Bug#1064634: qemu-system-x86: possible race-condition in qemu nat layer or virtio-net

Package: qemu-system-x86 Version: 1:7.2+dfsg-7+deb12u5 Severity: normal X-Debbugs-Cc: g...@libero.it I believe I spotted a race condition in virtio-net or qemu/kvm (but only when virtio-net is involved). To replicate, one needs a virtualization environment similar to Host: - debian 12 x86_64 -

Bug#1040458: bookworm: please document that /etc/init.d/rsyslog is gone

Package: release-notes Severity: wishlist On servers that run sysvinit instead of systemd, after upgrading from bullseye to bookworm rsyslogd doesn't start at boot anymore, unless orphan-sysvinit-packages is installed. Perhaps it's worth mentioning in the RN, otherwise people might discover that

Bug#1037039: rsyslog - SysV init file missing

Package: rsyslog Version: 8.2302.0-1 Followup-For: Bug #1037039 X-Debbugs-Cc: g...@libero.it In case someone lands on this bug after discovering that rsyslogd doesn't start at boot anymore after upgrading to bookworm: If you don't want to install orphan-sysvinit-scripts, you can use the

Bug#1040453: rsyslog: please, make postrotate action work also under sysvinit

Package: rsyslog Version: 8.2302.0-1 Severity: wishlist X-Debbugs-Cc: g...@libero.it Dear Maintainer, in bookworm, logrotate post-action does not work under sysvinit, because /usr/lib/rsyslog/rsyslog-rotate invokes systemctl in order to send SIGHUP to the daemon. A workaround is to install

Bug#1040364: orphan-sysvinit-scripts: add triggers to restart daemons

Source: orphan-sysvinit-scripts Version: 0.14 Severity: wishlist Tags: patch X-Debbugs-Cc: g...@libero.it Dear Maintainer, please consider adding triggers for restarting daemons when the executables change (usually at package upgrade). The following patch just mentions rsyslogd (newly orphaned

Bug#1024416: unbound does not restart reliably under sysvinit with apparmor in enforcing mode

Package: unbound Version: 1.13.1-1 Severity: normal Tags: patch X-Debbugs-Cc: g...@libero.it Hi With the apparmor profile shipped with unbound, /usr/sbin/unbound is allowed to truncate and create its own pidfile /run/unbound.pid, but cannot remove it at exit or rewrite it when it starts again.

Bug#996361: iitalian: Italian hash file not compatible with current version of ispell

Package: iitalian Version: 1:2.3-3+b1 Severity: grave Justification: renders package unusable $ echo albergo ciao | ispell -d american -l albergo $ echo albergo ciao | ispell -d italian -l Illegal format hash table /usr/lib/ispell/italian.hash - expected magic2 0x9602, got 0x5053 $ file -L

Bug#992618: hdparm: /lib/udev/hdparm does not set APM options anymore when resuming from suspend

Package: hdparm Version: 9.60+ds-1 /lib/udev/rules.d/85-hdparm.rules invokes /lib/udev/hdparm when block devices matching /dev/sdX or /dev/hdX are added. /lib/udev/hdparm is supposed to extract options relevant to $DEVNAME and battery-vs-ac status from /etc/hdparm.conf and apply them using

Bug#983606: base-files: umask is not set for superuser

Package: base-files Version: 10.3+deb10u8 Severity: normal In /usr/share/base-files/dot.bashrc (which is copied to /root/.bashrc at package installation) the umask command is commented out, with this explanation: # Note: PS1 and umask are already set in /etc/profile. You should not #

Bug#950714: unbound: cache confusion results in NXDOMAIN for existing names

Package: unbound Version: 1.9.0-2+deb10u1 Severity: important Sometimes unbound replies to a query for a forward-zone using a spurious cache entry, resulting in bogus NXDOMAIN responses that persist for cache-max-negative-ttl seconds (1 hour, by default), effectively disrupting name resolution

Bug#947771: unbound: cannot restart daemon under sysvinit-core when apparmor is enforced

Package: unbound Version: 1.9.0-2+deb10u1 Severity: normal Tags: patch At startup the daemon creates its pidfile (/run/unbound.pid) while running as root, chown()s it to unbound:unbound, then drops privileges and runs as user unbound. At shutdown, the pidfile is successfully truncated, but the

Bug#930247: grep: inconsistent behaviour with anchored regex containing back-references

Package: grep Version: 2.27-2 Severity: normal There seems to be a problem with beginning/end-of-line anchors in regex containing back-references: $ cat words ana deed ill stats Using -x to match whole line works: $ egrep -x '(.?)(.?).?\2\1' words ana deed stats Using explicit anchors emits

Bug#930245: libstdc++-6-dev: namespace pollution with low-level macros

Package: libstdc++-6-dev Version: 6.3.0-18+deb9u1 Severity: normal $ cat s.cc #include int major(int x) { return x & ~0x; } $ g++ -E -dD -ansi s.cc | grep -w major int major(int x) { return x & ~0x; } $ g++ -E -dDs.cc | grep -w major #define major(dev) gnu_dev_major (dev)

Bug#928449: firefox-esr: Add-ons fail to install probably due to upstream certificate issue

Package: firefox-esr Version: 60.6.1esr-1~deb9u1 Followup-For: Bug #928449 The problem is caused by an expired intermediate certificate in the builtin chain of trust that the browser applies to verify signatures on addons. More details are available at

Bug#882586: libc6-dev:amd64: pthread_rwlock_unlock segfaults in statically linked executable

Package: libc6-dev Version: 2.24-11+deb9u1 Severity: important A minimal program that exercises R/W locks crashes when linked statically: $ cat test-rwlock.c #include int main() { pthread_rwlock_t rw; if (pthread_rwlock_init(, NULL)) return -1; if (pthread_rwlock_wrlock())

Bug#879058: cpio: crashes when reading ustar archives created by itself

Package: cpio Version: 2.11+dfsg-6 Severity: normal cpio is unable to read a USTAR archive created by itself: $ ls -ogl 4 -rw-r--r-- 1 30 Oct 18 21:35 x $ echo x | cpio -ovH ustar > x.cpio x 4 blocks $ cpio -ivtH ustar < x.cpio *** Error in `cpio': realloc(): invalid pointer: 0x0044cb20 ***

Bug#874798: libc6: mktime() does not set errno when it fails

Package: libc6 Version: 2.24-11+deb9u1 Severity: normal Tags: upstream When mktime() fails to convert a struct tm to a time_t, it returns -1. It should also set errno to EOVERFLOW in order to distinguish the failure from the legitimate case of converting "1 second before the epoch". The

Bug#864598: python-reportbug: logic error in send_report()

Package: python-reportbug Version: 6.6.3 Severity: normal The condition elif outfile or not ((mta and os.path.exists(mta)) or smtphost): in /usr/lib/python2.7/dist-packages/reportbug/submit.py (line 315) is true also if outfile is None and mta is set to a non-existent path. The following

Bug#864500: cpp-4.9: warnings from assert(strncmp(...) == 0) when using -O

Package: cpp-4.9 Version: 4.9.2-10 Severity: minor The following program, #include #include int main() { const char *a = "xyz", *b = a; assert(strncmp(a, b, 3) == 0); return 0; } compiles fine with "gcc -Wall -ansi -pedantic -Wprogram.c",

Bug#821759: Iceweasel does not warn about website asking to store data for offline use

Package: firefox-esr Version: 45.7.0esr-1~deb8u1 Followup-For: Bug #821759 I believe browser.offline-apps.notify (i.e. ask me for offline storage) is overridden by the offline-apps.allow_by_default, which is true by default (no pun intended). I got FF to ask me for permission after toggling the

Bug#844089: e2fsprogs: e2image unable to restore metadata

Package: e2fsprogs Version: 1.42.12-2 Severity: normal Apparently, e2image is unable to restore metadata from its own image files: # mke2fs /tmp/scratch/b.img Creating filesystem with 262144 1k blocks and 65536 inodes Filesystem UUID: f1cd508c-ea95-420f-89c4-61b989a0890e Superblock backups

Bug#844050: cryptsetup: /lib/cryptsetup/scripts/decrypt_ssl throws away the key it has just decrypted

Package: cryptsetup Version: 2:1.6.6-5 Severity: normal In /lib/cryptsetup/scripts/decrypt_ssl the relevant decryption command, /usr/bin/openssl enc -aes-256-cbc -d -salt -in $1 >/dev/null 2>&1 redirects output from openssl enc -d to /dev/null, rendering the script useless except for checking

Bug#838958: linux: mount(2) _silently_ ignores other mountflags when MS_BIND is set

Source: linux Severity: important Tags: upstream >From the mount(2) man page: MS_BIND (Linux 2.4 onward) Perform a bind mount, making a file or a directory subtree visible at another point within a filesystem. Bind mounts may cross filesystem boundaries and span

Bug#838957: lxc: read-only bind mounts are in fact read/write

Package: lxc Version: 1:1.0.6-6+deb8u3 Severity: important To reproduce: root@debian-host# lxc-create -n bb -t busybox root@debian-host# cat /var/lib/lxc/bb/config lxc.network.type = empty lxc.rootfs = /var/lib/lxc/bb/rootfs lxc.haltsignal = SIGUSR1 lxc.utsname = bb lxc.tty = 1 lxc.pts = 1

Bug#835421: mutt: Bug in POP3 authentication via SASL mechanism DIGEST-MD5

Package: mutt Version: 1.5.23-3 Severity: normal Tags: patch upstream According to , the DIGEST-MD5 authentication should proceed along a sequence similar to the following: 1. C: AUTH DIGEST-MD5 2. S: + base64-encoded-server-challenge 3. C:

Bug#825416: libssl1.0.0: upstream bug report

Package: libssl1.0.0 Followup-For: Bug #825416 https://rt.openssl.org/Ticket/Display.html?id=4546

Bug#825416: libssl1.0.0: EVP_{Encrypt, Decrypt, Cipher}Final() do not clean up cipher context

Package: libssl1.0.0 Version: 1.0.1k-3+deb8u5 Severity: important Tags: upstream The EVP_EncryptFinal(3ssl) man page reads: EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a similar way to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and EVP_CipherFinal_ex()

Bug#823222: gcc-4.9: reordering of signed int operations triggers overflow

Package: gcc-4.9 Version: 4.9.2-10 Severity: normal I compiled the program #include #include int main() { int s = 1 << 30; s += (s - 1); printf("%d\n%d\n%d\n", sizeof s, s, INT_MAX); return 0; } with "gcc -W -Wall -ansi -pedantic -O0

Bug#787969: udev integration: overheating disk caused by mistakes in 85-hdparm.rules and hdparm-functions

Package: hdparm Version: 9.43-2 Severity: important Mistake in /lib/udev/rules.d/85-hdparm.rules: ACTION==add, SUBSYSTEM==block, KERNEL==[sh]d[a-z]*, RUN+=/lib/udev/hdparm should be ACTION==add, SUBSYSTEM==block, KERNEL==[sh]d[a-z], RUN+=/lib/udev/hdparm As it is now, the rule matches

Bug#785307: xcolorsel: Crash in Grab color

g1 -- System Information: Debian Release: 8.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.16.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash

Bug#784143: pgrep: behaviour of '-lf' changed.

Package: procps Version: 2:3.3.9-9 Severity: normal In procps/wheezy, the combination of the '-l' and '-f' flags had a specific output, which IIRC was the same across *BSD, Solaris, and many versions of GNU/Linux: $ pgrep -lf iceweasel 6543 iceweasel --no-remote In jessie, the behaviour has

Bug#744942: a2ps: ap2s reads init file from current directory

Package: a2ps Version: 1:4.14-1.1+deb7u1 Severity: normal a2ps reads and parses ./.a2psrc, without checking ownership of the file/directory. This might be used to trick other users (even root) into executing crafted code, perhaps leading to local compromise. joe:~$ echo 'Variable: lp.default |

Bug#743973: duplicity: make imap backend split files in chunks

Package: duplicity Version: 0.6.18-3 Severity: normal Tags: patch I implemented a set of changes to the imap backend, to work around the restrictions on message size that most IMAP providers impose on customer mailboxes: the code has been slightly simplified, and changed to transparently store

Bug#735168: FILESAVE: LibreOffice corrupts XLSX file (upstream bug 49120)

Package: libreoffice-calc Version: 1:3.5.4+dfsg2-0+deb7u2 Followup-For: Bug #735168 This looks like an upstream bug, https://bugs.freedesktop.org/show_bug.cgi?id=49120, which might have been resolved by this patch

Bug#694351: lsof: Please downgrade the dependency on perl to Recommends

, g1 -- System Information: Debian Release: 7.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin

Bug#740221: cvs: configure --disable-rootcommit considered harmful

Package: cvs Version: 2:1.12.13+real-9 Severity: normal debian/rules configures the package with --disable-rootcommit (which is also the upstream default), to prevent root from committing to local repositories. That makes impossible for root to track his own files in a private local repository,

Bug#739853: bash: hash -l output not always reusable for input

Package: bash Version: 4.2+dfsg-0.1 Severity: minor Output from hash -l is not properly quoted, and might lead to surprises when a file name contains whitespace characters: $ add2path=`mktemp -d /tmp/XX` $ export PATH=$PATH:$add2path $ cp -p /bin/true $add2path/t rue $ t rue $ hash -l | tee

Bug#731621: duplicity: verify does not really check file contents. it compares only inode information

Package: duplicity Version: 0.6.18-3 Severity: normal Tags: upstream The verify command of duplicity does not check file contents, it only compares modification time and size of files and directories. For example, if one issues the following commands, mkdir /tmp/src echo hello

Bug#731330: libstdc++6: functions labelled FNV-1a in /usr/include/c++/4.7/tr1/functional_hash.h are not FNV-1a

Package: libstdc++6 Version: 4.7.2-5 Severity: minor As far as I know, the FNV and FNV-1a algorithms process octects, i.e. unsigned chars. (see e.g. http://tools.ietf.org/html/draft-eastlake-fnv-03#section-2 ) The implementations in /usr/include/c++/4.7/tr1/functional_hash.h work on chars,

Bug#730029: fdm does not match hostname/fqdn against Subject Alternative Name

Package: fdm Version: 1.6+cvs20111013-2 Severity: wishlist Tags: patch upstream fdm rejects the SSL certificate for one of the pop3s servers listed in my configuration, because the hostname does not match the CN in the X509 structure. However, the hostname does match one of the DNS names

Bug#725417: mbr: install-mbr wipes the disk-id portion of the MBR, rendering Windows 7 unbootable

Package: mbr Version: 1.1.11-5+b1 Severity: important Tags: upstream For years, I have run install-mbr /dev/sda on every hard disk where I wanted to install Linux to its own partition, in addition to a pre-existing Windows partition. Last time I did, it resulted in an unbootable Windows 7

Bug#718205: e2fsprogs: integer overflow in e2freefrag leads to wrong max extent report

Package: e2fsprogs Version: 1.42.5-1.1 Severity: minor Tags: patch upstream e2freefrag report incoherent information on a large filesystem with large chunks of contiguous free space, due to integer overflow in computing max free extent. I did not check if it's really present upstream, but I

Bug#712969: spell does not default to reading from stdin when options are present (generalizes #323011)

Package: spell Version: 1.0-24 Severity: normal Tags: patch Dear Maintainer, consider this script: for i in spell spell - spell -D italian spell -D italian - ; do echo $i echo casa house sdfsdfhk | $i done and its output: spell casa sdfsdfhk spell -

Bug#702605: icedove does not start if ~/.icedove is empty.

. A quick and dirty workaround consists in setting the environment variable LD_BIND_NOW=1 before launching the executable (see the following patch). Of course it would be much better to change the build script in order to add libxpcom.so to the libraries. Best regards, g1 PS: I see

Bug#701083: nvi: 27support_C_locale.dpatch broke command history. please revert

Package: nvi Version: 1.81.6-8.1 Severity: normal When nvi is built with debian patch 27support_C_locale.dpatch included, the command history doesn't work: :set cedit=^P :%s/a/a :^P shows :^@^@^@s^@^@^@e^@^@^@t^@^@^@^@^@^@c^@^@^@e^@^@^@d^@^@^@i^@^@^@t^@^@^@=^@^@^@^P^@^@^@

Bug#695143: mercurial removes directory when removing the last contained file.

Package: mercurial Version: 1.6.4-1 Severity: normal If I hg remove the last file in a directory, mercurial removes the directory on commit (see below). Perhaps it's an upstream bug. Perhaps it's a feature documented in the Definitive Guide, but I won't buy the book just to check this, and