Processed: Add fdroidcl to the affects
Processing commands for cont...@bugs.debian.org: > affects 867358 src:fdroidcl Bug #867358 [src:linux] mips/mipsel: mips-linux-gnu-gccgo-7: waitid: bad address Added indication that 867358 affects src:fdroidcl > thanks Stopping processing here. Please contact me if you need assistance. -- 867358: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867358 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
CONFIG_CGROUPS_BPF in kernel 4.9
Hi Ben, Would you please share your thoughts on the possibility of back-porting support for CGROUPS_BPF and related code from kernel 4.10 to kernel 4.9 for Debian Stretch? Thanks, Joe
Bug#869681: firmware-linux: again missing i915 firmware for Thinkpad X61
Package: firmware-linux Version: 20161130-3 Severity: normal Processing triggers for initramfs-tools (0.130) ... update-initramfs: Generating /boot/initrd.img-4.11.0-2-amd64 W: Possible missing firmware /lib/firmware/i915/kbl_huc_ver02_00_1810.bin for module i915 W: Possible missing firmware /lib/firmware/i915/bxt_huc_ver01_07_1398.bin for module i915 W: Possible missing firmware /lib/firmware/i915/skl_huc_ver01_07_1398.bin for module i915 -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.11.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init) Versions of packages firmware-linux depends on: ii firmware-linux-free 3.4 ii firmware-linux-nonfree 20161130-3 Versions of packages firmware-linux recommends: pn amd64-microcode ii intel-microcode 3.20170707.1 firmware-linux suggests no packages. -- no debconf information
Bug#869670: Depends: linux-headers-4.11.0-2-common ... but it is not going to be installed
Package: linux-headers-4.11.0-2-amd64 Version: 4.11.11-1 The following packages have unmet dependencies: linux-headers-4.11.0-2-amd64 : Depends: linux-headers-4.11.0-2-common (= 4.11.11-1+b1) but it is not going to be installed
Bug#869613: libreoffice write crashes (Debian 9)
Thanks Rene, I installed Debian 9 AMD64 on my Asus Laptop the other day. libreoffice writer (lowriter) did not crash on that system. Aaron On Tue, 25 Jul 2017 07:10:45 +0200 Rene Engelhardwrote: > severity 869613 grave > reassign 869613 src:linux > forcemerge 865866 869613 > affects 869613 libreoffice-writer > thanks > > Hi, > > On Mon, Jul 24, 2017 at 11:23:33PM -0400, Aaron Valdes wrote: > > Thread 1 "soffice.bin" received signal SIGSEGV, Segmentation fault. > > 0xa72a8975 in _expand_stack_to(unsigned char*) () from > > /usr/lib/jvm/java-8-openjdk-i386/jre/lib/i386/server/libjvm.so > > #0 0xa72a8975 in _expand_stack_to(unsigned char*) () at > > /usr/lib/jvm/java-8-openjdk-i386/jre/lib/i386/server/libjvm.so > > #1 0xa72ab184 in os::Linux::manually_expand_stack(JavaThread*, unsigned > > char*) () at /usr/lib/jvm/java-8-openjdk-i386/jre/lib/i386/server/libjvm.so > > #2 0xa72b56c8 in os::create_main_thread(JavaThread*) () at > > /usr/lib/jvm/java-8-openjdk-i386/jre/lib/i386/server/libjvm.so > > #3 0xa73f7ede in Threads::create_vm(JavaVMInitArgs*, bool*) () at > > /usr/lib/jvm/java-8-openjdk-i386/jre/lib/i386/server/libjvm.so > > #4 0xa70a4645 in JNI_CreateJavaVM () at > > /usr/lib/jvm/java-8-openjdk-i386/jre/lib/i386/server/libjvm.so > > #5 0xb232f9a1 in () at /usr/lib/libreoffice/program/libjvmfwklo.so > > #6 0xb2341bf4 in jfw_startVM(JavaInfo const*, JavaVMOption*, long, > > JavaVM_**, JNIEnv_**) () at /usr/lib/libreoffice/program/libjvmfwklo.so > > Aha. So it's the known regression in the kernel breaking Java. I guessed that > at first, > though you claiming it works without -gtk2 was puzzling me... > > Wouldn't have happened on amd64... > > Regards, > > Rene > >
Processed: retitle 869639 to firmware-brcm80211: BroadPwn vulnerability CVE-2017-9417
Processing commands for cont...@bugs.debian.org: > # correct CVE in subject > retitle 869639 firmware-brcm80211: BroadPwn vulnerability CVE-2017-9417 Bug #869639 [firmware-brcm80211] firmware-brcm80211: BroadPwn vulnerability CVE-2017-8386 Changed Bug title to 'firmware-brcm80211: BroadPwn vulnerability CVE-2017-9417' from 'firmware-brcm80211: BroadPwn vulnerability CVE-2017-8386'. > thanks Stopping processing here. Please contact me if you need assistance. -- 869639: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869639 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#869640: starting rpc-svcgssd.service fails
Package: nfs-common 1:1.3.4-2.1, nfs-kernel-server 1:1.3.4-2.1 Debian-Version: 9.1, Kernel 4.9.0-3-amd64 Hardware: Dell PowerEdge R630, 2 Sockets, 2x8Cores, 265 GByte Memory Symptom: starting rpc-svcgssd.service fails with non-standard Kerberos principal Involved packages: libnfs8:amd641.11.0-2amd64 libnfsidmap2:amd64 0.25-5.1amd64 nfs-common 1:1.3.4-2.1 amd64 nfs-kernel-server1:1.3.4-2.1 amd64 libgssrpc4:amd64 1.15-1 amd64 libtirpc1:amd64 0.2.5-1.2 amd64 rpcbind 0.2.3-0.6 amd64 Bug Log: Jul 20 13:37:42 hiyo rpc.svcgssd[10625]: ERROR: GSS-API: error in gss_acquire_cred(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - Jul 20 13:37:42 hiyo rpc.svcgssd[10625]: unable to obtain root (machine) credentials Jul 20 13:37:42 hiyo rpc.svcgssd[10625]: do you have a keytab entry for nfs/@ in /etc/krb5.keytab? Jul 20 13:37:42 hiyo systemd[1]: rpc-svcgssd.service: Control process exited, code=exited status=1 Jul 20 13:37:42 hiyo systemd[1]: Failed to start RPC security service for NFS server. -- Subject: Unit rpc-svcgssd.service has failed This is perfectly correct, due to /etc/krb5.keytab has no principal nfs/hiyo.zit.biophys.mpg...@bpcental.biophy.mpg.de A Solution would be to use the -p or -n options for the rpc.svcgssd daemon. These are the constraints: 1.) If nfs-kernel-server is not installed, rpc.svcgssd should not be started - it's used by the nfs server only, not by nfs clients 2.) However: rpc.svcgssd is part of packet nfs-common (incl. nfs client). Why? shouldn't is be part of nfs-kernel-server? 3.) If everything is intended as currently distributed, why place the configuration parameter RPCSVCGSSDOPTS in /etc/default/nfs-kernel-server? 4.) Under these circumstances it should be placed in /etc/default/nfs-common. 5.) The contents of the 2 /etc/default/nfs-* files are evaluated by the service nfs-config.service into /run/sysconfig/nfs-utils, which result the looks like: PIPEFS_MOUNTPOINT=/run/rpc_pipefs RPCNFSDARGS=" 8" RPCMOUNTDARGS="--manage-gids" STATDARGS="" RPCSVCGSSDARGS="-n" 6.) However, the systemd unit file in /lib/systemd/system/rpc-svcgssd.service imports a variable SVCGSSDARGS, where /run/sysconfig/nfs-utils defines RPCSVCGSSDARGS (with RPC prefix). This renders the config parameter useless because it never draws. [Unit] Description=RPC security service for NFS server DefaultDependencies=no Requires=run-rpc_pipefs.mount After=run-rpc_pipefs.mount local-fs.target PartOf=nfs-server.service PartOf=nfs-utils.service After=gssproxy.service ConditionPathExists=|!/run/gssproxy.pid ConditionPathExists=|!/proc/net/rpc/use-gss-proxy ConditionPathExists=/etc/krb5.keytab Wants=nfs-config.service After=nfs-config.service [Service] EnvironmentFile=-/run/sysconfig/nfs-utils Type=forking ExecStart=/usr/sbin/rpc.svcgssd $SVCGSSDARGS My suggestion for these issues: - Move rpc.svcgssd service to the nfs-kernel-server package, so it doesn't get started if the nfs server isn't installed - Make sure /lib/systemd/system/rpc-svcgssd.service imports/uses the correct variables from /run/sysconfig/nfs-utils Best Andreas Schindler -- Dr.-Ing. Andreas Schindler Leiter Zentrale IT Max-Planck-Institut für Biophysik andreas.schind...@biophys.mpg.de Max-von-Laue-Str. 3, 60438 Frankfurt, Tel: +49 69 6303 4555 smime.p7s Description: S/MIME Cryptographic Signature
Bug#869639: correct to CVE-2017-9417, and link
https://nvd.nist.gov/vuln/detail/CVE-2017-9417
Bug#869639: firmware-brcm80211: BroadPwn vulnerability CVE-2017-8386
Package: firmware-brcm80211 Version: 0.43 Severity: critical Tags: security upstream Justification: root security hole Dear Maintainer, CVE-2017-8386 "BroadPwn" has been around for a while. It seems Debian ships the relevant firmware in this package. Could I impose on you to ensure that all is as it should be? Many thanks. Mark https://nvd.nist.gov/vuln/detail/CVE-2017-8386 https://security-tracker.debian.org/tracker/CVE-2017-9417 https://packages.debian.org/search?keywords=firmware-brcm80211 http://boosterok.com/blog/broadpwn/ -- System Information: Debian Release: 8.9 APT prefers testing APT policy: (1000, 'testing'), (1000, 'stable'), (1000, 'oldstable'), (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)