Bug#969354: google requires SPF or DKIM

[Matus UHLAR - fantomas]

Since google requires working SPF or DKIM, I recommend setting up either one 
for people using gmail accounts.


The advantage of DKIM is that it works in case of someone is forwarding mail 
to address hosted on other servers.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers.

Bug#1064955: doppelstern.hdb removed from sanesecurity databases, cron mailing every hour

[Matus UHLAR - fantomas]

Package: clamav-unofficial-sigs
Version: 3.7.2-2.1

the database doppelstern.hdb was removed as reported by sanesecurity.
This results into error mail from cron reporting:

Subject: Cron  [ -x /usr/sbin/clamav-unofficial-sigs ] && 
/usr/sbin/clamav-unofficial-sigs

Sanesecurity GPG Signature test FAILED on doppelstern.hdb database - SKIPPING

the file contains:

3b583df09ec829197e03819fddf45f84:180:Doppelstern.hdb.Is.Dead.RIP


Please remove the doppelstern.hdb from clamav-unofficial-sigs.conf, 
installed as:

/usr/share/clamav-unofficial-sigs/conf.d/00-clamav-unofficial-sigs.conf

I am attaching patch to do that.

The intermediate workaround it to put into /etc/clamav-unofficial-sigs.conf 


ss_dbs="
  blurl.ndb
  junk.ndb
  jurlbl.ndb
  phish.ndb
  rogue.hdb
  sanesecurity.ftm
  scam.ndb
  sigwhitelist.ign2
  spamattach.hdb
  spamimg.hdb
  winnow.attachments.hdb
  winnow_bad_cw.hdb
  winnow_extended_malware.hdb
  winnow_malware.hdb
  winnow_malware_links.ndb
  bofhland_cracked_URL.ndb
  bofhland_malware_attach.hdb
  bofhland_malware_URL.ndb
  bofhland_phishing_URL.ndb
  crdfam.clamav.hdb
  phishtank.ndb
  porcupine.ndb
"
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759
--- clamav-unofficial-sigs.conf.org	2013-08-27 18:08:25.0 +0200
+++ clamav-unofficial-sigs.conf	2024-02-28 10:30:38.005744074 +0100
@@ -141,7 +141,6 @@
winnow_extended_malware.hdb
winnow_malware.hdb
winnow_malware_links.ndb
-   doppelstern.hdb
bofhland_cracked_URL.ndb
bofhland_malware_attach.hdb
bofhland_malware_URL.ndb

Bug#1059512: stopping unsuccessful with sysvinit

[Matus UHLAR - fantomas]

Package: postfwd
Version: 1.35-5

with sysvinit, the init script only tries to stop postfwd with --pidfile 
option:


start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE && rm -rf 
$PIDFILE

this causes start-stop-daemon to complain and not stop the daemon:

Stopping postfwd: start-stop-daemon: matching only on non-root pidfile 
/var/run/postfwd.pid is insecure

in some circumstances this can also remove pidfile while postfwd is running

I'm attaching patch that adds "--name" argument to start-stop-daemon, which 
makes the stopping work safely.


I have tested this on Debian 10 and Debian 12, with both postfwd1 and 
postfwd2, patch fixes both cases.



--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name.
--- /etc/init.d/postfwd.orig	2021-01-06 21:49:07.0 +0100
+++ /etc/init.d/postfwd	2023-12-26 17:05:55.385432922 +0100
@@ -20,6 +20,7 @@
 NAME=postfwd
 DAEMON=/usr/sbin/${NAME}
 PIDFILE=/var/run/$NAME.pid
+PROCNAME=/usr/sbin/postf
 DESC=postfwd
 
 . /lib/lsb/init-functions
@@ -79,7 +80,7 @@
 	;;
   stop)
 	echo -n "Stopping $DESC: "
-	start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE && rm -rf $PIDFILE
+	start-stop-daemon --stop --quiet --oknodo --name $PROCNAME --pidfile $PIDFILE --remove-pidfile
 echo "$NAME."
 	;;
   reload)

Bug#1043209: call updatedb.plocate explicitly

[Matus UHLAR - fantomas]

On 07.08.23 14:38, Alexandre Detiste wrote:

I would rather prefer that you explain to me first
your real-life usage and need for this.



My own need is to support Buster & Xenial for embedded devices at work
with only mlocate.
Hybriding updatedb would mean one more ugly #ifdef in the C code.
   https://sources.debian.org/src/cruft-ng/0.9.56/debian/rules/

Usage of plain old "locate" from findutils was never an option
as it is so slow and would be harmful to cruft(-ng) users.


I have configured locate.findutils to be my "locate" due to different 
behaviour when providing multiple file arguments.


I know it's slower, and I can live with that.

However, cruft-ng calling "updatedb" updates incorrect database this way, it 
also produces errors.


And since cruft-ng calls explicitly "plocate", it could as well call 
explicitly "updatedb.plocate"


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christian Science Programming: "Let God Debug It!".

Bug#1043209: call updatedb.plocate explicitly

[Matus UHLAR - fantomas]

Package: cruft-ng
Version: 0.9.54

The cruft-ng package depends on and uses "plocate", but calls "updatedb" 
instead of "updatedb.plocate", which is more appropriate (locate/updatedb 
may point to different package using alternatives)


please change cruft-ng to call "updatedb.plocate".
thanks
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse

Bug#1042760: create RUNDIR

[Matus UHLAR - fantomas]

Package: ippl
Version: 1.4.14-13

Hello,

the bug#390154 was reintroduced in 1.4.14-13 by not creating $RUNDIR

I'm attaching patch that fixes this behaviour, modified to use "$RUNDIR" 
variable.


In addition, start-stop-daemon now uses "$CONFFILE" intead of hardcoded file 
name


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.
--- /etc/init.d/ippl.orig	2021-12-23 13:41:09.0 +0100
+++ /etc/init.d/ippl	2023-07-31 15:37:26.775493992 +0200
@@ -150,7 +150,7 @@
 
 start () {
   if ! check_started; then
-  start_daemon -p $PIDFILE $DAEMON -c /run/ippl/ippl.conf
+  start_daemon -p $PIDFILE $DAEMON -c "$CONFFILE"
   ret=$?
   else
 log_failure_msg "already running!"
@@ -181,6 +181,8 @@
   fi
 }
 
+[ -e "$RUNDIR" ] || \
+  install -d -oDebian-ippl -gDebian-ippl -m755 "$RUNDIR"
 
 case "$1" in
   start)

Bug#874056: replace pure-ftpd.conf with note

[Matus UHLAR - fantomas]

Hello,

perhaps better solution would be to replace pure-ftpd.conf
with note that this configuration file is not used, and 
pure-ftpd-wrapper manual page should be used instead.



--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.

Bug#1020859: spamd init script chooses wrong default

[Matus UHLAR - fantomas]

Package: spamd
Version: 4.0.0~rc3-2

Hello,

the /etc/init.d/spamd init script loads /etc/default/spamassassin while 
package is bundled with /etc/default/spamd


this is apparently unintentional


It may be welcome when upgrading from versions <4 if admin configured 
different defaults, unless upgrade script will be able to migrate PIDFILE 
and OPTIONS settings from /etc/default/spamassassin to /etc/default/spamd


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Micro random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...

Bug#1012121: init.d script fixes

[Matus UHLAR - fantomas]

Package: vrfydmn
Version: 0.11.0-1

Hello,

the init script loads /etc/default/vrfydmn OR uses predefined variables.
This may be inconvenient to use default file for overrides.

Also, the script uses hardcoded name "vrfydmn" even for RUNDIR that is 
configurable.


I'm attaching patch that sets variables first and loads 
/etc/default/vrfydmn after, allowing to use or override defaults.


it also uses the unused EXTRAAFTER variable.

Finally I fixed typo and skipped "for postfix" part, hopefully it could work 
with sendmail too.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christian Science Programming: "Let God Debug It!".
--- vrfydmn.orig	2019-07-08 14:52:03.0 +0200
+++ vrfydmn	2022-05-30 15:34:49.923077589 +0200
@@ -8,34 +8,32 @@
 # Default-Start:   2 3 4 5
 # Default-Stop:0 1 6
 # Short-Description:   Start vrfydmn daemon
-# Description: Start up vrfydmn, a anti-spoofing milter for Postfix
+# Description: Start up vrfydmn, an anti-spoofing milter
 ### END INIT INFO
 
 . /lib/lsb/init-functions
 
 NAME=vrfydmn
-
-# Include defaults if available
-if [ -f /etc/default/vrfydmn ] ; then
-. /etc/default/vrfydmn
-else
-RUNDIR=/var/run/vrfydmn
-SOCKET=local:$RUNDIR/vrfydmn.sock
+RUNDIR=/var/run/${NAME}
+SOCKET=local:${RUNDIR}/${NAME}.sock
 USER=vrfydmn
 GROUP=vrfydmn
-PIDFILE=$RUNDIR/$NAME.pid
-fi
-
+PIDFILE=${RUNDIR}/${NAME}.pid
 COMMAND="/usr/sbin/${NAME}"
 
+# Include defaults if available
+if [ -f /etc/default/${NAME} ] ; then
+. /etc/default/${NAME}
+fi
+
 start_daemon() {
-	mkdir -p /var/run/${NAME}
-	chown $USER:$GROUP /var/run/${NAME}
+	mkdir -p ${RUNDIR}
+	chown $USER:$GROUP ${RUNDIR}
 
 echo "Starting ${NAME}"
 start-stop-daemon --start --pidfile "${PIDFILE}" \
 --exec ${COMMAND} -- -p "${PIDFILE}" -s $SOCKET \
--u $USER -g $GROUP
+-u $USER -g $GROUP $EXTRAAFTER
 return $?
 }
 
@@ -64,7 +62,7 @@
 		$0 stop && $0 start
 		;;
 	status)
-		status_of_proc -p ${PIDFILE} vrfydmn vrfydmn && exit 0 || exit $?
+		status_of_proc -p ${PIDFILE} ${NAME} ${NAME} && exit 0 || exit $?
 		;;
 	*)
 		echo "Usage: ${NAME} {start|stop|restart|reload|status}" >&2

Bug#1010353: vrfydmn.postinst checks for incorrect user

[Matus UHLAR - fantomas]

Package: vrfydmn
Version: 0.11.0-1

Hello,

the postinst script checks for user opendkim, and if it does not exist, 
creates user vrfydmn.

this causes postinst to fail so the package is left in unconfigured state.
I believe this is an error and the user vrfydmn is to be checked and/or 
created.


I'm attaching patch that fixes this behaviour.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective who its friends are...
--- vrfydmn.postinst-old	2019-07-08 15:00:31.0 +0200
+++ vrfydmn.postinst	2022-04-29 12:55:42.987613617 +0200
@@ -20,7 +20,7 @@
 }
 
 if [ "$1" = "configure" ]; then
-	if ! id -u opendkim >/dev/null 2>&1; then
+	if ! id -u vrfydmn >/dev/null 2>&1; then
 		adduser --quiet --system --group --home /var/run/vrfydmn vrfydmn
 	fi
 

Bug#1007926: backport opendmarc-1.4.2

[Matus UHLAR - fantomas]

Package: opendmarc
Version: 1.4.2-1

Hello opendmarc maintainer(s),

could you please upload version 1.4.2-1 to bullseye?

We've had current version crashing apparently because of bug fixed in 1.4.2:


Fix issue #179: Don't crash when a value in a multi-valued From field
is missing a domain name.  Resolves CVE-2021-34555.

Also, the version 1.4.1 provides new useful option:

Added config option HoldQuarantinedMessages (default false), which
controls if messages with p=quarantine will be passed on to
the mail stream (if False) or placed in the MTA's "hold"
queue (if True).  Issue #105.  Patch by Marcos Moraes, on
the OpenDMARC mailing list.

I have verified that 1.4.2 version does not crash on the same e-mail that 
caused 1.4.0 to crash multiple times.


thank you

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
You have the right to remain silent. Anything you say will be misquoted,
then used against you.

Bug#1006890: missing libio-string-perl dependency

[Matus UHLAR - fantomas]

Package: spamassassin
Version: 3.4.6-1

Hello,

package spamassassin plugin OLEVBMacro requires debian package libio-string-perl
otherwise checks fail with message:

Mar  7 19:17:05.217 [25340] dbg: OLEVBMacro: Found zip attachment with name 
attachments 1635049.zip
Mar  7 19:17:05.217 [25340] dbg: message: decoding base64
Mar  7 19:17:05.218 [25340] warn: rules: failed to run L_OLEMACRO_ZIP_PW test, 
skipping:
Mar  7 19:17:05.218 [25340] warn:  (Can't locate object method "new" via package 
"IO: [...]:String" at /usr/share/perl5/Mail/SpamAssassin/Plugin/OLEVBMacro.pm line 758.
Mar  7 19:17:05.218 [25340] warn: )

thanks

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler

Bug#1006660: init script uses wrong config

[Matus UHLAR - fantomas]

Package: pyspf-milter
Version: 2.9.2-1

Hello,

pyspf-milter comes with config file /etc/pyspf-milter/pyspf-milter.conf
but init script uses $sysconfdir/$NAME.conf which resolves to 
/etc/pyspf-milter.conf:


pyspf-m+  7197  0.0  0.1 126124 19400 ?Sl   19:58   0:00 
/usr/bin/python3 /usr/bin//pyspf-milter /etc/pyspf-milter.conf

as a result, defaults are used instead of config file.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for changes to take
to take effect. [OK]

Bug#1006283: milter fails on utf-8 text

[Matus UHLAR - fantomas]

Package: pyspf-milter
Version: 2.9.2-1

Hello,

it seems that pyspf-milter fails if the incoming message contains unicode 
content. 


Looks like it fails even in case when it could continue successfully:

Feb 17 22:25:57 fantomas sm-mta[13913]: STARTTLS=server, 
relay=lists.sourceforge.net [216.105.38.7], version=TLSv1.2, verify=NOT, 
cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Feb 17 22:25:57 fantomas pyspf-milter[1573]: prepend Authentication-Results: 
fantomas.fantomas.sk; spf=pass (sender SPF authorized) 
smtp.mailfrom=lists.sourceforge.net (client-ip=216.105.38.7; 
helo=lists.sourceforge.net; 
envelope-from=courier-users-boun...@lists.sourceforge.net; receiver=)
Feb 17 22:25:57 fantomas sm-mta[13913]: 21HLPo98013913: 
from=, size=6029, class=-30, nrcpts=2, 
msgid=<5946cd31-34c2-b6f7-4cfd-8b33236d5...@dmj.nu>, bodytype=8BITMIME, proto=ESMTPS, 
daemon=MTA-v4, relay=lists.sourceforge.net [216.105.38.7]
Feb 17 22:25:57 fantomas pyspf-milter[1573]: UnicodeDecodeError: 'utf-8' codec 
can't decode byte 0xc2 in position 542: invalid continuation byte
Feb 17 22:25:57 fantomas pyspf-milter[1573]: pyspf-filter: milter claimed not 
to reply in state 7 but did anyway 4
Feb 17 22:26:57 fantomas sm-mta[13913]: 21HLPo98013913: Milter (pyspf-milter): 
timeout before data read, where=eom

Jan  9 06:59:33 fantomas sm-mta[5692]: STARTTLS=server, 
relay=lists.sourceforge.net [216.105.38.7], version=TLSv1.2, verify=NOT, 
cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Jan  9 06:59:33 fantomas pyspf-milter[3257]: prepend Authentication-Results: 
fantomas.fantomas.sk; spf=pass (sender SPF authorized) 
smtp.mailfrom=lists.sourceforge.net (client-ip=216.105.38.7; 
helo=lists.sourceforge.net; 
envelope-from=courier-users-boun...@lists.sourceforge.net; receiver=)
Jan  9 06:59:33 fantomas sm-mta[5692]: 2095xQbw005692: 
from=, size=6862, class=-30, nrcpts=2, 
msgid=<2982fa42cb1d0a63fd9f17017eece510fc426a9f.ca...@mariochiari.net>, 
bodytype=8BITMIME, proto=ESMTPS, daemon=MTA-v4, relay=lists.sourceforge.net [216.105.38.7]
Jan  9 06:59:33 fantomas pyspf-milter[3257]: UnicodeDecodeError: 'utf-8' codec 
can't decode byte 0xc1 in position 370: invalid start byte
Jan  9 06:59:33 fantomas pyspf-milter[3257]: pyspf-filter: milter claimed not 
to reply in state 7 but did anyway 4
Jan  9 07:00:33 fantomas sm-mta[5692]: 2095xQbw005692: Milter (pyspf-milter): 
timeout before data read, where=eom

I have set mailserver to accept mail for these cases and I may provide 
example of data if needed


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states.

Bug#1005110: pyspf-milter fails to start

[Matus UHLAR - fantomas]

Package: python3-spf-engine
Version: 2.9.2-1

Hello,

after installing pyspf-milter refuses to start with error:

Feb  7 13:34:31 fantomas pyspf-milter[9977]: ImportError: cannot import name 
'own_socketfile' from 'spf_engine.util' 
(/usr/lib/python3/dist-packages/spf_engine/util.py)

according to https://bugs.launchpad.net/spf-engine/+bug/1856391 the problem
is causes by useless importin:
/usr/lib/python3/dist-packages/spf_engine/milter_spf.py
on line 40:


from spf_engine.util import own_socketfile

commenting out this like maked milter start correctly.



--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I drive way too fast to worry about cholesterol.

Bug#1003161: 10check-duplicate-ip arping differences

[Matus UHLAR - fantomas]

Package: ifupdown-extra
Version: 0.32

Hello,

the 10check-duplicate-ip produces errors when used with iputils-arping:

Jan  5 12:56:12 uhlar-nb nm-dispatcher[46938]: 
/etc/network/if-up.d/10check-duplicate-ip: 86: cannot create /dev/stdout: No 
such device or address
Jan  5 12:56:12 uhlar-nb root[46948]: ERROR: Duplicate address 192.168.0.13 
assigned in the network where wlan0 is connected to.
Jan  5 12:56:12 uhlar-nb nm-dispatcher[46948]: <27>Jan  5 12:56:12 root[46948]: 
ERROR: Duplicate addres 192.168.0.13 assigned in the network where wlan0 is connected 
to.

1.

redirection to /dev/stdout fails, apparently there's no stdout when the
script is run, filedescriptor 1 (stdout) is closed and the redirection fails
because (/dev/stdout points to /proc/self/fd/1 which does not exist.

This issue is (partly) caused by fix for bug #632210, unfortunately this fix
causes an error.

2.

the duplicate address detection reports duplicity.
This seems to be caused by different behaviour of arping and iputils-arping:

- arping returns 0 when ping is successfull, 1 when it's not:

  -D
  Duplicate address detection mode (DAD). See RFC2131, 4.4.1. Returns
  0, if DAD succeeded i.e. no replies are received.


# /usr/sbin/arping -c 2 -w 3 -D -I wlan0 192.168.0.11
!!0% packet loss (0 extra)
# echo $?
0
# /usr/sbin/arping -c 2 -w 3 -D -I wlan0 192.168.0.12
..  100% packet loss (0 extra)
Exit 1

- iputils-arping returns 1 when ping is successful, 0 when it's not:

  -d Find duplicate replies. Exit with 1 if there  are  answers  from
 two different MAC addresses.


# /usr/bin/arping -c 2 -w 3 -D -I wlan0 192.168.0.11
ARPING 192.168.0.11 from 0.0.0.0 wlan0
Unicast reply from 192.168.0.11 [30:3A:64:aa:bb:cc]  85.519ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)
Exit 1
# /usr/bin/arping -c 2 -w 3 -D -I wlan0 192.168.0.12
ARPING 192.168.0.12 from 0.0.0.0 wlan0
Sent 2 probes (2 broadcast(s))
Received 0 response(s)
# echo $?
0

so, the compared value has to be different for these two commands.


The good info is that arping now supports the "-q" option, so the
redirection is not needed:

# /usr/bin/arping -c 2 -w 3 -D -I wlan0 192.168.0.11 -q
Exit 1
# /usr/bin/arping -c 2 -w 3 -D -I wlan0 192.168.0.12 -q
# echo $?
0


I am attaching patch that:
- removes redirection
- adds -q option for either arping version
- defined return value to compare exit code

This error was also mentioned in bug 993826.

I have tested with both arping and iputils-arping, no duplicities detected
and no errors noticed.


Notes:
- "Exit 1" is produced by my shell when command returns non-zero status
- 192.168.0.11 is alive on my network, 192.168.0.12 is not

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow that.
--- 10check-duplicate-ip.orig	2021-06-03 08:13:30.0 +0200
+++ 10check-duplicate-ip	2022-01-05 13:39:15.087699050 +0100
@@ -83,8 +83,8 @@
 # Skip interface is address is IPv6, arping only works for IPv4
 if ! echo ${ADDR} | grep -q ":" ; then
 		[ "$VERBOSITY" -eq 1 ] && $OUTPUT "DEBUG: Sending arp pings through $real_iface (for $IFACE) to detect other systems using $ADDR"
-$ARPING -c $ARP_COUNT -w $ARP_TIMEOUT -D -I $real_iface $ADDR $ARPING_EXTRAOPTS >$ARPING_REDIR
-		if [ $? -ne 0 ] ; then
+$ARPING -c $ARP_COUNT -w $ARP_TIMEOUT -D -I $real_iface $ADDR -q
+		if [ $? -eq $ARPING_DUPLICITY ] ; then
 $OUTPUT "ERROR: Duplicate address $ADDR assigned in the network where $real_iface is connected to."
 		fi
 fi
@@ -118,15 +118,13 @@
 # We are going to use iputils-arping
 ARPING=/usr/bin/arping
 ARP_TIMEOUT=${ARP_TIMEOUT:-3} # Time here is measured in seconds
-ARPING_EXTRAOPTS="-q" # Use -q(uiet) in iputil's arping
-ARPING_REDIR="/dev/stdout"# Do not redirect output
+ARPING_DUPLICITY=1# iputils-arping returns 1 when duplicity is detected
 else
 if [ -x /usr/sbin/arping ] ; then
 ARPING=/usr/sbin/arping
 ARP_TIMEOUT=${ARP_TIMEOUT:-1500} # Time here is measures in milliseconds
  # experiments show anything less than 1500 is unreliable.
-ARPING_EXTRAOPTS=""  # No '-q' option in arping
-ARPING_REDIR="/dev/null"# Send output to /dev/null if using this program
+ARPING_DUPLICITY=0   # arping returns 0 when duplicity is detected
 else
 # Do not continue if ARPING is not available
 echo "WARNING: Cannot check for duplicate IP address in the network. The script cannot find the 'arping' program (tried /usr/bi

Bug#996035: AttributeError: 'NoneType' object has no attribute 'section'

[Matus UHLAR - fantomas]

Package: kthresher
Version: 1.4.1-2

Hello,

kthresher does not remove old kernel, --dry-run fails with:

# kthresher --dry-run
INFO: Attempting to read /etc/kthresher.conf.
INFO: Options found: ['include'].
INFO: Valid setting found "include"
INFO:   include = /etc/kthresher.d/*.conf
INFO: Options: {'dry_run': True, 'headers': False, 'keep': 1, 'purge': False, 
'verbose': False, 'include': '/etc/kthresher.d/*.conf'}
INFO: - DRY RUN -
INFO: Running kernel is linux-image-5.10.0-9-amd64 v[5.10.70-1]
Traceback (most recent call last):
 File "/usr/bin/kthresher", line 33, in 
   sys.exit(load_entry_point('kthresher==1.4.1', 'console_scripts', 
'kthresher')())
 File "/usr/lib/python3/dist-packages/kthresher.py", line 481, in main
   kthreshing(purge=False, headers=options["headers"], keep=options["keep"])
 File "/usr/lib/python3/dist-packages/kthresher.py", line 275, in kthreshing
   section = pkg.candidate.section or ''
AttributeError: 'NoneType' object has no attribute 'section'

This is apparently caused by installed package (minecraft-launcher) that has
no Section: defined.

While I agree that the package probably should have Section: header,
I believe kthresher should not crash in such case.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.

Bug#991142: f_debug side effects

[Matus UHLAR - fantomas]

Package: syslog-ng-core
Version: 3.19.1-5

Hello,
the standard syslog-ng.conf contains (among others) these lines:

filter f_dbg { level(debug); };

filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); };

filter f_auth { facility(auth, authpriv) and not filter(f_debug); };

filter f_mail { facility(mail) and not filter(f_debug); };
filter f_news { facility(news) and not filter(f_debug); };

log { source(s_src); filter(f_auth); destination(d_auth); };

log { source(s_src); filter(f_mail); destination(d_mail); };

log { source(s_src); filter(f_debug); destination(d_debug); };


...the f_debug includes debug level and excludes facilities auth,
authpriv, news and mail, which is good for d_debug destination, BUT,
because of excluding those facilities, the "not filter(f_debug)" does NOT 
exclude debug
priority for any of them:

mail.debug:
filter(f_debug) = false
not filter(f_debug) = true

Thus, debug priority is not excluded in d_auth and d_mail destinations,
while it was apparently intended to be filtered out.

we can test it by running:

# logger  -p mail.debug mail debug
# logger  -p auth.debug auth debug

# grep debug auth.log mail.log
auth.log:Jul 15 16:22:51 mail root[29022]: auth debug
mail.log:Jul 15 16:07:25 mail root[26770]: mail debug


I believe that it can be fixed by either:

a) removing "not filter(f_debug);" from f_auth, f_mail and f_news definitions

b) using "not filter(f_dbg)" instead of "not filter(f_debug)" in log
  definitions

c) moving "not facility(auth, authpriv, news, mail)" to definicion of f_dbg
 and using f_dbg for d_debug


with variant a) the functionality would stay the same but less misleading

I personally would prefer variant c) as I find it cleanest and easiest to
understand and debug.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...

Bug#956207: db_stop in postinst should do that

[Matus UHLAR - fantomas]

Hello,

I encountered the same problem although with 1.3.2-6+deb10u1:

installation of a package, or running dpkg-reconfigure opendmarc causes
script to hang at the stage:

root 27685  0.4  0.4  24488 16732 pts/5S+   15:20   0:00 /usr/bin/perl 
-w /usr/share/debconf/frontend /var/lib/dpkg/info/opendmarc.postinst configure 
1.3.2-6+deb10u1
root 27749  0.0  0.0  0 0 pts/5Z+   15:20   0:00 [opendmarc.posti] 

opendma+ 27904  0.0  0.0  47620  1920 ?Ssl  15:20   0:00 
/usr/sbin/opendmarc -c /etc/opendmarc.conf -u opendmarc -P 
/var/run/opendmarc/opendmarc.pid

adding "db_stop" at the end of postinst script (before exit 0) fixed the
problem.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
He who laughs last thinks slowest.

Bug#987990: spamassassin 3.4.6 available

[Matus UHLAR - fantomas]

Package: spamassassin
Version: 3.4.5~pre1-4

Hello,

there's new SpamAssassin version 3.4.6 available.
Contains bug fixes compared to 3.4.5~pre1-4 in debian archive.
Please provide a package.
Thank you very much
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.

Bug#986622: fixes

[Matus UHLAR - fantomas]

Hello,

I just wanted to note that clamav 0.103.2 fixes[1] all issues currently open
at security tracker[2]

CVE-2021-1252
CVE-2021-1404
CVE-2021-1405

It also makes freshclam more efficient for work with clamav mirrors, which
is desired for clamav infrastructure that has problems with older
versions[3] [4] [5].

[1]
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

[2]
https://security-tracker.debian.org/tracker/source-package/clamav 


[3]
https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html

[4]
https://lists.clamav.net/pipermail/clamav-users/2021-March/010578.html

[5]
https://lists.clamav.net/pipermail/clamav-users/2021-April/011043.html
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...

Bug#832916: use $path instead

[Matus UHLAR - fantomas]

Hello,

in (t)csh you are supposed to use $path variable instead:

set path=(~/bin $path)

I believe this bug can be closed.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for changes to take
to take effect. [OK]

Bug#974926: cacti zoom bug

[Matus UHLAR - fantomas]

Package: cacti
Version: 0.8.8h+ds1-10+deb9u1

when trying to zoom a graph, bug in cacti causes it to ignore zoom because
of timestamp too high.

the original cacti ignores timestamp bigger than 16, however we've
been there already:

% date -d @16
Sun Sep 13 14:26:40 CEST 2020

cacti bug explained:

https://github.com/Cacti/cacti/issues/3797

attaching patch for cacti 0.8.8h in stretch


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etry, (A)bort, (C)ancer
--- /usr/share/cacti/site/graph_image.php.orig	2013-08-07 04:31:19.0 +0200
+++ /usr/share/cacti/site/graph_image.php	2020-09-30 15:58:57.439931128 +0200
@@ -60,12 +60,12 @@
 $graph_data_array = array();
 
 /* override: graph start time (unix time) */
-if (!empty($_GET["graph_start"]) && $_GET["graph_start"] < 16) {
+if (!empty($_GET["graph_start"]) && $_GET["graph_start"] < 26) {
 	$graph_data_array["graph_start"] = $_GET["graph_start"];
 }
 
 /* override: graph end time (unix time) */
-if (!empty($_GET["graph_end"]) && $_GET["graph_end"] < 16) {
+if (!empty($_GET["graph_end"]) && $_GET["graph_end"] < 26) {
 	$graph_data_array["graph_end"] = $_GET["graph_end"];
 }
 
--- /usr/share/cacti/site/graph_xport.php.orig	2018-10-23 09:32:19.407796822 +0200
+++ /usr/share/cacti/site/graph_xport.php	2020-10-23 09:32:55.536128501 +0200
@@ -53,12 +53,12 @@
 /*  */
 
 /* override: graph start time (unix time) */
-if (!empty($_GET["graph_start"]) && is_numeric($_GET["graph_start"]) && $_GET["graph_start"] < 16) {
+if (!empty($_GET["graph_start"]) && is_numeric($_GET["graph_start"]) && $_GET["graph_start"] < 26) {
 	$graph_data_array["graph_start"] = get_request_var("graph_start");
 }
 
 /* override: graph end time (unix time) */
-if (!empty($_GET["graph_end"]) && is_numeric($_GET["graph_end"]) && $_GET["graph_end"] < 16) {
+if (!empty($_GET["graph_end"]) && is_numeric($_GET["graph_end"]) && $_GET["graph_end"] < 26) {
 	$graph_data_array["graph_end"] = get_request_var("graph_end");
 }
 

Bug#972947: login not visible with classic theme

[Matus UHLAR - fantomas]

Package: cacti
Version: 1.2.2+ds1-2+deb10u3

when system theme is set to "Classic", the login page is not visible.
the text is displayed white on a white background.

mozilla's "inspect element" reports that:
.ui-state-default class from main.css:1958 sets background to #FF 
.ui-state-default class from jquery-ui.css:940 sets color to #ff


...which results to white on white.


this was reported to cacti:
https://github.com/Cacti/cacti/issues/3535

but it's apparently debian bug because of not using bundled jquery-ui.css

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.

Bug#943692: Info received (reopened for stable)

[Matus UHLAR - fantomas]

Hello,

as new point release is planned, is it possible to try pushing fixed squid
version (applied proposed patch) to buster?

Thank you.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)

Bug#960302: [Pkg-roundcube-maintainers] Bug#960302: imap retry must be tunable

[Matus UHLAR - fantomas]

On 24.05.20 01:34, Sandro Knauß wrote:

Well I tried several times to reach upstream and they are often not answering.
Never the less I created a pull request with an updated version, that does no
retry for unrecoverable failures like authentication failure, no password,
configuration failure. That should improve the situation already in this issue.

@Matus UHLAR: please try the patch attached to the pull request if this fixes
your issue:
https://github.com/roundcube/roundcubemail/pull/7402


On 25.05.20 17:50, Matus UHLAR - fantomas wrote:

this patch works properly when invalid password is entered.


works properly even in backported version 1.4.4+dfsg.1-1~bpo10+1


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.

Bug#960302: [Pkg-roundcube-maintainers] Bug#960302: imap retry must be tunable

[Matus UHLAR - fantomas]

On 24.05.20 01:34, Sandro Knauß wrote:

Could you please have a look at this regression report?  You authored
the patch and my PHP-fu is failing me :-P  It should definitely not
retry the very same incorrect credentials.  Even on systems without
anti-bruteforce logic that locks the user out, Roundcube still takes 5
times longer to complain a about a failed login — which is not
negligible when an expensive PBKDF is used for credential verification.


ACK


I think it's rather unfortunate that
debian/patches/retry_to_reach_imap_server.patch was AFAICT never submitted
upstream and landed into stable through -p-u. I dunno whether
program/lib/Roundcube/rcube_imap.php:connect() has access to the IMAP state
machine to determine whether a greeting was seen (AFAICT your intention was
to retry on missing greeting lines, not on NO/BYE greeting conditions let
alone failed authentication attempts) or to another interface returning
whether the error is transient or not. Either way it'd be good to have
upstream's blessing before adopting such patches to Debian :-)


Well I tried several times to reach upstream and they are often not answering.
Never the less I created a pull request with an updated version, that does no
retry for unrecoverable failures like authentication failure, no password,
configuration failure. That should improve the situation already in this issue.

@Matus UHLAR: please try the patch attached to the pull request if this fixes
your issue:
https://github.com/roundcube/roundcubemail/pull/7402


this patch works properly when invalid password is entered.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Enter any 12-digit prime number to continue.

Bug#960302: imap retry must be tunable

[Matus UHLAR - fantomas]

Please,

for now, revert the patch from bug#947320 and try to post functionality
change to roundcube first.
Thanks.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody

Bug#960302: imap retry must be tunable

[Matus UHLAR - fantomas]

Package: roundcube-core
Version: 1.3.11+dfsg.1-1~deb10u1

Hello,

the imap retry patch added within bug 947320 locks my accounts when I enter
invalid password.

The problem is, that password is tried 6 times, this number is hardcoded.
After 5 times, the login gets locked out.

The original code does not retry after unsuccessful attempt, the retry can
be requested by plugins.

The patch should allow maximum number of atempts, or check for unsuccessful
logins and not retry those.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watkins.  -- Daffy Duck & Porky Pig

Bug#854039: 1.7.0 out and working

[Matus UHLAR - fantomas]

Hello,

I have compiled amavisd-milter 1.7.0 with debian/ from
amavisd-milter_1.5.0-5.debian.tar.gz , and it works great.

the only change required was this one:

--- /tmp/amavisd-milter-1.7.0/debian/amavisd-milter.docs2012-05-27 
15:52:17.0 +0200
+++ /root/amavisd-milter/amavisd-milter-1.7.0/debian/amavisd-milter.docs
2020-04-20 18:02:14.656287271 +0200
@@ -1,2 +1 @@
-AUTHORS
-README
+AMAVISD-MILTER.md


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"The box said 'Requires Windows 95 or better', so I bought a Macintosh".

Bug#958462: amavis hits ALL_TRUSTED for milter connections

[Matus UHLAR - fantomas]

Package: amavisd-new
Version: 1:2.11.0-6.1

when mail passed through milter connection is scanned, it hits ALL_TRUSTED
SA rule, because it treats mail as originating:

Here's the issue and very simple one-line patch that fixes this behaviour:

https://gitlab.com/amavis/amavis/-/issues/61

I have verified this patch to work properly with debian-provided postfix,
amavisd-new and amavisd-milter.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers.

Bug#956390: aptitude -o complains about empty value

[Matus UHLAR - fantomas]

Package: aptitude
Version: 0.8.11-7

when I want to clear a config value, aptitude complains about syntax:

# aptitude -o Acquire::http::Proxy= install
-o requires an argument of the form key=value, got Acquire::http::Proxy=

this can be worked around with quoting empty quotes, e.g.:

# aptitude -o 'Acquire::http::Proxy=""' install

but aptitude should install empty value after '='

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, that's a question!

Bug#870624: hanged APT during update

[Matus UHLAR - fantomas]

Hello,


Am 08.11.2019 um 10:08 teilte Matus UHLAR - fantomas mit:

This bug just caused unattended-upgrades for two days until I noticed it.

Please, if possible, push fixed version to oldstable so this does not
happen
again.


On 17.02.20 14:50, Hilmar Preuße wrote:

I February 2018 I gave you test packages and told you to report back. I
never got response, hence the patch was not committed to the repository.


I am really sorry for missing this - my fault.


Do you now have the time to test?

https://freeshell.de/~hille42/proftpd/870624/

Yes, the packages are outdated now. Will you test now if I build new
packages?


I have tested upgrade from jessie 1.3.5-1.1+deb8u2 (my vmware installation)

- to 1.3.5b-4+deb9u3 (in stretch) hanged.
- to 1.3.5b-4+deb9u1 from the page above worked fine.

I assume your patch works fine.

Thanks for the work.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states.

Bug#943692: reopened for stable

[Matus UHLAR - fantomas]

Dear Maintainer,

I have reopened this bug as long as it is not fxed in debian stable.

Please, push the provided patch to squid-4.6 in buster.

Hopefully, next security update (fixing CVE-2020-8517, CVE-2020-8450,
CVE-2020-8449 and CVE-2020-8449)  will be done soon so we sould have fixed
version in debian.

The current version 4.6-1+deb10u1 crashes too often (multiple times a day)
on some systems.

Thank you

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."

Bug#945003: rpcbind doesn't start after update

[Matus UHLAR - fantomas]

Package: rpcbind
Version: 1.2.5-0.3+deb10u1

Hello,

after upgrading rpcbind from 1.2.5-0.3 to 1.2.5-0.3+deb10u1 the rpcbind was
not started

the logs say:

Unpacking rpcbind (1.2.5-0.3+deb10u1) over (1.2.5-0.3) ...
Setting up rpcbind (1.2.5-0.3+deb10u1) ...
Stopping RPC port mapper daemon: rpcbind.
Already running: rcpbind.

however, the rpcbind process was not running.
We use sysvinit here.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.

Bug#943692: Info received (same problem here, patch fixed it)

[Matus UHLAR - fantomas]

Thank you. Is it possible to push patched version to buster?
Seems that we have just missed point release :-(

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
42.7 percent of all statistics are made up on the spot.

Bug#840533: Acknowledgement (rcconf fails with multiple files)

[Matus UHLAR - fantomas]

Hello,

anything new about this package? It's been two releases since...
Thanks

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
A day without sunshine is like, night.

Bug#870624: hanged APT during update

[Matus UHLAR - fantomas]

Hello,

This bug just caused unattended-upgrades for two days until I noticed it.

Please, if possible, push fixed version to oldstable so this does not happen
again.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
LSD will make your ECS screen display 16.7 million colors

Bug#943692: same problem here, patch fixed it

[Matus UHLAR - fantomas]

Hello,

I have the same problem with squid 4.6-1+deb10u1.
I have applied the patch mentioned and it fixed the problem.

http://www.squid-cache.org/Versions/v4/changesets/squid-4-10b699c30ef575d97e093d344ff85771654e7d8c.patch

Please, update the version in debian.
Thank you.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!

Bug#942398: mirror listing update for ftp.debian.sk

[Matus UHLAR - fantomas]

Package: mirrors
Severity: minor
User: mirr...@packages.debian.org
Usertags: mirror-list

Submission-Type: update
Site: ftp.debian.sk
Type: leaf
Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 i386 kfreebsd-amd64 
kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x
Archive-http: /debian/
Archive-rsync: debian/
Maintainer: Matus UHLAR - fantomas 
Country: SK Slovakia
Location: Bratislava
Sponsor: Slovanet a.s. http://www.slovanet.net/




Trace Url: http://ftp.debian.sk/debian/project/trace/
Trace Url: http://ftp.debian.sk/debian/project/trace/ftp-master.debian.org
Trace Url: http://ftp.debian.sk/debian/project/trace/ftp.debian.sk

Bug#932978: setting VERBOSE to YES seems help

[Matus UHLAR - fantomas]

Hello,

is seems that setting VERBOSE=yes in /etc/default/rcS did help in at least
some cases.

I'll look further.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's speed by 500% - DEL C:\WINDOWS\*.*

Bug#939824: add meta package

[Matus UHLAR - fantomas]

On September 9, 2019 10:03:13 AM UTC, Matus UHLAR - fantomas 
 wrote:

Please, add meta package pointing to current libclamunrar.


On 10.09.19 16:02, Sebastian Andrzej Siewior wrote:

Do you have an example how that should look like? I can't add package to main 
which has a recommends or depends on a package in contrib or non-free, see:
 
https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_debian_is_100_free_software


I believe that the dependency from libclamav could stay at Suggests: level,
adding new metapackage:

Suggests: libclamunrar9, libclamunrar

while libclamunrar would have hard Depends: libclamunrar

Depends: libclamunrar9

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to the x86 architecture that
allows you to install Windows.   -- Matthew D. Fuller

Bug#939824: add meta package

[Matus UHLAR - fantomas]

Source: libclamunrar
Version: 0.101.2-1

Please, add meta package pointing to current libclamunrar.

Since the dependency level from libclamav is only "suggests", it won't be
upgraded unless the user selects it or Install-Suggests is true.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.

Bug#914865: anything new?

[Matus UHLAR - fantomas]

Matus UHLAR - fantomas  ezt írta (időpont: 2019.
aug. 19., H, 18:12):

this problem seems to be in apt, not in unattended-uprades.

I have configured apt to use /tmp as base for packages:

Dir::Cache::archives "/tmp/archives";
Apt::Update::Pre-Invoke {"mkdir -m 700 -p /tmp/archives/partial";};

unfortunately, the pre-invoke command only seems to be called when package
list is updated (as its name says), not when packages are fetched to be
installed.

hacking unattended-uprades to call update would apparently fix this


On 23.08.19 18:26, Bálint Réczey wrote:

Thanks for the additional info.
IMO APT should either provide a hook to be called before fetching
archives or the maintainers can decide to not provide one and tell
users to create the directory structure for themselves.
Since the issue affects all python-apt users and APT maintainers
should make the call on the solution I'm reassigning the bug.


apt since (1.8.0~rc4) supports APT::Install::Pre-Invoke hook, as result of
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1815761

hopefully this could be used in for unattended-upgrades, if it's called
before packages are to be downloaded, not only installed.

Otherwise we need new, possibly more generic hook.

I believe that since many people have SSDs, they will prefer downloading
archives to temporary storage.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool.

Bug#914865: anything new?

[Matus UHLAR - fantomas]

Hello,

this problem seems to be in apt, not in unattended-uprades.

I have configured apt to use /tmp as base for packages:

Dir::Cache::archives "/tmp/archives";
Apt::Update::Pre-Invoke {"mkdir -m 700 -p /tmp/archives/partial";};

unfortunately, the pre-invoke command only seems to be called when package
list is updated (as its name says), not when packages are fetched to be
installed.

hacking unattended-uprades to call update would apparently fix this 


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.

Bug#932978: [Pkg-net-snmp-devel] Bug#932978: snmpd postinst fails

[Matus UHLAR - fantomas]

On 25.07.19 21:52, Craig Small wrote:

 Seems a bit strange it doesn't work, until it feels like it then it's all
ok. My guess is that some transitional thing is upsetting the init script.

Do you use systemd or sysvinit?  That will narrow down if it a unit file or
init script issue.


we use sysvinit.

FYI, I have tried to debug the problem by editing the scripts, no luck.
I'll provide update if I find something.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool.

Bug#932978: snmpd postinst fails

[Matus UHLAR - fantomas]

Package: snmpd
Version: 5.7.3+dfsg-5

Hello,
when trying to upgrade from stretch to buster, the postinst script for snmpd
fails:

# dpkg --configure -a
Setting up snmpd (5.7.3+dfsg-5) ...
invoke-rc.d: initscript snmpd, action "restart" failed.
dpkg: error processing package snmpd (--configure):
installed snmpd package post-installation script subprocess returned error exit 
status 1
Errors were encountered while processing:
snmpd
# ps -ef |grep snmp 
Debian-+ 13892 1  0 12:45 ?00:00:00 /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -p /run/snmpd.pid

root 13898 13579  0 12:45 pts/300:00:00 grep snmp

as you can see, the snmpd is running., but postinst fails again:

test.decodom.sk ~ # dpkg --configure -a
Setting up snmpd (5.7.3+dfsg-5) ...
invoke-rc.d: initscript snmpd, action "restart" failed.
dpkg: error processing package snmpd (--configure):
installed snmpd package post-installation script subprocess returned error exit 
status 1
Errors were encountered while processing:
snmpd
# ps -ef |grep snmp
Debian-+ 13955 1  0 12:46 ?00:00:00 /usr/sbin/snmpd -Lsd -Lf 
/dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -p 
/run/snmpd.pid
root 13959 13579  0 12:46 pts/300:00:00 grep snmp

as you can see, the snmpd pid changed, so it was correctly restarted.
I have tried to enable verbose init script processing:

# vi /etc/default/rcS
# dpkg --configure -a
Setting up snmpd (5.7.3+dfsg-5) ...
[ ok ] Restarting SNMP Services: snmpd.
# ps -ef |grep snmp
Debian-+ 14090 1  0 12:47 ?00:00:00 /usr/sbin/snmpd -Lsd -Lf 
/dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -p 
/run/snmpd.pid
root 14131 13579  0 12:48 pts/300:00:00 grep snmp

"unfortunately" it seems has fixed the problem.
However it repeated on 2nd machine so there is a problem somewhere.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have.

Bug#688412: configuration error?

[Matus UHLAR - fantomas]

>On Tue, 16 Jul 2019, Matus UHLAR - fantomas wrote:
>> IIRC people using systemd were advised to use fstab to manipulate /tmp
>> mount options.



On 16.07.19 17:18, Thorsten Glaser wrote:
>Yes, but systemd does not use /etc/default/tmpfs, so…



[2019-07-16 17:23] Matus UHLAR - fantomas 

...which is exactly why I found it strange to have /tmp in fstab and yet
expect using /etc/default/tmpfs.

in case of /tmp in fstab, options should be in fstab too.


On 18.07.19 12:45, Dmitry Bogatov wrote:

Maybe I am missing some context, but /etc/default/tmpfs provides feature
(not always working, as proved by current bug) to set size by percentage
of available RAM. This is not supported by mount(8).


No, it's not supported by mount, it's used in /lib/init/tmpfs.sh which is
called from mountkernfs.sh, which is not called when systemd is used as init
system.


Whether such feature warranted its complexity is good question, but now
people rely on it. I think so.


I don't think this ever worked and it surely would add (at least)
unnecessary complexity there.

Note that tmpfs(5) manual page notes that the defaults may be overridden by
fstab (multiple times).

simply said, if anyone configures /tmp in /etc/fstab, they should configure
all its parameters there too and not rely on /etc/default/tmpfs.

I believe this bug should be closed...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.

Bug#688412: configuration error?

[Matus UHLAR - fantomas]

On Tue, 16 Jul 2019, Matus UHLAR - fantomas wrote:

IIRC people using systemd were advised to use fstab to manipulate /tmp
mount options.


On 16.07.19 17:18, Thorsten Glaser wrote:

Yes, but systemd does not use /etc/default/tmpfs, so…


...which is exactly why I found it strange to have /tmp in fstab and yet
expect using /etc/default/tmpfs.

in case of /tmp in fstab, options should be in fstab too.

In case of systemd, /tmp should be in fstab (and /etc/default/tmpfs won't be
used)

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Eagles may soar, but weasels don't get sucked into jet engines.

Bug#688412: configuration error?

[Matus UHLAR - fantomas]

On Tue, 16 Jul 2019, Matus UHLAR - fantomas wrote:

does it make sense to use /etc/default/tmpfs when /tmp mount is
configured in fstab? I'd say use either one, not both.


On 16.07.19 16:43, Thorsten Glaser wrote:

I’ve only seen it in fstab in ancient systems, etch/lenny or so;
anything newer uses /etc/default/tmpfs.


IIRC people using systemd were advised to use fstab to manipulate /tmp
mount options.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The early bird may get the worm, but the second mouse gets the cheese.

Bug#688412: configuration error?

[Matus UHLAR - fantomas]

Hello,

does it make sense to use /etc/default/tmpfs when /tmp mount is configured
in fstab? I'd say use either one, not both.

I don't have objections if anyone wants to "fix" this in scripts though.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.

Bug#931433: anything new?

[Matus UHLAR - fantomas]

Hello,

anything new about this package?
The jessie version reports fixed for a few days.

thanks
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etry, (A)bort, (C)ancer

Bug#931718: [Aptitude-devel] Bug#931718: new packages list forgets about old packages

[Matus UHLAR - fantomas]

Matus UHLAR - fantomas wrote:

I am trying to look which packages are new in buster that were not in
stretch. I am using aptitude since it't great tool for browsing packages.

until now it was easy:

do 'f'orget new packages in aptitude
change sources.list to point to new release
do 'u'pdate packages list


On 09.07.19 18:05, Axel Beckert wrote:

I assume you did not exit aptitude inbetween, right


I did. What I did was:

0. start with sources.list pointing to stretch archive:

lrwxrwxrwx 1 root root20 Jul  9 19:21 sources.list -> sources.list.stretch
-rw-r--r-- 1 root root   444 Jul  8 18:27 sources.list.buster
-rw-r--r-- 1 root root   450 Nov  1  2018 sources.list.stretch

1. run aptitude to see available packages. Optionally use 'f' to forget new
packages. quit aptitude

--- Installed Packages (3970)   
--- Not Installed Packages (74188)

--- Obsolete and Locally Created Packages (8)
--- Virtual Packages (11400)
--- Tasks (235)

2. change sources.list to point to buster archive.

# rm sources.list; ln -s sources.list.buster sources.list
# ls -ld sources.list*
lrwxrwxrwx 1 root root   19 Jul  9 19:23 sources.list -> sources.list.buster
-rw-r--r-- 1 root root  444 Jul  8 18:27 sources.list.buster
-rw-r--r-- 1 root root  450 Nov  1  2018 sources.list.stretch

3. run aptitude, see only installed packages marked as obsolete:

--- Obsolete and Locally Created Packages (3978)
--- Virtual Packages (570)

--- Tasks (2)

4. run 'u'pdate packages list, see no old packages, but all uninstalled as
new:

--- Security Updates (1)
--- Upgradable Packages (3099)

--- New Packages (82647)
--- Installed Packages (442)
--- Obsolete and Locally Created Packages (436)
--- Virtual Packages (28449)
--- Tasks (235)


but now, when I do this, aptitude seems to forget all info about packages
previously available.


So every package is listed under "New Packages"? I can't reproduce
this.


every package that is not installed is shown as new.


I just did the following inside an uptodate Stretch pbuilder chroot:

* Start "aptitude"


[...]


* Press Ctrl-Z
* Edit /etc/apt/sources.list and change any occurrence of "stretch" to
 "buster".
* Called "fg" to get aptitude into the foreground again.
* Pressed "u" in aptitude's TUI.


I haven't tried changing sources.list while aptitude is running.


Now aptitude shows me this view:



---
Actions  Undo  Package  Resolver  Search  Options  Views  Help
C-T: Menu  ?: Help  q: Quit  u: Update  g: Preview/Download/Install/Remove Pkgs
aptitude 0.8.7 @ c6
--- Upgradable Packages (111)
--- New Packages (13184)
--- Installed Packages (2)
--- Not Installed Packages (43508)
--- Obsolete and Locally Created Packages (15)
--- Virtual Packages (14460)


I can confirm this works. Just as the "apt update" hack, I consider this a
hack too.

as I said before, the jessie version of aptitude worked as described even
when I quit aptitude in between.

I usually change packages list, run 'u'pdate and then browse/upgrade
packages. I didn't see the need (nor I had an idea) of changing sources.list
while aptitude is running.


Maybe you can post even more verbose steps how to reproduce this.
Otherwise I have no idea what could be different with your setup to
cause such a different behaviour.


I hope I have described it thoroughly enough.
Thanks for the hint.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.

Bug#931718: new packages list forgets about old packages

[Matus UHLAR - fantomas]

Package: aptitude
Version: 0.8.7-1

I am trying to look which packages are new in buster that were not in
stretch. I am using aptitude since it't great tool for browsing packages.

until now it was easy:

do 'f'orget new packages in aptitude
change sources.list to point to new release
do 'u'pdate packages list
... voila

but now, when I do this, aptitude seems to forget all info about packages
previously available.

This was not an issue in jessie (0.6.11-1+b1) and previous versions.

when I have tried to run "apt update" after changing sources.list, and run
aptitude, the expected (former) behaviour was encountered.
(even when I furtger 'u'pdated in aptitude).

the pkgstates contained differencies between releases:

# diff -u /tmp/pkgstates.old /tmp/pkgstates.apt-update

@@ -47,13 +40,6 @@
Dselect-State: 0
Remove-Reason: 0

-Package: libcollada2gltfconvert-dev
-Architecture: i386
-Unseen: no
-State: 3
-Dselect-State: 0
-Remove-Reason: 0
-
Package: python3-doc8
Architecture: i386
Unseen: no
@@ -117,6 +103,13 @@
Dselect-State: 0
Remove-Reason: 0

+Package: python-libthumbor
+Architecture: i386
+Unseen: yes
+State: 3
+Dselect-State: 0
+Remove-Reason: 0
+
Package: globus-xioperf
Architecture: i386
Unseen: no


When I rolled back and did update inside of aptitude, all packages in
pkgstates were changed to:

--- /tmp/pkgstates.apt-update   2019-07-09 16:31:37.079852823 +0200
+++ /var/lib/aptitude/pkgstates 2019-07-09 16:37:57.671178453 +0200
@@ -1,104 +1,104 @@
Package: libdatrie-doc
Architecture: i386
-Unseen: no
+Unseen: yes
State: 3
Dselect-State: 0
Remove-Reason: 0

Package: libfstrcmp0-dbg
Architecture: i386
-Unseen: no
+Unseen: yes
State: 3
Dselect-State: 0
Remove-Reason: 0

etc.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler

Bug#928661: UnicodeDecodeError for pyzor -s mbox

[Matus UHLAR - fantomas]

Package: pyzor
Version: 1:1.0.0-2

when reporting multiple mail in mbox format, pyzor report shows error:

% pyzor report -s mbox < ~/mail/probably-spam
Traceback (most recent call last):
 File "/usr/bin/pyzor", line 408, in 
   main()
 File "/usr/bin/pyzor", line 152, in main
   if not dispatch(client, servers, config):
 File "/usr/bin/pyzor", line 282, in report
   for digested in get_input_handler(style):
 File "/usr/bin/pyzor", line 181, in _get_input_mbox
   tfile.write(sys.stdin.read().encode("utf8"))
UnicodeDecodeError: 'ascii' codec can't decode byte 0xf3 in position 6996: 
ordinal not in range(128)

This bug was reported at https://github.com/SpamExperts/pyzor/issues/74
and reported as fixed.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse

Bug#745800: should be fixed in 2.8.0

[Matus UHLAR - fantomas]

Hello,

according to amavisd changelog, this bug should be fixed in 2.8.0
https://www.ijs.si/software/amavisd/release-notes.txt

amavisd-new-2.8.0 release notes

- removed an old compatibility measure: default value of @banned_admin_maps
 was changed from:
   @banned_admin_maps = (\$banned_admin, \%virus_admin, \$virus_admin);
 to a more consistent:
   @banned_admin_maps = (\$banned_admin);
 The previous default value of @banned_admin_maps tried to maintain
 compatibility with versions before the setting was separated from
 its companion @virus_admin_maps. Now this compatibility is no longer
 considered necessary and contributes to some confusion, so it was dropped.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains? 

Bug#823664: still persist

[Matus UHLAR - fantomas]

Hello,

the problem still exists. example with --format report:

*** Available security updates

CVE-2017-0786 A elevation of privilege vulnerability in the...
 <https://security-tracker.debian.org/tracker/CVE-2017-0786>
 - linux-libc-dev, linux-image-4.9.0-8-686-pae
   (remotely exploitable, medium urgency)


with --format detail:

CVE-2017-0786 (fixed, remotely exploitable, medium urgency)
 A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...
 installed: linux-libc-dev 4.9.144-3.1
(built from linux 4.9.144-3.1)
[...]
 fixed on branch:   linux 4.9.110-3+deb9u6 (source package)
 fixed on branch:   linux 4.9.130-1 (source package)
 fixed on branch:   linux 4.9.135-1 (source package)
 fixed on branch:   linux 4.9.144-1 (source package)
 fixed on branch:   linux 4.9.144-3 (source package)
[...]


% apt-cache policy linux-libc-dev
linux-libc-dev:
 Installed: 4.9.144-3.1
 Candidate: 4.9.144-3.1
 Version table:
*** 4.9.144-3.1 500
   500 file:/mount/mirrors/debian stretch-updates/main i386 Packages
   100 /var/lib/dpkg/status
4.9.144-3 500
   500 file:/mount/mirrors/debian stretch/main i386 Packages
4.9.110-3+deb9u6 500
   500 http://security.debian.org/debian-security stretch/updates/main i386 
Packages

according to dpkg log, the exact fixed version was installed for 6 days
before it started complaining (I run debsecan from cron)

2019-02-16 19:43:54 upgrade linux-libc-dev:i386 4.9.130-2 4.9.144-3
2019-02-16 19:43:54 status half-configured linux-libc-dev:i386 4.9.130-2
2019-02-16 19:43:54 status unpacked linux-libc-dev:i386 4.9.130-2
2019-02-16 19:43:54 status half-installed linux-libc-dev:i386 4.9.130-2
2019-02-16 19:43:55 status half-installed linux-libc-dev:i386 4.9.130-2
2019-02-16 19:43:55 status unpacked linux-libc-dev:i386 4.9.144-3
2019-02-16 19:43:55 status unpacked linux-libc-dev:i386 4.9.144-3
2019-02-16 19:44:27 configure linux-libc-dev:i386 4.9.144-3 
2019-02-16 19:44:27 status unpacked linux-libc-dev:i386 4.9.144-3
2019-02-16 19:44:27 status half-configured linux-libc-dev:i386 4.9.144-3
2019-02-16 19:44:27 status installed linux-libc-dev:i386 4.9.144-3
2019-02-22 14:40:30 upgrade linux-libc-dev:i386 4.9.144-3 4.9.144-3.1
2019-02-22 14:40:30 status half-configured linux-libc-dev:i386 4.9.144-3
2019-02-22 14:40:30 status unpacked linux-libc-dev:i386 4.9.144-3
2019-02-22 14:40:30 status half-installed linux-libc-dev:i386 4.9.144-3
2019-02-22 14:40:30 status half-installed linux-libc-dev:i386 4.9.144-3
2019-02-22 14:40:31 status unpacked linux-libc-dev:i386 4.9.144-3.1
2019-02-22 14:40:31 status unpacked linux-libc-dev:i386 4.9.144-3.1
2019-02-22 14:40:32 configure linux-libc-dev:i386 4.9.144-3.1 
2019-02-22 14:40:32 status unpacked linux-libc-dev:i386 4.9.144-3.1
2019-02-22 14:40:32 status half-configured linux-libc-dev:i386 4.9.144-3.1
2019-02-22 14:40:32 status installed linux-libc-dev:i386 4.9.144-3.1



--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
Send this email to 100 your friends - let them see what an idiot you are

Bug#854180: patch available

[Matus UHLAR - fantomas]

Hello,

I have created patch and uploaded it to:
http://test.fantomas.sk/amavisd-milter-main.c.patch

this patch moves daemonising after the socket is created, so no waiting
should be required in init script.

This patch was successfully applied to amavisd-milter 1.5.0 and 1.6.1, I
have sent it to mailing list and github repository
https://github.com/craneworks/amavisd-milter

However, until it's applied, the init script sleep hack should be fine,
although I'm not sure whether 30 sleeps each 0.1 seconds it ideal.

I have implemented "sleep 1" hack locally

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states. 

Bug#879065: patch

[Matus UHLAR - fantomas]

Hello,

the attached patch fixes the problem by defining default value of MILTERSOCKET
in init script.

testing locally, this fixes the bug.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm. 
--- amavisd-milter.init.orig	2012-05-27 15:52:17.0 +0200
+++ amavisd-milter.init	2019-01-04 15:53:10.507738461 +0100
@@ -48,6 +48,7 @@
 
 if [ -z "$MILTERSOCKET" ]; then
   MILTERSOCKETTYPE=pipe
+  MILTERSOCKET="/var/lib/amavis/amavisd-milter.sock"
 else
   OPTIONS="$OPTIONS -s $MILTERSOCKET"
   if [ "$(echo $MILTERSOCKET | grep ^inet)" ]; then

Bug#910435: FromNameSpoof error

[Matus UHLAR - fantomas]

Hello,

this is error in FromNameSpoof plugin, not in DKIM_ADSP_CUSTOM_HIGH
I have reported this as bug #914106 not seeing this one.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fucking for virginity...

Bug#914106: Acknowledgement (SA 3.4.2 FromNameSpoof)

[Matus UHLAR - fantomas]

Hello,

I have applied the mentioned patch to jessie installation of SA and errors
were gone.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
A day without sunshine is like, night.

Bug#914106: SA 3.4.2 FromNameSpoof

[Matus UHLAR - fantomas]

Package: spamassassin
Version: 3.4.2-1~deb9u1

I get these errors when checking some mails:

Nov 19 11:25:02 fantomas spamd[21961]: rules: failed to run 
USER_IN_DKIM_WHITELIST test, skipping:
Nov 19 11:25:02 fantomas spamd[21961]:  (Not a HASH reference at 
/usr/share/perl5/Mail/SpamAssassin/Plugin/FromNameSpoof.pm line 319.
Nov 19 11:25:02 fantomas spamd[21961]: )

this has been reported to spamassassin:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7624

and apparently fixed in a patch:
https://svn.apache.org/viewvc/spamassassin/branches/3.4/lib/Mail/SpamAssassin/Plugin/FromNameSpoof.pm?r1=1842029=1842028=1842029=patch


please add this patch when possible.
thanks

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for changes to take
to take effect. [OK]

Bug#913038: disable indexes for /var/www/

[Matus UHLAR - fantomas]

Package: apache2
Version: 2.4.10-10+deb8u12

Hello,

the default apache2.conf contains:


   Options Indexes FollowSymLinks
   AllowOverride None
   Require all granted


Please don't enable Indexes by default for /var/www and subdirectories.

Let users allow it when they need it, but don't allow directory listings
unless they do so.

Some people treat directory listings like security hole. I believe the
default should be the safer option - indexes disabled.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The early bird may get the worm, but the second mouse gets the cheese. 

Bug#878442: fixed in commit d8b47bd

[Matus UHLAR - fantomas]

Hello,

commit d8b47bd fixes the problem:

https://github.com/tcsh-org/tcsh/commit/d8b47bd1934d1d9cb603e562b149bba2816d90ca


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The early bird may get the worm, but the second mouse gets the cheese. 

Bug#878442: rmstar change

[Matus UHLAR - fantomas]

Hello,

it's apparently the change in tcsh changelog that created this problem:

41. V6.19.00 - 20150521
40. V6.18.05 - 20150510
...
 9. make rmstar interruptible on linux
...
following commit.

https://github.com/tcsh-org/tcsh/commit/b3933b3364549c0ea451b918e0d20185444ef297

I have reported this on github:

https://github.com/tcsh-org/tcsh/issues/5

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, that's a question!

Bug#901612: Acknowledgement (statc routes not added at boot time)

[Matus UHLAR - fantomas]

I'm attaching patch that makes 20static-routes work.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers. 
--- 20static-routes.orig	2014-04-10 01:38:10.0 +0200
+++ 20static-routes	2018-08-03 17:17:35.358750364 +0200
@@ -51,6 +51,9 @@
 # Default value
 VERBOSITY=${VERBOSITY:-0}
 
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901612
+if [ ${IFACE} = "--all" ]; then IFACE="[[:alnum:]]+"; fi
+
 del_static_routes() {
 	# NOTE: We actually don't have to remove routes if downing an interface
 	# since they will be removed nevertheless. In any case, this 

Bug#904664: msgconvert mbox output issues

[Matus UHLAR - fantomas]

Package: libemail-outlook-message-perl
Version: 0.918-2

hello,
with the --mbox option the msgconvert outputs file with two problems

1. the "From " line contains full "From: " header, while it's supposed to
contain only the address, without < and > brackets, with one space
separating address and date (two spaces are used now).

the:


From ARTROVEX   Thu Jul 26 13:17:40 2018


should be:


From iqpu...@instagro.biz.ua Thu Jul 26 13:17:40 2018


2. output lines are end with CR-LF characters. CR's should be stripped, at
leasst on unix systems.


I have compared output with and without --mbox and the only differences are
- From line
- mime boundaries
- new lines.

Since the 2nd problem seems to come from Email::Sender::Transport::Mbox, I
believe that package could be avoided, and mbox files can be written to
single file starting each mail with "From address RFC822-date" and ending
with empty line.




--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill Gates! (Southpark the movie)

Bug#824223: short examples

[Matus UHLAR - fantomas]

Hello,

attaching short examples for cron and logrotate scripts as they work on some
servers maintained by us. Works without systemd too.

1. /etc/cron.daily/dehydrated

#!/bin/sh
dehydrated -c >> /var/log/dehydrated.log


2. /etc/logrotate.d/dehydrated

/var/log/dehydrated.log
{
missingok
yearly
}

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners is fast reflexes. 

Bug#844520: agree, please remove if-up.d/ntpdate

[Matus UHLAR - fantomas]

Hello,

I have just encountered an error, where ntpdate running from if-up.d script
at boot time prevented ntpd from starting.

While it's possible to work around this by using "-u" option for ntpdate, I
agree with Vincent that the main reason we have ntpdate is:

 * to query (check) the time with some given server;
 * to set the time by running ntpdate manually in case something
   bad occurred (then the user can easily check that the date is
   not completely wrong).

Thus, I second the request for removing ntpdate script from if-up.d scripts.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler

Bug#863119: mboxgrep -P seems to match everything

[Matus UHLAR - fantomas]

Hello,


On Mon, May 22, 2017 at 11:34:07AM +0200, Matus UHLAR - fantomas wrote:

Package: mboxgrep
Version: 0.7.9-1

when using the -P option, mboxgrep tends to match everything.
I have tried with simple string over a maildir, I got copy of the maildir...


On 09.06.18 09:59, Alberto Gonzalez Iniesta wrote:

Sorry for the late reply. Could you provide an example?


not anymore, I have upgraded the machine to jessie.

Maybe I made a mistake in PCRE (was trying to do multiline match), maybe
something changes in libpcre.

feel free to close the bug. thanks


I'm not able to reproduce it:

agi@var ~% wc -l Mail/INBOX
25526 Mail/INBOX
agi@var ~% mboxgrep -P foo Mail/INBOX  | wc -l
3084


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill Gates! (Southpark the movie)

Bug#901612: statc routes not added at boot time

[Matus UHLAR - fantomas]

Package: ifupdown-extra
Version: 0.25

Hello,
the script /etc/network/if-up.d/20static-routes
checks for ${IFACE} in /etc/network/routes:

cat $ROUTEFILE | egrep "^[^#].*[[:space:]]${IFACE}[[:space:]]*$" |


However, when "ifup -a" is called, the ${IFACE} contains string "--all" in
which case no infterface matches and routes are not set.

I recommend simply adding a check at the beginning of the script to redefine
IFACE to match anything:

if [ ${IFACE} = "--all" ]; IFACE="[[:alnum]]+"; fi

or maybe just to ".*" if interface should have hyphen in their names.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #98652: Operation completed successfully.

Bug#893011: cgi not executed

[Matus UHLAR - fantomas]

Package: lightsquid
Version: 1.8-4

the lightsquid CGI's are called in the /lightsquid/ path.
This caused them not to be treated as CGI's by apache, since the
serve-cgi-bin.conf only configures /cgi-bin/* as scripts.

Please change

Alias   /lightsquid//usr/lib/cgi-bin/lightsquid/

into

ScriptAlias /lightsquid//usr/lib/cgi-bin/lightsquid/

thank you

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)

Bug#870624: Acknowledgement (proftpd postinst hangs)

[Matus UHLAR - fantomas]

On 19.02.18 23:50, Hilmar Preuße wrote:

After removing the following line from
/var/lib/dpkg/info/proftpd-basic.postinst the installation works OK.

#. /usr/share/debconf/confmodule

As we don't use debconf any more he removal should not hurt.



Am 20.02.2018 um 13:32 teilte Matus UHLAR - fantomas mit:

Just FYI:

according to the http://bugs.proftpd.org/show_bug.cgi?id=4312
the fix should be fixed and backported to 1.3.6.


On 20.02.18 13:39, Hilmar Preuße wrote:

Well, we can put the fix for 4312 into unstable.


great.


there's still a bug: http://bugs.proftpd.org/show_bug.cgi?id=4312#c5

but manual backport of the patch to 1.3.5e helped, I was able to
build and install jessie (1.3.5-1.1+deb8u2), stretch (1.3.5b-4) and
sid (1.3.5e-1) packages.


I'm not sure if we should upload the patch into stable or if we 
rather should use my proposed work around. At least for stable that 
should be possible, oldstable still has debconf integration so we 
can't apply it there.


I can confirm your patch works as expected.

since I reported problem with jessie (oldstable atm), I of course wish it to
be fixed there.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Honk if you love peace and quiet. 

Bug#870624: Acknowledgement (proftpd postinst hangs)

[Matus UHLAR - fantomas]

On 03.08.2017 16:23, Matus UHLAR - fantomas wrote:

after another attempt, it seems that proftpd process has FIFO open to
frontend, which prevents the frontend from finishing.
new process numbers here:


On 19.02.18 23:50, Hilmar Preuße wrote:

After removing the following line from
/var/lib/dpkg/info/proftpd-basic.postinst the installation works OK.

#. /usr/share/debconf/confmodule

As we don't use debconf any more he removal should not hurt.


Just FYI:

according to the http://bugs.proftpd.org/show_bug.cgi?id=4312
the fix should be fixed and backported to 1.3.6.

there's still a bug: http://bugs.proftpd.org/show_bug.cgi?id=4312#c5

but manual backport of the patch to 1.3.5e helped, I was able to build and
install jessie (1.3.5-1.1+deb8u2), stretch (1.3.5b-4) and sid (1.3.5e-1) 
packages.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory. 

Bug#877086: restart in init script only stops supervisor

[Matus UHLAR - fantomas]

Package: supervisor
Version: 3.3.1-1+deb9u1

Hello,

the init script in supervisord package doesn't contain code for starting
supervisor, so in only stops supervisor, but doesn't start it after:

  restart)
echo -n "Restarting $DESC: "
start-stop-daemon --stop --retry=$RETRY --quiet --oknodo --pidfile $PIDFILE
echo "$NAME."
;;


it apparently needs the code from "start" section.
(and probably reindent so it's consistent with rest of the script)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm

Bug#876874: revise check_snmp_* commands argument order

[Matus UHLAR - fantomas]

Package: nagios-snmp-plugins
Version: 1.1.1-11

Hello,

the configured checks in snmp_load.cfg, snmp_mem.cfg, snmp_process.cfg and
snmp_storage.cfg use snmp community in argument 5, while argument 4 is
often unused.

This means that a user is in fact required to provide argument 4 even if
it's empty.

in check_snmp_mem* even the ARG1 can be skipped (and could in
check_snmp_load* if the -T was skiped) - both have usable defaults.

I recommend changing default configs to use $ARG1$ as snmp community in v1
and v2 checks (v3 checks use $USER9$ which should be acceptable).
The ARG4 (or ARG5) can be used for extra arguments

The README.Debian documents using "$USER7$=-C " but this is never
used in the proposed configs.

I am attaching patch that changes to this behaviour.
Resulting checks look like:

check_snmp_process_v1!community!process!warning!critical

# for linux servers use "memory,swap"
# for cisco append !-I
check_snmp_mem_v1!community!warning!critical

# for linux use "1,5,15" values and append !-T netsl
check_snmp_load_v1!community!warning!critical

check_snmp_storage_v1!community!path!warning!critical


v2 checks have the same argument, v3 checks avoid community and expect SNMP
authentication in USER9 variable.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to the x86 architecture that
allows you to install Windows.   -- Matthew D. Fuller
diff -ru /usr/share/nagios-snmp-plugins/pluginconfig/snmp_load.cfg /etc/nagios-plugins/config/snmp_load.cfg
--- /usr/share/nagios-snmp-plugins/pluginconfig/snmp_load.cfg	2014-11-02 20:51:09.0 +0100
+++ /etc/nagios-plugins/config/snmp_load.cfg	2017-09-26 15:13:41.621713991 +0200
@@ -4,17 +4,17 @@
 # 'check_snmp_load_v1' command definition
 define command {
 	command_name	check_snmp_load_v1
-	command_line	/usr/lib/nagios/plugins/check_snmp_load.pl -H $HOSTADDRESS$ -C $ARG5$ -T $ARG1$ -w $ARG2$ -c $ARG3$ $ARG4$
+	command_line	/usr/lib/nagios/plugins/check_snmp_load.pl -H $HOSTADDRESS$ -C $ARG1$ -w $ARG2$ -c $ARG3$ $ARG4$
 }
 
 # 'check_snmp_load_v2' command definition
 define command {
 	command_namecheck_snmp_load_v2
-	command_line/usr/lib/nagios/plugins/check_snmp_load.pl -H $HOSTADDRESS$ -C $ARG5$ -2 -T $ARG1$ -w $ARG2$ -c $ARG3$ $ARG4$
+	command_line/usr/lib/nagios/plugins/check_snmp_load.pl -H $HOSTADDRESS$ -C $ARG1$ -2 -w $ARG2$ -c $ARG3$ $ARG4$
 }
 
 # 'check_snmp_load_v3' command definition
 define command {
 	command_name	check_snmp_load_v3
-	command_line	/usr/lib/nagios/plugins/check_snmp_load.pl -H $HOSTADDRESS$ $USER9$ -T $ARG1$ -w $ARG2$ -c $ARG3$ $ARG4$
+	command_line	/usr/lib/nagios/plugins/check_snmp_load.pl -H $HOSTADDRESS$ $USER9$ -w $ARG1$ -c $ARG2$ $ARG3$
 }
diff -ru /usr/share/nagios-snmp-plugins/pluginconfig/snmp_mem.cfg /etc/nagios-plugins/config/snmp_mem.cfg
--- /usr/share/nagios-snmp-plugins/pluginconfig/snmp_mem.cfg	2014-11-02 20:51:09.0 +0100
+++ /etc/nagios-plugins/config/snmp_mem.cfg	2017-09-26 15:13:28.917707447 +0200
@@ -4,17 +4,17 @@
 # 'check_snmp_mem_v1' command definition
 define command {
 	command_name check_snmp_mem_v1
-	command_line /usr/lib/nagios/plugins/check_snmp_mem.pl -H $HOSTADDRESS$ -C $ARG5$ $ARG1$ -w $ARG2$ -c $ARG3$ $ARG4$
+	command_line /usr/lib/nagios/plugins/check_snmp_mem.pl -H $HOSTADDRESS$ -C $ARG1$ -w $ARG2$ -c $ARG3$ $ARG4$
 }
 
 # 'check_snmp_mem_v2' command definition
 define command {
 	command_name check_snmp_mem_v2
-	command_line /usr/lib/nagios/plugins/check_snmp_mem.pl -H $HOSTADDRESS$ -C $ARG5$ -2 $ARG1$ -w $ARG2$ -c $ARG3$ $ARG4$
+	command_line /usr/lib/nagios/plugins/check_snmp_mem.pl -H $HOSTADDRESS$ -C $ARG1$ -2 -w $ARG2$ -c $ARG3$ $ARG4$
 }
 
 # 'check_snmp_mem_v3' command definition
 define command {
 	command_name check_snmp_mem_v3
-	command_line /usr/lib/nagios/plugins/check_snmp_mem.pl -H $HOSTADDRESS$ $USER9$ $ARG1$ -w $ARG2$ -c $ARG3$ $ARG4$
+	command_line /usr/lib/nagios/plugins/check_snmp_mem.pl -H $HOSTADDRESS$ $USER9$ -w $ARG1$ -c $ARG2$ $ARG3$
 }
diff -ru /usr/share/nagios-snmp-plugins/pluginconfig/snmp_process.cfg /etc/nagios-plugins/config/snmp_process.cfg
--- /usr/share/nagios-snmp-plugins/pluginconfig/snmp_process.cfg	2014-11-02 20:51:09.0 +0100
+++ /etc/nagios-plugins/config/snmp_process.cfg	2017-09-26 15:05:56.481474305 +0200
@@ -4,12 +4,12 @@
 # 'check_snmp_process_v1' command definition
 define command {
 	command_name check_snmp_process_v1
-	command_line /usr/lib/nagios/plugins/check_snmp_process.pl -H $HOSTADDRESS$ -C $ARG5$ -n $ARG1$ -w $ARG2$ -c $ARG3$ $ARG4$
+	command_line /usr/lib/nagios/plugins/check_snmp_process.pl -H $HOSTADDRESS$ -C $ARG1$ -n $ARG2$ -w $ARG3$ -c $ARG4$ $ARG5$
 }
 
 # 'check_snmp_process_v2' command definition
 define command {
 	command_name check_snmp_process_v2
-	comman

Bug#872452: please provide mod_geoip config

[Matus UHLAR - fantomas]

Package: proftpd-mod-geoip
Version: 1.3.5b-4

please provide sample mod-geoip configuration file with proftpd-mod-geoip
module.
There was one provided with contributed mod-geoip  0.3-1 in wheezy.

Thanks.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.

Bug#872425: skip "Period covered by log files::" from cron output

[Matus UHLAR - fantomas]

Package: sarg
Version: 2.3.2-2

The sarg-reports already filters out lines containing text in EXCLUDELOG1 and
EXCLUDELOG2 variables:

EXCLUDELOG1="SARG: No records found"
EXCLUDELOG2="SARG: End"

I'm getting mail from the only line left from output:

/etc/cron.daily/sarg:
SARG: Period covered by log files: 16/08/2017-16/08/2017

please filter out this too. 


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow that.

Bug#871484: can't open files on gnome VFS (input/output error)

[Matus UHLAR - fantomas]

Package: libreoffice
Version: 1:5.2.7-1

when I access samba share using gnome VFS, opening files there exits with
error:

General input/output error while accessing
/run/user/1006/gvfs/...path.../HW.xls.

Tried with .odt and .xls.
I can see files there directly, I can save new file using libreoffice, but
opening it back produces this error.

This seems to be error in libreoffice with patch pushed.

https://bugs.documentfoundation.org/show_bug.cgi?id=59424

tdf#59424 unset open flag O_EXCL if O_CREAT is not set

looking at locally-generated strace confirms this issue:

14363 13:24:49.170594 access("/run/user/1006/gvfs/...path.../servery HW.xls", 
F_OK) = 0
14363 13:24:49.184519 lstat("/run/user/1006/gvfs/...path.../servery HW.xls", 
{st_mode=S_IFREG|0700, st_size=25088, ...}) = 0
14363 13:24:49.184828 open("/run/user/1006/gvfs/...path.../servery HW.xls", 
O_RDWR|O_EXCL) = -1 EOPNOTSUPP (Operation not supported)
14363 13:24:49.186303 access("/run/user/1006/gvfs/...path.../servery HW.xls", 
F_OK) = 0
14363 13:24:49.187704 lstat("/run/user/1006/gvfs/...path.../servery HW.xls", 
{st_mode=S_IFREG|0700, st_size=25088, ...}) = 0

It's possible to open files via libreoffice "Remote files" functionality by
mapping user share, but it's an ugly workaround...

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Honk if you love peace and quiet. 

Bug#870624: Acknowledgement (proftpd postinst hangs)

[Matus UHLAR - fantomas]

after another attempt, it seems that proftpd process has FIFO open to
frontend, which prevents the frontend from finishing.
new process numbers here:

root   2182  0.0  0.2  57600 17380 pts/1S+   16:13   0:00 /usr/bin/perl 
-w /usr/share/debconf/frontend /var/lib/dpkg/info/proftpd-basic.postinst 
configure
root   2187  0.0  0.0  0 0 pts/1Z+   16:13   0:00 [proftpd-basic.p] 

proftpd2272  0.0  0.0 124704  3788 ?Ss   16:13   0:00 proftpd: 
(accepting connections)

# lsof -n -P |grep 16675

frontend  2182 root8r FIFO   0,10  0t0  
16675 pipe
proftpd   2272  proftpd3w FIFO   0,10  0t0  
16675 pipe


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !

Bug#870624: proftpd postinst hangs

[Matus UHLAR - fantomas]

Package: proftpd-basic
Version: 1.3.5b-4

installation of proftpd hangs immediately after starting proftpd proces:

Warning: The home dir /run/proftpd you specified can't be accessed: No such 
file or directory
Adding system user `proftpd' (UID 110) ...
Adding new user `proftpd' (UID 110) with group `nogroup' ...
Not creating home directory `/run/proftpd'.
Adding system user `ftp' (UID 111) ...
Adding new user `ftp' (UID 111) with group `nogroup' ...
Creating home directory `/srv/ftp' ...
'/usr/share/proftpd/templates/welcome.msg' -> '/srv/ftp/welcome.msg.proftpd-new'
[ ok ] Starting ftp server: proftpd.

... hang here.

processes running:

4 0  14394  12252  20   0  18496  3924 -  Ss+  pts/1  0:00 
/usr/bin/dpkg --status-fd 33 --configure --pending
0 0  14492  14394  20   0  57656 17472 -  S+   pts/1  0:00 
/usr/bin/perl -w /usr/share/debconf/frontend 
/var/lib/dpkg/info/proftpd-basic.postinst configure
0 0  14497  14492  20   0  0 0 -  Z+   pts/1  0:00 
[proftpd-basic.p] 
5   110  14581  1  20   0 124708  3768 core_s Ss   ?  0:00 proftpd: 
(accepting connections)
0 0  14600  12669  20   0  12896   984 -  S+   pts/2  0:00 grep -e 
pts/1 -e proftp

after stopping proftpd installation finishes.

this system runs sysvinit. When tried systemd, proftpd installed correctly.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.

Bug#867728: duplicate of bug#867169

[Matus UHLAR - fantomas]

Hello,

this is duplicate of bug 867169
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867169

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam is for losers who can't get business any other way.

Bug#867432: cron should not restore sessions

[Matus UHLAR - fantomas]

Package: john
Version: 1.8.0-2

Hello,

please remove using RESTORE and RESTOREFILE from cron job.

1. Restarting old sessions can cause john miss weak password changed after
session start, that would be found in early phases of new session.

I have just verified this behaviour on one of our systems:

start a new session
wait a few minutes
stop a session
change password on selected account to a weak one (=login)
restore session
= nothing found for long time.

stop session
remove .rec file
start a session
= password found within seconds. 


2. moreover, the restore logic in cron job uses apparently obsolete RESTORE and
RESTOREFILE naming schema that does not apply anymore.


I am attaching modified "cronjob" file with following changes:

- all mentions of RESTORE and RESTOREFILE removed
- added "umask 077", removed chown
- removed RUNDIR, using "PIDDIR" (/var/lib/john doesn't exist) 


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
You have the right to remain silent. Anything you say will be misquoted,
then used against you. 
#!/bin/bash
#
# This script runs every day, trying to crack passwords, and then calls
# mailer to warn the users (and maybe also root) about that.

# One of two options should be passed to this script:
# start -- start running john
# stop -- stops running john
# The script will run/stop john (as a background process if started)
# and exit.

# The time when the script is called can be configured in /etc/cron.d/john

# You can pass options to john in /etc/cron.d/john. See john(1) for the possible
# options, and include them after "JOHN_OPTIONS=" below.

JOHNDIR=/usr/sbin
PASSWD=/etc/passwd
SHADOW=/etc/shadow
PIDDIR=/var/run/john

PASSFILE=`grep -v ^# /etc/john/john-mail.conf | grep -e "[ ]*passfile[ ]*=[ ]*" 
| sed -e "s/#.*//" -e "s/.*=[ ]*//" |head -1`
GROUP=`grep -v ^# /etc/john/john-mail.conf | grep -e "[ ]*group[ ]*=[ ]*" | sed 
-e "s/#.*//" -e "s/.*=[ ]*//" | head -1`

umask 077

[ ! -d $PIDDIR ] && mkdir -p $PIDDIR

# Gets the PID of the process that should be running john,
# and sends SIGHUP to it.
#
john_stop()
{

if [ -f $PIDDIR/john.pid ]
then
# Stop john, we don't really care too much about the error
# messages (just in case, the john cronjob might have finished
# its job and exited)
/sbin/start-stop-daemon --stop -q -o --pidfile $PIDDIR/john.pid 
2>&1 >/dev/null
rm $PIDDIR/john.pid
else
# Try the old (deprecated) method if we don't have a piddfile
john_stop_all
fi


# Once finished we determine if we need to mail anything
rm -f /var/lock/john
# But use the latest shadow file
TMPFILE=`mktemp $PASSFILE.XX` || exit 1
if [ -n "$SHADOW" -a -f "$SHADOW" ]; then
$JOHNDIR/unshadow $PASSWD $SHADOW >> $TMPFILE
else
cat $PASSWD >> $TMPFILE
fi
# Move to the directory where john.pot resides
OUTPUT=`$JOHNDIR/mailer $TMPFILE 2>&1`
# Mailer mails to root if there is something relevant
# this could be done by configuring john-mail.msg too..
if [ -n "$OUTPUT" ]; then
echo $OUTPUT
fi
rm -f $TMPFILE
}

# Gets the PID of all the processes called "john" processes, try to checks 
# which one we want, and sends SIGHUP to it.
#
john_stop_all()
{

PID=`/bin/pidof john`
for p in $PID; do
PROCPATH=$(readlink /proc/$p/exe)
RELEVANTPATH=`echo $PROCPATH | sed -e"s^$JOHNDIR/john.*^$JOHNDIR/john^"`
if [ "$RELEVANTPATH" = $JOHNDIR/john ]; then
kill -2 $p
fi
done

}

# Starts john 
#
john_start()
{

if [ -z $PASSFILE ]; then
mail -s "John cronjob is not configured yet!" root <> $TMPFILE
else
cat $PASSWD >> $TMPFILE
fi

# We capture the output of john, and check if there was a line with
# "guesses: 0" in it. If not, then either john exited abnormally, or
# passwords were guessed -- and in both cases we send all the output
# to stdout.
#
if [ ! -f /var/lock/john -a ! -f $PIDDIR/john.pid ]; then
touch /var/lock/john

# Run john in background 
# TODO: start-stop-daemon is flexible enought we could run
# it using a different user
/sbin/start-stop-daemon --start --chdir $PIDDIR -b -m \
--pidfile $PIDDIR/john.pid --exec $JOHNDIR/john --  \
$JOHN_OPTIONS $TMPFILE  > /dev/null 
else
PID=`cat $PIDDIR/john.pid`
# Redundant check (just in case)
PROCPATH=$

Bug#867394: Acknowledgement (bashism in /usr/share/john/cronjob)

[Matus UHLAR - fantomas]

close #867394
thanks

mistake on my side - it is a bash script.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
A day without sunshine is like, night.

Bug#867394: bashism in /usr/share/john/cronjob

[Matus UHLAR - fantomas]

Package: john
Version: 1.8.0-2

the cron john contains bashish, checkbashisms finds it only when in '-f' is
specidied:

# checkbashisms -f /usr/share/john/cronjob
possible bashism in /usr/share/john/cronjob line 190 (alternative test command 
([[ foo ]] should be [ foo ])):
if [[ ! -z $GROUP ]]; then


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."

Bug#867169: unattended upgrades don't work in wheezy

[Matus UHLAR - fantomas]

On 04.07.17 10:38, Antoine Beaupré wrote:

Adding the bug in CC.


so am I.


On Tue, Jul 4, 2017 at 10:02 PM, Matus UHLAR wrote:

I just found out that the unattended-upgrades package in wheezy does not
upgrade packages although configured to do it.



On 2017-07-04 22:13:44, Paul Wise wrote:

I note that this same situation will apply to jessie when it becomes
oldoldstable.

I haven't tested the default stretch sources.list and u-u configuration.



This is a recurring problem, but I think it was fixed in more recent
releases (e.g. jessie). It was reported in #762965 before and I believe
those bugs may need to be merged.


I didn't feel that to be the same problem, because its submitter changed
configuration manually (different behaviour can be expected in such case).
   
u-u worked well with default 50unattended-upgrades on wheezy machines,

until stretch release 3 weeks ago.


I can at least say it seems to be fixed in stretch. This is my stretch
system's default u-u config:

   "origin=Debian,codename=${distro_codename},label=Debian-Security";



It seems we should be using the codename there ("wheezy") and not the
archive name ("oldstable") as the latter has the risk of doing
unexpected major updates, although I suspect u-u may have built-in
protections against this.


I believe it has. This is however a problem of sources-list configuration,
not u-u itself.


Therefore when we fix this, we should use codename, if that's supported
in wheezy. There were issues with codename matching, however (#704087)
which may make that impossible, so we may be forced to do the
"oldoldstable" trick...


I have tried it and unfortunately it does not work. We apparently need the
oldoldstable trick...

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #98652: Operation completed successfully.

Bug#867169: add "archive=oldoldstable" to 50unattended-upgrades

[Matus UHLAR - fantomas]

Package: unattended-upgrades
Version: 0.79.5+wheezy2

the /etc/apt/apt.conf.d/50unattended-upgrades file contains lines:

"origin=Debian,archive=stable,label=Debian-Security";
"origin=Debian,archive=oldstable,label=Debian-Security";

however, this does not apply for LTS packages in wheezy, currently renamed
to "oldoldstable".  The same situation will happen with jessie in ~2 years.

Please add following line to /etc/apt/apt.conf.d/50unattended-upgrades:

"origin=Debian,archive=oldoldstable,label=Debian-Security";

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete

Bug#863119: mboxgrep -P seems to match everything

[Matus UHLAR - fantomas]

Correction:

On 22.05.17 11:34, Matus UHLAR - fantomas wrote:

 if (config.headers)
   res1 = pcre_exec (pcre_pattern, hints, msg->headers,
 (int) strlen (msg->headers), 0, 0, of, BUFSIZ);
 if (config.body)
   res2 = pcre_exec (pcre_pattern, hints, msg->body,
 (int) strlen (msg->body), 0, 0, of, BUFSIZ);

 res1 = res1 ^ 1;
 res2 = res2 ^ 1;

I think that the results should be compared to null instead:

 res1 = (res1 != NULL);
 res2 = (res2 != NULL);


the pcre_regex returns <0 when no match or an error occured, and >=0 if
match found.

otoh, the function expects "0" when match is found - as regexec() does.

that also means, both res1 and res2 values should be modified within the if()
block, so they stay correct.

This seems to work:

--- scan.c.orig 2003-04-06 23:01:49.0 +0200
+++ scan.c  2017-05-22 12:27:26.0 +0200
@@ -159,14 +159,18 @@
 if (config.perl)
  {
if (config.headers)
+ {
  res1 = pcre_exec (pcre_pattern, hints, msg->headers,
(int) strlen (msg->headers), 0, 0, of, BUFSIZ);
+   res1 = (res1 < 0);
+ }
if (config.body)
+ {
  res2 = pcre_exec (pcre_pattern, hints, msg->body,
(int) strlen (msg->body), 0, 0, of, BUFSIZ);
+   res1 = (res2 < 0);
+ }

- res1 = res1 ^ 1;
- res2 = res2 ^ 1;
  }
     else
   #endif /* HAVE_LIBPCRE */

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fucking for virginity...

Bug#863119: mboxgrep -P seems to match everything

[Matus UHLAR - fantomas]

Package: mboxgrep
Version: 0.7.9-1

when using the -P option, mboxgrep tends to match everything.
I have tried with simple string over a maildir, I got copy of the maildir...

short look at the code:

  if (config.headers)
res1 = pcre_exec (pcre_pattern, hints, msg->headers,
  (int) strlen (msg->headers), 0, 0, of, BUFSIZ);
  if (config.body)
res2 = pcre_exec (pcre_pattern, hints, msg->body,
  (int) strlen (msg->body), 0, 0, of, BUFSIZ);

  res1 = res1 ^ 1;
  res2 = res2 ^ 1;

I think that the results should be compared to null instead:

  res1 = (res1 != NULL);
  res2 = (res2 != NULL);


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."

Bug#861402: pflogsumm count postscreen rejects

[Matus UHLAR - fantomas]

Package: pflogsumm
Version: 1.1.5-1

the pflogsumm does not count postscreen rejects.

I made a patch for pflogsumm and tested it on wheezy and jessie systems, and
put it on: http://test.fantomas.sk/pflogsumm-postscreen.patch

I'm attaching the patch as well...

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I wonder how much deeper the ocean would be without sponges. 
--- /usr/sbin/pflogsumm	2012-02-06 10:30:42.0 +0100
+++ pflogsumm	2017-03-22 18:28:39.613007387 +0100
@@ -713,7 +713,7 @@
 			  \${$msgsPerDay{$revMsgDateStr}}[4]);
 } elsif($cmd eq 'master') {
 	++$masterMsgs{(split(/^.*master.*: /, $logRmdr))[1]};
-} elsif($cmd eq 'smtpd') {
+} elsif($cmd eq 'smtpd' || $cmd eq 'postscreen') {
 	if($logRmdr =~ /\[\d+\]: \w+: client=(.+?)(,|$)/) {
 	#
 	# Warning: this code in two places!
@@ -1536,14 +1536,14 @@
 # split domain/ipaddr into separates
 # newer versions of Postfix have them "dom.ain[i.p.add.ress]"
 # older versions of Postfix have them "dom.ain/i.p.add.ress"
-unless((($domain, $ipAddr) = /^([^\[]+)\[((?:\d{1,3}\.){3}\d{1,3})\]/) == 2 ||
-   (($domain, $ipAddr) = /^([^\/]+)\/([0-9a-f.:]+)/i) == 2) {
+unless((($domain, $ipAddr) = /^([^\[]*)\[((?:\d{1,3}\.){3}\d{1,3})\]/) == 2||
+   (($domain, $ipAddr) = /^([^\/]*)\/([0-9a-f.:]+)/i) == 2) {
 	# more exhaustive method
 ($domain, $ipAddr) = /^([^\[\(\/]+)[\[\(\/]([^\]\)]+)[\]\)]?:?\s*$/;
 }
  
 # "mach.host.dom"/"mach.host.do.co" to "host.dom"/"host.do.co"
-if($domain eq 'unknown') {
+if($domain eq "" || $domain eq 'unknown') {
 $domain = $ipAddr;
 	# For identifying the host part on a Class C network (commonly
 	# seen with dial-ups) the following is handy.
@@ -1656,9 +1656,10 @@
 	# those--incl. stuff that'll screw up subsequent parsing.  So just
 	# get rid of it right off.
 	$rejReas =~ s/^(\d{3} <).*?(>:)/$1$2/;
+	$rejReas =~ s/^(?:\d{3} \d\.\d\.\d )(Protocol error);.*$/$1/;
 	$rejReas =~ s/^(?:.*?[:;] )(?:\[[^\]]+\] )?([^;,]+)[;,].*$/$1/;
 	$rejReas =~ s/^((?:Sender|Recipient) address rejected: [^:]+):.*$/$1/;
-	$rejReas =~ s/(Client host|Sender address) .+? blocked/blocked/;
+	$rejReas =~ s/(client|Client host|Sender address) .+? blocked/blocked/;
 	} elsif($rejTyp eq "MAIL") {	# *more* special treatment :-( g...
 	$rejReas =~ s/^\d{3} (?:<.+>: )?([^;:]+)[;:]?.*$/$1/;
 	} else {

Bug#860919: menu file missing from new package

[Matus UHLAR - fantomas]

Package: firefox-esr
Version: 45.9.0esr-1~deb8u1

the firefox-esr package for jessie is missing menu file.
Please provide menu file for jessie version.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
42.7 percent of all statistics are made up on the spot. 

Bug#860918: menu file missing from new package

[Matus UHLAR - fantomas]

Package: thunderbird
Version: 1:45.8.0-3~deb8u1


the thunderbird package for jessie is missing menu file.
Please provide menu file for jessie version
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory. 

Bug#858042: nagvis postinst hangs

[Matus UHLAR - fantomas]

Package: nagvis
Version: 1:1.7.10+dfsg1-3

nagvis postinst script hangs upon installation.

I found a remedy in ubuntu bug 1403530
https://bugs.launchpad.net/ubuntu/+source/nagvis/+bug/1403530

adding "db_stop" at the end od postinst script prior to "exit 0" command
fixed the problem for me.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers. 

Bug#847924: check for config validity

[Matus UHLAR - fantomas]

AorryOn 27.02.17 10:19, Matus UHLAR - fantomas wrote:

just for sure, I'm attaching the init script patch (against distributed
version).


sorry: attaching the NEW patch 

creating /var/run/smokeping was moved to the from "start" section to
check_config() function, so the config can be checked without smokeping
started, and checking config before start does not fail at boot time.



--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
You have the right to remain silent. Anything you say will be misquoted,
then used against you. 
--- smokeping.orig	2013-03-17 01:21:28.0 +0100
+++ smokeping	2017-01-19 18:04:27.0 +0100
@@ -79,6 +79,7 @@
 }
 
 check_config () {
+echo "Checking smokeping configuration file syntax..."
 # Check whether the configuration file is available
 if [ ! -r "$CONFIG" ] && [ "$MODE" = "master" ]
 then
@@ -86,12 +87,18 @@
 log_end_msg 6 # program is not configured
 exit 6
 fi
+if [ ! -d /var/run/smokeping ]; then
+mkdir /var/run/smokeping
+chown ${DAEMON_USER}.root /var/run/smokeping
+chmod 0755 /var/run/smokeping
+fi
+${DAEMON} --config=${CONFIG} --check || exit 6
 }
 
 case "$1" in
 start)
-log_daemon_msg "Starting $DESC" $NAME
 check_config
+log_daemon_msg "Starting $DESC" $NAME
 check_slave
 set +e
 pidofproc "$DAEMON" > /dev/null
@@ -104,12 +111,6 @@
 exit $STATUS
 fi
 
-if [ ! -d /var/run/smokeping ]; then
-mkdir /var/run/smokeping
-chown ${DAEMON_USER}.root /var/run/smokeping
-chmod 0755 /var/run/smokeping
-fi
-
 set +e
 start-stop-daemon --start --quiet --exec $DAEMON --oknodo \
 --chuid $DAEMON_USER --pidfile $PIDFILE \
@@ -144,9 +145,8 @@
 
 
 reload|force-reload)
-log_action_begin_msg "Reloading $DESC configuration"
-
 check_config
+log_action_begin_msg "Reloading $DESC configuration"
 set +e
 $DAEMON --reload $DAEMON_ARGS | logger -p daemon.notice -t smokeping
 STATUS=$?
@@ -161,6 +161,9 @@
 exit $STATUS
 ;;
 
+check)
+	check_config
+	;;
 
 status)
 log_daemon_msg "Checking $DESC status" $NAME

Bug#847924: check for config validity

[Matus UHLAR - fantomas]

Hello,

On 12.12.16 08:15, Antoine Beaupré wrote:

Thanks for the patch, it looks good and reasonable!


just for sure, I'm attaching the init script patch (against distributed
version).

creating /var/run/smokeping was moved to the from "start" section to
check_config() function, so the config can be checked without smokeping
started, and checking config before start does not fail at boot time.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
42.7 percent of all statistics are made up on the spot. 
--- smokeping	2016-12-12 12:50:06.0 +0100
+++ /etc/init.d/smokeping	2016-12-12 13:16:07.0 +0100
@@ -79,6 +79,7 @@
 }
 
 check_config () {
+echo "Checking smokeping configuration file syntax..."
 # Check whether the configuration file is available
 if [ ! -r "$CONFIG" ] && [ "$MODE" = "master" ]
 then
@@ -86,12 +87,13 @@
 log_end_msg 6 # program is not configured
 exit 6
 fi
+${DAEMON} --config=${CONFIG} --check || exit 6
 }
 
 case "$1" in
 start)
-log_daemon_msg "Starting $DESC" $NAME
 check_config
+log_daemon_msg "Starting $DESC" $NAME
 check_slave
 set +e
 pidofproc "$DAEMON" > /dev/null
@@ -144,9 +146,8 @@
 
 
 reload|force-reload)
-log_action_begin_msg "Reloading $DESC configuration"
-
 check_config
+log_action_begin_msg "Reloading $DESC configuration"
 set +e
 $DAEMON --reload $DAEMON_ARGS | logger -p daemon.notice -t smokeping
 STATUS=$?
@@ -161,6 +162,9 @@
 exit $STATUS
 ;;
 
+check)
+	check_config
+	;;
 
 status)
 log_daemon_msg "Checking $DESC status" $NAME

Bug#847924: check for config validity

[Matus UHLAR - fantomas]

Hello,


On 12.12.16 08:15, Antoine Beaupré wrote:

Control: tags -1 +patch

Thanks for the patch, it looks good and reasonable!


On 12.12.16 15:11, Matus UHLAR - fantomas wrote:

you're welcome...
looking at it, the "--check" part could be in an "if" clause:

   if ${DAEMON} --config=${CONFIG} --check
   then
   log_end_msg 6 # program is not configured
   exit 6
   fi


another issue raised up: the "check" fails if the pid directory does not
exist.

So, creating pid directory should go to the check_config() function
(it's called from "start"):

check_config () {
echo "Checking smokeping configuration file syntax..."
# Check whether the configuration file is available
if [ ! -r "$CONFIG" ] && [ "$MODE" = "master" ]
then
log_progress_msg "($CONFIG does not exist)"
log_end_msg 6 # program is not configured
exit 6
fi
if [ ! -d /var/run/smokeping ]; then
mkdir /var/run/smokeping
chown ${DAEMON_USER}.root /var/run/smokeping
chmod 0755 /var/run/smokeping
fi
${DAEMON} --config=${CONFIG} --check || exit 6
}

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etry, (A)bort, (C)ancer

Bug#847924: check for config validity

[Matus UHLAR - fantomas]

On 12.12.16 08:15, Antoine Beaupré wrote:

Control: tags -1 +patch

Thanks for the patch, it looks good and reasonable!


you're welcome...
looking at it, the "--check" part could be in an "if" clause:

if ${DAEMON} --config=${CONFIG} --check
then
log_end_msg 6 # program is not configured
    exit 6
    fi
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's speed by 500% - DEL C:\WINDOWS\*.*

Bug#847924: check for config validity

[Matus UHLAR - fantomas]

Package: smokeping
Version: 2.6.8-2+deb7u1

the check_config subrouting used in smokeping's init script does only check
config file for existence.  smokeping supports "--check" option for checking
its validity:

# smokeping --config=/etc/smokeping/config --check
Configuration file '/etc/smokeping/config' syntax OK.

It would be useful e.g. when reloading smokeping with error in the script
- smokeping would not reload (and thus exit).

modifying the script to check syntat prior to showing messages is
apparently needed.

I am including patch that adds the functionality:


--- smokeping   2016-12-12 12:50:06.0 +0100
+++ /etc/init.d/smokeping   2016-12-12 13:16:07.0 +0100
@@ -79,6 +79,7 @@
 }
 
 check_config () {

+echo "Checking smokeping configuration file syntax..."
 # Check whether the configuration file is available
 if [ ! -r "$CONFIG" ] && [ "$MODE" = "master" ]
 then
@@ -86,12 +87,13 @@
 log_end_msg 6 # program is not configured
 exit 6
 fi
+${DAEMON} --config=${CONFIG} --check || exit 6
 }
 
 case "$1" in

 start)
-log_daemon_msg "Starting $DESC" $NAME
 check_config
+log_daemon_msg "Starting $DESC" $NAME
 check_slave
 set +e
 pidofproc "$DAEMON" > /dev/null
@@ -144,9 +146,8 @@
 
 
 reload|force-reload)

-log_action_begin_msg "Reloading $DESC configuration"
-
 check_config
+log_action_begin_msg "Reloading $DESC configuration"
 set +e
 $DAEMON --reload $DAEMON_ARGS | logger -p daemon.notice -t smokeping
 STATUS=$?
@@ -161,6 +162,9 @@
 exit $STATUS
 ;;
 
+    check)

+   check_config
+   ;;
 
 status)

 log_daemon_msg "Checking $DESC status" $NAME


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!

Bug#840533: rcconf fails with multiple files

[Matus UHLAR - fantomas]

Package: rcconf
Version: 3.1

when enabling or disabling multiple daemons, rcconf fails with all but one
of them.

The problem seems to lie in "$command" variable not being overwritten but
appended with each daemon, which results in the same command being run
repeatedly with new argumets added, see example from "rcconf -v":

/usr/sbin/update-rc.d courier-imap-ssl enable
/usr/sbin/update-rc.d courier-imap-ssl enable  /usr/sbin/update-rc.d 
courier-pop enable
update-rc.d: warning: enable action will have no effect on runlevel 
/usr/sbin/update-rc.d
update-rc.d: warning: enable action will have no effect on runlevel courier-pop
update-rc.d: warning: enable action will have no effect on runlevel enable
update-rc.d: error: no runlevel symlinks to modify, aborting!
/usr/sbin/update-rc.d courier-imap-ssl enable  /usr/sbin/update-rc.d 
courier-pop enable  /usr/sbin/update-rc.d courier-pop-ssl enable
update-rc.d: warning: enable action will have no effect on runlevel 
/usr/sbin/update-rc.d
update-rc.d: warning: enable action will have no effect on runlevel courier-pop
update-rc.d: warning: enable action will have no effect on runlevel enable
update-rc.d: warning: enable action will have no effect on runlevel 
/usr/sbin/update-rc.d
update-rc.d: warning: enable action will have no effect on runlevel 
courier-pop-ssl
update-rc.d: warning: enable action will have no effect on runlevel enable
update-rc.d: error: no runlevel symlinks to modify, aborting!

the patch that fixed the behaviour attached.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fucking for virginity...
--- rcconf	2013-10-26 03:10:57.0 +0200
+++ rcconf.fixed	2016-10-12 15:31:17.939272822 +0200
@@ -1079,7 +1079,7 @@
 if ( ( exists($data->{$key}) ) &&
  ( $data->{$key}->{'start'} eq "z" ) &&
  ( $data->{$key}->{'stop'} eq "z" ) ) {
-  $command .= $UPDATE_RCD_PATH . " " . $key . " enable ";
+  $command = $UPDATE_RCD_PATH . " " . $key . " enable ";
 } else {
   $command = $UPDATE_RCD_PATH." -f ".$key." remove $DEBUG_STRING ";
   if ( ( exists($data->{$key}) ) &&
@@ -1129,7 +1129,7 @@
 $pn = "00";
 }
 if ( $data->{$key}->{'stop'} eq "z" ) {
-  $command .= $UPDATE_RCD_PATH . " " . $key . " disable $DEBUG_STRING ";
+  $command = $UPDATE_RCD_PATH . " " . $key . " disable $DEBUG_STRING ";
 } else {
   $command = $UPDATE_RCD_PATH." -f ".$key." remove $DEBUG_STRING ";
   if ( $pn ne "" ) {

Bug#785130: old version has issues

[Matus UHLAR - fantomas]

Hello,

the old version 3.7.2 has issues with malwarepatrol (bug#831607 subscription
required) and securiteinfo (clamav.securiteinfo.com does not exist,
subscription required) signatures.

please check the new version .

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam is for losers who can't get business any other way.