Bug#903971: ntdb: DoS issues upon offline data corruption, unmaintained upstream
On Tue, 17 Jul 2018 18:14:26 +0200 Lionel Debroux wrote: > Source: ntdb > Version: 1.0-9 > Severity: important > Tags: upstream > > Dear maintainers, > > In March, I sent an e-mail to the list, about removing the NTDB > packages because they are unmaintained upstream, As part of the upstream team, I can confirm that this is true. https://gitlab.com/samba-team/samba/commit/e3e0af14e176e69743223ebb43f21e4eef420ba2 Douglas
Bug#695196: Invalid workgroup
Can we resolve this one as WONTFIX, INVALID, or something? It is against the antiquarian 3.6, and Jelmer explains the probable cause is misconfiguration: On Tue, 22 Oct 2013 13:22:56 -0500 Jelmer Vernooij wrote: > tags 695196 +moreinfo > thanks > > You're not specifying a workgroup for the user, and the default > workgroup seems to be different in the two smb.conf files: > > From the working smb.conf: > doing parameter workgroup = MYGROUP > > From the broken one: > > doing parameter workgroup = someurl > > Can you try authenticating with -UMYGROUP\\backup ?
Bug#797637: samba panic segfault in(?) smbd_smb2_request_reply (smb2_server.c:2407)
On Tue, 01 Sep 2015 15:41:04 +1000 raf wrote: > Package: samba > Version: 2:4.1.17+dfsg-2 > Severity: important > Tags: upstream Is this reproducible with current versions? (4.1 is sub-oldstable).
Bug#740084: obsolete?
> Package: samba > Version: 2:4.1.4+dfsg-3 > Severity: important Oldstable has 2:4.2.14+dfsg-0+deb8u10, while Sid has 4.9. A lot has changed along the way. Is this still reproducible, or can we close this one?
Bug#853929: Please upstream modifications to Thunderbird/Icedove AppArmor profile
hi Ulrike, On 18/03/17 03:56, Ulrike Uhlig wrote: > Hi Douglas, > > it's great that you provided modifications to the AppArmor profile in > Debian [1]! May I kindly ask you to send these upstream too? That way, > they will get reviewed first and then all other distributions using > AppArmor can profit from your improvements. > > Debian has some documentation on how to do so: > https://wiki.debian.org/AppArmor/Contribute/Upstream > > Basically, their Git repo lives here: > https://code.launchpad.net/~apparmor-dev/apparmor-profiles/+git/apparmor-profiles > (The particular file lives here: > https://git.launchpad.net/apparmor-profiles/tree/ubuntu/17.04/usr.bin.thunderbird) > When done, you can ask for a merge using Launchpad or the mailinglist: > appar...@lists.ubuntu.com > > If you think that's too much work, please just tag your bug using a > usertag. The corresponding tag would be "merge-to-upstream" and then the > AppArmor team can take care of this. See > https://wiki.debian.org/AppArmor/Reportbug#Usertags for how to do that. Thanks. I am taking this last option because trying to work out where that commit with the dots-for-spaces came from has baffled me, and in dealing with upstream I lack the historical context of the two teams interactions to know whether they would prefer the broken patch and its fix merged into one or both in series or some other thing. People are particular about how they like to manage mistakes in their git trees, so it is best in this case that you/they do it. cheers, Douglas > [1] > https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/commit/?h=debian/experimental=e2c8a2391c7b6d422f5df40682b8b19f08b88dcf >
Bug#853929: icedove: links don't open in browser (due to apparmor restrictions on exo-open)
Package: icedove Version: 1:45.6.0-2 Severity: normal Tags: patch Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these template lines *** Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Douglas Bagnall <doug...@halo.gen.nz> To: Debian Bug Tracking System <sub...@bugs.debian.org> Subject: icedove: links don't open in browser (due to apparmor restrictions on exo-open) Message-ID: <148602214168.29518.11570819306163649937.report...@kip.halo.gen.nz> X-Mailer: reportbug 7.1.4 Date: Thu, 02 Feb 2017 20:55:41 +1300 Package: icedove Version: 1:45.6.0-2 Severity: normal Tags: patch Dear Maintainer, Clinking on a url in an email fails to open the link in a browser because icedove is trying to open the link using exo-open, but apparmor is preventing this from working. As strace puts it: [pid 28502] execve("/usr/bin/exo-open", ["exo-open", "--launch", "WebBrowser", "https://lwn.net/current/;], [/* 66 vars */]) = -1 EACCES (Permission denied) Looking in /etc/apparmor.d, I found this incantation: --- /etc/apparmor.d/usr.bin.icedove~2017-01-11 08:03:25.0 +1300 +++ /etc/apparmor.d/usr.bin.icedove 2017-02-02 20:21:19.178327290 +1300 @@ -25,6 +25,12 @@ #include #include + # For Xubuntu to launch the browser + /usr/bin/exo-open ixr, + /usr/lib/@{multiarch}/xfce4/exo-1/exo-helper-1 ixr, + /etc/xdg/xdg-xubuntu/xfce4/helpers.rc r, + /etc/xdg/xfce4/helpers.rc r, + # for crash reports? ptrace (read,trace) peer=@{profile_name}, Adding those lines fixes it. I am sorry if this is a dupe, but I couldn't find anything else referring to the same cause (if that is the root cause). -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_NZ.utf8, LC_CTYPE=en_NZ.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_NZ.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages icedove depends on: ii debianutils 4.8.1 ii fontconfig2.11.0-6.7 ii libasound21.1.2-1 ii libatk1.0-0 2.22.0-1 ii libc6 2.24-8 ii libcairo2 1.14.8-1 ii libdbus-1-3 1.10.14-1 ii libdbus-glib-1-2 0.108-2 ii libevent-2.0-52.0.21-stable-2.1 ii libffi6 3.2.1-6 ii libfontconfig12.11.0-6.7 ii libfreetype6 2.6.3-3+b1 ii libgcc1 1:6.3.0-5 ii libgdk-pixbuf2.0-02.36.3-1 ii libglib2.0-0 2.50.2-2 ii libgtk2.0-0 2.24.31-1 ii libhunspell-1.4-0 1.4.1-2+b1 ii libicu57 57.1-5 ii libnspr4 2:4.12-6 ii libnss3 2:3.26.2-1 ii libpango-1.0-01.40.3-3 ii libpangocairo-1.0-0 1.40.3-3 ii libpangoft2-1.0-0 1.40.3-3 ii libpixman-1-0 0.34.0-1 ii libsqlite3-0 3.16.2-1 ii libstartup-notification0 0.12-4 ii libstdc++66.3.0-5 ii libvpx4 1.6.1-2 ii libx11-6 2:1.6.4-2 ii libxcomposite11:0.4.4-2 ii libxdamage1 1:1.1.4-2+b1 ii libxext6 2:1.3.3-1 ii libxfixes31:5.0.3-1 ii libxrender1 1:0.9.10-1 ii libxt61:1.1.5-1 ii psmisc22.21-2.1+b1 ii zlib1g1:1.2.8.dfsg-4 Versions of packages icedove recommends: ii hunspell-en-au [hunspell-dictionary] 1:5.2.4-1 ii hunspell-en-gb [hunspell-dictionary] 1:5.2.4-1 pn iceowl-extension Versions of packages icedove suggests: ii apparmor 2.11.0-2 ii fonts-lyx 2.2.2-1 ii libgssapi-krb5-2 1.15-1 -- Configuration Files: -- no debconf information -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_NZ.utf8, LC_CTYPE=en_NZ.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_NZ.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages icedove depends on: ii debianutils 4.8.1 ii fontconfig2.11.0-6.7 ii libasound21.1.2-1 ii libatk1.0-0 2.22.0-1 ii libc6 2.24-8 ii libcairo2 1.14.8-1 ii libdbus-1-3 1.10.14-1 i
Bug#765567: xsltproc: bus error on some architectures
See later comments in https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1471029 The depth of recursion is not excessive, but the kernel is laying out the memory in a way that squishes the stack into the heap. This (from memory of tests I don't have right now) was fixed between 4.0 and 4.1. Douglas On Wed, 4 Jun 2014 22:27:03 +0200 Ivo De Decker ivo.dedec...@ugent.be wrote: package: xsltproc version: 1.1.28-2 severity: important Hi, On some architectures (like i386), xsltproc fails with Bus error when running /usr/bin/xsltproc --nonet -o smb.conf.5 man.xsl smb.conf.5.tmp.xml with the attached version of man.xsl and smb.conf.5.tmp.xml. This is done during the samba build. It fails on armel, armhf and i386, but doesn't fail on other architectures. fail: https://buildd.debian.org/status/fetch.php?pkg=sambaarch=armelver=2%3A4.1.7%2Bdfsg-2%2Bb1stamp=1401742626 https://buildd.debian.org/status/fetch.php?pkg=sambaarch=armhfver=2%3A4.1.7%2Bdfsg-2%2Bb1stamp=1401738640 https://buildd.debian.org/status/fetch.php?pkg=sambaarch=i386ver=2%3A4.1.7%2Bdfsg-2%2Bb1stamp=1401787651 ok: https://buildd.debian.org/status/fetch.php?pkg=sambaarch=amd64ver=2%3A4.1.7%2Bdfsg-2%2Bb1stamp=1401735339 The failure happened for a binnmu. The previous build went fine: https://buildd.debian.org/status/fetch.php?pkg=sambaarch=i386ver=2%3A4.1.7%2Bdfsg-2stamp=1397997714 I wasn't able to find a clear change between these builds which could explain why the failure happens now but didn't in the past (but there could be a change I overlooked). Cheers, Ivo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#639733: Warning message refers to wrong bug (xxx773, not xxx733)
I got these warnings: - Setting up wordpress (3.2.1+dfsg-3) ... WARNING: You have been affected by http://bugs.debian.org/639773 you should reinstall tinymce. WARNING: You have been affected by http://bugs.debian.org/639773 you should reinstall libjs-cropper. - and was a little confused to be reading an unconfirmed LVM bug report. I believe it should read http://bugs.debian.org/639733. regards, Douglas Bagnall -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#400875: not actually fixed, and potentially more serious
Options-Miscellaneous allows you to set the upload directory to a *relative* path. If you set it to, say, ../../../var/cache/wordpress/uploads/, it will accept the file and store it, but will make an url like this: http://blog.example.com/../../../var/cache/wordpress/uploads//2007/03/frog.jpg which isn't going to work. This of course means anyone with admin access to wordpress can, by resetting the upload path, write anywhere on the system that www-data can write, and can use the error messages to probe about. It would be best for wordpress to refuse to allow the file system to be scaled via ../. A symlink to a dedicated directory, as suggested above, sounds like a better idea. regards, Douglas Bagnall -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#344480: gdm: system hangs when X won't start due to missing input devices
Package: gdm Version: 2.8.0.6-2 Severity: important X was not starting due to an input device (aiptek tablet) symlink not existing. Gdm tried a few times then threw up a text screen offering to show the error. Unfortunately it refused to take any keyboard input. I couldn't even swap virtual consoles or ctl-alt-delete. Restarting by resetting the computer caused some filesystem corruption, and of course didn't solve the problem. I suggest this behaviour is a whole lot less user-friendly than merely crashing. To fix it I restarted in single user mode and put an exit at the top of /etc/init.d/gdm The last words in syslog before it turns to gobbledegook are: Dec 23 10:52:56 rudy gdm[3609]: gdm_slave_xioerror_handler: Fatal X error - Restarting :0 Dec 23 10:53:02 rudy gdm[3751]: gdm_slave_xioerror_handler: Fatal X error - Restarting :0 Dec 23 10:53:07 rudy gdm[3768]: gdm_slave_xioerror_handler: Fatal X error - Restarting :0 Dec 23 10:53:07 rudy gdm[3604]: deal_with_x_crashes: Running the XKeepsCrashing script /var/log/gdm/:0.log.[34] report a range of errors with the missing aiptek device, and finish with Caught signal 11. Server aborting. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14.3 Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Versions of packages gdm depends on: ii adduser 3.80Add and remove users and groups ii debconf [debconf-2.0]1.4.65 Debian configuration management sy ii gksu 1.3.6-1 graphical frontend to su ii gnome-session2.10.0-8The GNOME 2 Session Manager ii gnome-terminal [x-termin 2.10.0-3The GNOME 2 terminal emulator appl ii libart-2.0-2 2.3.17-1Library of functions for 2D graphi ii libatk1.0-0 1.10.3-1The ATK accessibility toolkit ii libattr1 2.4.25-1Extended attribute shared library ii libaudiofile00.2.6-6 Open-source version of SGI's audio ii libbonobo2-0 2.10.1-1Bonobo CORBA interfaces library ii libbonoboui2-0 2.10.1-1The Bonobo UI library ii libbz2-1.0 1.0.2-11high-quality block-sorting file co ii libc62.3.5-9 GNU C Library: Shared libraries an ii libcroco30.6.0-2 a generic Cascading Style Sheet (C ii libdmx1 6.8.2.dfsg.1-11 Distributed Multihead X client lib ii libesd0 0.2.36-1Enlightened Sound Daemon - Shared ii libgconf2-4 2.10.1-6GNOME configuration database syste ii libgcrypt11 1.2.2-1 LGPL Crypto library - runtime libr ii libglade2-0 1:2.5.1-2 library to load .glade files at ru ii libglib2.0-0 2.8.4-2 The GLib library of C routines ii libgnome-keyring00.4.5-1 GNOME keyring services library ii libgnome2-0 2.10.1-1The GNOME 2 library - runtime file ii libgnomecanvas2-02.10.2-2A powerful object-oriented display ii libgnomeui-0 2.10.1-1The GNOME 2 libraries (User Interf ii libgnomevfs2-0 2.10.1-5The GNOME virtual file-system libr ii libgnutls11 1.0.16-14 GNU TLS library - runtime library ii libgpg-error01.1-4 library for common error values an ii libgsf-1-113 1.13.3-1Structured File Library - runtime ii libgtk2.0-0 2.8.9-2 The GTK+ graphical user interface ii libice6 6.8.2.dfsg.1-11 Inter-Client Exchange library ii libjpeg626b-11 The Independent JPEG Group's JPEG ii liborbit21:2.12.4-1 libraries for ORBit2 - a CORBA ORB ii libpam-modules 0.79-3 Pluggable Authentication Modules f ii libpam-runtime 0.79-3 Runtime support for the PAM librar ii libpam0g 0.79-3 Pluggable Authentication Modules l ii libpango1.0-01.10.1-2Layout and rendering of internatio ii libpopt0 1.7-5 lib for parsing cmdline parameters ii librsvg2-2 2.9.5-6 SAX-based renderer library for SVG ii libselinux1 1.26-1 SELinux shared libraries ii libsm6 6.8.2.dfsg.1-11 X Window System Session Management ii libtasn1-2 0.2.17-1Manage ASN.1 structures (runtime) ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii libx11-6 6.8.2.dfsg.1-11 X Window System protocol client li ii libxau6 6.8.2.dfsg.1-11 X Authentication library ii libxdmcp66.8.2.dfsg.1-11 X Display Manager Control
Bug#316498: octave2.1: broken depencency on libhdf5-1.6.2-0
Package: octave2.1 Version: 2.1.69-1 Severity: important Octave depends on libhdf5-serial-1.6.2-0 | libhdf5-1.6.2-0 but these are unavailable. The closest thing is libhdf5-serial-1.6.4-0 The package is therefore uninstallable. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11.7 Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]