Bug#826429: jessie-pu: package quassel/1:0.10.0-2.3+deb8u2
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Dear all, A security issue was found in quassel-core (CVE-2016-4414), allowing an unauthenticated remote client to cause a denial of service. Given the fact that Quassel isn't widely used in the client/server model nowadays, the Debian Security Team has asked the issue to be fixed with the next Jessie point release. You'll find attached the dsc and the debdiff for the proposed upload against Jessie. Cheers -- System Information: Debian Release: 8.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) diff -Nru quassel-0.10.0/debian/changelog quassel-0.10.0/debian/changelog --- quassel-0.10.0/debian/changelog 2015-12-28 20:54:21.0 +0100 +++ quassel-0.10.0/debian/changelog 2016-06-05 12:54:55.0 +0200 @@ -1,3 +1,12 @@ +quassel (1:0.10.0-2.3+deb8u3) jessie; urgency=medium + + * Non-maintainer upload. + * Fix CVE-2016-4414: remote DoS in quassel core with invalid handshake data. +(Closes: #826402) +- Add debian/patches/CVE-2016-4414.patch, cherry-picked from upstream. + + -- Pierre Schweitzer <pie...@reactos.org> Sun, 05 Jun 2016 12:41:35 +0200 + quassel (1:0.10.0-2.3+deb8u2) jessie; urgency=high * Non-maintainer upload. diff -Nru quassel-0.10.0/debian/patches/CVE-2016-4414.patch quassel-0.10.0/debian/patches/CVE-2016-4414.patch --- quassel-0.10.0/debian/patches/CVE-2016-4414.patch 1970-01-01 01:00:00.0 +0100 +++ quassel-0.10.0/debian/patches/CVE-2016-4414.patch 2016-06-05 12:55:03.0 +0200 @@ -0,0 +1,40 @@ +From e67887343c433cc35bc26ad6a9392588f427e746 Mon Sep 17 00:00:00 2001 +From: Manuel Nickschas <sputn...@quassel-irc.org> +Date: Sun, 24 Apr 2016 21:59:15 +0200 +Subject: [PATCH] Handle invalid handshake data properly in the core + +Clients sending invalid handshake data could make the core crash +due to an unchecked pointer. This commit fixes this issue by having +the core close the socket if a peer could not be created. + +Thanks to Bas Pape (Tucos) for finding this one! +--- + src/core/coreauthhandler.cpp | 8 +++- + 1 file changed, 7 insertions(+), 1 deletions(-) + +diff --git a/src/core/coreauthhandler.cpp b/src/core/coreauthhandler.cpp +index e380924..34fc222 100644 +--- a/src/core/coreauthhandler.cpp b/src/core/coreauthhandler.cpp +@@ -81,7 +81,7 @@ void CoreAuthHandler::onReadyRead() + } + + // read the list of protocols supported by the client +-while (socket()->bytesAvailable() >= 4) { ++while (socket()->bytesAvailable() >= 4 && _supportedProtos.size() < 16) { // sanity check + quint32 data; + socket()->read((char*), 4); + data = qFromBigEndian(data); +@@ -98,6 +98,12 @@ void CoreAuthHandler::onReadyRead() + level = Compressor::NoCompression; + + RemotePeer *peer = PeerFactory::createPeer(_supportedProtos, this, socket(), level, this); ++if (!peer) { ++qWarning() << "Received invalid handshake data from client" << socket()->peerAddress().toString(); ++close(); ++return; ++} ++ + if (peer->protocol() == Protocol::LegacyProtocol) { + _legacy = true; + connect(peer, SIGNAL(protocolVersionMismatch(int,int)), SLOT(onProtocolVersionMismatch(int,int))); diff -Nru quassel-0.10.0/debian/patches/series quassel-0.10.0/debian/patches/series --- quassel-0.10.0/debian/patches/series 2015-12-28 20:54:21.0 +0100 +++ quassel-0.10.0/debian/patches/series 2016-06-05 12:55:18.0 +0200 @@ -3,3 +3,4 @@ CVE-2015-2778.patch CVE-2015-3427.patch CVE-2015-8547.patch +CVE-2016-4414.patch Format: 3.0 (quilt) Source: quassel Binary: quassel-core, quassel-client, quassel, quassel-data, quassel-client-kde4, quassel-kde4, quassel-data-kde4 Architecture: any all Version: 1:0.10.0-2.3+deb8u3 Maintainer: Thomas Mueller <thomas.muel...@tmit.eu> Homepage: http://www.quassel-irc.org Standards-Version: 3.9.5 Build-Depends: debhelper (>= 9.20120417), libqt4-dev, cmake, libfontconfig1-dev, libfreetype6-dev, libpng-dev, libsm-dev, libice-dev, libxi-dev, libxrandr-dev, libxrender-dev, zlib1g-dev, libssl-dev, libdbus-1-dev, pkg-kde-tools, kdelibs5-dev, libqca2-dev, qt4-dev-tools, libqtwebkit-dev, libindicate-qt-dev, libdbusmenu-qt-dev Package-List: quassel deb net optional arch=any quassel-client deb net optional arch=any quassel-client-kde4 deb net optional arch=any quassel-core deb net optional arch=any quassel-data deb net optional arch=all quassel-data-kde4 deb net optional arch=all quassel-kde4 deb net optional arch=any Checksums-Sha1: 305d56774b1af2a891775a5637174d9048d875a7 28
Bug#826402: CVE-2016-4414: remote DoSdue to invalid handshake data
Package: quasselcore Version: 1:0.10.0-2.3+deb8u2 Severity: normal Tags: security Hi, The following vulnerability was published for quassel. CVE-2016-4414: remote DoSdue to invalid handshake data This is fixed in this commit: https://github.com/quassel/quassel/commit/e67887343c433cc35bc26ad6a9392588f427e746 Cheers, -- System Information: Debian Release: 8.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#809200: jessie-pu: package quassel/1:0.10.0-2.3+deb8u1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Dear all, A security issue was found in quassel-core (CVE-2015-8547), allowing an authenticated remote client to cause a denial of service. Given the fact that Quassel isn't widely used in the client/server model nowadays, the Debian Security Team has asked the issue to be fixed with the next Jessie point release. You'll find attached the dsc and the debdiff for the proposed upload against Jessie. Cheers -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) diff -Nru quassel-0.10.0/debian/changelog quassel-0.10.0/debian/changelog --- quassel-0.10.0/debian/changelog 2015-05-10 16:41:35.0 +0200 +++ quassel-0.10.0/debian/changelog 2015-12-28 00:02:39.0 +0100 @@ -1,3 +1,12 @@ +quassel (1:0.10.0-2.3+deb8u2) jessie; urgency=high + + * Non-maintainer upload. + * Fix CVE-2015-8547: remote DoS in quassel core, using /op * command. +(Closes: #807801) +- Add debian/patches/CVE-2015-8547.patch, cherry-picked from upstream. + + -- Pierre Schweitzer <pie...@reactos.org> Sun, 13 Dec 2015 11:04:05 +0100 + quassel (1:0.10.0-2.3+deb8u1) jessie-security; urgency=high * Fix CVE-2015-3427: SQL injection vulnerability in PostgreSQL backend. diff -Nru quassel-0.10.0/debian/patches/CVE-2015-8547.patch quassel-0.10.0/debian/patches/CVE-2015-8547.patch --- quassel-0.10.0/debian/patches/CVE-2015-8547.patch 1970-01-01 01:00:00.0 +0100 +++ quassel-0.10.0/debian/patches/CVE-2015-8547.patch 2015-12-28 00:02:13.0 +0100 @@ -0,0 +1,22 @@ +From 476aaa050f26d6a31494631d172724409e4c569b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Konstantin=20Bl=C3=A4si?= <kbla...@gmail.com> +Date: Wed, 21 Oct 2015 03:26:02 +0200 +Subject: [PATCH] Fixes a crash of the core when executing "/op *" in a query. + +--- + src/core/coreuserinputhandler.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/coreuserinputhandler.cpp b/src/core/coreuserinputhandler.cpp +index 7887a92..73aac48 100644 +--- a/src/core/coreuserinputhandler.cpp b/src/core/coreuserinputhandler.cpp +@@ -232,7 +232,7 @@ void CoreUserInputHandler::doMode(const BufferInfo , const QChar& add + if (!isNumber || maxModes == 0) maxModes = 1; + + QStringList nickList; +-if (nicks == "*") { // All users in channel ++if (nicks == "*" && bufferInfo.type() == BufferInfo::ChannelBuffer) { // All users in channel + const QList<IrcUser*> users = network()->ircChannel(bufferInfo.bufferName())->ircUsers(); + foreach(IrcUser *user, users) { + if ((addOrRemove == '+' && !network()->ircChannel(bufferInfo.bufferName())->userModes(user).contains(mode)) diff -Nru quassel-0.10.0/debian/patches/series quassel-0.10.0/debian/patches/series --- quassel-0.10.0/debian/patches/series 2015-05-05 16:48:55.0 +0200 +++ quassel-0.10.0/debian/patches/series 2015-12-28 00:02:13.0 +0100 @@ -2,3 +2,4 @@ CVE-2014-8483.patch CVE-2015-2778.patch CVE-2015-3427.patch +CVE-2015-8547.patch Format: 3.0 (quilt) Source: quassel Binary: quassel-core, quassel-client, quassel, quassel-data, quassel-client-kde4, quassel-kde4, quassel-data-kde4 Architecture: any all Version: 1:0.10.0-2.3+deb8u2 Maintainer: Thomas Mueller <thomas.muel...@tmit.eu> Homepage: http://www.quassel-irc.org Standards-Version: 3.9.5 Build-Depends: debhelper (>= 9.20120417), libqt4-dev, cmake, libfontconfig1-dev, libfreetype6-dev, libpng-dev, libsm-dev, libice-dev, libxi-dev, libxrandr-dev, libxrender-dev, zlib1g-dev, libssl-dev, libdbus-1-dev, pkg-kde-tools, kdelibs5-dev, libqca2-dev, qt4-dev-tools, libqtwebkit-dev, libindicate-qt-dev, libdbusmenu-qt-dev Package-List: quassel deb net optional arch=any quassel-client deb net optional arch=any quassel-client-kde4 deb net optional arch=any quassel-core deb net optional arch=any quassel-data deb net optional arch=all quassel-data-kde4 deb net optional arch=all quassel-kde4 deb net optional arch=any Checksums-Sha1: 305d56774b1af2a891775a5637174d9048d875a7 2873233 quassel_0.10.0.orig.tar.bz2 40abd40ac178fdd7ce9d80e5cff83c887b12bb62 23128 quassel_0.10.0-2.3+deb8u2.debian.tar.xz Checksums-Sha256: 68228ce23aa3a992add3d00cb1e8b4863d8ca64bea99c881edf6d16ff9ec7c23 2873233 quassel_0.10.0.orig.tar.bz2 99ea16063c487057409aeed3b805f4f12e0a11b4df087e45f9c4bd503a00dab9 23128 quassel_0.10.0-2.3+deb8u2.debian.tar.xz Files: 382466a7790979c172b7d7edf10a2981 2873233 quassel_0.10.0.orig.tar.bz2 0a6ca72fd93eb30cffdce5ec8d457bd7 23128 quassel_0.10.0-2.3+deb8u2.debian.tar.xz
Bug#807801: Sponsoring for upload CVE-2015-8547
Hi Salvatore, On 27/12/2015 09:09, Salvatore Bonaccorso wrote: > Hi Pierre, > > On Mon, Dec 14, 2015 at 10:28:26PM +0100, Pierre Schweitzer wrote: >> Dear all, >> >> After having asked for a CVE[0] for this Quassel issue [1], I've >> uploaded you (attached) a debdiff & dsc to the bug report for an upload. >> Would you be able to sponsor the upload, as I can't? >> Or perhaps the maintainers are available for the upload? > > Can you help me evaluating the issue, since I'm not a quassel user > myself: From a quick search and a bit of testing with a > quassel-client/quassel-core setup, am I right that > > a/ multi-user setups with quassel-core are non-default and not > so frequent? It's hard to say. However, there are no well-known Quassel providers (as you would have for ZNC/BNC). > b/ This issue can (only) be triggered by a client connected to a > quassel core? Yes. Regards, -- Pierre Schweitzer System & Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. signature.asc Description: OpenPGP digital signature
Bug#807801: Patch
Hi, Please find attached a debdiff for Jessie backporting the fix for this vulnerability. Cheers, -- Pierre Schweitzer System & Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. diff -Nru quassel-0.10.0/debian/changelog quassel-0.10.0/debian/changelog --- quassel-0.10.0/debian/changelog 2015-05-10 16:41:35.0 +0200 +++ quassel-0.10.0/debian/changelog 2015-12-13 11:06:32.0 +0100 @@ -1,3 +1,12 @@ +quassel (1:0.10.0-2.3+deb8u2) jessie-security; urgency=high + + * Non-maintainer upload. + * Fix CVE-2015-8547: remote DoS in quassel core, using /op * command. +(Closes: #807801) +- Add debian/patches/CVE-2015-8547.patch, cherry-picked from upstream. + + -- Pierre Schweitzer <pie...@reactos.org> Sun, 13 Dec 2015 11:04:05 +0100 + quassel (1:0.10.0-2.3+deb8u1) jessie-security; urgency=high * Fix CVE-2015-3427: SQL injection vulnerability in PostgreSQL backend. diff -Nru quassel-0.10.0/debian/patches/CVE-2015-8547.patch quassel-0.10.0/debian/patches/CVE-2015-8547.patch --- quassel-0.10.0/debian/patches/CVE-2015-8547.patch 1970-01-01 01:00:00.0 +0100 +++ quassel-0.10.0/debian/patches/CVE-2015-8547.patch 2015-12-13 11:03:42.0 +0100 @@ -0,0 +1,22 @@ +From 476aaa050f26d6a31494631d172724409e4c569b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Konstantin=20Bl=C3=A4si?= <kbla...@gmail.com> +Date: Wed, 21 Oct 2015 03:26:02 +0200 +Subject: [PATCH] Fixes a crash of the core when executing "/op *" in a query. + +--- + src/core/coreuserinputhandler.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/coreuserinputhandler.cpp b/src/core/coreuserinputhandler.cpp +index 7887a92..73aac48 100644 +--- a/src/core/coreuserinputhandler.cpp b/src/core/coreuserinputhandler.cpp +@@ -232,7 +232,7 @@ void CoreUserInputHandler::doMode(const BufferInfo , const QChar& add + if (!isNumber || maxModes == 0) maxModes = 1; + + QStringList nickList; +-if (nicks == "*") { // All users in channel ++if (nicks == "*" && bufferInfo.type() == BufferInfo::ChannelBuffer) { // All users in channel + const QList<IrcUser*> users = network()->ircChannel(bufferInfo.bufferName())->ircUsers(); + foreach(IrcUser *user, users) { + if ((addOrRemove == '+' && !network()->ircChannel(bufferInfo.bufferName())->userModes(user).contains(mode)) diff -Nru quassel-0.10.0/debian/patches/series quassel-0.10.0/debian/patches/series --- quassel-0.10.0/debian/patches/series 2015-05-05 16:48:55.0 +0200 +++ quassel-0.10.0/debian/patches/series 2015-12-13 11:03:58.0 +0100 @@ -2,3 +2,4 @@ CVE-2014-8483.patch CVE-2015-2778.patch CVE-2015-3427.patch +CVE-2015-8547.patch Format: 3.0 (quilt) Source: quassel Binary: quassel-core, quassel-client, quassel, quassel-data, quassel-client-kde4, quassel-kde4, quassel-data-kde4 Architecture: any all Version: 1:0.10.0-2.3+deb8u2 Maintainer: Thomas Mueller <thomas.muel...@tmit.eu> Homepage: http://www.quassel-irc.org Standards-Version: 3.9.5 Build-Depends: debhelper (>= 9.20120417), libqt4-dev, cmake, libfontconfig1-dev, libfreetype6-dev, libpng-dev, libsm-dev, libice-dev, libxi-dev, libxrandr-dev, libxrender-dev, zlib1g-dev, libssl-dev, libdbus-1-dev, pkg-kde-tools, kdelibs5-dev, libqca2-dev, qt4-dev-tools, libqtwebkit-dev, libindicate-qt-dev, libdbusmenu-qt-dev Package-List: quassel deb net optional arch=any quassel-client deb net optional arch=any quassel-client-kde4 deb net optional arch=any quassel-core deb net optional arch=any quassel-data deb net optional arch=all quassel-data-kde4 deb net optional arch=all quassel-kde4 deb net optional arch=any Checksums-Sha1: 305d56774b1af2a891775a5637174d9048d875a7 2873233 quassel_0.10.0.orig.tar.bz2 620cae3e1c59c193eb9b6620b7568bbf0c9d0dc8 22964 quassel_0.10.0-2.3+deb8u2.debian.tar.xz Checksums-Sha256: 68228ce23aa3a992add3d00cb1e8b4863d8ca64bea99c881edf6d16ff9ec7c23 2873233 quassel_0.10.0.orig.tar.bz2 4dd55466a791826c75072999aa3899d1078ddbe1f25afe991a9be2a444a73b9d 22964 quassel_0.10.0-2.3+deb8u2.debian.tar.xz Files: 382466a7790979c172b7d7edf10a2981 2873233 quassel_0.10.0.orig.tar.bz2 b5a5acf4c81be0d48b2bf2c0a9045e5a 22964 quassel_0.10.0-2.3+deb8u2.debian.tar.xz signature.asc Description: OpenPGP digital signature
Bug#794070: Add support for self-extracting
Package: care Version: 2.2.1-1 Severity: wishlist Dear maintainer, So far the package shipped with Debian doesn't provide self-extracting support. When attempting to create such an archive, care outputs: care error: This version of CARE was built without self-extracting (.bin) support care warning: can't initialize the care extension Would it possible to have such support? It is available upstream. Thanks! -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.0.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages care depends on: ii libarchive13 3.1.2-11+b1 ii libc6 2.19-19 ii libtalloc22.1.2-3 care recommends no packages. care suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#791686: With grep upgrade (to 2.21-2), GREP_OPTIONS used by fish is deprecated
Package: fish Version: 2.1.2+dfsg1-2 Severity: normal Recently, grep was upgraded in stretch/sid: [UPGRADE] grep:amd64 2.20-4.1 - 2.21-2 This bring an unwanted behavior, fish is using GREP_OPTIONS to control grep: $ echo $GREP_OPTIONS --color=auto Any usage of grep will lead to this warning to be displayed: $ grep grep: warning: GREP_OPTIONS is deprecated; please use an alias or script -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.0.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages fish depends on: ii bc 1.06.95-9 ii epiphany-browser [www-browser] 3.16.2-1 ii fish-common 2.1.2+dfsg1-2 ii iceweasel [www-browser] 38.1.0esr-2 ii konqueror [www-browser] 4:4.14.2-1 ii libc6 2.19-18 ii libgcc1 1:5.1.1-12 ii libncurses5 5.9+20150516-2 ii libstdc++6 5.1.1-12 ii libtinfo5 5.9+20150516-2 ii midori [www-browser]0.4.3+dfsg-0.2 ii w3m [www-browser] 0.5.3-22 Versions of packages fish recommends: ii xsel 1.2.0-2 Versions of packages fish suggests: pn doc-base none -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#779872: (no subject)
More information again for this bug. It also affects Sid with (31.5.0esr-1). On the other hand, Firefox in Ubuntu Trusty (LTS) isn't affected (36.0+build2-0ubuntu0.14.04.4). Regarding my proposal, I've proposed it upstream at: https://bugzilla.mozilla.org/show_bug.cgi?id=1140159 -- Pierre Schweitzer pie...@reactos.org System Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. smime.p7s Description: S/MIME Cryptographic Signature
Bug#779872: Iceweasel incorrectly uses /tmp for temporary files
Package: iceweasel Version: 31.5.0esr-1~deb7u1 Severity: important Tags: security Dear all, Iceweasel offers the possibility to open a file instead of downloading it. In such situation, the file is downloaded into /tmp directory and then opened. The permissions set on the downloaded temporary file are weak allowing anyone to open it as well. This has the wrong effect of disclosing the file to anyone who has access to the system, leading to a potential privacy disclose, depending on the file. It would be better that iceweasel grants limited permissions to the user only. -- Package-specific info: -- Extensions information Name: Français Language Pack locale Location: /usr/lib/iceweasel/browser/extensions/langpack...@iceweasel.mozilla.org.xpi Package: iceweasel-l10n-fr Status: enabled Name: Thème par défaut theme Location: /usr/lib/iceweasel/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd} Package: iceweasel Status: enabled -- Plugins information Name: Gnome Shell Integration Location: /usr/lib/mozilla/plugins/libgnome-shell-browser-plugin.so Package: gnome-shell Status: enabled Name: iTunes Application Detector Location: /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so Package: rhythmbox-plugins Status: enabled Name: Shockwave Flash Location: /usr/lib/gnash/libgnashplugin.so Package: browser-plugin-gnash Status: enabled -- Addons package information ii browser-plugin 0.8.11~git20 amd64GNU Shockwave Flash (SWF) player ii gnome-shell3.4.2-7+deb7 amd64graphical shell for the GNOME des ii iceweasel 31.5.0esr-1~ amd64Web browser based on Firefox ii iceweasel-l10n 1:31.5.0esr- all French language package for Icewe ii rhythmbox-plug 2.97-2.1 amd64plugins for rhythmbox music playe -- System Information: Debian Release: 7.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages iceweasel depends on: ii debianutils 4.3.2 ii fontconfig2.9.0-7.1 ii libasound21.0.25-4 ii libatk1.0-0 2.4.0-2 ii libc6 2.13-38+deb7u8 ii libcairo2 1.12.2-3 ii libdbus-1-3 1.6.8-1+deb7u6 ii libdbus-glib-1-2 0.100.2-1 ii libevent-2.0-52.0.19-stable-3+deb7u1 ii libffi5 3.0.10-3 ii libfontconfig12.9.0-7.1 ii libfreetype6 2.4.9-1.1 ii libgcc1 1:4.7.2-5 ii libgdk-pixbuf2.0-02.26.1-1 ii libglib2.0-0 2.33.12+really2.32.4-5 ii libgtk2.0-0 2.24.10-2 ii libhunspell-1.3-0 1.3.2-4 ii libpango1.0-0 1.30.0-1 ii libsqlite3-0 3.7.13-1+deb7u1 ii libstartup-notification0 0.12-1 ii libstdc++64.7.2-5 ii libx11-6 2:1.5.0-1+deb7u1 ii libxext6 2:1.3.1-2+deb7u1 ii libxrender1 1:0.9.7-1+deb7u1 ii libxt61:1.1.3-1+deb7u1 ii procps1:3.3.3-3 ii zlib1g1:1.2.7.dfsg-13 iceweasel recommends no packages. Versions of packages iceweasel suggests: pn fonts-mathjax none pn fonts-oflb-asana-math none ii fonts-stix [otf-stix] 1.1.0-1 ii libcanberra0 0.28-6 ii libgnomeui-0 2.24.5-2 ii libgssapi-krb5-2 1.10.1+dfsg-5+deb7u3 pn mozplugger none -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#779872: (no subject)
As a side note, as a better fix it would be interesting to move all the temporary files from Iceweasel to a directory such as /tmp/iceweasel-user-random/ to prevent any information leak regarding the metadata of the temporary files. Will report this to upstream. -- Pierre Schweitzer pierre at reactos.org System Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. smime.p7s Description: S/MIME Cryptographic Signature
Bug#776060: Bind listens on any for IPv6 and localhost for IPv4
Package: bind9 Version: 1:9.9.5.dfsg-8 Severity: normal Tags: ipv6 When installed with default configuration, bind will only listen on 127.0.0.1 for IPv4 connections while it will listen on :: for IPv6 connections. This a not consistent behavior, and exposes bind9 without much reasons. A quick (working) fix is to change the line listen-on-v6 { any; }; in /etc/bind/named.conf.options with: listen-on-v6 { ::1; }; -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages bind9 depends on: ii adduser3.113+nmu3 ii bind9utils 1:9.9.5.dfsg-8 ii debconf [debconf-2.0] 1.5.55 ii init-system-helpers1.22 ii libbind9-901:9.9.5.dfsg-8 ii libc6 2.19-13 ii libcap21:2.24-6 ii libcomerr2 1.42.12-1 ii libdns100 1:9.9.5.dfsg-8 ii libgssapi-krb5-2 1.12.1+dfsg-16 ii libisc95 1:9.9.5.dfsg-8 ii libisccc90 1:9.9.5.dfsg-8 ii libisccfg901:9.9.5.dfsg-8 ii libk5crypto3 1.12.1+dfsg-16 ii libkrb5-3 1.12.1+dfsg-16 ii liblwres90 1:9.9.5.dfsg-8 ii libssl1.0.01.0.1k-1 ii libxml22.9.2+dfsg1-1+b1 ii lsb-base 4.1+Debian13+nmu1 ii net-tools 1.60-26+b1 ii netbase5.3 bind9 recommends no packages. Versions of packages bind9 suggests: pn bind9-doc none ii dnsutils1:9.9.5.dfsg-8 pn resolvconf none pn ufw none -- debconf information: bind9/different-configuration-file: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#772735: kgb-client hits an assert on SVN repo path with a tailing /
Package: kgb-client Severity: important Tags: upstream This report follows the report on Ubuntu LP: https://bugs.launchpad.net/ubuntu/+source/kgb-bot/+bug/1400453 When calling the kgb-client on a SVN repo with a tailing /, the client will hit an assert: perl: /build/buildd/subversion-1.8.8/subversion/libsvn_subr/dirent_uri.c:972: svn_dirent_join: Assertion `svn_dirent_is_canonical(base, pool)' failed. Aborted The solution to fix it is to remove said tailing /. Because SVN provides the path with the tailing / in case of a hook, it would be better if kgb-client chomps it. -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#772735: [kgb-maintainers] Bug#772735: kgb-client hits an assert on SVN repo path with a tailing /
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yes, I'm sorry, it's trailing /. Just confused a bit while writing the bug report. For the record, our invocation is in post-commit hook is: kgb-client --conf /etc/kgb-client/kgb-reactos.conf --repository svn $1 $2 /dev/null 21 Sorry for the confusion. On 10/12/2014 18:43, gregor herrmann wrote: On Wed, 10 Dec 2014 17:04:56 +0100, Pierre Schweitzer wrote: Package: kgb-client Severity: important Tags: upstream This report follows the report on Ubuntu LP: https://bugs.launchpad.net/ubuntu/+source/kgb-bot/+bug/1400453 When calling the kgb-client on a SVN repo with a tailing /, the client will hit an assert: perl: /build/buildd/subversion-1.8.8/subversion/libsvn_subr/dirent_uri.c:972: svn_dirent_join: Assertion `svn_dirent_is_canonical(base, pool)' failed. Aborted The solution to fix it is to remove said tailing /. Because SVN provides the path with the tailing / in case of a hook, it would be better if kgb-client chomps it. Leading or trailing? I suppose the former, as you wrote in launchpad. Anyway, I can't confirm this behaviour. Luckily my post-commit hook writes a log so I could look at the last invocation, which looks like: /usr/bin/kgb-client --conf /home/groups/$CONFIG.conf /var/svnroot/$REPO 1588 (From your LP bug: kgb-client --conf /etc/kgb-client/kgb-reactos.conf --repository svn /srv/svn/reactos/ 65590 ) Running it again there is no output and the return code is 0. (And I see the commit message in the channel :)) Or is it the trailing / after all? % /usr/bin/kgb-client --conf /home/groups/$CONFIG.conf /var/svnroot/$REPO/ 1588 perl: /build/subversion-IvrZTj/subversion-1.8.10/subversion/libsvn_subr/dirent_uri.c:972: svn_dirent_join: Assertion `svn_dirent_is_canonical(base, pool)' failed. + coredump. Ok, here we are. I'm just not so sure where the trailing / in your invocation comes from. Unless I'm mistaken, the subversion version that passed the path without a trailing slash to the post-commit hook in my example was 1.8.9-2, and KGB was at version 1.33-1. But yes, having the client strip the trailing / from the path might be a good idea. Cheers, gregor - -- Pierre Schweitzer pierre at reactos.org System Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUiI4gAAoJEHVFVWw9WFsLHPQQAKHu3tzIfVTFV/sSleZPR6WT tjgfxGR68zk8UZ5kicSDtsXudPIhmkGOz9clPj+qV+PquOgeAC+T9ruPyqXDAuBa wR3KenFym4I6KqAwcvhfUmNueP5B0j1yt/DfaUyrQ2kl3IkmFzL2x9FD59T+vfER uhi2RnQbui1MhCNGVmBhKLeJiX70wIN7hfKqsFsXtazQ/jGB4EFDbbk0itjCedyZ cS4P1Zd4koqpLOEaPAUQFM95Eu/AWW+x1Njq7T0YoJnQsOKFSuJlobGxJWsd3net +pbcy391cVCsgwAOa5VUYA2e+csvVDMyhVs53vNZAgt9N2Y2PfnLfnYcsObLbfPp KPhyarczWmJgzNK+VS4ofmbfsBdagqbYUzx5B+o9QZhNpAaH8VcZdcpX8JbE7Qyj IghRRB+l60oZG8N+WRTNBYx5L1g591Rmx6J3A4Zhy4UxdoM97hpXcWOpm83w0CPM XEx4HMONu/jEhpGHguLqAJ1B2BFSS8v7T/q/vRxaBH9rkhXYsqNLCTNJwYAGxg4g a2y0Si+iYeTEzQMYFmwcNyReQ4PfRgbK0+Lp0gtjQvqwVKyu+K0a5W1q7rCv9cCM 08ALOXYqrtpTnL2KTIb8wb5qCIkz+33WNcCKSDizgrtbyHGDakJdlbolZTv490iL WUwXFpz+9GxSyziImAjI =83xQ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#772735: (no subject)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Please find attached a patch to resolve the issue. When in SVN context, it just chomp any trailing /. Tested fixing the issue here. - -- Pierre Schweitzer pierre at reactos.org System Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUiJq8AAoJEHVFVWw9WFsLaBoP/ilUZmuEm2/1BdVjMV5OWaot EkD9W895LeYnjQDO3BHnE2gCGLumN/7qHv0pIO059rxejajafaJHCNwjaCKudn+7 5CEFw+fmbCZNoto8SdI5vTuSn5eQL9cHP1sflgmZIWWNGw7ibPDG3yeaFfvJqxwc E7H6hQYNs2rQDZ4IAPdkzM2/UvB5BqTtKqtIOOpe/MM+K531vRaR4FZ+giHCqNcs RlJrvu1fcN9zHfVplKD367sY8iuxASSPMjvmqsY6Gsk/5iJKCN2U6fv2KwesMCVf 8bZqNUd6Lt4RWM/cz8nPb7C0o/xTwn0eAkcqPc9c42tGsNijT7BWMHC/yPIX2adE DvH93gmhMzrxm4MoYF8GYxZGqeiDlm3mbs27ieM+asKs8KCM205gkCFhK8YYBw0g M3XqQVknRehFVNZYNYQXPMPK7dRNY5q+2TcQZ8c7AXo5TLHSMFM1ecA67ZAfl62O BagV1JkgJr32YGJtjB/nI/08vXiRkcM4NyS6MIoU/nt1wsShUdJmo1CHdtvh+VqF 0K1XjxTpZSaAXja/OIDiRtaHtLS7CjZlXHYZJzXYErM46bq6PHdGT13KA/PKuIY/ Rl0XFdjhBbDN0sk/psDDajfEbe+tU3b12dv09VaBEWIuvCXoaPvzvRXJNR8WR8jE TAbgtUxutuG/vDQfd2SN =WSA0 -END PGP SIGNATURE- From d41b9c38b4402cd62ca081c507cb31da5d5109cd Mon Sep 17 00:00:00 2001 From: Pierre Schweitzer pie...@reactos.org Date: Wed, 10 Dec 2014 20:07:02 +0100 Subject: [PATCH] Chomp any trailing / in the repo path in case of SVN commit to prevent any assertion in the Perl SVN library --- script/kgb-client | 1 + 1 file changed, 1 insertion(+) diff --git a/script/kgb-client b/script/kgb-client index c25b4fc..15e140d 100755 --- a/script/kgb-client +++ b/script/kgb-client @@ -539,6 +539,7 @@ elsif ( $repo_type eq 'svn' ) { . Error loading App::KGB::Client::Subversion:\n . $@; +$path =~ s/\/*$//; my $client = App::KGB::Client::Subversion-new( { @client_args, repo_path = $path, -- 1.9.1
Bug#772747: Don't fail to display user name in case user is not local
Package: kgb-client Severity: normal Tags: patch When a commit is done, kgb-client tries to map login to real name. But if user isn't local, then it fails and just displays nothing. This patch makes the login default name and only uses real name if available. Tested successfully -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) From 69053894a842e530fb7c40ed0dc62026ce6d8dee Mon Sep 17 00:00:00 2001 From: Pierre Schweitzer pie...@reactos.org Date: Wed, 10 Dec 2014 19:36:42 +0100 Subject: [PATCH] In case the commiter isn't a local user, don't attempt to use $user which won't be defined and fallback to login name --- lib/App/KGB/Client.pm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/App/KGB/Client.pm b/lib/App/KGB/Client.pm index eca2b74..b38ef63 100644 --- a/lib/App/KGB/Client.pm +++ b/lib/App/KGB/Client.pm @@ -1055,7 +1055,8 @@ sub _get_full_user_name { return $self-_full_user_name if $self-_full_user_name; my $user = getpwnam($login); -( my $full_name = $user-gecos ) =~ s/,.*//; +my $full_name = $login +( $full_name = $user-gecos ) =~ s/,.*// if defined $user; utf8::decode($full_name); -- 1.9.1
Bug#772749: Reflect commit f77c3ea on multiline message template
Package: kgb-client Severity: normal Tags: patch The attached patch just removes the ${{project}/} token from kgb-client -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) From 1527c958c5a11f7ebcd5107bfac43bbe398c7217 Mon Sep 17 00:00:00 2001 From: Pierre Schweitzer pie...@reactos.org Date: Wed, 10 Dec 2014 19:55:57 +0100 Subject: [PATCH] Apply commit f77c3eabcd33e3bf4e21ca8abe147f379b823f5d to multiline default message template as well --- script/kgb-client | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/kgb-client b/script/kgb-client index bc78f42..dad2a2f 100755 --- a/script/kgb-client +++ b/script/kgb-client @@ -223,7 +223,7 @@ $single_line_commits = 'auto'; $use_color = 1; $msg_template = '${{author-name} }${{branch} }${{commit} }${{module}}${ {changes}}${ {log-first-line}}${ * {web-link}}'; # multi-line notifications -# $msg_template = '${{author-name} }${{branch} }${{commit} }${{project}/}${{module}}${ {changes}}${ * {web-link}}${\n{log}}'; +# $msg_template = '${{author-name} }${{branch} }${{commit} }${{module}}${ {changes}}${ * {web-link}}${\n{log}}'; Getopt::Long::Configure('pass_through'); -- 1.9.1
Bug#772750: Fix multiline display in its message template
Package: kgb-client Severity: normal Tags: patch This patch just removes the \n char which is printed on IRC when multiline template is used, to really provide a multiline template. This has been successfully tested You have to apply patch from bug #772749 first -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) From a355271901e2b6aa2fc6a3982426a40055346446 Mon Sep 17 00:00:00 2001 From: Pierre Schweitzer pie...@reactos.org Date: Wed, 10 Dec 2014 19:57:36 +0100 Subject: [PATCH] The char \n will be displayed that way on IRC instead of going to the next line. Just going to the next line work --- script/kgb-client | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/script/kgb-client b/script/kgb-client index dad2a2f..c25b4fc 100755 --- a/script/kgb-client +++ b/script/kgb-client @@ -223,7 +223,8 @@ $single_line_commits = 'auto'; $use_color = 1; $msg_template = '${{author-name} }${{branch} }${{commit} }${{module}}${ {changes}}${ {log-first-line}}${ * {web-link}}'; # multi-line notifications -# $msg_template = '${{author-name} }${{branch} }${{commit} }${{module}}${ {changes}}${ * {web-link}}${\n{log}}'; +# $msg_template = '${{author-name} }${{branch} }${{commit} }${{module}}${ {changes}}${ * {web-link}} +# ${{log}}'; Getopt::Long::Configure('pass_through'); -- 1.9.1
Bug#578595: (no subject)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear all, According to [1], there is now support for PSK in StrongSwan NM plugin, starting with 1.3.1. Sid is currently at 1.3.0. Would it be possible to consider upgrading to 1.3.1? I also need this. Thanks. Cheers, Pierre [1]: https://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager - -- Pierre Schweitzer pie...@reactos.org System Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUfwDfAAoJEHVFVWw9WFsLD8gQAJN1mNeoR34eqBzEmHVtePMQ 9cgi3PLbOkiugjJbqtNlwjfCa42UtVnRCwOd+xSWPhq6Rm9nVXmc7BjTVVVbQ4a2 O4+xb1u03RBJ/Ev51UrkgYPlbAxGtiH3HdzidXsndOFxHkZXY9RNFsFMlMTxUFGq eOPl6PM8u1efDumq0Ga9+zCv/H1g3hmQAeJLgt07bY32q2X4PaXzyxuA3f8tI0NB Pln0YEzGNfy22YAIPFyKQen7tmaAN8Fm00tqb1QrplwZdZDph1hGyZwLhuQoKpbq ykf5vSYwiKsIMN/QCmozjcIjDqMtOpzSuXahK0kUvn9kegaixHeeMhlih1DI0Jpd VEo7eATIIO/V6MsNMGpZtbihxsxiCSQTYeK7lQT7b0hXONRbNQVDpgisF1Y0jc0R wGre/FQxBMVb41FWNpqUZdA1/ZI27ZtqkUxDizc5M6IH5EIL4BXnVVIbBqvfwFQs 7Ig2hfGZO0ob6xfIhB7pqCmr0XhVauIy3DEGnQB0xLj/uE3AggvjD6W+IhM9j8oz Z7uFuKPiC7BVSQ89RhQqccYOCTuvZXfmtuuX11lIFwuXGNjN7rGdG7uP7xreFH+/ rMJbx3hceXypehqPow7wPsCJZhPGzv9a5b/50rqjUqhq8cFVCy9cve9YrmPSM0xO 3PhybsIulYR5WWQXBBtn =N0w4 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#771048: check_http doesn't support TLSv1.2 in Wheezy
Package: nagios-plugins-basic Version: 1.4.16-1 Severity: wishlist Tags: upstream Dear all, The shipped check_http plugin cannot handle TLSv1.2 only servers and returns an error on Wheezy: HTTP CRITICAL - Error on receive This appears to be fixed in sid, where it properly returns: HTTP OK: HTTP/1.1 200 OK - 365 bytes in 0.115 second response time |time=0.114707s;;;0.00 size=365B;;;0 May the support be backported to Wheezy? Cheers, Pierre Schweitzer -- System Information: Debian Release: 7.7 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages nagios-plugins-basic depends on: ii iputils-ping 3:20101006-1+b1 ii libc6 2.13-38+deb7u6 ii libssl1.0.01.0.1e-2+deb7u13 ii nagios-plugins-common 1.4.16-1 ii procps 1:3.3.3-3 ii ucf3.0025+nmu3 nagios-plugins-basic recommends no packages. Versions of packages nagios-plugins-basic suggests: ii icinga 1.11.6-1~bpo70+1 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#771048: (no subject)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Small update on the topic: It's actually not a matter of protocol (other TLSv1.2 servers are working fine) but more a matter of ciphers. The server is Apache2 and Qualis is reporting these ciphers only: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) When allowing more ciphers, it works also in Wheezy (and still works in sid, obviously ;-)). - -- Pierre Schweitzer pie...@reactos.org System Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUdc2YAAoJEHVFVWw9WFsL2zUP/2WTWdLZ9vjfU8VqZ96goKBN yzWwRSxjUCVJ/4772c72FmwhngIjF2B7vCtfGmiYwMBmf75AZq8SWnw9coUWCYYf /B/wjeswFVTlaI6Ikilzk901NvOmaIbwLcKtzPUFBF7jfVFCA1Wpkm4DoXdxN1nx a3DonlXzG+gBrOD6EP6VXk/tCwdFcCNz0oVWTDhgaIYGqmPQWKgJkNGy8LFp26W4 VSwDZ+IbCjp5J04d6rcha0s/ckOAoG7oyqATY1c4XttPHgnoqWo9iVuDMTGCUo0P g/ZmWAmGWHe9U+vcPfqY9FuoIzZb+bXoMRvm/XhdxjrH/2MNBjnMFZlf4YgAWbVD WykjLJ6pVbx+syA1UUyPcVD8EhzwTyPm8ZqQheVJVXnR3n11/BVSgn8VKl+39wY4 6iR8JQ9U4nPkE+fCiWAcK4E4wun2DLR9b49BGcA4s5jGs+xQLFL0mDsy1v7JT0Lu 3FwY1FyCm9SKJt6gLCkBuR99I98ri0P3/vkPsE8LBXjYoQ+UnSGXMVtaJRLEY6N1 8Auugn/HVNm0HWq0rrdm8A+XVL/UP5OJqTFC1GGMoUJAiMtxBn2+DPLFiT4IpGEW yOXn4dyKjLkVlfEAi5NaqxILfDukDBQf9WRG7eoOI86QG0HRjaZ6TY9+wtJJIpaq yanlAnlvTBqQ5dTO4RA8 =LO15 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#770332: pu: package dhcpcd5/5.5.6-1
Package: release.debian.org Severity: normal Tags: security patch User: release.debian@packages.debian.org Usertags: pu Dear all, A denial of service issues was fixed upstream. It received the CVE-2014-6060. The fix commit got cherrypicked into unstable recently. So now, I'm getting this down to stable. You'll find attached the debdiff the dsc of the package against stable. Cheers, Pierre -- System Information: Debian Release: 7.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Format: 3.0 (quilt) Source: dhcpcd5 Binary: dhcpcd5 Architecture: any Version: 5.5.6-1+deb7u1 Maintainer: Roy Marples r...@marples.name Homepage: http://roy.marples.name/projects/dhcpcd Standards-Version: 3.9.3 Build-Depends: debhelper (= 7.0.50~) Package-List: dhcpcd5 deb net optional Checksums-Sha1: 7f9ca207bce051252c0acb6a6cae3de22babcb20 78185 dhcpcd5_5.5.6.orig.tar.bz2 390a24ca7ef446b1381946ba116923e74652c4e3 3767 dhcpcd5_5.5.6-1+deb7u1.debian.tar.gz Checksums-Sha256: 657f10dc7de48cba9f7170b593bf0e11987d06bd12378e3f4cd01b9e99b1e8e7 78185 dhcpcd5_5.5.6.orig.tar.bz2 c0ed72a70c907198582d9ba8c7f4d25fccdc0f38f6f9b8247afb034a2e2718cb 3767 dhcpcd5_5.5.6-1+deb7u1.debian.tar.gz Files: a5c0e43b4e836cfc003437329f6b7982 78185 dhcpcd5_5.5.6.orig.tar.bz2 e69abe2b74159b6bf6cba8fc3463379a 3767 dhcpcd5_5.5.6-1+deb7u1.debian.tar.gz diff -Nru dhcpcd5-5.5.6/debian/changelog dhcpcd5-5.5.6/debian/changelog --- dhcpcd5-5.5.6/debian/changelog 2012-04-01 11:25:26.0 +0200 +++ dhcpcd5-5.5.6/debian/changelog 2014-11-20 13:32:23.0 +0100 @@ -1,3 +1,11 @@ +dhcpcd5 (5.5.6-1+deb7u1) stable; urgency=medium + + * Non-maintainer upload by the Security Team. + * Fix denial of service (CVE-2014-6060) in dhcpcd5: +- backport fix from debian unstable dhcpcd5/6.0.5-2 + + -- Pierre Schweitzer pie...@reactos.org Thu, 20 Nov 2014 13:29:49 +0100 + dhcpcd5 (5.5.6-1) unstable; urgency=medium * New upstream release diff -Nru dhcpcd5-5.5.6/debian/patches/CVE-2014-6060.patch dhcpcd5-5.5.6/debian/patches/CVE-2014-6060.patch --- dhcpcd5-5.5.6/debian/patches/CVE-2014-6060.patch 1970-01-01 01:00:00.0 +0100 +++ dhcpcd5-5.5.6/debian/patches/CVE-2014-6060.patch 2014-11-20 13:25:21.0 +0100 @@ -0,0 +1,27 @@ +Description: Fix CVE-2014-6060 + Only bits 1 and 2 are used in the DHCP overload option, so when we + encounter the option set the last bit as well to ensure servername and + bootfile are only checked once as their check unsets bits 1 and 2. + Thanks to Tobias Stoeckmann. +Origin: upstream, http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0 +Bug-Debian: https://bugs.debian.org/770043 +From: Roy Marples r...@marples.name +Applied-Upstream: 6.4.3 + +--- a/dhcp.c b/dhcp.c +@@ -343,9 +343,12 @@ get_option(const struct dhcp_message *dh + goto exit; + break; + case DHO_OPTIONSOVERLOADED: +- /* Ensure we only get this option once */ ++ /* Ensure we only get this option once by setting ++ * the last bit as well as the value. ++ * This is valid because only the first two bits ++ * actually mean anything in RFC2132 Section 9.3 */ + if (!overl) +-overl = p[1]; ++overl = 0x80 | p[1]; + break; + } + l = *p++; diff -Nru dhcpcd5-5.5.6/debian/patches/series dhcpcd5-5.5.6/debian/patches/series --- dhcpcd5-5.5.6/debian/patches/series 1970-01-01 01:00:00.0 +0100 +++ dhcpcd5-5.5.6/debian/patches/series 2014-11-14 21:20:39.0 +0100 @@ -0,0 +1 @@ +CVE-2014-6060.patch
Bug#770332: pu: package dhcpcd5/5.5.6-1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tested fine here. Couldn't find any PoC for CVE-2014-6060 though. On 20/11/2014 15:50, Salvatore Bonaccorso wrote: Hi, On Thu, Nov 20, 2014 at 02:36:57PM +, Adam D. Barratt wrote: Control: tags -1 + confirmed On 2014-11-20 14:15, Pierre Schweitzer wrote: A denial of service issues was fixed upstream. It received the CVE-2014-6060. The fix commit got cherrypicked into unstable recently. Assuming the resulting package has been tested in a wheezy environment, please go ahead; thanks. Pierre, can you confirm that? If so I can later upload your package. Regards, Salvatore - -- Pierre Schweitzer pierre at reactos.org System Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUblRnAAoJEHVFVWw9WFsLKugP/jRvLGIStclzdN2lmjmr2n4+ /6qCv8+R4OtyhwtuoYA3Q7tqLeN6xfqVpIMVUw2Kw6Buo+dz+71KAbrie5HdDPzS Uwk2s10hJzcHO9+LWPUhEJBp561CPooVZMGuFwHf1NY4iSlGhME2hMsmujuu1QsK 4wmbh1/VXmouVPYDGYscDgf6dz/NEX4U13cNo7h4VCtIW+WMg0ZsBSj7lijXg8+A 0uPcB0ekO7iDoZNO8jgQSGkumwNgZwecuHxeddN+0xA13jT3PQt63Iy8W4DfjNao JfQxr4Y3VDWDeWt4/cmjNKYEODsYwqcCxd6GSMiieU4AO8hAYy9q4Jf546YJRXmx RmTt06ZpLaiQFV2irVpBTVv/HN3SXz8y/KB4bnxfci1WfAVxQxonjv+zPFsKEOL7 oyIVEyiRgq8DN8yP9kPMAb6PmFCDkMOVVLHG1+CgYum2tXB7wGISJROEf0jl/H5E sjLIdmOMChuP8+9Tu2qheBI6AdtcFy+dEBC2sAvn29qtS+gid+xpUVjCbwadl0zk 4+AYodeVA2GR1GgKQj4YJ1aF0R7y7N9Ri7alNWWznNhmpVxN3CWo5qa0M86QFDbH jcQhumWazBiZRuc3zRFwyewTU4aqzFv6SopwB7o/w7Oz2FJZ0HzASrYJev07ODwX spZrwMUkXoG8Te5bXXRP =Il1s -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#770043: Denial of Service in dhcpd5: CVE-2014-6060
Package: dhcpcd5 Severity: important Tags: security patch dhcpd5 is vulnerable to the CVE-2014-6060 which can cause a denial of service: https://security-tracker.debian.org/tracker/CVE-2014-6060 Please find attached the debdiff dsc for NMU upload which fixes the vulnerability in unstable. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Format: 3.0 (quilt) Source: dhcpcd5 Binary: dhcpcd5 Architecture: any Version: 6.0.5-1.2 Maintainer: Roy Marples r...@marples.name Homepage: http://roy.marples.name/projects/dhcpcd Standards-Version: 3.9.4.0 Build-Depends: debhelper (= 9) Package-List: dhcpcd5 deb net optional arch=any Checksums-Sha1: 433555ac1166944d7ec80120f3ccdd0fcae5 110259 dhcpcd5_6.0.5.orig.tar.bz2 6b0e6b6f52ac26421fc13651e362add431b93b30 3884 dhcpcd5_6.0.5-1.2.debian.tar.xz Checksums-Sha256: 191d0bfd7fdfa05a580a4671c0489cd782828251b5ea0b41b6d17f026a36493c 110259 dhcpcd5_6.0.5.orig.tar.bz2 aeb0154d40edfba10a3c6f8420526995fefcf8749a71f0a203454446dbc2176a 3884 dhcpcd5_6.0.5-1.2.debian.tar.xz Files: a65ed99460a61f42c05f652c2eaafe7c 110259 dhcpcd5_6.0.5.orig.tar.bz2 4cd653acc4baebfbea4eca217688a433 3884 dhcpcd5_6.0.5-1.2.debian.tar.xz dhcpcd5_CVE-2014-6060.diff.gz Description: application/gzip
Bug#770043: Denial of Service in dhcpd5: CVE-2014-6060
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Salvatore, Thanks for your feedback. Here are the fixed files, taking into account your comments. Cheers, Pierre On 11/18/2014 05:47 PM, Salvatore Bonaccorso wrote: Hi Pierre, On Tue, Nov 18, 2014 at 03:58:45PM +0100, Pierre Schweitzer wrote: Package: dhcpcd5 Severity: important Tags: security patch dhcpd5 is vulnerable to the CVE-2014-6060 which can cause a denial of service: https://security-tracker.debian.org/tracker/CVE-2014-6060 Please find attached the debdiff dsc for NMU upload which fixes the vulnerability in unstable. (disclaimer: not the maintainer here). Thank you for the debdiff. I have looked at it the patch itself look good. I have some small remarks, also in the light if an unblock for jessie might be wanted: The changelog only says: * Fix CVE-2014-6060 in dhcpcd5 Could you (now that the bugnumber is known) please also add the Closes marker for the bug #770043. Additionally Fix CVE-2014-6060 in dhcpcd5 will probably not make the release team too happy when requesting the unblock for jessie ;-). I would at least add that it fixes a denial of service vulnerability. See [1] for the freeze policy. For the patch itself a suggestion: Could you add more patch headers e.g. as per DEP3[2]. I would happily sponsor the upload then if still required (uploading to a delayed queue, just in case we hear from Roy). [1] https://release.debian.org/jessie/freeze_policy.html [2] http://dep.debian.net/deps/dep3/ Regards, Salvatore - -- Pierre Schweitzer pie...@reactos.org System Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUa3ybAAoJEHVFVWw9WFsLMEUQAJ+17MCquM8xP6hPHPjYTpU8 W2wsG3H5xZPsSHzbcYJ8/4CFE9qY+KkntP+z1ZV6GBK9ZgkgQ6nsC8sZGbyms+7p Kq07zO642q3+Ab8pXV6e3C0uTIgIgLemK982GCRzCY4Vn8mxu7BjY2T0xSqZt6Yc AnejkJigiPu0NrQBsaJqRoO9Iw8aiDidlqLQ9etm6Bu8OamGvNXwoYs0CfmD5gtI w4l0v7Ra9xVUcAa28JNhwHD4zcIL3zcO2ad65ksGxKKCTgfVvvMUw+lywNRuVMDF d+bJKv98wWfCZYX1eAPHBkGIwtpaAtJiFHXqYb2ePLQWJRFlcw39DiCNmllbYlKk VxX3wVjnzJMyEhmtZ2VJqvss+Kl8Mmtr6tj/GYxP0rdBy7ozrBiaqZ8X2k39AsPe 3Bi4KoV1moRuckfgrpD3YbgPWxZr4ExnkeXhyVliARvve+duiqLhNA1NwEwvNYNB ft/uwQaA+26AcyDh6fsOyrPbjFfRN2Wytdew+SkvMB1w7wMvh0FZEwNCeZYtCVcq 2rDS/bx7ZRnx1tYBMcfiOLn3AB6xnjc9qy6dtHR4z3kwsGcOw4d4S5C5ZJ/ekKuV dD1LDg85hGXoaXg5BKAp4qP/z/RM5FnvZM4l6uMDbvzTIBWItBdZVNYhbnEeOtyQ jfuH5/+MjSN9z2aPC/8q =kLcF -END PGP SIGNATURE- dhcpcd5_CVE-2014-6060.diff.gz Description: application/gzip Format: 3.0 (quilt) Source: dhcpcd5 Binary: dhcpcd5 Architecture: any Version: 6.0.5-1.2 Maintainer: Roy Marples r...@marples.name Homepage: http://roy.marples.name/projects/dhcpcd Standards-Version: 3.9.4.0 Build-Depends: debhelper (= 9) Package-List: dhcpcd5 deb net optional arch=any Checksums-Sha1: 433555ac1166944d7ec80120f3ccdd0fcae5 110259 dhcpcd5_6.0.5.orig.tar.bz2 ddf0c903462a630ec1709b91eec93ee661d079cb 4112 dhcpcd5_6.0.5-1.2.debian.tar.xz Checksums-Sha256: 191d0bfd7fdfa05a580a4671c0489cd782828251b5ea0b41b6d17f026a36493c 110259 dhcpcd5_6.0.5.orig.tar.bz2 017dfa1cbfa9b23d83e3ad812fad9841c2f54b3b7a5e12f2540d37ed825ef681 4112 dhcpcd5_6.0.5-1.2.debian.tar.xz Files: a65ed99460a61f42c05f652c2eaafe7c 110259 dhcpcd5_6.0.5.orig.tar.bz2 85ff6d3c861b799ec9a655e8f09a6552 4112 dhcpcd5_6.0.5-1.2.debian.tar.xz
Bug#766962: (no subject)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tested the quassel-core_0.8.0-1+deb7u3_amd64.deb matching the debdiff from Salvatore. It's working fine. - -- Pierre Schweitzer pierre at reactos.org System Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUVOR+AAoJEHVFVWw9WFsLAoEP/2rvwAl+Wo6kRy83W3x7ghqj JhQLgWuJDhxKJffDeNJwrvZIPNweWDR8UfA5gLzCPz5YBbnPjlat125lgOJhwHPF Y39tPpCraEfUKMXwx0IwBUwdaDMlCIDsdm1VA3+nIO2yvm0eVb46LveH09zqdtsl l3GZVzviQsr+mwAaTDJXoUqTDcTyHPKglmO4qFiNG+TLpOn+RieZjA2paBuvV/jU T36IePXA6AwwlQgFbLTKI/Ub+Tf0K9AI2OZuKcVGiPu2Xb4YhdcAFeGRh6hDpI1h 21MZ1hc2gvV23Z3cfxlAU8JUEyzABHPbGWIaoEzG5frriAIdt5ToPUhgKYpnZEGp h+mwsRwR4XHNiYlHbdebD6BnBiijQkc5Qcu3OedKlQyQsvyyaGauFtS3e44DcMBU mwhvMGrNK+Qf/QgUOZb9CcKzmg/Ea081SUoLmVK6NK9I7LLoHUpdNI56uURDHiUk XnNHKiBOk9vfnExVpiYBp+VoO9IKZmh1Q57rNSAH8uM85Ys6WnR0SmSFp6lpf1cX uW9KFUiG1lWy/1cKGY+2qiSJbdTlnKJZgXgYVPEEHq8kOafKeFTTK/3uK4Ca1m5n AQn5NaHAtUKF7QDVx7LLZKP6CYrSxwaIkL4byAiEzjfsLDTtrZzFn3DYT9Prv3Lx /ge5NPp0P/aKgl6MK99o =fxtF -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#764718: (no subject)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear Rapahel, How did you reproduce without wireshark? I'd be interested in trying as well this method. And for my method: I was running a wireshark on ethernet and nmap on ethernet while my default gateway was on wifi. Both media used so. Cheers, Pierre -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJUSrDRAAoJEHVFVWw9WFsLjysQAIOZbOqos7K4wyXhrs7b68GU VtjdaHpxovMtD41S38bLou0Vh2o3gsaC2DgE/TA4kpwyXcFjcJDUssUmul1PtFFH hJV5ue7l9U9XNqhO0B8/wzrDIoV1fyBuPfON5/uffX2y/ikNt2fkgdL403xfqdim PrbVFuZvSkLdqF+9PWj2/3+AvMY+T4jDq04PPYXDVVvcbhD72QQc468hclZOmsi4 wgaq4gwDGKtVoDen2aTfOUvLh85Slb40cW/N/cJf3oW1mQ7eW1p1ZvGUzOLfHo2w NF59iPlHFd7entg2YXo+dybDVpLCuvnsD7gXt2aGlHpaNBIrIZc+fmMkNPiDqHT1 lT17ByWREfzl/GxmqDi+e+BG3itcdPOZeBxRQS60k4xHM2f2IZgyvhuNhjVW3Y4T /QRVwfR+MrQh/PetSw7fqBG6raJ0/IMqfK4jDsKlnOVD8apGIa9V6ymTnAZ6givZ oY3RopPqzjzfQdhQbHMn4//qjv+3Q88hvXCfQODOCcxKPC8BA6E4aB8Oo0F3Qbld kp7KIui5EFDpvFSEjlffEo/zXmDMmOEpsMVOZGIj+InJjyf4a2L1zqQ8dLrJTeSP KtVymodlA1nbEAXysm2XsUYZ4V9THj5QJq3xZMvKRrkld4Af667C9ZmkLvxeEoED l+3VFAPqW9SvTSD+LJXM =oh2X -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#764718: Kernel panic when running nmap in early_efi_write
Package: src:linux Version: 3.16.3-2 Severity: important Dear Maintainer, I'm encountering a fully reproducible kernel panic when running specific actions I will comment below. I didn't report this bug to kernel.org looking for your kind review first and for potential information you may need. Furthermore, I cannot provide a kdump, failing to enable it. Once installed, on kernel panic, the system just freezes instead of starting crash kernel. The system is using systemd as init and has its network connections managed by NetworkManager with no default wired connection at boot. Anyway, here are the steps to reproduce the crash: - Boot the system. - Connect to the Internet thanks to a wifi access point. - Set the eth0 card to use 10.0.254.190 address: ifconfig eth0 10.0.254.190. At the point, the default gateway is the wifi, while 10/8 is routed over eth0. - Start wireshark as root and start listening on eth0. - Still as root, issue a nmap -A 10.0.254.1 You will soon panic (first attempt is enough) Some notes about this crash. Following this, I always was able to reproduce it, without any issue. But, the following changes in the protocole prevent the crash: - Do not run nmap as root - Do the nmap without wireshark - Use wireshark without nmap - Do not use the wifi connection - Do not route and nmap a specific connection on the network It appears to be a really specific crash, if you change any of the information (like, just running a nmap wireshark as root on any eth connection without wifi) it won't kernel panic. The kernel panic is always in early_efi_write. At the time of writing software quoted are the followings: $ nmap --version Nmap version 6.47 ( http://nmap.org ) Platform: x86_64-pc-linux-gnu Compiled with: liblua-5.2.3 openssl-1.0.1i libpcre-8.35 libpcap-1.6.2 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select $ wireshark --version wireshark 1.12.1 (Git Rev Unknown from unknown) Copyright 1998-2014 Gerald Combs ger...@wireshark.org and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GTK+ 3.12.2, with Cairo 1.12.16, with Pango 1.36.7, with GLib 2.40.0, with libpcap, with libz 1.2.8, with POSIX capabilities (Linux), with libnl 3, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2, without Python, with GnuTLS 3.3.7, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Feb 15 2014 23:28:00), without AirPcap. Running on Linux 3.16-2-amd64, with locale en_US.UTF-8, with libpcap version 1.6.2, with libz 1.2.8, GnuTLS 3.3.8, Gcrypt 1.6.2. Intel(R) Core(TM) i7-3720QM CPU @ 2.60GHz Built using gcc 4.9.1. With my best regards, P. Schweitzer -- Package-specific info: ** Version: Linux version 3.16-2-amd64 (debian-ker...@lists.debian.org) (gcc version 4.8.3 (Debian 4.8.3-11) ) #1 SMP Debian 3.16.3-2 (2014-09-20) ** Command line: BOOT_IMAGE=/vmlinuz-3.16-2-amd64 root=/dev/mapper/leptoquark-root ro enable_mtrr_cleanup quiet ** Tainted: PO (4097) * Proprietary module has been loaded. * Out-of-tree module has been loaded. ** Kernel log: [ 13.911064] iTCO_vendor_support: vendor-support=0 [ 13.911253] input: HDA Digital PCBeep as /devices/pci:00/:00:1b.0/sound/card0/hdaudioC0D0/input10 [ 13.911355] input: HDA Intel PCH Dock Mic as /devices/pci:00/:00:1b.0/sound/card0/input11 [ 13.911393] input: HDA Intel PCH Mic as /devices/pci:00/:00:1b.0/sound/card0/input12 [ 13.911430] input: HDA Intel PCH Dock Line Out as /devices/pci:00/:00:1b.0/sound/card0/input13 [ 13.911466] input: HDA Intel PCH Headphone as /devices/pci:00/:00:1b.0/sound/card0/input14 [ 13.912527] iTCO_wdt: Intel TCO WatchDog Timer Driver v1.11 [ 13.912553] iTCO_wdt: Found a Panther Point TCO device (Version=2, TCOBASE=0x0460) [ 13.912597] iTCO_wdt: initialized. heartbeat=30 sec (nowayout=0) [ 13.917070] wl: module license 'MIXED/Proprietary' taints kernel. [ 13.917072] Disabling lock debugging due to kernel taint [ 13.917073] wl: module license 'MIXED/Proprietary' taints kernel. [ 13.944883] Adding 15757308k swap on /dev/mapper/leptoquark-swap_1. Priority:-1 extents:1 across:15757308k SSFS [ 13.947823] cfg80211: World regulatory domain updated: [ 13.947826] cfg80211: DFS Master region: unset [ 13.947827] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time) [ 13.947828] cfg80211: (2402000 KHz - 2472000 KHz @ 4 KHz), (N/A, 2000 mBm), (N/A) [ 13.947829] cfg80211: (2457000 KHz - 2482000 KHz @ 4 KHz), (N/A, 2000 mBm), (N/A) [ 13.947830] cfg80211: (2474000 KHz - 2494000 KHz @ 2 KHz), (N/A, 2000 mBm), (N/A) [ 13.947831] cfg80211: (517 KHz - 525 KHz @ 16 KHz), (N/A, 2000 mBm), (N/A) [ 13.947832] cfg80211: (525 KHz - 533 KHz @ 16 KHz), (N/A, 2000 mBm), (0
Bug#762455: libc6: SIGSEV in _dl_signal_error() (dl-error.c:94)
Package: libc6 Version: 2.19-11 Severity: important Dear Maintainer, When trying to install the latest release of Intel Parallel Studio 2015 onto Debian testing, I'm facing a segfault. Using GDB, I could isolate the segfault in: _dl_signal_error (errcode=errcode@entry=0, objname=objname@entry=0x18147760 /tmp/install.ywPV4B/activation/activation.so, occation=occation@entry=0x77df64eb symbol lookup error, errstring=errstring@entry=0x7ffecab0 undefined symbol: pthread_once) at dl-error.c:94 Here is the complete GDB output (with a backtrace): warning: Could not load shared library symbols for ./activation_libFNP.so. Do you need set solib-search-path or set sysroot? Warning: couldn't activate thread debugging using libthread_db: Cannot find new threads: generic error Warning: couldn't activate thread debugging using libthread_db: Cannot find new threads: generic error warning: Unable to find libthread_db matching inferior's thread library, thread debugging will not be available. Program received signal SIGSEGV, Segmentation fault. _dl_signal_error (errcode=errcode@entry=0, objname=objname@entry=0x18147760 /tmp/install.ywPV4B/activation/activation.so, occation=occation@entry=0x77df64eb symbol lookup error, errstring=errstring@entry=0x7ffecab0 undefined symbol: pthread_once) at dl-error.c:94 94 dl-error.c: No such file or directory. (gdb) bt #0 _dl_signal_error (errcode=errcode@entry=0, objname=objname@entry=0x18147760 /tmp/install.ywPV4B/activation/activation.so, occation=occation@entry=0x77df64eb symbol lookup error, errstring=errstring@entry=0x7ffecab0 undefined symbol: pthread_once) at dl-error.c:94 #1 0x77dea83e in _dl_signal_cerror (errcode=0, objname=0x18147760 /tmp/install.ywPV4B/activation/activation.so, occation=0x77df64eb symbol lookup error, errstring=0x7ffecab0 undefined symbol: pthread_once) at dl-error.c:155 #2 0x77de6681 in _dl_lookup_symbol_x (undef_name=0x7690e1af pthread_once, undef_map=optimized out, ref=ref@entry=0x7ffecbf8, symbol_scope=0x18147ba8, version=optimized out, type_class=type_class@entry=1, flags=1, skip_map=skip_map@entry=0x0) at dl-lookup.c:779 #3 0x77de9e07 in _dl_fixup (l=optimized out, reloc_arg=optimized out) at ../elf/dl-runtime.c:111 #4 0x77df0325 in _dl_runtime_resolve () at ../sysdeps/x86_64/dl-trampoline.S:45 #5 0x769c3607 in Ox6eb5d34913097f40 () from /tmp/install.ywPV4B/activation/activation.so #6 0x769c2a45 in Ox6eb5d35e0d839879 () from /tmp/install.ywPV4B/activation/activation.so #7 0x769c250b in flxInitLoad () from /tmp/install.ywPV4B/activation/activation.so #8 0x769b3315 in flxActCommonLibraryInit () from /tmp/install.ywPV4B/activation/activation.so #9 0x7699b856 in ?? () from /tmp/install.ywPV4B/activation/activation.so #10 0x7699bb0e in flex_init () from /tmp/install.ywPV4B/activation/activation.so #11 0x7693d687 in issaapi_cpp::init_flex(char const*) () from /tmp/install.ywPV4B/activation/activation.so #12 0x76950311 in issa_init_flex () from /tmp/install.ywPV4B/activation/activation.so #13 0x7693d26e in activation_init () from /tmp/install.ywPV4B/activation/activation.so #14 0x00436f69 in plugin_run () #15 0x0045edc1 in sequence_execute_document(session_t*, cab_t*, node_t*, char*, char**, int*, char**, char**) () #16 0x0045c58f in sequence_execute () #17 0x0040edaa in main () (gdb) Can provide more information or debugging if required to (it you tell me what to type). Cheers, -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/32 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libc6 depends on: ii libgcc1 1:4.9.1-14 libc6 recommends no packages. Versions of packages libc6 suggests: ii debconf [debconf-2.0] 1.5.53 pn glibc-doc none ii locales2.19-11 -- debconf information: glibc/upgrade: true glibc/restart-services: glibc/restart-failed: glibc/disable-screensaver: * libraries/restart-without-asking: true -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#745536: Time picker format is 12h while cgi expects 24h
Source: icinga-cgi Version: 1.11.0-1 Severity: normal Tags: patch The time picker table while scheduling downtime (for instance) is set to use 12h format while CGI expects 24h format. It makes impossible to schedule downtime after 12h. This is a bug already reported upstream: https://dev.icinga.org/issues/5798 Fix is available at: https://github.com/Icinga/icinga- core/commit/b4741ccf3352e9d0045984a26649e31592f0381b It appears to be part of 1.11.1 -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642357: Downgrade on Wheezy
Hi, As a side node, I can confirm that downgrading to Squeeze package (found here: http://packages.debian.org/squeeze/libapache2-mod-gnutls) on Wheezy works. We get: r32194:~# dpkg -i libapache2-mod-gnutls_0.5.6-1+squeeze1_amd64.deb dpkg: warning: downgrading libapache2-mod-gnutls from 0.5.10-1.1 to 0.5.6-1+squeeze1 (Reading database ... 53443 files and directories currently installed.) Preparing to replace libapache2-mod-gnutls 0.5.10-1.1 (using libapache2-mod-gnutls_0.5.6-1+squeeze1_amd64.deb) ... Unpacking replacement libapache2-mod-gnutls ... Setting up libapache2-mod-gnutls (0.5.6-1+squeeze1) ... Installing new version of config file /etc/apache2/mods-available/gnutls.conf ... r32194:~# /etc/init.d/apache2 restart [ ok ] Restarting web server: apache2 ... waiting . r32194:~# /usr/lib/nagios/plugins/check_http --ssl -H 127.0.0.1 HTTP OK: HTTP/1.1 200 OK - 320 bytes in 0.122 second response time |time=0.121862s;;;0.00 size=320B;;;0 While with Wheezy package, we were getting: r32194:~# /usr/lib/nagios/plugins/check_http --ssl -H 127.0.0.1 CRITICAL - Cannot make SSL connection. 139749235095208:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:766: And telnet shows it's plain text. Which can be confirmed with Nagios: r32194:~# /usr/lib/nagios/plugins/check_http -H 127.0.0.1 -P 443 HTTP OK: HTTP/1.1 200 OK - 320 bytes in 0.038 second response time |time=0.038128s;;;0.00 size=320B;;;0 If you need more information, please ask. With my best regards, -- Pierre Schweitzer pie...@reactos.org System Administrator ReactOS Foundation smime.p7s Description: S/MIME Cryptographic Signature
Bug#642357: Any backport in sight?
Hi, now I've upgraded to Wheezy, I'm also hitting that bug which is kind of blocking. Is it possible to at least backport the fix? This bug is pretty old, as the latest release of GnuTLS... With my best regards, -- Pierre Schweitzer pie...@reactos.org System Administrator ReactOS Foundation smime.p7s Description: S/MIME Cryptographic Signature