > against both packages. Can you please investigate the situation and > reassign the bug to the right package? If needed, please change the > bug's severity. Thanks, we also noticed this problem yesterday. For now I will update the test in the corosync-qdevice package. -- Valentin
Bug#919901: [Debian-ha-maintainers] Bug#919901: Bug#919901: corosync-qnetd: fails to upgrade from 'stretch': certutil: Could not set password for the slot
On Thu, Jan 24, 2019 at 10:27:39PM +0100, Valentin Vidic wrote: > Password file indeed seems to be empty on stretch: > > drwxr-x--- 2 root coroqnetd 4096 Jan 24 22:22 . > drwxr-xr-x 3 root root 4096 Jan 24 22:22 .. > -rw-r- 1 root coroqnetd 65536 Jan 24 22:22 cert8.db > -rw-r- 1 root coroqnetd 16384 Jan 24 22:22 key3.db > -rw-r- 1 root root 41 Jan 24 22:22 noise.txt > -rw-r- 1 root root 0 Jan 24 22:22 pwdfile.txt > -rw-r--r-- 1 root root 4223 Jan 24 22:22 qnetd-cacert.crt > -rw-r- 1 root root 16384 Jan 24 22:22 secmod.db > -rw-r- 1 root root 4 Jan 24 22:22 serial.txt Seems the magic upgrade command is: # password file should have an empty line to be accepted test -f "$db/pwdfile.txt" -a ! -s "$db/pwdfile.txt" && echo > "$db/pwdfile.txt" certutil -N -d "sql:$db" -f "$db/pwdfile.txt" -@ "$db/pwdfile.txt" -- Valentin
Bug#919901: [Debian-ha-maintainers] Bug#919901: corosync-qnetd: fails to upgrade from 'stretch': certutil: Could not set password for the slot
On Sun, Jan 20, 2019 at 05:07:25PM +0100, Andreas Beckmann wrote: > Setting up corosync-qnetd (3.0.0-1) ... > password file contains no data > Invalid password. > certutil: Could not set password for the slot: SEC_ERROR_INVALID_ARGS: > security library: invalid arguments. > dpkg: error processing package corosync-qnetd (--configure): >installed corosync-qnetd package post-installation script subprocess > returned error exit status 255 > Processing triggers for libc-bin (2.28-5) ... > Errors were encountered while processing: >corosync-qnetd Password file indeed seems to be empty on stretch: drwxr-x--- 2 root coroqnetd 4096 Jan 24 22:22 . drwxr-xr-x 3 root root 4096 Jan 24 22:22 .. -rw-r- 1 root coroqnetd 65536 Jan 24 22:22 cert8.db -rw-r- 1 root coroqnetd 16384 Jan 24 22:22 key3.db -rw-r- 1 root root 41 Jan 24 22:22 noise.txt -rw-r- 1 root root 0 Jan 24 22:22 pwdfile.txt -rw-r--r-- 1 root root 4223 Jan 24 22:22 qnetd-cacert.crt -rw-r- 1 root root 16384 Jan 24 22:22 secmod.db -rw-r- 1 root root 4 Jan 24 22:22 serial.txt -- Valentin
Bug#918944: [Debian-ha-maintainers] Bug#918944: Autopkgtest failure with rails 5/rack 2
On Fri, Jan 11, 2019 at 12:32:05AM +0530, Pirate Praveen wrote: > Package: pcs > Version: 0.9.166-5 > Severity: serious > > https://ci.debian.net/packages/p/pcs/unstable/amd64 > > May be 0.10 version has a fix, it is delaying rails 5 testing > migration, so please fix it. Yep, I'm looking at 0.10.1, but it has a lot of changes so it might take a few more days to get it working. -- Valentin
Bug#917401: lvm2-lockd: please add cmirrord
Package: lvm2-lockd Version: 2.03.01-2 Severity: normal Dear Maintainer, I understand that clvm is replaced by lvm2-lockd in version 2.03, but please include cmirrord as it is still needed for pvmove to work in clustered environment. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages lvm2-lockd depends on: ii libblkid1 2.33-0.2 ii libc6 2.28-3 ii libdlm3 4.0.7-4 ii libsanlock-client1 3.6.0-3 ii libselinux1 2.8-1+b1 ii libsystemd0 240-1 ii libudev1240-1 ii lvm22.03.01-2 lvm2-lockd recommends no packages. lvm2-lockd suggests no packages. -- no debconf information
Bug#891084: /usr/bin/slabtop: USE column reports either 100 or 0 percent only
Could we have this fixed in a stable update? -- Valentin
Bug#915855: apache2: systemd alias for httpd
Package: apache2 Version: 2.4.37-1 Severity: wishlist Dear Maintainer, Since apache2 Provides httpd it would be nice to make a systemd Alias for httpd: # systemctl restart httpd Failed to restart httpd.service: Unit httpd.service not found. This would make apache2 a bit more compatible with other distributions like CentOS. -- Package-specific info: -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apache2 depends on: ii apache2-bin2.4.37-1 ii apache2-data 2.4.37-1 ii apache2-utils 2.4.37-1 ii dpkg 1.19.2 ii lsb-base 9.20170808 ii mime-support 3.61 ii perl 5.28.0-4 ii procps 2:3.3.15-2 Versions of packages apache2 recommends: ii ssl-cert 1.0.39 Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii chromium [www-browser] 70.0.3538.110-1 ii firefox-esr [www-browser]60.3.0esr-2 ii links [www-browser] 2.17-1 ii lynx [www-browser] 2.8.9rel.1-2 ii w3m [www-browser]0.5.3-36+b1 Versions of packages apache2-bin depends on: ii libapr1 1.6.5-1 ii libaprutil1 1.6.1-3+b1 ii libaprutil1-dbd-sqlite3 1.6.1-3+b1 ii libaprutil1-ldap 1.6.1-3+b1 ii libbrotli1 1.0.7-1 ii libc62.27-8 ii libcurl4 7.62.0-1 ii libjansson4 2.11-1 ii libldap-2.4-22.4.46+dfsg-5+b1 ii liblua5.2-0 5.2.4-1.1+b2 ii libnghttp2-141.35.0-1 ii libpcre3 2:8.39-11 ii libssl1.11.1.1a-1 ii libxml2 2.9.4+dfsg1-7+b2 ii perl 5.28.0-4 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages apache2-bin suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii chromium [www-browser] 70.0.3538.110-1 ii firefox-esr [www-browser]60.3.0esr-2 ii links [www-browser] 2.17-1 ii lynx [www-browser] 2.8.9rel.1-2 ii w3m [www-browser]0.5.3-36+b1 Versions of packages apache2 is related to: ii apache2 2.4.37-1 ii apache2-bin 2.4.37-1 -- no debconf information
