Bug#959018: Domain name queried during installation is not used
Package: debian-installer Version: 20190702+deb10u3 Severity: normal Tags: d-i During installation, I have to provide netcfg/domain. However, when the installation has finished and the system is booted, that domain name is not actually put in place anywhere. If I run # grep -r 'example\.org' /etc /var then the only reference I find is in /var/log/installer. At the very least, I'd expect the domain name to end up in /etc/hosts to ensure that `hostname --fqdn` works post-install. Whether to put it into /etc/hostname is another question… -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.6.0-trunk-amd64 (SMP w/8 CPU cores) Locale: LANG=en_NZ, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8), LANGUAGE=en_NZ:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- .''`. martin f. krafft @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: Bug#956216: buster-pu: package systemd/241-7~deb10u3
On Mon, 2020-04-27 at 19:17 +0200, Michael Biebl wrote: > Am 25.04.20 um 21:41 schrieb Adam D. Barratt: > > On Wed, 2020-04-08 at 16:11 +0200, Michael Biebl wrote: > > I'd be OK with that, but this will need a KiBi-ack, so CCing and > > tagging accordingly. > > After talking to KiBi on IRC, we decided to include the fix for > #958397 > as well. I kept the changes minimal and only included 60-rules in > udev-udeb and the initramfs. > For the record, I'm OK with that from the SRM side. Regards, Adam
Re: building a custon talking debian installation image with build essential and other packages on the disc as well as the mate accessible desktop
Hi, I agree as most hardware now requires firmware to use. Is there a document on how to remaster and add packages to the disc either for download or as normal debs that are on the disc? Nick Gawronski On Mon, 27 Apr 2020, D.J.J. Ring, Jr. wrote: Date: Mon, 27 Apr 2020 00:38:15 -0400 From: "D.J.J. Ring, Jr." To: Nick Gawronski Cc: debian-accessibil...@lists.debian.org, debian-boot@lists.debian.org Subject: Re: building a custon talking debian installation image with build essential and other packages on the disc as well as the mate accessible desktop Nick, Please use the non free images because many blind people are connecting by Wi-Fi and the drivers are only on the non free images. Also add the Unofficial multimedia sources so blind people can use the non free codecs. It takes a lot of work to make Debian normal. But Debian still is the best, I just wish they'd stop the non free prohibition and put printer and multimedia and Firefox in their ISO. Best wishes, David On Fri, Apr 24, 2020, 15:29 Nick Gawronski wrote: Hi, I am totally blind and know about pressing s to start the installer with speech as I do this then go back to the main menu and set debconf priority to low so I have the most control during the installation process. I looked into the simple-cdd package for building a debian installation image but could not find out how to include the full mate debian desktop with orca the screen reader setup for speech as well as build-essential and other development packages. What would be the best process for building such an image that starts automatically at low priority with speech running and a highor volume level then normal for systems where you would like speech to be not so soft during the installation process? Nick Gawronski
Re: Bug#956216: buster-pu: package systemd/241-7~deb10u3
Am 25.04.20 um 21:41 schrieb Adam D. Barratt: > On Wed, 2020-04-08 at 16:11 +0200, Michael Biebl wrote: > I'd be OK with that, but this will need a KiBi-ack, so CCing and > tagging accordingly. After talking to KiBi on IRC, we decided to include the fix for #958397 as well. I kept the changes minimal and only included 60-rules in udev-udeb and the initramfs. We might consider a different, opt-out approach for udev-rules in the future as suggested by Steve [1] and Marco [2]. But that's probably too invasive for a stable upload. Updated debdiff is attached. The changes to the previous debdiff can be found at https://salsa.debian.org/systemd-team/systemd/-/commit/4b7f1d2b1763574cfc9ef43e728045518d440c1a Regards, Michael [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958397#12 [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958397#22 diff --git a/debian/changelog b/debian/changelog index 1d263f7..14ef57f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,18 @@ +systemd (241-7~deb10u4) buster; urgency=medium + + * polkit: when authorizing via PolicyKit re-resolve callback/userdata +instead of caching it. +This fixes a heap use-after-free vulnerability in systemd, when +asynchronous PolicyKit queries are performed while handling DBus messages. +CVE-2020-1712 (Closes: #950732) + * Install 60-block.rules in udev-udeb and initramfs-tools. +The block device rules were split out from 60-persistent-storage.rules +into its own rules file in v220. Those rules ensure that change events +are emitted and the udev db is updated after metadata changes. +Thanks to Pascal Hambourg (Closes: #958397) + + -- Michael Biebl Mon, 27 Apr 2020 19:02:57 +0200 + systemd (241-7~deb10u3) buster; urgency=medium * core: set fs.file-max sysctl to LONG_MAX rather than ULONG_MAX. diff --git a/debian/extra/initramfs-tools/hooks/udev b/debian/extra/initramfs-tools/hooks/udev index 6305d09..bbbd351 100755 --- a/debian/extra/initramfs-tools/hooks/udev +++ b/debian/extra/initramfs-tools/hooks/udev @@ -28,7 +28,8 @@ if [ -d /etc/systemd/network ]; then fi mkdir -p "$DESTDIR/lib/udev/rules.d/" -for rules in 50-firmware.rules 50-udev-default.rules 60-persistent-storage.rules \ +for rules in 50-firmware.rules 50-udev-default.rules \ +60-block.rules 60-persistent-storage.rules \ 61-persistent-storage-android.rules 71-seat.rules 73-special-net-names.rules \ 73-usb-net-by-mac.rules 75-net-description.rules \ 80-net-setup-link.rules 80-drivers.rules; do diff --git a/debian/patches/Fix-typo-in-function-name.patch b/debian/patches/Fix-typo-in-function-name.patch new file mode 100644 index 000..4f3c521 --- /dev/null +++ b/debian/patches/Fix-typo-in-function-name.patch @@ -0,0 +1,77 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= +Date: Tue, 4 Feb 2020 18:39:04 +0100 +Subject: Fix typo in function name + +(cherry picked from commit bc130b6858327b382b07b3985cf48e2aa9016b2d) +(cherry picked from commit b4eb8848240c3540180e4768216a0b884a5ed783) +(cherry picked from commit f14fa558ae9e139c94ee3af4a1ef1df313b2ff66) +(cherry picked from commit dd8aa0871d9cafa60a916d4ec01dd82d64edf7ed) +--- + TODO| 2 +- + src/libsystemd/sd-bus/bus-message.h | 2 +- + src/libsystemd/sd-bus/sd-bus.c | 8 + src/shared/bus-polkit.c | 2 +- + 4 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/TODO b/TODO +index 462db57..327fead 100644 +--- a/TODO b/TODO +@@ -138,7 +138,7 @@ Features: + + * the a-posteriori stopping of units bound to units that disappeared logic + should be reworked: there should be a queue of units, and we should only +- enqeue stop jobs from a defer event that processes queue instead of ++ enqueue stop jobs from a defer event that processes queue instead of + right-away when we find a unit that is bound to one that doesn't exist + anymore. (similar to how the stop-unneeded queue has been reworked the same + way) +diff --git a/src/libsystemd/sd-bus/bus-message.h b/src/libsystemd/sd-bus/bus-message.h +index 7fd3f11..849d638 100644 +--- a/src/libsystemd/sd-bus/bus-message.h b/src/libsystemd/sd-bus/bus-message.h +@@ -211,4 +211,4 @@ int bus_message_remarshal(sd_bus *bus, sd_bus_message **m); + + void bus_message_set_sender_driver(sd_bus *bus, sd_bus_message *m); + void bus_message_set_sender_local(sd_bus *bus, sd_bus_message *m); +-int sd_bus_enqeue_for_read(sd_bus *bus, sd_bus_message *m); ++int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m); +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index 94380af..c20adcf 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +@@ -4145,7 +4145,7 @@ _public_ int sd_bus_get_close_on_exit(sd_bus *bus) { + return bus->close_on_exit; + } + +-int sd_bus_enqeue_for_read(sd_bus *bus, sd_bus_message *m) { ++int sd_bus_enqueue_for_read(sd_bus *bus,
Re: Graphical installer on arm64 (netboot and cdrom)
On Mon, Apr 27, 2020 at 06:41:36PM +0300, Alper Nebi Yasak wrote: >On 21/04/2020 14:14, Alper Nebi Yasak wrote: >> Since you've already pushed to master, I'll try to do a full >> installation once daily cdroms are available. > >I've tested with today's (2020-04-27) weekly-built >debian-testing-arm64-xfce-CD-1.iso on my chromebook. Overall rushing through >the graphical installation went just fine. Just some minor hardware-specific >problems, and I had to handle chromeos bootloader stuff manually, but nothing >wrong with the graphical parts from what I can tell. \o/ -- Steve McIntyre, Cambridge, UK.st...@einval.com "Because heaters aren't purple!" -- Catherine Pitt
Re: Graphical installer on arm64 (netboot and cdrom)
On 21/04/2020 14:14, Alper Nebi Yasak wrote: Since you've already pushed to master, I'll try to do a full installation once daily cdroms are available. I've tested with today's (2020-04-27) weekly-built debian-testing-arm64-xfce-CD-1.iso on my chromebook. Overall rushing through the graphical installation went just fine. Just some minor hardware-specific problems, and I had to handle chromeos bootloader stuff manually, but nothing wrong with the graphical parts from what I can tell. Thanks a lot!
Bug#956570: should offer possibilities to override host /etc/resolv.conf and /etc/hostname
On Mon, Apr 27, 2020 at 02:38:04PM +0200, Marc Haber wrote: >On Sun, Apr 19, 2020 at 02:41:50AM +0200, Cyril Brulebois wrote: >> Marc Haber (2020-04-13): >> > in the current version, debootstrap copies /etc/resolv.conf and >> > /etc/hostname from the host to the newly installed system. This is >> > possibly wrong if done during a system installation or from a rescue >> > system. Please offer an option to not copy /etc/resolv.conf (the >> > installed system might not have network at all) and to set the >> > hostname from debootstrap's command line or an environment variable. >> > >> > I am willing to provide a patch if you indicate willingness to review >> > and apply the patch. >> >> I'm not convinced it's worth it; passing a --no-resolv-conf-copy option >> vs. rm target/etc/resolv.conf? And the hostname is a sed call away… > >The problem with the hostanme is that package post-inst scipts might >pick up the wrong host name during the actual debootstrap run before an >external script can intervene. d'accord with /etc/resolv.conf. ACK, that's a fair point. I'm used to fixing up this kind of thing after a debootstrap run. I'd be happy to look at a patch. -- Steve McIntyre, Cambridge, UK.st...@einval.com "The problem with defending the purity of the English language is that English is about as pure as a cribhouse whore. We don't just borrow words; on occasion, English has pursued other languages down alleyways to beat them unconscious and rifle their pockets for new vocabulary." -- James D. Nicoll
Bug#956570: should offer possibilities to override host /etc/resolv.conf and /etc/hostname
On Sun, Apr 19, 2020 at 02:41:50AM +0200, Cyril Brulebois wrote: > Marc Haber (2020-04-13): > > in the current version, debootstrap copies /etc/resolv.conf and > > /etc/hostname from the host to the newly installed system. This is > > possibly wrong if done during a system installation or from a rescue > > system. Please offer an option to not copy /etc/resolv.conf (the > > installed system might not have network at all) and to set the > > hostname from debootstrap's command line or an environment variable. > > > > I am willing to provide a patch if you indicate willingness to review > > and apply the patch. > > I'm not convinced it's worth it; passing a --no-resolv-conf-copy option > vs. rm target/etc/resolv.conf? And the hostname is a sed call away… The problem with the hostanme is that package post-inst scipts might pick up the wrong host name during the actual debootstrap run before an external script can intervene. d'accord with /etc/resolv.conf. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421