Bug#990696: unblock: netselect/0.3.ds1-29

[Javier Fernández-Sanguino Peña]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package netselect

[ Reason ]

Netselect-apt is not able to properly parse the URLs in the mirror list
available in the Debian website. This version fixes the bug in parsing which
makes it work again.

[ Impact ]
If the unblock is not implemented users will not be able to use netselect-apt

[ Tests ]
I have run manually tests in my unstable system to confi

[ Risks ]
The change is very simple. This is a package which is used by a small number of
users. 

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock netselect/0.3.ds1-29

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 5.10.0-1-686-pae (SMP w/4 CPU threads)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru netselect-0.3.ds1/debian/changelog netselect-0.3.ds1/debian/changelog
--- netselect-0.3.ds1/debian/changelog  2021-07-05 00:14:53.0 +0200
+++ netselect-0.3.ds1/debian/changelog  2021-07-04 23:04:35.0 +0200
@@ -1,3 +1,14 @@
+netselect (0.3.ds1-29) unstable; urgency=high
+
+  * netselect-apt:
+- Fix bug that makes it output some hosts with negative value (Closes: 
920907)
+- Fix bug in the Pelr parsing which prevented it from processing properly
+  the mirrors listed in the Debian website (Closes: 989674)
+  * debian/control: Move curl to depends as it is required by netselect-apt
+   (Closes: 788793)
+
+ -- Javier Fernández-Sanguino Peña   Sun, 04 Jul 2021 
23:04:35 +0200
+
 netselect (0.3.ds1-28) unstable; urgency=medium
 
   * Use debhelper files properly to relocation binaries and
diff -Nru netselect-0.3.ds1/debian/control netselect-0.3.ds1/debian/control
--- netselect-0.3.ds1/debian/control2021-07-05 00:14:53.0 +0200
+++ netselect-0.3.ds1/debian/control2021-07-04 23:04:35.0 +0200
@@ -22,8 +22,7 @@
 
 Package: netselect-apt
 Architecture: all
-Depends: wget, netselect (>= 0.3.ds1-17), ${misc:Depends}
-Recommends: curl
+Depends: wget, netselect (>= 0.3.ds1-17), curl, ${misc:Depends}
 Enhances: apt
 Suggests: dpkg-dev
 Description: speed tester for choosing a fast Debian mirror
diff -Nru netselect-0.3.ds1/netselect-apt netselect-0.3.ds1/netselect-apt
--- netselect-0.3.ds1/netselect-apt 2021-07-05 00:14:53.0 +0200
+++ netselect-0.3.ds1/netselect-apt 2021-07-04 23:04:35.0 +0200
@@ -35,7 +35,7 @@
 # Default distribution
 distro="stable"
 # Default protocol
-protocol="HTTP"
+protocol="http"
 # Number of fastest hosts that will be validated
 test_hosts="10"
 # URL where the mirror list is retrieved from 
@@ -120,7 +120,7 @@
 
 # Second test: do we have the test file we are looking for?
 [ -n "$DEBUG" ] && log "DEBUG: Checking if the file '$test_file' is 
available in site"
-temp=`tempfile`
+temp=`mktemp`
 [ ! -e "$temp" ] && return 0 # Return without error if we cannot create
  # a temporary file
 curl -m 2 -q -s "$host/$test_file"  >$temp 2>&1
@@ -156,12 +156,14 @@
SEARCH="$1"
PROTO="$2"
 hosts=$(cat "$infile" \
-   | perl -n -e '
+   | perl -n -e '
+use warnings;
+use strict;
$/="";
-$country_name  = ".*";
-$country_iso  = "..";
-$country = "'"$country"'";
-$my_country = 1;
+my $country_name  = ".*";
+my $country_iso  = "..";
+my $country = "'"$country"'";
+my $my_country = 1;
 if ( $country ne "" ) {
   $my_country = 0;
   if ( $country =~ /^\w{2}$/ ) {
@@ -184,7 +186,7 @@
next if $_ !~ /Site:/;
if( ( /Includes architectures:.+'"$arch"'.+/i ||
$_ !~ /Includes architectures:/ 
) &&
-   
m@'"$SEARCH"':.*@i && $my_country == 1
+   
m@'"$SEARCH"':.*@i && $my_country == 1
){
print("$1\n");

Bug#989425: unblock: libpam-chroot/0.9-5

[Javier Fernández-Sanguino Peña]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package libpam-chroot

[ Reason ]
This version includes fixes to build properly the package including:
- Installing the PAM module in the correct location (#980047)
- Supporting cross bulding of source (949080)
- Document that libpam-chroot is not recommended to be used with OpenSSH as it
  is difficult to setup and there are better alternatives (527564)

[ Impact ]
Users cannot use the package as it is as the pam_chroot library is not
installed in the correct location.

Users trying to follow the instructions in the README file to setup OpenSSH
will end up with a non-working setup.

If the unblock is not granted this is not, however, a major issue as not many
users use this package and chroot functionalities are, in general, not that
much used anymore as people have in general now moved to containers.

[ Tests ]
Tested locally in the developer's machine.

[ Risks ]
Very low risk changes introduced in the package.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing


unblock libpam-chroot/0.9-5


Thank you for your support,

Javier
diff -u libpam-chroot-0.9/Makefile libpam-chroot-0.9/Makefile
--- libpam-chroot-0.9/Makefile
+++ libpam-chroot-0.9/Makefile
@@ -5,6 +5,8 @@
 CPPFLAGS=-I.
 LDFLAGS=-shared
 DESTDIR=/
+LIBDIR=$(DESTDIR)/lib/security
+INSTALL?=install
 
 OUT=pam_chroot.so
 CONF=chroot.conf
@@ -20,3 +22,3 @@
 install:
-   install -s -o0 -g0 -m755 $(OUT) $(DESTDIR)/lib/security
+   $(INSTALL) -s -o0 -g0 -m755 $(OUT) $(LIBDIR)
install -m640 $(CONF) $(DESTDIR)/etc/security
diff -u libpam-chroot-0.9/debian/README.Debian 
libpam-chroot-0.9/debian/README.Debian
--- libpam-chroot-0.9/debian/README.Debian
+++ libpam-chroot-0.9/debian/README.Debian
@@ -73,15 +73,22 @@
 Setting up OpenSSH with libpam-chroot
 -
 
+!!! WARNING !!
 NOTE: OpenSSH supports, since the 4.9 release, the definition of
 chrooted enviroments. For more information see the 'ChrootDirectory'
-directive in sshd_config (5).
+directive in sshd_config (5). 
+
+Setting up OpenSSH libpam-chroot is *not* recommended and most likely will not
+work. The following information is provided for those users that want to tinker
+with pam-chroot and SSH.
+
+ WARNING !!
 
 
 Many systems want to setup a restricted remote access to a system in
 which users are confined to their user directories, but are unable to
-"see" the whole system. If you want to develop this using OpenSSH you
-will need to:
+"see" the whole system. If you want to develop this using OpenSSH 
+and libpam-chroot you will need to:
 
 0) Setup a chroot environment for your users. Make sure that
 environment includes the standard tools they will need (like their
@@ -147,7 +154,29 @@
 pam-chroot at all.
 
+4) In order for chroots to work with newer OpenSSH versions the chroot
+directory of a user needs to include both the /proc filesystem and
+the /dev/pts
+
+- If /proc is not mounted in the chroot, SSH access will be interrupted
+  with the message:
+
+  Connection reset by peer
+  Connection to  closed.
+
+  To mount /proc do the following:
+  mount -t proc /proc /proc
+
+- If /dev/pts is not mounted, the SSH login will freeze after
+  authentication with the message:
+
+ PTY allocation request failed on channel 0
+
+  To mount /dev do the following:
+  mount --rbind /dev /dev
+
+
  --
  Javier Fernandez-Sanguino 
- Wed, 27 Oct 2010 02:01:26 +0200
+ Thu, 03 Jun 2021 13:26:58 +0200
 
 
diff -u libpam-chroot-0.9/debian/changelog libpam-chroot-0.9/debian/changelog
--- libpam-chroot-0.9/debian/changelog
+++ libpam-chroot-0.9/debian/changelog
@@ -1,3 +1,19 @@
+libpam-chroot (0.9-5) unstable; urgency=high
+
+  * debian/rules: Install the PAM module in the right location 
+(Closes: #980047)
+  * Fix FTCBFS: (Closes: #949080, #437385)
++ Let dh_auto_build pass cross tools to make.
++ Make install substitutable.
++ Pass a non-stripping install to make install.
+Thanks Helmut Grohne for the patch
+  * debian/README.Debian: discourage users from using this module with
+OpenSSH as this feature is available already in the daemon (see option
+ChrootDirectory) and the setup might not work due to changes in OpenSSH
+(Closes: #527564)
+
+ -- Javier Fernandez-Sanguino Pen~a   Thu, 03 Jun 2021 
12:57:43 +0200
+
 libpam-chroot (0.9-4.3) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -u libpam-chroot-0.9/debian/dirs libpam-chroot-0.9/debian/dirs
--- libpam-chroot-0.9/debian/dirs
+++ libpam-chroot-0.9/debian/dirs
@@ -1,2 +1 @@
 etc/security
-lib/security
diff -u libpam-chroot-0.9/debian/rules 

Bug#989412: unblock: ifupdown-extra/0.32

[Javier Fernández-Sanguino Peña]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ifupdown-extra

[ Reason ]

There is a bug (#987310) in the package in testing which prevents the
static-routes script (/etc/network/if-up.d/20static-routes) from working
properly when the package is configured to include them.

I have also taken the opportunity to:
- fix the script so it exits gracefully if called directly (i.e.
  when the interface to act on is not set)
- fix the script so that the 'status' check works properly when the gateways
  have a defined name in the /etc/hosts
- update the documentation (README) to warn users about the behaviour of one
  script.

[ Impact ]

If the package is not unblocked users installing this package and trying to set
static routes will have their routes added to the 'blackhole' configuration
instead.

[ Tests ]
Tested locally in developer's machine with different configuration variations. 
The script runs as expected (adding, removing and checking the status
of routes added in /etc/network/routes

[ Risks ]
Changes in the package are trivial, there is very low risk

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock ifupdown-extra/0.32

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 5.10.0-1-686-pae (SMP w/4 CPU threads)
Locale: LANG=es_ES.utf8, LC_CTYPE=es_ES.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru ifupdown-extra-0.31/debian/changelog 
ifupdown-extra-0.32/debian/changelog
--- ifupdown-extra-0.31/debian/changelog2020-09-19 09:09:41.0 
+0200
+++ ifupdown-extra-0.32/debian/changelog2021-06-03 08:13:30.0 
+0200
@@ -1,3 +1,16 @@
+ifupdown-extra (0.32) unstable; urgency=high
+
+  * if-up-scripts/static-routes:
+ - Fix syntax error in script which causes routes added to be converted
+   into "blackhole" routes (Closes: 987310)
+ - Fail properly if the inteface (IFACE) is not defined when the script
+   is called
+ - Use route -n instead of 'route' to properly identify status of routes
+   when the gateways are in the hosts file
+  * debian/README: Describe caveats related to network link tests
+
+ -- Javier Fernández-Sanguino Peña   Thu, 03 Jun 2021 
08:13:30 +0200
+
 ifupdown-extra (0.31) unstable; urgency=medium
 
   * Fix some network scripts to adapt to the naming scheme introduced 
diff -Nru ifupdown-extra-0.31/debian/README ifupdown-extra-0.32/debian/README
--- ifupdown-extra-0.31/debian/README   2020-09-19 09:09:37.0 +0200
+++ ifupdown-extra-0.32/debian/README   2021-06-03 08:13:30.0 +0200
@@ -16,8 +16,12 @@
 submit it as a bug report to the package.
 
 
-Known limitations
-
+Known limitations:
+--
+
+---
+Interface names
+---
 
 Starting with v197, systemd/udev creates predictable network interface names
 for all local Ethernet, WLAN and WWAN interfaces. However, system
@@ -42,6 +46,22 @@
 systemd.net-naming scheme: 
https://www.freedesktop.org/software/systemd/man/systemd.net-naming-scheme.html
 
 
+--
+Network link checks
+--
+
+The script that tests the network link is run inmediately after an interface is
+administratively configured up. However, the underlying hardware sometime it
+takes some time to establish and negotiate a link. This is heavily dependant on
+the hardware itself and the system it is connected to (e.g. if auto negotiation
+of an interface is enabled or the duplex/mode are forced in the interface). 
+
+Due to this time interval for the link to fully stablise it is possible that
+the check-network-cable might generate false negative error messages on
+systems. 
+
+If this is your case, you are encourage to disable the script by editing
+/etc/default/network-test and changing the variable DO_CABLETEST to 'no'
 
 --
 Javier Fernández-Sanguino
diff -Nru ifupdown-extra-0.31/if-up-scripts/static-routes 
ifupdown-extra-0.32/if-up-scripts/static-routes
--- ifupdown-extra-0.31/if-up-scripts/static-routes 2020-08-15 
01:30:37.0 +0200
+++ ifupdown-extra-0.32/if-up-scripts/static-routes 2021-06-03 
08:13:30.0 +0200
@@ -51,6 +51,11 @@
 # Default value
 VERBOSITY=${VERBOSITY:-0}
 
+[ "$IFACE" ] || {
+$OUTPUT "ERROR: Variable IFACE not set in environment"
+exit 1
+}
+
 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901612
 if [ ${IFACE} = "--all" ]; then IFACE="[[:alnum:]]+"; fi
 
@@ -80,7 +85,7 @@
cat $ROUTEFILE | egrep "^[^#].*[[:space:]]${IFACE}[[:space:]]*$" | 
while read network netmask gateway interface ; do

Bug#986908: unblock: snort 2.9.15.1-5

[Javier Fernández-Sanguino Peña]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hello,

Could it be possible to unblock snort 2.9.15.1-5? 

[Reason]

This version fixes a RC bug (#984614) that generated a dpkg prompt when users
where upgrading from older versions. It also fixes three additional bugs:

- a bug that prevents Snort log files from being rotated properly (discovered
  during testing, not reported in BTS)
- a bug fixing issues when building the package (LP: #1906572)
- a bug fixing parsing of network packets (633066)

[ Impact ] 

There is minimal impact by the above changes.

[ Tests ]

Package upgrades/downgrades have been tested in several chroots and the 
bugs are confirmed as fixed.

[ Risks ]

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing


[ Other info ]

Hopefully this request can be accepted! 

unblock snort/2.9.15.1-5


Best regards

Javier

$ debdiff snort_2.9.15.1-4_i386.deb snort_2.9.15.1-5_i386.deb
File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

Depends: snort-common-libraries (>= [-2.9.15.1-4),-] {+2.9.15.1-5),+} 
snort-rules-default (>= [-2.9.15.1-4),-] {+2.9.15.1-5),+} snort-common (>= 
[-2.9.15.1-4),-] {+2.9.15.1-5),+} debconf (>= 0.5) | debconf-2.0, rsyslog | 
system-log-daemon, logrotate, net-tools, lsb-base, libc6 (>= 2.30), libdaq2 (>= 
2.0.7), libdumbnet1 (>= 1.8), liblzma5 (>= 5.1.1alpha+20120614), 
libnetfilter-queue1, libnghttp2-14 (>= 1.5.0), libpcap0.8 (>= 1.0.0), libpcre3, 
libssl1.1 (>= 1.1.0), zlib1g (>= 1:1.1.4)
Version: [-2.9.15.1-4-] {+2.9.15.1-5+}

$ debdiff snort-common_2.9.15.1-4_all.deb snort-common_2.9.15.1-5_all.deb 
File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

Conflicts: snort (<< [-2.9.15.1-4)-] {+2.9.15.1-5)+}
Installed-Size: [-519-] {+522+}
Pre-Depends: adduser (>= [-3.11)-] {+3.11), dpkg (>= 1.17.14)+}
Version: [-2.9.15.1-4-] {+2.9.15.1-5+}

$ debdiff snort-rules-default_2.9.15.1-4_all.deb 
snort-rules-default_2.9.15.1-5_all.deb 
File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

Version: [-2.9.15.1-4-] {+2.9.15.1-5+}

$ debdiff snort-doc_2.9.15.1-4_all.deb snort-doc_2.9.15.1-5_all.deb
File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

Version: [-2.9.15.1-4-] {+2.9.15.1-5+}

$ debdiff snort-common-libraries_2.9.15.1-4_i386.deb  
snort-common-libraries_2.9.15.1-5_i386.deb 
[The following lists of changes regard files as different if they have
different names, permissions or owners.]

Files in second .deb but not in first
-
-rw-r--r--  root/root   
/usr/lib/debug/.build-id/39/3558c32ca8d48f3de5673db0496869cb112938.debug
-rw-r--r--  root/root   
/usr/lib/debug/.build-id/40/e94d0baaefe540c618da94eb888f032c5a1f79.debug
-rw-r--r--  root/root   
/usr/lib/debug/.build-id/c6/49b10979e88a857a4e42b1f78b5c9352a094a3.debug
-rw-r--r--  root/root   
/usr/lib/debug/.build-id/c6/61fc7794c21ed0211a17cf762d1e62f9ff618f.debug
-rw-r--r--  root/root   
/usr/lib/debug/.build-id/cf/523d1c167cb54f099cce54ecd8ddc37ca53e09.debug

Files in first .deb but not in second
-
-rw-r--r--  root/root   
/usr/lib/debug/.build-id/34/c8e8ca361a44fdaa05ca46235585f7342d8999.debug
-rw-r--r--  root/root   
/usr/lib/debug/.build-id/78/5f93750fd367fa5b29b45a8a31347224722498.debug
-rw-r--r--  root/root   
/usr/lib/debug/.build-id/d4/e19c810ddefba362805ecb2f24bfbd064c2367.debug
-rw-r--r--  root/root   
/usr/lib/debug/.build-id/ea/2ad91c60e90e48f59ed33e31b2be14b26f425e.debug
-rw-r--r--  root/root   
/usr/lib/debug/.build-id/ff/24c75759a1335e9247f00279ded2ea0fd03c8f.debug

Control files: lines which differ (wdiff format)

Build-Ids: [-34c8e8ca361a44fdaa05ca46235585f7342d8999 
785f93750fd367fa5b29b45a8a31347224722498 
d4e19c810ddefba362805ecb2f24bfbd064c2367 
ea2ad91c60e90e48f59ed33e31b2be14b26f425e 
ff24c75759a1335e9247f00279ded2ea0fd03c8f-] 
{+393558c32ca8d48f3de5673db0496869cb112938 
40e94d0baaefe540c618da94eb888f032c5a1f79 
c649b10979e88a857a4e42b1f78b5c9352a094a3 
c661fc7794c21ed0211a17cf762d1e62f9ff618f 
cf523d1c167cb54f099cce54ecd8ddc37ca53e09+}
Depends: snort (= [-2.9.15.1-4)-] {+2.9.15.1-5)+}
Installed-Size: [-2309-] {+2308+}
Version: [-2.9.15.1-4-] {+2.9.15.1-5+}

$ debdiff snort-common-libraries_2.9.15.1-4_i386.deb  
snort-common-libraries_2.9.15.1-5_i386.deb 
File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

Installed-Size: [-4832-] {+5027+}

Bug#984736: RFH: cron -- new maintainer need

[Javier Fernández-Sanguino Peña]

Package: wnpp
Version: N/A; reported 2021-07-03
Severity: wishlist

A new an active maintainer is required for the cron package. Cron is a basic
system utility that runs programs periodically in the system, it is used by
multitude of packages and is part of the core OS debian tools.

The package is maintained in Salsa (https://salsa.debian.org/debian/cron).

I picked up the package in 2005 and have been trying to maintain it and fix
bugs in it and keep it more or less current. In 2014, Christian Kastner
joined as co-maintainer and has been done the bulk of the job in mantaining /
improving it. He recently did a fantastic job in converting the package to
3.0 (quilt).  

He also provided its replacement, cronie, in experimental (package available
at https://salsa.debian.org/debian/cronie, upstream available at
https://github.com/cronie-crond/cronie)

Cron has been dead for years upstream, Debian still uses it instead of Cronie
as over the years the package has received many changes that are
Debian-specific.

Ideally a maintainer willing to help cron move forward would support the next
major task to be done: moving the Debian-specific patches into cronie and 
providing an updated package for cronie replacement that can eventually
replace cron.

Please contact the current maintainer if you can help in maintaining and
improving cron.

Best regards,

Javier Fernández-Sanguino


signature.asc
Description: PGP signature

Bug#984734: RM: manpages-es-extra -- ROM;abandoned upstream

[Javier Fernández-Sanguino Peña]

Package: ftp.debian.org
Severity: normal

The manpages-es-extra package only contains outdated manpages as the upstream
project (PAMELI) has been dead now for many, many years (since 2005). 
It does not make any more sense to distribute this package as there is no
real way to identify which manpages are still valid


Please remove this package so the extra manpages for the Spanish language can
be provided by the manpages-l10n package (which already provides
'manpages-es'). This new package introduces a gettext (PO-based) system which
will make it possible to provide manpages in Spanish highlighting which
content is not up to date.

Thank you for your help,

Javier Fernández-Sanguino


signature.asc
Description: PGP signature

Bug#981479: Sysvinit: Updated Spanish debconf template translation

[Javier Fernández-Sanguino Peña]

Package: sysvinit
Version: 2.96-5
Priority: wishlist
Tags: l10n patch

Dear maintainer,

Please find attached an updated debconf translation for your package. 

Thank you for including it in your next package upload.

Best regards,

Javier Fernández-Sanguino
# sysvinit po-debconf translation to Spanish
# Copyright (C) 2009 Software in the Public Interest
# This file is distributed under the same license as the sysvinit package.
#
# Changes:
#   - Initial translation
#   Francisco Javier Cuadrado , 2009
#   - Translation update
#   Javier Fernández-Sanguino , 2012, 2020
#
# Traductores, si no conocen el formato PO, merece la pena leer la
# documentación de gettext, especialmente las secciones dedicadas a este
# formato, por ejemplo ejecutando:
#   info -n '(gettext)PO Files'
#   info -n '(gettext)Header Entry'
#
# Equipo de traducción al español, por favor lean antes de traducir
# los siguientes documentos:
#
#   - El proyecto de traducción de Debian al español
# http://www.debian.org/intl/spanish/
# especialmente las notas y normas de traducción en
# http://www.debian.org/intl/spanish/notas
#
#   - La guía de traducción de po's de debconf:
# /usr/share/doc/po-debconf/README-trans
# o http://www.debian.org/intl/l10n/po-debconf/README-trans
#
msgid ""
msgstr ""
"Project-Id-Version: sysvinit 2.87dsf-5\n"
"Report-Msgid-Bugs-To: sysvi...@packages.debian.org\n"
"POT-Creation-Date: 2018-10-26 08:14+\n"
"PO-Revision-Date: 2021-01-31 19:43+0100\n"
"Last-Translator: Javier Fernández-Sanguino \n"
"Language-Team: Debian l10n Spanish \n"
"Language: es\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-POFile-SpellExtra: sysv dpkg SUGGESTION rc libexec console inittab\n"
"X-POFile-SpellExtra: sysvinit getty new old Hurd hurd\n"

#. Type: boolean
#. Description
#: ../sysvinit-core.templates:1001
msgid "Update getty pathnames and add hurd-console?"
msgstr "¿Actualizar las rutas de getty y añadir «hurd-console»?"

#. Type: boolean
#. Description
#: ../sysvinit-core.templates:1001
msgid ""
"Your /etc/inittab seems to use /libexec/getty as getty and/or to miss hurd-"
"console entry. The default inittab has been changed, however your /etc/"
"inittab has been modified. Note that sysvinit has not been used to boot an "
"Hurd system for long, so any errors in that file would not have shown up "
"earlier."
msgstr "Su «/etc/inittab» parece que utiliza /libexec/getty como getty y/o no 
tiene la entrada «hurd-console». El fichero «inittab» por omisión ha cambiado, 
pero su «/etc/inittab» no se ha modificado. Tenga en cuenta que sysvinit no se 
ha utilizado para arrancar un sistema Hurd desde hace mucho, por lo que los 
problemas en ese fichero no se podían haber mostrado antes."

#. Type: boolean
#. Description
#: ../sysvinit-core.templates:1001
msgid ""
"If you allow this change, a backup will be stored in /etc/inittab.dpkg-old."
msgstr "Se guardará una copia de seguridad del fichero en 
«/etc/inittab.dpkg-old» si permite que se realice este cambio."

#. Type: boolean
#. Description
#: ../sysvinit-core.templates:1001
msgid ""
"If you don't allow this change, an updated inittab will be written to /etc/"
"inittab.dpkg-new. Please review the changes and update your /etc/inittab "
"accordingly."
msgstr "Si no quiere hacer esta modificación, se generará un fichero inittab 
actualizado en «/etc/inittab.dpkg-new». Revise los cambios y actualice su 
fichero «/etc/inittab» como sea necesario."

#~ msgid "Unable to migrate to dependency-based boot system"
#~ msgstr ""
#~ "No se ha podido migrar al sistema de arranque basado en dependencias"

#~ msgid ""
#~ "Problems in the boot system exist which are preventing migration to "
#~ "dependency-based boot sequencing:"
#~ msgstr ""
#~ "Existen los siguientes problemas en el sistema de arranque que impiden la "
#~ "migración a la secuencia de arranque basada en dependencias:"

#~ msgid ""
#~ "If the reported problem is a local modification, it needs to be fixed "
#~ "manually.  These are typically due to obsolete conffiles being left after "
#~ "a package has been removed, but not purged.  It is suggested that these "
#~ "are removed by running:"
#~ msgstr ""
#~ "Debe solucionar manualmente el problema reportado si se trata de una "
#~ "modificación local. Habitualmente estos problemas se deben a ficheros de "
#~ "configuración obsoletos que se mantienen tras haber borrado, pero no "
#~ "purgado, un paquete. Se sugiere eliminar éstos ejecutando:"

#~ msgid "${SUGGESTION}"
#~ msgstr "${SUGGESTION}"

#~ msgid ""
#~ "Package installation can not continue until the above problems have been "
#~ "fixed.  To reattempt the migration process after these problems have been "
#~ "fixed, run \"dpkg --configure sysv-rc\"."
#~ msgstr ""
#~ "El paquete de instalación no puede continuar hasta que los problemas se "
#~ "hayan arreglado. Para reintentar el proceso de migración una vez estos "
#~ "problemas se hayan 

Bug#981478: tasksel: Updated Spanish debconf template translation

[Javier Fernández-Sanguino Peña]

Package: tasksel
Version: 3.63
Severity: wishlist
Tags: l10n patch

Dear maintainer,

Please find attached an updated Spanish debconf template translation for
your package.

Thank you for including it in your next package upload.

Best regards


Javier Fernández-Sanguino



#
# Spanish translation for tasksel/debian
# Copyright (C) 2000-2020 Software in the Public Interest, Inc.
#
# Translated by Javier Fernandez-Sanguino 
msgid ""
msgstr ""
"Project-Id-Version: tasksel 2.04\n"
"Report-Msgid-Bugs-To: task...@packages.debian.org\n"
"POT-Creation-Date: 2018-05-23 01:37+0200\n"
"PO-Revision-Date: 2021-01-31 19:26+0100\n"
"Last-Translator: Javier Fernandez-Sanguino \n"
"Language-Team: Debian Spanish Team \n"
"Language: es\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=iso-8859-1\n"
"Content-Transfer-Encoding: 8-bit\n"

#. Type: multiselect
#. Description
#. Type: multiselect
#. Description
#: ../templates:1001 ../templates:2001
msgid "Choose software to install:"
msgstr "Elegir los programas a instalar:"

#. Type: multiselect
#. Description
#: ../templates:1001
msgid ""
"At the moment, only the core of the system is installed. To tune the system "
"to your needs, you can choose to install one or more of the following "
"predefined collections of software."
msgstr ""
"De momento s�lo est� instalado el sistema b�sico. Puede escoger la "
"instalaci�n de las siguientes colecciones predefinidas de programas para "
"adaptar m�s la instalaci�n a sus necesidades."

#. Type: multiselect
#. Description
#: ../templates:2001
msgid ""
"You can choose to install one or more of the following predefined "
"collections of software."
msgstr ""
"Puede elegir instalar una o m�s de las siguientes colecciones de programas "
"predefinidas."

#. Type: multiselect
#. Description
#: ../templates:3001
msgid "This can be preseeded to override the default desktop."
msgstr "Esto puede ser preconfigurado para anular el escritorio por omisi�n."

#. Type: title
#. Description
#: ../templates:4001
msgid "Software selection"
msgstr "Selecci�n de programas"

#~ msgid "${ORIGCHOICES}"
#~ msgstr "${CHOICES}"

#~ msgid "${CHOICES}, manual package selection"
#~ msgstr "${CHOICES}, selecci�n manual de paquetes"


signature.asc
Description: PGP signature

Bug#916892: [l10n] Updated Spanish translation for d-i

[Javier Fernández-Sanguino Peña]

Package: debian-instaler
Version: 20181220
Tags: l10n patch

Please update the d-i in Salsa with the attached updated Spanish translation
(for level 1 and level 3).

Best regards

Javier Fernández-Sanguino
diff --git a/packages/po/sublevel1/es.po b/packages/po/sublevel1/es.po
index 1c77cdfc12..5bb2d2bc2e 100644
--- a/packages/po/sublevel1/es.po
+++ b/packages/po/sublevel1/es.po
@@ -1,5 +1,5 @@
 # Spanish messages for debian-installer.
-# Copyright (C) 2003-2007 Software in the Public Interest, Inc.
+# Copyright (C) 2003-2018 Software in the Public Interest, Inc.
 # This file is distributed under the same license as debian-installer.
 #
 # Contributors to the translation of debian-installer:
@@ -12,7 +12,7 @@
 # Enrique Matias Sanchez (aka Quique) , 2005
 # Rubén Porras Campo , 2005
 # Omar Campagne , 2010
-# Javier Fernández-Sanguino , 2003-2012, 2014-2017
+# Javier Fernández-Sanguino , 2003-2012, 2014-2018
 #
 # Equipo de traducción al español, por favor lean antes de traducir
 # los siguientes documentos:
@@ -54,7 +54,7 @@ msgstr ""
 "Project-Id-Version: debian-installer\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: \n"
-"PO-Revision-Date: 2017-11-26 22:38+0100\n"
+"PO-Revision-Date: 2018-12-19 23:44+0100\n"
 "Last-Translator: Javier Fernández-Sanguino \n"
 "Language-Team:  Debian Spanish \n"
 "Language: es\n"
@@ -997,21 +997,11 @@ msgstr ""
 #. Type: select
 #. Description
 #: ../pkgsel.templates:9002
-#, fuzzy
-#| msgid ""
-#| "By default, security updates are automatically installed by the "
-#| "unattended-upgrades package. Alternatively, you can opt-out from this "
-#| "system and apply updates manually using standard package management tools."
 msgid ""
 "By default, security updates are not automatically installed, as security "
 "advisories should be reviewed before manual installation of the updates "
 "using standard package management tools."
-msgstr ""
-"Por omisión, las actualizaciones de seguridad se instalan automáticamente "
-"mediante el paquete «unattended-upgrades» («actualizaciones desatendidas», "
-"N. del T.). También puede optar no utilizar este sistema y aplicar "
-"actualizaciones manualmente usando las herramientas de gestión de paquetes "
-"estándar."
+msgstr "Por omisión, las actualizaciones de seguridad no se instalan automáticamente. Deben revisarse los avisos de seguridad antes de instalar manualmente estas actualizaciones usando las herramientas de gestión de paquetes estándar."
 
 #. Type: select
 #. Description
@@ -1023,7 +1013,7 @@ msgid ""
 "services provided by this machine in the rare cases where the update is not "
 "fully backward-compatible, or where the security advisory requires the "
 "administrator to perform some other manual operation."
-msgstr ""
+msgstr "Alternativamente, puede instalar el paquete el paquete «unattended-upgrades» («actualizaciones desatendidas», N. del T.), que instalará las actualizaciones automáticamente. Debe tener en cuenta que las instalaciones automáticas de actualizaciones podrían ocasionar la indisponibilidad de servicios ofrecidos por este sistema en aquellos raros casos en los que las actualizaciones no sean compatibles hacia atrás, o cuando una actualización de seguridad requiere que el administrador realice alguna operación manual."
 
 #. Type: text
 #. Description
diff --git a/packages/po/sublevel3/es.po b/packages/po/sublevel3/es.po
index f1592b2ff3..996e35c27b 100644
--- a/packages/po/sublevel3/es.po
+++ b/packages/po/sublevel3/es.po
@@ -1,5 +1,5 @@
 # Spanish messages for debian-installer.
-# Copyright (C) 2003-2007 Software in the Public Interest, Inc.
+# Copyright (C) 2003-2018 Software in the Public Interest, Inc.
 # This file is distributed under the same license as debian-installer.
 #
 # Contributors to the translation of debian-installer:
@@ -12,7 +12,7 @@
 # Enrique Matias Sanchez (aka Quique) , 2005
 # Rubén Porras Campo , 2005
 # Omar Campagne Polaino , 2010
-# Javier Fernández-Sanguino , 2003-2012, 2014, 2017
+# Javier Fernández-Sanguino , 2003-2012, 2014, 2018
 #
 # Equipo de traducción al español, por favor lean antes de traducir
 # los siguientes documentos:
@@ -45,7 +45,7 @@ msgstr ""
 "Project-Id-Version: debian-installer\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: \n"
-"PO-Revision-Date: 2017-04-07 16:50+0200\n"
+"PO-Revision-Date: 2018-12-19 23:49+0100\n"
 "Last-Translator: Javier Fernández-Sanguino \n"
 "Language-Team:  Debian Spanish \n"
 "Language: es\n"
@@ -164,10 +164,8 @@ msgstr "# Cirílico - lenguas no Eslavas"
 #. Choices
 #. :sl3:
 #: ../console-setup.templates:5001
-#, fuzzy
-#| msgid "# Cyrillic - non-Slavic languages"
 msgid ". Cyrillic - non-Slavic languages (for blind users)"
-msgstr "# Cirílico - lenguas no Eslavas"
+msgstr ". Cirílico - lenguas no Eslavas (para usuarios invidentes)"
 
 #. Type: select
 #. Choices
@@ -180,10 +178,8 @@ msgstr "# Cirílico - Lenguas Eslavas (también el Latino Serbio y Bosnio)"
 #. Choices
 #. :sl3:
 #: ../console-setup.templates:5001
-#, fuzzy

Bug#892793: stretch-pu: package cron/128+deb9u2

[Javier Fernández-Sanguino Peña]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

 Fix bugs in cron that prevents it from working properly in environments
 where centralised user databases are used (e.g. LDAP, Windows AD).

 The changes introduce a dependency in the init.d file (for sssd) and in
 the service unit file to ensure that cron is started after these services
 are operative.

 Please review and, if possible, accept this version for stretch.

 Best regards


 Javier Fernandez-Sanguino




diff -u cron-3.0pl1/debian/changelog cron-3.0pl1/debian/changelog
--- cron-3.0pl1/debian/changelog
+++ cron-3.0pl1/debian/changelog
@@ -1,3 +1,17 @@
+cron (3.0pl1-128+deb9u2) stretch; urgency=medium
+
+  * debian/cron.init: Add sssd to the services that should be started/stopped
+before/after cron
+  * debian/cron.service: Add a dependency on remote-fs.target (Closes: #815088)
+  * debian/cron.service: Add dependency on nss-user-lookup.target in the
+definition which properly fixes the issues when cron is started
+before centralised user repositories are available (e.g. LDAP
+or Active Directory). This should avoid errors in syslog similar to
+the following: "crond[PID]: (CRON) bad username (/etc/cron.d/JOBNAME)"
+(Closes: #767016, #801384, #783665) (LP: #1593317)
+
+ -- Javier Fernández-Sanguino Peña <j...@debian.org>  Sun, 11 Mar 2018 22:32:18 +0100
+
 cron (3.0pl1-128+deb9u1) stretch; urgency=medium
 
   * Non-maintainer upload.
diff -u cron-3.0pl1/debian/cron.init cron-3.0pl1/debian/cron.init
--- cron-3.0pl1/debian/cron.init
+++ cron-3.0pl1/debian/cron.init
@@ -5,8 +5,8 @@
 # Provides:  cron
 # Required-Start:$remote_fs $syslog $time
 # Required-Stop: $remote_fs $syslog $time
-# Should-Start:  $network $named slapd autofs ypbind nscd nslcd winbind
-# Should-Stop:   $network $named slapd autofs ypbind nscd nslcd winbind
+# Should-Start:  $network $named slapd autofs ypbind nscd nslcd winbind sssd
+# Should-Stop:   $network $named slapd autofs ypbind nscd nslcd winbind sssd
 # Default-Start: 2 3 4 5
 # Default-Stop:
 # Short-Description: Regular background program processing daemon
diff -u cron-3.0pl1/debian/cron.service cron-3.0pl1/debian/cron.service
--- cron-3.0pl1/debian/cron.service
+++ cron-3.0pl1/debian/cron.service
@@ -1,6 +1,7 @@
 [Unit]
 Description=Regular background program processing daemon
 Documentation=man:cron(8)
+After=remote-fs.target nss-user-lookup.target
 
 [Service]
 EnvironmentFile=-/etc/default/cron


signature.asc
Description: PGP signature

Bug#823099: mariadb-10.0: Updated Spanish PO translation

[Javier Fernández-Sanguino Peña]

Package: mariadb-10.0
Version: 10.0.24-7
Priority: wishlist
Tags: l10n

Please find attached an updated translation of this package into Spanish.

I would appreciate if you include it in your next package upload.

Thanks

Javier
# mariadb translation to spanish
# Copyright (C) 2005-2016 Software in the Public Interest, SPI Inc.
# This file is distributed under the same license as the mariadb package.
#
# Changes:
# - Initial translation
#   Jesus Aneiros, 2006
# - Updated
#   Javier Fernandez-Sanguino, 2006-2007, 2012, 2016
# - Revision
#   Nacho Barrientos Arias
#   Fernando Cerezal
#   David Martínez Moreno
#   Ricardo Mones
#   Carlos Galisteo
#   Javier Fernandez-Sanguino
#
#
#  Traductores, si no conoce el formato PO, merece la pena leer la 
#  documentación de gettext, especialmente las secciones dedicadas a este
#  formato, por ejemplo ejecutando:
# info -n '(gettext)PO Files'
# info -n '(gettext)Header Entry'
#
# Equipo de traducción al español, por favor lean antes de traducir
# los siguientes documentos:
#
# - El proyecto de traducción de Debian al español
#   http://www.debian.org/intl/spanish/
#   especialmente las notas y normas de traducción en
#   http://www.debian.org/intl/spanish/notas
#
# - La guía de traducción de po's de debconf:
#   /usr/share/doc/po-debconf/README-trans
#   o http://www.debian.org/intl/l10n/po-debconf/README-trans
#
# Si tiene dudas o consultas sobre esta traducción consulte con el último
# traductor (campo Last-Translator) y ponga en copia a la lista de
# traducción de Debian al español ()
msgid ""
msgstr ""
"Project-Id-Version: mysql-dfsg-5.1_5.0.24-3\n"
"Report-Msgid-Bugs-To: mariadb-1...@packages.debian.org\n"
"POT-Creation-Date: 2016-04-13 11:44+0300\n"
"PO-Revision-Date: 2016-04-30 21:26+0200\n"
"Last-Translator: Javier Fernández-Sanguino \n"
"Language-Team: Debian l10 Spanish \n"
"Language: Spanish\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-POFile-SpellExtra: YP mariadb lib ej server flag mysqldump mysql var NIS\n"
"X-POFile-SpellExtra: MariaDB\n"

#. Type: note
#. Description
#: ../mariadb-server-10.0.templates:2001
msgid "The old data directory will be saved at new location."
msgstr "Se guardará el directorio antiguo de datos a la nueva ubicación."

#. Type: note
#. Description
#: ../mariadb-server-10.0.templates:2001
msgid ""
"A file named /var/lib/mysql/debian-*.flag exists on this system. The number "
"indicated a database binary format version that cannot automatically be "
"upgraded (or downgraded)."
msgstr "Se ha encontrado un archivo «/var/lib/mysql/debian-*.flag» en el 
sistema. Este número indica una versión de base de datos en formato binario que 
no puede ser subirse (o bajarse) de versión automáticamente."

#. Type: note
#. Description
#: ../mariadb-server-10.0.templates:2001
msgid ""
"Therefore the previous data directory will be renamed to /var/lib/mysql-* "
"and a new data directory will be initialized at /var/lib/mysql."
msgstr "Por tanto, el archivo de datos anterior se renombrará a 
«/var/lib/mysql-*» y se inicializará un nuevo directorio de datos en 
«/var/lib/mysql»."

#. Type: note
#. Description
#: ../mariadb-server-10.0.templates:2001
msgid ""
"Please manually export/import your data (e.g. with mysqldump) if needed."
msgstr "Si lo necesita, tendrá que exportar e importar sus datos manualmente 
(p.ej. con mysqldump)."

#. Type: note
#. Description
#: ../mariadb-server-10.0.templates:3001
msgid "Important note for NIS/YP users"
msgstr "Nota importante para los usuarios de NIS/YP"

#. Type: note
#. Description
#: ../mariadb-server-10.0.templates:3001
msgid ""
"Using MariaDB under NIS/YP requires a mysql user account to be added on the "
"local system with:"
msgstr ""
"Para utilizar MariaDB bajo NIS/YP es necesario añadir una cuenta de usuario "
"mysql en el sistema local con:"

#. Type: note
#. Description
#: ../mariadb-server-10.0.templates:3001
msgid ""
"You should also check the permissions and ownership of the /var/lib/mysql "
"directory:"
msgstr ""
"También debería comprobar los permisos y el propietario del directorio /var/"
"lib/mysql:"

#. Type: boolean
#. Description
#: ../mariadb-server-10.0.templates:4001
msgid "Remove all MariaDB databases?"
msgstr "¿Desea eliminar todas las bases de datos MariaDB?"

#. Type: boolean
#. Description
#: ../mariadb-server-10.0.templates:4001
msgid ""
"The /var/lib/mysql directory which contains the MariaDB databases is about "
"to be removed."
msgstr ""
"El directorio /var/lib/mysql contiene bases de datos MariaDB que van a "
"eliminarse."

#. Type: boolean
#. Description
#: ../mariadb-server-10.0.templates:4001
msgid ""
"If you're removing the MariaDB package in order to later install a more "
"recent version or if a different mariadb-server package is already using it, "
"the data should be 

Bug#779316: paxtest: incomplete output with standard kernel

[Javier Fernández-Sanguino Peña]

On Thu, Feb 26, 2015 at 11:07:59PM +0100, Yann Dirson wrote:
> Using the plain Debian 3.16.0-4-amd64 kernel, "paxtest kiddie" shows:
(...)

Hello there,

I recently upgraded the paxtest package to version 0.9.14 and I am unable to
reproduce this issue. Could you please confirm that the bug has been fixed
with this new version?

Thanks

Javier


signature.asc
Description: PGP signature

Bug#821313: apache2-data: Remove links in default site page to manpages.debian.org

[Javier Fernández-Sanguino Peña]

Package: apache2-data
Version: 2.4.20-1
Severity: normal
Tags: patch

Dear maintainer,

Apache2 default site page includes links to manpages.debian.org. This is not a
very good idea since many sites are left unconfigured by default and there are
many (badly programmed) robots roaming the Internet and indexing sites.

Last Monday 11th, DSA had to disable the 'manpages.debian.org' vhost service in
glinka.debian.org because it was consuming continuously a large amount of CPU
and affecting other services.

Upon investigation, we have found that the service is being queried constantly
for the following pages: (a2ensite, a2dissite, a2enmod, a2dismod, and
a2ensite).  The number of daily queries have ranged from 6000 to 11000 thousand
and, starting May 8th, this has spiked to 93.000 to 141.000 daily queries!
(you can see the details in the attached text file)

These queries are distributed, in a single day we have identified at least 590
distinct hosts making them based on at least 309 misconfigured web servers.

The culprit seems to be some strange script (programmed in GO, since the user
agent is 'Go-http-client/1.1') which looks for websites and traverses them.
When they hits sites like http://teplosnab24.ru/ they start traversing all
URLs, including external connections.

We have enhanced the service configuration used so that we can withstand the
excess of (useless) queries for these manpages (as described in [1]).

The issue does not exactly lie on the apache2-data current page, as these are
scripts that are going awry, but this page is the "detonator" that has 
translated
this problem into a service problem.

Both DSA and I believe that the Apache2 default configuration should avoid
this misbehaviour by not including links to external sites.  Please find
attached a patch that removes those links from the index.html page which is
added by default to all Apache sites installed in Debian.

Alternatively, if you consider the manual pages to be useful, I would suggest
they are included (in HTML format) as part of the Apache2-data package itself 
instead of 
linking to the external manpages.debian.org service.

This change will at least prevent our service from getting hammered by these
misconfigured robots.

Thanks for your help,


Javier Fernandez-Sanguino


[1] https://lists.debian.org/debian-doc/2016/04/msg00055.html



-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 4.4.0-1-686-pae (SMP w/4 CPU cores)
Locale: LANG=es_ES.utf8, LC_CTYPE=es_ES.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- index.html.orig	2016-04-17 16:41:46.0 +0200
+++ index.html	2016-04-17 16:42:41.0 +0200
@@ -293,17 +293,17 @@
*-available/ counterparts. These should be managed
by using our helpers

-http://manpages.debian.org/cgi-bin/man.cgi?query=a2enmod;>a2enmod,
-http://manpages.debian.org/cgi-bin/man.cgi?query=a2dismod;>a2dismod,
+a2enmod,
+a2dismod,


-http://manpages.debian.org/cgi-bin/man.cgi?query=a2ensite;>a2ensite,
-http://manpages.debian.org/cgi-bin/man.cgi?query=a2dissite;>a2dissite,
+a2ensite,
+a2dissite,
 
 and

-http://manpages.debian.org/cgi-bin/man.cgi?query=a2enconf;>a2enconf,
-http://manpages.debian.org/cgi-bin/man.cgi?query=a2disconf;>a2disconf
+a2enconf,
+a2disconf
. See their respective man pages for detailed information.
 
 

Logs of queries to the manpages.debian.org service associated with Apache2
manual pages. 

The list below marks the number of access and the HTTP answer codes returned.

This information has been extracted by running, in glinka's /var/log/apache2,
the following code:

~ (for i in manpages.debian.org-access.log-*gz ; do echo -n "$i: "; zgrep 
"query=a2" $i | wc -l; zcat $i |grep "query=a2" | awk '{print $12" "$9}' | sort 
| uniq -c | sort -nr  | head -5 ; done ) 2>&1 

-
manpages.debian.org-access.log-20160331.gz: 9467
   9464 "-" 200
  3 "-" 304
manpages.debian.org-access.log-20160401.gz: 9582
   9578 "-" 200
  3 "-" 304
  1 "-" 206
manpages.debian.org-access.log-20160402.gz: 11784
  11783 "-" 200
  1 "-" 304

Bug#775578: Reproduceable issue - spamassasin does not enable the service systemd when it was enabled for Sysvinit

[Javier Fernández-Sanguino Peña]

Dear all,

I also had the same issue (spamassasin would not start after boot on
upgrade). I believe this bug is the same as Ubuntu's bug 1503611:
https://bugs.launchpad.net/ubuntu/+source/spamassassin/+bug/1503611
(see there for other similar issues and the fix)

In my case, I run fetchmail and procmail in a user, and that user runs a 
spamassasin
filter ('| /usr/bin/spamc'). Spamc could not connect to Spamassasin and I was
getting a lot of the errors below in the /var/log/mail.log file:

Apr 10 08:15:14 silicio spamc[3785]: connect to spamd on ::1 failed, retrying 
(#1 of 3): Connection refused
Apr 10 08:15:14 silicio spamc[3785]: connect to spamd on 127.0.0.1 failed, 
retrying (#1 of 3): Connection refused
Apr 10 08:15:14 silicio spamc[3794]: connect to spamd on ::1 failed, retrying 
(#1 of 3): Connection refused
Apr 10 08:15:14 silicio spamc[3794]: connect to spamd on 127.0.0.1 failed, 
retrying (#1 of 3): Connection refused

These errors when away as soon as I would start the service
(/etc/init.d/spamassassin start) but if they went undetected they would fill
up my /var/log/ partition quite fast.

Basicly I think the issue can be summarised as follows:

 - The default status of spamassasin for SysV rc is not run on boot (ENABLED=0 
in
   /etc/default/spamassassin)

 - Some users (like me) that want it to have it started set ENABLED=1 in
   that configuration file  and the service will start on boot

 - On upgrade to systemd, that flag is not considered and service is not
   started by default. The "ENABLED" flag setting is now unused

To fix this bug, spamassasin should check, on upgrade:

  - is ENABLED=1 in the configuration file  set?
  - is the service started?
  
If it is, then it should assume that the service should also be enabled on
systemd, by running: 'systemctl enable spamassassin.service'

Currently, this is something the admininistrator has to detect and do
manually. It could be easily programmed into sa's postinst, however.

At the very minimum, this needs to be documented in the NEWS.Debian file. It
is documented in the configuration file /etc/default/spamassassin, but that
need not be reviewed by an administrator during an upgrade.

Best regards


Javier



signature.asc
Description: PGP signature

Bug#790894: More info

[Javier Fernández-Sanguino Peña]

tag 790894 upstream confirmed
thanks

On Thu, Jul 02, 2015 at 07:30:57PM +, Shai Ayal wrote:
 Further investigation turns out that this error only happens when using the
 -N, --auto-nets
 command line option. If connecting without this option (which forces
 manually specifying the list of subnets to route over the VPN) sshuttle
 works

I have done tests with the 0.54 and the 0.70 (and 0.71) version and this
indeed is a bug in the latest upstream's version. 

From what I've seen the control agent does not send the firewall agent a GO
after sending the ROUTES and just sends it a stream of newlines that cause
the firewall agent to panic.

I have investigating it but have not yet found a fix to this issue. In any
case, I will forward this issue upstream.

Regards


Javier



signature.asc
Description: Digital signature

Bug#788361: debian-faq: several suggestions (typos, missing dots and commas, ...)

[Javier Fernández-Sanguino Peña]

On Wed, Jun 10, 2015 at 05:58:13PM +0200, Holger Wansing wrote:
 I have just updated the german translation of the debian-faq,
 and during that, I found several typos, missing words, dots or commas,
 outdated paragraphs etc.

Thank you for the patch. I will review and apply to it to SVN

Regards

Javier


signature.asc
Description: Digital signature

Bug#780438: fortunes: Please add quotes from Terry Pratchett

[Javier Fernández-Sanguino Peña]

Package: fortunes
Version: 1:1.99.1-7
Severity: wishlist

In honor of the late Terry Pratchett, who left this Discworld to meet his
friend Death yesterday, please find attached a patch adding some of Terry
Pratchett's best quotes.

The patch add these quotes to the several files: humorists, people and magic. 

It would be great if you could add this to the Debian package


-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-686-pae (SMP w/4 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fortunes depends on:
ii  fortunes-min  1:1.99.1-7

Versions of packages fortunes recommends:
ii  fortune-mod  1:1.99.1-7

fortunes suggests no packages.

-- no debconf information
diff -Nru fortune-mod-1.99.1.old/debian/patches/series fortune-mod-1.99.1/debian/patches/series
--- fortune-mod-1.99.1.old/debian/patches/series	2013-08-15 05:33:08.0 +0200
+++ fortune-mod-1.99.1/debian/patches/series	2015-03-13 22:30:04.395289967 +0100
@@ -24,3 +24,4 @@
 lawyers.diff
 politics.diff
 off-wrong-man.diff
+terry-pratchett.diff
diff -Nru fortune-mod-1.99.1.old/debian/patches/terry-pratchett.diff fortune-mod-1.99.1/debian/patches/terry-pratchett.diff
--- fortune-mod-1.99.1.old/debian/patches/terry-pratchett.diff	1970-01-01 01:00:00.0 +0100
+++ fortune-mod-1.99.1/debian/patches/terry-pratchett.diff	2015-03-13 22:29:29.638910425 +0100
@@ -0,0 +1,207 @@
+Description: Add quotes from the late Terry Pratchett, 
+Author: Javier Fernandez-Sanguino j...@debian.org
+Last-Update: 2015-03-15
+
+--- a/datfiles/humorists
 b/datfiles/humorists
+@@ -1030,3 +1030,147 @@
+ 
+   All: (laughter)
+ %
++The whole of life is just like watching a film. Only it’s as though you always
++get in ten minutes after the big picture has started, and no-one will tell you
++the plot, so you have to work it out all yourself from the clues.
++		-- Terry Pratchett, Moving Pictures
++%
++Real stupidity beats artificial intelligence every time.
++		-- Terry Pratchett, Hogfather
++%
++I’d rather be a rising ape than a falling angel.
++		-- Terry Pratchett
++%
++It’s not worth doing something unless someone, somewhere, would much rather
++you weren’t doing it.
++		-- Terry Pratchett
++%
++Stories of imagination tend to upset those without one.
++		-- Terry Pratchett
++%
++Fantasy is an exercise bicycle for the mind. It might not take you anywhere,
++but it tones up the muscles that can.
++		-- Terry Pratchett
++%
++The presence of those seeking the truth is infinitely to be preferred to the
++presence of those who think they’ve found it.
++		-- Terry Pratchett, Monstrous Regiment
++%
++There are times in life when people must know when not to let go. Balloons are
++designed to teach small children this. 
++		-- Terry Pratchett
++%
++The entire universe has been neatly divided into things to (a) mate with, (b)
++eat, (c) run away from, and (d) rocks.
++		-- Terry Pratchett
++%
++If you don’t turn your life into a story, you just become a part of someone
++else’s story.
++		-- Terry Pratchett, The Amazing Maurice and His Educated Rodents
++%
++The truth may be out there, but the lies are inside your head.
++		-- Terry Pratchett
++%
++Goodness is about what you do. Not who you pray to.
++		-- Terry Pratchett, Snuff
++%
++I have no use for people who have learned the limits of the possible.
++		-- Terry Pratchett
++%
++A marriage is always made up of two people who are prepared to swear that only
++the other one snores
++		-- Terry Pratchett
++%
++Geography is just physics slowed down, with a couple of trees stuck in it
++		-- Terry Pratchett
++%
++Give a man a fire and he's warm for the day. But set fire to him and he's warm
++for the rest of his life
++		-- Terry Pratchett
++%
++In ancient times cats were worshipped as gods. They have not forgotten this.
++		-- Terry Pratchett
++%
++The space between the young readers eyeballs and the printed page is a holy
++place and officialdom should trample all over it at their peril
++		-- Terry Pratchett
++%
++Dickens, as you know, never got round to starting his home page
++		-- Terry Pratchett
++%
++I once absent-mindedly ordered Three Mile Island dressing in a restaurant and,
++with great presence of mind, they brought Thousand Island Dressing and a bottle
++of chili sauce
++		-- Terry Pratchett
++%
++It is said that your life flashes before your eyes just before you die. That is true, it's called Life
++		-- Terry Pratchett
++%
++Only in our dreams are we free. The rest of the time we need wages.
++		-- Terry Pratchett
++%
++The trouble with having an open mind, of course, is that people will insist on
++coming along and trying to put things in it.
++		-- Terry Pratchett
++%
++Taxation is just a sophisticated way of demanding money with menaces.
++		-- Terry Pratchett
++%
++The pen is 

Bug#776441: harden-nids: Alternative to snort is not NIDS software

[Javier Fernández-Sanguino Peña]

Source: harden
Version: 0.1.38+nmu1
Severity: important
Tags: patch

The harden-nids package claims to provide a network intrusion detection upon
installation but depends on: 'snort | ntop'

Snort is a network intrusion detection program, but ntop is not. Ntop is a
network traffic probe that makes it possible to do traffic analysis but it 
does not have any capabilities to detect malicious network traffic either
through behavioural or signature-based mechanisms (an upstream does not claim
it to).

Ntop does not comply with the package description definition either:  A
network intrusion detection system is a tool that analyzes network packets and
logs anomalies or known crack attempts. 

I would suggest the package to remove ntop and include 'suricata' instead which
*is* a network intrusion system. Attached is a patch that does just that.

I'm setting the severity to 'important' since currently, in testing, Snort is
not available (due to a removal from the Release Managers in December) and
users installing this package currently in testing (and possibly in the
'jessie' release) would be just installing 'ntop' and not really an NIDS.

In that way, the package description would be completely misleading.


-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-686-pae (SMP w/4 CPU cores)
Locale: LANG=es_ES.utf8, LC_CTYPE=es_ES.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- control.orig	2015-01-28 02:06:09.0 +0100
+++ control	2015-01-28 02:06:36.0 +0100
@@ -111,7 +111,7 @@
 
 Package: harden-nids
 Architecture: all
-Depends: snort | ntop
+Depends: snort | suricata
 Recommends: logcheck
 Description: Harden a system by using a network intrusion detection system
  This package helps you to install a network intrusion detection system.

Bug#678366: checkrestart: if systemd is running, use cgroups and systemctl instead of the init script mechanisms

[Javier Fernández-Sanguino Peña]

On Thu, Jun 21, 2012 at 03:40:42PM +0800, Paul Wise wrote:
 Package: debian-goodies
 Version: 0.61
 Severity: wishlist
 File: /usr/sbin/checkrestart
 X-Debbugs-CC: syst...@packages.debian.org
 
 systemd (the alternative to sysvinit) uses Linux cgroups to group
 processes according to the service they belong to, even if the services
 spawns child processes and so on. Please detect if cgroups are
 available, if the systemd cgroups are active and for the processes that
 need restarting, which systemd service they belong to. Some information
 about the cgroups used by systemd is below. If systemd cgroups are
 active then the initscripts mechanism should not be used.
 
 Normal services have the a cgroup file like this and can be restarted
 using `systemctl restart exim4.service` or similar.

Hi Paul,

I've just have added preliminary support for systemd in checkrestart and
committed it to GIT. Instead of using cgroups I have just modified
checkrestart to point to users to running 'systemctl restart' + service file,
if a process belongs to a package and that package provides systemd service
files (instead of suggesting using 'service ' + init.d file)

Adding cgroups requires some more extensive changes in the code, handling 
different exceptions. We will consider this for the next iteraction.

If you have time and can provide a patch to add support for cgroups that
would be great though :)

Best regards

Javier


signature.asc
Description: Digital signature

Bug#775472: checkrestart never completes on systems with large number of open files

[Javier Fernández-Sanguino Peña]

tags 775472 pending
thanks

On Fri, Jan 16, 2015 at 03:50:58PM +1100, Ian Bissett wrote:
 Package: debian-goodies
 Version: 0.64
 
 lsof takes a long time to return on systems with a large number of
 files, causing checkrestart to take several minutes to run. lsof also
 uses lots of CPU resources on systems with a large number of open
 files.
()

Thanks a lot for your patch. I have done some tests and it does seem to
produce the exact same results as with using Lsof. 

I have included it in a modified version in the GIT repository. I have kept
the code to run lsof, however, and it is still the default behaviour. I would
like to do wider testing of the new code before making it the default.

As this patch makes checkrestart independent of lsof I have done the required
changes to use it if lsof is not available (IIRC some *BSD systems do not
have it).

With a little bit more testing I can think we can make this the default
behaviour (and have 'lsof' as an option, to have the option for users to use
it in case this fails).

Regards

Javier


signature.asc
Description: Digital signature

Bug#758711: debian-goodies: checkrestart reports services which have open files with name including deleted as to be restarted

[Javier Fernández-Sanguino Peña]

tag  758711 pending
thanks

On Wed, Aug 20, 2014 at 02:42:44PM +0200, Roman Pertl wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Package: debian-goodies
 Version: 0.61
 Severity: normal
 
 On our mysql server we have a table called upload_tmp_deleted which
 let checkrestart think that mysql should be restarted, probably
 because checkrestart does not check the string deleted in lsof output
 strictly enough.

This false positive in checkrestart has been recently fixed in the GIT
repository. A fix will be uploaded shortly.

Best regards

Javier


signature.asc
Description: Digital signature

Bug#767332: False positive Checkrestart Results.

[Javier Fernández-Sanguino Peña]

tag 767332 pending
thanks

On Thu, Oct 30, 2014 at 10:12:52AM +0100, Antonio Javier Rodriguez Barrios 
wrote:
 When I invoke `checkrestart` without arguments from an ordinary shell
 prompt it prints processes using old versions of upgraded files but itś a
 false positive.

I have just recently fixed this false positive in the checkrestart GIT
repository. A fix will be uploaded to Debian soon.

Thanks for you bug report,

Javier


signature.asc
Description: Digital signature

Bug#773095: cron: please don't purge /etc/cron.{allow|deny} when systemd-cron is present

[Javier Fernández-Sanguino Peña]

On Sun, Dec 14, 2014 at 09:45:33AM +0100, Alexandre Detiste wrote:
 Please apply this little patch that makes cron  systemd-cron play nice
 together.

As indicated by Christian, I'm afraid we cannot accept this patch.

We can either close it or, if you agree, we change this into a wishlist
patch asking cron to provide its conffiles in a separate package. As
discussed in the thread you started in debian-devel [1]

Bear in mind, moving conffiles from a package to another one is not that
simple and is quite error-prone. I'm not sure we want to introduce such a big
change during the freeze (and even if we do it might not be accepted by RMs).

Also please note that if system-crond starts manipulating cron's postrm files
it could be considered a serious bug (and policy violation). Please don't go
through that road...


Best regards

Javier


[1] https://lists.debian.org/debian-devel/2014/12/msg00287.html


signature.asc
Description: Digital signature

Bug#771825: [Fwd: Re: Bug#771825: release-notes: Update information on non-systemd Jessie upgrades and installations]

[Javier Fernández-Sanguino Peña]

On Wed, Dec 03, 2014 at 05:13:38PM +0100, Svante Signell wrote:
 Hi Osamu,
 
 I will make a modified proposal to the actual document. However there
 is no installation-guide on this page:
 https://anonscm.debian.org/viewvc/ddp/manuals/trunk/
 
 Where is it?

The sources for the installation guide are available at
https://anonscm.debian.org/viewvc/d-i/trunk/manual/en/

The web builds for the guide are available here:
https://www.debian.org/releases/jessie/installmanual

These might be useful for you in order to get a feeling of its structure and
determine where chapter/section should your contributions go to.

Best regards

Javier


signature.asc
Description: Digital signature

Bug#771847: debconf: [INTL:es] Updated program translation to Spanish

[Javier Fernández-Sanguino Peña]

Package: debconf
Version: 1.5.54
Severity: wishlist
Tags: l10n patch

Please find attached an updated translation of this program
into Spanish.

Thanks for including it in your next package upload,

Javier

# Traducción de los mensajes del programa debconf de Debian al español.
# Translation of the debconf messages to Spanish.
#
# Copyright (C) 2003 Free Software Foundation, Inc.
#
# This file is distributed under the same license as the debconf package.
#
# Current translator:
#
# Javier Fernandez-Sanguino j...@debian.org, 2004-2006, 2010, 2014
#
#  Past Translators and reviewers:
#
#  - Enrique Zanardi ezan...@debian.org, 2000.
#  - Jordi Mallach jo...@debian.org, 2001.
#  - Carlos Valdivia Yague val...@dat.etsit.upm.es, 2003.
#
#   Traductores, si no conoce el formato PO, merece la pena leer la
#   documentación de gettext, especialmente las secciones dedicadas a este
#   formato, por ejemplo ejecutando:
#  info -n '(gettext)PO Files'
#  info -n '(gettext)Header Entry'
#
#   Equipo de traducción al español, por favor lean antes de traducir
#   los siguientes documentos:
#
#   - El proyecto de traducción de Debian al español
# https://www.debian.org/intl/spanish/
# especialmente las notas y normas de traducción en
# https://www.debian.org/intl/spanish/notas
#
#   Si tiene dudas o consultas sobre esta traducción consulte con el último
#   traductor (campo Last-Translator) y ponga en copia a la lista de
#   traducción de Debian al español (debian-l10n-span...@lists.debian.org)
msgid 
msgstr 
Project-Id-Version: debconf 1.2.39\n
Report-Msgid-Bugs-To: \n
POT-Creation-Date: 2014-04-22 20:04-0400\n
PO-Revision-Date: 2014-12-02 21:57+0100\n
Last-Translator: Javier Fernandez-Sanguino j...@debian.org\n
Language-Team: Debian Spanish Team debian-l10n-span...@lists.debian.org\n
Language: es\n
MIME-Version: 1.0\n
Content-Type: text/plain; charset=UTF-8\n
Content-Transfer-Encoding: 8bit\n
X-POFile-SpellExtra: debconf drop frontend unseen utils Sigils apt\n
X-POFile-SpellExtra: Template owner force ReadLine desactualizadas TERM\n
X-POFile-SpellExtra: preconfigurar reload outdated ll priority only\n
X-POFile-SpellExtra: Smileys emacs po localhost templates Term http\n
X-POFile-SpellExtra: communicate Element Dialog debs dpkg mergetemplate\n
X-POFile-SpellExtra: Debconf desactualizado extracttemplates default stdin\n
X-POFile-SpellExtra: old desactualizada Preconfigurando dialog root\n

#: ../Debconf/AutoSelect.pm:76
#, perl-format
msgid falling back to frontend: %s
msgstr probando ahora la interfaz: %s

#: ../Debconf/AutoSelect.pm:84
#, perl-format
msgid unable to initialize frontend: %s
msgstr no se pudo inicializar la interfaz: %s

#: ../Debconf/AutoSelect.pm:90
#, perl-format
msgid Unable to start a frontend: %s
msgstr No se puede arrancar una interfaz: %s

#: ../Debconf/Config.pm:130
msgid Config database not specified in config file.
msgstr 
No se ha especificado una base de datos de configuración en el fichero de 
configuración.

#: ../Debconf/Config.pm:134
msgid Template database not specified in config file.
msgstr 
No se ha especificado una base de datos de plantillas en el fichero de 
configuración.

#: ../Debconf/Config.pm:139
msgid 
The Sigils and Smileys options in the config file are no longer used. Please 
remove them.
msgstr 
Ya no se utilizan las opciones «Sigils» y «Smileys» en el fichero de 
configuración. Por favor, elimínelas.

#: ../Debconf/Config.pm:153
#, perl-format
msgid Problem setting up the database defined by stanza %s of %s.
msgstr 
Se produjo un problema al configurar la base de datos definida por la 
instancia %s de %s.

#: ../Debconf/Config.pm:228
msgid 
  -f,  --frontend\t\tSpecify debconf frontend to use.\n
  -p,  --priority\t\tSpecify minimum priority question to show.\n
   --terse\t\t\tEnable terse mode.\n
msgstr 
  -f,  --frontend\t\tIndica a debconf la interfaz que debe usar.\n
  -p,  --priority\t\tEspecifica la prioridad mínima a mostrar.\n
   --terse\t\t\tActiva el modo resumido.\n

#: ../Debconf/Config.pm:308
#, perl-format
msgid Ignoring invalid priority \%s\
msgstr Se ignorará la prioridad inválida «%s»

#: ../Debconf/Config.pm:309
#, perl-format
msgid Valid priorities are: %s
msgstr Las prioridades válidas son: %s

#: ../Debconf/Element/Editor/Boolean.pm:30
#: ../Debconf/Element/Editor/Multiselect.pm:31
#: ../Debconf/Element/Editor/Select.pm:31
msgid Choices
msgstr Opciones

#: ../Debconf/Element/Editor/Boolean.pm:30
#: ../Debconf/Element/Editor/Boolean.pm:36
#: ../Debconf/Element/Editor/Boolean.pm:59
#: ../Debconf/Element/Teletype/Boolean.pm:28
msgid yes
msgstr sí

#: ../Debconf/Element/Editor/Boolean.pm:30
#: ../Debconf/Element/Editor/Boolean.pm:39
#: ../Debconf/Element/Editor/Boolean.pm:62
#: ../Debconf/Element/Teletype/Boolean.pm:29
msgid no
msgstr no

#: ../Debconf/Element/Editor/Multiselect.pm:32
msgid 
(Enter zero or more items separated by a comma followed by a space (', ').)
msgstr 
(Introduzca cero o más elementos separados por 

Bug#771825: release-notes: Update information on non-systemd Jessie upgrades and installations

[Javier Fernández-Sanguino Peña]

On Tue, Dec 02, 2014 at 11:01:16PM +0100, Svante Signell wrote:
   * The second hunk of the patch seems better suited for the
 installation-guide.  The release notes concerns itself with upgrades
 and does not cover the debian-installer.
 
 Somebody was complaining that changing the installation-guide was a lot
 of work, e.g. translations work, and did not want the changes to be made
 there https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765803#40
 I don't mind getting the second part included there instead.

Translators (and I'm one of them) will have to update the installation-guide
before the release. 

I think it's better to have the document where it should be and also agree
that the Release Notes is not the place for that chunk.

Best regards

Javier


signature.asc
Description: Digital signature

Bug#771461: /var/state/samhain/

[Javier Fernández-Sanguino Peña]

On Tue, Dec 02, 2014 at 01:23:13AM +0100, Andrea Claudi wrote:
 Hi,
 This patch should fix the problem, moving the non-volatile state for the 
 samhain package to /var/lib/samhain.

The patch creates the directory for new installations but it is worth
noticing that the /var/state/samhain/ contains valid information that
has to be preserved over upgrades (otherwise, the integrity database would be
regenerated and not kept).

 Please, tell me if I need to fix something to make this acceptable.

I'm committing your patch to Samhain's GIT but have made some adjustments. I
will test upgrades from previous versions and if all goes well I'll upload
a new package soon.

Regards

Javier


signature.asc
Description: Digital signature

Bug#749602: samhain: sends mail to root on installation

[Javier Fernández-Sanguino Peña]

On Wed, May 28, 2014 at 05:15:48PM +0200, Holger Levsen wrote:
 DSA informed me that testing samhain for piuparts.debian.org causes mails to 
 root@$slave which are very irritating to them, as they do use samhain as well.
 
 Copies of these mails can be found at 
 http://www.palfrader.org/volatile/2014-05-28-wVnu9SVZFqw/piuparts currently.

These mails are sent by samhain indeed.

 As starting samhain is prevented via invoke-rc.d, I believe the culprit must 
 be within samhain's initscript, in these lines:
 
  if [ ! -f /var/state/samhain/samhain_file ] ; then
  [ -f /var/log/samhain/samhain-init.log ]  rm -f 
 /var/log/samhain/samhain-init.log
  echo Creating samhain's file integrity database (this can take some 
 minutes)
  samhain -t init /var/log/samhain/samhain-init.log 21
  fi

This is probably the culprit.

The samhain integrity database is required for samhain to start. I'm not sure
how to tackle this issue. It never has been a problem for other samhain
users.

I guess I could defer the initialisation database to the first time samhain
is started (through init) or I could add a debconf prompt to ask the admin
user if he wants the integrity database to be initialised.

For the time being, you could have in piuparts a samhainrc file that disables
sending email.

 What surprises me though, is that no other package (out of 40k packages) 
 doesnt produce mails to root - could you think of anything else producing 
 these mails?

No, these look like samhain's emails.

Regards

Javier


signature.asc
Description: Digital signature

Bug#747253: [Ddp-commits] r10388 - /manuals/trunk/java-faq/po4a/po/fr.po

[Javier Fernández-Sanguino Peña]

On Fri, May 16, 2014 at 06:56:32PM -0400, David Prévot wrote:
 Le 16/05/2014 18:15, j...@users.alioth.debian.org a écrit :
 
  URL: http://svn.debian.org/wsvn/ddp/?sc=1rev=10388
  Log:
  
  French translation done by Kilic Ali-Firat kilic.alifirat AT gmail.com
  and provided in 
  https://lists.debian.org/debian-l10n-french/2014/05/msg00043.html
  
  This commit fixes java-common bug #747253
 
 No, this commit won’t fix #747253, since the FAQ is now maintained in
 the java-common package (and has been for a while). Can you please
 delete the useless (and error-prone) copy from the DDP to avoid further
 mistakes (and eventually upstream any improvements to be included in the
 java-common package), or replace it by a README pointing to the accurate
 repository.

Dear David,

I seem to have missed something. I'm the original author of the document and,
for quite a long time in the past, its sole maintainer. I always believed the
java-common package contained a *copy* of the DDP document.

If you take a look at https://www.debian.org/doc/user-manuals#java-faq, you
will see that the DDP version is the one pointed to for this documents'
sources. The document itself at
https://www.debian.org/doc/manuals/debian-java-faq/ doesn't point otherwise.

As you can see in other past bugs (such as #449282) the java-common was in
the past  manually updated from the DDP when required.  I don't recall being
notified (by java-common maintainers or anyone else up to now) that the
java-common version was to be considered the upstream version now. 

Unfortunately, it seems that the new maintainers have taken the java-common
version as upstream and made changes there. Since I see that the SGML
version in java-common contains some changes not available in the DDP.
There seems to have been a comunication error somewhere.

Anyway, I will contact them and suggest doing the following:

0.- We should sync both versions (DDP and java-common). I've made extensive
changes to the DDP version to allow for translations using PO files which, I
believe, are quite useful.

1.- the java-common package should just copy the contents from the DDP and
include *there* a README indicating that the java-faq sources are in the DDP.
This should also be stated in the document.

2.- the java-common should be updated with whatever is in the DDP.

Note: It is my current understanding that the contents from
https://www.debian.org/doc/manuals/debian-java-faq/ are generated based on
the java-common package nowadays. Is this correct? 



Best regards

Javier


signature.asc
Description: Digital signature

Bug#748055: debian-goodies: checkrestart false positive for MySQL

[Javier Fernández-Sanguino Peña]

tag 748055 unreproducible
thanks

On Tue, May 13, 2014 at 04:53:59PM +, Etienne Levesque Guitard wrote:
 The checkrestart utility in debian-goodies will falsly report MySQL as
 needing a restart starting with jessie. The same happens in Ubuntu 14.04,
 presumably because it is based on Debian testing.

In order to diagnose this issue, please send, attached, the output of
'checkrestart -v'

Please note that I'm not able to reproduce this issue using sid which uses
the same version (debian-goodies version 0.63). I just followed the same
steps you indicated and could not get any false positives with checkrestart.

I'm consequently marking this as 'notreproducible'. If I get more comments
from other users to this bug, duplicating the issue, I will remove that flag.

Thanks,

Javier


signature.asc
Description: Digital signature

Bug#355238: rhythmbox: A user cannot see why he cannot share music

[Javier Fernández-Sanguino Peña]

On Thu, Mar 06, 2014 at 02:22:25PM +, althaser wrote:
 Hey,
 
 Could you please still reproduce this issue with newer rhythmbox version
 like 2.97-2.1 or 3.0.1-1+b2 ?

I have 3.0.1-1+b1 installed but I'm unable to find the Preferences in order
to setup sharing in the GUI. Where is it now?

Regards

Javier



signature.asc
Description: Digital signature

Bug#738199: on /security/oval

[Javier Fernández-Sanguino Peña]

On Mon, Feb 10, 2014 at 07:27:06PM +0100, Luciano Bello wrote:
 I think your contribution is necessary. Would you like to comment something 
 out 
 here? :)

As Raphael said, the OVAL script generation code is broken but can be fixed.
I just either need spare time to be able to work on this and/or help from
a colleague maintainer to recover this.

For more information please see
https://lists.debian.org/debian-www/2011/10/msg00046.html

Please notice that the definitions pre-2010 are OK and can be used. The
problem is in the definitions after that time.

When will it be fixed? I really can't tell, I'm swamped with work (real life
and Debian-related) and some other issues are ahead in the priority queue.

We are still listed in the OVAL page [1] as an OVAL content repository but
we should really fix this.

Now, if there are people actively using OVAL in the field (and using the OVAL
language interpreter packaged in Debian [2]) it would be really great if they
stepped in and helped with this issue (and the bugs surrounding the
interpreter).


Regards

Javier


[1] https://oval.mitre.org/repository/about/other_repositories.html
[2] http://packages.debian.org/sid/ovaldi


signature.asc
Description: Digital signature

Bug#737512: debmany(1) manpage: typo: /use/share/doc - /usr/share/doc

[Javier Fernández-Sanguino Peña]

tags 737512 pending
thanks

I have just fixed in the GIT repository. It will be fixed in the next package
upload.

Thanks

Javier


signature.asc
Description: Digital signature

Bug#737513: debmany(1) manpage says /dev/shm is used as temp dir

[Javier Fernández-Sanguino Peña]

tags 737513 pending
thanks

On Mon, Feb 03, 2014 at 12:45:09PM +0100, Jakub Wilk wrote:
 The debmany(1) manpage says: “The manpages are temporarily extracted
 to /dev/shm (if the directory exists)”. But this is no longer true:
 see bug #679457.

I have just fixed this in the GIT repository, the fix should be available
with the next package upload.

Thanks

Javier


signature.asc
Description: Digital signature

Bug#724248: Fixed in GIT repository

[Javier Fernández-Sanguino Peña]

tag 724248 pending
thanks

Thanks for the patch you submitted to this bug report, I have committed it to
our repository. The bug should be fixed in the next package upload.

Regards

Javier Fernandez-Sanguino


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#688808: Fixed in GIT repository

[Javier Fernández-Sanguino Peña]

tags 688808 pending
thanks

I have committed the patch for this bug in debian-goodies' GIT repository.
Sorry for the delay.

Regards

Javier


signature.asc
Description: Digital signature

Bug#615965: chntpwd: New version available

[Javier Fernández-Sanguino Peña]

On Mon, Jan 27, 2014 at 04:00:30PM +0800, Paul Wise wrote:
 I wasn't able to get the current version to work with Windows 7 and had
 to resort to the i386 0.99.5-0+nmu1 package from snapshot.d.o, based on
 the complaining of various Ubuntu users around the net. There is a new
 upstream version that looks like it should be much more robust based on
 the changelog, please update the package. I wasn't able to try it yet
 due to the patch updates that are needed.

Actually, the problem lies in a patch I took from Fedora that fixed some
issues but also introduced a bug. Please see #705292

I've just uploaded the latest upstream release to Debian, refreshing the
patches, but I'm not sure when I will be able to test it out. Could you help
testing it?

Regards

Javier

PS: I've not been able to see any of the complaininig of Ubuntu users, and I
have not found any bug in Launchpad. Care to share some pointers? It might be
useful to tell those users to test the latest version in Debian too.



signature.asc
Description: Digital signature

Bug#736375: init script broken start behavior

[Javier Fernández-Sanguino Peña]

On Wed, Jan 22, 2014 at 10:34:55PM +0100, Peter Palfrader wrote:
 Package: samhain
 Version: 2.8.3a-1+deb7u1
 Severity: serious
 
 Hi,
 
 the samhain in stable-updates has an init script that fails on start
 if the service is already running:

This was not a bug introduced in the update. The bug was already present in
the stable version (and in sid)

 [I wouldn't be surprised if this issue was also present in testing/unstable.]

It is actually. I will prepare a fix for unstable. If the RMs approve then I
will upload it also to stable-updates.

Regards

Javier


signature.asc
Description: Digital signature

Bug#736375: init script broken start behavior

[Javier Fernández-Sanguino Peña]

tag 736375 pending
thanks

On Wed, Jan 22, 2014 at 10:34:55PM +0100, Peter Palfrader wrote:
 the samhain in stable-updates has an init script that fails on start
 if the service is already running:

I have made improvements to the init.d script and uploaded a preliminary fix
for this bug into unstable.

The fix for this is attached and I will make an upload to stable-updates if
RM allows.

Regards

Javier
diff --git a/debian/changelog b/debian/changelog
index f54f8f9..5d8800e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+samhain (2.8.3a-1+deb7u2) stable; urgency=medium
+
+  * debian/samhain.init: Improve the init script
+  - Do not fail in 'start' if the daemon is already started, use --oknodo
+(Closes: #736375)
+  - Do not try to stop the daemon (and wait for it to stop) if it is not
+running
+  - If the pidfile has been lost, try to determine the status using the
+process name instead
+
+ -- Javier Fernández-Sanguino Peña j...@debian.org  Thu, 23 Jan 2014 03:45:25 +0100
+
 samhain (2.8.3a-1+deb7u1) stable; urgency=medium
 
   * Backport fixes from unstable version to fix serious/important bugs 
diff --git a/debian/samhain.init b/debian/samhain.init
index 30cffab..c9e5828 100644
--- a/debian/samhain.init
+++ b/debian/samhain.init
@@ -30,14 +30,17 @@ set -e
 # Check if a daemon is running
 running()
 {
-# No pidfile, probably no daemon present
-#
-[ ! -f $PIDFILE ]  return 1
-pid=`cat $PIDFILE`
-# No pid, probably no daemon present
-[ -z $pid ]  return 1
-
-pidofproc -p $PIDFILE
+# Check with pidfile first, if available
+if [ -r $PIDFILE ] ; then
+	pid=`cat $PIDFILE`
+# No pid, probably no daemon present
+	if [ -n $pid ] ; then
+		pidofproc -p $PIDFILE
+		return $?
+	fi
+fi
+# Try to find the daemon by name
+pidof $DAEMON /dev/null 
 return $?
 }
 
@@ -46,7 +49,7 @@ case $1 in
   start)
 [ ! -e /var/run/${NAME} ]  mkdir -p /var/run/${NAME}
 log_begin_msg Starting $DESC: $NAME
-start-stop-daemon --start --quiet --exec $DAEMON
+start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
 log_end_msg $?
 ;;
   stop)
@@ -55,27 +58,39 @@ case $1 in
 log_end_msg $?
 ;;
   reload)
-log_begin_msg Reloading $DESC configuration files: $NAME
-start-stop-daemon --stop --signal 1 --quiet --exec $DAEMON
-log_end_msg $?
+  	log_begin_msg Reloading $DESC configuration files: $NAME
+	if running ; then
+		start-stop-daemon --stop --signal 1 --quiet --exec $DAEMON
+		log_end_msg $?
+	else
+	log_daemon_msg  ERROR: $DAEMON is not running.
+		log_end_msg 1
+	fi
+
   	;;
   restart|force-reload)
 log_begin_msg Restarting $DESC: $NAME
-start-stop-daemon --stop --quiet --retry 5 --oknodo --pidfile $PIDFILE  --name  $NAME 
-for i in 1 2 3 ; do
-if ! running; then break ; fi
-sleep 1
-done
+	if running; then
+	start-stop-daemon --stop --quiet --retry 5 --oknodo --pidfile $PIDFILE  --name  $NAME 
+	for i in 1 2 3 ; do
+	if ! running; then break ; fi
+	sleep 1
+	done
+	fi
 if  ! running  ; then
-start-stop-daemon --start --quiet --exec $DAEMON
+start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON
 log_end_msg $?
 else
-log_daemon_msg  ERROR: $DAEMON did not die in the expected time, will not reload
+log_daemon_msg  ERROR: $DAEMON did not die in the expected time, will not restart/force-reload
 log_end_msg 1
 fi
 ;;
status)
-status_of_proc -p $PIDFILE $DAEMON $NAME  exit 0 || exit $?
+	if [ -e $PIDFILE ] ; then
+	   	status_of_proc -p $PIDFILE $DAEMON $NAME  exit 0 || exit $?
+	else
+	   	status_of_proc $DAEMON $NAME  exit 0 || exit $?
+	fi
 ;;
   *)
 N=/etc/init.d/${0##*/}


signature.asc
Description: Digital signature

Bug#736168: pu: package samhain/2.8.3a-1

[Javier Fernández-Sanguino Peña]

On Tue, Jan 21, 2014 at 10:48:44PM +, Adam D. Barratt wrote:
 I've just flagged the re-upload for acceptance into p-u; thanks.

You're welcome.

 As a side-note, please don't close pu bugs in your upload. They remain
 open until the package has been included in a point release, at which
 point we'll close them.

Sorry, I was not aware of this. Won't do next time.

Regards

Javier


signature.asc
Description: Digital signature

Bug#736168: pu: package samhain/2.8.3a-1

[Javier Fernández-Sanguino Peña]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Dear Release Managers,

I have recently updated Samhain in sid and have fixed some important bugs.  As
requested by DSA, since samhain is used in many project machines, I would like
to make an upload to the wheezy release including some of these fixes.

Most relevant bugs that would be fixed by this upload are:

 Bugs associated with the use of dnmalloc in different architectures:

 - #733875 broken on s390x 
 - #657307 does not reap children (in armhf hosts)
 - #533860 samhain: frequent segfaults on lenny alpha

 Miscellaneous bugs which can be easily fixed in stable too:

 - #689902 Ships a folder in /var/run 
 - #709753 mail reports with default config fail almost silently


The full diff is attached, it is hopefully self-explanatory. Please don't
hesitate to ask, should you need any additional information.


-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.11-2-686-pae (SMP w/4 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff --git a/debian/changelog b/debian/changelog
index 0d18487..71faf11 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,27 @@
+samhain (2.8.3a-2) stable; urgency=medium
+
+  [ Backport fixes from unstable version to fix serious/important bugs ]
+  * debian/rules:
+  - Disable dnmalloc for all architectures expect those known to work. It
+seems to be the source of problems and segfaults in many different
+architectures (Closes: #533860, #657307)
+  - Disable dnmalloc for s390x, as it is done for s390 already 
+(Closes: #733875)
+  * Fix use of /var/run/samhain, which is created by the init.d script since
+version 2.6.2-1:
+- Remove the /var/run/samhain directory when the package is purged
+- Do not ship /var/run/samhain in the package file
+Thanks go to Thomas Goirand for spotting this issue and providing a
+patch, which I used as a basis for the above changes
+(Closes: #689902)
+  * Default samhainrc now uses SetMailAddress=root, SetMailRelay=localhost
+since there have been reports of the previous confguration
+(SetMailAddress=root@localhost, SetMailRelay=NULL) not working since
+samhain tries to retrieve an MX record for 'localhost' from the DNS
+(Closes: 709754)
+
+ -- Javier Fernández-Sanguino Peña j...@debian.org  Sun, 19 Jan 2014 11:53:32 +0100
+
 samhain (2.8.3a-1) unstable; urgency=low
 
   * New upstream release (Closes: #602678)
diff --git a/debian/postrm b/debian/postrm
index 51bbc12..c189cb5 100644
--- a/debian/postrm
+++ b/debian/postrm
@@ -7,7 +7,7 @@ set -e
 
 case $1 in
 	purge)
-		for dir in /var/log/samhain/supervise /var/log/samhain /var/state/samhain
+		for dir in /var/log/samhain/supervise /var/log/samhain /var/state/samhain /var/run/samhain
 		do
 			[ -d $dir ]   {
 			 	find $dir -type f -exec rm -f {} \;
diff --git a/debian/rules b/debian/rules
index 083f6a9..a1a868a 100755
--- a/debian/rules
+++ b/debian/rules
@@ -11,17 +11,27 @@
 # This is the debhelper compatability version to use.
 # export DH_COMPAT=5
 
+# Disable dnmalloc for most architectures except for
+# those known to work (i386 and amd64).
+# For more information see:
+# http://www.la-samhna.de/samhain/manual/dnmalloc.html
 ifeq (linux,$(DEB_HOST_ARCH_OS))
-ifeq (ia64,$(DEB_HOST_ARCH))
-DNMALLOC = --disable-dnmalloc
-else ifeq (s390,$(DEB_HOST_ARCH))
+ifeq (amd64,$(DEB_HOST_ARCH))
+DNMALLOC = --enable-dnmalloc
+else ifeq (i386,$(DEB_HOST_ARCH))
+DNMALLOC = --enable-dnmalloc
+else
 DNMALLOC = --disable-dnmalloc
+endif
 else
+ifeq (amd64,$(DEB_HOST_ARCH))
+DNMALLOC = --enable-dnmalloc
+else ifeq (i386,$(DEB_HOST_ARCH))
 DNMALLOC = --enable-dnmalloc
-endif
 else
 DNMALLOC = --disable-dnmalloc
 endif
+endif
 
 build: build-stamp
 build-stamp:
@@ -100,6 +110,8 @@ binary-arch: build install
 	dh_installchangelogs docs/Changelog
 	dh_link
 	dh_strip
+	# Remove /var/run/samhain from the package, it is created by the init script
+	-rm -rf `pwd`/debian/samhain/var/run/samhain
 	dh_compress
 	dh_fixperms
 	dh_installdeb
diff --git a/debian/samhainrc b/debian/samhainrc
index 01724f4..992caac 100644
--- a/debian/samhainrc
+++ b/debian/samhainrc
@@ -591,11 +591,12 @@ SetMailNum = 10
 
 ## Recipient (max. 8)
 #
-SetMailAddress=root@localhost
+#SetMailAddress=root@localhost
+SetMailAddress=root
 
 ## Mail relay (IP address)
 #
-# SetMailRelay = NULL
+SetMailRelay = localhost
 
 ## Custom subject format
 #
diff --git a/sql_init/samhain.mysql.init~ b/sql_init/samhain.mysql.init~
deleted file mode 100644
index e6eb065..000
--- a/sql_init/samhain.mysql.init~
+++ /dev/null
@@ -1,95 +0,0 @@
-CREATE DATABASE samhain;
-USE mysql;
-INSERT INTO db (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv) VALUES ('localhost','samhain

Bug#736168: pu: package samhain/2.8.3a-1

[Javier Fernández-Sanguino Peña]

On Mon, Jan 20, 2014 at 08:57:48PM +, Adam D. Barratt wrote:
 Control: tags -1 + wheezy moreinfo
 
 On Mon, 2014-01-20 at 18:06 +0100, Javier Fernández-Sanguino Peña wrote:
  I have recently updated Samhain in sid and have fixed some important bugs.  
  As
  requested by DSA, since samhain is used in many project machines, I would 
  like
  to make an upload to the wheezy release including some of these fixes.
 
 Not that it's a blocker, but do you know if they're planning on testing
 the package once it's uploaded, before the point release?

I'd say yes.

DSA is actually willing test them right now, I've decided to approach you
instead of manually building the test packages myself.


 +samhain (2.8.3a-2) stable; urgency=medium
 
 In general we'd suggest 2.8.3a-1+deb7u1 here; -2 is okay as long as
 there's never been a package in the Debian archive with that version.

You are right. There's never been a 2.8.3a-2 package but I will use
2.8.3a-1+deb7u1 instead anyway.

 
 +  * Default samhainrc now uses SetMailAddress=root, SetMailRelay=localhost
 +since there have been reports of the previous confguration
 +(SetMailAddress=root@localhost, SetMailRelay=NULL) not working since
 +samhain tries to retrieve an MX record for 'localhost' from the DNS
 +(Closes: 709754)
 
 I think you meant #709753 here; #709754 is an erlang bug.

Yes, its #709753. Thanks for spotting this error. I will fix it in the
changelog.

 Is samhainrc generally customised by users? More specifically, is this
 likely to lead to conffile prompts for a majority of users on upgrade?

Some users might have changed the conffile to use the configuration above but
I cannot be certain. There might be conffile prompts for users but I think
the majority just runs with the standard configuration.

The benefit of the above is that the standard configuration will work for
everybody out of the box.

 
 diff --git a/sql_init/samhain.mysql.init~ b/sql_init/samhain.mysql.init~
 deleted file mode 100644
 diff --git a/sql_init/samhain.oracle.init~ b/sql_init/samhain.oracle.init~
 deleted file mode 100644
 diff --git a/sql_init/samhain.postgres.init~ b/sql_init/samhain.postgres.init~
 deleted file mode 100644
 
 I'm assuming these are cruft and thus intentionally removed from the
 package, but it would have been helpful to mention that (and preferably
 changelog it).

Yes, this is cruft. I will add to the changelog.

Regards

Javier


signature.asc
Description: Digital signature

Bug#733875: dnmalloc broken

[Javier Fernández-Sanguino Peña]

On Tue, Jan 14, 2014 at 03:28:17PM +0100, Bastian Blank wrote:
 Some debugging shows that dnmalloc is broken.  It is already disabled
 for ia64 and s390, so the maintainer obviously knows.  Please disable
 for _all_ architectures until this code is known to work.

I've disabled it for s390x just as I did for s390. Upstream currently lists
the following architectures as problematic:

The dnmalloc allocator doesn't work on: OpenBSD (problems with pthread
internals), Cygwin (also pthread internals), and 64bit FreeBSD. On 64bit
AIX, you need to compile as a 32bit application, or to forego dnmalloc.

This is from http://www.la-samhna.de/samhain/manual/dnmalloc.html

I will contact them in order to see if I can get a precise list of
architectures where it is known to work and adjust debian/rules accordingly.

Regards

Javier


signature.asc
Description: Digital signature

Bug#660197: samhain: Installation fails

[Javier Fernández-Sanguino Peña]

On Fri, Mar 09, 2012 at 03:20:10PM +0100, Gerfried Fuchs wrote:
  I had it hanging like this for two week's time, and tried again if I am
 able to reproduce it - it's absolutely reproducible. Doing this within a
 cowbuilder chroot on an i386 machine.
 
  So, things to reproduce it should be as simple as:
 
 $ sudo cowbuilder --create --basepath squeeze --distribution squeeze
 $ sudo cowbuilder --login --basepath squeeze
 # apt-get install samhain

Sorry for the delay with this.

It is true, samhain does not install in a chroot environment. But the fact
is: samhain does not seem to work *at all* if run within a chroot. The
'samhain -t init' call does not prosper because it gets stuck, for some
reason, when opening /dev/urandom from within a chroot.

But neither does it work if you just try to get the help (or version).

Either way, I cannot reproduce this behaviour *outside* of a chroot.

If you strace the running process you might see something like this:

jflicio:samhain$ ps -ef |grep samhain
root 17782 17663  0 00:51 pts/300:00:00 /usr/bin/dpkg --status-fd 13 
--configure libgpg-error0:i386 libgcrypt11:i386 libffi6:i386 libp11-kit0:i386 
libtasn1-3:i386 libgnutls26:i386 libltdl7:i386 libprelude2:i386 samhain:i386
root 17840 17782  0 00:51 pts/300:00:00 /usr/bin/perl -w 
/usr/share/debconf/frontend /var/lib/dpkg/info/samhain.postinst configure 
root 17843 17840  0 00:51 pts/300:00:00 /bin/sh -e 
/var/lib/dpkg/info/samhain.postinst configure 
root 17844 17843  0 00:51 pts/300:00:00 samhain -t init
jfs  17846  8685  0 00:51 pts/200:00:00 grep samhain
s@silicio:samhain$ sudo strace -f -p 17844
Process 17844 attached - interrupt to quit
futex(0xb77aa454, FUTEX_WAIT_PRIVATE, 2, NULL

I have attached a ltrace and strace of the samhain program within a chroot.
The problem seems to lie in the program initialisation code.

In summary: Please try to reproduce it within a *live* system, not a chroot.
Until I get that information this bug stays as 'unreproducible'

Regards

Javier
pthread_mutex_lock(0xb7751454, 0xb71f93c4, 0, 0) = 0
sysconf(30, 0xb768c000, 0xbffb3b84, 0xb71cf4c0)  = 4096
mmap64(0, 0x3000, 3, 98) = 0xb7661000
mprotect(0xb7661000, 4096, 0, 98)= 0
mprotect(0xb7663000, 4096, 0, 98)= 0
sysconf(30, 4096, 0, 98) = 4096
sysconf(30, 4096, 0, 98) = 4096
sysconf(30, 4096, 0, 98) = 4096
mmap64(0, 0x8002000, 3, 0x4062)  = 0xaf183000
sysconf(30, 0x8002000, 3, 0x4062)= 4096
mprotect(0xaf183000, 4096, 0, 0x4062)= 0
sysconf(30, 4096, 0, 0x4062) = 4096
sysconf(30, 4096, 0, 0x4062) = 4096
sysconf(30, 4096, 0, 0x4062) = 4096
sysconf(30, 4096, 0, 0x4062) = 4096
sysconf(30, 4096, 0, 0x4062) = 4096
mprotect(0xb7184000, 4096, 0, 0x4062)= 0
sbrk(0)  = 0xb8d3e000
sysconf(30, 4096, 0, 0x4062) = 4096
sysconf(30, 4096, 0, 0x4062) = 4096
sysconf(30, 0xb735d000, 0, 0xb72bf574)   = 4096
mmap64(0, 0xe2000, 3, 98)= 0xaf0a1000
sysconf(30, 0xe2000, 3, 98)  = 4096
mprotect(0xaf0a1000, 4096, 0, 98)= 0
sysconf(30, 4096, 0, 98) = 4096
sysconf(30, 4096, 0, 98) = 4096
mprotect(0xaf182000, 4096, 0, 98)= 0
sysconf(30, 4096, 0, 0x4062) = 4096
gettimeofday(0xbffb39ac, 0)  = 0
sched_yield(0xbffb39ac, 0, 0xb768ef87, 0xb73632c8) = 0
open64(/dev/urandom, 0, 026732167607 unfinished ...
pthread_mutex_lock(0xb7751454, 1, 0, 0xb737c041execve(/usr/sbin/samhain, [samhain], [/* 29 vars */]) = 0
brk(0)  = 0xb7ffd000
access(/etc/ld.so.nohwcap, F_OK)  = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0xb766b000
open(/usr/lib/cowdancer/libcowdancer.so, O_RDONLY|O_CLOEXEC) = 3
read(3, 
\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\16\0\0004\0\0\0..., 512) 
= 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=14544, ...}) = 0
mmap2(NULL, 17488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 
0xb7666000
mmap2(0xb766a000, 4096, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0xb766a000
close(3)= 0
access(/etc/ld.so.preload, R_OK)  = -1 ENOENT (No such file or directory)
open(/etc/ld.so.cache, O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=10201, ...}) = 0
mmap2(NULL, 10201, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7663000
close(3)= 0
access(/etc/ld.so.nohwcap, F_OK)  = -1 ENOENT (No such file or directory)
open(/lib/i386-linux-gnu/libz.so.1, O_RDONLY|O_CLOEXEC) = 3
read(3, 

Bug#734775: tiger: nologin path incorrect in three scripts for debian use

[Javier Fernández-Sanguino Peña]

tag 734775 upstream pending
thanks

On Thu, Jan 09, 2014 at 01:41:00PM -0500, Ian Bolton wrote:
 Package: tiger
 Version: 1:3.2.3-11
 Severity: normal
 
 Dear Maintainer,
 The nologin path should be /usr/sbin/nologin for these three instances:
(...)

You are correct, I have committed a fix for this issue in Tiger's GIT
repository (see attached file).

I will update the package with the latest upstream version as soon as
possible.

Regards

Javier
diff --git a/scripts/check_anonftp b/scripts/check_anonftp
index bf881c5..75fb163 100755
--- a/scripts/check_anonftp
+++ b/scripts/check_anonftp
@@ -17,6 +17,8 @@
 #
 # check_anonftp - 06/14/93
 #
+# 01/09/2013 jfs Added /usr/sbin/nologin to list of valid nologin shells
+#   (Debian bug #734775)
 # 08/31/2005 jfs Changed GROUPC to GROUPSS
 # 06/28/2004 jfs Avoid duplicates for $ftphome
 # 01/13/2004 rbrad Cleanup noise and add additional check to check_anonftp.
@@ -161,7 +163,7 @@ haveallcmds GETUSERHOME  {
   # Does the ftp user have a valid shell?
   shell=`echo $ftp_pwentry | $CUT -d: -f7`
   case $shell in
-/bin/false|/usr/bin/false|/sbin/nologin)
+/bin/false|/usr/bin/false|/sbin/nologin|/usr/sbin/nologin)
   ;;
 
 *)
diff --git a/scripts/check_network b/scripts/check_network
index e76dc2d..2645b76 100755
--- a/scripts/check_network
+++ b/scripts/check_network
@@ -339,7 +339,7 @@ sub check_ftpd {
   close(PASS);
   return unless ($name);
   return unless ($shell);
-  if (( $shell ne '/bin/false' ) || ( $shell ne '/sbin/nologin' )) {
+  if (( $shell ne '/bin/false' ) || ( $shell ne '/sbin/nologin' ) || ( $shell ne '/usr/sbin/nologin' ) ) {
 Fail('netw018f',Anon ftp user $name has valid shell of $shell);
   }
 
diff --git a/scripts/check_passwd b/scripts/check_passwd
index 9b58e72..1fc6b6b 100755
--- a/scripts/check_passwd
+++ b/scripts/check_passwd
@@ -55,6 +55,8 @@
 #Add /bin/true as valid shell as well as Solaris shells
 # 05/20/2006 jfs Add quotation marks to Tiger_Admin_Accounts to prevent
 #errors if empty (Debian bug #342181)
+# 01/09/2013 jfs Added /usr/sbin/nologin to list of valid nologin shells
+#   (Debian bug #734775)
 #
 #-
 # TODO:
@@ -168,7 +170,7 @@ check_passwd_entries()
 # TODO: The hardcoded list of shells could be user defined 
 # (i.e. in tigerrc)
 eval case \$shell\ in
-  /bin/false|/usr/bin/false|/dev/null|/sbin/nologin|/bin/true)
+  /bin/false|/usr/bin/false|/dev/null|/sbin/nologin|/bin/true|/usr/sbin/nologin)
  ;;
   $shcase)
  [ \$hash\ = \* ]  {


signature.asc
Description: Digital signature

Bug#734274: project-history: Fix dead links to Debian counting site and typo

[Javier Fernández-Sanguino Peña]

tag 734274 pending
thanks

I've applied the patch (available now in SVN revision 10353).

The fix should be available in the next upload of the project-history
package and should be available in the website in the next rebuild.

Thanks!

Javier


signature.asc
Description: Digital signature

Bug#731316: e2undel is obsolete and should be removed

[Javier Fernández-Sanguino Peña]

reassign 731316 ftp.debian.org
retitle 731316  RM: e2undle -- RoM; abandoned-upstream
thanks

On Wed, Dec 04, 2013 at 10:07:02AM +0200, Adrian Bunk wrote:
 If you agree that the e2undel should be removed, please reassign
 this bug as a removal request to ftp.debian.org.

As suggested, I'm reassinging this bug to ftp.debian.org and asking for the
removal of e2undel. This package has been superceeded and is no needed in
Debian any longer.

Regards

Javier



signature.asc
Description: Digital signature

Bug#729783: network-manager: Add network connectivy test using http://network-test.debian.org/nm

[Javier Fernández-Sanguino Peña]

Package: network-manager
Version: 0.9.8.0-5
Severity: wishlist

Dear Network Manager maintainers,

I've recently asked our DSA team to create a new network-test.debian.org
service (See [rt.debian.org #4756) to be able to script tests of network
connectivity with a stable service.

Originally I intended this service to improve the 'network-test' script in the
ifupdown-extra package, however, in light of the new Network-Manager capability
to check connectivity status, I think it can be useful for network-manager
users too.

The service is now running and it is a static Virtual Host distributed along
several Debian-managed machines with IPv4 and IPv6 connectivity.

Specifically for Network-Manager, based on NetworkManager.conf(5), I've setup a
URL for network connectivity tests which is now alive and running as you can 
see here:


$ echo -e GET /nm HTTP/1.1\r\nHost: network-test.debian.org\r\nConnection: 
close\r\n\r\n | nc network-test.debian.org 80
HTTP/1.1 200 OK
Date: Sun, 17 Nov 2013 10:52:46 GMT
Server: Apache
Last-Modified: Sat, 16 Nov 2013 16:28:43 GMT
ETag: 1019d211-19-4eb4dcee584c0
Accept-Ranges: bytes
Content-Length: 25
X-NetworkManager-Status: online
Connection: close
Content-Type: text/plain

NetworkManager is online


I would appreciate if you would consider:

a) testing this service and see if it suits Network-Manager's requirements
b) changin Network-Manager in order to add the following when creating a new 
managed connection:

--
[connectivity]
uri=http://network-test.debian.org/nm
--

That way, when our Debian users setup a network connection they can test that
it has full end-to-end connectivity and will be able to detect the following
situations:

- systems connected to cable connections which receive an DHCP assignment but
  are not fully connected to the Internet - as is the case with corporate
  connections which have network firewalls in place which require the use of
  network proxies for Internet access

- systems connected to hotspots using WiFi which can connect and get a
  DHCP assignment but are forced to go through a captive portal before Internet
  access is granted (common use case for public/hotel WiFi hotspots) 

Please let me know if you need help in implementing the above changes. I'm not
familiar enough with Network-Managers' codebase to produce a patch, but could
try to work on it if assistance is needed.


Best regards

Javier



-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.10-3-686-pae (SMP w/4 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages network-manager depends on:
ii  adduser3.113+nmu3
ii  dbus   1.6.14-1
ii  dpkg   1.17.1
ii  isc-dhcp-client4.2.4-7
ii  libc6  2.17-93
ii  libdbus-1-31.6.14-1
ii  libdbus-glib-1-2   0.100.2-1
ii  libgcrypt111.5.3-2
ii  libglib2.0-0   2.36.4-1
ii  libgnutls262.12.23-7
ii  libgudev-1.0-0 204-5
ii  libnl-3-2003.2.21-1
ii  libnl-genl-3-200   3.2.21-1
ii  libnl-route-3-200  3.2.21-1
ii  libnm-glib40.9.8.0-5
ii  libnm-util20.9.8.0-5
ii  libpolkit-gobject-1-0  0.105-3
ii  libuuid1   2.20.1-5.5
ii  lsb-base   4.1+Debian12
ii  udev   204-5
ii  wpasupplicant  1.0-3+b1

Versions of packages network-manager recommends:
ii  crda  1.1.2-1
ii  dnsmasq-base  2.66-4
ii  iptables  1.4.20-2
ii  modemmanager  0.5.2.0-2
ii  policykit-1   0.105-3
ii  ppp   2.4.5-5.2

Versions of packages network-manager suggests:
pn  avahi-autoipd  none

-- Configuration Files:
/etc/polkit-1/localauthority/10-vendor.d/org.freedesktop.NetworkManager.pkla 
[Errno 13] Permiso denegado: 
u'/etc/polkit-1/localauthority/10-vendor.d/org.freedesktop.NetworkManager.pkla'

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#728654: scratch: locale files are not installed in standard location

[Javier Fernández-Sanguino Peña]

Package: scratch
Version: 1.4.0.6~dfsg1-5
Severity: normal


Scratch locale files are located under /usr/share/scratch/locale/. This is not
the proper location for locale files (/usr/share/locale).

There is no major harm in placing them there, but being a non-standard location
makes it impossible for some packages (such as localepurge) to work their magic
so that locales that are *not* useful for the installed system are removed.

Please help system administrators claim back useless disk space ( == useless
locales) by installing Scratch locales in the proper system location.



-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.10-3-686-pae (SMP w/4 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages scratch depends on:
ii  libgtk2.0-bin   2.24.21-1
ii  shared-mime-info1.0-1+b1
ii  squeak-plugins-scratch  1.4.0.2~svn.r83-2
ii  squeak-vm   1:4.10.2.2614-1

scratch recommends no packages.

Versions of packages scratch suggests:
ii  pulseaudio  4.0-6+b1

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#661591: Does not apply to ifupdown-extra

[Javier Fernández-Sanguino Peña]

Control: affects 661591 - ifmetric

I have reviewed the ifupdown-extra scripts and they exit with 0 for success
and 1 on error.

The exit on error is only done on some specific cases (when the user has
asked it this way) so the scripts should not have any issues with ifupdown
now using run-parts.

Regards

Javier


signature.asc
Description: Digital signature

Bug#710303: debian-faq: [INTL:ru] Russian documentation translation update

[Javier Fernández-Sanguino Peña]

tag 710303 pending
thanks

 Russian documentation translation update is attached.

Thanks. I've updated the DDP SVN and included your translation. It will be
made available in the next package upload.

Regards

Javier


signature.asc
Description: Digital signature

Bug#548336: restart gnome on squeeze2wheezy upgrades?

[Javier Fernández-Sanguino Peña]

On Mon, Apr 29, 2013 at 03:00:57PM +0200, Michael Biebl wrote:
 A restart of your desktop session is definitely desirable after a
 squeeze - wheezy dist-upgrade.

Could you please provide some sample text, or should we run with the text
that was present in the Squeeze Release Notes?

 I even think we should advice users to *not* upgrade from within a
 running X/GNOME session but from the console.

This is already described in the Release Notes, see the Important note in 
section 4.1.5. Prepare a
safe environment for the upgrade: 

You should *not* upgrade using telnet, rlogin, rsh, or from an X session
managed by xdm, gdm or kdm etc on the machine you are upgrading. ()


Regards

Javier


signature.asc
Description: Digital signature

Bug#420380: harden-doc: FAIL_DELAY and PASS_MAX_LEN are obsoleted by PAM

[Javier Fernández-Sanguino Peña]

tag 420380 pending
thanks

On Wed, May 20, 2009 at 11:09:56PM +0200, Francesco Poli wrote:
 On Sun, 22 Apr 2007 00:38:05 +0200 Francesco Poli wrote:
 
 [...]
  Section 4.11.3 _User login actions: edit /etc/login.defs_ talks
  about FAIL_DELAY and PASS_MAX_LEN.
  However, according to /etc/login.defs itself, these two parameters
  are now obsoleted by PAM.
 
 Any progress on this bug?

I've done some progress today, in SVN. See
http://anonscm.debian.org/viewvc/ddp/manuals/trunk/securing-howto/en/after-install.sgml?view=log

 I really think this subsection should be updated, but I am not sure
 how (because I don't know how those obsolete suggestions should be
 translated for current Debian systems).

I have hopefully removed the obsolete information, if you can review this
information I would appreciate it.

This bug will be closed in the next upload of the harden-doc package.

Regards

Javier


signature.asc
Description: Digital signature

Bug#692631: non-free files in upstream tarball (The Software shall be used for Good, not Evil)

[Javier Fernández-Sanguino Peña]

merge 692071 692631
thanks

On Wed, Nov 07, 2012 at 11:20:33PM +0100, Ansgar Burchardt wrote:
 The upstream tarball contains files under the non-free JSON license:

This has already been reported. I'm merging this bug.

Regards

Javier


signature.asc
Description: Digital signature

Bug#692071: storymaps: includes non-free files (src/org/json/*)

[Javier Fernández-Sanguino Peña]

On Thu, Nov 01, 2012 at 11:08:32PM +0100, Francesco Poli (wintermute) wrote:
 Hello Javier,
 it seems to me [1] that storymaps includes non-free files
 (src/org/json/*) released under the JSON license [2].

Yes, it does.
  (B) replace src/org/json/* files with a DFSG-free and GPL-compatible
  equivalent, if any is available (tools/jsmin.py from libv8, which
  is under a GPL-compatible 3-clause-BSD license, was mentioned [3]
  during the debian-legal discussion, but maybe it's a completely
  different thing...)

Searching a little bit I've found Gson, which is a JSON implementation for
Java using the Apache license. It is available here:
http://code.google.com/p/google-gson/

Doing a cursory review Gson provides a JSON array implementation in Java,
which is what Storymaps actually uses. So it could be an alternative for
replacing Douglas' JSON. 

I will try to test replacing it and see where that takes me.

  (C) remove src/org/json/* files by repacking the orig.tar.gz upstream
  source archive, as long as storymaps is able to still be
  significantly useful without those files...

No, storymaps cannot work without the JSON implementation.

  (D) move the package to the non-free archive

This is probably what I will do in the short-term, however, as modifying and
testing the code might take some time (if it works at all)

Regards

Javier


signature.asc
Description: Digital signature

Bug#691275: cron: symlink races in crontab

[Javier Fernández-Sanguino Peña]

tags 691275 moreinfo 
thanks

On Tue, Oct 23, 2012 at 09:28:05PM +0200, Jann Horn wrote:
 Debian's crontab contains multiple symlink races. If
 crontab was setuid root (which I think it normally is), this could be used
 to e.g. wipe directories (vulnerable code is in cleanup_tmp_crontab) or for
 other attacks. However, as it is only setgid crontab on debian, the only
 attack this can be used for is to block cron access for a user named
 crontab by invoking crontab -e and replacing the
 folder in /tmp with a symlink before crontab creates the file crontab
 inside the folder. The code vulnerable to this attack is in
 create_tmp_crontab.

Could you please detail where do you see the symlink races or show, at least, a
proof of concept of the symlink race in action and how can I reproduce this
bug?

Reviewing the code: the directory used in cleanup_tmp_crontab is actually 
defined in
create_tmp_crontab using mkdtemp(). Mkdtemp ensures that the directory
created is both unique as well as restricted to the user running it.

This means that, as far as I know, any files created within that directory (and 
removed
afterwards) should be safe. This includes the unlink() codes in
cleanup_tmp_crontab, as well as the rmdir() call there.

Best regards

Javier



signature.asc
Description: Digital signature

Bug#690791: building from source an inconvenient process

[Javier Fernández-Sanguino Peña]

retitl 690791 doc-debian: Should include text sources in package
thanks

On Wed, Oct 17, 2012 at 06:11:03PM +0200, Thijs Kinkhorst wrote:
 Package: doc-debian
 Version: 4.0.2
 Severity: important

 Building this package from source requires one to have a webwml
 checkout in a specific hardcoded filesystem location.

Yes, this is true. However, this issues is not severity important, as it only
affects package *rebuild* not package *use*. 

 Also, the source package does not really contain the sources
 as these are pulled in from the checkout at build time.

This is something that should be fixed. Since the package should include the
sources.

 Probably a good solution would be to move the code that
 collects the files into a get-orig-source rules target.

This is a good idea. I will change debian/rules to do this and also change it
so it does not remove the wml files when cleaning.

Best regards

Javier


signature.asc
Description: Digital signature

Bug#690655: RM: openvas2 [wheezy] -- RoM; abandoned-upstream

[Javier Fernández-Sanguino Peña]

Package: release.debian.org
Version: N/A
Priority: grave
Tags: rm

I would like to request the Release Managers to remove *all* of the OpenVAS
2.x packages from the current testing distribution. This includes the
following packages:

- libopenvas2 /  libopenvas2-dev (version 2.0.4-2.1)
- libopenvasnasl2 / libopenvasnasl2-dev (version 2.0.2-2.1)
- openvas-client (version 2.0.5-1.1)
- openvas-plugins-base / openvas-plugins-dfsg (version 1:20100705-2)
- openvas-server / openvas-server-dev (version 2.0.3-6)

In addition, please also remove the following package:

 - harden-remoteaudit: it depends on openvas-server (I have sent 
   a bug to the package to update this dependency)

Support for OpenVAS 2 was discontinued last year [2]. Providing
OpenVAS 2 to our Debian 'stable' users in our upcoming release is not
really a good idea. Even though the scanner/client works 'as it is',
users will not be able to download new plugins for this release from
the OpenVAs servers and it will not be possible for them to find
recent vulnerabilities in hosts they scan.

For the last  2 years I have provided experimental versions of OpenVAS
3, which seem to have not received to much attention from users. In
any case since that version is also going to be discontinued upstream.
Since the latest OpenVAS release is version 5 [1]  (released May this
year) I will work towards providing OpenVAS 5 in our unstable
distribution. And, once available, will try to make backports
available for Wheezy too.

Removing the OpenVAS 2 packages from testing simplifies handling
upgrades to the newer version and also installations of the backports
of OpenVAS 5 packages in Wheezy.

Regards

Javier


signature.asc
Description: Digital signature

Bug#690656: harden-remoteaudit: Please remove dependency on openvas-server

[Javier Fernández-Sanguino Peña]

Package: harden-remoteaudit
Version: 0.1.38
Tags: important

Harden-remoteaudit currently depends on the packages for the OpenVAS2 scanner
(openvas-server). This package is being replaces by openvas-scanner, which
is the new name of this package since the OpenVAS 3 release.

This dependency prevents the package from being removed from Wheezy something
which, as its maintainer, I would like to do. This is because support for
OpenVAS 2 was discontinued last year [1] and providing
OpenVAS 2 to our Debian 'stable' users in our upcoming release is not
really a good idea.

Since harden-remoteaudit does not Depend: on any other package, an
alternative to make it possible to remove the openvas-server package from
Wheezy would be to change the Depends: into a Suggests: and, in addition,
change it from 'openvas-server' to 'openvas-scanner | openvas-server'.

Once the openvas-scanner is moved from experimental to unstable you could, if
desired, change the Suggests: back into a Depends: 

Thanks for your co-operation,

Javier

[1]
http://lists.wald.intevation.org/pipermail/openvas-announce/2011-June/000127.html



signature.asc
Description: Digital signature

Bug#690657: harden-remoteaudit: Outdated mention to Nessus in the description (update for OpenVAS)

[Javier Fernández-Sanguino Peña]

Package: harden-remoteaudit
Version: 0.1.38
Priority: normal

The current description of the harden-remoteaudit package says:

  Nessus note: You have to have the nessus client installed on some host. The
  client is provided by the 'nessus' package. You can install it on the same
  host but that is not necessary.

Since the package does not Depend/Suggest on anything related to Nessus that
paragraph does not make sense to me. If you want to update it for OpenVAS I
suggest using the following:

  OpenVAS note: You have to have an OpenVAS client or installed on some system
  in order to launch scans. Some of the available clients are provided by the
  openvas-administrator, openvas-client, and openvas-cli packages. You can
  install any of them in the same host, but it is not a requirement.

Best regards


Javier


signature.asc
Description: Digital signature

Bug#683424: Patch describing Multiarch

[Javier Fernández-Sanguino Peña]

tag 683424 pending
thanks

On Sat, Oct 13, 2012 at 02:24:37PM +0200, Thijs Kinkhorst wrote:
  We need some introduction to multi-arch.
 
 Attached patch adds a basic introduction to Multiarch in the What's new
 section, referring to the HOWTO for extended information for those who
(...)
 Perhaps more could be improved, but this patch should at least satisfy a
 large number of common cases. Please apply.

Thanks, I have applied this patch to the sources.

Regards

Javier


signature.asc
Description: Digital signature

Bug#688923: mathematica-fonts: [INTL:es] spanish translation

[Javier Fernández-Sanguino Peña]

On Fri, Sep 28, 2012 at 10:32:26AM +0900, Atsuhito Kohda wrote:
 I'll wait for a new update.  Thanks for your contribution.

I've reviewed the translation that Rafael sent and I've found a number of
mistakes in it. The main mistake is the translation of font in the
translation sent by him which is not consisten with the proper translation of
font in Spanish (he uses fuentes and even leaves it unstralated in one
msgid and uses fonts) and with the translation used in the translated
msgids by Francisco Javier.

After a review, I attach you an updated file. 

Please replace the existing es.po file in your package with this file to fix
the errors outlined above.

Thanks

Javier
# mathematica-fonts po-debconf translation to Spanish
# Copyright (C) 2009 Software in the Public Interest
# This file is distributed under the same license as the mathematica-fonts 
package.
#
# Changes:
#   - Initial translation
#   Francisco Javier Cuadrado fcocuadr...@gmail.com, 2009
#   - Translation update and review
#   Rafael Ernesto Rivas t...@debian.org.sv, 2012.
#   Javier Fernández-Sanguino j...@debian.org, 2012
#
# Traductores, si no conocen el formato PO, merece la pena leer la
# documentación de gettext, especialmente las secciones dedicadas a este
# formato, por ejemplo ejecutando:
#   info -n '(gettext)PO Files'
#   info -n '(gettext)Header Entry'
#
# Equipo de traducción al español, por favor, lean antes de traducir
# los siguientes documentos:
#
#   - El proyecto de traducción de Debian al español
# http://www.debian.org/intl/spanish/
# especialmente las notas de traducción en
# http://www.debian.org/intl/spanish/notas
#
#   - La guía de traducción de po's de debconf:
# /usr/share/doc/po-debconf/README-trans
# o http://www.debian.org/intl/l10n/po-debconf/README-trans
#
msgid 
msgstr 
Project-Id-Version: mathematica-fonts 0.1\n
Report-Msgid-Bugs-To: mathematica-fo...@packages.debian.org\n
POT-Creation-Date: 2012-09-07 18:02-0400\n
PO-Revision-Date: 2012-09-27 02:12+0200\n
Last-Translator: Javier Fernández-Sanguino j...@debian.org\n
Language-Team: Debian l10n Spanish debian-l10n-span...@lists.debian.org\n
Language: es\n
MIME-Version: 1.0\n
Content-Type: text/plain; charset=UTF-8\n
Content-Transfer-Encoding: 8bit\n
X-POFile-SpellExtra: http WRI Mathematica Research proxy Proxy Inc Wolfram\n

#. Type: string
#. Description
#: ../templates:2001
msgid HTTP proxy to use:
msgstr Proxy HTTP a utilizar:

#. Type: string
#. Description
#: ../templates:2001
msgid 
If you need to use a proxy server, please enter it here (example: 
http://192.168.0.1:8080). This will cause the font file to be downloaded 
through the proxy.
msgstr 
Si necesita utilizar un servidor proxy, introdúzcalo aquí (por ejemplo: 
http://192.168.0.1:8080). Esto provocará que los archivos de las tipografías 
se descarguen utilizando dicho proxy.

#. Type: string
#. Description
#: ../templates:2001
msgid Leave this field blank if you don't use a proxy server.
msgstr Deje este campo en blanco si no quiere utilizar un servidor proxy.

#. Type: note
#. Description
#. This debconf note displays the original license of fonts
#. The license terms themselves are not translatable, which explains
#. that translators do not see them in the PO files
#: ../templates:3001
msgid License for Mathematica fonts
msgstr Licencia de las tipografías de Mathematica

#. Type: note
#. Description
#: ../templates:3001
msgid 
Read this agreement carefully before proceeding. It is an agreement between 
Wolfram Research, Inc. (\WRI\) and you. Acceptance of its terms creates a 
binding contract between you and WRI. By downloading the fonts below, you 
are accepting the terms of this agreement.
msgstr 
Lea cuidadosamente este acuerdo antes de continuar. Se trata de un acuerdo 
entre la empresa Wolfram Research, Inc. (WRI) y usted. La aceptación de los 
términos de este acuerdo crea un contrato vinculante entre usted y la WRI. 
Usted está aceptando los términos de este acuerdo al descargar las 
tipografías indicadas más abajo.

#. Type: boolean
#. Description
#: ../templates:4001
msgid Do you accept the license of Mathematica fonts?
msgstr ¿Acepta la licencia de las tipografías de Mathematica?

#. Type: boolean
#. Description
#: ../templates:4001
msgid 
In order to install this package, you must accept its license terms. Not 
accepting will cancel the installation.
msgstr 
Debe aceptar los términos de la licencia para poder instalar este paquete. 
Si no los acepta se cancelará la instalación.


signature.asc
Description: Digital signature

Bug#688808: debian-goodies: checkrestart incorrectly ignores util-linux (getty)

[Javier Fernández-Sanguino Peña]

On Tue, Sep 25, 2012 at 10:17:02PM +0200, Francesco Poli (wintermute) wrote:
 The attached patch (which I think is so trivial that it is not
 copyrighted) fixes the issue for me:

Thanks for the patch, I'll review it and include it in the package.


Regards

Javier


signature.asc
Description: Digital signature

Bug#680303: snort-rules-default: ip-based rules in community-sip.rules are wrong

[Javier Fernández-Sanguino Peña]

On Wed, Jul 04, 2012 at 10:46:37PM +0200, Robert Kehl wrote:
 The rules in community-sip.rules that use ip any any - any are wrong in
 my stumbling understanding of snort's rule syntax, as they trigger in every
 case the content is involved, regardless of the port 5060 mentioned.

Thanks for your report. Googling this actually seems to be a common problem
to some Snort users, see for example:

https://groups.google.com/forum/#!msg/snortusers/hPX_WRjTUWY/eZckB3C00U8J[1-25]
https://www.alienvault.com/forum/index.php?t=msggoto=5575S=cd14599b5bf0cd872c3643f18b7a53a9
https://www.alienvault.com/forum/index.php?t=msggoto=3448S=edb2a35e5f434a528c4e6bb2448226a7

 Especially the rule COMMUNITY SIP TCP/IP message flooding directed to SIP
 proxy triggers very often, being a false positive then, as it does not
 limit regarding the content of a packet in any way.

These rules are very out of dated and are only provided as a reference for
users. The default snort.conf configuration in Debian does not include this
file anymore.

In any case, to prevent users from shooting themselves in the foot I'm 
modifying the file as distributed in Debian to comment out the rules and add 
a warning, so that users enable it at their own risk

 
 Having disabled the questioned rules, snort behaves as expected,
 beforehand, I got hundreds of false positives covering the real attacks.
 
 I think, a rule like this is wrong:
 
   alert ip any any - any 5060
 
 It acutally behaves like this one:
 
   alert ip any any - any
 
 This results in numerous warnings on heavily used connections like an
 OpenVPN connection (in my case).

I believe this is probably because the rule should use 'tcp' or 'udp' instead 
of IP.

 Despite the fact that most of the rules are heavily out-dated, but still
 better than none, you should consider boiling down community-sip.rules to
 the set below or kicking it completely. I'd suggest the latter, as I'm not
 sure wether the remaining rules are correct, either. Implementing a recent
 ET ruleset would improve the usage of snort on Debian, for sure, but this
 is out of scope of this bug report.

As said before, I'm commenting it out completely and adding a warning for
users.

Regards

Javier



signature.asc
Description: Digital signature

Bug#677810: snort: white/blacklist

[Javier Fernández-Sanguino Peña]

On Tue, Jul 31, 2012 at 04:23:52PM +0800, Jim Barber wrote:
 I have also encountered this problem when installing snort for the first time 
 on a freshly installed Debian host.
 
 To get the package to configure I did the following steps:
(...)

Thank you (and the other reports) for the additional information.

Since the preprocessor which uses this white/black list is experimental I'm
actually going to disable it in the next Snort release. For the benefit of
the users that want to enable it. I'm going to change the relative paths to
absolute paths so this (upstream) bug does not trigger here.

Regards

Javier


signature.asc
Description: Digital signature

Bug#684237: oinkmaster: bleeding Snort is not available anymore

[Javier Fernández-Sanguino Peña]

Package: oinkmaster
Version: 2.0-3
Priority: wishlist

In addition to the Bleeding Snort, there are additional rules for Snort
available at http://www.emergingthreats.net/ which could be incorporated
in the package.

Regards

Javier


signature.asc
Description: Digital signature

Bug#682559: tomoyo-tools: [INTL:es] spanish translation

[Javier Fernández-Sanguino Peña]

On Mon, Jul 23, 2012 at 01:24:19PM -0600, Christian PERRIER wrote:
 Same than fs2ram. The translation corresponds to the unreviewed
 templates.
 
 Here's the file after syncing it with the reviewed templates.

Attached is the reviewed file after the sync.

Regards

Javier
# tomoyo-tools po-debconf translation to Spanish
# Copyright (C) 2012 Software in the Public Interest, SPI Inc.
# This file is distributed under the same license as the tomoyo-tools package.
#
# Changes:
# - Initial translation
#   Javier Fernández-Sanguino j...@debian.org, 2012
# - Revision
#   Camaleón noela...@gmail.com, 2012
#
#
#  Traductores, si no conoce el formato PO, merece la pena leer la 
#  documentación de gettext, especialmente las secciones dedicadas a este
#  formato, por ejemplo ejecutando:
# info -n '(gettext)PO Files'
# info -n '(gettext)Header Entry'
#
# Equipo de traducción al español, por favor lean antes de traducir
# los siguientes documentos:
#
# - El proyecto de traducción de Debian al español
#   http://www.debian.org/intl/spanish/
#   especialmente las notas y normas de traducción en
#   http://www.debian.org/intl/spanish/notas
#
# - La guía de traducción de po's de debconf:
#   /usr/share/doc/po-debconf/README-trans
#   o http://www.debian.org/intl/l10n/po-debconf/README-trans
#
# Si tiene dudas o consultas sobre esta traducción consulte con el último
# traductor (campo Last-Translator) y ponga en copia a la lista de
# traducción de Debian al español (debian-l10n-span...@lists.debian.org)
#
msgid 
msgstr 
Project-Id-Version: tomoyo-tools\n
Report-Msgid-Bugs-To: tomoyo-to...@packages.debian.org\n
POT-Creation-Date: 2012-07-17 19:17-0600\n
PO-Revision-Date: 2012-07-23 22:29+0200\n
Last-Translator: Javier Fernández-Sanguino j...@debian.org\n
Language-Team: Debian Spanish debian-l10n-span...@lists.debian.org\n
Language: es\n
MIME-Version: 1.0\n
Content-Type: text/plain; charset=UTF-8\n
Content-Transfer-Encoding: 8bit\n
X-POFile-SpellExtra: grub default Tomoyo update GRUBCMDLINELINUX tomoyo\n
X-POFile-SpellExtra: security\n

#. Type: boolean
#. Description
#: ../tomoyo-tools.templates:2001
msgid Enable TOMOYO Linux at boot time?
msgstr ¿Desea habilitar TOMOYO Linux en el arranque?

#. Type: boolean
#. Description
#: ../tomoyo-tools.templates:2001
msgid 
Enabling TOMOYO Linux functionality in the running kernel requires an 
appropriate kernel command line at boot time. This can be configured by 
setting GRUB_CMDLINE_LINUX=\security=tomoyo\ in /etc/default/grub and 
running grub-update.
msgstr Para habilitar la funcionalidad de TOMOYO para Linux es necesario 
configurar la opción correcta de la línea de órdenes del núcleo en el momento 
del arranque. Esto puede realizarse definiendo 
«GRUB_CMDLINE_LINUX=\security=tomoyo\» en «/etc/default/grub» y ejecutar 
«grub-update».

#. Type: boolean
#. Description
#: ../tomoyo-tools.templates:2001
msgid 
If you accept here, these actions will be performed automatically and TOMOYO 
Linux will be enabled at next boot.
msgstr Si acepta ahora, estas acciones se harán de forma automática y TOMOYO 
para Linux quedará habilitado automáticamente en el siguiente arranque.

#~ msgid 
#~ To enable Tomoyo, you should set GRUB_CMDLINE_LINUX=\security=tomoyo\ 
#~ in /etc/default/grub and run grub-update to use it with your Linux kernel 
#~ in next boot time. This config will enable it automatically.
#~ msgstr Para habilitar Tomoyo debe definir 
«GRUB_CMDLINE_LINUX=\security=tomoyo\» en «/etc/default/grub» y ejecutar 
«grub-update» de forma que se use en su núcleo de Linux en el próximo arranque. 
Este programa de configuración lo habilitará automáticamente si así lo desea.

#~ msgid 
#~ If you would not accept it, you should set it by your own hand later.
#~ msgstr 
#~ Si no desea hacerlo ahora, debería configurarlo manualmente más adelante.


signature.asc
Description: Digital signature

Bug#682558: fs2ram: [INTL:es] New spanish translation

[Javier Fernández-Sanguino Peña]

On Mon, Jul 23, 2012 at 01:20:43PM -0600, Christian PERRIER wrote:
 Well, your translation, Javier, corresponds to the templates in the
 archive. However, they have been reviewed and therefore changed.

The review here was really minor (some double spaces and minor wording). So
the update was easy.

 Here is the resynced PO file.

Updated again.

Regards

Javier
# fs2ram po-debconf translation to Spanish
# Copyright (C) 2012 Software in the Public Interest, SPI Inc.
# This file is distributed under the same license as the fs2ram package.
#
# Changes:
# - Initial translation
#   Javier Fernández-Sanguino j...@debian.org , 2012
#
#
#  Traductores, si no conoce el formato PO, merece la pena leer la 
#  documentación de gettext, especialmente las secciones dedicadas a este
#  formato, por ejemplo ejecutando:
# info -n '(gettext)PO Files'
# info -n '(gettext)Header Entry'
#
# Equipo de traducción al español, por favor lean antes de traducir
# los siguientes documentos:
#
# - El proyecto de traducción de Debian al español
#   http://www.debian.org/intl/spanish/
#   especialmente las notas y normas de traducción en
#   http://www.debian.org/intl/spanish/notas
#
# - La guía de traducción de po's de debconf:
#   /usr/share/doc/po-debconf/README-trans
#   o http://www.debian.org/intl/l10n/po-debconf/README-trans
#
# Si tiene dudas o consultas sobre esta traducción consulte con el último
# traductor (campo Last-Translator) y ponga en copia a la lista de
# traducción de Debian al español (debian-l10n-span...@lists.debian.org)
msgid 
msgstr 
Project-Id-Version: fs2ram\n
Report-Msgid-Bugs-To: fs2...@packages.debian.org\n
POT-Creation-Date: 2012-07-11 08:07-0600\n
PO-Revision-Date: 2012-07-23 22:23+0200\n
Last-Translator: Javier Fernández-Sanguino j...@debian.org\n
Language-Team: Debian Spanish debian-l10n-span...@lists.debian.org\n
Language: es\n
MIME-Version: 1.0\n
Content-Type: text/plain; charset=UTF-8\n
Content-Transfer-Encoding: 8bit\n
X-POFile-SpellExtra: tmp fs log lock ram reinicios var tmpfs\n

#. Type: select
#. Choices
#: ../templates:2001
msgid Content-preserving
msgstr Preservando contenido

#. Type: select
#. Choices
#: ../templates:2001
msgid Structure-preserving
msgstr Preservando estructura

#. Type: select
#. Choices
#: ../templates:2001
msgid Unconfigured
msgstr No configurado

#. Type: select
#. Description
#: ../templates:2002
msgid Configuration for fs2ram:
msgstr Configuración para fs2ram:

#. Type: select
#. Description
#: ../templates:2002
msgid Please select the fs2ram configuration that best meets your needs.
msgstr 
Seleccione la configuración de fs2ram que mejor se adapte a sus necesidades.

#. Type: select
#. Description
#: ../templates:2002
msgid 
 * Content-preserving: /var/tmp, /var/cache, and /var/log will be in\n
   RAM, reducing writes to the hard drive, and fs2ram will preserve the\n
   contents of these file systems across reboots.\n
 * Structure-preserving: /var/tmp, /var/cache, and /var/log will be in\n
   RAM, but fs2ram will only preserve their directory structures across\n
   reboots, not their (potentially private) contents.\n
 * Unconfigured: the fs2ram configuration file will be left empty and\n
   must be filled manually.
msgstr 
 * Preservando contenido: se mantendrán «/var/tmp», «/var/cache», y «/var/
log»\n
   en RAM, reduciendo el número de escrituras en el disco duro, y fs2ram \n
   preservará los contenidos de estos sistemas de ficheros entre cada\n
   reinicio del sistema.\n
 * Preservando estructura: se mantendrán /var/tmp, /var/cache, y /var/log 
en\n
   RAM, pero fs2ram sólo preservará la estructura de directorios entre\n
   cada reinicio del sistema y no sus contenidos (potencialmente privados).\n
 * No configurado: el archivo de configuración de fs2ram se dejará vacío y\n
   deberá rellenarse manualmente.

#. Type: boolean
#. Description
#: ../templates:3001
msgid Turn /tmp into a RAM file system?
msgstr ¿Desea convertir «/tmp» en un sistema de ficheros en RAM?

#. Type: boolean
#. Description
#: ../templates:3001
msgid 
Please choose whether /tmp should be converted into a tmpfs mount point. 
This is not the default for freshly installed systems.
msgstr 
Seleccione si desea que se convierta «/tmp» en un punto de montaje de tipo 
«tmpfs». Éste no es el comportamiento por omisión para sistemas recién 
instalados.

#. Type: boolean
#. Description
#: ../templates:4001
msgid Turn /var/lock into a RAM file system?
msgstr ¿Desea convertir «/var/lock» en un sistema de ficheros en RAM?

#. Type: boolean
#. Description
#: ../templates:4001
msgid 
Please choose whether /var/lock should be converted into a tmpfs mount 
point. This is the default for freshly installed systems.
msgstr 
Seleccione si desea que se convierta «/var/lock» en un punto de montaje de 
tipo «tmpfs». Ésta es la configuración predefinida en sistemas recién 
instalados.

#~ msgid fs2ram configuration
#~ msgstr Configuración de fs2ram


signature.asc
Description: Digital signature

Bug#679062: cron: should remove obsolete /etc/cron.daily/standard

[Javier Fernández-Sanguino Peña]

On Thu, Jul 05, 2012 at 10:58:04AM +0300, Teodor MICU wrote:
 reopen 679062
 stop
 
 This process is not complete since I get this email from all systems
 where I upgraded cron:
 
 | Subject: Anacron job 'cron.daily' on frost.museglobal.ro
 | [..]
 | run-parts: failed to stat component /etc/cron.daily/standard: No
 such file or directory

I'm not sure this is entirely's cron fault. From the subject: it looks like
anacron is trying to run the old cron.daily's standard task.

Could you please do this:

- send the list of files under /etc/cron.daily/
- check if anacron is running in your system (i.e. 'ps -ef |grep anacron')
- restart anacron, if running and see if the error reproduces

If this is anacron's fault maybe we have to reassign the bug there. 

Thanks

Javier


signature.asc
Description: Digital signature

Bug#620392: cron looses job output if no mta is installed

[Javier Fernández-Sanguino Peña]

merge  670118 620392
thanks

On Fri, Apr 01, 2011 at 12:26:01PM -0500, Adam Heath wrote:
 I suggest that in this case the output should be sent to syslog, at
 the least.

I'm merging this bug with bug #670118 which provides precisely support
for logging cron job information to syslog.

This feature will not be enabled for Wheezy, but we might consider these
changes in later releases of the cron package.

Thanks

Javier


signature.asc
Description: Digital signature

Bug#679106: cron: multiple /etc/init.d/cron stop may kill unrelated processes

[Javier Fernández-Sanguino Peña]

tag 679106 pending
thanks

Hi,

After reviewing this bug I believe we did not fix it properly in 3.0pl1-117.
In that version we did the following change:

   * debian/cron.init:
- Don't call start-stop-daemon directly, use LSB init functions
  instead.  Among other things, this works around the cron daemon not
  deleting its pidfile from /var/run/. Closes: #615855

But the bug (cron: does not clean up PID file on exit) was not properly
addressed (or LSB's killproc behaviour has changed in the meantime).

I have committed a fix through cron's init.d file . The init.d file will
now remove the pidfile if it exists after killing the process. This should be
fixed in cron itself (through it's SIG handler) but this fix is a quicker
(and less complex) fix for this bug.

The fix is now is available in GIT and can be found at
http://anonscm.debian.org/gitweb/?p=pkg-cron/pkg-cron.git;a=commitdiff;h=e284ede4877465557c6846d391eabebd7077cbd6

I will upload this fix with a new cron version.

Regards

Javier


signature.asc
Description: Digital signature

Bug#284274: Patch for the hardlink replacement bug request

[Javier Fernández-Sanguino Peña]

On Sun, Jun 17, 2012 at 09:40:49PM +0200, Sandro Tosi wrote:
 On Fri, Jul 31, 2009 at 12:56 AM, Javier Fernández-Sanguino Peña
 j...@computer.org wrote:
 
  tags 284274 patch
  thanks
 
  Attached is a patch to the program sources (through the use of a dpatch 
  patch
  in the Debian package) that adds a new -L / --linkhard option to fdupes. 
  This
  option will replace all duplicate files with hardlinks which is useful in
  order to reduce space.
 
  It has been tested only slightly, but the code looks (to me) about right.
 
  Please consider this patch and include it in the Debian package.
 
 As it turned out[1] this patch loses data if some of the file to
 replace are on different filesystems. I'm going to remove it from the
 package for now, but i'd be happy to evaluate a new patch.

It might not be too difficult to introduce a check in the patch that tries
the hard link and, if it fails, it restores the file and complains. I'll see
what I can do.

Regards

Javier


signature.asc
Description: Digital signature

Bug#670118: [PATCHv2] Add support for logging cron job output to syslog

[Javier Fernández-Sanguino Peña]

On Sun, Apr 22, 2012 at 11:18:15PM -0700, Josh Triplett wrote:
 [Resending with the correct set of patches this time.]
 
 The attached patches make it possible for cron to log cron job output to
 syslog.

Hi,

Thanks for the work and the patches.  I've added these patches to a new git
branch (bug/670118) for review. 

I'm not sure if we can commit to include these patches in the current version
of the cron package (for Squeeze) since we were trying to get the number of
patches down in order to move to a new package (using 3.0 source format).

Once we have discussed this between the cron maintainers we will let you know
how we will go forward with these changes.

Best regards,

Javier


signature.asc
Description: Digital signature

Bug#674296: checkrestart: specialcase unreadable pid 1 - assume vserver

[Javier Fernández-Sanguino Peña]

On Thu, May 24, 2012 at 10:54:26AM +0200, Tomas Pospisek wrote:
 In contrast to the discussion above, I've changed the default behaviour
 of checkrestart back to its original one, that is, if there's an
 exception reading a /proc/*/exe link, then we raise and exception
 (and terminate).

Thanks for the patch, it looks fine to me so I will probably apply it before
my next upload of debian-goodies.

Best regards

Javier



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#674228: openvas-plugins-dfsg: FTBFS: missing build-deps

[Javier Fernández-Sanguino Peña]

On Thu, May 24, 2012 at 01:03:27AM +0200, Cyril Brulebois wrote:
 $subject says it all:
 | [ clean = audit-plugins ] || dh clean --with quilt
 | dh: unable to load addon quilt: Can't locate 
 Debian/Debhelper/Sequence/quilt.pm in @INC (@INC contains: /etc/perl 
 /usr/local/lib/perl/5.14.2 /usr/local/share/perl/5.14.2 /usr/lib/perl5 
 /usr/share/perl5 /usr/lib/perl/5.14 /usr/share/perl/5.14 
 /usr/local/lib/site_perl .) at (eval 18) line 2.
 | BEGIN failed--compilation aborted at (eval 18) line 2.
 | 
 | make: *** [clean] Error 2
 

A build-depends: on quilt is missin in debian/control, I will add it.

Regards

Javier


signature.asc
Description: Digital signature

Bug#674192: Please reconsider package description

[Javier Fernández-Sanguino Peña]

On Wed, May 23, 2012 at 09:21:39PM +0100, Justin B Rye wrote:
  .
  This cron package is pre-configured to do some basic daily system
  maintenance tasks. Other packages, such as checksecurity, help with
  further maintenance tasks.
 
 The basic daily system maintenance tasks are being phased out (see
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=579640).  Sooner or
 later this paragraph is going to need a rewrite, or maybe it would be
 better just to drop it completely.

When the tasks are removed the paragraph can be changed to something along
the lines of:

   This package does not provide any system maintenance tasks. Other
   packages, such as cron-standard and checksecurity, provide relevant
   periodic maintenance tasks useful to cover basic system checks.

This will explain the dependencies on other packages (checksecurity is
currently Suggested: and cron-standard might hold the standard system tasks
in the future).

Regards

Javier



signature.asc
Description: Digital signature

Bug#649168: blacklist not really working?

[Javier Fernández-Sanguino Peña]

On Thu, May 24, 2012 at 12:39:37AM +0200, Tomas Pospisek wrote:
 So currently instead of failing as above I changed checkrestart to
 report an error and to continue:

That patch looks good to me.

 admin:~# diff -u /tmp/checkrestart /usr/local/bin/checkrestart
 --- /tmp/checkrestart   2012-05-24 00:37:15.147100799 +0200
 +++ /usr/local/bin/checkrestart 2012-05-24 00:24:23.0 +0200
 @@ -445,7 +445,8 @@
  self.program = os.readlink('/proc/%d/exe' % self.pid)
  except OSError, e:
  if e.errno != errno.ENOENT:
 -raise
 +sys.stderr.write('ERROR: Failed to read %d' % self.pid)
 +#raise
  self.program = self.cleanFile(self.program)
 
  def cleanFile(self, f):
 
 I wonder if there's a better way...

I think your fix is probably good enough.

 Other than that, I can report that Tollef patch works for me.

That's good to hear, thank you.

Regards

Javier


signature.asc
Description: Digital signature

Bug#557156: wicd deconfigures the wired (eth0) interface at suspend or cable unplugged

[Javier Fernández-Sanguino Peña]

On Mon, May 21, 2012 at 07:14:08PM +0200, Javier Fernández-Sanguino Peña wrote:
 - I have not configured wicd at all, it was just pulled in as a dependency 
 because 
   GNOME's NetworkManager depends on it

A mistake here: wicd was pulled in because I installed the xfce-desktop
task, not because of Network Manager.

Still, I've always managed my interfaces using /etc/network/interfaces and
have *never* configured them using wicd.

 As I cannot disable the /usr/lib/pm-utils/sleep.d/55wicd script I've 
 introduced another
 script in /etc/pm/sleep.d/00_restart_network that stops dhclient and
(...)

Please take note that it took me quite a lot of debugging of the pm-suspend
scripts until I found out that the reason why my interfaces were reconfigured
was because of wicd. 

Once the culprit has been found, a much simpler way to prevent this bug would
be using apt-get or dpkg, I could remove wicd since it is only Recommended:
by xfce-desktop.  For me it probably an option, but a regular user that
steps into this bug will find that this will make more friendly package 
management
frontends, such as aptitude, to *always* try to remove the xfce-desktop task
(unless configured to ignore Recommends).


Regards

Javier


signature.asc
Description: Digital signature

Bug#673822: wicd-daemon: Power management suspend script runs unconditionally even in wired-only computers

[Javier Fernández-Sanguino Peña]

On Tue, May 22, 2012 at 09:55:18PM +0200, David Paleino wrote:
 This isn't true. Wicd isn't listed among the dependencies of NM -- if it was
 the case, it would be *VERY* weird. Please run a aptitude why wicd-daemon,
 and check what pulled it in.

Excuse my ignorance, you are right, wicd was not pulled because of
Network-Manager, my mistake. 

In my system, wicd was pulled in because of the task-xfce-desktop:

jfs@silicio:$ LC_ALL=C aptitude why wicd-daemon
id  wicd Depends wicd-daemon (= 1.7.2.3-1)
jfs@silicio:$ LC_ALL=C aptitude why wicd
id  task-xfce-desktop Recommends wicd

I incorrectly assumed that wicd was somehow associated to
wireless, when it's not. The starting 'w' got me confused :)

  This package installs a script under /usr/lib/pm-utils/sleep.d/55wicd and
  gets run after any resume of hibernation.
  
  However, since this script is not a configuration file and it does not 
  provide
  any way to disable it, the script will run regardless of whether the system 
  is
  using a wireless connection or a wired connection (as is my case).
 
 Regardless of what the comments in that file say, it just runs wicd
 suspend/resume, and the existence of a wireless connection is not taken into
 consideration.

What I tried to say is that wicd is trying to do things on suspend/resumen
even if it's not *configured* for any given interface. At least in my system,
I have never configured wicd and my *wired* interface (eth1) has always been
managed by /etc/network/interfaces.

In this setup (the user has not ever configured wicd and the interfaces are
already managed) it doesn't make sense for the suspend script to run at all.

  If possible, I would appreciate if the script would NO-OP either
  
  a) by detecting that wicd is not configured using some kind of system
  indication. For example, in my system, /etc/wicd/wireless-settings.conf is 
  an
  empty (0-bytes) file which could be an indication.
 
 If you don't want wicd to manage wireless, just clear the wireless_interface
 entry in manager-settings.conf .

I actually don't want wicd to manage *any* of my *wired* interfaces. So I
cannot understand why the script runs when:

- /etc/wicd/wireless-settings.conf is an empty file
- /etc/wicd/wired-settings.conf has not been configured at all (available at 
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=37;filename=wired-settings.conf;att=1;bug=557156)

 Since you seem to be a NM user, I guess you don't want wicd at all. At the
 beginning of your mail you said it was pulled in -- this shouldn't happen,
 and certainly is not a bug in the wicd packages. Please check why it was 
 pulled
 in first; then decide whether use it or just keep NM. Using both programs is
 technically possible, but not really encouraged. Keeping just one of them will
 save you tons of possible problems and Heisenbugs (and no, I won't add a
 Conflict.)

The problem is: I'm a regular user of /etc/network/interfaces, I use
guessnet, and I don't want any networking packages to interfere with my
setup. Not NetworkManager, not Wicd, not others.

Unfortunately, the different desktop management systems introduce a network
manager that interferes with a setup that has been working fine since (IIRC)
Woody.

I don't mind having wicd installed if that is pulled in by a task and is
inactive. But having the software *do* stuff when I have never configured it,
nor even started the graphical interface, and have it behave in a way that
interferes with my network setup is quite strange. 

The fact is, that just because I installed the Xfce desktop to test out the
*desktop* environment, wicd got pulled in and broke my networking setup (for
more information see #557156) and this only happens *when* I suspended the 
system
and resumed from suspend. 

You are tagging this as 'unreproducible' bug, I believe that it is quite easy
to reproduce:

 1- Install a bare system
 2- Configure the system's networking using a fixed IP address either by
using the Debian Installer or by manually editing /etc/network/interfaces
after installation
 3- Install the xfce-desktop task (which pulls in wicd)
 4- Suspend the system
 5- Return from suspend

 Right before step 4, the system will be configured with a static IP address.
 In step 5 wicd's suspend script will run, even though wicd is unconfigured.

 And this leads us to a completely broken network setup (using DHCP) due to
 bug #557156.

 A way I see to prevent bug #557156 and other future bugs, wicd's suspend
 script should *not* run if wicd is not being used to manage the system's
 networking.
 
 I don't know wicd's internals, but reviewing wicd's code, it occurs to me
 than an alternative way would be for the script to check if wicd daemon is
 running and abort if it's not. 

 That way a sysadmin could simply disable the wicd daemon using wicd's
 default file and then the suspend script would do nothing.


 Regards


 Javier


signature.asc
Description: Digital signature

Bug#673822: wicd-daemon: Power management suspend script runs unconditionally even in wired-only computers

[Javier Fernández-Sanguino Peña]

Package: wicd-daemon
Version: 1.7.2.3-1
Severity: normal

I'm running a desktop system which does *not* have a Wireless interface but
Network-manager (installed because of GNOME3) dependencies pulls in wicd-daemon
unconditionally. This package installs a script under
/usr/lib/pm-utils/sleep.d/55wicd and gets run after any resume of hibernation.

However, since this script is not a configuration file and it does not provide
any way to disable it, the script will run regardless of whether the system is
using a wireless connection or a wired connection (as is my case).

If possible, I would appreciate if the script would NO-OP either

a) by detecting that wicd is not configured using some kind of system
indication. For example, in my system, /etc/wicd/wireless-settings.conf is an
empty (0-bytes) file which could be an indication.

b) by making it possible for the administrator to disable it. This could be
possible by either using a defaults file (under /etc/) or by moving the script
under /etc/ and replacing /usr/lib/pm-utils/sleep.d/55wicd with a symbolic link.

This would enable adminsitrators to remove, if required, this script from 
suspend.

On the one hand this would save some CPU cycles when resuming for hibernation,
making the system startup faster and, on the other hand, it would avoid 
potential
issues that could be caused by running /usr/share/wicd/daemon/autoconnect.py 
(or /usr/share/wicd/daemon/suspend.py) on systems that are really not configured
with any Wireless interface.

Thank you for your help in fixing this bug,

Javier



-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-2-686-pae (SMP w/2 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages wicd-daemon depends on:
ii  adduser 3.113+nmu1
ii  dbus1.5.12-1
ii  debconf 1.5.42
ii  ethtool 1:3.1-1
ii  iproute 20120319-1
ii  iputils-ping3:20101006-1+b1
ii  isc-dhcp-client [dhcp3-client]  4.2.2.dfsg.1-4
ii  lsb-base4.1+Debian2
ii  net-tools   1.60-24.1
ii  psmisc  22.16-1
ii  python  2.7.2-10
ii  python-dbus 0.84.0-3
ii  python-gobject  3.2.0-3
ii  python-wicd 1.7.2.3-1
ii  wireless-tools  30~pre9-8
ii  wpasupplicant   0.7.3-6

Versions of packages wicd-daemon recommends:
ii  wicd-gtk [wicd-client]  1.7.2.3-1

Versions of packages wicd-daemon suggests:
ii  pm-utils  1.4.1-9

Versions of packages wicd depends on:
ii  wicd-gtk [wicd-client]  1.7.2.3-1

Versions of packages wicd-gtk depends on:
ii  python 2.7.2-10
ii  python-glade2  2.24.0-3
ii  python-gtk22.24.0-3

Versions of packages wicd-gtk recommends:
ii  gksu   2.0.2-6
ii  python-notify  0.1.1-3

Versions of packages python-wicd depends on:
ii  python 2.7.2-10
ii  python2.6  2.6.7-4
ii  python2.7  2.7.3~rc2-2.1

-- debconf information:
* wicd/users: jfs



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#673823: wpasupplicant: Power management suspend script runs unconditionally even in wired-only computers

[Javier Fernández-Sanguino Peña]

Package: wpasupplicant
Version: 0.7.3-6
Severity: normal

I'm running a desktop system which does *not* have a Wireless interface which
is, AFAIK, still a common setup in many computers. My connection uses a wired
(Ethernet) interface. When hibernating and resuming from suspension this system
will *always* run the /usr/lib/pm-utils/sleep.d/60_wpa_supplicant, which in
turn runs /sbin/wpa_cli unconditionally. 

This is done by design because Network-manager (installed because of
GNOME3) dependencies pulls in the wpasupplicant package and this package
installs the /usr/lib/pm-utils/sleep.d/60_wpa_supplicant script.

Running this script n a wired-connected desktop environment which lacks a WiFi
interface is useless in most circunstances. However, the previous script cannot
be configured in any way in order to prevent it from running and the script
will run regardless of whether the system is using a wireless connection (where
it's useful) or a wired connection (where it's not).

If possible, I would appreciate if the script is changed to prevent it from
running under the following circumstances:

a) /sbin/wpa_cli is not executable or not present in the system. This is, for
   example, how /etc/network/if-up.d/wpasupplicant is disabled

b) wpasupplicant is not running. By, for example, using the test_wpa_cli()
   function defined in /etc/wpa_supplicant/functions.sh

c) by detecting that wpasupplicant is not configured in the system by
   using some kind of system indication.

d) by making it possible for the administrator to disable it manually. This
   could be possible by either using a defaults file (under /etc/) or by moving
   the script under /etc/ and replacing /usr/lib/pm-utils/sleep.d/55wicd with a
   symbolic link.


Introducing any of these mechanisms would enable administrators to configure
the system so that this script does not run in systems that do not require it.

On the one hand this possibility would save some CPU cycles when resuming for
hibernation, making the system startup faster and, on the other hand, it would
avoid potential issues or errors that could be caused by running the
/sbin/wpa_cli script on systems that are really not configured with any
Wireless interface.

Thank you for your help in fixing this bug,

Javier



-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-2-686-pae (SMP w/2 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages wpasupplicant depends on:
ii  adduser   3.113+nmu1
ii  initscripts   2.88dsf-22.1
ii  libc6 2.13-30
ii  libdbus-1-3   1.5.12-1
ii  libnl-3-200   3.2.7-2
ii  libnl-genl-3-200  3.2.7-2
ii  libpcsclite1  1.8.3-2
ii  libreadline6  6.2-8
ii  libssl1.0.0   1.0.1b-1
ii  lsb-base  4.1+Debian2

wpasupplicant recommends no packages.

Versions of packages wpasupplicant suggests:
pn  libengine-pkcs11-openssl  none
pn  wpaguinone

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#557156: wicd deconfigures the wired (eth0) interface at suspend or cable unplugged

[Javier Fernández-Sanguino Peña]

Package: wicd-daemon
Version: 1.7.2.3-1
Followup-For: Bug #557156

I can confirm that this bug is still present and it completely breaks my
network setup when resuming from suspend. In my case, I have a 
desktop system that uses 'eth1' as its wired interface:

- this interface is configured through /etc/network/interfaces (since Woody, or 
even
  earlier)

- I have not configured wicd at all, it was just pulled in as a dependency 
because 
  GNOME's NetworkManager depends on it

- there is no way to disable the suspend script (I have filed a separate bug on 
this)

When resuming from suspend the following happens:

- /usr/lib/pm-utils/sleep.d/55wicd is run
- the script calls /usr/share/wicd/daemon/autoconnect.py
- this script calls dhclient
- the interface is auto reconfigured to use a dynamic (instead of static IP 
address)

Please see the attached file generated using 'script' (wicd-test-resume.log)
that shows the behaviour. The /var/log/wicd/wicd.log file (attached is an 
extract) 
shows that seems to be the behaviour when resuming from suspend.

I'm attaching also my current  /etc/wicd/wired-settings.conf configuration file 
for review.

As I cannot disable the /usr/lib/pm-utils/sleep.d/55wicd script I've introduced 
another
script in /etc/pm/sleep.d/00_restart_network that stops dhclient and
reconfigures the interface. Writting this script was a little bit tricky as
there is a race condition in how the power management scripts are run (as wicd
dettachs to a background process). It seems to work well in my system and
prevents this bug. I'm attaching it also here for the benefit of those affected
by this bug.

Please feel free to ask for additional information.

By the way: this bug is pretty serious, in my opinion it makes this package
unsuitable for release. 

Regards

Javier



-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-2-686-pae (SMP w/2 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages wicd-daemon depends on:
ii  adduser 3.113+nmu1
ii  dbus1.5.12-1
ii  debconf 1.5.42
ii  ethtool 1:3.1-1
ii  iproute 20120319-1
ii  iputils-ping3:20101006-1+b1
ii  isc-dhcp-client [dhcp3-client]  4.2.2.dfsg.1-4
ii  lsb-base4.1+Debian2
ii  net-tools   1.60-24.1
ii  psmisc  22.16-1
ii  python  2.7.2-10
ii  python-dbus 0.84.0-3
ii  python-gobject  3.2.0-3
ii  python-wicd 1.7.2.3-1
ii  wireless-tools  30~pre9-8
ii  wpasupplicant   0.7.3-6

Versions of packages wicd-daemon recommends:
ii  wicd-gtk [wicd-client]  1.7.2.3-1

Versions of packages wicd-daemon suggests:
ii  pm-utils  1.4.1-9

Versions of packages wicd depends on:
ii  wicd-gtk [wicd-client]  1.7.2.3-1

Versions of packages wicd-gtk depends on:
ii  python 2.7.2-10
ii  python-glade2  2.24.0-3
ii  python-gtk22.24.0-3

Versions of packages wicd-gtk recommends:
ii  gksu   2.0.2-6
ii  python-notify  0.1.1-3

Versions of packages python-wicd depends on:
ii  python 2.7.2-10
ii  python2.6  2.6.7-4
ii  python2.7  2.7.3~rc2-2.1

-- debconf information:
* wicd/users: jfs
[wired-default]
ip = None
broadcast = None
netmask = None
gateway = None
search_domain = None
dns_domain = None
dns1 = None
dns2 = None
dns3 = None
beforescript = None
afterscript = None
predisconnectscript = None
postdisconnectscript = None
encryption_enabled = None
default = True
dhcphostname = silicio
lastused = True

Script iniciado (lun 21 may 2012 18:19:36 CEST
)
fetchmail: background fetchmail at 12848 awakened.
jfs@silicio:log$ 
jfs@silicio:log$ ps -ef |grep dhcl
jfs@silicio:log$ ifconfig eth1
eth1  Link encap:Ethernet  HWaddr 00:c0:df:03:c5:e9  
  inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
  inet6 addr: fe80::2c0:dfff:fe03:c5e9/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:7336517 errors:0 dropped:0 overruns:0 frame:0
  TX packets:16048323 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000 
  RX bytes:963483172 (918.8 MiB)  TX bytes:2499792887 (2.3 GiB)
  Interrupt:20 Base address:0xd000 

jfs@silicio:log$ cat /etc/network/interfaces  |grep eth1
auto eth1
iface eth1 inet static
#mapping eth1
# iface eth1:1 inet dhcp
jfs@silicio:log$ sudo -s
silicio:/var/log# /usr/share/wicd/daemon/autoconnect.py
silicio:/var/log# ps -ef |grep dhc
root 19460  2769  0 18:21 ?00:00:00 /sbin/dhclient -v -r eth1
root 19462 18898  0 18:21 pts/000:00:00 grep dhc
root 19463 19460  0 18:21 ?00:00:00 /bin/bash 

Bug#671761: netselect-apt/testing needs a dependency link to netselect/testing

[Javier Fernández-Sanguino Peña]

On Sun, May 06, 2012 at 02:09:23PM -0400, Brendan Byrd wrote:
 Apparently, the -D option is only in the testing branch of netselect.  I
 can see two solutions:
 
 1. Make sure netselect-apt can use netselect with or without the -D option.
 2. Create a dependency link between netselect/testing and
 netselect-apt/testing.

I will go towards the second option, I should have done that before.

Regards

Javier


signature.asc
Description: Digital signature

Bug#661944: snort.conf portvar $FILE_DATA_PORTS missing

[Javier Fernández-Sanguino Peña]

On Fri, Mar 02, 2012 at 09:36:17PM +0100, nils wrote:
 The portvar FILE_DATA_PORTS is not defined in the snort.conf, but is used
 by many new rulesets, meaning, as soon as the rulesets are updated, snort
 will not start with a configuration error.
(...)

I'm preparing an upload for a new upstream release that includes this new
variable so this bug will be fixed with a new upload.

Regards

Javier


signature.asc
Description: Digital signature

Bug#650060: snort: FTBFS with multiarch libmysqlclient-dev (now in unstable)

[Javier Fernández-Sanguino Peña]

On Tue, May 01, 2012 at 04:19:41PM +0200, Christoph Egger wrote:
 severity 650060 serious
 bye
 
 Seems to happen now in unstable

It does not seem to be the same bug (or the patch provided does not apply
and fix this bug). The version of libmysqlclient-dev currently available in
unstable (version 5.1.62-1) does not provide the '--variable=pkglibdir'
option (i.e. it is not recognised for mysql_config).

Regards

Javier



signature.asc
Description: Digital signature

Bug#657653: checkrestart -p completely broken?

[Javier Fernández-Sanguino Peña]

On Fri, Apr 20, 2012 at 10:39:22PM +0300, Peter Eisentraut wrote:
  
  Please send me the output to see if I can see where the problem might be.
 
 Pretty obvious problem, it turns out:
 
 Will look in lines using regular expression 
 '/usr/lib/i386-linux-gnu/libstdc++.so.*'
(...)

I've patched checkrestart in GIT to fix this issue. Sorry for the delay:

- New checkrestart version:
  
http://anonscm.debian.org/gitweb/?p=collab-maint/debian-goodies.git;a=blob;f=checkrestart;h=2b9085a8696dcaf112d52cbc0ea0726962182fc9;hb=a510ac78fec59f80462aed8ce9e14f09a75587ee

- Patch:
  
http://anonscm.debian.org/gitweb/?p=collab-maint/debian-goodies.git;a=commitdiff;h=a510ac78fec59f80462aed8ce9e14f09a75587ee;hp=e770fd65ea860fd45e702c27b6d3b9464de95a49

Could you please test it out? It does not cover all cases and it still might
break if the files incluse some characters that can be considered part of a
regular expression, but it should fix your problem with libstdc++

Regards

Javier


signature.asc
Description: Digital signature

Bug#657653: checkrestart -p completely broken?

[Javier Fernández-Sanguino Peña]

On Fri, Apr 20, 2012 at 10:39:22PM +0300, Peter Eisentraut wrote:
 On mån, 2012-04-09 at 21:04 +0200, Javier Fernández-Sanguino Peña wrote:
 Pretty obvious problem, it turns out:
 
 Will look in lines using regular expression 
 '/usr/lib/i386-linux-gnu/libstdc++.so.*'

Thanks. I'll take a look on how to fix this. Probably just indenting special
characters (+.*) in the filename should be good enough to fix this.

Regards

Javier


signature.asc
Description: Digital signature

Bug#665876: not using html as source

[Javier Fernández-Sanguino Peña]

On Tue, Apr 10, 2012 at 11:35:33AM -0500, Frank Loeffler wrote:
 Hi,
 
 What about parsing http://http.us.debian.org/debian/README.mirrors.txt
 for information about Debian mirrors instead of the HTML page?

It didn't occur to me, but I'm not sure that parsing that text file is going
to be easier than parsing the HTML page and, in the end, it might still be
brittle since the format (spacing, column ordering, etc.) might change in the
future.

The best alternative would be to have a machine-parseable (i.e. XML file)
with all the mirrors information.

In any case, if you can work on a patch for it I could take a look :)

Regards

Javier


signature.asc
Description: Digital signature

Bug#665876: merge - but still affecting squeeze

[Javier Fernández-Sanguino Peña]

On Tue, Apr 10, 2012 at 11:26:55AM -0500, Frank Loeffler wrote:
 Hi
 
 This is most likely a cause of #667985, which has been fixed in sid.

Yes, I've tested this in a Squeeze chroot and the behaviour in Squeeze
generates the error message that was reported.

The version in Squeeze is actually very brittle. I should backport the
version in unstable to backports and encourage users running stable to use
that one instead as many enhancements have been introduced in the latest
versions.

 However, a similar bug also affects stable and can be fixed using a
 similar simple patch:
 
 - m@br'$SEARCH':.*a href=('$PROTO'://.*?)@i
 + m@br'$SEARCH':.*a.*?href=('$PROTO'://.*?)@i

I will prepare the fix and submit it to the Release Team, if they approve I
will do an upload to stable.

Regards

Javier



signature.asc
Description: Digital signature

Bug#666892: cron: Cross-building support for cron

[Javier Fernández-Sanguino Peña]

tag 666892 pending
thanks

On Mon, Apr 02, 2012 at 01:25:36AM -0700, Steve Langasek wrote:
 In Ubuntu, the attached patch was applied to add support for cross-building
 cron.  cron has a very simple build system, so it's a very simple patch; all
 that's required to let cron cross-build is to tell the makefile where the
 cross-compiler is.
 
 Please consider including this patch in Debian as well.

Thanks Steve,

I have applied the patch to our GIT repo [1]. The fix should be available in
the next package upload of cron (version 3.0pl1-122).

Regards

Javier


[1] commit 24f9c8fcc95e271d94e19dacc57afd82b82fbba7


signature.asc
Description: Digital signature

Bug#668193: libreoffice-common: Postinst fails saying it cannot determine language

[Javier Fernández-Sanguino Peña]

Package: libreoffice-common
Version: 1:3.4.6-2
Severity: important

I just upgraded libreoffice-common to the new version in sid (coming from
1:3.4.6-2, upgrading to 1:3.5.2-1) it spit out the following error:

-
Procesando disparadores para libreoffice-common ...

ERROR: Cannot determine language!
Exception details:
(com.sun.star.uno.RuntimeException) { { Message = Cannot determine language!, 
Context = (com.sun.star.uno.XInterface) @0 } }

unopkg failed.
terminate called after throwing an instance of 
'com::sun::star::uno::RuntimeException'
/var/lib/dpkg/info/libreoffice-common.postinst: línea 32: 17596 Abortado
/usr/lib/libreoffice/program/unopkg sync -v --shared 
-env:BUNDLED_EXTENSIONS_USER=file:///usr/lib/libreoffice/share/prereg/bundled 
-env:UserInstallation=file://$INSTDIR 
-env:UNO_JAVA_JFW_INSTALL_DATA=file://$d/share/config/javasettingsunopkginstall.xml
 -env:JFW_PLUGIN_DO_NOT_CHECK_ACCESSIBILITY=1
dpkg: error al procesar libreoffice-common (--remove):
 el subproceso instalado el script post-installation devolvió el código de 
salida de error 134
 configured to not write apport reports
-


This error broke the upgrades, since the dpkg error is not recoverable. It 
would be best if these kind of errors where handled somehow.

When retrying the upgrade the error does not reproduce itself so I'm not sure 
what generated it.

Regards



-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-2-686-pae (SMP w/2 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libreoffice-common depends on:
ii  dpkg  1.16.2
ii  libreoffice-style-galaxy [libreoffice-style-default]  1:3.4.6-2
ii  ure   3.5.2~rc2-1

Versions of packages libreoffice-common recommends:
ii  libtextcat-data  2.2-11
ii  xfonts-mathml4

Versions of packages libreoffice-common suggests:
pn  libreoffice-style-crystal none
pn  libreoffice-style-hicontrast  none
pn  libreoffice-style-oxygen  none
pn  libreoffice-style-tango   none

-- Configuration Files:
/etc/libreoffice/soffice.sh changed [not included]
/etc/libreoffice/sofficerc changed [not included]

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#667985: netselect-apt: fails to parse new rel=nofollow href links

[Javier Fernández-Sanguino Peña]

On Sat, Apr 07, 2012 at 01:42:52PM -0700, Nameless wrote:
 Netselect-apt fails to parse newest mirrors list with rel=nofollow in href
 links.
 Attached patch which tweaks the relevant regexp restored normal functionality.

Thanks for the patch. I will apply it, test it and update a new version ASAP.

Regards

Javier


signature.asc
Description: Digital signature

Bug#657653: checkrestart -p completely broken?

[Javier Fernández-Sanguino Peña]

On Thu, Apr 05, 2012 at 09:11:09PM +0300, Peter Eisentraut wrote:
 On lör, 2012-03-31 at 22:53 +0200, Javier Fernández-Sanguino Peña wrote:
  On Sat, Mar 31, 2012 at 03:10:01PM +0300, Peter Eisentraut wrote:
Does this sound like a viable approach?
   
   It's worth a try.
  
  You can find a first attempt at coding this behaviour at
  http://anonscm.debian.org/gitweb/?p=collab-maint/debian-goodies.git;a=commitdiff;h=09c21d49555d13153131da3f463aa54452c73fd7
  
  The -p option should work now with upgrades in *unstable* systems too as old
  libraries are detected and found in (newer) library upgrades. It seems to
  work properly in my unstable desktop when I upgrade some libraries.
  
  Could you give it a try?
 
 It currently crashes for me:
 
 $ sudo ./checkrestart -p

Maybe this is because of the python version? I'm using the following:

$ python --version
Python 2.7.3rc2

What version are you using?

Regards

Javier



signature.asc
Description: Digital signature

Bug#657653: checkrestart -p completely broken?

[Javier Fernández-Sanguino Peña]

On Thu, Apr 05, 2012 at 09:11:09PM +0300, Peter Eisentraut wrote:
 On lör, 2012-03-31 at 22:53 +0200, Javier Fernández-Sanguino Peña wrote:
  On Sat, Mar 31, 2012 at 03:10:01PM +0300, Peter Eisentraut wrote:
Does this sound like a viable approach?
   
   It's worth a try.
  
  You can find a first attempt at coding this behaviour at
  http://anonscm.debian.org/gitweb/?p=collab-maint/debian-goodies.git;a=commitdiff;h=09c21d49555d13153131da3f463aa54452c73fd7
  
  The -p option should work now with upgrades in *unstable* systems too as old
  libraries are detected and found in (newer) library upgrades. It seems to
  work properly in my unstable desktop when I upgrade some libraries.
  
  Could you give it a try?
 
 It currently crashes for me:

Just to make sure this is not a problem with the script, could you please apply 
the
attached patch to checkrestart (which adds more verbosity) and run
checkrestart using 'checkrestart -v -p' ?

Please send me the output to see if I can see where the problem might be.

Thanks

Javier
--- checkrestart.orig	2012-04-09 21:02:09.0 +0200
+++ checkrestart	2012-04-09 21:03:27.0 +0200
@@ -301,8 +301,12 @@
 dpkgProc.wait()
 if verbose:
 print Running:%s % dpkgQuery
+if file_regexp:
+print Will look in lines using regular expression '%s' % f
 for line in dpkgProc.stdout.readlines():
 line = line.strip()
+if verbose:
+print Analysing output: %s % line
 if line.find('no path found matching pattern ' + f)  0:
 file_in_package = False
 break


signature.asc
Description: Digital signature

Bug#668193: libreoffice-common: Postinst fails saying it cannot determine language

[Javier Fernández-Sanguino Peña]

On Mon, Apr 09, 2012 at 05:50:15PM +0200, Rene Engelhard wrote:
 Full log? Interesting is the ordering. Without it - as you should know -
 this isn't really helpful.

I can't provide the full upgrade log as I didn't save it. I do have the
aptitude and dpkg logs if those are useful (attached)

Please note that I did two upgrades, the first one started at 17:17 broke
because of libreoffice's postinstall script and the second one, at 17:29, did
go ahead fine (and upgraded the system). 

  When retrying the upgrade the error does not reproduce itself so I'm not 
  sure what generated it.
 
 the UNO environment not consistent..
 
 (That said, I wonder why you attempt an upgrade 11 days after the first 3.5 
 was uploaded, but
 anyway...)

I just did an upgrade of the system as I'm having some issues after the
GNOME 3 upgrade (last week) and wanted to see if an upgrade fixes them (it
doesn't) and use xfce in the meantime. I also encountered some strange issue
with libreoffice and GNOME (a libreoffice process would be spawned whenever I
opened up some applications) and wanted to see if this was fixed (it seems to
be now).

I didn't really check when was the upgrade of the last libreoffice version,
but I don't mind help testing it out and weeding some bugs, after all, that
is what sid is for :)

Regards


Javier




aptitude.log.gz
Description: Binary data


dpkg.log.gz
Description: Binary data


signature.asc
Description: Digital signature

Bug#657653: checkrestart -p completely broken?

[Javier Fernández-Sanguino Peña]

On Fri, Mar 30, 2012 at 08:13:55PM +0300, Peter Eisentraut wrote:
 I appears to me, however, that what it's doing is effectively useless.
 For example, I currently have this in the output of checkrestart -v:
 
 Process /usr/bin/dbus-daemon (PID: 1519) 
 List of deleted files in use:
 /lib/i386-linux-gnu/libexpat.so.1.5.2
 
 The (new) checkrestart -p determines that this file does not belong to
 any package, so it ignores it.  But the whole point is, it belonged to
 a former package, which has been upgraded.  So whenever a file is
 renamed in a package upgrade, this approach breaks down.  Note that with
 shared libraries, the process has the file open that contains the minor
 version.  So pretty much every single library upgrade will be missed by
 this.

You are right in that if the file is removed and a new file is installed
(with a new name) then checkrestart -p is largely useless as it is for these
situations. However, this will probably happen only when you are doing
upgrades in unstable (where libraries are frequently upgraded) but not in
stable (where library versions are not changed).

So the approach is still useful for those users running stable and doing
security upgrades which is one of the main goals of checkrestart.

For users running unstable, a way to fix this issue would be to check for
packages providing *newer* versions of the library, not just the old file
(which was deleted). For example, in your case, if the dpkg-query was
done like this:

dpkg-query --search /lib/i386-linux-gnu/libexpat.so*

instead of how it is currently done:

dpkg-query --search /lib/i386-linux-gnu/libexpat.so.1.5.2


The previous one can be useful to make checkrestart known that the former 
library belongs to the
libexpat1 package, although it might lead to false positives if not coded
properly. Whileas the second one will not indicate any package (as the file
has been removed)

Does this sound like a viable approach?

Coding this into checkrestart might not be too difficult if we restrict
ourselves to only libraries (i.e. files under /lib and /usr/lib). I will try
to take a shot at this.


Regards

Javier


signature.asc
Description: Digital signature

Bug#657653: checkrestart -p completely broken?

[Javier Fernández-Sanguino Peña]

On Sat, Mar 31, 2012 at 03:10:01PM +0300, Peter Eisentraut wrote:
  Does this sound like a viable approach?
 
 It's worth a try.

You can find a first attempt at coding this behaviour at
http://anonscm.debian.org/gitweb/?p=collab-maint/debian-goodies.git;a=commitdiff;h=09c21d49555d13153131da3f463aa54452c73fd7

The -p option should work now with upgrades in *unstable* systems too as old
libraries are detected and found in (newer) library upgrades. It seems to
work properly in my unstable desktop when I upgrade some libraries.

Could you give it a try?

Regards

Javier


signature.asc
Description: Digital signature

Bug#549024: checkrestart: finds old /usr/lib/xulrunner-1.9/xulrunner-stub

[Javier Fernández-Sanguino Peña]

tags 549024 moreinfo
thanks

On Wed, Sep 30, 2009 at 04:59:25PM +0300, Andrei Popescu wrote:
 Hello,
 
 Running checkrestart I get this:
 
 # checkrestart
 Found 1 processes using old versions of upgraded files
 (1 distinct program)
 (1 distinct packages)
 These processes do not seem to have an associated init script to restart them:
 xulrunner-1.9:
 15952   /usr/lib/xulrunner-1.9/xulrunner-stub
(...)

This is probably be a BUG in checkrestart. Could you please read the 'BUGS'
section in the manpage ('man checkrestart')? 

Specifically we would be interested that you attached to this bug report:

  - The output of checkrestart using the -v (verbose) option: checkrestart -v
  - The output of running the following command as root:

lsof | egrep 'delete|DEL|path inode'

Maybe xulrunner uses some deleted files and checkrestart (wrongly) associates
this behaviour with the need to restart it.

If we can identify the culprit we can add an exception in the script to 
avoid this false positive.

Regards

Javier



signature.asc
Description: Digital signature

Bug#657653: checkrestart -p completely broken?

[Javier Fernández-Sanguino Peña]

On Fri, Jan 27, 2012 at 08:51:43PM +0200, Peter Eisentraut wrote:
 sudo checkrestart reports:
 
 Found 87 processes using old versions of upgraded files
 (57 distinct programs)
 ...
 
 and then gives the details.
 
 sudo checkrestart -p on the other hand, runs for 10 minutes, prints
 hundreds of dpkg-query: no path found matching pattern lines (bug
 #513189), then finishes with

I've reviewed the use of dpkg-query and, indeed, there were some bugs in the
code:

  1.- the call to dpkg-query was run as a subprocess and the script did not
  wait for the process to stop, so the file was found *not* to be 
  a part of a package
  2.- the script was making dpkg-query calls for all the instances of a file
  even if the file appeared more than once (i.e. a removed library that many
  processes were using) which leads it to be *very* CPU intensive if you've
  done a full upgrade which includes many core libraries (i.e.
  used by many processes)

I have submitted a fix to our  GIT repository [1]. Once we confirm that this
fix is OK and does not introduced any new bugs we will upload it.

Regards

Javier


[1]
http://anonscm.debian.org/gitweb/?p=collab-maint/debian-goodies.git;a=blobdiff;f=checkrestart;h=718577a21f6dc49514fe0f6916e821ff075eae76;hp=1e1f9b894b0c93bb47ad9ea4684f051715193c52;hb=2a2b41299b1177f42e7765a44614b03b639c51bc;hpb=85d9cac6e96e4de024ae5083b01274d714f258e8

   


signature.asc
Description: Digital signature

Bug#548380: checkrestart: Xorg intel drivers regression

[Javier Fernández-Sanguino Peña]

On Wed, Mar 14, 2012 at 09:36:43PM +0100, Francesco Poli wrote:
 Mmmh, may I have some sort of reply, please?

There was a bug in the fix commited for this bug and it has been fixed in our
GIT repository [1].

The bug will be fixed with the next package upload. 

Sorry for the delay, regards


Javier


[1]
http://anonscm.debian.org/gitweb/?p=collab-maint/debian-goodies.git;a=commitdiff;h=1287a709e04b66549f9a6ae954400456349260ea


signature.asc
Description: Digital signature