Bug#286203: kwin-style-qinx
Hi, is anybody working on it? As I discussed with Marcin Orlowski <[EMAIL PROTECTED]> I will take over at least qinx and newstep from his repository and working on it. I'm intending to release it for Ubuntu, so it would be nice for Debian and Ubuntu and the user if we put those good kwin-styles into the repositories of both distributions. regards, \sh -- Stephan Hermann eMail: [EMAIL PROTECTED] JID: [EMAIL PROTECTED] Tel.: +49700sourcecode Skype: s.hermann Blog: http://linux.blogweb.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#89523: Software taking a bite out of your budget? Try OEM!
For professional documents use professional software... http://czc.7eb4a6pimhpe487.tirolean66i1.com NONSENSE, n. The objections that are urged against this excellent dictionary. Pity the meek, for they shall inherit the earth. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#311023: exim4-config: documentation for update-exim4.conf misleading (dc_other_hostnames)
Package: exim4-config Version: 4.50-6 Severity: minor Hi, The manpage of update-exim4.conf tells me that mailname is implicitly included in dc_other_hostnames. According to the Debian exim4 changelog for Version 4.43-3 this is no longer the case. Furthermore, there exists an additional option "dc_mailname_in_oh" that is not documented in the manpage. regards Daniel -- Package-specific info: Exim version 4.50 #1 built 17-Apr-2005 19:12:46 Copyright (c) University of Cambridge 2004 Berkeley DB: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) Support for: iconv() IPv6 GnuTLS Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dsearch nis nis0 passwd Authenticators: cram_md5 plaintext Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp Fixed never_users: 0 Configuration file is /var/lib/exim4/config.autogenerated -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.27-ath64.ws Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages exim4-config depends on: ii adduser 3.63 Add and remove users and groups ii debconf [debconf-2.0] 1.4.30.13Debian configuration management sy ii passwd 1:4.0.3-31sarge5 change and administer password and -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#310919: the patches :)
Sorry, I forgot the patches :) Here are they now, attached with this mail: They're already in dpatch format. regards, \sh 02_pykde-convert-qlist-to-qptrlist.dpatch Description: application/shellscript 01-configskeleton.dpatch Description: application/shellscript
Bug#310919: python-kde3: python-kde3 api to kconfigskeleton is not working
Package: python-kde3 Severity: important Tags: patch Python KDE Bindings are for small and fast kde apps very usefull. But to comply with KDEs UI Guidelines and similar configuration settings, python-kde right now is not working. I found a solution to overcome the problem (esp. in KConfigSkeleton) which aren't included in the upstream source. I informed the upstream maintainer, that I will create new packages for Ubuntu Breezy and that I will inform you, Debian Devs, to include those patches in your packages. You can read about the first patch on http://mats.imk.fraunhofer.de/pipermail/pykde/2004-September/008483.html and the second patch you can find informations here: http://mats.imk.fraunhofer.de/pipermail/pykde/2005-May/010391.html If you find those patches usefull and u want to try with me to force upstream to be in sync with our packages, please include these patches. Ah, I forgot, the patches are against the latest snapshot of python-kde3 from 2005-03-16 Regards, \sh -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.10-5-686 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#310810: php4-cgi: missing information on about fastcgi support being compiled-in.
Package: php4-cgi Severity: minor Hi, I had to look into the source package to find out that php4-cgi was compiled with fastcgi support. I think it's great, but it should be said in the package description, it would save people time ;) Cheers, -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.11-1-686-smp Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) -- Clément 'nodens' Hermann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#310781: makejail does not preserve attributes
Package: makejail Version: 0.0.5-5 Severity: normal Hi, I just used makejail to setup a chrooted apache2 (actually, apache2 is chrooted using mod_chroot, but makejail was used to provide some files into the chroot). It works well, but makejail won't respect attributes used on the chrooted file. For instance, I need to copy the suexec2 into the chroot, and it needs to be setuid root. This is bad in a chroot, but suexec is fairly secure, and I need to run php scripts with a different uid/gid for each vhost. However, makejail won't keep the suid bit. After a quick look to the code, it seems like ACL or extended attributes wouldn't be reproduced either (I'm not a python coder myself, so I may be wrong). Maybe it would make sense to use cp -a to copy the file, relying then on coreutil to preserve every file attribute ? Best regards, -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11-1-k7 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages makejail depends on: pn binstats Not found. ii coreutils 5.2.1-2The GNU core utilities ii psmisc21.6-1 Utilities that use the proc filesy ii python2.3.5-2An interactive high-level object-o ii strace4.5.11-1 A system call tracer -- Clément "nodens" Hermann
Bug#310775: libapache2-mod-suphp: Adding --with-setid-mode=force option when using apache2
Package: libapache2-mod-suphp Severity: wishlist Hi, How about comiling suphp with --with-setid-mode=force for apache2 version ? Only if suphp revert to the normal behavior when the option is not supplied in apache configuration, of course. But it would be nice (and more secure) to be able to force the uid in apache rather than relying on the filesystem. What do you think ? -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.11-1-686-smp Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#307486: libnss-ldap: upgrade to version 238 stopped ldap from working
X-Mailer: reportbug 3.8 Package: libnss-ldap Version: 238-1 Followup-For: Bug #307486 Upgrading from 220 to 238 stopped libnss lookups trough ldap from working. Copying the shared 220 lib enabled libnss lookups to ldap again. Couldn't find anything in the logfiles. Any information how to enable debugging output from libnss-ldap would be appreciated. The library seems to include a debug option, but that is not documented. Same happened on i386 too. Thanks for any help. Greetings Hermann /etc/libnss-ldap.conf: host 129.206.xxx.xxx 129.206.xxx.xxx 129.206.xxx.xxx base XXX ldap_version 3 binddn XXX bindpw XXX rootbinddn XXX ssl start_tls -- System Information: Debian Release: 3.1 Architecture: amd64 (x86_64) Kernel: Linux 2.6.11.4 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages libnss-ldap depends on: ii debconf 1.4.30.13Debian configuration management sy ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an ii libldap22.1.30-8 OpenLDAP libraries -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#131148: What IS OEM software and why do you care?
Can't draw a straight line? Well...now you can! http://ybohkfy.j85ym01uyt1qgkj.racyhiracy0.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#309813: /etc/init.d/rc doesn't work correct with KXXservice - links
Package: base Hi, the /etc/init.d/rc-script doesn't handle kill-links in the runleveldirectories correctly. Changing from runlevel X to Y executes the kill-links in runlevel Y and not the kill-links in X. Here my rc.diff (# Version: @(#)rc 2.78 07-Nov-1999) # 62c62 < for i in /etc/rc$runlevel.d/K[0-9][0-9]* --- > for i in /etc/rc$previous.d/K[0-9][0-9]* # Greetings Hermann -- + Enttäuscht vom Affen, erschuf Gott den Menschen. Danach verzichtete + + er auf weitere Experimente. (M. Twain) + \\|// PGP-Key: 0x0B2D8EEA ( @ @ )No HTML-Mails; 72 characters per line -oOO--(_)--OOo------ Hermann Gottschalk|| E-Mail: [EMAIL PROTECTED] Kesslerplatz 1a || tel: +49 911 180 6256 || fax: +49 911 180 6255 90489 Nuernberg || GERMANY || mobil:+49 173 360 0680 Oooo.--- .oooO ( ) ( ) ) / \ ( (_/ \_)
Bug#309536: Possible security issue in mailleds.
Hi Dennis,
On Tue, May 17, 2005 at 11:38:51PM +0200, Dennis Stampfer wrote:
> Changing
> if(opt_maildir == 1) {
> to
> if(opt_maildir == 1 && opt_m) {
>
> will do the trick for -M -k. Do you have any notes on that?
That should prevent the segfault, I guess. Maybe you should add an error
message when -k is used together with any other parameters, AFAICS that
makes no sense anyways.
> > Note: I have CC'd the upstream author.
>
> Upstream is "dead". Since 1996..
Ah, ok. His email also bounced. I took the freedom to add mailleds to my
Unmaintained Free Software site:
http://www.unmaintained-free-software.org/wiki/Mailleds
Uwe.
--
Uwe Hermann <[EMAIL PROTECTED]>
http://www.hermann-uwe.de | http://www.crazy-hacks.org
http://www.it-services-uh.de | http://www.phpmeat.org
http://www.unmaintained-free-software.org | http://www.holsham-traders.de
signature.asc
Description: Digital signature
Bug#309536: Possible security issue in mailleds.
Package: mailleds
Version: 0.93-11
Severity: important
Hello,
I have found a (probably security-related) bug in mailleds which causes
it to segfault when it is given the -M and -k parameters, but not
the -m parameter.
Demonstration:
$ mailleds -M -m foo -k
mailleds: no process running for SOMEUSER
$ mailleds -M -k
Segmentation fault
This is due to a bug in set_pidfilename() in pid.c:
if(opt_maildir == 1) {
i=strlen(opt_m);
while(i && opt_m[i-1]!='/')
--i;
j=strlen(opt_m)-i;
size+=j;
}
If opt_maildir == 1 (i.e. -M was given on the commandline) it tries to
calculate strlen(opt_m). As opt_m is only initialized when -m is given on
the commandline, this results in a strlen(NULL), which crashes the program.
I found this bug when doing a security audit of some Debian packages.
Specifically, I used the bfbtester program on mailleds
(see http://packages.debian.org/unstable/source/bfbtester)
which hinted me in the right direction, and then proceeded by looking at
the code and using gdb.
As mailleds is setuid root, this bug could _potentially_ allow a local root
compromise. In this special case it doesn't seem to be possible, though.
Still, this bug should be fixed, maybe someone with more imagination
than I have is able to successfully exploit it.
Note: I have CC'd the upstream author.
// Uwe Hermann for the Debian Security Audit Project
http://www.debian.org/security/audit/
--
Uwe Hermann <[EMAIL PROTECTED]>
http://www.hermann-uwe.de | http://www.crazy-hacks.org
http://www.it-services-uh.de | http://www.phpmeat.org
http://www.unmaintained-free-software.org | http://www.holsham-traders.de
signature.asc
Description: Digital signature
Bug#289812: quotatool: Assumes XFS quotas if the kernel supports them
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 tags 289812 fixed-upstream severity 289812 grave thanks Hi, This bug is fixed upstream (as well as #258289, which seems related). Also, as the current default kernels include CONFIG_XFS_QUOTA (or so do I believe), this bugs apply to anybody running an Out-of-the-box debian installation wanting to use quotatool, or even to anybody using debian kernels (so basically most debian user are impacted and can't use quotatool). So I'm upgrading the severity to grave. Feel free to correct me if I'm wrong. I've tested the current upstream version (1.4.7) on several debian boxes (both sid and sarge, with or without XFS filesystems) and I didn't notice any bugs yet. Could you please consider upgrading the debian package to the last upstream version ? Cheers, - -- Clément 'nodens' Hermann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCgT1V0yQ2guvROZ0RAjjVAJ0aViDeePJwTclUKQQwyDjMc29QRgCbBs3y LaiszFqG+FEE4hS06iVFfzg= =Mvzy -END PGP SIGNATURE-
Bug#306812: foomatic-gui does not add printer if /etc/cups/printers.conf does not exist
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Lawrence a écrit :
> Have you tried this with the version of foomatic-gui you reported the
> bug in? Line 851 of foomatic-gui explicitly calls "touch
> /etc/cups/printers.conf" if the spooler is cups.
Yes, I also noticed this. I am not a python expert in any way, but I
believe this is either never called or won't work.
I just tried again on another system with a strace -f -eopen attached :
[pid 15810] open("/etc/ld.so.cache", O_RDONLY) = 5
[pid 15810] open("/lib/tls/libc.so.6", O_RDONLY) = 5
[pid 15810] open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 5
[pid 15810] open("/etc/foomatic/defaultspooler", O_RDONLY|O_LARGEFILE) = 5
Process 15809 suspended
Process 15809 resumed
Process 15810 detached
[pid 15809] --- SIGCHLD (Child exited) @ 0 (0) ---
[pid 15809] open("/etc/cups/printers.conf", O_RDONLY|O_LARGEFILE) = -1
ENOENT (N o such file or directory)
well, there *is* no such file or directory. This is really annoying, as
the average foomatic-gui user would use it to configure his first
printer... and won't have a printers.conf.
I can send you a full trace if you want, but as this is a python script
I suppose there are better ways to catch this one :)
- --
Clement 'nodens' Hermann
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCdUlu0yQ2guvROZ0RAhtoAJ0Uomwpo4J0EsAOrJ3eXrlzVwAkYQCfcM7h
njcI6Q/PGckrk98XyogKKJI=
=oIKo
-END PGP SIGNATURE-
Bug#306812: foomatic-gui does not add printer if /etc/cups/printers.conf does not exist
Package: foomatic-gui Version: 0.7.4.10 Severity: important Hi, foomatic-gui refuses to add a printer if there is no printers.conf file. It does not display any error, simply return you on the (empty) printers list. This may be very confusing. If it was launched from a terminal, you can see on STDERR the following message : "Cannot read printers.conf file!". Resolution : run the following command as root : touch /etc/cups/printers.conf Reproducibility : always. Just try to move /etc/cups/printers.conf out of the way and try to add a printer. Best regards, -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11-1-686-smp Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages foomatic-gui depends on: ii gksu 1.2.5-1graphical frontend to su ii python2.3.5-2An interactive high-level object-o ii python-foomatic 0.7.4.10 Python interface to the Foomatic p ii python-glade2 2.6.1-2GTK+ bindings: Glade support ii python-gnome2 2.6.1-1Python bindings for the GNOME desk ii python-gtk2 2.6.1-2Python bindings for the GTK+ widge ii python2.3-gnome2 2.6.1-1Python bindings for the GNOME desk -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#305445: manpage: --playmode documentation is wrong.
Package: mikmod Version: 3.2.1-1 Severity: normal Hi, The manpage says this about --playmode: -p, --playmode n Playlist mode. The allowed values here are 0, to loop the cur- rent module ; 1, to play the whole playlist once ; 2, to play the whole playlist repeatedly, and 3, to play the whole playlist randomly. The default is 2. But, the output of 'mikmod -h' says something else: -p, --playmode n Playlist mode (1: loop module, 2: list multi, 4: shuffle list, 8: list random), default: 3 It seems the 'mikmod -h' output is right, please update the manpage. This should also be forwarded to upstream. Uwe. -- Uwe Hermann <[EMAIL PROTECTED]> http://www.hermann-uwe.de | http://www.crazy-hacks.org http://www.it-services-uh.de | http://www.phpmeat.org http://www.unmaintained-free-software.org | http://www.holsham-traders.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#301844: converted patch from 1.0.19 to 1.0.20
Hi, i converted the patch of Andreas to work with the new 1.0.20-1 for Ubuntu. I'll attach the dpatch file to this mail. thx to andreas for his good work. After all, there is also a dpatch for adding categories to the .desktop file for mysql-admin to fulfill the freedesktop.org specs for menu entries. Regards, \sh 01-desktop.dpatch Description: application/shellscript 02-gcc4.dpatch Description: application/shellscript
Bug#305155: vserver-debiantools: newvserver creates old style vservers (stable branch)
Hi Ola, On Tue, Apr 19, 2005 at 05:31:25PM +0200, Ola Lundqvist wrote: > > I'll upload a testing package to debian.opal.dhs.org now. You can check > it there. It is not fully done but it should allow for some more testing. > some early bug reports: - "shift" missing when parsing option "--nopkgcache" - hostnames with dashes (e.g. vs-test) do not work any more - please treat all files in the util-vserver package under /etc/ as conffiles (e.g. /etc/vservers/.defaults/vdirbase) regards Daniel -- ----- Daniel Hermann, Institut fuer Theorie der Kondensierten Materie Universitaet Karlsruhe Tel: ++49 (0)721 608-3588 Postfach 6980 Fax: ++49 (0)721 608-7779 76128 Karlsruhe, Germany email: [EMAIL PROTECTED] - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#305155: vserver-debiantools: newvserver creates old style vservers (stable branch)
Hi, On Tue, Apr 19, 2005 at 05:26:01PM +0200, Ola Lundqvist wrote: > > > > > There are some initpre/initpost scripts for RedHat and Fedora vservers > > in the util-vserver package. To include some scripts for Debian would > > also enable people to build Debian vservers on other distros, at least > > if the scripts don't presume a Debian host. > > That would be good, yes. Do you know the interface for calling those > scripts? > you can find a skeleton in /usr/lib/util-vserver/distributions/template/initpost ... ## Called as: initpost ... cfgdir is /etc/vservers/ regards Daniel -- --------- Daniel Hermann, Institut fuer Theorie der Kondensierten Materie Universitaet Karlsruhe Tel: ++49 (0)721 608-3588 Postfach 6980 Fax: ++49 (0)721 608-7779 76128 Karlsruhe, Germany email: [EMAIL PROTECTED] - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#305155: IP broadcast/prefix problem
Hi,
the attached patch to the new newvserver script allows a prefix or
netmask to be added to the "--ip" argument in the form of
[/]. The prefix or netmask are not used but stored
in variables anyway.
regards
Daniel
--
-----
Daniel Hermann, Institut fuer Theorie der Kondensierten Materie
Universitaet Karlsruhe Tel: ++49 (0)721 608-3588
Postfach 6980 Fax: ++49 (0)721 608-7779
76128 Karlsruhe, Germany email: [EMAIL PROTECTED]
-
--- newvserver.20050418 2005-04-19 16:47:51.0 +0200
+++ newvserver 2005-04-19 16:59:20.0 +0200
@@ -92,7 +92,7 @@
full_usage ()
{
cat << EOF
-Usage: ${0##*/} [OPTIONS] --hostname x --domain y.z --ip 1.2.3.4
+Usage: ${0##*/} [OPTIONS] --hostname x --domain y.z --ip 1.2.3.4/24
Creates a new Debian vserver by calling "vserver ... build"
Options:
@@ -112,6 +112,7 @@
--hostname hostname for new vserver (eg. "alpha")
--domaindns domain for new vserver (eg. "example.com")
--ipIPv4 address for new vserver
+ (syntax: --ip [/])
You can also set variables in /etc/vservers/newvserver-vars.
@@ -244,6 +245,18 @@
case "$2" in
[0-9]*.[0-9]*.[0-9]*.[0-9]*)
IP="$2"
+ # get netmask
+ IP_NETMASK=${IP##*/}
+ test "$IP_NETMASK" != "$1" || IP_NETMASK=
+ IP_ADDR=${IP%%/${IP_NETMASK}}
+ # if IP_NETMASK contains no ".", it is
+ # interpreted as IP_PREFIX
+ IP_PREFIX=
+ test "${IP_NETMASK%%.*}" != "${IP_NETMASK}" \
+ || {
+ IP_PREFIX=$IP_NETMASK
+ IP_NETMASK=
+ }
;;
*)
echo "${0##*/} error: $1 requires a single IPv4
e.g. \"192.168.100.1\"" 1>&2
@@ -385,7 +398,7 @@
# /etc/hosts
127.0.0.1 localhost
-$IP$VHOST.$VDOMAIN $VHOST
+$IP_ADDR $VHOST.$VDOMAIN $VHOST
# The following lines are desirable for IPv6 capable hosts
# (added automatically by netbase upgrade)
Bug#305155: vserver-debiantools: newvserver creates old style vservers (stable branch)
Hi, On Tue, Apr 19, 2005 at 11:01:33AM +0200, Ola Lundqvist wrote: > > > > > -# This is used to keep a cache of the downloaded .deb packges for next > > > > install > > > > -if [ -d "$VROOTDIR/ARCHIVES/$DIST" ]; then > > > > -mkdir -p "$VROOTDIR/$VHOST/var/cache/apt/archives" > > > > -cp -a "$VROOTDIR/ARCHIVES/$DIST/"*.deb > > > > "$VROOTDIR/$VHOST/var/cache/apt/archives" > /dev/null 2>&1 > > > > -fi > > > > > > Why did you remove this? > > > > > > > It didn't work any more, for the same reason as above I guess. The > > directory for the vserver is created before "vserver ... build" is > > called, so it refuses to run. > > I thought that may be the problem. I just wanted to check if there were > any other reason for this. I'll put it back and fix util-vserver then. > This problem will disappear as soon as you do everything in initpre/initpost scripts. Do you know what the directory /var/lib/vservers/.pkg is for? > > > > > > ... > > > > > > > -S_CAPS="CAP_NET_RAW" > > > > > > Do you know if this is still the default? I need to know if I should close > > > yet one more bug with this upload. :) > > > > > > > I don't know. I think we should translate the code where > > vserver-name.conf is created into the new configuration scheme, then > > we are on the safe side. > > Ahh that is not handled by vserver ... build? > Part of it is handled by vserver-build, e.g. name, interfaces, flags etc. Capabilities are not (yet?) handled, AFAIKS in the code. I checked that the CAP_NET_RAW capability is not set by default. What are your plans next? I may have some time to improve newvserver further but at least I should know what you are planning to do yourself. Probably I will not have too much time, but nevermind. At least I must live with this package the next three years from the point where sarge is released ;) regards Daniel -- - Daniel Hermann, Institut fuer Theorie der Kondensierten Materie Universitaet Karlsruhe Tel: ++49 (0)721 608-3588 Postfach 6980 Fax: ++49 (0)721 608-7779 76128 Karlsruhe, Germany email: [EMAIL PROTECTED] - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#305155: vserver-debiantools: newvserver creates old style vservers (stable branch)
Hi,
On Mon, Apr 18, 2005 at 09:45:30PM +0200, Ola Lundqvist wrote:
>
> > > this yet. Have you tested this, and if so in what cases.
> > >
> >
> > yes, I have tested it to some extent. Of course I cannot test each and
> > every option. I did something like:
> >
> > $ newvserver --hostname vs-test9 --domain some.domain --ip 192.168.0.1
> >
> > This works fine for me.
>
> Great. I trust you because the patch look clean.
>
There is still one problem with the network interface. It seems that
"vserver ... build" (i.e. "ip addr add") uses netmask 255.255.255.255
and broadcast 0.0.0.0 by default, and that may have some consequences.
>
> > some legacy stuff, so there is still the same code for the other
> > options, except "--copy-vreboot", "--no-copy-vreboot" and
> > "--fakeinit". Still TODO is "--fakeinit" and other flags like
> > "nprocs", but they can probably all be supported by the
> > vserver-build "--flags" argument. I didn't check the one-to-one
> > equivalence of the configuration (/etc/vservers/vserver-name.conf on
> > the one hand and /etc/vservers/vserver-name/* on the other hand).
>
> I have never ever used these options myself so I do not think they are very
> important.
>
What about allowing additional arguments after a "--" argument and
handing them over directly to "vserver ... build"?
> > I'm currently writing some local extensions to "vserver ... build" by
> > adding a file /etc/vservers/.distributions/sarge/initpost (I need some
> > files copied from the host to the new vserver; this is not possible
> > with --post-install-script of newvserver). In principle it should even
> > be easily possible to put the whole stuff of newvserver into such
> > initpre/initpost scripts. Then newvserver would just be a very short
> > wrapper script around "vserver ... build" and both creation methods
> > ("vserver ... build" and newvserver) would be equivalent. What do you
> > think?
>
> Sounds like a good idea. I have thought about writing newvserver with
> debootstrap rules but this may be a better option. The shorter newvserver
> can be the better.
>
There are some initpre/initpost scripts for RedHat and Fedora vservers
in the util-vserver package. To include some scripts for Debian would
also enable people to build Debian vservers on other distros, at least
if the scripts don't presume a Debian host.
regards
Daniel
--
-
Daniel Hermann, Institut fuer Theorie der Kondensierten Materie
Universitaet Karlsruhe Tel: ++49 (0)721 608-3588
Postfach 6980 Fax: ++49 (0)721 608-7779
76128 Karlsruhe, Germany email: [EMAIL PROTECTED]
-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#305155: vserver-debiantools: newvserver creates old style vservers (stable branch)
Hi, On Mon, Apr 18, 2005 at 11:25:25PM +0200, Ola Lundqvist wrote: > > ... > > Ok. The problem is that vserver ... build do more restrictive checks: > zircone:/etc/vservers# newvserver --hostname test --domain > intranet.opal.dhs.org --ip 192.168.254.200 > s_context: 0 > vserver-topdirectory '/srv/vservers/test' and/or configuration at > '/etc/vservers/test' > exist already; please try to use '--force', or remove them manually > newvserver: error: vserver-build failure. Cannot continue. > > I use LVM to create install partitions. I have to fix that. > Yes, it refuses to build the new vserver if it finds a directory of the same name, even if this is empty. > > -# This is used to keep a cache of the downloaded .deb packges for next > > install > > -if [ -d "$VROOTDIR/ARCHIVES/$DIST" ]; then > > -mkdir -p "$VROOTDIR/$VHOST/var/cache/apt/archives" > > -cp -a "$VROOTDIR/ARCHIVES/$DIST/"*.deb > > "$VROOTDIR/$VHOST/var/cache/apt/archives" > /dev/null 2>&1 > > -fi > > Why did you remove this? > It didn't work any more, for the same reason as above I guess. The directory for the vserver is created before "vserver ... build" is called, so it refuses to run. > > ... > > > -S_CAPS="CAP_NET_RAW" > > Do you know if this is still the default? I need to know if I should close > yet one more bug with this upload. :) > I don't know. I think we should translate the code where vserver-name.conf is created into the new configuration scheme, then we are on the safe side. > ... > > > > EOF > > > > +## start vserver before we can exec anything inside it > > +vserver $VHOST start > > Do we need to start it? Is this something new? > Yes. It's not possible any more to enter the vserver or exec anything without starting the vserver. > ... > > -# Populate the archive for future virtual servers > > -if [ ! -d $VROOTDIR/ARCHIVES/$DIST ]; then > > - mkdir -p $VROOTDIR/ARCHIVES/$DIST > > -fi > > -cp $VROOTDIR/$VHOST/var/cache/apt/archives/*.deb $VROOTDIR/ARCHIVES/$DIST > > This is removed because you remove the above... > Right. regards Daniel -- - Daniel Hermann, Institut fuer Theorie der Kondensierten Materie Universitaet Karlsruhe Tel: ++49 (0)721 608-3588 Postfach 6980 Fax: ++49 (0)721 608-7779 76128 Karlsruhe, Germany email: [EMAIL PROTECTED] - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#305155: vserver-debiantools: newvserver creates old style vservers (stable branch)
Hi,
On Mon, Apr 18, 2005 at 06:18:04PM +0200, Ola Lundqvist wrote:
>
> Thanks a lot! It has been on my todo list, but I have not done
> this yet. Have you tested this, and if so in what cases.
>
yes, I have tested it to some extent. Of course I cannot test each and
every option. I did something like:
$ newvserver --hostname vs-test9 --domain some.domain --ip 192.168.0.1
This works fine for me.
The options "--arch" "--dist" "--mirror" should still work the same,
they are given to vserver as arguments to debootstrap. I only removed
some legacy stuff, so there is still the same code for the other
options, except "--copy-vreboot", "--no-copy-vreboot" and
"--fakeinit". Still TODO is "--fakeinit" and other flags like
"nprocs", but they can probably all be supported by the
vserver-build "--flags" argument. I didn't check the one-to-one
equivalence of the configuration (/etc/vservers/vserver-name.conf on
the one hand and /etc/vservers/vserver-name/* on the other hand).
I'm currently writing some local extensions to "vserver ... build" by
adding a file /etc/vservers/.distributions/sarge/initpost (I need some
files copied from the host to the new vserver; this is not possible
with --post-install-script of newvserver). In principle it should even
be easily possible to put the whole stuff of newvserver into such
initpre/initpost scripts. Then newvserver would just be a very short
wrapper script around "vserver ... build" and both creation methods
("vserver ... build" and newvserver) would be equivalent. What do you
think?
regards
Daniel
--
-
Daniel Hermann, Institut fuer Theorie der Kondensierten Materie
Universitaet Karlsruhe Tel: ++49 (0)721 608-3588
Postfach 6980 Fax: ++49 (0)721 608-7779
76128 Karlsruhe, Germany email: [EMAIL PROTECTED]
-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#305155: vserver-debiantools: newvserver creates old style vservers (stable branch)
Package: vserver-debiantools
Version: 0.1.10
Severity: normal
Tags: patch
Hi,
this is more an inconsistency than a bug, but I file it here anyway.
Recently, the alpha branch of util-vserver was introduced to Debian
which has a different configuration scheme and other differences
compared to the stable branch. In addition, the "vserver" command now
has support for building Debian vservers using debootstrap.
The newvserver command in vserver-debiantools creates a new vserver of
old style (stable branch). These vservers can still be handled by
util-vserver in legacy mode, but IMHO it would be better if new
vservers were of the new alpha branch style. This would avoid several
legacy problems (security, documentation, ...).
I adjusted the newvserver script so that it creates a new vserver
using "vserver ... build" with the "debootstrap" method instead of
using "debootstrap" directly. Some parts of "newvserver" could be
removed because "vserver ... build" handles them already (care about
devices, check if vserver already exists, ...), other parts were only
relevant for old style vservers (vreboot, rebootmgr, ...).
The adjusted script reproduces the same package selection and the same
/dev tree in the new vserver.
I send a patch as well as the complete newvserver script.
regards
Daniel
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.26-ath64.ws
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages vserver-debiantools depends on:
ii binutils 2.15-5 The GNU assembler, linker and bina
ii debootstrap 0.2.45-0.2 Bootstrap a basic Debian system
ii rsync 2.6.3-2fast remote file copy program (lik
ii util-vserver 0.30.204-4 tools for Virtual private servers
-- debconf-show failed
--- newvserver.orig 2005-04-17 17:46:11.0 +0200
+++ newvserver 2005-04-17 18:54:08.0 +0200
@@ -62,9 +62,6 @@
# Default network interface for vservers:
INTERFACE="eth0"
-# Copy vreboot/vhalt/vshutdown utility into /usr/local/sbin/
-COPY_VREBOOT="true"
-
if [ -r /etc/vservers/util-vserver-vars ] ; then
. /etc/vservers/util-vserver-vars
fi
@@ -96,15 +93,13 @@
{
cat << EOF
Usage: ${0##*/} [OPTIONS] --hostname x --domain y.z --ip 1.2.3.4
-Creates a new Debian vserver by downloading packages via HTTP/FTP
+Creates a new Debian vserver by calling "vserver ... build"
Options:
-h, --help this help
-V, --version copyright and version information
--arch set target architecture (eg. --arch "i386")
(autodetected on Debian host if dpkg available)
- --copy-vreboot install "vreboot/vshutdown/vhalt"
- --no-copy-vreboot don't install "vreboot/vshutdown/vhalt"
--dist defaults to "sarge", passed to debootstrap.
--fakeinit use "/sbin/init" to boot vserver
--conffile extra configuration file to load.
@@ -184,14 +179,6 @@
fi
shift 2
;;
- --copy-vreboot)
- COPY_VREBOOT="true"
- shift
- ;;
- --no-copy-vreboot)
- COPY_VREBOOT=""
- shift
- ;;
--dist)
case "$2" in
[a-z]*)
@@ -341,16 +328,6 @@
##
-# Check we've got debootstrap available
-if [ ! -x /usr/sbin/debootstrap ]; then
- cat << EOF 1>&2
-${0##*/}: Requires the debootstrap package to bootstrap Debian
- Debian Host: apt-get install debootstrap
- RPM Host:rpm -i
http://people.debian.org/~blade/install/debootstrap/debootstrap-0.1.17.3-2.i386.rpm
-EOF
- exit 1
-fi
-
if ! cat /proc/self/status | grep '^s_context:[^0-9]0$'; then
echo "${0##*/} error:"
echo " Must be run from the host server (security context 0)" 1>&2
@@ -364,33 +341,19 @@
exit 1
fi
-# check for /vserver/$VHOST/etc/ incase we are on pre-mounted LVM partition
-# (used to just check for "/vserver/$VHOST/" existing
-if [ -d "$VROOTDIR/$VHOST/etc/" -o -f "/etc/vservers/$VHOST.conf" ] ; then
- cat << EOF 1>&2
-${0##*/} error: Virtual Server "$VHOST" appears to already exist
- check "/etc/vservers/$VHOST.conf" or "/vservers/$VHOST/etc/";
-EOF
- exit 1
-fi
-
-# This is used to keep a cache of the downloaded .deb packges for next install
-if [ -d "$VROOTDIR/ARCHIVES/$DIST" ]; then
-mkdir -p "$VROOTDIR/$VHOST/var/cache/apt/archives"
-cp -a "$VROOTDIR/ARCHIVES/$DIST/"*.deb
"$VROOTDIR/$VHOST/var/cache/apt/archives" > /dev/null 2>&1
-fi
-
# We only want to pass the Architec
Bug#304650: correction
Hi Ola, On Thu, Apr 14, 2005 at 10:04:04PM +0200, Ola Lundqvist wrote: > > On Thu, Apr 14, 2005 at 07:31:08PM +0200, Daniel Hermann wrote: > > > looked over and compared to the outputs of " --help" to find > > features no longer existing or changed in the alpha branch. > > > > I can definitely say that two things documented in the man-page of > > vserver don't work any more: > > - Option "--nodev" > > - subcommand "service" (vserver ... service ... start/stop) > > True. I have forgotten that I wrote that manpage. :) > You wrote them? I ask because a different author (Klavs Klavsen) is mentioned there. > > Is it useful for you to file detailed information or to write > > patches against the man-pages? > > If you can provide patches that is of course appriciated. > instead of producing patches I used the "--help" output of vserver and vserver-build to produce new man pages. I have sent them to the vserver list and also attach them to this mail. Maybe they are useful for somebody. BTW: What version of util-vserver are you planning to release with sarge? regards Daniel -- - Daniel Hermann, Institut fuer Theorie der Kondensierten Materie Universitaet Karlsruhe Tel: ++49 (0)721 608-3588 Postfach 6980 Fax: ++49 (0)721 608-7779 76128 Karlsruhe, Germany email: [EMAIL PROTECTED] - =head1 NAME vserver - controls and builds virtual servers =head1 SYNOPSIS vserver [options] vserver-name command [args] =head1 DESCRIPTION The vserver utility enables you to control different aspects of your vservers, such as stopping and starting them, installing packages inside the vservers, or building new vservers. =head1 COMMANDS Possible commands are: B [--nodeps] * starts the specified vserver B [--nodeps] * stops the specified vserver B restarts the specified vserver; this is the subsequent execution of a synchronized 'stop' and a 'start' B restarts the vserver when it is running already B executes a command as the specified user in the vserver B executes a command as root in the vserver B executes the configured shell in the vserver B modifies the init-system; currently, only Red Hat's chkconfig is supported B succeeds iff the vserver is running B gives out some human readable status information about the vserver, and succeeds iff the vserver is running B * builds a new vserver from scratch (please refer to B(8) for details) B [-R] (de)unify vserver B installs package(s) in the vserver B,B,B * execute the apt-* command for the given vserver B * execute the rpm command for the given vserver B [-y] externalize or internalize the package-management for the given vserver. 'Externalize' means that package metadata and management tools (apt-get,rpm) are living in the host, while 'internalize' means that data and programs from the vserver will be used. B * unify the vserver with its reference vserver(s). =head1 OPTIONS B<--help> show help B<-s | --sync> start/stop vserver synchronously B<-v | --verbose> detailed output B<--silent> cuts most informative messages =head1 FILES I default configuration common to all vservers I separate configuration subdirectory for each vserver I default location of vservers =head1 SEE ALSO B(8), B(8), B(8), B(8), B(8), B(8), B(8), B(8), B(8) =head1 BUGS Please report bugs to [EMAIL PROTECTED] =head1 AUTHORS manual page written by Daniel Hermann <[EMAIL PROTECTED]> using output of "vserver --help" =head1 NAME vserver-build - build new vserver with vserver ... build =head1 SYNOPSIS vserver vserver-name build -m [options] [cfg-options] [--] [method-args] =head1 METHODS Possible methods are: Bthe "old" copy-all-from-host method, which requires the old legacy vserver-legacy script; with this method the cfg-options will be ignored B the copy-all-from-host method which uses the recent configuration scheme B ... -- -d installs the base-packages of the given distribution with help of 'vapt-get' B ... -- -d installs the base-packages of the given distribution with help of 'vyum' B ... -- [-d ] --empty | ([--force] [--nodeps] )+ installs lists of rpm-packages B ... -- [ *]
Bug#299923: #299923 - psi doesn't work with non-default gnupg options
Hi, I had the same problem with this (psi version 0.9.2 and 0.9.3). The default behaviour of psi is to use an gpg-agent. When this app is not there/running, you have to start psi with the --no-gpg-agent option to let it connect to the jabber server. The other way to get rid of this, is to install gnupg-agent, and let it start via Xsession.options. If you install gnupg-agent it installs a new session script (61pgp-agent), you enable this inside the Xsession.options via use-session-pgp-agent. After killing your current X session and relogin, psi starts nicely without breaking the login. (Not even the use-agent option in ~/.gnupg/gpg.conf was enabled) Regards, \sh (Tested on Ubuntu Hoary 5.04, with the plain psi debian package 0.9.2 and 0.9.3) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#304770: harden-doc: GNU Public License -> GNU General Public License.
Package: harden-doc Version: 3.0.1.4 Severity: minor Tags: patch Hi, here's a tiny patch which corrects the name of the GPL (GNU _General_ Public License instead of GNU Public License). Uwe. -- Uwe Hermann <[EMAIL PROTECTED]> http://www.hermann-uwe.de | http://www.crazy-hacks.org http://www.it-services-uh.de | http://www.phpmeat.org http://www.unmaintained-free-software.org | http://www.holsham-traders.de --- copyleft.sgml.orig 2005-04-15 13:41:09.0 +0200 +++ copyleft.sgml 2005-04-15 13:42:26.0 +0200 @@ -10,7 +10,7 @@ Permission is granted to copy, distribute and/or modify this document under the terms of the or any later +name="GNU General Public License, Version 2"> or any later version published by the Free Software Foundation. It is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.
Bug#304650: correction
Hi, I was a little too fast by reporting this bug with severity "Important". The man-pages are still useable, they should only be looked over and compared to the outputs of " --help" to find features no longer existing or changed in the alpha branch. I can definitely say that two things documented in the man-page of vserver don't work any more: - Option "--nodev" - subcommand "service" (vserver ... service ... start/stop) Is it useful for you to file detailed information or to write patches against the man-pages? regards Daniel -- ----- Daniel Hermann, Institut fuer Theorie der Kondensierten Materie Universitaet Karlsruhe Tel: ++49 (0)721 608-3588 Postfach 6980 Fax: ++49 (0)721 608-7779 76128 Karlsruhe, Germany email: [EMAIL PROTECTED] - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#304650: util-vserver: documentation is outdated
Package: util-vserver Version: 0.30.204-4 Severity: important Hi, the man-pages of the util-vserver package still describe the stable branch of util-vserver (0.30). The recently included alpha branch (i) has a totally different default configuration scheme (ii) is not entirely compatible to the stable branch (e.g. Option --nodev doesn't work in legacy mode of "vserver"). Therefore these man-pages should be replaced or removed. Since the alpha tools all seem to have a useable "--help" output, would it be possible to use this and process it to generate man-pages? regards Daniel -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux tkmlx25 2.4.24-ath.ws #1 Fri Feb 27 16:21:37 CET 2004 i686 Locale: LANG=C, LC_CTYPE=C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#302125: php4: move xmlrpc extension to seperate package
Hi, As I need this, too, here is a (simple) patch. I'm not 100% sure everything is right - especially dependancies; but it seems OK here. Best regards, -- Clement "nodens" Hermann
Bug#303522: kernel-package: Please provide support for separate source/build trees
Package: kernel-package Version: 8.130 Severity: wishlist I would like to use a build tree separate from the source tree with kernel-package as is supported by the upstrame Makefile (the -O option). I'm building kernels for several machines and it takes a full kernel tree per kernel. Using a common source tree and multiple build trees would save significantly on hd-space. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (50, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.11.3 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages kernel-package depends on: ii dpkg 1.13.0 Package maintenance system for Deb ii dpkg-dev 1.13.0 Package building tools for Debian ii gcc [c-compiler] 4:3.3.5-3 The GNU C compiler ii gcc-3.3 [c-compiler] 1:3.3.5-12 The GNU C compiler ii make 3.80-9 The GNU version of the "make" util ii perl 5.8.4-8Larry Wall's Practical Extraction -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#302321: util-vserver: vserver-copy doesn't preserve file ownership when copying to another host
sorry, I forgot to mention that the vserver-copy in unstable (util-vserver 0.30.204-3) has the same problem. regards Daniel -- - Daniel Hermann, Institut fuer Theorie der Kondensierten Materie Universitaet Karlsruhe Tel: ++49 (0)721 608-3588 Postfach 6980 Fax: ++49 (0)721 608-7779 76128 Karlsruhe, Germany email: [EMAIL PROTECTED] - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#302321: util-vserver: vserver-copy doesn't preserve file ownership when copying to another host
Package: util-vserver Version: 0.30-14; reported 2005-03-31 Severity: normal Hi, vserver-copy uses rsync to transfer a vserver from one host to another, which by default preserves file ownership with respect to usernames, not numeric uids. Therefore if users have different numeric uids on the source and destination host (common example: Debian-exim), the vserver copy will not be functional (e.g. exim can't read spool directory). This can be fixed effects by using the "--numeric-ids" Option with rsync. best regards Daniel -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux tkmlx25 2.4.24-ath.ws #1 Fri Feb 27 16:21:37 CET 2004 i686 Locale: LANG=C, LC_CTYPE=C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#290698: enlightenment: E16 locks up when keybinding executes broken script ( existing, but invalid)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, It seems this bug is fixed upstream (at least I couldn't reproduce it with version 16.7.2, which is the last public version). Could you please consider packaging it ? (see bug #261353) Best regards, - -- Clément Hermann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCRe7S0yQ2guvROZ0RAjtgAKCw2EI1SmsgfSxIL+X4YUwALHVG1ACgrD4a 3RtjrRZj1QSauabqzRH2UaY= =emhP -END PGP SIGNATURE-
Bug#288761: more info on extension problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here is my little bit about this : - - click on "Install Now" on https://addons.update.mozilla.org/extensions/moreinfo.php?application=firefox&version=1.0&os=nt&id=10 does not work. - - opening the link in a new tab does work. - - opening http://ftp.mozilla.org/pub/mozilla.org/extensions/adblock/adblock-0.5.2.039-fx.xpi directly does work. - - creating a simple link on a simple html page to the xpi file does work ?! (tried on a local apache server, I see the "firefox has prevented localhost to install a program to protect you computer" box (something like that, I use a french locale and don't know how it is said in english). adding localhost to the list works, also. - - if the "allow websites to install program" box is unchecked, mozilla does show the pop-up about the feature beeing disabled when clicking on a link - - if no site is allowed to install, the popup shows up (as with the localhost test). - - it works when you use the "download it" link on mozdev.org but not when clicking on "Install version xxx of foobar now" (tested with http://livehttpheaders.mozdev.org/installation.html) - -- Clément 'nodens' Hermann -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCQLXp0yQ2guvROZ0RAjIxAJwOi41RF7xsUyVwR2NsMo5tQkpvXQCfQwfm VDCiG1kMC2ocKla6JEsBO+M= =KLEe -END PGP SIGNATURE-
Bug#299811: checksecurity: Doesn't seem to install cleanly.
Hi,
On Wed, Mar 16, 2005 at 07:47:24PM +0100, Javier Fernández-Sanguino Peña wrote:
> Yes, please, I cannot reproduce this. Can you please do this?
>
> # export DEBCONF_DEBUG=developer
> # apt-get install --reinstall checksecurity
Reinstalling works without errors. I did some debugging and came up with a
patch. The problem is this snippet in postinst:
if [ ! -d /var/log/setuid ]; then
mkdir -m 750 /var/log/setuid
chown root:adm /var/log/setuid || true
for file in /var/log/setuid.yesterday /var/log/setuid.today
/var/log/setuid.changes \
/var/log/setuid.changes.*; do
[ -e $file ] && mv $file /var/log/setuid
done
fi
The [ -e $file ] has a return code of 1 if the given files don't exist.
This return code seems to become the return code of the whole postinst
script, later. Here's my proposed fix, which works for me (tm):
--- postinst2005-03-16 23:27:57.0 +0100
+++ postinst.new2005-03-16 23:28:26.0 +0100
@@ -19,7 +19,9 @@
chown root:adm /var/log/setuid || true
for file in /var/log/setuid.yesterday /var/log/setuid.today
/var/log/setuid.changes \
/var/log/setuid.changes.*; do
- [ -e $file ] && mv $file /var/log/setuid
+ if [ -e $file ]; then
+ mv $file /var/log/setuid
+ fi
done
fi
HTH, Uwe.
--
Uwe Hermann <[EMAIL PROTECTED]>
http://www.hermann-uwe.de | http://www.crazy-hacks.org
http://www.it-services-uh.de | http://www.phpmeat.org
http://www.unmaintained-free-software.org | http://www.holsham-traders.de
Bug#299811: checksecurity: Doesn't seem to install cleanly.
Package: checksecurity Version: 2.0.7-2 Severity: grave Justification: renders package unusable I tried to install checksecurity today, and this is what I got: # apt-get install checksecurity Reading Package Lists... Done Building Dependency Tree... Done Suggested packages: apt-watch cron-apt Recommended packages: tripwire integrit aide samhain fcheck The following NEW packages will be installed: checksecurity 0 upgraded, 1 newly installed, 0 to remove and 121 not upgraded. Need to get 19.9kB of archives. After unpacking 168kB of additional disk space will be used. Get:1 http://http.us.debian.org unstable/main checksecurity 2.0.7-2 [19.9kB] Fetched 19.9kB in 0s (21.6kB/s) Preconfiguring packages ... Selecting previously deselected package checksecurity. (Reading database ... 200154 files and directories currently installed.) Unpacking checksecurity (from .../checksecurity_2.0.7-2_all.deb) ... Setting up checksecurity (2.0.7-2) ... dpkg: error processing checksecurity (--configure): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: checksecurity E: Sub-process /usr/bin/dpkg returned an error code (1) I haven't looked further into it, but if you need more information I'll happily provide it. Uwe. -- Uwe Hermann <[EMAIL PROTECTED]> http://www.hermann-uwe.de | http://www.crazy-hacks.org http://www.it-services-uh.de | http://www.phpmeat.org http://www.unmaintained-free-software.org | http://www.holsham-traders.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#278529: Oops...
wrong patch, sorry. This is the good one (eval is best than find IMHO). -- Clément 'nodens' Hermann <[EMAIL PROTECTED]> - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? -- Jean in "l'Histoire des Pingouins" - http://tnemeth.free.fr/fmbl/linuxsf --- grub-floppy.old 2005-03-10 18:11:25.0 +0100 +++ grub-floppy 2005-03-10 18:12:26.0 +0100 @@ -19,7 +19,7 @@ # Initialize some variables. dd=`which dd` -pkglibdir=/lib/grub/*-* +pkglibdir=$(eval echo /lib/grub/*-*) stage1=$pkglibdir/stage1 stage2=$pkglibdir/stage2 @@ -90,8 +90,6 @@ /bin/echo -e "\nThat's All Folks!" } -# test we have the necessary files first -checkfiles case "$1" in -h | --help) @@ -102,6 +100,8 @@ if [ -z "$1" ] ; then usage else + # test we have the necessary files first + checkfiles checkdevice "$1" questiondevice "$1" createfloppy "$1"
Bug#278529: tags #278529
tags 278529 + patch thanks -- Clément 'nodens' Hermann <[EMAIL PROTECTED]> - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? -- Jean in "l'Histoire des Pingouins" - http://tnemeth.free.fr/fmbl/linuxsf
Bug#298901: subversion: Obsolete svn.vim file?
Package: subversion Version: 1.1.3-2 Severity: normal Hi, the current subversion package ships with /usr/share/doc/subversion/examples/svn.vim, which is probably not needed, as current vim versions already ship with an svn.vim file in /usr/share/vim/vim63/syntax/svn.vim. The subversion one is written by Ben Collins <[EMAIL PROTECTED]>, the one from vim is written by Dmitry Vasiliev <[EMAIL PROTECTED]> (CC'ed both). However, they both look quite the same, maybe they should be merged? As vim already provides a working svn.vim, I guess the examples/svn.vim can be removed. Uwe. -- Uwe Hermann <[EMAIL PROTECTED]> http://www.hermann-uwe.de | http://www.crazy-hacks.org http://www.it-services-uh.de | http://www.phpmeat.org http://www.unmaintained-free-software.org | http://www.holsham-traders.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#278529: [Bug #278529] resolved with this patch
Alternatively, you could just remove the "" when testing the file's
existence - it will then interpret *-* correctly.
Then there is no need to use find.
Also, checkfiles() should be called after the option parsing, so you
could do a -h even if stage1 is not found.
See the patch attached.
Best regards,
--
Clément 'nodens' Hermann <[EMAIL PROTECTED]>
- L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?
-- Jean in "l'Histoire des Pingouins" - http://tnemeth.free.fr/fmbl/linuxsf
--- grub-floppy.old 2005-03-10 14:50:53.0 +0100
+++ grub-floppy 2005-03-10 14:50:10.0 +0100
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
# Create GRUB boot floppy.
# Copyright (C) 2001 Jason Thomas <[EMAIL PROTECTED]>
@@ -33,9 +33,10 @@
checkfiles()
{
+echo $pkglibdir $stage1
[ -x "$dd" ] || abort "Can't find $dd, aborting"
-[ -f "$stage1" ] || abort "Can't find $stage1, aborting"
-[ -f "$stage2" ] || abort "Can't find $stage2, aborting"
+[ -f $stage1 ] || abort "Can't find $stage1, aborting"
+[ -f $stage2 ] || abort "Can't find $stage2, aborting"
}
usage()
@@ -90,9 +91,6 @@
/bin/echo -e "\nThat's All Folks!"
}
-# test we have the necessary files first
-checkfiles
-
case "$1" in
-h | --help)
usage
@@ -102,6 +100,9 @@
if [ -z "$1" ] ; then
usage
else
+ # test we have the necessary files first
+ checkfiles
+
checkdevice "$1"
questiondevice "$1"
createfloppy "$1"
Bug#267420: This bug is fixed in the current 1.1.3-2 package.
Hi, AFAIK this bug is already fixed upstream and in the current 1.1.3-2 subversion package, hence the patch is not needed anymore and the bug can be closed. Uwe. -- Uwe Hermann <[EMAIL PROTECTED]> http://www.hermann-uwe.de | http://www.crazy-hacks.org http://www.it-services-uh.de | http://www.phpmeat.org http://www.unmaintained-free-software.org | http://www.holsham-traders.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#298235: spikeproxy: Web interface doesn't work.
Package: spikeproxy Version: 1.4.7-8 Severity: normal Tags: patch Hi, I tried out spikeproxy today and found a small bug in the package. When you go to http://spike/ the web interface doesn't come up, but you get this error message: Error in Spike Proxy UI - No file found: /var/cache/spikeproxy/../index.html This tiny patch seems to fix the problem: --- spikeProxyUI.py.orig2005-03-05 23:27:43.0 +0100 +++ spikeProxyUI.py 2005-03-05 23:28:44.0 +0100 @@ -439,7 +439,7 @@ if debug_serveFile: print "serving file "+filename #strip this last bit off -mybase=daveutil.pathjoin(self.cachedir,"..") +mybase="/usr/share/spikeproxy" realfilename=daveutil.pathjoin(mybase,filename) if os.path.isfile(realfilename): file=open(realfilename,"r") Also, it seems there's a slightly newer upstream version available from http://www.immunitysec.com/downloads/SP148.tgz HTH, Uwe. -- Uwe Hermann <[EMAIL PROTECTED]> http://www.hermann-uwe.de | http://www.crazy-hacks.org http://www.it-services-uh.de | http://www.phpmeat.org http://www.unmaintained-free-software.org | http://www.holsham-traders.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#297993: nessusd: bug in nessus-mkcert-client script (trivial)
Package: nessusd Version: 2.2.3-1 Severity: minor Tags: patch Hi, There is a small bug in nessus-mkcert-client : a warning about /var/lib/nessus/private/CA beeing not readable is displayed. This is a false warning caused by an error in the script and can be safely ignored. Anyway, the fix is trivial, see patch attached. Regards, -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.8-1-k7 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages nessusd depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libnasl22.2.3-1 Nessus Attack Scripting Language, ii libnessus2 2.2.3-1 Nessus shared libraries ii libssl0.9.7 0.9.7e-3 SSL shared libraries ii libwrap07.6.dbs-6Wietse Venema's TCP wrappers libra ii nessus-plugins 2.2.3-1 Nessus plugins ii openssl 0.9.7e-3 Secure Socket Layer (SSL) binary a -- no debconf information --- nessus-mkcert-client.old2005-03-03 22:03:23.0 +0100 +++ nessus-mkcert-client2005-03-03 22:03:48.0 +0100 @@ -100,7 +100,7 @@ CAKEY=$NESSUSPRIV/cakey.pem CACERT=$NESSUSPUB/cacert.pem -[ -r $NESSUSPRIV ] && echo "WARN: $NESSUSPRIV is not readable, this script will not be able to find the server certificate (hint: are you root?)" +[ -r $NESSUSPRIV ] || echo "WARN: $NESSUSPRIV is not readable, this script will not be able to find the server certificate (hint: are you root?)" while [ ! -f "$CAKEY" ]; do echo "$CAKEY: not found or not a file"
Bug#283605: Accessing the GAL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It won't work for me either. either with the exchange serveur or domain controlleur as GAL server, I keep getting errors about not being able to connect to GAL server. I get the following messages in debug mode (E2K=2) : impl_GNOME_Evolution_Addressbook_BookFactory_getBook impl_GNOME_Evolution_Addressbook_Book_open (0x816f140) ** (evolution-exchange-storage:23559): WARNING **: LDAP authentication failed (0x51) I use last evolution &and evolution-echange from sid, no ldap patch for me, no [EMAIL PROTECTED] (if I use [EMAIL PROTECTED], personnal Contacts from echange won't work either). Server : Exchange 2003 (French) on 2003 domain (french domain controler as well). Best regards, - -- Clément 'nodens' Hermann <[EMAIL PROTECTED]> - - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? - -- Jean in "l'Histoire des Pingouins" - http://tnemeth.free.fr/fmbl/linuxsf -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFCGzVO0yQ2guvROZ0RAiXfAKCdnFjx6oFqjuxCg0M2EZzEu1s58QCgizXD dGZRBk7G8xTusyGqoktwqcc= =BNKm -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#296282: php4-snmp causes apache to segfault on startup
Package: php4-snmp
Version: 4:4.3.10-7
Severity: grave
Justification: renders package unusable
Hi,
Latest version of php4-snmp causes apache to segfault on startup (undetected by
apachectl which exit cleanly). Commenting out extension=snmp.so in
/etc/php4/apache/php.ini is a workaround, but php scripts runned by apache via
the php4 module won't have snmp support.
Here his an strace -f apachectl (relevant part only) :
open("/usr/lib/libnetsnmp.so.5", O_RDONLY) = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\343\0"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0644, st_size=528848, ...}) = 0
old_mmap(NULL, 633392, PROT_READ|PROT_EXEC, MAP_PRIVATE, 5, 0) = 0xb71f7000
old_mmap(0xb7276000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 5,
0x7f000) = 0xb7276000
old_mmap(0xb7278000, 105008, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7278000
close(5)= 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libwrap.so.0", O_RDONLY) = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240!\0"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0644, st_size=28688, ...}) = 0
old_mmap(NULL, 33700, PROT_READ|PROT_EXEC, MAP_PRIVATE, 5, 0) = 0xb71ee000
old_mmap(0xb71f5000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 5,
0x6000) = 0xb71f5000
old_mmap(0xb71f6000, 932, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb71f6000
close(5)= 0
munmap(0xb7bff000, 73541) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
Process 4284 detached
Note that this only happen with apache module, php-cgi and php-cli are both
working fine with snmp extension :
[EMAIL PROTECTED]:~$ echo '' | php-cgi | grep -i snmp
snmp
NET-SNMP Support enabled
NET-SNMP Version 5.1.2
SNMP_PERSISTENT_FILE /dev/null
_SERVER["SNMP_PERSISTENT_FILE"]/dev/null
_ENV["SNMP_PERSISTENT_FILE"]/dev/null
[EMAIL PROTECTED]:~$ php -r 'phpinfo();' | grep -i snmp
snmp
NET-SNMP Support => enabled
NET-SNMP Version => 5.1.2
SNMP_PERSISTENT_FILE => /dev/null
_SERVER["SNMP_PERSISTENT_FILE"] => /dev/null
_ENV["SNMP_PERSISTENT_FILE"] => /dev/null
Best Regards,
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.9-1-686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages php4-snmp depends on:
ii debconf [debconf-2.0] 1.4.45 Debian configuration management sy
ii libapache-mod-php4 [phpapi- 4:4.3.10-7 server-side, HTML-embedded scripti
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libsnmp55.1.2-6 NET SNMP (Simple Network Managemen
ii libwrap07.6.dbs-6Wietse Venema's TCP wrappers libra
ii php4-cgi [phpapi-20020918-z 4:4.3.10-7 server-side, HTML-embedded scripti
ii php4-cli [phpapi-20020918-z 4:4.3.10-7 command-line interpreter for the p
ii php4-common 4:4.3.10-7 Common files for packages built fr
-- debconf information:
php4/extension_snmp_apache: true
php4/add_extension: true
php4/remove_extension: true
php4/extension_snmp_cgi: true
php4/extension_snmp_cli: true
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#263365: public folder browsing from mail windows
Hi, I also think you should browse all public folder from the mail window, not only the favourite ones (just as in MS Outllok). PF are often used for workfliow, and may change without notice. Alternatively, it should be possible to add a tree of PF in favorites, a folder *and* its subfolders, which would get refreshed if they change. This could be a good middle way between having only a leaf or all the PF. This bug's severity could be downgraded to wishlist, but I would'nt do so, because this functionality is so critical in all corporate environment I've seen. Could you please forward this bug upstream ? Best regards, -- Clément "nodens" Hermann
Bug#296180: evolution-exchange: Unable to delete item in public folder despite permissions
Package: evolution-exchange Version: 2.0.3-1 Severity: important Hi, I already reported this upstream (http://bugzilla.ximian.com/show_bug.cgi?id=72751), so I'll only copy/paste here. Description of Problem: I'm unable to delete a message posted in a public folder using the ximian connector, even though I should be able to do so according to permissions. It seems to be connector-related (see notes for details and debugging informations). Steps to reproduce the problem: 1. choose a public folder in which you can delete messages posted (Author right) 2. post a message 3. try to move or delete it Actual Results: Nothing happens, unless it is a move, then the message is duplicated (destination is updated, source stays the same). But the new message selected is the next message in list, as if the message to delete was deleted. Expected Results: the message is moved or deleted. How often does this happen? Always. Additional Information: I tried to run evolution-exchange backend process in debug mode (E2K_DEBUG=5), I can't see anything happening when I try to delete a message. The only thing I can see are the following header when I access the folder : ** (evolution-exchange-storage:15128): WARNING **: renew_subscription: 401 Unaut horized 401 Unauthorized E2k-Debug: 0x816da20 @ 1108773706 Date: Sat, 19 Feb 2005 00:41:44 GMT X-Powered-By: ASP.NET Server: Microsoft-IIS/6.0 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM WWW-Authenticate: Basic realm="" Content-Length: 80 Content-Type: text/html I've indeed seen the following header one time (addresses are changed), but I could not find out how or when (I was trying to reproduce the bug, and I changed the current folder) : 200 OK E2k-Debug: 0x81881f8 @ 1108773767 MS-WebStorage: 6.5.7226 Date: Sat, 19 Feb 2005 00:42:45 GMT X-Powered-By: ASP.NET notification-type: delete Server: Microsoft-IIS/6.0 call-back: httpu://:15129/ Subscribe-group: vH2D5fiLiE2z2MZOFftVoQ== Notification-delay: 30 Content-Length: 0 Subscription-lifetime: 3600 Content-Location: https:///5%20-%20Traitement%20en%20cours%20BO/ Subscription-id: 13 It didn't work either. The public folder is the right one. I've got permissions to delete objects I own (author), and I own it. It works well in MAPI and webmail. The server is a fresh install of Exchange 2003 (French edition). But it did the same when I tried on a 2000 version (French as well). Public folder are used to share information, it is critical to be able to move or delete a message in a workflow situation. --- Additional Comments From Clement Hermann 2005-02-20 17:11 --- I've just made some additionnal testing. Deleting a message works well when the user has "owner" rights. But, when it has "Author" (create, modify/delete own item) or "Publishing Editor" (create, modify/delete any message), it won't work. Please tell me if you need additionnal information (I probably won't be able to offer you a testing account on a french edition exchange, but I'll do my best to help you; anyway, I think this happens in every flavour of Exchange). -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.8-1-k7 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages evolution-exchange depends on: ii evolution2.0.3-1.2 The groupware suite ii libart-2.0-2 2.3.17-1Library of functions for 2D graphi ii libasn1-6-heimdal0.6.3-7 Libraries for Heimdal Kerberos ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit ii libaudiofile00.2.6-5 Open-source version of SGI's audio ii libbonobo2-0 2.8.0-4 Bonobo CORBA interfaces library ii libbonoboui2-0 2.8.0-2 The Bonobo UI library ii libc62.3.2.ds1-20GNU C Library: Shared libraries an ii libcomerr2 1.36rc5-1 common error description library ii libdb4.2 4.2.52-17 Berkeley v4.2 Database Libraries [ ii libebook81.0.3-2 Client library for evolution addre ii libecal6 1.0.3-2 Client library for evolution calen ii libedata-book1 1.0.3-2 Backend library for evolution addr ii libedata-cal51.0.3-2 Backend library for evolution cale ii libedataserver3 1.0.3-2 Utily library for evolution data s ii libesd-alsa0 [libesd0] 0.2.35-2Enlightened Sound Daemon (ALSA) - ii libfontconfig1 2.2.3-4 generic font configuration library ii libfreetype6 2.1.7-2.3 FreeType 2 font engine, shared lib ii libgal2.2-1 2.2.4-1 G App Libs (run time library) ii libgconf2-4
Bug#281655: info2www: Cross-site scripting vulnerability
Hi,
On Sun, Jan 23, 2005 at 08:28:47PM -0500, Justin Pryzby wrote:
> On Sun, Jan 23, 2005 at 05:42:04PM -0500, pryzbyj wrote:
> > tags 281655 patch
> > thanks
> >
> > I've included a 2-line patch which implements some output
> > sanitization. I can't find any other instance where this is a
> > problem, but don't take my word for it; I haven't followed the code
> > *that* closely.
> >
> > Since info filenames/titles can be named anything (which is a Good
> > Thing), the way to handle this is to escape '<' (and '>' while we're
> > at it). This prevents anyone from sticking any html anywhere.
> >
> > I would also like to see this code use perl -T (for testing, as well
> > as for installation, I think). I will probably play with this later
> > tonight.
> >
> > I've never used perl -T before and it may very well break this program
> > horribly.
> It broke it, but not horribly. The only complain (check apache's
> error log) is about $ENV{'PATH'}. The Debian fix is to just set
> $ENV{'PATH'}="/bin:/usr/bin" (or even just leave it untouched, maybe).
>
> So, in addition to the previous patch, I suggest that the script runs
> with #!/usr/bin/perl -T, and that the ENV variable is either set
> absolutely, or not changed at all.
Thanks Justin for all the help and patches.
I implemented most of your suggestions and some additional ones in a new
patch (attached to this mail).
Unfortunately, I don't think escaping '<' and '>' will suffice. IIRC
there exist XSS exploits which don't use special characters at all, so
it's quite hard to filter...
But IMHO what we have now is a first good step. I'm CC'ing the security
team (this was long overdue), maybe they have some more suggestions.
If noone objects I'll upload a new info2www package with the attached
patch to unstable. The security announce and uploads to stable will be
handled by the security team, right?
Thanks, Uwe.
--
Uwe Hermann <[EMAIL PROTECTED]>
http://www.hermann-uwe.de | http://www.crazy-hacks.org
http://www.it-services-uh.de | http://www.phpmeat.org
http://www.unmaintained-free-software.org | http://www.holsham-traders.de
--- info2www2005-01-30 21:06:37.0 +0100
+++ info2www.new2005-01-31 05:02:03.0 +0100
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/perl -T
#
# info2www - Gateway between GNU Info nodes and WWW
$id = '$Id: info2www,v 1.2.2.9 1996/07/02 08:44:12 lmdrsm Exp $ ';
@@ -82,8 +82,11 @@
# Set the PATH so that the ZCAT and GZCAT programs can be found
#
-$ENV{'PATH'} =~ s!:$!!;
-$ENV{'PATH'} .= ":/bin:/usr/bin";
+#$ENV{'PATH'} =~ s!:$!!;
+#$ENV{'PATH'} .= ":/bin:/usr/bin";
+
+# Security: Hardcoded paths, so malicious tampering with PATH is not possible.
+$ENV{'PATH'} = "/bin:/usr/bin";
#
# ZCAT is the program to use for reading compressed files (*.Z)
@@ -1138,6 +1141,15 @@
# Print an HTML error message
sub Error {
local($reason) = @_;
+
+# Security checks to prevent at least _some_ forms of XSS attacks.
+# TODO: This is far from complete, more checks need to be done!
+$reason =~ s//>/gs;
+$reason =~ s/&/&/gs;
+$reason =~ s/"/"/gs;
+$reason =~ s/#//gs;
+
print "Sorry! - $reason\n\n";
return(0);
}
Bug#281655: info2www: Cross-site scripting vulnerability
Hi, sorry, the mail about this bug somehow got lost in my inbox... (CC to debian-devel, any help with this issue is welcome) On Wed, Nov 17, 2004 at 03:45:55AM +0100, Nicolas Gregoire wrote: > Package: info2www > Version: 1.2.2.9-22 > Severity: normal > Tags: security > > There's a XSS vulnerabilty in the info2www CGI. > > The following URL will display the document location using Javascript : > /cgi-bin/info2www?(coreutils)
Bug#275528: bug fixed in CVS
Hi Ola, I sent a bug report to upstream (http://savannah.nongnu.org/bugs/index.php?func=detailitem&item_id=11570) and the bug was fixed there in CVS. regards Daniel -- - Daniel Hermann, Institut fuer Theorie der Kondensierten Materie Universitaet Karlsruhe Tel: ++49 (0)721 608-3588 Postfach 6980 Fax: ++49 (0)721 608-7779 76128 Karlsruhe, Germany email: [EMAIL PROTECTED] - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#291368: webalizer: Webalizer should be able to generate stats in different languages
Package: webalizer Version: 2.01.10-26 Severity: wishlist I know it's possible to select a langage at compile-time, but it would be better to be able to choose it at generation-time. Even without adding support for selecting the langage at runtime, we could imagine several package (webalizer-fr, webalizer-pl) as a workaround. It could also use the alternatives to provide a webalizer pointing to the favourite langage binary. Best Regards, -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.9-1-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages webalizer depends on: ii debconf 1.4.41 Debian configuration management sy ii libc6 2.3.2.ds1-19 GNU C Library: Shared libraries an ii libdb4.24.2.52-17Berkeley v4.2 Database Libraries [ ii libgd2-xpm 2.0.33-1.1 GD Graphics Library version 2 ii libpng12-0 1.2.8rel-1 PNG library - runtime ii zlib1g 1:1.2.2-4compression library - runtime -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#291367: dnsmasq: Wish: Supply addresses matching the network/mask of the interface
Package: dnsmasq Version: 2.19-1 Severity: wishlist I have the following /etc/hosts: 130.89.195.211 waxy.kabel.utwente.nl waxy 10.2.1.1waxy 10.2.2.1waxy and the followng netmasks: dmz 10.2.1.0/255.255.255.0 private 10.2.2.0/255.255.255.0 Currently, dnsmasq rotates through all possible ip's for the name 'waxy'. I'd like dnsmasq to provide only the ip address matching the network/netmask from which the request originated. ie. a request from 10.2.1.105 for 'waxy' should be answered with 10.2.1.1 as the only or first entry in the response. Rotating the list would be ok if the hosts has more than one interface in one specific network/mask. Alex. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (50, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.10 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages dnsmasq depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii netbase 4.19 Basic TCP/IP networking system -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#289036: vserver-debiantools: minor errors when executing newvserver
Hi Ola, the new version works perfectly for me now, the bug can be closed from my point of view. Thanks for the good work! Daniel -- - Daniel Hermann, Institut fuer Theorie der Kondensierten Materie Universitaet Karlsruhe Tel: ++49 (0)721 608-3588 Postfach 6980 Fax: ++49 (0)721 608-7779 76128 Karlsruhe, Germany email: [EMAIL PROTECTED] - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#289943: dhclient-script: The argument to exit_with_hooks() is not propagated to the hook scripts
Package: dhcp3-client Version: 3.0.1-1 Severity: normal File: dhclient-script *** Please type your report below this line *** The argument $1 to exit_with_hooks() is not propagated to the hook scripts. This works with the original distributed script and is needed for advanced scripting, which need to detect success or failures (see TIMEOUT code). At the moment $1 to the hook scripts is set to the hook script name - which is useless inside the script(s). -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.28 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages dhcp3-client depends on: ii debconf 1.4.30.11Debian configuration management sy ii debianutils 2.8.4Miscellaneous utilities specific t ii dhcp3-common3.0.1-1 Common files used by all the dhcp3 ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
