Bug#1027978: micro-httpd: sends invalid HTTP when listing unreadable directories
Package: micro-httpd Version: 20140814-2.1+b2 Severity: normal Tags: patch X-Debbugs-Cc: report...@duvert.net Dear Maintainer, When micro-httpd tries to list the contents of a directory but fails (if the directory is not readable, for instance), an invalid HTTP response is returned: > GET /.well-known/ HTTP/1.0 > < scandir: Permission denied < HTTP/1.0 200 Ok < Server: micro_httpd < ... Looking at the source code, micro-httpd calls perror( "scandir" ); after sending the HTTP headers, but due to standard output buffering, the error message ends up being sent first. An easy fix is to change micro-httpd@.service so micro-httpd's standard error is sent to the logs instead of the connection socket: [Service] StandardError=journal A more complete fix would be to move the call to scandir (line 119) just before the call to send_headers(200, ...) (line 108), and to call send_error if scandir fails. Thanks. -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: arm64 (aarch64) Kernel: Linux 6.0.0-6-arm64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_CRAP Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages micro-httpd depends on: ii libc6 2.36-7 ii netcat-traditional 1.10-47 ii systemd-sysv252.4-1 micro-httpd recommends no packages. Versions of packages micro-httpd suggests: pn micro-proxy -- no debconf information
Bug#982998: chkrootkit chkproc uses incorrect value for max_pid
Package: chkrootkit Version: 0.55-1+b1 Followup-For: Bug #982998 X-Debbugs-Cc: report...@duvert.net Hello, I also have the same problem. Looking at the extracted source package, I noticed that the MAX_PROCESSES 9 define actually comes from the Debian patch debian/patches/27_fix-race-condition-ps-proc.patch, which replaces the conditional define: -#define MAX_PROCESSES 99 -#if defined (__x86_64) > 0 -#undef MAX_PROCESSES -#define MAX_PROCESSES 4194384 -#endif +#define MAX_PROCESSES 9 I tried to revert this part of the patch and rebuild chkproc, and that seems to fix the issue (tested on a system with an existing process of PID 1001133). Not sure if the MAX_PROCESSES change in the patch was made deliberately or not, however; with MAX_PROCESSES = 4194384, chkproc uses 64 MiB of memory to hold its state (four int arrays of size MAX_PROCESSES + 1), compared to ~1.5 MiB with MAX_PROCESSES = 9. It is also noticeably slower since it tries to read /proc/ for every PID in the 1..4194384 range. Regards, Vincent Duvert -- System Information: Debian Release: 11.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-8-amd64 (SMP w/1 CPU thread) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages chkrootkit depends on: ii binutils 2.35.2-2 ii debconf [debconf-2.0] 1.5.77 ii libc6 2.31-13+deb11u2 ii net-tools 1.60+git20181103.0eebece-1 ii openssh-client 1:8.4p1-5 ii procps 2:3.3.17-5 chkrootkit recommends no packages. chkrootkit suggests no packages. -- debconf information excluded
Bug#933377: gdb: dynamically-linked programs segfault on launch
After some more testing, it looks like the crash only occurs when Debian is running in a VirtualBox VM, whose host is itself running on an older Core 2 Duo processor. I’m guessing this is more of a VirtualBox bug, which fails to properly emulate some CPU debug feature on older processors.
Bug#933377: gdb: dynamically-linked programs segfault on launch
Package: gdb
Version: 8.3-1
Severity: important
Dear Maintainer,
When gdb is asked to start any dynamically-linked program, they segfault,
seemingly early on launch:
$ echo 'int main(void) { return 0; }' | gcc -o /tmp/prog -x c - && gdb -q
/tmp/prog
Reading symbols from /tmp/prog...
(No debugging symbols found in /tmp/prog)
(gdb) run
Starting program: /tmp/prog
Program received signal SIGSEGV, Segmentation fault.
0x in ?? ()
(gdb) bt
#0 0x in ?? ()
#1 0x506a in _start ()
Pre-built programs like /bin/true also segfault, but the problem doesn’t seem
to affect statically-linked programs:
$ echo 'int main(void) { return 0; }' | gcc -static -o /tmp/prog -x c - && gdb
-q /tmp/prog
Reading symbols from /tmp/prog...
(No debugging symbols found in /tmp/prog)
(gdb) run
Starting program: /tmp/prog
[Inferior 1 (process 1279) exited normally]
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages gdb depends on:
ii libbabeltrace1 1.5.7-1
ii libc6 2.28-10
ii libexpat1 2.2.7-1
ii libipt2 2.0-2
ii liblzma55.2.4-1
ii libncursesw66.1+20181013-2
ii libpython3.73.7.4-2
ii libreadline88.0-2
ii libtinfo6 6.1+20181013-2
ii zlib1g 1:1.2.11.dfsg-1
Versions of packages gdb recommends:
ii libc6-dbg [libc-dbg] 2.28-10
Versions of packages gdb suggests:
pn gdb-doc
pn gdbserver
Bug#777171: grub-pc: no partitions found after loading the ohci module
Package: grub-pc
Version: 2.02~beta2-21
Severity: important
Dear Maintainer,
Upon using insmod ohci from the grub prompt to load the ohci module, grub
stops recognizing the available disks and partitions.
grub insmod ohci
error : disk hd0,msdos3 not found.
grub
The keyboard stops working afterwards. On another machine, the keyboard
continues to work, but none of the commands work:
grub ls
(hd0) (hd0,msdos5) (hd0,msdos1) (fd0)
grub insmod ohci
grub ls
grub help
error: disk hd0,msdos1 not found.
With grub 1.99-27+deb7u2, the module is loaded correctly without side effects.
Thanks.
-- Package-specific info:
*** BEGIN /proc/mounts
/dev/disk/by-uuid/0bca68af-8a13-4010-8b34-c70dcffce40a / ext4
rw,noatime,errors=remount-ro,data=ordered 0 0
*** END /proc/mounts
*** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
set have_grubenv=true
load_env
fi
if [ ${next_entry} ] ; then
set default=${next_entry}
set next_entry=
save_env next_entry
set boot_once=true
else
set default=0
fi
if [ x${feature_menuentry_id} = xy ]; then
menuentry_id_option=--id
else
menuentry_id_option=
fi
export menuentry_id_option
if [ ${prev_saved_entry} ]; then
set saved_entry=${prev_saved_entry}
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z ${boot_once} ]; then
saved_entry=${chosen}
save_env saved_entry
fi
}
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
if [ x$feature_default_font_path = xy ] ; then
font=unicode
else
insmod part_msdos
insmod ext2
set root='hd0,msdos3'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos3
--hint-efi=hd0,msdos3 --hint-baremetal=ahci0,msdos3
0bca68af-8a13-4010-8b34-c70dcffce40a
else
search --no-floppy --fs-uuid --set=root 0bca68af-8a13-4010-8b34-c70dcffce40a
fi
font=/usr/share/grub/unicode.pf2
fi
if loadfont $font ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=fr_FR
insmod gettext
fi
terminal_output gfxterm
if [ ${recordfail} = 1 ] ; then
set timeout=-1
else
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/05_debian_theme ###
insmod part_msdos
insmod ext2
set root='hd0,msdos3'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos3
--hint-efi=hd0,msdos3 --hint-baremetal=ahci0,msdos3
0bca68af-8a13-4010-8b34-c70dcffce40a
else
search --no-floppy --fs-uuid --set=root 0bca68af-8a13-4010-8b34-c70dcffce40a
fi
insmod png
if background_image /usr/share/images/desktop-base/lines-grub.png; then
set color_normal=white/black
set color_highlight=black/white
else
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
fi
### END /etc/grub.d/05_debian_theme ###
### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
set gfxpayload=${1}
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu
--class os $menuentry_id_option
'gnulinux-simple-0bca68af-8a13-4010-8b34-c70dcffce40a' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_msdos
insmod ext2
set root='hd0,msdos3'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos3
--hint-efi=hd0,msdos3 --hint-baremetal=ahci0,msdos3
0bca68af-8a13-4010-8b34-c70dcffce40a
else
search --no-floppy --fs-uuid --set=root
0bca68af-8a13-4010-8b34-c70dcffce40a
fi
echo'Chargement de Linux 3.16.0-4-amd64…'
linux /boot/vmlinuz-3.16.0-4-amd64
root=UUID=0bca68af-8a13-4010-8b34-c70dcffce40a ro quiet
echo'Chargement du disque mémoire initial…'
initrd /boot/initrd.img-3.16.0-4-amd64
}
submenu 'Options avancées pour Debian GNU/Linux' $menuentry_id_option
'gnulinux-advanced-0bca68af-8a13-4010-8b34-c70dcffce40a' {
menuentry 'Debian GNU/Linux, avec Linux 3.16.0-4-amd64' --class debian
--class gnu-linux --class gnu --class os $menuentry_id_option
'gnulinux-3.16.0-4-amd64-advanced-0bca68af-8a13-4010-8b34-c70dcffce40a' {
load_video
insmod gzio
Bug#760111: netatalk: Avahi registration fails when DDP is enabled
Package: netatalk
Version: 2.2.5-1
Severity: normal
Tags: patch
Dear Maintainer,
I have noticed that afpd does not successfuly start when the DDP protocol is
enabled alongside with TCP (-ddp option without -notcp option in
/etc/netatalk/afpd.conf).
The syslog output reads:
afpd[4808]: AFP/TCP started, advertising 192.168.1.76:548 (2.2.5)
afpd[4808]: Failed to add service: Local name conflict
Since the avahi registration fails, the server will not be discoverable by the
clients. Older clients using atalkd will still be able to connect, though.
The problem is that when both DDP and TCP are enabled, afpd tries to register
twice on avahi (once for TCP, and once for ASP), with the same service name.
The attached patch skips Avahi registration for ASP/DDP configuration, to avoid
the double registration.
Thanks.
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages netatalk depends on:
ii libacl1 2.2.52-1.1
ii libattr1 1:2.4.47-1
ii libavahi-client3 0.6.31-4
ii libavahi-common3 0.6.31-4
ii libc6 2.19-9
ii libcomerr21.42.11-2
ii libcrack2 2.9.1-1+b2
ii libcups2 1.7.5-1
ii libdb5.3 5.3.28-6
ii libgcrypt11 1.5.4-2
ii libgssapi-krb5-2 1.12.1+dfsg-7
ii libk5crypto3 1.12.1+dfsg-7
ii libkrb5-3 1.12.1+dfsg-7
ii libldap-2.4-2 2.4.39-1.1+b1
ii libpam-modules1.1.8-3.1
ii libpam0g 1.1.8-3.1
ii libwrap0 7.6.q-25
ii netbase 5.2
ii perl 5.20.0-4
Versions of packages netatalk recommends:
ii avahi-daemon 0.6.31-4
pn cracklib-runtime none
pn db-util none
pn libpam-cracklib none
ii lsof 4.86+dfsg-1
ii procps1:3.3.9-7
pn rcnone
Versions of packages netatalk suggests:
pn db4.2-util none
pn groffnone
pn quotanone
ii texlive-binaries [texlive-base-bin] 2014.20140528.34243-5
-- Configuration Files:
/etc/default/netatalk changed [not included]
/etc/netatalk/AppleVolumes.default changed [not included]
/etc/netatalk/afpd.conf changed [not included]
-- no debconf information
Description: Fix Avahi registration when ASP is enabled
Author: Vincent Duvert vinc...@duvert.net
--- netatalk-2.2.5.orig/etc/afpd/afp_avahi.c
+++ netatalk-2.2.5/etc/afpd/afp_avahi.c
@@ -94,6 +94,9 @@ static void register_stuff(void) {
/* AFP server */
for (config = ctx-configs; config; config = config-next) {
+if (config-obj.proto == AFPPROTO_ASP) {
+continue;
+}
dsi = (DSI *)config-obj.handle;
port = getip_port((struct sockaddr *)dsi-server);
Bug#760112: netatalk: Correctly set up user rights for ASP sessions
Package: netatalk
Version: 2.2.5-1
Severity: normal
Tags: patch
Dear Maintainer,
When accessing an AFP server from an old client (using ASP/DDP) with the
default configuration (with atalkd and DDP enabled, of course), no volumes are
shown.
This is because afpd ignores the AppleVolumes.default file and the uservols
for ASP/DDP sessions. It only shows volumes defined in AppleVolumes.system (and
the default configuration has none).
etc/afpd/volume.c's load_volumes function contains a check (line 1962) which
disables AppleVolumes.default loading if the parent_or_child variable indicates
that it's directly running in the main afpd process. This variable is updated
after the fork() in libatalk/dsi/dsi_tcp.c, so the correct volumes are shown
when using AFP over TCP.
The ASP session manager also forks when a new session is created (line 270 of
libatalk/asp/asp_getsess.c) but does not set the parent_or_child variable, so
load_volumes will not load the user-specific volumes nor AppleVolumes.default
on ASP.
The attached patch sets parent_or_child = 1 after this fork(), so clients which
use ASP/DDP will get the correct user-specific volumes.
Thanks.
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages netatalk depends on:
ii libacl1 2.2.52-1.1
ii libattr1 1:2.4.47-1
ii libavahi-client3 0.6.31-4
ii libavahi-common3 0.6.31-4
ii libc6 2.19-9
ii libcomerr21.42.11-2
ii libcrack2 2.9.1-1+b2
ii libcups2 1.7.5-1
ii libdb5.3 5.3.28-6
ii libgcrypt11 1.5.4-2
ii libgssapi-krb5-2 1.12.1+dfsg-7
ii libk5crypto3 1.12.1+dfsg-7
ii libkrb5-3 1.12.1+dfsg-7
ii libldap-2.4-2 2.4.39-1.1+b1
ii libpam-modules1.1.8-3.1
ii libpam0g 1.1.8-3.1
ii libwrap0 7.6.q-25
ii netbase 5.2
ii perl 5.20.0-4
Versions of packages netatalk recommends:
ii avahi-daemon 0.6.31-4
pn cracklib-runtime none
pn db-util none
pn libpam-cracklib none
ii lsof 4.86+dfsg-1
ii procps1:3.3.9-7
pn rcnone
Versions of packages netatalk suggests:
pn db4.2-util none
pn groffnone
pn quotanone
ii texlive-binaries [texlive-base-bin] 2014.20140528.34243-5
-- Configuration Files:
/etc/default/netatalk changed [not included]
/etc/netatalk/AppleVolumes.default changed [not included]
/etc/netatalk/afpd.conf changed [not included]
-- no debconf information
Description: Fix child status of ASP session processes
Author: Vincent Duvert vinc...@duvert.net
--- netatalk-2.2.5.orig/libatalk/asp/asp_getsess.c
+++ netatalk-2.2.5/libatalk/asp/asp_getsess.c
@@ -269,6 +269,7 @@ ASP asp_getsession(ASP asp, server_child
int dummy[2];
switch ((pid = fork())) {
case 0 : /* child */
+ parent_or_child = 1;
server_reset_signal();
/* free/close some things */
for (i = 0; i children-nsessions; i++ ) {
Bug#725077: xfce4-genmon-plugin: may prevent session start if the started process opens /dev/tty
Package: xfce4-genmon-plugin Version: 3.4.0-2 Severity: normal Dear Maintainer, I have noticed after misconfiguring a genmon plugin that if the started application tries to read from /dev/tty (for instance, svn asking a password), not only genmon freezes, but the whole session may block as well. I have reproduced the problem with those steps: 1) Create a new user 2) Log in as this user, run startxfce4, use the default panel parameters 3) Create a shell script which does nothing (I used #!/bin/sh \n exit 0) 4) Add a generic monitor to the panel, configure it so it starts the shell script 5) Log out 6) Add cat /dev/tty to the shell script 7) Run startxfce4 again On my system, the background and the Xfce panels start to appear, but then everything freezes (the mouse still moves and Ctrl-Alt-Fx still works, tough) I think that in my case it also caused lightdm to abort the session start (i.e. after entering the username/password and clicking Login, the screen goes blank for some seconds and the prompt reappears), but I haven’t tried to reproduce it with my testcase so it may be an unrelated problem. -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.10-2-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages xfce4-genmon-plugin depends on: ii libatk1.0-0 2.8.0-2 ii libc62.17-92+b1 ii libcairo21.12.16-2 ii libfontconfig1 2.10.2-2 ii libfreetype6 2.4.9-1.1 ii libgdk-pixbuf2.0-0 2.28.2-1 ii libglib2.0-0 2.36.4-1 ii libgtk2.0-0 2.24.20-1 ii libpango-1.0-0 1.32.5-5+b1 ii libpangocairo-1.0-0 1.32.5-5+b1 ii libpangoft2-1.0-01.32.5-5+b1 ii libxfce4ui-1-0 4.10.0-3 ii libxfce4util64.10.1-1 ii xfce4-panel 4.10.1-1 xfce4-genmon-plugin recommends no packages. xfce4-genmon-plugin suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#539640: ITP: slimevolley -- Unrealistic 2D volleyball simulation, similar to Blobby Volley
Package: wnpp Severity: wishlist Owner: Vincent Duvert vincent.duv...@free.fr * Package name: slimevolley Version : 2.4.1 Upstream Author : Vincent Duvert vincent.duv...@free.fr * URL : http://slime.tuxfamily.org/ * License : GPL Programming Lang: C Description : Unrealistic 2D volleyball simulation, similar to Blobby Volley Slime Volley is a 2D volleyball game written in C with SDL. Your player is a slime, on which a small ball bounces. You must prevent the ball to touch the ground on your side, and try to trick your opponents. The first team to get 10 points wins. -- System Information: Debian Release: 5.0.2 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
