Bug#951049: uruk: ip[6]tables has been moved to /usr/sbin/ip[6]tables
Package: uruk
Version: 20190121-1
Severity: important
Dear Maintainer,
iptables has been moved to /usr/bin and Bullseye no longer provides
backwards compatibility symlinks. It will probably work on systems that
have been upgraded to Bullseye but not on those that are freshly
installed with Bullseye.
Proposed fix:
--- /sbin/uruk 2019-01-21 10:11:30.0 +0100
+++ /tmp/uruk 2020-02-10 13:12:09.098387503 +0100
@@ -30,9 +30,9 @@
# PREROUTING - - - - - - - - FORWARD - - - - - - - - POSTROUTING
#
-iptables=${URUK_IPTABLES:-/sbin/iptables}
+iptables=${URUK_IPTABLES:-/usr/sbin/iptables}
-ip6tables=${URUK_IP6TABLES:-/sbin/ip6tables}
+ip6tables=${URUK_IP6TABLES:-/usr/sbin/ip6tables}
# Variables used: ip6_<...>, sources6_<...>, ip6tables.
interfaces_unprotect=${URUK_INTERFACES_UNPROTECT:-lo}
-- System Information:
Debian Release: bullseye/sid
APT prefers oldoldstable
APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500,
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8), LANGUAGE=
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages uruk depends on:
ii iptables 1.8.4-2
uruk recommends no packages.
uruk suggests no packages.
-- Configuration Files:
/etc/init.d/uruk changed [not included]
/etc/uruk/rc changed [not included]
-- no debconf information
Bug#926654: tinc: Fails to parse '::' in IPv6-address
Package: tinc Version: 1.0.35-2 Severity: normal Dear Maintainer, if the Subnet in /etc/tinc//hosts/ contains '::' then TINC does not parse it correctly. bad: /etc/tinc/cluster/hosts/nyorobo Subnet = fd00:610:1410:ae2e:23f0:c936::50 # service restart tinc && pkill -USR2 tincd /var/log/syslog: Apr 8 15:57:08 nyorobo tincd[1427]: Subnet list: Apr 8 15:57:08 nyorobo tincd[1427]: 0:10:10:2e:f0:36#10 owner nyorobo good: /etc/tinc/cluster/hosts/nyorobo Subnet = fd00:610:1410:ae2e:23f0:c936:0:50 # service restart tinc && pkill -USR2 tincd /var/log/syslog: Apr 8 15:58:08 nyorobo tincd[1747]: Subnet list: Apr 8 15:58:08 nyorobo tincd[1747]: fd00:610:1410:ae2e:23f0:c936:0:50/128#10 owner nyorobo Both ways of writing this Subnet-address should give the same result. -- System Information: Debian Release: buster/sid APT prefers oldoldstable APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.8.0-2-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages tinc depends on: ii init-system-helpers 1.56+nmu1 ii libc62.28-8 ii liblzo2-22.10-0.1 ii libssl1.11.1.1b-1 ii lsb-base 10.2019031300 ii zlib1g 1:1.2.11.dfsg-1 tinc recommends no packages. tinc suggests no packages. -- no debconf information
Bug#856658: nagios-nrpe-server: Typo in manpage (-d should be -f)
Package: nagios-nrpe-server Version: 3.0.1-3 Severity: minor Dear Maintainer, the man page nrpe(8) contains the following line: -d =Don't fork() for systemd, launchd, etc. That should be -f, not -d: nagios@drop:/$ /usr/sbin/nrpe Usage: nrpe [-n] -c [-4|-6] Options: -n = Do not use SSL -c = Name of config file to use -4 = use ipv4 only -6 = use ipv6 only = One of the following operating modes: -i =Run as a service under inetd or xinetd -d =Run as a standalone daemon -d -s =Run as a subsystem under AIX -f =Don't fork() for systemd, launchd, etc. -- System Information: Debian Release: 9.0 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.8.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages nagios-nrpe-server depends on: ii adduser 3.115 ii init-system-helpers 1.47 ii libc62.24-9 ii libssl1.0.2 1.0.2k-1 ii libwrap0 7.6.q-26 ii lsb-base 9.20161125 Versions of packages nagios-nrpe-server recommends: ii monitoring-plugins-basic 2.2-3 Versions of packages nagios-nrpe-server suggests: pn xinetd | inetd -- Configuration Files: /etc/default/nagios-nrpe-server changed [not included] /etc/nagios/nrpe.cfg changed [not included] -- no debconf information
Bug#788236: nsd: confirmed
Package: nsd Version: 4.1.9-1 Followup-For: Bug #788236 Dear Maintainer, I'd like to point out that this configuration is not only valid but the manpage for nsd.conf uses database: "" as an example, therefor it's likely that people actually use this configuration. -- System Information: Debian Release: Unstable APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages nsd depends on: ii adduser3.114 ii debconf [debconf-2.0] 1.5.59 ii init-system-helpers1.29 ii libc6 2.22-3 ii libevent-2.0-5 2.0.21-stable-2+b1 ii libssl1.0.21.0.2g-1 ii lsb-base 9.20160110 nsd recommends no packages. nsd suggests no packages. -- Configuration Files: /etc/nsd/nsd.conf changed [not included] -- debconf information excluded
Bug#702507: ITP: validns -- high performance DNS/DNSSEC zone validator
Package: wnpp Severity: wishlist Owner: "Casper Gielen" * Package name: validns Version : 0.6 Upstream Author : Anton Berezin * URL : http://http://www.validns.net/ * License : BSD Programming Lang: C Description : high performance DNS/DNSSEC zone validator Validns is a standalone command line RFC 1034/1035 zone file validation tool that, in addition to basic syntactic and semantic zone checks, includes DNSSEC signature verification and NSEC/NSEC3 chain validation, as well a number of optional policy checks on the zone. . The utility was developed with the goal of it being the last verification step in the chain of production and publication of one or more zones containing up to many thousands (or millions) of signed records, making the speed of operation a primary focus, and reflect on validns’ design. . The utility is currently being used by several major DNS operators. . Currently, validns offers the following features: - parse RFC 1035-compliant zone files (so called “BIND” file format) - supports most of the standard record types - informs the user precisely where and what the errors are - verifies RRSIG signatures - NSEC/NSEC3 chain validation - supports signature validation in the future or in the past - built-in policy checks -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#697844: sshfp: option -k is ignored
Package: sshfp
Version: 1.2.2-3
Severity: normal
Dear Maintainer,
the -k option to sshfp is ignored and ~/.ssh/known_hosts is always used.
The following patch fixed this:
--- /tmp/sshfp 2013-01-10 11:18:58.437565425 +0100
+++ /usr/bin/sshfp 2013-01-10 11:20:40.727689145 +0100
@@ -258,7 +258,7 @@
action="store",
dest="known_hosts",
metavar="KNOWN_HOSTS_FILE",
- default=None,
+ default=DEFAULT_KNOWN_HOSTS_FILE,
help="obtain public ssh keys from the known_hosts file
KNOWN_HOSTS_FILE")
parser.add_option("-s", "--scan",
action="store_true",
@@ -342,8 +342,6 @@
if not args:
print >> sys.stderr, "WARNING: Assuming -a"
all_hosts = True
- if not options.scan:
- khfile = DEFAULT_KNOWN_HOSTS_FILE
if options.scan and options.all_hosts:
datal = []
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to nl_NL.UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages sshfp depends on:
ii openssh-client 1:6.0p1-3
ii python 2.7.3-3
ii python-dnspython 1.10.0-1
ii python-ipcalc0.3-1
ii python-ldns 1.6.13-4
ii python2.7 [python-argparse] 2.7.3-5
sshfp recommends no packages.
sshfp suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#681253: sshfp dies on every invocation with "NameError: global name 'hostname' is not defined"
Package: sshfp Version: 1.2.2-3 Followup-For: Bug #681253 Dear Maintainer, I want to confirm the report by Armin Buchardt. ssfp is currently broken, the patch supplied fixes it. -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to nl_NL.UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages sshfp depends on: ii openssh-client 1:6.0p1-3 ii python 2.7.3-3 ii python-dnspython 1.10.0-1 ii python-ipcalc0.3-1 ii python-ldns 1.6.13-4 ii python2.7 [python-argparse] 2.7.3-5 sshfp recommends no packages. sshfp suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#689321: nagios-plugins-contrib: check_zone_rrsig_expiration breaks on DNSSEC
Package: nagios-plugins-contrib Version: 4.20120702 Severity: normal Dear Maintainer, check_zone_rrsig_expiration requires the package 'libnet-dns-sec-perl' but this package is not Recommended. Without this package installed check_zone_rrsig_expiration breaks on RRSIGs. This makes the check completely unusable. RRSIGs are part of DNSSEC. Zones that do not use DNSSEC/RRSIGs check out fine but that is pointless. Example without libnet-dns-sec-perl: # /usr/lib/nagios/plugins/check_zone_rrsig_expiration -Z uvt.nl *** *** WARNING!!! The program has attempted to call the method *** "sigexpiration" for the following RR object: *** *** uvt.nl.3600IN RRSIG \# 154 003308020e105074f41250627c9f3bd103757674026e6c00069f6eb332395178ac6e4ad7fcb7951d334aaf70ecefbd1c7ae04fda7e9f7988c8545b81cf8f333ef6b0572cdd8993836b340ac6fe5f4ccc58c778bd05c8bb767306ac3186d1ba70b2e2f84a7d421596aecb659525b125d475bd10fc56c63de0325334abc75875e8121e4a4eef17861caa01de76fd71870fa2538c159e36d2af *** *** This object does not have a method "sigexpiration". THIS IS A BUG *** IN THE CALLING SOFTWARE, which has incorrectly assumed that *** the object would be of a particular type. The calling *** software should check the type of each RR object before *** calling any of its methods. *** *** Net::DNS has returned undef to the caller. *** at /usr/lib/nagios/plugins/check_zone_rrsig_expiration line 209 Use of uninitialized value $exp in pattern match (m//) at /usr/lib/nagios/plugins/check_zone_rrsig_expiration line 210. Use of uninitialized value $exp in concatenation (.) or string at /usr/lib/nagios/plugins/check_zone_rrsig_expiration line 210. bad exp time '' at /usr/lib/nagios/plugins/check_zone_rrsig_expiration line 210. Example with libnet-dns-sec-perl: root@primeape:~# /usr/lib/nagios/plugins/check_zone_rrsig_expiration -Z uvt.nl ZONE OK: No RRSIGs expiring in the next 3 days; (0.22s) |time=0.219757s;;;0.00 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to nl_NL.UTF-8) Shell: /bin/sh linked to /bin/bash nagios-plugins-contrib depends on no packages. Versions of packages nagios-plugins-contrib recommends: ii freeipmi-tools1.1.5-3 ii libc6 2.13-35 ii libdate-manip-perl6.32-1 ii libio-socket-ssl-perl 1.76-1 ii libipc-run-perl 0.91-1 ii liblocale-gettext-perl1.05-7+b1 ii liblwp-useragent-determined-perl 1.06-1 ii libmail-imapclient-perl 3.31-2 ii libmemcached101.0.8-1 ii libnagios-plugin-perl 0.36-1 ii libnet-dns-perl 0.66-2+b2 ii libnet-smtp-tls-perl 0.12-1 ii libnet-snmp-perl 6.0.1-2 ii libnet-ssleay-perl1.48-1+b1 ii libreadonly-perl 1.03-4 ii libyaml-syck-perl 1.20-1 ii lsof 4.86+dfsg-1 ii openssl 1.0.1c-4 ii python2.7.3-2 ii ruby 4.9 ii ruby1.8 [ruby-interpreter]1.8.7.358-4 ii ruby1.9.1 [ruby-interpreter] 1.9.3.194-1 ii snmp 5.4.3~dfsg-2.5 Versions of packages nagios-plugins-contrib suggests: pn backuppc pn cciss-vol-status ii expect5.45-2 pn mpt-status ii perl-doc 5.14.2-12 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#643660: opendnssec-enforcer-mysql: UTF in preinst/postinst/postrm scripts
Package: opendnssec-enforcer-mysql Version: 1.3.2-1 Severity: important Dear Maintainer, the preinst / postinst / postrm scripts try to call dpkg-maintscript-helper. Unfortunately the name of the script is misspelled. Instead of a normal dash (ASCII 0x2D) some other character is used, I assume it's unicode: dpkg\xe2\x88\x92maintscript\xe2\x88\x92helper Preparing to replace opendnssec-enforcer-mysql 1.2.1.dfsg-1 (using .../opendnssec-enforcer-mysql_1.3.2-1_amd64.deb) ... /var/lib/dpkg/tmp.ci/preinst: 20: dpkg−maintscript−helper: not found dpkg: error processing /var/cache/apt/archives/opendnssec-enforcer-mysql_1.3.2-1_amd64.deb (--unpack): subprocess new pre-installation script returned error exit status 127 configured to not write apport reports /var/lib/dpkg/tmp.ci/postrm: 25: dpkg−maintscript−helper: not found dpkg: error while cleaning up: subprocess new post-removal script returned error exit status 127 After fixing this and rebuilding the package it installs fine. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.37-2-amd64 (SMP w/4 CPU cores) Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to nl_NL.UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
