Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447]
brian m. carlson a écrit : Package: libc6 Version: 2.7-12 Severity: critical Tags: security The glibc stub resolver is vulnerable to CVE-2008-1447, according to DSA 1605. Since the vast majority of network-using programs use glibc as a resolver, this vulnerability affects virtually any network-using program, hence the severity. libc6 should not be released without a fix for this problem. The vulnerability has been exposed: http://demosthen.es/post/43048623/reliable-dns-forgery-in-2008 If Slashdot knows it, so does everyone else. With a recent kernel, I don't think the glibc stub resolver is vulnerable: contrary to some other resolvers, the it binds to an unspecified port and let the kernel decide the source port. The source port randomization has been implemented in the kernel one year ago [1], so all machines using a kernel = 2.6.24 should be safe. Also please note that the glibc as a stub resolver is less vulnerable than a recursive resolver, as an attacker would have to spoof one of the ISP's nameservers, which is much more unlikely than spoofing one of the servers on a recursive resolution path. [1] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=32c1da70810017a98aa6c431a5494a302b6b9a30 -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: tagging 487104
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.34 tags 487104 + help Bug#487104: nis: map values containing non-ascii characters vanish There were no tags set. Tags added: help End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489906: glibc: tst-regex fails on hppa
Hi, For those that are not on IRC, I have made a lot of progress on this bug. The problem comes from the patch any/cvs-strerror_r.diff. However, this patch looks ok, actually comes from upstream and fix a bug. It seems it only triggers a lock bug on hppa. FYI you will find below the part of the patch that causes the problem in case of tst-regex. It's only a change in the locks type. Cheers, Aurelien --- glibc-2.7.orig/locale/setlocale.c +++ glibc-2.7/locale/setlocale.c @@ -123,7 +123,7 @@ /* Lock for protecting global data. */ -__libc_lock_define_initialized (, __libc_setlocale_lock attribute_hidden) +__libc_rwlock_define_initialized (, __libc_setlocale_lock attribute_hidden) /* Defined in loadmsgcat.c. */ extern int _nl_msg_cat_cntr; @@ -314,7 +314,7 @@ } /* Protect global data. */ - __libc_lock_lock (__libc_setlocale_lock); + __libc_rwlock_wrlock (__libc_setlocale_lock); /* Load the new data for each category. */ while (category-- 0) @@ -381,7 +381,7 @@ free ((char *) newnames[category]); /* Critical section left. */ - __libc_lock_unlock (__libc_setlocale_lock); + __libc_rwlock_unlock (__libc_setlocale_lock); /* Free the resources (the locale path variable). */ free (locale_path); @@ -394,7 +394,7 @@ const char *newname[1] = { locale }; /* Protect global data. */ - __libc_lock_lock (__libc_setlocale_lock); + __libc_rwlock_wrlock (__libc_setlocale_lock); if (CATEGORY_USED (category)) { @@ -446,7 +446,7 @@ } /* Critical section left. */ - __libc_lock_unlock (__libc_setlocale_lock); + __libc_rwlock_unlock (__libc_setlocale_lock); /* Free the resources (the locale path variable. */ free (locale_path); -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447]
* brian m. carlson: The glibc stub resolver is vulnerable to CVE-2008-1447, according to DSA 1605. Since the vast majority of network-using programs use glibc as a resolver, this vulnerability affects virtually any network-using program, hence the severity. libc6 should not be released without a fix for this problem. The vulnerability has been exposed: http://demosthen.es/post/43048623/reliable-dns-forgery-in-2008 I fail to see how this attack has a chance to work against non-caching stub resolvers like the GNU libc resolver. However, we're working on a solution. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#478183: libc6-dev: Various header problems:
John David Anglin a écrit : Could you please send us a reduced testcase? Any news on that? No. I just got back from vacation. Any news on that? -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#478693: Incompatibility of libc6 with kernel 2.6 ax25
Aurelien Jarno a écrit : On Sat, May 10, 2008 at 11:42:57PM +0200, Aurelien Jarno wrote: On Sat, May 10, 2008 at 10:33:59PM +0200, Aurelien Jarno wrote: tag 478693 + moreinfo thanks On Wed, Apr 30, 2008 at 01:57:26PM +0200, Arjan van Schijndel wrote: Package: libc6 Version: 2.3.6.ds1-13etch5 The following files in libc6 are not up to date: netax25/ax25.h netrom/netrom.h netrose/rose.h. Meaning these files do not correspond with the ax25.h netrom.h and rose.h from the 2.6 kernel. Resulting in a wrong syscall.h. Could you please give more details? A quick look showed that netrose/rose.h and linux/rose.h are the same. linux/ax25.h and linux/rose.h have a few more definitions netax25/ax25.h and netrom/netrom.h, but the #define and structures present in the glibc one are the same than the ones in the kernel. The best would be to tell us which structures / #define are missing to get you application compiled. A closer look showed that the only outdated part is in netax25/ax25.h. netrom/netrom.h and netrose/rose.h are up-to-date. Here are a patch to update netax25/ax25.h. Could you please try it and see if it fixes your problems? diff --git a/sysdeps/unix/sysv/linux/netax25/ax25.h b/sysdeps/unix/sysv/linux/netax25/ax25.h index ce3c7ab..3ca2b4d 100644 --- a/sysdeps/unix/sysv/linux/netax25/ax25.h +++ b/sysdeps/unix/sysv/linux/netax25/ax25.h @@ -50,9 +50,11 @@ #define SIOCAX25SETPARMS(SIOCPROTOPRIVATE+6) #define SIOCAX25OPTRT (SIOCPROTOPRIVATE+7) #define SIOCAX25CTLCON (SIOCPROTOPRIVATE+8) -#define SIOCAX25GETINFO (SIOCPROTOPRIVATE+9) +#define SIOCAX25GETINFOOLD (SIOCPROTOPRIVATE+9) #define SIOCAX25ADDFWD (SIOCPROTOPRIVATE+10) #define SIOCAX25DELFWD (SIOCPROTOPRIVATE+11) +#define SIOCAX25DEVCTL (SIOCPROTOPRIVATE+12) +#define SIOCAX25GETINFO (SIOCPROTOPRIVATE+13) /* unknown: */ #define AX25_NOUID_DEFAULT 0 @@ -112,13 +114,16 @@ struct ax25_ctl_struct struct ax25_info_struct { -unsigned int n2, n2count; +unsigned int n2, n2count; unsigned int t1, t1timer; unsigned int t2, t2timer; unsigned int t3, t3timer; unsigned int idle, idletimer; unsigned int state; unsigned int rcv_q, snd_q; +unsigned int vs, vr, va, vs_max; +unsigned int paclen; +unsigned int window; }; struct ax25_fwd_struct Any news on that? Any news on that? -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#473553: libc6: [tzselect] worng DST values for isreal
Aurelien Jarno a écrit : Jabka Atu a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear Aurelien,.. Sorry this was a Typpo the Real time should be 13:37 Aurelien Jarno wrote: reassign 473553 tzdata thanks Jabka Atu a écrit : Package: libc6 Version: 2.7-6 Severity: normal Dear Maintainer ,.. when using isreal DST values the time isn't the correct one that is in reallity for example : Today (31/3/2008 ) Isreal - While the real time is 12:25 the date retorns me : Mon Mar 31 12:37:19 IDT 2008 What do you call real time precisely? By Real time i ment the time on : My mobile phone And on televison. Perhaps it is related to Israeli DST issues (They aren't related to dates but to goverment ideas). Is it the time on your wall clock or a time from your computer? I find very strange to not have an entire number of hours between the two, but instead a 12 minutes difference. What time did you expect instead of the one currently returned? To fix it moved the clock one hour manually (the pc's clock). in other words - The DST in isreal should be +3 and not +2 (UTC). This is actually what is present in tzdata. What's the output of: /sbin/hwclock TZ=UTC date TZ=Israel date Any news on that? -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#463808: [mips] kernel crashes because of data bus error
Processing commands for [EMAIL PROTECTED]: reassign 463808 linux-2.6 Bug#463808: [mips] kernel crashes because of data bus error Bug reassigned from package `libc6' to `linux-2.6'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#481543: libc6: low-memory snprintf provokes internal segfault
Aurelien Jarno a écrit : tag 481543 + unreproducible tag 481543 + moreinfo thanks On Fri, May 16, 2008 at 10:30:34PM +0200, Jim Meyering wrote: Package: libc6 Version: 2.7-11 Severity: normal glibc's snprintf function malfunctions (segfault) when its internal memory allocation fails. FYI, this bug is new in libc6 2.7-11. I noticed because it provokes a new failure in coreutils' printf-surprise test. This is not a problem when using rawhide's glibc-2.8. $ cat snprintf-test-debbug.c #include stdio.h #include string.h int main(int argc, char **argv) { char buf[200]; char *fmt = argv[1]; if (argc 2) return 1; return snprintf (buf, sizeof buf, fmt, 1); } $ gcc snprintf-test-debbug.c $ zsh -c 'ulimit -v 5000; ./a.out %$[5*2**20]d' zsh: segmentation fault zsh -c 'ulimit -v 5000; ./a.out %$[5*2**20]d' [Exit 139 (SEGV)] I am unable to reproduce this problem. Moreover version 2.7-11 doesn't introduce any change in this area. Please check that the bug is still reproducible on your system and that downgrading to 2.7-10 actually fixes the problem. Any news on that? -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489593: libc6: ldconfig segmentation fault
GREY a écrit : Before generating another backtrace, please install http://packages.debian.org/lenny/libc6-dbg if possible. (Not sure if it will work with ldconfig broken.) # dpkg -i libc6-dbg_2.7-10_i386.deb (Reading database ... 226207 files and directories currently installed.) Preparing to replace libc6-dbg 2.7-10 (using libc6-dbg_2.7-10_i386.deb) ... Unpacking replacement libc6-dbg ... dpkg: dependency problems prevent configuration of libc6-dbg: libc6-dbg depends on libc6 (= 2.7-10); however: Package libc6 is not configured yet. dpkg: error processing libc6-dbg (--install): dependency problems - leaving unconfigured Errors were encountered while processing: libc6-dbg In result files are installed but without properly configuration. libc6 is broken due to broken ldconfig. Once you get the SIGSEGV in gdb, please use the bt command to produce a full backtrace. # gdb ldconfig GNU gdb 6.7.1-debian Copyright (C) 2007 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as i486-linux-gnu... (no debugging symbols found) Using host libthread_db library /lib/i686/cmov/libthread_db.so.1. (gdb) run Starting program: /sbin/ldconfig (no debugging symbols found) Program received signal SIGSEGV, Segmentation fault. 0x0806084b in ?? () (gdb) bt #0 0x0806084b in ?? () #1 0x0804b0ce in ?? () #2 0xd5b0db76 in ?? () #3 0xb7f4e7c6 in ?? () #4 0x000e in ?? () #5 0x in ?? () (gdb) Is it OK? Unfortunately there is no useful info in this backtrace, because debugging symbols are stripped from /sbin/ldconfig. Please try with ldconfig from [1] (signed md5 available from [2]). Also: - Could you please send us the contents from /etc/ld.so.conf, and of the files from /etc/ld.so.conf.d/ ? - Does removing /etc/ld.so.cache helps? Thanks, Aurelien [1] http://temp.aurel32.net/ldconfig [2] http://temp.aurel32.net/ldconfig.md5sums.asc -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#463808: [mips] kernel crashes because of data bus error
reassign 463808 linux-2.6 thanks On Sun, May 11, 2008 at 07:12:07PM +0200, Giuseppe Sacco wrote: Hi Aurelien, I currently cannot test it anymore, so I have to setup a new machine for this special purpose. I will try to get back to this problem during the next week or so. I have got no news on that side. As I still don't understand how a kernel crash can be a glibc problem, I am reassigning the bug to the linux-2.6 package. Please try with a newer kernel version to see if the bug is fixed or not. -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489252: libc6-dbg: doesn't contain debug symbols for /lib/i686/cmov/libc.so.6
Aurelien Jarno a écrit : Paul Wise a écrit : Package: libc6-dbg Version: 2.7-12 Severity: wishlist libc6-dbg doesn't contain debug symbols for /lib/i686/cmov/libc.so.6 and It does, see /usr/lib/debug/lib/i686/cmov/libc-2.7.so other stuff from libc6-i686. It does contain some of the debug symbols though, but not all of them and unfortunately not the i686 libc ones. $ dpkg -L libc6-dbg | grep cmov | wc -l 24 $ dpkg -L libc6-i686 | grep cmov | wc -l 44 The differences are the symlinks. Why do you need the symlinks for debugging? Any news on that? -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#447609: marked as done (ldconfig triggerisation)
Your message dated Tue, 22 Jul 2008 15:14:52 +0200 with message-id [EMAIL PROTECTED] and subject line Re: Bug#447609: ldconfig triggerisation has caused the Debian Bug report #447609, regarding ldconfig triggerisation to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 447609: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447609 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Source: glibc Version: 2.6.1-6 Severity: wishlist Tags: patch The attached patch triggerises the invocation of ldconfig by package maintainer scripts. By `triggerises' I mean that the patch arranges for ldconfig invocations by maintainer scripts to call dpkg-trigger instead of ldconfig. ldconfig will be actually run out of glibc's maintainer script during trigger processing. The consequence is that all of the ldconfig invocations during a dpkg run are deferred, and instead ldconfig is run once at the end. The understanding on which we base this approach is that after library installation (which is when ldconfig is used in maintainer scripts) it is always safe to defer the execution of ldconfig. Ie, that after a new library has been installed or an existing library upgraded, programs which link against the library will work even though ldconfig hasn't been run. We understand that not running ldconfig will incur some performance penalty during the upgrade process but in practice this is far outweighed by the cost of repeatedly running ldconfig. We took the approach of renaming ldconfig to ldconfig.real and replacing it with a wrapper script. This is unfortunately necessary because maintainer scripts are in the habit of calling ldconfig directly. An alternative approach would be to change all of the packages not to call ldconfig but instead to call a new script but this would involve a much more complicated and lengthy transition. The patch is safe to use with a non-triggers-supporting dpkg and in all transitional states: where the trigger system is not properly set up yet, ldconfig is run as normal. Note that sid's dpkg does not yet have the triggers patch merged but there has been extensive discussion of the design and interfaces for triggers and the API should IMO be considered stable. These changes have been tested and released as part of Ubuntu 7.10 aka `gutsy gibbon'. The patch below is the consilidation of the results of our testing. So we believe that this patch can and should be safely applied to sid's glibc straight away. Ian. diff --exclude='*.orig' -ruN orig/glibc-2.6.1/debian/debhelper.in/libc.postinst glibc-2.6.1/debian/debhelper.in/libc.postinst --- orig/glibc-2.6.1/debian/debhelper.in/libc.postinst 2007-10-22 15:40:11.0 +0100 +++ glibc-2.6.1/debian/debhelper.in/libc.postinst 2007-10-22 15:38:11.0 +0100 @@ -5,6 +5,15 @@ type=$1 preversion=$2 +if [ x$type = xtriggered ] +then + LDCONFIG_NOTRIGGER=y + export LDCONFIG_NOTRIGGER + echo ldconfig deferred processing now taking place + ldconfig + exit 0 +fi + package_name() { echo LIBC diff --exclude='*.orig' -ruN orig/glibc-2.6.1/debian/debhelper.in/libc.triggers glibc-2.6.1/debian/debhelper.in/libc.triggers --- orig/glibc-2.6.1/debian/debhelper.in/libc.triggers 1970-01-01 01:00:00.0 +0100 +++ glibc-2.6.1/debian/debhelper.in/libc.triggers 2007-10-22 15:38:11.0 +0100 @@ -0,0 +1 @@ +interest ldconfig diff --exclude='*.orig' -ruN orig/glibc-2.6.1/debian/local/ldconfig_wrap glibc-2.6.1/debian/local/ldconfig_wrap --- orig/glibc-2.6.1/debian/local/ldconfig_wrap 1970-01-01 01:00:00.0 +0100 +++ glibc-2.6.1/debian/local/ldconfig_wrap 2007-10-22 15:39:01.0 +0100 @@ -0,0 +1,17 @@ +#!/bin/sh + +if test $# = 0\ + test x$LDCONFIG_NOTRIGGER = x \ + test x$DPKG_MAINTSCRIPT_PACKAGE != x \ + dpkg-trigger --check-supported 2/dev/null \ + dpkg --compare-versions $DPKG_RUNNING_VERSION ge '1.14.5ubuntu10~~' +then + if dpkg-trigger --no-await ldconfig; then + if test x$LDCONFIG_TRIGGER_DEBUG != x; then + echo ldconfig: wrapper deferring update (trigger activated) + fi + exit 0 + fi +fi + +exec /sbin/ldconfig.real $@ diff --exclude='*.orig' -ruN orig/glibc-2.6.1/debian/rules.d/debhelper.mk glibc-2.6.1/debian/rules.d/debhelper.mk --- orig/glibc-2.6.1/debian/rules.d/debhelper.mk2007-10-22 15:40:11.0 +0100 +++
Bug#468560: marked as done (segfault on upgrade of libc6)
Your message dated Tue, 22 Jul 2008 15:19:19 +0200 with message-id [EMAIL PROTECTED] and subject line Re: Bug#468560: segfault on upgrade of libc6 has caused the Debian Bug report #468560, regarding segfault on upgrade of libc6 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 468560: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468560 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: libc6 Version: 2.7-9 Severity: normal During an aptitude update I had the following: makayla:/var/cache/apt/archives# aptitude -u Preconfiguring packages ... (Reading database ... 99777 files and directories currently installed.) Preparing to replace libc6-dev 2.7-8 (using .../libc6-dev_2.7-9_i386.deb) ... Unpacking replacement libc6-dev ... Preparing to replace libc6 2.7-8 (using .../archives/libc6_2.7-9_i386.deb) ... Unpacking replacement libc6 ... Setting up libc6 (2.7-9) ... /var/lib/dpkg/info/libc6.postinst: line 393: 3449 Segmentation fault ldconfig I could not get the machine to respond after this and had to do a shut-down and reboot by the power button. After restart, dpkg --configure -a worked fine. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.25-rc2 (SMP w/1 CPU core; PREEMPT) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libc6 depends on: ii libgcc1 1:4.3-20080227-1 GCC support library libc6 recommends no packages. -- debconf information: glibc/upgrade: true glibc/restart-failed: glibc/restart-services: ---End Message--- ---BeginMessage--- As this bug is not reproducible, I am closing it. Don't hesitate to reopen it if the bug reappears. -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net ---End Message---
Bug#491786: [INTL:sv] Swedish strings for tzdata debconf
[EMAIL PROTECTED] a écrit : package: tzdata severity: wishlist tags: patch l10n The attached file looks incomplete. Also a translation has already been submitted in bug#490783. Could you please check that the work is not duplicated? -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: tagging 485364
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.26 tags 485364 + pending Bug#485364: tzdata: FTBFS when converted to new source format 3.0 (quilt): require -p0 for some patches There were no tags set. Tags added: pending End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489252: libc6-dbg: doesn't contain debug symbols for /lib/i686/cmov/libc.so.6
On Tue, 2008-07-22 at 15:03 +0200, Aurelien Jarno wrote: Any news on that? Sorry, didn't receive your earlier email. I guess this is a gdb issue then, since it doesn't seem to be able to find symbols for libc. Hmmm, it can't even find the libc.so.6 symbols when I purge libc6-i686 and copy /usr/lib/debug/lib/libc-2.7.so to /usr/lib/debug/lib/libc.so.6. Same happens when I make a symlink to libc-2.7.so. Reinstalling libc6-i686 and libc6-dbg doesn't seem to help either. I guess I should reassign this to gdb? -- bye, pabs http://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
r3011 - in tzdata/trunk/debian: . patches
Author: aurel32 Date: 2008-07-22 14:04:29 + (Tue, 22 Jul 2008) New Revision: 3011 Modified: tzdata/trunk/debian/changelog tzdata/trunk/debian/patches/series tzdata/trunk/debian/patches/systemv.diff Log: * patches/systemv.diff: convert to -p1. Closes: #485364. Modified: tzdata/trunk/debian/changelog === --- tzdata/trunk/debian/changelog 2008-07-19 16:15:02 UTC (rev 3010) +++ tzdata/trunk/debian/changelog 2008-07-22 14:04:29 UTC (rev 3011) @@ -27,8 +27,11 @@ - Russian. Closes: #491339 - Belarusian. Closes: #491444 - -- Clint Adams [EMAIL PROTECTED] Sun, 13 Jul 2008 06:35:00 -0400 + [ Aurelien Jarno ] + * patches/systemv.diff: convert to -p1. Closes: #485364. + -- Aurelien Jarno [EMAIL PROTECTED] Tue, 22 Jul 2008 16:03:52 +0200 + tzdata (2008c-1) unstable; urgency=low * New upstream release. Modified: tzdata/trunk/debian/patches/series === --- tzdata/trunk/debian/patches/series 2008-07-19 16:15:02 UTC (rev 3010) +++ tzdata/trunk/debian/patches/series 2008-07-22 14:04:29 UTC (rev 3011) @@ -1 +1 @@ -systemv.diff -p0 +systemv.diff -p1 Modified: tzdata/trunk/debian/patches/systemv.diff === --- tzdata/trunk/debian/patches/systemv.diff2008-07-19 16:15:02 UTC (rev 3010) +++ tzdata/trunk/debian/patches/systemv.diff2008-07-22 14:04:29 UTC (rev 3011) @@ -1,7 +1,7 @@ Create the SystemV links, for compatibility with previous versions. systemv2006-04-10 11:36:52.455402059 +0200 -+++ systemv2006-04-10 11:37:12.684500320 +0200 +--- tzdata.orig/systemv2006-04-10 11:36:52.455402059 +0200 tadata/systemv 2006-04-10 11:37:12.684500320 +0200 @@ -34,3 +34,16 @@ ## Zone SystemV/PST8-8:00 - PST ## Zone SystemV/YST9-9:00 - YST -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#490530: marked as done (libc6: gethostbyaddr() times out if reverse dns not found)
Your message dated Tue, 22 Jul 2008 16:34:04 +0200 with message-id [EMAIL PROTECTED] and subject line Re: Bug#490530: libc6: gethostbyaddr() times out if reverse dns not found has caused the Debian Bug report #490530, regarding libc6: gethostbyaddr() times out if reverse dns not found to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 490530: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490530 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: libc6 Version: 2.7-10 Severity: normal I noticed that when I tried pinging kalus.dk (which does not have reverse DNS at the time of writing), ping would only send a packet every 5 seconds. [EMAIL PROTECTED] ~ host kalus.dk kalus.dk has address 89.233.27.15 kalus.dk mail is handled by 10 mail.kalus.dk. [EMAIL PROTECTED] ~ host 89.233.27.15 Host 15.27.233.89.in-addr.arpa. not found: 3(NXDOMAIN) [EMAIL PROTECTED] ~ ping kalus.dk PING kalus.dk (89.233.27.15) 56(84) bytes of data. [5 second pause] 64 bytes from 89.233.27.15: icmp_seq=1 ttl=56 time=6.21 ms [5 second pause] 64 bytes from 89.233.27.15: icmp_seq=2 ttl=56 time=5.89 ms [5 second pause] 64 bytes from 89.233.27.15: icmp_seq=3 ttl=56 time=5.98 ms [5 second pause] 64 bytes from 89.233.27.15: icmp_seq=4 ttl=56 time=4.48 ms I tracked it down to the function call char *pr_addr in ping.c, when calling gethostbyaddr() : /* pr_addr -- Return an ascii host address as a dotted quad and optionally with a hostname. */ char *pr_addr(__u32 addr) { struct hostent *hp; [...] hp = gethostbyaddr((char *)addr, 4, AF_INET); [...] } I see no reason why it should take 5 seconds to find out that reverse DNS is not available, when the host command returns the answer immediately. Doing a strace I get (selected parts of trace): stat(/etc/resolv.conf, {st_mode=S_IFREG|0644, st_size=131, ...}) = 0 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4 connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr(83.221.148.2)}, 28) = 0 fcntl(4, F_GETFL) = 0x2 (flags O_RDWR) fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK)= 0 poll([{fd=4, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 sendto(4, \t,\1\0\0\1\0\0\0\0\0\0\00215\00227\003233\00289\7in-a..., 43, MSG_NOSIGNAL, NULL, 0) = 43 poll([{fd=4, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 ioctl(4, FIONREAD, [103]) = 0 recvfrom(4, \t,\201\203\0\1\0\0\0\1\0\0\00215\00227\003233\00289\7..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr(83.221.148.2)}, [16]) = 103 close(4)= 0 socket(PF_FILE, SOCK_STREAM, 0) = 4 fcntl(4, F_GETFD) = 0 fcntl(4, F_SETFD, FD_CLOEXEC) = 0 connect(4, {sa_family=AF_FILE, path=/var/run/avahi-daemon/socket}, 110) = 0 fcntl(4, F_GETFL) = 0x2 (flags O_RDWR) fstat(4, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2afcdfb72000 lseek(4, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) write(4, RESOLVE-ADDRESS 89.233.27.15\n, 29) = 29 read(4, [***Here there is a 5 second wait***] -15 Timeout reached\n, 1024) = 20 close(4)= 0 I noted the lseek(4, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) Which seems suspecious. Regards, Thue -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libc6 depends on: ii libgcc1 1:4.3.1-2 GCC support library libc6 recommends no packages. -- debconf information: * glibc/upgrade: true glibc/restart-failed: * glibc/restart-services: openbsd-inetd exim4 cupsys cron atd ---End Message--- ---BeginMessage--- On Sat, Jul 12, 2008 at 08:04:27PM +0200, Thue Janus Kristensen wrote: I investigated further, and this is arguably not a bug. Please close it. Closing it with this mail. Regards, Thue On Sat, Jul 12, 2008 at 3:17 PM, Thue Janus Kristensen [EMAIL PROTECTED] wrote: Yes - reading the trace closer it is obviously an avahi bug. Regards, Thue On Sat, Jul 12, 2008 at 3:12 PM, Stephen Gran [EMAIL PROTECTED] wrote: This one time, at band camp, Thue Janus Kristensen said: I noticed that when I tried pinging kalus.dk (which does not have reverse DNS at the time of writing), ping would only send a packet every 5 seconds.
Bug#489252: libc6-dbg: doesn't contain debug symbols for /lib/i686/cmov/libc.so.6
reassign 489252 gdb thanks Paul Wise a écrit : On Tue, 2008-07-22 at 15:03 +0200, Aurelien Jarno wrote: Any news on that? Sorry, didn't receive your earlier email. I guess this is a gdb issue then, since it doesn't seem to be able to find symbols for libc. Hmmm, it can't even find the libc.so.6 symbols when I purge libc6-i686 and copy /usr/lib/debug/lib/libc-2.7.so to /usr/lib/debug/lib/libc.so.6. Same happens when I make a symlink to libc-2.7.so. Reinstalling libc6-i686 and libc6-dbg doesn't seem to help either. I guess I should reassign this to gdb? I think that's a good idea. -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#489252: libc6-dbg: doesn't contain debug symbols for /lib/i686/cmov/libc.so.6
Processing commands for [EMAIL PROTECTED]: reassign 489252 gdb Bug#489252: libc6-dbg: doesn't contain debug symbols for /lib/i686/cmov/libc.so.6 Bug reassigned from package `libc6-dbg' to `gdb'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447]
Florian Weimer a écrit : * brian m. carlson: The glibc stub resolver is vulnerable to CVE-2008-1447, according to DSA 1605. Since the vast majority of network-using programs use glibc as a resolver, this vulnerability affects virtually any network-using program, hence the severity. libc6 should not be released without a fix for this problem. The vulnerability has been exposed: http://demosthen.es/post/43048623/reliable-dns-forgery-in-2008 I fail to see how this attack has a chance to work against non-caching stub resolvers like the GNU libc resolver. However, we're working on a solution. As already said previously on this bug log, I don't think there is something to do for the glibc resolver. glibc stub resolver uses an unspecified UDP port, so it is eventually chosen by the kernel. As a consequence this has to be handled in the kernel, and is already fixed in kernel = 2.6.24 [1]. tcpdump show that using a = 2.6.24 kernel (lenny kernel), the ports are correctly randomized. With a 2.6.18 kernel (etch kernel), the ports *are* not randomized. IMHO, the UDP randomization commit has to be backported to the etch kernel. The advantage of this solution, is that it potentially fixes other bugs/vulnerabilities in other protocols/programs using UDP. Cheers, Aurelien [1] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=32c1da70810017a98aa6c431a5494a302b6b9a30 -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#491786: [INTL:sv] Swedish strings for tzdata debconf
On Tue, 22 Jul 2008, Aurelien Jarno wrote: [EMAIL PROTECTED] a écrit : package: tzdata severity: wishlist tags: patch l10n The attached file looks incomplete. Also a translation has already been submitted in bug#490783. Could you please check that the work is not duplicated? Bummer. The new bug (#491786) is indeed a faulty one. The strings in bug #490783 still applies. This bug can be closed without any further notices, sorry for the inconvenience it may have caused anyone. -- /brother http://frakalendern.se Bruce Schneier made Bell-LaPadula do a brutal doodle. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447]
Florian Weimer a écrit : * Aurelien Jarno: IMHO, the UDP randomization commit has to be backported to the etch kernel. The advantage of this solution, is that it potentially fixes other bugs/vulnerabilities in other protocols/programs using UDP. Currently, there is no suitable patch to backport. I hope that improved port randomization will be available shortly. You mean a patch for the kernel? -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#491786: marked as done ([INTL:sv] Swedish strings for tzdata debconf)
Your message dated Tue, 22 Jul 2008 17:22:19 +0200 with message-id [EMAIL PROTECTED] and subject line Re: Bug#491786: [INTL:sv] Swedish strings for tzdata debconf has caused the Debian Bug report #491786, regarding [INTL:sv] Swedish strings for tzdata debconf to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 491786: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491786 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- package: tzdata severity: wishlist tags: patch l10n -- brother http://frakalendern.se# translation of tzdata_2008b-2_sv.po to swedish # Swedish translation of tzdata. # Copyright: This file is in the public domain. # This file is distributed under the same license as the tzdata package. # # Christer Andersson [EMAIL PROTECTED], 2008. # Martin Bagge [EMAIL PROTECTED], 2008. msgid msgstr Project-Id-Version: tzdata_2008b-2_sv\n Report-Msgid-Bugs-To: [EMAIL PROTECTED] POT-Creation-Date: 2008-03-24 09:56-0400\n PO-Revision-Date: 2008-07-21 16:04+0100\n Last-Translator: Martin Bagge [EMAIL PROTECTED]\n Language-Team: swedish [EMAIL PROTECTED]\n MIME-Version: 1.0\n Content-Type: text/plain; charset=ISO-8859-1\n Content-Transfer-Encoding: 8bit\n X-Generator: KBabel 1.11.4\n #. Type: select #. Choices #. Note to translators: #. - Etc will present users with a list #. of GMT+xx or GMT-xx timezones #. - SystemV will give the choice between zone named as per SystemV conventions: #. EST5, MST7, etc. #: ../templates:1001 msgid Africa msgstr Afrika #. Type: select #. Choices #. Note to translators: #. - Etc will present users with a list #. of GMT+xx or GMT-xx timezones #. - SystemV will give the choice between zone named as per SystemV conventions: #. EST5, MST7, etc. #: ../templates:1001 msgid America msgstr Amerika #. Type: select #. Choices #. Note to translators: #. - Etc will present users with a list #. of GMT+xx or GMT-xx timezones #. - SystemV will give the choice between zone named as per SystemV conventions: #. EST5, MST7, etc. #: ../templates:1001 msgid Antarctica msgstr Antarktis #. Type: select #. Choices #. Note to translators: #. - Etc will present users with a list #. of GMT+xx or GMT-xx timezones #. - SystemV will give the choice between zone named as per SystemV conventions: #. EST5, MST7, etc. #: ../templates:1001 msgid Australia msgstr Australien #. Type: select #. Choices #. Note to translators: #. - Etc will present users with a list #. of GMT+xx or GMT-xx timezones #. - SystemV will give the choice between zone named as per SystemV conventions: #. EST5, MST7, etc. #: ../templates:1001 msgid Arctic msgstr Norra Ishavet #. Type: select #. Choices #. Note to translators: #. - Etc will present users with a list #. of GMT+xx or GMT-xx timezones #. - SystemV will give the choice between zone named as per SystemV conventions: #. EST5, MST7, etc. #: ../templates:1001 msgid Asia msgstr Asien #. Type: select #. Choices #. Note to translators: #. - Etc will present users with a list #. of GMT+xx or GMT-xx timezones #. - SystemV will give the choice between zone named as per SystemV conventions: #. EST5, MST7, etc. #: ../templates:1001 msgid Atlantic msgstr Atlanten #. Type: select #. Choices #. Note to translators: #. - Etc will present users with a list #. of GMT+xx or GMT-xx timezones #. - SystemV will give the choice between zone named as per SystemV conventions: #. EST5, MST7, etc. #: ../templates:1001 msgid Europe msgstr Europa #. Type: select #. Choices #. Note to translators: #. - Etc will present users with a list #. of GMT+xx or GMT-xx timezones #. - SystemV will give the choice between zone named as per SystemV conventions: #. EST5, MST7, etc. #: ../templates:1001 msgid Indian msgstr Indiska Oceanen #. Type: select #. Choices #. Note to translators: #. - Etc will present users with a list #. of GMT+xx or GMT-xx timezones #. - SystemV will give the choice between zone named as per SystemV conventions: #. EST5, MST7, etc. #: ../templates:1001 msgid Pacific msgstr Stilla Havet #. Type: select #. Choices #. Note to translators: #. - Etc will present users with a list #. of GMT+xx or GMT-xx timezones #. - SystemV will give the choice between zone named as per SystemV conventions: #. EST5, MST7, etc. #: ../templates:1001 msgid SystemV msgstr SystemV-tidszoner #. Type: select #. Choices #. Note to translators: #. - Etc will present users with a list #. of GMT+xx or GMT-xx timezones #. - SystemV will give the choice between zone named as per SystemV conventions: #. EST5, MST7, etc. #: ../templates:1001 msgid Et---End Message--- ---BeginMessage--- Martin Bagge a écrit
Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447]
* Aurelien Jarno: IMHO, the UDP randomization commit has to be backported to the etch kernel. The advantage of this solution, is that it potentially fixes other bugs/vulnerabilities in other protocols/programs using UDP. Currently, there is no suitable patch to backport. I hope that improved port randomization will be available shortly. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: found 491809 in 2.3.6.ds1-13
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.34 found 491809 2.3.6.ds1-13 Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447] Bug marked as found in version 2.3.6.ds1-13. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447]
* Aurelien Jarno: Currently, there is no suitable patch to backport. I hope that improved port randomization will be available shortly. You mean a patch for the kernel? Yes, one for the kernel, and one for the transaction ID generation in the libc resolver, too. (Oh, and shortly == next week or so.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447]
On Tue, Jul 22, 2008 at 03:24:06PM +, Florian Weimer wrote: * Aurelien Jarno: Currently, there is no suitable patch to backport. I hope that improved port randomization will be available shortly. You mean a patch for the kernel? Yes, one for the kernel, and one for the transaction ID generation in the libc resolver, too. (Oh, and shortly == next week or so.) Assuming the TID generator for the glibc is good enough and that the flaw is the one described in [0], then the glibc code (even nscd) isn't vulnerable, because it doesn't cache or even look at the additional records. The problems with QID randomization are quite orthogonal, and it's a problem known for 20 years now (using last QID+1 isn't really an option ;p). Having a better random number generator will probably help, but quite doesn't require such a severity (as there is already randomization of the QIDs, maybe not a perfect one). So unless you have further non yet disclosed informations, I'd suggest reconsidering the DSA. [0] http://blogs.buanzo.com.ar/2008/07/matasano-kaminsky-dns-forgery.html -- ·O· Pierre Habouzit ··O[EMAIL PROTECTED] OOOhttp://www.madism.org pgpdjnl4NkwlT.pgp Description: PGP signature
Bug#478183: libc6-dev: Various header problems:
Any news on that? The problem has gone away. I presume this is due to the latest gcc 4.3 update. I see stdarg.h is dated June 11. Dave -- J. David Anglin [EMAIL PROTECTED] National Research Council of Canada (613) 990-0752 (FAX: 952-6602) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#129550: Add more variety to your life
War criminal caught in Bosnia, to face trial in US http://www.wellgo.de/stream.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]