Bug#992172: exim4: CVE-2021-38371
[not encrypted, I'm not able to find the key of Moritz] Hi, Salvatore Bonaccorso (Mi 15 Mär 2023 20:49:01 CET): > Looks the planned advisory at > https://www.exim.org/static/doc/security/CVE-2021-38371.txt is not > online. I found the message from last year on the list, and the today's messages too. It seems that there was some discussion about the content of the advisory. I'll try to clarify it and then return. -- Heiko signature.asc Description: PGP signature
Bug#991130: Manpage: CASignatureAlgorithms mentions a wrong default
Package: openssh-server Version: 1:7.9p1-10+deb10u2 Severity: normal Dear Maintainer, on a current unreleased Debian bullseye (openssh-server 1:8.4p1-5) the sshd_config(5) mentions the CASignatureAlgorithms with a wrong default: |CASignatureAlgorithms |Specifies which algorithms are allowed for signing of certifi- |cates by certificate authorities (CAs). The default is: | | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | |Certificates signed using other algorithms will not be accepted |for public key or host-based authentication. The ssh-rsa algorithm is not in the default set of algorithms, as it seems (tested with the above server version, after setting the CASignatureAlgorithms options to the (mistakenly documented default), SSH certificates with RSA signatures worked again. This should be clearly stated in this section.
Bug#985243: Fixed upstream
Hi, FYI: The Exim project tracks this issue already: https://bugs.exim.org/show_bug.cgi?id=2594 The commit 0851a3bbf4667081d47f5d85b6b3a5cb33cbdba6 https://git.exim.org/exim.git/commitdiff/0851a3bbf4667081d47f5d85b6b3a5cb33cbdba6 fixes this issue. The commit 3fe5ec41e81831028c992f77a15292872fbbac75 on the exim-4.94+testing branch cherry-picks the above change. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - signature.asc Description: PGP signature
Bug#983795: libnss-sss: libnss_sss fails to enumerate users/groups if the call to endXXent() is missing. (observed with Dovecot)
Package: libnss-sss Version: libnss_sss fails on enumeration of users/groups Severity: important Tags: upstream patch Dear Maintainer, the NSS responder of sssd fails to *rewind* in calls set setXYent(). It succeeds only for the very first call to setXYent() during a session, which makes this bug a bit hidden - as most applications don't try to iterate the XY database multiple times. But - dovecot is a good example, its auth process keeps the NSS "connection" open and may iterate multiple times over the list of users. The first iteration returns all users (from local files and from AD backed sssd, the next iteration returns only the users from local files, but not the users from the AD backed sssd. While this may be considered dovecot's fault, the documentation about setXYent says, that it rewinds the iterator. (It doesn't mention that a consumer *must* use endXYent()) The authors of sssd confirmed that bug, I opened an issue and a pull requrest there already: - https://github.com/SSSD/sssd/issues/5523 - https://github.com/SSSD/sssd/pull/5524 I'm appending a patch I'm using for my private Buster packages of sssd. (The patch is not 100% equivalent to the above mentioned PR, as the version of sssd that is shipped with Debian10 is 1.6.x, and the upstream is at 2.x already, implementing more setXYent()) -- System Information: Debian Release: 10.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (102, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.8.5 (SMP w/8 CPU cores) Kernel taint flags: TAINT_UNSIGNED_MODULE Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libnss-sss depends on: ii libc6 2.28-10 Versions of packages libnss-sss recommends: pn sssd libnss-sss suggests no packages. Description: Fix setXYent() setXYent() failed to rewind. Usage patterns like setpwent(); while (getpwent()) { … }; endpwent(); setpwent(); while (getpwent()) { … }; endpwent(); failed, if the endpwent() was missing. (Dovecot is a good example for missing the endpwent() call. Author: Heiko Schlittermann Bug: https://github.com/SSSD/sssd/issues/5523 Last-Update: 2021-03-01 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/src/responder/nss/nss_cmd.c +++ b/src/responder/nss/nss_cmd.c @@ -939,6 +939,11 @@ static errno_t nss_cmd_setpwent(struct cli_ctx *cli_ctx) { struct nss_ctx *nss_ctx; +struct nss_state_ctx *state_ctx; + +state_ctx = talloc_get_type(cli_ctx->state_ctx, struct nss_state_ctx); +state_ctx->pwent.domain = 0; +state_ctx->pwent.result = 0; nss_ctx = talloc_get_type(cli_ctx->rctx->pvt_ctx, struct nss_ctx); @@ -995,6 +1000,11 @@ static errno_t nss_cmd_setgrent(struct cli_ctx *cli_ctx) { struct nss_ctx *nss_ctx; +struct nss_state_ctx *state_ctx; + +state_ctx = talloc_get_type(cli_ctx->state_ctx, struct nss_state_ctx); +state_ctx->grent.domain = 0; +state_ctx->grent.result = 0; nss_ctx = talloc_get_type(cli_ctx->rctx->pvt_ctx, struct nss_ctx); @@ -1037,6 +1047,12 @@ static errno_t nss_cmd_setnetgrent(struct cli_ctx *cli_ctx) { +struct nss_state_ctx *state_ctx; + +state_ctx = talloc_get_type(cli_ctx->state_ctx, struct nss_state_ctx); +state_ctx->netgrent.domain = 0; +state_ctx->netgrent.result = 0; + return nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME, nss_protocol_fill_setnetgrent); } @@ -1090,6 +1106,11 @@ static errno_t nss_cmd_setservent(struct cli_ctx *cli_ctx) { struct nss_ctx *nss_ctx; +struct nss_state_ctx *state_ctx; + +state_ctx = talloc_get_type(cli_ctx->state_ctx, struct nss_state_ctx); +state_ctx->svcent.domain = 0; +state_ctx->svcent.result = 0; nss_ctx = talloc_get_type(cli_ctx->rctx->pvt_ctx, struct nss_ctx);
Bug#983510: dovecot-core: repeated user enumeration fails with sssd backend (and probably others)
Package: dovecot-core Version: 2.3.4.1-5+deb10u1 Severity: important Tags: patch upstream Dear Maintainer, the issue can be found on the dovecot mailing list: https://dovecot.org/pipermail/dovecot/2021-February/121478.html When using sssd as nss plugin, fast repeating calls to `doveadm user *` do not return the full list of users for each invocation, but for the first invocation only. After a longer period of time (when the started dovecot/auth processes died), or directly after killing dovecot/auth processes, the user list is complete again. This seems to be caused by a missing call to endpwent() in the userdb-passwd auth plugin of dovecot. It breaks other tools that rely on the user enumeration, if they are called in a fast successive order (`doveadm quota recalc -A`, followed by other `doveadm XXX -A` commands, and thelike). I created the attached patch and deployed it to my systems, and it seems to solve the issue. I assume that it doesn't introduce other problems. (Maybe, the issue can be handled on the sssd side as well, if the sssd nss plugin sees successive calls to setpwend() with a missing endpwent(), it could do the endpwend() on its own.) -- System Information: Debian Release: 10.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (102, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.8.5 (SMP w/8 CPU cores) Kernel taint flags: TAINT_UNSIGNED_MODULE Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages dovecot-core depends on: ii adduser 3.118 ii libapparmor1 2.13.2-10 ii libbz2-1.0 1.0.6-9.2~deb10u1 ii libc62.28-10 ii libexttextcat-2.0-0 3.4.5-1 ii libicu63 63.1-6+deb10u1 ii liblua5.3-0 5.3.3-1.1 ii liblz4-1 1.8.3-1 ii liblzma5 5.2.4-1 ii libpam-runtime 1.3.1-5 ii libpam0g 1.3.1-5 ii libsodium23 1.0.17-1 ii libssl1.11.1.1d-0+deb10u5 ii libstemmer0d 0+svn585-1+b2 ii libwrap0 7.6.q-28 ii lsb-base 10.2019051400 ii openssl 1.1.1d-0+deb10u5 pn ssl-cert ii ucf 3.0038+nmu1 ii zlib1g 1:1.2.11.dfsg-1 dovecot-core recommends no packages. Versions of packages dovecot-core suggests: pn dovecot-gssapi pn dovecot-imapd pn dovecot-ldap pn dovecot-lmtpd pn dovecot-lucene pn dovecot-managesieved pn dovecot-mysql pn dovecot-pgsql pn dovecot-pop3d pn dovecot-sieve pn dovecot-solr pn dovecot-sqlite pn dovecot-submissiond pn ntp From: Heiko Schlittermann Subject: Add missing endpwent() to the userdb-passwd iterator. --- a/src/auth/userdb-passwd.c +++ b/src/auth/userdb-passwd.c @@ -210,6 +210,7 @@ cur_userdb_iter_to = timeout_add(0, passwd_iterate_next_timeout, (void *)NULL); } +endpwent(); return ret; }
Bug#941345: [git-buildpackage/master] buildpackage: Honor --git-arch for GBP_CHANGES_FILE
tag 941345 pending thanks Date: Sun Sep 29 11:56:33 2019 +0200 Author: Heiko Schlittermann Commit ID: d9e473408e17cb267123e62f6f8b0326fafe2f9a Commit URL: https://git.sigxcpu.org/cgit/git-buildpackage//commit/?id=d9e473408e17cb267123e62f6f8b0326fafe2f9a Patch URL: https://git.sigxcpu.org/cgit/git-buildpackage//patch/?id=d9e473408e17cb267123e62f6f8b0326fafe2f9a buildpackage: Honor --git-arch for GBP_CHANGES_FILE Closes: #941345
Bug#943814: amanda-common: amcrypt-ossl-asym fails: deprecated options of openssl enc
Package: amanda-common Version: 3.5.1 Severity: important Tags: upstream patch Dear Maintainer, using amcrypt-ossl-asym results in extra output about deprected "openssl enc" options and does not encrypt: no backup is written! root@marta:/# date | sudo -su backup amcrypt-ossl-asym >/dev/null *** WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better. For testing purpose I added (as recommended) the option -pbkdf2 to the encoding and the decoding lines and now it works. Please fix and report upstream. Thank you. -- System Information: Debian Release: 10.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_DK:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages amanda-common depends on: ii adduser 3.118 ii debconf [debconf-2.0] 1.5.71 ii libc6 2.28-10 pn libcurl3 ii libcurl4 7.64.0-4 ii libglib2.0-0 2.58.3-2+deb10u1 ii libssl1.1 1.1.1d-0+deb10u2 ii mailutils [mailx] 1:3.5-3 pn openbsd-inetd | inet-superserver ii perl 5.28.1-6 ii perl-base [perlapi-5.28.0]5.28.1-6 pn perlapi-5.24.1 ii update-inetd 4.49 amanda-common recommends no packages. Versions of packages amanda-common suggests: pn amanda-server | amanda-client
Bug#943740: amanda-server: IPv6 support is disabled for 10 years already.
Package: amanda-server Version: ipv6 support disabled for 10 years already Severity: important Tags: ipv6 Dear Maintainer, is there any reason that IPv6 support is disabled for about 10 years already? Amanda builds cleanly with the --without-ipv6 option removed. If it works I've to find out. -- System Information: Debian Release: 10.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_DK:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages amanda-server depends on: pn amanda-common ii libc6 2.28-10 pn libcurl3 ii libcurl4 7.64.0-4 ii libglib2.0-0 2.58.3-2+deb10u1 ii libjson-perl 4.02000-1 ii libssl1.1 1.1.1d-0+deb10u2 ii mailutils [mailx] 1:3.5-3 ii perl 5.28.1-6 amanda-server recommends no packages. Versions of packages amanda-server suggests: pn amanda-client ii cpio 2.12+dfsg-9 ii gnuplot 5.2.6+dfsg1-1+deb10u1 ii gnuplot-qt [gnuplot] 5.2.6+dfsg1-1+deb10u1
Bug#941345: Acknowledgement (git-buildpackage: Option --git-arch ignored when constructing the GBP_CHANGES_FILE variable for the postbuild hook)
A proposed fix follows. But please note, I'm by far not an Python programmer, so I just tried to understand what's going on and introduced the necessary changes. It's of "works for me" quality. :) --- dist-packages/gbp/scripts/buildpackage.py 2019-09-29 11:49:49.928996655 +0200 +++ /tmp/patched2019-09-29 11:49:46.60056 +0200 @@ -284,7 +284,7 @@ setattr(options, hook, '') -def changes_file_suffix(builder, dpkg_args): +def changes_file_suffix(builder, dpkg_args, arch): """ >>> changes_file_suffix('debuild', ['-A']) 'all' @@ -303,15 +303,15 @@ elif '-A' in args: return 'all' else: -return os.getenv('ARCH', None) or du.get_arch() +return arch or os.getenv('ARCH', None) or du.get_arch() -def changes_file_name(source, build_dir, builder, dpkg_args): +def changes_file_name(source, build_dir, builder, dpkg_args, arch): return os.path.abspath("%s/../%s_%s_%s.changes" % (build_dir, source.changelog.name, source.changelog.noepoch, -changes_file_suffix(builder, dpkg_args))) +changes_file_suffix(builder, dpkg_args, arch))) def check_branch(repo, options): @@ -509,7 +509,7 @@ else source.upstream_version) export_dir = os.path.join(output_dir, "%s-%s" % (source.sourcepkg, major)) build_dir = export_dir if options.export_dir else repo.path -changes_file = changes_file_name(source, build_dir, options.builder, dpkg_args) +changes_file = changes_file_name(source, build_dir, options.builder, dpkg_args, options.pbuilder_arch) # Run preexport hook if options.export_dir and options.preexport: Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 - signature.asc Description: PGP signature
Bug#941345: git-buildpackage: Option --git-arch ignored when constructing the GBP_CHANGES_FILE variable for the postbuild hook
(9.0.12+nmu1) ... update-alternatives: using /usr/bin/bsd-write to provide /usr/bin/write (write) in auto mode update-alternatives: using /usr/bin/bsd-from to provide /usr/bin/from (from) in auto mode Setting up autopoint (0.19.8.1-2+deb9u1) ... Setting up libidn11:i386 (1.33-1) ... Setting up zlib1g-dev:i386 (1:1.2.8.dfsg-5) ... Setting up libfile-stripnondeterminism-perl (0.034-1) ... Setting up libdb-dev:i386 (5.3.1) ... Setting up libmariadbclient-dev (10.1.41-0+deb9u1) ... Setting up libspf2-dev (1.2.10-7+b2) ... Setting up libpcre3-dev:i386 (2:8.39-3) ... Setting up libssl-dev:i386 (1.1.0k-1~deb9u1) ... Setting up libglib2.0-0:i386 (2.50.3-2+deb9u1) ... No schema files found: doing nothing. Setting up autoconf (2.69-10) ... Setting up libmariadb-dev (2.3.2-2) ... Setting up file (1:5.30-1+deb9u2) ... Setting up libkrb5support0:i386 (1.15-1+deb9u1) ... Setting up libcroco3:i386 (0.6.11-3) ... Setting up pkg-config (0.29-4+b1) ... Setting up libopendmarc2 (1.3.2-2+deb9u1) ... Setting up libp11-kit0:i386 (0.23.3-2) ... Setting up automake (1:1.15-6) ... update-alternatives: using /usr/bin/automake-1.15 to provide /usr/bin/automake (automake) in auto mode Setting up man-db (2.7.6.1-2) ... Building database of manual pages ... Setting up libtool (2.4.6-2) ... Setting up libk5crypto3:i386 (1.15-1+deb9u1) ... Setting up gettext (0.19.8.1-2+deb9u1) ... Setting up libgnutls30:i386 (3.5.8-5+deb9u4) ... Setting up libopendmarc-dev (1.3.2-2+deb9u1) ... Setting up intltool-debian (0.35.0+20060710.4) ... Setting up libldap-2.4-2:i386 (2.4.44+dfsg-5+deb9u3) ... Setting up libkrb5-3:i386 (1.15-1+deb9u1) ... Setting up libldap2-dev:i386 (2.4.44+dfsg-5+deb9u3) ... Setting up po-debconf (1.0.20) ... Setting up libgssapi-krb5-2:i386 (1.15-1+deb9u1) ... Setting up libpq5:i386 (9.6.15-0+deb9u1) ... Setting up libpq-dev (9.6.15-0+deb9u1) ... Setting up dh-autoreconf (14) ... Setting up dh-strip-nondeterminism (0.034-1) ... Setting up debhelper (10.2.5) ... Processing triggers for libc-bin (2.24-11+deb9u4) ... Reading package lists... Building dependency tree... Reading state information... Reading extended state information... Initializing package states... Writing extended state information... Building tag database... -> Finished parsing the build-deps Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: libfakeroot The following NEW packages will be installed: fakeroot libfakeroot debconf: delaying package configuration, since apt-utils is not installed 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/134 kB of archives. After this operation, 369 kB of additional disk space will be used. Selecting previously unselected package libfakeroot:i386. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 15181 files and directories currently installed.) Preparing to unpack .../libfakeroot_1.21-3.1_i386.deb ... Unpacking libfakeroot:i386 (1.21-3.1) ... Selecting previously unselected package fakeroot. Preparing to unpack .../fakeroot_1.21-3.1_i386.deb ... Unpacking fakeroot (1.21-3.1) ... Processing triggers for libc-bin (2.24-11+deb9u4) ... Setting up libfakeroot:i386 (1.21-3.1) ... Processing triggers for man-db (2.7.6.1-2) ... Setting up fakeroot (1.21-3.1) ... update-alternatives: using /usr/bin/fakeroot-sysv to provide /usr/bin/fakeroot (fakeroot) in auto mode Processing triggers for libc-bin (2.24-11+deb9u4) ... [0mI: Copying back the cached apt archive contents[0m [0mI: Building the package[0m [0mI: Running cd /build/exim4-exim.org-4.92.3+fixes-35-g40b67cbe7/ && env PATH="/usr/lib/ccache:/usr/sbin:/usr/bin:/sbin:/bin" HOME="/nonexistent" dpkg-buildpackage -us -uc '-b'[0m dpkg-buildpackage: info: source package exim4-exim.org dpkg-buildpackage: info: source version 4.92.3+fixes-35-g40b67cbe7-1+deb9u1 dpkg-buildpackage: info: source distribution stretch dpkg-buildpackage: info: source changed by Heiko Schlittermann (HS12-RIPE) dpkg-source --before-build exim4-exim.org-4.92.3+fixes-35-g40b67cbe7 dpkg-buildpackage: info: host architecture i386 dpkg-source: warning: unknown information field 'Tag' in input data in general section of control info file fakeroot debian/rules clean dh clean --parallel dh_testdir -O--parallel debian/rules override_dh_auto_clean make[1]: Entering directory '/build/exim4-exim.org-4.92.3+fixes-35-g40b67cbe7
Bug#906137: courier-authlib-pipe: authdaemon passes the socket FD to the authProg worker, causing an usuccessful close for the first connecting client
Package: courier-authlib-pipe Version: 0.66.4-9 Severity: important Tags: upstream Dear Maintainer, * What led up to the situation? I'm using a variant of the example authProg script. The authdaemon starts the external authProg *after* accepting the first connection from the client. accept(5, {sa_family=AF_UNIX}, [16->2]) = 4 <0.33> fcntl(4, F_SETFL, O_RDONLY) = 0 <0.000151> ... select(5, [4], NULL, NULL, {tv_sec=10, tv_usec=0}) = 1 (in [4], left {tv_sec=9, tv_usec=96}) <0.54> read(4, "AUTH 40\nimap\nlogin\n...@dynapic.ne"..., 8192) = 48 <0.29> clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f62cbd2c9d0) = 4644 <0.000202> This leaks the filedescriptor for the client connection to the forked authProg process. If the authProg doesn't care about file descriptors (as the example Perl script), the client connection FD is open twice: opened by the process which accepted the connection, and open by the process which inherited the FD. After sending the auth results to the client, the authdaemon close()es the client connection. But this doesn't really close the connection, because it is held open by the forked authProg process. The client runs into a timeout. (reproducable using socat -t 5 - /run/courier/authdaemon/socket <...) All connections following that first one do not have this problem, as now the authProg is running already and doesn't the the new FDs created by accepting the new connections. Solution: Either fork the authProg *before* accepting the first connection. Or use CLOSE_ON_EXEC on the FD returned from accepting the connection. Workaround: The example script can use use POSIX; POSIX::close($_) for 3..1024; This workaround solved the problem for me, so I'd consider it as a proof. * What exactly did you do (or not do) that was effective (or ineffective)? Use 'authpipe' as the only module in the authmodulelist. Use the example Perl script as an authProg. systemctl restart courier-authdaemon socat -t5 - /run/courier/authdaemon/socket <<_ AUTH 35 imap login f...@example.com foobar _ * What was the outcome of this action? The first invocation after restarting the daemon leads to a timeout. Every following invocation succeeds. (Given there is only one daemon running, controlled via the daemons setting in authdaemonrc. * What outcome did you expect instead? I think, the bugfix is easy, using fcntl and setting CLOSE_ON_EXEC in authdaemon.c, just after accepting the connection. But as I do not have a good testing environment, I can't do any tests. And as the package seems to be orphaned, I'm not sure if it is worth the effort. I'll need to switch to dovecot, I'm afraid. -- System Information: Debian Release: 9.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.9 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages courier-authlib-pipe depends on: pn courier-authlib ii libc62.24-11+deb9u3 courier-authlib-pipe recommends no packages. courier-authlib-pipe suggests no packages.
Bug#900053: amanda-server: amstatus wrong display (fix included)
Great. Thank you for your effort. -- Heiko Schlittermann (unterwegs)
Bug#900053: amanda-server: amstatus wrong display (fix included)
Package: amanda-server Version: 1:3.3.9-5 Severity: minor Tags: patch Dear Maintainer, the output from amstatus contains a missing size unit and shows part of the source code instead. line 1420 of amstatus should be changed from printf "dumping to tape : %3d %20dsunit (%6.2f%%)\n", to printf "dumping to tape : %3d %20d$unit (%6.2f%%)\n", -- Heiko -- System Information: Debian Release: 9.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.9 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages amanda-server depends on: pn amanda-common ii bsd-mailx [mailx] 8.1.2-0.20160123cvs-4 ii libc6 2.24-11+deb9u3 ii libcurl3 7.52.1-5+deb9u6 ii libglib2.0-0 2.50.3-2 ii libncurses56.0+20161126-1+deb9u2 pn libreadline6 ii libssl1.1 1.1.0f-3+deb9u2 ii mailutils [mailx] 1:3.1.1-1 ii perl 5.24.1-3+deb9u3 amanda-server recommends no packages. Versions of packages amanda-server suggests: pn amanda-client ii cpio 2.11+dfsg-6 ii gnuplot5.0.5+dfsg1-6+deb9u1 pn perl5
Bug#883938: Bug #883938: linux-image-3.16.0-4-amd64: Kernel panic on boot after upgrading to debian 8.10 kernel 3.16.51
The provided work-around (setting numa=off) worked here. Do you need further information about the system in use? BTW: Thank you for the NUMA advice, it was about 21.00 CET when I started a search engine and found the bug entry and the suggested work-around, so, your advice came just in time. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 - signature.asc Description: PGP signature
Bug#866110: multipath-tools: mpathpersist segfaults. Newer version is available and fixed!
Package: multipath-tools Version: 0.6.4-5 Severity: grave Justification: renders package unusable Dear Maintainer, the mpathpersist command segfaults. I got it fixed, but discovered, that a similiar fix is already applied upstream. Git commit fef089a6610f94a847541069f3008a5708044015 in the upstream sources fixes this problem! I've added the above mentioned patch manually and installed the package as a NMU and it works. At least the segfaults are gone. I'm not sure if the tool is working properly though. -- Package-specific info: /etc/multipath.conf does not exist. -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.11.1 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages multipath-tools depends on: ii init-system-helpers 1.48 ii kpartx 0.6.4-5 ii libaio1 0.3.110-3 ii libc62.24-11+deb9u1 ii libdevmapper1.02.1 2:1.02.137-2 ii librados210.2.5-7.2 ii libreadline7 7.0-3 ii libsystemd0 232-25 ii libudev1 232-25 ii liburcu4 0.9.3-1 ii lsb-base 9.20161125 ii sg3-utils-udev 1.42-2 ii udev 232-25 multipath-tools recommends no packages. Versions of packages multipath-tools suggests: pn multipath-tools-boot -- no debconf information
Bug#866101: multipath-tools: build dependency on liburcu-dev and others are missing
Package: multipath-tools Version: 0.6.4-5 Severity: serious Justification: fails to build from source (but built successfully in the past) Dear Maintainer, `apt-source multipath-tools` installs a bunch of packages. But a subsequent `make` in the source directory fails, because urcu.h is mssing. Same for libdevmapper.h from libdevmapper-dev Same for libaio.h from libaio-dev readline/readline.h from mlibreadline-dev Please add these packages to the build dependencies -- Package-specific info: /etc/multipath.conf does not exist. -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.11.1 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages multipath-tools depends on: ii init-system-helpers 1.48 ii kpartx 0.6.4-5 ii libaio1 0.3.110-3 ii libc62.24-11+deb9u1 ii libdevmapper1.02.1 2:1.02.137-2 ii librados210.2.5-7.2 ii libreadline7 7.0-3 ii libsystemd0 232-25 ii libudev1 232-25 ii liburcu4 0.9.3-1 ii lsb-base 9.20161125 ii sg3-utils-udev 1.42-2 ii udev 232-25 multipath-tools recommends no packages. Versions of packages multipath-tools suggests: pn multipath-tools-boot -- no debconf information
Bug#859375: snap-confine: manpage of snap-confine is in the wrong section
Package: snap-confine Version: 2.21-2 Severity: minor Dear Maintainer, snap-confine is has a manual pager in chapter 5. As snap-confine is a tool/program, this man page should go to either chapter 8 (as I'd consider it as a an admin command) or chapter 1. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.11.0-rc2 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages snap-confine depends on: ii apparmor 2.11.0-3 ii libc62.24-9 ii libseccomp2 2.3.1-2.1 ii libudev1 232-19 snap-confine recommends no packages. snap-confine suggests no packages. -- no debconf information
Bug#857996: Please close. It's not a bug.
Hi, sorry for the confusing bugreport. The script, that gets executed is $HOME/perl5/perlbrew/etc/bashrc. The name of the script indicates that this is for *bash*, not *sh*. And, additionally, the script doesn't set variables only, it defines some functions, and thus belongs to .bashrc, as the manpage indicates. So, please close the bugreport. It's not a bug. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 - signature.asc Description: PGP signature
Bug#857996: perlbrew's initialization shell script doesn't work with /bin/sh
Package: perlbrew Version: 0.78-1 Severity: important Dear Maintainer, I'm using the current gnome desktop. It *seems*, that starting a XSession means running /etc/X11/Xsession, which is a /bin/sh script. It searches for the user's profile and sources it. My .profile contains . …/perlbrewrc. The perlbrewrc makes use of bashisms (e.g. the <<< input redirection operator.) I believe this can be fixed easily. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.11.0-rc2 (SMP w/4 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages perlbrew depends on: ii curl7.52.1-3 ii gcc 4:6.3.0-1 ii libc6-dev [libc-dev]2.24-9 ii libcapture-tiny-perl0.44-1 ii libcpan-perl-releases-perl 3.08-1 ii libdevel-patchperl-perl 1.46-1 ii liblocal-lib-perl 2.19-1 ii make4.1-9.1 ii perl5.24.1-1 ii wget1.18-4.1 Versions of packages perlbrew recommends: ii perl-doc 5.24.1-1 perlbrew suggests no packages. -- no debconf information
Bug#845569: exim4-daemon-heavy: Memory leak in callouts (fixed already in official Exim Git repo)
Hi, Andreas Metzler (Sa 31 Dez 2016 17:55:30 CET): > On 2016-11-24 "Heiko Schlittermann (HS12-RIPE)" wrote: > > Package: exim4-daemon-heavy > > Version: 4.84.2-2+deb8u1 > > Severity: important > > Tags: upstream patch > > > Dear Maintainer, > > > Current Exim versions have a memory leak when doing callouts via TLS > > connections. I can reproduce the problem and I've fixed it. > > > The fix is already pushed to the upstream repository of Exim (as I'm > > one of the Exim developers). > > > Commit ed62aae3051c9a713d35c8ae516fbd193d1401ba contains the fix. > [...] > > Hello Heiko, > > thanks for the report with fix (in the branch). > > Would you mind explaining why this is an important bug? Afaiu most exim > processes a short lived and I also would think that the respective > structure would not be huge. So at a glance I would have expected a > normal or even minor severity (... which would not be eligible for a > stable update.) You're right. Most Exim processes are short lived. The callout is done by the (just forked) receiving process, *not* by another subprocess. Thus, if there is a huge number of addresses to be checked by callouts, the memory leak hurts. I discovered the problem on a central mailhub. One of the sattelites is a mailing list server (mailman), sending via its local Exim instance to the central mailhub. The default configuration of Mailman and Exim caused a batch of about 4k recipient addresses with a single message. The receiving Exim on the mailhub tried to verify these 4k addresses via TLS callouts. After about 1k address approx 4G¹ RAM where exhausted and the receiving process crashed. Fortunately the callout results were stored in the callout cache and the next connection caused the first 1k addresses verified by the cache entries, but the 2nd 1k addresses caused the receiver to crash during callouts… After about the 4th attempt all addresses where verified and the mail went through. In the above setup the delay was a major desaster. In other cases you might have much less addresses to check, or much looser constraints about delivery time … But the leak is clearly a bug and the fix is easy. (Even there are possibilities to create work-arounds, on the sender's side, and on the receivers side. Because of the callout cache it was kind of self-healing, but with shorter cache times and longer retry intervals this wouldn't work anymore.) As one of the Exim developers I'd really like to see this bug fixed in Exim releases that are distributed as "stable". If you need help for backporting, I can assist you. ¹) I'm not sure about the real numbers, maybe it was 1.5k addresses and 8G RAM, but I think, you get the idea. (It was reproduceable.) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 - signature.asc Description: Digital signature
Bug#845569: Acknowledgement (exim4-daemon-heavy: Memory leak in callouts (fixed already in official Exim Git repo))
Debian Bug Tracking System (Do 24 Nov 2016 19:18:04 CET): > If you wish to submit further information on this problem, please > send it to 845...@bugs.debian.org. There is a typo in the version number. I've cherry-picked the bug and pushed the fix to the exim-4_86_2+fixes branch in the official Exim repositories. (containing ed62aae3051c9a713d35c8ae516fbd193d1401ba, as the second commmit, I mentioned there doesn't apply to 4.86.2) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 - signature.asc Description: Digital signature
Bug#845569: exim4-daemon-heavy: Memory leak in callouts (fixed already in official Exim Git repo)
Package: exim4-daemon-heavy Version: 4.84.2-2+deb8u1 Severity: important Tags: upstream patch Dear Maintainer, Current Exim versions have a memory leak when doing callouts via TLS connections. I can reproduce the problem and I've fixed it. The fix is already pushed to the upstream repository of Exim (as I'm one of the Exim developers). Commit ed62aae3051c9a713d35c8ae516fbd193d1401ba contains the fix. Commit f57231095d00c7875a2b028e07855f6374abd5cc may be useful as well, as it fixes a crash that may appear during debugging TLS connections. I'd be more than happy to update the exim-4_84_2+fixes branch in the official Exim repositories with this patch. -- Package-specific info: Exim version 4.84_2 #1 built 25-Jul-2016 18:59:39 Copyright (c) University of Cambridge, 1995 - 2014 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2014 Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013) Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM Old_Demime PRDR OCSP Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Fixed never_users: 0 Size of off_t: 8 Configuration file is /etc/exim4/exim4.conf -- System Information: Debian Release: 8.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.6.0-0.bpo.1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages exim4-daemon-heavy depends on: ii debconf [debconf-2.0] 1.5.56 ii exim4-base 4.84.2-2+deb8u1 ii libc6 2.19-18+deb8u6 ii libdb5.3 5.3.28-9 ii libgnutls-deb0-28 3.3.8-6+deb8u3 ii libldap-2.4-2 2.4.40+dfsg-1+deb8u2 ii libmysqlclient18 5.5.53-0+deb8u1 ii libpam0g 1.1.8-3.1+deb8u1+b1 ii libpcre3 2:8.35-3.3+deb8u4 ii libperl5.205.20.2-3+deb8u6 ii libpq5 9.4.9-0+deb8u1 ii libsasl2-2 2.1.26.dfsg1-13+deb8u1 ii libsqlite3-0 3.8.7.1-1+deb8u2 exim4-daemon-heavy recommends no packages. exim4-daemon-heavy suggests no packages. -- debconf information excluded
Bug#831049: gitolite3: Perl Warnings about uninitialized variables appear in the browser
Package: gitolite3 Version: 3.6.1-2+deb8u1 Severity: minor Tags: upstream Dear Maintainer, following the instructions for installing the http access to a gitolite3 installation, I see warnings about unitialized $soc in the /usr/share/gitolite3/gitolite-shell script. Around line 35 I put: # sanity... if (defined(my $soc = $ENV{SSH_ORIGINAL_COMMAND})) { $soc =~ s/[\n\r]+/<>/g; _die "I don't like newlines in the command: '$soc'\n" if $ENV{SSH_ORIGINAL_COMMAND} ne $soc; } instead of # sanity my $soc = $ENV{SSH_ORIGINAL_COMMAND}; $soc =~ s/[\n\r]+/<>/g; _die "I don't like newlines in the command: '$soc'\n" if $ENV{SSH_ORIGINAL_COMMAND} ne $soc; This supresses the warnings. -- System Information: Debian Release: 8.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages gitolite3 depends on: ii adduser 3.113+nmu3 ii debconf [debconf-2.0]1.5.56 ii git [git-core] 1:2.1.4-2.1+deb8u2 ii openssh-server [ssh-server] 1:6.7p1-5+deb8u2 ii perl 5.20.2-3+deb8u5 gitolite3 recommends no packages. Versions of packages gitolite3 suggests: pn git-daemon-run pn gitweb -- debconf information excluded
Bug#810523: libtemplate-perl: files with a timestamp @0 (1.1.1970, 00:00) are reported as "not found"
Package: libtemplate-perl Version: 2.24-1.2+b1 Severity: important Tags: upstream Dear Maintainer, If the template to be processed by command: /usr/bin/tpage, Perl: Template->process Template directive: PROCESS has a 'zero' timestamp (created by touch --date @0), the template engine complains about 'file not found'. You can reproduce this behaviour: touch --date @0 foo.tt tpage foo.tt vs. touch --date @1 foo.tt tpage foo.tt I'd consider this as a bug. -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libtemplate-perl depends on: ii libappconfig-perl 1.66-1 ii libc6 2.19-18+deb8u1 ii perl5.20.2-3+deb8u1 ii perl-base [perlapi-5.20.0] 5.20.2-3+deb8u1 libtemplate-perl recommends no packages. Versions of packages libtemplate-perl suggests: pn libtemplate-perl-doc pn libtemplate-plugin-gd-perl pn libtemplate-plugin-xml-perl -- no debconf information
Bug#805576: exim4-daemon-heavy: Please cherry pick: bd21a78 Fix transport-results pipe for multiple recipients combined with certs.
Package: exim4-daemon-heavy Version: 4.84-8 Severity: important Dear Maintainer, please include the bd21a78 Fix transport-results pipe for multiple recipients combined with certs. from the upstream source. Without this patch Exim runs into problems (frozen but yet delivered messages). Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 -
Bug#805556: ansible: The default(example?) config should not set the SSH port
Package: ansible Version: 1.7.2+dfsg-2 Severity: important Dear Maintainer, the default configuration in /etc/ansible/ansible.cfg sets the SSH port. If it's set there, it overrules the settings from .ssh/config. In case it's unset SSH uses port 22 anyway. Please consider to remove this setting (or disable this option by placing a comment character there.) in /etc/ansible/ansible.cfg Thank you. -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ansible depends on: ii python2.7.9-1 ii python-crypto 2.6.1-5+b2 ii python-httplib2 0.9+dfsg-2 ii python-jinja2 2.7.3-1 ii python-paramiko 1.15.1-1 ii python-pkg-resources 5.5.1-1 ii python-yaml 3.11-2 Versions of packages ansible recommends: pn python-selinux Versions of packages ansible suggests: pn ansible-doc ii sshpass 1.05-1 -- no debconf information Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 -
Bug#801346: dovecot-ldap: tls_* options ignored for URI schema ldaps:// [fix included]
Hi, Jaldhar H. Vyas (Fr 09 Okt 2015 05:46:44 CEST): > On Thu, 8 Oct 2015, Heiko Schlittermann (HS12-RIPE) wrote: … > > uri = ldap:// > > tls = yes > > tls_ = … > > > >works. But depending on the LDAP server this isn't an option. > > > > Thanks. I would like to get upstreams opinion before applying this. I tried to reach out via the dovecot ML, but until now there is no response. (But not much time passed yet …) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de -------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 - signature.asc Description: Digital signature
Bug#801346: dovecot-ldap: tls_* options ignored for URI schema ldaps:// [fix included]
Package: dovecot-ldap Severity: normal Tags: upstream patch Dear Maintainer, in dovecot-ldap.conf.ext: uri = ldaps:// # tls = tls_cert_file = tls_key_file = tls_ = … All these options are ignored if I use ldaps:// as the URI schema. Switching to tls=yes doesn't help, because it enables STARTTLS, but ldaps:// implies an already started SSL tunnel. uri = ldap:// tls = yes tls_ = … works. But depending on the LDAP server this isn't an option. Here a patch of grade 'works for me': --- dovecot-2.2.9/src/auth/db-ldap.c2013-11-24 14:37:39.0 +0100 +++ dovecot-2.2.9.hs12/src/auth/db-ldap.c 2015-10-08 21:24:47.051446465 +0200 @@ -1043,7 +1043,7 @@ static void db_ldap_set_tls_options(struct ldap_connection *conn) { - if (!conn->set.tls) + if (!(conn->set.tls || strncmp(conn->set.uris, "ldaps:", 6) == 0)) return; #ifdef OPENLDAP_TLS_OPTIONS Actually the system the bug appears is an Ubuntu 14.04 LTS, Dovecot 2.2.9, but I checked 2.2.13 from the Dovecot HG repository, the relevant parts of db-ldap.c doesn't seem to be changed. So I suppose, the bug is there still. Greetings from Dresden, -- Heiko -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- dovecot-2.2.9/src/auth/db-ldap.c 2013-11-24 14:37:39.0 +0100 +++ dovecot-2.2.9.hs12/src/auth/db-ldap.c 2015-10-08 21:24:47.051446465 +0200 @@ -1043,7 +1043,7 @@ static void db_ldap_set_tls_options(struct ldap_connection *conn) { - if (!conn->set.tls) + if (!(conn->set.tls || strncmp(conn->set.uris, "ldaps:", 6) == 0)) return; #ifdef OPENLDAP_TLS_OPTIONS
Bug#798957: editorconfig: Man page editorconfig(1) seems to be broken
Hong Xu (Di 15 Sep 2015 01:08:03 CEST): > > Maybe there can be done something more for the manpage generation, > > to generate manual pages that contain the usual man page > > structure: > > > > <...> > > > > > > I'm not sure, if doxygen is the right tool to generate such output > > directly from the source. But I'm not a doxygen expert at all. > > Unfortunately it's not easy to do it with doxygen. > > I've fixed the original issue in b1690a6ae6b0a188748bf6b87ba6d09edd4049e0 > or view this link: > > https://github.com/editorconfig/editorconfig-core-c/commit/b1690a6ae6b0a188748bf6b87ba6d09edd4049e0 Thank you. -- Heiko signature.asc Description: Digital signature
Bug#798957: editorconfig: Man page editorconfig(1) seems to be broken
Hi Hong, Hong Xu (Mo 14 Sep 2015 18:39:35 CEST): … > I'm the upstream author and thanks for your report. The man pages are > generated from Doxygen. I believe this issue is actually a Doxygen > issue: they should add some text like "foo(5)" when the @refer command > is used for man pages. If I add the text manually, it would be a mess > for html documentation generation. Maybe there can be done something more for the manpage generation, to generate manual pages that contain the usual man page structure: NAME editorconfig - editorconfig command line interface SYNOPSIS editorconfig [-f filename] [-b version] FILEPATH... editorconfig [-h|--help] editorconfig [-v|--version] DESCRIPTION editorconfig … OPTIONS -f specify an alternative config file path … SEE ALSO The format description for the .editorconfig file can be found in editorconfig-format(5). I'm not sure, if doxygen is the right tool to generate such output directly from the source. But I'm not a doxygen expert at all. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 - signature.asc Description: Digital signature
Bug#798958: editorconfig: man page editor-config-format in wrong section
Hi Hong, Hong Xu (Mo 14 Sep 2015 19:46:15 CEST): > I've just fixed this issue in upstream commit > da00b0e642d5c16bfd9679e57a0dacb2727b1f7a , or view the link below: > > https://github.com/editorconfig/editorconfig-core-c/commit/da00b0e642d5c16bfd9679e57a0dacb2727b1f7a Thank you for your very fast response and fix of that small issue. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 - signature.asc Description: Digital signature
Bug#798957: editorconfig: Man page editorconfig(1) seems to be broken
Package: editorconfig Version: 0.11.5-2 Severity: minor Dear Maintainer, the manpage editorconfig(1) ends with just the lines Related Pages EditorConfig File Format Probably there should be some text, e.g. Related Pages EditorConfig File Format: editorconfig-format(5) -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages editorconfig depends on: ii libc6 2.19-18+deb8u1 editorconfig recommends no packages. editorconfig suggests no packages. -- no debconf information
Bug#798958: editorconfig: man page editor-config-format in wrong section
Package: editorconfig Version: 0.11.5-2 Severity: minor Dear Maintainer, the manpage for editorconfig-fromat should go to the section 5 (file formats), I believe. -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages editorconfig depends on: ii libc6 2.19-18+deb8u1 editorconfig recommends no packages. editorconfig suggests no packages. -- no debconf information
Bug#773705: gnupg: gpg2 does not mention that option
Package: gnupg Version: 1.4.18-6 Followup-For: Bug #773705 Dear Maintainer, the reporter of the bug above said that gpg2 works with this option. This is not true, at least not for gnupg2 2.0.26-4. (But at least it does not mention this option in the man page.) OTOH having this option would be a great improvment! Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages gnupg depends on: ii gpgv 1.4.18-6 ii libbz2-1.01.0.6-7+b2 ii libc6 2.19-13 ii libreadline6 6.3-8+b3 ii libusb-0.1-4 2:0.1.12-25 ii zlib1g1:1.2.8.dfsg-2+b1 Versions of packages gnupg recommends: pn gnupg-curl ii libldap-2.4-2 2.4.40-3 Versions of packages gnupg suggests: pn gnupg-doc ii graphicsmagick-imagemagick-compat [imagemagick] 1.3.20-3 ii libpcsclite1 1.8.13-1 pn parcimonie -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#774683: /usr/sbin/dnssec-checkds: dnssec-checkds: wrong short help (typo)
Package: bind9utils Version: 1:9.9.5.dfsg-7 Severity: minor File: /usr/sbin/dnssec-checkds Tags: upstream Dear Maintainer, in the output from dnssec-checks is some small typo: --- usage: dnssec-checkds [-h] [-f MASTERFILE] [-l LOOKASIDE] [-d DIG] [-D DSFROMKEY] [-v] zone checkds: checks DS coverage positional arguments: zone zone to check optional arguments: -h, --helpshow this help message and exit -f MASTERFILE, --file MASTERFILE zone master file -l LOOKASIDE, --lookaside LOOKASIDE DLV lookaside zone -d DIG, --dig DIG path to 'dig' > -D DSFROMKEY, --dsfromkey DSFROMKEY > path to 'dig' -v, --version show program's version number and exit It seems like a cut'n'paste error and should read … path to 'dnsse-dsfromkey' -- System Information: Debian Release: 8.0 APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages bind9utils depends on: ii libbind9-901:9.9.5.dfsg-7 ii libc6 2.19-13 ii libcap21:2.24-6 ii libcomerr2 1.42.12-1 ii libdns100 1:9.9.5.dfsg-7 ii libgssapi-krb5-2 1.12.1+dfsg-16 ii libisc95 1:9.9.5.dfsg-7 ii libisccc90 1:9.9.5.dfsg-7 ii libisccfg901:9.9.5.dfsg-7 ii libk5crypto3 1.12.1+dfsg-16 ii libkrb5-3 1.12.1+dfsg-16 ii libpython2.7-stdlib [python-argparse] 2.7.8-11 ii libssl1.0.01.0.1j-1 ii libxml22.9.1+dfsg1-4 ii python 2.7.8-2 bind9utils recommends no packages. bind9utils suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#761654: dnsmasq: The AD flag is set in every cached answer.
Package: dnsmasq Version: 2.62-3+deb7u1 Severity: normal Tags: upstream Dear Maintainer, * What led up to the situation? Asking dnsmasq for a domain/hostname with the "AD" flag set results in a response with the AD flag, if the response comes from the cache. * What exactly did you do (or not do) that was effective (or ineffective)? ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> www.heise.de +adflag … ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5 ;; QUESTION SECTION: ;www.heise.de. IN A ;; ANSWER SECTION: www.heise.de. 3600IN A 193.99.144.85 … ;; Query time: 82 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Sep 15 14:56:46 2014 ;; MSG SIZE rcvd: 252 Now the same query, just some seconds later: ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> www.heise.de +adflag … ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.heise.de. IN A ;; ANSWER SECTION: www.heise.de. 3564IN A 193.99.144.85 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Sep 15 14:57:22 2014 ;; MSG SIZE rcvd: 46 The query time and the reduced TTL shows that the answer comes from the dnsmasq cache. The heise.de domain is not DNSSEC protected (no DS records exist. I would not expect the AD flag set in such case! Having the AD flag in such case may introduce a security hole. A local client could trust the flag … -- System Information: Debian Release: 7.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages dnsmasq depends on: ii adduser 3.113+nmu3 ii dnsmasq-base 2.62-3+deb7u1 ii netbase 5.0 dnsmasq recommends no packages. Versions of packages dnsmasq suggests: ii resolvconf 1.67 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#756040: tinyproxy fails to re-read the filter and doesn't tell about it
Package: tinyproxy Version: 1.8.3-3 Severity: normal Tags: patch upstream Dear Maintainer, The /etc/tinyproxy.filter was root:root and only 0600 - for some reason. Tinyproxy does the first read as root and had no problem. After reload (happened regularly because of logrotate) it can't read the filter and further operation suffered from an "empty" filter list. 1) tinyproxy should send an approbiate log message 2) tinyproxy should read the filter as the run-time-user, not as root, even on startup I did some fixup and some testing, it seems to work for me. -- System Information: Debian Release: 7.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages tinyproxy depends on: ii libc6 2.13-38+deb7u3 ii logrotate 3.8.1-4 tinyproxy recommends no packages. tinyproxy suggests no packages. -- Configuration Files: /etc/tinyproxy.conf changed [not included] -- no debconf information diff -ruN orig/child.c src/child.c --- orig/child.c 2014-07-25 16:29:35.0 +0200 +++ src/child.c 2014-07-25 18:15:24.649414207 +0200 @@ -35,6 +35,7 @@ #include "utils.h" #include "conf.h" +volatile int children; /* referenced from main.c */ static int listenfd; static socklen_t addrlen; @@ -201,6 +202,12 @@ ptr->connects = 0; srand(time(NULL)); +#ifdef FILTER_ENABLE +if (config.filter) +filter_init (); +#endif /* FILTER_ENABLE */ + + while (!config.quit) { ptr->status = T_WAITING; @@ -287,8 +294,10 @@ { pid_t pid; -if ((pid = fork ()) > 0) +if ((pid = fork ()) > 0) { + ++children; return pid; /* parent */ + } /* * Reset the SIGNALS so that the child can be reaped. @@ -443,10 +452,6 @@ */ reload_config (); -#ifdef FILTER_ENABLE -filter_reload (); -#endif /* FILTER_ENABLE */ - /* propagate filter reload to all children */ child_kill_children (SIGHUP); diff -ruN orig/filter.c src/filter.c --- orig/filter.c 2010-01-10 23:52:04.0 +0100 +++ src/filter.c 2014-07-25 18:10:42.307947332 +0200 @@ -61,7 +61,17 @@ fd = fopen (config.filter, "r"); if (!fd) { -return; + /* + char *msg; + asprintf(&msg, "Can't read the filter from %s: %s\n", + config.filter, strerror(errno)); + log_message(LOG_ERR, msg); + if (stderr) fputs(msg, stderr); + free(msg); + */ + log_message(LOG_ERR, "Can't read the filter from %s: %s", + config.filter, strerror(errno)); + exit(3); } p = NULL; diff -ruN orig/main.c src/main.c --- orig/main.c 2011-08-16 14:14:34.0 +0200 +++ src/main.c 2014-07-25 18:15:00.033280183 +0200 @@ -50,6 +50,7 @@ struct config_s config; struct config_s config_defaults; unsigned int received_sighup = FALSE; /* boolean */ +extern volatile int children; /* defined in child.c */ /* * Handle a signal @@ -70,7 +71,12 @@ break; case SIGCHLD: -while ((pid = waitpid (-1, &status, WNOHANG)) > 0) ; +while ((pid = waitpid (-1, &status, WNOHANG)) > 0) { + if (!--children) { + log_message(LOG_ERR, "No more children left. Shutting down."); + exit(2); + } + } break; } @@ -395,11 +401,6 @@ exit (EX_OSERR); } -#ifdef FILTER_ENABLE -if (config.filter) -filter_init (); -#endif /* FILTER_ENABLE */ - /* Start listening on the selected port. */ if (child_listening_sock (config.port) < 0) { fprintf (stderr, "%s: Could not create listening socket.\n", @@ -428,12 +429,6 @@ } } -if (child_pool_create () < 0) { -fprintf (stderr, - "%s: Could not create the pool of children.\n", - argv[0]); -exit (EX_SOFTWARE); -} /* These signals are only for the parent process. */ log_message (LOG_INFO, "Setting the various signals."); @@ -456,6 +451,13 @@ exit (EX_OSERR); } +if (child_pool_create () < 0) { +fprintf (stderr, + "%s: Could not create the pool of children.\n", + argv[0]); +exit (EX_SOFTWARE); +} + /* Start the main loop */ log_message (LOG_INFO, "Starting main loop. Accepting connections.");
Bug#734212: exim4-config: man page about exim4-config-files has wrong header
Package: exim4-config Version: 4.80-7 Severity: minor Dear Maintainer, the exim4-config_files(5) man page displays the wrong header: EXIM4_FILES(5), indeed it should display EXIM4-CONFIG_FILES, shouldn't it? -- Heiko -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#703564: dump: restore -t should acceppt a -0 option (output zero separated, instead of newline separated)
Package: dump Version: 0.4b44-1 Severity: wishlist Tags: patch upstream Hello, processing the output of restore -t (as amanda does) is much more reliable, if the file names of the listing would be zero terminated, instead of using a newline as terminator. (Newline can be part of the filename and if the filename continues with "leaf 4711 …" it's not easy to parse. I've written a small patch and it would be great if this patch would make it into debian and even the upstream. -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages dump depends on: ii e2fslibs 1.42.5-1 ii libblkid1 2.20.1-5.3 ii libc6 2.13-38 ii libcomerr21.42.5-1 ii libreadline6 6.2+dfsg-0.1 ii libselinux1 2.1.9-5 ii libtinfo5 5.9-10 ii libuuid1 2.20.1-5.3 ii tar 1.26+dfsg-0.1 dump recommends no packages. dump suggests no packages. -- no debconf information --- dump-0.4b44.orig/restore/main.c 2009-06-18 11:42:12.0 +0200 +++ dump-0.4b44/restore/main.c 2013-03-20 22:39:36.905605953 +0100 @@ -92,6 +92,7 @@ int aflag = 0, bflag = 0, cvtflag = 0, dflag = 0, vflag = 0, yflag = 0; int hflag = 1, mflag = 1, Mflag = 0, Nflag = 0, Vflag = 0, zflag = 0; int uflag = 0, lflag = 0, Lflag = 0, oflag = 0; +int nullflag = 0; /* \0 terminated file names */ int ufs2flag = 0; char *Afile = NULL; int dokerberos = 0; @@ -198,7 +199,7 @@ #ifdef USE_QFA "P:Q:" #endif - "Rrs:tT:uvVxX:y")) != -1) + "Rrs:tT:uvVxX:y0")) != -1) switch(ch) { case 'a': aflag = 1; @@ -343,6 +344,9 @@ case 'y': yflag = 1; break; + case '0': + nullflag = 1; + break; default: usage(); } --- dump-0.4b44.orig/restore/restore.8.in 2009-06-18 11:42:12.0 +0200 +++ dump-0.4b44/restore/restore.8.in 2013-03-20 22:44:45.511062849 +0100 @@ -79,7 +79,7 @@ [\fB\-T \fIdirectory\fR] .PP .B restore \-t -[\fB\-cdhHklMNuvVy\fR] +[\fB\-cdhHklMNuvV0y\fR] [\fB\-A \fIfile\fR] [\fB\-b \fIblocksize\fR] [\fB\-f \fIfile\fR] @@ -264,6 +264,10 @@ program. See also the .B \-X option below. +If the +.B \-0 +flag is used, the output is not line separated anymore, but the NULL +byte is used as separator. .TP .B \-x The named files are read from the given media. If a named file matches a @@ -523,6 +527,12 @@ (verbose) flag causes it to type the name of each file it treats preceded by its file type. .TP +.B \-0 +(zero terminated) flag causes the output lines to be zero terminated, +not line feed terminated. This flag is recognized for +.B \-t +(listing) only. +.TP .B \-V Enables reading multi-volume non-tape mediums like CDROMs. .TP --- dump-0.4b44.orig/restore/restore.c 2010-12-06 15:26:50.0 +0100 +++ dump-0.4b44/restore/restore.c 2013-03-20 22:33:44.463922398 +0100 @@ -100,9 +100,12 @@ fprintf(stdout, "%10lu\t%ld\t%lld\t%s\n", (unsigned long)ino, tnum, tpos, name); } - else + else { #endif - fprintf(stdout, "%10lu\t%s\n", (unsigned long)ino, name); + fprintf(stdout, "%10lu\t%s", (unsigned long)ino, name); + if (nullflag) putchar('\0'); + else putchar('\n'); + } return (descend); } --- dump-0.4b44.orig/restore/restore.h 2007-02-22 21:12:50.0 +0100 +++ dump-0.4b44/restore/restore.h 2013-03-20 22:36:16.976654545 +0100 @@ -64,6 +64,7 @@ extern int vflag; /* print out actions taken */ extern int yflag; /* always try to recover from tape errors */ extern int zflag; /* tape is in compressed format */ +extern int nullflag; /* \0 separated output in t mode */ extern int ufs2flag; /* tape is a FreeBSD UFS2 dump */ extern char* bot_script; /* beginning of tape script */ /*
Bug#697762: cpu should use ldappasswd instead of modifying the password directly
Package: cpu Version: 1.4.3-11.2 Severity: important Tags: upstream "cpu usermod -p …" offers the set a new password for the user. But cpu can't know how the LDAP server wants to store the password in the userPassword attribute. Depending on the password-hash slapd config option it may choose to use MD5, …, and even cleartext. cpu does not obey this setting. This breaks applications that use LDAP authentication with challenge response methods. IMHO cpu should use "ldappasswd" or a similiar API call to set the password. -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#697761: cpu useradd should rollback if ADD_SCRIPT fails
Package: cpu Version: 1.4.3-11.2 Severity: wishlist Tags: upstream cpu allows an "ADD_SCRIPT" setting. IMHO cpu should rollback the useradd operation in case of a failure running the ADD_SCRIPT. -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#693995: libpam-modules: behaviour or man page should be fixed
Package: libpam-modules Version: 1.1.3-7.1 Followup-For: Bug #693995 The bug still exists in 1.1.3-7.1. IMHO it should be easy to fix the manual page. Probably even the other way round - fixing the module, should not hurt too much :) The manpage states the user_readenv has a default value 'on'. But pam_env reads the ~/.pam_environment only if I explicitly set the option to 1. -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libpam-modules depends on: ii debconf [debconf-2.0] 1.5.48 ii libc6 2.13-37 ii libdb5.1 5.1.29-5 ii libpam-modules-bin 1.1.3-7.1 ii libpam0g 1.1.3-7.1 ii libselinux12.1.9-5 libpam-modules recommends no packages. libpam-modules suggests no packages. -- debconf information: libpam-modules/disable-screensaver: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#691237: libassuan0: fixed ASSUAN_LINELENGTH for 4096bit encryption keys (Patch included)
Eric Dorland (Fr 04 Jan 2013 08:05:32 CET): > Control: tags -1 fixed-upstream … > > Is there still time to do get a new release into Wheezy? > > Unfortunately it's been too late for Wheezy for a while. But if anyone > feels strongly they can appeal to the release managers that this > should be included. :-( But thank you for the effort. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: 7CBF764A - gnupg fingerprint: 9288 F17D BBF9 9625 5ABC 285C 26A9 687E 7CBF 764A - (gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B)- signature.asc Description: Digital signature
Bug#691237: libassuan0: fixed ASSUAN_LINELENGTH for 4096bit encryption keys (Patch included)
Hello, Werner Koch (Mi 07 Nov 2012 09:24:54 CET): > On Tue, 6 Nov 2012 22:50, h...@schlittermann.de said: > > > Before I started exploring how to run full tests … what is the supposed > > procedure? > Ah, I thought there is some more extensive testing procedure. > > I just built the stable-2-0 branch and installed it (-> > > /usr/local/stow/gpg -> /usr/local/) > Modulo the problems with the "dir" file, I suppose ;-) Yes, but it's resolvable using rm :) > > I'm able to decrypt a message crypted with my 4096bit key. > Great. Thus I consider this bug resolved. Agreed. > Is there still time to do get a new release into Wheezy? This I can't answer, it depends on Yves-Alexis, I think. > > The master branch I didn't test yet. I'll give you a notice as soon as I > > did. > > There are still card related issues in master. Thus I don't consider > this test very important. Meanwhile I gave it a try, but wasn't successful. Could be because of some interferences with the installed 2.0, or some scdaemon was still running, or because it just didn't work. So I'll stop investing time into the master branch? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: 7CBF764A - gnupg fingerprint: 9288 F17D BBF9 9625 5ABC 285C 26A9 687E 7CBF 764A - (gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B)- signature.asc Description: Digital signature
Bug#691237: libassuan0: fixed ASSUAN_LINELENGTH for 4096bit encryption keys (Patch included)
Hello Werner, Werner Koch (Di 06 Nov 2012 15:01:42 CET): > Hi, > > I just pushed fixes to master and stable 2.0. > > Allow decryption with card keys > 3072 bit > > * scd/command.c (MAXLEN_SETDATA): New. > (cmd_setdata): Add option --append. > * g10/call-agent.c (agent_scd_pkdecrypt): Use new option for long data > > * scd/app-openpgp.c (struct app_local_s): Add field manufacturer. > (app_select_openpgp): Store manufacturer. > (do_decipher): Print a note for broken cards. > > -- > > Please note that I was not able to run a full test because I only have > broken cards (S/N < 346) available. Before I started exploring how to run full tests … what is the supposed procedure? I just built the stable-2-0 branch and installed it (-> /usr/local/stow/gpg -> /usr/local/) It seems to work, as soon as the complete gpg2-"toolchain" is in-place. (I do not understand, why the Debian X11/Xsession.d/90gpg-agent has "/usr/bin/gpg-agend" hard-wired.) I'm able to decrypt a message crypted with my 4096bit key. > Please let me know if that works for you. Given that the last 2.0 > release is more than 6 months old and we fixed a couple of bugs in the > meantime, I may do a new release if this thing works for you. So, no further tests, just "it works for me" :) The master branch I didn't test yet. I'll give you a notice as soon as I did. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: 7CBF764A - gnupg fingerprint: 9288 F17D BBF9 9625 5ABC 285C 26A9 687E 7CBF 764A - (gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B)- signature.asc Description: Digital signature
Bug#691237: libassuan0: fixed ASSUAN_LINELENGTH for 4096bit encryption keys (Patch included)
Hi, thank you for responding :) Yves-Alexis Perez (Mo 05 Nov 2012 18:45:00 CET): > On mar., 2012-10-23 at 13:12 +0200, Heiko Schlittermann wrote: > > Package: libassuan0 > > Version: 2.0.3-1 > > Severity: important > > Tags: upstream patch > > > > I used a 4096bit key for encryption (using the GnuPG crypto-stick). > > Encryption worked, but decryption didn't work (gpg2 didn't find > > the secret key.) > > > > gpg2 uses libassuan to talk to some daemons/agents. > > gpg (1.x) worked, but only if there was no gnupg-agent running. > > > > Patch: > >http://lists.gnupg.org/pipermail/gnupg-users/2012-June/044868.html > > > > I applied this patch and re-built libassuan0-* and gnupg2. This > > seems to fix the issue. > > The patch is wrong, according to > http://lists.gnupg.org/pipermail/gnupg-devel/2009-October/025412.html According to this above message, my crypt-stick should not expose this bug (SN:113A). But it does. > A better patch was once sent to the same mailing list the following > month: > http://lists.gnupg.org/pipermail/gnupg-devel/2009-November/025421.html > by Klaus Flittner (on CC:). > > This was never applied because of the lack of copyright assignment. > > Imho this is a simple bugfix which is not even copyrightable, but IANAL. > I've ported the patch to the current gnupg 2.0.19 in Wheezy and sid > (it's attached). Ok, I'll test it here. But it will not happen sooner than thursday. > I intend to (re)submit it to upstream but it won't work on 2.1 / git > HEAD right now and I lack the time to properly port it right now. > > I think it'd still be nice to push it to gnupg in Debian so we can use > 4096 encryption with smartcard, although it might be worth having > upstream comment on the technical part before. Yep. I'm not able to decide, if the suggested protocol change breakes other applications. As the line length extension broke gpa for me. I think, here recompilation would have been sufficient, but I didn't test it. -- Heiko signature.asc Description: Digital signature
Bug#692360: extractMemberWithoutPaths: wrong manpage or wrong behaviour
Package: libarchive-zip-perl Version: 1.30-6 Severity: normal Tags: upstream The manpage of Archive::Zip states: extractMemberWithoutPaths( $memberOrName [, $extractedName ] ) Extract the given member, or match its name and extract it. Does not use path information (extracts into the current directory). Returns undef if member doesn't exist in this Zip. If optional second arg is given, use it as the name of the extracted member (its paths will be deleted too). Otherwise, the internal filename of the member (minus paths) is used as the name of the extracted file or directory. Returns "AZ_OK" on success. It's not true. If you pass a pathname as the second argument - the leading directories(!) are created (should be noted in the man page, as from my POV it's not common in the unix world.) - the pathname is used as the name for the extracted file The man page states, that paths will be removed too from the second argument. I'm not sure how to solve the problem. It could be fixed easily around line 202ff in Archive/Zip/Archive.pm, but I'd be afraid that this could break existing applications (at least mine ☺) Here is some code to reproduce the behaviour: #! /usr/bin/perl use 5.010; use strict; use warnings; use Archive::Zip; my $DIR = "/tmp/$$.d/Xtract/"; my $zipfile = shift // die "need name of zip file\n"; my $zip = new Archive::Zip $zipfile or die "Archive::Zip $zipfile: $!\n"; foreach my $member ($zip->members) { say $member->fileName; $zip->extractMemberWithoutPaths($member, "$DIR/$name"); } system "find $DIR/ -ls"; -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.5-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libarchive-zip-perl depends on: ii perl [libcompress-raw-zlib-perl] 5.14.2-14 libarchive-zip-perl recommends no packages. libarchive-zip-perl suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#691237: libassuan0: fixed ASSUAN_LINELENGTH for 4096bit encryption keys (Patch included)
Package: libassuan0 Version: 2.0.3-1 Severity: important Tags: upstream patch I used a 4096bit key for encryption (using the GnuPG crypto-stick). Encryption worked, but decryption didn't work (gpg2 didn't find the secret key.) gpg2 uses libassuan to talk to some daemons/agents. gpg (1.x) worked, but only if there was no gnupg-agent running. Patch: http://lists.gnupg.org/pipermail/gnupg-users/2012-June/044868.html I applied this patch and re-built libassuan0-* and gnupg2. This seems to fix the issue. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.5-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libassuan0 depends on: ii libc6 2.13-35 ii libgpg-error0 1.10-3.1 ii multiarch-support 2.13-35 libassuan0 recommends no packages. libassuan0 suggests no packages. -- no debconf information --- a/src/assuan.h.in +++ b/src/assuan.h.in @@ -67,7 +67,8 @@ #endif -#define ASSUAN_LINELENGTH 1002 /* 1000 + [CR,]LF */ +/* see: http://lists.gnupg.org/pipermail/gnupg-users/2012-June/044868.html */ +#define ASSUAN_LINELENGTH 1076 /* 1074 + [CR,]LF */ struct assuan_context_s; typedef struct assuan_context_s *assuan_context_t;
Bug#685981: manpages: manpage for motd.tail mentions wrong boot script
Package: manpages Version: 3.27-1 Severity: normal The manpage for motd.tail mentions bootmisc.sh, which is in charge of building the /etc/motd from the motd.tail template. It's not true anymore. On my recent system /etc/init.d/bootlogs is responsible for creating the /etc/motd from the template (motd.tail). -- System Information: Debian Release: 6.0.5 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.4-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash manpages depends on no packages. manpages recommends no packages. Versions of packages manpages suggests: ii man-db [man-browser] 2.5.7-8on-line manual pager -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#679996: ferm: please accept hashlimit-srcmask option
Package: ferm Version: 2.0.7-1 Severity: normal Tags: upstream ipv6 The ip6tables hashlimit modulule understands some more options, notably hashlimit-srcmask. Please extend the ferm parser. A simple patch is attached. Thank you. -- System Information: Debian Release: 6.0.5 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.4-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ferm depends on: ii debconf1.5.36.1 Debian configuration management sy ii iptables 1.4.8-3 administration tools for packet fi ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii perl 5.10.1-17squeeze3 Larry Wall's Practical Extraction Versions of packages ferm recommends: ii libnet-dns-perl 0.66-2 Perform DNS queries from a Perl sc ferm suggests no packages. -- Configuration Files: /etc/default/ferm changed: FAST=yes CACHE=yes OPTIONS= ENABLED=yes /etc/ferm/ferm.conf [Errno 13] Permission denied: u'/etc/ferm/ferm.conf' -- debconf information: * ferm/enable: true --- /usr/sbin/ferm 2010-01-02 23:50:16.0 +0100 +++ /tmp/ferm 2012-07-02 22:56:47.024050871 +0200 @@ -245,7 +245,8 @@ add_match_def 'hl', qw(hl-eq! hl-lt=s hl-gt=s); add_match_def 'hashlimit', qw(hashlimit=s hashlimit-burst=s hashlimit-mode=s hashlimit-name=s), qw(hashlimit-htable-size=s hashlimit-htable-max=s), - qw(hashlimit-htable-expire=s hashlimit-htable-gcinterval=s); + qw(hashlimit-htable-expire=s hashlimit-htable-gcinterval=s), + qw(hashlimit-srcmask=s hashlimit-dstmask=s); add_match_def 'iprange', qw(!src-range !dst-range); add_match_def 'ipv4options', qw(ssrr*0 lsrr*0 no-srr*0 !rr*0 !ts*0 !ra*0 !any-opt*0); add_match_def 'ipv6header', qw(header!=c soft*0);
Bug#677374: gogoc does not stop radvd when started by gogoc
Package: gogoc Version: 1:1.2-2 Severity: important Tags: ipv6 upstream Hello, when having a gogoc configuration which aquires a subnet from freenet6, gogoc starts radvd to advertise the prefix on a local subnet. /etc/init.d/gogoc stop however does not stop the radvd process, as one would expect, since gogoc started the radvd. -- System Information: Debian Release: 6.0.5 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.3.0-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gogoc depends on: ii iproute20100519-3networking and traffic control too ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib ii libgcc11:4.4.5-8 GCC support library ii libssl0.9.80.9.8o-4squeeze13 SSL shared libraries ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3 ii net-tools 1.60-23 The NET-3 networking toolkit Versions of packages gogoc recommends: ii radvd 1:1.6-1.1 Router Advertisement Daemon gogoc suggests no packages. -- Configuration Files: /etc/gogoc/gogoc.conf [Errno 13] Permission denied: u'/etc/gogoc/gogoc.conf' -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#661940: uboot-mkimage: typo in package description
Package: uboot-mkimage Version: 0.4 Severity: minor The package description should read '… kernel image …' instead of '… kerel image …'. -- System Information: Debian Release: 6.0.4 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-0.bpo.1-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#661195: fping: -q does not always quiet
Package: fping Version: 2.4b2-to-ipv6-16.1 Severity: normal Tags: upstream According to the man page, "-q" should suppress the output. It seems to work if not combined with "-c", but if I use "-c" the result looks as follows: $ fping -c1 -q 8.8.8.8 8.8.8.8 : xmt/rcv/%loss = 0/0/0% -- System Information: Debian Release: 6.0.4 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-0.bpo.1-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages fping depends on: ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib fping recommends no packages. fping suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#659973: boa: Example of logging to Pipe is wrong
Package: boa Version: 0.94.14rc21-3.1 Severity: normal The install configuration /etc/boa/boa.conf contains examples how to log to pipelines. #ErrorLog "|/usr/sbin/cronolog --symlink=/var/log/boa/error_log /var/log/boa/error-%Y%m%d.log" #AccessLog "|/usr/sbin/cronolog --symlink=/var/log/boa/access_log /var/log/boa/access-%Y%m%d.log" #CGILog "|/usr/sbin/cronolog --symlink=/var/log/boa/cgi_log /var/log/boa/cgi-%Y%m%d.log" The quotes a wrong there. With quotes boa complains about failure to open the log file(s). -- System Information: Debian Release: 6.0.4 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages boa depends on: ii dpkg 1.15.8.12 Debian package management system ii install-info 4.13a.dfsg.1-6 Manage installed documentation in ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib ii logrotate 3.7.8-6Log rotation utility ii mime-support 3.48-1 MIME files 'mime.types' & 'mailcap boa recommends no packages. boa suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#641538: closed by wer...@aloah-from-hell.de (policyd-weight: debug bug: using wrong function to calculate the issuing, group)
Hello, Debian Bug Tracking System (Sa 07 Jan 2012 12:12:27 CET): > This is an automatic notification regarding your Bug report > which was filed against the policyd-weight package: > > #641538: policyd-weight: debug bug: using wrong function to calculate the > issuing group > It has been closed by wer...@aloah-from-hell.de. I'd re-open the bug. > Hi, > > I'm closing this bug. The relevant part of policyd-weight is as follows: > > 651 if($CMD_DEBUG == 1) > 652 { > 653 $DEBUG = 1; > 654 $conf_str =~ s/\#.*?(\n)/$1/gs; > 655 $conf_str =~ s/\n+/\n/g; > 656 print "config: $conf\n".$conf_str."\n"; > 657 $SPATH .= ".debug"; > 658 > 659 # chose /tmp for debug pidfiles only if user is not root > 660 # if root would store debug pids also in /tmp we would be > 661 # open to race attacks > 662 if($< != 0) > 663 { > 664 $PIDFILE = "/tmp/policyd-weight.pid.debug"; > 665 } > 666 else > 667 { > 668 $PIDFILE .= ".debug"; > 669 } > 670 > 671 print "debug: using port ".++$TCP_PORT."\n"; > 672 print "debug: USER: $USER\n"; > 673 print "debug: GROUP: $GROUP\n"; > 674 print "debug: issuing user: ".getpwuid($<)."\n"; > 675 print "debug: issuing group: ".getpwuid($()."\n"; > 676 } > > As written in my previous message (I just forgot to close this Bug) it does > not > really matter if getpwuid() or getpwuid() is used. So I'll close this bug. Why doesn't it matter? It matters. The debug code should print the name of the issuing *group*. The correct function for mapping a group id into a group name is getgrgid() and not getpwuid(). Please change line 675 to use getgrgid(). It just does not matter, if the groupname:groupid and username:userid follow the same pattern, e.g. root:0. But this isn't always true. Here is the relevant part of my old bug report: > In line 676 the policyd calls getpwuid($() to calculate the > name of the issuing *group*, I'd say, it should be getgrgid($(). > > Mostly the bug doesn't matter, since the *name* of the user 0 > is the same as the name of the group 0. Please make Debian a better distribution ☺ -- Heiko signature.asc Description: Digital signature
Bug#652843: apache2.2-common: start script does not take care if /var/log/apache2 does not exist
Package: apache2.2-common Version: 2.2.16-6+squeeze4 Severity: important The apache init-script should take care to create /var/log/apache2 if it does not exist already. In some environments /var/log may be a ramdisk (as /var/run and /var/lock) and only the apache init scripts can know about the proper permissions and ownerships for the log directories. Or /var/log/* could be purged, and creating /var/log/apache2 would be just nice :-) -- Package-specific info: List of /etc/apache2/mods-enabled/*.load: alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex cgi deflate dir env mime negotiation reqtimeout setenvif status userdir -- System Information: Debian Release: 6.0.3 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apache2.2-common depends on: ii apache2-utils 2.2.16-6+squeeze4 utility programs for webservers ii apache2.2-bin 2.2.16-6+squeeze4 Apache HTTP Server common binary f ii libmagic1 5.04-5File type determination library us ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii mime-support 3.48-1MIME files 'mime.types' & 'mailcap ii perl 5.10.1-17squeeze2 Larry Wall's Practical Extraction ii procps 1:3.2.8-9 /proc file system utilities Versions of packages apache2.2-common recommends: ii ssl-cert 1.0.28 simple debconf wrapper for OpenSSL Versions of packages apache2.2-common suggests: pn apache2-doc(no description available) pn apache2-suexec | apa (no description available) ii google-chrome-stable 16.0.912.63-r113337 The web browser from Google ii iceweasel [www-brows 3.5.16-11 Web browser based on Firefox ii w3m [www-browser]0.5.2-9 WWW browsable pager with excellent Versions of packages apache2.2-common is related to: pn apache2-mpm-event (no description available) pn apache2-mpm-itk(no description available) pn apache2-mpm-prefork(no description available) pn apache2-mpm-worker (no description available) -- Configuration Files: /etc/apache2/mods-available/userdir.conf changed: UserDir public_html UserDir disabled root AllowOverride FileInfo AuthConfig Limit Indexes Options Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Order allow,deny Allow from all Order deny,allow Deny from all /etc/apache2/sites-available/default changed: ServerAdmin webmaster@localhost DocumentRoot /var/www Options FollowSymLinks AllowOverride None Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn #CustomLog "|/usr/local/sbin/ip-anon >> ${APACHE_LOG_DIR}/access.log" combined CustomLog ${APACHE_LOG_DIR}/access.log combined Alias /doc/ "/usr/share/doc/" Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#639802: Info received (Bug#639802: Acknowledgement (dupload: should upload the .changes file as the last file))
Hello, please close the bug, as I believe it does not exist in that form. It's an bug (or call it feature) of rsync to order the files list alphabetically. So it does not matter if or if not the files list contains the .changes file as the very last element. After short testing it seems the .changes file *is* the last file in the file list already. I'm not sure if this is coincedentally or not... If the order of files transferred matters, scp/scpb do the job I expect and transfer the files in the order they are listed. BTW: I fixed serveral cosmetical issues in the source. Are you interested in this changes? Thank you for your patience -- Heiko - the original author of dupload. signature.asc Description: Digital signature
Bug#620347: conf.d/" should really be "Include conf.d/*.conf"
Package: apache2.2-common Version: 2.2.16-6+squeeze3 Severity: normal The same problem arises with files managed by "ucf", which is a debian provided tool. (For cfengine manged files could be the excuse, that it's not nativly Debian…) I consider it a serious bug, since in a normal scenario the local admin may change a config under /etc/apache2/conf.d, the next package update may find it and place a new file as /etc/apache2/conf.d/xxx.ucf-new. It shouldn't be too hard to ask packages naming their files /etc/apache2/conf.d/xxx.conf AND changing apaches default config into include conf.d/*.conf Thank you. -- Package-specific info: List of enabled modules from 'apache2 -M': alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex cgi deflate dir env mime negotiation php5 reqtimeout setenvif status userdir List of enabled php5 extensions: pdo suhosin -- System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apache2.2-common depends on: ii apache2-utils 2.2.16-6+squeeze3 utility programs for webservers ii apache2.2-bin 2.2.16-6+squeeze3 Apache HTTP Server common binary f ii libmagic1 5.04-5File type determination library us ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii mime-support 3.48-1MIME files 'mime.types' & 'mailcap ii perl 5.10.1-17squeeze2 Larry Wall's Practical Extraction ii procps 1:3.2.8-9 /proc file system utilities Versions of packages apache2.2-common recommends: ii ssl-cert 1.0.28 simple debconf wrapper for OpenSSL Versions of packages apache2.2-common suggests: pn apache2-doc(no description available) pn apache2-suexec | apache2-suex (no description available) ii iceweasel [www-browser] 3.5.16-9 Web browser based on Firefox ii w3m [www-browser] 0.5.2-9WWW browsable pager with excellent Versions of packages apache2.2-common is related to: pn apache2-mpm-event (no description available) pn apache2-mpm-itk(no description available) ii apache2-mpm-prefork2.2.16-6+squeeze3 Apache HTTP Server - traditional n pn apache2-mpm-worker (no description available) -- Configuration Files: /etc/apache2/mods-available/userdir.conf changed [not included] /etc/apache2/sites-available/default changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#641544: policyd-weight: debug mode produces several warnings - fixed
Package: policyd-weight Version: 0.1.15.1-2 Severity: normal Tags: patch upstream When using the debug mode several warnings about uninitialized values are issued. It looks nasty. I've fixed it, hopefully in a sensible way. -- System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages policyd-weight depends on: ii adduser3.112+nmu2add and remove users and groups ii libnet-dns-perl0.66-2Perform DNS queries from a Perl sc ii libnet-ip-perl 1.25-2Perl extension for manipulating IP ii perl 5.10.1-17squeeze2 Larry Wall's Practical Extraction Versions of packages policyd-weight recommends: ii perl [libsys-syslog-pe 5.10.1-17squeeze2 Larry Wall's Practical Extraction policyd-weight suggests no packages. -- no debconf information diff -r 61fc719c8e48 policyd-weight --- a/policyd-weight Wed Sep 14 11:11:31 2011 +0200 +++ b/policyd-weight Wed Sep 14 11:50:48 2011 +0200 @@ -582,7 +582,7 @@ my $my_PTIME; my $my_TEMP_PTIME; -if(!($conf)) +if(not defined $conf) { if( -f "/etc/policyd-weight.conf") { @@ -605,7 +605,7 @@ my $conf_err; my $conf_str; our $old_mtime; -if($conf ne "") +if(defined $conf) { if(sprintf("%04o",(stat($conf))[2]) !~ /(7|6|3|2)$/) { @@ -652,8 +652,11 @@ if($CMD_DEBUG == 1) { $DEBUG = 1; -$conf_str =~ s/\#.*?(\n)/$1/gs; -$conf_str =~ s/\n+/\n/g; +if (defined $conf_str) { + $conf_str =~ s/\#.*?(\n)/$1/gs; + $conf_str =~ s/\n+/\n/g; +} +else { $conf_str = "" } print "config: $conf\n".$conf_str."\n"; $SPATH .= ".debug"; @@ -2379,7 +2382,7 @@ } ## HELO numeric check # -my $glob_numeric_score; +my $glob_numeric_score = 0; # check /1.2.3.4/ and /[1.2.3.4]/ if($helo =~ /^[\d|\[][\d\.]+[\d|\]]$/) { @@ -2798,7 +2801,7 @@ my $sender = shift(@_) || ''; my $domain = shift(@_) || ''; -$! = ''; +$! = undef; $@ = (); if( (!($csock)) || ($csock && (!($csock->connected))) ) { @@ -2919,7 +2922,7 @@ die $!; } -if(!( $( = getpwnam($USER) )) +if(!( $( = getgrnam($GROUP) )) { mylog(warning=>"cache: couldn't change GID to user $GROUP: $!"); } @@ -3790,7 +3793,7 @@ my $helo = shift; my $ip = shift; -if($$helo !~ /^\[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]$/ ) { return } +if($$helo !~ /^\[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]$/ ) { return 0 } my $tmp_helo_ip = $1; my $tmpip = inet_aton( $tmp_helo_ip );
Bug#641227: policyd-weight: Not only in testing!
Package: policyd-weight Version: 0.1.15.1-2 Severity: normal This bug exists not only in testing, already the version in stable has it and I think it should be fixed fast, as it prevents regular mail systems from working. Not every user/admin should be forced to provide an individual config file. -- System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages policyd-weight depends on: ii adduser3.112+nmu2add and remove users and groups ii libnet-dns-perl0.66-2Perform DNS queries from a Perl sc ii libnet-ip-perl 1.25-2Perl extension for manipulating IP ii perl 5.10.1-17squeeze2 Larry Wall's Practical Extraction Versions of packages policyd-weight recommends: ii perl [libsys-syslog-pe 5.10.1-17squeeze2 Larry Wall's Practical Extraction policyd-weight suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#641539: policyd-weight: wrong ownership for socket (fix included)
Package: policyd-weight Version: 0.1.15.1-2 Severity: normal Tags: upstream The socket using to communicate with the cache is chown-ed to the wrong group, preventing successfull debug sessions talking to an already existing cache. (Probably even preventing non-debug session from talking to the existing cache too, but this I didn't check.) Around line 2922 2922 if(!( $( = getpwnam($USER) )) 2923 { 2924 mylog(warning=>"cache: couldn't change GID to user $GROUP: $!"); 2925 } 2926 create_lockpath('cache'); It should be 2922 if(!( $( = getgrnam($GROUP) )) As long as the UID of the used user (polw) is the same as the GID, this bug doesn't matter. But since the polw user gets created during package installation nobody can't gurantee the GID == UID. -- System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages policyd-weight depends on: ii adduser3.112+nmu2add and remove users and groups ii libnet-dns-perl0.66-2Perform DNS queries from a Perl sc ii libnet-ip-perl 1.25-2Perl extension for manipulating IP ii perl 5.10.1-17squeeze2 Larry Wall's Practical Extraction Versions of packages policyd-weight recommends: ii perl [libsys-syslog-pe 5.10.1-17squeeze2 Larry Wall's Practical Extraction policyd-weight suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#641538: policyd-weight: debug bug: using wrong function to calculate the issuing group
Package: policyd-weight Version: 0.1.15.1-2 Severity: normal Tags: upstream In line 676 the policyd calls getpwuid($() to calculate the name of the issuing *group*, I'd say, it should be getgrgid($(). Mostly the bug doesn't matter, since the *name* of the user 0 is the same as the name of the group 0. -- System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages policyd-weight depends on: ii adduser3.112+nmu2add and remove users and groups ii libnet-dns-perl0.66-2Perform DNS queries from a Perl sc ii libnet-ip-perl 1.25-2Perl extension for manipulating IP ii perl 5.10.1-17squeeze2 Larry Wall's Practical Extraction Versions of packages policyd-weight recommends: ii perl [libsys-syslog-pe 5.10.1-17squeeze2 Larry Wall's Practical Extraction policyd-weight suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#641529: /usr/sbin/alsactl: alsactl offers command "name", but it is deprecated and does not exist anymore
Package: alsa-utils Version: 1.0.23-3 Severity: normal File: /usr/sbin/alsactl Tags: upstream "alsactl -h" offers the available commands. It offers the command "name", as DEPRECATED. But this command is not only deprecated, it does not exist anymore. To probably it should not be offered at all. -- System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages alsa-utils depends on: ii libasound2 1.0.23-2.1 shared library for ALSA applicatio ii libc6 2.11.2-10Embedded GNU C Library: Shared lib ii libncursesw55.7+20100313-5 shared libraries for terminal hand ii linux-sound-base1.0.23+dfsg-2base package for ALSA and OSS soun ii lsb-base3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii module-init-tools 3.12-1 tools for managing Linux kernel mo ii udev164-3/dev/ and hotplug management daemo ii whiptail0.52.11-1Displays user-friendly dialog boxe Versions of packages alsa-utils recommends: ii alsa-base 1.0.23+dfsg-2 ALSA driver configuration files ii pciutils 1:3.1.7-6 Linux PCI Utilities alsa-utils suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#641527: policykit-1: man page for pkaction seems to confuse some option
Package: policykit-1 Version: 0.96-4 Severity: normal Tags: upstream The man page about pkaction states: DESCRIPTION … if called with --action-id then all actions are displayed. Otherwise the action action. If called without the --verbose option only the name of the action is shown. Otherwise details about the actions are shown. I'd say it should read: … if called without --action-id then all actions are displayed. Otherwise the action *action*. -- System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages policykit-1 depends on: ii consolekit 0.4.1-4 framework for defining and trackin ii dbus 1.2.24-4+squeeze1 simple interprocess messaging syst ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libeggdbus-1-0 0.6-1 D-Bus bindings for GObject ii libexpat1 2.0.1-7 XML parsing C library - runtime li ii libglib2.0-0 2.24.2-1 The GLib library of C routines ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l ii libpolkit-backend-1-0 0.96-4PolicyKit backend API ii libpolkit-gobject-1-0 0.96-4PolicyKit Authorization API policykit-1 recommends no packages. policykit-1 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#640492: rsync: should not reorder the file names on the command line
Hello Paul, thanks for the fast response … Paul Slootman (Mon Sep 5 12:30:09 2011): > severity 640492 normal > tags +wontfix > merge 640492 160982 > thanks > > On Mon 05 Sep 2011, Heiko Schlittermann wrote: > > > When I call > > > > rsync z a b c dest/ > > > > rsync re-orders die filelist and transfers in alphabetical order. > > This breaks some remote applications, in case they expect the files > > appearing in some specific order. (debian reprepro + inoticoming as one > > exampl). > > Filesystems don't guarantee that files will be written into the > directory in order of writing. I'd agree with you, as soon as rsync supports parallelity in sending the files. But as long as the sender and the receiver transfer files in a sequential order, I'd expect that these files appear in exactly that (timely) order in the destination. > Additionally, rsync first transfers to a > temp file and renames when done, so anything that is watching a > directory will see multiple events happening anyway. In our example, inoticoming waits for the advent(?) of a *.changes file, ignoring all other events. In case rsync uses a temp file, the appearance of the *.changes file is even atomical. (Rsync does not need to use temp file, --inplace modifies the destination file itself.) > > And I believe, this behaviour breaks that what a unix user would expect. > > I'm a unix user since 1984, and I've learnt to test things to understand > how they work :) Also rsync does work (more or less) on more than just > unix-like systems, so that's hardly an argument. Ok, thus you have about 6 years more unix exerience ☺. For me testing is not a good base for understanding, reading the docs should be the first part. (comes into my mind: at least this behaviour of rsync should be documented...) And I insist on calling this "unexpected". rsync does a great job in replacing {,s}cp, but both tools do *not* re-order the files. > In this case rsync orders the files to be sent as that is appropriate > for the algorithm that is used to update the destination. In this > special case that wouldn't strictly be necessary, but catering for such > special cases would make rsync slower for the vast majority of use > cases. I can't reply here, since I didn't check the source. I'd agree for all cases, where rsync gets passed wildcards (not talking about passing the wildcards to the invoking shell). > A simple workaround is of course to transfer the out of order files in > separate rsync runs. In your example: first do z, then do the rest. > As a workaround is trivially made, I cannot see how this could be This workaround causes one more prompting for the passphrase (in case no ssh-agend is used). > classified as an important bug; especially since this behaviour has been > around since the beginnings of rsync. Hence I'm changing the severity to > "normal". Additionally, it's basically the same issue as described in > bug report 160982 ("rsync alphabetizes files") , so I'm merging these > bug reports, and marking it wontfix: I cannot imagine that rsync will be > changed ever to not sort the file list. Sorry for not finding the similiar issues. And I'll contact the rsync mailing list, probably they can convince me about that. Should I file a bug report about a missing note in the manpage? Greetings from Dresden, -- Heiko signature.asc Description: Digital signature
Bug#640492: rsync: should not reorder the file names on the command line
Package: rsync Version: 3.0.7-2 Severity: important Tags: upstream When I call rsync z a b c dest/ rsync re-orders die filelist and transfers in alphabetical order. This breaks some remote applications, in case they expect the files appearing in some specific order. (debian reprepro + inoticoming as one exampl). And I believe, this behaviour breaks that what a unix user would expect. -- System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rsync depends on: ii base-files 6.0squeeze2 Debian base system miscellaneous f ii libacl1 2.2.49-4 Access control list shared library ii libc6 2.11.2-10Embedded GNU C Library: Shared lib ii libpopt01.16-1 lib for parsing cmdline parameters ii lsb-base3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip rsync recommends no packages. Versions of packages rsync suggests: ii openssh-client1:5.5p1-6 secure shell (SSH) client, for sec ii openssh-server1:5.5p1-6 secure shell (SSH) server, for sec -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#639802: Acknowledgement (dupload: should upload the .changes file as the last file)
Hello, my patch needs further tweeking, since rsync seems to order the filenames alphabetically, making my re-arrangement if the filelist (putting the .changes file last) useless. -- Heiko signature.asc Description: Digital signature
Bug#639802: dupload: should upload the .changes file as the last file
Package: dupload Version: 2.6.6 Severity: important Tags: upstream patch When uploading larger packages over a slow link to the combination of inoticoming/reprepro the reprepro the packages won't get imported. Why? Inoticoming seems to start reprepro as soon as the .changes file arrived (probably after a short timeout). For larger packages on slow links it may take several minutes until all files mentioned in the .changes file are uploaded. Moving the .changes file to the last position in the list of the upload queue should solve this problem. -- System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages dupload depends on: ii perl 5.10.1-17squeeze2 Larry Wall's Practical Extraction ii perl-modules [libnet-p 5.10.1-17squeeze2 Core Perl modules Versions of packages dupload recommends: ii openssh-client1:5.5p1-6 secure shell (SSH) client, for sec ii ssh 1:5.5p1-6 secure shell client and server (me Versions of packages dupload suggests: ii exim4-daemon-light [mail 4.72-6+squeeze2 lightweight Exim MTA (v4) daemon ii lintian 2.4.3 Debian package checker -- no debconf information --- /usr/bin/dupload2008-09-21 22:34:49.0 +0200 +++ /home/heiko/bin/dupload 2011-08-30 14:34:35.020116427 +0200 @@ -521,7 +521,7 @@ JOB: foreach (keys %files) { my $job = $_; - my @files = @{$files{$job}}; + my @files = sort { $a eq $b ? 0 : $a =~ /\.changes$/ ? 1 : -1 } @{$files{$job}}; my $mode; my $batchmode; my $allfiles;
Bug#626470: muttprint: does not honour the PAPERSIZE environment variable
Package: muttprint Version: 0.73-3 Severity: important Tags: upstream muttprint should honour the PAPERSIZE environment variable directly or indirectly by using `paperconf`. -- System Information: Debian Release: 6.0.1 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages muttprint depends on: ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii libtext-iconv-perl1.7-2 converts between character sets in ii perl 5.10.1-17 Larry Wall's Practical Extraction ii texlive-fonts-recommended 2009-11TeX Live: Recommended fonts ii texlive-latex-extra 2009-10TeX Live: LaTeX supplementary pack ii texlive-latex-recommended 2009-11TeX Live: LaTeX recommended packag Versions of packages muttprint recommends: ii bsd-mailx [mail-re 8.1.2-0.20100314cvs-1 simple mail user agent ii icedove [mail-read 3.0.11-1+squeeze1 mail/news client with RSS and inte ii libtimedate-perl 1.2000-1 collection of modules to manipulat ii mutt [mail-reader] 1.5.20-9+squeeze1 text-based mailreader supporting M Versions of packages muttprint suggests: pn compface (no description available) pn dialog (no description available) ii imagemagick 8:6.6.0.4-3 image manipulation programs pn muttprint-manual (no description available) pn ospics (no description available) ii psutils 1.17-27 A collection of PostScript documen pn slrn | news-reader (no description available) pn texlive-fonts-extra(no description available) -- debconf information: muttprint/moved_pics: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#622350: dump -W does not list ext4 file systems
Package: dump Version: 0.4b43-1 Severity: important Tags: upstream dump -W consults the /etc/mtab, and it checks the /var/lib/dumpdates. If the filesystem type in /etc/mtab is ext4, dump ignores it. (But nevertheless it can successfully dump such file system.) -- System Information: Debian Release: 6.0.1 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages dump depends on: ii e2fslibs 1.41.12-2 ext2/ext3/ext4 file system librari ii libblkid1 2.17.2-9 block device id library ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libcomerr21.41.12-2 common error description library ii libncurses5 5.7+20100313-5 shared libraries for terminal hand ii libreadline6 6.1-3 GNU readline and history libraries ii libselinux1 2.0.96-1 SELinux runtime shared libraries ii libuuid1 2.17.2-9 Universally Unique ID library ii tar 1.23-3 GNU version of the tar archiving u dump recommends no packages. dump suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#612826: libedit2: fix is easy!
Package: libedit2 Version: 2.11-20080614-2 Severity: normal The man page can be found in libedit-dev, but it should be in libedit2, I'd say it should be fixably without too much impact on other parts of the system. Please fix it. -- System Information: Debian Release: 6.0 APT prefers squeeze-updates APT policy: (500, 'squeeze-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libedit2 depends on: ii libbsd0 0.2.0-1utility functions from BSD systems ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libncurses5 5.7+20100313-5 shared libraries for terminal hand libedit2 recommends no packages. libedit2 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#572075: apache2-common: standard apache2.conf is insecure with respect to Satisfy any
Package: apache2.2-common Version: 2.2.9-10+lenny6 Severity: important Tags: patch The apache2.conf contains Order allow,deny Deny from all If in some other part of the configuration file (e.g. inside some virtual host configuration) the AuthType, ... Required ... directives *and* "Satisfy any" is used, it seems to apply to the above mentioned ... too. Thus *any* authenticated user may access the .ht* files. I consider this as a serious security issue. Adding "Satisfy all" to the above block would solve this and should not harm otherwise. -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#323807: vsftpd: It is reproducable (64bit issue?)
Package: vsftpd Version: 2.0.7-1 Followup-For: Bug #323807 Hello, even Daniel closed the but in October 2009 - it seems still to be there. Using the use_sendfile=NO option worked at least for me. The underaying file system is an „usual“ ext3 on LVM on MDADM. -- (system information removed, because it didn't happen on *this* system) signature.asc Description: Digital signature
Bug#555466: samba-common: wrong example on add machine script in the smb.conf(5)
Package: samba-common Version: 2:3.2.5-4lenny7 Severity: minor The smb.conf(5) man page shows a wrong example line for the add machine script. The examples does not work and differs from the example listed in the sample smb.conf. -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages samba-common depends on: ii debconf [debcon 1.5.24 Debian configuration management sy ii libc6 2.7-18 GNU C Library: Shared libraries ii libcomerr2 1.41.3-1 common error description library ii libkrb531.6.dfsg.4~beta1-5lenny1 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries ii libncurses5 5.7+20081213-1 shared libraries for terminal hand ii libpam-modules 1.0.1-5+lenny1 Pluggable Authentication Modules f ii libpopt01.14-4 lib for parsing cmdline parameters ii libreadline55.2-3.1 GNU readline and history libraries ii libtalloc1 1.2.0~git20080616-1 hierarchical pool based memory all ii libuuid11.41.3-1 universally unique id library ii libwbclient02:3.2.5-4lenny7 client library for interfacing wit ii ucf 3.0016 Update Configuration File: preserv samba-common recommends no packages. samba-common suggests no packages. -- debconf information: samba-common/encrypt_passwords: true * samba-common/dhcp: true * samba-common/workgroup: WORKGROUP samba-common/do_debconf: true signature.asc Description: Digital signature
Bug#512734: qrfcview: fix for bug #512734 (limited search)
Package: qrfcview Version: 0.62-5 Followup-For: Bug #512734 Hello, the bug described can be fixed quite easy: src/mainwindow.cpp, line 126 contains the upper limit of 5000 for the RFC number. At least this limit could be extended so somewhat higher number. Until qrfcview is capable of fetching the maximum allowed number by itself. -- System Information: Debian Release: 5.0.2 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages qrfcview depends on: ii libc62.7-18 GNU C Library: Shared libraries ii libgcc1 1:4.3.2-1.1 GCC support library ii libqt4-gui 4.4.3-1 transitional package for Qt 4 GUI ii libqt4-network 4.4.3-1 Qt 4 network module ii libqtcore4 4.4.3-1 Qt 4 core module ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3 qrfcview recommends no packages. Versions of packages qrfcview suggests: pn doc-rfc(no description available) -- no debconf information signature.asc Description: Digital signature
Bug#539279: dovecot-common: rc-script looks for /etc/inetd.conf - but this file does not exist
Package: dovecot-common Version: 1:1.0.15-2.3 Severity: normal The rc script of dovecot (installed as part of dovecot-common) want's to check the /etc/inetd.conf. But this file does not have to exist. The script doesn't stop, but it issues a message, looking like an error message. -- System Information: Debian Release: 5.0.2 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash signature.asc Description: Digital signature
Bug#524045: havp: the daemon doesn't release/reopens the logfiles on "reload"
Package: havp Version: 0.89-1 Severity: important The postrotate script (using /etc/init.d/havp reload) does not trigger havp to release and reopen the log (access/error). Doing a ``killall -HUP havp'' seems(!) to trigger one(!) process to reopen the access/error.log. -- System Information: Debian Release: 5.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash signature.asc Description: Digital signature
Bug#520822: mercurial: ``hg strip --help'' offers a "-f" option, but option does not exist
Package: mercurial Version: 1.0.1-5.1 Severity: minor As stated in the subject. | hg strip [-f] [-b] [-n] REV | | strip a revision and all later revs on the same branch | | options: | |-b --backupbundle unrelated changesets |-n --nobackup no backups | | use "hg -v help strip" to show global options But if I try to use ``hg strip -f 497'', it shows the help page again (probably indicating a usage error). Or - "-f" is poorly documented and should be used in some other way than I did (I supposed it to be something like "force"). In hgext/mq.py:2378 I found the code for showing the "-f". -- System Information: Debian Release: 5.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages mercurial depends on: ii libc6 2.7-18 GNU C Library: Shared libraries ii mercurial-common 1.0.1-5.1 Scalable distributed version contr ii python2.5.2-3An interactive high-level object-o ii python-support0.8.4 automated rebuilding support for P ii ucf 3.0016 Update Configuration File: preserv Versions of packages mercurial recommends: ii python-beaker 0.9.5-1Simple WSGI middleware that uses t ii rcs 5.7-23 The GNU Revision Control System Versions of packages mercurial suggests: pn python-elementtree (no description available) pn python-mysqldb (no description available) pn python-pygments(no description available) ii python-subversion 1.5.1dfsg1-2 Python bindings for Subversion pn qct(no description available) ii tk8.4 [wish] 8.4.19-2 Tk toolkit for Tcl and X11, v8.4 - ii vim 1:7.1.314-3+lenny2 Vi IMproved - enhanced vi editor ii vim-gnome [vim] 1:7.1.314-3+lenny2 Vi IMproved - enhanced vi editor - -- no debconf information signature.asc Description: Digital signature
Bug#520565: when started twice, apt-cacher-ng can't be stopped via init-script
Package: apt-cacher-ng Version: 0.2.2-2 Severity: important Hello, starting apt-cacher-ng a second time (heartbeat may do this, or a local admin by accident), it removes the $RUNDIR, thus not being able to stop apt-cacher-ng later. The 2nd attempt fails of course (port is in use). A simple fix should help: do_start() { if { kill -0 `cat $PIDFILE` && fuser $SOCKETFILE; } &>/dev/null; then echo "$DESC already running" exit 0 fi ... } I used "&&" to make sure we're checking the apt-cacher-ng and not some other process using the PID for coincidence. -- System Information: Debian Release: 5.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages apt-cacher-ng depends on: ii adduser3.110 add and remove users and groups ii libbz2-1.0 1.0.5-1 high-quality block-sorting file co ii libc6 2.7-18GNU C Library: Shared libraries ii libfuse2 2.7.4-1.1 Filesystem in USErspace library ii libgcc11:4.3.2-1.1 GCC support library ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3 ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime apt-cacher-ng recommends no packages. apt-cacher-ng suggests no packages. -- no debconf information signature.asc Description: Digital signature
Bug#515576: missing PATH in /etc/resolvconf/update-libc.d/squid
Package: squid Version: 2.7.STABLE3-4.1 Followup-For: Bug #515576 As in the subject, adding PATH=/usr/sbin:/sbin:/usr/bin:/bin at the beginning of the script should fix the problem. -- System Information: Debian Release: 5.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages squid depends on: ii adduser 3.110 add and remove users and groups ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy ii libc6 2.7-18 GNU C Library: Shared libraries ii libcomerr21.41.3-1 common error description library ii libdb4.6 4.6.21-11 Berkeley v4.6 Database Libraries [ ii libkrb53 1.6.dfsg.4~beta1-5 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries ii libpam0g 1.0.1-5Pluggable Authentication Modules l ii logrotate 3.7.1-5Log rotation utility ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip ii netbase 4.34 Basic TCP/IP networking system ii squid-common 2.7.STABLE3-4.1Internet object cache (WWW proxy c squid recommends no packages. Versions of packages squid suggests: pn logcheck-database (no description available) ii resolvconf1.42 name server information handler ii smbclient 2:3.2.5-4 a LanManager-like simple client fo pn squid-cgi (no description available) pn squidclient(no description available) pn winbind(no description available) -- debconf information: squid/fix_cachedir_perms: false squid/fix_lines: true -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#511410: ITP: dma -- the DragonFly Mail Agent, a lightweight MTA
Hello Peter, Peter Pentchev (Sa 10 Jan 2009 16:57:10 CET): > Package: wnpp > Severity: wishlist .. > > dma is not intended as a replacement for real, big MTAs like sendmail(8) > or postfix(1). Consequently, dma does not listen on port 25 for incoming > connections. Please do not forget to mention Exim here, if you're talking about real big MTAs :) Best regards from Dresden (Germany) Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann HS12-RIPE - gnupg encrypted messages are welcome - key ID: 48D0359B --- gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B - signature.asc Description: Digital signature
Bug#506985: /etc/init.d/squid reload should really "reconfigure"
Package: squid Version: 2.7.STABLE3-1 Severity: important Hello, /etc/init.d/squid reload does not always work as expected. If I didn't change the config, but the environment of the box running squid (it's a laptop) changes, these changes are not picked up by squid. In my case the "cache_peer" lines contains the name "proxy" as hostname for the parent. @Home it resolves to some other address than in @office. The "reload" (signal 1) doesn't seem to initiate a re-evaluation of the config file. But if I use squid -k reconfigure it works as expected. So, I presume, the "/etc/init.d/squid reload" should map to "squid -k reconfigure", shouldn't it? Greetings from Dresden, Heiko Schlittermann -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.27.5.hs (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages squid depends on: ii adduser 3.110 add and remove users and groups ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy ii libc6 2.7-15 GNU C Library: Shared libraries ii libcomerr21.41.2-1 common error description library ii libdb4.6 4.6.21-11 Berkeley v4.6 Database Libraries [ ii libkrb53 1.6.dfsg.4~beta1-4 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries ii libpam0g 1.0.1-4Pluggable Authentication Modules l ii logrotate 3.7.1-5Log rotation utility ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip ii netbase 4.34 Basic TCP/IP networking system ii squid-common 2.7.STABLE3-1 Internet object cache (WWW proxy c squid recommends no packages. Versions of packages squid suggests: pn logcheck-database (no description available) pn resolvconf (no description available) ii smbclient 2:3.2.4-1 a LanManager-like simple client fo pn squid-cgi (no description available) ii squidclient3.0.STABLE8-1 A full featured Web Proxy cache (H pn winbind(no description available) -- debconf information: squid/fix_cachedir_perms: false * squid/largefiles_warning: squid/anonymize_headers: * squid-cgi/cachemgr: squid/old_version: false squid/http_anonymizer: squid/authenticate_program: squid/fix_lines: true -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#501833: httptunnel: hts can bind to an IP address, but it's not documented
Package: httptunnel Version: 3.3-3 Severity: minor The hts server can even bind to a specific address: the synopsis should be this way: hts [options] [:] And of course, this feature should be mentioned in the man page. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable'), (200, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.26.2.jumper Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages httptunnel depends on: ii libc6 2.7-13 GNU C Library: Shared libraries httptunnel recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#494886: cyrus-clients-2.2: pop3test doesn't follow RFC - can't test dovecot pop3-server
Package: cyrus-clients-2.2 Version: 2.2.13-10 Severity: important Tags: patch Hello, I think, I've found a bug in the imtest/pop3test utiltiy. It's not correctly checking the server respons. Let me explain some details: I used pop3test to check a dovecot pop3-server S: +OK Dovecot ready. C: CAPA S: +OK S: CAPA S: TOP S: UIDL S: RESP-CODES S: PIPELINING S: STLS S: USER S: SASL PLAIN S: . C: USER heiko S: +OK Authentication failed. generic failure Connection closed. Digging in the imtest.c I found (function auth_pop(void)) the following lines: 1867 printf("C: USER %s\r\n", username); 1868 prot_printf(pout,"USER %s\r\n", username); 1869 prot_flush(pout); 1870 1871 if (prot_fgets(str, 1024, pin) == NULL) { 1872 imtest_fatal("prot layer failure"); 1873 } 1874 1875 printf("S: %s", str); 1876 1877 if (strncasecmp(str, "+OK ", 4)) return IMTEST_FAIL; The issue is about the "+OK ". Note the trailing space there, and the check for 4 characters. Dovecot just sends "+OK\r\n", nothing else. There's no space following the "+OK". Reading RFC1939 (section 9): Note that with the exception of the STAT, LIST, and UIDL commands, the reply given by the POP3 server to any command is significant only to "+OK" and "-ERR". Any text occurring after this reply may be ignored by the client. So I'd guess the above test is wrong. (A similar test is done some lines later checking the response to the "PASS ..." command. And probably even more often. The fix should be just something like this (in vi): %s/+OK ", 4/+OK", 3/g in the imtest.c source. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.26.2.jumper Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages cyrus-clients-2.2 depends on: ii libc6 2.3.6.ds1-13etch7 GNU C Library: Shared libraries ii libdb4.2 4.2.52+dfsg-2 Berkeley v4.2 Database Libraries [ ii libsasl2-2 2.1.22.dfsg1-8Authentication abstraction library ii libssl0.9.80.9.8c-4etch3 SSL shared libraries cyrus-clients-2.2 recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#453309: logtail ignores the -o (offset file) option
Hello, Marc Haber <[EMAIL PROTECTED]> (Di 05 Feb 2008 22:55:16 CET): > On Tue, Feb 05, 2008 at 12:26:22PM +0100, Heiko Schlittermann wrote: > > Marc Haber <[EMAIL PROTECTED]> (Di 05 Feb 2008 11:46:15 CET): > > > On Wed, Nov 28, 2007 at 04:05:53PM +0100, Heiko Schlittermann wrote: > > > > The logtail utility fails in using some alternative offset file ... > > > .. as documented. I think last time I supposed it should work that way > > too: > > > > logtail -o # doesn't work (doesn't fit > > to manpage) > > That does not look like a bug to me then. Is the error message helpful? There was no error message. It just works as w/o "-o ". This I'd consider a bug at least. > > logtail# works (but doesn't fit to > > manpage) > > # but of course, no > > # alternative offset file > > That might be a historically sourced backwards compatibility, which is > not documented on purpose. > > I do not see a bug in the package, the documented call works fine. > Whether the documentation needs to be changed would be Martin's last > call, he will comment in due time. True, not the "binary" is buggy but the docs. But for this reason I still insist on seeing abug in logtail*deb ;) And - enhancing both - the docs and the "binary" shouldn't harm too much. And (at least from my POV) it gives more consistent behaviour of the logtail tool. -- Heiko signature.asc Description: Digital signature
Bug#453309: logtail ignores the -o (offset file) option
Marc Haber <[EMAIL PROTECTED]> (Di 05 Feb 2008 11:46:15 CET): > On Wed, Nov 28, 2007 at 04:05:53PM +0100, Heiko Schlittermann wrote: > > The logtail utility fails in using some alternative offset file > > (passed via the '-o' option). > > Please give an example how to reproduce the issue. Hm. I can't. It seems to work: logtail -f -o # works (according man page) .. as documented. I think last time I supposed it should work that way too: logtail -o # doesn't work (doesn't fit to manpage) logtail# works (but doesn't fit to manpage) # but of course, no # alternative offset file So there is some inconsistency between the tool and the manpage. Since I believe the last invocation is naturally, the last but one should work too, shouldn't it? The first invocation is the only valid (at least according to the man page) And according to the source following works too: logtail I'll attach 2 diffs, both seem(!) to work for me. But I didn't touch the man page so far. Best regards from Dresden Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann HS12-RIPE - gnupg encrypted messages are welcome - key ID: 48D0359B --- gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B - 32,42c32,34 < # try to detect plain logtail invocation without switches < if (!$opts{f} && $#ARGV != 0 && $#ARGV != 1) { <print STDERR "No logfile to read. Use -f [LOGFILE].\n"; <exit 66; < } elsif ($#ARGV == 0) { <$logfile = $ARGV[0]; < } elsif ($#ARGV == 1) { <($logfile, $offsetfile) = ($ARGV[0], $ARGV[1]); < } else { <($logfile, $offsetfile) = ($opts{f}, $opts{o}); < } --- > ($logfile, $offsetfile) = @ARGV; > $logfile = $opts{f} if defined $opts{f}; > $offsetfile = $opts{o} if defined $opts{o}; 40,41d39 < } else { <($logfile, $offsetfile) = ($opts{f}, $opts{o}); 42a41,42 > $logfile = $opts{f} if defined $opts{f}; > $offsetfile = $opts{o} if defined $opts{o}; signature.asc Description: Digital signature
Bug#455562: proftpd: init script should use --oknodo on startup
Package: proftpd Version: 1.3.0-19 Severity: important Hello, when starting proftpd by heartbeat it happens that a already running proftpd is "started again". I mean, /etc/init.d/proftpd start is called despite the current status. According to the heartbeat specifications (and debian policy?) the init "start" action should not fail on an already running service. (For me it sounds logical: if I want to start something, it doesn't matter if it is running alread, I just want it running.) Adding "--oknodo" to start-stop-daemon in start() would do. Thank you. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (550, 'stable'), (500, 'proposed-updates'), (200, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-686 Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages proftpd depends on: ii adduser 3.102Add and remove users and groups ii debconf 1.5.11 Debian configuration management sy ii debianutils 2.17 Miscellaneous utilities specific t ii libacl1 2.2.41-1 Access control list shared library ii libattr12.4.32-1 Extended attribute shared library ii libc6 2.6.1-1+b1 GNU C Library: Shared libraries ii libldap22.1.30-13.3 OpenLDAP libraries ii libmysqlclient15off 5.0.32-7etch1mysql database client library ii libncurses5 5.6+20071013-1 Shared libraries for terminal hand ii libpam-runtime 0.79-4 Runtime support for the PAM librar ii libpam0g0.79-4 Pluggable Authentication Modules l ii libpq4 8.1.9-0etch1 PostgreSQL C client library ii libssl0.9.8 0.9.8g-1 SSL shared libraries ii libwrap07.6.dbs-13 Wietse Venema's TCP wrappers libra ii netbase 4.29 Basic TCP/IP networking system ii perl5.8.8-7etch1 Larry Wall's Practical Extraction ii ucf 2.0020 Update Configuration File: preserv ii zlib1g 1:1.2.3.3.dfsg-6 compression library - runtime proftpd recommends no packages. -- debconf information: * shared/proftpd/warning: * shared/proftpd/inetd_or_standalone: standalone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#453309: logtail ignores the -o (offset file) option
Package: logtail Version: 1.2.54 Severity: grave Justification: causes non-serious data loss The logtail utility fails in using some alternative offset file (passed via the '-o' option). Please contact me if you want me to send a fix for this issue. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (550, 'stable'), (500, 'proposed-updates'), (200, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-686 Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages logtail depends on: ii perl5.8.8-7etch1 Larry Wall's Practical Extraction logtail recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#442796: ugly error message when installing udev to virgin box (z25_persistent-net-rules missing)
Package: udev Version: 0.105-4 Severity: important Hello, if I install udev on to a virgin box (as done during fai installation of a server farm) udevs postinst script complains about missing /etc/udev/rules.d/z25_persistent-net.rules. Nothing is wrong with this complaint since the file really doesn't exist yet. /lib/udev/hotplug.functions aroute find_all_rules seems to cause this message (sed ... $RO $RULES_FILE) -- makes sed complaining. For a test I changed about /lib/udev/hotplug.functions:151 to sed -n -e "${}" $RO_RULES_FILE $(test -f $RULES_FILE && echo $RULES_FILE) and it seems to work. Heiko -- Package-specific info: -- /etc/udev/rules.d/: /etc/udev/rules.d/: total 32 lrwxrwxrwx 1 root root 20 2007-07-12 16:36 020_permissions.rules -> ../permissions.rules lrwxrwxrwx 1 root root 19 2007-07-12 16:36 025_libgphoto2.rules -> ../libgphoto2.rules -rw-r--r-- 1 root root 70 2007-06-07 17:25 10-local.rules lrwxrwxrwx 1 root root 15 2007-07-12 16:36 85-pcmcia.rules -> ../pcmcia.rules -rw-r--r-- 1 root root 255 2007-03-22 00:24 local.rules -rw-r--r-- 1 root root 60 2006-09-26 18:26 tun.rules lrwxrwxrwx 1 root root 13 2007-07-12 16:36 udev.rules -> ../udev.rules lrwxrwxrwx 1 root root 25 2007-07-12 16:36 z20_persistent-input.rules -> ../persistent-input.rules lrwxrwxrwx 1 root root 19 2007-07-12 16:36 z20_persistent.rules -> ../persistent.rules -rw-r--r-- 1 root root 1167 2007-08-13 20:29 z25_persistent-cd.rules -rw-r--r-- 1 root root 847 2007-08-13 20:32 z25_persistent-net.rules lrwxrwxrwx 1 root root 29 2007-07-24 21:10 z45_persistent-cd-generator.rules -> ../cd-aliases-generator.rules lrwxrwxrwx 1 root root 33 2007-07-12 16:36 z45_persistent-net-generator.rules -> ../persistent-net-generator.rules lrwxrwxrwx 1 root root 12 2007-07-12 16:36 z50_run.rules -> ../run.rules lrwxrwxrwx 1 root root 16 2007-07-12 16:36 z55_hotplug.rules -> ../hotplug.rules lrwxrwxrwx 1 root root 19 2007-07-12 16:36 z60_alsa-utils.rules -> ../alsa-utils.rules lrwxrwxrwx 1 root root 15 2007-07-13 11:28 z60_hdparm.rules -> ../hdparm.rules -rw-r--r-- 1 root root 2589 2007-06-03 22:17 z60_libpisock9.rules -rw-r--r-- 1 root root 5716 2007-06-04 10:36 z60_xserver-xorg-input-wacom.rules -- /sys/: /sys/block/dm-0/dev /sys/block/dm-1/dev /sys/block/dm-2/dev /sys/block/dm-3/dev /sys/block/dm-4/dev /sys/block/dm-5/dev /sys/block/loop0/dev /sys/block/loop1/dev /sys/block/loop2/dev /sys/block/loop3/dev /sys/block/loop4/dev /sys/block/loop5/dev /sys/block/loop6/dev /sys/block/loop7/dev /sys/block/sda/dev /sys/block/sda/sda1/dev /sys/block/sda/sda2/dev /sys/block/sr0/dev /sys/class/input/input22/mouse0/dev /sys/class/input/mice/dev /sys/class/scsi_generic/sg0/dev /sys/class/scsi_generic/sg1/dev /sys/devices/pci:00/:00:1b.0/sound/card0/adsp/dev /sys/devices/pci:00/:00:1b.0/sound/card0/audio/dev /sys/devices/pci:00/:00:1b.0/sound/card0/controlC0/dev /sys/devices/pci:00/:00:1b.0/sound/card0/dsp/dev /sys/devices/pci:00/:00:1b.0/sound/card0/mixer/dev /sys/devices/pci:00/:00:1b.0/sound/card0/pcmC0D0c/dev /sys/devices/pci:00/:00:1b.0/sound/card0/pcmC0D0p/dev /sys/devices/pci:00/:00:1b.0/sound/card0/pcmC0D1p/dev /sys/devices/pci:00/:00:1d.0/usb1/1-0:1.0/usb_endpoint/usbdev1.1_ep81/dev /sys/devices/pci:00/:00:1d.0/usb1/dev /sys/devices/pci:00/:00:1d.0/usb1/usb_device/usbdev1.1/dev /sys/devices/pci:00/:00:1d.0/usb1/usb_endpoint/usbdev1.1_ep00/dev /sys/devices/pci:00/:00:1d.1/usb2/2-0:1.0/usb_endpoint/usbdev2.1_ep81/dev /sys/devices/pci:00/:00:1d.1/usb2/dev /sys/devices/pci:00/:00:1d.1/usb2/usb_device/usbdev2.1/dev /sys/devices/pci:00/:00:1d.1/usb2/usb_endpoint/usbdev2.1_ep00/dev /sys/devices/pci:00/:00:1d.2/usb3/3-0:1.0/usb_endpoint/usbdev3.1_ep81/dev /sys/devices/pci:00/:00:1d.2/usb3/dev /sys/devices/pci:00/:00:1d.2/usb3/usb_device/usbdev3.1/dev /sys/devices/pci:00/:00:1d.2/usb3/usb_endpoint/usbdev3.1_ep00/dev /sys/devices/pci:00/:00:1d.3/usb4/4-0:1.0/usb_endpoint/usbdev4.1_ep81/dev /sys/devices/pci:00/:00:1d.3/usb4/4-2/4-2:1.0/usb_endpoint/usbdev4.10_ep02/dev /sys/devices/pci:00/:00:1d.3/usb4/4-2/4-2:1.0/usb_endpoint/usbdev4.10_ep81/dev /sys/devices/pci:00/:00:1d.3/usb4/4-2/4-2:1.0/usb_endpoint/usbdev4.10_ep83/dev /sys/devices/pci:00/:00:1d.3/usb4/4-2/dev /sys/devices/pci:00/:00:1d.3/usb4/4-2/usb_device/usbdev4.10/dev /sys/devices/pci:00/:00:1d.3/usb4/4-2/usb_endpoint/usbdev4.10_ep00/dev /sys/devices/pci:00/:00:1d.3/usb4/dev /sys/devices/pci:00/:00:1d.3/usb4/usb_device/usbdev4.1/dev /sys/devices/pci:00/:00:1d.3/usb4/usb_endpoint/usbdev4.1_ep00/dev /sys/devices/pci:00/:00:1d.7/usb5/5-0:1.0/usb_endpoint/usbdev5.1_ep81/dev /sys/devices/pci:00/:00:1d.7/usb5/dev /sys/devices/pci:00/:00:1d.7/usb5/usb_device/usbdev5.1/dev /sys/devices/pci:00
Bug#434479: wodim: can't find /dev/sr0\n (as read from /proc/..../info
Package: wodim Version: 9:1.1.2-1 Severity: important If there's no default CDR device in wodim.conf, wodim reads /proc/sys/dev/cdrom/info. It finds the name of the cdrom device there (sr0 in my case), but it doesn't cut the trailing newline from this name. Therefore wodim then tries to open "/dev/sr0\n", which doesn't exist. (Test: ln -s /dev/sr0 '/dev/sr0^V^J' makes wodim work) -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.22.jumper Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages wodim depends on: ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libcap1 1:1.10-14support for getting/setting POSIX. Versions of packages wodim recommends: ii genisoimage 9:1.1.2-1 Creates ISO-9660 CD-ROM filesystem -- no debconf information Best regards from Dresden Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de -------- internet & unix support - Heiko Schlittermann HS12-RIPE - gnupg encrypted messages are welcome - key ID: 48D0359B --- gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#433891: tftpd-hpa: --oknodo missing
Package: tftpd-hpa Version: 0.43-1.1 Severity: important Tags: patch invoke-rc.d tftpd-hpa {start|stop} returns a serious error (exit status) if the daemon is already running resp. stopped. This avoids easy integration in heartbeat and brings problem on removing the package if the daemon is stopped already. (There's some other bug related to this issue.) I added "--oknodo" to the "start-stop-daemon " invocations in /etc/init.d/tftpd-hpa and this solves the problem. (And I hope that it doesn't bring a lot other problems.) -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.22.jumper Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages tftpd-hpa depends on: ii debconf [debconf-2.0] 1.5.13 Debian configuration management sy ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libwrap07.6.dbs-13 Wietse Venema's TCP wrappers libra ii netbase 4.29 Basic TCP/IP networking system tftpd-hpa recommends no packages. -- debconf information: * tftpd-hpa/use_inetd: true -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#397557: default output dir is *not* as noted in srg.conf
Package: srg Version: 1.3.4-3 Severity: normal In srg.conf is noted that /var/www/srg_reports are the output dir per default. It's wrong. If no output dir is given, srg writes to ./srg_reports ! Heiko Schlittermann -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18 Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages srg depends on: ii libc62.3.6.ds1-7 GNU C Library: Shared libraries ii libgcc1 1:4.1.1-19 GCC support library ii libstdc++6 4.1.1-19The GNU Standard C++ Library v3 Versions of packages srg recommends: ii apache1.3.34-4 versatile, high-performance HTTP s ii php4 4:4.4.4-3 server-side, HTML-embedded scripti ii squid 2.6.4-2Internet Object Cache (WWW proxy c -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#396343: nsca: config file specifies wrong location for nagios2 command file
Package: nsca Version: 2.6-2 Severity: important Tags: patch The default nsca.cfg specifies /var/run/nagios2/rw/nagios.cmd as command file, but current nagios2 packages seem to use /var/lib/nagios2/rw/nagios2/nagios.cmd as command file. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.15.1.pu Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages nsca depends on: ii debconf [debconf-2.0]1.4.30.13 Debian configuration management sy ii libc62.3.6.ds1-7 GNU C Library: Shared libraries ii libmcrypt4 2.5.7-5 De-/Encryption Library ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra -- debconf information: nsca/run-nsca-daemon: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#396102: Nagios probably doesn't remove old logs from /var/log/nagios2/archives/
Package: nagios2 Version: 2.5-1.stable.ius.5 Severity: important Since nagios2 does its own logration (/var/log/nagios2/nagios.log -> /var/log/nagios2/archives/...) I'm afraid that nobody will clean the old logs. (At lease I do not see any relevant config option in the nagios.cfg.) -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.15.1.pu Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages nagios2 depends on: ii libc6 2.3.6.ds1-7GNU C Library: Shared libraries ii libgd2-xpm2.0.33-1.1sarge1 GD Graphics Library version 2 ii libjpeg62 6b-10 The Independent JPEG Group's JPEG ii libperl5.85.8.8-6.1 Shared Perl library ii libpng12-01.2.8rel-1 PNG library - runtime ii nagios2-common2.5-1.stable.ius.5 support files for nagios2 ii perl 5.8.8-6.1 Larry Wall's Practical Extraction ii zlib1g1:1.2.2-4.sarge.2 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#396100: nagios2: apache-config should set some index options
Package: nagios2 Version: 2.5-1 Severity: wishlist Tags: patch In the supplied nagios.conf for apache should be set the following directive: DirectoryIndex index.html Why? Since you cannot assume that it's set on some parent level in the config. Not setting this prevents the URL .../nagios2/ from working. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.15.1.pu Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages nagios2 depends on: ii libc6 2.3.6.ds1-7GNU C Library: Shared libraries ii libgd2-xpm2.0.33-1.1sarge1 GD Graphics Library version 2 ii libjpeg62 6b-10 The Independent JPEG Group's JPEG ii libperl5.85.8.8-6.1 Shared Perl library ii libpng12-01.2.8rel-1 PNG library - runtime ii nagios2-common2.5-1.stable.ius.5 support files for nagios2 ii perl 5.8.8-6.1 Larry Wall's Practical Extraction ii zlib1g1:1.2.2-4.sarge.2 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#361956: [Pkg-nagios-devel] Bug#361956: nagios2-common: postinstall script uses unconditional chmod/chown, breaking any dpkg-statoverride
Marc Haber <[EMAIL PROTECTED]> (Di 11 Apr 2006 16:16:53 CEST): > On Tue, Apr 11, 2006 at 02:35:09PM +0200, Heiko Schlittermann wrote: > > As stated in the subject -- the postinstall uses unconditionally > > chmod/chown. If the local admin tries to change permissions using > > dpkg-statoverride, these local changes are not respected. > > +# useful functions > > +setperm() { > > +local user="$1"; shift > > +local group="$1"; shift > > +local mode="$1"; shift > > +local file="$1"; shift > > +dpkg-statoverride --list "$file" >/dev/null && return 0 > > +dpkg-statoverride --update --add "$user" "$group" "$mode" "$file" > > +} > > The maintainer script adding the statoverride does not seem to be > policy compliant to me. We are not to touch the dpkg-statoverride > database. What about the policy manual 10.9.1? Given the above, dpkg-statoverride is essentially a tool for system administrators and would not normally be needed in the maintainer scripts. There is one type of situation, though, where calls to dpkg-statoverride would be needed in the maintainer scripts, and that involves packages which use dynamically allocated user or group ids. In such a situation, something like the following idiom can be very helpful in the package's postinst, where sysuser is a dynamically allocated id: Of course, both (not touching the statoverride data base - and - using statoverride for fixing the permissions) have their pro & con. Pro using statoverride: o it's clean interface o admin is able to see all permissions different from root:root 0755/0644 o easy way to recover lost permissions of packaged files Contra: o probably huge data base of statoverrides o more steps for admin to change the permissions of statoverridden files (as statoverride only changes the permissions during '--add', and the files are added already during package installation) (May be a new version of statoverride could solve it: dpkg-statoverride --update --list ) Best regards from Dresden Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann HS12-RIPE - gnupg encrypted messages are welcome - key ID: 48D0359B --- gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B - signature.asc Description: Digital signature
Bug#361956: nagios2-common: postinstall script uses unconditional chmod/chown, breaking any dpkg-statoverride
Package: nagios2-common Version: 2.1-1 Severity: serious Tags: patch Justification: Policy 10.9.1 As stated in the subject -- the postinstall uses unconditionally chmod/chown. If the local admin tries to change permissions using dpkg-statoverride, these local changes are not respected. -- System Information: Debian Release: testing/unstable Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16.jumper Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) diff -ruN nagios2-2.1/debian/lintian/overrides/nagios2-common nagios2-2.hs/debian/lintian/overrides/nagios2-common --- nagios2-2.1/debian/lintian/overrides/nagios2-common 2006-04-11 14:15:11.0 +0200 +++ nagios2-2.hs/debian/lintian/overrides/nagios2-common1970-01-01 01:00:00.0 +0100 @@ -1 +0,0 @@ -non-standard-file-perm etc/nagios2/resource.cfg 0600 != 0644 diff -ruN nagios2-2.1/debian/nagios2-common.install nagios2-2.hs/debian/nagios2-common.install --- nagios2-2.1/debian/nagios2-common.install 2006-04-11 14:15:11.0 +0200 +++ nagios2-2.hs/debian/nagios2-common.install 2006-04-11 14:09:30.0 +0200 @@ -5,6 +5,5 @@ sample-config/template-object/README /usr/share/doc/nagios2-common/examples/template-object sample-config/template-object/*.cfg /usr/share/doc/nagios2-common/examples/template-object debian/httpd.webapps-common /usr/share/nagios2/debian -debian/lintian/overrides/nagios2-common usr/share/lintian/overrides debian/gateway.cfg usr/share/nagios2/debian debian/extcommands.cfg usr/share/nagios2/debian diff -ruN nagios2-2.1/debian/nagios2-common.postinst nagios2-2.hs/debian/nagios2-common.postinst --- nagios2-2.1/debian/nagios2-common.postinst 2006-04-11 14:15:11.0 +0200 +++ nagios2-2.hs/debian/nagios2-common.postinst 2006-04-11 11:48:57.0 +0200 @@ -20,6 +20,16 @@ # location of the default htpasswd authentication file. htpw=$en/htpasswd.users +# useful functions +setperm() { +local user="$1"; shift +local group="$1"; shift +local mode="$1"; shift +local file="$1"; shift +dpkg-statoverride --list "$file" >/dev/null && return 0 +dpkg-statoverride --update --add "$user" "$group" "$mode" "$file" +} + case "$1" in configure) if ! getent passwd nagios > /dev/null ; then @@ -76,14 +86,15 @@ # explicitly set permissions on some files that are dependent # on the uid/gid of the nagios user, which is dynamically created. - chown root:nagios $en/resource.cfg - chmod 640 $en/resource.cfg -install -d -onagios -gadm -m2751 /var/log/nagios2 -install -d -onagios -gnagios -m750 /var/run/nagios2 -install -d -onagios -gnagios -m750 /var/lib/nagios2 - # chown instead of install to preserve permission bits - chown nagios /var/lib/nagios2/rw -install -d -onagios -gwww-data -m2750 /var/cache/nagios2 + # .hs + # Do not forget to remove these statoverrides when purging the + # package! + setperm root nagios 0640 $en/resource.cfg + setperm nagios adm 2751 /var/log/nagios2 + setperm nagios nagios 0750 /var/run/nagios2 + setperm nagios nagios 0750 /var/lib/nagios2 + setperm nagios www-data 02750 /var/cache/nagios2 + setperm nagios www-data 0700 /var/lib/nagios2/rw # everything went well, so now let's reset the password db_set nagios2/adminpassword "" diff -ruN nagios2-2.1/debian/nagios2-common.postrm nagios2-2.hs/debian/nagios2-common.postrm --- nagios2-2.1/debian/nagios2-common.postrm2006-04-11 14:15:11.0 +0200 +++ nagios2-2.hs/debian/nagios2-common.postrm 2006-04-11 11:50:02.0 +0200 @@ -13,6 +13,13 @@ ucf --purge /etc/nagios2/apache2.conf ucf --purge /etc/nagios2/conf.d/host-gateway_nagios2.cfg #ucf --purge /etc/nagios2/conf.d/extcommands_nagios2.cfg + + dpkg-statoverride --force --remove /etc/nagios2/resource.cfg + dpkg-statoverride --force --remove /var/log/nagios2 + dpkg-statoverride --force --remove /var/run/nagios2 + dpkg-statoverride --force --remove /var/lib/nagios2 + dpkg-statoverride --force --remove /var/cache/nagios2 + dpkg-statoverride --force --remove /var/lib/nagios2/rw ;; esac diff -ruN nagios2-2.1/debian/rules nagios2-2.hs/debian/rules --- nagios2-2.1/debian/rules2006-04-11 14:15:11.0 +0200 +++ nagios2-2.hs/debian/rules 2006-04-11 14:12:23.0 +0200 @@ -137,10 +137,9 @@ # remove empty directory rmdir --ignore-fail-on-non-empty -p $b/nagios2/var/lib/nagios2/archives # set up /var/cache/nagios2 for access by www-data - chgrp www-data ${bnc}/var/cache/nagios2 - chmod g+s ${bnc}/var/cache/nagios2 - chown root:www-data ${bnc}/var/lib/nagios2/rw - chmod 700 ${bnc}/var/lib/nagios2/rw + # Permissions are set in postinstall using dpkg-statoverride + # for following parts: /var/cache/nagios2 + # /var/lib/nagios2/r
Bug#312512: cgiemail: sendmail not found
Package: cgiemail Version: 1.6-26 Severity: grave Justification: renders package unusable Hello, sh: line 1: sendmail not found (the above line is from my memory) If I use `strings /usr/lib/cgi-bin/cgiemail` I cannot find any location for sendmail compiled in. Probably you rely on a proper set PATH? I built cgiemail on my laptop and it seems as if now '/usr/sbin/sendmail' is included in the binary as sendmail path and the package works. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.11.11.jumper Locale: LANG=C, [EMAIL PROTECTED] (charmap=UTF-8) Versions of packages cgiemail depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]