Bug#898338: plasma-workspace: Different components hang, high CPU load
OK, I found something: When I kill plasmashell and start it again, in a terminal, I get the following several times per second: KActivities: Database can not be opened in WAL mode. Check the SQLite version (required >3.7.0). And whether your filesystem supports shared memory Closing SQL connection: "kactivities_db_resources_139838218086080_readonly" KActivities ERROR: There is no database. This probably means that you do not have the Activity Manager running, or that something else is broken on your system. Recent documents and alike will not work! KActivities: FATAL ERROR: Failed to contact the activity manager daemon The last message of these is also filling up mi .xsession-errors, so I figure it's the same error that is causing the hangs. -nik signature.asc Description: PGP signature
Bug#898338: plasma-workspace: Different components hang, high CPU load
Interesting observation: When the panel catches up and does something, it seems to still be stuck somewhere back in time: It froze at 21:52, when I noticed, my wall clock showed 22:12. At 22:17, the panel clock jumped to 21:59, some task switching requests got handled and my sound volume exploded (because some 5-6 minutes back, I used the volume up key). All applications not linked directly to Plasma work absolutely flawlessly and fast. signature.asc Description: PGP signature
Bug#898338: plasma-workspace: Different components hang, high CPU load
Heisann, > You might want to try using a 4.15 kernel till: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898021 > gets fixed. If the issue solves itself using a 4.15 kernel please send > a mail to this bug with line saying Control: block 898338 with 898021 Unfortunately, the issue persists, even with kernels as old as 4.13 (I did not test older ones). Cheers, Nik signature.asc Description: PGP signature
Bug#888303: zbar: Ship python3-zbar package
Source: zbar Version: 0.10+doc-10.1+b2 Followup-For: Bug #888303 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This also blocks the introduction of the current version of SDAPS. - -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=nb:en_GB:en_US (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -BEGIN PGP SIGNATURE- iQKJBAEBCABzFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlr0cV4xGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYyMcZG9taW5p ay5nZW9yZ2VAaXQucGlyYXRlbnBhcnRlaS5kZQAKCRC3mjwWoMTyltVVEACFpK3d zVPo5oj3uQBX/NYY2ZTbIxlblIoK5bO4SsNsHt0RIomusE9UlBTpX8a/DCyi/rQc +jxYfrCHR6GIWvCY5+6WlOX7iKpl85V+CIXowl+vh4O6UWKcPJT8Sa73F+g0siF5 UYDJfy19SEkPTqdbQY5KOxdDlAso2sndbhNqG3qgeUTe8QMm/A1n9ikGK77JBq2Y Cx9eC3MBHxPDX565/7j5zvDEG43zMR2jUKSe2VCJ2u1B40wV7mbvMYG6EivjxrBw /mR8z6AOCINSBQ4xWr+JYrjbh9v48VqqNbJsyDEb/jSObxWDsdjCLUK1HxVk2Jzr 03pZbNraJARtSPFjrau2uzuJhaEW083O40lDCrNKnsPEwqwoTWouulkXPUUPy/Me fht3vOx0ZgtCAaHvJ90WCjS48O8B5ZGSEUBsbg8ny/FYCLVyWzeK37jIvP9vkyxg l3E6hFpY4wCZKV2g5p3cB9LBjqIc3mppJGfICvKPZgZ9lP/9n7BNGUQjr/mpnAoD MVWAmh34P7INRuz9MgXJdGWsWTTrfjx1MuK+zDqbEEFyxwBZo0klrYGnHGTMCk14 NKiQntnW8yzobjI1hNsLmfKHQr72sZs9ubWykE469hjSMSlploEelBV9dbdGTrTJ I6zcfhEcb5pc21l0EgU7LZKeYfQEFXfTZH7QlQ== =9JxC -END PGP SIGNATURE-
Bug#898338: plasma-workspace: Different components hang, high CPU load
Package: plasma-workspace Version: 4:5.12.5-1 Severity: important -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Since one of the three recent updates, the Plasma workspace is close to unusable. * Panel hangs completely, windows in the panel do not change, menu is unresponsive, clock is stuck * Window switcher reacts minutes after pressing Alt-Tab * Sometimes, some component triggered minutes before start popping up, drawing only their borders but no content The plasmashell process is constantly consuming between 100% and 150% of CPU time, and the Xorg process also uses around 100% when doing nothing special UI-wise, but only sometimes. - -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=nb:en_GB:en_US (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages plasma-workspace depends on: ii dbus-x11 1.12.8-2 ii drkonqi 5.12.5-1 ii frameworkintegration 5.45.0-1 ii gdb 7.12-6+b1 ii iso-codes3.79-1 ii kactivitymanagerd5.12.5-1 ii kde-cli-tools4:5.12.5-1 ii kded55.45.0-1 ii kinit5.45.0-1 ii kio 5.45.0-1 ii kpackagetool55.45.0-1 ii kwin-common 4:5.12.5-1 ii libappstreamqt2 0.12.0-3 ii libc62.27-3 ii libcln6 1.3.4-4 ii libcolorcorrect5 4:5.12.5-1 ii libgcc1 1:8.1.0-1 ii libgps23 3.17-5 ii libice6 2:1.0.9-2 ii libkf5activities55.45.0-1 ii libkf5auth5 5.45.0-1 ii libkf5baloo5 5.45.0-1 ii libkf5bookmarks5 5.45.0-1 ii libkf5calendarevents55.45.0-1 ii libkf5completion55.45.0-1 ii libkf5config-bin 5.45.0-1 ii libkf5configcore55.45.0-1 ii libkf5configgui5 5.45.0-1 ii libkf5configwidgets5 5.45.0-1 ii libkf5coreaddons55.45.0-1 ii libkf5crash5 5.45.0-1 ii libkf5dbusaddons55.45.0-1 ii libkf5declarative5 5.45.0-1 ii libkf5globalaccel-bin5.45.0-1 ii libkf5globalaccel5 5.45.0-1 ii libkf5guiaddons5 5.45.0-1 ii libkf5holidays5 1:5.45.0-1 ii libkf5i18n5 5.45.0-1 ii libkf5iconthemes55.45.0-1 ii libkf5idletime5 5.45.0-1 ii libkf5itemviews5 5.45.0-1 ii libkf5jobwidgets55.45.0-1 ii libkf5js55.45.0-1 ii libkf5jsembed5 5.45.0-1 ii libkf5kdelibs4support5 5.45.0-1 ii libkf5kiocore5 5.45.0-1 ii libkf5kiofilewidgets55.45.0-1 ii libkf5kiogui55.45.0-1 ii libkf5kiowidgets55.45.0-1 ii libkf5networkmanagerqt6 5.45.0-1 ii libkf5newstuff5 5.45.0-1 ii libkf5notifications5 5.45.0-1 ii libkf5notifyconfig5 5.45.0-1 ii libkf5package5 5.45.0-1 ii libkf5plasma55.45.0-1 ii libkf5plasmaquick5 5.45.0-1 ii libkf5prison55.45.0-1 ii libkf5quickaddons5 5.45.0-1 ii libkf5runner55.45.0-1 ii libkf5service-bin5.45.0-1 ii libkf5service5 5.45.0-1 ii libkf5solid5 5.45.0-1 ii libkf5texteditor55.45.0-1 ii libkf5textwidgets5 5.45.0-1 ii libkf5wallet-bin 5.45.0-1 ii libkf5wallet55.45.0-1 ii libkf5waylandclient5 4:5.45.0-1 ii libkf5widgetsaddons5 5.45.0-1 ii libkf5windowsystem5 5.45.0-1 ii libkf5xmlgui55.45.0-1 ii
Bug#895692: ejabberd: Does not use IPv6 for PostgreSQL and LDAP
Hi, > could you please supply corresponding logs? Here is the crash dump: 2018-04-14 19:50:16 =CRASH REPORT crasher: initial call: pgsql_proto:init/1 pid: <0.516.0> registered_name: [] exception exit: {{init,{error,nxdomain}},[{gen_server,init_it,6,[{file,"gen_server.erl"},{line,344}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,247}]}]} ancestors: [<0.481.0>,'ejabberd_sql_sup_mercurius.teckids.org',ejabberd_rdbms,ejabberd_sup,<0.62.0>] messages: [] links: [] dictionary: [] trap_exit: false status: running heap_size: 610 stack_size: 27 reductions: 349 neighbours: Error log: 2018-04-14 19:52:06.522 [error] <0.648.0>@eldap:connect_bind:1083 LDAP connection failed: ** Server: db.teckids.org:636 ** Reason: nxdomain ** Socket options: [{packet,asn1},{active,true},{keepalive,true},binary] ejabberd.log has nothing different. > Also, have you tried configuring IPv6 addresses directly instead of > records to rule out wonky DNS? See my initial report ;). Putting an IPv6 address leads to the same error, and ejabberd even seems to try to resolve it via a DNS forward query because with an IPv6 address, the error also is nxdomain. -nik signature.asc Description: PGP signature
Bug#895944: biboumi: Please allow listening on ident in systemd service file
Source: biboumi Version: 7.2-2 Severity: wishlist Biboumi can act as identd, in order to allow the IRC server to identify users on a connection. If run as biboumi user, this user needs the correct capabilities set to listen on port 113. The following setting under the Service section of the systemd service file enables that: AmbientCapabilities=CAP_NET_BIND_SERVICE Please consider adding it in the package. -- System Information: Debian Release: 9.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#895692: ejabberd: Does not use IPv6 for PostgreSQL and LDAP
Source: ejabberd Version: 18.01-2 Severity: important Tags: ipv6 ejabberd 18.01 fails hard when one of the SQL or LDAP hosts does not have an A record and is IPv6 only. Providing an IPv6 address directly in the configuration also fails. It looks like ejabberd does simply not support AF_INET6 for its client sockets. With IPv4 addresses running out on our infrastructure, we wanted to drop IPv4 from all hosts not used directly from outside, and ejabberd turned out to be a showstopper there because it cannot use our databases anymore that way. -- System Information: Debian Release: 9.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#895680: esptool: please backport to stretch
Package: esptool Version: 2.1+dfsg1-2 Severity: wishlist -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Teckids has need for esptool 2 in stretch, so we would love to see a backport. If this ok ok for the maintainer, I can offer to do that myself. Please just leave me a note, and ideally, grant me (Natureshadow) access to the packaging repo on GitLab so I can track the branch there (or even better, move to Salsa ;)). Cheers, Nik - -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages esptool depends on: ii python3 3.6.5-3 ii python3-ecdsa 0.13-3 ii python3-pyaes 1.6.1-1 ii python3-serial 3.4-2 esptool recommends no packages. esptool suggests no packages. - -- no debconf information -BEGIN PGP SIGNATURE- iQKJBAEBCABzFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlrSCHUxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYyMcZG9taW5p ay5nZW9yZ2VAaXQucGlyYXRlbnBhcnRlaS5kZQAKCRC3mjwWoMTylrGZD/0eLL5n /HwsL/hWz8yfzgIzaTqwyNUrk1P97XoiVUAeKxZCqVFAUPs9W3HtubfsJf6YVfvZ yaUhwHuBGoyVpWDR3Z4LKNpNVgU+eUUNRN7jG20tlbngTvY1pORruNxKOfEoXj/S CAqOZsU/Q3/XuZ6fjSwa/MGkAN83tpOe4AXzgD8MfXeLBd4qlVO1opifqSU4n3dD 6c3NWwwuWTxOG3/8MsrZ5UW+10xdcqcrD8kkyJVRlzUpF4LPf6OlAPjl/VY7Whw+ gML/HKn2cgKMjYHSOtQJxhm53TUuZbN4MebhB4RVUdfvWYKpUeY3YUpTitXfDZNN 7EhCeesv42cTBo/1cAQubFo4T0pcgaXfDlDiu8Rt8hETl2WYkQB9iiOn3d3Qcba2 pNA/iVHuWnsYiCSnNzgjMzChVQRJF+1j1o2V60hwRGbFrrgVRcGlu0yUbVx67u1a mKv61cXuj0qyUP8KcaIE4Lqa/PMNE249r7kHqodIv5V3M6cp8ISelK9YPWauUWxA lAkrbY2e4hVTHqlPU4sQArlLq3N3obXstlbf8NNrQw9cDbEo904/GAdTp24XOYyo rWpzcS9CNh+7807UbPyn0uQUU3MRNfEaSFDqoeqL61vj1jel6LU64f8zjt1Gz+BF 7Yi0PJe0TkIPXDmGX6MWfRASGFDDsISMduJ0PQ== =k/8B -END PGP SIGNATURE-
Bug#895596: stretch-pu: package xrdp/0.9.1-9+deb9u2
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The last upload to stretch, fixing a minor security issue, had an incomplete patch provided by upstream which can lead to memory corruption and crashes in some cases. The update was first negotiated with the security team, who proposed to update via stretch-pu AND stretch-updates. Find attached the debdiff. N.B.: This is not an NMU - I am now using my debian.org mail address, but did not want to change Uploaders: in a stable update (or should I?). -BEGIN PGP SIGNATURE- iQKJBAEBCABzFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlrQbtsxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYyMcZG9taW5p ay5nZW9yZ2VAaXQucGlyYXRlbnBhcnRlaS5kZQAKCRC3mjwWoMTyljN1D/9DMKk+ 5+A2QnYFxVCeqKKhBt/Yc+dXb7CsyDW80nUZWnlyP0XHi4OChJg8+MyjKVMIMTmp Vr5LBJbFDlDaQ/hqNY0KKqc4Md4PcEXF+krcN4nL0bEAdAFT7BdDJA+rFeoCGz8z Vi2Ev0JkdWJndHuNMrGFZb0ESOxy+4vF1P7j7zrTvFfeXj/PowbIUzBGPBEQ8o6y ELbMjXk0ma5gri9mvyv0xaRV7oDUhHA/czq1A+aM2anJmABaZJzLxWd/9YKcvzxV Gyhv3dQtESd+fQOzbtqW1okhxPIOnaDcldRDjdvNNLsE7PMjcxq0PresNZkeBMKM Yys7AInm3L8Pv2dHImAl7GSHyO6FpvFWy8DT9IdSgpz196X/Vx/I6do0lPPbqpWT Q52vCQ21lR7F6FXYYwoDVzpGrM1OB6bOeJxmM6AnTfzwAKsF5g0+AGZuiW0i3AQj guxhf5CnoVvUfxY7yixjOZUosvipdU/Fktcbs3rpE2tbHKV84pFcq+EJBjjzKMVc p/rQW2UP53pZGvO45t5S0cwlnqRtxcXH15yyOfMGdx9jdAWcnVHB8h69TIi0jVWB 1s74hN1IpYbCLu63f/ei1NtOKEkJ8vvTl92omHp548G09oIJNenGTI8WQ1mBXzwg ZqmqS081W7/dtRv+PiZkF+Gh8+QpQHk627f42w== =H6gU -END PGP SIGNATURE- diff -Nru xrdp-0.9.1/debian/changelog xrdp-0.9.1/debian/changelog --- xrdp-0.9.1/debian/changelog 2017-12-15 19:28:28.0 +0100 +++ xrdp-0.9.1/debian/changelog 2018-04-12 23:43:25.0 +0200 @@ -1,3 +1,10 @@ +xrdp (0.9.1-9+deb9u3) stretch; urgency=high + + * Fix patch for CVE-2017-16927. (Closes: #884702) ++ Off-by-one mistake could crash xrdp in some cases. + + -- Dominik George <naturesha...@debian.org> Thu, 12 Apr 2018 23:43:25 +0200 + xrdp (0.9.1-9+deb9u2) stretch; urgency=medium * Fix CVE-2017-16927. (Closes: #882463) diff -Nru xrdp-0.9.1/debian/patches/cve-2017-16927.patch xrdp-0.9.1/debian/patches/cve-2017-16927.patch --- xrdp-0.9.1/debian/patches/cve-2017-16927.patch 2017-12-15 19:28:28.0 +0100 +++ xrdp-0.9.1/debian/patches/cve-2017-16927.patch 2018-04-12 23:43:25.0 +0200 @@ -18,7 +18,7 @@ /* reading username */ in_uint16_be(c->in_s, sz); -buf[sz] = '\0'; -+buf = g_new0(char, sz); ++buf = g_new0(char, sz + 1); in_uint8a(c->in_s, buf, sz); - +buf[sz] = '\0'; @@ -34,7 +34,7 @@ /* reading password */ in_uint16_be(c->in_s, sz); -buf[sz] = '\0'; -+buf = g_new0(char, sz); ++buf = g_new0(char, sz + 1); in_uint8a(c->in_s, buf, sz); - +buf[sz] = '\0'; @@ -53,7 +53,7 @@ if (sz > 0) { -+buf = g_new0(char, sz); ++buf = g_new0(char, sz + 1); in_uint8a(c->in_s, buf, sz); buf[sz] = '\0'; scp_session_set_domain(session, buf); @@ -65,7 +65,7 @@ if (sz > 0) { -+buf = g_new0(char, sz); ++buf = g_new0(char, sz + 1); in_uint8a(c->in_s, buf, sz); buf[sz] = '\0'; scp_session_set_program(session, buf); @@ -77,7 +77,7 @@ if (sz > 0) { -+buf = g_new0(char, sz); ++buf = g_new0(char, sz + 1); in_uint8a(c->in_s, buf, sz); buf[sz] = '\0'; scp_session_set_directory(session, buf); @@ -89,7 +89,7 @@ if (sz > 0) { -+buf = g_new0(char, sz); ++buf = g_new0(char, sz + 1); in_uint8a(c->in_s, buf, sz); buf[sz] = '\0'; scp_session_set_client_ip(session, buf); @@ -102,7 +102,7 @@ /* reading username */ in_uint16_be(c->in_s, sz); -buf[sz] = '\0'; -+buf = g_new0(char, sz); ++buf = g_new0(char, sz + 1); in_uint8a(c->in_s, buf, sz); +buf[sz] = '\0'; @@ -119,7 +119,7 @@ /* reading password */ in_uint16_be(c->in_s, sz); -buf[sz] = '\0'; -+buf = g_new0(char, sz); ++buf = g_new0(char, sz + 1); in_uint8a(c->in_s, buf, sz); +buf[sz] = '\0';
Bug#894560: pygame: Don't drop python2 package
Control: tags -1 + pending Hi, the next upload in a couple of days will re-introduce the python 2 package. -nik signature.asc Description: PGP signature
Bug#884561: stretch-pu: package pam-krb5-migrate/0.0.11-4
Hi, On Sun, Apr 01, 2018 at 10:45:10PM +0200, Andreas Beckmann wrote: > On Sat, 31 Mar 2018 20:53:05 +0200 Dominik George > <naturesha...@debian.org> wrote: > > Files in second .deb but not in first > > - > > -rw-r--r-- root/root /lib/security/pam_krb5_migrate_mit.so > > > Files in first .deb but not in second > > - > > -rw-r--r-- root/root > > /lib/security/pam_krb5_migrate_mit.so/pam_krb5_migrate_mit.so > > Does dpkg gracefully handle directory->file transitions? > I know it intentionally doesn't do symlink<->directory transitions ... Well, at least I successfully upgraded from the package in stretch to my new version ☺. -nik signature.asc Description: PGP signature
Bug#894560: pygame: Don't drop python2 package
Hi, > Your latest upload drops the python-pygame pacakge but I count 35 > packages in Debian Testing that depend on it. Please restore the > python-pygame package until all those packages no longer depend on it. > > Even without a bug being filed, I believe the broken dependency issue > would have prevented this package from migrating to Testing. So, what's the use of that? I do not target for testing - I target for buster and for sid. Neither pygame nor its dependencies, using Python 2, will survive the buster release cycle, so there is no point in forcefully keeping it around in testing. And as you said: Non of this will transition until the problem is solved (either by removal of the dependencies or their switch to Python 3). All that will happen with and without the Python 2 version of Pygame. -nik signature.asc Description: PGP signature
Bug#884561: stretch-pu: package pam-krb5-migrate/0.0.11-4
Control: tag -1 - moreinfo Hi, sorry for losing track of this ☹… > Care to provide the binary debdiff as well? Sure: debdiff libpam-krb5-migrate-mit_0.0.11-4+b1_amd64.deb libpam-krb5-migrate-mit_0.0.11-4+deb9u1_amd64.deb [The following lists of changes regard files as different if they have different names, permissions or owners.] Files in second .deb but not in first - -rw-r--r-- root/root /lib/security/pam_krb5_migrate_mit.so -rw-r--r-- root/root /usr/share/pam-configs/libpam-krb5-migrate-mit.pam-config Files in first .deb but not in second - -rw-r--r-- root/root /lib/security/pam_krb5_migrate_mit.so/pam_krb5_migrate_mit.so -rw-r--r-- root/root /usr/share/doc/libpam-krb5-migrate-mit/changelog.Debian.amd64.gz -rw-r--r-- root/root /usr/share/pam-configs/krb5-migrate-mit/libpam-krb5-migrate-mit.pam-config Control files: lines which differ (wdiff format) Installed-Size: [-45-] {+42+} Maintainer: [-Jelmer Vernooij <jel...@debian.org>-] {+Dominik George <n...@naturalnet.de>+} Source: pam-krb5-migrate [-(0.0.11-4)-] Version: [-0.0.11-4+b1-] {+0.0.11-4+deb9u1+} > Also, when did this break? I do not know. I adopted the package after the stretch release. -nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Phone: +49 228 92934581 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. · Debian Developer LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#893120: debian-edu-install: uninstallable on ahrd disk thrice the size mentioned in manual
Hi, > In Oslo we discussed about what should be the default desktop (being > MATE at that time); iirc we decided to keep KDE as default but to > recommend LXDE for LTSP clients. On the mailing lists there was feedback > (also after the Stretch release) that LXDE was well suited for LTSP. So > it's somehow known... > […] > KDE works quite well for profiles 'Standalone', 'Roaming-Workstation' > and 'Workstation'. Just for LTSP clients a decent desktop like KDE (or > GNOME) isn't really suited. If MATE was the default, why was LXDE chosen? Also, I do not think that MATE is not a "decent desktop". For buster, please let's decide for one default for all, set that both on the media and in the manual, and extra points for not diverting from Debian's default ;). -nik -- Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter) Teckids e.V. - Erkunden, Entdecken, Erfinden. https://www.teckids.org/ signature.asc Description: PGP signature
Bug#893724: gajim: Cannot open preferences
Package: gajim Version: 1.0.0-1 Severity: important -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 When trying to open preferences, I get the following error: ## Versions - - OS: Linux - - GTK+ Version: 3.22.29 - - PyGObject Version: 3.26.1 - - python-nbxmpp Version: 0.6.4 - - Gajim Version: 1.0.0 ## Traceback Traceback (most recent call last): File "/usr/lib/python3/dist-packages/gajim/app_actions.py", line 56, in on_preferences config.PreferencesWindow() File "/usr/lib/python3/dist-packages/gajim/config.py", line 402, in __init__ create_av_combobox('audio_input', AudioInputManager().get_devices()) File "/usr/lib/python3/dist-packages/gajim/common/multimedia_helpers.py", line 30, in get_devices self.detect() File "/usr/lib/python3/dist-packages/gajim/common/multimedia_helpers.py", line 60, in detect '%s is-live=true name=gajim_vol') File "/usr/lib/python3/dist-packages/gajim/common/multimedia_helpers.py", line 36, in detect_element if hasattr(element.props, 'device'): AttributeError: 'NoneType' object has no attribute 'props' I have PulseAudio running; this seems unrelated to the other bug. - -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gajim depends on: ii gir1.2-gtk-3.03.22.29-1 ii python3 3.6.4-1 ii python3-gi3.26.1-2 ii python3-gi-cairo 3.26.1-2 ii python3-idna 2.6-1 ii python3-nbxmpp0.6.4-1 ii python3-openssl 17.5.0-1 ii python3-pyasn10.4.2-3 Versions of packages gajim recommends: ii alsa-utils 1.1.3-1 ii aspell-en [aspell-dictionary] 2017.08.24-0-0.1 ii ca-certificates 20170717 ii dbus1.12.6-2 ii fonts-noto-color-emoji 0~20180102-1 ii gajim-omemo 2.5.7-1 ii gajim-pgp 1.2.2-1 ii gir1.2-farstream-0.20.2.8-4 ii gir1.2-geoclue-2.0 2.4.7-1 ii gir1.2-gspell-1 1.6.1-1 ii gir1.2-gst-plugins-base-1.0 1.14.0-1 ii gir1.2-gstreamer-1.01.14.0-1 ii gir1.2-gupnpigd-1.0 0.2.5-2 ii gir1.2-networkmanager-1.0 1.10.6-2 ii gir1.2-secret-1 0.18.5-6 ii gstreamer0.10-plugins-ugly 0.10.19-2.1+b3 ii notification-daemon 3.20.0-3 ii plasma-workspace [notification-daemon] 4:5.12.3-1 ii pulseaudio-utils11.1-4 ii python3-crypto 2.6.1-8 ii python3-dbus1.2.6-1 ii python3-gnupg 0.4.1-2 ii python3-keyring 10.6.0-1 ii python3-pil 5.0.0-1 pn python3-precis-i18n ii sox 14.4.2-3 Versions of packages gajim suggests: ii avahi-daemon 0.7-3.1 ii libxss1 1:1.2.2-1+b2 pn nautilus-sendto pn python3-avahi pn python3-gconf pn python3-gnome2 ii python3-kerberos 1.1.14-1 ii python3-pycurl7.43.0.1-0.2 - -- no debconf information -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqyiYgxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pb+MBAAwhuO+rcviHekRZPWKGC5+H/oUeVB 96nEDTr+RiU0ocIfj1SBkEMJSmH5O6apJni9PDMjGGhhu7QfMSKYnGIq3moKysOP 8r00Jr0vzCIYAH6pEixkCKxwp1dqKw14pCaOU0JJ9cTYkq7D1/hAOshY/bybY/8T BzM9hUdthi9ysWZS0SzthHUD/5Sz3A5y/yyHibeHvQWG2P6eShxyMV5vooWJNWBG c6zYVF1ED14LwZNpiCGgtYOaXugLR2tNlRGwEP0XogQ0OpMR0ZaoHGhEa8ggPJEE O0CzifuH4JRAyvUKbdeFPpgucAgO1ia0vFDqbeeaTE1BXhkStrkevIfyp6v8IAve 7Fk6QTa1WmzR+S+cuuKjZ8ourvjmn7WIwbLxfVq8gm+noBfXeRoX/aK2c4Xt50kU uasDN9dimRAZpDFo7vUoeOPpBManv22PiPVjPz9HXfpauJo7Kq7YP+YDiVGoO9im lcbMV+AXMs6TwWl8NNdjo6f2D6J95onNHGy0pnGzAQiH5yP2+9wFnsfy0wIkTgvw Ik1jb1zLJjakwN1QkqwXHTbacEUYNC8Ril91XNV8QHszBjN9V3d2WetRSYw7jTMG VDWSriwQ8YC6OpmFYETExJPJiGceDQ9Av1FtHuKQO2o+N4fZM71V+i/Wa64VMJgl UKT3xrW+2Pw1DHI= =p015 -END PGP SIGNATURE-
Bug#893120: debian-edu-install: uninstallable on ahrd disk thrice the size mentioned in manual
Hi, On Sat, Mar 17, 2018 at 12:43:58AM +, Holger Levsen wrote: > from irc: > > < Natureshadow> 78 GiB reserved for "debianfreespace" > < Natureshadow> And /var only 5.2 GiB > < h01ger> Natureshadow: mybe put that in the bug? i know, ranting > on irc is fun, but > < h01ger> and then you could also resize /var during installing... > < h01ger> debian-edu-autofsresize will do the job nicely and is documented Resizing the partitions during installation in the /target chroot works. On Sun, Mar 18, 2018 at 08:01:34PM +0100, Wolfgang Schweer wrote: > On Fri, Mar 16, 2018 at 05:19:01PM +0100, Dominik George wrote: > > I spent two days trying to install Debian Edu (combined server) in a > > virtual machine. I started with 100 GiB hard disk, then tried 150 GiB, > > and finally 220 GiB. The LTSP chroot installation always fails with no > > space left in /opt/var/cache/apt. > > > > Installing Debain Edu is not possible. > > I was unable to reproduce it (recommended 'desktop=lxde' setting, see manual). > > I figure you used 'desktop=kde' (default kernel command line entry, common for > all profiles); in this single case LTSP installation fails reproducibly. OK. I read the manual (again) and do find a short note that lxde should be used for LTSP, but what you write here sounds like more than a simple recommendation. Maybe the manual should be clearer about that (the note is also very well hidedn, IMHO - the paragraph is about changing the desktop environment from the default, so I'd skip reading it if I don't care changing the default). > In the past I've tested also this case taking into account that reading a > manual isn't fun for most people and thus will simply hit return; back then > the KDE variant used to work as well, enough space was left. OK. But really - we should absolutely test the installer as it comes out of the box. I really think most people will want to use it that way. > > Now, the netinstall ISO image being outdated and a lot of updated packages > getting installed after point release 9.4, /var/cache/apt/archives is filled > up and about 100 MiB space is missing. > > (As LTSP mounts the server Apt cache and arch=i386 is the LTSP default, a > whole > bunch of unneeded packages plus the updated ones show up.) Oh. Sorry, I missed the bit about the differing archs! > > That said, a simple workaround is (if someone really wants KDE for LTSP > clients): > > After the Debian installer reported the LTSP menu item as failed: > > (1) Activate a Debian installer shell. > (2) Run 'rm target/opt/ltsp -rf' > (3) Run 'rm target/var/cache/apt/archive/*_amd64.deb' > (4) Go back to the installer gui. > (5) Choose the LTSP menu item again. > > One could use an even simpler solution: > Once the LTSP changeroot installation has started, do steps (1) and (3); the > installation will run without issues. > > As far as Buster is concerned, the cache issue won't show up as the LTSP > chroot > arch will be the same as the server one. Great! Cheers, Nik signature.asc Description: PGP signature
Bug#893111: debian-edu-install: Consider LTSP PnP
Hi Wolfgang, On Sun, Mar 18, 2018 at 07:58:35PM +0100, Wolfgang Schweer wrote: > On Fri, Mar 16, 2018 at 04:42:40PM +0100, Dominik George wrote: > > > LTSP got a new mode called LTSP-PnP, where the image for clients is not > > built from a debootstrapped chroot, but rather from the host filesystem, > > with ways to strip unwanted contents and change details before packing > > the squashfs. > > As far as I remember this has been developped some years ago for single > purpose > LTSP installation (mostly at Greek schools). Hmm… I don't know where it originates, but following some threads on the ltsp mailing list, they seem to consider it more or less the default. > > > That would make Debain Edu a lot more easy on disk resources and the > > installation a lot quicker, an also ease updates and changes to the > > environment. > > It doesn't fit the Debian Edu case and is way to unflexible, i.e. > doesn't allow to serve LTSP clients with different archs. Modifying the chroot or building for another arch requires manual intervention anyway, so I am not sure whether using the PnP mode would mean a regression. -nik signature.asc Description: PGP signature
Bug#893394: debian-edu-install: FQDN wrongly ends up in /etc/hostname on tjener
Hi Petter, On Sun, Mar 18, 2018 at 07:17:06PM +0100, Petter Reinholdtsen wrote: > [Dominik George] > > However, on Debian systems, only the short hostname must be in > > /etc/hostname > > Why do you believe this to be true? The /etc/hostname in Skolelinux / > Debian Edu is intentionally FQDN. Personally, based on many years of > large scale *nix system administration, I believe it is the only > sensible thing to store there. > > In short, it is no mistake the FQDN is stored there. I think that depends on how you define "mistake". Reading hostname(1): FILES /etc/hostname Historically this file was supposed to only contain the hostname and not the full canonical FQDN. Nowadays most software is able to cope with a full FQDN here. This file is read at boot time by the system initialization scripts to set the hostname. /etc/hosts Usually, this is where one sets the domain name by aliasing the host name to the FQDN. I know this is not what most Unix admins expect because Debian diverts from the standard here, or used to. However, as the manual says, "most software is able to cope with a full FQDN here". My point of view is that we should rather stay in line with the Debian installer, and "most software" is not "all software". I have recently at least seen one backup tool fail because of this (although I agree it shouldn't break). So, my opinion is: If there is no good reason in Debian Edu (as in, software breaking, not beliefs), we should strip the domain part there like Debian itself normally does. -nik signature.asc Description: PGP signature
Bug#893120: debian-edu-install: uninstallable on ahrd disk thrice the size mentioned in manual
Hi, >I figure you used 'desktop=kde' (default kernel command line entry, >common for >all profiles); in this single case LTSP installation fails >reproducibly. Yeah, well, that's what I meant by "default". A diversion from defaults is a diversion from defaults, even if some text contradicts the defaults. Why wasn't desktop=lxde made the default if it is the default? -nik
Bug#893394: debian-edu-install: FQDN wrongly ends up in /etc/hostname on tjener
Hi, >Why do you believe this to be true? The /etc/hostname in Skolelinux / >Debian Edu is intentionally FQDN. Personally, based on many years of >large scale *nix system administration, I believe it is the only >sensible thing to store there. > >In short, it is no mistake the FQDN is stored there. Depends how you define "mistake". You are right for pretty much everything except Debian. Debian has always had the short name in there, c.f. https://manpages.debian.org/stretch/hostname/hostname.1.en.html This also states that "most software can cope" with an FQDN there, but primarily it documents that the short name is the right thing to put there. We should work with documented behaviour rather than a hope involving the terms "most" and "cope with" rather than "all" and "expect". -nik
Bug#893394: debian-edu-install: FQDN wrongly ends up in /etc/hostname on tjener
Source: debian-edu-install Version: 1.916 Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 When installing a tjener, the name tjener.intern ends up in the file /etc/hostname. However, on Debian systems, only the short hostname must be in /etc/hostname, the FQDN is always determined by resolving the short name to an IP address and reverse-resolving that back into an FQDN. -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqufKMxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZFWRAAwE2O4+Z+aMy8DgXpbu0mcGsb/OoL 3oEIbrsy7pzD79FhYn7A+U4o+EEOYImvaGMwRB0ZV5OXIusNeqgC96QxkDuY/n9j 7TP9Sv8xoOq/B8G0FqQ0/HVH5pd0MjwT6LuqMcXUMfpUrSm4lxLBsdSLHlQAaCEC 1ydflCkrJdDYxkEz2YnItea+uKPqvhUnzLqV70zSK94diMSy6iw5pLipHpfomp2V kSbQZ6sYFLgRT8EAnmTK0RWxJKnyl+yeY2WQ1rEHwnQXL2J0SGKrLsrP758DX3so MH5LM3D+v77W7KQXxS1UIg1zNaPBVZPbPoyo4rPUr+qUQ+Az5SwjpzqQnX1Xf1Mm gdtdirln/F+86vtPae3Mm5qJVPNloTqhxvBxGqmxRanOEUC3Q0gh5dnosB4WKgLB o1UsP5QZ4uGERJqwDBcXNBvTwkLt+lhJruHUlK83OaCD2OldVM2i7X2KdeYC7yeR Gv6LmeqfSvg6D7tphAyM2xDyf9dq97fm2Ji710vifSpu2Z91+fMGpEGIyPAKbMd+ 3maqaMbHE67lZFqSKYN8Y5sLdC3MgRm6foaguFt6AR7o39nHJp0sAGMkGgI2yYwW M0NVegPfDOh6qqGQCwF3z5Ym6OtkIKvd8B1Rki2BYjbCzqskMvBDLFEBQ7YDFgPJ PApREOXMSOOVktI= =ps3i -END PGP SIGNATURE-
Bug#892794: systemd-networkd fails to configure IPv6 without MTU from RA
Hi, I can confirm that our infrastructure completely broke IPv6-wise right after updating to stretch 9.4 ☺. I did not try the new build, but can confirm that everything start working again if radvd on the gateway is configured to send out an MTU. -nik signature.asc Description: PGP signature
Bug#893120: debian-edu-install: uninstallable on ahrd disk thrice the size mentioned in manual
Hi, > > Severity: grave > > Justification: renders package unusable > > but not for everyone, so its just "important". we have had several many > successful installation reports since last year. I very much doubt that the standard configuration can be installed by anyone right now. > > > I spent two days trying to install Debian Edu (combined server) in a > > virtual machine. I started with 100 GiB hard disk, then tried 150 GiB, > > and finally 220 GiB. The LTSP chroot installation always fails with no > > space left in /opt/var/cache/apt. > > strange. as a workaround you could install a plain main-server and then > turn that into an LTSP server after installation. How would I do this (without manually fixing the partitions)? The content downlaoded for building the chroot simply does not fit into the logical volume used for it. Taht won't change after reboot. -nik signature.asc Description: PGP signature
Bug#893120: debian-edu-install: uninstallable on ahrd disk thrice the size mentioned in manual
Source: debian-edu-install Version: 1.916 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I spent two days trying to install Debian Edu (combined server) in a virtual machine. I started with 100 GiB hard disk, then tried 150 GiB, and finally 220 GiB. The LTSP chroot installation always fails with no space left in /opt/var/cache/apt. Installing Debain Edu is not possible. -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqr7nQxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pb2bxAAvIZSU7BE0+ucGg5SEzrzvk0GHzuv OfhwhpxuggDzKgTf2vq5fsEXm9DafxyIXhq9ZfYgbGCRqXlWbO3hjlmneZx1OCzt ow3kpLZJy5LwerRYe2lYlJY8O8ZYnKPUMuWxblpVCU9tQUXw/+edtmu+KGRNcEmX L8u5/y1LNp5846Xb9wSKgJP93DaYInUndv9+i9EOGps+uoZlO67yyDgYJUJmmkJf 0q9zoU7KBOO2fJv8i1rcbxmgNaT9gcqZLtlLXPvFUm526ipZHT1nktteHJQEtwqf KNhGA2tsNwxJrWJgnJG/Vtppwj9wgbdJ9q9cPxVqS9sLVi3hoUPeDRA6kBVmkebB nbxDLI8tl5DtdR6FLQKOT8nfich9V5XDmW4379jCL+g7P+ixigBiWLouwMwnBCr/ EpBK8Qwv0KCnRhs9geC9i5HBpU4oKB4nJr5L24jEy9kbwaduN1w3mpRQZ81WtsCC MdYEmJl0VhW4UH5MYjxrkPZ1lI5b9f4pSFI5wmA1FGSC12+swTWFWKY3ivVhObDE exQfsdRUhuLj4NpPVvE3rIqxLOCAi75X5R9/cdJ5uMxyG0kzUwzi87dv9VIBy+FT 0SpH1QYhSz/ORRA4FjlDBn726Bwk6OpudECPn1JMBoziZ6k/ASwSfSG74q8MPDRI 70iu0yXdiLct/3M= =HyOM -END PGP SIGNATURE-
Bug#893113: debian-edu-install: synced homes on LTSP
Source: debian-edu-install Version: 2.10.8 Severity: wishlist -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 It would be helpful to have a mode where an LTSP server (or mobile workstation, for that matter) synchronises a configurable subset of home directories from the master rather than mounting it. That way, a decentral Skolelinux network could be created, with master server in one location and LTSP servers in a remote location, and no really fast network link between them. At Teckdis, we experimetned with csync2 for that. It has issues of its own, but those who would use that feature could certainly cope with it. -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqr5pgxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pY+whAAieeIH+E8PWxs0XrH+Wy2p7OBt0zH cCIps66BGCp+mNTHo+3oWCy71eD5s/UWOMNtJzlYCtIJNAH/GH84hgpa0aKIu1d/ bsdLTlSPlDQKjv934gvOZBQqLXw5jioKC3+9jJ7txRMbDYyzMLpNPELophmzz3zD 5hSfpBGSlIx45RcWQwBE3zlcQh+RA9Ls35g5g/pQK2ff24AFJRvKOyByCcTXh4m+ qORUceNIAv9o7dLV0YBIfoU9C8W7nE0OrQ/Avc7sqp4SqfMH/RmQBiLsVOZyQLll aJAeqWz+FPJp4/rNrrkSWmYU8CpmJv3SayvDuulCULBq//QGRUXbEGIYgkhBOkyQ UEPNw7vHHWVOyVZiWK1CRF2Fxk+E+IKFwBSb8bC0MNonD6PtE0qHyzsL+j/A+1HU fXtiC70KJ8YNIhpRUajarbXYD9opA0xf5MKYEOIhHVxTWPaD/iacgLXiy27Ybz9w ECdNh6023EJ8q/lgJhzXGkkLfTdFNFYqs4ypS5zNm145tR3714iktEgOv9t+wqwv l8ykpjYHwKkOvT+faLGnVbpW4fgeC/8rZIknZaCVcj0EnzK+pl1NagN2naLjZll3 WqBXL6Y5pYle0Bv9AOk6mywOBzx8qKCeMVRnKGuSQQGEKG0BYhD9YZpHvQ9WGBMX ZR386GEkmKJSi78= =iBkO -END PGP SIGNATURE-
Bug#893111: debian-edu-install: Consider LTSP PnP
Source: debian-edu-install Version: 2.10.8 Severity: wishlist -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 LTSP got a new mode called LTSP-PnP, where the image for clients is not built from a debootstrapped chroot, but rather from the host filesystem, with ways to strip unwanted contents and change details before packing the squashfs. That would make Debain Edu a lot more easy on disk resources and the installation a lot quicker, an also ease updates and changes to the environment. - -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqr5fAxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8paFeRAA0nSFFepyDF9tVndnzPchqt7q1Kay 14UiBkBiYWJWt8iIWfBYk79UZboTAkko0yH7SvdgMrlImNxM5uie00N3AXAJUxWe NfqmKvqtR2nxUcm3s5ybRzpb07ObddHL8jf72i0TRs86kBxmnDdsZmvL4S5OtogV vomFVXPAkb5rW7WsGll6SkartrFBFg8fFG2KpgeK8gpsbKSVyaHqrWlr89W+lvmd kDpOvlEkEIEswFIc65Yfcy/5AxPxNQAYA+Q2vEH/3KECsl+3q37RLMdybUvyN6xS cii9OB7OMwLzjzw373yB1S11sFpR4jEApKL/yMm4DeFe2ZhWmtQYrSUiWemxlHDm eTMnIrKkF3MMP45TPEIBh+W3Cn1Ao82oJ4Fct5nUe2ji9aFPhZZ0nS2lTja5OKTq +2/HzSAcshQtpFCi6VOwxKO/bhF31aQmBE7OcKm9VcpKaDBdV9HlOHVemd72ZzsG xftIZ3CvbmDhXgdUpkZBXQ3Z3/IkKnqiPFiQbaXIVnbOn0JDTM7+iZr9MNE30QBu RgPh7mu6VuLJUAFmXOKkrbnr+z4abe3Z2U/7Li8JbjRvEbxckrxUGw658ZWIB/qj H0o8mBmuURr8nGLVUDjmKfsVhOagqp5Tscs3PSOwBSD8l6I4Brrn21VWwqpKHzcc DedFe6kgh8nWl0w= =FuGw -END PGP SIGNATURE-
Bug#893109: debian-edu-install: use cached apt archives when building chroot
Source: debian-edu-install Version: 2.10.8 Severity: wishlist -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 LTSP offers a config option to ltsp-build-client that mounts the /var/cache/apt/archives directory to the target. This is helpful when building aa chroot on an LTSP server, where all packages used in the chroot were already downloaded on the host. It would also save space in /opt on installation. - -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqr5YQxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pbd9BAAxolCiKRinmbp1WRtFd9/LRIb/M49 47qyZ5B4pUnUN1Mgnazj50jtCyhqv0uxJEHAWVfduF8N4RkmyB6GZBZqkxQSptB/ Y2N3Wvz1OmzZ9v1OkOkHshfkSWhYBJgFXzD4LwQGfQFYlmNTOGSXoYQ8Ve1WOYKl OFmG0aFSRAerEYRgJuCXfD2NpMQjQuuy8Rd/c87VTlXWm4Efyd+rDBuffC88Sh5D CeHiMM1tZ8EnHPw8Em+Xy2mEv8M4BuLALpdnEyfyFhhsc1gAp7chVTEPv0eynRdp fj17r9jtrGsiwAeW0eMsDJosUlaS5n84WfN8uTRnq+FyE1gCkRHW982CGcx6wrQ0 qPytPaBvOriEpGQ72jjLeWLCod2SUQJINobALwcOszeo8o539bduSG7ReT1qC9+z AQOdEtJesPqxqUkp/WumL4lalnysysZYbXWrSVELQq5FO+dSkX2y8WpAteQ5S718 gRXnDCrCNv77f7y7wVY/OBLNUAnV0wy5zBLTtI29upNQbct0ZW9JWXkENEzcKlBO F0FXYC4/mTaf9vYQNZqpp8W4DsnRyJiDL9hXnWhXcf92VIsWbFkpX+DfLFF9e2fC ZFN2QjX3qN6QTSg3B6Jo8L7C30qX1tNVszMf2p/6IQyvqezSz8Vqw9Zs1oL5HQQO UvluTXxQn/48OMw= =odhg -END PGP SIGNATURE-
Bug#893108: debian-edu-install: please do not force complex partitioning scheme
Source: debian-edu-install Version: 2.10.8 Severity: wishlist -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The Skolelinux installer enforces a micropartitioning theme, splitting all parts of the filesystem into several volumes. While there are theoretical benefits, most a re historic, and in practice, the scheme complicates installations and maintenance (there is an entire chapter in the manual describing what to do if something runs full). I know from at least two support cases that the scheme made things more difficult than necessary, and it cost me several hours today because I had to install Debian Edu with limited space and one of the partitions always ended up being too small. I propose compeltely dropping Edu's own partitioning scheme and simply using the corresponding step from the Debian installer, or defaulting to jsut one partition or at most three (root, home and backup). -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqr5KgxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYBCQ//T0zFuBucOSoYXsMM/bvNvIdXmA6B VHLm8JdP56NwMi+xJciBxenAdrZHcoF01NwfMsnlwVPF90IFwTex10YsVpd2ljIG a2p9YKGFzZgLWrPmyPhEwQ1SEWfdiCTx2AzF3hy7BjUbOm5gQjtDvDmjEnKC5YFh C00gow39e9BKbhDeu8RG64w8UhB5a86ZTVKcmSXWZdjcDP+bsjXV7XdoLFyyktqC RJeWBTJnJsDkijCGfT8PW9jHsMlF3orS5NaMvtLlVrAkVN8WO8v39d94eW6nzHm2 L/kTkjb1jOi7vjGtQ3UKBIVd1N9LfBHMyyGB4Jlvi9kVNMtC9LQnKgm3ZRwoSPIj DdopTanN4wMrn4k9qkUsNZDz73VrjMa1tB1ntDoqCSgzwZ6yjaoz841eGXLIjNfh e60R9d2u8OZSktCp5dSshY/MffhJOYzQZwe26bybJxmI/47n5hJsUEz8BQKGeHQG 1/tGKe0kwVQyO7qOfqzsuXL/YnR0tZ8cvcVKTbHSIwKppjFiqLElGImTZJ5gSeRZ B6bu7RgYUSWNDDqXunFzsACmXdc1DVhFkEq5StNJ5yeurXuGeklgWQ7Jd3p7ZQaT CCNHFqzX8Ys7CAJIShFHlNoHqhBWBk1w5qvm8Eed7UdF5DkKJOLuoRc+5nlraNSz oIzC/cbMN4/jEN8= =PtjD -END PGP SIGNATURE-
Bug#891829: stretch-pu: package needrestart/2.11-3
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I would like to update needrestart in the upcoming point release to fix the RC bug #876459 in stretch. It causes regular unintended restarts of critical services. The maintainer seems to lack time, so I have offered help to fix this in stretch. I got it reviewed by Mike Gabriel, who also offers to sponsor the upload. Find attached the debdiff. Thanks, Nik - -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqX1+4xGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pY7Cw/9ESJmQMvwveheqIoCzLB4GTOYW6yK ADuq8nHfQNmvd1Xdn/ejDwTEuz0NH/trRfuxvZ2oyIKFHMmpCx1meI5wy/wXypE1 dAroycHl4IRI3vruM1d8eg7LIzziak8tXJgg1gQt3RF9UOtE0WDMT4zPmPF5CBPk kx4b4jBKEsrLz6IyjpXL7z+v7BmJ4+Qb9rmWI9ewEiKionnqfgfwivhjZg52PX0P 3wHIhgHUwbyQtzonZJq19iXyEg48nhKSCVYs0J1zRxTk5FEMkdplAWZwPVjrpDOT jLL0LpJncv+AV3fukXl+JmHaF3EfTfKyKjtHD1SD2L2cTRPg/5zP9XBUL59W11wH HbjmoyfEqib99nSp0bySDQSBJdJbnJ0DluvekT2O1JmYNG8KaYdhs2z/9Zw/wQe3 u0Qmgqw34P/bP21yURutCEjQjBqWACkcnLq85Evmx597gr6ZrV2ObBO393mnimwB OEsxOWw6wBAJzyqTeWD1cRCqp4gI/JqGfP5R5FsfkOkIjgRac05UIoVJSncAssl0 O+wmbFs99X8bgCSPzXB9M0ASJKxRMCPzBK/79QFWg8jUj/v8tkrCMHoBpViBu/Ut dXPwTJEqIvK32tixDhqLzyAHZY0j6T1X8G1jJ+tYssQ+FXQZ9i50w1in1ZEF+mKi +fzXy9IBnDs9xgY= =QteC -END PGP SIGNATURE- diff -Nru needrestart-2.11/debian/changelog needrestart-2.11/debian/changelog --- needrestart-2.11/debian/changelog 2017-05-26 15:45:04.0 +0200 +++ needrestart-2.11/debian/changelog 2018-02-28 22:48:43.0 +0100 @@ -1,3 +1,11 @@ +needrestart (2.11-3+deb9u0.1) stretch; urgency=medium + + * Non-maintainer upload. + * Fix switching to list mode if debconf is run non-interactively. +(Closes: #876459) + + -- Dominik George <n...@naturalnet.de> Wed, 28 Feb 2018 22:48:43 +0100 + needrestart (2.11-3) unstable; urgency=high * Add patch 03-perl-warning to fix a warning from Perl triggered in version diff -Nru needrestart-2.11/debian/patches/05-fix-debconf-noninteractive.diff needrestart-2.11/debian/patches/05-fix-debconf-noninteractive.diff --- needrestart-2.11/debian/patches/05-fix-debconf-noninteractive.diff 1970-01-01 01:00:00.0 +0100 +++ needrestart-2.11/debian/patches/05-fix-debconf-noninteractive.diff 2018-02-28 22:48:43.0 +0100 @@ -0,0 +1,16 @@ +From: Piotr Pańczyk <piotr.panc...@assecobs.pl> +Subject: Fix switcihng to list mode if debconf is run non-interactively +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876459 +Origin: https://github.com/liske/needrestart/commit/6c83d643a21fe0da2c8ae5ece97a778b347a033c + +--- a/needrestart b/needrestart +@@ -181,7 +181,7 @@ $nrconf{ui} = qq(NeedRestart::UI::stdio) + die "Hook directory '$nrconf{hook_d}' is invalid!\n" unless(-d $nrconf{hook_d} || $opt_b); + $opt_r = $nrconf{restart} unless(defined($opt_r)); + die "ERROR: Unknown restart option '$opt_r'!\n" unless($opt_r =~ /^(l|i|a)$/); +-$is_tty++ if($opt_r eq 'i' && exists($ENV{DEBIAN_FRONTEND}) && $ENV{DEBIAN_FRONTEND} eq 'noninteractive'); ++$is_tty = 0 if($opt_r eq 'i' && exists($ENV{DEBIAN_FRONTEND}) && $ENV{DEBIAN_FRONTEND} eq 'noninteractive'); + $opt_r = 'l' if(!$is_tty && $opt_r eq 'i'); + + $opt_m = $nrconf{ui_mode} unless(defined($opt_m)); diff -Nru needrestart-2.11/debian/patches/series needrestart-2.11/debian/patches/series --- needrestart-2.11/debian/patches/series 2017-05-26 15:45:04.0 +0200 +++ needrestart-2.11/debian/patches/series 2018-02-28 22:45:55.0 +0100 @@ -2,3 +2,4 @@ 02-install-restart-d.diff 03-perl-warning.diff 04-ignore-systemd-services.diff +05-fix-debconf-noninteractive.diff
Bug#876459: needrestart: Non-interactive mode not being detected properly
Hi Patrick, > I regularly see this bug cause important PostgreSQL databases to be > restarted on Debian stable. > > Can you please make sure to provide an update for the next Debian point > release? If you need help doing so, feel free to say that. Any news/opinion on that? If I do not hear anything from you within this week, I will start negotiating with therelease team about the patch for the next point release. Cheers, Nik signature.asc Description: PGP signature
Bug#890622: vbackup: mbr backup fails on block devices with / in path
On Sun, Feb 18, 2018 at 12:03:09PM +, Stefanos Harhalakis wrote: > Ended up with a slightly different approach that converts / to _. > This should work: > https://github.com/sharhalakis/vbackup/commit/52971d7b5e034f8bb939e2c1b23fbdc6c88b45d7 OK. I wanted to keep the patch as small as possible for stetch-proposed-updates. That echo | sed also looks strange given that bash has built-in tools for that: foo=${foo//\//_} -nik -- Dominik George (1. Vorstandsvorsitzender, pädagogische Leitung) Teckids e.V. - Erkunden, Entdecken, Erfinden. https://www.teckids.org/
Bug#890622: vbackup: mbr backup fails on block devices with / in path
> Find attached a patch with a simple fix. Sorry, the patch was broken. Here's the correct one. -- Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter) Teckids e.V. - Erkunden, Entdecken, Erfinden. https://www.teckids.org/ --- mbr.orig 2018-02-16 21:47:46.415903625 +0100 +++ mbr 2018-02-16 21:53:46.631944775 +0100 @@ -133,6 +133,7 @@ for p in $DISKS ; do h_msg 12 "Backing up $p" + mkdir -p "$(dirname "$TDIR2/$p")" dd if=/dev/$p "of=$TDIR2/$p.mbr" bs=512 count=1 >/dev/null 2>&1 [ -z "$FDISK" ] || $FDISK -l /dev/$p > "$TDIR2/$p.fdisk-l" \ 2> >(h_filter 6 >&2) signature.asc Description: PGP signature
Bug#890622: vbackup: mbr backup fails on block devices with / in path
Package: vbackup Version: 1.0.1-1 Severity: important The mbr script misses on / characters in device paths (like, when the device is /dev/cciss/c0d0 in an HP array). It inserts the part after /dev/ verbatim into its temp filenames. A fix in the next stretch point release would be most welcome. Find attached a patch with a simple fix. -- System Information: Debian Release: 9.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-5-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- no debconf information --- mbr.orig2018-02-16 21:47:46.415903625 +0100 +++ mbr 2018-02-16 21:49:49.710561189 +0100 @@ -133,6 +133,7 @@ for p in $DISKS ; do h_msg 12 "Backing up $p" + mkdir -p "$TDIR2/$p" dd if=/dev/$p "of=$TDIR2/$p.mbr" bs=512 count=1 >/dev/null 2>&1 [ -z "$FDISK" ] || $FDISK -l /dev/$p > "$TDIR2/$p.fdisk-l" \ 2> >(h_filter 6 >&2)
Bug#890544: otrs2: gpg commandline for signing not compatible with gpg2
Package: otrs2 Version: 5.0.16-1+deb9u5 Severity: important The gpg command-line used for signing is not compatible with gpg2 (well, the command-line is - but after calling, OTRS asserts that gpg did not produce any output, which it does in gpg2 - this assertion is broken by design anyway). This results in mails being not signed. In line 258 of Kernel/System/Crypt/PGP.pm, the --default-key option needs to be changed to --local-user - which is the correct option at this point anyway, and is also compatible with gpg1. As gpg2 is the default for stretch, it would be very good if you could apply this change for a proposed-update, as having gpg2 currently requires running a locally patched OTRS. -- System Information: Debian Release: 9.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages otrs2 depends on: ii adduser 3.115 ii apache2 [httpd-cgi] 2.4.25-3+deb9u3 ii dbconfig-common 2.0.8 ii debconf [debconf-2.0] 1.5.61 ii fonts-font-awesome 4.7.0~dfsg-1 ii libapache-dbi-perl 1.12-1 ii libapache2-reload-perl 0.13-1 ii libauthen-sasl-perl 2.1600-1 ii libcgi-pm-perl 4.35-1 ii libcrypt-eksblowfish-perl 0.009-2+b2 ii libcrypt-passwdmd5-perl 1.3-10 ii libcss-minifier-perl0.01-1 ii libdate-pcalc-perl 6.1-4+b2 ii libdbd-mysql-perl 4.041-2 ii libdbd-pg-perl 3.5.3-1+b2 ii libdbi-perl 1.636-1+b1 ii libemail-valid-perl 1.202-1 ii libencode-hanextra-perl 0.23-4+b2 ii libexcel-writer-xlsx-perl 0.95-1 ii libgd-graph-perl1.48-2 ii libgd-perl [libgd-gd2-perl] 2.53-3 ii libgd-text-perl 0.86-9 ii libhtml-parser-perl 3.72-3 ii libhtml-tagset-perl 3.20-3 ii libhtml-truncate-perl 0.20-1 ii libio-interactive-perl 1.022-1 ii libio-stringy-perl 2.111-2 ii libjavascript-minifier-perl 1.11-1 ii libjson-perl2.90-1 ii libjson-xs-perl 3.030-1 ii liblingua-translit-perl 0.26-1 ii liblinux-distribution-perl 0.23-1 ii libmail-imapclient-perl 3.38-1 ii libmail-pop3client-perl 2.19-1 ii libmailtools-perl 2.18-1 ii libmime-tools-perl 5.508-1 ii libnet-imap-simple-perl 1.2207-1 ii libnet-imap-simple-ssl-perl 1.3-3 ii libnet-ldap-perl1:0.6500+dfsg-1 ii libnet-smtp-ssl-perl1.04-1 ii libnet-smtp-tls-butmaintained-perl 0.24-1 ii libnet-sslglue-perl 1.057-1 ii libpdf-api2-perl2.030-1 ii libperl5.24 [libdigest-sha-perl]5.24.1-3+deb9u2 ii libpod-strip-perl 1.02-2 ii libproc-daemon-perl 0.23-1 ii libschedule-cron-events-perl1.95-1 ii libsoap-lite-perl 1.20-1 ii libsys-hostname-long-perl 1.5-1 ii libtemplate-perl2.24-1.2+b3 ii libtext-csv-perl1.33-2 ii libtext-csv-xs-perl 1.26-1 ii libtext-diff-perl 1.44-1 ii libxml-feedpp-perl 0.43-1 ii libxml-libxml-perl 2.0128+dfsg-1+deb9u1 ii libxml-libxslt-perl 1.95-1+b1 ii libxml-parser-lite-perl 0.721-1 ii libxml-parser-perl 2.44-2+b1 ii libyaml-libyaml-perl0.63-2 ii libyaml-perl1.21-1 ii perl5.24.1-3+deb9u2 ii ttf-dejavu-core 2.37-1 ii ttf-dejavu-extra2.37-1 ii ucf 3.0036 Versions of packages otrs2 recommends: ii aspell 0.60.7~20110707-3+b2 ii ispell 3.4.00-5 ii postgresql-client 9.6+181+deb9u1 ii postgresql-client-9.6 [postgresql-client] 9.6.6-0+deb9u1 ii procmail 3.22-25+deb9u1 Versions of packages otrs2 suggests: pn postgresql | default-mysql-server -- debconf information excluded -- debsums errors found: debsums: changed file /usr/share/otrs/Kernel/System/Crypt/PGP.pm (from otrs2 package)
Bug#890494: otrs2: Turns everything startign with www in plain text mails into links
Control: reopen -1 Control: forwarded -1 https://bugs.otrs.org/show_bug.cgi?id=13666 Control: severity -1 minor Control: tags -1 + upstream Hi, > I do not think that this behaviour is wrong. As in: “I think that it is a correct behaviour for an MUA to replace arbitrary texts in mail bodies, changing the content”? Please, seriously - I am not complaining about OTRS adding an tag around it, but by all means, it should *not* change the displayed text. > But: this is nothing Debian > related. You should report this to upstream please and see what he > thinks about it. If you find a minute, please read the Developer Reference again, especially paragraph 3.1.4. I will happily assist you in doing that, but still please take bug reports serious. Cheers, Nik -- Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter) Teckids e.V. - Erkunden, Entdecken, Erfinden. https://www.teckids.org/ signature.asc Description: PGP signature
Bug#890494: otrs2: Turns everything startign with www in plain text mails into links
Package: otrs2 Version: 5.0.16-1+deb9u5 Severity: normal In plaintext mails, OTRS renders every string starting with www. with HTTP URls, rendering some text useless without manual correction, like this one: apache2/sites-available/http://www.conf | 2 +- -nik -- System Information: Debian Release: 9.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages otrs2 depends on: ii adduser 3.115 ii apache2 [httpd-cgi] 2.4.25-3+deb9u3 ii dbconfig-common 2.0.8 ii debconf [debconf-2.0] 1.5.61 ii fonts-font-awesome 4.7.0~dfsg-1 ii libapache-dbi-perl 1.12-1 ii libapache2-reload-perl 0.13-1 ii libauthen-sasl-perl 2.1600-1 ii libcgi-pm-perl 4.35-1 ii libcrypt-eksblowfish-perl 0.009-2+b2 ii libcrypt-passwdmd5-perl 1.3-10 ii libcss-minifier-perl0.01-1 ii libdate-pcalc-perl 6.1-4+b2 ii libdbd-mysql-perl 4.041-2 ii libdbd-pg-perl 3.5.3-1+b2 ii libdbi-perl 1.636-1+b1 ii libemail-valid-perl 1.202-1 ii libencode-hanextra-perl 0.23-4+b2 ii libexcel-writer-xlsx-perl 0.95-1 ii libgd-graph-perl1.48-2 ii libgd-perl [libgd-gd2-perl] 2.53-3 ii libgd-text-perl 0.86-9 ii libhtml-parser-perl 3.72-3 ii libhtml-tagset-perl 3.20-3 ii libhtml-truncate-perl 0.20-1 ii libio-interactive-perl 1.022-1 ii libio-stringy-perl 2.111-2 ii libjavascript-minifier-perl 1.11-1 ii libjson-perl2.90-1 ii libjson-xs-perl 3.030-1 ii liblingua-translit-perl 0.26-1 ii liblinux-distribution-perl 0.23-1 ii libmail-imapclient-perl 3.38-1 ii libmail-pop3client-perl 2.19-1 ii libmailtools-perl 2.18-1 ii libmime-tools-perl 5.508-1 ii libnet-imap-simple-perl 1.2207-1 ii libnet-imap-simple-ssl-perl 1.3-3 ii libnet-ldap-perl1:0.6500+dfsg-1 ii libnet-smtp-ssl-perl1.04-1 ii libnet-smtp-tls-butmaintained-perl 0.24-1 ii libnet-sslglue-perl 1.057-1 ii libpdf-api2-perl2.030-1 ii libperl5.24 [libdigest-sha-perl]5.24.1-3+deb9u2 ii libpod-strip-perl 1.02-2 ii libproc-daemon-perl 0.23-1 ii libschedule-cron-events-perl1.95-1 ii libsoap-lite-perl 1.20-1 ii libsys-hostname-long-perl 1.5-1 ii libtemplate-perl2.24-1.2+b3 ii libtext-csv-perl1.33-2 ii libtext-csv-xs-perl 1.26-1 ii libtext-diff-perl 1.44-1 ii libxml-feedpp-perl 0.43-1 ii libxml-libxml-perl 2.0128+dfsg-1+deb9u1 ii libxml-libxslt-perl 1.95-1+b1 ii libxml-parser-lite-perl 0.721-1 ii libxml-parser-perl 2.44-2+b1 ii libyaml-libyaml-perl0.63-2 ii libyaml-perl1.21-1 ii perl5.24.1-3+deb9u2 ii ttf-dejavu-core 2.37-1 ii ttf-dejavu-extra2.37-1 ii ucf 3.0036 Versions of packages otrs2 recommends: ii aspell 0.60.7~20110707-3+b2 ii ispell 3.4.00-5 ii postgresql-client 9.6+181+deb9u1 ii postgresql-client-9.6 [postgresql-client] 9.6.6-0+deb9u1 ii procmail 3.22-25+deb9u1 Versions of packages otrs2 suggests: pn postgresql | default-mysql-server -- debconf information excluded
Bug#876459: needrestart: Non-interactive mode not being detected properly
Control: severity -1 serious Control: tags -1 + fixed-in-experimental stretch Hi, > the problem described in the archived bug #803249 still exists in > 2.11-3 (Debian 9.1). When needrestart is run without a tty AND with > DEBIAN_FRONTEND=noninteractive, it still tries to work interactively > rather than fall back to "list only" mode. In some cases it causes > unwanted restarts. The easiest way to reproduce it is to run > needrestart from cron, redirecting the output to a file. I regularly see this bug cause important PostgreSQL databases to be restarted on Debian stable. Can you please make sure to provide an update for the next Debian point release? If you need help doing so, feel free to say that. -nik signature.asc Description: PGP signature
Bug#889954: [Pkg-xmpp-devel] Bug#889954: gajim: please play nicely with gajim-httpupload and gajim-omemo (i.e. break it ; ))
Hi, > Please join the xmpp-team in salsa.d.o and fix it in the git! :~) > (Only if you like, no pressure intended!) I had planned to not register a -guest account on salsa, given that I am about to become a DD, but that plan was made 9 months ago and as my AM has been entirely unresponsive for these 9 months, I will have to start as -guest again and migrate stuff later, which I wanted to avoid… So, yeah, I will do tonight ☺. -nik signature.asc Description: PGP signature
Bug#889954: gajim: please play nicely with gajim-httpupload and gajim-omemo (i.e. break it ;))
Package: gajim Version: 1.0.0~beta1-1 Severity: minor -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 As I understand it, Gajim >= 0.98.1~ implements OMEMO and HTTP File Upload in the core and does not need external plugins for it anymore. Both plugins are packaged in Debian. While Gajim seems to ignore the plugins when they are enabled and does not break, to be certain, I suggest conflicting with gajim-httpupload and gajim-omemo (not sure if conflicting is the right thing, but you get the point ;)). I might as well be wrong with all of that… - -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gajim depends on: ii gir1.2-gtk-3.03.22.26-2 ii python3 3.6.4-1 ii python3-gi3.26.1-2 ii python3-gi-cairo 3.26.1-2 ii python3-idna 2.6-1 ii python3-nbxmpp0.6.3-1 ii python3-openssl 17.5.0-1 ii python3-pyasn10.4.2-3 Versions of packages gajim recommends: ii alsa-utils 1.1.3-1 ii aspell-en [aspell-dictionary] 2017.08.24-0-0.1 ii ca-certificates 20170717 ii dbus1.12.2-1 ii fonts-noto-color-emoji 0~20180102-1 ii gajim-omemo 2.5.4-1 ii gajim-pgp 1.2.1-2 ii gir1.2-farstream-0.20.2.8-2 ii gir1.2-geoclue-2.0 2.4.7-1 ii gir1.2-gspell-1 1.6.1-1 ii gir1.2-gst-plugins-base-1.0 1.12.4-1 ii gir1.2-gstreamer-1.01.12.4-1 ii gir1.2-gupnpigd-1.0 0.2.4-2 ii gir1.2-networkmanager-1.0 1.10.2-1 ii gir1.2-secret-1 0.18.5-5 ii gstreamer0.10-plugins-ugly 0.10.19-2.1+b3 ii notification-daemon 3.20.0-2 ii plasma-workspace [notification-daemon] 4:5.10.5-2+b1 ii pulseaudio-utils11.1-4 ii python3-crypto 2.6.1-8 ii python3-dbus1.2.4-1+b4 ii python3-gnupg 0.4.1-1 ii python3-keyring 10.6.0-1 ii python3-pil 5.0.0-1 pn python3-precis-i18n ii sox 14.4.2-3 Versions of packages gajim suggests: ii avahi-daemon 0.7-3 ii libxss1 1:1.2.2-1+b2 pn nautilus-sendto pn python3-avahi pn python3-gconf pn python3-gnome2 ii python3-kerberos 1.1.14-1 ii python3-pycurl7.43.0-2+b1 - -- no debconf information -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlp9WtUxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZf/BAAx5tPF5DF/vbSQEj5xla9oMCfGTTu b3u7cnGwWTYcWfQFQXF1qqjqy86ySaKKwx6mJOgRO6+fNs2UsXWZkImnuBJOwbdO CRvNehwvTdBRJqNxs6VarjiYiyWrxIKkvL0igk1f99DDrt35doMCBrTxfVDuybBZ HnkowXWgoAMSErDzhCnCNEjDEYjqH0iMo6DJTHh7t5/Snd8lmxc0UhzCiFYvb98A OmI18Jf0/WNAOX2m+l8Y87IYZTaWUsbJxVz6BbAyW8utTc7taKFXA8O4ul/DDpUT /zHLAQx0CfFeUVD5A4kupAZlkI/+WmQc78+t8zzev348S7R6ipHr4E24Q3Srq2N5 3Qni6LOo+cVOlLmj1RJb60xZOL6BZ2ZF/RjKxTUV22zixL03GyF1/4TFxzizj4a0 F93P124tBufAW3pnK8Ccgpbry5FR7MMlIwiI3PxbItMzz9MVwJShcBhlZwsOaDQa dbgNHpU/BexxOrw+Bt3RAkWfaq3kmAI5pyCoErB0wj4dKlB35QE8HUr9smUmwGis TscO8N25k0FQgxuPMh8TgQuEXJlHDCKl/OtMX+DdqU2neTjarBwif39KsglmO6R8 mqk3TvSZC467kN9V8lKXj5XqprF3VIf7R7U490wwuWXv3982fuJeeJHjcdCx3PG5 xGH15VKnxbIrqkg= =quNi -END PGP SIGNATURE-
Bug#887393: ITP: sdaps -- scripts for data acquisition with paper-based surveys
Package: wnpp Severity: wishlist Owner: Dominik George <n...@naturalnet.de> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 * Package name: sdaps Version : 1.2.1 Upstream Author : Benjamin Berg <benja...@sipsolutions.net> * URL : https://sdaps.org * License : GPL-3+ / LPPL Programming Lang: Python Description : scripts for data acquisition with paper-based surveys SDAPS is an open source (GPLv3, LPPL) optical mark recognition (OMR) program. It is written in python and has an integrated workflow with both LibreOffice and LaTeX to create questionnaires. I will maintain this as part of the Debian Edu packaging team. -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlpdDeQxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pa70RAAg/Sd0Q8BFWZFOD2q4wj00E2p9JdF WoufCnfUiYCeOcVtpYMk+L1v2h4V/HP3ZTP0X6KbBaGmmKiVQ/Wfvn4CbxcCdf2S Iyy9KaCUsqHWZ94Y8YPXZwK/t0uitVEeGN7JYYQeHgzKUtt6a+yqNuoHMGCDIgVq 4jhH0QUJ1/kCEvPz55tjRYuqKWeg72wiBE9iMnjnEYWlKNaa3ComuSX8deIDP17l Mfg9mEfKct34WY5/mIJ2njcZnat4Lt0HCIunj/tFHGnHEJKjaEJKVPWoj5mFJQ6k Dhi/9eqJi/3gnSSLoRp25h+AVR1KHKi8AVl2Q6A6umvtUXyEVrYY48oprxffQobO CxZLth948aS9kSAIfRTXyOsgBHoz9L5Vim3D3NGesCMtmusI4FmZlUwODI8jo5jH SirQill2oWPfRLMNI4k8p8/AfEI0C3N9fmF2OnCoDhtKd/mpuy5PzgRNrTlA/3ct Bdwl2E+8QPxefcq7PY0Ib9ky0ZdhB0IkWgTC5u8A/4B4nbvbH1rU8gIouu0ONORQ MQa3sDg6iWbICDA1Gcgdal0BNsHxwPAEBeUl/RzgBzxWJbRnMO85pYyH5UsSq6Oq AW6urVG8OBY1XH26ypZ1MEcL0s1qgUAIQpTMTHuaaeWmWQDkeyIHI4oI1+vxEgEb pb4j4oMePTRGZTY= =xFTc -END PGP SIGNATURE-
Bug#876376: debian-edu: autofs daemon on combined server breaks homes and NFS
Hi, > yes. And about an installation flaw. From the bug description, it looks like > Nik hard-mounted the physical drives under /skole/tjener/. > > This can only fail. The question is, how did that happen. If the TJENER > installation does that via debian-edu-install, then we have a bug. > > If Nik moved / added mounts under /skole, then there is no bug. I did not. But I only was handed this box over to to the upgrade - I cannot tell for sure whether something like that was done before, but I do trust the person in charge and they say they didn't do such a thing either. Cheers, Nik -- Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter) Teckids e.V. - Erkunden, Entdecken, Erfinden. https://www.teckids.org/ signature.asc Description: PGP signature
Bug#884483: stretch-pu: package xrdp/0.9.1-9+deb9u1
Hi, On Fri, Dec 15, 2017 at 07:41:29PM +0100, Dominik George wrote: > Package: release.debian.org > Severity: normal > Tags: stretch > User: release.debian@packages.debian.org > Usertags: pu Any news ☺? Cheers, Nik signature.asc Description: PGP signature
Bug#885029: xrdp: thinclient_drives not umounted after session terminated
Control: tags -1 + moreinfo >This is still not correct: after the session has ended, the >mountpoint must be umounted. Older xrdp versions even did this. So, is the session really correctly terminated? I cannot reproduce anything of this after logging out. -nik
Bug#885029: xrdp: thinclient_drives not umounted after session terminated
Control: tags -1 + moreinfo > Now I have these extra mountpoints in the system: > > fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime) > xrdp-chansrv on /home/tglase/thinclient_drives type fuse.xrdp-chansrv > (rw,nosuid,nodev,relatime,user_id=2339,group_id=141) Looks correct. > > Also, my home directory ls -lF’d doesn’t look too healthy: > > d? ? ? ? ?? thinclient_drives/ > Also looks correct (as already explained to you in person, and to others in this bug tracker, several times). But again: Only the owner of a fuse mount point can stat the directory managed by this fuse process, which is the user running chansrv. It looks strange, but is a design decision. -nik signature.asc Description: PGP signature
Bug#884561: stretch-pu: package pam-krb5-migrate/0.0.11-4
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I would like to update pam-krb5-migrate in stretch to fix #873271. Right now, the package is unusable because it installs files to the wrong directories. I took over maintenance of the package, which is why I also change the maintainer in the new package (as to not wrongly mark it as an NMU). Diff attached. Cheers, Nik -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlo1jcQxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZW/RAA0yjmuxuBzOktQoyjNzKgUel0Tv4D MEl7p7vscUJKwL9RJ/HkB95J38fSFJkwCtWBhg9dpDin6VCqZvg4B5XCjYyxYWd6 7kW7dPxf76GHoRj5qeoEjlFp5vP5k/NhuBI2by6t+z35lTtBDEtHaqzFTvoR2+jm 2GpkqdKk/u7slD1BNyOP9XG/gKfViC7DjO0QNIyNESWJ1t5liwFWvx35W1e/+izC FWG/By4WbmFaZiDYcZIUKQyy5d57swziVQwAzKSf1ItwgJC+lFy5iLMUMVgMHBxd fWePt/FF+MQmhNEV+WRr8PbCPNudQaZB3QW1PvHXzusvQprELxgqpLA1FuRT47J1 y4AvkJFYG3iXRDhhn7m5B9ZsKl2t4HWg87HNUw3daoew/yWNzeHA8baBCs77VOm5 E3+JcGxfeTqjtAuXH0rXuzTH4o5sZWWVs2st1jmJIEKvEbbWbqh1dwsarpXVnDkK DXtHoj/E4HXGin9gJAH3dBiV6udbolTXzTGHzbsEtbpjmgGc0IjhIPRDWRamt3fX p2EIGKW1yXWnAYhEk3PWPM1pgmijdVgr3aJOTIdQYV9K8RTA9e6r/nQBEKenk6xX FDrYOQyW/VF7ew5VKmDGjZglJ3Fj93IO002l/xJSZDvqDJY+D+PvaQcJ1bvEgMi6 thO1UGJbKoniyX4= =MSeb -END PGP SIGNATURE- diff --git a/debian/changelog b/debian/changelog index f59576e..f1c26a0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +pam-krb5-migrate (0.0.11-4+deb9u1) stretch; urgency=medium + + * Fix install paths. (Closes: #873271) + * Make myself maintainer (instead of marking this an NMU, +which it isn't). + + -- Dominik George <n...@naturalnet.de> Sat, 16 Dec 2017 21:51:59 +0100 + pam-krb5-migrate (0.0.11-4) unstable; urgency=medium * Drop support for Heimdal. Closes: #837695 diff --git a/debian/control b/debian/control index 98ccc21..d10797d 100644 --- a/debian/control +++ b/debian/control @@ -1,7 +1,7 @@ Source: pam-krb5-migrate Section: admin Priority: optional -Maintainer: Jelmer Vernooij <jel...@debian.org> +Maintainer: Dominik George <n...@naturalnet.de> Standards-Version: 3.9.8 Build-Depends: comerr-dev, debhelper (>= 5.0.70~), diff --git a/debian/libpam-krb5-migrate-mit.install b/debian/libpam-krb5-migrate-mit.install index 859fba5..77f7a0f 100644 --- a/debian/libpam-krb5-migrate-mit.install +++ b/debian/libpam-krb5-migrate-mit.install @@ -1,2 +1,2 @@ -mit/pam_krb5_migrate_mit.so /lib/security/pam_krb5_migrate_mit.so -debian/libpam-krb5-migrate-mit.pam-config /usr/share/pam-configs/krb5-migrate-mit +mit/pam_krb5_migrate_mit.so lib/security +debian/libpam-krb5-migrate-mit.pam-config usr/share/pam-configs
Bug#867558: flask-ldapconn FTBFS: build dependencies python-ldap3/python3-ldap3 are only available in more recent versions
Control: tags -1 + upstream > builddeps:flask-ldapconn : Depends: python-ldap3 (< 2.0~) but it is not > going to be installed > Depends: python3-ldap3 (< 2.0~) but it is not > going to be installed ldap3 version 2 requires a complete rewrite. Upstream tracks this at https://github.com/rroemhild/flask-ldapconn/20 -nik signature.asc Description: PGP signature
Bug#884483: stretch-pu: package xrdp/0.9.1-9+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I'd like to update xrdp in stretch for two important bugs: 1. #882463, CVE-2017-16927: Local DoS Security team says it's not critical enough for stretch-security and I should instead target stretch-pu (although I disagree). 2. #884453, High CPU load in ssl_tls_accept Remote users could use up quite a lot or all system resources by keeping TLS contexts in a certain state. Please find the debdiff attached. Cheers, Nik -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlo0F1gxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8paeRA//apbQ6DhlOkmV6C5+bQ3dSPK0BYbV CAEwhIVSNSsIr7M8726DcoRPIcfdkmU9sE6T84QXf8wShBzoGPTjI9WWIhkwOF2o UuBWZ68wKnQ7A4wuH9br5TYkeF6TDHpct7PE2N+p/BlihXUuUqReXqa4KSjtmKuj l5Q2VJUyUUwyNlZWash8wAY+NmRqpF681sMJCol1v3LQ3F5JUije2rayw//2tdYW HGBYAZEzU/FXZEQyfS6507lyjjiGLWmiwYSGvpvEyr5dg1rJCDNr4P4KH9qbUYLS 4LVpbh8FcsGlnopyjlW9z791upwHUpyyJD2+GTda3zBCTIlTwII7+NJ3L5jpYL// JDXAigt1H09vb2ZYcfjm/P2gqd6yIP9PZDeBjetgQ2Z+pD8/1BrzG/OUd1glxNXU kElHUMvJQxv5jm6XKPldcoBN2CQqwm9NOxiQsx/DyEyhAEpL78+sg1hZ+oPUrj4j I/vX9CGE30mWCEwU6PQqkYS8urN+bvVVFYFO8jM+xYeJZTjwvnjPJkgp89+poGzp ZeRPYyY9+OxMMJJke3aSvrU5wXXpePvz29/KXzAuOTsLavkeL1RQkW7NPtHWtCYk qKICivi10AqLY2Ye2PScnUdAdgJ6spye/b2hju1Hzrz3oeUlxBd5ME2v90QsvbVq CW0Pxt5DlSX9Ir8= =8FZ1 -END PGP SIGNATURE- diff -Nru xrdp-0.9.1/debian/changelog xrdp-0.9.1/debian/changelog --- xrdp-0.9.1/debian/changelog 2017-10-18 11:56:31.0 +0200 +++ xrdp-0.9.1/debian/changelog 2017-12-15 19:28:28.0 +0100 @@ -1,3 +1,10 @@ +xrdp (0.9.1-9+deb9u2) stretch; urgency=medium + + * Fix CVE-2017-16927. (Closes: #882463) + * Fix high CPU load on ssl_tls_accept. (Closes: #884453) + + -- Dominik George <n...@naturalnet.de> Fri, 15 Dec 2017 19:28:28 +0100 + xrdp (0.9.1-9+deb9u1) stretch; urgency=medium * Fix high CPU load on SSL shutdown. (Closes: #876976) diff -Nru xrdp-0.9.1/debian/patches/cve-2017-16927.patch xrdp-0.9.1/debian/patches/cve-2017-16927.patch --- xrdp-0.9.1/debian/patches/cve-2017-16927.patch 1970-01-01 01:00:00.0 +0100 +++ xrdp-0.9.1/debian/patches/cve-2017-16927.patch 2017-12-15 19:28:28.0 +0100 @@ -0,0 +1,137 @@ +From: Idan Freiberg +Subject: sesman: scpv0, accept variable length data fields +Origin: https://github.com/neutrinolabs/xrdp/commit/ebd0510a7d4dab906b6e01570205dfa530d1f7bf.diff +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882463 +--- a/sesman/libscp/libscp_v0.c b/sesman/libscp/libscp_v0.c +@@ -157,7 +157,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, + struct SCP_SESSION *session = 0; + tui16 sz; + tui32 code = 0; +-char buf[257]; ++char *buf = 0; + + if (!skipVchk) + { +@@ -222,27 +222,31 @@ scp_v0s_accept(struct SCP_CONNECTION *c, + + /* reading username */ + in_uint16_be(c->in_s, sz); +-buf[sz] = '\0'; ++buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); +- ++buf[sz] = '\0'; + if (0 != scp_session_set_username(session, buf)) + { + scp_session_destroy(session); + log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__); ++g_free(buf); + return SCP_SERVER_STATE_INTERNAL_ERR; + } ++g_free(buf); + + /* reading password */ + in_uint16_be(c->in_s, sz); +-buf[sz] = '\0'; ++buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); +- ++buf[sz] = '\0'; + if (0 != scp_session_set_password(session, buf)) + { + scp_session_destroy(session); + log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); ++g_free(buf); + return SCP_SERVER_STATE_INTERNAL_ERR; + } ++g_free(buf); + + /* width */ + in_uint16_be(c->in_s, sz); +@@ -268,9 +272,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, + + if (sz > 0) + { ++buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); + buf[sz] = '\0'; + scp_session_set_domain(session, buf); ++g_free(buf); + } + } + +@@ -281,9 +287,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, + + if (sz > 0) + { ++buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); + buf[sz] = '\0'; + scp_session_set_program(session, buf); ++g_free(buf); + } + } + +@@ -294,9 +302,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, + + if (sz > 0)
Bug#880720: updated xrdp: Failed at step RUNTIME_DIRECTORY spawning /bin/sh: File exists
> dpkg: erreur de traitement du paquet xrdp (--configure) : > le sous-processus script post-installation installé a retourné une erreur de > sortie d'état 1 > Traitement des actions différées (« triggers ») pour libc-bin > (2.19-18+deb8u10) ... > Des erreurs ont été rencontrées pendant l'exécution : > xrdp Unfortunately, I cannot read this. Please run with LC_ALL=C. -nik signature.asc Description: PGP signature
Bug#884453: xrdp: 100% CPU load on ssl_tls_accept
Package: xrdp Version: 0.9.4-1 Severity: important Tags: upstream pending Forwarded: https://github.com/neutrinolabs/xrdp/issues/954 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 There is an infinite loop in ssl_tls_accept. It makes xrdp cause very high CPU load, and malicious clients can exploit this by keeping many SSL sessions open in this state. More details in upstream bug tracker. -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlozougxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYvEBAAiwnWk+2aIbHcP+hvGSGuSugJhJwF iiglKO4TF5/s8Iof8U2Tt2CtyNgMOGpjd4cLW9TLkEGKDDH9Z6o/oZ9c8vvjBPay fFD7Nrq7XU2v5+E1LaiWj7wOi8XQmQAc6ID320VFMbMo9gHNJG1u9h/wyV+HsRKQ WSKD0dDXFxN7m2E4ECzwZugeihvPH0o1+f9i2vf4HlAkylkNgCqUesFadf6YDICM 07IZCkU9TT9AJ4LinYH9DhcJmU03mWsjP2lh2hpBFRzjXLjhEojkYD+Y29rQE8RJ J6bYyBGdC22kvdmvDuG9UqjbM0O9fMuefyDVdn2lxEs0f2RgQkH8jOOLYzo7DqcY S0UA8Zaxo8u+mJSnwLoy7+O0Kc5QdnIbfpfRI/JjBtvklMnbGMe+QcyQJ/RsUZuK K9rcg+MKLyO8oAnGtiB3u1b6fCMt4VrGxDia/yoge1QQo340lYzsyvrdNUsR7kkc QvGm2RAI7n0YFWmHhifOUGw6GtCqTfFcU+EGcOY9/ZZjNem2Ki915EYEDXTqq0Z/ qcEz4UQUWCdCyjv9Ik+ZvFAAwmFH+qCHltWmBkbK1jUK6S4v13PmB9k70ZzF59zb VKD6iAKvTihO0dHGtZN9CIhJHpB8z6dLm8hdSJdjfeyXAxvJoh8AUzRUP8uycGXC 1my6qMZiBSXT+/M= =dnOz -END PGP SIGNATURE-
Bug#882463: Wheezy update of xrdp?
Hi, > Would you like to take care of this yourself? Not really. Go ahead ☺. -nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Phone: +49 228 92934581 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#849325: RFH: heimdal
> There are two maintainers in Debian (Brian May and myself), but we're quite > time constrained. It would be great to have some help dealing with the current > backlog in bugs and keeping up with more upstream releases. As discussed by private mail, I will be helping in maintaining heimdal. -nik signature.asc Description: PGP signature
Bug#878144: Remote unauthenticated DoS in Heimdal-KDC 7.1 (Debian)
Control: forwarded -1 https://github.com/heimdal/heimdal/issues/353 Hi Brian, On Tue, Dec 05, 2017 at 09:22:05PM +1100, Brian May wrote: > Dominik George <n...@naturalnet.de> writes: > > > We can reproduce this issue at Teckids and have now closed the KDC to > > the internet. It was intentional that users could get a ticket over the > > internet, but heimdal-kdc crashed at the same code point with the same > > cause regularly. > > Sorry, very short of time lately. Are you able to submit a bug report > upstream? Done. I will also happily prepare a patch for stable / stable-security once upstream gave an opinion concerning the fix. -nik signature.asc Description: PGP signature
Bug#878144: Remote unauthenticated DoS in Heimdal-KDC 7.1 (Debian)
Hi, > We are running heimdal-kdc 7.1.0+dfsg-13+deb9u1 amd64 shipped with > Debian stretch for our Domain and have discovered several crashes in the > past few months. Investigation showed that dmesg contained several logs > about segfaults: We can reproduce this issue at Teckids and have now closed the KDC to the internet. It was intentional that users could get a ticket over the internet, but heimdal-kdc crashed at the same code point with the same cause regularly. -nik signature.asc Description: PGP signature
Bug#882085: [cowsay] Package includes ASCII representation of Zoophilia
> In fact, the package was installed since I have turned on install > suggests. If this was done on purpose or accident is not open for debate. It is. I'm sorry, but in fact, your concern should be that you are obviously unable to control what you install on your system. You can read a handbook on this topic - but please leave unrelated maintainers alone - they are not the support crew for your personal system's administration. The fix is to purge the package and look and think next time you install packages. -nik
Bug#879177: Remmina: Not connecting to Windows 7 using RDP connection
Control: tag -1 moreinfo Control: reassign -1 remmina-plugin-rdp Hi, >* What led up to the situation? > > Tested connection to my work desktop after upgrading to Buster >* What exactly did you do (or not do) that was effective (or > ineffective)? > Tried various settings, installed vinagre, which works fine. But > Remmina won't open an RDP connection. Which of (rdesktop|freerdp-x11) have you installed? Cheers, Nik
Bug#878996: stretch-pu: package xrdp/0.9.1-9
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dear stable release managers, I would like to update xrdp in stretch. xrdp 0.9.1-9 has a bug marked as important in the BTS, causing xrdp to go into an endless loop whewn shutting down an SSL context and causing very high load on the system when it does. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876976 Find attached the debdiff between the current stable version and the proposed update. Cheers, Nik - -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.12.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnnJwkxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZwuRAApyqFBZMpTFICL5NOrVXnC43+W0I5 q2ft6ukZ+9nhSMYsFCohxtqthfzn3YW2CcSHBmfk5Ig/+UST+zARiw48qM+a0/pW Wr9gsK2UMlnSve1R/4kw5NKfFfAxTF1L+JGvvAbEwfsM42jLdQkQOb/7uc8oe+bE OEKs+HvU5PcsAGv4beoLANtWzikg1nIoukppyRPaZx3HY3iGZv5NVRmrY68mWYHM /Z8dv4spg6qpCOt8PrMmIe7K2SbS4apUKNDjbgh/BFAkHSKQs3xpBKeGmtFak4oM mc2GmvHfcDG74qqNOn0Z/NwKaQhBUWjEx/Ok45ctNWcKObk5WZ02G5zrhYz7K7J6 Y0QKoC+f1E8zH0iQAhW80AaOIFZfT1OonNLpxQcc/JECQYSIxZsr/e6EAEeQWCeV OUCLZh/7tBpnRwzXKAEr36QGlKfyjtchCnbgfFO+2yiaOIc2mn8Lx5QgSUnv+vlV HGqVvdtZecDKz862zKew495Xuf16gBxg95zS5sfKzLEG+xzspr41Pve+QC25rJry BV3OsrS4IhpMaOUQEyJhY+AncWX0ZvWQraPF7Ise5YWiI5sjIFGmQkjqjoT2QiB/ pFYnOUaPv7zkPaBI3NL4+GZyMskPba16gnL0032HrIRhFdAerXd6bUBtX50Gq9FF jfjCKuq2/VZbMzY= =z88f -END PGP SIGNATURE- diff -Nru xrdp-0.9.1/debian/changelog xrdp-0.9.1/debian/changelog --- xrdp-0.9.1/debian/changelog 2017-05-04 18:59:10.0 +0200 +++ xrdp-0.9.1/debian/changelog 2017-10-18 11:56:31.0 +0200 @@ -1,3 +1,11 @@ +xrdp (0.9.1-9+deb9u1) stable; urgency=medium + + * Fix high CPU load on SSL shutdown. (Closes: #876976) ++ xrdp could in some situations cause permanent high load on a + system if an SSL shutdown got into an endless loop. + + -- Dominik George <n...@naturalnet.de> Wed, 18 Oct 2017 11:56:31 +0200 + xrdp (0.9.1-9) unstable; urgency=high * Revisit incomplete fix for CVE-2017-6967. (Closes: #858143) diff -Nru xrdp-0.9.1/debian/patches/fix-876976.patch xrdp-0.9.1/debian/patches/fix-876976.patch --- xrdp-0.9.1/debian/patches/fix-876976.patch 1970-01-01 01:00:00.0 +0100 +++ xrdp-0.9.1/debian/patches/fix-876976.patch 2017-10-18 11:53:29.0 +0200 @@ -0,0 +1,16 @@ +From: Jay Sorg <jay.s...@gmail.com> +Origin: https://github.com/neutrinolabs/xrdp/commit/2c96908ea500880c71d3593dd2b2b5b5275bdbf5 +Subject: if SSL_shutdown fails, only call one more time +Bug: https://github.com/neutrinolabs/xrdp/issues/872 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876976 +--- a/common/ssl_calls.c b/common/ssl_calls.c +@@ -754,7 +754,7 @@ ssl_tls_disconnect(struct ssl_tls *self) + return 0; + } + status = SSL_shutdown(self->ssl); +-while (status != 1) ++if (status != 1) + { + status = SSL_shutdown(self->ssl); + if (status <= 0) diff -Nru xrdp-0.9.1/debian/patches/series xrdp-0.9.1/debian/patches/series --- xrdp-0.9.1/debian/patches/series2017-04-27 12:48:33.0 +0200 +++ xrdp-0.9.1/debian/patches/series2017-10-18 11:50:09.0 +0200 @@ -10,3 +10,4 @@ kb_jp.diff highres.diff cve-2017-6967.diff +fix-876976.patch
Bug#878887: ITP: php-react-child-process -- Library for executing child processes
Package: wnpp Severity: wishlist Owner: Dominik George <n...@naturalnet.de> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 * Package name: php-react-child-process Version : 0.5.0 Upstream Author : Cees-Jan Kiewiet * URL : https://github.com/reactphp/child-process * License : Expat Programming Lang: PHP Description : Library for executing child processes Needed for movim-pod. -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl/sgxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZDExAAlTm6cGPF7Cu+of/DKsIAgbbYbzhu qTpimPWioaJe+vdgsBu8VGMwpo85YVlTC+SYplEMBwV42V3g4z8PMglb3RkntkC5 +EMq4DpPf/HgRxSWb78BTXr9QT7lU1NRxEiJJoq/X4S4Z1bDGya4o/H6Tm4z8atE 9pr52KHudMkDyxHMuKEOuAttxJojEFdoUBjE2kAc/sajc88SUg9p7Kw+MVqJqrYj g5c1OfwzCcys9xRiHEbKIlTX2E0yn0aap0GU6qKhvfA/SMag+iGAb6Gr9SL4BoV5 UiERLv4lRggTPvsMcdRljU+pqJwe7VMjMpzRsI4x6Gq7rWNxYIuz8uEgryN644SZ WW5GDUxlbwnecV1CywVPpGi0CFbjJj53kizCwhp0r2QrR1saLP5DDpqolWe18AIE mVQ4YIftE/N/eWSy8akdZmDineEPwnsXtl3o0NVE8N8Jrn17z96it4WqgQJSNb0O yt5/mCJkUVd2Lykr8BGievdHf1Jt76GxO8iKSazdI+b4GtONPPDCcZw1bfFYA1MS tBMGyPxhfTN+D5cumQ5I3n8sTEaw0WznXL3ZwqHmD5LGWc2UQ06S04E32NYuSB+J kxlHg2OuRn0n5/YZgT3CJgXJV4Byhyr15xstXuoPIrCgpraebrniRIV/JjPfVyBN wBrtk621FfD8qAs= =yVZu -END PGP SIGNATURE-
Bug#878886: ITP: php-encryption -- Simple Encryption in PHP
Package: wnpp Severity: wishlist Owner: Dominik George <n...@naturalnet.de> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 * Package name: php-encryption Version : 2.1.0 Upstream Author : Taylor Hornby * URL : https://github.com/defuse/php-encryption * License : Expat Programming Lang: PHP Description : Simple Encryption in PHP Needed for movim-pod. -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl/i8xGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pa74A//apYzRf/zsUE4I+NBOszVf1RQZlYu dwRdOcKustUtvP35apjtxfwYNC3pwg2odcSnDw+nH7R3fwehtiGk2F8tVX6NW6Kr bZEphtbN4i7RJCd0MhZSHBoOGLusa4HvWQbT9IAt3u31TSac+q6UNmehRAuWIo00 X6TaEHnYib+S3q3UVtmxSenC/b/BhSAo8z9sRZBR7L4SaFgW5xegeA3dX+YU6VPt SOvSe+TooAGskOMgVsHKb8tC6f6Dj2ulHC2moEhEH08Pn6LRkX4hG2Cge58QXmVB bHuiA+Vf87vC5mQIjSIoXg7a2JAjxK5z4DaA13iDGbkFX2m+5hd22PhFlH87bY9m Bt+HOUcizhOHTfQo6188cZ7fAahqxWU1UsXQl1KomzWm8IxrzwIFdB1afxzm5OCY P4n3oJs1Bz0wJLYAu/9/e/HkufjiCbidc60SuHFgVBDII+hblTRblQHqiLu5zw0g kRP24+AO04u4WWJ7eMwUxzVDd8SNRll2Wd2YZtX9btYJnV99mMA8Zs27WZeK6q7D 4N1s204L330Rt/FFYigdrEJF09dO+tiUnApyIqP5MhI8q0shU8JMOQM+9ADTWtsw BeXoNUV1XUcbIymNaoPeMIXvgkewp6nwnwNoyQGX/C0OiBnS5/xfMXGyNeWS24Kx tGm+XbbrFi8wOEs= =yz2Q -END PGP SIGNATURE-
Bug#878885: ITP: php-fig-cookies -- Cookies for PSR-7 HTTP Message Interface
Package: wnpp Severity: wishlist Owner: Dominik George <n...@naturalnet.de> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 * Package name: php-fig-cookies Version : 1.0.2 Upstream Author : Beau Siemensen * URL : https://github.com/dflydev/dflydev-fig-cookies * License : Expat Programming Lang: PHP Description : Cookies for PSR-7 HTTP Message Interface Needed for movim-pod. -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl/ZYxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYaihAAsY+5PilN3F7umx/22fCv3voPmaE/ ypdWPgZKxBIiNru2i2eIMhmycfBNPqLgQdkiKelz7W+v+Tl8aPT0895MFLofkbIq isQHvIOwCAGfZ5kK9gui9QbI48p/ZlP/P/9thUjCf2xClPgOOHjmkl6KiJDKRTnR f0UZOBbArsdWqUaOZF8RxBTNjNkED+/uKZgICFvrDPSeXVOn+adE5kY2p4hdM0lK 3vj/kWLwHanreQRDw7zPCNX3dcELn01Ku4jkuHVkFOmZwIEcMSBPTriiJC45vJ0t xCxhxa+8iJlQ827a+QAeyFFDdBxaThRM3RQKTWXAC5EuJXqDN/cjsxWNsSJ32EQL nGS6BFyDXzav7ueTTXNmjlhSw/hMZb9ytwAbszSe/itSymfXZtN/kqyZ1az30qA1 7e40K5n4WlBdA/mjb6tcdc9T1WJ9USzi/96+0g/dkx6ETdJRN1dUhXDk4U52lQFl Hk6t2kRuGQ7xPq3lp6fBmAZED0T96z8CeNGZlbXS65qOkFvG1cEUqD55JkSRBMmm NkY6qePZgHXeIUbypKS3LaMfEQtd2iGEpdrzAh5tg2oWq91UWNOg6QEM8+HW30uX B3hnk5ra0Z9vd9g0kxQ5cqhDexzinPQpWtHyFqUvS9S/xVP3pl3+ViWNnGr8egWu vMuGienYaUvfTFs= =4lMY -END PGP SIGNATURE-
Bug#878884: ITP: php-buzz-react -- Simple, async PSR-7 HTTP client
Package: wnpp Severity: wishlist Owner: Dominik George <n...@naturalnet.de> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 * Package name: php-buzz-react Version : 2.1.0 Upstream Author : Christian Lück * URL : https://github.com/clue/php-buzz-react * License : Expat Programming Lang: PHP Description : Simple, async PSR-7 HTTP client Needed for movim-pod. -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl/QcxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZuFA//Q/Sq1E7CkPy2Gcd2HsIfNVEmUy4I pq4bY5s0B66iTMHiwTt5njKyOt4cTkRgFjekrjzOGLicjWMrrZyL5/GwDT/7vAXJ W4I7hzXv4JRadu+FXq3wKM+e7jwOYGlJsJoruUk2Z8I78Tz+hLffiZ1+EJK8mAWv DLUpJD00I+y2aexHGZRgIp9j2/XQDbSGK1In6uRiRxWV7H3Iazlb9vR/Njn3ULh9 MJ8UOl9ufE6iJzLm6R5SdtFm2dwbFGhL7KoVyZWfO0wmlkB5SVq2Q6g/e3nt/zOh W9VYMXuZKvgU0oqpF4+VBq+hSnI6ctt3JiHEXAKYWinFVRf6f0pCq3XOygtV3J/I CIgYIOsCceQYBTN5hsGoGwMn6J9zKlxmUxHwvhv39IgAeMnQjn4RJQwEYeW+N+8x KWBMMfrrLlsOvNibyezIAQ03EABhkjZkm0mVPH9Xp+LuBTLfternYqwfCZbPIUO1 yzoJfs7meT2RC7SckPp/aVaKLatvE45uzlGG4nS/WNIoiWerlrLv4d8oBO/EK+6w ouhd2OmcNZ5ZM9fA8rTqKPIBss9HW+vb2j9/BGJQs75rOFSD+5VmJV7qEgjGYAko dqj3EaFyzzZKobDSbx2l4myFRGxbhDakDyo1S4YTMCqpJ2QCsJpNYqssgFSGD8dG pPSjzqFqT9sc/6U= =uPDo -END PGP SIGNATURE-
Bug#878881: ITP: php-ramsey-uuid -- PHP 5.4+ library for generating and working with RFC 4122 version 1, 3, 4, and 5 UUIDs
Package: wnpp Severity: wishlist Owner: Dominik George <n...@naturalnet.de> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 * Package name: php-ramsey-uuid Version : 3.7.1 Upstream Author : Ben Ramsey * URL : https://benramsey.com/projects/ramsey-uuid/ * License : Expat Programming Lang: PHP Description : PHP 5.4+ library for generating and working with RFC 4122 version 1, 3, 4, and 5 UUIDs Needed for movim-pod. -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl+54xGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZUkBAAxSFHkcmyWnPuQe/lqm3MHIBzO/CE GwbR7k90NBEXXzRNJlGhI2r24LxIfnH1c8tIsuBKqbkz+0yLeHGA9PizzDqsI520 kMQOi0468+1TOmCrSzX2l3nYFffjwMUEQD5sTit2sfhpEMIWuxqX3rqZV5IKXDFf VLgrpvTbH+Jk0ezrCHs7l5qjhXShzwPMyLJg43sg5ktPpNi5sEwnd7zCICLfTBVF jgoMYvbztlYYIH8W8DPO0t0Pz4b10AMjPw1ISSu+XqlkAahyuaNWiG5qHQAQ6yDs ArQdbulk4Z8JcZ61h4no1hClARHRVhegizd+VoIRQmJ9q5QVO+qWbzYim95NG5vn Ud2tbhwEpD5n6crf5prW6cWbT3aU62u2K+4TjQlmbymF5s57fsIvArBk/rSGLHK9 wTkjJ0ko4nm3eC9RYK7v8W0u7ARO7h5fpUh5k4Ux0D10eawm1qtpn5RzTxIA7gwx NLT1+nF85HiZL6TqSwgnVrYXWqXEi4xuWOFHAXvUGb3e7Dkzlc4kUu3wU0WyCcQw MM/pM3nwzACA9WdEc2L8vkNbZYFkKdXyJfzZPsvm95ZGLhkbRklOqlgYt/mFfdOO oHCDcQOL/jLyGGB5aNcfnAxGo+XJuSajHjw3pAS0s2Q50hU4Ha/Lo/c021nGGLBh 2KnNKVb7qH5AtDQ= =hSAj -END PGP SIGNATURE-
Bug#878882: ITP: php-cocur-slugify -- Converts a string to a slug
Package: wnpp Severity: wishlist Owner: Dominik George <n...@naturalnet.de> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 * Package name: php-cocur-slugify Version : 3.0.1 Upstream Author : Florian Eckerstorfer * URL : https://github.com/cocur/slugify * License : Expat Programming Lang: PHP Description : Converts a string to a slug Needed for movim-pod. -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl/FoxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pY9uRAAoel0ZK70RBSr9V2jtlDyVh+RX5rx +spqc1bl3pLA0wBDF6X88GuK7cg3rGuSoUYalE0C6y+gSPd5vMFSO9r6PbduE7QU yP/akll7N5nGhLMx/otDU+7HLg/tK6sScqrOBSfIQxnV7tAQUafipbeOQlAiUeY/ JxMFu4TdhExZpomii5wS5dZrVLFgHe1PdMJgE8YvuzMr/qNRaWPUQ2ypePBVkmWT B+yuLlSeRlmgJdndNxv1yd1GO0lg8lYLO1CKHxvmEd+4Cmcxk1Q7I6TsDkN8EYQw TzNwRq/x3nLy8JMNcnE6nI0JEF56tZFiCr7di12zukJpAl5rA6RqMrLlzNLfOGNP BO396ISrmgWmES8MHzX3YRGdWqMPPlhHoi8S7gP7VWldedKPgg/1DsL6SqEyt0DU wCcUDgc1Ib4OVomr6KmXH9YD1DGqnglhUiZkeb1a2ebN5yyCRrMLrB7n/jceKkMu KfeuYtK38RITkrDihpSvkRpPuAZM3eA8iSKmJ4yTugOy8RXHRhN9dAa/tZ/4hgQz WnFYqCaKYGvhpwhq8o/oyLxCwEaVhrzf88QTXxvYXCFhjZa81fUNyNmZQJtlzWp6 MG+CJLrb0b3BpM0yWradvM3S2tBDR/G1QtUYgxc+f/yceL1Qiaq/nC6ttH/+xjVv C+mfexgxwvQLFek= =XPO8 -END PGP SIGNATURE-
Bug#878879: ITP: php-respect-validation -- validation engine for PHP
Package: wnpp Severity: wishlist Owner: Dominik George <n...@naturalnet.de> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 * Package name: php-respect-validation Version : 1.1.14 Upstream Author : Henrique Moody * URL : http://respect.github.io/Validation/ * License : BSD Programming Lang: PHP Description : validation engine for PHP Needed for movim-pod. -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl+r0xGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pbWXhAAiAbozwR7vL+p9n5wNTKZBLTS0Fzt hz3gAOaAcb601OcLUh3h+4uZEV/u/63VlisMDOaqzb6u6h7CfL0KmqjtS8F2+ALP I+l13WoJ2BQ5jeXBmgeenWtxSdLwB4m0fBcF9DdQGaXo6U5e4lVowCUm/g5Gz4x2 QZsTiMinrwOyGE7kC4iNknbTps3k5Jym/t6rcVf+fT7R40V8e/w8QEohSNgvztXj 40k5eCX6vEaLegReOoLUQfMrUtBSLeUHiLNBCqwxhleGP+PsUoQsOYAt7NnKb2rw et9EPFC1nNxjVwhimkKI8U5j9XfUB+Qg6E7MMdEiM/AfwjWAJg+Ho7a3rf4KW4wF 2cAEFUjX8cUB740h8w1YhMezOfCCZWVts/WXPsRTF+rzdYbjXTAVUgHlH6Pkg+Vr nrZ7DliQPVi9tMiczG4QnQc38FIzH5/f3VFKxonyz9TdZfOTV8Qtu4INMGzHZST8 VZDVfHT//SXECJRZyxgTJdSzys3+buHb7WcgG7NiAkOnS1xlu+BFRfCbKs+ZElYV +UXeoXYtpo0CAmlJ/SkZ6WIy1u9oqna+oP4hfTIO9x0RjH/3UwGrnJr04w0/65QD b1a0Hg8QT79jxgNg5hWc1rNV4AKHrRLl9LDgZ1epHpI4JJX2GnR8yMcI9Px3fiIV 6klHJ+kV9gkwJns= =M//F -END PGP SIGNATURE-
Bug#878877: ITP: php-react-http -- Event-driven, streaming plaintext HTTP and secure HTTPS server for ReactPHP
Package: wnpp Severity: wishlist Owner: Dominik George <n...@naturalnet.de> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 * Package name: php-react-http Version : 0.7.4 Upstream Author : Chris Boden * URL : https://github.com/reactphp/http * License : Expat Programming Lang: PHP Description : Event-driven, streaming plaintext HTTP and secure HTTPS server for ReactPHP Needed for movim-pod. -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl+fgxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYTSQ//R10OopH2AyyPSoAWfDSDHiljQzpG CCZ1miNtyzLT4HNBTjmEM4taLAzeShB8bb5D8oyoo9aktmTM5WuVw3kXBW12vcRW QbBDKtVAY7NMMN56PTsVxN1fXNGXQTtuUw63+jbH8yG7ZMktbDThOljcvBdyR7If w+7vhEEuwiUpgYcplFZTC1HjHj131pNIIDPtsBZr++dkfb8rnIcH71htftMIFbGO 63iXMTzz8DEqgHozsMpGjFijC85tx2vOMVpXF8iEbPCXlW7ne59pKZP21clDLZk0 XghKH4nQYWBBN87MgD4nnIe+dUvEyaEyIMYG70+9TP636uzNgLfNZ3XouO6fC/jT qj4cmVHc4IjFIIJoEw5Gvk0HbohqtNgRGx5Eej646SNOb2msOeX9WTjVUyx7UFvJ QNe8cymCtVul6hWxq6nxwG6tVMu6T4ohiSjItvL2rv532Rbm4qN62F9URd3KU4Bk SWPooO5vcp2VAanWxP5m7lEgqGwEwy/BSB9kAj0VervbK9kOMjOtdKOZed0qMWix i9+G4/fdd7aOUZQYSZPlPyhCvsUnDy8fNvgIlKKtSLBsBT+1iIJzjHX38Ke00ewE vcYa6A+pM3wI8Hfi36HbzygJ4ra9YE4a75phIrmdyGixDXZQSGEodlFYya1ONWS5 CBcFU6+yrvzwk7o= =/nCv -END PGP SIGNATURE-
Bug#878876: ITP: php-ratchet -- PHP library for asynchronously serving WebSockets
Package: wnpp Severity: wishlist Owner: Dominik George <n...@naturalnet.de> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 * Package name: php-ratchet Version : 0.4 Upstream Author : Chris Boden * URL : http://socketo.me/ * License : Expat Programming Lang: PHP Description : PHP library for asynchronously serving WebSockets Needed for movim-pod. -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl+UkxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYVIRAAm5Jvdb3QjAfEKmEddcbC3lG7zGj1 gfs+d/0klpsfcr/ZFhV7dYJT/7/WbRasjbQv9W9iyPMqkbHiGk592xlnIs1C5EUp dxnPEoDxW+d4TpejSclX32ya/Pijbs0QVyJHB2UKKy2H4yTT4tPau3jt2KBq0zIZ M02erwORqJg5EfXiA9qYChpJxrW9ip/TX4+bttNPQcm5szXxFV8a7OuQ1smrqsJo 6NqWgx8GMS6tpzbeFcgl2Dm8S3PT3Yw9hSLMIL5hl3cd3yTMAXdTh4GZqgGbAYO8 NnzCH8nCjIaaPnR8LEcfUH8iYGVNXsePYISbEnX8m9lyGljaYiTXg3chPVpx8QUx M1YJkKcskO5UCsGeEfATdtFs7cX7lJz+BRu+1Py7Or9ImMKAXqU0XGC5lxpQtxBu bMfKhIeKn06OS1dqKNsvCez0Cj6vCpp81TxpxWIMtfrJk69TUuCpaSkYU66kim6c +ezstknFjin6JNG1nKlS4qxF9R7GrgZFtqUG9uogEEzhHEwTZ+HahY1a4rD/gjAd Id7c7blQp2wStVHtgDzkOD8cfzpm+JYCMZCFf+apz9XS7YfQgPCG5/q6LxExqlAn UOJL5M+Ert0clhv6pVqKXggNToevzIkcqXnQ8yigTTPMWb52Nq1zlSKX0Oh7WRSQ cruAMGcUZSqjLz4= =Efgh -END PGP SIGNATURE-
Bug#878875: ITP: twemoji -- Open-sourced Twitter emoji images
Package: wnpp Severity: wishlist Owner: Dominik George <n...@naturalnet.de> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 * Package name: twemoji Version : 2.3 Upstream Author : Twitter Inc. * URL : http://twitter.github.io/twemoji/ * License : Expat, CC-BY Programming Lang: JavaScript Description : Open-sourced Twitter emoji images Will be needed by php-emoji and in turn movim-pod. -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl9/MxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZ0uBAAjdfJWiXRaoId1uTkRqs55j0wASMd AQUrMNkFHMpZWK3mkuB40eZ4QdV/iYZ9U2tkCmb8WQ5aKkZlCb5/Wz2UK2N4E1TJ bros7dEozTBlzOodQ8p/jtcS4ccGx+2fyG0CWVB+lMCaU4PDIKYKWGh2nztX1sNh VAyGgojSHvnoUmUmqOKEmV3EJInRS1x4MXcVqoDOz7a9eNjd8Xcl5cEBoi0Sr4ko Cw5naoRbjCazIVZnVmzMq3OhoxwvVnLTEpxnMvX/FGFWjOI8QVnkcGlXsOVrYL+1 t9pFT3M7mqSs/gIIidr2744hPke+mKv7PmVafyrpB2hNgpSIjbYJXculCf5l7nth d7nADivffAPRI3U+AxOmhndcVZmnHT/2MlF+kCSvOYA+Ez/H+1bOVryq7lBVEz9W +J7u7tq3PFvfYXlB4NeGbtl+aAi+hEY28coTdV/Z8ADa/KTnGbMeAnAZCQ0PDCKy vBM6JuPpf/E1rCPCLYWdVjnieU1H7W9p0/6EGQge455mLxxPM2Lg5KeGEnISKkzv VBIpPaMIiZHnWe1MTwGyh0EaSdowE7fmCvaZ3Q+n7ROvz+V2MF7nYxWgW0WTQKyO 2Duvqhk5+o5285RLszIr4hDFQpfnAuEQIvNnanRVUjJ/qWf7bNxh2zEH1L4Xjm1O pnkTKfw8o66hJWs= =y2Md -END PGP SIGNATURE-
Bug#878873: ITP: php-emoji -- Emoji images from unicode characters and names
Package: wnpp Severity: wishlist Owner: Dominik George <n...@naturalnet.de> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 * Package name: php-emoji Version : 1.0.0 Upstream Author : Tom Graham * URL : https://github.com/heyupdate/emoji * License : Expat Programming Lang: PHP Description : Emoji images from unicode characters and names Emoji images from unicode characters and names (i.e. :sunrise:). Built to work with Twemoji images. Will be needed by movim-pod. -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnl9wwxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8paqrhAAnQ5xM9RkAELmy1eBIbTZ3eHlV54E 6ZnpS4oWf3Qskn30ZUkUtMZzdEwp2HXwcMB3nTmXtwun5P3OMdIvGNDfstQqD6tH undnuK22q2F9gCbpP9SN1ymZC2M0IaVjQgccGDcQu3eTD5h7iWD/L8k2FlSxAMqj +spcO/xaDXZL4y5rUpA+idMmK7Kcz4WFmzAYBPR0Ap1PXt3/ZIJpSQwW/jtlbx3C XMNVdwmwXuR8xRL2xfGO6/GKi1LkjT/NgaCuVDqbP/zboER86PxFmTmFzHyW98RT Tqwg6MFFd0d/r0vHYdvVI9Ms21psOtKB9op0amImrNUCdpgjPWNfRaMlcOzdmPz6 o6Np0WTFeyCtZn5tZP+XtGMs9TQK1OjT785y1/V2/5N4FHyh8BVQB7zzccQysBOd zT8F0USWKHYbVG3nbLyMzzqvNMH1MHlGN6vxH1y8kup5lI5x23mb4Yrk6ffpZC7T OYoCleIPwzypx9yHdM/VHZDDuNRWEc++NKEA/GT9v6wMIaBlzgIIRc6740VMlMLD Cwy1CzSkIOcdeT8MMiQZjNydfi/xObaeA5nEHFTOyMoCa1KZfu/MME7Pp7+Rp4TG q8K+ufkljzgX3w9EZtUxH43imtQkQ9LuwhRnyaciUt5dGKdO4j28G1hbEzLZV+Gn zXUTNQ6dHwnjDJs= =FK1X -END PGP SIGNATURE-
Bug#878148: cups: Default ServerName wrong/not in sync with manual
Hi, > > I said that I cannot access CUPS from the local network, not from loopback. > > The title of this bug is "Default ServerName wrong/not in sync with manual". > I'm not sure I understand whether you think the documentation should be > changed, or whether the _code_ should be changed. Could you please clarify? > > From the documentation, you need to have both a network-accessible IP in a > `Listen` stanza, as well as the hostnames you want the scheduler to be > accesssible to be listed in either `ServerName` and/or `ServerAlias`. > > What I can say is that from the source (scheduler/conf.c, around lines 956 in > stable) https://sources.debian.net/src/cups/2.2.1-8/scheduler/conf.c/#L956 > > > else > > { > > if (gethostname(temp, sizeof(temp))) > > { > > cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get hostname: %s", > > strerror(errno)); > > strlcpy(temp, "localhost", sizeof(temp)); > > } > > cupsdSetString(, temp); > … ServerName is set from gethostname(2), which, by their manpages, return the > same value as hostname(1), aka uname(2)'s nodename, which you can retrieve > from $ uname -n. Right. Now read the man page: ServerName hostname Specifies the fully-qualified hostname of the server. The default is the value reported by the hostname(1) command. Neither gethopstname(2) nor hostname(1) nor uname(2) return the *fully-qualified hostname of the server*. So the default used is NOT the FQDN, while ServerName shall be set to the FQDN. So: The code should be changed… > > ServerName is set around these lines and there are various heuristics which > add ServerAliases to that configuration. All these are logged at the 'debug' > level. I've added a patch to log the ServerName cups takes: > > --- a/scheduler/conf.c > +++ b/scheduler/conf.c > @@ -891,6 +891,7 @@ cupsdReadConfiguration(void) > } > > cupsdSetString(, temp); > +cupsdLogMessage(CUPSD_LOG_DEBUG, "Set ServerName %s", temp); …especially as these heuristics try to generate the base host name by stripping the domain part from the ServerName, expecting it to be the FQDN. > With this in place, and debugging enabled via `cupsctl --debug-logging` (see > [0] for a very good documentation), a restart of the server gives me: > > D [12/Oct/2017:17:21:25 +0200] Set ServerName gyllingar > D [12/Oct/2017:17:21:25 +0200] Added auto ServerAlias gyllingar > > And: > $ hostname -f > gyllingar > > What is it that you get? $ hostname foo $ hostname -f foo.example.com Still, CUPS only responds to foo, not foo.ezample.com. (Please mind that your system seems to be misconfigured and does not return the FQDN with hostname -f!) > And do you still think there's discrepancy between > code and documentation? If so, which one do you think is wrong? The code is wrong. It should use the FQDN, like reported by hostname -f, as default for ServerName, probably by resolving the name it got from gethostbyname() twice (like hostname -f does). -nik
Bug#878148: cups: Default ServerName wrong/not in sync with manual
>CUPS' behaviour is intentional. It rejects requests addressed to the >system's FQDN host which are received over the local loopback >interface. >127.0.1.1 uses the loopback interface. Good thing I do not route 127.0.0.0/8 in my network - that wouldn't work anyway. I said that I cannot access CUPS from the local network, not from loopback. -nik
Bug#878148: cups: Default ServerName wrong/not in sync with manual
> Does either 127.0.0.1 or 127.0.1.1 in /etc/hosts map to your FQDN? The base host name of the system is resolvable to its FQDN and `hostname -f` returns the correct FQDN. Yet, as reported, CUPS only accepts the base name as reported by `hostname`. -nik
Bug#878148: cups: Default ServerName wrong/not in sync with manual
Hi, >> What I report - and what is a fact - is that CUPS as installed from >> the Debian package does NOT WORK under normal network conditions, >> because it REFUSES to accept requests under its own FQDN. >> >> That the docs tell it should accept those requests is another part of >> the bug. > >Perhaps a testable example would clarify matters? 1. Install Debian on foo.example.com 2. Install CUPS 3. Open http://foo.example.com:631 in a browser -nik
Bug#878148: cups: Default ServerName wrong/not in sync with manual
Hi, >If you feel there is an upstream issue in the documentation there is > > https://github.com/apple/cups/issues/new Have you read devref? It's your responsibility as package maintainer to forward bugs upstream. https://www.debian.org/doc/manuals/developers-reference/ch03.en.html#upstream-coordination If you do not want to handle bug reports, please do not maintain packages. What I report - and what is a fact - is that CUPS as installed from the Debian package does NOT WORK under normal network conditions, because it REFUSES to accept requests under its own FQDN. That the docs tell it should accept those requests is another part of the bug. -nik
Bug#878148: cups: Default ServerName wrong/not in sync with manual
Control: reopen -1 On Wed, Oct 11, 2017 at 07:35:25PM +0100, Brian Potkin wrote: > It is common to use manualpage(x) as a shorthand to instruct a user to > run the command 'man x manualpage'. Following the advice in hostname(1) > does result in the fully-qualified hostname being displayed when the > hostname command is used with the correct option. > > (Granted the command 'hostname' does not return a FQDN, but that isn't > what is being advised). Thanks for teaching me UNIX basics, which is certainly not necessary - but no matter how to read a mnual page: The bug that CUPS does *not* default to the FQDN remains. CUPS *only* allows the hostname part, *not* the FQDN by default, probably because the authors use a system where the FQDN goes in /etc/hostname. -nik
Bug#878148: cups: Default ServerName wrong/not in sync with manual
Package: cups Version: 2.2.4-7 Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - From cups.d(5): ServerName hostname Specifies the fully-qualified hostname of the server. The default is the value reported by the hostname(1) command. This is plain wrong in itself, because hostname(1) does not return the FQDN (except when run with -f). Consequently, CUPS does not listen to requests to its FQDN by default. - -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.12.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages cups depends on: ii cups-client 2.2.4-7 ii cups-common 2.2.4-7 ii cups-core-drivers 2.2.4-7 ii cups-daemon 2.2.4-7 ii cups-filters1.16.4-1+b2 ii cups-ppdc 2.2.4-7 ii cups-server-common 2.2.4-7 ii debconf 1.5.63 ii ghostscript 9.21~dfsg-1 ii libavahi-client30.7-3 ii libavahi-common30.7-3 ii libc-bin2.24-17 ii libc6 2.24-17 ii libcups22.2.4-7 ii libcupscgi1 2.2.4-7 ii libcupsimage2 2.2.4-7 ii libcupsmime12.2.4-7 ii libcupsppdc12.2.4-7 ii libgcc1 1:7.2.0-7 ii libstdc++6 7.2.0-7 ii libusb-1.0-02:1.0.21-2 ii poppler-utils 0.57.0-2 ii procps 2:3.3.12-3 Versions of packages cups recommends: ii avahi-daemon 0.7-3 ii colord 1.3.3-2 ii cups-filters [ghostscript-cups] 1.16.4-1+b2 ii printer-driver-gutenprint5.2.13-1 Versions of packages cups suggests: ii cups-bsd 2.2.4-7 pn cups-pdf ii foomatic-db-compressed-ppds [foomatic-db] 20170723-1 ii hplip 3.17.7+repack0-3 ii printer-driver-hpcups 3.17.7+repack0-3 ii smbclient 2:4.6.7+dfsg-2 ii udev 234-3 - -- debconf information excluded -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlncx+kxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pY2bBAAxGfO/4wB0jH966NSw/rC74I7+6Le DMZfeQGVz1KSJAcTla7Ttm4Na672X1q1/twcL5Db/jzHHHDgpy4iHqNGrr4HIodS TV7SlzK50My9KdijiEXMIU+CUvbqOWktNwD6TIvYEt+3unXthXJ/3gd46SKOHYvc XV210i/etitom+95zw7hW0nLmSR+lzgDh9RH8e39rjJGq3T0fnPlE7FBuByjSsRq 3PDF5MABzGgSrCRxIroc9yoXxkM6AIrbkQz/IGR1NZWO52Dbn1MZdvSkhe5N7TRS tJaSz3XaZa21RpX+JJrwxXyjnHaF4QU/6W7h2JvFq5CiLcWPXPdWYBpoVxMOJKVX glXMKHD3K1rjP7GhcHJHogAe1azuYIhob7KqMfGy9bHkEcRVcVyzE8UGSHh0IXMP z1k+WZjDII4DN/kxCGiJuzL5sSFAgl1DpNgLUEOxEw1lfty7jWD6SL8lU0jX5PiU 9mFKK1KSEeQ1LPTMBtZHwjlX0ABGVRrthbMjge79UWjdd1zG7H6ImP30o4xU7teH IobNWEtYnZUFNVzdzNSjGIOZcmDou2k4FHvjfbjwrYRBqji1SJ7G6CNvm3TRwPJM 9Bt0t/JqSsooT7/Ui45p7bXLWqmhQcbomwGFIPUhP4jbxnZOiqFOQrOK2Io06vfw JLVI1qwZXGqzG4o= =4EIV -END PGP SIGNATURE-
Bug#876376: debian-edu: autofs daemon on combined server breaks homes and NFS
Hi, > TL;DR; Please revert your change that hard-codes tjener in debian-edu.git > (42b28ab02). Here is why... As I see, Holger already did it… I was on holiday over the long weekend. -nik signature.asc Description: PGP signature
Bug#876376: debian-edu: autofs daemon on combined server breaks homes and NFS
Source: debian-edu Version: 1.924 Severity: important Tags: patch When updating a jessie combined server (a machine with the Main Server, LTSP-Server *and* Workstation profiles), autofs-ldap is pulled in as Recommends from education-networked-common. Enabling autofs and autofs-ldap on tjener results in /skole being hidden by the autofs mountpoint.
Bug#873476: coreutils: /bin/cat doesnt display a line of a txt file without an end of line
Hi, > I've a "VERSION" file for a package (not from debian) and this file doesnt > have a 0x0A at the end of the line. > cat doesnt display any contents (less does). > If I add lines before the offending line, these lines are displayed but not > the last one. > > Attached: the VERSION file which contain a single line and the TXT file which > contains 2 lines, the second one without a 0x0A. Your file is not a text file and it does not contain such a thing as a line. POSOX3.206 Line A sequence of zero or more non- characters plus a terminating character. I also cannot reproduce your bug. Maybe you can post a screen dump? -nik
Bug#873271: pam-krb5-migrate: install paths are wrong
Source: pam-krb5-migrate Version: 0.0.11-4 Severity: grave Justification: renders package unusable Both the PAM modules and the pam config are installed into sub-directories instead of their correct places. This makes the package unusable without moving files in system locations around beforehand. -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#865361: linux-image-4.9.0-3-amd64: kernel stuck at boot on HP ProLiant DL360 G4p
Hi, > After upgrading my systems to debian 9.0, which provides a 4.9.0-3-amd64 > kernel > our HP ProLiant DL360 G4p Systems stop booting the kernel and complain about > a bug (NMI watchdog: BUG: soft lockup). This concerns all our DL360 G4p > devices, > others seem to work so far. On the affected machines I need to boot the former > active 3.16.43-2 kernel. We also ran into this problem yesterday when setting up an old system as our new firewall. It turned out that disabling the APIC table (MSP table) in the BIOS helps, but only at first boot. Once the kernel itself has set up the tables, after a reboot, it will be stuck again and the machine must be power-cycled. -nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Phone: +49 228 92934581 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#870767: gitlab: editing issues does not work
Package: gitlab Version: 8.13.11+dfsg1-8 Severity: important The "Save changes" button in "Edit issue" leads to a 404 error and does not save the issue. -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-2-amd64 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages gitlab depends on: ii adduser 3.115 ii asciidoctor 1.5.4-2 ii bc1.06.95-9+b3 ii bundler 1.13.6-2 ii dbconfig-pgsql2.0.8 ii debconf [debconf-2.0] 1.5.61 ii git 1:2.11.0-3 ii gitlab-shell 3.6.6-4 ii gitlab-workhorse 0.8.5+debian-3+b2 ii init-system-helpers 1.48 ii libjs-chartjs 1.0.2-1 ii libjs-clipboard 1.4.2-1 ii libjs-fuzzaldrin-plus 0.3.1+git.20161008.da2cb58+dfsg-4 ii libjs-graphael0.5+dfsg-1 ii libjs-jquery-cookie 11-3 ii libjs-jquery-history 11-3 ii libjs-jquery-nicescroll 3.6.6-1 ii lsb-base 9.20161125 ii nginx 1.10.3-1+deb9u1 ii nginx-full [nginx]1.10.3-1+deb9u1 ii nodejs4.8.2~dfsg-1 ii openssh-client1:7.4p1-10+deb9u1 ii postfix [mail-transport-agent]3.1.4-7 ii postgresql-client 9.6+181 ii postgresql-client-9.6 [postgresql-client 9.6.3-3 ii postgresql-contrib9.6+181 ii rake 10.5.0-2 ii redis-server 3:3.2.6-1 ii ruby 1:2.3.3 ii ruby-ace-rails-ap 4.1.1-1 ii ruby-activerecord-session-store 1.0.0-2 ii ruby-acts-as-taggable-on 4.0.0-2 ii ruby-addressable 2.4.0-1 ii ruby-after-commit-queue 1.3.0-1 ii ruby-akismet 2.0.0-1 ii ruby-allocations 1.0.3-1+b2 ii ruby-asana0.4.0-1 ii ruby-attr-encrypted 3.0.1-2 ii ruby-babosa 1.0.2-2 ii ruby-base32 0.3.2-3 ii ruby-bootstrap-sass 3.3.5.1-5 ii ruby-browser 2.2.0-2 ii ruby-cal-heatmap-rails3.6.0+dfsg-1 ii ruby-carrierwave 0.10.0+gh-4 ii ruby-charlock-holmes 0.7.3+dfsg-2+b3 ii ruby-chronic 0.10.2-3 ii ruby-chronic-duration 0.10.6-1 ii ruby-coffee-rails 4.1.0-2 ii ruby-coffee-script-source 1.10.0-1 ii ruby-connection-pool 2.2.0-1 ii ruby-creole 0.5.0-2 ii ruby-d3-rails 3.5.6+dfsg-1 ii ruby-default-value-for3.0.1-1 ii ruby-devise 4.2.0-1 ii ruby-devise-two-factor3.0.0-2 ii ruby-diffy3.0.6-1 ii ruby-doorkeeper 4.2.0-3 ii ruby-dropzonejs-rails 0.7.1-1 ii ruby-email-reply-parser 0.5.8-1 ii ruby-fog-aws 0.12.0-1 ii ruby-fog-azure0.0.2-1 ii ruby-fog-core 1.42.0-1 ii ruby-fog-google 0.3.2-1 ii ruby-fog-local0.3.0-1 ii ruby-fog-openstack0.1.6-4 ii ruby-fog-rackspace0.1.1-4 ii ruby-fogbugz 0.2.1-3 ii ruby-font-awesome-rails 4.6.3.0-2 ii ruby-gemnasium-gitlab-service 0.2.6-1 ii ruby-gemojione3.1.0-2 ii ruby-github-linguist 4.7.2-2 ii ruby-github-markup1.5.1+dfsg-1 ii ruby-gitlab-flowdock-git-hook 1.0.1-2 ii ruby-gitlab-git 10.7.0-1 ii ruby-gollum-lib 4.2.1+debian-1 ii ruby-gon 6.1.0-1 ii ruby-grape0.16.2-2 ii ruby-grape-entity 0.6.0-1 ii ruby-hamlit 2.7.5-1 ii ruby-health-check 2.4.0-1 ii
Bug#870066: python-flask-sockets: please support Python 3 and PyPy
Hi, > thanks for bringing this to my attention. > > > Please enable building the python3- and pypy- variants of the package. > > As far as Python 3 is concerned, the problem is one of the dependencies > of python-flask-sockets, namely python-gevent-websocket, which doesn't > build a Python 3 binary package [1]. Please also see bug #756013 for a > related discussion about how to proceed in this regard. > I'd be happy to provide a Python 3 version once all dependencies are > available as Python 3 versions. I myself only packaged > python-flask-sockets as a dependency for a pure Python 2 application, GRR. Thank you - I will look into that! > > About the pypy variant, I'm not entirely sure what you mean with that. > Could you please elaborate a bit? There are three major Python implementations in Debian python2, python3 (both CPython) and pypy (PythonPython, a re-implementation of Python in Python). > > > I'd also propose moving the package under the Python Modules team for > > team maintenance. > > No problem at all. Will do so with an upcoming upload. I would also like > some other Python packages to the team, if that's fine with you. Please mind that there is more to it than just changing the Maintainer field [0], plus the packaging repository must reside inside the DPMT Alioth project. Cheers, Nik [0] https://www.debian.org/doc/packaging-manuals/python-policy/ -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Phone: +49 228 92934581 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#870112: gitlab-ci-multi-runner: please backport to stretch
Source: gitlab-ci-multi-runner Version: 1.11.4+dfsg-1 Severity: wishlist -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dear maintainer, it would be much appreciated if we could get gitlab-ci-multi-runner in stretch-backports. Kind regards, Nik - -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAll89XIxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYFeA/+PoEt8fc+iZMIPPpTfu1H1sLuE4eu pa0WrtDPXGMh9/dLXn4aYUdbD3BpTBLmVO5P8KUk5lpVJr6MwQmkfBOaj7RUPQAL gS3x7FsKHq4qrmkrntXkT5s9LQ07EzAPXYNeOI9mWwoQTob/SrIjiWEgR1ZZs1jq Z0Xknkl8k5dB7VJnPYgQESIhu0ocTyFOr+khdlZffhkMcQ2nboBo0q+/gMYEZ1VD 4KlEGD4DO0Gd4jc9Kew2ybjkiscgLDh9/EauaJ3XeVrGfvkDnakOEmcYkfhqY3TA Z7hQdYt8w3fwIi9nups5s6QglT4Ot1aJMXcQQD1wQ1oeT4lBG8WHkF3po73IkBBV 86lGteQ7c3H1K4FFnLtxMKBL7y11eWLHmq3Qq/sd4eh50WGU8arSHOhvmJeJX3NL ZfHi/3bFJcEIG5ge1jMJ/gLdiFoJ8UHvhuGJv/lT1rR0OJZm1NxFVw/vbjUtGTXh /1kheQ3v8z17BJToz7g67sxAmwvknn1nYt3cyo9gZf4GsSmMWtOz4tDN15VqYaih zfD9elidaUjdyyZMCxxL0LSsa0Mvzni835c3OUYNA6cf8aFlEQ/119qvluHcwOr4 3JL9oWzX9RDEkrjWrLY6Y9dMaEocw4MA5RFecihcblrePyewfNsHcA0ngc0CaJM1 cFw3tLBPPqOC+io= =brTJ -END PGP SIGNATURE-
Bug#870066: python-flask-sockets: please support Python 3 and PyPy
Source: python-flask-sockets Version: 0.2.1-1 Severity: important -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Please enable building the python3- and pypy- variants of the package. I'd also propose moving the package under the Python Modules team for team maintenance. - -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAll8ejMxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZ7yxAAwUF0RbMkmetkP1GWJtteAAFNLTbx mKfexYXiLlTP9F7mhEuJ3ch+uTLeugft9/sxIzVlIxntMtbUJSyQmRCzWjAP3Yko oKuS0wbICLUthRywXikwFzZENLduFUYqr8VaaVNc4TkL6cMtd7Sl1QY8upIlrF26 WHtko1sdHv4xaMfSwqlrig9fkoKjrcRzDfVgdlT6iLwlcVPErr+sYHvnNZX/H1c7 15R5ODn4VUcEaan1eM7S5advwy24ERJdMrrNrdtVpkmTKvaUSYb69NrO+R7guIVC jOWVmn0mvWQLpCgzR4qxLtgAIy6R0Ql5cwfiVPZ7KB7k6fOuXTQ2ivQ7F1sKsH23 8RumSlEaNw/joT31oBwZc17d6t/Lh57KGxGV7OGilovYJnv6Fh8dDQTsITwM82HP aFOk9q5Pxwb0xXKbkR46fSq9UQBmGWoEWSnFltis6hxakjsYIp2KnMV1F+gzXsDW lxASZ7DuZG+HKh6+6hM/jHM1EMuu7Mm9FgUqYAzYEmKNHFd4sSzhldiwoN1GluiF /RpbNMXuwP2ZYJtLNm6950e/M8w3pUI6DfnUFCt25rylPVh5abd2/keV0Fzs4oQF V05qM+ZWR9Qxt2SL2M0huDT0u/TqAKhY/ldrU6mHW7cpX6xUjLi3XmNlHYCuuwYp 8RE0vluiUixjmvY= =AYSa -END PGP SIGNATURE-
Bug#867584: gitlab: please update to new upstream version
Source: gitlab Version: 8.13.11+dfsg1-8 Severity: wishlist -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, at Teckids, we are running the current GitLab from Debian stable for our EduGit server (https://edugit.org). The service will go public in the near future, but we would like to provide GitLab 9 some time soon. What are the plans for upgrading Debian unstable to the new upstream version (currently 9.3.5)? Cheers, Nik - -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAllfojcxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZZEQ//SaoQSTfLVhbpjtF6+SPlcDqyscVR OIji/+SLhHSfoyEfNxQLnDmUhwS3rZwwzRGbq7dDGjonflF5qdvs0k9zYiJWnWqZ 0iMf5CY0/v697k7mMRVFlojyNA3E+HmNaUEZFDJmlrGYNWWF1+rBGEMPAcwytVsY 6zpyDtwGDfUIkLcPSURtHrYn6tp15ymBBCGr82HPI2EimjgMsvxB3d/waMYsdn5k I5aHgUrACCe4yOpjK4hP/x9sRZ+O8V9tRbCKNoeztLg8zLQqK+uNL9KPkZT4fVTX Bx0T2XdMw/MU0IE8+qE+lDKijXiWROc7JAKPORIiOXeVX3CvzWF/KC+Va4LXeujQ o1xwqr4V2njV1BOHEigQU41mjEzKxzSKlgRNd/8GpJVgVKJlyAxca+kiT3P4yNff Q0GnI3Els+emh4KJnmOmolb1Qt00eXn5evx15c0F5iDRYwkcDalREjb/9Lw9Angx 7SavZlg83S7enUoABjRsCLg/8GigzmQ/TXkscQhBwVwPYVsSXyHAbL63oDWIvJm0 +OJulL0SHO4OK4TSihF6ISuGel5UzCwP4zgBMOlugibuycvzdXk/KoAHnsPQOxQF Kb1EDSGgyvPnP/lK1K+GEUdi5+o4sgSAMtxmw4ZtUkhNcYaJEFlVA2+sO/vib68P wxMNMCVCvLNhnaM= =j7Er -END PGP SIGNATURE-
Bug#867150: ldapvi: cannot rename entry when filtering out RDN attribute
Package: ldapvi Version: 1.7-10+b2 Severity: normal ldapvi fails to rename an entry under the following conditions: 1. Only a subset of attributes is requested at query time. 2. An RDN attribute is not among these attributes. On renaming the entry, even if the rename is a move and does not affect the RDN, ldapvi checks the RDN before sending the rename to the server, and finds that the RDN attribute is missing. ldapvi should check that the RDN was not modified and that no RDN field was modified either, and accept the rename. -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ldapvi depends on: ii libc6 2.24-11+deb9u1 ii libglib2.0-0 2.50.3-2 ii libldap-2.4-2 2.4.44+dfsg-5 ii libncurses56.0+20161126-1 ii libpopt0 1.16-10+b2 ii libreadline7 7.0-3 ii libtinfo5 6.0+20161126-1 ldapvi recommends no packages. ldapvi suggests no packages. -- no debconf information
Bug#792075: How is git-lfs in Debian going?
Hi, I'd also like to have git-lfs in Debian. What's the progress on the package? Can I help in any way? Cheers, Nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Phone: +49 228 92934581 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#853258: docker.io: uses sleep to query user in maintainer script
Hi, > I stand corrected: the following command does call sleep. > > /var/lib/docker/nuke-graph-directory.sh /var/lib/docker > > I agree this is a bug, but I disagree it is critical, because, > technically, it's not the maintainer script that calls "sleep". Erm… I somehow feel I missed some kind of "policy interpretation creativity contest" ;)? If something used in the maintainer script breaks policy, the maintainer breaks policy. With your argumentation, I could move a bunch of bad commands to this_is_not_a_maintainer_script.sh, source that, and policy does not mean anything anymore. Besides, calling sleep is not the issue here. The issue is the maintainer script requires the package to be removed interactively and cannot be controlled in an uanttended run. -nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Phone: +49 228 92934581 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#850442: release-notes: Section about new remote desktop software in Debian
Hi Niels, > * Does xrdp need any reconfiguration after/for the upgrade? > > * Or can the admin simply enable a new configuration to support >remote X sessions without needing a VNC server? Well, it's just something to be aware of. I'd put it into section 2 - it is something new, and people should know it, but it is not an issue per se. Everything will continue to work, but it will work in a different way, and admins should notice that. Cheers, Nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Phone: +49 228 92934581 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#863701: sympa: insists that cookie has changed when it hasn't
Hi, > In this case the head command might not be in the path Sympa is seeing. Could > you please test if > `/usr/bin/head ...` works for you? Yes, it does. -nik -- Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter) Teckids e.V. - Erkunden, Entdecken, Erfinden. https://www.teckids.org/
Bug#863701: sympa: insists that cookie has changed when it hasn't
Hi, >The configuration file is at /etc/sympa/sympa/sympa.conf for the Debian >package, >so this hasn't changed? Confirmed. > >What are the permissions of the cookie file? 640 owned by sympa:sympa I have placed debugging prints into Conf.pm and found that $current is empty right at the beginning of cookie_changed. It seems the `head... command is not evaluated. I placed the cookie in the config file directly, which makes it working again. -nik -- Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter) Teckids e.V. - Erkunden, Entdecken, Erfinden. https://www.teckids.org/
Bug#863701: sympa: insists that cookie has changed when it hasn't
Package: sympa Version: 6.2.16~dfsg-3 Severity: grave Justification: renders package unusable SYMPA suddenly refuses to start with: May 30 09:35:20 terra sympa_msg.pl[22389]: DIED: sympa.conf/cookie parameter has changed. You may have severe inconsitencies into password storage. Restore previous cookie or write some tool to re-encrypt password in database and check spools contents (look at /etc/sympa/cookies.history file). at /usr/lib/sympa/bin/sympa_msg.pl line 310. May 30 09:35:20 terra sympa_msg.pl[22389]: at /usr/lib/sympa/bin/sympa_msg.pl line 310. May 30 09:35:20 terra sympa_msg.pl[22389]: main::_load() called at /usr/lib/sympa/bin/sympa_msg.pl line 87 Now, while I see why this protection is in place, unfortunately, the cookie has not changed. Neither has the parameter in the config file changed (checked with etckeeper), nor has the contents of the cookie file changed (checked with etckeeper), nor is anything different in cookies.history. SYMPA just decided to block startup. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages sympa depends on: ii adduser 3.115 ii ca-certificates 20161130+nmu1 ii dbconfig-common 2.0.8 ii debconf [debconf-2.0] 1.5.60 ii fonts-font-awesome4.7.0~dfsg-1 ii init-system-helpers 1.48 ii libarchive-zip-perl 1.59-1 ii libc6 2.24-10 ii libcgi-fast-perl 1:2.12-1 ii libcgi-pm-perl4.35-1 ii libclass-singleton-perl 1.5-1 ii libcrypt-openssl-x509-perl1.8.7-3 ii libcrypt-smime-perl 0.19-2 ii libdatetime-format-mail-perl 0.4030-1 ii libdbd-csv-perl 0.4900-1 ii libdbd-mysql-perl 4.041-2 ii libdbd-pg-perl3.5.3-1+b2 ii libdbd-sqlite3-perl 1.54-1 ii libdbi-perl 1.636-1+b1 ii libfcgi-perl 0.78-2 ii libfile-copy-recursive-perl 0.38-1 ii libfile-nfslock-perl 1.27-1 ii libhtml-format-perl 2.12-1 ii libhtml-stripscripts-parser-perl 1.03-1 ii libhtml-tree-perl 5.03-2 ii libintl-perl 1.26-2 ii libio-stringy-perl2.111-2 ii libjs-jquery 3.1.1-2 ii libjs-jquery-migrate-11.4.1-1 ii libjs-jquery-placeholder 2.3.1-2 ii libjs-jquery-ui 1.12.1+dfsg-4 ii libjs-modernizr 2.6.2+ds1-1 ii libjs-twitter-bootstrap 2.0.2+dfsg-10 ii libmail-dkim-perl 0.40-1 ii libmailtools-perl 2.18-1 ii libmime-charset-perl 1.012-2 ii libmime-encwords-perl 1.014.3-2 ii libmime-lite-html-perl1.24-2 ii libmime-tools-perl5.508-1 ii libmsgcat-perl1.03-6+b3 ii libnet-cidr-perl 0.18-1 ii libnet-dns-perl 1.07-1 ii libnet-ldap-perl 1:0.6500+dfsg-1 ii libnet-netmask-perl 1.9022-1 ii libregexp-common-perl 2016060801-1 ii libsoap-lite-perl 1.20-1 ii libtemplate-perl 2.24-1.2+b3 ii libterm-progressbar-perl 2.18-1 ii libunicode-linebreak-perl 0.0.20160702-1+b1 ii libxml-libxml-perl2.0128+dfsg-1+b1 ii lsb-base 9.20161125 ii mhonarc 2.6.19-2 ii perl 5.24.1-2 pn perl:any ii postfix [mail-transport-agent]3.1.4-4 ii rsyslog [system-log-daemon] 8.24.0-1 ii sqlite3 3.16.2-3 Versions of packages sympa recommends: ii apache2-suexec-pristine [apache2-suexec] 2.4.25-3 ii doc-base 0.10.7 ii libapache2-mod-fcgid 1:2.3.9-1+b1 pn libcrypt-ciphersaber-perl ii libio-socket-ssl-perl 2.044-1 ii locales 2.24-10 ii logrotate 3.11.0-0.1 ii postgresql9.6+181 Versions of packages sympa suggests: ii apache2 [httpd-cgi] 2.4.25-3 pn libauthcas-perl pn libdbd-odbc-perl pn libdbd-oracle-perl -- Configuration Files: /etc/sympa/auth.conf changed [not included] -- debconf information excluded
Bug#863631: sympa: trashes configuration on update without asking
Package: sympa Version: 6.2.16~dfsg-3 Severity: critical Justification: causes serious data loss The upgrade to 6.2.16~dfsg-3 from 6.2.16~dfsg-2 in stretch just ditched SYMPA's config files on my system, leaving it in a broken way, even in such a broken way that users who tried sending mails did not receive an error and thought things went through. I think some actions would even have led to destruction of database data. I have no idea why the maintainer scripts decided to do that. I recovered from etckeeper and a system backup. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages sympa depends on: ii adduser 3.115 ii ca-certificates 20161130+nmu1 ii dbconfig-common 2.0.8 ii debconf [debconf-2.0] 1.5.60 ii fonts-font-awesome4.7.0~dfsg-1 ii init-system-helpers 1.48 ii libarchive-zip-perl 1.59-1 ii libc6 2.24-10 ii libcgi-fast-perl 1:2.12-1 ii libcgi-pm-perl4.35-1 ii libclass-singleton-perl 1.5-1 ii libcrypt-openssl-x509-perl1.8.7-3 ii libcrypt-smime-perl 0.19-2 ii libdatetime-format-mail-perl 0.4030-1 ii libdbd-csv-perl 0.4900-1 ii libdbd-mysql-perl 4.041-2 ii libdbd-pg-perl3.5.3-1+b2 ii libdbd-sqlite3-perl 1.54-1 ii libdbi-perl 1.636-1+b1 ii libfcgi-perl 0.78-2 ii libfile-copy-recursive-perl 0.38-1 ii libfile-nfslock-perl 1.27-1 ii libhtml-format-perl 2.12-1 ii libhtml-stripscripts-parser-perl 1.03-1 ii libhtml-tree-perl 5.03-2 ii libintl-perl 1.26-2 ii libio-stringy-perl2.111-2 ii libjs-jquery 3.1.1-2 ii libjs-jquery-migrate-11.4.1-1 ii libjs-jquery-placeholder 2.3.1-2 ii libjs-jquery-ui 1.12.1+dfsg-4 ii libjs-modernizr 2.6.2+ds1-1 ii libjs-twitter-bootstrap 2.0.2+dfsg-10 ii libmail-dkim-perl 0.40-1 ii libmailtools-perl 2.18-1 ii libmime-charset-perl 1.012-2 ii libmime-encwords-perl 1.014.3-2 ii libmime-lite-html-perl1.24-2 ii libmime-tools-perl5.508-1 ii libmsgcat-perl1.03-6+b3 ii libnet-cidr-perl 0.18-1 ii libnet-dns-perl 1.07-1 ii libnet-ldap-perl 1:0.6500+dfsg-1 ii libnet-netmask-perl 1.9022-1 ii libregexp-common-perl 2016060801-1 ii libsoap-lite-perl 1.20-1 ii libtemplate-perl 2.24-1.2+b3 ii libterm-progressbar-perl 2.18-1 ii libunicode-linebreak-perl 0.0.20160702-1+b1 ii libxml-libxml-perl2.0128+dfsg-1+b1 ii lsb-base 9.20161125 ii mhonarc 2.6.19-2 ii perl 5.24.1-2 pn perl:any ii postfix [mail-transport-agent]3.1.4-4 ii rsyslog [system-log-daemon] 8.24.0-1 ii sqlite3 3.16.2-3 Versions of packages sympa recommends: ii apache2-suexec-pristine [apache2-suexec] 2.4.25-3 ii doc-base 0.10.7 ii libapache2-mod-fcgid 1:2.3.9-1+b1 pn libcrypt-ciphersaber-perl ii libio-socket-ssl-perl 2.044-1 ii locales 2.24-10 ii logrotate 3.11.0-0.1 ii postgresql9.6+181 Versions of packages sympa suggests: ii apache2 [httpd-cgi] 2.4.25-3 pn libauthcas-perl pn libdbd-odbc-perl pn libdbd-oracle-perl -- Configuration Files: /etc/sympa/auth.conf changed [not included] -- debconf information excluded
Bug#862698: ITP: minecraft -- blocks to build anything you can imagine
Hi, also, did you have a look at https://www.grahamedgecombe.com/projects/minecraft-installer to probably exchange thoughts? -nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Phone: +49 228 92934581 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Bug#860296: lirc is spamming syslog with messages
Package: lirc Version: 0.9.4c-9 Followup-For: Bug #860296 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Same issue here. lirc got installed as a dependency, and I really think it should not cause such issues if it is. - -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages lirc depends on: ii init-system-helpers 1.48 ii libasound2 1.1.3-5 ii libc62.24-10 ii libftdi1-2 1.3-2+b2 ii libgcc1 1:6.3.0-17 ii liblirc-client0 0.9.4c-9 ii liblirc0 0.9.4c-9 ii libportaudio219.6.0-1 ii libstdc++6 6.3.0-17 ii libsystemd0 232-23 ii libudev1 232-23 ii libusb-0.1-4 2:0.1.12-31 ii libusb-1.0-0 2:1.0.21-1 ii lsb-base 9.20161125 ii python3 3.5.3-1 Versions of packages lirc recommends: pn gir1.2-vte ii python3-gi3.22.0-2 ii python3-yaml 3.12-1 Versions of packages lirc suggests: pn ir-keytable pn lirc-compat-remotes pn lirc-doc pn lirc-drv-irman pn lirc-x pn setserial - -- no debconf information -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlkaJ78xGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZo1Q//cde60dUWozj4O7TGMvAQyV6aZ5/M OEHGF2bUERbE2oeiWvzreaSBl9fUrUTMTX/aCUb8po/ojSQTFQh0qBtIF18re8Rx cK4t8ClVh/cPwliGQe5jO2NJXkoWi1J0HqxV7+nSUu1NNACXumaufXYVB+NH4jgr BDWRVutrLlLs4pXk+QYmQcvD4+krYsh+fvNxWnBvUyDrh/yO7Wlo5WHnj5/1mijg DNOp+mgqxCz13DgGchuuYkDyIOlXdmdzYtcsiQ2fvpUcBJ4wsZsLopnDDf/aMrri xALQZyXX2ML5rD6XaXkgzUfxKGik72mxV0e5UcdQG8QxyboufgTSz2aaISEztoLb cQyCvmKaAGux3fMJDfEwSRmqfXyU1Zo1j2mFe4hnLqDY2NrRshd9DIO0oRqV0LPb wjD0bHM9wdH06LhkRTSDqtJkQSJTBmmJ8D7uBt8MAP6h81mIw1D35cLs3NwR34SR Y1Z56D07YOvy5n7Ml0snEX36MWWd/GJ0td7fd/HzZSV/yEDW9EPdZ5n99rTbBSkp PJcc1/4j3ShSvLNejCsVRAu0g1Thenv96eIRlHGdGq7hDZXnWTqsp0QFRJdYz7i0 3FQg1oD8kXRKG02n3XwlFwLyNo/pPH0veP8FxVlZO+887jFupaFB+XQJgv3le7mp gzlzclMqHRyxhWU= =pG+E -END PGP SIGNATURE-
Bug#862698: ITP: minecraft -- blocks to build anything you can imagine
On Mon, 15 May 2017 18:40:34 -0300 Carlos Donizete Froeswrote: > Package: wnpp > Severity: wishlist > Owner: Carlos Donizete Froes > > * Package name: minecraft > Version : 0.1 > Upstream Author : Carlos Donizete Froes > * URL : https://minecraft.net > * License : BSD-2-Clause > Programming Lang: Shell > Description : blocks to build anything you can imagine > > A fantastic game that mixes creativity, survival, and exploration. > . > Survive alone in a blockys, pìxelated world where monsters come out at > night. > . > Create fantastical buildings and structures, or collaborate with other > players online. Huh? Minecraft is a proprietary game, not under a BSD license, is not written in shell and was not written by you. I assume you mixed up a lot here ;)? -nik
Bug#861844: unblock: xrdp/0.9.1-9
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Please unblock package xrdp This package updates the security fix in 0.9.1-8, which turned out to be incomplete. diff -Nru xrdp-0.9.1/debian/changelog xrdp-0.9.1/debian/changelog - --- xrdp-0.9.1/debian/changelog 2017-04-24 20:14:36.0 +0200 +++ xrdp-0.9.1/debian/changelog 2017-05-04 18:59:10.0 +0200 @@ -1,3 +1,9 @@ +xrdp (0.9.1-9) unstable; urgency=high + + * Revisit incomplete fix for CVE-2017-6967. (Closes: #858143) + + -- Dominik George <n...@naturalnet.de> Thu, 04 May 2017 18:59:10 +0200 + xrdp (0.9.1-8) unstable; urgency=medium * Fix CVE-2017-6967. (Closes: #858143, #855536) diff -Nru xrdp-0.9.1/debian/patches/cve-2017-6967.diff xrdp-0.9.1/debian/patches/cve-2017-6967.diff - --- xrdp-0.9.1/debian/patches/cve-2017-6967.diff 2017-04-24 20:14:36.0 +0200 +++ xrdp-0.9.1/debian/patches/cve-2017-6967.diff2017-05-04 18:59:04.0 +0200 @@ -3,6 +3,8 @@ Subject: [PATCH] sesman: move auth/pam calls to main process Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858143 Origin: https://github.com/neutrinolabs/xrdp/commit/4b8a33e087ee9cf5556b40b717cd7e8ff243b3c3 +Reviewed-By: Dominik George <n...@naturalnet.de> +Reviewed-By: Thorsten Glaser <t...@mirbsd.org> --- a/sesman/scp_v0.c +++ b/sesman/scp_v0.c @@ -89,3 +91,46 @@ g_free(slist); } +--- a/sesman/session.c b/sesman/session.c +@@ -335,7 +335,6 @@ session_start_sessvc(int xpid, int wmpid + g_sigterm(xpid); + g_sigterm(wmpid); + g_sleep(1000); +-auth_end(data); + g_exit(0); + } + +@@ -490,6 +489,7 @@ session_start_fork(tbus data, tui8 type, + return 0; + } + ++auth_start_session(data, display); + pid = g_fork(); /* parent is fork from tcp accept, +child forks X and wm, then becomes scp */ + +@@ -548,7 +548,6 @@ session_start_fork(tbus data, tui8 type, + else if (wmpid == 0) + { + wait_for_xserver(display); +-auth_start_session(data, display); + pampid = g_fork(); /* parent waits, todo + child becomes wm */ + if (pampid == -1) +@@ -639,7 +638,6 @@ session_start_fork(tbus data, tui8 type, + else + { + g_waitpid(pampid); +-auth_stop_session(data); + g_deinit(); + g_exit(0); + } +@@ -967,6 +965,8 @@ session_kill(int pid) + + if (tmp->item->pid == pid) + { ++auth_stop_session(tmp->item->data); ++auth_end(tmp->item->data); + /* deleting the session */ + log_message(LOG_LEVEL_INFO, "++ terminated session: username %s, display :%d.0, session_pid %d, ip %s", tmp->item->name, tmp->item->display, tmp->item->pid, tmp->item->client_ip); + g_free(tmp->item); unblock xrdp/0.9.1-9 - -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlkLYAMxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pYRAw//bw6MocflTzsylMfGLlakD7gaZCzF 6DGjfgTRVuycCBT8kkGcIutG1ZEnQLW62JXKDfpzPomvyyNbE49TqxosNrMR1/kd Gb13bVA989K3VSZEVmxV9MgQIz9NbnetdkBvgbmNwDlqcwnyhSLX5VwE+NhOcDF2 rU+uhhvjIbHpqer7bJAo7iyKAC4kEffNs1gQkEvvc8/BYGqOD6l+3glE3rbjGE1k li5/uo0jBpo1Dexn6n0Q0Q7L/yUmXiuy8+1/2hVBWgMVB+r2Rp2XK4+lsZMp4WV+ 9NoTGMtSEDduZxXOQcVPaljO6cNfMEoQVwUcv/KStTx24lCCWdtus1Yk7X0ie1D3 WeVX2yFZdBU/AT2qWzI2iODRaddLOtTMXtVGlXUqnp0+uTtv1EUOrJMAJoaXpKQY WZ6mR+LBZXPFBd6gkPq0p8lxvK0PVwl/fbZPXSH2vr8LJfJdDwXajMRrIWgWmfXv 3PYdjkGCqtNZeKcC0uzu9bXHyFFfFqm2BGGzhziC1ReutZ4BnmdxJa6LtYor8WRf rsMsyL0T+uF/lJofmkuQs30OZExxc0qVnFiLxP57AZnJrO7GfUfUL4zkx9nP/dJr Xtf8VST/dwhDYUj4Q7PjVGmbIAdgWzR5ZkR6yNejiidpI8mWzVv0vaJGK3m3Ky6f vHyxYjeok7czajA= =4M+b -END PGP SIGNATURE-
Bug#861670: sqlite3: sqldiff man page missing
Package: sqlite3 Version: 3.16.2-3 Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Please add a manual page for the sqldiff command. Thanks! - -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages sqlite3 depends on: ii libc6 2.24-10 ii libreadline7 7.0-2 ii libsqlite3-0 3.16.2-3 sqlite3 recommends no packages. Versions of packages sqlite3 suggests: pn sqlite3-doc - -- no debconf information -BEGIN PGP SIGNATURE- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlkIkt0xGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pbV1g/+K3WOPm8IIne3JpK0x5w5Nh8vKJkB g+BQwFPKmGn/VxdbiHU17yBkPe3CpiVPXjZfnoRubO659KQ615qIFdY5S08Al6h1 5RoXwq1PCbr+VhW0OIs6c/Cedm6U886Lgxvv9F7qRvdjqTxcEkG9iEES1RjqJQVm DFf2YBe4dWOzBAGLcVoOXTmgIZ9M1pLk18I30Fb7rPFML3kUUFmSW7yGyL45hfsX vU9efBjg1f2JEgFUOS0nEZFph2I8eh8aMe+g4Ci3tRTM6vZC4wA09kL4/Ycgeump 5icHhDNGf6Cp8lt664yvlOlPk04hVf1f0rk2bksu+YQ3+1sOOurHGeqeL6ZpL2ab 1N4dVk5HBlnvEeeaKyJ0EzInPw0xEb7iIxj7fnnpC6aYoi8uB2toW4nSV+JESnCv f0C/G2k1rJdwHw8YmjqDIHH9CTMBYVb7mFHDASIFL7XQtDD/dZaDWfYYYcUg7VRh 8FH9RvCmmEG1bw3SUuhg5W+Z0ckTxR8I9wjFwSMc1qo5V+O9hqjmuAO/WmEiOyac 1RHNzYSkDMyu7E04tn62aF2vtDhDWmMNwq59fs+KORQg+jg6ZbssRaP6EifKCWF5 NxJfSJ2oUtXug4xBHLuYK4lE5F5wpJvgXAYFoUvfYu3fJvSdgq1OyEgnKZIzNQFg gJXLTSNjAgSbIwA= =GXAE -END PGP SIGNATURE-
Bug#861322: logrotate: Produce verbose output in cron on error
Package: logrotate Version: 3.11.0-0.1 Severity: wishlist I would like to make the following suggestion as change to the logrotate cron job. We occasionally see logrotate errors at Teckids, but some that are not reproducible and only occur once every few weeks. Unfortunately, for some of them, logrotate does not lgo the root cause when not run verbose, and running verbose produces a flood of mails from cron while waiting for the error to occur. My suggestion is to colelct the verbose output and output it in case of an error, by changing the daily cron job to something like this: snip = #!/bin/sh test -x /usr/sbin/logrotate || exit 0 tempfile=$(mktemp) /usr/sbin/logrotate --verbose /etc/logrotate.conf >"$(tempfile)" 2>&1 || cat "$(tempfile)" rm -f "$(tempfile)" snip = -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages logrotate depends on: ii base-passwd 3.5.43 ii cron [cron-daemon] 3.0pl1-128+b1 ii libacl1 2.2.52-3+b1 ii libc6 2.24-9 ii libpopt01.16-10+b2 ii libselinux1 2.6-3+b1 Versions of packages logrotate recommends: ii bsd-mailx [mailx] 8.1.2-0.20160123cvs-3 logrotate suggests no packages. -- no debconf information
Bug#858143: fix is not complete
Control: reopen -1 Hi, > I'm investigated content of debian/patches/cve-2017-6967.diff from version > 0.9.1-8 in unstable and by comparison with > https://github.com/neutrinolabs/xrdp/commit/4b8a33e087ee9cf5556b40b717cd7e8ff243b3c3 > it is missing important sesman/session.c part of patch. You are right, a part went missing when rebasing. Please have a look at the new patch now: https://anonscm.debian.org/cgit/pkg-remote/xrdp.git/tree/debian/patches/cve-2017-6967.diff > The version 0.9.2 would be much better solution, because it solves many more > problems. I know, but 0.9.2 won't get a freeze exception. Thanks, Nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Phone: +49 228 92934581 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature