Bug#420003: Bug Still exists in 1.1.6-1
This one time, at band camp, Matthias Cramer said: Upgraded to 1.1.6, radius still dies after SIGHUP ! Please run (as root) /usr/sbin/freeradius -X Then switch windows, and run kill -HUP `pidof freeradius` And send the output from the first window. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#317853: libclamav2 0.90.2
This one time, at band camp, Massimiliano Mancini said: trying to update in a sarge/volatile libclamav2 from 0.90.1 to 0.90.2 I found broken dependency with package libgmp3 (dep should be from package libgmp3c2) Please send a copy of your sources.list. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#420498: wy60: please add Depends or Suggests on ncurses-term
Package: wy60 Version: 2.0.8-5 Severity: wishlist ncurses-term appears to be the package containing the wy60 termcap files, so it would be helpful if wy60 either depended or suggested this package. It would have saved me some time chasing down why wy60 was failing when talking to a SCO machine, at any rate :) Thanks, -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.18-4-686 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.utf8) Shell: /bin/sh linked to /bin/bash Versions of packages wy60 depends on: ii libc6 2.5-1 GNU C Library: Shared libraries ii libncurses5 5.5-5 Shared libraries for terminal hand wy60 recommends no packages. -- no debconf information -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#420593: clamav-daemon: segfault in segfault handler, hangs with 100% cpu
severity 420593 important thanks This one time, at band camp, Maurice Massar said: Severity: grave Justification: causes non-serious data loss Temp failing mail isn't the same as data loss. I agree it is important, and I'm looking at it now. clamav-daemon has repeatedly gone in a loop eating 100% CPU and not answering any queries anymore. Only kill -9 could terminate it. I just looked into it with strace: --- SIGSEGV (Segmentation fault) @ 0 (0) --- sigreturn() = ? (mask now ~[HUP INT KILL SEGV USR2 PIPE TERM STOP RTMIN]) --- SIGSEGV (Segmentation fault) @ 0 (0) --- sigreturn() = ? (mask now ~[HUP INT KILL SEGV USR2 PIPE TERM STOP RTMIN]) ... repeated endless ... I've no idea what causes the initial segv, but this loop blocks all clients accessing clamd, in my case all incoming mail. On my 3 MX hosts (combined 150k mails / day) it happens roughly once a week (and sadly not all MTAs do a fallback on a secondary MX). I already had this problem with 0.90.1-0volatile1, if I remember correctly. Can you install clamav-dbg, attach gdb to the process, and send me a full backtrace? If you're not sure how to do that, let me know and I'll provide instructions. Thanks very much, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#420593: clamav-daemon: segfault in segfault handler, hangs with 100% cpu
This one time, at band camp, Maurice Massar said: hi, On Mon, Apr 23, 2007 at 01:56:29PM +0100, Stephen Gran wrote: Can you install clamav-dbg, attach gdb to the process, and send me a full backtrace? If you're not sure how to do that, let me know and I'll provide instructions. clamd crashed again this morning, and I was able to attach gdb, and created a corefile of the running process with gcore /root/clamd.12915.2007-04-24.core. Examing this corefile: (gdb) bt #0 0x400249db in cli_ac_free () from /usr/lib/libclamav.so.2 #1 0x4002b9e4 in cl_free () from /usr/lib/libclamav.so.2 #2 0x400299ed in cli_initengine () from /usr/lib/libclamav.so.2 #3 0x4002a949 in cli_initengine () from /usr/lib/libclamav.so.2 #4 0x4002ad2a in cl_loaddb () from /usr/lib/libclamav.so.2 #5 0x4002afbe in cl_loaddb () from /usr/lib/libclamav.so.2 #6 0x4002ad2a in cl_loaddb () from /usr/lib/libclamav.so.2 #7 0x4002afbe in cl_loaddb () from /usr/lib/libclamav.so.2 #8 0x4002b0fd in cl_load () from /usr/lib/libclamav.so.2 #9 0x0804e0bd in ?? () #10 0x08056300 in ?? () #11 0xbfffddc0 in ?? () #12 0xbfffdda8 in ?? () #13 0x0002 in ?? () #14 0x08055b38 in ?? () #15 0x08051203 in _IO_stdin_used () #16 0x00012165 in ?? () #17 0x0001 in ?? () #18 0x080560e8 in ?? () #19 0x0005 in ?? () #20 0xbfffe3c8 in ?? () #21 0x0804e8a2 in ?? () #22 0x45700520 in ?? () #23 0x0002 in ?? () #24 0x080560e8 in ?? () #25 0x in ?? () #26 0xbfffde04 in ?? () #27 0xbfffddf8 in ?? () #28 0x400d226f in dcgettext () from /lib/tls/libc.so.6 (gdb) Can you try 'bt full' and 'info frames' to get a little more information? Or alternately. can you put the core file somewhere where I can grab it? Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#419618: /usr/bin/pdftops: pdftops segfault, additional file
This one time, at band camp, Hamish Moffatt said: On Tue, Apr 17, 2007 at 10:58:05AM +0100, Stephen Gran wrote: This one time, at band camp, Andreas Bombe said: The file I encountered the bug on is available at http://www.kba.de/Stabsstelle/ZentraleRegister/VZR/FormularVZRneu1.pdf Most other PDFs I tried seem to work, a few also crash pdftops. It seems that you're right about pdftops. However, it is also the case that the pdf viewers still exit, implying that they're not handling the failure of pdftops very well, or that they have their own crash issues as well. Trying to get a stack trace from kpdf gave me over 3000 frames, for instance :/ I can't reproduce this any more with libc6 2.5-4. I'm going to upload xpdf 3.02 soon anyway which also seemed to fix it with libc6 2.5-1. I saw some mention in the glibc changeog that there were some problems with a printf implementation (print_fp?) in glibc. It may be that this whole thing was related to that issue. If so, sorry for the flap and thanks for your responsiveness. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#329443: hdparm: does not set disk parameters at boot
This one time, at band camp, Giuseppe D'Angelo said: Package: hdparm Version: 6.1-6 Severity: important On my systems the script /etc/init.d/hdparm does not set any disk parameter. zoetrope:~# /etc/init.d/hdparm start Setting parameters of disc:zoetrope:~# Thus, disk parameters are not properly set at boot time. I've to set them manually. I attach my /etc/hdparm.conf file (/etc/default/hdparm is just comments). I am baffled, since it works here with the same settings in my config file - can you attach the output of sh -x /etc/init.d/hdparm start Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#329731: hdparm: bug in postinit
This one time, at band camp, Brent G. said: === Setting up hdparm (6.1-6) ... Installing new version of config file /etc/init.d/hdparm ... ln: creating symbolic link `/etc/udev/rules.d/z60_hdparm.rules' to `../hdparm.rules': No such file or directory === Hrm, this works here - can you send me the output of dpkg -L hdparm on your system? Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#329443: hdparm: does not set disk parameters at boot
This one time, at band camp, Giuseppe D'Angelo said: write_cache = yes zoetrope:~# sh -x /etc/init.d/hdparm start [...] + eval_value yes -W + case $1 in + return 1 + exit 0 I missed it the first time - change 'yes' to 'on' and it will work. Now I need to make that error if there is a syntax problem so that's more immediately obvious. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#329731: hdparm: bug in postinit
This one time, at band camp, OQ said: As a side note, there is no /etc/udev/rules.d/ folder on my system. Ah, actually - that't the main problem :) Fixed locally, will be uploaded soon. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#314914: clamav: FTBFS (gcc-4.0): operator '' has no left operand
This one time, at band camp, Micha Lenk said: This Bug is still not fixed for me, because there is no sendmail but nullmailer on my system. Wouldn't it be better not to detect sendmail's version via command line but from any header inclusion? I have supplied /path/to/sendmail to configure, as it's known on Debian systems. I have also patched clamav-milter.c so that if sendmail's version is undefined previously, it will be defined as the version currently in Debian. The attached patch takes the version of the package libmilter-dev as the version of sendmail. Since libmilter-dev is in clamav's build-deps this should provide a more reliable way of detecting the sendmail version - even if it's an ugly hack too. :) +dpkg -s libmilter-dev | sed -n '/^Version:/s/-[^-]*$//p' [EMAIL PROTECTED]:~/Debian/clamav/0.87/clamav-0.87$ ./configure --help | grep sendmail --with-sendmail=PATHspecify location of Sendmail binary (default=auto find) So that patch won't work - it will give configure a path to the binary 8.13.5-1, which I'm having trouble imaging exists on most systems :) Let me look at what went wrong ... I don't see it. In my local tree, the patch to supply a sendmail version is there. Checking the buildd logs, I see that none of the build daemons had this problem. Does the build actually fail for you, or do you just see configure generate a warning? If it's just a configure warning, but the build continues, then there is no problem. If you are actually getting failure to build from this, then there is something to investigate. Take care, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#314914: clamav: FTBFS (gcc-4.0): operator '' has no left operand
This one time, at band camp, Micha Lenk said: Hello Stephen, Stephen Gran schrieb: I have supplied /path/to/sendmail to configure, as it's known on Debian systems. I have also patched clamav-milter.c so that if sendmail's version is undefined previously, it will be defined as the version currently in Debian. But I think it's not okay to *assume* sendmail (or something that should behave like sendmail) is installed, if you do not provide a build-depend on it (whatever 'it' means). If you are building the milter, you have to assume that sendmail is installed. The milter relies on both path and version information picked up by the configure script. Since sendmail will most likely not be installed on buildd machines, I am working around it as best as possiible. If sendmail's version string is filled in, it's because another mailer that supplies the binary /usr/bin/sendmail responded to a senmail specirfic option with a parseable reply - see below for why this is wrong. The attached patch takes the version of the package libmilter-dev as the version of sendmail. Since libmilter-dev is in clamav's build-deps this should provide a more reliable way of detecting the sendmail version - even if it's an ugly hack too. :) +dpkg -s libmilter-dev | sed -n '/^Version:/s/-[^-]*$//p' Well, that's the content of the additional script which should be called to simulate sendmail more *reliable*. It outputs for instance Version: 8.13.4 [EMAIL PROTECTED]:~/Debian/clamav/0.87/clamav-0.87$ ./configure --help | grep sendmail --with-sendmail=PATHspecify location of Sendmail binary (default=auto find) So that patch won't work - it will give configure a path to the binary 8.13.5-1, which I'm having trouble imaging exists on most systems :) No, trats wrong. My patch gives configure the path to my additional script debian/libmilter-version.sh as sendmail binary. Then configure is calling this script in order to detect the sendmail version. I tested it, it works. And since libmilter-dev is built from the same source like sendmail it should always provide the correct version string. :) Have you looked at the autoconf macro SENDMAIL_BIN that is used by clamav-milter.c? You are suggesting we build clamav-milter binaries that look for sendmail in `pwd`/debian/. That will not work. This is my point. As I said above: The configure script grabbs the second word of the first line of the output given by the specified sendmail binary. But nullmailer, which is installed in my sid-chroot, behaves different from sendmail in giving no propper version string (okay, this might be a nullmailer-bug too...). It just ignores the unknown options and tries to send mail. But since there are no recipients given it outputs: No recipients were listed This is an error message, and should go to stderr, not stdout. If the error message went to stderr, the pipe wouldn't get it, and it wouldn't be evaluated. This is a bug in nullmailer, apparently. exim goes to stdout, as do all the other mailers installed on the buildd's - I have no idea what they use, but presumably soemthing similar to nullmailer; I see much the same error message as you describe. Probably because they didn't install nullmailer but a real mailer. Yes, from this point of view, you're right: there is no error. But I thought Debian tries hardly to aim for quality software, and my patch might improve the source package as it will enhance it to build even on systems having nullmailer installed as mailer. clamav will build fine if nullmailer outputs error messages to stderr, it looks like. Working around buggy software when necessary is possible, but as nullmailer is both open source and free, it would be better in this instance just to fix nullmailer. Please ask the maintainer or upstream to use ferr() instead of fout() for error messages such as the above. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#314914: clamav: FTBFS (gcc-4.0): operator '' has no left operand
This one time, at band camp, Micha Lenk said: Hello Stephen, Stephen Gran schrieb: Have you looked at the autoconf macro SENDMAIL_BIN that is used by clamav-milter.c? You are suggesting we build clamav-milter binaries that look for sendmail in `pwd`/debian/. That will not work. This is my point. *dough* - no. You're right. I assumed SENDMAIL_BIN is used for version detection only. What a silly assumption... Nevertheless: If Sendmail provides no output you might detect it's version as I did in my script instead of giving fix constants... :) Yes, the smartest way long term is to supply a 'buil in place' patch to clamav-milter.c that provides the output of the version of libmilter. Patching inplace is problematic, though, so I have shied away from it so far. Probably dumping output into a header file and including it in clamav-milter.c might work, but it would take some testing and so forth before I was confident it didn't break anything else. I'll close this bug and open a new one for nullmailer. Sorry for bothering you... No problem at all. Take care, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#330032: clamav: clamscan defers mail when unpacking ZIP file created with really old PKZIP
This one time, at band camp, Micha Lenk said: Hello Stephen, clamscan fails to scan with a ZIP file created with a really old PKZIP, which identifies itself as: PKZIP (R) FAST! Create/Update Utility Version 1.2 05-10-90 Copr. 1989-1990 PKWARE Inc. All Rights Reserved. PKZIP/h for help PKZIP Reg. U.S. Pat. and Tm. Off. The output of clamscan with a ZIP file generated by this PKZIP is: $ clamscan test.zip test.zip: Zip module failure 0, compressed: 376, normal: 504, method: 6, ratio: 1 (max: 250) LibClamAV debug: Zip: Incorrectly decompressed (0 != 504) It is no problem to unzip this file with the 'unzip' package, so this should considered as a clamav bug or perhaps a zlib bug. I attached the failing zip file for reference... This looks like a failure in zlib's inflate() routine. the miniunzip utility (in zlib-bin) also fails to unpack the zip file. Run under gdb, it becomes apparent that inflate is returning -3, which is apparently used to mean Z_DATA_ERROR. cc'ing the zlib maintainer on this. broonie, can you see what the problem is? -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#330032: reassign
This is apparently a bug (sort of, anyway) in zlib. Clamav uses zlib's inflate() function to unpack zip files, but zlib can't unpack this one. It is apparently zip'ped with method 8, or Implode. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#330032: clamav: clamscan defers mail when unpacking ZIP file created with really old PKZIP
This one time, at band camp, Mark Brown said: As we discussed on IRC zlib only supports the deflate compression method which means that it can't cope with anything else. I guess this version of PKZIP either predates deflate or only uses it sometimes. To reliably uncompress ZIP files I would suggest that ClamAV uses info-zip or something (for speed perhaps only doing that if zlib barfs on the file). As indicated in http://www.gzip.org/zlib/zlib_faq.html the zlib authors aren't terribly worried about supporting everything PKZIP does. If only info-zip provided a library interface :( Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#330299: scribus: Installation removes kdebase-bin and many other
This one time, at band camp, Marcel said: Package: scribus Severity: critical Justification: breaks unrelated software Installation of scribus will remove some important (KDE) packages with no obvious reson. It's therefore practically uninstallable. (I use the GNOME desktop environment) # apt-get install scribus [...] The following packages will be REMOVED: dbus-qt-1 flowerattack k3b k3blibs kcontrol kdebase-bin kdebase-kio-plugins kdelibs-bin kdelibs4 kdesktop kfind konqueror konsole krename krusader kuickshow libarts1 libkonq4 libmusicbrainz4 libqt3c102-mt libtag1 opera tuxsaver # cat /etc/apt/sources deb http://security.debian.org/ sarge/updates main contrib non-free deb http://ftp.de.debian.org/debian/ sarge main contrib non-free deb http://ftp.de.debian.org/debian/ sid main contrib non-free There's your poblem - you're pulling scribus from unstable on to a stable system. This will not work. Unstable is still undergoing quite a few concurrent library transitions, and packages from unstable will no longer install on stable. I suggest if you want the latest scribus, get the source package and rebuild it on stable. Take care, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#330717: kernel-image-2.6.8-2-686-smp: DAC960 generates no entropy
Package: kernel-image-2.6.8-2-686-smp Version: 2.6.8-16 Severity: normal Hello all, This bug may be related to #323176 and/or #286609 - it's difficult to tell exactly, since they don't mention their hardware arrangements. The problem is that on upgrade from a 2.4 kernel to a 2.6 kernel (both stock Debian packages), all of our machines that use the DAC960 module stop producing entropy. Looking at the source for the DAC, I see that there are no calls at all to produce entropy, although there are in the 2.4 kernel tree. The only patch I see that addresses this issue is unfortunately several years old, and is out of date, but should be the right idea: http://lwn.net/Articles/9514/ (search for DAC - there's quite a few other changes as well). Thanks, and if you need any more information, please let me know, -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686-smp Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages kernel-image-2.6.8-2-686-smp depends on: ii coreutils [fileutils] 5.2.1-2The GNU core utilities ii fileutils 5.2.1-2The GNU file management utilities ii initrd-tools 0.1.81.1 tools to create initrd image for p ii module-init-tools 3.2-pre1-2 tools for managing Linux kernel mo -- no debconf information -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.linuxforce.net | - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#325912: dvdbackup: mkisofs complains that VIDEO_TS/VIDEO_TS.IFO doesn't exist
Yes, of course this is the case. In the manpage, the only way mentioned to get a valid dvd file system is to use -F. All other switches extract the video only. They do not create the index files necessary to burn the resulting video files to a video dvd. Patches are, of course, welcome to add this functionality. I am not sure what you would like to do with this bug report. Since the manpage is rather clear the using -T only extracts the video files, I do not consider it a bug per se. If you would like to keep the report open as a feature request, hoping for this enhancement, that is very reasonable, although I can't promise much progress on that front. Upstream is apparently dead, and I just don't know enough about the internal structure of the index files to write it myself. Take care, -- Stephen Gran [EMAIL PROTECTED] http://lobefin.net/~steve/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#325908: dvdbackup: I'd find usefull I could choose an audio track
Hello, I am under the impression that you are misunderstanding the purpose of this piece of software. dvdbackup is intended to give you a bit for bit backup of all or part of a dvd. It is not intended for use as a general purpose remastering suite. Additionally, I am unsure what you mean by loss of video quality - do you have some tangible evidence of that? I think you mean the resultant backups are larger than you would like, since you can do without some of the audio tracks. If I am wrong, and the video does lose quality, that would be a bug, as dvdbackup's only purpose is 'backing up' the dvd, and loss of quality means it's not doing it's job. If you are looking for a decent remastering suite, I recommend Video::dvd-rip, which is not currently in Debian but is available in deb format (googling for video::dvd-rip should take you to it fairly quickly, I don't have a link off-hand now, sorry). Take care, -- Stephen Gran [EMAIL PROTECTED] http://lobefin.net/~steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#320036: bash exits 0 on errors reading stdin (and perhaps other scripts) (forwarded from Ian Jackson)
This one time, at band camp, Ian Jackson said: Matthias Klose writes (Re: Bug#320036: bash exits 0 on errors reading stdin (and perhaps other scripts) (forwarded from Ian Jackson)): Chet Ramey writes: No shell behaves as the submitter describes. Read errors are translated to EOF, and the shell exits. The exit value is $?, which is changed by the last command (pipeline) executed or by a signal. closing the report. With this interpretation it is impossible to write any reliable shell script. bash already invents a nonzero exit status if (for example) the script cannot be opened. It should do the same if the script cannot be read. I will be reopening this report while we discuss it. [EMAIL PROTECTED]:~$ bash 0; echo $? bash: 0: No such file or directory 127 [EMAIL PROTECTED]:~$ bash 0/dev/null; echo $? 0 The problem isn't in bash's setting of the exit status, the problem is your last command was the redirection, and it completed successfully. This is arguably incorrect, but it is not the same problem, I think. Take care, -- Stephen Gran [EMAIL PROTECTED] http://lobefin.net/~steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#318756: libclamav: [CAN-2005-2056] MSCAB crash
Package: libclamav1 Version: 0.86.1-1 Severity: important This is a tracking bug to make sure the fix for this makes it to etch. Currently it is held up by a rebuild of libgmp3. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686-smp Locale: LANG=en_US.ISO-8859-1, LC_CTYPE=en_US.ISO-8859-1 (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US.ISO-8859-1) Versions of packages libclamav1 depends on: ii libbz2-1.0 1.0.2-7 high-quality block-sorting file co ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libcurl3 7.13.2-2 Multi-protocol file transfer libra ii libgmp34.1.4-6 Multiprecision arithmetic library ii libidn11 0.5.13-1.0GNU libidn library, implementation ii libssl0.9.70.9.7e-3 SSL shared libraries ii zlib1g 1:1.2.2-4.sarge.1 compression library - runtime -- no debconf information -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#318755: clamav-milter: [CAN-2005-2070] Remote DoS
Package: clamav-milter Version: 0.86.1-1 Severity: important This a tracking bug to document the presence of this bug in etch only. Unfortunately, the fix for it is waiting on a rebuild of libgmp on m68k. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686-smp Locale: LANG=en_US.ISO-8859-1, LC_CTYPE=en_US.ISO-8859-1 (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US.ISO-8859-1) Versions of packages clamav-milter depends on: ii clamav-base0.86.1-1 base package for clamav, an anti-v ii clamav-freshclam [clam 0.86.1-1 downloads clamav virus databases f ii libbz2-1.0 1.0.2-7 high-quality block-sorting file co ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libclamav1 0.86.1-1 virus scanner library ii libcurl3 7.13.2-2 Multi-protocol file transfer libra ii libgmp34.1.4-6 Multiprecision arithmetic library ii libidn11 0.5.13-1.0GNU libidn library, implementation ii libmilter0 8.13.4-3 Sendmail Mail Filter API (Milter) ii libssl0.9.70.9.7e-3 SSL shared libraries ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii zlib1g 1:1.2.2-4.sarge.1 compression library - runtime -- no debconf information -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#317475: [m68k] ICE: Segmentation fault
Package: gcc-4.0 Version: 4.0.1-2 Followup-For: Bug #317475 Also see http://buildd.debian.org/fetch.php?pkg=gmpver=4.1.4-8arch=m68kstamp=1121077632file=logas=raw Thanks, -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11-1-686-smp Locale: LANG=C, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15) (ignored: LC_ALL set to en_US.ISO-8859-15) Versions of packages gcc-4.0 depends on: ii binutils2.16.1-2 The GNU assembler, linker and bina ii cpp-4.0 4.0.1-2 The GNU C preprocessor ii gcc-4.0-base4.0.1-2 The GNU Compiler Collection (base ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libgcc1 1:4.0.1-2GCC support library Versions of packages gcc-4.0 recommends: ii libc6-dev 2.3.2.ds1-22 GNU C Library: Development Librari pn libmudflap0-dev none (no description available) -- no debconf information -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#317475: [m68k] ICE: Segmentation fault
This one time, at band camp, Matthias Klose said: Stephen Gran writes: Package: gcc-4.0 Version: 4.0.1-2 Followup-For: Bug #317475 Also see http://buildd.debian.org/fetch.php?pkg=gmpver=4.1.4-8arch=m68kstamp=1121077632file=logas=raw Please extract the preprocessed source, and forward the bug report upstream. See http://lists.debian.org/debian-68k/2005/07/msg00033.html Not my package - I just noticed it, so I thought I would bring it to your attention. Including gmp maintainers in the M-F-T. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#318663: [i810_drv] uses kernel i915 module which screws console and results in wrong geometry for X.
This one time, at band camp, David MartÃnez Moreno said: There was an error in the bug report script included with 6.8.2.dfsg.1-2 and before. Could you please send /etc/X11/xorg.conf contents instead of XF86Config-4 to the bug address? They are identical. If you like, I will send it along, but diff produces no output between the two files, so I am not sure it's important to add another largeish attachment, when you have the same thing already. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#315671: webcalendar unauthorized access
Hello all, There is a security bug in webcalendar (#315671 and http://www.securityfocus.com/bid/14072, for reference). Tim is the maintainer, but does not yet have a debian account, and cannot upload. We have a fixed version for sarge ready (patch attached). I am happy to upload it for Tim, or you could based on the attached patch. Please let us know which way you want to handle this. Tim is copied on this mail, please keep both of us in the follow ups. There is as yet no CVE, but the bugtraq ID is 14072. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - diff -Nru old/webcalendar-0.9.45/assistant_edit.php new/webcalendar-0.9.45/assistant_edit.php --- old/webcalendar-0.9.45/assistant_edit.php 2004-11-29 05:18:17.0 -0500 +++ new/webcalendar-0.9.45/assistant_edit.php 2005-07-18 14:37:26.0 -0400 @@ -1,16 +1,24 @@ ?php include_once 'includes/init.php'; +if ( empty ( $login) || $login == __public__ ) { + // do not allow public access + do_redirect ( empty ( $STARTVIEW ) ? month.php : $STARTVIEW ); + exit; +} + if ($user != $login) $user = (($is_admin || $is_nonuser_admin) $user) ? $user : $login; if ( $groups_enabled == Y ) { $INC = array('js/assistant_edit.php'); +} else { + $INC = ''; } print_header($INC); ? -form action=assistant_edit_handler.php method=post name=editentryform +form action=assistant_edit_handler.php method=post name=assistanteditform ?php if ($user) echo input type=\hidden\ name=\user\ value=\$user\ /\n; if ( $is_nonuser_admin ) { diff -Nru old/webcalendar-0.9.45/debian/changelog new/webcalendar-0.9.45/debian/changelog --- old/webcalendar-0.9.45/debian/changelog 2005-07-18 14:36:10.0 -0400 +++ new/webcalendar-0.9.45/debian/changelog 2005-07-18 14:37:26.0 -0400 @@ -1,3 +1,10 @@ +webcalendar (0.9.45-6) unstable; urgency=high + + * Fixed a bug in assistant_edit.php that allows unauthorized access +(closes: #315671) + + -- Tim Peeler [EMAIL PROTECTED] Mon, 11 Jul 2005 17:56:02 -0400 + webcalendar (0.9.45-5) unstable; urgency=low * Fixed a bug in the postinst that doesn't set permissions of settings.php diff -Nru old/webcalendar-0.9.45/includes/js/assistant_edit.php new/webcalendar-0.9.45/includes/js/assistant_edit.php --- old/webcalendar-0.9.45/includes/js/assistant_edit.php 2004-07-27 15:03:10.0 -0400 +++ new/webcalendar-0.9.45/includes/js/assistant_edit.php 2005-07-18 14:37:26.0 -0400 @@ -3,18 +3,18 @@ function selectUsers () { // find id of user selection object var listid = 0; - for ( i = 0; i document.forms[0].elements.length; i++ ) { -if ( document.forms[0].elements[i].name == users[] ) + for ( i = 0; i document.assistanteditform.elements.length; i++ ) { +if ( document.assistanteditform.elements[i].name == users[] ) listid = i; } - url = usersel.php?form=editentryformlistid= + listid + users=; + url = usersel.php?form=assistanteditformlistid= + listid + users=; // add currently selected users - for ( i = 0, j = 0; i document.forms[0].elements[listid].length; i++ ) { -if ( document.forms[0].elements[listid].options[i].selected ) { + for ( i = 0, j = 0; i document.assistanteditform.elements[listid].length; i++ ) { +if ( document.assistanteditform.elements[listid].options[i].selected ) { if ( j != 0 ) url += ,; j++; - url += document.forms[0].elements[listid].options[i].value; + url += document.assistanteditform.elements[listid].options[i].value; } } //alert ( URL: + url ); signature.asc Description: Digital signature
Bug#315671: webcalendar: New upstream version with security fixes available
This one time, at band camp, Paul Slootman said: On Fri 24 Jun 2005, Herbert Thielen wrote: Package: webcalendar Version: 0.9.45-4 Severity: grave Tags: security Justification: user security hole According to http://freshmeat.net/projects/webcalendar there is a new version 1.0.0 available, which includes major security fixes of version 1.0RC3 (all users should upgrade). If I don't see any response from the maintainer within a couple of days, I will NMU version 1.0.0. I am working on the maintainer on this now. Give us a moment, but if things get busy, we may say go ahead. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#318988: hdparm wrong version in database
This one time, at band camp, Steven Homolya said: Package: hdparm hdparm has been the wrong version for over a year. I have reported this several times in installation reports (does anyone read those things?). It's still a problem even though sarge progressed onto stable status. One more time: # apt-get install hdparm [...] Err ftp://ftp.monash.edu.au sarge/main hdparm 6.1-2 Unable to fetch file, server said 'Failed to open file. ' Failed to fetch ftp://ftp.monash.edu.au/pub/linux/debian/pool/main/h/hdparm/hdparm_6.1-2_i386.deb Unable to fetch file, server said 'Failed to open file. ' E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing? It sounds like you're using a broken mirror. According to http://mirror.debian.org/status.html , it looks like they have a missing trace file (whatever that is) so there may be some problems with that mirror in general. If you look at the page above there will likely be another nearby mirror you can use instead. Just edit /etc/apt/sources.list, and replace every instance of ftp://ftp.monash.edu.au with the new mirror link. After trying a new mirror, can you let me know if hdparm is still missing? Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#315671: webcalendar unauthorized access
This one time, at band camp, Martin Schulze said: Stephen Gran wrote: Hello all, Thanks a lot for contacting us. There is a security bug in webcalendar (#315671 and http://www.securityfocus.com/bid/14072, for reference). Tim is the maintainer, but does not yet have a debian account, and cannot upload. We have a fixed version for sarge ready (patch attached). I am happy to upload it for Tim, or you could based on the attached patch. Please let us know which way you want to handle this. Tim is copied on this mail, please keep both of us in the follow ups. There is as yet no CVE, but the bugtraq ID is 14072. I have requested an id. Great, thanks. While we're at it, have you checked this vulnerability as well? http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0474 I had not seen it before. We will get you a patch for this as well. I'll take care of sarge. Excellent news. So we'll try to get you a patch for CAN-2005-0474 later today if possible, and you'll handle the upload fixing both - does that work for you? I guess I'll file a bug about CAN-2005-0474, so it's easier to track it getting into both sid and etch. Thanks again, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#315671: webcalendar unauthorized access
This one time, at band camp, Martin Schulze said: While we're at it, have you checked this vulnerability as well? http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0474 My mistake. It appears that this is #295960 and #296280 and was fixed in 0.9.45-3, so it made it to sarge. So the only issue to fix is the one we already sent a patch for, and you don't need to wait on anything from us at this point, am I correct? Thanks, and we'll get something into sid shortly. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#319055: AllowSupplementaryGroups in clamd.conf
This one time, at band camp, Gary Verchick said: My apologies. I had incorrect information supplied to me by a third party. After testing this for myself, the following statement is *not* true. Sorry for wasting your time. AllowSupplementaryGroups is not included in clamd.conf. Having this included would make life easier on those that wish to use supplementary groups. In general, it would make life easier if the whole package was more consistent with stable/testing/unstable. I did notice that logrotate is not used for clamav.log any more, but obviously that is not an issue. I'm having a bad day, I installed clamav, but not clamav-daemon. Just shoot me. This statement is not correct either. It appears to be consistent with stable/testing/unstable. So, should we close this, then? I'm glad it worked out for you. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#318663: [i810_drv] uses kernel i915 module which screws console and results in wrong geometry for X.
This one time, at band camp, David MartÃnez Moreno said: El Lunes, 18 de Julio de 2005 17:47, Stephen Gran escribió: This one time, at band camp, David MartÃnez Moreno said: There was an error in the bug report script included with 6.8.2.dfsg.1-2 and before. Could you please send /etc/X11/xorg.conf contents instead of XF86Config-4 to the bug address? They are identical. If you like, I will send it along, but diff produces no output between the two files, so I am not sure it's important to add another largeish attachment, when you have the same thing already. Oh, no, it is enough to know that they are the same. Well, hrmph. This is looking more like a vgahw bug after all. After tonight's upgrade to -3, X can use the kernel i915 module and still get correct resolution (and DRI is working again, although glxgears is slower than I remember it being). However, the console is still absolutely blank. Sorry for duplicating bugs and effort for you all, and thanks for the good work. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#318663: [i810_drv] uses kernel i915 module which screws console and results in wrong geometry for X.
severity 318663 grave merge 318663 318218 thanks This one time, at band camp, David MartÃnez Moreno said: El Miércoles, 20 de Julio de 2005 00:28, Stephen Gran escribió: [...] Well, hrmph. This is looking more like a vgahw bug after all. After tonight's upgrade to -3, X can use the kernel i915 module and still get correct resolution (and DRI is working again, although glxgears is slower than I remember it being). However, the console is still absolutely blank. Sorry for duplicating bugs and effort for you all, and thanks for the good work. ;-) Do not worry! It is our 'work'. Have you used the workaround that I send to everyone having problems with blank console? Replace libvgahw.a with the one in http://people.debian.org/~ender/ in order to try to fix your console. See #318218 for further information. Yes, that gives me back my VT's, although now glxgears only gets ~32 fps (down from ~850 fps with the distributed one). Phooey. Well, I'd rather have VT's than GL speed, so thank you for the fix. Merging this with the others, since they seem to be roughly related. Take care, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#318663: [i810_drv] uses kernel i915 module which screws console and results in wrong geometry for X.
This one time, at band camp, Stephen Gran said: Yes, that gives me back my VT's, although now glxgears only gets ~32 fps (down from ~850 fps with the distributed one). Phooey. Well, I'd rather have VT's than GL speed, so thank you for the fix. Disregard even this. I apparently have decided to try udev here, and it was apparently the cause of the slowness. I see that it created a device node (dri/card0) several seconds _after_ X started. Restarting X once the device node was there returns everything to normal. So from my point of view, everything but udev is working as it should. Thanks again, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#319631: dvdbackup creates vob files 1GB when invoked with -t option
This one time, at band camp, Dominique Dumont said: Hello Hello. I've used dvdbackup to copy a single titles from a home made dvd. The command used was: dvdbackup -i /dev/hdc -t 2 -o crolles/ As a result, here's the content of the VIDEO_TS dir: [EMAIL PROTECTED]:/mnt/video/temp/crolles/CROLLES_2005$ ll -h VIDEO_TS/ total 1.9G -rw-r--r-- 1 domi domi0 2005-07-23 17:21 VTS_01_1.VOB -rw-r--r-- 1 domi domi 1.9G 2005-07-23 17:26 VTS_01_2.VOB You'll notice that the size of VTS_01_2.VOB is 1.9 GB which might cause problem to DVD players. Could you provide an option to be able to split the VOB files ? What is the output of mount /dvd/ ls -lRh /dvd/ ? I can't imagine why dvdbackup would be making an oversized vob unless it exists on disk. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#319631: dvdbackup creates vob files 1GB when invoked with -t option
This one time, at band camp, Dominique Dumont said: Stephen Gran [EMAIL PROTECTED] writes: In fact, this problem occurs only with -t option. When backing up a whole title set (with -T ), the vob file size are correct. Thanks, that helps. What is the output of dvdbackup -I? I want to see what dvdbackup thinks is going on, and then I can see where the prolem is. Thanks again, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#319703: problem with /etc/default/hdparm
This one time, at band camp, Jorgen Tegner said: adding some parameters to /etc/default/hdparm caused an error when running: mail:/# /etc/init.d/hdparm restart Setting parameters of disc: /dev/hda/etc/init.d/hdparm: line 148: egrep: command not found what is the output of dpkg -S `which grep` Thanks for reporting, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#319631: dvdbackup creates vob files 1GB when invoked with -t option
This one time, at band camp, Dominique Dumont said: I've used dvdbackup to copy a single titles from a home made dvd. The command used was: dvdbackup -i /dev/hdc -t 2 -o crolles/ Does it still have this behavior if you do dvdbackup -i /dev/hdc -T 1 -t 2 -o crolles/ ? I am curious because it looks as if specifying the title set changes the behavior, from a quick read of things. If this works correctly, then I'll fix up the documentation to make that clear. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#319762: gpg-mailkeys: please use sendmail -ti instead of -t
Package: signing-party Version: 0.4.0-1 Severity: normal Tags: patch Using only -t, the sendmail binary terminates the incoming message at a trailing dot, so a ~/.signature like: My name is steve . (the actual signature that caused this is some rather ugly perl that has a trailing dot, but you get the idea) Will cause the key attachments to be silently dropped. Since -ti is supported by all of the major MTA's (AFAICT), it seems harmless to use it, and will prevent unexpected behavior. Thanks, and simple patch attached. --- /usr/bin/gpg-mailkeys 2005-03-05 08:37:02.0 -0500 +++ gpg-mailkeys2005-07-24 11:59:47.188495339 -0400 @@ -86,7 +86,7 @@ --$BOUNDARY-- EOM echo -n sending - /usr/sbin/sendmail -t $TEMPFILE + /usr/sbin/sendmail -ti $TEMPFILE rm $TEMPFILE echo done. shift 1 -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11-1-686-smp Locale: LANG=C, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15) (ignored: LC_ALL set to en_US.ISO-8859-15) Versions of packages signing-party depends on: ii gnupg1.4.1-1 GNU privacy guard - a free PGP rep ii libgnupg-interfa 0.33-5 Perl interface to GnuPG ii libmailtools-per 1.62-1 Manipulate email in perl programs ii libmime-perl 5.417-1 Perl5 modules for MIME-compliant m ii libpaper-utils 1.1.14-3Library for handling paper charact ii mailx1:8.1.2-0.20050715cvs-1 A simple mail user agent ii perl 5.8.7-4 Larry Wall's Practical Extraction Versions of packages signing-party recommends: ii exim4-daemon-light [mail-tran 4.52-1 lightweight exim MTA (v4) daemon ii libintl-perl 1.11-1 Uniforum message translations syst ii libtext-iconv-perl1.4-1 converts between character sets in ii recode3.6-11 Character set conversion utility -- no debconf information -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#319865: Bringing down one of the two Internet facing interfaces stops clamav-freshclam
This one time, at band camp, Daniel Pittman said: When I bring down the wlan0 interface on my machine, freshclam is stopped. This happens even if I had a working connection on eth0, which was up the whole time. This isn't nice, because it can result in database updates stopping unexpectedly for people if they have more than one way to reach the Internet... What are the contents of /var/lib/clamav/interface? If you have both interfaces listed there, then I am afraid both will affect freshclam for now. I will try to find a way to make it not down freshclam if one of the interfaces is up, but as always, patches are welcome :) Take care, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#319898: clamav-daemon: multiple vulnerabilities in libclamav = 0.86.1
This one time, at band camp, Cyril Chaboisseau said: Package: clamav-daemon Version: 0.86.1-2 Severity: important according to Secunia¹ and clamav's web site², there are multiple vulnerabilities that should be addressed by upgrading to 0.86.2 ¹ http://secunia.com/advisories/16180/ ² http://sourceforge.net/project/shownotes.php?release_id=344514 no CAN report yet I am aware - however, last I heard, ftp-master is still off line, so I can't upload. Thanks for the report, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#319928: No man hdparm.conf(5) man page
This one time, at band camp, Hans Ulrich Niedermann said: The hdparm package ships /etc/hdparm.conf, but no corresponding hdparm.conf(5) man page. Have you looked at the conf file? :) No, seriously, you are right, this should be addressed, and I will get to it as soon as I have a few moments. Thanks for reporting, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#319703: problem with /etc/default/hdparm
This one time, at band camp, Jörgen Tegnér said: sön 2005-07-24 klockan 10:10 -0400 skrev Stephen Gran: This one time, at band camp, Jorgen Tegner said: adding some parameters to /etc/default/hdparm caused an error when running: mail:/# /etc/init.d/hdparm restart Setting parameters of disc: /dev/hda/etc/init.d/hdparm: line 148: egrep: command not found what is the output of dpkg -S `which grep` Thanks for reporting, mail:/var/spool# dpkg -S $(which grep) grep: /bin/grep mail:/var/spool# grep -V grep (GNU grep) 2.5.1 mail:/var/spool# dpkg -S $(which egrep) grep: /bin/egrep mail:/var/spool# egrep -V egrep (GNU grep) 2.5.1 Well, I have no idea what the problem is then. Can you send me the output of sh -x /etc/init.d/hdparm restart to make sure it really is blowing up there? That's all I can think of right now. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#317853: clamav: source package gmp has been split
This one time, at band camp, Ray Kohler said: Details of the dependency change: libgmp3 has been split into libgmp3c2 (C API) and libgmpxx3 (C++ portion). Dependencies need to point to the appropriate one (or both, if really needed). This is handled automagically for me by the dh_shlibdeps call in debian/rules. I have checked, and it does the right thing. When uploads are possible again, this will be fixed. thanks for reporting, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#319898: Could you make packages available?
This one time, at band camp, Nikita V. Youshchenko said: While ftp-master is down, could you please make fixed packages available somewhere? people.debian.org/~sgran No packages for sid, but the sarge ones should install (except for libgmp3, hmmm). Or you can grab the source and rebuild. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#320301: clamav-milter: Fails to start with --timeout must not be given if --external is not given after upgrade
tags 320301 fixed-upstream thanks This one time, at band camp, Bjørn Mork said: Upgrading without any configuration changes resulted in Setting up clamav-milter (0.86.2-0volatile1) ... Starting Sendmail milter plugin for ClamAV: /usr/sbin/clamav-milter: --timeout must not be given if --external is not given invoke-rc.d: initscript clamav-milter, action start failed. Yes, this is upstream breakage already fixed in CVS. The fixed version should be out soon. Thanks for reporting, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#320412: clamav-freshclam: Install changes conf file permissions incompatible with HTTPProxyPassword option
This one time, at band camp, Sven Riedel said: clamav-freshclam-0.86.2-1_i386.deb changes /etc/clamav/freshclam.conf's permissions to 0744 during installation. freshclam will refuse to start unless the configuration files permissions are 0700 if the HTTPProxyPassword option is used in the configuration file. To reproduce: # chmod 0700 /etc/clamav/freshclam.conf # dpkg --force-confdef --force-confold -i \ clamav-freshclam-0.86.2-1_i386.deb dpkg does nothandle any of the conffiles in the clamav suite. These options should have no effect. # ls -l /etc/clamav/freshclam.conf This is unreproducable here. I manually added a username and password, and then did it via debconf. Both times, if there was a password present, the postinst chmod'ed the file to 0600. If there was no password, the postinst chmod'ed it 0644. Can I get the (munged) contents of your file? I would also appreciate it if you could edit /var/lib/dpkg/info/clamav-freshclam.config and /var/lib/dpkg/info/clamav-freshclam.postinst, and add set -x as the second line in the file (immediately below #!/bin/sh, in other words) and then send me the output of `dpkg-reconfigure clamav-freshclam` There will be a fair amount of output, so you may want to use script or something to capture all of it. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#316462: CAN-2005-1923 fixed in 0.86.1-1?
This one time, at band camp, Micah Anderson said: I noticed that you used the new BTS versioning to tag 316462 (which is about CAN-2005-1923) as fixed in 0.86.1-1, however in the changelog for that version I do not see CAN-2005-1923 mentioned: Closes: 315396 315410 Changes: clamav (0.86.1-1) unstable; urgency=low . * New upstream version * New translations - da (thanks Mohammed Adnene Trojette) (closes: #315396) - fr (thanks Claus Hindsgaul [EMAIL PROTECTED])(closes: #315410) 0.86.1 was uploaded before the CAN numbers were released, or indeed even made public. I'm puzzled because I see this in this bug log: Sorry, this bug _is_ fixed in sid. It is also fixed in volatile, and a patch is on it's way to the security team. That just leaves 316401. but again, I don't see the bug closed in any changelog, or the CAN mentioned in any changelog (except in sarge, 0.84-2.sarge.1 mentions it as fixed). Yes, we were trying to track the various versions of clam that are vulnerable in order to make sure they all got fixed. It wasn't clear to me (due to the way disclosures happened, and a not particularly helpful upstream changleog) that all known issues were actually corrected in 0.86.1. It turned out that those issues were. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#324723: hdparm: Move /etc/hdparm.conf under /etc/package/
This one time, at band camp, Jari Aalto said: The /etc hierarchy is quite polluted with various configuration files. It would be better if packages kept configuration files under their own directories (easier for backups etc.). Please move /etc/hdparm.conf = /etc/package/config or /etc/package/hdparm.conf PLease see http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files , section 10.7.2. Since hparm uses a single configuration file, it appears to me that it is not required by policy, and it is also needless pain to move it. If I ever do use more than one file, I will certainly go through the pain of migrating on that day. Now, what to do with the bug report? It appears to me that policy says to put files in /etc, and make a subdirectory if there are many. Since the second part does not apply, I am inclined to say I'm following policy pretty much exactly, and just close the report. However, I will wait to hear from you. Take care, and thanks for reporting, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#324815: clamav-base: package requires md5sum for install, but do not depend on it
This one time, at band camp, DEMAINE Benoit-Pierre said: mercure:~# apt-get -f install Reading package lists... Done Building dependency tree... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 4 not fully installed or removed. Need to get 0B of archives. After unpacking 0B of additional disk space will be used. Setting up clamav-base (0.86.2-5) ... /var/lib/dpkg/info/clamav-base.postinst: line 58: md5sum: command not found dpkg: error processing clamav-base (--configure): subprocess post-installation script returned error exit status 127 dpkg: dependency problems prevent configuration of clamav-freshclam: clamav-freshclam depends on clamav-base (= 0.86.2-5); however: Package clamav-base is not configured yet. in which package can I find md5sum ? A short moment ago, it was in dpkg. It looks like they have dropped it now, though. I will investigate and get back to you. It has always been in a base package (coreutils or textutils, and then dpkg as well) so I never had to explicitly depend on it. If it has moved to a non base package, I will add a dependency. Thanks for reporting, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#324815: clamav-base: package requires md5sum for install, but do not depend on it
This one time, at band camp, Stephen Gran said: This one time, at band camp, DEMAINE Benoit-Pierre said: mercure:~# apt-get -f install Reading package lists... Done Building dependency tree... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 4 not fully installed or removed. Need to get 0B of archives. After unpacking 0B of additional disk space will be used. Setting up clamav-base (0.86.2-5) ... /var/lib/dpkg/info/clamav-base.postinst: line 58: md5sum: command not found dpkg: error processing clamav-base (--configure): subprocess post-installation script returned error exit status 127 dpkg: dependency problems prevent configuration of clamav-freshclam: clamav-freshclam depends on clamav-base (= 0.86.2-5); however: Package clamav-base is not configured yet. in which package can I find md5sum ? A short moment ago, it was in dpkg. It looks like they have dropped it now, though. I will investigate and get back to you. It has always been in a base package (coreutils or textutils, and then dpkg as well) so I never had to explicitly depend on it. If it has moved to a non base package, I will add a dependency. Ah, I see it is now in the package coreutils, without which your system would be so hideously broken that you probably couldn;t have sent an email, so I have to assume it's installed. Try: dpkg -L coreutils | grep md5 It may just not have diverted properly. If that is the case, we can reassign this to coreutils. Take care, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#325237: hdparm.8.gz: -M: levels between 0 and 127 unexplained
This one time, at band camp, Dan Jacobson said: We see -M Get/set Automatic Acoustic Management (AAM) setting. Most modern harddisk drives have the ability to speed down the head move- ments to reduce their noise output. The possible values are between 0 and 254. 128 is the most quiet (and therefore slowest) setting and 254 the fastest (and loudest). Some drives have only two levels (quiet / fast), while others may have different lev- els between 128 and 254. Well that leaves between 0 and 127 unexplained. And if 128 is the most quiet, then one even wonders more about 0 to 127. If you said The possible values are between 128 and 254. 128 is the most quiet (and therefore slowest) Then the page would make sense. But I'm not sure what the reality is. All I know is the paragraph reads weird. I see that this is the same as #230331. I guess the patch got dropped at some point. I will resurrect it and send it upstream, but probably not for several weeks. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#325285: stable is still vulnerable
This is just a note to check that stable is still vulnerable to the exploits fixed in -2. I have added a found tag to this bug for sarge's version - if that is wrong, pleae remove it and chastise me appropriately :) Take care, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#325785: Is this in stable as well?
Hello Fabio, Is this bug also presentin the version in stable? I assume so, but have not had time to check yet. If so, is an upload pending? Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#325785: Is this in stable as well?
This one time, at band camp, Fabio Tranchitella said: Il giorno lun, 12/09/2005 alle 09.12 +0100, Stephen Gran ha scritto: Hello Fabio, Is this bug also presentin the version in stable? I assume so, but have not had time to check yet. If so, is an upload pending? Hi Stephen, the bug was present in stable, too, has been fixed with 0.9.5-3sarge2 (see http://packages.qa.debian.org/p/phpldapadmin/news/3.html) on 28th of August. That's #322423, while this is #325785. I see that #322423 is fixed in stable. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#327947: kcdlabel: uninstallable; needs rebuild for the Qt/KDE transition
This one time, at band camp, Adeodato Simó said: Hello, This is a grave bug filed against your package because it depends on libqt3c102-mt, which no longer exists, thus rendering yor package uninstallable in unstable. As part of the C++ ABI transition, this library has moved to the libqt3-mt package. Simply recompiling and uploading your package should be enough to fix this; as per this mail [1], you need not bump your Qt, kdelibs or aRts build-dependencies. Beware, though, that that may not be the case for all the involved librares. Also, make sure that you build the package in an up to date and clean sid environment, so that final dependencies are correct. Please do this as soon as possible in order to accelerate the Qt/KDE transition to testing. [1] http://lists.debian.org/debian-devel-announce/2005/09/msg0.html Perhaps you find that your package fails to compile with gcc4. If that's the case, there's probably a bug about it in the BTS, and it may include a patch. If not (or if you have doubts about the correctness of the patch), you may be able to find a fix in upstream's CVS, or in the Ubuntu distribution. If your package fails only in arm, m68k, and hppa, see instructions in the above mail. Finally, if there's a strong reason for which your package should not be NMUed, please note so in this bug report. Prospective NMUers will read your reasoning, and will decide if it's strong enough to delay their upload. Thanks for your cooperation, and happy hacking! P.S.: There may be an already reported bug against this package for this very same reason. I've checked for that, and will be merging the bugs soon. The reason for still filing this bug was to have the opportunity of including the small bits of information above. I apologize for the inconvenience. I have been meaning to file a bug for the removal of this package, but haven't goten around to it. It is dead upstream, and it's functionality is duplicated by other programs in the archive. On top of that, the general code quality is something less than I would like (which is why I didn't want it releasing with stable). Thanks for the prodding - I will request a removal now. Please do not NMU this package, obviously, but I wanted to be clear :) -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322396: is the problem solved?
This one time, at band camp, Atsuhito Kohda said: Hi all, I recently noticed that clamd generated zombi's continuously on my alpha machine and browsing through bts i found this bug. But, unfortunately, the patch here didn't solve my problem. I also applied the patch in #289187 (yes, it caused unaligned trap also) but didn't solve the problem neither. I'm not sure that my problem is the same with #322396 but ps ax showed me 8444 ?Ss 0:00 /usr/sbin/clamd 8446 ?S 0:00 /usr/sbin/clamd 8447 ?Z 0:00 [clamd] defunct 8481 ?Z 0:00 [clamd] defunct 8509 ?Z 0:00 [clamd] defunct 8534 ?Z 0:00 [clamd] defunct 9440 ?Z 0:00 [clamd] defunct 9469 ?Z 0:00 [clamd] defunct 9481 ?Z 0:00 [clamd] defunct 9504 ?Z 0:00 [clamd] defunct 9515 ?Z 0:00 [clamd] defunct 9546 ?Z 0:00 [clamd] defunct 9561 ?Z 0:00 [clamd] defunct 9597 ?Z 0:00 [clamd] defunct 9628 ?Z 0:00 [clamd] defunct 9641 ?Z 0:00 [clamd] defunct 9656 ?Z 0:00 [clamd] defunct 9693 ?Z 0:00 [clamd] defunct 9708 ?Z 0:00 [clamd] defunct I tried clamav-daemon in stable, testing and sid but all failed. But i believe clamd itself works. Also on another Alpha (stable) machine clamd works without any problem. Is there any clue? Do you see anything interesting in syslog? This looks like a problem with the parent cleaning up after the child threads, which implies (at first blush, anyway) some sort of pthread problem. Can you strace the parent and get an idea of what the problem is? -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#329022: expoidable obsolete sofware on security?
This one time, at band camp, Rainer Zocholl said: Hello it happend that i can't update clamav on a box. That was caused by the line # cat apt.conf Apt::Default-Release stable; aptitude remove clamav clamv-base , aptitude clean aptitude install shows: Get:1 http://security.debian.org stable/updates/main libclamav1 0.84-2.sarge.2 [252kB] Get:2 http://security.debian.org stable/updates/main clamav-base 0.84-2.sarge.2 [154kB] Get:3 http://security.debian.org stable/updates/main clamav-freshclam 0.84-2.sarge.2 [2171kB] Why is such an old and broken version still on *security* ? Current version is 0.87(!) and all version below 0.86 are remote exploidable. Debian backports security fixes, rather than upgrading to new versions with new bugs. All of the remote bugs have been fixed (except a few that are only just fixed in 0.87) in 0.84-2sarge.2. If you want to use a newer version of the software, please have a look at http://volatile.debian.net Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#325512: clamav-freshclam: Failed stop for init-script
This one time, at band camp, Alexander Mader said: Hello, first of all: Thank you very much for maintaining clamav(-freshclam) for debian! For a while, clamav-freshclam is failing with /etc/init.d/clamav-freshclam stop. I tried sending signals different from TERM, succeded with QUIT, and changed the init-script accordingly; please, see diff below. Can you try 0.87-1 and let me know if you are still having this problem? I have revamped the init scripts to use lsb functions since then, and it may have better kill handling. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#328660: Urgency low..
This one time, at band camp, Johan Thelmén said: Changes: clamav (0.87-1) unstable; urgency=low * New upstream version - Fixes CAN-2005-2920 and CAN-2005-2919 (closes: #328660) I can not find any policy about it but I think it should be urgency high or atleast medium. This for building faster (if used) and faster moving in to testing. Two weeks for a remote security fix is not that good when the fix is known. Please think about it next time. Dammit. You are absolutely correct. I missed that before upload - entirely my fault. I'll contact the release tema and see if they can bump the priority. Thanks for noticing, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#329285: please add MAILTO=root to crontab
This one time, at band camp, dean gaudet said: please add a MAILTO=root at the top of /etc/cron.d/clamav-freshclam so that any output from freshclam failures goes to root rather than to the clamav user... Do you not have clamav: root in /etc/aliases? The package is supposed to set that up for you. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#329280: ClamAV Vulnerabilities
severity 329280 serious tags 329280 +security close 329280 0.87-1 merge 329280 328660 thanks This one time, at band camp, Hruod said: Clam AV has been identified to have several remote vulnerability issues. See: http://news.com.com/Bugs+found+in+open-source+antivirus+tool/2110-1002_3-5873640.html?part=rsstag=5873640subj=news Yes, it has been reported already, and fixed in unstable and volatile for a little while already. Debian security team has patches for stable as well as a draft of the announcement from me. I can do nothing more with this bug, although I will try to use the tagging bits of the BTS to note what version it has been fixed in. Thanks for the report, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#328595: IDE error when running 'hdparm -I /dev/cdrom'
Mark, What's your opinion about this? I can in fact reproduce it, and I basically understand why it's happening, but what to do? It seems to me that during the hdparm query, the kernel notices a seek error (I'm guessing - haven't looked up what 0xec is) and reports the seek error. hdparm is correct for doing the tests, and the kernel isn't wrong for reporting it, I don't think, but getting scary messages in syslog every time you look at drive parameters isn't right either. Hmm. -- -- | Stephen Gran | You can't push on a string. | | [EMAIL PROTECTED] | | | http://www.lobefin.net/~steve | | -- ---BeginMessage--- Package: hdparm Version: 6.1-5 Severity: normal When I run 'hdparm -I /dev/cdrom', the following appears in the system log: Sep 16 11:56:57 localhost kernel: hdc: drive_cmd: status=0x51 { DriveReady SeekComplete Error } Sep 16 11:56:57 localhost kernel: hdc: drive_cmd: error=0x04 { AbortedCommand } Sep 16 11:56:57 localhost kernel: ide: failed opcode was: 0xec The output seems correct though: /dev/cdrom: ATAPI CD-ROM, with removable media Model Number: _NEC DVD+/-RW ND-6500A Serial Number: Firmware Revision: 2.58 Standards: Likely used CD-ROM ATAPI-1 Configuration: DRQ response: 3ms. Packet size: 12 bytes Capabilities: LBA, IORDY(cannot be disabled) DMA: mdma0 mdma1 mdma2 udma0 udma1 *udma2 Cycle time: min=120ns recommended=120ns PIO: pio0 pio1 pio2 pio3 pio4 Cycle time: no flow control=120ns IORDY flow control=120ns I am using original Linux Kernel 2.6.13.1, patched with ACPI 20050902, but the problem appeared also with Debian kernel pakage 2.6.12 -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (800, 'testing'), (500, 'proposed-updates'), (400, 'unstable'), (200, 'stable'), (1, 'sarge-unsupported') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13.1-amd64 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages hdparm depends on: ii libc6 2.3.5-6GNU C Library: Shared libraries an ii lsb-base 3.0-5 Linux Standard Base 3.0 init scrip hdparm recommends no packages. -- no debconf information ---End Message--- signature.asc Description: Digital signature
Bug#329022: expoidable obsolete sofware on security?
This one time, at band camp, Rainer Zocholl said: [EMAIL PROTECTED](Stephen Gran) 19.09.05 08:58 Debian backports security fixes, rather than upgrading to new versions with new bugs. Jepp. All of the remote bugs have been fixed in 0.84-2sarge.2. How can i check/validate that debians security 0.84 is as secure as volatile 0.86/0.87? (except a few that are only just fixed in 0.87) Em,.. jepp. If you want to use a newer version of the software, please have a look at http://volatile.debian.net I know that. Thanks. But a way to determine what flaws are fixed would be nice. http://packages.qa.debian.org/c/clamav.html has links to all the changelogs. Sadly, it's not quite as clear as it could be, but security.debian.org does provide cross-references between CAN numbers and DSA's that address those CAN's as well. This one time, at band camp, Rainer Zocholl said: [EMAIL PROTECTED](Debian Bug Tracking System) 20.09.05 15:48 Well, it seems like this was a misunderstanding about Debian's security handling. Yes, it does not become clear for the user that debian 0.84 is equivalent to 0.86 in security. Since I have heard nothing back from the submitter, I'm closing this. Please have a look on time zone... ;-) 1 day is not much. It's just one turn of the earth... Sorry if it felt premature. I didn't realize (or more probably, misparsed) your original intent. When I got the bug report, it looked to me as though you thought that the version in debian/stable contained all the security flaws that upstream 0.84 contained. This is not the case, obviously. There are 2 outstanding CAN's fixed in unstable and volatile already, but not yet in stable) I suggest readig the docs linked off of security.debian.org - it will make the security practices a bit more clear to you. Take care, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322396: clamav-daemon: clamd chokes
This one time, at band camp, Clint Adams said: Package: clamav-daemon Version: 0.86.2-1 Since upgrading from 0.85.1-2, clamd has begun to choke; I discover a defunct clamd process and a backed-up mail queue. What information would be helpful? Log output, for a start. Then I would suggest running clamd for a while the various debugging options (LogClean LogVerbose, etc) turned on, to see if you can capture anyhting useful. finally of course, running an unstripped copy under gdb if nothing else works. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322396: clamav-daemon: clamd chokes
This one time, at band camp, Clint Adams said: Log output, for a start. Then I would suggest running clamd for a while the various debugging options (LogClean LogVerbose, etc) turned on, to see if you can capture anyhting useful. finally of course, running an unstripped copy under gdb if nothing else works. LogVerbose and LogClean on; it choked at the end of this. Wed Aug 10 11:43:39 2005 - OLE2 support enabled. Wed Aug 10 11:43:39 2005 - HTML support enabled. Wed Aug 10 11:43:39 2005 - Self checking every 3600 seconds. Wed Aug 10 11:44:11 2005 - /var/spool/clamav-filter/clfi.UlhnPW: OK Wed Aug 10 11:44:12 2005 - /var/spool/clamav-filter/clfi.K1z3tb: OK Wed Aug 10 11:44:12 2005 - /var/spool/clamav-filter/clfi.nZIQzx: OK Wed Aug 10 11:44:12 2005 - /var/spool/clamav-filter/clfi.g5AP15: OK Wed Aug 10 11:44:13 2005 - /var/spool/clamav-filter/clfi.24nzly: OK Wed Aug 10 11:44:14 2005 - /var/spool/clamav-filter/clfi.mYuxGj: OK Wed Aug 10 11:44:14 2005 - /var/spool/clamav-filter/clfi.ie2UVU: OK OK, so the standard log options are not much help, I see :( some background information would be helpful: I see you're running it on a sparc of some sort, can you supply information about the environment clam is running in (RAM/CPU, etc)? Can I see the config file for clamd? How are you calling clamd? I see all the files are in /var/spool/clamav-filter - this suggests an app I am unfamiliar with placing files there and then calling clamd. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322396: clamav-daemon: clamd chokes
This one time, at band camp, Clint Adams said: some background information would be helpful: I see you're running it on a sparc of some sort, can you supply information about the environment clam is running in (RAM/CPU, etc)? 1G RAM, single UltraSparc IIi Shouldn't be a resources issue, then. #!/bin/sh INSPECT_DIR=/var/spool/clamav-filter SENDMAIL=/usr/lib/sendmail -i CLAMSCAN=/usr/bin/clamdscan Change this to /usr/bin/clamscan --debug Your load will go up for a while, but we'll get a chance to see what th eproblem is. then send me the last several logs after a crash/lockup. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322396: clamav-daemon: clamd chokes
This one time, at band camp, Clint Adams said: Change this to /usr/bin/clamscan --debug Your load will go up for a while, but we'll get a chance to see what th eproblem is. then send me the last several logs after a crash/lockup. Is clamscan supposed to choke and hang then? clamdscan is just a client that passes all requests to clamd for the actual scanning. clamscan and clamd both use the same library for scanning, so the chances are good that whatever will blow up clamd will also blow up clamscan. The difference is that clamscan is a single instance, rather than a running daemon - this means more startup overhead but also a single stupified process won't halt mail processing. So, we're using it on the assumption that something will come along and kill it, yes. But it will be slightly different, and will need a more watchful eye to see which one is dead, as most mail will continue normally. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#317952: clamav: clamscan should descend into xpi files
This one time, at band camp, Florian Weimer said: * Stephen Gran: This one time, at band camp, Florian Weimer said: xpi files are ZIP archives and can contain malicious code. It makes sense to scan them, IMHO. Can you try with 0.86.2? It looks like it does here. This seems to be the case indeed, although it's not documented in the clamscan manual page. Since they are zip files, it scans them in the same way it does other zip files. It figures out the file type in the same way that file(1) does, not by extension, so naming conventions don't matter. Take care, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#317952: clamav: clamscan should descend into xpi files
This one time, at band camp, Florian Weimer said: xpi files are ZIP archives and can contain malicious code. It makes sense to scan them, IMHO. Can you try with 0.86.2? It looks like it does here. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#319703: problem with /etc/default/hdparm
This one time, at band camp, Stephen Gran said: If that blows up, the problem is in egrep. I would suggest not running hdparm any more on this drive, as it's about to go. Let me know if the egrep test also fails, and I'll consider this bug as closed. If egrep itself runs, I am still leaning towards hard disk failure, but am willing to keep it open for now. Just a ping - any more information? Was I correct that it was the drive that was failing? Do you want to keep this open, or can we close it? Take care, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322564: clamav-daemon: The clamav daemon fails to start
This one time, at band camp, Rick Friedman said: Upon attempting to start the clamav daemon, an error occurs which causes the start to fail. Following is the error message that is displayed when /etc/init.d/clamav-daemon is run with the start parameter: Starting ClamAV daemon: clamd /sbin/start-stop-daemon: stat --oknodo: no such file or directory (No such file or directory) failed! Well, I see exactly what _must_ be happening, but it makes no sense to me, and it works fine here. Do me a favor, add set -x as the second line in the init script (right below #!/bin/sh) and rerun the script, and send me the output. It's likely to be rather long, so you may want to use script or something to capture the output. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322578: libclamav1 can't be installed
This one time, at band camp, Rainer Zocholl said: Package: libclamav1 Version: 0.86.2-3 Priority: optional Section: libs Maintainer: Stephen Gran [EMAIL PROTECTED] Uncompressed Size: 483k Depends: libbz2-1.0, libc6 (= 2.3.5-1), libcurl3 (= 7.13.1-1), libgmp3c2 | libgmp3, libidn11 (= 0.5.18), libssl0.9.7, zlib1g (= 1:1.2.1) Conflicts: libclamav Provides: libclamav current upgrade fails: msi:~# aptitude install libclamav1 Reading Package Lists... Done Building Dependency Tree Reading extended state information Initializing package states... Done E: Unable to correct problems, you have held broken packages. E: Unable to correct dependencies, some packages cannot be installed E: Unable to resolve some dependencies! Some packages had unmet dependencies. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following packages have unmet dependencies: libclamav1: Depends: libc6 (= 2.3.5-1) but 2.3.2.ds1-22 is installed. Depends: libidn11 (= 0.5.18) but 0.5.13-1.0 is installed. The emissing packeages are not available. Of course they are: http://packages.debian.org/unstable/base/libc6 http://packages.debian.org/unstable/libs/libidn11 It sounds to me like you have testing or stable in your sources.list, but have grabbed clamav from unstable. Is this correct? -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322564: clamav-daemon: The clamav daemon fails to start
On Thu, Aug 11, 2005 at 11:43:51AM -0400, Rick Friedman said: Stephen Gran wrote: This one time, at band camp, Rick Friedman said: Starting ClamAV daemon: clamd /sbin/start-stop-daemon: stat --oknodo: no such file or directory (No such file or directory) failed! Well, I see exactly what _must_ be happening, but it makes no sense to me, and it works fine here. Stephen, I did what you requested and have attached the file that was created consisting of the output from the init script. [snip] + THEPIDFILE= Here is the problem, resulting in the wrong arguments being passed: + start_daemon -p /usr/sbin/clamd Fixing now. -- -- | Stephen Gran | And then there was the lawyer that | | [EMAIL PROTECTED] | stepped in cow manure and thought he| | http://www.lobefin.net/~steve | was melting... | -- signature.asc Description: Digital signature
Bug#322636: hdparm's udev support needs one more change...
This one time, at band camp, Christopher Martin said: Hello, It would appear that udev doesn't run scripts under /etc/dev.d/block unless they end in .dev. For this reason, the hdparm.block script isn't currently used. Renaming the file to hdparm.dev solves the problem here, so that my optical drives are fully supported by hdparm+udev. OK, thanks. Not really using udev myself, I had a hard time testing this :) -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322578: libclamav1 can't be installed
This one time, at band camp, Stephen Gran said: It sounds to me like you have testing or stable in your sources.list, but have grabbed clamav from unstable. Is this correct? Just a ping. Anything further to add? -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322396: clamav-daemon: clamd chokes
This one time, at band camp, Stephen Gran said: So, we're using it on the assumption that something will come along and kill it, yes. But it will be slightly different, and will need a more watchful eye to see which one is dead, as most mail will continue normally. So, it's been a few days. You should (hopefully) have at least a few logfiles of the form log.$PID laying around from clamscan's that have gone awry. If so, would you mind sending a few my way? Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322396: clamav-daemon: clamd chokes
This one time, at band camp, Clint Adams said: So, it's been a few days. You should (hopefully) have at least a few logfiles of the form log.$PID laying around from clamscan's that have gone awry. If so, would you mind sending a few my way? I have no hung clamscan processes, and no log.$PID files. I do have a clamscan core dump from 3 hours ago. #0 0x7004630c in __zzip_find_disk_trailer () from /usr/lib/libclamav.so.1 #1 0x7004690c in zzip_dir_fdopen_ext_io () from /usr/lib/libclamav.so.1 #2 0x7003e5ac in cl_scanfile () from /usr/lib/libclamav.so.1 #3 0x7003d75c in cli_magic_scandesc () from /usr/lib/libclamav.so.1 #4 0x7003eff4 in cl_scanfile () from /usr/lib/libclamav.so.1 #5 0x7003f450 in cl_scanfile () from /usr/lib/libclamav.so.1 #6 0x70040550 in cl_scanfile () from /usr/lib/libclamav.so.1 #7 0x7003d55c in cli_magic_scandesc () from /usr/lib/libclamav.so.1 #8 0x7003e520 in cl_scandesc () from /usr/lib/libclamav.so.1 #9 0x000140a4 in ?? () #10 0x000140a4 in ?? () Ah, I see, another zip file problem. There have been several reports of this sort of thing. Do you by any chance have the zip file that caused this? That would be very helpful for debugging. Thanks again, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322730: clamav-daemon: Init script does not stop clamd
This one time, at band camp, Rick Friedman said: When the init script (/etc/init.d/clamav-daemon) runs with the stop parameter, the script runs to completion with no errors. However, the clamd process is not stopped. It is still running after the script has completed. Below is output from the script (with set -x in the script). Can I see the contents of your clamd.conf, please? -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322396: clamav-daemon: clamd chokes
This one time, at band camp, Clint Adams said: Ah, I see, another zip file problem. There have been several reports of this sort of thing. Do you by any chance have the zip file that caused this? That would be very helpful for debugging. Attached is a tarball of a problematic message and the corresponding log. Er, I see no tarball. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322770: lsb-base: killproc should use --exec in start-stop-daemon call
Package: lsb-base Version: 3.0-4 Severity: normal Right now, the daemon name is thrown away, after a short check for the pidfile. Using the binary name would allow start-stop-daemon to look for instances of a daemon in cases where there is no pidfile. Changing: if [ ! $pidfile ]; then pidfile=/var/run/$(basename $1).pid fi if [ $2 ]; then sig=$(echo $2 | sed -e 's/^-\(.*\)/\1/') sig=$(echo $sig | sed -e 's/^SIG\(.*\)/\1/') /sbin/start-stop-daemon --stop --pidfile $pidfile --signal $sig --quiet status=$? [ $status = 1 ] return 3 # program is not running return 0 else /sbin/start-stop-daemon --stop --pidfile $pidfile --retry 5 --quiet --oknodo fi to : if [ ! $pidfile ]; then pidfile=/var/run/$(basename $1).pid fi if [ $2 ]; then sig=$(echo $2 | sed -e 's/^-\(.*\)/\1/') sig=$(echo $sig | sed -e 's/^SIG\(.*\)/\1/') /sbin/start-stop-daemon --stop --pidfile $pidfile --signal $sig --quiet status=$? [ $status = 1 ] return 3 # program is not running return 0 else /sbin/start-stop-daemon --stop --pidfile $pidfile --retry 5 --quiet --oknodo --exec $1 fi should do it. Thanks, -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11-9-amd64-k8 Locale: LANG=C, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15) (ignored: LC_ALL set to en_US.ISO-8859-15) Versions of packages lsb-base depends on: ii ncurses-bin 5.4-9 Terminal-related programs and man ii sed 4.1.4-2The GNU sed stream editor lsb-base recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#322730: clamav-daemon: Init script does not stop clamd
This one time, at band camp, Rick Friedman said: On Friday 12 August 2005 11:49 am, Stephen Gran wrote: This one time, at band camp, Rick Friedman said: When the init script (/etc/init.d/clamav-daemon) runs with the stop parameter, the script runs to completion with no errors. However, the clamd process is not stopped. It is still running after the script has completed. Below is output from the script (with set -x in the script). Can I see the contents of your clamd.conf, please? After seeing your request, I checked clamd.conf myself. I found the following: # This option allows you to save a process identifier of the listening # daemon (main thread). # Default: disabled # PidFile /var/run/clamd.pid I uncommented the PidFile line. That seems to have fixed the problem. Now the init script stops the clamd process properly. The only question I now have is why is the PidFile line disabled by default? Er, if you take the default, clamd.conf is managed by debconf, and you would have a PidFile directive. The problem is that I recently switched to the lsb-base init script functions, which don't work (currently) without a pidfile. I have submitted a bug with patch to the lsb-base maintainers asking them to also kill instances of the daemon in the absence of a pidfile. I will keep this bug open until lsb-base is fixed, as it will continue to affect clam until then. Thnaks for reporting, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322770: Better patch
--- init-functions~ 2005-08-10 13:02:35.0 -0400 +++ init-functions 2005-08-12 15:44:46.0 -0400 @@ -113,12 +113,12 @@ if [ $2 ]; then sig=$(echo $2 | sed -e 's/^-\(.*\)/\1/') sig=$(echo $sig | sed -e 's/^SIG\(.*\)/\1/') -/sbin/start-stop-daemon --stop --pidfile $pidfile --signal $sig --quiet +/sbin/start-stop-daemon --stop --pidfile $pidfile --signal $sig --quiet --exec $1 status=$? [ $status = 1 ] return 3 # program is not running return 0 else -/sbin/start-stop-daemon --stop --pidfile $pidfile --retry 5 --quiet --oknodo +/sbin/start-stop-daemon --stop --pidfile $pidfile --retry 5 --quiet --oknodo --exec $1 fi } Sorry about the first, incomplete one. Vacation mode is making me sloppy. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322396: clamav-daemon: clamd chokes
This one time, at band camp, Clint Adams said: Er, I see no tarball. It appears that it'll bus error on any .zip file. Still, it would be helpful to have the tarball (or a link to it) in order to do some debugging. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322396: clamav-daemon: clamd chokes
This one time, at band camp, Clint Adams said: Still, it would be helpful to have the tarball (or a link to it) in order to do some debugging. I could have sworn that I sent it immediately after the mail missing the attachment. I see now that you did, and my mailserver rejected it for being Worm.Mydoom.M infected :( Sorry about that - I have grabbed the copy in the BTS. One last thing, as I am not that familiar with Sun hardware - is yours sparc32 or sparc64? Thanks again, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322396: clamav-daemon: clamd chokes
forwarded 322396 [EMAIL PROTECTED] tags 322396 +upstream thanks This one time, at band camp, Clint Adams said: I see now that you did, and my mailserver rejected it for being Worm.Mydoom.M infected :( Sorry about that - I have grabbed the copy in the BTS. Ha, I knew I should have obfuscated it. :) One last thing, as I am not that familiar with Sun hardware - is yours sparc32 or sparc64? sparc64. The pointer in question should be aligned on an 8-byte boundary. Well, I see this in build logs on 64bit platforms: zziplib/zzip-io.c:65: warning: initialization from incompatible pointer type But oddly, it doesn't SIGBUS here (amd64) with those files. I have to admit I'm having a little difficulty chasing this one down, so I will bring upstream into the conversation. Thanks again, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#322396: libclamav alignment problem
This one time, at band camp, Clint Adams said: So this patch fixes clamscan. I've switched back to using clamd to see if it is happier. I imagine that upstream will probably want a more portable fix, as this requires gcc. --- /tmp/zzip-zip.c 2005-08-13 12:37:05.966677144 -0400 +++ libclamav/zziplib/zzip-zip.c 2005-08-13 12:37:51.226796560 -0400 @@ -616,7 +616,7 @@ { zzip_error_t rv; zzip_off_t filesize; -struct zzip_disk_trailer trailer; +struct zzip_disk_trailer trailer __attribute__ ((aligned (8))); /* if (! dir || dir-fd 0) * { rv = EINVAL; goto error; } */ I have sent the patch upstream, and am waiting to hear what they have to say. Thank you very much for your help in debugging this problem. If I don't hear back from upstream shortly, I will probably put this in temporarily, as Debian can be depended on to use gcc :) Take care, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#315498: Same problem.
This one time, at band camp, Anthony Tippett said: I am also having the same problem where the milter will die and sendmail issues the warning of unsafe milter socket file: Aug 9 13:47:05 freki sm-mta[17921]: j79Kl58k017921: Milter (clamav): local socket name /var/run/clamav/clamav-milter.ctl unsafe Aug 9 13:47:12 freki sm-mta[17920]: j79KlCod017920: Milter (clamav): local socket name /var/run/clamav/clamav-milter.ctl unsafe Aug 9 13:47:35 freki sm-mta[17953]: j79KlZ83017953: Milter (clamav): local socket name /var/run/clamav/clamav-milter.ctl unsafe ~ I've upped my max-children to 6 to see if this helps. Stu, what is your children level set at? I have had it as high as 150 on busy systems. You'll want it at least as high as maximum number of concurrent sendmail processes, in order not to block on the milter. That number takes some experimentation to get right. Good luck, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#323098: lintian: while [[ is a bashism, [[:space:]] co. are POSIX
Package: lintian Version: 1.23.11 Severity: normal The test introduced as a result of 296233 is a little overzealous, catching valid POSIX regular expressions. The patch below fixes it, hopefully correctly. --- checks/scripts.old 2005-08-14 13:28:30.0 -0400 +++ checks/scripts 2005-08-14 13:35:13.0 -0400 @@ -461,7 +461,7 @@ '(?:^|\s+)(trap\s+[\']?.*[\']?\s+.*[1-9])', # trap with sign al numbers '(?:^|\s+)(local)\s',# local scoping of variables '(\)', # cshism - '(\[\[)',# alternative test command + '(\[\[[^:(alnum|alpha|blank|cntrl|digit|graph|lower|print|punc t|space|upper|xdigit)])', # alternative test command, but not POSIX regex ); for my $re (@bashism_regexs) { I think I've got them all there - check http://www.opengroup.org/onlinepubs/009695399/toc.htm section 9.3.5.6 to double check. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11-9-amd64-k8 Locale: LANG=C, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15) (ignored: LC_ALL set to en_US.ISO-8859-15) Versions of packages lintian depends on: ii binutils 2.16.1-2 The GNU assembler, linker and bina ii diffstat 1.39-1produces graph of changes introduc ii file 4.12-1Determines file type using magic ii gettext0.14.5-2 GNU Internationalization utilities ii intltool-debian0.30+20040213 Help i18n of RFC822 compliant conf ii libparse-debianchangelog-p 0.6-1 parse Debian changelogs and output ii man-db 2.4.3-1 The on-line manual pager ii perl [libdigest-md5-perl] 5.8.7-4 Larry Wall's Practical Extraction lintian recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#314645: /usr/sbin/sshd: time delay of password check proves account existence to attackers
This one time, at band camp, Justin Pryzby said: Package: ssh Version: 1:3.8.1p1-8.sarge.4 Severity: critical File: /usr/sbin/sshd Tags: security Justification: root security hole This part seems like panic - it's a user level security hole, if it exists. This one time, at band camp, Greg Webster said: On Fri, 2005-06-17 at 12:51 -0400, Justin Pryzby wrote: You're talking about microsecond delays, right? Nope...human-discernable delays. Give it a shot on your system. I can easily determine just by mentally counting, if an account is valid. I think I remember seeing a report that in PAM using setups, there was a noticeable delay introduced by PAM. I was under the impression it was addresses, however. Let me try ... OK, I see no difference on a sarge machine that isn't probably induced by me (half a second difference between valid user/invalid password and invalid user/random password, averaged over 5 tries of each). The difference is too small for me to notice it with the eye, at any rate. This attack is already in the wild, as shown in logs: This is a random username attack. It has been going on for months now, and does not seem to be slowing down. It does not coincide with any vulnerability I am aware of, and has not gotten anyone access to any machines I run, as far as I can tell. It appears to just try common usernames with weak passwords. This one time, at band camp, Greg Webster said: The problem is, I've seen that valid accounts (like my own 'greg') get tested a lot more often than the others. 9 www-data 10 adam 10 irc 11 john 11 news 11 operator 12 mail 12 nobody 12 richard 16 michael 23 mysql 352 root Created with: zgrep 'Failed password' auth.log*gz |awk '{print $9}' | sort| uniq -c |sort -k1 -n|less Now, none of the people with 1 attempt are valid, but all of those above 10 are. None of the users have a valid shell to access the server via ssh, yet certain accounts get many more attempts (ignoring 'root' entirely, since it'd be a known target). The usernames adam, john, richard, and michael are very common names. the others are all common system accounts. Here's my top ten on one system: 25 uucp 28 mysql 28 news 28 webmaster 29 daemon 31 oracle 32 bin 38 test 52 admin 412 root but look, 4 richard 7 adam 9 greg 9 john 9 johnny 3 michael are all getting hit as well. This machine has _no_ valid usernames to speak of (3 or 4 accounts, and none are normal names). None of them appear in the output of your zgrep. I see similar patterns in the logs of the half dozen servers I have that unfortunately still have ssh open to the world. I think you are conflating an attack on a common username with a guessed username. OTOH, the delay that you can see with the naked eye is odd, and if you can provide some way to reproduce it, that would certainly be a bug (maybe config file settings?). Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#314747: clamav: Cruft in debian/rules: dh_installdocs ... -Xhangelog
This one time, at band camp, Andreas Metzler said: Hello, There seems to be cruft in debian/rules, dh_installdocs is invoked with -Xhangelog. As there is currently no file named hangelog in the source-tree I /guess/ there was once upon a time a misnamed file like this in upstream, which has been removed since. thanks, cu andreas -Xitem, --exclude=item Exclude files that contain item anywhere in their filename from being installed. It is used to exclude both the upstream and the debian changelog from the package, so that they can be symlinks. I felt that since this source package builds 9 binary packages, I would try to minimize the nuber of copies of the same thing you need to store. I don't believe that -X[Cc]hangelog would work, although it would be more readable. So, since it's on purpose, I realy don't think it's a bug :) If I missed something, let me know and I'll address it. Otherwise, I thnk this can just be closed. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#314752: clamav: Build-Dependency on sendmail?
This one time, at band camp, Andreas Metzler said: The location of the found sendmail is compiled into SENDMAIL_BIN and is used to fill SENDMAIL_VERSION_A (and ..._B and ..._C) which is refered to in clamav-milter.c. My build (with exim installed) has SENDMAIL_BIN=/usr/sbin/sendmail and empty SENDMAIL_VERSION*, otoh if the program was built on a machine with sendmail installed SENDMAIL_VERSION_A would be filled. rowsing over clamav-milter/clamav-milter.c I think this will indeed cause different behavior. Yes, slightly, although I am not sure enough to make a significant difference. thanks, cu andreas PS: Of course I am not suggesting to Build-Depend on sendmail but to use --with-sendmail=/usr/sbin/sendmail _and_ to patch ./configure to not invoke /usr/sbin/sendmail to fill SENDMAIL_VERSION_A, but to hardcode values fitting the version used in debian. It actually (oddly) gets filled in to /usr/lib/sendmail here, but I guess since they're both symlinks that's ok. Is /usr/sbin/sendmail the canonical path to use? If so, I will just do that. As for the sendmail version, I think you're right - just defining them in the milter after including the clamav-config.h ought to do it (although it will break things for anyone compiling clamav with a non-debian sendmail installed). Hmm, have to think about this. Maybe this needs grotesque Makefile hackery - look for an environment variable, otherwise run gcc with -DNO_SENDMAIL or something, and define _that_ in the milter to mean SENDMAIL_VERSION=$(debian_sendmail_version). That's starting to feel like overkill, but it would easily allow people to rebuild against a non-standard sendmail, which feels like the right thing. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#314747: clamav: Cruft in debian/rules: dh_installdocs ... -Xhangelog
This one time, at band camp, Andreas Metzler said: On 2005-06-18 Stephen Gran [EMAIL PROTECTED] wrote: This one time, at band camp, Andreas Metzler said: There seems to be cruft in debian/rules, dh_installdocs is invoked with -Xhangelog. As there is currently no file named hangelog in the source-tree I /guess/ there was once upon a time a misnamed file like this in upstream, which has been removed since. -Xitem, --exclude=item Exclude files that contain item anywhere in their filename from being installed. Ouch, I missed the anywhere in. However It is used to exclude both the upstream and the debian changelog from the package, so that they can be symlinks. ... dh_installdocs would _not_ install either debian/changelog or Changelog unless told explicitely. (Which you do not.) So the whole thing is useless anyway. ;-) Ouch back at you. Somehow I was confusing dh_installdocs with what is properly in dh_installchangelogs. Pulled the relevant cruft. Thanks for reporting, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#314752: clamav: Build-Dependency on sendmail?
This one time, at band camp, Stephen Gran said: It actually (oddly) gets filled in to /usr/lib/sendmail here, but I guess since they're both symlinks that's ok. Is /usr/sbin/sendmail the canonical path to use? If so, I will just do that. I see now that of course /usr/sbin/sendmail is the correct path to use. That part is updated. Still have to think about how to fill out SENDMAIL_VERSION without too much grotesquery. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#314752: clamav: Build-Dependency on sendmail?
This one time, at band camp, Andreas Metzler said: On 2005-06-18 Stephen Gran [EMAIL PROTECTED] wrote: As for the sendmail version, I think you're right - just defining them in the milter after including the clamav-config.h ought to do it (although it will break things for anyone compiling clamav with a non-debian sendmail installed). Hmm, have to think about this. Maybe this needs grotesque Makefile hackery - look for an environment variable, otherwise run gcc with -DNO_SENDMAIL or something, and define _that_ in the milter to mean SENDMAIL_VERSION=$(debian_sendmail_version). That's starting to feel like overkill, but it would easily allow people to rebuild against a non-standard sendmail, which feels like the right thing. I doubt whether there is a working solution for this, as your aims are: #1 if /usr/sbin/sendmail does not exist build as if ${sendmail version in sid} was installed This one is easy - it must exist, according to policy (which I have just reread, thanks to you :) #2 if /usr/sbin/sendmail exists but is not sendmail (exim, qmail, esmtp, ...) build as if ${sendmail version in sid} was installed Yes. #3 if /usr/sbin/sendmail exists and is a real sendmail retrieve version information from binary and hardcode _these_ values. And yes. On top of that do not forget to add the corresponding dependency information. And this is another hard part. If we build with SENDMAIL_VERSION defined to something (whether extracted from a real sendmail, or hacked in), how do we express this in dependencies? I think, we have to Conflict: sendmail ( SENDMAIL_VERSION), rather than Depends: sendmail (= SENDMAIL_VERSION) in order to make it work cleanly. The problem here, I think, is that the milter doesn't actually depend on sendmail to run now that the milter library is properly built as a shared library in a seperate package. It will, however, introduce behavior that older sendmail's can't cope with. I guess that just detecting whether /usr/sbin/sendmail is a real sendmail is a quite hard problem without elegant solution. Which is why I'd suggest to drop requirement #3. cu andreas I think we can do this in clamav-milter.c: #ifundef SENDMAIL_VERSION_A #define SENDMAIL_VERSION_A 8 #endif #ifundef SENDMAIL_VERSION_B #define SENDMAIL_VERSION_B 13 #endif after including clamav-config.h, without introducing any breakage. In combination with the Conflicts: above, I think this will produce the correct behavior. Does this seem reasonable to you? -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#314914: clamav: FTBFS (amd64/gcc-4.0): operator '' has no left operand
This one time, at band camp, Andreas Jochens said: When building 'clamav' on amd64/unstable with gcc-4.0, I get the following error: if x86_64-linux-gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../clamd -I../libclamav -I../shared-g -O2 -MT clamav-milter.o -MD -MP -MF .deps/clamav-milter.Tpo -c -o clamav-milter.o clamav-milter.c; \ then mv -f .deps/clamav-milter.Tpo .deps/clamav-milter.Po; else rm -f .deps/clamav-milter.Tpo; exit 1; fi clamav-milter.c:1057:26: error: operator '' has no left operand clamav-milter.c:1576:26: error: operator '' has no left operand clamav-milter.c: In function 'clamfi_connect': clamav-milter.c:2101: warning: passing argument 1 of 'hosts_ctl' discards qualifiers from pointer target type make[3]: *** [clamav-milter.o] Error 1 make[3]: Leaving directory `/clamav-0.85.2-0.86rc1/clamav-milter' You are compiling clamav-milter on a system withut sendmail, so the vrsion doesn't get properly filled in. A better patch is underway now to fill in the current sendmail version if it is empty. Thanks for reporting, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#314752: clamav: Build-Dependency on sendmail?
This one time, at band camp, Andreas Metzler said: On 2005-06-18 Stephen Gran [EMAIL PROTECTED] wrote: I think we can do this in clamav-milter.c: #ifundef SENDMAIL_VERSION_A #define SENDMAIL_VERSION_A 8 #endif #ifundef SENDMAIL_VERSION_B #define SENDMAIL_VERSION_B 13 #endif after including clamav-config.h, without introducing any breakage. In combination with the Conflicts: above, I think this will produce the correct behavior. Does this seem reasonable to you? If /usr/sbin/sendmail=exim you currently get empty definitions of SENDMAIL_VERSION_A in clamav-config.h: /* major version of Sendmail */ #define SENDMAIL_VERSION_A so this will not work. cu andreas OK, just for the record, what I have done is: patch configure.in to only fill out SENDMAIL_VERSION_A B if test -n $sendmail_version. This gives /* #undef SENDMAIL_VERSION_A */ in clamav-config.h, which is correct so far. Then I have patched clamav-milter.c: #include clamav-config.h #ifundef SENDMAIL_VERSION_A #define SENDMAIL_VERSION_A 8 #endif (and repeat for SENDMAIL_VERSION_B) Then, finally, I have wrapped the parts that actually use this in an #if defined SENDMAIL_VERSION_A defined SENDMAIL_VERSION_B ... #endif (this is to address the FTBFS due to no left operand error on gcc-4.0 in #314914) These have been submitted upstream, so will be in 0.86rc2 or 0.86 final, hopefully. Thanks for the report. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#315063: clamav-freshclam: logrotate fails when freshclam is not running as daemon
tags 315063 +sarge thanks This one time, at band camp, Anders Henke said: No, this is no dupe to #315042 :-) The postrotate script in /etc/logrotate.d/clamav-freshclam contains a line [ -f /var/run/clamav/freshclam.pid ] kill -HUP `cat /var/run/clamav/freshclam.pid` Well, if the test -f -command fails, it returns a non-zero exit status and logrotate will report an error running postrotate script. Others might prefer to add || /bin/true, but a more creative solution is to negate the script: [ ! -f /var/run/clamav/freshclam.pid ] || kill -HUP `cat /var/run/clamav/freshclam.pid` That way freshclam is only HUPed if the test fails - which either means that the test command is broken or the pid-file does exist. Yes, that would have been better that what is in stable. In unstable, I have added a reload-log target to the init script that uses start-stop-daemon and generally does a much better job. Sadly, I think we're stuck with this one for now. Thanks for reporting, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#315498: clamav-milter: clam-milter crashes under heavy traffic load
This one time, at band camp, Stuart Sheldon said: Using clmilter_watch to restart the daemon with a timeout of 30 secs. Well, that's not much information to go on. Can you help me to diagnose this at all? I use the milter at some very busy sites, and I am regularly in contat with people who use it at places doing illions of email a day, and so far they are not complaining about the new version, so I will need a little information to dig through this. Log entries, gdb output, etc, would be very helpful. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature