Bug#430838: openssh-server: Detection of SELinux enforcing mode is broken
Package: openssh-server Version: 1:4.6p1-2 Severity: grave Justification: causes non-serious data loss I just upgraded to this version of openssh on a system with SELinux enabled but in permissive mode. Thank goodness I left an SSH session open: connections after that succeeded at authentication, but were immediately closed by the server. The following log messages appeared: Jun 27 09:56:07 teleri sshd[12293]: pam_selinux: Open Session Jun 27 09:56:07 teleri sshd[12293]: Unable to get valid context for bts, No valid tty Jun 27 09:56:07 teleri sshd[12293]: error: PAM: pam_open_session(): Authentication failure Jun 27 09:56:07 teleri sshd[12293]: error: ssh_selinux_getctxbyname: Failed to get default SELinux security context for bts Jun 27 09:56:07 teleri sshd[12293]: fatal: ssh_selinux_getctxbyname: Failed to get default SELinux security context for bts (in enforcing mode) The machine was actually in permissive mode, though it had been booted in enforcing mode. After I downgraded to the testing 4.3 package, I saw messages that correctly acknowledged that the machine was in permissive mode: Jun 27 10:01:32 teleri sshd[12501]: error: Failed to get default security context for bts.Continuing in permissive mode Jun 27 10:01:32 teleri sshd[12499]: error: Failed to get default security context for bts.Continuing in permissive mode So it looks like sshd's check for enforcing mode is broken. This behavior persisted regardless of whether I had sshd set to use PAM, and regardless of whether pam_selinux was enabled in /etc/pam.d/ssh -Brian -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.21-1-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages openssh-server depends on: ii adduser 3.103 Add and remove users and groups ii debconf 1.5.13 Debian configuration management sy ii dpkg 1.14.4 package maintenance system for Deb ii libc62.5-11 GNU C Library: Shared libraries ii libcomer 1.39+1.40-WIP-2007.04.07+dfsg-2 common error description library ii libkrb53 1.6.dfsg.1-5MIT Kerberos runtime libraries ii libpam-m 0.79-4 Pluggable Authentication Modules f ii libpam-r 0.79-4 Runtime support for the PAM librar ii libpam0g 0.79-4 Pluggable Authentication Modules l ii libselin 2.0.15-2SELinux shared libraries ii libssl0. 0.9.8e-5SSL shared libraries ii libwrap0 7.6.dbs-13 Wietse Venema's TCP wrappers libra ii lsb-base 3.1-23.1Linux Standard Base 3.1 init scrip ii openssh- 1:4.6p1-2 secure shell client, an rlogin/rsh ii zlib1g 1:1.2.3.3.dfsg-2compression library - runtime openssh-server recommends no packages. -- debconf information: ssh/insecure_rshd: ssh/insecure_telnetd: ssh/new_config: true * ssh/use_old_init_script: true * ssh/disable_cr_auth: false ssh/encrypted_host_key_but_no_keygen: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#346446: darcs-server: darcs.cgi doubles up directories in pathname, and so fails
Package: darcs-server Version: 1.0.2-1 Severity: grave Justification: renders package unusable Consider http://www.evenmere.org/cgi-bin/darcs.cgi It lists the one Darcs repository available there. The link goes to http://www.evenmere.org/cgi-bin/darcs.cgi/Datalog/?c=browse That page appears fine. But the links on it go to, for example, http://www.evenmere.org/cgi-bin/darcs.cgi/Datalog//Datalog/Main.hs?c=patches See the Datalog//Datalog bit? There's no such place. It should be recognizing the / after the first Datalog, and so generating: http://www.evenmere.org/cgi-bin/darcs.cgi/Datalog/Main.hs?c=patches Interestingly, if you start out at this URL, this page works: http://www.evenmere.org/cgi-bin/darcs.cgi/Datalog?c=browse But if you descend to a patches page and then click back up to the repository, it fails in the same way as before. I looked for easy fixes in the XSLT code, but didn't find a single place to change this. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages darcs-server depends on: ii darcs 1.0.2-1 an advanced revision control syste ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libcurl3 7.13.2-2sarge4Multi-protocol file transfer libra ii libgmp34.1.4-6 Multiprecision arithmetic library ii libidn11 0.5.13-1.0GNU libidn library, implementation ii libncurses55.4-4 Shared libraries for terminal hand ii libreadline4 4.3-11GNU readline and history libraries ii libssl0.9.70.9.7e-3sarge1SSL shared libraries ii sudo 1.6.8p7-1.2 Provide limited super user privile ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
