Bug#1076022: Backport some security settings from upstream 3.2.5 release to mitigate BlastRADIUS

2024-07-12 Thread Herwin Weststrate 
On Tue, Jul 09, 2024 at 11:44:58PM +0200, Bernhard Schmidt wrote:
> Control: tags -1 help security
> 
> Am 09.07.24 um 18:15 schrieb Herwin Weststrate:
> > Package: freeradius
> > Version: 3.2.1+dfsg-4+deb12u1
> > 
> > FreeRADIUS 3.2.5 has just been released, which includes some security
> > fixes for BlastRADIUS: a vulnerability with a name and a website[0] and
> > a logo (hadn't seen one of those in a while).
> > 
> > The FreeRADIUS security page[1] (scroll to "2024.07.09", there is no
> > anchor to link directly to the relevant article) describes some new
> > configuration options to resolve everything. Since this will be the
> > first thing people read, it would be nice to have those backported to
> > the Debian packages.
> > 
> > At first glance, it looks like this requires just two commits[2] [3] to
> > be cherry-picked, but there may be some hidden dependencies in previous
> > commits.
> 
> > [2] 
> > https://github.com/FreeRADIUS/freeradius-server/commit/0947439f2569d2b8c2b4949be24250263934e260
> > [3] 
> > https://github.com/FreeRADIUS/freeradius-server/commit/6616be90346beb6050446bd00c8ed5bca1b8ef29
> 
> I haven't looked closer yet, but the patches do not apply at all
> 
> Given that the freeradius codebase is really complicated I'm not entirely
> sure whether we can do this (_I_ can't), or ask the security team for a
> newer upstream version in stable.

I looked a bit deeper into it: there was a lot more needed than just
these two commits. Pretty much every commit of July 8 was relevant.

I've created a new git repo where I imported the extracted Debian
package, added the upstream repository as a new remote, and git
cherry-picked every commit of that day except for the changelogs and the
CentOS CI updates. The conflicts were all related to missing code that
has been added in recent upstream versions and pretty easy to fix. The
result is this 2500 line behemoth of `git log -p`. I tested it with the
user `bob` enabled (the default test user of FreeRADIUS) and setting
`require_message_authenticator = auto` and using a different machine to
send requests to it. The `auto` settings looks to be working: if I start
with an `Access-Request` with no `Message-Authenticator` attribute, the
logging of FreeRADIUS shows this client is vulnerable and further
checking will be disabled. After a restart of the server and sending an
`Access-Request` with the `Message-Authenticator` attribute the client
will have checking enabled, and sending a next request without the
attribute will result in the package being dropped. Replies of the
server now always include a `Message-Authenticator` attribute, which
they did not have before (with the default config). A simple
authentication with 802.1X (PEAP) looked like it's still working as
well.

I have not yet tested the proxy settings, it takes a while to set that
up and I would first like to know if there is a chance that this patch
set will be accepted, if it gets rejected right away for whatever reason
I'd rather save myself the trouble.

All the commits have been cherry-picked in order from the upstream
changes, so a code review can compare these commits side by side.

-- 
Herwin Weststrate
commit 9a4ffa1bc47c3ac99653b29327f873fedf52228f
Author: Alan T. DeKok 
Date:   Fri Feb 16 08:09:54 2024 -0500

add and document global require_message_authenticator

diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in
index 49003a41b9..8eafdac377 100644
--- a/raddb/radiusd.conf.in
+++ b/raddb/radiusd.conf.in
@@ -572,6 +572,17 @@ security {
 	#
 	status_server = yes
 
+	#
+	#  Global configuration for requiring Message-Authenticator
+	#  in all Access-* packets.
+	#
+	#  This flag sets the global default for all clients and home
+	#  servers.  It can be over-ridden in individual client or
+	#  home server by adding a flag to that section which says
+	#  "require_message_authenticator = false".
+	#
+	require_message_authenticator = yes
+
 @openssl_version_check_config@
 }
 
diff --git a/src/include/radiusd.h b/src/include/radiusd.h
index c3e8cdd142..289f9623a3 100644
--- a/src/include/radiusd.h
+++ b/src/include/radiusd.h
@@ -174,6 +174,7 @@ typedef struct main_config {
 
 	bool		exiting;			//!< are we exiting?
 
+	bool		require_ma;			//!< global configuration for all clients and home servers
 
 #ifdef ENABLE_OPENSSL_VERSION_CHECK
 	char const	*allow_vulnerable_openssl;	//!< The CVE number of the last security issue acknowledged.
diff --git a/src/main/mainconfig.c b/src/main/mainconfig.c
index 960a312006..e7a8209541 100644
--- a/src/main/mainconfig.c
+++ b/src/main/mainconfig.c
@@ -160,6 +160,7 @@ static const CONF_PARSER security_config[] = {
 	{ "max_attributes",  FR_CONF_POINTER(PW_TYPE_INTEGER, _max_attributes), STRINGIFY(0) },
 	{ "reject_delay",  FR_CONF_POINTER(PW_TYPE_TI

Bug#1076022: Backport some security settings from upstream 3.2.5 release to mitigate BlastRADIUS

2024-07-09 Thread Herwin Weststrate 
Package: freeradius
Version: 3.2.1+dfsg-4+deb12u1

FreeRADIUS 3.2.5 has just been released, which includes some security
fixes for BlastRADIUS: a vulnerability with a name and a website[0] and
a logo (hadn't seen one of those in a while).

The FreeRADIUS security page[1] (scroll to "2024.07.09", there is no
anchor to link directly to the relevant article) describes some new
configuration options to resolve everything. Since this will be the
first thing people read, it would be nice to have those backported to
the Debian packages.

At first glance, it looks like this requires just two commits[2] [3] to
be cherry-picked, but there may be some hidden dependencies in previous
commits.

[0] https://www.blastradius.fail/
[1] https://www.freeradius.org/security/
[2] 
https://github.com/FreeRADIUS/freeradius-server/commit/0947439f2569d2b8c2b4949be24250263934e260
[3] 
https://github.com/FreeRADIUS/freeradius-server/commit/6616be90346beb6050446bd00c8ed5bca1b8ef29

Bug#1029715: passenger: Warns for two security vulnerability with upstream fixes

2023-01-26 Thread Herwin Weststrate 
Package: passenger
Version: 6.0.13+ds-1+b2
Severity: normal
Tags: upstream

Dear Maintainer,

When starting, the Apache logs show an available update with two security 
issues fixed:

[ E 2023-01-26 16:19:00.9642 2682647/T6 age/Cor/SecurityUpdateChecker.h:521 
]: A security update is available for your version (6.0.13) of Phusion 
Passenger(R). We strongly recommend upgrading to version 6.0.17.
[ E 2023-01-26 16:19:00.9644 2682647/T6 age/Cor/SecurityUpdateChecker.h:526 
]: Additional security update check information:
- [Fixed in 6.0.14] [CVE-2018-25032] zlib before 1.2.12 allows memory 
corruption when deflating (i.e., when compressing) if the input has many 
distant matches.
- [Fixed in 6.0.14] A use after free memory safety issue was introduced in 
6.0.12, and fixed in 6.0.14.

It would be nice if it was still possible to update the version of Passenger to 
at least 6.0.14


-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
merged-usr: no
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-22-amd64 (SMP w/2 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages passenger depends on:
ii  libc6   2.36-8
ii  libcurl47.87.0-2
ii  libev4  1:4.33-1
ii  libgcc-s1   12.2.0-14
ii  libruby 1:3.1
ii  libruby3.1  3.1.2-4
ii  libssl3 3.0.7-2
ii  libstdc++6  12.2.0-14
ii  libuv1  1.44.2-1
ii  ruby1:3.1
ii  ruby-rack   2.2.4-2

passenger recommends no packages.

Versions of packages passenger suggests:
ii  nodejs   18.13.0+dfsg1-1
ii  python3  3.10.6-3+b1
pn  rails

-- no debconf information

Bug#982880: ruby-power-assert: Upsteam homepage is updated

2021-02-15 Thread Herwin Weststrate 
Package: ruby-power-assert
Version: 1.1.7-2
Severity: minor

Dear Maintainer,

The apt info shows:

Homepage: https://github.com/k-tsj/power_assert

It looks like the project has been integrated into the Ruby core team,
the github page shows it being a fork of
https://github.com/ruby/power_assert.


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-3-amd64 (SMP w/2 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- no debconf information

Bug#888242: ieee-data: update-ieee-data should be moved to /usr/sbin

2018-01-23 Thread Herwin Weststrate 
Package: ieee-data
Version: 20160613.1
Severity: minor

Dear Maintainer,

ieee-data includes a script /usr/bin/update-ieee-data to fetch new
versions of the data files. When running this script as a normal user,
the download succeeds but then it fails to move it to /var/lib. Since
this download takes a while, you don't notice the failure directly.

I think it would be clearer to install the update script in /usr/sbin
instead of /usr/bin.

-- System Information:
Debian Release: 9.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8),
LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ieee-data depends on:
ii  curl 7.52.1-5+deb9u3
ii  libwww-perl  6.15-1
ii  wget 1.18-5+deb9u1

ieee-data recommends no packages.

ieee-data suggests no packages.

-- no debconf information

Bug#888241: ieee-data: include the csv files

2018-01-23 Thread Herwin Weststrate 
Package: ieee-data
Version: 20160613.1
Severity: wishlist

Dear Maintainer,

IEEE offers the data included in ieee-data in both text and csv format.
I guess most people prefer machine-readable data, so it would be great
if the csv-files could be included as well.

The locations of the csv files:

http://standards-oui.ieee.org/oui/oui.csv
http://standards-oui.ieee.org/oui28/mam.csv
http://standards-oui.ieee.org/oui36/oui36.csv
http://standards-oui.ieee.org/iab/iab.csv

-- System Information:
Debian Release: 9.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8),
LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ieee-data depends on:
ii  curl 7.52.1-5+deb9u3
ii  libwww-perl  6.15-1
ii  wget 1.18-5+deb9u1

ieee-data recommends no packages.

ieee-data suggests no packages.

-- no debconf information

Bug#777158: Text functions segfault on i386

2016-06-17 Thread Herwin Weststrate 
Still broken on Debian Stretch and Sid as well, only Experimental
appears to have the updated packages.

-- 
Herwin Weststrate

Bug#822935: postgresql-9.4-asn1oid: Plugin crashes when trying to use syntax '.1.2.3'::asn1oid

2016-04-29 Thread Herwin Weststrate 
Attached is a better patch, basicly every occurence of
PG_RETURN_POINTER(0) resulted in a segfault, text input like '1.2.3',
'.' or '' would still fail with the first patch.
The behavior here is comparable to what happens when you use
"'foo'::integer"

-- 
Herwin Weststrate
Quarantainenet BV
--- pgsql-asn1oid-0.0.20100818/asn1oid.c	2010-08-18 17:24:28.0 +0200
+++ pgsql-asn1oid-0.0.20100818.patched/asn1oid.c	2016-04-29 08:55:12.952143426 +0200
@@ -101,21 +101,36 @@
 tmp[i] += 9;
 break;
 case '.':
-if(c == str)
-PG_RETURN_POINTER(0);
+if(c == str) {
+if (c[1]) {
+/* Skip over first dot */
+break;
+}
+ereport(ERROR,
+  (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
+  errmsg("invalid input syntax for type asn1oid: \"%s\"",
+str)));
+}
 ++i;
 if(i >= 64)
-PG_RETURN_POINTER(0);
+ereport(ERROR,
+  (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
+  errmsg("invalid input syntax for type asn1oid: \"%s\"",
+str)));
 tmp[i] = 0;
 break;
 default:
-PG_RETURN_POINTER(0);
+ereport(ERROR,
+  (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
+  errmsg("invalid input syntax for type asn1oid: \"%s\"",
+str)));
 }
 }
-if(c == str)
-PG_RETURN_POINTER(0);
-if(c[-1] == '.')
-PG_RETURN_POINTER(0);
+if(c == str || c[-1] == '.')
+ereport(ERROR,
+  (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
+  errmsg("invalid input syntax for type asn1oid: \"%s\"",
+str)));
 
 ++i;

Bug#822935: postgresql-9.4-asn1oid: Plugin crashes when trying to use syntax '.1.2.3'::asn1oid

2016-04-29 Thread Herwin Weststrate 
Package: postgresql-9.4-asn1oid
Version: 0.0.20100818-3.1
Severity: normal

Dear Maintainer,

  template1=# SELECT '.1.2.3'::asn1oid;
  server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
  The connection to the server was lost. Attempting reset: Failed.

Attached is a very simple patch that fixes this problem.


-- System Information:
Debian Release: 8.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages postgresql-9.4-asn1oid depends on:
ii  libc6   2.19-18+deb8u4
ii  postgresql-9.4  9.4.7-1.pgdg80+1

postgresql-9.4-asn1oid recommends no packages.

postgresql-9.4-asn1oid suggests no packages.

-- no debconf information

--- asn1oid.c.orig	2016-04-29 08:05:46.202000167 +0200
+++ asn1oid.c	2016-04-29 08:01:32.605836190 +0200
@@ -101,8 +101,12 @@
 tmp[i] += 9;
 break;
 case '.':
-if(c == str)
+if(c == str) {
+if (c[1]) {
+break;
+}
 PG_RETURN_POINTER(0);
+}
 ++i;
 if(i >= 64)
 PG_RETURN_POINTER(0);

Bug#809822: ruby-haml: URL given in package-info is incorrect

2016-01-04 Thread Herwin Weststrate 
Package: ruby-haml
Version: 4.0.5-2
Severity: minor

Dear Maintainer,

When using `apt-cache show ruby-haml` or `aptitude show ruby-haml`, the
homepage shown is . This page no longer works, the
official new webpage appears to be .

-- System Information:
Debian Release: 8.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ruby-haml depends on:
ii  ruby1:2.1.5+deb8u1
ii  ruby-tilt   2.0.0+really1.4.1-1
ii  ruby2.1 [ruby-interpreter]  2.1.5-2+deb8u2

Versions of packages ruby-haml recommends:
pn  ruby-erubis 
pn  ruby-html2haml  
pn  ruby-sass   

Versions of packages ruby-haml suggests:
pn  rails  
pn  yard   

-- no debconf information

Bug#775281: raddb_dir is /etc/freeradius, not /etc/raddb

2015-12-20 Thread Herwin Weststrate 
I just pushed a fix to the upstream repo:
https://github.com/FreeRADIUS/freeradius-server/pull/1465. So this will
be fixed once someone decides to package 3.0.

-- 
Herwin Weststrate

Bug#800151: freeradius: Freeradius refuses to start with old libssl

2015-12-18 Thread Herwin Weststrate 
This has been fixed in the version in Jessie (2.2.5+dfsg-0.2, see
#765871). Building a new backport would fix this problem.

Another option is to edit radiusd.conf, in the section security, add the
following line:

  allow_vulnerable_openssl = yes

You can limit this to a list with just the known vulnerabilities, but I
don't really see the point in doing that at a Debian system.

-- 
Herwin Weststrate

Bug#801121: ruby-kramdown: Invalid symlink to jquery libs

2015-10-06 Thread Herwin Weststrate 
Package: ruby-kramdown
Version: 1.4.2-2
Severity: minor

Dear Maintainer,

ruby-kramdown creates a symlink to jquery.js from the package
`libjs-jquery`. However, there is a typo in the links file which results
in a broken symlink. The fix is very simple (patch attached).

-- System Information:
Debian Release: 8.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ruby-kramdown depends on:
ii  libjs-jquery1.7.2+dfsg-3.2
ii  ruby1:2.1.5+deb8u1
ii  ruby-coderay1.1.0-2
ii  ruby-prawn  1.3.0+dfsg-1
ii  ruby-prawn-table0.2.0-1
ii  ruby-stringex   2.5.2-2
ii  ruby2.1 [ruby-interpreter]  2.1.5-2+deb8u2

ruby-kramdown recommends no packages.

ruby-kramdown suggests no packages.

-- no debconf information
diff --git a/debian/ruby-kramdown.links b/debian/ruby-kramdown.links
index d8bfd40..eba210c 100644
--- a/debian/ruby-kramdown.links
+++ b/debian/ruby-kramdown.links
@@ -1 +1 @@
-/usr/share/javascript/jsquery/jquery.js usr/share/doc/ruby-kramdown/rdoc/js/jquery.js
+/usr/share/javascript/jquery/jquery.js usr/share/doc/ruby-kramdown/rdoc/js/jquery.js

Bug#798348: ruby-tzinfo: Loading tzdata may break because of encoding

2015-09-08 Thread Herwin Weststrate 
Package: ruby-tzinfo
Version: 1.1.0-2
Severity: normal

Dear Maintainer,

Last weekend the tzdata package has had an update. This update added an
accent to the file /usr/share/zoneinfo/iso3166.tab, making it UTF8
instead of ASCII. Depending on your locale settings, this may break
ruby-tzinfo, with an error like this:

  /usr/lib/ruby/vendor_ruby/tzinfo/zoneinfo_data_source.rb:325:in
  `block (2 levels) in load_country_index': invalid byte sequence in
  US-ASCII (ArgumentError)

This has been fixed upstream in release 1.2.0 (see fifth bullet of
)

-- System Information:
Debian Release: 8.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ruby-tzinfo depends on:
ii  ruby1:2.1.5+deb8u1
ii  ruby-thread-safe0.3.3-1
ii  ruby2.1 [ruby-interpreter]  2.1.5-2+deb8u2

ruby-tzinfo recommends no packages.

ruby-tzinfo suggests no packages.

-- no debconf information

Bug#777158: Text functions segfault on i386

2015-05-07 Thread Herwin Weststrate 
Just compiled the package with this two lines added to the top of
debian/rules:

  export CC=/usr/bin/clang-3.5
  export CXX=/usr/bin/clang++-3.5

And suddenly it works

-- 
Herwin Weststrate


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#777158: Text functions segfault on i386

2015-05-04 Thread Herwin Weststrate 
Some more observations:

The error begins in PerlMagick/Magick.xs method QueryFontMetrics around
line 12321:

  draw_info=CloneDrawInfo(package_info-image_info,(DrawInfo *) NULL);
  CloneString(draw_info-text,);

Tracing CloneDrawInfo in GDB, we have the following piece of code:

  clone_info=(DrawInfo *) AcquireMagickMemory(sizeof(*clone_info));
  ...
  GetDrawInfo(image_info,clone_info);
  if (draw_info == (DrawInfo *) NULL)
return(clone_info);

AcquireMagickMemory is basicly a malloc, and GetDrawInfo initialized the
structure created with AcquireMagickMemory with some defaults. The
relevant changes it does here (we'll get to why these attributes are
relevant in a minute):

  clone_info.text = NULL;
  clone_info.decorate = NoDecoration;
  clone_info.compose = OverCompositeOp;

After the call to GetDrawInfo in CloneDrawInfo, my attempt here results
in the following addresses (reproduction may vary):

  (gdb) p clone_info-text
  $1 = (char **) 0x90b93bc
  (gdb) p clone_info-compose
  $2 = (CompositeOperator *) 0x90b93b8
  (gdb) p clone_info-decorate
  $3 = (DecorationType *) 0x90b93b4

Calling next in GDB after this point jumps to line 351, which is the
end of the function CloneDrawInfo. Suddenly we can't read the symbolic
value anymore:

  (gdb) p clone_info-text
  value has been optimized out
  (gdb) p clone_info-text
  value has been optimized out
  (gdb) p clone_info
  $4 = optimized out

When returning to QueryFontMetrics on line 12322, the symbol draw_info
(which was the result of CloneDrawInfo) behaves the same, everything has
been optimized out. Once we continue, we get the segfault:

  #3  0xf76cdc8e in CloneString (destination=0x90b93b4,
source=0xf7855f1f ) at ../../magick/string.c:287

Destination should have been the value of `draw_info-text`, but thas
was 0x90b93bc. Instead, an address of 8 bytes lower has been passed. If
we look at the definition of DrawInfo:

  ..
  DecorationType decorate;
  CompositeOperator compose;
  char *text;
  ...

This shows that decorate has been passed. This has been initialized with
the value NoDecoration, which results in 1. This explains the 0x1
showing up in the backtraces in GDB. Just to be complete, the memory
looks like this:

  (gdb) x/3x 0x90b93b4
  0x90b93b4:0x00010x00280x

The second value (0x28) is the value of OverCompositeOp, assigned to
draw_info-compose. The third value is a NULL-pointer for the text.

I don't really understand what could make this shift of two bytes.

-- 
Herwin Weststrate


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#777158: Text functions segfault on i386

2015-04-24 Thread Herwin Weststrate 
I've seen it as wel when calling XS_Image__Magick__Q16_Mogrify

From what i've seen, the parameter **destination in CloneString always
points to 0x0001, which I don't think is correct.

-- 
Herwin Weststrate


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#778534: libfcgi-perl: Make example scripts executable

2015-02-16 Thread Herwin Weststrate 
Package: libfcgi-perl
Version: 0.77-1+b1
Severity: minor

mod_fcgi of apache expects the input files to be executables. The
package libfcgi-perl contains a number of examples
(/usr/share/doc/libfcgi-perl/examples), but these aren't executable by
default. This results in errors like mod_fcgid: error reading data from
FastCGI server.

Making these scripts executable by default could possible save people
trying the examples some debug work.

-- 
Herwin Weststrate


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#760754: Debian freeradius consider all files in modules/ folder, also *.dpkg-* ones...

2015-01-02 Thread Herwin Weststrate 
 I think, as other debian package, only files with a specific extension
 have to be read (*.conf?)

That sounds like a big diversion from upstream, since none of the
current files in that directory contain an extension. The result of this
could be that the various tutorials/howtos on the web can't be applied
to Debian any more.

FreeRADIUS 3 (not in Debian) uses a folder mods-enabled, similar to
sites-enabled. I guess this is the cleanest solution, but backporting it
to v2.x will result in different problems.

 or at least that sources of trouble have to be added to debian
 documentation (README.Debian and something like that).

That sounds less intrusive. Maybe another option is to warn in the logs,
or even fail to start, if a file with a name matching
.{dpkg,ucf}-{dist,new} is encountered (I've got no idea what the
preferred option here should be).

-- 
Herwin Weststrate


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#689419: freeradius: segfaults in rlm_perl

2014-12-31 Thread Herwin Weststrate 
This has been fixed upstream, and that fix is included in release 2.2.5,
which is in jessie and wheezy-backports. I guess this bug report can be
closed.

-- 
Herwin Weststrate


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#731119: freeradius-ldap : basedn can't be empty

2014-12-30 Thread Herwin Weststrate 
This patch has been integrated in release 2.2.5, which can be found in
jessie and wheezy-backports. I guess that will fix you problems.

-- 
Herwin Weststrate
www.quarantainenet.nl


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772737: /usr/share/perl5/Mail/Message/Field.pm: Warning for possible typo when using warnings/strict

2014-12-10 Thread Herwin Weststrate 
Package: libmail-box-perl
Version: 2.117-1
Severity: minor
File: /usr/share/perl5/Mail/Message/Field.pm
Tags: patch

$ perl -cw /usr/share/perl5/Mail/Message/Field.pm
Name Mail::Message::Field::size used only once: possible typo at 
/usr/share/perl5/Mail/Message/Field.pm line 102.
/usr/share/perl5/Mail/Message/Field.pm syntax OK

Even though it doesn't break anything, it's ugly. Possibilities for fixes:

- Rewrite it to a sub (will be slower in theory)
- Define a call somewhere to size, so it is used again. For example, add
  the following to the line below:
 
  { my $sub = sub{ size(); }; }

  The anonymous sub goes directly out of scope, so this doesn't clutter
  the namespace.

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libmail-box-perl depends on:
ii  libdevel-globaldestruction-perl  0.13-1
ii  libdigest-hmac-perl  1.03+dfsg-1
ii  libfile-remove-perl  1.52-1
ii  libio-stringy-perl   2.110-5
ii  libmailtools-perl2.13-1
ii  libmime-types-perl   2.09-3
ii  libobject-realize-later-perl 0.19-1
ii  libtimedate-perl 2.3000-2
ii  liburi-perl  1.64-1
ii  libuser-identity-perl0.94-1
ii  perl 5.20.1-3

libmail-box-perl recommends no packages.

Versions of packages libmail-box-perl suggests:
ii  libhtml-format-perl  2.11-1
ii  libhtml-tree-perl5.03-1
pn  libmail-imapclient-perl  none
ii  libmime-tools-perl   5.505-1
pn  spamassassin none

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#770008: calendar-google-provider: Can no longer connect to Google calendars

2014-11-20 Thread Herwin Weststrate 
Downloading the addon from
https://addons.mozilla.org/thunderbird/downloads/latest/4631/ and
manually installing it into icedove seems to work, so a workaround is
possible.

-- 
Herwin Weststrate


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#765871: does not start with new openssl version

2014-10-23 Thread Herwin Weststrate 
Simply recompiling the fix will stop the problem now, but it might
reoccur at the next openssl update. The upstream fix can be found at
https://github.com/FreeRADIUS/freeradius-server/commit/3eb1025dc6ac34608a7d5dc2461f3b227d2131ba
(only for 3.0, but it looks like it's pretty easy to backport it to 2.2.

Added a CC to Sam Hartman. Sam, since you're the one who uploaded the
2.2 packages, could you take a look at it?

-- 
Herwin Weststrate


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#724293: libgraphics-colorobject-perl: warnings with Perl 5.14

2013-09-23 Thread Herwin Weststrate 
Package: libgraphics-colorobject-perl
Version: 0.5.0-5
Severity: normal

Actually the same bug as in #578938, but it doesn't look like it's
solved in version 0.5.0-5. The warnings still occurs:

  $ perl -MGraphics::ColorObject -we
'Graphics::ColorObject-new_RGBhex(#ff)'
  Use of uninitialized value within @_ in lc at
/usr/share/perl5/Graphics/ColorObject.pm line 1905.

When comparing the extracted version 0.5.0-4 and 0.5.0-5, there seems to
be no difference between the ColorObject.pm files.

Changing line 1905 of /usr/share/perl5/Graphics/ColorObject.pm to the
following should solve the problem:

  my $name = shift;
  return undef unless defined $name;
  $name = lc($name);

-- System Information:
Debian Release: 7.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libgraphics-colorobject-perl depends on:
ii  libgraphics-colornames-perl  2.11-4
ii  perl 5.14.2-21

libgraphics-colorobject-perl recommends no packages.

libgraphics-colorobject-perl suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#706604: dovecot-core: Typo in comments of default config file

2013-05-02 Thread Herwin Weststrate 
Package: dovecot-core
Version: 1:2.1.7-7
Severity: minor

Dear Maintainer,

Copied from the default config file after a clean install:

# Sepace separated list of login access check sockets (e.g. tcpwrap)

Of course Sepace should be Space

-- Package-specific info:

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages dovecot-core depends on:
ii  adduser 3.113+nmu3
ii  libbz2-1.0  1.0.6-4
ii  libc6   2.13-38
ii  libpam-runtime  1.1.3-7.1
ii  libpam0g1.1.3-7.1
ii  libssl1.0.0 1.0.1e-2
ii  openssl 1.0.1e-2
ii  ucf 3.0025+nmu3
ii  zlib1g  1:1.2.7.dfsg-13

dovecot-core recommends no packages.

Versions of packages dovecot-core suggests:
ii  dovecot-gssapi1:2.1.7-7
ii  dovecot-imapd 1:2.1.7-7
ii  dovecot-ldap  1:2.1.7-7
pn  dovecot-lmtpd none
pn  dovecot-managesieved  none
ii  dovecot-mysql 1:2.1.7-7
ii  dovecot-pgsql 1:2.1.7-7
ii  dovecot-pop3d 1:2.1.7-7
ii  dovecot-sieve 1:2.1.7-7
pn  dovecot-solr  none
ii  dovecot-sqlite1:2.1.7-7
ii  ntp   1:4.2.6.p5+dfsg-2

Versions of packages dovecot-core is related to:
ii  dovecot-core [dovecot-common]  1:2.1.7-7
pn  dovecot-dbgnone
pn  dovecot-devnone
ii  dovecot-gssapi 1:2.1.7-7
ii  dovecot-imapd  1:2.1.7-7
ii  dovecot-ldap   1:2.1.7-7
pn  dovecot-lmtpd  none
pn  dovecot-managesieved   none
ii  dovecot-mysql  1:2.1.7-7
ii  dovecot-pgsql  1:2.1.7-7
ii  dovecot-pop3d  1:2.1.7-7
ii  dovecot-sieve  1:2.1.7-7
ii  dovecot-sqlite 1:2.1.7-7

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#592499: libruby1.9: XMLRPC::Client misses import of WEBrick::Cookie

2013-04-10 Thread Herwin Weststrate 
This issue has been fixed in the Squeeze release of ruby1.9. The results 
can be seen in the source code, where the upstream reported patch can be 
found. Creating a testscript for it to prove that would sound like a 
waste of time, so let's just close this one ;)


--
Herwin Weststrate


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#633842: ruby1.9: Bug with xmlrpc::client, basic auth and long authentication strings

2013-04-09 Thread Herwin Weststrate 
The bug has actually been fixed in the Ruby 1.9 packages of Debian 
Wheezy, so I guess this bug report can be closed.


Upstream fix: https://bugs.ruby-lang.org/issues/5046

--
Herwin Weststrate


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#323790: cdebootstrap: Description is very, very short

2013-04-07 Thread Herwin Weststrate 

The current description (sid, version 0.5.9) is a bit longer:


cdebootstrap generates systems from scratch for Debian and
derivates.

This is implementation is different from debootstrap.  It features a
different package selection.  The package selection is done according
to the flavour.


Assuming the part This is should be replaced by This, the text 
doesn't make things more clear. What's a flavour, and how is the package 
selection different?


--
Herwin Weststrate


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#704918: libjson0: Upstream homepage has been updated

2013-04-07 Thread Herwin Weststrate 
Package: libjson0
Version: 0.10-1.2
Severity: minor

Dear Maintainer,

The information of the package contains the following:

Homepage: http://oss.metaparadigm.com/json-c/

This site states it's obsolete, https://github.com/json-c/json-c/wiki should be
used instead. I think this should be updated in the package description as well.

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libjson0 depends on:
ii  libc6  2.13-38
ii  multiarch-support  2.13-38

libjson0 recommends no packages.

libjson0 suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#696817: dovecot destroys user ssl configuration

2013-01-23 Thread Herwin Weststrate 

Here is what I came up with, if this seems to make sense and is
considered as a patch, *please do proofread and test it, I did no
such thing on my end.*


One small remark: the + after ssl_key and ssl_cert (lines 122+123) 
mean match one or more of the last character. Thus, a config line like 
ssl_certt=/foo/bar would match too. The line should be fine 
without the + here.
And it will break if the filename contains whitespace, but I'm not sure 
if dovecot supports this (and imho it's a stupid idea anyway).


--
Herwin Weststrate
Studenten Net Twente


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#637727: Upstream of dbi-ruby has been abandoned

2012-11-12 Thread Herwin Weststrate 
Since I noticed that this bug has been tagged Upstream: the developers 
of ruby-dbi have silently left this project and continued with a rewrite 
called RBDI. The only reference I could find to this was [1]. Sadly, 
this rewrite still has a lot of (other) issues and hasn't been updated 
recently.


[1]: https://rubyforge.org/forum/forum.php?thread_id=49988forum_id=958

--
Herwin Weststrate


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#675402: ctorrent: Typo in the manpage

2012-05-31 Thread Herwin Weststrate 
Package: ctorrent
Version: 1.3.4.dnh3.3.2-4
Severity: minor

There manpage contains the following lines:

   -t  Create a new torrent file
   -t URL
  Tracker's URL

As one could expect, one of those switches is incorrect. According to
the output of `ctorrent -h` the second '-t' should be changed to '-u'.

Make metainfo (torrent) file options:
-u URL  Tracker's URL

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-2-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages ctorrent depends on:
ii  libc6   2.13-32
ii  libgcc1 1:4.7.0-10
ii  libstdc++6  4.7.0-10

ctorrent recommends no packages.

ctorrent suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#639950: unable to login

2012-02-25 Thread Herwin Weststrate 
On Sat, Feb 25, 2012 at 12:49:52PM +0100, Vincent Bernat wrote:
 OoO Pendant  le temps  de midi  du samedi 25  février 2012,  vers 12:18,
 Herwin Weststrate her...@snt.utwente.nl disait :
 
  This is probably due to an old version of php-mdb2, which does
  not work with PHP 5.3 (see #571702). Upgrading php-mdb2 to the
  latest release (which is not packaged in Debian) will probably
  solve this.
  
  I have the  same error messages but  no problem to login. I  will
  try to package  a new  version of  php-mdb2  soon and  check if  it
  solves  the problem anyway.
 
  There is an updated package in unstable/sid since one or two days, see
  #571702 for more info.
 
 Oh fine. Does this fix this bug (#639950)?

Yes, it does. However, the php-mdb2 package is not available in Squeeze
so still a bit of manual work is required to remove this bug completely.

-- 
Herwin Weststrate
Studenten Net Twente


signature.asc
Description: Digital signature

Bug#639950: unable to login

2012-02-25 Thread Herwin Weststrate 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 02/25/2012 12:05 PM, Vincent Bernat wrote:
 OoO  En cette nuit  nuageuse du  vendredi 24  février 2012,  vers
 01:39, Herwin Weststrate her...@snt.utwente.nl disait :
 
 This is probably due to an old version of php-mdb2, which does
 not work with PHP 5.3 (see #571702). Upgrading php-mdb2 to the
 latest release (which is not packaged in Debian) will probably
 solve this.
 
 I have the  same error messages but  no problem to login. I  will
 try to package  a new  version of  php-mdb2  soon and  check if  it
 solves  the problem anyway.

There is an updated package in unstable/sid since one or two days, see
#571702 for more info.

- -- 
Herwin Weststrate
Studenten Net Twente
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJPSMOVAAoJELNFUEBHUJ9B1jMP/RQrpjab6GPMs3MHhVaVe8Ge
FRQEoWTIdytfw71F4sXDle2MOp3FYuIDz2/anVopD69TnGx8ikLbmVI4gXUlelZL
8p5lxa3P53JjgpK/IluOxSBnvavXpVZjCryTaTEHzlRlHzzquzR/hv5RAvHtQtq4
bejlUqJ4t9S6ZMCGNYLKo1AT3GZAqhMCcyvHWoSlMy17x4ggflxnFsyUY1qCBEY3
5Ql6VxrdUGTath6ZOi9Sv/w7yy34Bo3Z55V8iJ5BaRdoqBcDQXid+vag297trGVf
xotSrJlAj3wTQC20pAECeci2kT36/VWdfIeC1ZF5OeMagEDEs2naYfnRbMQhPBRf
lQ1UuiqAAehRt3Wlf8DPYnmlGHPxrapX6uyCQBUM/7Sr7frfO5AS4td4uylPobUA
7V1csAc+UmRSZT5wmgYWCk5Ttdk/0hZc1mVfPYuS/VulHc934cbk2zs5Dfynu9x8
NXd2xUcypxCirHUsacdX4q+3Ttg0TM1efN8oF02AZbtoLQxTwvYWcDq8MC5UiqhF
4nsk7SCy9Lut4Lp2XnMcoqmn7G6u3pDjr2xtWse9GzpcJOqkMP5QvSA94OZIEwAA
/81ioWRiLIqayOLt73NbgwcvzZU2WsTIlbr+FfWbQjKabPzckqgO5/eSLzrDZRbl
qdSXyuiDLIlBg2H/bJMS
=ncsy
-END PGP SIGNATURE-



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#612515: php-mdb2: new upstream version (2.5.0b3) is available

2012-02-23 Thread Herwin Weststrate 
Is there any chance this bugs when using PHP 5.3 (which is the default
in Debian Squeeze) will be fixed (e.g. by using the new upstream
version)?
In the meantime, I've created a package of the new version (2.5.0b3). If
anyone is interested I could share it.

-- 
Herwin Weststrate
Studenten Net Twente


signature.asc
Description: Digital signature

Bug#639950: unable to login

2012-02-23 Thread Herwin Weststrate 
This is probably due to an old version of php-mdb2, which does not work
with PHP 5.3 (see #571702). Upgrading php-mdb2 to the latest release
(which is not packaged in Debian) will probably solve this.

-- 
Herwin Weststrate
Studenten Net Twente


signature.asc
Description: Digital signature

Bug#661089: roundcube: HTML mail sent as text/plain

2012-02-23 Thread Herwin Weststrate 
Package: roundcube
Version: 0.3.1-6
Severity: normal

Roundcube has an HTML editor for sending mail, but this mail is sent
with the wrong content-type. The relevant headers:

  MIME-Version: 1.0
  Content-Type: text/plain; charset=UTF-8
  Content-Transfer-Encoding: 8bit

The mail body does contain HTML tags, and some mail clients may decide
to interpret the message as HTML, but it's not according to the RFCs.


-- System Information:
Debian Release: 6.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages roundcube depends on:
ii  roundcube-core0.3.1-6skinnable AJAX based webmail solut

roundcube recommends no packages.

roundcube suggests no packages.

Versions of packages roundcube-core depends on:
ii  apache22.2.16-6+squeeze6 Apache HTTP Server metapackage
ii  apache2-mpm-prefork [h 2.2.16-6+squeeze6 Apache HTTP Server - traditional n
ii  dbconfig-common1.8.46+squeeze.0  common framework for packaging dat
ii  debconf [debconf-2.0]  1.5.36.1  Debian configuration management sy
ii  libjs-jquery   1.4.2-2   JavaScript library for dynamic web
ii  libmagic1  5.04-5File type determination library us
ii  php-auth   1.6.2-1   PHP PEAR modules for creating an a
ii  php-mail-mime  1.8.0-2   PHP PEAR module for creating MIME 
ii  php-mdb2   2.5.0b3-1 PHP PEAR module to provide a commo
ii  php-net-smtp   1.4.2-3   PHP PEAR module implementing SMTP 
ii  php-net-socket 1.0.9-2   PHP PEAR Network Socket Interface 
ii  php5   5.3.3-7+squeeze8  server-side, HTML-embedded scripti
ii  php5-gd5.3.3-7+squeeze8  GD module for php5
ii  php5-mcrypt5.3.3-7+squeeze8  MCrypt module for php5
ii  php5-pspell5.3.3-7+squeeze8  pspell module for php5
ii  roundcube-pgsql0.3.1-6   metapackage providing PostgreSQL d
ii  tinymce3.3.8+dfsg0-0.1   platform independent web based Jav
ii  ucf3.0025+nmu1   Update Configuration File: preserv

-- Configuration Files:
/etc/cron.daily/roundcube [Errno 2] No such file or directory: 
u'/etc/cron.daily/roundcube'
/etc/default/roundcube [Errno 2] No such file or directory: 
u'/etc/default/roundcube'
/etc/logrotate.d/roundcube [Errno 2] No such file or directory: 
u'/etc/logrotate.d/roundcube'

-- debconf information excluded



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#633842: ruby1.9: Bug with xmlrpc::client, basic auth and long authentication strings

2011-07-14 Thread Herwin Weststrate 
Package: ruby1.9
Version: 1.9.0.2-9lenny1
Severity: normal
Tags: patch


XMLRPC::Client has support for basic auth. This tries to encode the
combination of the username and password with the base64 algorithm using
Array.pack. If however your username and password exceed a certain
length the truncate algorithm of Array.pack kicks in and adds a newline
character in the result, which creates HTTP headers that are invalid.
If I understand the documentation of Array.pack correctly, this can be
suppressed by using the pack template 'm0' instead of 'm', but this does
not yield to any change in the output. Maybe I've misunderstood the
documentation at this point, but this might be another bug.
I've added an ugly workaround by using the double of the length. Since
base64 adds about 30% in length this should be enough for everybody
(famous last words)


-- System Information:
Debian Release: 5.0.8
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-bpo.4-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages ruby1.9 depends on:
ii  libc62.7-18lenny7GNU C Library: Shared libraries
ii  libruby1.9   1.9.0.2-9lenny1 Libraries necessary to run
Ruby 1.

ruby1.9 recommends no packages.

Versions of packages ruby1.9 suggests:
ii  rdoc1.9  1.9.0.2-9lenny1 Generate documentation from
Ruby s
pn  ri1.9none  (no description available)
pn  ruby1.9-examples none  (no description available)
ii  rubygems1.9  1.2.0-3 package management
framework for R

-- no debconf information

--- client.rb.orig  2011-07-14 10:53:14.0 +0200
+++ client.rb   2011-07-14 10:53:39.0 +0200
@@ -493,7 +493,7 @@
   else
 a =  #@user
 a  :#@password if @password != nil
-@auth = (Basic  + [a].pack(m)).chomp
+@auth = (Basic  + [a].pack(m#{a.length*2})).chomp
   end
 end

Bug#612973: pure-ftpd-postgresql: Incorrect default location of postgresql unix socket

2011-02-11 Thread Herwin Weststrate 
Package: pure-ftpd-postgresql
Version: 1.0.28-3+b1
Severity: normal


This package includes some defaults for use with postgresql running on a
UNIX socket

  # *or* if PostgreSQL can only be reached through a local Unix socket
  # PGSQLServer /tmp
  # PGSQLPort   .s.PGSQL.5432

In Debian the default location for the socket is not in /tmp but in
/var/rub/postgresql. These lines should be changed to

  # *or* if PostgreSQL can only be reached through a local Unix socket
  # PGSQLServer /var/run/postgresql
  # PGSQLPort   .s.PGSQL.5432

-- System Information:
Debian Release: 6.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages pure-ftpd-postgresql depends on:
ii  libc6   2.11.2-10Embedded GNU C Library: Shared lib
ii  libcap2 1:2.19-3 support for getting/setting POSIX.
ii  libpam0g1.1.1-6.1Pluggable Authentication Modules l
ii  libpq5  8.4.7-0squeeze2  PostgreSQL C client library
ii  libssl0.9.8 0.9.8o-4 SSL shared libraries
ii  lsb-base3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii  openbsd-inetd [inet-sup 0.20080125-6 The OpenBSD Internet Superserver
ii  pure-ftpd-common1.0.28-3 Pure-FTPd FTP server (Common Files
ii  zlib1g  1:1.2.3.4.dfsg-3 compression library - runtime

pure-ftpd-postgresql recommends no packages.

pure-ftpd-postgresql suggests no packages.

-- Configuration Files:
/etc/pure-ftpd/db/postgresql.conf changed [not included]

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#601360: amtterm: amttool always returns a `400 Bad Request'

2010-10-25 Thread Herwin Weststrate 
Package: amtterm
Version: 1.2-1
Severity: normal
Tags: upstream

When running the amttool the result always is
  400 Bad Request at ./amttool line 103

The problem is caused by the schema base. In line 87 the client tries to 
receive it with:
  my $schemabase = http://schemas.intel.com/platform/client;;
This is a dead link.


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages amtterm depends on:
ii  libc6 2.11.2-6   Embedded GNU C Library: Shared lib

Versions of packages amtterm recommends:
ii  libsoap-lite-perl 0.712-1Perl implementation of a SOAP clie

amtterm suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#594887: libfrontier-rpc-perl: sub decode fails to decode values of type double when using 'use-objects'

2010-08-30 Thread Herwin Weststrate 
Package: libfrontier-rpc-perl
Version: 0.07b4-4
Severity: normal
Tags: patch


When running the method 'decode' on a valid XML-RPC input with the
option 'use-objects' on, every entry should be encoded as a
Frontier::RPC::datatype object. This fails on the type double, the
module does have code to convert a float but the float is not defined in
the specifications of XML-RPC (http://www.xmlrpc.com/spec).

An example input may look like this:

  ?xml version=1.0?
  methodCall
  methodNameperform_actions/methodName
  params
  paramnamesome_string/namevaluestringX/string/value
  /param
  paramnamesome_double/namevaluedouble1.2/double/value
  /param
  /params
  /methodCall

When running it through this conversion code (shortened version):

  my $coder = Frontier::RPC2-new('encoding' = 'UTF-8', 'use_objects' = 1);
  my $test = $coder-decode($data);
  print Dumper($test);

The ouput does look like this (with only relevan fields shown):

  'value' = [
bless( do{\(my $o = 'X')}, 'Frontier::RPC2::String' ),
'1.2'
  ]

The attached patch fixes this problem

-- System Information:
Debian Release: 5.0.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-bpo.4-486
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages libfrontier-rpc-perl depends on:
ii  libwww-perl  5.813-1 WWW client/server library for Perl
ii  libxml-parser-perl   2.36-1.1+b1 Perl module for parsing XML files
ii  perl 5.10.0-19lenny2 Larry Wall's Practical Extraction 

libfrontier-rpc-perl recommends no packages.

libfrontier-rpc-perl suggests no packages.

-- no debconf information
--- RPC2.pm 2010-08-30 14:14:14.0 +0200
+++ RPC2.pm.orig2010-08-30 14:13:25.0 +0200
@@ -434,8 +434,8 @@
} elsif ($expat-{'use_objects'}) {
if ($tag eq 'i4' or $tag eq 'int') {
$value = Frontier::RPC2::Integer-new($value);
-   } elsif ($tag eq 'double') {
-   $value = Frontier::RPC2::Double-new($value);
+   } elsif ($tag eq 'float') {
+   $value = Frontier::RPC2::Float-new($value);
} elsif ($tag eq 'string') {
$value = Frontier::RPC2::String-new($value);
}
@@ -574,7 +574,7 @@
  $date_time_object = $coder-date_time($date_time);
  $base64_object = $coder-base64($base64);
  $int_object = $coder-int(42);
- $double_object = $coder-double(3.14159);
+ $float_object = $coder-float(3.14159);
  $string_object = $coder-string(Foo);
 
 =head1 DESCRIPTION
@@ -602,8 +602,8 @@
 =item use_objects
 
 If set to a non-zero value will convert incoming Elti4Egt,
-EltdoubleEgt, and EltstringEgt values to objects instead of
-scalars.  See int(), double(), and string() below for more details.
+EltfloatEgt, and EltstringEgt values to objects instead of
+scalars.  See int(), float(), and string() below for more details.
 
 =back
 
@@ -668,13 +668,13 @@
 
 =item $int_object = $coder-int(42);
 
-=item $double_object = $coder-double(3.14159);
+=item $float_object = $coder-float(3.14159);
 
 =item $string_object = $coder-string(Foo);
 
 By default, you may pass ordinary Perl values (scalars) to be encoded.
 RPC2 automatically converts them to XML-RPC types if they look like an
-integer, double, or as a string.  This assumption causes problems when
+integer, float, or as a string.  This assumption causes problems when
 you want to pass a string that looks like 0096, RPC2 will convert
 that to an Elti4Egt because it looks like an integer.  With these
 methods, you could now create a string object like this:

Bug#592499: libruby1.9: XMLRPC::Client misses import of WEBrick::Cookie

2010-08-10 Thread Herwin Weststrate 
Package: libruby1.9
Version: 1.9.0.2-9lenny1
Severity: normal
Tags: patch

If the XML-RPC response contains a Set-Cookie header the module
WEBrick::Cookie is called to parse it. This module isn't included,
resulting in the error message
/usr/lib/ruby/1.9.0/xmlrpc/client.rb:571:in `block in do_rpc':
uninitialized constant XMLRPC::Client::WEBrick (NameError)

The fix as suggested on http://redmine.ruby-lang.org/issues/show/337
works: import the module

  require webrick/cookie



-- System Information:
Debian Release: 5.0.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-bpo.4-486
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages libruby1.9 depends on:
ii  libc6  2.7-18lenny4  GNU C Library: Shared libraries
ii  libncurses55.7+20081213-1shared libraries for terminal hand
ii  zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime

libruby1.9 recommends no packages.

libruby1.9 suggests no packages.

-- no debconf information
--- a/client.rb 2008-04-15 16:10:18.0 +0200
+++ b/client.rb 2010-08-10 16:17:59.0 +0200
@@ -279,6 +279,7 @@
 require xmlrpc/config
 require xmlrpc/utils # ParserWriterChooseMixin
 require net/http
+require webrick/cookie
 
 module XMLRPC

Bug#537405: Invalid config option in help output

2009-07-17 Thread Herwin Weststrate 
Package: atftpd
Version: 0.7.dfsg-6
Severity: minor

The output of the help show the option --no-tisize, but the option is
called --no-tsize

  --no-tisize: disable 'tsize' from RFC2349

Of course it's a trivial fix, see attached patch


--
Herwin Weststrate
Studenten Net Twente
--- tftpd.c	2009-07-17 21:18:52.0 +
+++ tftpd.c.orig	2009-07-17 21:18:39.0 +
@@ -1123,7 +1123,7 @@
  output messages\n
   --trace: log all sent and received packets\n
   --no-timeout   : disable 'timeout' from RFC2349\n
-  --no-tsize : disable 'tsize' from RFC2349\n
+  --no-tisize: disable 'tsize' from RFC2349\n
   --no-blksize   : disable 'blksize' from RFC2348\n
   --no-multicast : disable 'multicast' from RFC2090\n
   --logfile file   : logfile to log logs to ;-)\n

Bug#500890: libnss-pgsql2: Wrong SQL querys in nss-pgsql.conf

2008-10-24 Thread Herwin Weststrate 
The solution of Torsten would imply that only the users who have the
given group as a primary group are listed as the groupmembers.

The attached patch uses the join-table, and only the join-table. This
means things would break if users have this group as primary group but
aren't listed in the usergroups table. It's possible to add an OR/UNION
to the query to select these members too. (In my situation it's not
required, but I don't know what the current best-practice is to store
this.)

Herwin
--- nss-pgsql.conf.orig	2008-10-24 20:34:06.0 +0200
+++ nss-pgsql.conf	2008-10-24 20:40:49.0 +0200
@@ -11,9 +11,9 @@
 # All users
 allusers= SELECT username, passwd, gecos, homedir, shell, uid, gid FROM passwd_table
 # Must return group_name, group_passwd, group_gid
-getgrnam= SELECT groupname, passwd, gid, ARRAY(SELECT username FROM usergroups WHERE usergroups.gid = group_table.gid) AS members FROM group_table WHERE groupname = $1
+getgrnam= SELECT groupname, passwd, gid, ARRAY(SELECT passwd_table.username FROM passwd_table, usergroups WHERE passwd_table.uid = usergroups.uid AND usergroups.gid = group_table.gid) AS members FROM group_table WHERE groupname = $1
 # Must return group_name, group_passwd, group_gid
-getgrgid= SELECT groupname, passwd, gid, ARRAY(SELECT username FROM usergroups WHERE usergroups.gid = group_table.gid) AS members FROM group_table WHERE gid = $1
+getgrgid= SELECT groupname, passwd, gid, ARRAY(SELECT passwd_table.username FROM passwd_table, usergroups WHERE passwd_table.uid = usergroups.uid AND usergroups.gid = group_table.gid) AS members FROM group_table WHERE gid = $1
 # Must return gid.  %s MUST appear first for username match in where clause
-groups_dyn  = SELECT ug.gid FROM passwd_table JOIN usergroups USING (uid) where username = $1 and ug.gid  $2
-allgroups   = SELECT groupname, passwd, gid, ARRAY(SELECT username FROM usergroups WHERE usergroups.gid = group_table.gid) AS members FROM group_table
+groups_dyn  = SELECT usergroups.gid FROM passwd_table JOIN usergroups USING (uid) where username = $1 and usergroups.gid  $2
+allgroups   = SELECT groupname, passwd, gid, ARRAY(SELECT passwd_table.username FROM passwd_table, usergroups WHERE passwd_table.uid = usergroups.uid AND usergroups.gid = group_table.gid) AS members FROM group_table

Bug#494196: Typo in documentation

2008-08-07 Thread Herwin Weststrate 
Package: libnss-pgsql2
Version: 1.4.0debian-2
Severity: minor

The correct configuration key for the database connection in
/etc/nss-pgsql-root.conf is `shadowconnectionstring'. The included
documentation file (/usr/share/doc/libnss-pgsql2/nss-pgsql.html line
162) implies you have to use connectionstring, which doesn't work.




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]