Package: python-netaddr-docs
Version: 0.7.19-4
Severity: grave
Justification: renders package unusable
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
I wanted to read the documentation for the python-netaddr
Package: python3-urwid
Version: 2.0.1-2+b1
Severity: minor
Tags: upstream
When running an urwid program using "/usr/bin/python3 -b" (note the -b
option), the urwid package triggered a warning:
[...]
File "/usr/lib/python3/dist-packages/urwid/display_common.py", line 760, in
stop
reason to believe this to be false?
Your observed behavior could easily be explained by the fact that
Firefox doesn't check the signatures immediately, and it might have
happened to check them just as you were altering the "studies" settings,
which themselves did nothing.
My installed version is:
Package: firefox-esr
Version: 60.6.1esr-1~deb9u1
/Teddy Hogeborn
to the package (and/or upstream) as needed.
/Teddy Hogeborn
--
The Mandos Project
https://www.recompile.se/mandos
Package: systemd
Version: 239-12~bpo9+1
Severity: normal
Tags: upstream
There is a way to get systemd to instantly reboot the system; this
behaviour is 100% reproducible if run on real hardware, i.e. not in
Qemu or similar. The cause is a misconfigured system, but this bug is
mainly about the
d in
the future by using the options --ignore-time-conflict and/or
--ignore-valid-from, but from what I can see, there does not seem to be
a way to pass those through GPGME. So we'll do it the hard way, by
setting the system clock, like you did.
/Teddy Hogeborn
--
The Mandos Project
https:/
it is, it can't be a problem reading the key files, because we can
import them into GnuTLS just fine. It must, I think, be some problem
with writing or locking the GPGME keyring files, which is why I'm still
leaing towards the unwriteable /tmp problem, or something very much like
it.
/Teddy Hogeb
> Well, they are surely there as it works in the chrooted copy of
> initramfs...
Well, maybe they aren't runnable because plugin-runner is switching to
the wrong user and group ID. But in that case it's strange that it
could read the OpenPGP key files.
/Teddy Hogeborn
--
The Mandos Pro
output, in the normal system, in chroot,
and at boot? Do the listed binaries all exist in all three systems,
i.e. what is the output of this command?
ls -laF $(gpgconf | awk -F: '{ print $3 }')
(Also don't forget to double check for a non-writeable /tmp.)
/Teddy Hogeborn
--
The Mandos Project
https://www.recompile.se/mandos
signature.asc
Description: PGP signature
password. You could also disable them *both*, and the
plugin-runner will fall back to asking for the password itself on the
console. I am wondering which, if any, of these disablings will make
the LeakSanitizer errors go away on your system. That would help to
narrow the problem down significantly.
/Teddy Hogeborn
--
The Mandos Project
https://www.recompile.se/mandos
signature.asc
Description: PGP signature
uot;raw public keys" (RFC7250), but its
developer has not merged it to GnuTLS upstream yet.
/Teddy Hogeborn
--
The Mandos Project
https://www.recompile.se/mandos
signature.asc
Description: PGP signature
newGC = Tk_GetGC(w->tkwin,
GCBackground|GCForeground|GCLineStyle|GCDashList|GCGraphicsExposures,
);
(This makes it a solid red line instead of a dashed red line, but I
think it is not an important difference.)
/Teddy Hogeborn
-- System Information:
Debian Release: 8.7
AP
the same issue.
>
> Many thanks in advance for taking care of this.
Many thanks for the bug report and fix! It seems the "restore" options
was also affected by the same bug. I have committed a fix to trunk; I
will make a full release with this after I have made some tests.
/Teddy Hogeborn
--
The Mandos Project
https://www.recompile.se/mandos
signature.asc
Description: PGP signature
essful run.
There is a typo on line 179; the $ and { characters seem to be
transposed. Patch included.
/Teddy Hogeborn
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: 8.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500,
reproduce the problem seems to run in the actual
initramfs environment. When you try to enter an interactive shell in
that environment, you get a kernel panic. This could be an indication
of a larger problem with your initramfs environment, and since we can't
even reproduce the problem outside this environment, I don't know what
else to do at this point. I would try to fiddle with it to get an
emergency initramfs shell to work - it seems to be the only alternative
at this point.
/Teddy Hogeborn
--
The Mandos Project
https://www.recompile.se/mandos
signature.asc
Description: PGP signature
tags 819982 + unreproducible
quit
Felix Koop <f...@fkoop.de> writes:
> > Teddy Hogeborn <te...@recompile.se> hat am 5. April 2016 um 10:12
> > geschrieben:
> >
> > So the client works in the normal system but fails in the initrd?
> > That is odd. I
lem. Also, the output of the "gpgconf" command in this mode
should be informative, especially compared to its output when run in
the normal system.
/Teddy Hogeborn
--
The Mandos Project
https://www.recompile.se/mandos
signature.asc
Description: PGP signature
the other hand, there seems to be some upstream activity -
Python-GnuTLS 3.0.0 was released on March 9th, claiming to support
GnuTLS 3.2 and later.
/Teddy Hogeborn
--
The Mandos Project
https://www.recompile.se/mandos
signature.asc
Description: PGP signature
ipts/functions); it needs IPOPTS and DEVICE
> > if [ "${connect+set}" = set ]; then
> > -configure_networking
> > +configure_networking || true
> [...]
>
> Why not:
>
> set +e # required by library functions
> configure_networking
> set -e
Thank you bo
Jörg Frings-Fürst writes:
> please test this workaround from the FAQ:
>
> Add
>
> isolate_network=NO
>
> to your vsftpd.conf file
I already have that.
/Teddy
reopen 804869
stop
Jörg Frings-Fürst writes:
> I have test it again with your notes (NIS user) and I also can't
> reproduce the error.
Well, *I* can reliably reproduce the bug. Detail: I log in using FTP
using the same user which exists only in NIS, which works.
Jörg Frings-Fürst writes:
> I have test the access with 100.000 files and 5 clients with no errors.
>
> Can you tell me your circumstances that led to the error?
The "OOPS: 421" error happens when vsftpd has "seccomp_sandbox=YES" and
it tries to show a directory
Jörg Frings-Fürst <deb...@jff-webhosting.net> writes:
> tags 804869 + moreinfo
> thanks
> Please can you test the release 3.0.3-1 from testing/unstable with
> enabled seccom sandbox?
Yes, the bug is still present.
/Teddy Hogeborn
Package: vsftpd
Version: 3.0.2-17
Severity: important
Tags: upstream
Dear Maintainer,
When trying to list a large directory, the server instead says "OOPS:
421 Service not available, remote server has closed connection", or
sometimes "OOPS: priv_sock_get_cmd". This is exactly Red Hat Bug
=2230852bd9755e1b7bfd1260082471f559b0a005
http://cgit.freedesktop.org/systemd/systemd/commit/?id=a0827e2b123010c46cfe4f03eebba57d92f9efc4
/Teddy Hogeborn
Package: emacs-goodies-el
Version: 35.12
Severity: minor
Tags: upstream
The apache-mode.el has incorrect highlighting; it highlights the word
"temporary" when in fact the correct syntax for Apache is "temp".
(See line 563 in apache-mode.el.)
-- System Information:
Debian Release: 7.9
APT
. Initramfs-tools had the
option -k all to rebuild all existing initramfs images. What would be
the corresponding command for dracut? I.e. what would such a dracut
trigger that you mention look like?
/Teddy Hogeborn
--
The Mandos Project
http://www.recompile.se/mandos
) to make
hostonly mode the default, like other distributions do.
/Teddy Hogeborn
--
The Mandos Project
http://www.recompile.se/mandos
Package: wnpp
Severity: wishlist
* Package name: mstpd
Version : 0.0.3
Upstream Author : Srinivas Aji aji_srini...@emc.com
* URL : http://sourceforge.net/projects/mstpd/
* License : GPLv2
Programming Lang: C
Description : A daemon implementing the RSTP
Private correspondence with the initial bug reporter has determined that
this bug is a duplicate of bug #764034, so this bug has been merged with
that one.
/Teddy Hogeborn
--
The Mandos Project
http://www.recompile.se/mandos
pgpEOSBL58R1i.pgp
Description: PGP signature
up when the client connects.
1) http://mail.recompile.se/pipermail/mandos-dev/2014-October/000305.html
2) https://release.debian.org/transitions/html/gnutls28.html
3) https://wiki.debian.org/gnutls3
/Teddy Hogeborn
--
The Mandos Project
http://www.recompile.se/mandos
--
To UNSUBSCRIBE, email
to the Depends line for the mandos
package baffles me even more; the mandos binary package does not
depend on any specific version of python-gnutls, it uses what's
available, and runs well with either.
/Teddy Hogeborn
--
The Mandos Project
http://www.recompile.se/mandos
--
To UNSUBSCRIBE, email
leaning towards the latter.
/Teddy Hogeborn
--
The Mandos Project
http://www.recompile.se/mandos
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
sure that what was actually meant was instead the function
gnutls_certificate_set_openpgp_key. Indeed, when changed to that,
the functions in the Python module are present, callable and working.
/Teddy Hogeborn
--
The Mandos Project
http://www.recompile.se/mandos
-- System Information:
Debian
tags 762760 +patch
stop
Chet Ramey has posted a patch for this (also attached):
http://www.openwall.com/lists/oss-security/2014/09/25/10
/Teddy Hogeborn
*** ../bash-20140912/parse.y 2014-08-26 15:09:42.0 -0400
--- parse.y 2014-09-24 22:47:28.0 -0400
***
*** 2959,2962
Sylvestre Ledru sylves...@debian.org writes:
Nested functions are NOT part of the C and C++ standard:
http://en.wikipedia.org/wiki/Nested_function#Languages
The gcc support is a mistake.
Nested functions is an official GCC extension:
Linux-specific features and not
only those of the POSIX kernel functions. We use GLibc-specific
features and not only those of the POSIX standard library. We also, as
you have noticed, use features specific to GCC and not only those of the
ANSI C standard. Is this not correct?
/Teddy Hogeborn
with this.
/Teddy Hogeborn
--
The Mandos Project
http://www.recompile.se/mandos
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
sponsor for the forseeable future.
Regards,
Teddy Hogeborn
--
The Mandos Project
http://www.recompile.se/mandos
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Package: netpbm
Version: 2:10.0-15+b1
Severity: minor
Tags: fixed-upstream
NAME
pamdice - slice a Netpbm image into many horizontally and/or vertically
SYNOPSIS
pamslice -outstem=filenamestem [-width=width] [-height=height] [-ver‐
bose] [filename]
Note the
Package: opendnssec
Version: 1.3.2-1~bpo60+1
Severity: normal
A normal SPF (or legacy TXT) record starts with the prefix v=spf1,
followed by a space character. If this space character is
accidentally replaced with a TAB character (ASCII 0x09), the
OpenDNSSEC signer ignores the record, and it is
will have to do some more tests in my
copious spare time.
/Teddy Hogeborn
--
The Mandos Project
http://www.recompile.se/mandos
pgpJcDij3sBGl.pgp
Description: PGP signature
suspecting a GnuTLS regression with SECURE256 and CTYPE-OPENPGP.
Note: The clients need no changes.
/Teddy Hogeborn
--
The Mandos Project
http://www.recompile.se/mandos
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas
Teddy Hogeborn te...@recompile.se writes:
Uncommenting the priority setting in mandos.conf and appending
:+SIGN-RSA-SHA224 makes it work; i.e. this line should be present in
/etc/mandos.conf:
priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:+SIGN-RSA-SHA224
I meant, of course, /etc/mandos
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package mandos
We released Mandos version 1.6.0 well in advance of the anticipated
Debian freeze, and have been using it ourselves since then, but our
sponsor did not
, which has
the gcry_control symbol it needs.
/Teddy Hogeborn
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'oldstable'), (50, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale
version of a much much larger
program which exibited the same behavior.
I also attach a backtrace obtained when running Python 2.7 in gdb.
The problem happens both with and without the from __future__
imports, and in all of python2.6, python2.7, and python3.2.
/Teddy Hogeborn
-- System
Package: ipsec-tools
Version: 1:0.7.3-12
Severity: minor
Tags: patch
The EIPSEC_INVAL_DIR error has Invalid direciton as a string; it
should be Invalid direction.
/Teddy Hogeborn
-- System Information:
Debian Release: 6.0.2
APT prefers proposed-updates
APT policy: (500, 'proposed-updates
Teddy Hogeborn te...@fukt.bsnet.se writes:
I have realized (and attached) this patch, which worked for me to fix
this bug.
Yeah, that patch was reversed. Fixed version attached.
/Teddy Hogeborn
pgpjDLLsWYGv3.pgp
Description: PGP signature
--- mod-gnutls-0.5.6.~1~/src/gnutls_hooks.c 2010-03
I could reproduce this bug by having the libpam-gnome-keyring and
libpam-smbpass packages installed - when I removed them, the bug
vanished.
/Teddy
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Workaround: add
isolate_network=NO
to your vsftpd.conf file. This worked for me.
I got this information from a comment by Michal Seben here:
https://bugzilla.novell.com/show_bug.cgi?id=615034#c2
/Teddy Hogeborn
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
Package: doc-iana
Version: 20081201-1
Severity: normal
The file
/usr/share/doc/doc-iana/html/assignments/xml-registry/schema/domain-1.0.xsd
starts with three space characters before the ?xml declaration. This
makes the file invalid and unusable.
Proposed fix: Replace the file with an updated
Package: net-tools
Version: 1.60-22
Followup-For: Bug #541172
affects 541172 + munin-node
tags 541172 + patch
thanks
/Teddy
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Package: request-tracker3.6
Version: 3.6.7-5+lenny3
Severity: important
Tags: patch
/usr/sbin/update-rt-siteconfig does not ignore backup files, i.e.
files ending with ~. The attached patch fixes the problem.
/Teddy
-- Package-specific info:
Changed files:
usr/sbin/update-rt-siteconfig-3.6
Package: libpulsecore5
Version: 0.9.10-3+lenny2
Severity: grave
Justification: renders package unusable
The update from 0.9.10-3+lenny1 to 0.9.10-3+lenny2 made pulseaudio
stop working:
te...@bris:~$ pulseaudio
E: main.c: Failed to create '/tmp/pulse-teddy': Permission denied
te...@bris:~$
It
made an
attacker any happier.
If you think I'm wrong, please explain in a little more detail how an
attack would be constructed with this bug in place. (But I *am*
fixing this bug immediately.)
/Teddy Hogeborn
- --
The Mandos Project
http://www.fukt.bsnet.se/mandos
-BEGIN PGP SIGNATURE
package mandos-client
retitle 549585 udev: creates /dev/{u,}random with too strict permissions
summary 549585 20
tags 549585 patch
reassign 549585 udev 146-3
package udev
affects 549585 mandos-client
thanks
Teddy Hogeborn te...@fukt.bsnet.se writes:
Indeed, it seems that both /dev/random
to
force some specific module to be loaded in the initrd - which used to
be loaded by default or compiled in - to provide the random device
drivers. In that case, the question is: what module?
/Teddy Hogeborn
- --
The Mandos Project
http://www.fukt.bsnet.se/mandos
-BEGIN PGP SIGNATURE
to
force some specific module to be loaded in the initrd - which used to
be loaded by default or compiled in - to provide the random device
drivers. In that case, the question is: what module?
/Teddy Hogeborn
- --
The Mandos Project
http://www.fukt.bsnet.se/mandos
-BEGIN PGP SIGNATURE
to
wait until tomorrow (when I should have access to a sid machine) to
check which of the many changes from lenny to sid could cause it.
On the bright side, we seem to have found the actual cause of the
problem; we just need to get udev to create the devices with the
proper permissions.
/Teddy
this and other bugs.
/Teddy Hogeborn
- --
The Mandos Project
http://www.fukt.bsnet.se/mandos
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFKueMmOWBmT5XqI90RAnY+AKC7KRWAQHYZWKGvtMKw5WiCi3+O1ACgwoOj
jSv1QCi3xSl6AinUlspWtZk=
=aqpm
-END PGP SIGNATURE-
--
To UNSUBSCRIBE
Package: timelimit
Version: 1.4-2
Severity: normal
Tags: patch
Returning signal+128 does *not* tell the invoking shell that the
program terminated by a signal. Quote from
http://www.cons.org/cracauer/sigint.html:
You cannot fake the proper exit status by an exit(3) with a
: 529836
The Debian package for unstable can be found on mentors.debian.net:
- - dget http://mentors.debian.net/debian/pool/main/m/mandos/mandos_1.0.11-1.dsc
/Teddy Hogeborn
- --
The Mandos Project
http://www.fukt.bsnet.se/mandos
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux
Package: manpages
Version: 3.05-1
Severity: normal
Tags: patch
ipv6(7) has the wrong type for both the sin6_family and sin6_port
fields of the sockaddr_in6 struct. Patch attached.
/Teddy Hogeborn
-- System Information:
Debian Release: 5.0
APT prefers proposed-updates
APT policy: (500
Package: ldm
Version: 0.99debian11
Severity: normal
Tags: patch l10n
If the server har very many locales installed, LDM only displays a
certain number of them, and does not display any sessions (only the
Default session). Reproduce this by having a server with all locales
installed.
This is
Package: phpbb2
Version: 2.0.13-6sarge3
Severity: normal
I have a problem using the avatar gallery feature of phpBB. First, to
get the gallery avatars to show up at all, I had to run the command
chmod g+r /var/lib/phpbb2/avatars/gallery. And I also had to make
all the gallery subdirectories[1]
I use IPsec. I would like to block connections to a service if
the client is not using IPsec (similar to only allowing IMAPS
[EMAIL PROTECTED] (Marco d'Itri) writes:
Send a patch, and test it well.
Do you have any plan to work on this?
No. Should I have? I am not a programmer. I am
Package: emacs21
Version: 21.4a-1
Severity: normal
I wanted to show the non-comment lines in a config file I was editing,
so I tried to use the M-x occur (a.k.a. list-matching-lines) command
with the regexp ^[^#] (without the quotes). This failed with Args
out of range: NUMBER NUMBER. It turns
Here too on a Sun Enterprise 3000 (UltraSparc II) . I can fix it by
not using GSM, either by deselecting it from the client or by setting
disallow=gsm under [general] in sip.conf.
/Teddy
Package: racoon
Version: 1:0.5.2-1sarge1
Severity: important
Since upgrading to sarge I have been experiencing infrequent crashes
by racoon on more than one machine which did not exhibit this
behaviour in woody. I attached a strace to the racoon process on
two of the machines which exhibited
Marc Haber [EMAIL PROTECTED] writes:
Which change is suggested to adduser?
The change of LAST_SYSTEM_UID in /etc/adduser.conf from 999 to 499.
/etc/adduser.conf is a conffile. The range 100-999 is laid down in
policy 9.2.2, so changing the default in adduser is out of the
question.
Mark Brown [EMAIL PROTECTED] writes:
And it's not like this would be changed on a running system,
right?
That is not the case. /var/yp/Makefile is a conffile and so will be
updated if it hasn't been modified.
Oh, I see. Sorry. (Hmm, the installation scripts would have to check
for
reassign 329701 adduser
thanks
Maintainers of adduser, please review the log of bug #329701 and
comment. Thank you.
Mark Brown [EMAIL PROTECTED] writes:
It might be helpful to have everything ready to be changed in one
fell swoop in order to avoid skew between policy and reality and to
Marc Haber [EMAIL PROTECTED] writes:
Not having a clue about NIS and never having had any sizeable amount
of local users, I'd like to have an executive summary for this bug
report.
Which change is suggested to adduser?
The change of LAST_SYSTEM_UID in /etc/adduser.conf from 999 to 499.
If
Mark Brown [EMAIL PROTECTED] writes:
I submit that this is not a problem in practice since I'd bet no one
using NIS has created more than 400 local groups that must not be
exported.
And it's not like this would be changed on a running system, right?
It would just be the default value in
package debian-policy
reassign 329701 nis
thanks
(No reply from anybody on -policy for a few months now, so I follow up
myself.)
Mark Brown [EMAIL PROTECTED] writes:
This looks like a question for policy rather than the NIS package
since coordination with things like adduser seems at least
Package: nis
Version: 3.13-2
Severity: wishlist
(I tried to raise this question for general discussion some time ago
but no one replied. See
http://lists.debian.org/debian-policy/1998/10/msg00198.html.
Therefore I now submit a more specific proposal as a wishlist bug in
the hope of some
Package: tcpd
Version: 7.6.dbs-8
Severity: wishlist
I use IPsec. I would like to block connections to a service if the
client is not using IPsec (similar to only allowing IMAPS and not
IMAP). IPsec use can be detected by a socket option
(IP_IPSEC_POLICY). It would therefore be useful to me to
Package: racoon
Version: 0.5.2-1
Severity: normal
Tags: patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This is an updated patch for racoon-0.5.2-1.
/Teddy
- BEGIN PATCH
- --- /usr/sbin/racoon-tool.~1~ 2005-05-04 10:33:32.0 +0200
+++ /usr/sbin/racoon-tool 2005-06-11
Package: glibc-doc
Version: 2.3.2.ds1-21
Severity: normal
In (libc)Socket-Level Options, SO_RCVBUF is documented as having a
type size_t. In Linux, it is of type int. The man page socket(7)
does not say what type it is. The same goes for SO_SNDBUF.
This is mostly a problem on 64-bit
Package: racoon
Version: 0.3.3-1
Severity: normal
Tags: patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The peers_identifier asn1dn command in racoon-tool.conf allows a
string argument to be specified, but there are two things preventing
it from working:
1. It rejects = (equals) characters
81 matches
Mail list logo