Bug#808293: freeradius stopped working after kernel upgrade
I can confirm this. This bug hit us for Windows clients which suddenly could no longer authenticate via EAP-TLS or 802.1x. It seems that it has something to do with large UDP packets. Freeradius did no longer process UDP packets that were fragmented. This was also reported by someone else for the src:linux package as bug 808374. We tested the following versions: Affected: linux-image-3.16.0-4-amd64 3.16.7-ckt20-1+deb8u1 linux-image-3.2.0-4-rt-amd64 3.2.73-2 Not affected: linux-image-3.2.0-4-rt-amd64 3.2.71-2 Regards Sebastian -- GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant
Bug#808374: freeradius stopped working after kernel upgrade
I can confirm this. This bug hit us for Windows clients which suddenly could no longer authenticate via EAP-TLS or 802.1x. It seems that it has something to do with large UDP packets. Freeradius did no longer process UDP packets that were fragmented. This was also reported by someone else for the freeradius package as bug 808293. We tested the following versions: Affected: linux-image-3.16.0-4-amd64 3.16.7-ckt20-1+deb8u1 linux-image-3.2.0-4-rt-amd64 3.2.73-2 Not affected: linux-image-3.2.0-4-rt-amd64 3.2.71-2 Regards Sebastian -- GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant
Bug#790742: python-paramiko: sftp connections hangs
Package: python-paramiko
Version: 1.15.1-1
Severity: important
Tags: upstream
Dear Maintainer,
while using backupninja I noticed that backups were not completed
after the Update to Debian Jessie.
Errors from backupninja were like this:
Info: Duplicity cleanup finished successfully.
Info: Duplicity remove-older-than finished successfully.
Error: Local and Remote metadata are synchronized, no sync needed.
Error: Last full backup date: Thu Jun 25 04:00:40 2015
Error: sftp put of /tmp/duplicity-vAZYna-tempdir/mktemp-ORQJPa-3 (as
duplicity-inc.20150630T020041Z.to.20150701T020107Z.vol1.difftar.gpg)
failed: (Try 1 of 5) Will retry in 10 seconds.
Error: sftp put of /tmp/duplicity-vAZYna-tempdir/mktemp-ORQJPa-3 (as
duplicity-inc.20150630T020041Z.to.20150701T020107Z.vol1.difftar.gpg)
failed: Socket is closed (Try 2 of 5) Will retry in 10 seconds.
Error: sftp put of /tmp/duplicity-vAZYna-tempdir/mktemp-ORQJPa-3 (as
duplicity-inc.20150630T020041Z.to.20150701T020107Z.vol1.difftar.gpg)
failed: Socket is closed (Try 3 of 5) Will retry in 10 seconds.
Error: sftp put of /tmp/duplicity-vAZYna-tempdir/mktemp-ORQJPa-3 (as
duplicity-inc.20150630T020041Z.to.20150701T020107Z.vol1.difftar.gpg)
failed: Socket is closed (Try 4 of 5) Will retry in 10 seconds.
Error: sftp put of /tmp/duplicity-vAZYna-tempdir/mktemp-ORQJPa-3 (as
duplicity-inc.20150630T020041Z.to.20150701T020107Z.vol1.difftar.gpg)
failed: Socket is closed (Try 5 of 5) Will retry in 10 seconds.
Error: BackendException: Giving up trying to upload
'duplicity-inc.20150630T020041Z.to.20150701T020107Z.vol1.difftar.gpg'
after 5 attempts
Fatal: Duplicity failed.
Debugging this further revealed that the problem is with the sftp
Backend in duplicity which is provided by paramiko. Debugging further
lead to these debug entries from paramiko:
ssh: [chan 1]
stat('/duplicity/duplicity-full-signatures.20150625T020040Z.sigtar.gpg')
ssh: [chan 1]
open('/duplicity/duplicity-full-signatures.20150625T020040Z.sigtar.gpg', 'rb')
ssh: [chan 1]
open('/duplicity/duplicity-full-signatures.20150625T020040Z.sigtar.gpg', 'rb')
- 62366531326533303130316132346633
ssh: [chan 1]
stat('/duplicity/duplicity-full-signatures.20150625T020040Z.sigtar.gpg')
ssh: Sending global request keepal...@lag.net
ssh: Sending global request keepal...@lag.net
ssh: Sending global request keepal...@lag.net
ssh: Sending global request keepal...@lag.net
ssh: Sending global request keepal...@lag.net
ssh: Sending global request keepal...@lag.net
ssh: Sending global request keepal...@lag.net
ssh: Sending global request keepal...@lag.net
ssh: Sending global request keepal...@lag.net
ssh: Sending global request keepal...@lag.net
ssh: Sending global request keepal...@lag.net
ssh: Sending global request keepal...@lag.net
^C^C
It hangs at this point until it times out.
This issue was reported / is discussed upstream at
https://github.com/paramiko/paramiko/issues/331
-- System Information:
Debian Release: 8.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.19.1 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages python-paramiko depends on:
ii python-crypto 2.6.1-5+b2
ii python-ecdsa 0.11-1
pn python:any none
python-paramiko recommends no packages.
python-paramiko suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669213: bind9: new upstream release: 9.9
* LaMont Jones lam...@mmjgroup.com [2012-10-29 21:38]: On Mon, Oct 29, 2012 at 05:22:10PM +, Adam D. Barratt wrote: Indeed. In any case, were the new version to be accepted in to the release then the appropriate route would be via unstable, not direct to t-p-u. Works for me. I'll toss 9.8.4 into sid. As for getting it into wheezy, it'll make the support life easier for the inevitable security fixes that will follow. There are probably other reasons. Hi, if the route goes via unstable, could we perhaps immediately go to 9.9.2? 9.9 has the most useful new features regarding DNSSEC. Regards Sebastian -- GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669213: bind9: new upstream release: 9.9
* Ondřej Surý ond...@sury.org [2012-10-30 10:13]: I can do a manual code review for debian-release team if they are interested. I concur with LaMont that we need latest 9.8.x branch to keep the sanity of the maintainer. That is no problem for me but could we please get a 9.9 debian source package somewhere if there is one ready (or almost ready)? Because I would really like to switch to 9.9 as soon as possible. Regards Sebastian -- GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669213: bind9: new upstream release: 9.9
Hello, a bind 9.9 package would be great as the new upstream version contains many improvements regarding DNSSEC. Is there any progress on this or does anyone have a working debian source for bind 9.9? It's not in the git repository for this package. I would really appreciate it. Regards Sebastian -- GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#651242: spamc option to return a temporary error when spamd is unavailable
Package: spamc
Version: 3.3.1-1
Severity: wishlist
Tags: patch
I use spamc as a simple delivery filter with postfix like this in master.cf:
dovecot-sa unix - n n - - pipe
flags=ODRhu user=vmail:mail argv=/usr/bin/spamc -x -X -u ${recipient} -e
/usr/lib/dovecot/deliver -f ${sender} -a ${recipient} -d ${user}@${nexthop}
I was unhappy with how postfix would bounce mails when spamd wasn't running and
spamc was run with -x to prevent unfiltered mail to come trough.
When spamc returns EX_TEMPFAIL instead of EX_UNAVAILABLE, postfix will queue
the mail and try to deliver it later.
Please be aware that I don't have much recent experience with C-code and none
with the spamassassin code as such but the attached patch works well for me.
I also requested to add something like this to the spamassassin upstream:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6717
Regards
Sebastian
Index: spamassassin-3.3.1/spamc/libspamc.h
===
--- spamassassin-3.3.1.orig/spamc/libspamc.h2011-12-06 22:25:23.0
+0100
+++ spamassassin-3.3.1/spamc/libspamc.h 2011-12-06 22:42:14.0 +0100
@@ -131,6 +131,11 @@
/* December 5, 2007 duncf: send log messages to callback */
#define SPAMC_LOG_TO_CALLBACK (114)
+/* December 6, 2011 Sebastian Wiesinger sebast...@karotte.org:
+ * Turn EX_UNAVAILABLE into EX_TEMPFAIL
+ * */
+#define SPAMC_UNAVAIL_TEMPFAIL (113)
+
#define SPAMC_MESSAGE_CLASS_SPAM 1
#define SPAMC_MESSAGE_CLASS_HAM 2
Index: spamassassin-3.3.1/spamc/spamc.c
===
--- spamassassin-3.3.1.orig/spamc/spamc.c 2011-12-06 22:25:23.0
+0100
+++ spamassassin-3.3.1/spamc/spamc.c2011-12-06 22:46:34.0 +0100
@@ -197,6 +197,10 @@
usg( -x, --no-safe-fallback\n
Don't fallback safely.\n);
+usg( -X, --unavailable-tempfail\n
+ When using -x, turn 'unavailabe' error into\n
+ 'tempfail'. Most MTAs will then defer mails\n
+ instead of bouncing them.\n);
usg( -l, --log-to-stderr Log errors and warnings to stderr.\n);
#ifndef _WIN32
usg( -e, --pipe-to command [args]\n
@@ -227,9 +231,9 @@
struct transport *ptrn)
{
#ifndef _WIN32
-const char *opts = -BcrRd:e:fyp:n:t:s:u:L:C:xzSHU:ElhVKF:0:1:2;
+const char *opts = -BcrRd:e:fyp:n:t:s:u:L:C:xXzSHU:ElhVKF:0:1:2;
#else
-const char *opts = -BcrRd:fyp:n:t:s:u:L:C:xzSHElhVKF:0:1:2;
+const char *opts = -BcrRd:fyp:n:t:s:u:L:C:xXzSHElhVKF:0:1:2;
#endif
int opt;
int ret = EX_OK;
@@ -260,6 +264,7 @@
{ headers, no_argument, 0, 2 },
{ exitcode, no_argument, 0, 'E' },
{ no-safe-fallback, no_argument, 0, 'x' },
+ { unavailable-tempfail, no_argument, 0, 'X' },
{ log-to-stderr, no_argument, 0, 'l' },
{ pipe-to, required_argument, 0, 'e' },
{ help, no_argument, 0, 'h' },
@@ -442,6 +447,11 @@
flags = (~SPAMC_SAFE_FALLBACK);
break;
}
+case 'X':
+{
+flags |= SPAMC_UNAVAIL_TEMPFAIL;
+break;
+}
case 'y':
{
flags |= SPAMC_SYMBOLS;
@@ -1025,6 +1035,9 @@
else if (use_exit_code) {
ret = result;
}
+ if ((flags SPAMC_UNAVAIL_TEMPFAIL) ret == EX_UNAVAILABLE) {
+ ret = EX_TEMPFAIL;
+ }
}
finish:
Index: spamassassin-3.3.1/spamc/spamc.pod
===
--- spamassassin-3.3.1.orig/spamc/spamc.pod 2011-12-06 22:25:23.0
+0100
+++ spamassassin-3.3.1/spamc/spamc.pod 2011-12-06 22:42:14.0 +0100
@@ -230,6 +230,12 @@
This also disables the TCP fail-over behaviour from B-d.
+=item B-X, B--unavailable-tempfail
+
+When disabling 'safe fallback' with B-x, this option will turn EX_UNAVAILABLE
+errors into EX_TEMPFAIL. Most (if not all) MTAs will then defer mails instead
+of bouncing them. See also LEXIT CODES.
+
=item B-y, B--tests
Just output the names of the tests hit to stdout, on one line, separated
Bug#527862: libmilter1.0.1: dkim-milter and milter-greylist segfault in libmilter
* Jose-Marcio Martins da Cruz jose-marcio.mart...@mines-paristech.fr [2009-10-20 13:40]: Hello, Sebastian Wiesinger wrote: Package: libmilter1.0.1 Version: 8.14.3-5 Followup-For: Bug #527862 There's a but in Lenny libmilter 1.0.1. You shall : * Apply the patch appearing in the bug web page * get and install the patched libmilter at : http://www.j-chkmail.org/download/libmilter/libmilter-workers-8.14.3-1.tgz I applied the patch to the Debian Lenny sendmail version. After that I get the following errors: Oct 20 17:03:58 alita sm-mta[25848]: n9KF3kwv025848: Milter (greylist): timeout before data read, where=helo Oct 20 17:03:58 alita sm-mta[25848]: n9KF3kwv025848: Milter (greylist): to error state Oct 20 17:03:58 alita sm-mta[25847]: n9KF3kmF025847: Milter (greylist): timeout before data read, where=helo Oct 20 17:03:58 alita sm-mta[25847]: n9KF3kmF025847: Milter (greylist): to error state Oct 20 16:53:14 alita sm-mta[5753]: n9KEqqeP005753: Milter (dkim-filter): timeout before data read, where=mail Oct 20 16:53:14 alita sm-mta[5753]: n9KEqqeP005753: Milter (dkim-filter): to error state Rebuilding the milters didn't help. Any ideas? Regards, Sebastian -- New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) Old GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#527862: libmilter1.0.1: dkim-milter and milter-greylist segfault in libmilter
Package: libmilter1.0.1 Version: 8.14.3-5 Followup-For: Bug #527862 Hello, I think I experienced the same bug tonight with two milter: Oct 14 06:19:00 alita kernel: [4642846.303984] dkim-filter[29729]: segfault at 130 ip 7f25820dc900 sp 00041c080f0 error 4 in libmilter.so.1.0.1[7f25820d1000+f000] Oct 14 06:19:00 alita kernel: [4642846.304074] milter-greylist[3548]: segfault at 130 ip 7fa74cb17900 sp 416810f0 error 4 in libmilter.so.1.0.1[7fa74cb0c000+f000] I installed the -dbg Version of libmilter1.0.1 but I don't think it's used by default? # lsof -n -p 27735 | fgrep milter dkim-filt 27735 dkim-filter memREG9,1 63440 6685052 /usr/lib/libmilter.so.1.0.1 Is there anything I should/could do to help your patch into the repository? -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.30.5 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libmilter1.0.1 depends on: ii libc6 2.7-18 GNU C Library: Shared libraries libmilter1.0.1 recommends no packages. libmilter1.0.1 suggests no packages. Versions of packages sensible-mda depends on: ii libc6 2.7-18 GNU C Library: Shared libraries ii procmail 3.22-16Versatile e-mail processor ii sendmail-bin [mail-transport- 8.14.3-5 powerful, efficient, and scalable Versions of packages rmail depends on: ii libc6 2.7-18 GNU C Library: Shared libraries ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries ii sendmail-bin [mail-transport- 8.14.3-5 powerful, efficient, and scalable Versions of packages libmilter0 depends on: ii libc6 2.7-18 GNU C Library: Shared libraries -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#537746: mutt: progress counters update too fast
Package: mutt Version: 1.5.18-6 Severity: minor I noticed that my mutt would often hang while opening/closing a maildir mailbox with many messages while displaying the progress counters, especially when used via an remote ssh tunnel. Also the rest of the connection would get really unresponsive. A little testing showed that mutt updates the progress counters so fast that the (360kbit/s upstream) DSL line is saturated. I would suggest to increase/set the time_inc and/or read_inc/write_inc settings in the default configuration. The current default settings are: time_inc=0 read_inc=10 write_inc=1 For me a setting of time_inc=250 works fine, but perhaps setting the read/write_inc would be better for a default. Changing this shortened the time to open/close a mailbox from 5-10 seconds to 1 second when using mutt via remote SSH session. -- Package-specific info: Mutt 1.5.18 (2008-05-17) Copyright (C) 1996-2008 Michael R. Elkins and others. Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'. Mutt is free software, and you are welcome to redistribute it under certain conditions; type `mutt -vv' for details. System: Linux 2.6.26-2-686 (i686) ncurses: ncurses 5.7.20081213 (compiled with 5.7) libidn: 1.8 (compiled with 1.10) hcache backend: GDBM version 1.8.3. 10/15/2002 (built Apr 24 2006 03:25:20) Compile options: -DOMAIN +DEBUG -HOMESPOOL +USE_SETGID +USE_DOTLOCK +DL_STANDALONE +USE_FCNTL -USE_FLOCK +USE_POP +USE_IMAP +USE_SMTP +USE_GSS -USE_SSL_OPENSSL +USE_SSL_GNUTLS +USE_SASL +HAVE_GETADDRINFO +HAVE_REGCOMP -USE_GNU_REGEX +HAVE_COLOR +HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_BKGDSET +HAVE_CURS_SET +HAVE_META +HAVE_RESIZETERM +CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME -CRYPT_BACKEND_GPGME -EXACT_ADDRESS -SUN_ATTACHMENT +ENABLE_NLS -LOCALES_HACK +COMPRESSED +HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET +HAVE_LANGINFO_YESEXPR +HAVE_ICONV -ICONV_NONTRANS +HAVE_LIBIDN +HAVE_GETSID +USE_HCACHE -ISPELL SENDMAIL=/usr/sbin/sendmail MAILPATH=/var/mail PKGDATADIR=/usr/share/mutt SYSCONFDIR=/etc EXECSHELL=/bin/sh MIXMASTER=mixmaster To contact the developers, please mail to mutt-...@mutt.org. To report a bug, please visit http://bugs.mutt.org/. patch-1.5.13.cd.ifdef.2 patch-1.5.13.cd.purge_message.3.4 patch-1.5.13.nt+ab.xtitles.4 patch-1.5.4.vk.pgp_verbose_mime patch-1.5.6.dw.maildir-mtime.1 patch-1.5.8.hr.sensible_browser_position.3 -- System Information: Debian Release: 5.0.2 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages mutt depends on: ii libc6 2.7-18 GNU C Library: Shared libraries ii libcomerr2 1.41.3-1 common error description library ii libgdbm31.8.3-3 GNU dbm database routines (runtime ii libgnutls26 2.4.2-6+lenny1 the GNU TLS library - runtime libr ii libidn111.8+20080606-1 GNU libidn library, implementation ii libkrb531.6.dfsg.4~beta1-5lenny1 MIT Kerberos runtime libraries ii libncursesw55.7+20081213-1 shared libraries for terminal hand ii libsasl2-2 2.1.22.dfsg1-23+lenny1 Cyrus SASL - authentication abstra Versions of packages mutt recommends: ii locales 2.7-18 GNU C Library: National Language ( ii mime-support 3.44-1 MIME files 'mime.types' 'mailcap ii sendmail-bin [mail-transport- 8.14.3-5 powerful, efficient, and scalable Versions of packages mutt suggests: ii ca-certificates 20080809 Common CA certificates ii gnupg 1.4.9-3+lenny1 GNU privacy guard - a free PGP rep ii ispell 3.1.20.0-4.4 International Ispell (an interacti pn mixmaster none (no description available) ii openssl 0.9.8g-15+lenny1 Secure Socket Layer (SSL) binary a pn urlview none (no description available) Versions of packages mutt is related to: ii mutt 1.5.18-6 text-based mailreader supporting M pn mutt-dbg none (no description available) pn mutt-patched none (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#463339: screen is compiled without 256 color support
Package: screen Version: 4.0.3-0.3+b1 Severity: wishlist Please enable support for 256 colors in screen. Currently it's impossible to use 256color aware programs and terminals together with screen. --enable-colors256 is already present in debian/rules but commented out... -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-k7 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages screen depends on: ii base-passwd3.5.11Debian base system master password ii debconf [debconf-2.0] 1.5.11etch1 Debian configuration management sy ii libc6 2.3.6.ds1-13etch4 GNU C Library: Shared libraries ii libncursesw5 5.5-5 Shared libraries for terminal hand ii libpam0g 0.79-5Pluggable Authentication Modules l ii passwd 1:4.0.18.1-7 change and administer password and screen recommends no packages. -- debconf information: screen/old_upgrade_prompt: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#435239: Compile bind9 with internal malloc to avoid problems when bind9 is used as a busy resolver
Package: bind9 Version: 1:9.3.4-2etch1 Severity: important Tags: patch We're using bind9 as a resolver which is answering 15k-20k queries per minute. We noticed that with bind 9.3.4 there was a problem whenever the configured cache limit was reached (max-cache-size 838860800;). The resolver got very very slow and was unable to respond to queries. Someone told me to compile bind9 with internal malloc, which solved the problem. So I would advise to set ISC_MEM_USE_INTERNAL_MALLOC to 1 by default. Patch: --- bind9-9.3.4.org/debian/rules2007-07-30 12:07:38.0 +0200 +++ bind9-9.3.4/debian/rules2007-07-26 22:50:29.0 +0200 @@ -17,7 +17,7 @@ #export CXX=g++-3.4 #endif -export CFLAGS=-fno-strict-aliasing +export CFLAGS=-fno-strict-aliasing -DISC_MEM_USE_INTERNAL_MALLOC=1 configure: configure-stamp configure-stamp: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#308371: openoffice.org: Version 2.0.4 is affected by this bug
Package: openoffice.org Version: 2.0.4.dfsg.2-2 Followup-For: Bug #308371 I'm running openoffice.org 2.0.4 in WindowMaker (wmaker 0.92.0-6.1), and I'm also affected by this bug. I see the same problems as described by the previous bug reporters. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17.9 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages openoffice.org depends on: ii openoffice.org-base 2.0.4.dfsg.2-2 OpenOffice.org office suite - data ii openoffice.org-calc 2.0.4.dfsg.2-2 OpenOffice.org office suite - spre ii openoffice.org-core 2.0.4.dfsg.2-2 OpenOffice.org office suite archit ii openoffice.org-draw 2.0.4.dfsg.2-2 OpenOffice.org office suite - draw ii openoffice.org-impress2.0.4.dfsg.2-2 OpenOffice.org office suite - pres ii openoffice.org-java-commo 2.0.4.dfsg.2-2 OpenOffice.org office suite Java s ii openoffice.org-math 2.0.4.dfsg.2-2 OpenOffice.org office suite - equa ii openoffice.org-writer 2.0.4.dfsg.2-2 OpenOffice.org office suite - word openoffice.org recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402005: rancid-core: Rancid throws away prefix-list sequence numbers
Package: rancid-core Version: 2.3.1-1 Severity: normal Rancid is deleting sequence numbers from cisco prefix-lists when sorting them. It also reorders access-lists. This is a known feature/problem, but since order/sequence of prefix-lists is important in newer IOS, I think ordering should be taken out of rancid. See this mails for further information: http://www.shrubbery.net/pipermail/rancid-discuss/2006-March/001404.html http://www.shrubbery.net/pipermail/rancid-discuss/2004-July/000799.html The fix would be to disable all reordering of access-lists and prefix-lists in rancid. The reordering starts in the rancid file after line 1304. It first reorders (extended) access-lists then prefix-lists. If you comment these lines out or delete them, the problem is fixed. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17.9 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#382467: mutt compile error while trying to include external (http://) xsl file
Package: mutt Version: 1.5.12-1 Severity: serious Hello, I tried to compile the mutt package manually, but got the following error: make[5]: Leaving directory `/home/sebastianw/work/compile_box/mutt/mutt-1.5.12/obj-i486-linux-gnu/doc' ( sed -e s/@VERSION\@/`cat ../../VERSION` (`cut -d\\ -f2 ../reldate.h`)/ ../../doc/manual.xml.head ;\ gcc -E -I. -I.. -I/usr/include -I../.. -DSYSCONFDIR=\/etc\ -DBINDIR=\/usr/bin\ -DHAVE_CONFIG_H=1 -I/usr/include/qdbm -I/usr/include -I/usr/include// -I../../intl -D_MAKEDOC -C ../../init.h | ../makedoc -s ) | \ cat - ../../doc/manual.xml.tail manual.xml touch stamp-doc-xml xsltproc --nonet -o manual.html ../../doc/html.xsl manual.xml I/O error : Attempt to load network entity http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl warning: failed to load external entity http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl; compilation error: file ../../doc/html.xsl line 3 element import xsl:import : unable to load http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl make[4]: *** [manual.html] Error 5 I don't know why it is unable to load the xsl file, I can get it with wget, but I don't think it should depend on an external file to compile correctly! -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12.3 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages mutt depends on: ii libc6 2.3.6-15 GNU C Library: Shared libraries ii libdb4.44.4.20-3 Berkeley v4.4 Database Libraries [ ii libgnutls13 1.4.1-1 the GNU TLS library - runtime libr ii libidn110.6.5-1 GNU libidn library, implementation ii libncursesw55.5-2Shared libraries for terminal hand ii libsasl22.1.19.dfsg1-0.2 Authentication abstraction library ii sendmail-bin [mail-tran 8.13.7-2 powerful, efficient, and scalable Versions of packages mutt recommends: ii locales 2.3.6-15 GNU C Library: National Language ( ii mime-support 3.37-1 MIME files 'mime.types' 'mailcap -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#338761: dailystrips: nostale option doesn't work when downloading twice a day
Package: dailystrips
Version: 1.0.28-4
Severity: minor
Tags: patch
I download strips twice a day to get late strips and noticed that the
nostale option doesn't work when doing this. I swapped 2 if-blocks in
dailystrips to make it work.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.31
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages dailystrips depends on:
ii debconf 1.4.30.13 Debian configuration management sy
ii libtimedate-perl 1.1600-4 Time and date functions for Perl
ii libwww-perl 5.803-4WWW client/server library for Perl
ii perl 5.8.4-8Larry Wall's Practical Extraction
-- debconf information:
dailystrips/warning-etcdefs:
--- /org/dailystrips2005-11-12 15:28:00.0 +0100
+++ /new/dailystrips2005-11-12 15:28:59.0 +0100
@@ -688,22 +688,7 @@
print IMAGE $image;
close(IMAGE);
- if (-e $local_name and
system(diff \$local_name\ \$local_name.tmp\ /dev/null 21) == 0) {
- # already downloaded
the same strip earlier today
-
unlink($local_name.tmp);
-
- if
($options{'avantgo'}) {
- $img_line =
make_avantgo_table($local_name, $ext);
- } else {
- $img_addr =
$local_name;
- $img_addr =~ s/
/\%20/go;
- if
($options{'stripnav'}) {
-
$img_line = img src=\$img_addr\ alt=\$name\bra href=\#top\Return
to top/a;
- } else {
-
$img_line = img src=\$img_addr\ alt=\$name\;
- }
- }
- } elsif (system(diff
\$local_name_yesterday\ \$local_name.tmp\ /dev/null 21) == 0) {
+ if (system(diff
\$local_name_yesterday\ \$local_name.tmp\ /dev/null 21) == 0) {
# same strip as
yesterday
if
($options{'nosymlinks'}) {
system(mv,$local_name.tmp,$local_name);
@@ -728,6 +713,21 @@
$img_line = img src=\$img_addr\ alt=\$name\;
}
}
+ } elsif (-e $local_name and
system(diff \$local_name\ \$local_name.tmp\ /dev/null 21) == 0) {
+ # already downloaded
the same strip earlier today
+
unlink($local_name.tmp);
+
+ if
($options{'avantgo'}) {
+ $img_line =
make_avantgo_table($local_name, $ext);
+ } else {
+ $img_addr =
$local_name;
+ $img_addr =~ s/
/\%20/go;
+ if
($options{'stripnav'}) {
+
$img_line = img src=\$img_addr\ alt=\$name\bra href=\#top\Return
to top/a;
+ } else {
+
$img_line = img src=\$img_addr\ alt=\$name\;
+ }
+ }
} else {
# completely new strip
# possible to get here
by:
Bug#326885: /etc/knockd.conf has insecure permissions
Package: knockd Version: 0.4-1 Severity: normal /etc/knockd.conf is world-readable and reveals the knock configuration to normal users. This makes it possible for ordinary users to activate the commands specified in the config by using the knock sequence found in the config file. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.31 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages knockd depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libpcap0.8 0.8.3-5 System interface for user-level pa -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#326818: shell /bin/false renders smart plugins unusable
Package: munin Version: 1.2.3-1 Severity: normal The munin user is created with '/bin/false' as shell. Using this shell prevents the smart_ and hddtemp_smartctl plugins to run when called from munin-cron. Changing the shell to /bin/bash solved the problem. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.31 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages munin depends on: pn libdigest-md5-perl Not found. ii libhtml-template-perl 2.6-2 HTML::Template : A module for usin ii librrds-perl 1.0.49-1 Time-series data storage and displ pn libtime-hires-perl Not found. ii perl [libstorable-perl] 5.8.4-8Larry Wall's Practical Extraction ii perl-modules 5.8.4-8Core Perl modules -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#308620: mozilla-firefox: 2 additional flaws
Package: mozilla-firefox Version: 1.0.3-2 Followup-For: Bug #308620 Please note that there are two additional flaws listed here: http://www.frsirt.com/english/advisories/2005/0530 A demonstration is here: http://www.heise.de/security/dienste/browsercheck/demos/nc/mozdemo3.shtml Clicking Test ausführen on this page opens a shell window which displays ls output. Firefox 1.0.4 and Mozilla 1.7.8 are released. Regards, Sebastian -- System Information: Debian Release: 3.0 Architecture: i386 Kernel: Linux lain 2.6.11.6 #2 Thu Mar 31 12:52:06 CEST 2005 i686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] Versions of packages mozilla-firefox depends on: ii debianutils 2.6 Miscellaneous utilities specific t ii fontconfig 2.2.2-2 generic font configuration library ii libatk1.0-0 1.8.0-3 The ATK accessibility toolkit ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an ii libfontconfig1 2.3.1-2 generic font configuration library ii libfreetype62.1.7-1.1FreeType 2 font engine, shared lib ii libgcc1 1:3.4.1-3GCC support library ii libglib2.0-02.6.2-1 The GLib library of C routines ii libgtk2.0-0 2.6.2-3 The GTK+ graphical user interface ii libidl0 0.8.3-1 library for parsing CORBA IDL file ii libjpeg62 6b-6 The Independent JPEG Group's JPEG ii libkrb531.3.6-1 MIT Kerberos runtime libraries ii libpango1.0-0 1.8.1-1 Layout and rendering of internatio ii libpng12-0 1.2.8rel-1 PNG library - runtime ii libstdc++5 1:3.3.4-5The GNU Standard C++ Library v3 ii libx11-64.3.0-7 X Window System protocol client li ii libxext64.3.0-7 X Window System miscellaneous exte ii libxft2 2.1.2-6 FreeType-based font drawing librar ii libxp6 4.3.0-7 X Window System printing extension ii libxt6 4.3.0-7 X Toolkit Intrinsics ii psmisc 21.2-1 Utilities that use the proc filesy ii xlibs 4.3.0-7 X Window System client libraries m ii zlib1g 1:1.2.1-3compression library - runtime -- no debconf information -- InterNetX GmbH Sebastian Wiesinger System Administration Maximilianstrasse 6 D-93047 Regensburg Tel. +49 941 59559-0 Fax +49 941 59559-245 eMail: [EMAIL PROTECTED] nic-hdl: SW1421-RIPE GPG-Key : 0x97F5A1D8 (0x8431335F97F5A1D8) GPG-Fingerprint : 6181 B041 3554 0B6F 4EF3 1B12 8431 335F 97F5 A1D8
