Bug#925975: postfix-policyd-spf-python fails to failover to a different nameserver
Package: postfix-policyd-spf-python Version: 2.0.1-1 Severity: important Hello, Package: postfix-policyd-spf-python Version: 2.0.1-1 postfix-policyd-spf-python fails to properly failover to a secondary nameserver in case one of the declared nameservers in /etc/resolv.conf is not responding. All incoming email is rejected with: defer_if_permit 4.7.24 Message deferred due to: SPF Temporary Error: DNS Timeout. Please see http://www.openspf.net/Why?s=[snipped] related to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718547 but python- dns is not installed, so I'm thinking that the underlying problem is actually in postfix-policyd-spf-python. No difference with python-dns installed. The problem goes away if I manually remove the non-responding nameserver from /etc/resolv.conf Thank you, Demetris Demetriou -- System Information: Debian Release: 9.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages postfix-policyd-spf-python depends on: ii adduser 3.115 pn postfix ii python3 3.5.3-1 pn python3-authres pn python3-spf postfix-policyd-spf-python recommends no packages. postfix-policyd-spf-python suggests no packages.
Bug#886896: rkhunter: false positive warning sshd protocol 1
Running rkhunter (v1.4.2) from stretch on multiple servers. SSH protocol 1 was removed in the openssh version that ships with stretch (v7.4): https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-May/035069.html That being said: I'm running with a commented #ALLOW_SSH_PROT_V1=0 (which is the default upstream). According to the documentation: A value of '0' indicates that the use of SSH-1 is not allowed. Offending line: https://sources.debian.org/src/rkhunter/1.4.6-5/files/rkhunter.conf/ line 323. Bug resolution: change the line to the default value of 0 and comment it out for future use (basically pull the line straight from upstream).
Bug#497471: sarge images have syslinux binaries without source
This bug is reported against a very old version of Debian, please close it.
Bug#781128: security.debian.org: GeoDNS load balancing of Debian Security mirrors + out of date mirrors means you cant patch
This bug has been sitting for 4 years and isn't actually a bug, a mirror was just slow to sync. After many years of using Debian, I can say that when I see this happening (once or twice so far) I usually check the next day for the update and it's there. I'm proposing that this bug is closed.
Bug#889346: pure-ftpd-mysql: pure-ftpd fails to start on newer MariaDB servers
Package: pure-ftpd-mysql
Severity: important
Hello,
Pure-ftpd fails to start on newer MariaDB versions (>=10.2) due to an issue
with my_make_scrambled_password. Full comment by MariaDB developers below. More
info at
https://jira.mariadb.org/browse/MDEV-12889?focusedCommentId=97156=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-
tabpanel#comment-97156
Quoted comment:
"There is definitely an issue with pureftpd. Or, rather, there was. Here's the
full story:
In its early days, say, about 20 years ago, libmysqlclient did not version
symbols and did not limit their visibility. Some functions were documented —
they were client API, and we promised to keep them stable, working over years.
Other functions were not documented, they were internal, no promises. But they
were exported and available too.
Later, in MariaDB time, we took a closer look at that. RedHat was versioning
libmysqlclient symbols. Old symbols from libmysqlclient.so.16.0.0 had the
version libmysqlclient_16, newer symbols had the version libmysqlclient_18.
Internal symols was hidden, with few exceptions. One of such exceptions was
my_make_scrambled_password, because pureftpd started using it since the old
days, when everything was kind of allowed. Debian had a different, simpler (and
less correct) approach to versioning, all symbols had libmysqlclient_18
version. In MariaDB we managed to create a library compatible with both
approaches. my_make_scrambled_password was not hidden, with the comment "for
pureftpd".
Now, a couple of days ago, I wanted to report this bug to pureftpd, to have it
finally fixed and not use internal non-public libmysqlclient symbols. And I
found that pureftpd source have this:
# ifdef HAVE_MY_MAKE_SCRAMBLED_PASSWORD
my_make_scrambled_password(scrambled_password, password,
strlen(password));
# elif defined(HAVE_MAKE_SCRAMBLED_PASSWORD)
make_scrambled_password(scrambled_password, password);
# else
{
SHA1_CTX ctx;
unsigned char h0[20], h1[20];
char *p;
SHA1Init();
SHA1Update(, password, strlen(password));
SHA1Final(h0, );
SHA1Init();
SHA1Update(, h0, sizeof h0);
pure_memzero(h0, sizeof h0);
SHA1Final(h1, );
*scrambled_password = '*';
hexify(scrambled_password + 1U, h1,
(sizeof scrambled_password) - 1U, sizeof h1);
*(p = scrambled_password) = '*';
while (*p++ != 0) {
*p = (char) toupper((unsigned char) *p);
}
}
# endif
That is, it only uses make_scrambled_password if it's available, otherwise it
can perfectly do without. So, now it's Debian bug, because they build pureftpd
to use internal libmysqlclient symbols, while they perfectly can avoid that.
Even more, I've found that in the latest pureftpd sources on github, they've
removed this ifdef and don't use make_scrambled_password at all anymore.
https://github.com/jedisct1/pure-
ftpd/commit/27443b29320d85352d8b52c0120836843e10c0f9
So it was pureftpd issue, and they've fixed it.
Sergei Golubchik
Missing versioning is our issue and we'll fix it." - Sergei Golubchik
Waiting for the newer version to trickle down through the normal release cycle
would mean that every one that uses pure-ftpd with newer MariaDB servers will
wait at least a couple of years for a solution, which in production
environments is not an acceptable solution. The easiest solution would be to
provide an up-to-date version through debian-backports, or alternatively bump
up the package in Debian stable to the latest version through an exception to
the normal release schedule.
-- System Information:
Debian Release: 9.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages pure-ftpd-mysql depends on:
ii libc6 2.24-11+deb9u1
ii libcap2 1:2.25-1
pn libmariadbclient18
ii libpam0g 1.1.8-3.6
ii libssl1.1 1.1.0f-3+deb9u1
ii lsb-base 9.20161125
pn openbsd-inetd | inet-superserver
pn pure-ftpd-common
ii zlib1g1:1.2.8.dfsg-5
pure-ftpd-mysql recommends no packages.
pure-ftpd-mysql suggests no packages.
Bug#865972: #865972
The solution to this problem is changing the default configuration for rkhunter, would appreciate it if the change was implemented ASAP instead of waiting for the next version 3 years down the road: File /etc/rkhunter.conf: (line 320) From: #ALLOW_SSH_PROT_V1=0 (line 320) To: ALLOW_SSH_PROT_V1=2 The protocol option isn't needed to be set up in OpenSSH, since support for the older protocol has been removed upstream (ie the option doesn't do anything).
Bug#854287: Acknowledgement (putty: ed25519 key not recognized)
Yes, puttygen was indeed a dev version. Haven't realized how far behind the stable version is from the dev version (2 years for this particular feature). Please close this bug.
Bug#854287: putty: ed25519 key not recognized
Package: putty Version: 0.67-2 Severity: important Hello, Using puttygen to generate an ed25519 key. File start line: PuTTY-User-Key-File-2: ssh-ed25519 Using that key file in putty results in: Unable to load private key file "[REDACTED]" (file format error) The same key file is usable in filezilla, which supports putty key files. Thank you -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages putty depends on: ii libatk1.0-0 2.22.0-1 ii libc62.24-9 ii libcairo21.14.8-1 ii libfontconfig1 2.11.0-6.7 ii libfreetype6 2.6.3-3+b1 ii libgdk-pixbuf2.0-0 2.36.4-1 ii libglib2.0-0 2.50.2-2 ii libgtk2.0-0 2.24.31-1 ii libpango-1.0-0 1.40.3-3 ii libpangocairo-1.0-0 1.40.3-3 ii libpangoft2-1.0-01.40.3-3 ii libx11-6 2:1.6.4-3 ii putty-tools 0.67-2 putty recommends no packages. Versions of packages putty suggests: pn putty-doc -- no debconf information
Bug#840152: rsyslog-gnutls: rsyslog+RELP+TLS=broken
Package: rsyslog-gnutls Version: 8.4.2-1+deb8u2, 8.16.0-1~bpo8+1 Severity: important Hello, Debian 8.6 x64. The jessie and jessie-backports rsyslog-gnutls packages are broken with regards to TLS and RELP. Setting up a pair of client and server according to:http://www.rsyslog.com /using-tls-with-relp/ When using tls.authmode="name" the client can't see the server's CN (which has been verified to exist in the certificate). When using tls.authmode="fingerprint" and using the correct SHA:somethingsomething fingerprint in the permitted peers, the client fails to connect to the server with: Oct 9 00:20:05 client rsyslogd-2353: omrelp[server.example.com:514]: error 'TLS handshake failed [gnutls error -15: An unexpected TLS packet was received.]', object ' conn to srvr client.example.com:514' - action may not work as intended [v8.16.0 try http://www.rsyslog.com/e/2353 ] The server logs: Oct 9 00:21:13 log rsyslogd-2353: imrelp[514]: error 'TLS handshake failed [gnutls error -15: An unexpected TLS packet was received.]', object 'lstn 514: conn to clt 1.1.1.1/client.example.com' - input may not work as intended [v8.16.0 try http://www.rsyslog.com/e/2353 ] Thank you -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#824107: john: Enable OpenMP parallelization
Package: john Version: 1.8.0-2 Severity: important Hello, Currently john does not use multiple threads, which slows down the cracking. >From http://http://www.openwall.com/john/doc/ "When running on Linux distributions with glibc 2.7+, John 1.7.6+ additionally supports (and autodetects) SHA-crypt hashes (which are actually used by recent versions of Fedora and Ubuntu), with optional OpenMP parallelization (requires GCC 4.2+, needs to be explicitly enabled at compile-time by uncommenting the proper OMPFLAGS line near the beginning of the Makefile)." Thank you. -- System Information: Debian Release: 8.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.4.0-0.bpo.1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages john depends on: ii john-data 1.8.0-2 ii libc6 2.19-18+deb8u4 john recommends no packages. Versions of packages john suggests: ii miscfiles [wordlist] 1.4.2.dfsg.1-9.1 -- no debconf information
Bug#617519: putty-tools: puttygen doesn't do anything
Package: putty-tools Version: 0.63-10 Followup-For: Bug #617519 Confirmed on wheezy (0.62-9+deb7u1) as well. Installed jessie's package (0.63-10) but still there. This package is effectively broken on Debian and needs to be fixed or removed. -- System Information: Debian Release: 8.0 APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages putty-tools depends on: ii libc6 2.19-15 putty-tools recommends no packages. Versions of packages putty-tools suggests: pn putty-doc none -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#759317: linux-image-3.14-2-686-pae: Cannot upgrade kernel due to via-velocity.ko error
Source: linux-image-3.14-2-686-pae Version: via-velocity.ko unexpected end of file or stream Severity: important Hello, The problem does not affect the system listed by Reportbug, but the system listed below: System: Asus EEE PC 701SD Debian Jessie (testing) 32Bit When running sudo apt-get update sudo apt-get upgrade the following comes up and the upgrade stops: --- Preparing to unpack .../linux-image-3.14-2-686-pae_3.14.15-2_i386.deb ... Unpacking linux-image-3.14-2-686-pae (3.14.15-2) over (3.14.13-2) ... dpkg: error processing archive /var/cache/apt/archives/linux- image-3.14-2-686-pae_3.14.15-2_i386.deb (--unpack): cannot copy extracted data for './lib/modules/3.14-2-686-pae/kernel/drivers/net/ethernet/via/via-velocity.ko' to '/lib/modules/3.14-2-686-pae/kernel/drivers/net/ethernet/via/via-velocity.ko ..dpkg-new': unexpected end of file or stream dpkg-deb: error: subprocess paste was killed by signal (Broken pipe) E: Sub-process /usr/bin/dpkg returned an error code (1) Thank you, Demetris Demetriou deZillium LTD -- System Information: Debian Release: jessie/sid APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.14-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#758793: base: Random lockups. Can only ALT+SYSRQ+REISUB to reboot
Package: base Severity: important Hello, I've started getting random lockups while using XFCE, iceweasel, icedove. The screen will freeze but the mouse cursor can be moved around,with no ability to click anywhere. Sometimes if I'm lucky I might be able to CTRL+ALT+F1 into a console and manually restart lightdm. Everything is ok for a bit, then back to a random lockup. I can't find any error log entries, except these: (which are way too early in the boot process) Aug 21 15:15:17 kernel: [0.323186] Unpacking initramfs... Aug 21 15:15:17 kernel: [1.201565] irq 9: nobody cared (try booting with the irqpoll option) Aug 21 15:15:17 kernel: [1.201628] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 3.14-2-amd64 #1 Debian 3.14.15-2 Aug 21 15:15:17 kernel: [1.201630] Hardware name: TOSHIBA Satellite P300D/Satellite P300D, BIOS V3.30 09/23/2009 Aug 21 15:15:17 kernel: [1.201634] 8801310076c4 814c5732 880131007600 810b37f8 Aug 21 15:15:17 kernel: [1.201639] 880131007600 0009 810b3d11 Aug 21 15:15:17 kernel: [1.201642] 0009 Aug 21 15:15:17 kernel: [1.201647] Call Trace: Aug 21 15:15:17 kernel: [1.201649] IRQ [814c5732] ? dump_stack+0x41/0x51 Aug 21 15:15:17 kernel: [1.201662] [810b37f8] ? __report_bad_irq+0x28/0xc0 Aug 21 15:15:17 kernel: [1.201666] [810b3d11] ? note_interrupt+0x241/0x290 Aug 21 15:15:17 kernel: [1.201670] [810b1781] ? handle_irq_event_percpu+0xc1/0x1b0 Aug 21 15:15:17 kernel: [1.201673] [810b18a3] ? handle_irq_event+0x33/0x50 Aug 21 15:15:17 kernel: [1.201677] [810b4728] ? handle_fasteoi_irq+0x58/0x100 Aug 21 15:15:17 kernel: [1.201684] [81015a58] ? handle_irq+0x18/0x30 Aug 21 15:15:17 kernel: [1.201688] [81015374] ? do_IRQ+0x44/0xe0 Aug 21 15:15:17 kernel: [1.201692] [814cb3ad] ? common_interrupt+0x6d/0x6d Aug 21 15:15:17 kernel: [1.201694] EOI [81297e16] ? inflate_fast+0x106/0x610 Aug 21 15:15:17 kernel: [1.201702] [81299709] ? zlib_inflate+0x11e9/0x19c0 Aug 21 15:15:17 kernel: [1.201708] [818d36fd] ? write_buffer+0x1d/0x2b Aug 21 15:15:17 kernel: [1.201712] [818d370b] ? write_buffer+0x2b/0x2b Aug 21 15:15:17 kernel: [1.201717] [8190632e] ? bunzip2+0x3ff/0x3ff Aug 21 15:15:17 kernel: [1.201720] [8190657b] ? gunzip+0x249/0x30e Aug 21 15:15:17 kernel: [1.201724] [818d39f9] ? unpack_to_rootfs+0x149/0x26a Aug 21 15:15:17 kernel: [1.201727] [818d3676] ? initrd_load+0x3a/0x3a Aug 21 15:15:17 kernel: [1.201731] [818d3e1f] ? maybe_link.part.2+0xff/0xff Aug 21 15:15:17 kernel: [1.201735] [818d3e78] ? populate_rootfs+0x59/0x10c Aug 21 15:15:17 kernel: [1.201740] [8100212a] ? do_one_initcall+0xca/0x170 Aug 21 15:15:17 kernel: [1.201744] [8107ede8] ? parse_args+0x228/0x400 Aug 21 15:15:17 kernel: [1.201749] [818d3066] ? kernel_init_freeable+0x15f/0x1e1 Aug 21 15:15:17 kernel: [1.201753] [818d28ac] ? do_early_param+0x81/0x81 Aug 21 15:15:17 kernel: [1.201757] [814b7e20] ? rest_init+0x70/0x70 Aug 21 15:15:17 kernel: [1.201760] [814b7e25] ? kernel_init+0x5/0xf0 Aug 21 15:15:17 kernel: [1.201763] [814d308c] ? ret_from_fork+0x7c/0xb0 Aug 21 15:15:17 kernel: [1.201767] [814b7e20] ? rest_init+0x70/0x70 Aug 21 15:15:17 kernel: [1.201769] handlers: Aug 21 15:15:17 kernel: [1.201822] [812ed2a8] acpi_irq Aug 21 15:15:17 kernel: [1.201912] Disabling IRQ #9 Aug 21 15:15:17 kernel: [1.521932] Freeing initrd memory: 15860K (8800360f6000 - 880037073000) Running with irqpoll leads to a different error (IMHO unrelated). Running acpi=off leads to no error during boot up but random lockups again. Didn't know which package I should file this bug against, since I honestly don't know what's causing it. The system doesn't give any other indication through logs that something is wrong when it locks up. It can happen right after logging in, while idling on desktop, or while under load. Again, no indication as to what is causing it, since what causes one lockup doesn't cause the next one. Running Jessie, but the problem started appearing a few months back in wheezy. Suspected HDD, SMART data says it's fine. Suspected RAM, memtest86+ says its fine after multiple rounds. It could be a faulty motherboard (the laptop is 5 years old) but I've seen mentions of ubuntu also having the same random lockups on newer laptops. https://bugs.launchpad.net/ubuntu/+source/xorg- server/+bug/1184451 Thank you, Demetris Demetriou deZillium LTD -- System Information: Debian Release: jessie/sid APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64
Bug#756035: apt-mirror: Typo error in /usr/bin/apt-mirror
Package: apt-mirror Severity: minor Hello, Using apt-mirror from jessie (since the wheezy version results in a broken mirror). /usr/bin/apt-mirror line 582 contains: print Processing tranlation indexes: [; Should contain: print Processing translation indexes: [; (word translation corrected) Thank you -- System Information: Debian Release: 7.6 Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#748830: php5-ming: Deprecated comments in /etc/php5/cli/conf.d/ming.ini
Package: php5-ming Severity: normal Hello, Cron mail: PHP Deprecated: Comments starting with '#' are deprecated in /etc/php5/cli/conf.d/ming.ini on line 1 in Unknown on line 0 This has been deprecated in PHP 5.3.x as shown at http://php.net/manual/en/migration53.deprecated.php. in file: /etc/php5/cli/conf.d/ming.ini replace: # configuration for php MING module with: ; configuration for php MING module Thank you -- System Information: Debian Release: 7.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#747432: openssl: CVE-2014-0198 Null pointer dereference bug in OpenSSL 1.0.1g and earlier
Package: openssl Version: 1.0.1e-2+deb7u7 Severity: important Hello, Please see this link:http://advisories.mageia.org/MGASA-2014-0204.html Does this affect the version included in wheezy? Thank you -- System Information: Debian Release: 7.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssl depends on: ii libc62.13-38+deb7u1 ii libssl1.0.0 1.0.1e-2+deb7u7 ii zlib1g 1:1.2.7.dfsg-13 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20130119 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#745071: Acknowledgement (mysql-server: MySQL not logging to syslog as intended)
No entries arrive at syslog (rsyslog to be exact), therefore no entries are logged to daemon.log or any of the rsyslog logs, or to a remote rsyslog server, that's why I submitted the bug report. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#745071: mysql-server: MySQL not logging to syslog as intended
Package: mysql-server Severity: important Hello, MySQL on Debian Wheezy does not log to syslog as intended: /etc/mysql/my.cnf Line 75: # Error logging goes to syslog due to /etc/mysql/conf.d/mysqld_safe_syslog.cnf. /etc/mysql/conf.d/mysqld_safe_syslog.conf contents [mysqld_safe] syslog According to this, mysql should be logging to syslog, but no entries are being registered. To correct this, I had to change the following: /etc/init.d/mysql Lines 108-109: # Start MySQL! /usr/bin/mysqld_safe /dev/null 21 Change to: # Start MySQL! /usr/bin/mysqld_safe --syslog /dev/null 21 Issue a sudo service mysql restart and syslog entries start firing up, using mysqld:, mysqld_safe: and /etc/mysql/debian-start[ProcessID]: tags. This is a serious bug since it completely disables the MySQL logging facilities. Neither syslog, nor /var/log/mysql.log nor /var/log/mysql.err nor any /var/log/mysql/* log contain anything related to MySQL. Checking backlogs shows that this went on for a long long time, so I cannot be sure how long the bug was left in the package. To make myself clear, ALL error logs are completely empty (in the case of syslog, NO entries for mysql exist). Checking a couple of servers shows that it is indeed across architectures as well, with this behaviour showing up on x86_64 and ARM as well. Thank you for your time. -- System Information: Debian Release: 7.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#725866: rkhunter: False positive about unhide.rb
Package: rkhunter Version: 1.4.0-1 Severity: normal Hello, Running rkhunter on a newly configured wheezy system gives: /usr/bin/unhide.rb [ Warning ] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text That file is a ruby script, sha512sums and md5sums have been compared with another system (which had the following whitelisting configured a long long time ago) and they match. Edit /etc/rkhunter.conf: Add to the bottom of the SCRIPTWHITELIST section: SCRIPTWHITELIST=/usr/bin/unhide.rb This corrects the false positive warning. Thank you -- System Information: Debian Release: 7.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rkhunter depends on: ii binutils 2.22-8 ii debconf [debconf-2.0] 1.5.49 ii file 5.11-2 ii net-tools 1.60-24.2 ii perl 5.14.2-21 ii ucf3.0025+nmu3 Versions of packages rkhunter recommends: ii curl 7.26.0-1+wheezy3 ii exim4-daemon-light [mail-transport-agent] 4.80-7 ii iproute20120521-3+b3 ii lsof 4.86+dfsg-1 ii unhide.rb 13-1.1 ii wget 1.13.4-3 Versions of packages rkhunter suggests: ii heirloom-mailx [mailx]12.5-2 pn libdigest-whirlpool-perl none ii liburi-perl 1.60-1 ii libwww-perl 6.04-1 ii powermgmt-base1.31 ii tripwire 2.4.2.2-2 -- Configuration Files: /etc/logrotate.d/rkhunter changed [not included] /etc/rkhunter.conf changed [not included] -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#704426: New package stuck in migration
Hello, The package tracking page for isc-dhcp shows: testing migration excuses http://qa.debian.org/excuses.php?package=isc-dhcp: * 9 days old (needed 2 days) * Not touching package due to block-udeb request by freeze (contact debian-release if update is needed) * Not touching package due to block request by freeze (contact debian-release if update is needed) * Updating isc-dhcp fixes old bugs: #704426 http://bugs.debian.org/704426 * Not considered Since this is a fix for an RC bug, can you as the maintainer submit an unblock request? Thank you
Bug#682353: Package stuck in migration
Hello, Package tracking page shows: testing migration excuses http://qa.debian.org/excuses.php?package=msva-perl: * 212 days old (needed 10 days) * Not touching package due to block request by freeze (contact debian-release if update is needed) * Updating msva-perl fixes old bugs: #682353 http://bugs.debian.org/682353 * Not considered Since this is a fix for a RC bug can you, as the maintainer, submit an unblock request? Thank you.
Bug#678979: Package stuck in migration
Hello, Package tracking page shows: testing migration excuses http://qa.debian.org/excuses.php?package=slony1-2: * 218 days old (needed 10 days) * Not touching package due to block request by freeze (contact debian-release if update is needed) * Updating postgresql-9.1-slony1-2 fixes old bugs: #678979 http://bugs.debian.org/678979 * Not considered Since this is a fix for an RC bug can you, as the maintainer submit an unblock request? Thank you.
Bug#684645: Package stuck in migration
Hello, Package tracking page shows: testing migration excuses http://qa.debian.org/excuses.php?package=sendmail: * 57 days old (needed 10 days) * Not touching package due to block request by freeze (contact debian-release if update is needed) * Updating sendmail-bin fixes old bugs: #684645 http://bugs.debian.org/684645 * Not considered Since this is a fix for an RC bug, can you, as the maintainer please submit an unblock request? Thank you.
Bug#704728: ufw: Outstanding bug prevents upgrade to newer kernels
Package: ufw Version: 0.31.1-2 Severity: important Having the exact same symptoms with: http://forums.gentoo.org/viewtopic-t-937682-start-0.html I know that this has nothing to do with gentoo, problem is replicated on Debian Wheezy. System is a Cubox 1GB (ARM CPU) (not the system supplied here with the reportbug tool) Debian Wheezy uname -a gives: Linux 3.6.9-36967-gb9fc5ff #2 PREEMPT Fri Apr 5 06:04:06 EEST 2013 armv7l GNU/Linux installing ufw and trying to enable it shows: ERROR: problem running ufw-init trying again ufw enable shows: ERROR: Could not load logging rules lsmod | grep nf_ shows: nf_conntrack_ipv6 5370 0 nf_defrag_ipv6 5304 1 nf_conntrack_ipv6 nf_nat_ftp 1247 0 nf_nat 11169 1 nf_nat_ftp nf_conntrack_ipv4 10200 4 nf_nat nf_defrag_ipv4 909 1 nf_conntrack_ipv4 nf_conntrack_ftp5294 1 nf_nat_ftp nf_conntrack 48779 7 nf_nat_ftp,nf_nat,xt_state,xt_conntrack,nf_conntrack_ftp,nf_conntrack_ipv4,nf_conntrack_ipv6 ipv6 237358 17 nf_defrag_ipv6,nf_conntrack_ipv6 From there all connectivity is dropped (outgoing from the box doesn't work although no rules forbid it, nor incoming to the box). Please see supplied link for more details (I did not create the forum thread, I just came across the same symptoms) UFW works fine on the system shown by reportbug tool -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ufw depends on: ii debconf [debconf-2.0] 1.5.49 ii iptables 1.4.14-3.1 ii python 2.7.3-4 ii ucf3.0025+nmu3 ufw recommends no packages. Versions of packages ufw suggests: ii rsyslog 5.8.11-3 -- Configuration Files: /etc/logrotate.d/ufw changed [not included] /etc/rsyslog.d/20-ufw.conf changed [not included] -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#699948: base-files: sudo su - reports -su: [: f: unary operator expected, but proceeds anyway.
Package: base-files Version: 7.1 Severity: normal Typing sudo su - reports: -su: [: f: unary operator expected A different variation of the same problem affects squeeze as well, this time with error: -su: /root/.bashrc: line 20: syntax error: unexpected end of file The cause of these errors is the if function at the end of the file /root/.bashrc. wheezy: if [ ! f $USER ] then /usr/bin/mesg n fi squeeze (not 100% sure, copied from memory): if [ ! -f $USER ]\nthen /usr/bin/mesg n\nfi Differences between the two: before $USER notice the f and -f, squeeze all on same line. Commenting these lines fixes the reported error. -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages base-files depends on: ii mawk [awk] 1.3.3-17 base-files recommends no packages. base-files suggests no packages. -- Configuration Files: /etc/issue changed [not included] /etc/issue.net changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696510: tiger: incorrectly configured services cause false positives
Package: tiger Version: 1:3.2.3-10 Severity: important Dear Maintainer, A normal scan of the system with tiger displays false positives about services with duplicate names, as checked against /etc/services. This is a misconfiguration issue with tiger. To resolve this issue edit the file: /usr/lib/tiger/systems/Linux/3/services - Replace all occurences of www with http - Replace all occurences of gds_db with gds-db - Replace all occurences of kerberos_master with kerberos-master - Replace all occurences of passwd_server with passwd-server - Replace all occurences of krb_prop with krb-prop - Replace all occurences of moira_db with moira-db - Replace all occurences of moira_update with moira-update - Replace all occurences of moira_ureg with moira-ureg - Replace all occurences of sieve with cisco-sccp - Replace all occurences of ndtp with pipe-server - Add search 2010/tcp - Replace all occurences of postgres with postgresql - Replace all occurences of sane with sane-port - Replace all occurences of webcache with http-alt -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages tiger depends on: ii binutils 2.22-7.1 ii bsdmainutils 9.0.3 ii debconf [debconf-2.0] 1.5.46 ii libc6 2.13-37 ii net-tools 1.60-24.2 ii ucf3.0025+nmu3 Versions of packages tiger recommends: ii chkrootkit 0.49-4.1 ii exim4-daemon-light [mail-transport-agent] 4.80-6 ii john 1.7.8-1 ii tripwire 2.4.2.2-2 Versions of packages tiger suggests: ii lsof 4.86+dfsg-1 -- Configuration Files: /etc/tiger/tiger.ignore changed [not included] -- debconf information excluded -- debsums errors found: debsums: changed file /usr/lib/tiger/systems/Linux/0/suid_list (from tiger package) debsums: changed file /usr/lib/tiger/systems/Linux/2/services (from tiger package) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
