Bug#342144: fail2ban: Apache(2) features
Hi Ross, I'm abroad at the moment so I don't have enough time to look at all the questions in details - I will get back to it asap (or as soon as there is no beer on the table, whichever is the first), but regarding parameters definitions within each section - they can be redefined for each section with no problem As for log files for apache2 -- are you suggesting to create a separate section for apache2 and have proper path setup? -- Yarik On Mon, Dec 05, 2005 at 11:49:33AM -0800, Ross Boylan wrote: Package: fail2ban Version: 0.6.0-1 Severity: wishlist You might note that the log file location needs to be changed for Apache2. Although it's pretty obvious, I managed to miss it at first! Probably a comment right after the Apache header in the config file would be best. It may be the case that the failure patterns for Apache2 differ from those for Apache (v 1). If so, it would be good to provide them. I notice a lot of probes that show up in error.log but not access.log. They look like this: -- [Sun Nov 27 07:58:26 2005] [error] [client 219.140.132.121] File does not exist: /var/www/sfgc/cgi-bin, referer: http://www.lookquick.net/search.php [Sun Nov 27 07:59:59 2005] [error] [client 219.140.132.121] File does not exist: /var/www/sfgc/xml.php, referer: http://www.lookquick.net [Sun Nov 27 08:03:45 2005] [error] [client 219.140.132.121] File does not exist: /var/www/sfgc/cgi-bin, referer: http://orseek.com [Sun Nov 27 08:04:14 2005] [error] [client 219.140.132.121] File does not exist: /var/www/sfgc/xml.php, referer: http://lookquick.net/search.php [Sun Nov 27 08:05:44 2005] [error] [client 219.140.132.121] File does not exist: /var/www/sfgc/cgi-bin, referer: http://orseek.com -- To be honest, I'm not sure if these are fairly routine indexing by search engines, but they seemed suspicious to me. If appropriate, it would be nice to ban on this basis too. Finally, it seems desirable to have maxfailures and other paramaters differ for the different sections. It's hard to tell whether this is possible already. If it is, perhaps modify - # password failure. Each section has to define the following # options: logfile, fwban, fwunban, timeregex, timepattern, # failregex. -- in fail2ban.conf. After password failure. add Each section may also redefine any of the parameters given above. The redefinition affects that section only. Note this wording implies both [DEFAULT] and [MAIL] parameters can be redefined, which seems best. If it's only one, adjust accordingly. If this feature doesn't exist, it would be nice to add it. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (990, 'stable'), (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.27advncdfs Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages fail2ban depends on: ii iptables 1.3.3-2Linux kernel 2.4+ iptables adminis ii python2.3.5-3An interactive high-level object-o fail2ban recommends no packages. -- no debconf information -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpAY9kdATWS0.pgp Description: PGP signature
Bug#347332: mozilla-stumbleupon: needs to be upgraded with fresh upstream
Package: mozilla-stumbleupon Version: 1.99.95-1 Severity: grave Given version of plugin doesn't work with a recent release of mozilla-firefox (thus it renders the package unusable). Judging from https://addons.mozilla.org/extensions/moreinfo.php?id=138 recent posted version is 2.2 and supports Firefox: 0.8 - 1.6a1, thus it is highly desired to be in unstable :) Thank you in advance -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (600, 'unstable'), (300, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-mm1 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages mozilla-stumbleupon depends on: ii mozilla-browser 2:1.7.12-1 The Mozilla Internet application s ii mozilla-firefox 1.5.dfsg-3 Transition package for firefox ren mozilla-stumbleupon recommends no packages. -- no debconf information --Yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#343821: fail2ban doesn't start up
Thank you Nick very much for the bug report and the patch. Updated package will be out shortly. -- Yarik pgpPx3KubJmXZ.pgp Description: PGP signature
Bug#344241: debsecan: not sure -- probably open issue is reported fixed
Package: debsecan Version: 0.2 Severity: normal First of all let me thank you for the package. I was thinking about hacking up something like that myself but always postponed the project until later on. So thank you very much -- now you've got an active user/tester thus you might get an increase in the amount of bug reports :-) On my first try of the package I've decided to do full system security upgrade, so I ran apt-get install $(debsecan --suite sid --format packages --only-fixed) and it gave me: cpio is already the newest version. libnetpbm10 is already the newest version. libnetpbm9 is already the newest version. linux-image-2.6.12-1-386 is already the newest version. netpbm is already the newest version. I decided to look closer onto cpio package: dpkg -l cpio ii cpio 2.6-9 GNU cpio -- a program to manage archives of debsecan --suite sid --format summary --only-fixed | grep cpio CVE-2005-4268 cpio (fixed) http://idssi.enyo.de/tracker/source-package/cpio lists CVE-2005-4268 among open issues and the other resolved issues are covered by 2.6-9, thus nothing really has to be upgraded Please let me know if more details necessary Also it would be helpful to track the issue if there was at least some optional debugging output (such vulnerabilities for package X are found, this this and that one are fixed, etc depending on the logic of debsecan) Thanks once again for a nice tool -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (600, 'unstable'), (300, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13-mm1 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages debsecan depends on: ii python2.3.5-3An interactive high-level object-o debsecan recommends no packages. -- no debconf information --Yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#337223: fail2ban: leaves garbage around after purge
the key in all this is Stopping fail2ban: Status of fail2ban: fail2ban is not running. Not stopping fail2ban invoke-rc.d: initscript fail2ban, action stop failed. So it seems that fail2ban doesn't uninstall cleanly only if it wasn't running at the moment and stop failed. That is funny why it matters... For now could you please confirm that it uninstalls cleanly if it is running before you do purge? Cheeers -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgp17Ux92fehk.pgp Description: PGP signature
Bug#337223: fail2ban: leaves garbage around after purge
Indeed so: washoe[0] /var/lib/dpkg/info less fail2ban.prerm #!/bin/sh set -e # Automatically added by dh_installinit if [ -x /etc/init.d/fail2ban ]; then if [ -x `which invoke-rc.d 2/dev/null` ]; then invoke-rc.d fail2ban stop || exit 0 else /etc/init.d/fail2ban stop || exit 0 fi fi # End automatically added section # Automatically added by dh_python dpkg -L fail2ban | awk '$0~/\.py$/ {print $0c\n $0o}' | xargs rm -f 2 # End automatically added section This issue seems to be something to ask about on the mailing list or debhelper people since I don't want override global ERROR_HANDLER and we need to have it something else from exit 0 when combining with dh_python part of postrm. -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgplTcKNV3EuC.pgp Description: PGP signature
Bug#338265: bibtex2html: broken dependencies forbid it from been installed in unstable
Package: bibtex2html Severity: important I was upgrading my box and had to remove bibtex2html since bibtex2html depends on ocaml-base-nox-3.08.3 ocaml-base-nox-3.08.3 does not appear to be available There is now ii ocaml-base-nox 3.09.0-1 which Provides: ocaml-base-nox-3.09.0 Thank you in advance. Probably it is just up for a small fix in dependencies ;-) Cheers -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13.4 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) --Yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#338620: python-matplotlib: depends on previous debian release so not installable on i386
Package: python-matplotlib Severity: normal Broken dependencies forbids it from been installed * apt-get install python-matplotlib python2.3-matplotlib The following packages have unmet dependencies: python-matplotlib: Depends: python2.3-matplotlib (= 0.82-1) but 0.82-2 is to be installed python2.3-matplotlib: Depends: python-matplotlib-data (= 0.82-1) but it is not going to be installed E: Broken packages I see that the possible cause is that there is no -2 release of python2.3-matplotlib for arm,ia64,mips,s390, which probably caused the problem. Also why to make such strong dependencies, I think that upstream version should be enough, shouldn't it? -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13.4 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) --Yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#338622: python-matplotlib: a package of examples from upstream website
Package: python-matplotlib Version: 0.82-1 Severity: wishlist It would be neat to have a package of like python-matplotlib-examples (or include examples in python-matplotlib in /usr/share/doc/package/examples) with examples available on upstream website http://matplotlib.sourceforge.net/matplotlib_examples_0.83.2.zip Thanks in advance :-) -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13.4 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages python-matplotlib depends on: ii python2.3-matplotlib 0.82-1 python based plotting system (Pyth python-matplotlib recommends no packages. -- no debconf information --Yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#344241: debsecan: not sure -- probably open issue is reported fixed
Hi Florian, cpio is already the newest version. A fixed version was uploaded, and its version was put into the database, but it doesn't seem to have made its way into your local copy of the Packages file yet. Actually main confusion was that on http://idssi.enyo.de/tracker/source-package/cpio CVE-2005-4268 is in open issues and I didn't check it out in details, now when I go to http://idssi.enyo.de/tracker/CVE-2005-4268 it does state that sid 2.6-10 fixed so indeed upgrade is necessary. Yesterday though the latest sid version was 2.6-9 or I was on drugs and missed somehow -10 :-) Please feel free to close the bug :-) -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgp0N5Kyn4Iwx.pgp Description: PGP signature
Bug#345049: hostname: hostname -i provides shortname instead of IP address
Package: hostname Version: 2.91 Severity: normal * rsh localhost hostname -i 10.0.0.1 * /bin/sh -c 'hostname -i' 10.0.0.1 BUT * rsh localhost /bin/sh -c 'hostname -i' ravana It used to be working properly before (2 month ago update) so it is probably caused by rsh or bash (since last changelog entry of hostname is of 29 Aug), but I believe that such behavior should not happen. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13.4 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages hostname depends on: ii libc6 2.3.5-9GNU C Library: Shared libraries an hostname recommends no packages. -- no debconf information --Yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#331458: pybliographer: have unstable pybliographer (1.3.x) in experimental at least
Package: pybliographer Version: 1.2.6.2-1 Severity: wishlist That would be neat to have development version of pybliographer (1.3.x) at least in experimental. Otherwise it is harder for Debian users to do testing of a fresh pybliographer -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11.11 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages pybliographer depends on: ii python2.3.5-2An interactive high-level object-o ii python-bibtex 1.2.1-1Python interfaces to BibTeX and th ii python-glade2 2.6.2-1GTK+ bindings: Glade support ii python-gnome2 2.6.1-1Python bindings for the GNOME desk ii python2.3-glade2 2.6.2-1GTK+ bindings: Glade support ii python2.3-gnome2 2.6.1-1Python bindings for the GNOME desk -- no debconf information --Yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#330827: IP vetting is weak, allowing targetted DoS via usernames
On Mon, Oct 03, 2005 at 06:37:36PM -0700, Joshua Rodman wrote: 1) The package does not on install make it clear (at least with my debian configuration) that replacing the configuration file is necessary to close the bug. Totally agree - I should've at least echo warning in postinst script. Heh heh... that is sad that I'm not a DD yet, so all my uploads have to go through a sponsor, and that delays uploads some times and I don't want to bother him too often. I will add notification but it I am not sure when new version makes its way to the Debian repository. At least anyone who uses my local repository will get it ;-) I'm not even sure how this would be done in the debian world, save perhaps an email to the system owner? I think that it is common to just produce a warning message to the stdout. I need to check, may be dev debian documents or policy has something regarding such cases 2) The regex is not verifiable nor even understandable by me. I accept that sophisticated regex has its place, but it is effectively a bit of a programming language, and I think configfiles should not really contain significant chunks of code, especially ones that are moderately opaque. Indeed... it is a bit cryptic because I am damn pragmatic programmer, so I hate code duplication. That is why I had such approach to build regexp as well -- now I don't have 3 or 4 simpler failregex'es with the common base, which I would need to correct in all of them if I detect a bug. Rather I have a single regex. Besides that, using full-featured regexp engine of python provides another advantage of being able to create complex match patterns if such are necessary. May be I should place txt2regex among Suggest:? That one is quite nice to help anyone to build a regexp (including for python) Besides that regular users or sysadmins are not even supposed to tune failregex to have basic functionality to be performed. Me (and the upstream) author are going to incorporate or at least include in the package more of the configurations for different servers (imap, smtp, etc). Is this a reasonable approach? 1) Regex which identifies a false login. This can be as simple as before. If someone logs in as illegal user to create a false positive, so be it. 2) Second pattern which simply identifies the IP address component of the line. Well - that is how it was done before, and lead to the security breach. 2nd pattern was a generic pattern for an IP address, and that is why all substrings containing IP address were matched, including in the placeholders of the usernames. I don't see sufficiently generic way to employ in 2) besides scanning the whole line for IP address, unless I use full regexp as I did. By employing regexp to match the logged line, I eliminated such possibility and made it more or less generic, thus I had minimal amount of real code of fail2ban to change to make it work. I open for more specific suggestions on how to make it work in a cleaner way ;-) Should I be sending these to the upstream author, or will he/she probably see all this anyway. I will update him as soon as he gets back in touch (he is away at the moment), so it would be better if you just trust be on that ;-) He might have some better idea on how to handle this case as well ;-) Aside: Many thanks to my debian maintainers. I should buy you all a beer. cyber-beer -- yammy ;-)) Thanx -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpoCZWXxZYVE.pgp Description: PGP signature
Bug#330827: IP vetting is weak, allowing targetted DoS via usernames
On Mon, Oct 03, 2005 at 10:20:23PM -0700, Joshua Rodman wrote: What was done before was the line was scanned for anything which resembles an IP address. What I am suggesting is a regex which specifies where in the line the IP address should be. how would you specify where? if you are thinking about something like from IP regex or fixed position, that will not work, because intruder can provide a login name with from IP regex and log line is Oct 4 09:41:14 sonyboy sshd[18226]: Invalid user from 10.0.0.1 from 127.0.0.1 Oct 4 09:41:14 sonyboy sshd[18226]: Failed none for invalid user from 10.0.0.1 from 127.0.0.1 port 52417 ssh2 So, as I said, I don't see a generic way around that besides using fully specified regex'es. May be upstream will have something nice in mind To say the truth python regexes are not that diificult. May be I should provide a crash-course on them in 5-10 lines in the config file describing used by me constructs. Something like Symbols: [...] -- set of symbols \S -- non-space symbol . -- any symbol Enumerators: ? -- 0 or 1 occurance of patter * -- 0 or more occurances of previous regex {n,m} -- from n to m occurances of the pattern Grouping: | -- logical OR -- matching any of the mentioned patterns within a group (?:...) -- group which doesn't enter the set of numbered/named groups (?Pname1...) -- named as name1 group. Curently all named groups are considered as placeholders of IP addresses Would it make easier to grasp failregex'es now? -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpq4pDQIGgUq.pgp Description: PGP signature
Bug#331695: fail2ban: Note possible need to modify firewall rules
Would you mind me merging this bug with http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329163 ? they seems to be about the same problem or I misinterpreted it? and btw note about it is included in README.Debian since 0.5.2-5 :-) -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpovE4gHU2dI.pgp Description: PGP signature
Bug#331695: fail2ban: Note possible need to modify firewall rules
On Tue, Oct 04, 2005 at 11:29:45AM -0700, Ross Boylan wrote: concerns the program operation and endless loop. This one concerns primarily user information (which may have been addressed) and the problem that the firewall rules become ineffective if the main INPUT chain is altered so at to deleted the references to the fail2ban rules. yeap -- and that would lead to the absent chain, all failed login attempts will continue to flow, fail2ban will disregard them because it thinks that they are banned, unban will fail because there is no chain, and infinite loop situation can occur Is that right? The both bugs are grown from the same fact that if a user ( or outside of fail2ban firewal etc) changes iptables INPUT chain, fail2ban cannot function properly. During startup fail2ban starts up after networking and all firewalls (which supposed to be started from /etc/rcS.d/ if I'm not wrong) so general user should be fine as far as he doesn't restart the firewall or wipes out INPUT manually. In other words, 329163 is about infinite loops, while this concerns failure to run at all. Otherwise, If something like that happens, fail2ban renders unusable and might loop endlessly. That is why I considered both bug reports to be the same because the source of the problem is the same. Also, this bug/wish has some ideas about program functionality. You may or may not wish to pursue those ideas. indeed. we had an idea to include a check for existing chain before every operation with iptables... for now we just limited the solution by the note in README.Debian. Hopefully soon (if there will be not that many bug reports) recent fail2ban will get into testing, thus the others will see that note :-) -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgphv2TYMRIIp.pgp Description: PGP signature
Bug#331695: fail2ban: Note possible need to modify firewall rules
I'm probably not aware of all the implications of different misconfigurations, but I thought 329163 was about the problems that happen if, for example, fail2ban-ssh is missing. In contrast, in the case I'm thinking of, fail2ban-ssh (the table) is present, but there are no references to it from the INPUT table. You do have deeper understanding of the problem and outcomes than I do ;-) I didn't bother to bisect the problem in two (missing fail2ban chaing, missing -j to the chain) because either of them is bad. You are 100% right that outcomes are different, but I think that the solution to both bug reports should come as a 1 piece ;-) My understanding of 329163, or even the consequences of the scenario I describe, may be faulty. I agree that both problems arise from the general category somebody messes with the tables after fail2ban runs. note in README.Debian. Hopefully soon (if there will be not that many bug reports) recent fail2ban will get into testing, thus the others will see that note :-) This wish was mostly for some more documentation, so if it's already done my wish has been granted :) I might adjust README.Debian to reflect the two-fold problem as you brought it up. So, in any way, discussion was useful - thank you. I will merge this bug with #329163 so we the issue open till we fix it in a proper way -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpp0OzKUNzTn.pgp Description: PGP signature
Bug#333056: fail2ban 0.5.4-5 fails to ban
On Mon, Oct 10, 2005 at 01:56:50PM +0900, kazuki wrote: Package: fail2ban Version: 0.5.4-5 Severity: important With the new failregex line in the config file, fail2ban fails to ban ssh accesses by illegal users. Yeap :-) It has being worked on due to the report from the user who didn't use BTS (bad boy rrr). BTW - when do you experience Illegal users but no failed authentication reports? What is your loglevel in sshd_config? do you permit password authentication (also what is UsePAM in sshd_config?) Please try the version from http://itanix.rutgers.edu/rumba/dists/unstable/perspect/binary-all/net/ and report if it works for you Thank you in advance Furthermore, modifying the failregex probably doesn't prevent the security breach(#330827). any example when it would leak? If it does, please report and also check with the version from the URL above fail2ban itself rather than the fairegex must be changed to parse failure log more strictly so that it can obtain the real IP address at the end of the line, not the IP-like user name. Well - That is what modified failregex is doing. And there was a 2 line modification of code itself ;-) It doesn't scan for an IP in the line (actually it does if a user didn't upgrade config file, but it issues a far warning in that case). But IP can be in any place in the line, so anything simple like at the end of the line, or after rhost=, doesn't really work or at least doesn't generalize well ;-)) Failregex now defines a group host which is very strict as for defining possible location of the IP. Also in the version from the mentioned URL I've restricted it a bit more (included colon at the beginning), so during my tests, no nasty login could confuse the parser. Thank you in advance for output regarding this issue -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpuNUoWMmkXC.pgp Description: PGP signature
Bug#329163: fail2ban: fails to handle missing chain
Hi I've hacked a fix for the problem of missing chain. Could you please try the most recent version (not yet in Debian mainstream) available from http://itanix.rutgers.edu/rumba/dists/unstable/perspect/binary-all/net/ While upgrading you might need to update your config file with a fresh one shipped with the package (as the WARNING might state) I would greatly appreciate your feedback. Cheers Yarik On Tue, Sep 20, 2005 at 10:37:55AM +1000, Aaron Howell wrote: Package: fail2ban Version: 0.5.3-1 Severity: normal Fail2ban will go into an endless loop trying to ban an ip address, if the chain it is expecting to find is no longer valid (for example if a user restarts iptables). On a busy system this has the potential to quickly fill up the log or mail spool. It should instead report an error to its log or by mail and gracefully fail, or, re-create its own chain if possible. -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpv1U97YFLim.pgp Description: PGP signature
Bug#336449: fail2ban: Mails have Date: header in GMT timezone
Please check out the fresh package from http://itanix.rutgers.edu/rumba/dists/unstable/perspect/binary-all/net/ it is supposed to do what you want (if you upgrade config file as well since default behaviour upstream should remain as it was before I think) Please report back if it fixes the issue and then I will dupload it -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpqBIkSI9Yvb.pgp Description: PGP signature
Bug#334272: fail2ban: returned ERROR 256 from iptables
It seems that you are experiencing missing chain problem: your fail2ban rules get erased by your firewall on its restart And: /etc/init.d/fail2ban status Status of fail2ban: fail2ban is running. But: iptables -L of course shows the absence of the fail2ban lines. but is there fail2ban or not? status says on the status of the process, not the state of iptables rules... please go through http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=331695 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329163 to confirm that it is the same issue of fail2ban rules being erased by external means (firewall) (so I can merge your bug with them or just close it) Also please give a try alpha version available from http://itanix.rutgers.edu/rumba/dists/unstable/perspect/binary-all/net/ which will be uploaded to unstable soon -- Yarik .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpMQRTBWJUxC.pgp Description: PGP signature
Bug#334272: Did not start [was Re: Bug#334272: fail2ban: returned ERROR 256 from iptables]
On Tue, Oct 18, 2005 at 10:08:53AM -0400, Ralph Katz wrote: Yesterday using 0.5.4-5.14, valid ssh logins worked fine, and ssh attacks were correctly prevented. Maybe fail2ban starts too soon? That would be my guess too. fail2ban boots in rc2.d, so all relevant modules should be loaded by that time. I hope you don't use any fast-boot tricks as to boot init scripts in parallel ()? Anyway I should fix fail2ban to don't fail that miserably in the case when iptables is not available at the start time. But I'm not sure what should I do about iptables detection because fail2ban itself is independent of specific firewalling solution -- commands are given in the config file. I might want to add something like waitCmd waitTime so fail2ban runs waitCmd for waitTime seconds (sleeping a second between runs) and if waitCmd never succeeds - exits, reporting the error. That would prevent your cases from happening... -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpeCPI54zwVG.pgp Description: PGP signature
Bug#331695: Bug#329163: fail2ban: fails to handle missing chain
My style is to keep my old config file and then merge in the changes and restart after the main install is done. whatever works for you is good with me :-) 1. The most substantive thing I notice is that the ignoreip configuration setting does not seem to be used--that is, I see no sign of it in my iptables -nvL rules. I have that option set, though it's set to the same value as the default (I set it before the current default was in effect.) it is considered inside fail2ban without bothering external firewall -- ignoreip's get ignored. If you want to enforce it on the level of firewall - use fwstart to hardcode them inside the firewall 2. You have a number of multi-line options without the \ character in the config file. E.g., fwend. Do the later lines actually get used? A related question: do the multiple lines of, e.g., fwcheck, all get used appropriately? yes they are used appropriately... if your increase verbosity level you see them in the logs 3. The [EMAIL PROTECTED] should solve the mail problems, but it is I'm opened for further suggestions (patches are lovely) and wishlist bugs :-) 4. The latest Debian changelog entry includes Should both of those fwban's be there? It would be more idiomatic to delete the if after in case. thank you for corrections :-) 2nd fwban should be fwunban I will update the changelog entries * Resolved the mistery The word is mystery. thanks once again :-) case, though I think it was (since it's only a warning). To clarify this, you might add defaulting to maxreinits = -1 or whatever the default behavior is. As I mentioned, I subsequently edited the configuration file and restarted the demon. Hm... not a bad idea... now you made be to fire up emacs and fix things up :-) Change will be reflected in the Debian release Thank you for your feedback -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgprnYuKAn317.pgp Description: PGP signature
Bug#334272: Did not start [was Re: Bug#334272: fail2ban: returned ERROR 256 from iptables]
On Tue, Oct 18, 2005 at 03:45:23PM -0400, Ralph Katz wrote: As a non-programmer, I can't judge your proposed solution. Meanwhile I'll check /var/log/fail2ban and restart fail2ban manually if needed after each system reboot. no need. for you if the cause is really missing iptables by the time fail2ban starts due to slowness of the machine, just add sleep 2 to /etc/defaults/fail2ban it will delay your boot by 2 seconds but hopefully it will resolve the issue. If it doesn't, then it is something else and we need to pin the problem down -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpf7ki0Bu9PF.pgp Description: PGP signature
Bug#339133: fail2ban: Race condition in default fwstart
Thank you for the bug report Jefferson, I believe that next patch in the config file should fix things up It will be uploaded with a next dupload ;-) Cheers Yarik --- config/fail2ban.conf.default(revision 285) +++ config/fail2ban.conf.default(working copy) @@ -198,8 +198,8 @@ # Values: CMD Default: # fwstart = iptables -N fail2ban-http + iptables -A fail2ban-http -j RETURN iptables -I INPUT -p tcp --dport http -j fail2ban-http - iptables -A fail2ban-http -j RETURN # Option: fwend # Notes.: command executed once at the end of Fail2Ban @@ -276,8 +276,8 @@ # Values: CMD Default: # fwstart = iptables -N fail2ban-ssh + iptables -A fail2ban-ssh -j RETURN iptables -I INPUT -p tcp --dport ssh -j fail2ban-ssh - iptables -A fail2ban-ssh -j RETURN # Option: fwend # Notes.: command executed once at the end of Fail2Ban -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpgrtBLo4qkl.pgp Description: PGP signature
Bug#337052: ITP: denyhosts -- script to block SSH brute-force dictionary attacks
Just FYI that there is a similar in purpose tool in Debian already. So if you are eager to get such a service asap before denyhosts gets into debian please consider fail2ban: Package: fail2ban Priority: optional Section: net Installed-Size: 240 Maintainer: Yaroslav Halchenko [EMAIL PROTECTED] Architecture: all Version: 0.5.4-9 Depends: python, iptables Filename: pool/main/f/fail2ban/fail2ban_0.5.4-9_all.deb Size: 32334 MD5sum: 289a8a3e9b42f505bab9403ace7fc16c Description: bans IPs that cause multiple authentication errors Monitors (in daemon mode) or just scans log files (e.g. /var/log/auth.log, /var/log/apache/access.log) and temporarily bans failure-prone addresses by updating existing firewall rules. Currently, by default, supports ssh/apache but configuration can be easily extended for scanning the other ASCII log files. Firewall rules are given in the config file, thus it can be adopted to be used with a variety of firewalls (e.g. iptables, ipfwadm). . Homepage: http://www.sourceforge.net/projects/fail2ban -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpU5ZCIKP1qe.pgp Description: PGP signature
Bug#400607: reports Couldn't load package calamaris::calBars3d
Sure thing -- find it attached But regardless, I had a configured calamaris setup, I upgraded it - it broke. That is already an incompatibility, right? Imagine apache server, where during upgrade all virtual servers other than default (which is comes shipped) disappear. Disappear just because some missing dependency... no note during upgrade, just something buried in README. I don't think that is the practice anyone would like ;-) That is why NEWS file is there to announce any possible incompatibility issues which might arise. Agreed. Just a quick check: could you please send me your /etc/cron.daily/calamaris ? -- Yaroslav Halchenko Research Assistant, Psychology Department, Rutgers-Newark Student Ph.D. @ CS Dept. NJIT Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171 101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102 WWW: http://www.linkedin.com/in/yarik #! /bin/sh set -e # calamaris: daily cron script. # This script should be run before the one for squid or oops. According to the # man page of run-parts this is okay: squid and oops come after calamaris in # the alphabet. # Date: 1998-10-07 # DEBUG=1 CONFFILE=/etc/calamaris/cron.conf CALAMARIS=/usr/bin/calamaris CALAMARIS_CONF_FILE=/etc/calamaris/calamaris.conf if [ ! -x /usr/bin/calamaris ]; then exit 0 fi CALAMARISOPTIONS=-a -f auto --config-file ${CALAMARIS_CONF_FILE} HTMLOPTIONS=-F html,graph ME=/etc/cron.daily/calamaris WEEKFILES=forweekly.1:forweekly.2:forweekly.3:forweekly.4:forweekly.5:forweekly.6:forweekly.0 # today DAYOFWEEK=`date +%w` DAYOFMONTH=`date +%d | bc -l` # WEEKOFYEAR=`date +%W` # MONTH=`date +%B` # read configuration file: /etc/calamaris/cron.conf # daily eval `awk -F: \ '(!/╗#/) ($1 == daily) { print DAYMAIL= $2; print DAYWEB= $3; print DAYDO= $4; print DAYTITLE= $5; }' $CONFFILE` DAYWEBPATH=`dirname $DAYWEB` DAYWEBFILE=`basename $DAYWEB` # weekly eval `awk -F: \ '(!/╗#/) ($1 == weekly) { print WEEKMAIL= $2; print WEEKWEB= $3; print WEEKDO= $4; print WEEKTITLE= $5; }' $CONFFILE` WEEKWEBPATH=`dirname $WEEKWEB` WEEKWEBFILE=`basename $WEEKWEB` # monthly eval `awk -F: \ '(!/╗#/) ($1 == monthly) { print MONTHMAIL= $2; print MONTHWEB= $3; print MONTHDO= $4; print MONTHTITLE= $5; }' $CONFFILE` MONTHWEBPATH=`dirname $MONTHWEB` MONTHWEBFILE=`basename $MONTHWEB` # squid or oops? CACHE=auto eval `awk -F= \ '(!/╗#/) ($1 == cache) { print CACHE= $2; }' $CONFFILE` # look for cache log files if [ $CACHE = auto ]; then if [ -r /var/log/squid/access.log ]; then CACHE=squid CACHELOGDIR=/var/log/squid fi if [ -r /var/log/oops/access.log ]; then CACHE=oops CACHELOGDIR=/var/log/oops fi if [ $CACHE = auto ]; then echo /etc/cron.daily/calamaris: no cache log files found, exiting cleanly exit 0 fi else CACHELOGDIR=/var/log/$CACHE if [ ! -r $CACHELOGDIR/access.log ]; then echo /etc/cron.daily/calamaris: no cache log files found in $CACHELOGDIR, exiting cleanly exit 0 fi fi # change to working dir LOGDIR=/var/log/calamaris cd $LOGDIR || exit 1 # if we need monthly or weekly reports save a summary if [ $WEEKDO != nothing ]; then CALAMARISOPTIONSOLD=$CALAMARISOPTIONS CALAMARISOPTIONS=$CALAMARISOPTIONS -o forweekly.$DAYOFWEEK # Ensure that this file exists and is empty; if there are no entries in the # squid access.log, calamaris won't create the summary file, which causes # problems with the weekly and monthly summaries. : forweekly.$DAYOFWEEK else if [ $MONTHDO != nothing ]; then CALAMARISOPTIONSOLD=$CALAMARISOPTIONS CALAMARISOPTIONS=$CALAMARISOPTIONS -o formonthly.$DAYOFMONTH fi fi # do the daily report case $DAYDO in nothing) if [ $WEEKDO != nothing ]; then cat $CACHELOGDIR/access.log | \ nice -39 $CALAMARIS $CALAMARISOPTIONS /dev/null fi ;; mail) if [ -x /usr/sbin/sendmail ]; then ( echo To: $DAYMAIL echo From: Calamaris root cat $CACHELOGDIR/access.log | \ nice -39 $CALAMARIS $CALAMARISOPTIONS -F mail -H $DAYTITLE ) | /usr/sbin/sendmail -t fi ;; web) cat $CACHELOGDIR/access.log | \ nice -39 $CALAMARIS $CALAMARISOPTIONS $HTMLOPTIONS -H $DAYTITLE \ --output-path $DAYWEBPATH --output-file $DAYWEBFILE ;; both) cat $CACHELOGDIR/access.log | \ nice -39 $CALAMARIS $CALAMARISOPTIONS $HTMLOPTIONS -H $DAYTITLE \ --output-path $DAYWEBPATH --output-file $DAYWEBFILE if [ -x /usr/sbin/sendmail ]; then ( echo To: $DAYMAIL echo From: Calamaris root cat $CACHELOGDIR/access.log | \ nice -39 $CALAMARIS $CALAMARISOPTIONS -F mail -H $DAYTITLE ) | /usr/sbin/sendmail -t fi ;; *) echo the 'todo' for the daily Squid report
Bug#400607: reports Couldn't load package calamaris::calBars3d
Since 2.99.1.3-2 this here: HTMLOPTIONS=-F html,graph is -F html without graph. So, for most of the users, the problem should not arise: They upgrade from stable and have a version without graphics. When then want to have graphics, they have manually change the script and install the package. well -- I don't mind... it is your call -- I just gave a suggestion. Since I am not sure if most of the users are on stable at the moment, so you might get surprised on how many would encounter the problem, then good ones would dig into Documentation and bug tracking system to find the cause, and, in the best case, noone would buzz you since this issue was raisen up (now). But since MANY users use it in testing/unstable I would just keep on recommending the proper NEWS entry so they get alarmed... or postinst conditioning, grepping of cron file to see if HTMLOPTIONS includes graph and necessary package is installed... If not - fat warning. that would be the best solution, but since it requires hand scripting - that is up to you... feel free to close the issue - it is solved for me, so I am somewhat happy ;-) -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpoOhSIVGLbw.pgp Description: PGP signature
Bug#372684: I believe it is obsolete to some extent now
Dear Submitter, 0.7. branch of fail2ban within testing/unstable has substantially different handling of dates, and doesn't rely on python's locale anymore which remains to be prone to this bug (see #369689 reassigned from fail2ban long ago). I would appreciate if you confirm that fail2ban functions as desired on your system. thanks in advance -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpgd7PZv2WOz.pgp Description: PGP signature
Bug#400054: Acknowledgement (Use of uninitialized value in addition (+) at /usr/bin/debmirror line 1506)
1 more detail: debmirror doesn't mirror any more... I am not sure if that is related to this bug of mine or more related to failed checksum of Packages.diff? Fresh Packages files are not moved from .temp :-/ and no fresh .debs are downloaded I still have old mirror from november although debmirror has been run daily. so it seems I am doomed to return back to previous release and hand patch with my patch from #369061 which was closed by this release. Relevant information about the run of debmirror (when it doesn't mirror) can be fetched from http://www.onerussian.com/Linux/bugs/400054/debmirror.debug.20061208-1 -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpDrokSk3kHt.pgp Description: PGP signature
Bug#402180: keyjnote: fresh upstream
Package: keyjnote Version: 0.8.2-1 Severity: wishlist Hi Florian Thanks so much for packaging this candy ;-) Since it is so addictive I can't resist emailing you to tell that there has being 0.8.3 out for a while ;-) thanks in advance -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (990, 'unstable'), (300, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-1-686 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages keyjnote depends on: ii gs-afpl [gs] 8.53-1 The AFPL Ghostscript PostScript in ii gs-esp [gs] 8.15.3.dfsg.1-1 The Ghostscript PostScript interpr ii gs-gpl [gs] 8.54.dfsg.1-5 The GPL Ghostscript PostScript int ii python 2.4.4-1 An interactive high-level object-o ii python-imaging 1.1.5-11Python Imaging Library ii python-opengl2.0.1.09.dfsg.1-0.2 Python bindings to OpenGL ii python-pygame1.7.1release-4 SDL bindings for games development keyjnote recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402269: jsmath: French debconf templates translation
Thank you Jean-Luc! Is there any reason why you excluded license comment? ,-- | # This file is distributed under the same license as the PACKAGE | # package. `--- Would it be ok if I place it back? ;-) -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpka3O1UiiPr.pgp Description: PGP signature
Bug#402269: jsmath: French debconf templates translation
Is there any reason why you excluded license comment? ,-- | # This file is distributed under the same license as the PACKAGE | # package. `--- Would it be ok if I place it back? ;-) No, there is no reason. There are a template header. This part of the header is not filled automatically and I was to lazy to fill it by hand. :-/ ok - then I place it back so you agree to release your translation under the same terms as jsmath is released I've an other remark, toy sujjest to do: rc.d webserver restart to restart the web server. The usage of rc.d is normally done by scripts, the humans should use the scripts found in /etc/init.d. This is why my translation is: /etc/init.d/webserver═restart did you? rr... that is not good to change the meaning of the sentence. If you feel that something has to be corrected - file another bug stating that - then we would discuss it and presumably fix in all translations. I prefer invoke-rc.d way so it is obeying runlevel constraints as well as any local policies set by the system administrator. Could you please correct the file and send it back to me? I don't want to mess things up since I see some unrecognized characters there ;-) -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpGBD93sDiyc.pgp Description: PGP signature
Bug#402269: jsmath: French debconf templates translation
Great! Thank you Jean-Luc for your help! fr.po will see fail2ban within few days in the fresh debian release ;-) I also added a license terms line: # This file is distributed under the same license as the jsmath package. Since otherwise, I guess, I could not distribute it... Ok, sorry for the change. It has been done after some discussion on the debian-l10n-french. Hm... interesting and bothersome since as I described - that is a functional change, not a pure translation any more. Could you please correct the file and send it back to me? I don't want to mess things up since I see some unrecognized characters there ;-) Please find attached the corrected version. The unrecognized characters [tm] are non-breaking spaces. They are used with French typographics rules toether with : ; б╚ б╩ ! ? to avoid orphaned signs at the beginning of a line. Hm. interesting -- are there any such in English? :-) -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402350: fail2ban: NEWS.Debian confusions
Hi Ross, Thank you for taking a moment to help me with this NEWS entry. The NEWS.Debian for the recent changes refers to /etc/defaults/fail2ban. I think that's a typo, and /etc/default/fail2ban is intended. indeed... and 10:31:15 seems to be not that late an night, so I am not sure how that slipped through my fingers ;-) I think even with that correction, the current description is somewhat confusing. Agree -- I like your wording better. So, I hate to, but IMHO I should simply replace old entry instead of adding another one. Otherwise it would bring more confusion and/or unnecessary warning for those who already upgraded to post 0.7.1-1. What would you say about few changes I've introduced in your tentative entry. I hope I didn't screw it up too bad fail2ban 0.7 is a complete rewrite of the 0.6 version, and if you customized any of provided configuration or startup files (/etc/default/fail2ban, /etc/fail2ban.conf, /etc/init.d/fail2ban), please read further. The configuration scheme has changed upstream: 0.7 ignores /etc/fail2ban.conf and instead uses a split configuration under /etc/fail2ban/. To retain your customizations, for example to monitor anything other than sshd, you will need to set them under that new directory; use *.local files for customizations. Please see /usr/share/doc/fail2ban/README.Debian.gz and http://fail2ban.sourceforge.net for further description of new configuration scheme. Detailed documentation is under development (see #400416). When you are satisfied with the new settings, please delete /etc/fail2ban.conf to avoid confusion. Fail2ban 0.7 uses client/server architecture and fail2ban-client is to substitute fail2ban command to provide an interface between the user and fail2ban-server. That is why some command line parameters present in fail2ban 0.6 are invalid in fail2ban-client. Such change affects /etc/default/fail2ban; you should review that file if you customized it. Please enable sections as directed in README.Debian.gz mentioned above. You must use newly shipped init.d/fail2ban, or otherwise fail2ban will not start. This note was rewritten to provide less clarifies and replaces the previous NEWS item since version 0.7.5-2. Here is a possible revised wording: This note clarifies and replaces the previous NEWS item. fail2ban 0.7 is a complete rewrite of the 0.6 version. The configuration scheme has changed [upstream?]: 0.7 ignores /etc/fail2ban.conf and instead uses a split configuration under /etc/fail2ban/. To retain your customizations, for example to monitor anything other than sshd, you will need to set them under that new directory; use *.local files for customizations. When you are satisfied with the new settings, please delete /etc/fail2ban.conf to avoid confusion. Also, the changes may affect /etc/default/fail2ban [how?]; you should review that file if you customized it. -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgp8Wu38KrghL.pgp Description: PGP signature
Bug#402350: fail2ban: NEWS.Debian confusions
... I have a feeling policy may frown on rewriting NEWS or changelogs after the fact, but this certainly seems like a good case in which to do so. The only possible drawback I can see is that people who upgraded and got the old NEWS will not get the new NEWS (if they use apt-listchanges). Well - I see it not as a drawback but as a desired behavior. There will be corresponding changelog entry about changed NEWS entry, so they are welcome to review it. On the other hand, it will be much less confusing for people who are still at .6 to see only a single NEWS entry. Yeah - that sounds in line with my thinking. Also, NEWS is not quite a changelog entry, so I feel ok modifying it. Also, since the change of configuration scheme is quite an important event, I had duplicated given NEWS entry in postinst script (simply duplicated the same text). Now I will have to modify it or to substitute it with some sed command on NEWS file; and indeed apt-listchanges people might see it twice. But better be warned twice in a consistent way than to stay unalarmed. This note was rewritten to provide less clarifies and replaces the previous NEWS item since version 0.7.5-2. That sentence doesn't parse in English. Here's what I think you mean: This note was rewritten in release 0.7.5-2 to clarify its meaning. doh... that sentence skipped my proofreading -- thanks once again! -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgprvVAkHFXvG.pgp Description: PGP signature
Bug#402350: fail2ban: NEWS.Debian confusions
Actually I adjusted postinst message to be WARNING! Fail2ban 0.7 is a complete rewrite of the 0.6 version, and if you customized any of provided configuration or startup files (/etc/default/fail2ban, /etc/fail2ban.conf, /etc/init.d/fail2ban), please read relevant entry in /usr/share/doc/fail2ban/NEWS.Debian.gz. -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402650: ITP: mozilla-foxyproxy -- advanced proxy management tool for iceweasel
Package: wnpp Owner: Yaroslav Halchenko [EMAIL PROTECTED] Severity: wishlist * Package name: mozilla-foxyproxy Version : 2.2.1-fx+fl Upstream Author : LeahScape, Inc. and Eric H. Jung * URL or Web page : http://foxyproxy.mozdev.org/ * License : GPL v.2 Description : advanced proxy management tool for iceweasel Advanced proxy management tool that completely replaces IceWeasel's proxy configuration. With foxyproxy you can * Define multiple proxies and order their use with priorities * Temporarily or permanently disable a proxy with the click of a button * Define which proxy to use (or none!) for arbitrary URLs using wildcards, regular expression and other conveniences * No more wondering whether a URL loaded through a proxy or not: FoxyProxy includes an optional log of all URLs loaded, including which proxy was used (if any), which pattern was matched, timestamps, etc. * Out-of-the-box support for Tor - zero configuration * Optional status bar information about which proxy is currently in use * Full Proxy Auto-Config (PAC) support * Unobtrusive presence, stable execution, premier support . Homepage: http://foxyproxy.mozdev.org/ --Yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402650: ITP: mozilla-foxyproxy -- advanced proxy management tool for iceweasel
Indeed, I stopped for a moment while deciding upon the name, but then proceeded since all the other extensions have this prefix. Problem is that iceweasel is not a common name for all mozilla products (former mozilla-browser, mozilla-thunderbird, etc) which all could use some common plugins , like mozilla-imagezoom is used by browsers (iceape-browser and iceweasel now) and mail client (icedove... doh... it just stroke me now that I need to update poor package). So common prefix iceweasel wouldn't work On Tue, 12 Dec 2006, Alexander Sack wrote: On Mon, Dec 11, 2006 at 03:56:12PM -0500, Yaroslav Halchenko wrote: Package: wnpp Owner: Yaroslav Halchenko [EMAIL PROTECTED] Severity: wishlist * Package name: mozilla-foxyproxy I don't think we should still use the mozilla-* prefix for extension packages ... now that we have ice*. - Alexander -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpppx3H4BRV0.pgp Description: PGP signature
Bug#402650: ITP: mozilla-foxyproxy -- advanced proxy management tool for iceweasel
Thanks for the info. I used to use switchproxy but after some upgrade I was looking for something different and came across foxyproxy. It has been working fine for me. Anyways, foxyproxy is not to be in etch release, so I will take a burden of trying to resolve/forward issues users would encounter On Tue, 12 Dec 2006, martin f krafft wrote: ... Also, foxyproxy has an amazing track record of instability. I ended up purging it again. Just FYI. -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpt8zc1SALyq.pgp Description: PGP signature
Bug#402650: Mozilla- prefix. Was: Bug#402650: ITP: mozilla-foxyproxy -- advanced proxy management tool for iceweasel
I don't think we should still use the mozilla-* prefix for extension packages ... now that we have ice*. But then, what to use instead ? Reading from the package description, this extension is just for iceweasel ... so maybe iceweasel-foxyproxy ... With a little work, such an extension could be made available for iceape. That may even happen upstream. So iceweasel-something is out of the question, IMHO. Indeed, stupid me didn't get at once what +xp-fl stands for so I inquired upstream http://z9.invisionfree.com/foxyproxy/index.php?showtopic=243 and they are planning to support it for iceape and seamonkey or just foxyproxy with the term iceweasel extension in the package short description. or debtags ? Anyways, the thing is that when I uploaded the very first extension packages, for mozilla at the time, they didn't have the mozilla in their name. Now they have, because of fair comments from Ari Pollak in bug #189595. And I still agree with him. That was the idea I had for why do we use mozilla- prefix. But the question now is -- can we use it at all? I mean, since it is a trademark of Mozilla Co since this year (according to wikipedia), I believe we can't use it any more... So possible ways I see 1. leave it as is and have mozilla- prefix 2. figure out substitution to the mozilla trademark 3. remove prefix once and forever and use appropriate tags. After all, many applications use some common codebase, but they are not required to have a common prefix. (1) seems to be the worst in the lengthy run, but the only one which fits the frozen state of etch now -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpIqLaoMPFSK.pgp Description: PGP signature
Bug#402832: firefox-greasemonkey: update depends and links for iceweasel transition
Package: firefox-greasemonkey Version: 0.6.4-5 Severity: grave Tags: patch Justification: renders package unusable Depends must be adjusted to depend on iceweasel link from /usr/lib/firefox/extensions/ should be moved over to /usr/lib/iceweasel/extensions/ More of mostly unnecesary discussion about this can be found on http://lists.debian.org/debian-devel/2006/12/msg00314.html ;-) Cheers -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (990, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-1-686 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages firefox-greasemonkey depends on: di firefox 2.0+dfsg-1 Transition package for iceweasel r firefox-greasemonkey recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402852: debtags: man page examples use -d ? but it seems to be broken
Package: debtags Version: 1.6.6 Severity: minor couldn't find a bug report for such obvious thing... may be it is me who is the problem ;-) examples from man page which use '-d X' option do not work. '--distance=X' works: [EMAIL PROTECTED]:/home/yoh# debtags -d 7 related mutt unknown command 7 Usage: debtags [options] command [options and arguments] Description: Commandline interface to access and manipulate Debian Package Tags Commands are: help print help information. update updates the package tag database (requires root). selfcheckperform a series of internal self checks using the current tag data. the same with --distance 7, but --distance=7 works [EMAIL PROTECTED]:/home/yoh# debtags --distance=3 related mutt snownews - Text mode RSS newsreader af - An Emacs-like mail reader and composer mailutils - GNU mailutils utilities for handling mail gopher - Distributed Hypertext Client, Gopher protocol multimail - Offline reader for Blue Wave, QWK, OMEN and SOUP I am off to finish reading the man page ;-) Cheers -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (990, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-1-686 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages debtags depends on: ii apt [libapt-pkg-libc6.3-6-3. 0.6.46.4Advanced front-end for dpkg ii libc62.3.6.ds1-9 GNU C Library: Shared libraries ii libgcc1 1:4.1.1-21 GCC support library ii libsigc++-2.0-0c2a 2.0.17-2type-safe Signal Framework for C++ ii libstdc++6 4.1.1-21The GNU Standard C++ Library v3 ii perl 5.8.8-7 Larry Wall's Practical Extraction ii zlib1g 1:1.2.3-13 compression library - runtime debtags recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402853: debtags: please recommends tagcol
Package: debtags Version: 1.6.6 Severity: wishlist man page for debtags provides juicy examples for how to use debtags with tagcoll. Would you mind placing tagcoll into some loose relationship (Suggests may be) with debtags? Thanks in advance -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (990, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-1-686 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages debtags depends on: ii apt [libapt-pkg-libc6.3-6-3. 0.6.46.4Advanced front-end for dpkg ii libc62.3.6.ds1-9 GNU C Library: Shared libraries ii libgcc1 1:4.1.1-21 GCC support library ii libsigc++-2.0-0c2a 2.0.17-2type-safe Signal Framework for C++ ii libstdc++6 4.1.1-21The GNU Standard C++ Library v3 ii perl 5.8.8-7 Larry Wall's Practical Extraction ii zlib1g 1:1.2.3-13 compression library - runtime debtags recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402932: iceape: doesn't start... seems to be unrelated to the other bug reports
Package: iceape Version: 1.0.6-1 Severity: important I've tried to follow recommendations on previous bug reports, so I uninstalled iceape* and mozilla-* products, removed /usr/lib/iceape completely, reinstalled it and it still doesn't start... just doesn't report anything and doesn't start... it takes it this long to quit: ,--- | *$ time iceape | real0m0.279s | user0m0.072s | sys 0m0.092s | *$ time iceape -mail | | real0m0.288s | user0m0.084s | sys 0m0.072s `--- I moved ~/.mozilla away , | sh -x iceape | + '[' '' ']' | + MOZ_DIST_BIN=/usr/lib/iceape | + MOZ_PROGRAM=/usr/lib/iceape/iceape-bin | + RUNTIME_ICEAPE_DSP= | + '[' -f /etc/iceape/iceaperc ']' | + . /etc/iceape/iceaperc | ++ ICEAPE_DSP=none | + '[' -f /home/yoh/.mozilla/iceaperc ']' | + '[' '' ']' | + '[' -z none ']' | + export MOZ_DISABLE_PANGO | + '[' none = auto ']' | + '[' none = none ']' | + ICEAPE_DSP= | + EXTENT_LD_LIB_PATH=/usr/lib/iceape:/usr/lib/iceape/plugins | + '[' :/usr/local/lib ']' | + LD_LIBRARY_PATH=/usr/lib/iceape:/usr/lib/iceape/plugins::/usr/local/lib | + export LD_LIBRARY_PATH | + APPLICATION_ID=iceape | + VERBOSE= | + DEBUG=0 | + DEBUGGER= | + REMOTE=0 | + TRY_USE_EXIST=0 | + first=1 | + opt= | + START= | + '[' 0 -ne 0 ']' | + OPTIONS= | + '[' 0 -eq 1 ']' | + '[' 0 -eq 1 ']' | + MOZ_PROGRAM='/usr/lib/iceape/iceape-bin -a iceape' | + echo_vars ICEAPE_DSP APPLICATION_ID CMDLINE_DISPLAY DISPLAY OPTIONS DEBUG DEBUGGER MOZ_DISABLE_PANGO MOZ_NO_REMOTE REMOTE START | + '[' '' ']' | + PING_STATUS=1 | + '[' :0.0 ']' | + '[' -z '' ']' | + CMDLINE_DISPLAY=:0.0 | + verbose 'Running: /usr/lib/iceape/iceape-bin -a iceape -remote '\''ping()'\''' | + '[' '' ']' | + DISPLAY=:0.0 | + /usr/lib/iceape/iceape-bin -a iceape -remote 'ping()' | + PING_STATUS=2 | + echo_vars PING_STATUS | + '[' '' ']' | + '[' 2 -eq 0 ']' | + '[' 2 -eq 0 ']' | + '[' 0 -eq 0 ']' | + '[' 0 -eq 1 ']' | + type '' | + exec_verbose /usr/lib/iceape/iceape-bin -a iceape | + verbose Running: /usr/lib/iceape/iceape-bin -a iceape | + '[' '' ']' | + exec /usr/lib/iceape/iceape-bin -a iceape `--- ok - now with -g ,-- | iceape -g | GNU gdb 6.5-debian | Copyright (C) 2006 Free Software Foundation, Inc. | GDB is free software, covered by the GNU General Public License, and you are | welcome to change it and/or distribute copies of it under certain conditions. | Type show copying to see the conditions. | There is absolutely no warranty for GDB. Type show warranty for details. | This GDB was configured as i486-linux-gnu...Using host libthread_db library /lib/tls/i686/cmov/libthread_db.so.1. | | (gdb) r | Starting program: /usr/lib/iceape/iceape-bin -a iceape | Failed to read a valid object file image from memory. | [Thread debugging using libthread_db enabled] | [New Thread -1220053312 (LWP 19136)] | | Program exited with code 01. | `--- Here is strace log (strace -fF ): links http://www.onerussian.com/Linux/bugs/iceape/iceape.strace.log.gz Please let me know if I could dig more information -- I need iceape to validate mozilla extensions packaging before uploading them... -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (990, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-1-686 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages iceape depends on: ii iceape-browser1.0.6-1The Iceape Internet browser ii iceape-mailnews 1.0.6-1The iceape Internet application su Versions of packages iceape recommends: pn iceape-chatzilla none (no description available) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402932: iceape: doesn't start... seems to be unrelated to the other bug reports
doh... 1. I did have MOZILLA_FIVE_HOME=/usr/local/mozilla -- got removed 2. it starts nicely from other user account 3. it starts nicely whenever I login from another box and run iceape --no-xshm 4. but didn't start from my environment (though I export MOZILLA_FIVE_HOME=) I even made another strace (smaller a bit this time) http://www.onerussian.com/Linux/bugs/iceape/iceape.strace2.log.gz 3. and 4. persuaded me to relogin into my X desktop (after all it was up for a while and went through quite a few upgrades) and that did the trick... I am sorry that I brought this up unto you without enough troubleshooting... heh heh Please feel free to close the bug On Wed, 13 Dec 2006, Mike Hommey wrote: O_o what the f*ck is it trying to do in /usr/local/mozilla ? and trying to find component registration in your home directory ? Could you try with another user ? If that works, can you try to find out what environment variable may be responsible for this ? -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpuRXTXql1Pj.pgp Description: PGP signature
Bug#389691: this bug is not severe! I would love to see keyjnote in etch - please unblock
severity 389691 normal thanks I am not sure why the maintainer didn't lower the severity -- this issues seems to be not even a keyjnote fault but SDL/ALSA configuration issue on the box of the submitter. So MOST of the people do not experience this bug, thus at most it must be of normal severity. This package has no other serious bug filed for a while (besides wishlist for me for new upstream version), so I would ask to remove the hold from this package so it gets into etch, and dear maintainer please do not upload fresh release into unstable so current version (if approved) penetrate into etch. -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpGAABQSTcXY.pgp Description: PGP signature
Bug#343821: fail2ban: Additional info (debug log dump)
fail2ban-Apache\niptables -F fail2ban-Apache\niptables -X fail2ban-Apache' 2006-09-09 13:19:02,896 DEBUG: Apache: Accepted value fwban='iptables -I fail2ban-Apache 1 -s ip -j DROP' 2006-09-09 13:19:02,897 DEBUG: Apache: Accepted value fwunban='iptables -D fail2ban-Apache -s ip -j DROP' 2006-09-09 13:19:02,897 DEBUG: Apache: Accepted value fwcheck='iptables -L INPUT | grep -q fail2ban-Apache' 2006-09-09 13:19:02,897 INFO: Enabled sections: ['SSH'] 2006-09-09 13:19:02,898 DEBUG: Add 127.0.0.1 to ignore list 2006-09-09 13:19:02,898 WARNING: is not a valid IP address 2006-09-09 13:19:02,898 DEBUG: Nothing to do 2006-09-09 13:19:02,898 DEBUG: SSH: Initialize firewall rules 2006-09-09 13:19:02,899 DEBUG: iptables -N fail2ban-SSH iptables -A fail2ban-SSH -j RETURN iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH 2006-09-09 13:19:02,899 DEBUG: /var/log/auth.log has been modified 2006-09-09 13:19:02,899 DEBUG: /var/log/auth.log 2006-09-09 13:19:02,906 ERROR: unknown locale: en_DK 2006-09-09 13:19:02,906 ERROR: Please check the format and your locale settings. 2006-09-09 13:19:02,906 DEBUG: Setting file position to 0 for /var/log/auth.log 2006-09-09 13:19:02,924 ERROR: Fail2Ban got an unhandled exception and died. 2006-09-09 13:19:02,925 ERROR: Type: 'AttributeError' Value: ('strptime',) TB: [('/usr/bin/fail2ban', 55, '?', 'fail2ban.main()'), ('/usr/share/fail2ban/fail2ban.py', 513, 'main', 'e = element[1].getFailures()'), ('/usr/share/fail2ban/logreader/logreader.py', 143, 'getFailures', 'for element in self.findFailure(line):'), ('/usr/share/fail2ban/logreader/logreader.py', 174, 'findFailure', 'date = self.getUnixTime(timeMatch.group())'), ('/usr/share/fail2ban/logreader/logreader.py', 216, 'getUnixTime', 'date = list(time.strptime(value, self.timepattern))')] 2006-09-09 13:19:02,925 WARNING: Restoring firewall rules... 2006-09-09 13:19:02,925 DEBUG: SSH: Restore firewall rules 2006-09-09 13:19:02,926 DEBUG: iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH iptables -F fail2ban-SSH iptables -X fail2ban-SSH 2006-09-09 13:19:02,926 DEBUG: Nothing to do 2006-09-09 13:19:02,926 DEBUG: Removed PID lock /var/run/fail2ban.pid -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-3-k7 Locale: LANG=en_DK, LC_CTYPE=en_DK (charmap=ISO-8859-1) Versions of packages fail2ban depends on: ii iptables 1.3.3-1bpo1 Linux kernel 2.4+ iptables adminis ii lsb-base 3.1-9bpo1 Linux Standard Base 3.1 init scrip ii python 2.3.5-2 An interactive high-level object-o -- no debconf information -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpk1Pep60YBb.pgp Description: PGP signature
Bug#387993: libstdc++6-4.1-dev: undefined reference to [EMAIL PROTECTED]'
Package: libstdc++6-4.1-dev Version: 4.1.1-13 Severity: normal File: /usr/lib/gcc/i486-linux-gnu/4.1.2/libstdc++.so Dear Maintainer, I am sorry if my bug report is pure ignorance of the matter: I hope that you would highlight the situation for me at least if it is so After recent upgrade, mcc (Matlab compiler fails to compile) with next error messages: r14sp3 release of matlab: - gcc -O -pthread -o test test_main.o test_mcc_component_data.o -Wl,-rpath-link,/share/apps/matlab_r14sp3/bin/glnx86 -L/share/apps/matlab_r14sp3/bin/glnx86 -lmwmclmcrrt -lm -lstdc++ /usr/bin/ld: warning: libstdc++.so.5, needed by /share/apps/matlab_r14sp3/bin/glnx86/libmwmclmcrrt.so, may conflict with libstdc++.so.6 /usr/lib/gcc/i486-linux-gnu/4.1.2/libstdc++.so: undefined reference to [EMAIL PROTECTED]' /usr/lib/gcc/i486-linux-gnu/4.1.2/libstdc++.so: undefined reference to [EMAIL PROTECTED]' collect2: ld returned 1 exit status mbuild: link of 'test' failed. Error: An error occurred while shelling out to mbuild (error code = 256). Unable to build executable. 2006b release of matlab: - gcc -O -pthread -o test test_main.o test_mcc_component_data.o -Wl,-rpath-link,/share/apps/matlab_r2006b/bin/glnx86 -L/share/apps/matlab_r2006b/bin/glnx86 -lmwmclmcrrt -lm -lstdc++ /usr/lib/gcc/i486-linux-gnu/4.1.2/libstdc++.so: undefined reference to [EMAIL PROTECTED]' collect2: ld returned 1 exit status mbuild: link of 'test' failed. Please advise -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16.20-ravana Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages libstdc++6-4.1-dev depends on: ii g++-4.1 4.1.1-13 The GNU C++ compiler ii gcc-4.1-base 4.1.1-13 The GNU Compiler Collection (base ii libc6-dev 2.3.6-13 GNU C Library: Development Librari ii libstdc++64.1.1-13 The GNU Standard C++ Library v3 libstdc++6-4.1-dev recommends no packages. -- no debconf information --Yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#388081: python-central: breaks upgrade if versions are missing for some reason
Package: python-central Version: 0.5.5 Severity: important On the recent upgrade I've got Linking and byte-compiling packages for runtime python2.3... Traceback (most recent call last): File /usr/bin/pycentral, line 1325, in ? main() File /usr/bin/pycentral, line 1319, in main rv = action.run(global_options) File /usr/bin/pycentral, line 954, in run requested = list(pyversions.requested_versions(vstring, version_only=True)) File /usr/share/python/pyversions.py, line 113, in requested_versions raise ValueError, 'empty set of versions' ValueError: empty set of versions dpkg: error processing python2.3 (--configure): subprocess post-installation script returned error exit status 1 Since it fails, it forbids me from upgrading and many packages are left in not configured state. Also such cruel exit doesn't provide any insight on which package it really failed so I can't resolve the issue by removing the bad cow package (if that is the issue of a bad package). Please provide proper handling in such cases. # pyversions -s python2.3 python2.4 Thanks in advance -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable'), (300, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-1-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages python-central depends on: pn pythonnone (no description available) python-central recommends no packages. -- no debconf information --Yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#388158: pylint: doesn't bytecompile for python2.4
Package: pylint Version: 0.11.0-2 Severity: normal Just got pylint installed and it is missing python2.4 install by python-central ls -l /usr/lib/python2.*/site-packages/pylint/lint.py 0 lrwxrwxrwx 1 root root 56 Sep 18 17:25 /usr/lib/python2.3/site-packages/pylint/lint.py - /usr/share/pycentral/pylint/site-packages/pylint/lint.py it seems to be due to wrong XS-Python-Version: field, which must be =2.2 I think in this case ;-) Please excuse me if I am wrong... -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16.20-ravana Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages pylint depends on: ii emacsen-common1.4.17 Common facilities for all emacsen ii python2.3.5-5An interactive high-level object-o ii python-central0.5.0 register and build utility for Pyt ii python-logilab-astng 0.16.0-2 extend python's abstract syntax tr ii python-logilab-common 0.16.1-2 useful miscellaneous modules used ii python-tk 2.4.3-1Tkinter - Writing Tk applications pylint recommends no packages. -- no debconf information --Yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#396868: ITP: jbidwatcher -- bidding, sniping and monitoring software for eBay
Nice to see someone is ITPing it... Didn't want to compile with free java... I was about to at least file ITP myself whenever I saw your ITP ;-) I have a letter of correspondence from Morgan which might be of some value - I will forward it to you with next email Good luck On Fri, 03 Nov 2006, Romain Beauxis wrote: Package: wnpp Severity: wishlist Owner: Romain Beauxis [EMAIL PROTECTED] * Package name: jbidwatcher Version : 1.0 Upstream Author : Morgan Schweers, CyberFOX [EMAIL PROTECTED] * URL : http://www.jbidwatcher.com/ * License : LGPL Description : bidding, sniping and monitoring software for eBay A Java-based application allowing you to monitor auctions you're not part of, submit bids, snipe (bid at the last moment), and otherwise track your auction-site experience. It includes adult-auction management, MANY currencies (pound, dollar (US, Canada, Australian, and New Taiwanese) and euro, presently), drag-and-drop of auction URLs, an original, unique and powerful 'multisniping' feature, and a relatively nice UI. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.16-2-686 Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1) -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#397548: tightvncserver: VNC server crashes... most often with KDE running inside it...
Package: tightvncserver Version: 1.2.9-20 Severity: important We have reinstalled the server with amd64 etch. vncserver keeps crashing: first I associated the problem with KDE thus I Stopped using it, but then it reoccured with pure windowmaker running(FYI - windowmaker was using by KDE as window manager as well) Since it A sounds verynon-informative I've decided to provide an strace with timings for the crashed run - may be will provide some instights: since stracedump is quit large I am providing the beginning of it: http://www.onerussian.com/Linux/bugs/tightcrash/tight.strace.head.log.bz2 and actually the part whenever server crashed: http://www.onerussian.com/Linux/bugs/tightcrash/tight.strace.partaroundcrash.log.bz2 Thank you in advance for looking at the isue! Please let me know if I could provide any additional information Thanks in advance -- System Information: Debian Release: testing/unstable APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'testing') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-2-amd64-generic Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages tightvncserver depends on: ii dpkg 1.13.22 package maintenance system for Deb ii libc62.3.6.ds1-7 GNU C Library: Shared libraries ii libjpeg626b-13 The Independent JPEG Group's JPEG ii libx11-6 2:1.0.3-2 X11 client-side library ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar ii perl 5.8.8-6.1 Larry Wall's Practical Extraction ii vnc-common 3.3.7-13Virtual network computing server s ii x11-common 1:7.1.0-5 X Window System (X.Org) infrastruc ii xbase-clients1:7.1.ds-3 miscellaneous X clients ii zlib1g 1:1.2.3-13 compression library - runtime Versions of packages tightvncserver recommends: ii xfonts-base 1:1.0.0-4 standard fonts for X -- debconf-show failed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#396868: ITP: jbidwatcher -- bidding, sniping and monitoring software for eBay
Thank you for taking care about packaing jbidwatcher I have managed to remove some part that were not necessary, but there is still a Regex class that is needed. claims that the licence is the Lesser Gnu Public License, the source lacks some classes source, in particular in some Unicode*.class See http://www.javaregex.com/binaries/patbinfree153.jar and http://www.javaregex.com/binaries/patsrcfree153.jar I see those defined in Regex.java file in the source... or am I missing something? :-) -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpQpEx3EvpEs.pgp Description: PGP signature
Bug#397944: consider default (system wide) configuration /etc/logrotate.conf in each section
Package: logrotate Version: 3.7.1-3 Severity: important I could not find any relevant info in the man page and got surprised that system wide parameters defined in /etc/logrotate.conf such as rotate 4 do not have effect in specific logrotate sections, ie there is no really default value - it gets assumed to be 1. For instance: if I have [EMAIL PROTECTED]:/home/yoh.m/deb/debs/fail2ban/trunk/debian# ls -l /var/log/fail2ban.log* -rw-r- 1 root adm 1544 Nov 10 10:45 /var/log/fail2ban.log -rw-r- 1 root adm 1619 Nov 10 10:45 /var/log/fail2ban.log.1 -rw-r- 1 root adm 539 Nov 10 10:45 /var/log/fail2ban.log.2.gz -rw-r- 1 root adm 539 Nov 10 10:44 /var/log/fail2ban.log.3.gz -rw-r- 1 root adm 537 Nov 10 10:44 /var/log/fail2ban.log.4.gz and define fail2ban.logrotate to be /var/log/fail2ban.log { # assuming defaults from /etc/logrotate.conf #weekly #rotate 4 #compress delaycompress missingok postrotate invoke-rc.d --quiet fail2ban reload /dev/null endscript create 640 root adm } [EMAIL PROTECTED]:/home/yoh.m/deb/debs/fail2ban/trunk/debian# logrotate --force --verbose /etc/logrotate.d/fail2ban.logrotate reading config file /etc/logrotate.d/fail2ban.logrotate reading config info for /var/log/fail2ban.log Handling 1 logs rotating pattern: /var/log/fail2ban.log forced from command line (no old logs will be kept) empty log files are rotated, old logs are removed considering log /var/log/fail2ban.log log needs rotating rotating log /var/log/fail2ban.log, log-rotateCount is 0 renaming /var/log/fail2ban.log.1 to /var/log/fail2ban.log.2 (rotatecount 1, logstart 1, i 1), renaming /var/log/fail2ban.log.0 to /var/log/fail2ban.log.1 (rotatecount 1, logstart 1, i 0), old log /var/log/fail2ban.log.0 does not exist renaming /var/log/fail2ban.log to /var/log/fail2ban.log.1 disposeName will be /var/log/fail2ban.log.1 creating new log mode = 0640 uid = 0 gid = 4 running postrotate script removing old log /var/log/fail2ban.log.1 although default parameters in logrotate.conf are # keep 4 weeks worth of backlogs rotate 4 I really think that is important to have defaults for logrotate so admin doesn't have to modify every config filein /etc/logrotate.in to lets say increase number of kept logs -- Package-specific info: Contents of /etc/logrotate.d total 84 -rw-r--r-- 1 root root 137 Jan 15 2006 acpid -rw-r--r-- 1 root root 240 Jul 15 2003 apache2 -rw-r--r-- 1 root root 79 Jun 9 2003 aptitude -rw-r--r-- 1 root root 384 Jan 3 2004 base-config -rw-r--r-- 1 root root 162 Mar 21 2005 checksecurity -rw-r--r-- 1 root root 245 Jun 5 09:59 cupsys -rw-r--r-- 1 root root 124 Apr 19 2005 dirmngr -rw-r--r-- 1 root root 133 Jun 29 2003 distributed-net -rw-r--r-- 1 root root 111 Sep 26 2005 dpkg -rw-r--r-- 1 root root 170 Mar 2 2005 exim4-base -rw-r--r-- 1 root root 325 Nov 10 10:37 fail2ban.logrotate -rw-r--r-- 1 root root 151 Nov 11 2002 iptraf -rw-r--r-- 1 root root 100 Jan 23 2005 kdm -rw-r--r-- 1 root root 74 May 16 2003 mrtg -rw-r--r-- 1 root root 466 Aug 22 2004 nessusd -rw-r--r-- 1 root root 146 Aug 16 01:40 ntop -rw-r--r-- 1 root root 153 Oct 20 2005 postgresql-common -rw-r--r-- 1 root root 94 Oct 30 2003 ppp -rw-r--r-- 1 root root 68 Dec 12 2002 scrollkeeper -rw-r--r-- 1 root root 271 Mar 16 2005 snort -rw-r--r-- 1 root root 58 Apr 20 2005 wdm -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable'), (300, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-1-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages logrotate depends on: ii anacron 2.3-11 a cron-like program that doesn't g ii base-passwd 3.5.11 Debian base system master password ii cron 3.0pl1-97 management of regular background p ii libc62.3.6.ds1-4 GNU C Library: Shared libraries ii libpopt0 1.10-3 lib for parsing cmdline parameters ii libselinux1 1.30.28-1 SELinux shared libraries Versions of packages logrotate recommends: ii mailx1:8.1.2-0.20050715cvs-1 A simple mail user agent -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#397878: fail2ban: no logrotation anymore?
Thank you for reporting! Forgotten about the beast - it was not present in upstream, so I postponed its transfer from 0.6 branch and forgot... sorry Here you can fetch fixed version (I will ask for sponsored upload of -3 after a bit more fixes build up or after a week, whichever is earlier ;-)) from http://itanix.rutgers.edu/rumba/dists/sid/perspect/binary-all/net/fail2ban_0.7.4-3~1_all.deb Cheers Yarik -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpM00RsxoH4S.pgp Description: PGP signature
Bug#396668: fail2ban: issues with default from on emails
Thank you Ross for reporting the issue. Would you consider it to be a reincarnation of http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329722 ? thus option d) in your list? Then I would like to close/merge them (unless we continue discussion) Would the solution for that one suffice in this case? or may be I should take a) step since I consider b) unnecessary user names space pollution -- fail2ban has to run as root in any case c) although it sounds neat, since there is no unified framework to introduce changes into /etc/aliases and keep/remove them, I would prefer to stay out of it. I might be ignorant and if there is a better way than echo 'fail2ban: root' /etc/aliases ... and sed -i -e 's/^fail2ban.*//g' on purge - please let me know, I might rethink Thanks in advance for your output -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpdlvmnpIgv1.pgp Description: PGP signature
Bug#398015: /etc/init.d/util-vserver status doesn't detect the kernel
Package: util-vserver Version: 0.30.211-2 Severity: minor this says for its own ;-) /etc/init.d/util-vserver status ONBOOT=no Server blank is not running ONBOOT=no Server krb is not running ONBOOT=yes Server www is running Linux-Vserver enabled kernel not detected /proc entries were fixed for Linux-Vserver guests so why Linux-Vserver enabled kernel not detected? vserver-info - RUNNING ; echo $? 1 -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (600, 'unstable'), (300, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-2-vserver-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages util-vserver depends on: ii debconf 1.5.6 Debian configuration management sy ii iproute 20060323-1 Professional tools to control the ii libbeecrypt6 4.1.2-6 open source C library of cryptogra ii libc62.3.6.ds1-4 GNU C Library: Shared libraries ii make 3.81-2 The GNU version of the make util ii net-tools1.60-17 The NET-3 networking toolkit Versions of packages util-vserver recommends: ii binutils 2.17-3 The GNU assembler, linker and bina ii debootstrap 0.3.3 Bootstrap a basic Debian system -- debconf information: * util-vserver/start_on_boot: true util-vserver/prerm_stop_running_vservers: true util-vserver/postrm_remove_vserver_configs: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#396668: fail2ban: issues with default from on emails
Hi Ross, BTW - given issue is obsolete in 0.7.x which is in unstable already. Could you please verify that ;-) (though it sends email to [EMAIL PROTECTED] which I believe must be ok) On Sun, 12 Nov 2006, Ross Boylan wrote: On Fri, Nov 10, 2006 at 06:18:49PM -0500, Yaroslav Halchenko wrote: Thank you Ross for reporting the issue. Would you consider it to be a reincarnation of http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329722 ? thus option d) in your list? Then I would like to close/merge them (unless we continue discussion) It's certainly in the same neighborhood. However, the focus of the earlier bug was on the domain of the email address (which the second point in this bug discusses), while this one concerns the part before the @ sign as well. -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpg9oYX0DEw6.pgp Description: PGP signature
Bug#396668: fail2ban: issues with default from on emails
As I said that the problem (bad From address) is obsolete in 0.7.x, so if you don't mind installing it (0.7.4-3), enabling mail (follow instructions in /etc/fail2ban/jail.conf), and verifying that received email has proper From field (must be root@mailhostname) Thank you in advance! On Tue, 14 Nov 2006, Ross Boylan wrote: On Tue, Nov 14, 2006 at 10:29:40AM -0500, Yaroslav Halchenko wrote: Hi Ross, BTW - given issue is obsolete in 0.7.x which is in unstable already. Could you please verify that ;-) I'm not sure what you mean to verify, but $ apt-show-versions -a fail2ban fail2ban0.6.1-11install ok installed fail2ban0.6.1-11testing fail2ban0.6.1-11testing fail2ban0.7.4-3 unstable fail2ban/testing uptodate 0.6.1-11 (though it sends email to [EMAIL PROTECTED] which I believe must be ok) The problem is with the sender of the email, not the recipient. I have some doubts about localhost, as mentioned in earlier messages for this bug. -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpt7KyVCNsoV.pgp Description: PGP signature
Bug#398739: attachment
I believe that you mixed up interpolations (done but pythons config module) and substitutions done by fail2ban actionstart = iptables -N fail2ban-name iptables -I fwchain -m state --state NEW -p protocol --dport port -j fail2ban-name post_start_commands I don't think that it is fail2ban intent to substitute post_start_commands here -- try using interpolations %(...)s please inspect your configs more carefully on above mentioned subject and get back to me so we could close this bug report if there is no issue with interpolations handling (which is in any case not much of fail2ban issue but python...) # Option: fwend # Notes.: command executed once at the end of Fail2Ban # Values: CMD # actionstop = pre_end_commands iptables -D fwchain -m state --state NEW -p protocol --dport port -j fail2ban-name iptables -F fail2ban-name iptables -X fail2ban-name On Wed, 15 Nov 2006, martin f krafft wrote: Oops. Now attached. -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpvgxxgpTOC5.pgp Description: PGP signature
Bug#398740: Re: Bug#398740: init.d script does not appear idempotent
This is ancient stuff. ancient doesn't necessarily mean bad piper:~# /etc/init.d/apache2 start || echo failure #[345] Starting web server (apache2)... . piper:~# /etc/init.d/apache2 start || echo failure #[346] Starting web server (apache2)... httpd (pid 4175) already running. piper:~# /etc/init.d/apache2 stop || echo failure #[346] Stopping web server (apache2)... . piper:~# /etc/init.d/apache2 stop || echo failure #[347] Stopping web server (apache2)... httpd (no pid file) not running. well -- if you look inside that script it makes limited use of start-stop-daemon facility at all and just doesn't suppress output to APACHE2CTL... -- I don't consider it a good practice since it can easily violate LSB guidelines (such as a single line etc) to use log_*_msg functions for output from init scripts... I think even that it is worth filing a bug against apache2 even if the daemon is running (return 1 from do_start) return of init script is 0. Yeah, I am only talking about the output. Not the exit status. ok - we narrowed it down to just output (as for exit status also see http://refspecs.freestandards.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html) since start action when daemon already is running considered to be a normal (return 0) - then it should simply follow http://www.debian.org/doc/debian-policy/ch-opersys.html#s9.4 Please argue not by an example on possibly broken scripts but references to policy/dev-ref -- that would make it easier to properly resolve the issue -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpYX9LDazoEH.pgp Description: PGP signature
Bug#398739: Re: Bug#398739: attachment
it is hard to see whole picture since you are just sending changing snippets of configuration - send the whole entirety... I bet that the reason for current issue is that you defined actionstart in [Definition] config/action.d/iptables.conf whenever you defined in post_start_commands in [Init] --- how can it see its value in Definition?? define it in new section [DEFAULT] of the same file then... and you might need to define it to smth nonempty - I am not sure what freaks ConfigParser out exactly once again - this is not a fail2ban issue but rather logic behind usage of python interpolations in config files On Wed, 15 Nov 2006, martin f krafft wrote: also sprach Yaroslav Halchenko [EMAIL PROTECTED] [2006.11.15.1512 +0100]: I believe that you mixed up interpolations (done but pythons config module) and substitutions done by fail2ban actionstart = iptables -N fail2ban-name iptables -I fwchain -m state --state NEW -p protocol --dport port -j fail2ban-name post_start_commands I don't think that it is fail2ban intent to substitute post_start_commands here -- try using interpolations %(...)s -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#398739: Re: Re: Bug#398739: attachment
Dear Martin, ok - I see now more clearly but the reason is the same: confusion between interpolated values and substituted by fail2ban (which is a limited set of names). so whenever you provide parameters for action like iptables[bla=zzz] bla has to be handled as fail2ban config parameter (the ones found now in ). here I managed confuse you and myself in my first reply since config files loaded separately in pairs .conf .local, interpolations do not penetrate from one to another, thus whatever is defined (besides fail2ban parameter mentioned above) in a section within jail.conf has to be passed as the fail2ban action parameter. In your config you mixed up the two: [Definition] actionstart = iptables -N fail2ban-name iptables -I fwchain -m state --state NEW -p protocol --dport port -j fail2ban-name %(post_start_commands)s actionstop = pre_end_commands do you see the problem??? Indeed difference between interpolated and parameters to actions is worth documenting: I will add a note to README.Debian. I will close this bug after introducing respective documentation Please find my fix to your configuration attached... So my question is how I can override the defaults from the jail configuration. simply by redefining in jail.local. in your case you are not only redefining it but trying to introduce additional parameters into action and mixing up parameters and interpolations -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] fail2ban.martin.tgz Description: application/tar-gz pgpOVWIzfgPrX.pgp Description: PGP signature
Bug#391342: [RFS]: jsMath:TeX equations in HTML documents
Dear All, For the sake of reference I am replying to my ITP bugreport. Please consider next packages for sponsoring or for commenting on. (I am 1 person away from DAM approval in NM queue... 1,2 months more and I might become a DD myself ;-) For now I need sponsoring) Sources: dget http://itanix.rutgers.edu/rumba/dists/sid/perspect/source/web/jsmath_3.3g-1.dsc dget http://itanix.rutgers.edu/rumba/dists/sid/perspect/source/web/jsmath-fonts_1.3-1.dsc dget http://itanix.rutgers.edu/rumba/dists/sid/perspect/source/web/jsmath-fonts-sprite_1.0-1.dsc Binaries available from my repository: deb http://itanix.rutgers.edu/rumba/ sid perspect This is the 1st packaging, thus it would close an ITP. Packages are lintian/linda clean. Worries might be due to use of debconf in jsmath to configure web servers. gallery's scripts were used as a start point. I might in future disable botton in jsMath menu to look for updates (although it can't hurt so people could buzz me to run uscan ;-)) Thanks everyone in advance for looking at. On Fri, 06 Oct 2006, Yaroslav Halchenko wrote: Package: wnpp Owner: Yaroslav Halchenko [EMAIL PROTECTED] Severity: wishlist * Package name: jsmath Version : 3.3e Upstream Author : Davide P. Cervone * URL or Web page : http://www.math.union.edu/~dpvc/jsMath * License : Apache License 2.0 Description : TeX equations in HTML documents The jsMath package provides a method of including mathematics in HTML pages that works across multiple browsers under Windows, Macintosh OS X, Linux and other flavors of Unix. It overcomes a number of the shortcomings of the traditional method of using images to represent mathematics: jsMath uses native fonts, so they resize when you change the size of the text in your browser, they print at the full resolution of your printer, and you don't have to wait for dozens of images to be downloaded in order to see the mathematics in a web page. . There are also advantages for web-page authors, as there is no need to preprocess your web pages to generate any images, and the mathematics is entered in TeX form, so it is easy to create and maintain your web pages. -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpyGtge5ahuE.pgp Description: PGP signature
Bug#383288: failure to add rules for one port results in multiple rules added for other ports
Hi Martin I am sorry that I am getting to this issue with such a huge delay. I am not sure if you have any additional details on this bugreport, since I don't quite understand what has happened and why it kept reinitializing the rules: if by any chance you can provide me with at least fail2ban log file (and iptables -L) if you have them left or can reproduce the bug. Thank you in advance If a rule fails to execute, maybe only retry it, not all rules? The idea of fwcheck is that if it fails, it means that the state of firewall was changed outside of fail2ban, thus it is not safe to operate any more and it is better to reinitilize all the rules. -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpRqYYxEwcF6.pgp Description: PGP signature
Bug#305950: svk upstream has bash completion module...
Package: svk Version: 1.08-1 Followup-For: Bug #305950 Please have a look at https://launchpad.net/distros/ubuntu/+source/svk/+bug/32312 (so yes... ubuntu has it fixed... heh heh) and in the upstream sources - ./contrib/svk-completion.pl is there. -- System Information: Debian Release: testing/unstable Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-mm1 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages svk depends on: ii libalgorithm-annotate-perl0.10-1 represent a series of changes in a ii libalgorithm-diff-perl1.19.01-2 a perl library for finding Longest ii libclass-autouse-perl 1.23-1 Defer loading ( 'use'ing ) of a cl ii libclone-perl 0.18-1 recursively copy Perl datatypes ii libcompress-zlib-perl 1.42-1 Perl module for creation and manip ii libdata-hierarchy-perl0.21-1 Handle data in a hierarchical stru ii libfile-type-perl 0.22-1 determine file type using magic st ii libfreezethaw-perl0.43-3 converting Perl structures to stri ii libio-digest-perl 0.10-1 Calculate digests while reading or ii libio-string-perl 1.08-1 Emulate IO::File interface for in- ii liblocale-maketext-lexicon-pe 0.62-1 Lexicon-handling backends for Loc ii liblocale-maketext-simple-per 0.12-2 Simple interface to Locale::Makete ii libperlio-eol-perl0.13-1 PerlIO layer for normalizing line ii libperlio-via-dynamic-perl0.11-1 dynamic PerlIO layers ii libperlio-via-symlink-perl0.05-1 PerlIO layers for create symlinks ii libpod-simple-perl3.04-1 Perl framework for parsing files i ii libregexp-shellish-perl 0.93-1 Shell-like regular expressions ii libsvn-core-perl 1.3.2-6Perl bindings for Subversion ii libsvn-mirror-perl0.68-2 A subversion repository mirroring ii libsvn-simple-perl0.27-1 A simple interface for writing a d ii libtext-diff-perl 0.35-2 Perform diffs on files and record ii libtimedate-perl 1.1600-5 Time and date functions for Perl ii libyaml-perl 0.62-1 YAML Ain't Markup Language (tm) ii perl 5.8.8-6.1 Larry Wall's Practical Extraction ii subversion1.4.0-2Advanced version control system svk recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#148955: another vote for an action to be taken on the package
Package: lib3ds-dev Followup-For: Bug #148955 Dear Marcelo, I would like to bring your attention to the issue again. It is in interest of Debian users to have this package providing shared library (as it is obvious from multiple emails of other users accompanying this bug report), and there is no direct counter factor which should stop you from satisfying those poor people need: library is under DFSG license, so I don't see any good reason to stay away from fullfilling the request (if there is a hidden problem which caused upstream to remove library packaging, please share the news...) Please comment on and resolve the issue either way * make a statement why it can't provide a shared library (something more elaborated than just a fact that upstream doesn't provide it), and tag the bug with wontfix so the destiny of the bug becomes obvious and there are no unnecessary NMUs * provide shared library and close the bug ;-) Thank you in advance -- System Information: Debian Release: testing/unstable Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-mm1 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#391342: ITP: jsmath -- TeX equations in HTML documents
Package: wnpp Owner: Yaroslav Halchenko [EMAIL PROTECTED] Severity: wishlist * Package name: jsmath Version : 3.3e Upstream Author : Davide P. Cervone * URL or Web page : http://www.math.union.edu/~dpvc/jsMath * License : Apache License 2.0 Description : TeX equations in HTML documents The jsMath package provides a method of including mathematics in HTML pages that works across multiple browsers under Windows, Macintosh OS X, Linux and other flavors of Unix. It overcomes a number of the shortcomings of the traditional method of using images to represent mathematics: jsMath uses native fonts, so they resize when you change the size of the text in your browser, they print at the full resolution of your printer, and you don't have to wait for dozens of images to be downloaded in order to see the mathematics in a web page. . There are also advantages for web-page authors, as there is no need to preprocess your web pages to generate any images, and the mathematics is entered in TeX form, so it is easy to create and maintain your web pages. P.S. Unfortunately I don't have tentative packages yet but I will package it rather soon since I want to use it, thus I need an easy and automatic upgrade system ;-) --Yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#377835: acct: follow up and temp fix I use
Package: acct Version: 6.3.99+6.4pre1-4 Followup-For: Bug #377835 I just want to confirm this issue which had caused lost audit control over many boxes under my administration. I consider it of RC importance, but since it can be easily fixed, I keep at important, otherwise I would raise its severity more For now I fix it by removing /var/account/pacct touch /var/log/account/pacct ln -s /var/log/account/pacct /var/account/pacct Please have the issue fixed -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16.20-ravana Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages acct depends on: ii libc6 2.3.6-13 GNU C Library: Shared libraries acct recommends no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#329687: freemind: 0.9.0 beta7 works fine with recent sun java available from non-free
Package: freemind Version: 0.7.1-6 Followup-For: Bug #329687 Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Yaroslav Halchenko [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: freemind: 0.9.0 beta7 works fine with recent sun java available from non-free Message-ID: [EMAIL PROTECTED] X-Mailer: reportbug 3.29.5 Date: Fri, 22 Sep 2006 16:54:13 -0400 Package: freemind Version: 0.7.1-6 Followup-For: Bug #329687 Hi Eric, Thank you for packaging freemind and all attempts you've made to make it DFSG compliant to get into main. If there yet any reason remains (not available depends from main according to the wiki) why don't you just upgrade to beta 0.9 which seems to be working fine with current non-free sun java in sid? Thank you in advance -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable'), (300, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-1-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages freemind depends on: ii gij-4.1 [java2-runtime] 4.1.1-13 The GNU Java bytecode interpreter pn j2re1.4 | java-virtual-machin none (no description available) ii sun-java5-jre [java2-runtime] 1.5.0-08-1 Sun Java(TM) Runtime Environment ( Versions of packages freemind recommends: ii amaya [www-br 9.51-2.1 Web Browser, HTML Editor and Testb ii dillo [www-br 0.8.5-4Small and fast web browser ii elinks [www-b 0.11.1-1 advanced text-mode WWW browser ii epiphany-brow 2.14.3-1+b1Intuitive GNOME web browser ii firefox [www- 1.5.dfsg+1.5.0.7-1 lightweight web browser based on M ii konqueror [ww 4:3.5.4-2+b1 KDE's advanced file manager, web b ii lynx [www-bro 2.8.5-2sarge2.1Text-mode WWW Browser ii mozilla-brows 2:1.7.13-0.3 The Mozilla Internet application s ii w3-el-e21 [ww 4.0pre.2001.10.27.nodocs-1 Web browser for GNU Emacs 21 ii w3m [www-brow 0.5.1-5WWW browsable pager with excellent -- no debconf information -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable'), (300, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-1-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages freemind depends on: ii gij-4.1 [java2-runtime] 4.1.1-13 The GNU Java bytecode interpreter pn j2re1.4 | java-virtual-machin none (no description available) ii sun-java5-jre [java2-runtime] 1.5.0-08-1 Sun Java(TM) Runtime Environment ( Versions of packages freemind recommends: ii amaya [www-br 9.51-2.1 Web Browser, HTML Editor and Testb ii dillo [www-br 0.8.5-4Small and fast web browser ii elinks [www-b 0.11.1-1 advanced text-mode WWW browser ii epiphany-brow 2.14.3-1+b1Intuitive GNOME web browser ii firefox [www- 1.5.dfsg+1.5.0.7-1 lightweight web browser based on M ii konqueror [ww 4:3.5.4-2+b1 KDE's advanced file manager, web b ii lynx [www-bro 2.8.5-2sarge2.1Text-mode WWW Browser ii mozilla-brows 2:1.7.13-0.3 The Mozilla Internet application s ii w3-el-e21 [ww 4.0pre.2001.10.27.nodocs-1 Web browser for GNU Emacs 21 ii w3m [www-brow 0.5.1-5WWW browsable pager with excellent -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#354759: twiki: another bagging for upgrade...
Package: twiki Followup-For: Bug #354759 Dear DD Could you please release a new version of twiki for us - poor Debian users who hasn't seen any fresh twiki for more than a year? As it was mentioned, fresh release would close maaany bugs, thus it is very desired. Thank you very much in advance... (or did I miss smth and twiki is orphaned?) -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable'), (300, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-1-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#400416: fail2ban: Better Documentation
What are the basic concepts of the system? What's a jail? What is the difference between the configuration subdirectories (some help on http://fail2ban.sourceforge.net/wiki/index.php/MANUAL_0_8)? Please have a look at http://fail2ban.sourceforge.net/wiki/index.php/FEATURE_Split_config It might answer some questions *** One detail that is important is what types of file names are read in the split config. Many programs that use such a scheme ignore certain file names (e.g., they read foo but not foo~). If fail2ban reads all files, it would be nice if it didn't! If it doesn't skip editor backup files, for example, the result will likely be obscure bugs. fail2ban reads .conf and .local files only, thus we are safe -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#396668: fail2ban: issues with default from on emails
OK, now that I have this working, I can verify that with 0.7, after enabling the mailing, the messages appear to come from [EMAIL PROTECTED] (obscuring actual domain). check your local MTA configuration, in particular /etc/mailname fail2ban is simply callin gmail command without specifying From at all - thus it takes root since it is running as root and it takes mail name of the box... or it depends how your system configured... just have a look at /etc/fail2ban/action.d/mail-whois.conf and actionban to see support for my words... Is it the case that there is no option to set the sender anymore (short of editing the command that sends the mail)? yep - you would need to override actionban in /etc/fail2ban/action.d/mail-whois.local in section [Definition] (or edit .conf file directly which I wouldn't recommend) Should fail2ban include some kind of dependency on a package that provides the mail command (I have mailx, which is priority important, and provides mail-reader)? I will add suggests to mailx I think... mail-reader is irrelevant I think - correct me if I am wrong P.S. mail-whois.conf includes # Destinataire of the mail dest = root I think the desired English is Destination not Destinataire. ;-) -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgplelGMrxKpl.pgp Description: PGP signature
Bug#400593: doesnt exit properly if no showmount present
Package: am-utils Version: 6.1.5-2 Severity: normal I didn't have nfs-common present, thus couldn't cd /net/anywhere. checked logs and saw Nov 27 08:58:23 vaio automount[9285]: /etc/auto.net: line 40: --no-headers: c ommand not found and indeed: *$ sh -x /etc/auto.net + key= + opts=-fstype=nfs,hard,intr,nodev,nosuid,nonstrict,async + for P in /bin /sbin /usr/bin /usr/sbin + for M in showmount kshowmount + '[' -x /bin/showmount ']' + for M in showmount kshowmount + '[' -x /bin/kshowmount ']' + for P in /bin /sbin /usr/bin /usr/sbin + for M in showmount kshowmount + '[' -x /sbin/showmount ']' + for M in showmount kshowmount + '[' -x /sbin/kshowmount ']' + for P in /bin /sbin /usr/bin /usr/sbin + for M in showmount kshowmount + '[' -x /usr/bin/showmount ']' + for M in showmount kshowmount + '[' -x /usr/bin/kshowmount ']' + for P in /bin /sbin /usr/bin /usr/sbin + for M in showmount kshowmount + '[' -x /usr/sbin/showmount ']' + for M in showmount kshowmount + '[' -x /usr/sbin/kshowmount ']' + '[' -x ']' + SHOWMOUNT=' --no-headers -e ' + --no-headers -e /etc/auto.net: line 40: --no-headers: command not found + LC_ALL=C + sort -k 1 + sed 's/#/\\#/g' + awk -v key= -v opts=-fstype=nfs,hard,intr,nodev,nosuid,nonstrict,async -- ' BEGIN { ORS=; first=1 } { if (first) { print opts; first=0 }; print \\\n\t $1, key : $1 } END { if (!first) print \n; else exit 1 } ' I bet you should simple wrap in like [ -x $SMNT ] || echo 1 and it would work ;-) -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (600, 'unstable'), (300, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-rc2-mm1 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages am-utils depends on: ii debconf 1.5.5Debian configuration management sy ii libamu4 6.1.5-2 Support library for amd the 4.4BSD ii libc6 2.3.6.ds1-4 GNU C Library: Shared libraries ii libgdbm31.8.3-3 GNU dbm database routines (runtime ii libhesiod0 3.0.2-16 Libraries for hesiod, a service na ii libldap22.1.30-13+b1 OpenLDAP libraries ii libwrap07.6.dbs-11 Wietse Venema's TCP wrappers libra ii perl5.8.8-6.1Larry Wall's Practical Extraction ii portmap 5-20 The RPC portmapper ii ucf 2.0015 Update Configuration File: preserv am-utils recommends no packages. -- debconf information: am-utils/import-amd-failed: am-utils/clustername: am-utils/map-net: true * am-utils/use-nis: false am-utils/nis-custom: echo /amd-is-misconfigured /usr/share/am-utils/amd.net am-utils/import-amd-conf-done: false am-utils/import-amd-conf: false am-utils/nis-master-map: amd.master am-utils/nis-key: default * am-utils/rpc-localhost: am-utils/map-others: am-utils/nis-master-map-key-style: onekey am-utils/map-home: false am-utils/log-to-file: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#400229: Just want to confirm
Package: am-utils Version: 6.1.5-2 Followup-For: Bug #400229 Just wanted to confirm that the issue persists: Get: 1 http://itanix.rutgers.edu unstable/main libamu4 6.1.5-2 [164kB] Get: 2 http://itanix.rutgers.edu unstable/main am-utils 6.1.5-2 [373kB] Fetched 537kB in 0s (3772kB/s) Reading package fields... Done Reading package status... Done Retrieving bug reports... Done Preconfiguring packages ... /tmp/am-utils.config.75781: line 7: amq-check-wrap: command not found -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (600, 'unstable'), (300, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-rc2-mm1 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages am-utils depends on: ii debconf 1.5.5Debian configuration management sy ii libamu4 6.1.5-2 Support library for amd the 4.4BSD ii libc6 2.3.6.ds1-4 GNU C Library: Shared libraries ii libgdbm31.8.3-3 GNU dbm database routines (runtime ii libhesiod0 3.0.2-16 Libraries for hesiod, a service na ii libldap22.1.30-13+b1 OpenLDAP libraries ii libwrap07.6.dbs-11 Wietse Venema's TCP wrappers libra ii perl5.8.8-6.1Larry Wall's Practical Extraction ii portmap 5-20 The RPC portmapper ii ucf 2.0015 Update Configuration File: preserv am-utils recommends no packages. -- debconf information: am-utils/import-amd-failed: am-utils/clustername: am-utils/map-net: true * am-utils/use-nis: false am-utils/nis-custom: echo /amd-is-misconfigured /usr/share/am-utils/amd.net am-utils/import-amd-conf-done: false am-utils/import-amd-conf: false am-utils/nis-master-map: amd.master am-utils/nis-key: default * am-utils/rpc-localhost: am-utils/map-others: am-utils/nis-master-map-key-style: onekey am-utils/map-home: false am-utils/log-to-file: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#400607: reports Couldn't load package calamaris::calBars3d
Package: calamaris Version: 2.99.4.0-3 Severity: important washoe:/etc/squid# cat /var/log/squid/access.log | /usr/bin/calamaris -a -f auto --config-file /etc/calamaris/calamaris.conf -o forweekly.1 -F html,graph -H 'Squid daily' --output-path /home/www/www/html/stat/calamaris --output-file daily.html /usr/bin/calamaris: Couldn't load package calamaris::calBars3d, maybe it is not installed: No such file or directory although stracing shows: 14081 open(/usr/share/perl5/calamaris/calBars3d.pm, O_RDONLY|O_LARGEFILE) = 4 14081 ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbff4cdc8) = -1 ENOTTY (Inappropriate ioctl for device) so - file is present and readable but I am not sure what calamaris/perl tries to do with it... -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (990, 'testing'), (600, 'unstable'), (300, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-2-vserver-686 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages calamaris depends on: ii bc1.06-20The GNU bc arbitrary precision cal ii debconf [debconf-2.0] 1.5.8 Debian configuration management sy ii perl [perl5] 5.8.8-6.1 Larry Wall's Practical Extraction calamaris recommends no packages. -- debconf-show failed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#400610: wput: could not parse simple URL: ftp://yar.50webs.com
Package: wput Version: 0.6-1 Severity: important wput *jpg *html ftp://yar.50webs.com Skipping this URL. Error: the url `ftp://yar.50webs.com' could not be parsed or I can admint that I am blind and don't see obvious... but it seems to don't like web part of it -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (990, 'testing'), (600, 'unstable'), (300, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-2-vserver-686 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages wput depends on: ii libc62.3.6.ds1-7 GNU C Library: Shared libraries ii libgnutls13 1.4.4-2 the GNU TLS library - runtime libr wput recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#400593: doesnt exit properly if no showmount present
reassign 400593 autofs 4.1.4-11 thanks Thank you Tim I am sorry - I don't know what I was thinking about... On Mon, 27 Nov 2006, Tim Cutts wrote: On 27 Nov 2006, at 2:07 pm, Yaroslav Halchenko wrote: Package: am-utils Version: 6.1.5-2 Severity: normal I didn't have nfs-common present, thus couldn't cd /net/anywhere. checked logs and saw Nov 27 08:58:23 vaio automount[9285]: /etc/auto.net: line 40: --no-headers: c ommand not found That's automount, not am-utils. There are two separate automounter packages in Debian; am-utils and the kernel's internal automounter. This bug needs to be assigned to the kernel automount package. Tim -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#400278: fail2ban does not start with /etc/init.d/fail2ban start but with fail2ban-client start
Hi Bertrand, Tried to start stop fail2ban few times and it seems to start/stop. I am not sure on the status of iptables after its start or log file since I am not in adm group, but look: , | [EMAIL PROTECTED]:~$ ps auxw | grep fail2ban | root 17663 0.3 0.8 16324 3892 ?S01:15 0:00 python2.4 /usr/bin/fail2ban-server -b | root 17664 0.0 0.8 16324 3892 ?S01:15 0:00 python2.4 /usr/bin/fail2ban-server -b | root 17665 0.0 0.8 16324 3892 ?S01:15 0:00 python2.4 /usr/bin/fail2ban-server -b | root 17686 2.1 0.8 16324 3892 ?S01:15 0:02 python2.4 /usr/bin/fail2ban-server -b | root 17687 0.0 0.8 16324 3892 ?S01:15 0:00 python2.4 /usr/bin/fail2ban-server -b | test 17730 0.0 0.1 3488 780 pts/1S+ 01:17 0:00 grep fail2ban | [EMAIL PROTECTED]:~$ sudo /etc/init.d/fail2ban stop | Stopping authentication failure monitor: fail2ban. | [EMAIL PROTECTED]:~$ ps auxw | grep fail2ban | test 17745 0.0 0.1 3488 780 pts/1S+ 01:18 0:00 grep fail2ban | [EMAIL PROTECTED]:~$ sudo /etc/init.d/fail2ban start | Starting authentication failure monitor: fail2ban. | [EMAIL PROTECTED]:~$ ps auxw | grep fail2ban | root 17753 8.4 0.8 16324 3892 ?S01:18 0:00 python2.4 /usr/bin/fail2ban-server -b | root 17754 0.8 0.8 16324 3892 ?S01:18 0:00 python2.4 /usr/bin/fail2ban-server -b | root 17755 1.2 0.8 16324 3892 ?S01:18 0:00 python2.4 /usr/bin/fail2ban-server -b | root 17776 67.7 0.8 16324 3892 ?S01:18 0:02 python2.4 /usr/bin/fail2ban-server -b | root 1 0.2 0.8 16324 3892 ?S01:18 0:00 python2.4 /usr/bin/fail2ban-server -b | test 17786 0.0 0.1 3488 780 pts/1S+ 01:18 0:00 grep fail2ban | `--- so it seems to start/stop properly. I am not sure on iptables status - can you also see after you start it iptables are initialized or not... On Sat, 25 Nov 2006, BERTRAND Joц╚l wrote: Yaroslav Halchenko a ц╘crit : indeed strange... unfortunately it would be impossible for me to try it myself - no sparc around I can open a ssh access to one on mine ;-) could you please boost verbosity in fail2ban.conf (or override it in fail2ba.local) and then send me along fail2ban.log (if it has anything in) and output of sh -x /etc/init.d/fail2ban start Now, loglevel=4 in /etc/fail2ban/fail2ban.conf hilbert:/etc/fail2ban# sh -x /etc/init.d/fail2ban start + PATH=/usr/sbin:/usr/bin:/sbin:/bin + DESC='authentication failure monitor' + NAME=fail2ban + DAEMON=/usr/bin/fail2ban-client + SOCKFILE=/tmp/fail2ban.sock + SCRIPTNAME=/etc/init.d/fail2ban + '[' -x /usr/bin/fail2ban-client ']' + '[' -r /etc/default/fail2ban ']' + . /etc/default/fail2ban ++ FAIL2BAN_OPTS= + DAEMON_ARGS= + '[' -f /etc/default/rcS ']' + . /etc/default/rcS ++ TMPTIME=0 ++ SULOGIN=no ++ DELAYLOGIN=no ++ UTC=yes ++ VERBOSE=yes ++ FSCKFIX=no + . /lib/lsb/init-functions ++ '[' -e /etc/lsb-base-logging.sh ']' ++ true + case $1 in + '[' yes '!=' no ']' + log_daemon_msg 'Starting authentication failure monitor' fail2ban + '[' -z 'Starting authentication failure monitor' ']' + '[' -z fail2ban ']' + echo -n 'Starting authentication failure monitor: fail2ban' Starting authentication failure monitor: fail2ban+ do_start + do_status + /usr/bin/fail2ban-client status + case $? in + return 0 + return 1 + '[' yes '!=' no ']' + log_end_msg_wrapper 0 2 + '[' 0 -lt 2 ']' + value=0 + log_end_msg 0 + '[' -z 0 ']' + log_use_fancy_output + TPUT=/usr/bin/tput + EXPR=/usr/bin/expr + '[' FANCYTTY = 0 ']' + '[' xxterm '!=' xdumb ']' + '[' -x /usr/bin/tput ']' + '[' -x /usr/bin/expr ']' + /usr/bin/tput hpa 60 + /usr/bin/tput setaf 1 + FANCYTTY=1 + true ++ /usr/bin/tput setaf 1 + RED='' ++ /usr/bin/tput op + NORMAL='' + '[' 0 -eq 0 ']' + echo . . + return 0 + : hilbert:/etc/fail2ban# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination hilbert:/etc/fail2ban# But if I run : hilbert:/etc/fail2ban# sh -x /etc/init.d/fail2ban reload + PATH=/usr/sbin:/usr/bin:/sbin:/bin + DESC='authentication failure monitor' + NAME=fail2ban + DAEMON=/usr/bin/fail2ban-client + SOCKFILE=/tmp/fail2ban.sock + SCRIPTNAME=/etc/init.d/fail2ban + '[' -x /usr/bin/fail2ban-client ']' + '[' -r /etc/default/fail2ban ']' + . /etc/default/fail2ban ++ FAIL2BAN_OPTS= + DAEMON_ARGS= + '[' -f /etc/default/rcS ']' + . /etc/default/rcS ++ TMPTIME=0 ++ SULOGIN=no ++ DELAYLOGIN=no ++ UTC=yes ++ VERBOSE=yes ++ FSCKFIX=no + . /lib/lsb/init-functions ++ '[' -e /etc/lsb-base
Bug#400278: fail2ban does not start with /etc/init.d/fail2ban start but with fail2ban-client start
With /etc/init.d/fail2ban start, you can always start fail2ban daemon, but iptables are not modified. Thus, to add a fail2ban line in iptables, you have to reload fail2ban... hm -= interesting it is just that in one sh -x traces you gave to me start command didn't come to actually starting client which starts/initiates server - probably since it was on already. that is why the confusion unfortunately I can't sudo sh -x myself I have open iptables with sudo. And please access to fail2ban log file - may be making it world readable for now (and also adjusting /etc/logrotate.d/fail2ban) or just send me how it looks now since you pumped up verbosity leevel in conf file. (I can't find any instance of fail2ban in our correspondence -- am I missing it?) -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#400278: fail2ban does not start with /etc/init.d/fail2ban start but with fail2ban-client start
it seems that no need for root ;-) I think we know what is the reason now... sorry for such a lengthy troubleshooting I am 99% sure that the cause is insufficient delay in client waiting for server to come up could you please modify in /usr/bin/fail2ban-client cnt 10 to cnt 100 and start it normally? -- Yaroslav Halchenko Research Assistant, Psychology Department, Rutgers-Newark Student Ph.D. @ CS Dept. NJIT Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171 101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#400607: reports Couldn't load package calamaris::calBars3d
hm... imho (and I think according to policy somewhere) such changes must be documented not in README.Debian but in NEWS.Debian file so they are presented to the user during upgrade from incompatible versions. but thanks for the info -- rushing to fix things up ;-) On Thu, 30 Nov 2006, Philipp Frauenfelder wrote: Am Mon, Nov 27, 2006 at 10:23:23AM -0500 hat Yaroslav Halchenko getippert: washoe:/etc/squid# cat /var/log/squid/access.log | /usr/bin/calamaris -a -f auto --config-file /etc/calamaris/calamaris.conf -o forweekly.1 -F html,graph -H 'Squid daily' --output-path /home/www/www/html/stat/calamaris --output-file daily.html /usr/bin/calamaris: Couldn't load package calamaris::calBars3d, maybe it is not installed: No such file or directory Quoting README.Debian: Graphics With release 2.99 calamaris is able to produce graphics in its reports. If you want to use this feature, install libgd-graph-perl and change the HTMLOPTIONS in /etc/cron.daily/calamaris to -F html,graph. Regards -- Yaroslav Halchenko Research Assistant, Psychology Department, Rutgers-Newark Student Ph.D. @ CS Dept. NJIT Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171 101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#400607: reports Couldn't load package calamaris::calBars3d
Am Thu, Nov 30, 2006 at 03:26:23PM -0500 hat Yaroslav Halchenko getippert: hm... imho (and I think according to policy somewhere) such changes must be documented not in README.Debian but in NEWS.Debian file so they are presented to the user during upgrade from incompatible versions. I thought the default behaviour was without graphics...to remain backwards compatible... Hi Philipp, Was it always like that? I could have tuned cron script to include graphs, although I can't recall it at the moment... if there is a CVS or SVN behind may be smth like cvs annotate can give a hint if I am right or wrong. But regardless, I had a configured calamaris setup, I upgraded it - it broke. That is already an incompatibility, right? Imagine apache server, where during upgrade all virtual servers other than default (which is comes shipped) disappear. Disappear just because some missing dependency... no note during upgrade, just something buried in README. I don't think that is the practice anyone would like ;-) That is why NEWS file is there to announce any possible incompatibility issues which might arise. -- Yaroslav Halchenko Research Assistant, Psychology Department, Rutgers-Newark Student Ph.D. @ CS Dept. NJIT Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171 101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#399864: closed by Willi Mann [EMAIL PROTECTED] (Bug#399864: fixed in logwatch 7.3.1-4)
By trying to minimize divergence from upstream remake of fail2ban scripts I missed that they also omitted from /usr/share/logwatch/default.conf/logfiles/fail2ban.conf #-CUT FROM HERE # HMR 3/1/06 use custom applyeurodate script to filter out European time stamps *ApplyEuroDate #-TO HERE - Without specifying date format it reports all entries which it finds within fail2ban.log regardless of the date (I just got warned with increasing day by day number of hits... which had to be 0 at the end since I fixed the issue at firewall level manually) I would be very thankful if you include this change in the next revision. I am not sure if I should reopen this bug or create a new or just leave it as is... please advise On Tue, 28 Nov 2006, Debian Bug Tracking System wrote: This is an automatic notification regarding your Bug report #399864: logwatch: updated script for fail2ban, which was filed against the logwatch package. It has been closed by Willi Mann [EMAIL PROTECTED]. Their explanation is attached below. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Willi Mann [EMAIL PROTECTED] by replying to this email. Debian bug tracking system administrator (administrator, Debian Bugs database) Date: Tue, 28 Nov 2006 23:02:05 + From: Willi Mann [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Bug#399864: fixed in logwatch 7.3.1-4 Source: logwatch Source-Version: 7.3.1-4 We believe that the bug you reported is fixed in the latest version of logwatch, which is due to be installed in the Debian FTP archive: logwatch_7.3.1-4.diff.gz to pool/main/l/logwatch/logwatch_7.3.1-4.diff.gz logwatch_7.3.1-4.dsc to pool/main/l/logwatch/logwatch_7.3.1-4.dsc logwatch_7.3.1-4_all.deb to pool/main/l/logwatch/logwatch_7.3.1-4_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Willi Mann [EMAIL PROTECTED] (supplier of updated logwatch package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Tue, 28 Nov 2006 20:53:42 +0100 Source: logwatch Binary: logwatch Architecture: source all Version: 7.3.1-4 Distribution: unstable Urgency: low Maintainer: Willi Mann [EMAIL PROTECTED] Changed-By: Willi Mann [EMAIL PROTECTED] Description: logwatch - log analyser with nice output written in Perl Closes: 399864 Changes: logwatch (7.3.1-4) unstable; urgency=low . * fail2ban updated, (for new fail2ban upstream and the log filename was wrong) thanks Yaroslav Halchenko (closes: #399864) * additional infos in README.Debian. Files: cca3102e0daf654a237e98d341ff36e5 560 admin optional logwatch_7.3.1-4.dsc 079f51175eb57c653672d66db95b5afe 18084 admin optional logwatch_7.3.1-4.diff.gz 493d14a80fb514a5a796164ab59d76ae 248800 admin optional logwatch_7.3.1-4_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFbL3ppdwBkPlyvgMRAu4dAJwOnQ5c44mhEwEvTRYrPwS2QIvgCgCZAQ78 6P2qG2P7BmQIMHKN/u+mKgk= =TPTs -END PGP SIGNATURE- -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpPaewogbUvx.pgp Description: PGP signature
Bug#399864: closed by Willi Mann [EMAIL PROTECTED] (Bug#399864: fixed in logwatch 7.3.1-4)
Hi Willi Thank you for your rapid response Can you provide me a version of 0.7.x for sarge? I'd like to test before I upload. I will package 0.7 for sarge hopefully later on today: I am partying now ;-) As for locale issue, I hope this would help ,- | add | export LANG=C | to the initial statements in /etc/init.d/fail2ban. `--- 2006-12-03 11:54:19,684 ERROR: Please check the format and your locale settings. 2006-12-03 11:54:19,685 ERROR: time data did not match format: data=Dec 3 06:58:00 fmt=%b %d %H:%M:%S 2006-12-03 11:54:19,686 ERROR: Please check the format and your locale settings. ... occur, and the logwatch email had 6MB on a really small server, where the normal size is 40 KB yeah... fail2ban should have better just died if felt something weird... But I hope this issue would not come up in 0.7. or latest 0.6 due to fix with that export line -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#399864: closed by Willi Mann [EMAIL PROTECTED] (Bug#399864: fixed in logwatch 7.3.1-4)
Thank you for your feedback Willi upstream said he will have it fixed -- indeed, split lines are annoying. To don't duplicate the effort I am to wait for the fix to come, and will create a snapshot as soon as it is in SVN. I will buzz you then which is now surprise because (see attachment, snippet of fail2ban.log). I recommend that fail2ban replaces the newlines with ; before logging. This happened with 0.7.4-3 on sid. Willi -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#399864: closed by Willi Mann [EMAIL PROTECTED] (Bug#399864: fixed in logwatch 7.3.1-4)
Hi! Can you provide me a version of 0.7.x for sarge? I'd like to test before I upload. Here it is! http://itanix.rutgers.edu/rumba/dists/sarge/backport/binary-all/net/fail2ban_0.7.4-4~bpo0_all.deb I've tested it on 1 box -- seems to do fine. But it requires python2.4, thus it depends on python2.4 -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpTePkTIcaCK.pgp Description: PGP signature
Bug#399864: closed by Willi Mann [EMAIL PROTECTED] (Bug#399864: fixed in logwatch 7.3.1-4)
Hi Willi sorry to bother you again 1 tiny point /usr/share/logwatch/default.conf/logfiles/fail2ban.conf says Archive = fail2ban.log.*.gz but we also have fail2ban.log.1 ie 1st one doesn't get archived On Mon, 04 Dec 2006, Willi Mann wrote: logwatch 7.3.1-5~pre1 is available from http://pkg-logwatch.alioth.debian.org/apt/pool/main/l/logwatch/ -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#382403: please provide proper config file documentation
whenever you keep old config file during upgrade, don't you have also a .dpkg-dist file? so in our case it should be /etc/fail2ban.conf.dpkg-dist? That one should have proper description Besides that there is a /usr/share/doc/fail2ban/examples/ and if you zgrep files in that directory you should have found a proper config file (by default fail2ban.conf.iptables.gz is the one which is used) which gets installed during installation/upgrade Since the requested information is present in the distributed package, I would like to close the bug. P.S. I will close this bug by adding pointer to /usr/share/doc/fail2ban/examples/ config files as the sources of up-to-date config P.S.S. I believe in the future, config file will not be as self explanatory as at the moment. Then, may be, man page or some documentation will be be provided to highlight configuration issues -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#348317: ITP: mozilla-bookmarksync -- Mozilla Firefox extension to synchronize bookmarks
Package: wnpp Severity: wishlist * Package name: mozilla-bookmarksync Version : 1.0.2 Upstream Author : [EMAIL PROTECTED] * URL or Web page : * License : MPL 1.1/GPL 2.0/LGPL 2.1 Description : Mozilla Firefox extension to synchronize bookmarks Bookmarks Synchronizer is a Mozilla Firefox extension that let you connect to an FTP/WebDAV server and synchronize your bookmarks that are stored in an XML file. Setup is easy; just write in your FTP/WebDAV server address, username, password and a name for the XML file (by default called xbel.xml). To start, press Upload to create the file on the server and set (if you want) to automatically download the file on startup or upload it when you close your browser --Yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#344241: debsecan: not sure -- probably open issue is reported fixed
an upload which hasn't happened yet, and for unstable, no package availability checks are performed. The fix is to perform the checks Hi Florian, I am sorry to bother you but I am really curious if you are going to implement availability check in debsecan? if so, then how soon since I am waiting for this feature holding my breath ;-) Have a good everything, -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgpfGuwpPROL2.pgp Description: PGP signature
Bug#344241: debsecan: not sure -- probably open issue is reported fixed
Hi Florian, Thank you for your prompt reply. I am a little bit confused with the description may be of what obsolete is. (and there is a type in man page pacakge - package) I thought that apt-get install `debsecan --suit sid --format packages --only-fixed` would install the packages which have security vulnerabilities and which are outdated on the system (ie there is freshier version binary package available from the debian repository), but it says that many packages is already the newest version and they are marked as obsolete (so for my purpose really I need to use --no-obsolete) And man page says about obsolete This means that the binary package in question has been removed from the archive. Which has quite a different meaning from debsecan perspective of view: debsecan lists packages as obsolete even when they not removed from the archive but are just not present in archive with required fresh binary version. Proper word for such packaged would be outdated or not-built I believe or something like it For instance CVE-2005-3352 (fixed, remotely exploitable, low urgency) Cross-site scripting (XSS) vulnerability in the mod_imap module of ... installed: apache-utils 1.3.33-8 (built from apache 1.3.33-8) package is obsolete fixed in unstable: apache 1.3.34-2 (source package) fix is available for the selected suite (sid) So descrimination between 1. obsolete: packages which have vulnerabilities and are not available from the archive at all in any version for a given suite -- removed from the archive, so no fixed in unstable.*(source package) for them I believe 2. not-built (or some better name): fresh source is available with no binaries yet available from the archive (mirror). Then option --no-not-built would help Such descrimination sounds reasonable to me and would help to provide relevant information for the administrator on what updates he can currently perform. Thank you in advance for any feedback And Thank you very much for your work On Thu, Jan 19, 2006 at 09:00:26AM +0100, Florian Weimer wrote: I am sorry to bother you but I am really curious if you are going to implement availability check in debsecan? if so, then how soon since I am waiting for this feature holding my breath ;-) This should have been fixed in: r3122 | fw | 2005-12-22 11:19:06 +0100 (Thu, 22 Dec 2005) | 4 lines lib/python/security_db.py (DB.calculateDebsecan): Check that a fixed package is actually available in sid, and do not trust the list files. -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgp3M9w1gSDfI.pgp Description: PGP signature
Bug#501817: python2.5: segfault in PyFrame_New , dereferencing null pointer
Package: python2.5 Version: 2.5.2-11.1 Severity: important I consider segfaulting quite an issue (especially if it happens during simple warning output), thus raised severity to important. I am not sure if the original cause is elsewhere (e.g. python-gobject, so I CC its maintainer on this bugreport), but I guess python's code should be more tollerant, thus I am complaining about python. I would appreciate if you spot the actual problem and forward bug-report against corresponding package. Ways to reproduce (tried on 2 boxes, mostly lenny): there is a young project dataview3d, which you can get from https://www.ynic.york.ac.uk/~andre/DV3D_downloads/source/DV3D_v0.35C_dist.zip (you might like to fix up permissions after extraction from evil zip ;-)) just run python2.5 RunDV3D.py and don't select any file (cancel) in the dialog which comes up then it segfaults at PyFrame_New (tstate=0x0, code=0x7f8da317fdc8, globals=0x1a1a960, locals=0x code is ,- | PyFrame_New(PyThreadState *tstate, PyCodeObject *code, PyObject *globals, | PyObject *locals) | { | PyFrameObject *back = tstate-frame; | `--- top backtrace is ,-- | 0 PyFrame_New (tstate=0x0, code=0x7f8da317fdc8, globals=0x1a1a960, locals=0x0) at ../Objects/frameobject.c:559 | back = value optimized out | f = value optimized out | builtins = value optimized out | i = value optimized out | #1 0x00492b06 in PyEval_EvalCodeEx (co=0x7f8da317fdc8, globals=value optimized out, locals=value optimized out, args=0x3f63bf8, argcount=3, kws=0x0, kwcount=0, defs=0x7f8da315f140, defcount=2, closure=0x0) at ../Python/ceval.c:2633 | f = value optimized out | retval = (PyObject *) 0x0 | freevars = value optimized out | tstate = (PyThreadState *) 0x0 | x = value optimized out | u = value optimized out `-- in PyEval_EvalCodeEx ,-- | assert(tstate != NULL); | assert(globals != NULL); | f = PyFrame_New(tstate, co, globals, locals); `--- I am not sure why assertion wasn't triggered since tstate is NULL... in any case -- here is a full backtrace (I rebuilt python-gobject without optimization and with debuggin info): #0 PyFrame_New (tstate=0x0, code=0x7f8da317fdc8, globals=0x1a1a960, locals=0x0) at ../Objects/frameobject.c:559 back = value optimized out f = value optimized out builtins = value optimized out i = value optimized out #1 0x00492b06 in PyEval_EvalCodeEx (co=0x7f8da317fdc8, globals=value optimized out, locals=value optimized out, args=0x3f63bf8, argcount=3, kws=0x0, kwcount=0, defs=0x7f8da315f140, defcount=2, closure=0x0) at ../Python/ceval.c:2633 f = value optimized out retval = (PyObject *) 0x0 freevars = value optimized out tstate = (PyThreadState *) 0x0 x = value optimized out u = value optimized out #2 0x004dd632 in function_call (func=0x7f8da31a77d0, arg=0x3f63be0, kw=0x0) at ../Objects/funcobject.c:517 result = value optimized out argdefs = value optimized out d = (PyObject **) 0x7f8da315f140 nk = value optimized out nd = 2 #3 0x0041ab7a in call_function_tail (callable=0x7f8da31a77d0, args=0x3f63be0) at ../Objects/abstract.c:1861 retval = value optimized out #4 0x0041ad90 in PyObject_CallFunction (callable=0x7f8da31a77d0, format=value optimized out) at ../Objects/abstract.c:1916 va = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffab1eb490, reg_save_area = 0x7fffab1eb3d0}} args = (PyObject *) 0x7f8da317fdc8 #5 0x0049ffaf in PyErr_WarnEx (category=0x3deb2e0, message=0x49e2a70 gtk_widget_set_colormap: assertion `!GTK_WIDGET_REALIZED (widget)' failed, stack_level=1) at ../Python/errors.c:659 res = value optimized out dict = value optimized out func = value optimized out warnings_module = value optimized out #6 0x7f8d82ce095d in _log_func (log_domain=0x7f8d95507a97 Gtk, log_level=G_LOG_LEVEL_CRITICAL, message=0x49e2a70 gtk_widget_set_colormap: assertion `!GTK_WIDGET_REALIZED (widget)' failed, user_data=0x3deb2e0) at /home/yoh/deb/debug/python-gobject/pygobject-2.14.2/gobject/gobjectmodule.c:3378 state = PyGILState_LOCKED warning = (PyObject *) 0x3deb2e0 #7 0x7f8d93e73229 in IA__g_logv (log_domain=0x7f8d95507a97 Gtk, log_level=G_LOG_LEVEL_CRITICAL, format=0x7f8d93ea9237 %s: assertion `%s' failed, args1=0x7fffab1eb9a0) at /build/buildd/glib2.0-2.16.5/glib/gmessages.c:474 depth = value optimized out domain = value optimized out data = (gpointer) 0x3deb2e0 log_func = (GLogFunc) 0x7f8d82ce08fb _log_func domain_fatal_mask = value optimized out test_level = G_LOG_LEVEL_CRITICAL was_recursion = 0 i = value optimized out #8 0x7f8d93e73583 in IA__g_log (log_domain=0x0,
Bug#475993: fslview: FTBFS: application.h:25:19: error: qlist.h: No such file or directory
There is a problem on ARM the let's uic-qt3 segfault: http://buildd.debian.org/fetch.cgi?pkg=fslviewver=3.0.2%2B4.1.0-1arch=armstamp=1222355159file=log doh -- thanks to Martin Guy we got access to ARM box, so I troubleshooted segfault to find that it happens at ucm_instantiate, and googling for it lead me instantly to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492538 which was exactly about the issue, with a fix being turn off optimization, and which got fixed/uploaded TODAY ;-) To: [EMAIL PROTECTED] Subject: Bug#492538: fixed in vtk 5.0.4-1.1 Date: Fri, 10 Oct 2008 10:32:12 + thanks to From: peter green [EMAIL PROTECTED] who suggested disabling optimization, so -- soon fslview should build fine I guess on arm ;-) buildd just would need to be kicked to initiate rebuild This prevented (and still prevents) fslview from moving into testing. I have tagged the bug with 'help', but got none so far. -- Yaroslav Halchenko Research Assistant, Psychology Department, Rutgers-Newark Student Ph.D. @ CS Dept. NJIT Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171 101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102 WWW: http://www.linkedin.com/in/yarik signature.asc Description: Digital signature
Bug#492837: remove mozilla-bookmarksftp from lenny
Indeed it is useless in lenny, thus should be removed from release for the sake of clarity, but I would drag it within sid -- may be some effort would appear to fix it up to be compatible with firefox 3.0, so we could patch it within Debian. Cheers Yarik On Sat, 11 Oct 2008, Thomas Viehmann wrote: Hi, according to the discussion in #492837, mozilla-bookmarksftp is completely unusable with the lenny's version of iceweasel and fixing will be finding a new upstream (because it's dead) and uploading that. That's too invasive at this point of the release cycle, so mozilla-bookmarksftp should be removed from lenny if not lenny and unstable. Kind regards T. -- Yaroslav Halchenko Research Assistant, Psychology Department, Rutgers-Newark Student Ph.D. @ CS Dept. NJIT Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171 101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102 WWW: http://www.linkedin.com/in/yarik signature.asc Description: Digital signature
Bug#429827: sponsor?
Were there particular problems why noone ended up sponsoring your packages? If not, let me know url to the most recent versions (.dsc's) of your packages (I guess ones from June at http://www.zwets.com/debs/unstable/ could be outdated) and I will have a look and sponsor them if they are ready ;-) -- Yaroslav Halchenko Research Assistant, Psychology Department, Rutgers-Newark Student Ph.D. @ CS Dept. NJIT Office: (973) 353-1412 | FWD: 82823 | Fax: (973) 353-1171 101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#475993: fslview: FTBFS: application.h:25:19: error: qlist.h: No such file or directory
On Wed, 08 Oct 2008, Michael Hanke wrote: On Sun, Oct 05, 2008 at 07:56:59PM +0200, Luk Claes wrote: Please backport the fix for this bug to lenny and upload to testing-proposed-updates, TIA. fslview_3.0+4.0.2-3lenny1 just was uploaded for testing-proposed-updates. I guess it will need to be unblocked? -- Yaroslav Halchenko Research Assistant, Psychology Department, Rutgers-Newark Student Ph.D. @ CS Dept. NJIT Office: (973) 353-1412 | FWD: 82823 | Fax: (973) 353-1171 101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102 WWW: http://www.linkedin.com/in/yarik signature.asc Description: Digital signature
Bug#475939: pylint: pylint.el refers to non-existent variable py-mode-map
ho ho -- thanks for the hint! apparently I was using outdated piece ;-) having .el gzipped forbid me to find it by grepping the content... so I guess something needs to conflict with python-mode, right? On Thu, 16 Oct 2008, Gavin Panella wrote: If emacs22 is installed, you need not (or should not?) have python-mode installed too, because it is included in Emacs. Try removing python-mode then attempt to reproduce the bug again. -- Yaroslav Halchenko Research Assistant, Psychology Department, Rutgers-Newark Student Ph.D. @ CS Dept. NJIT Office: (973) 353-1412 | FWD: 82823 | Fax: (973) 353-1171 101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496586: ITP: numptyphysics -- crayon based physics puzzle game
Package: wnpp Severity: wishlist Owner: Yaroslav Halchenko [EMAIL PROTECTED] * Package name: numptyphysics Version : 0.3.0 Upstream Author : Tim Edmonds [EMAIL PROTECTED] * URL : http://numptyphysics.garage.maemo.org/ * License : GPL Programming Lang: C++ Description : crayon based physics puzzle game Harness gravity with your crayon and set about creating blocks, ramps, levers, pulleys and whatever else you fancy to get the little red thing to the little yellow thing. Numpty Physics is a drawing puzzle game in the spirit and style of Crayon Physics using the same excellent Box2D engine. Numpty Physics includes a built-in editor so that you may build (and submit) your own levels. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (990, 'unstable'), (900, 'testing'), (300, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.24-1-686 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]