from:"Heiko Schlittermann"

Bug#992172: exim4: CVE-2021-38371

2023-03-15 Thread Heiko Schlittermann

[not encrypted, I'm not able to find the key of Moritz]
Hi,

Salvatore Bonaccorso  (Mi 15 Mär 2023 20:49:01 CET):
> Looks the planned advisory at
> https://www.exim.org/static/doc/security/CVE-2021-38371.txt is not
> online.

I found the message from last year on the list, and the today's messages
too. It seems that there was some discussion about the content of the
advisory.

I'll try to clarify it and then return.

-- 
Heiko


signature.asc
Description: PGP signature

Bug#991130: Manpage: CASignatureAlgorithms mentions a wrong default

2021-07-15 Thread Heiko Schlittermann (HS12-RIPE)

Package: openssh-server
Version: 1:7.9p1-10+deb10u2
Severity: normal

Dear Maintainer,

on a current unreleased Debian bullseye (openssh-server 1:8.4p1-5)
the sshd_config(5) mentions the CASignatureAlgorithms 
with a wrong default: 

|CASignatureAlgorithms
|Specifies which algorithms are allowed for signing of certifi-
|cates by certificate authorities (CAs).  The default is:
|
|  ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
|  ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
| 
|Certificates signed using other algorithms will not be accepted
|for public key or host-based authentication.


The ssh-rsa algorithm is not in the default set of algorithms, as it
seems (tested with the above server version, after setting the
CASignatureAlgorithms options to the (mistakenly documented default),
SSH certificates with RSA signatures worked again.

This should be clearly stated in this section.

Bug#985243: Fixed upstream

2021-03-15 Thread Heiko Schlittermann

Hi,

FYI: The Exim project tracks this issue already:
https://bugs.exim.org/show_bug.cgi?id=2594

The commit 0851a3bbf4667081d47f5d85b6b3a5cb33cbdba6
https://git.exim.org/exim.git/commitdiff/0851a3bbf4667081d47f5d85b6b3a5cb33cbdba6
fixes this issue.

The commit 3fe5ec41e81831028c992f77a15292872fbbac75 on the
exim-4.94+testing branch cherry-picks the above change.

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
 SCHLITTERMANN.de  internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: F69376CE -


signature.asc
Description: PGP signature

Bug#983795: libnss-sss: libnss_sss fails to enumerate users/groups if the call to endXXent() is missing. (observed with Dovecot)

2021-03-01 Thread Heiko Schlittermann (HS12-RIPE)

Package: libnss-sss
Version: libnss_sss fails on enumeration of users/groups
Severity: important
Tags: upstream patch

Dear Maintainer,

the NSS responder of sssd fails to *rewind* in calls set setXYent().
It succeeds only for the very first call to setXYent() during a session,
which makes this bug a bit hidden - as most applications don't try to
iterate the XY database multiple times.

But - dovecot is a good example, its auth process keeps the NSS
"connection" open and may iterate multiple times over the list of users.
The first iteration returns all users (from local files and from AD
backed sssd, the next iteration returns only the users from local files,
but not the users from the AD backed sssd. While this may be considered
dovecot's fault, the documentation about setXYent says, that it rewinds
the iterator. (It doesn't mention that a consumer *must* use endXYent())

The authors of sssd confirmed that bug, I opened an issue and a pull
requrest there already:

- https://github.com/SSSD/sssd/issues/5523
- https://github.com/SSSD/sssd/pull/5524

I'm appending a patch I'm using for my private Buster packages of sssd.
(The patch is not 100% equivalent to the above mentioned PR, as the
version of sssd that is shipped with Debian10 is 1.6.x, and the upstream
is at 2.x already, implementing more setXYent())

-- System Information:
Debian Release: 10.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (102, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.8.5 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libnss-sss depends on:
ii  libc6  2.28-10

Versions of packages libnss-sss recommends:
pn  sssd  

libnss-sss suggests no packages.
Description: Fix setXYent()
 setXYent() failed to rewind. Usage patterns like
 setpwent(); while (getpwent()) { … }; endpwent();
 setpwent(); while (getpwent()) { … }; endpwent();
 failed, if the endpwent() was missing. (Dovecot is a good example
 for missing the endpwent() call.
Author: Heiko Schlittermann 
Bug: https://github.com/SSSD/sssd/issues/5523
Last-Update: 2021-03-01
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/src/responder/nss/nss_cmd.c
+++ b/src/responder/nss/nss_cmd.c
@@ -939,6 +939,11 @@
 static errno_t nss_cmd_setpwent(struct cli_ctx *cli_ctx)
 {
 struct nss_ctx *nss_ctx;
+struct nss_state_ctx *state_ctx;
+
+state_ctx = talloc_get_type(cli_ctx->state_ctx, struct nss_state_ctx);
+state_ctx->pwent.domain = 0;
+state_ctx->pwent.result = 0;
 
 nss_ctx = talloc_get_type(cli_ctx->rctx->pvt_ctx, struct nss_ctx);
 
@@ -995,6 +1000,11 @@
 static errno_t nss_cmd_setgrent(struct cli_ctx *cli_ctx)
 {
 struct nss_ctx *nss_ctx;
+struct nss_state_ctx *state_ctx;
+
+state_ctx = talloc_get_type(cli_ctx->state_ctx, struct nss_state_ctx);
+state_ctx->grent.domain = 0;
+state_ctx->grent.result = 0;
 
 nss_ctx = talloc_get_type(cli_ctx->rctx->pvt_ctx, struct nss_ctx);
 
@@ -1037,6 +1047,12 @@
 
 static errno_t nss_cmd_setnetgrent(struct cli_ctx *cli_ctx)
 {
+struct nss_state_ctx *state_ctx;
+
+state_ctx = talloc_get_type(cli_ctx->state_ctx, struct nss_state_ctx);
+state_ctx->netgrent.domain = 0;
+state_ctx->netgrent.result = 0;
+
 return nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME,
nss_protocol_fill_setnetgrent);
 }
@@ -1090,6 +1106,11 @@
 static errno_t nss_cmd_setservent(struct cli_ctx *cli_ctx)
 {
 struct nss_ctx *nss_ctx;
+struct nss_state_ctx *state_ctx;
+
+state_ctx = talloc_get_type(cli_ctx->state_ctx, struct nss_state_ctx);
+state_ctx->svcent.domain = 0;
+state_ctx->svcent.result = 0;
 
 nss_ctx = talloc_get_type(cli_ctx->rctx->pvt_ctx, struct nss_ctx);

Bug#983510: dovecot-core: repeated user enumeration fails with sssd backend (and probably others)

2021-02-25 Thread Heiko Schlittermann (HS12-RIPE)

Package: dovecot-core
Version: 2.3.4.1-5+deb10u1
Severity: important
Tags: patch upstream

Dear Maintainer,

the issue can be found on the dovecot mailing list: 
https://dovecot.org/pipermail/dovecot/2021-February/121478.html

When using sssd as nss plugin, fast repeating calls to `doveadm user *`
do not return the full list of users for each invocation, but for the first
invocation only. 

After a longer period of time (when the started dovecot/auth processes
died), or directly after killing dovecot/auth processes, the user list
is complete again.

This seems to be caused by a missing call to endpwent() in the
userdb-passwd auth plugin of dovecot.

It breaks other tools that rely on the user enumeration, if they are
called in a fast successive order (`doveadm quota recalc -A`, followed
by other `doveadm XXX -A` commands, and thelike).

I created the attached patch and deployed it to my systems, and it seems
to solve the issue. I assume that it doesn't introduce other problems.

(Maybe, the issue can be handled on the sssd side as well, if the sssd
nss plugin sees successive calls to setpwend() with a missing
endpwent(), it could do the endpwend() on its own.)

-- System Information:
Debian Release: 10.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (102, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.8.5 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dovecot-core depends on:
ii  adduser  3.118
ii  libapparmor1 2.13.2-10
ii  libbz2-1.0   1.0.6-9.2~deb10u1
ii  libc62.28-10
ii  libexttextcat-2.0-0  3.4.5-1
ii  libicu63 63.1-6+deb10u1
ii  liblua5.3-0  5.3.3-1.1
ii  liblz4-1 1.8.3-1
ii  liblzma5 5.2.4-1
ii  libpam-runtime   1.3.1-5
ii  libpam0g 1.3.1-5
ii  libsodium23  1.0.17-1
ii  libssl1.11.1.1d-0+deb10u5
ii  libstemmer0d 0+svn585-1+b2
ii  libwrap0 7.6.q-28
ii  lsb-base 10.2019051400
ii  openssl  1.1.1d-0+deb10u5
pn  ssl-cert 
ii  ucf  3.0038+nmu1
ii  zlib1g   1:1.2.11.dfsg-1

dovecot-core recommends no packages.

Versions of packages dovecot-core suggests:
pn  dovecot-gssapi
pn  dovecot-imapd 
pn  dovecot-ldap  
pn  dovecot-lmtpd 
pn  dovecot-lucene
pn  dovecot-managesieved  
pn  dovecot-mysql 
pn  dovecot-pgsql 
pn  dovecot-pop3d 
pn  dovecot-sieve 
pn  dovecot-solr  
pn  dovecot-sqlite
pn  dovecot-submissiond   
pn  ntp   
From: Heiko Schlittermann 
Subject: Add missing endpwent() to the userdb-passwd iterator.
--- a/src/auth/userdb-passwd.c
+++ b/src/auth/userdb-passwd.c
@@ -210,6 +210,7 @@
cur_userdb_iter_to = timeout_add(0, passwd_iterate_next_timeout,
 (void *)NULL);
}
+endpwent();
return ret;
 }

Bug#941345: [git-buildpackage/master] buildpackage: Honor --git-arch for GBP_CHANGES_FILE

2020-10-12 Thread Heiko Schlittermann

tag 941345 pending
thanks

Date:   Sun Sep 29 11:56:33 2019 +0200
Author: Heiko Schlittermann 
Commit ID: d9e473408e17cb267123e62f6f8b0326fafe2f9a
Commit URL: 
https://git.sigxcpu.org/cgit/git-buildpackage//commit/?id=d9e473408e17cb267123e62f6f8b0326fafe2f9a
Patch URL: 
https://git.sigxcpu.org/cgit/git-buildpackage//patch/?id=d9e473408e17cb267123e62f6f8b0326fafe2f9a

buildpackage: Honor --git-arch for GBP_CHANGES_FILE

Closes: #941345

Bug#943814: amanda-common: amcrypt-ossl-asym fails: deprecated options of openssl enc

2019-10-30 Thread Heiko Schlittermann (HS12-RIPE)

Package: amanda-common
Version: 3.5.1
Severity: important
Tags: upstream patch

Dear Maintainer,

using amcrypt-ossl-asym results in extra output about deprected "openssl
enc" options and does not encrypt: no backup is written!

root@marta:/# date | sudo -su backup amcrypt-ossl-asym >/dev/null
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

For testing purpose I added (as recommended) the option -pbkdf2 to the encoding 
and the decoding
lines and now it works.

Please fix and report upstream.

Thank you.

-- System Information:
Debian Release: 10.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_DK:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages amanda-common depends on:
ii  adduser   3.118
ii  debconf [debconf-2.0] 1.5.71
ii  libc6 2.28-10
pn  libcurl3  
ii  libcurl4  7.64.0-4
ii  libglib2.0-0  2.58.3-2+deb10u1
ii  libssl1.1 1.1.1d-0+deb10u2
ii  mailutils [mailx] 1:3.5-3
pn  openbsd-inetd | inet-superserver  
ii  perl  5.28.1-6
ii  perl-base [perlapi-5.28.0]5.28.1-6
pn  perlapi-5.24.1
ii  update-inetd  4.49

amanda-common recommends no packages.

Versions of packages amanda-common suggests:
pn  amanda-server | amanda-client

Bug#943740: amanda-server: IPv6 support is disabled for 10 years already.

2019-10-28 Thread Heiko Schlittermann (HS12-RIPE)

Package: amanda-server
Version: ipv6 support disabled for 10 years already
Severity: important
Tags: ipv6

Dear Maintainer,

is there any reason that IPv6 support is disabled for about 10 years
already?

Amanda builds cleanly with the --without-ipv6 option removed.
If it works I've to find out.


-- System Information:
Debian Release: 10.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_DK:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages amanda-server depends on:
pn  amanda-common  
ii  libc6  2.28-10
pn  libcurl3   
ii  libcurl4   7.64.0-4
ii  libglib2.0-0   2.58.3-2+deb10u1
ii  libjson-perl   4.02000-1
ii  libssl1.1  1.1.1d-0+deb10u2
ii  mailutils [mailx]  1:3.5-3
ii  perl   5.28.1-6

amanda-server recommends no packages.

Versions of packages amanda-server suggests:
pn  amanda-client 
ii  cpio  2.12+dfsg-9
ii  gnuplot   5.2.6+dfsg1-1+deb10u1
ii  gnuplot-qt [gnuplot]  5.2.6+dfsg1-1+deb10u1

Bug#941345: Acknowledgement (git-buildpackage: Option --git-arch ignored when constructing the GBP_CHANGES_FILE variable for the postbuild hook)

2019-09-29 Thread Heiko Schlittermann

A proposed fix follows. But please note, I'm by far not an Python
programmer, so I just tried to understand what's going on and introduced
the necessary changes.

It's of "works for me" quality. :)

--- dist-packages/gbp/scripts/buildpackage.py   2019-09-29 11:49:49.928996655 
+0200
+++ /tmp/patched2019-09-29 11:49:46.60056 +0200
@@ -284,7 +284,7 @@
 setattr(options, hook, '')


-def changes_file_suffix(builder, dpkg_args):
+def changes_file_suffix(builder, dpkg_args, arch):
 """
 >>> changes_file_suffix('debuild', ['-A'])
 'all'
@@ -303,15 +303,15 @@
 elif '-A' in args:
 return 'all'
 else:
-return os.getenv('ARCH', None) or du.get_arch()
+return arch or os.getenv('ARCH', None) or du.get_arch()


-def changes_file_name(source, build_dir, builder, dpkg_args):
+def changes_file_name(source, build_dir, builder, dpkg_args, arch):
 return os.path.abspath("%s/../%s_%s_%s.changes" %
(build_dir,
 source.changelog.name,
 source.changelog.noepoch,
-changes_file_suffix(builder, dpkg_args)))
+changes_file_suffix(builder, dpkg_args, arch)))


 def check_branch(repo, options):
@@ -509,7 +509,7 @@
  else source.upstream_version)
 export_dir = os.path.join(output_dir, "%s-%s" % (source.sourcepkg, 
major))
 build_dir = export_dir if options.export_dir else repo.path
-changes_file = changes_file_name(source, build_dir, 
options.builder, dpkg_args)
+changes_file = changes_file_name(source, build_dir, 
options.builder, dpkg_args, options.pbuilder_arch)

 # Run preexport hook
 if options.export_dir and options.preexport:

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
 SCHLITTERMANN.de  internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01  -


signature.asc
Description: PGP signature

Bug#941345: git-buildpackage: Option --git-arch ignored when constructing the GBP_CHANGES_FILE variable for the postbuild hook

2019-09-29 Thread Heiko Schlittermann (HS12-RIPE)

 (9.0.12+nmu1) ...
update-alternatives: using /usr/bin/bsd-write to provide /usr/bin/write (write) 
in auto mode
update-alternatives: using /usr/bin/bsd-from to provide /usr/bin/from (from) in 
auto mode
Setting up autopoint (0.19.8.1-2+deb9u1) ...
Setting up libidn11:i386 (1.33-1) ...
Setting up zlib1g-dev:i386 (1:1.2.8.dfsg-5) ...
Setting up libfile-stripnondeterminism-perl (0.034-1) ...
Setting up libdb-dev:i386 (5.3.1) ...
Setting up libmariadbclient-dev (10.1.41-0+deb9u1) ...
Setting up libspf2-dev (1.2.10-7+b2) ...
Setting up libpcre3-dev:i386 (2:8.39-3) ...
Setting up libssl-dev:i386 (1.1.0k-1~deb9u1) ...
Setting up libglib2.0-0:i386 (2.50.3-2+deb9u1) ...
No schema files found: doing nothing.
Setting up autoconf (2.69-10) ...
Setting up libmariadb-dev (2.3.2-2) ...
Setting up file (1:5.30-1+deb9u2) ...
Setting up libkrb5support0:i386 (1.15-1+deb9u1) ...
Setting up libcroco3:i386 (0.6.11-3) ...
Setting up pkg-config (0.29-4+b1) ...
Setting up libopendmarc2 (1.3.2-2+deb9u1) ...
Setting up libp11-kit0:i386 (0.23.3-2) ...
Setting up automake (1:1.15-6) ...
update-alternatives: using /usr/bin/automake-1.15 to provide /usr/bin/automake 
(automake) in auto mode
Setting up man-db (2.7.6.1-2) ...
Building database of manual pages ...
Setting up libtool (2.4.6-2) ...
Setting up libk5crypto3:i386 (1.15-1+deb9u1) ...
Setting up gettext (0.19.8.1-2+deb9u1) ...
Setting up libgnutls30:i386 (3.5.8-5+deb9u4) ...
Setting up libopendmarc-dev (1.3.2-2+deb9u1) ...
Setting up intltool-debian (0.35.0+20060710.4) ...
Setting up libldap-2.4-2:i386 (2.4.44+dfsg-5+deb9u3) ...
Setting up libkrb5-3:i386 (1.15-1+deb9u1) ...
Setting up libldap2-dev:i386 (2.4.44+dfsg-5+deb9u3) ...
Setting up po-debconf (1.0.20) ...
Setting up libgssapi-krb5-2:i386 (1.15-1+deb9u1) ...
Setting up libpq5:i386 (9.6.15-0+deb9u1) ...
Setting up libpq-dev (9.6.15-0+deb9u1) ...
Setting up dh-autoreconf (14) ...
Setting up dh-strip-nondeterminism (0.034-1) ...
Setting up debhelper (10.2.5) ...
Processing triggers for libc-bin (2.24-11+deb9u4) ...
Reading package lists...
Building dependency tree...
Reading state information...
Reading extended state information...
Initializing package states...
Writing extended state information...
Building tag database...
 -> Finished parsing the build-deps
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
  libfakeroot
The following NEW packages will be installed:
  fakeroot libfakeroot
debconf: delaying package configuration, since apt-utils is not installed
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/134 kB of archives.
After this operation, 369 kB of additional disk space will be used.
Selecting previously unselected package libfakeroot:i386.
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 15181 files and directories currently installed.)
Preparing to unpack .../libfakeroot_1.21-3.1_i386.deb ...
Unpacking libfakeroot:i386 (1.21-3.1) ...
Selecting previously unselected package fakeroot.
Preparing to unpack .../fakeroot_1.21-3.1_i386.deb ...
Unpacking fakeroot (1.21-3.1) ...
Processing triggers for libc-bin (2.24-11+deb9u4) ...
Setting up libfakeroot:i386 (1.21-3.1) ...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up fakeroot (1.21-3.1) ...
update-alternatives: using /usr/bin/fakeroot-sysv to provide /usr/bin/fakeroot 
(fakeroot) in auto mode
Processing triggers for libc-bin (2.24-11+deb9u4) ...
[0mI: Copying back the cached apt archive contents[0m
[0mI: Building the package[0m
[0mI: Running cd /build/exim4-exim.org-4.92.3+fixes-35-g40b67cbe7/ && env 
PATH="/usr/lib/ccache:/usr/sbin:/usr/bin:/sbin:/bin" HOME="/nonexistent" 
dpkg-buildpackage -us -uc   '-b'[0m
dpkg-buildpackage: info: source package exim4-exim.org
dpkg-buildpackage: info: source version 4.92.3+fixes-35-g40b67cbe7-1+deb9u1
dpkg-buildpackage: info: source distribution stretch
dpkg-buildpackage: info: source changed by Heiko Schlittermann (HS12-RIPE) 

 dpkg-source --before-build exim4-exim.org-4.92.3+fixes-35-g40b67cbe7
dpkg-buildpackage: info: host architecture i386
dpkg-source: warning: unknown information field 'Tag' in input data in general 
section of control info file
 fakeroot debian/rules clean
dh clean --parallel
   dh_testdir -O--parallel
   debian/rules override_dh_auto_clean
make[1]: Entering directory '/build/exim4-exim.org-4.92.3+fixes-35-g40b67cbe7&#

Bug#906137: courier-authlib-pipe: authdaemon passes the socket FD to the authProg worker, causing an usuccessful close for the first connecting client

2018-08-14 Thread Heiko Schlittermann (HS12-RIPE)

Package: courier-authlib-pipe
Version: 0.66.4-9
Severity: important
Tags: upstream

Dear Maintainer,

   * What led up to the situation?

I'm using a variant of the example authProg script.

The authdaemon starts the external authProg *after* accepting the first
connection from the client.

accept(5, {sa_family=AF_UNIX}, [16->2]) = 4 <0.33>
fcntl(4, F_SETFL, O_RDONLY) = 0 <0.000151>
...
select(5, [4], NULL, NULL, {tv_sec=10, tv_usec=0}) = 1 (in [4], left {tv_sec=9, 
tv_usec=96}) <0.54>
read(4, "AUTH 40\nimap\nlogin\n...@dynapic.ne"..., 8192) = 48 <0.29>
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, 
child_tidptr=0x7f62cbd2c9d0) = 4644 <0.000202>

This leaks the filedescriptor for the client connection to the forked authProg 
process.
If the authProg doesn't care about file descriptors (as the example Perl 
script), the
client connection FD is open twice: opened by the process which accepted the 
connection, and open
by the process which inherited the FD.

After sending the auth results to the client, the authdaemon close()es the 
client connection. But
this doesn't really close the connection, because it is held open by the forked 
authProg process.

The client runs into a timeout. (reproducable using socat -t 5 - 
/run/courier/authdaemon/socket <...)
All connections following that first one do not have this problem, as now the 
authProg is running already and doesn't
the the new FDs created by accepting the new connections.

Solution:
Either fork the authProg *before* accepting the first connection.
Or use CLOSE_ON_EXEC on the FD returned from accepting the connection.

Workaround: The example script can use

use POSIX;
POSIX::close($_) for 3..1024;

This workaround solved the problem for me, so I'd consider it as a proof.

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

Use 'authpipe' as the only module in the authmodulelist.
Use the example Perl script as an authProg.

systemctl restart courier-authdaemon

socat -t5 - /run/courier/authdaemon/socket <<_
AUTH 35
imap
login
f...@example.com
foobar
_

   * What was the outcome of this action?

The first invocation after restarting the daemon leads to a timeout.
Every following invocation succeeds. (Given there is only one daemon
running, controlled via the daemons setting in authdaemonrc.

   * What outcome did you expect instead?


I think, the bugfix is easy, using fcntl and setting CLOSE_ON_EXEC in
authdaemon.c, just after accepting the connection.
But as I do not have a good testing environment, I can't do any tests.
And as the package seems to be orphaned, I'm not sure if it is worth the
effort. I'll need to switch to dovecot, I'm afraid.

-- System Information:
Debian Release: 9.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.9 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages courier-authlib-pipe depends on:
pn  courier-authlib  
ii  libc62.24-11+deb9u3

courier-authlib-pipe recommends no packages.

courier-authlib-pipe suggests no packages.

Bug#900053: amanda-server: amstatus wrong display (fix included)

2018-07-22 Thread Heiko Schlittermann

Great. Thank you for your effort.
-- 
Heiko Schlittermann (unterwegs)

Bug#900053: amanda-server: amstatus wrong display (fix included)

2018-05-25 Thread Heiko Schlittermann (HS12-RIPE)

Package: amanda-server
Version: 1:3.3.9-5
Severity: minor
Tags: patch

Dear Maintainer,

the output from amstatus contains a missing size unit and
shows part of the source code instead.

line 1420 of amstatus should be changed
from
printf "dumping to tape : %3d %20dsunit (%6.2f%%)\n",
to
printf "dumping to tape : %3d %20d$unit (%6.2f%%)\n",

-- 
Heiko

-- System Information:
Debian Release: 9.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.9 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages amanda-server depends on:
pn  amanda-common  
ii  bsd-mailx [mailx]  8.1.2-0.20160123cvs-4
ii  libc6  2.24-11+deb9u3
ii  libcurl3   7.52.1-5+deb9u6
ii  libglib2.0-0   2.50.3-2
ii  libncurses56.0+20161126-1+deb9u2
pn  libreadline6   
ii  libssl1.1  1.1.0f-3+deb9u2
ii  mailutils [mailx]  1:3.1.1-1
ii  perl   5.24.1-3+deb9u3

amanda-server recommends no packages.

Versions of packages amanda-server suggests:
pn  amanda-client  
ii  cpio   2.11+dfsg-6
ii  gnuplot5.0.5+dfsg1-6+deb9u1
pn  perl5

Bug#883938: Bug #883938: linux-image-3.16.0-4-amd64: Kernel panic on boot after upgrading to debian 8.10 kernel 3.16.51

2017-12-11 Thread Heiko Schlittermann

The provided work-around (setting numa=off) worked here.
Do you need further information about the system in use?

BTW: Thank you for the NUMA advice, it was about 21.00 CET when
I started a search engine and found the bug entry and the suggested
work-around, so, your advice came just in time.

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
-- 
 SCHLITTERMANN.de  internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01  -


signature.asc
Description: PGP signature

Bug#866110: multipath-tools: mpathpersist segfaults. Newer version is available and fixed!

2017-06-27 Thread Heiko Schlittermann (HS12-RIPE)

Package: multipath-tools
Version: 0.6.4-5
Severity: grave
Justification: renders package unusable

Dear Maintainer,

the mpathpersist command segfaults. I got it fixed, but discovered, that
a similiar fix is already applied upstream.

Git commit fef089a6610f94a847541069f3008a5708044015
in the upstream sources fixes this problem!

I've added the above mentioned patch manually and installed the package
as a NMU and it works.

At least the segfaults are gone. I'm not sure if the tool is working
properly though.


-- Package-specific info:
/etc/multipath.conf does not exist.


-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.11.1 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages multipath-tools depends on:
ii  init-system-helpers  1.48
ii  kpartx   0.6.4-5
ii  libaio1  0.3.110-3
ii  libc62.24-11+deb9u1
ii  libdevmapper1.02.1   2:1.02.137-2
ii  librados210.2.5-7.2
ii  libreadline7 7.0-3
ii  libsystemd0  232-25
ii  libudev1 232-25
ii  liburcu4 0.9.3-1
ii  lsb-base 9.20161125
ii  sg3-utils-udev   1.42-2
ii  udev 232-25

multipath-tools recommends no packages.

Versions of packages multipath-tools suggests:
pn  multipath-tools-boot  

-- no debconf information

Bug#866101: multipath-tools: build dependency on liburcu-dev and others are missing

2017-06-27 Thread Heiko Schlittermann (HS12-RIPE)

Package: multipath-tools
Version: 0.6.4-5
Severity: serious
Justification: fails to build from source (but built successfully in the past)

Dear Maintainer,

`apt-source multipath-tools` installs a bunch of packages. But a
subsequent `make` in the source directory fails, because urcu.h is
mssing.

Same for libdevmapper.h from libdevmapper-dev
Same for libaio.h from libaio-dev
 readline/readline.h from mlibreadline-dev

Please add these packages to the build dependencies


-- Package-specific info:
/etc/multipath.conf does not exist.


-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.11.1 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages multipath-tools depends on:
ii  init-system-helpers  1.48
ii  kpartx   0.6.4-5
ii  libaio1  0.3.110-3
ii  libc62.24-11+deb9u1
ii  libdevmapper1.02.1   2:1.02.137-2
ii  librados210.2.5-7.2
ii  libreadline7 7.0-3
ii  libsystemd0  232-25
ii  libudev1 232-25
ii  liburcu4 0.9.3-1
ii  lsb-base 9.20161125
ii  sg3-utils-udev   1.42-2
ii  udev 232-25

multipath-tools recommends no packages.

Versions of packages multipath-tools suggests:
pn  multipath-tools-boot  

-- no debconf information

Bug#859375: snap-confine: manpage of snap-confine is in the wrong section

2017-04-02 Thread Heiko Schlittermann (HS12-RIPE)

Package: snap-confine
Version: 2.21-2
Severity: minor

Dear Maintainer,

snap-confine is has a manual pager in chapter 5. As snap-confine is a
tool/program, this man page should go to either chapter 8 (as I'd
consider it as a an admin command) or chapter 1.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.11.0-rc2 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages snap-confine depends on:
ii  apparmor 2.11.0-3
ii  libc62.24-9
ii  libseccomp2  2.3.1-2.1
ii  libudev1 232-19

snap-confine recommends no packages.

snap-confine suggests no packages.

-- no debconf information

Bug#857996: Please close. It's not a bug.

2017-03-17 Thread Heiko Schlittermann

Hi,

sorry for the confusing bugreport.
The script, that gets executed is $HOME/perl5/perlbrew/etc/bashrc.
The name of the script indicates that this is for *bash*, not *sh*.

And, additionally, the script doesn't set variables only, it defines
some functions, and thus belongs to .bashrc, as the manpage indicates.

So, please close the bugreport. It's not a bug.

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
-- 
 SCHLITTERMANN.de  internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01  -


signature.asc
Description: PGP signature

Bug#857996: perlbrew's initialization shell script doesn't work with /bin/sh

2017-03-16 Thread Heiko Schlittermann (HS12-RIPE)

Package: perlbrew
Version: 0.78-1
Severity: important

Dear Maintainer,

I'm using the current gnome desktop. It *seems*, that starting a
XSession means running /etc/X11/Xsession, which is a /bin/sh
script.

It searches for the user's profile and sources it.
My .profile contains . …/perlbrewrc.

The perlbrewrc makes use of bashisms (e.g. the <<<
input redirection operator.)

I believe this can be fixed easily.


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.11.0-rc2 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages perlbrew depends on:
ii  curl7.52.1-3
ii  gcc 4:6.3.0-1
ii  libc6-dev [libc-dev]2.24-9
ii  libcapture-tiny-perl0.44-1
ii  libcpan-perl-releases-perl  3.08-1
ii  libdevel-patchperl-perl 1.46-1
ii  liblocal-lib-perl   2.19-1
ii  make4.1-9.1
ii  perl5.24.1-1
ii  wget1.18-4.1

Versions of packages perlbrew recommends:
ii  perl-doc  5.24.1-1

perlbrew suggests no packages.

-- no debconf information

Bug#845569: exim4-daemon-heavy: Memory leak in callouts (fixed already in official Exim Git repo)

2017-01-02 Thread Heiko Schlittermann

Hi,

Andreas Metzler  (Sa 31 Dez 2016 17:55:30 CET):
> On 2016-11-24 "Heiko Schlittermann (HS12-RIPE)"  wrote:
> > Package: exim4-daemon-heavy
> > Version: 4.84.2-2+deb8u1
> > Severity: important
> > Tags: upstream patch
> 
> > Dear Maintainer,
> 
> > Current Exim versions have a memory leak when doing callouts via TLS
> > connections. I can reproduce the problem and I've fixed it.
> 
> > The fix is already pushed to the upstream repository of Exim (as I'm
> > one of the Exim developers).
> 
> > Commit ed62aae3051c9a713d35c8ae516fbd193d1401ba contains the fix.
> [...]
> 
> Hello Heiko,
> 
> thanks for the report with fix (in the branch).
> 
> Would you mind explaining why this is an important bug? Afaiu most exim
> processes a short lived and I also would think that the respective
> structure would not be huge. So at a glance I would have expected a
> normal or even minor severity (... which would not be eligible for a
> stable update.)

You're right. Most Exim processes are short lived. The callout is done
by the (just forked) receiving process, *not* by another subprocess.
Thus, if there is a huge number of addresses to be checked by callouts,
the memory leak hurts.

I discovered the problem on a central mailhub. One of the sattelites is
a mailing list server (mailman), sending via its local Exim instance to
the central mailhub. The default configuration of Mailman and Exim
caused a batch of about 4k recipient addresses with a single message.

The receiving Exim on the mailhub tried to verify these 4k addresses via
TLS callouts. After about 1k address approx 4G¹ RAM where exhausted and
the receiving process crashed. Fortunately the callout results were
stored in the callout cache and the next connection caused the first 1k
addresses verified by the cache entries, but the 2nd 1k addresses caused
the receiver to crash during callouts… After about the 4th attempt all
addresses where verified and the mail went through.

In the above setup the delay was a major desaster. In other cases you might
have much less addresses to check, or much looser constraints about
delivery time … But the leak is clearly a bug and the fix is easy. (Even
there are possibilities to create work-arounds, on the sender's side,
and on the receivers side. Because of the callout cache it was kind of
self-healing, but with shorter cache times and longer retry intervals
this wouldn't work anymore.)

As one of the Exim developers I'd really like to see this bug fixed in
Exim releases that are distributed as "stable". If you need help for
backporting, I can assist you.

¹) I'm not sure about the real numbers, maybe it was 1.5k addresses
   and 8G RAM, but I think, you get the idea. (It was reproduceable.)

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
-- 
 SCHLITTERMANN.de  internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01  -

signature.asc
Description: Digital signature

Bug#845569: Acknowledgement (exim4-daemon-heavy: Memory leak in callouts (fixed already in official Exim Git repo))

2016-11-25 Thread Heiko Schlittermann

Debian Bug Tracking System  (Do 24 Nov 2016 19:18:04 
CET):
> If you wish to submit further information on this problem, please
> send it to 845...@bugs.debian.org.

There is a typo in the version number.
I've cherry-picked the bug and pushed the fix to the

exim-4_86_2+fixes

branch in the official Exim repositories.
(containing ed62aae3051c9a713d35c8ae516fbd193d1401ba, as the second
commmit, I mentioned there doesn't apply to 4.86.2)
 
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
-- 
 SCHLITTERMANN.de  internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01  -


signature.asc
Description: Digital signature

Bug#845569: exim4-daemon-heavy: Memory leak in callouts (fixed already in official Exim Git repo)

2016-11-24 Thread Heiko Schlittermann (HS12-RIPE)

Package: exim4-daemon-heavy
Version: 4.84.2-2+deb8u1
Severity: important
Tags: upstream patch

Dear Maintainer,

Current Exim versions have a memory leak when doing callouts via TLS
connections. I can reproduce the problem and I've fixed it.

The fix is already pushed to the upstream repository of Exim (as I'm
one of the Exim developers).

Commit ed62aae3051c9a713d35c8ae516fbd193d1401ba contains the fix.
Commit f57231095d00c7875a2b028e07855f6374abd5cc may be useful as well,
as it fixes a crash that may appear during debugging TLS connections.

I'd be more than happy to update the

exim-4_84_2+fixes branch

in the official Exim repositories with this patch.


-- Package-specific info:
Exim version 4.84_2 #1 built 25-Jul-2016 18:59:39
Copyright (c) University of Cambridge, 1995 - 2014
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2014
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS 
move_frozen_messages Content_Scanning DKIM Old_Demime PRDR OCSP
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz 
dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /etc/exim4/exim4.conf

-- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.6.0-0.bpo.1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages exim4-daemon-heavy depends on:
ii  debconf [debconf-2.0]  1.5.56
ii  exim4-base 4.84.2-2+deb8u1
ii  libc6  2.19-18+deb8u6
ii  libdb5.3   5.3.28-9
ii  libgnutls-deb0-28  3.3.8-6+deb8u3
ii  libldap-2.4-2  2.4.40+dfsg-1+deb8u2
ii  libmysqlclient18   5.5.53-0+deb8u1
ii  libpam0g   1.1.8-3.1+deb8u1+b1
ii  libpcre3   2:8.35-3.3+deb8u4
ii  libperl5.205.20.2-3+deb8u6
ii  libpq5 9.4.9-0+deb8u1
ii  libsasl2-2 2.1.26.dfsg1-13+deb8u1
ii  libsqlite3-0   3.8.7.1-1+deb8u2

exim4-daemon-heavy recommends no packages.

exim4-daemon-heavy suggests no packages.

-- debconf information excluded

Bug#831049: gitolite3: Perl Warnings about uninitialized variables appear in the browser

2016-07-13 Thread Heiko Schlittermann (HS12-RIPE)

Package: gitolite3
Version: 3.6.1-2+deb8u1
Severity: minor
Tags: upstream

Dear Maintainer,

following the instructions for installing the http access to a gitolite3
installation, I see warnings about unitialized $soc in the 
/usr/share/gitolite3/gitolite-shell script.

Around line 35 I put:

# sanity...
if (defined(my $soc = $ENV{SSH_ORIGINAL_COMMAND})) {
$soc =~ s/[\n\r]+/<>/g;
_die "I don't like newlines in the command: '$soc'\n" if 
$ENV{SSH_ORIGINAL_COMMAND} ne $soc;
}

instead of 

# sanity
my $soc = $ENV{SSH_ORIGINAL_COMMAND};
$soc =~ s/[\n\r]+/<>/g;
_die "I don't like newlines in the command: '$soc'\n" if 
$ENV{SSH_ORIGINAL_COMMAND} ne $soc;


This supresses the warnings.

-- System Information:
Debian Release: 8.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gitolite3 depends on:
ii  adduser  3.113+nmu3
ii  debconf [debconf-2.0]1.5.56
ii  git [git-core]   1:2.1.4-2.1+deb8u2
ii  openssh-server [ssh-server]  1:6.7p1-5+deb8u2
ii  perl 5.20.2-3+deb8u5

gitolite3 recommends no packages.

Versions of packages gitolite3 suggests:
pn  git-daemon-run  
pn  gitweb  

-- debconf information excluded

Bug#810523: libtemplate-perl: files with a timestamp @0 (1.1.1970, 00:00) are reported as "not found"

2016-01-09 Thread Heiko Schlittermann (HS12-RIPE)

Package: libtemplate-perl
Version: 2.24-1.2+b1
Severity: important
Tags: upstream

Dear Maintainer,

If the template to be processed by 

command: /usr/bin/tpage, 
Perl: Template->process
Template directive: PROCESS

has a 'zero' timestamp (created by touch --date @0), the
template engine complains about 'file not found'.

You can reproduce this behaviour:

touch --date @0 foo.tt
tpage foo.tt

vs.
touch --date @1 foo.tt
tpage foo.tt

I'd consider this as a bug.


-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libtemplate-perl depends on:
ii  libappconfig-perl   1.66-1
ii  libc6   2.19-18+deb8u1
ii  perl5.20.2-3+deb8u1
ii  perl-base [perlapi-5.20.0]  5.20.2-3+deb8u1

libtemplate-perl recommends no packages.

Versions of packages libtemplate-perl suggests:
pn  libtemplate-perl-doc 
pn  libtemplate-plugin-gd-perl   
pn  libtemplate-plugin-xml-perl  

-- no debconf information

Bug#805576: exim4-daemon-heavy: Please cherry pick: bd21a78 Fix transport-results pipe for multiple recipients combined with certs.

2015-11-19 Thread Heiko Schlittermann (HS12-RIPE)

Package: exim4-daemon-heavy
Version: 4.84-8
Severity: important

Dear Maintainer,

please include the 

bd21a78 Fix transport-results pipe for multiple recipients combined
with certs.

from the upstream source. Without this patch Exim runs into problems
(frozen but yet delivered messages). 

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
-- 
 SCHLITTERMANN.de  internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01  -

Bug#805556: ansible: The default(example?) config should not set the SSH port

2015-11-19 Thread Heiko Schlittermann (HS12-RIPE)

Package: ansible
Version: 1.7.2+dfsg-2
Severity: important

Dear Maintainer,

the default configuration in /etc/ansible/ansible.cfg sets the SSH port.
If it's set there, it overrules the settings from .ssh/config. In case
it's unset SSH uses port 22 anyway.

Please consider to remove this setting (or disable this option by
placing a comment character there.) in /etc/ansible/ansible.cfg

Thank you.

-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ansible depends on:
ii  python2.7.9-1
ii  python-crypto 2.6.1-5+b2
ii  python-httplib2   0.9+dfsg-2
ii  python-jinja2 2.7.3-1
ii  python-paramiko   1.15.1-1
ii  python-pkg-resources  5.5.1-1
ii  python-yaml   3.11-2

Versions of packages ansible recommends:
pn  python-selinux  

Versions of packages ansible suggests:
pn  ansible-doc  
ii  sshpass  1.05-1

-- no debconf information

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01  -

Bug#801346: dovecot-ldap: tls_* options ignored for URI schema ldaps:// [fix included]

2015-10-08 Thread Heiko Schlittermann

Hi,

Jaldhar H. Vyas  (Fr 09 Okt 2015 05:46:44 CEST):
> On Thu, 8 Oct 2015, Heiko Schlittermann (HS12-RIPE) wrote:
…
> >   uri = ldap://
> >   tls = yes
> >   tls_ = …
> >
> >works. But depending on the LDAP server this isn't an option.
> >
> 
> Thanks.  I would like to get upstreams opinion before applying this.

I tried to reach out via the dovecot ML, but until now there is no
response. (But not much time passed yet …)

Best regards from Dresden/Germany
    Viele Grüße aus Dresden
Heiko Schlittermann
-- 
 SCHLITTERMANN.de -------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01  -


signature.asc
Description: Digital signature

Bug#801346: dovecot-ldap: tls_* options ignored for URI schema ldaps:// [fix included]

2015-10-08 Thread Heiko Schlittermann (HS12-RIPE)

Package: dovecot-ldap
Severity: normal
Tags: upstream patch

Dear Maintainer,

in dovecot-ldap.conf.ext:

uri = ldaps://
# tls =
tls_cert_file = 
tls_key_file = 
tls_ = …


All these options are ignored if I use ldaps:// as the URI schema.
Switching to tls=yes doesn't help, because it enables STARTTLS, but
ldaps:// implies an already started SSL tunnel.

uri = ldap://
tls = yes
tls_ = …

works. But depending on the LDAP server this isn't an option.

Here a patch of grade 'works for me':

--- dovecot-2.2.9/src/auth/db-ldap.c2013-11-24 14:37:39.0 +0100
+++ dovecot-2.2.9.hs12/src/auth/db-ldap.c   2015-10-08 21:24:47.051446465 
+0200
@@ -1043,7 +1043,7 @@
 
 static void db_ldap_set_tls_options(struct ldap_connection *conn)
 {
-   if (!conn->set.tls)
+   if (!(conn->set.tls || strncmp(conn->set.uris, "ldaps:", 6) == 0))
return;
 
 #ifdef OPENLDAP_TLS_OPTIONS


Actually the system the bug appears is an Ubuntu 14.04 LTS, Dovecot
2.2.9, but I checked 2.2.13 from the Dovecot HG repository, the relevant
parts of db-ldap.c doesn't seem to be changed. So I suppose, the bug is
there still.

Greetings from Dresden,
-- 
Heiko

-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- dovecot-2.2.9/src/auth/db-ldap.c	2013-11-24 14:37:39.0 +0100
+++ dovecot-2.2.9.hs12/src/auth/db-ldap.c	2015-10-08 21:24:47.051446465 +0200
@@ -1043,7 +1043,7 @@
 
 static void db_ldap_set_tls_options(struct ldap_connection *conn)
 {
-	if (!conn->set.tls)
+	if (!(conn->set.tls || strncmp(conn->set.uris, "ldaps:", 6) == 0))
 		return;
 
 #ifdef OPENLDAP_TLS_OPTIONS

Bug#798957: editorconfig: Man page editorconfig(1) seems to be broken

2015-09-15 Thread Heiko Schlittermann

Hong Xu  (Di 15 Sep 2015 01:08:03 CEST):
> > Maybe there can be done something more for the manpage generation,
> > to generate manual pages that contain the usual man page
> > structure:
> > 
> > <...>
> > 
> > 
> > I'm not sure, if doxygen is the right tool to generate such output
> > directly from the source. But I'm not a doxygen expert at all.
> 
> Unfortunately it's not easy to do it with doxygen.
> 
> I've fixed the original issue in b1690a6ae6b0a188748bf6b87ba6d09edd4049e0
> or view this link:
> 
> https://github.com/editorconfig/editorconfig-core-c/commit/b1690a6ae6b0a188748bf6b87ba6d09edd4049e0

Thank you.

-- 
Heiko


signature.asc
Description: Digital signature

Bug#798957: editorconfig: Man page editorconfig(1) seems to be broken

2015-09-14 Thread Heiko Schlittermann

Hi Hong,

Hong Xu  (Mo 14 Sep 2015 18:39:35 CEST):
…
> I'm the upstream author and thanks for your report. The man pages are
> generated from Doxygen. I believe this issue is actually a Doxygen
> issue: they should add some text like "foo(5)" when the @refer command
> is used for man pages. If I add the text manually, it would be a mess
> for html documentation generation.

Maybe there can be done something more for the manpage generation, to
generate manual pages that contain the usual man page structure:

NAME

editorconfig - editorconfig command line interface

SYNOPSIS

editorconfig [-f filename] [-b version] FILEPATH...
editorconfig [-h|--help]
editorconfig [-v|--version]

DESCRIPTION

editorconfig …

OPTIONS

-f specify an alternative config file path
…

SEE ALSO

The format description for the .editorconfig file 
can be found in editorconfig-format(5).


I'm not sure, if doxygen is the right tool to generate such
output directly from the source. But I'm not a doxygen expert at all.

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01  -


signature.asc
Description: Digital signature

Bug#798958: editorconfig: man page editor-config-format in wrong section

2015-09-14 Thread Heiko Schlittermann

Hi Hong,

Hong Xu  (Mo 14 Sep 2015 19:46:15 CEST):
> I've just fixed this issue in upstream commit
> da00b0e642d5c16bfd9679e57a0dacb2727b1f7a , or view the link below:
> 
> https://github.com/editorconfig/editorconfig-core-c/commit/da00b0e642d5c16bfd9679e57a0dacb2727b1f7a

Thank you for your very fast response and fix of that small issue.

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
-- 
 SCHLITTERMANN.de  internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01  -


signature.asc
Description: Digital signature

Bug#798957: editorconfig: Man page editorconfig(1) seems to be broken

2015-09-14 Thread Heiko Schlittermann (HS12-RIPE)

Package: editorconfig
Version: 0.11.5-2
Severity: minor

Dear Maintainer,

the manpage editorconfig(1) ends with just the lines

Related Pages
   EditorConfig File Format


Probably there should be some text, e.g.

Related Pages
   EditorConfig File Format: editorconfig-format(5)




-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages editorconfig depends on:
ii  libc6  2.19-18+deb8u1

editorconfig recommends no packages.

editorconfig suggests no packages.

-- no debconf information

Bug#798958: editorconfig: man page editor-config-format in wrong section

2015-09-14 Thread Heiko Schlittermann (HS12-RIPE)

Package: editorconfig
Version: 0.11.5-2
Severity: minor

Dear Maintainer,

the manpage for editorconfig-fromat should go to the
section 5 (file formats), I believe.


-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages editorconfig depends on:
ii  libc6  2.19-18+deb8u1

editorconfig recommends no packages.

editorconfig suggests no packages.

-- no debconf information

Bug#773705: gnupg: gpg2 does not mention that option

2015-02-02 Thread Heiko Schlittermann (HS12-RIPE)

Package: gnupg
Version: 1.4.18-6
Followup-For: Bug #773705

Dear Maintainer,

the reporter of the bug above said that gpg2 works with this option.
This is not true, at least not for gnupg2 2.0.26-4. (But at least it
does not mention this option in the man page.) OTOH having this option
would be a great improvment!

Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnupg depends on:
ii  gpgv  1.4.18-6
ii  libbz2-1.01.0.6-7+b2
ii  libc6 2.19-13
ii  libreadline6  6.3-8+b3
ii  libusb-0.1-4  2:0.1.12-25
ii  zlib1g1:1.2.8.dfsg-2+b1

Versions of packages gnupg recommends:
pn  gnupg-curl 
ii  libldap-2.4-2  2.4.40-3

Versions of packages gnupg suggests:
pn  gnupg-doc
ii  graphicsmagick-imagemagick-compat [imagemagick]  1.3.20-3
ii  libpcsclite1 1.8.13-1
pn  parcimonie   

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#774683: /usr/sbin/dnssec-checkds: dnssec-checkds: wrong short help (typo)

2015-01-06 Thread Heiko Schlittermann (HS12-RIPE)

Package: bind9utils
Version: 1:9.9.5.dfsg-7
Severity: minor
File: /usr/sbin/dnssec-checkds
Tags: upstream

Dear Maintainer,

in the output from dnssec-checks is some small typo:

---
usage: dnssec-checkds [-h] [-f MASTERFILE] [-l LOOKASIDE] [-d DIG]
  [-D DSFROMKEY] [-v]
  zone

checkds: checks DS coverage

positional arguments:
zone  zone to check

optional arguments:
-h, --helpshow this help message and exit
-f MASTERFILE, --file MASTERFILE
zone master file
-l LOOKASIDE, --lookaside LOOKASIDE
DLV lookaside zone
-d DIG, --dig DIG path to 'dig'
>   -D DSFROMKEY, --dsfromkey DSFROMKEY
>   path to 'dig'
-v, --version show program's version number and exit


It seems like a cut'n'paste error and should read

… path to 'dnsse-dsfromkey'

-- System Information:
Debian Release: 8.0
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages bind9utils depends on:
ii  libbind9-901:9.9.5.dfsg-7
ii  libc6  2.19-13
ii  libcap21:2.24-6
ii  libcomerr2 1.42.12-1
ii  libdns100  1:9.9.5.dfsg-7
ii  libgssapi-krb5-2   1.12.1+dfsg-16
ii  libisc95   1:9.9.5.dfsg-7
ii  libisccc90 1:9.9.5.dfsg-7
ii  libisccfg901:9.9.5.dfsg-7
ii  libk5crypto3   1.12.1+dfsg-16
ii  libkrb5-3  1.12.1+dfsg-16
ii  libpython2.7-stdlib [python-argparse]  2.7.8-11
ii  libssl1.0.01.0.1j-1
ii  libxml22.9.1+dfsg1-4
ii  python 2.7.8-2

bind9utils recommends no packages.

bind9utils suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#761654: dnsmasq: The AD flag is set in every cached answer.

2014-09-15 Thread Heiko Schlittermann

Package: dnsmasq
Version: 2.62-3+deb7u1
Severity: normal
Tags: upstream

Dear Maintainer,

   * What led up to the situation?

Asking dnsmasq for a domain/hostname with the "AD" flag set results
in a response with the AD flag, if the response comes from the cache.

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> www.heise.de +adflag
…
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5
;; QUESTION SECTION:
;www.heise.de.  IN  A
;; ANSWER SECTION:
www.heise.de.   3600IN  A   193.99.144.85
…
;; Query time: 82 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Sep 15 14:56:46 2014
;; MSG SIZE  rcvd: 252

Now the same query, just some seconds later:

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> www.heise.de +adflag
…
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.heise.de.  IN  A
;; ANSWER SECTION:
www.heise.de.   3564IN  A   193.99.144.85
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Sep 15 14:57:22 2014
;; MSG SIZE  rcvd: 46

The query time and the reduced TTL shows that the answer comes from the
dnsmasq cache. The heise.de domain is not DNSSEC protected (no DS
records exist. I would not expect the AD flag set in such case!

Having the AD flag in such case may introduce a security hole. A local
client could trust the flag … 

-- System Information:
Debian Release: 7.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages dnsmasq depends on:
ii  adduser   3.113+nmu3
ii  dnsmasq-base  2.62-3+deb7u1
ii  netbase   5.0

dnsmasq recommends no packages.

Versions of packages dnsmasq suggests:
ii  resolvconf  1.67

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#756040: tinyproxy fails to re-read the filter and doesn't tell about it

2014-07-25 Thread Heiko Schlittermann

Package: tinyproxy
Version: 1.8.3-3
Severity: normal
Tags: patch upstream

Dear Maintainer,


The /etc/tinyproxy.filter was root:root and only 0600 - for some reason.

Tinyproxy does the first read as root and had no problem. After reload
(happened regularly because of logrotate) it can't read the filter and
further operation suffered from an "empty" filter list.


1) tinyproxy should send an approbiate log message
2) tinyproxy should read the filter as the run-time-user, not
   as root, even on startup

I did some fixup and some testing, it seems to work for me.

-- System Information:
Debian Release: 7.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages tinyproxy depends on:
ii  libc6  2.13-38+deb7u3
ii  logrotate  3.8.1-4

tinyproxy recommends no packages.

tinyproxy suggests no packages.

-- Configuration Files:
/etc/tinyproxy.conf changed [not included]

-- no debconf information
diff -ruN orig/child.c src/child.c
--- orig/child.c	2014-07-25 16:29:35.0 +0200
+++ src/child.c	2014-07-25 18:15:24.649414207 +0200
@@ -35,6 +35,7 @@
 #include "utils.h"
 #include "conf.h"
 
+volatile int children;	/* referenced from main.c */
 static int listenfd;
 static socklen_t addrlen;
 
@@ -201,6 +202,12 @@
 ptr->connects = 0;
 	srand(time(NULL));
 
+#ifdef FILTER_ENABLE
+if (config.filter)
+filter_init ();
+#endif /* FILTER_ENABLE */
+
+
 while (!config.quit) {
 ptr->status = T_WAITING;
 
@@ -287,8 +294,10 @@
 {
 pid_t pid;
 
-if ((pid = fork ()) > 0)
+if ((pid = fork ()) > 0) {
+		++children;
 return pid; /* parent */
+	}
 
 /*
  * Reset the SIGNALS so that the child can be reaped.
@@ -443,10 +452,6 @@
  */
 reload_config ();
 
-#ifdef FILTER_ENABLE
-filter_reload ();
-#endif /* FILTER_ENABLE */
-
 /* propagate filter reload to all children */
 child_kill_children (SIGHUP);
 
diff -ruN orig/filter.c src/filter.c
--- orig/filter.c	2010-01-10 23:52:04.0 +0100
+++ src/filter.c	2014-07-25 18:10:42.307947332 +0200
@@ -61,7 +61,17 @@
 
 fd = fopen (config.filter, "r");
 if (!fd) {
-return;
+		/*
+		char *msg;
+		asprintf(&msg, "Can't read the filter from %s: %s\n",
+		config.filter, strerror(errno));
+		log_message(LOG_ERR, msg);
+		if (stderr) fputs(msg, stderr);
+		free(msg);
+		*/
+		log_message(LOG_ERR, "Can't read the filter from %s: %s",
+		config.filter, strerror(errno));
+		exit(3);
 }
 
 p = NULL;
diff -ruN orig/main.c src/main.c
--- orig/main.c	2011-08-16 14:14:34.0 +0200
+++ src/main.c	2014-07-25 18:15:00.033280183 +0200
@@ -50,6 +50,7 @@
 struct config_s config;
 struct config_s config_defaults;
 unsigned int received_sighup = FALSE;   /* boolean */
+extern volatile int children;		/* defined in child.c */
 
 /*
  * Handle a signal
@@ -70,7 +71,12 @@
 break;
 
 case SIGCHLD:
-while ((pid = waitpid (-1, &status, WNOHANG)) > 0) ;
+while ((pid = waitpid (-1, &status, WNOHANG)) > 0) {
+		if (!--children) {
+			log_message(LOG_ERR, "No more children left. Shutting down.");
+			exit(2);
+		}
+		}
 break;
 }
 
@@ -395,11 +401,6 @@
 exit (EX_OSERR);
 }
 
-#ifdef FILTER_ENABLE
-if (config.filter)
-filter_init ();
-#endif /* FILTER_ENABLE */
-
 /* Start listening on the selected port. */
 if (child_listening_sock (config.port) < 0) {
 fprintf (stderr, "%s: Could not create listening socket.\n",
@@ -428,12 +429,6 @@
 }
 }
 
-if (child_pool_create () < 0) {
-fprintf (stderr,
- "%s: Could not create the pool of children.\n",
- argv[0]);
-exit (EX_SOFTWARE);
-}
 
 /* These signals are only for the parent process. */
 log_message (LOG_INFO, "Setting the various signals.");
@@ -456,6 +451,13 @@
 exit (EX_OSERR);
 }
 
+if (child_pool_create () < 0) {
+fprintf (stderr,
+ "%s: Could not create the pool of children.\n",
+ argv[0]);
+exit (EX_SOFTWARE);
+}
+
 /* Start the main loop */
 log_message (LOG_INFO, "Starting main loop. Accepting connections.");

Bug#734212: exim4-config: man page about exim4-config-files has wrong header

2014-01-04 Thread Heiko Schlittermann

Package: exim4-config
Version: 4.80-7
Severity: minor

Dear Maintainer,

the exim4-config_files(5) man page displays the wrong header:
EXIM4_FILES(5), indeed it should display EXIM4-CONFIG_FILES, shouldn't
it?

-- 
Heiko


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#703564: dump: restore -t should acceppt a -0 option (output zero separated, instead of newline separated)

2013-03-20 Thread Heiko Schlittermann

Package: dump
Version: 0.4b44-1
Severity: wishlist
Tags: patch upstream

Hello,

processing the output of restore -t (as amanda does) is much more
reliable, if the file names of the listing would be zero terminated,
instead of using a newline as terminator. (Newline can be part of the
filename and if the filename continues with "leaf 4711 …" it's not easy
to parse.

I've written a small patch and it would be great if this patch would
make it into debian and even the upstream.

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages dump depends on:
ii  e2fslibs  1.42.5-1
ii  libblkid1 2.20.1-5.3
ii  libc6 2.13-38
ii  libcomerr21.42.5-1
ii  libreadline6  6.2+dfsg-0.1
ii  libselinux1   2.1.9-5
ii  libtinfo5 5.9-10
ii  libuuid1  2.20.1-5.3
ii  tar   1.26+dfsg-0.1

dump recommends no packages.

dump suggests no packages.

-- no debconf information
--- dump-0.4b44.orig/restore/main.c	2009-06-18 11:42:12.0 +0200
+++ dump-0.4b44/restore/main.c	2013-03-20 22:39:36.905605953 +0100
@@ -92,6 +92,7 @@
 int	aflag = 0, bflag = 0, cvtflag = 0, dflag = 0, vflag = 0, yflag = 0;
 int	hflag = 1, mflag = 1, Mflag = 0, Nflag = 0, Vflag = 0, zflag = 0;
 int	uflag = 0, lflag = 0, Lflag = 0, oflag = 0;
+int	nullflag = 0;		/* \0 terminated file names */
 int	ufs2flag = 0;
 char	*Afile = NULL;
 int	dokerberos = 0;
@@ -198,7 +199,7 @@
 #ifdef USE_QFA
 		"P:Q:"
 #endif
-		"Rrs:tT:uvVxX:y")) != -1)
+		"Rrs:tT:uvVxX:y0")) != -1)
 		switch(ch) {
 		case 'a':
 			aflag = 1;
@@ -343,6 +344,9 @@
 		case 'y':
 			yflag = 1;
 			break;
+		case '0':
+			nullflag = 1;
+			break;
 		default:
 			usage();
 		}
--- dump-0.4b44.orig/restore/restore.8.in	2009-06-18 11:42:12.0 +0200
+++ dump-0.4b44/restore/restore.8.in	2013-03-20 22:44:45.511062849 +0100
@@ -79,7 +79,7 @@
 [\fB\-T \fIdirectory\fR]
 .PP
 .B restore \-t
-[\fB\-cdhHklMNuvVy\fR]
+[\fB\-cdhHklMNuvV0y\fR]
 [\fB\-A \fIfile\fR]
 [\fB\-b \fIblocksize\fR]
 [\fB\-f \fIfile\fR]
@@ -264,6 +264,10 @@
 program.  See also the
 .B \-X
 option below.
+If the 
+.B \-0
+flag is used, the output is not line separated anymore, but the NULL
+byte is used as separator.
 .TP
 .B \-x
 The named files are read from the given media. If a named file matches a 
@@ -523,6 +527,12 @@
 (verbose) flag causes it to type the name of each file it treats preceded by 
 its file type.
 .TP
+.B \-0
+(zero terminated) flag causes the output lines to be zero terminated,
+not line feed terminated. This flag is recognized for 
+.B \-t
+(listing) only.
+.TP
 .B \-V
 Enables reading multi-volume non-tape mediums like CDROMs.
 .TP
--- dump-0.4b44.orig/restore/restore.c	2010-12-06 15:26:50.0 +0100
+++ dump-0.4b44/restore/restore.c	2013-03-20 22:33:44.463922398 +0100
@@ -100,9 +100,12 @@
 		fprintf(stdout, "%10lu\t%ld\t%lld\t%s\n", (unsigned long)ino, 
 			tnum, tpos, name);
 	}
-	else
+	else {
 #endif
-		fprintf(stdout, "%10lu\t%s\n", (unsigned long)ino, name);
+		fprintf(stdout, "%10lu\t%s", (unsigned long)ino, name);
+		if (nullflag) putchar('\0');
+		else putchar('\n');
+	}
 	return (descend);
 }
 
--- dump-0.4b44.orig/restore/restore.h	2007-02-22 21:12:50.0 +0100
+++ dump-0.4b44/restore/restore.h	2013-03-20 22:36:16.976654545 +0100
@@ -64,6 +64,7 @@
 extern int	vflag;		/* print out actions taken */
 extern int	yflag;		/* always try to recover from tape errors */
 extern int	zflag;		/* tape is in compressed format */
+extern int	nullflag;	/* \0 separated output in t mode */ 
 extern int	ufs2flag;	/* tape is a FreeBSD UFS2 dump */
 extern char*	bot_script;	/* beginning of tape script */
 /*

Bug#697762: cpu should use ldappasswd instead of modifying the password directly

2013-01-09 Thread Heiko Schlittermann

Package: cpu
Version: 1.4.3-11.2
Severity: important
Tags: upstream

"cpu usermod -p …" offers the set a new password for the user.
But cpu can't know how the LDAP server wants to store the password in
the userPassword attribute.

Depending on the password-hash slapd config option it may choose to use
MD5, …, and even cleartext.

cpu does not obey this setting. This breaks applications that use LDAP
authentication with challenge response methods.

IMHO cpu should use "ldappasswd" or a similiar API call to set the
password.


-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#697761: cpu useradd should rollback if ADD_SCRIPT fails

2013-01-09 Thread Heiko Schlittermann

Package: cpu
Version: 1.4.3-11.2
Severity: wishlist
Tags: upstream

cpu allows an "ADD_SCRIPT" setting. IMHO cpu should rollback
the useradd operation in case of a failure running the ADD_SCRIPT.


-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#693995: libpam-modules: behaviour or man page should be fixed

2013-01-07 Thread Heiko Schlittermann

Package: libpam-modules
Version: 1.1.3-7.1
Followup-For: Bug #693995

The bug still exists in 1.1.3-7.1. IMHO it should be easy to fix the
manual page. Probably even the other way round - fixing the module,
should not hurt too much :)

The manpage states the user_readenv has a default value 'on'. But
pam_env reads the ~/.pam_environment only if I explicitly set the option
to 1.

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libpam-modules depends on:
ii  debconf [debconf-2.0]  1.5.48
ii  libc6  2.13-37
ii  libdb5.1   5.1.29-5
ii  libpam-modules-bin 1.1.3-7.1
ii  libpam0g   1.1.3-7.1
ii  libselinux12.1.9-5

libpam-modules recommends no packages.

libpam-modules suggests no packages.

-- debconf information:
  libpam-modules/disable-screensaver:


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691237: libassuan0: fixed ASSUAN_LINELENGTH for 4096bit encryption keys (Patch included)

2013-01-04 Thread Heiko Schlittermann

Eric Dorland  (Fr 04 Jan 2013 08:05:32 CET):
> Control: tags -1 fixed-upstream
…
> > Is there still time to do get a new release into Wheezy? 
> 
> Unfortunately it's been too late for Wheezy for a while. But if anyone
> feels strongly they can appeal to the release managers that this
> should be included.

:-(

But thank you for the effort.

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
-- 
 SCHLITTERMANN.de  internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: 7CBF764A -
 gnupg fingerprint: 9288 F17D BBF9 9625 5ABC  285C 26A9 687E 7CBF 764A -
(gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B)-


signature.asc
Description: Digital signature

Bug#691237: libassuan0: fixed ASSUAN_LINELENGTH for 4096bit encryption keys (Patch included)

2012-11-07 Thread Heiko Schlittermann

Hello,

Werner Koch  (Mi 07 Nov 2012 09:24:54 CET):
> On Tue,  6 Nov 2012 22:50, h...@schlittermann.de said:
> 
> > Before I started exploring how to run full tests … what is the supposed
> > procedure?
> 

Ah, I thought there is some more extensive testing procedure.

> > I just built the stable-2-0 branch and installed it (->
> > /usr/local/stow/gpg -> /usr/local/)
> Modulo the problems with the "dir" file, I suppose ;-)
Yes, but it's resolvable using rm :)
 
> > I'm able to decrypt a message crypted with my 4096bit key.
> Great.  Thus I consider this bug resolved.

Agreed. 

> Is there still time to do get a new release into Wheezy? 
This I can't answer, it depends on Yves-Alexis, I think.

> > The master branch I didn't test yet. I'll give you a notice as soon as I
> > did.
> 
> There are still card related issues in master.  Thus I don't consider
> this test very important.

Meanwhile I gave it a try, but wasn't successful. Could be because of
some interferences with the installed 2.0, or some scdaemon was still
running, or because it just didn't work. So I'll stop investing time into the
master branch?

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
-- 
 SCHLITTERMANN.de  internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: 7CBF764A -
 gnupg fingerprint: 9288 F17D BBF9 9625 5ABC  285C 26A9 687E 7CBF 764A -
(gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B)-


signature.asc
Description: Digital signature

Bug#691237: libassuan0: fixed ASSUAN_LINELENGTH for 4096bit encryption keys (Patch included)

2012-11-06 Thread Heiko Schlittermann

Hello Werner,

Werner Koch  (Di 06 Nov 2012 15:01:42 CET):
> Hi,
> 
> I just pushed fixes to master and stable 2.0.
> 
> Allow decryption with card keys > 3072 bit
> 
> * scd/command.c (MAXLEN_SETDATA): New.
> (cmd_setdata): Add option --append.
> * g10/call-agent.c (agent_scd_pkdecrypt): Use new option for long data
> 
> * scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
> (app_select_openpgp): Store manufacturer.
> (do_decipher): Print a note for broken cards.
> 
> --
> 
> Please note that I was not able to run a full test because I only have
> broken cards (S/N < 346) available.

Before I started exploring how to run full tests … what is the supposed
procedure?

I just built the stable-2-0 branch and installed it (->
/usr/local/stow/gpg -> /usr/local/)

It seems to work, as soon as the complete gpg2-"toolchain" is in-place.
(I do not understand, why the Debian X11/Xsession.d/90gpg-agent has
"/usr/bin/gpg-agend" hard-wired.)

I'm able to decrypt a message crypted with my 4096bit key.

> Please let me know if that works for you.  Given that the last 2.0
> release is more than 6 months old and we fixed a couple of bugs in the
> meantime, I may do a new release if this thing works for you.

So, no further tests, just "it works for me" :)

The master branch I didn't test yet. I'll give you a notice as soon as I
did.

Best regards from Dresden/Germany
    Viele Grüße aus Dresden
Heiko
-- 
 SCHLITTERMANN.de  internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: 7CBF764A -
 gnupg fingerprint: 9288 F17D BBF9 9625 5ABC  285C 26A9 687E 7CBF 764A -
(gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B)-


signature.asc
Description: Digital signature

Bug#691237: libassuan0: fixed ASSUAN_LINELENGTH for 4096bit encryption keys (Patch included)

2012-11-05 Thread Heiko Schlittermann

Hi,

thank you for responding :)

Yves-Alexis Perez  (Mo 05 Nov 2012 18:45:00 CET):
> On mar., 2012-10-23 at 13:12 +0200, Heiko Schlittermann wrote:
> > Package: libassuan0
> > Version: 2.0.3-1
> > Severity: important
> > Tags: upstream patch
> > 
> > I used a 4096bit key for encryption (using the GnuPG crypto-stick).
> > Encryption worked, but decryption didn't work (gpg2 didn't find
> > the secret key.)
> > 
> > gpg2 uses libassuan to talk to some daemons/agents. 
> > gpg (1.x) worked, but only if there was no gnupg-agent running.
> > 
> > Patch:
> >http://lists.gnupg.org/pipermail/gnupg-users/2012-June/044868.html
> > 
> > I applied this patch and re-built libassuan0-* and gnupg2. This
> > seems to fix the issue.
> 
> The patch is wrong, according to
> http://lists.gnupg.org/pipermail/gnupg-devel/2009-October/025412.html

According to this above message, my crypt-stick should not expose this
bug (SN:113A). But it does.

> A better patch was once sent to the same mailing list the following
> month:
> http://lists.gnupg.org/pipermail/gnupg-devel/2009-November/025421.html
> by Klaus Flittner (on CC:).
> 
> This was never applied because of the lack of copyright assignment.
> 
> Imho this is a simple bugfix which is not even copyrightable, but IANAL.
> I've ported the patch to the current gnupg 2.0.19 in Wheezy and sid
> (it's attached). 

Ok, I'll test it here. But it will not happen sooner than thursday.

> I intend to (re)submit it to upstream but it won't work on 2.1 / git
> HEAD right now and I lack the time to properly port it right now.
> 
> I think it'd still be nice to push it to gnupg in Debian so we can use
> 4096 encryption with smartcard, although it might be worth having
> upstream comment on the technical part before.

Yep. 

I'm not able to decide, if the suggested protocol change breakes other
applications. As the line length extension broke gpa for me. I think, here
recompilation would have been sufficient, but I didn't test it.

-- 
Heiko


signature.asc
Description: Digital signature

Bug#692360: extractMemberWithoutPaths: wrong manpage or wrong behaviour

2012-11-05 Thread Heiko Schlittermann

Package: libarchive-zip-perl
Version: 1.30-6
Severity: normal
Tags: upstream

The manpage of Archive::Zip states:

   extractMemberWithoutPaths( $memberOrName [, $extractedName ] )

   Extract the given member, or match its name and extract it.  Does not use 
path information
   (extracts into the current directory). Returns undef if member doesn't exist 
in this Zip.  If
   optional second arg is given, use it as the name of the extracted member 
(its paths will be
   deleted too). Otherwise, the internal filename of the member (minus paths) 
is used as the name of
   the extracted file or directory. Returns "AZ_OK" on success.

It's not true. If you pass a pathname as the second argument

- the leading directories(!) are created (should be noted in the man page, 
as
  from my POV it's not common in the unix world.)

- the pathname is used as the name for the extracted file

The man page states, that paths will be removed too from the second
argument.

I'm not sure how to solve the problem. It could be fixed easily around
line 202ff in Archive/Zip/Archive.pm, but I'd be afraid that this could
break existing applications (at least mine ☺)

Here is some code to reproduce the behaviour:

#! /usr/bin/perl
use 5.010;
use strict;
use warnings;
use Archive::Zip;

my $DIR = "/tmp/$$.d/Xtract/";

my $zipfile = shift // die "need name of zip file\n";
my $zip = new Archive::Zip $zipfile or die "Archive::Zip $zipfile: $!\n";

foreach my $member ($zip->members) {
say $member->fileName;
$zip->extractMemberWithoutPaths($member, "$DIR/$name");
}

system "find $DIR/ -ls";


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.5-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libarchive-zip-perl depends on:
ii  perl [libcompress-raw-zlib-perl]  5.14.2-14

libarchive-zip-perl recommends no packages.

libarchive-zip-perl suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#691237: libassuan0: fixed ASSUAN_LINELENGTH for 4096bit encryption keys (Patch included)

2012-10-23 Thread Heiko Schlittermann

Package: libassuan0
Version: 2.0.3-1
Severity: important
Tags: upstream patch

I used a 4096bit key for encryption (using the GnuPG crypto-stick).
Encryption worked, but decryption didn't work (gpg2 didn't find
the secret key.)

gpg2 uses libassuan to talk to some daemons/agents. 
gpg (1.x) worked, but only if there was no gnupg-agent running.

Patch:
   http://lists.gnupg.org/pipermail/gnupg-users/2012-June/044868.html

I applied this patch and re-built libassuan0-* and gnupg2. This
seems to fix the issue.

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.5-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libassuan0 depends on:
ii  libc6  2.13-35
ii  libgpg-error0  1.10-3.1
ii  multiarch-support  2.13-35

libassuan0 recommends no packages.

libassuan0 suggests no packages.

-- no debconf information
--- a/src/assuan.h.in
+++ b/src/assuan.h.in
@@ -67,7 +67,8 @@
 #endif
 
 
-#define ASSUAN_LINELENGTH 1002 /* 1000 + [CR,]LF */
+/* see: http://lists.gnupg.org/pipermail/gnupg-users/2012-June/044868.html */
+#define ASSUAN_LINELENGTH 1076 /* 1074 + [CR,]LF */
 
 struct assuan_context_s;
 typedef struct assuan_context_s *assuan_context_t;

Bug#685981: manpages: manpage for motd.tail mentions wrong boot script

2012-08-27 Thread Heiko Schlittermann

Package: manpages
Version: 3.27-1
Severity: normal


The manpage for motd.tail mentions bootmisc.sh, which is in charge
of building the /etc/motd from the motd.tail template.

It's not true anymore. On my recent system /etc/init.d/bootlogs
is responsible for creating the /etc/motd from the template (motd.tail).


-- System Information:
Debian Release: 6.0.5
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.4-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

manpages depends on no packages.

manpages recommends no packages.

Versions of packages manpages suggests:
ii  man-db [man-browser]  2.5.7-8on-line manual pager

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#679996: ferm: please accept hashlimit-srcmask option

2012-07-02 Thread Heiko Schlittermann

Package: ferm
Version: 2.0.7-1
Severity: normal
Tags: upstream ipv6


The ip6tables hashlimit modulule understands some more options, notably
hashlimit-srcmask. Please extend the ferm parser.

A simple patch is attached.

Thank you.

-- System Information:
Debian Release: 6.0.5
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.4-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ferm depends on:
ii  debconf1.5.36.1  Debian configuration management sy
ii  iptables   1.4.8-3   administration tools for packet fi
ii  lsb-base   3.2-23.2squeeze1  Linux Standard Base 3.2 init scrip
ii  perl   5.10.1-17squeeze3 Larry Wall's Practical Extraction 

Versions of packages ferm recommends:
ii  libnet-dns-perl   0.66-2 Perform DNS queries from a Perl sc

ferm suggests no packages.

-- Configuration Files:
/etc/default/ferm changed:
FAST=yes
CACHE=yes
OPTIONS=
ENABLED=yes

/etc/ferm/ferm.conf [Errno 13] Permission denied: u'/etc/ferm/ferm.conf'

-- debconf information:
* ferm/enable: true
--- /usr/sbin/ferm  2010-01-02 23:50:16.0 +0100
+++ /tmp/ferm   2012-07-02 22:56:47.024050871 +0200
@@ -245,7 +245,8 @@
 add_match_def 'hl', qw(hl-eq! hl-lt=s hl-gt=s);
 add_match_def 'hashlimit', qw(hashlimit=s hashlimit-burst=s hashlimit-mode=s 
hashlimit-name=s),
   qw(hashlimit-htable-size=s hashlimit-htable-max=s),
-  qw(hashlimit-htable-expire=s hashlimit-htable-gcinterval=s);
+  qw(hashlimit-htable-expire=s hashlimit-htable-gcinterval=s),
+  qw(hashlimit-srcmask=s hashlimit-dstmask=s);
 add_match_def 'iprange', qw(!src-range !dst-range);
 add_match_def 'ipv4options', qw(ssrr*0 lsrr*0 no-srr*0 !rr*0 !ts*0 !ra*0 
!any-opt*0);
 add_match_def 'ipv6header', qw(header!=c soft*0);

Bug#677374: gogoc does not stop radvd when started by gogoc

2012-06-13 Thread Heiko Schlittermann

Package: gogoc
Version: 1:1.2-2
Severity: important
Tags: ipv6 upstream


Hello,

when having a gogoc configuration which aquires a subnet from freenet6,
gogoc starts radvd to advertise the prefix on a local subnet.

/etc/init.d/gogoc stop

however does not stop the radvd process, as one would expect, since
gogoc started the radvd.


-- System Information:
Debian Release: 6.0.5
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.3.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gogoc depends on:
ii  iproute20100519-3networking and traffic control too
ii  libc6  2.11.3-3  Embedded GNU C Library: Shared lib
ii  libgcc11:4.4.5-8 GCC support library
ii  libssl0.9.80.9.8o-4squeeze13 SSL shared libraries
ii  libstdc++6 4.4.5-8   The GNU Standard C++ Library v3
ii  net-tools  1.60-23   The NET-3 networking toolkit

Versions of packages gogoc recommends:
ii  radvd 1:1.6-1.1  Router Advertisement Daemon

gogoc suggests no packages.

-- Configuration Files:
/etc/gogoc/gogoc.conf [Errno 13] Permission denied: u'/etc/gogoc/gogoc.conf'

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#661940: uboot-mkimage: typo in package description

2012-03-02 Thread Heiko Schlittermann

Package: uboot-mkimage
Version: 0.4
Severity: minor


The package description should read '… kernel image …' instead
of '… kerel image …'. 


-- System Information:
Debian Release: 6.0.4
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-0.bpo.1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#661195: fping: -q does not always quiet

2012-02-24 Thread Heiko Schlittermann

Package: fping
Version: 2.4b2-to-ipv6-16.1
Severity: normal
Tags: upstream


According to the man page, "-q" should suppress the output.
It seems to work if not combined with "-c", but if I use "-c"
the result looks as follows:

$ fping -c1 -q 8.8.8.8
8.8.8.8 : xmt/rcv/%loss = 0/0/0%


-- System Information:
Debian Release: 6.0.4
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-0.bpo.1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages fping depends on:
ii  libc6 2.11.3-2   Embedded GNU C Library: Shared lib

fping recommends no packages.

fping suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#659973: boa: Example of logging to Pipe is wrong

2012-02-15 Thread Heiko Schlittermann

Package: boa
Version: 0.94.14rc21-3.1
Severity: normal


The install configuration /etc/boa/boa.conf contains examples how to
log to pipelines.

#ErrorLog "|/usr/sbin/cronolog --symlink=/var/log/boa/error_log 
/var/log/boa/error-%Y%m%d.log"
#AccessLog  "|/usr/sbin/cronolog --symlink=/var/log/boa/access_log 
/var/log/boa/access-%Y%m%d.log"
#CGILog  "|/usr/sbin/cronolog --symlink=/var/log/boa/cgi_log 
/var/log/boa/cgi-%Y%m%d.log"

The quotes a wrong there. With quotes boa complains about 
failure to open the log file(s).


-- System Information:
Debian Release: 6.0.4
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages boa depends on:
ii  dpkg  1.15.8.12  Debian package management system
ii  install-info  4.13a.dfsg.1-6 Manage installed documentation in 
ii  libc6 2.11.3-2   Embedded GNU C Library: Shared lib
ii  logrotate 3.7.8-6Log rotation utility
ii  mime-support  3.48-1 MIME files 'mime.types' & 'mailcap

boa recommends no packages.

boa suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#641538: closed by wer...@aloah-from-hell.de (policyd-weight: debug bug: using wrong function to calculate the issuing, group)

2012-01-08 Thread Heiko Schlittermann

Hello,

Debian Bug Tracking System  (Sa 07 Jan 2012 12:12:27 
CET):
> This is an automatic notification regarding your Bug report
> which was filed against the policyd-weight package:
> 
> #641538: policyd-weight: debug bug: using wrong function to calculate the 
> issuing group
> It has been closed by wer...@aloah-from-hell.de.

I'd re-open the bug.

> Hi,
> 
> I'm closing this bug. The relevant part of policyd-weight is as follows:
> 
> 651 if($CMD_DEBUG == 1)
> 652 {
> 653 $DEBUG = 1;
> 654 $conf_str =~ s/\#.*?(\n)/$1/gs;
> 655 $conf_str =~ s/\n+/\n/g;
> 656 print "config: $conf\n".$conf_str."\n";
> 657 $SPATH   .= ".debug";
> 658
> 659 # chose /tmp for debug pidfiles only if user is not root
> 660 # if root would store debug pids also in /tmp we would be
> 661 # open to race attacks
> 662 if($< != 0)
> 663 {
> 664 $PIDFILE = "/tmp/policyd-weight.pid.debug";
> 665 }
> 666 else
> 667 {
> 668 $PIDFILE .= ".debug";
> 669 }
> 670
> 671 print "debug: using port ".++$TCP_PORT."\n";
> 672 print "debug: USER:  $USER\n";
> 673 print "debug: GROUP: $GROUP\n";
> 674 print "debug: issuing user:  ".getpwuid($<)."\n";
> 675 print "debug: issuing group: ".getpwuid($()."\n";
> 676 }
> 
> As written in my previous message (I just forgot to close this Bug) it does 
> not
> really matter if getpwuid() or getpwuid() is used. So I'll close this bug.

Why doesn't it matter?

It matters. The debug code should print the name of the issuing *group*.
The correct function for mapping a group id into a group name is
getgrgid() and not getpwuid(). Please change line 675 to use getgrgid().

It just does not matter, if the groupname:groupid and username:userid
follow the same pattern, e.g. root:0. But this isn't always true.

Here is the relevant part of my old bug report:

> In line 676 the policyd calls getpwuid($() to calculate the
> name of the issuing *group*, I'd say, it should be getgrgid($().
> 
> Mostly the bug doesn't matter, since the *name* of the user 0
> is the same as the name of the group 0.

Please make Debian a better distribution ☺

-- 
Heiko


signature.asc
Description: Digital signature

Bug#652843: apache2.2-common: start script does not take care if /var/log/apache2 does not exist

2011-12-20 Thread Heiko Schlittermann

Package: apache2.2-common
Version: 2.2.16-6+squeeze4
Severity: important


The apache init-script should take care to create
/var/log/apache2 if it does not exist already. In some environments
/var/log may be a ramdisk (as /var/run and /var/lock) and 
only the apache init scripts can know about the proper permissions 
and ownerships for the log directories.

Or /var/log/* could be purged, and creating /var/log/apache2
would be just nice :-)


-- Package-specific info:
List of /etc/apache2/mods-enabled/*.load:
  alias auth_basic authn_file authz_default authz_groupfile
  authz_host authz_user autoindex cgi deflate dir env mime
  negotiation reqtimeout setenvif status userdir

-- System Information:
Debian Release: 6.0.3
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apache2.2-common depends on:
ii  apache2-utils  2.2.16-6+squeeze4 utility programs for webservers
ii  apache2.2-bin  2.2.16-6+squeeze4 Apache HTTP Server common binary f
ii  libmagic1  5.04-5File type determination library us
ii  lsb-base   3.2-23.2squeeze1  Linux Standard Base 3.2 init scrip
ii  mime-support   3.48-1MIME files 'mime.types' & 'mailcap
ii  perl   5.10.1-17squeeze2 Larry Wall's Practical Extraction 
ii  procps 1:3.2.8-9 /proc file system utilities

Versions of packages apache2.2-common recommends:
ii  ssl-cert  1.0.28 simple debconf wrapper for OpenSSL

Versions of packages apache2.2-common suggests:
pn  apache2-doc(no description available)
pn  apache2-suexec | apa   (no description available)
ii  google-chrome-stable 16.0.912.63-r113337 The web browser from Google
ii  iceweasel [www-brows 3.5.16-11   Web browser based on Firefox
ii  w3m [www-browser]0.5.2-9 WWW browsable pager with excellent

Versions of packages apache2.2-common is related to:
pn  apache2-mpm-event  (no description available)
pn  apache2-mpm-itk(no description available)
pn  apache2-mpm-prefork(no description available)
pn  apache2-mpm-worker (no description available)

-- Configuration Files:
/etc/apache2/mods-available/userdir.conf changed:

UserDir public_html
UserDir disabled root

AllowOverride FileInfo AuthConfig Limit Indexes Options
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

Order allow,deny
Allow from all


Order deny,allow
Deny from all




/etc/apache2/sites-available/default changed:

ServerAdmin webmaster@localhost
DocumentRoot /var/www

Options FollowSymLinks
AllowOverride None


Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all

ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
#CustomLog "|/usr/local/sbin/ip-anon >> ${APACHE_LOG_DIR}/access.log" 
combined
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"

Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128




-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#639802: Info received (Bug#639802: Acknowledgement (dupload: should upload the .changes file as the last file))

2011-09-19 Thread Heiko Schlittermann

Hello,

please close the bug, as I believe it does not exist in that form.

It's an bug (or call it feature) of rsync to order the files list
alphabetically. So it does not matter if or if not the files list
contains the .changes file as the very last element.

After short testing it seems the .changes file *is* the last file in
the file list already. I'm not sure if this is coincedentally or 
not...

If the order of files transferred matters, scp/scpb do the job I
expect and transfer the files in the order they are listed.

BTW: I fixed serveral cosmetical issues in the source. Are you
interested in this changes?

Thank you for your patience
-- 
Heiko - the original author of dupload.


signature.asc
Description: Digital signature

Bug#620347: conf.d/" should really be "Include conf.d/*.conf"

2011-09-19 Thread Heiko Schlittermann

Package: apache2.2-common
Version: 2.2.16-6+squeeze3
Severity: normal


The same problem arises with files managed by "ucf", which is
a debian provided tool. (For cfengine manged files could be the excuse, 
that it's not nativly Debian…)

I consider it a serious bug, since in a normal scenario the local
admin may change a config under /etc/apache2/conf.d, the next
package update may find it and place a new file as
/etc/apache2/conf.d/xxx.ucf-new.

It shouldn't be too hard to ask packages naming their files
/etc/apache2/conf.d/xxx.conf AND changing apaches default config into
include conf.d/*.conf

Thank you.


-- Package-specific info:
List of enabled modules from 'apache2 -M':
  alias auth_basic authn_file authz_default authz_groupfile
  authz_host authz_user autoindex cgi deflate dir env mime
  negotiation php5 reqtimeout setenvif status userdir
List of enabled php5 extensions:
  pdo suhosin

-- System Information:
Debian Release: 6.0.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apache2.2-common depends on:
ii  apache2-utils  2.2.16-6+squeeze3 utility programs for webservers
ii  apache2.2-bin  2.2.16-6+squeeze3 Apache HTTP Server common binary f
ii  libmagic1  5.04-5File type determination library us
ii  lsb-base   3.2-23.2squeeze1  Linux Standard Base 3.2 init scrip
ii  mime-support   3.48-1MIME files 'mime.types' & 'mailcap
ii  perl   5.10.1-17squeeze2 Larry Wall's Practical Extraction 
ii  procps 1:3.2.8-9 /proc file system utilities

Versions of packages apache2.2-common recommends:
ii  ssl-cert  1.0.28 simple debconf wrapper for OpenSSL

Versions of packages apache2.2-common suggests:
pn  apache2-doc(no description available)
pn  apache2-suexec | apache2-suex  (no description available)
ii  iceweasel [www-browser]   3.5.16-9   Web browser based on Firefox
ii  w3m [www-browser] 0.5.2-9WWW browsable pager with excellent

Versions of packages apache2.2-common is related to:
pn  apache2-mpm-event  (no description available)
pn  apache2-mpm-itk(no description available)
ii  apache2-mpm-prefork2.2.16-6+squeeze3 Apache HTTP Server - traditional n
pn  apache2-mpm-worker (no description available)

-- Configuration Files:
/etc/apache2/mods-available/userdir.conf changed [not included]
/etc/apache2/sites-available/default changed [not included]

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#641544: policyd-weight: debug mode produces several warnings - fixed

2011-09-14 Thread Heiko Schlittermann

Package: policyd-weight
Version: 0.1.15.1-2
Severity: normal
Tags: patch upstream


When using the debug mode several warnings about uninitialized
values are issued. It looks nasty.

I've fixed it, hopefully in a sensible way.


-- System Information:
Debian Release: 6.0.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages policyd-weight depends on:
ii  adduser3.112+nmu2add and remove users and groups
ii  libnet-dns-perl0.66-2Perform DNS queries from a Perl sc
ii  libnet-ip-perl 1.25-2Perl extension for manipulating IP
ii  perl   5.10.1-17squeeze2 Larry Wall's Practical Extraction 

Versions of packages policyd-weight recommends:
ii  perl [libsys-syslog-pe 5.10.1-17squeeze2 Larry Wall's Practical Extraction 

policyd-weight suggests no packages.

-- no debconf information
diff -r 61fc719c8e48 policyd-weight
--- a/policyd-weight	Wed Sep 14 11:11:31 2011 +0200
+++ b/policyd-weight	Wed Sep 14 11:50:48 2011 +0200
@@ -582,7 +582,7 @@
 my $my_PTIME;
 my $my_TEMP_PTIME;
 
-if(!($conf))
+if(not defined $conf)
 {
 if( -f "/etc/policyd-weight.conf")
 {
@@ -605,7 +605,7 @@
 my $conf_err;
 my $conf_str;
 our $old_mtime;
-if($conf ne "")
+if(defined $conf)
 {
 if(sprintf("%04o",(stat($conf))[2]) !~ /(7|6|3|2)$/)
 {
@@ -652,8 +652,11 @@
 if($CMD_DEBUG == 1)
 {
 $DEBUG = 1;
-$conf_str =~ s/\#.*?(\n)/$1/gs;
-$conf_str =~ s/\n+/\n/g;
+if (defined $conf_str) {
+	$conf_str =~ s/\#.*?(\n)/$1/gs;
+	$conf_str =~ s/\n+/\n/g;
+}
+else { $conf_str = "" }
 print "config: $conf\n".$conf_str."\n"; 
 $SPATH   .= ".debug";
 
@@ -2379,7 +2382,7 @@
 }
 
 ## HELO numeric check #
-my $glob_numeric_score;
+my $glob_numeric_score = 0;
 # check /1.2.3.4/ and /[1.2.3.4]/
 if($helo =~ /^[\d|\[][\d\.]+[\d|\]]$/)
 {
@@ -2798,7 +2801,7 @@
 my $sender = shift(@_) || '';
 my $domain = shift(@_) || '';
 
-$! = '';
+$! = undef;
 $@ = ();
 if( (!($csock)) || ($csock && (!($csock->connected))) )
 {
@@ -2919,7 +2922,7 @@
 die $!;
 }
 
-if(!( $( = getpwnam($USER) ))
+if(!( $( = getgrnam($GROUP) ))
 {
 mylog(warning=>"cache: couldn't change GID to user $GROUP: $!");
 }
@@ -3790,7 +3793,7 @@
 my $helo = shift;
 my $ip   = shift;
 
-if($$helo !~ /^\[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]$/ ) { return }
+if($$helo !~ /^\[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]$/ ) { return 0 }
 my $tmp_helo_ip = $1;
 
 my $tmpip = inet_aton( $tmp_helo_ip );

Bug#641227: policyd-weight: Not only in testing!

2011-09-14 Thread Heiko Schlittermann

Package: policyd-weight
Version: 0.1.15.1-2
Severity: normal


This bug exists not only in testing, already the version in stable
has it and I think it should be fixed fast, as it prevents regular mail
systems from working. Not every user/admin should be forced to provide
an individual config file. 

-- System Information:
Debian Release: 6.0.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages policyd-weight depends on:
ii  adduser3.112+nmu2add and remove users and groups
ii  libnet-dns-perl0.66-2Perform DNS queries from a Perl sc
ii  libnet-ip-perl 1.25-2Perl extension for manipulating IP
ii  perl   5.10.1-17squeeze2 Larry Wall's Practical Extraction 

Versions of packages policyd-weight recommends:
ii  perl [libsys-syslog-pe 5.10.1-17squeeze2 Larry Wall's Practical Extraction 

policyd-weight suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#641539: policyd-weight: wrong ownership for socket (fix included)

2011-09-14 Thread Heiko Schlittermann

Package: policyd-weight
Version: 0.1.15.1-2
Severity: normal
Tags: upstream


The socket using to communicate with the cache is chown-ed to
the wrong group, preventing successfull debug sessions talking to
an already existing cache. (Probably even preventing non-debug session
from talking to the existing cache too, but this I didn't check.)

Around line 2922 

2922 if(!( $( = getpwnam($USER) ))
2923 {
2924 mylog(warning=>"cache: couldn't change GID to user $GROUP: $!");
2925 }
2926 create_lockpath('cache');

It should be

2922 if(!( $( = getgrnam($GROUP) ))


As long as the UID of the used user (polw) is the same as the GID, this
bug doesn't matter. But since the polw user gets created during package 
installation
nobody can't gurantee the GID == UID.


-- System Information:
Debian Release: 6.0.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages policyd-weight depends on:
ii  adduser3.112+nmu2add and remove users and groups
ii  libnet-dns-perl0.66-2Perform DNS queries from a Perl sc
ii  libnet-ip-perl 1.25-2Perl extension for manipulating IP
ii  perl   5.10.1-17squeeze2 Larry Wall's Practical Extraction 

Versions of packages policyd-weight recommends:
ii  perl [libsys-syslog-pe 5.10.1-17squeeze2 Larry Wall's Practical Extraction 

policyd-weight suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#641538: policyd-weight: debug bug: using wrong function to calculate the issuing group

2011-09-14 Thread Heiko Schlittermann

Package: policyd-weight
Version: 0.1.15.1-2
Severity: normal
Tags: upstream


In line 676 the policyd calls getpwuid($() to calculate the
name of the issuing *group*, I'd say, it should be getgrgid($().

Mostly the bug doesn't matter, since the *name* of the user 0
is the same as the name of the group 0.


-- System Information:
Debian Release: 6.0.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages policyd-weight depends on:
ii  adduser3.112+nmu2add and remove users and groups
ii  libnet-dns-perl0.66-2Perform DNS queries from a Perl sc
ii  libnet-ip-perl 1.25-2Perl extension for manipulating IP
ii  perl   5.10.1-17squeeze2 Larry Wall's Practical Extraction 

Versions of packages policyd-weight recommends:
ii  perl [libsys-syslog-pe 5.10.1-17squeeze2 Larry Wall's Practical Extraction 

policyd-weight suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#641529: /usr/sbin/alsactl: alsactl offers command "name", but it is deprecated and does not exist anymore

2011-09-14 Thread Heiko Schlittermann

Package: alsa-utils
Version: 1.0.23-3
Severity: normal
File: /usr/sbin/alsactl
Tags: upstream


"alsactl -h" offers the available commands. It offers the 
command "name", as DEPRECATED. But this command is not only deprecated, 
it does not exist anymore. To probably it should not be offered at
all.


-- System Information:
Debian Release: 6.0.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages alsa-utils depends on:
ii  libasound2  1.0.23-2.1   shared library for ALSA applicatio
ii  libc6   2.11.2-10Embedded GNU C Library: Shared lib
ii  libncursesw55.7+20100313-5   shared libraries for terminal hand
ii  linux-sound-base1.0.23+dfsg-2base package for ALSA and OSS soun
ii  lsb-base3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii  module-init-tools   3.12-1   tools for managing Linux kernel mo
ii  udev164-3/dev/ and hotplug management daemo
ii  whiptail0.52.11-1Displays user-friendly dialog boxe

Versions of packages alsa-utils recommends:
ii  alsa-base  1.0.23+dfsg-2 ALSA driver configuration files
ii  pciutils   1:3.1.7-6 Linux PCI Utilities

alsa-utils suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#641527: policykit-1: man page for pkaction seems to confuse some option

2011-09-14 Thread Heiko Schlittermann

Package: policykit-1
Version: 0.96-4
Severity: normal
Tags: upstream


The man page about pkaction states:

DESCRIPTION
… if called with --action-id then all
actions are displayed. Otherwise the action action. 
If called without the --verbose option only the name of the
action is shown. Otherwise details about the actions are shown.

I'd say it should read:

… if called without --action-id then all
actions are displayed. Otherwise the action *action*.

-- System Information:
Debian Release: 6.0.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages policykit-1 depends on:
ii  consolekit 0.4.1-4   framework for defining and trackin
ii  dbus   1.2.24-4+squeeze1 simple interprocess messaging syst
ii  libc6  2.11.2-10 Embedded GNU C Library: Shared lib
ii  libeggdbus-1-0 0.6-1 D-Bus bindings for GObject
ii  libexpat1  2.0.1-7   XML parsing C library - runtime li
ii  libglib2.0-0   2.24.2-1  The GLib library of C routines
ii  libpam0g   1.1.1-6.1 Pluggable Authentication Modules l
ii  libpolkit-backend-1-0  0.96-4PolicyKit backend API
ii  libpolkit-gobject-1-0  0.96-4PolicyKit Authorization API

policykit-1 recommends no packages.

policykit-1 suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#640492: rsync: should not reorder the file names on the command line

2011-09-05 Thread Heiko Schlittermann

Hello Paul,

thanks for the fast response …

Paul Slootman  (Mon Sep  5 12:30:09 2011):
> severity 640492 normal
> tags +wontfix
> merge 640492 160982
> thanks
> 
> On Mon 05 Sep 2011, Heiko Schlittermann wrote:
> 
> > When I call
> > 
> > rsync z a b c dest/
> > 
> > rsync re-orders die filelist and transfers in alphabetical order.
> > This breaks some remote applications, in case they expect the files
> > appearing in some specific order. (debian reprepro + inoticoming as one
> > exampl).
> 
> Filesystems don't guarantee that files will be written into the
> directory in order of writing. 

I'd agree with you, as soon as rsync supports parallelity in sending the 
files. But as long as the sender and the receiver transfer files in a
sequential order, I'd expect that these files appear in exactly that
(timely) order in the destination. 

> Additionally, rsync first transfers to a
> temp file and renames when done, so anything that is watching a
> directory will see multiple events happening anyway.

In our example, inoticoming waits for the advent(?) of a *.changes file, 
ignoring all other events. In case rsync uses a temp file, the
appearance of the *.changes file is even atomical. (Rsync does not need
to use temp file, --inplace modifies the destination file itself.)

> > And I believe, this behaviour breaks that what a unix user would expect.
> 
> I'm a unix user since 1984, and I've learnt to test things to understand
> how they work :)  Also rsync does work (more or less) on more than just
> unix-like systems, so that's hardly an argument.

Ok, thus you have about 6 years more unix exerience ☺. For me testing
is not a good base for understanding, reading the docs should be the
first part. (comes into my mind: at least this behaviour of rsync should
be documented...)

And I insist on calling this "unexpected". rsync does a great job in
replacing {,s}cp, but both tools do *not* re-order the files.

> In this case rsync orders the files to be sent as that is appropriate
> for the algorithm that is used to update the destination. In this
> special case that wouldn't strictly be necessary, but catering for such
> special cases would make rsync slower for the vast majority of use
> cases.

I can't reply here, since I didn't check the source.
I'd agree for all cases, where rsync gets passed wildcards (not talking
about passing the wildcards to the invoking shell). 

> A simple workaround is of course to transfer the out of order files in
> separate rsync runs. In your example: first do z, then do the rest.
> As a workaround is trivially made, I cannot see how this could be

This workaround causes one more prompting for the passphrase (in case no
ssh-agend is used).

> classified as an important bug; especially since this behaviour has been
> around since the beginnings of rsync. Hence I'm changing the severity to
> "normal".  Additionally, it's basically the same issue as described in
> bug report 160982 ("rsync alphabetizes files") , so I'm merging these
> bug reports, and marking it wontfix: I cannot imagine that rsync will be
> changed ever to not sort the file list.

Sorry for not finding the similiar issues. And I'll contact the rsync
mailing list, probably they can convince me about that.

Should I file a bug report about a missing note in the manpage?

Greetings from Dresden,
-- 
Heiko

signature.asc
Description: Digital signature

Bug#640492: rsync: should not reorder the file names on the command line

2011-09-05 Thread Heiko Schlittermann

Package: rsync
Version: 3.0.7-2
Severity: important
Tags: upstream


When I call

rsync z a b c dest/

rsync re-orders die filelist and transfers in alphabetical order.
This breaks some remote applications, in case they expect the files
appearing in some specific order. (debian reprepro + inoticoming as one
exampl).

And I believe, this behaviour breaks that what a unix user would expect.


-- System Information:
Debian Release: 6.0.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages rsync depends on:
ii  base-files  6.0squeeze2  Debian base system miscellaneous f
ii  libacl1 2.2.49-4 Access control list shared library
ii  libc6   2.11.2-10Embedded GNU C Library: Shared lib
ii  libpopt01.16-1   lib for parsing cmdline parameters
ii  lsb-base3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip

rsync recommends no packages.

Versions of packages rsync suggests:
ii  openssh-client1:5.5p1-6  secure shell (SSH) client, for sec
ii  openssh-server1:5.5p1-6  secure shell (SSH) server, for sec

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#639802: Acknowledgement (dupload: should upload the .changes file as the last file)

2011-08-30 Thread Heiko Schlittermann

Hello,

my patch needs further tweeking, since rsync seems to order the
filenames alphabetically, making my re-arrangement if the filelist
(putting the .changes file last) useless.

-- 
Heiko


signature.asc
Description: Digital signature

Bug#639802: dupload: should upload the .changes file as the last file

2011-08-30 Thread Heiko Schlittermann

Package: dupload
Version: 2.6.6
Severity: important
Tags: upstream patch


When uploading larger packages over a slow link to the combination of
inoticoming/reprepro the reprepro the packages won't get imported.

Why? Inoticoming seems to start reprepro as soon as the .changes file
arrived (probably after a short timeout). For larger packages on slow
links it may take several minutes until all files mentioned in the
.changes file are uploaded.

Moving the .changes file to the last position in the list of the upload
queue should solve this problem.


-- System Information:
Debian Release: 6.0.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages dupload depends on:
ii  perl   5.10.1-17squeeze2 Larry Wall's Practical Extraction 
ii  perl-modules [libnet-p 5.10.1-17squeeze2 Core Perl modules

Versions of packages dupload recommends:
ii  openssh-client1:5.5p1-6  secure shell (SSH) client, for sec
ii  ssh   1:5.5p1-6  secure shell client and server (me

Versions of packages dupload suggests:
ii  exim4-daemon-light [mail 4.72-6+squeeze2 lightweight Exim MTA (v4) daemon
ii  lintian  2.4.3   Debian package checker

-- no debconf information
--- /usr/bin/dupload2008-09-21 22:34:49.0 +0200
+++ /home/heiko/bin/dupload 2011-08-30 14:34:35.020116427 +0200
@@ -521,7 +521,7 @@
 
 JOB: foreach (keys %files) {
my $job = $_;
-   my @files = @{$files{$job}};
+   my @files = sort { $a eq $b ? 0 : $a =~ /\.changes$/ ? 1 : -1 } 
@{$files{$job}};
my $mode;
my $batchmode;
my $allfiles;

Bug#626470: muttprint: does not honour the PAPERSIZE environment variable

2011-05-12 Thread Heiko Schlittermann

Package: muttprint
Version: 0.73-3
Severity: important
Tags: upstream


muttprint should honour the PAPERSIZE environment variable directly
or indirectly by using `paperconf`.


-- System Information:
Debian Release: 6.0.1
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages muttprint depends on:
ii  debconf [debconf-2.0] 1.5.36.1   Debian configuration management sy
ii  libtext-iconv-perl1.7-2  converts between character sets in
ii  perl  5.10.1-17  Larry Wall's Practical Extraction 
ii  texlive-fonts-recommended 2009-11TeX Live: Recommended fonts
ii  texlive-latex-extra   2009-10TeX Live: LaTeX supplementary pack
ii  texlive-latex-recommended 2009-11TeX Live: LaTeX recommended packag

Versions of packages muttprint recommends:
ii  bsd-mailx [mail-re 8.1.2-0.20100314cvs-1 simple mail user agent
ii  icedove [mail-read 3.0.11-1+squeeze1 mail/news client with RSS and inte
ii  libtimedate-perl   1.2000-1  collection of modules to manipulat
ii  mutt [mail-reader] 1.5.20-9+squeeze1 text-based mailreader supporting M

Versions of packages muttprint suggests:
pn  compface   (no description available)
pn  dialog (no description available)
ii  imagemagick  8:6.6.0.4-3 image manipulation programs
pn  muttprint-manual   (no description available)
pn  ospics (no description available)
ii  psutils  1.17-27 A collection of PostScript documen
pn  slrn | news-reader (no description available)
pn  texlive-fonts-extra(no description available)

-- debconf information:
  muttprint/moved_pics:



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#622350: dump -W does not list ext4 file systems

2011-04-12 Thread Heiko Schlittermann

Package: dump
Version: 0.4b43-1
Severity: important
Tags: upstream


dump -W consults the /etc/mtab, and it checks the /var/lib/dumpdates.
If the filesystem type in /etc/mtab is ext4, dump ignores it. (But
nevertheless it can successfully dump such file system.)


-- System Information:
Debian Release: 6.0.1
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages dump depends on:
ii  e2fslibs  1.41.12-2  ext2/ext3/ext4 file system librari
ii  libblkid1 2.17.2-9   block device id library
ii  libc6 2.11.2-10  Embedded GNU C Library: Shared lib
ii  libcomerr21.41.12-2  common error description library
ii  libncurses5   5.7+20100313-5 shared libraries for terminal hand
ii  libreadline6  6.1-3  GNU readline and history libraries
ii  libselinux1   2.0.96-1   SELinux runtime shared libraries
ii  libuuid1  2.17.2-9   Universally Unique ID library
ii  tar   1.23-3 GNU version of the tar archiving u

dump recommends no packages.

dump suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#612826: libedit2: fix is easy!

2011-03-02 Thread Heiko Schlittermann

Package: libedit2
Version: 2.11-20080614-2
Severity: normal


The man page can be found in libedit-dev, but it should be in libedit2,
I'd say it should be fixably without too much impact on other parts of
the system. Please fix it. 


-- System Information:
Debian Release: 6.0
  APT prefers squeeze-updates
  APT policy: (500, 'squeeze-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libedit2 depends on:
ii  libbsd0   0.2.0-1utility functions from BSD systems
ii  libc6 2.11.2-10  Embedded GNU C Library: Shared lib
ii  libncurses5   5.7+20100313-5 shared libraries for terminal hand

libedit2 recommends no packages.

libedit2 suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#572075: apache2-common: standard apache2.conf is insecure with respect to Satisfy any

2010-03-01 Thread Heiko Schlittermann

Package: apache2.2-common
Version: 2.2.9-10+lenny6
Severity: important
Tags: patch


The apache2.conf contains 


Order allow,deny
Deny from all


If in some other part of the configuration file (e.g. 
inside some virtual host configuration) the
AuthType, ... Required ... directives *and* "Satisfy any"
is used, it seems to apply to the above mentioned ...
too. Thus *any* authenticated user may access the .ht* files.

I consider this as a serious security issue.
Adding "Satisfy all" to the above block would solve this and
should not harm otherwise.

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#323807: vsftpd: It is reproducable (64bit issue?)

2010-02-02 Thread Heiko Schlittermann

Package: vsftpd
Version: 2.0.7-1
Followup-For: Bug #323807

Hello, even Daniel closed the but in October 2009 - it seems still to be
there. Using the use_sendfile=NO option worked at least for me.

The underaying file system is an „usual“ ext3 on LVM on MDADM.

-- (system information removed, because it didn't happen on *this*
system)


signature.asc
Description: Digital signature

Bug#555466: samba-common: wrong example on add machine script in the smb.conf(5)

2009-11-09 Thread Heiko Schlittermann

Package: samba-common
Version: 2:3.2.5-4lenny7
Severity: minor

The smb.conf(5) man page shows a wrong example line for the add machine
script. The examples does not work and differs from the example listed
in the sample smb.conf.


-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages samba-common depends on:
ii  debconf [debcon 1.5.24   Debian configuration management sy
ii  libc6   2.7-18   GNU C Library: Shared libraries
ii  libcomerr2  1.41.3-1 common error description library
ii  libkrb531.6.dfsg.4~beta1-5lenny1 MIT Kerberos runtime libraries
ii  libldap-2.4-2   2.4.11-1 OpenLDAP libraries
ii  libncurses5 5.7+20081213-1   shared libraries for terminal hand
ii  libpam-modules  1.0.1-5+lenny1   Pluggable Authentication Modules f
ii  libpopt01.14-4   lib for parsing cmdline parameters
ii  libreadline55.2-3.1  GNU readline and history libraries
ii  libtalloc1  1.2.0~git20080616-1  hierarchical pool based memory all
ii  libuuid11.41.3-1 universally unique id library
ii  libwbclient02:3.2.5-4lenny7  client library for interfacing wit
ii  ucf 3.0016   Update Configuration File: preserv

samba-common recommends no packages.

samba-common suggests no packages.

-- debconf information:
  samba-common/encrypt_passwords: true
* samba-common/dhcp: true
* samba-common/workgroup: WORKGROUP
  samba-common/do_debconf: true


signature.asc
Description: Digital signature

Bug#512734: qrfcview: fix for bug #512734 (limited search)

2009-08-01 Thread Heiko Schlittermann

Package: qrfcview
Version: 0.62-5
Followup-For: Bug #512734

Hello,

the bug described can be fixed quite easy:

src/mainwindow.cpp, line 126 contains the upper limit
of 5000 for the RFC number. At least this limit could be extended so
somewhat higher number. Until qrfcview is capable of fetching the
maximum allowed number by itself.


-- System Information:
Debian Release: 5.0.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages qrfcview depends on:
ii  libc62.7-18  GNU C Library: Shared libraries
ii  libgcc1  1:4.3.2-1.1 GCC support library
ii  libqt4-gui   4.4.3-1 transitional package for Qt 4 GUI 
ii  libqt4-network   4.4.3-1 Qt 4 network module
ii  libqtcore4   4.4.3-1 Qt 4 core module
ii  libstdc++6   4.3.2-1.1   The GNU Standard C++ Library v3

qrfcview recommends no packages.

Versions of packages qrfcview suggests:
pn  doc-rfc(no description available)

-- no debconf information


signature.asc
Description: Digital signature

Bug#539279: dovecot-common: rc-script looks for /etc/inetd.conf - but this file does not exist

2009-07-30 Thread Heiko Schlittermann

Package: dovecot-common
Version: 1:1.0.15-2.3
Severity: normal

The rc script of dovecot (installed as part of dovecot-common) want's to
check the /etc/inetd.conf. But this file does not have to exist.

The script doesn't stop, but it issues a message, looking like an
error message.



-- System Information:
Debian Release: 5.0.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash


signature.asc
Description: Digital signature

Bug#524045: havp: the daemon doesn't release/reopens the logfiles on "reload"

2009-04-14 Thread Heiko Schlittermann

Package: havp
Version: 0.89-1
Severity: important

The postrotate script (using /etc/init.d/havp reload) does not trigger
havp to release and reopen the log (access/error).

Doing a ``killall -HUP havp'' seems(!) to trigger one(!) process to
reopen the access/error.log.


-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash


signature.asc
Description: Digital signature

Bug#520822: mercurial: ``hg strip --help'' offers a "-f" option, but option does not exist

2009-03-22 Thread Heiko Schlittermann

Package: mercurial
Version: 1.0.1-5.1
Severity: minor

As stated in the subject.

|   hg strip [-f] [-b] [-n] REV
|
|   strip a revision and all later revs on the same branch
|
|   options:
|
|-b --backupbundle unrelated changesets
|-n --nobackup  no backups
|
|   use "hg -v help strip" to show global options

But if I try to use ``hg strip -f 497'', it shows the help page again
(probably indicating a usage error).

Or - "-f" is poorly documented and should be used in some other way than
I did (I supposed it to be something like "force").

In hgext/mq.py:2378 I found the code for showing the "-f".

-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages mercurial depends on:
ii  libc6 2.7-18 GNU C Library: Shared libraries
ii  mercurial-common  1.0.1-5.1  Scalable distributed version contr
ii  python2.5.2-3An interactive high-level object-o
ii  python-support0.8.4  automated rebuilding support for P
ii  ucf   3.0016 Update Configuration File: preserv

Versions of packages mercurial recommends:
ii  python-beaker 0.9.5-1Simple WSGI middleware that uses t
ii  rcs   5.7-23 The GNU Revision Control System

Versions of packages mercurial suggests:
pn  python-elementtree (no description available)
pn  python-mysqldb (no description available)
pn  python-pygments(no description available)
ii  python-subversion 1.5.1dfsg1-2   Python bindings for Subversion
pn  qct(no description available)
ii  tk8.4 [wish]  8.4.19-2   Tk toolkit for Tcl and X11, v8.4 -
ii  vim   1:7.1.314-3+lenny2 Vi IMproved - enhanced vi editor
ii  vim-gnome [vim]   1:7.1.314-3+lenny2 Vi IMproved - enhanced vi editor -

-- no debconf information


signature.asc
Description: Digital signature

Bug#520565: when started twice, apt-cacher-ng can't be stopped via init-script

2009-03-20 Thread Heiko Schlittermann

Package: apt-cacher-ng
Version: 0.2.2-2
Severity: important

Hello,

starting apt-cacher-ng a second time (heartbeat may do this, or a local
admin by accident), it removes the $RUNDIR, thus not being able to 
stop apt-cacher-ng later.

The 2nd attempt fails of course (port is in use).

A simple fix should help:

do_start() {
   if { kill -0 `cat $PIDFILE` && fuser $SOCKETFILE; } &>/dev/null; then
   echo "$DESC already running"
   exit 0
  fi
  ...
}

I used "&&" to make sure we're checking the apt-cacher-ng and not
some other process using the PID for coincidence.



-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages apt-cacher-ng depends on:
ii  adduser3.110 add and remove users and groups
ii  libbz2-1.0 1.0.5-1   high-quality block-sorting file co
ii  libc6  2.7-18GNU C Library: Shared libraries
ii  libfuse2   2.7.4-1.1 Filesystem in USErspace library
ii  libgcc11:4.3.2-1.1   GCC support library
ii  libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3
ii  zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime

apt-cacher-ng recommends no packages.

apt-cacher-ng suggests no packages.

-- no debconf information


signature.asc
Description: Digital signature

Bug#515576: missing PATH in /etc/resolvconf/update-libc.d/squid

2009-02-18 Thread Heiko Schlittermann

Package: squid
Version: 2.7.STABLE3-4.1
Followup-For: Bug #515576


As in the subject, adding 

PATH=/usr/sbin:/sbin:/usr/bin:/bin

at the beginning of the script should fix the problem.


-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages squid depends on:
ii  adduser   3.110  add and remove users and groups
ii  debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii  libc6 2.7-18 GNU C Library: Shared libraries
ii  libcomerr21.41.3-1   common error description library
ii  libdb4.6  4.6.21-11  Berkeley v4.6 Database Libraries [
ii  libkrb53  1.6.dfsg.4~beta1-5 MIT Kerberos runtime libraries
ii  libldap-2.4-2 2.4.11-1   OpenLDAP libraries
ii  libpam0g  1.0.1-5Pluggable Authentication Modules l
ii  logrotate 3.7.1-5Log rotation utility
ii  lsb-base  3.2-20 Linux Standard Base 3.2 init scrip
ii  netbase   4.34   Basic TCP/IP networking system
ii  squid-common  2.7.STABLE3-4.1Internet object cache (WWW proxy c

squid recommends no packages.

Versions of packages squid suggests:
pn  logcheck-database  (no description available)
ii  resolvconf1.42   name server information handler
ii  smbclient 2:3.2.5-4  a LanManager-like simple client fo
pn  squid-cgi  (no description available)
pn  squidclient(no description available)
pn  winbind(no description available)

-- debconf information:
  squid/fix_cachedir_perms: false
  squid/fix_lines: true




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#511410: ITP: dma -- the DragonFly Mail Agent, a lightweight MTA

2009-01-10 Thread Heiko Schlittermann

Hello Peter,

Peter Pentchev  (Sa 10 Jan 2009 16:57:10 CET):
> Package: wnpp
> Severity: wishlist

..
> 
> dma is not intended as a replacement for real, big MTAs like sendmail(8)
> or postfix(1).  Consequently, dma does not listen on port 25 for incoming
> connections.

Please do not forget to mention Exim here, if you're talking about real
big MTAs :)

Best regards from Dresden (Germany)
Viele Grüße aus Dresden
Heiko Schlittermann
-- 
 SCHLITTERMANN.de  internet & unix support -
 Heiko Schlittermann HS12-RIPE -
 gnupg encrypted messages are welcome - key ID: 48D0359B ---
 gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B -


signature.asc
Description: Digital signature

Bug#506985: /etc/init.d/squid reload should really "reconfigure"

2008-11-26 Thread Heiko Schlittermann

Package: squid
Version: 2.7.STABLE3-1
Severity: important

Hello,

/etc/init.d/squid reload

does not always work as expected. If I didn't change the config, but the
environment of the box running squid (it's a laptop) changes, these
changes are not picked up by squid.  In my case the "cache_peer" lines
contains the name "proxy" as hostname for the parent. @Home it resolves
to some other address than in @office. The "reload" (signal 1) doesn't
seem to initiate a re-evaluation of the config file. But if I use

squid -k reconfigure

it works as expected.

So, I presume, the "/etc/init.d/squid reload" should map to "squid -k
reconfigure", shouldn't it?

Greetings from Dresden, Heiko Schlittermann


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.27.5.hs (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages squid depends on:
ii  adduser   3.110  add and remove users and groups
ii  debconf [debconf-2.0] 1.5.22 Debian configuration management sy
ii  libc6 2.7-15 GNU C Library: Shared libraries
ii  libcomerr21.41.2-1   common error description library
ii  libdb4.6  4.6.21-11  Berkeley v4.6 Database Libraries [
ii  libkrb53  1.6.dfsg.4~beta1-4 MIT Kerberos runtime libraries
ii  libldap-2.4-2 2.4.11-1   OpenLDAP libraries
ii  libpam0g  1.0.1-4Pluggable Authentication Modules l
ii  logrotate 3.7.1-5Log rotation utility
ii  lsb-base  3.2-20 Linux Standard Base 3.2 init scrip
ii  netbase   4.34   Basic TCP/IP networking system
ii  squid-common  2.7.STABLE3-1  Internet object cache (WWW proxy c

squid recommends no packages.

Versions of packages squid suggests:
pn  logcheck-database  (no description available)
pn  resolvconf (no description available)
ii  smbclient  2:3.2.4-1 a LanManager-like simple client fo
pn  squid-cgi  (no description available)
ii  squidclient3.0.STABLE8-1 A full featured Web Proxy cache (H
pn  winbind(no description available)

-- debconf information:
  squid/fix_cachedir_perms: false
* squid/largefiles_warning:
  squid/anonymize_headers:
* squid-cgi/cachemgr:
  squid/old_version: false
  squid/http_anonymizer:
  squid/authenticate_program:
  squid/fix_lines: true




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#501833: httptunnel: hts can bind to an IP address, but it's not documented

2008-10-10 Thread Heiko Schlittermann

Package: httptunnel
Version: 3.3-3
Severity: minor


The hts server can even bind to a specific address:
the synopsis should be this way:

hts [options] [:]


And of course, this feature should be mentioned in the man page.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable'), (200, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.26.2.jumper
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages httptunnel depends on:
ii  libc6 2.7-13 GNU C Library: Shared libraries

httptunnel recommends no packages.

-- no debconf information




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494886: cyrus-clients-2.2: pop3test doesn't follow RFC - can't test dovecot pop3-server

2008-08-12 Thread Heiko Schlittermann

Package: cyrus-clients-2.2
Version: 2.2.13-10
Severity: important
Tags: patch


Hello,

I think, I've found a bug in the imtest/pop3test utiltiy.
It's not correctly checking the server respons.

Let me explain some details:

I used pop3test to check a dovecot pop3-server

S: +OK Dovecot ready.
C: CAPA
S: +OK
S: CAPA
S: TOP
S: UIDL
S: RESP-CODES
S: PIPELINING
S: STLS
S: USER
S: SASL PLAIN
S: .
C: USER heiko
S: +OK
Authentication failed. generic failure
Connection closed.


Digging in the imtest.c I found (function auth_pop(void))
the following lines:

1867 printf("C: USER %s\r\n", username);
1868 prot_printf(pout,"USER %s\r\n", username);
1869 prot_flush(pout);
1870
1871 if (prot_fgets(str, 1024, pin) == NULL) {
1872 imtest_fatal("prot layer failure");
1873 }
1874
1875 printf("S: %s", str);
1876
1877 if (strncasecmp(str, "+OK ", 4)) return IMTEST_FAIL;

The issue is about the "+OK ". Note the trailing space there, and the
check for 4 characters. Dovecot just sends "+OK\r\n", nothing else.
There's no space following the "+OK".

Reading RFC1939 (section 9):

  Note that with the exception of the STAT, LIST, and UIDL commands,
  the reply given by the POP3 server to any command is significant
  only to "+OK" and "-ERR".  Any text occurring after this reply
  may be ignored by the client.


So I'd guess the above test is wrong. (A similar test is done some lines
later checking the response to the "PASS ..." command. And probably even
more often.

The fix should be just something like this (in vi):

%s/+OK ", 4/+OK", 3/g

in the imtest.c source.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.26.2.jumper
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages cyrus-clients-2.2 depends on:
ii  libc6  2.3.6.ds1-13etch7 GNU C Library: Shared libraries
ii  libdb4.2   4.2.52+dfsg-2 Berkeley v4.2 Database Libraries [
ii  libsasl2-2 2.1.22.dfsg1-8Authentication abstraction library
ii  libssl0.9.80.9.8c-4etch3 SSL shared libraries

cyrus-clients-2.2 recommends no packages.

-- no debconf information




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#453309: logtail ignores the -o (offset file) option

2008-02-05 Thread Heiko Schlittermann

Hello,

Marc Haber <[EMAIL PROTECTED]> (Di 05 Feb 2008 22:55:16 CET):
> On Tue, Feb 05, 2008 at 12:26:22PM +0100, Heiko Schlittermann wrote:
> > Marc Haber <[EMAIL PROTECTED]> (Di 05 Feb 2008 11:46:15 CET):
> > > On Wed, Nov 28, 2007 at 04:05:53PM +0100, Heiko Schlittermann wrote:
> > > > The logtail utility fails in using some alternative offset file
...
> 
> > .. as documented. I think last time I supposed it should work that way
> > too:
> > 
> > logtail -o # doesn't work (doesn't fit
> >   to manpage)
> 
> That does not look like a bug to me then. Is the error message helpful?

There was no error message. It just works as w/o "-o ". This I'd
consider a bug at least.

> > logtail# works (but doesn't fit to 
> > manpage)
> > # but of course, no
> > # alternative offset file
> 
> That might be a historically sourced backwards compatibility, which is
> not documented on purpose.
> 
> I do not see a bug in the package, the documented call works fine.
> Whether the documentation needs to be changed would be Martin's last
> call, he will comment in due time.

True, not the "binary" is buggy but the docs. But for this reason I still
insist on seeing abug in logtail*deb ;)

And - enhancing both - the docs and the "binary" shouldn't harm too
much. And (at least from my POV) it gives more consistent behaviour of
the logtail tool.

-- 
Heiko


signature.asc
Description: Digital signature

Bug#453309: logtail ignores the -o (offset file) option

2008-02-05 Thread Heiko Schlittermann

Marc Haber <[EMAIL PROTECTED]> (Di 05 Feb 2008 11:46:15 CET):
> On Wed, Nov 28, 2007 at 04:05:53PM +0100, Heiko Schlittermann wrote:
> > The logtail utility fails in using some alternative offset file
> > (passed via the '-o' option).
> 
> Please give an example how to reproduce the issue.

Hm. I can't. It seems to work:

logtail -f  -o # works (according man page)

.. as documented. I think last time I supposed it should work that way
too:

logtail -o # doesn't work (doesn't fit
  to manpage)

logtail# works (but doesn't fit to manpage)
# but of course, no
# alternative offset file



So there is some inconsistency between the tool and the manpage.

Since I believe the last invocation is naturally, the last but one
should work too, shouldn't it? The first invocation is the only valid
(at least according to the man page)

And according to the source following works too:

logtail  



I'll attach 2 diffs, both seem(!) to work for me. But I didn't touch the
man page so far.


Best regards from Dresden
Viele Grüße aus Dresden
Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---- internet & unix support -
 Heiko Schlittermann HS12-RIPE -
 gnupg encrypted messages are welcome - key ID: 48D0359B ---
 gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B -
32,42c32,34
< # try to detect plain logtail invocation without switches
< if (!$opts{f} && $#ARGV != 0 && $#ARGV != 1) {
<print STDERR "No logfile to read. Use -f [LOGFILE].\n";
<exit 66;
< } elsif ($#ARGV == 0) {
<$logfile = $ARGV[0];
< } elsif ($#ARGV == 1) {
<($logfile, $offsetfile) = ($ARGV[0], $ARGV[1]);
< } else {
<($logfile, $offsetfile) = ($opts{f}, $opts{o});
< }
---
> ($logfile, $offsetfile) = @ARGV;
> $logfile = $opts{f} if defined $opts{f};
> $offsetfile = $opts{o} if defined $opts{o};
40,41d39
< } else {
<($logfile, $offsetfile) = ($opts{f}, $opts{o});
42a41,42
> $logfile = $opts{f} if defined $opts{f};
> $offsetfile = $opts{o} if defined $opts{o};


signature.asc
Description: Digital signature

Bug#455562: proftpd: init script should use --oknodo on startup

2007-12-10 Thread Heiko Schlittermann

Package: proftpd
Version: 1.3.0-19
Severity: important


Hello,

when starting proftpd by heartbeat it happens that a already running
proftpd is "started again". I mean, /etc/init.d/proftpd start is called
despite the current status.

According to the heartbeat specifications (and debian policy?) the init
"start" action should not fail on an already running service.
(For me it sounds logical: if I want to start something, it doesn't
matter if it is running alread, I just want it running.)

Adding "--oknodo" to start-stop-daemon in start() would do.

Thank you.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (550, 'stable'), (500, 'proposed-updates'), (200, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages proftpd depends on:
ii  adduser 3.102Add and remove users and groups
ii  debconf 1.5.11   Debian configuration management sy
ii  debianutils 2.17 Miscellaneous utilities specific t
ii  libacl1 2.2.41-1 Access control list shared library
ii  libattr12.4.32-1 Extended attribute shared library
ii  libc6   2.6.1-1+b1   GNU C Library: Shared libraries
ii  libldap22.1.30-13.3  OpenLDAP libraries
ii  libmysqlclient15off 5.0.32-7etch1mysql database client library
ii  libncurses5 5.6+20071013-1   Shared libraries for terminal hand
ii  libpam-runtime  0.79-4   Runtime support for the PAM librar
ii  libpam0g0.79-4   Pluggable Authentication Modules l
ii  libpq4  8.1.9-0etch1 PostgreSQL C client library
ii  libssl0.9.8 0.9.8g-1 SSL shared libraries
ii  libwrap07.6.dbs-13   Wietse Venema's TCP wrappers libra
ii  netbase 4.29 Basic TCP/IP networking system
ii  perl5.8.8-7etch1 Larry Wall's Practical Extraction 
ii  ucf 2.0020   Update Configuration File: preserv
ii  zlib1g  1:1.2.3.3.dfsg-6 compression library - runtime

proftpd recommends no packages.

-- debconf information:
* shared/proftpd/warning:
* shared/proftpd/inetd_or_standalone: standalone




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#453309: logtail ignores the -o (offset file) option

2007-11-28 Thread Heiko Schlittermann

Package: logtail
Version: 1.2.54
Severity: grave
Justification: causes non-serious data loss


The logtail utility fails in using some alternative offset file
(passed via the '-o' option).

Please contact me if you want me to send a fix for this issue.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (550, 'stable'), (500, 'proposed-updates'), (200, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages logtail depends on:
ii  perl5.8.8-7etch1 Larry Wall's Practical Extraction 

logtail recommends no packages.

-- no debconf information




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#442796: ugly error message when installing udev to virgin box (z25_persistent-net-rules missing)

2007-09-16 Thread Heiko Schlittermann

Package: udev
Version: 0.105-4
Severity: important


Hello,

if I install udev on to a virgin box (as done during fai installation of
a server farm) udevs postinst script complains about missing
/etc/udev/rules.d/z25_persistent-net.rules. Nothing is wrong with this
complaint since the file really doesn't exist yet.

/lib/udev/hotplug.functions aroute find_all_rules seems to cause this
message (sed ... $RO $RULES_FILE) -- makes sed complaining.

For a test I changed about

/lib/udev/hotplug.functions:151 to

sed -n -e "${}" $RO_RULES_FILE $(test -f $RULES_FILE && echo 
$RULES_FILE)

and it seems to work.

Heiko

-- Package-specific info:
-- /etc/udev/rules.d/:
/etc/udev/rules.d/:
total 32
lrwxrwxrwx 1 root root   20 2007-07-12 16:36 020_permissions.rules -> 
../permissions.rules
lrwxrwxrwx 1 root root   19 2007-07-12 16:36 025_libgphoto2.rules -> 
../libgphoto2.rules
-rw-r--r-- 1 root root   70 2007-06-07 17:25 10-local.rules
lrwxrwxrwx 1 root root   15 2007-07-12 16:36 85-pcmcia.rules -> ../pcmcia.rules
-rw-r--r-- 1 root root  255 2007-03-22 00:24 local.rules
-rw-r--r-- 1 root root   60 2006-09-26 18:26 tun.rules
lrwxrwxrwx 1 root root   13 2007-07-12 16:36 udev.rules -> ../udev.rules
lrwxrwxrwx 1 root root   25 2007-07-12 16:36 z20_persistent-input.rules -> 
../persistent-input.rules
lrwxrwxrwx 1 root root   19 2007-07-12 16:36 z20_persistent.rules -> 
../persistent.rules
-rw-r--r-- 1 root root 1167 2007-08-13 20:29 z25_persistent-cd.rules
-rw-r--r-- 1 root root  847 2007-08-13 20:32 z25_persistent-net.rules
lrwxrwxrwx 1 root root   29 2007-07-24 21:10 z45_persistent-cd-generator.rules 
-> ../cd-aliases-generator.rules
lrwxrwxrwx 1 root root   33 2007-07-12 16:36 z45_persistent-net-generator.rules 
-> ../persistent-net-generator.rules
lrwxrwxrwx 1 root root   12 2007-07-12 16:36 z50_run.rules -> ../run.rules
lrwxrwxrwx 1 root root   16 2007-07-12 16:36 z55_hotplug.rules -> 
../hotplug.rules
lrwxrwxrwx 1 root root   19 2007-07-12 16:36 z60_alsa-utils.rules -> 
../alsa-utils.rules
lrwxrwxrwx 1 root root   15 2007-07-13 11:28 z60_hdparm.rules -> ../hdparm.rules
-rw-r--r-- 1 root root 2589 2007-06-03 22:17 z60_libpisock9.rules
-rw-r--r-- 1 root root 5716 2007-06-04 10:36 z60_xserver-xorg-input-wacom.rules

-- /sys/:
/sys/block/dm-0/dev
/sys/block/dm-1/dev
/sys/block/dm-2/dev
/sys/block/dm-3/dev
/sys/block/dm-4/dev
/sys/block/dm-5/dev
/sys/block/loop0/dev
/sys/block/loop1/dev
/sys/block/loop2/dev
/sys/block/loop3/dev
/sys/block/loop4/dev
/sys/block/loop5/dev
/sys/block/loop6/dev
/sys/block/loop7/dev
/sys/block/sda/dev
/sys/block/sda/sda1/dev
/sys/block/sda/sda2/dev
/sys/block/sr0/dev
/sys/class/input/input22/mouse0/dev
/sys/class/input/mice/dev
/sys/class/scsi_generic/sg0/dev
/sys/class/scsi_generic/sg1/dev
/sys/devices/pci:00/:00:1b.0/sound/card0/adsp/dev
/sys/devices/pci:00/:00:1b.0/sound/card0/audio/dev
/sys/devices/pci:00/:00:1b.0/sound/card0/controlC0/dev
/sys/devices/pci:00/:00:1b.0/sound/card0/dsp/dev
/sys/devices/pci:00/:00:1b.0/sound/card0/mixer/dev
/sys/devices/pci:00/:00:1b.0/sound/card0/pcmC0D0c/dev
/sys/devices/pci:00/:00:1b.0/sound/card0/pcmC0D0p/dev
/sys/devices/pci:00/:00:1b.0/sound/card0/pcmC0D1p/dev
/sys/devices/pci:00/:00:1d.0/usb1/1-0:1.0/usb_endpoint/usbdev1.1_ep81/dev
/sys/devices/pci:00/:00:1d.0/usb1/dev
/sys/devices/pci:00/:00:1d.0/usb1/usb_device/usbdev1.1/dev
/sys/devices/pci:00/:00:1d.0/usb1/usb_endpoint/usbdev1.1_ep00/dev
/sys/devices/pci:00/:00:1d.1/usb2/2-0:1.0/usb_endpoint/usbdev2.1_ep81/dev
/sys/devices/pci:00/:00:1d.1/usb2/dev
/sys/devices/pci:00/:00:1d.1/usb2/usb_device/usbdev2.1/dev
/sys/devices/pci:00/:00:1d.1/usb2/usb_endpoint/usbdev2.1_ep00/dev
/sys/devices/pci:00/:00:1d.2/usb3/3-0:1.0/usb_endpoint/usbdev3.1_ep81/dev
/sys/devices/pci:00/:00:1d.2/usb3/dev
/sys/devices/pci:00/:00:1d.2/usb3/usb_device/usbdev3.1/dev
/sys/devices/pci:00/:00:1d.2/usb3/usb_endpoint/usbdev3.1_ep00/dev
/sys/devices/pci:00/:00:1d.3/usb4/4-0:1.0/usb_endpoint/usbdev4.1_ep81/dev
/sys/devices/pci:00/:00:1d.3/usb4/4-2/4-2:1.0/usb_endpoint/usbdev4.10_ep02/dev
/sys/devices/pci:00/:00:1d.3/usb4/4-2/4-2:1.0/usb_endpoint/usbdev4.10_ep81/dev
/sys/devices/pci:00/:00:1d.3/usb4/4-2/4-2:1.0/usb_endpoint/usbdev4.10_ep83/dev
/sys/devices/pci:00/:00:1d.3/usb4/4-2/dev
/sys/devices/pci:00/:00:1d.3/usb4/4-2/usb_device/usbdev4.10/dev
/sys/devices/pci:00/:00:1d.3/usb4/4-2/usb_endpoint/usbdev4.10_ep00/dev
/sys/devices/pci:00/:00:1d.3/usb4/dev
/sys/devices/pci:00/:00:1d.3/usb4/usb_device/usbdev4.1/dev
/sys/devices/pci:00/:00:1d.3/usb4/usb_endpoint/usbdev4.1_ep00/dev
/sys/devices/pci:00/:00:1d.7/usb5/5-0:1.0/usb_endpoint/usbdev5.1_ep81/dev
/sys/devices/pci:00/:00:1d.7/usb5/dev
/sys/devices/pci:00/:00:1d.7/usb5/usb_device/usbdev5.1/dev
/sys/devices/pci:00

Bug#434479: wodim: can't find /dev/sr0\n (as read from /proc/..../info

2007-07-23 Thread Heiko Schlittermann

Package: wodim
Version: 9:1.1.2-1
Severity: important


If there's no default CDR device in wodim.conf, wodim reads
/proc/sys/dev/cdrom/info.

It finds the name of the cdrom device there (sr0 in my case), but
it doesn't cut the trailing newline from this name. Therefore wodim then
tries to open "/dev/sr0\n", which doesn't exist.

(Test: ln -s /dev/sr0 '/dev/sr0^V^J' makes wodim work)


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.22.jumper
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages wodim depends on:
ii  libc6   2.3.6.ds1-13 GNU C Library: Shared libraries
ii  libcap1 1:1.10-14support for getting/setting POSIX.

Versions of packages wodim recommends:
ii  genisoimage   9:1.1.2-1  Creates ISO-9660 CD-ROM filesystem

-- no debconf information


Best regards from Dresden
Viele Grüße aus Dresden
Heiko Schlittermann
-- 
 SCHLITTERMANN.de -------- internet & unix support -
 Heiko Schlittermann HS12-RIPE -
 gnupg encrypted messages are welcome - key ID: 48D0359B ---
 gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B -



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#433891: tftpd-hpa: --oknodo missing

2007-07-19 Thread Heiko Schlittermann

Package: tftpd-hpa
Version: 0.43-1.1
Severity: important
Tags: patch

invoke-rc.d tftpd-hpa {start|stop} returns a serious error (exit status)
if the daemon is already running resp. stopped. This avoids easy
integration in heartbeat and brings problem on removing the package if
the daemon is stopped already.

(There's some other bug related to this issue.)

I added "--oknodo" to the "start-stop-daemon " invocations in
/etc/init.d/tftpd-hpa and this solves the problem. (And I hope that it
doesn't bring a lot other problems.)

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.22.jumper
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages tftpd-hpa depends on:
ii  debconf [debconf-2.0]   1.5.13   Debian configuration management sy
ii  libc6   2.3.6.ds1-13 GNU C Library: Shared libraries
ii  libwrap07.6.dbs-13   Wietse Venema's TCP wrappers libra
ii  netbase 4.29 Basic TCP/IP networking system

tftpd-hpa recommends no packages.

-- debconf information:
* tftpd-hpa/use_inetd: true



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#397557: default output dir is not as noted in srg.conf

2006-11-08 Thread Heiko Schlittermann

Package: srg
Version: 1.3.4-3
Severity: normal


In srg.conf is noted that /var/www/srg_reports are the output dir per
default.  It's wrong.  If no output dir is given, srg writes to
./srg_reports !

Heiko Schlittermann

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages srg depends on:
ii  libc62.3.6.ds1-7 GNU C Library: Shared libraries
ii  libgcc1  1:4.1.1-19  GCC support library
ii  libstdc++6   4.1.1-19The GNU Standard C++ Library v3

Versions of packages srg recommends:
ii  apache1.3.34-4   versatile, high-performance HTTP s
ii  php4  4:4.4.4-3  server-side, HTML-embedded scripti
ii  squid 2.6.4-2Internet Object Cache (WWW proxy c

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#396343: nsca: config file specifies wrong location for nagios2 command file

2006-10-31 Thread Heiko Schlittermann

Package: nsca
Version: 2.6-2
Severity: important
Tags: patch


The default nsca.cfg specifies /var/run/nagios2/rw/nagios.cmd as command
file, but current nagios2 packages seem to use
/var/lib/nagios2/rw/nagios2/nagios.cmd as command file.


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.15.1.pu
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages nsca depends on:
ii  debconf [debconf-2.0]1.4.30.13   Debian configuration management sy
ii  libc62.3.6.ds1-7 GNU C Library: Shared libraries
ii  libmcrypt4   2.5.7-5 De-/Encryption Library
ii  libwrap0 7.6.dbs-8   Wietse Venema's TCP wrappers libra

-- debconf information:
  nsca/run-nsca-daemon:


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#396102: Nagios probably doesn't remove old logs from /var/log/nagios2/archives/

2006-10-29 Thread Heiko Schlittermann

Package: nagios2
Version: 2.5-1.stable.ius.5
Severity: important


Since nagios2 does its own logration (/var/log/nagios2/nagios.log ->
/var/log/nagios2/archives/...) I'm afraid that nobody will clean the old
logs.  (At lease I do not see any relevant config option in the
nagios.cfg.)

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.15.1.pu
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages nagios2 depends on:
ii  libc6 2.3.6.ds1-7GNU C Library: Shared libraries
ii  libgd2-xpm2.0.33-1.1sarge1   GD Graphics Library version 2
ii  libjpeg62 6b-10  The Independent JPEG Group's JPEG 
ii  libperl5.85.8.8-6.1  Shared Perl library
ii  libpng12-01.2.8rel-1 PNG library - runtime
ii  nagios2-common2.5-1.stable.ius.5 support files for nagios2
ii  perl  5.8.8-6.1  Larry Wall's Practical Extraction 
ii  zlib1g1:1.2.2-4.sarge.2  compression library - runtime

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#396100: nagios2: apache-config should set some index options

2006-10-29 Thread Heiko Schlittermann

Package: nagios2
Version: 2.5-1
Severity: wishlist
Tags: patch


In the supplied nagios.conf for apache should be set the following
directive:

DirectoryIndex index.html

Why? Since you cannot assume that it's set on some parent level in the
config.  Not setting this prevents the URL .../nagios2/ from working.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.15.1.pu
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages nagios2 depends on:
ii  libc6 2.3.6.ds1-7GNU C Library: Shared libraries
ii  libgd2-xpm2.0.33-1.1sarge1   GD Graphics Library version 2
ii  libjpeg62 6b-10  The Independent JPEG Group's JPEG 
ii  libperl5.85.8.8-6.1  Shared Perl library
ii  libpng12-01.2.8rel-1 PNG library - runtime
ii  nagios2-common2.5-1.stable.ius.5 support files for nagios2
ii  perl  5.8.8-6.1  Larry Wall's Practical Extraction 
ii  zlib1g1:1.2.2-4.sarge.2  compression library - runtime

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#361956: [Pkg-nagios-devel] Bug#361956: nagios2-common: postinstall script uses unconditional chmod/chown, breaking any dpkg-statoverride

2006-04-11 Thread Heiko Schlittermann

Marc Haber <[EMAIL PROTECTED]> (Di 11 Apr 2006 16:16:53 CEST):
> On Tue, Apr 11, 2006 at 02:35:09PM +0200, Heiko Schlittermann wrote:
> > As stated in the subject -- the postinstall uses unconditionally
> > chmod/chown.  If the local admin tries to change permissions using
> > dpkg-statoverride, these local changes are not respected.
> > +# useful functions
> > +setperm() {
> > +local user="$1"; shift
> > +local group="$1"; shift
> > +local mode="$1"; shift
> > +local file="$1"; shift
> > +dpkg-statoverride --list "$file" >/dev/null && return 0
> > +dpkg-statoverride --update --add "$user" "$group" "$mode" "$file"
> > +}
> 
> The maintainer script adding the statoverride does not seem to be
> policy compliant to me. We are not to touch the dpkg-statoverride
> database.

What about the policy manual 10.9.1?

Given the above, dpkg-statoverride is essentially a tool for system
administrators and would not normally be needed in the maintainer scripts.
There is one type of situation, though, where calls to dpkg-statoverride 
would
be needed in the maintainer scripts, and that involves packages which use
dynamically allocated user or group ids. In such a situation, something like
the following idiom can be very helpful in the package's postinst, where
sysuser is a dynamically allocated id:




Of course, both (not touching the statoverride data base - and - using
statoverride for fixing the permissions) have their pro & con.

Pro using statoverride:

o it's clean interface
o admin is able to see all permissions different from
root:root 0755/0644
o easy way to recover lost permissions of packaged files

Contra:

o probably huge data base of statoverrides

o more steps for admin to change the permissions of 
  statoverridden files (as statoverride only changes
  the permissions during '--add', and the files are added
  already during package installation)

  (May be a new version of statoverride could solve it:
    dpkg-statoverride --update --list )


Best regards from Dresden
Viele Grüße aus Dresden
Heiko Schlittermann
-- 
 SCHLITTERMANN.de  internet & unix support -
 Heiko Schlittermann HS12-RIPE -
 gnupg encrypted messages are welcome - key ID: 48D0359B ---
 gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B -





signature.asc
Description: Digital signature

Bug#361956: nagios2-common: postinstall script uses unconditional chmod/chown, breaking any dpkg-statoverride

2006-04-11 Thread Heiko Schlittermann

Package: nagios2-common
Version: 2.1-1
Severity: serious
Tags: patch
Justification: Policy 10.9.1

As stated in the subject -- the postinstall uses unconditionally
chmod/chown.  If the local admin tries to change permissions using
dpkg-statoverride, these local changes are not respected.

-- System Information:
Debian Release: testing/unstable
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16.jumper
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
diff -ruN nagios2-2.1/debian/lintian/overrides/nagios2-common 
nagios2-2.hs/debian/lintian/overrides/nagios2-common
--- nagios2-2.1/debian/lintian/overrides/nagios2-common 2006-04-11 
14:15:11.0 +0200
+++ nagios2-2.hs/debian/lintian/overrides/nagios2-common1970-01-01 
01:00:00.0 +0100
@@ -1 +0,0 @@
-non-standard-file-perm etc/nagios2/resource.cfg 0600 != 0644
diff -ruN nagios2-2.1/debian/nagios2-common.install 
nagios2-2.hs/debian/nagios2-common.install
--- nagios2-2.1/debian/nagios2-common.install   2006-04-11 14:15:11.0 
+0200
+++ nagios2-2.hs/debian/nagios2-common.install  2006-04-11 14:09:30.0 
+0200
@@ -5,6 +5,5 @@
 sample-config/template-object/README 
/usr/share/doc/nagios2-common/examples/template-object
 sample-config/template-object/*.cfg 
/usr/share/doc/nagios2-common/examples/template-object
 debian/httpd.webapps-common /usr/share/nagios2/debian
-debian/lintian/overrides/nagios2-common usr/share/lintian/overrides
 debian/gateway.cfg usr/share/nagios2/debian
 debian/extcommands.cfg usr/share/nagios2/debian
diff -ruN nagios2-2.1/debian/nagios2-common.postinst 
nagios2-2.hs/debian/nagios2-common.postinst
--- nagios2-2.1/debian/nagios2-common.postinst  2006-04-11 14:15:11.0 
+0200
+++ nagios2-2.hs/debian/nagios2-common.postinst 2006-04-11 11:48:57.0 
+0200
@@ -20,6 +20,16 @@
 # location of the default htpasswd authentication file.
 htpw=$en/htpasswd.users
 
+# useful functions
+setperm() {
+local user="$1"; shift
+local group="$1"; shift
+local mode="$1"; shift
+local file="$1"; shift
+dpkg-statoverride --list "$file" >/dev/null && return 0
+dpkg-statoverride --update --add "$user" "$group" "$mode" "$file"
+}
+
 case "$1" in
   configure)
 if ! getent passwd nagios > /dev/null ; then
@@ -76,14 +86,15 @@
 
# explicitly set permissions on some files that are dependent
# on the uid/gid of the nagios user, which is dynamically created.
-   chown root:nagios $en/resource.cfg
-   chmod 640 $en/resource.cfg
-install -d -onagios -gadm -m2751 /var/log/nagios2
-install -d -onagios -gnagios -m750 /var/run/nagios2
-install -d -onagios -gnagios -m750 /var/lib/nagios2
-   # chown instead of install to preserve permission bits
-   chown nagios /var/lib/nagios2/rw
-install -d -onagios -gwww-data -m2750 /var/cache/nagios2
+   # .hs
+   # Do not forget to remove these statoverrides when purging the
+   # package!
+   setperm root nagios 0640 $en/resource.cfg
+   setperm nagios adm 2751 /var/log/nagios2
+   setperm nagios nagios 0750 /var/run/nagios2
+   setperm nagios nagios 0750 /var/lib/nagios2
+   setperm nagios www-data 02750 /var/cache/nagios2
+   setperm nagios www-data 0700 /var/lib/nagios2/rw
 
# everything went well, so now let's reset the password
db_set nagios2/adminpassword ""
diff -ruN nagios2-2.1/debian/nagios2-common.postrm 
nagios2-2.hs/debian/nagios2-common.postrm
--- nagios2-2.1/debian/nagios2-common.postrm2006-04-11 14:15:11.0 
+0200
+++ nagios2-2.hs/debian/nagios2-common.postrm   2006-04-11 11:50:02.0 
+0200
@@ -13,6 +13,13 @@
ucf --purge /etc/nagios2/apache2.conf
ucf --purge /etc/nagios2/conf.d/host-gateway_nagios2.cfg
#ucf --purge /etc/nagios2/conf.d/extcommands_nagios2.cfg
+
+   dpkg-statoverride --force --remove /etc/nagios2/resource.cfg
+   dpkg-statoverride --force --remove /var/log/nagios2
+   dpkg-statoverride --force --remove /var/run/nagios2
+   dpkg-statoverride --force --remove /var/lib/nagios2
+   dpkg-statoverride --force --remove /var/cache/nagios2
+   dpkg-statoverride --force --remove /var/lib/nagios2/rw
 ;;
 esac
 
diff -ruN nagios2-2.1/debian/rules nagios2-2.hs/debian/rules
--- nagios2-2.1/debian/rules2006-04-11 14:15:11.0 +0200
+++ nagios2-2.hs/debian/rules   2006-04-11 14:12:23.0 +0200
@@ -137,10 +137,9 @@
# remove empty directory
rmdir --ignore-fail-on-non-empty -p $b/nagios2/var/lib/nagios2/archives
# set up /var/cache/nagios2 for access by www-data
-   chgrp www-data ${bnc}/var/cache/nagios2
-   chmod g+s ${bnc}/var/cache/nagios2
-   chown root:www-data ${bnc}/var/lib/nagios2/rw
-   chmod 700 ${bnc}/var/lib/nagios2/rw
+   # Permissions are set in postinstall using dpkg-statoverride
+   # for following parts: /var/cache/nagios2
+   #  /var/lib/nagios2/r

Bug#312512: cgiemail: sendmail not found

2005-06-08 Thread Heiko Schlittermann

Package: cgiemail
Version: 1.6-26
Severity: grave
Justification: renders package unusable


Hello,

sh: line 1: sendmail not found
(the above line is from my memory)

If I use `strings /usr/lib/cgi-bin/cgiemail` I cannot find any
location for sendmail compiled in.  Probably you rely on a proper set
PATH?

I built cgiemail on my laptop and it seems as if now
'/usr/sbin/sendmail' is included in the binary as sendmail path
and the package works.


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.11.11.jumper
Locale: LANG=C, [EMAIL PROTECTED] (charmap=UTF-8)

Versions of packages cgiemail depends on:
ii  libc6   2.3.2.ds1-22 GNU C Library: Shared libraries an


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

98 matches

Mail list logo