Bug#506353: lenny removal requests
so here are three RC bugs with maintainers clearly indicating that they don't want the buggy packages to release and none look like they will be fixed. The package do not have reverse dependencies, so they seem to be good for removal. mailscanner #506353 The maintainer Simon Walter writes: In the current state the package should not be part of the lenny release. I'm in no position to fix all this. I'm not familiar enough with the MailScanner sourcecode and I'm not able to test the changes I would have to make, in particular to all the virusscanner scripts. upstream apparently does not seem to, let's say, consider the tempfile vulnerability a bug and does not seem to want to fix it. The mailscanner temp vulnerability seems to be fixed in upstream: --- http://www.mailscanner.info/ChangeLog 18/12/2008 New in Version 4.74.11-1 ... * Fixes * 2 Major work on removing symlink attack vulnerabilities affecting -autoupdate lock files. Note: This vulnerability only affected systems where normal interactive users could log in to the system, or create arbitrary symlinks in your filesystem. So the ISP-style setups were never vulnerable, as they didn't allow normal users to login or allow people to arbitrarily create symlinks in the filesystem. 2 Removed symlink attack vulnerabilities in SpamAssassin --- Or are there more? G. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#478193: php5-imap file open error 1024
It _also_ makes sense to file a separate bug against php-imap requesting to improve code there. But I suspect that to take longer. Yes. Or at least know about the problem. There would be no easy workaround I guess, one soultion would be to use someting else than uw-imap... It makes best sense for me for the bug to be fixed with UW-imap, applied as a patch here locally for the Debian package. I am not able to code a fix for UW-iamp. Help is much appreciated! At http://mailman1.u.washington.edu/pipermail/imap-uw/2008-May/002059.html there is a reference to change 5+2 select() functions to poll(), however, I am not a programmer and also not quite aware of the consequences (eg. some system does not have poll() - (?) ) G. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#478193: php5-imap file open error 1024
Package: php5-imap
Version: 5.2.5-3
Severity: normal
When there are more than 1024 opened file by apache process,
[such as two logs (error+access) for 512 pcs virtualhosts), then
a php code running a
imap_open({127.0.0.1:110/pop3/notls/debug/user=test}INBOX, ...
results in:
[Fri Apr 25 15:34:13 2008] [error] [client 127.0.0.1]
PHP Warning:
imap_open() [a href='function.imap-open'function.imap-open/a]:
Couldn't open stream {127.0.0.1:110/pop3/notls}INBOX
in /var/www/test/PEAR/Mail/IMAPv2.php on line 369
Getting more info by print imap_last_error(); results in:
[2008-04-25 15:34] Unable to create selectable TCP socket (1054 = 1024)
notes:
a) the Unable to create selectable TCP socket can be found in
libc-client.so.2007 --- UW c-client library for mail protocols
[ http://packages.debian.org/lenny/libc-client2007 ]
b) apache have no problem opening 1024+ log files, nor any other
php scripts using file opens - only imap_open
c) I have ulimit on 2048, not the default 1024 (otherwise apache
couldn't make it as well)
d) the very same script containing imap_open works excellently
when there are less than 1024 files opened by its apache process
e) google gives that others have/had similar problem (no resolutions),
probably not distribution dependent - upstream?
f) versions doesn't seem to matter, but for the records, it is debian
testing (lenny) with apache2.2 2.2.8-3 / php5 5.2.5-3 /
libc-client2007 (7:2007~dfsg-1)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#478193: php5-imap file open error 1024
in package uw-imap_2007~dfsg.orig.tar.gz
in file imap-2007/src/osdep/unix/tcp_unix.c
at line 253, there is:
else if (sock = FD_SETSIZE) {/* unselectable sockets are useless */
sprintf (tmp,Unable to create selectable TCP socket (%d = %d),
sock,FD_SETSIZE);
which is bad, as it can be that FD_SETSIZE won't be the
same as the actual system ulimit value - such as now...
[just checked, this is the same in latest upstream release,
imap-2007b.DEV.SNAP-0803271840.tar.Z
2008-MAR-28]
Couldn't simply socket opening without checking work?
Then handle if we get an error there?
Reassign to uw-imap? Upstream?
G.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#465081: [php-maint] Bug#465081: apache2.2.6/mod-php5.2.4-2+b1 [becauseof suhosin?] -- segmentation fault [debian testing]
On Sun, Feb 10, 2008 at 04:07:28PM +0100, Gabor FUNK wrote: Package: libapache2-mod Version: 5.2.4-2+b1 Severity: important When I migrated to Apache 2.2.6-3 + PHP 5.2.4-2+b1 (mpm-prefork) from testing at about January 29, I started experiencing Apache Segmentation faults very frequently. This is no longer the current version of php5 in testing or unstable. Can you please upgrade to libapache2-mod-php5 to verify whether the problem still exists in this later version? I updated my test server, and the relative path to '/' (root dir) change problem exist with the current version too. (Apache/2.2.8 (Debian) PHP/5.2.5-2 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g) [Mon Feb 11 10:30:18 2008] [error] [client 192.168.15.77] PHP Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid is 33 is not allowed to access / owned by uid 0 in Unknown on line 0 As for the UID mixup and the eventual segfault, I need to do the test on the production server [need the stress], but whatever will be the result, the path change itself is a bug and seem to be the cause of the UID mixup (heap corruption?) and the segfault. Gabor -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#465081: apache2.2.6/mod-php5.2.4-2+b1 [because of suhosin?] -- segmentation fault [debian testing]
Package: libapache2-mod
Version: 5.2.4-2+b1
Severity: important
When I migrated to Apache 2.2.6-3 + PHP 5.2.4-2+b1 (mpm-prefork) from testing
at about January 29, I started experiencing Apache Segmentation faults very
frequently.
Using strace I narrowed down the problem's cause which was .htaccess file
containing:
php_value error_log somelogfile.log
This (relative path) was working on this very same server before the update, by
that time the server was running PHP 5.2.3-1+lenny1.
I suspect this is related to the Suhosin patch, though this is just a feeling.
It seems that the updated PHP and the usage of the (previously working)
relative path+safe mode+not www-data uid generally only creates a
PHP Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid
is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0
in the log file [note root /], however, under heavy stress, UID mixups occur,
and eventually some of this ends up in segfaulting the apache child - [which
then might
stuck in the memory and taking up heavy CPU resources].
Please note that UID (bold/red) gets screwed up too, under heavy stress [5163
is the legal user id for that virtual host and 5152 is a totally different
and unrelated one].
[Fri Feb 01 23:10:28 2008] [error] [client 91.83.33.155] PHP Warning: Unknown:
SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed
to access / owned by uid 0 in Unknown on line 0
[Fri Feb 01 23:10:29 2008] [error] [client 91.83.33.155] PHP Warning: Unknown:
SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed
to access / owned by uid 0 in Unknown on line 0, [Fri Feb 01 23:10:29 2008]
[error] [client 91.83.33.155] PHP Warning: Unknown: SAFE MODE Restriction in
effect. The script whose uid is 5163 is not allowed to access / owned by uid 0
in Unknown on line 0,
[Fri Feb 01 23:10:29 2008] [error] [client 91.83.33.155] PHP Warning: Unknown:
SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed
to access / owned by uid 0 in Unknown on line 0,
[Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP Warning: Unknown:
SAFE MODE Restriction in effect. The script whose uid is 5152 is not allowed
to access / owned by uid 0 in Unknown on line 0,
[Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP Warning: Unknown:
SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed
to access / owned by uid 0 in Unknown on line 0,
[Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP Warning: Unknown:
SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed
to access / owned by uid 0 in Unknown on line 0,
[Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP Warning: Unknown:
SAFE MODE Restriction in effect. The script whose uid is 5152 is not allowed
to access / owned by uid 0 in Unknown on line 0,
[Fri Feb 01 23:11:39 2008] [error] [client 91.83.33.155] PHP Warning: Unknown:
SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed
to access / owned by uid 0 in Unknown on line 0,
Since this is a production server with heavy load, I didn't have too much
resource to do thorough testing, but I was able to get some strace when
segfault occurred:
[Wed Jan 30 11:38:23 2008] [notice] child pid 13940 exit signal Segmentation
fault (11)
Strace excerpt from pid 13940:
accept(3, {sa_family=AF_INET, sin_port=htons(30925),
sin_addr=inet_addr(212.72.104.203)}, [16]) = 980
semop(1703943, 0xb7cd1cfa, 1) = 0
gettimeofday({1201689547, 25972}, NULL) = 0
fcntl64(980, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(980, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1201689547, 28806}, NULL) = 0
read(980, GET
/components/com_virtuemart/show_image_in_imgtag.php?filename=e5017277e9d2f8df84e0c89fffe67834.jpgnewxsize=100newys...,
8000) = 603
gettimeofday({1201689547, 172482}, NULL) = 0
gettimeofday({1201689547, 174219}, NULL)
= 0
gettimeofday({1201689547, 176043}, NULL)
= 0
stat64(/var/www/somedomain.hu/components/com_virtuemart/show_image_in_imgtag.php,
{st_mode=S_IFREG|0640, st_size=3477, ...}) = 0
lstat64(/var, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64(/var/www, {st_mode=S_IFDIR|0755, st_size=20480, ...})
= 0
open(/var/www/.htaccess, O_RDONLY|O_LARGEFILE)
= -1 ENOENT (No such file or directory)
open(/var/www/somedomain.hu/.htaccess, O_RDONLY|O_LARGEFILE)
= 981
fstat64(981, {st_mode=S_IFREG|0640, st_size=5014, ...})
= 0
read(981, #agocsp\nphp_value register_globals OFF\n\nphp_flag display_errors
on\n\nphp_value log_errors 1\nphp_value
Bug#461863: f-prot download link changed
f-prot download link ws changed to: http://files.f-prot.com/files/linux-x86/fp-Linux-i686-ws.tar.gz read more at: http://www.f-prot.com/download/home_user/ debian package also available http://files.f-prot.com/files/linux-x86/fp-linux-ws.deb -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#440507: mysqlhotcopy Invalid db.table name ... at /usr/bin/mysqlhotcopy line 859 - patch included
Package: mysql-server-5.0
Version: mysql-dfsg-5.0 5.0.45-1
I guess this should be fixed upstream, but upstream bug opened
at 20th March, 2007 with Severity: S1 (Critical), yet not seem
to be fixed.
(http://bugs.mysql.com/bug.php?id=27303)
Patch and all other previous details:
- Original Message -
From: Gabor FUNK
To: [EMAIL PROTECTED] ; [EMAIL PROTECTED] ; [EMAIL PROTECTED]
Sent: Sunday, August 05, 2007 10:45 AM
Subject: Fw: 5.0.41a-1 - mysqlhotcopy error
I know mysql package is a bit orphaned, and mysqlhotcopy has even
less priority, but I provide a patch to fix stil existing mysqlhotcopy
error, hoping that it will make into the distribution
#--8--
--- mysqlhotcopy.ori 2007-06-25 03:05:26.0 +0200
+++ mysqlhotcopy 2007-08-05 10:37:51.0 +0200
@@ -837,6 +837,7 @@
});
my @dbh_tables = eval { $dbh-tables() };
+map { s/^.*?\.//o } @dbh_tables;
## Remove quotes around table names
my $quote = $dbh-get_info(29); # SQL_IDENTIFIER_QUOTE_CHAR
#--8--
Cheers, G.
- Original Message -
From: Gabor FUNK [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 02, 2007 10:28 AM
Subject: 5.0.41a-1 - mysqlhotcopy error
I recently updated my testing system, mysql is at 5.0.41a-1 now.
Before mysqlhotcopy was working well, after the upgrade it
displayed the following error message:
Invalid db.table name 'foo.foo`.`bar' at /usr/bin/mysqlhotcopy line 859.
(real example:
Invalid db.table name 'huweb-forum.huweb-forum`.`phpbb_attach_quota' at
/usr/bin/mysqlhotcopy line 859. )
This seems to be sort of upstream - but it is only in verified status.
http://bugs.mysql.com/bug.php?id=27303
As described above, it can be fixed by adding a line containing:
map { s/^.*?\.//o } @dbh_tables;
after line 839 which is
my @dbh_tables = eval { $dbh-tables() };
(This is mysqlhotcopy v1.22, size 33225, dated Jun 25, 03:05)
I can confirm that this works indeed .
G.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#356700: syslog-ng: Inappropriately expects \n (and \0?) in syslog messages
I just did an upgrade (testing), perl got version 5.8.8-4, and this problem disappeared [with syslog-ng + mailscanner]. John, Can you confirm if this fixed your problem with postfix too, so we can close this bug? G. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#356700: syslog-ng: Inappropriately expects \n (and \0?) in syslog messages
Same happens with syslog-ng/mailscanner. Very small part of just one line for example: 2006-04-11 23:55:47 ns1 MailScanner[26405]: MailScanner E-Mail Virus Scanner version 4.51.5 starting...22Apr 11 23:55:48 MailScanner[26405]: I have found f-prot clamav mcafee scanners installed, and will use them all by default.22Apr 11 23:55:48 MailScanner[26405]: ClamAV scanner using unrar command /usr/bin/unrar22Apr 11 23:55:48 MailScanner[26405]: Using locktype = posix22Apr 11 23:55:48 MailScanner[26405]: Creating hardcoded struct_flock subroutine for linux (Linux-type)22Apr 11 23:55:54 MailScanner[26405]: New Batch: Scanning 14 messages, 2258398 bytes22Apr 11 23:55:54 MailScanner[26405]: Expanding TNEF archive at /var/spool/MailScanner/incoming/26405/1FTQCD-rd-NG/winmail.dat22Apr 11 23:55:54 MailScanner[26405]: Message 1FTQCD-rd-NG added TNEF contents msg-26405-11.txt,msg-26405-21.msg,msg-26405-31.txt,HTPlus e171.pdf22Apr 11 23:55:54 MailScanner[26405]: Message 1FTQCD-rd-NG has had TNEF winmail.dat removed22Apr 11 23:55:54 MailScanner[26405]: Virus and Content Scanning: Starting22Apr 11 23:55:58 MailScanner[26405]: Filename Checks: Allowing 1FTQCD-rd-NG msg-26405-1.txt (no rule matched)22Apr 11 23:55:58 MailScanner[26405]: Filename Checks: Allowing 1FTQCD-rd-NG msg-26405-2.msg (no rule matched)22Apr 11 23:55:58 MailScanner[26405]: Filename Checks: Allowing 1FTQCD-rd-NG msg-26405-3.txt (no rule matched)22Apr 11 23:55:58 22 -- mail.info (Some more examples here: http://www.huweb.hu/v/ms/mail.info ) Furthermore it seems that 1st part of the line starts normally, eg.: 2006-04-11 23:55:47 ns1 MailScanner[26405]: while subsequent lines lose date format and host name... Apr 11 23:55:48 MailScanner[26405]: Don't know whether it is syslog-ng's, mailscanner's or perl's fault but I'd like to have it fixed :-) Obviously we can't fix the RFC if that would be the bad one :-] Cheers, G. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
