Bug#238367: kernel-image-2.4.24-sparc64: Lots of oopses
Moritz Muehlenhoff wrote: reassign 238367 linux-2.6 thanks On Wed, Mar 17, 2004 at 04:28:25PM +0100, Jeroen T. Vermeulen wrote: On Tue, Mar 16, 2004 at 02:47:00PM -0500, Ben Collins wrote: This error is nothing, it can be ignored. Do your freezes always occur when X is running? Can you make it crash without X? Yup, leaving the machine near-idle overnight without X also kills it. Even ssh doesn't get through its thick metal skull after that. I'll see if I can correlate it to anything in the crontab. Does this error still occur with more recent kernel versions? Hard to say now! I don't remember the details of this bug off the top of my head, nearly 5 years later, but depending which machine I saw it on, I can say with certainty that it's one that either died or left my control years ago. Jeroen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#492880: Re[2]: Bug#492880: libpqxx-2.6.9ldbl: undefined reference
Sergey Nivarov wrote: Thank you. However it didn't help me. I've changed /usr/include/pqxx/result.hxx void freemem_result_data(result_data *) throw (); to void PQXX_LIBEXPORT freemem_result_data(result_data *) throw (); but i get the error still: /usr/bin/g++ testlib.c mipostgres.c -I/usr/include/pqxx -lpqxx /tmp/ccB4PwMu.o: In function `pqxx::internal::PQAllocpqxx::internal::result_data::freemem()': mipostgres.c:(.text._ZN4pqxx8internal7PQAllocINS0_11result_dataEE7freememEv[pqxx::internal::PQAllocpqxx::internal::result_data::freemem()]+0x14): undefined reference to `pqxx::internal::freemem_result_data(pqxx::internal::result_data*)' collect2: ld returned 1 exit status Did you rebuild the library after making the change, and if so, are you sure you're linking against the new library binary? Also, after linking to libpqxx, you'll also want to link to libpq. Jeroen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#492880: libpqxx-2.6.9ldbl: undefined reference
Sergey Nivarov wrote: Package: libpqxx-2.6.9ldbl Version: 2.6.9-6 Severity: serious Architecture: amd64 On compiling any file which uses the library it gives error: undefined reference to `pqxx::internal::freemem_result_data(pqxx::internal::result_data*)' So, i can not build absolutely anything with this library anymore. This problem happened after i upgraded Debian Etch to Debian Lenny. It worked fine before. This is a known problem in 2.6.9: that function should be declared PQXX_LIBEXPORT. Jeroen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#399307: ssh: Security update breaks
Package: ssh Version: 1:3.8.1p1-8.sarge.4 Severity: important I'm trying to install the fix for DSA 1212-1 on a sarge system (with some individual newer packages). The upgrade fails to install: Preparing to replace ssh 1:3.8.1p1-8.sarge.4 (using .../ssh_1%3a3.8.1p1-8.sarge.6_i386.deb) ... Unpacking replacement ssh ... dpkg: error processing /var/cache/apt/archives/ssh_1%3a3.8.1p1-8.sarge.6_i386.deb (--unpack): trying to overwrite `/usr/bin/ssh', which is also in package openssh-client dpkg-deb: subprocess paste killed by signal (Broken pipe) I'm not sure how this one should be classified--it doesn't actually introduce a security hole and it doesn't make my existing ssh unusable to anyone per se. But its effect is at least as serious as DSA 1212-1 itself. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Versions of packages ssh depends on: ii adduser 3.63 Add and remove users and groups ii debconf 1.4.50 Debian configuration management sy ii dpkg 1.10.28Package maintenance system for Deb ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an ii libpam-modules0.76-22Pluggable Authentication Modules f ii libpam-runtime0.76-22Runtime support for the PAM librar ii libpam0g 0.76-22Pluggable Authentication Modules l ii libssl0.9.7 0.9.7g-1 SSL shared libraries ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii zlib1g1:1.2.2-4.sarge.2 compression library - runtime -- debconf information: ssh/insecure_rshd: ssh/ssh2_keys_merged: ssh/user_environment_tell: * ssh/forward_warning: ssh/insecure_telnetd: ssh/new_config: true * ssh/use_old_init_script: true ssh/protocol2_only: true ssh/encrypted_host_key_but_no_keygen: * ssh/run_sshd: true * ssh/SUID_client: true ssh/disable_cr_auth: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#303557: phpbb2: Character encoding nightmares
On Mon, Nov 13, 2006 at 05:57:12PM +0100, Thijs Kinkhorst wrote: Upstream reports that phpbb3 beta 3 contains full UTF-8 support. While this is not (yet) packaged for Debian, you might try that out to see if it better suits your needs. I've heard, thanks. I suspect that dumping the database, running it and the translations through iconv and setting all encodings to UTF-8 might also do the trick--but either way it's a bit much for a running upgrade! Jeroen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#383214: swapspace: dies when memory low, killed by kernel?
On Tue, Aug 15, 2006 at 09:05:20PM -0700, Alan L. Liu wrote: Great, I will try it out next time I update packages. I was testing max_swapsize=1g, and it does seem to stop the version of swapspace I have now from dying. Anything up to (but not including) 2 GB should be okay, e.g. 2047 MB. Alan, thank you for your report. Anibal: can we close this one? Jeroen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#383214: swapspace: dies when memory low, killed by kernel?
On Tue, Aug 15, 2006 at 10:33:51AM -0700, Alan L. Liu wrote: Notice: Allocating swapfile '1' swapspace: swaps.c:411: make_swapfile: Assertion `max_swapsize == trunc_to_page(max_swapsize)' failed. There aren't any other programs regularly dying on this machine, so I don't think it's bad memory or something like that. dmesg doesn't show anything related to swapspace, but since it seems to die when memory usage is high, it makes me wonder if Linux is silently killing the program? It's not that. From the message you get, the problem seems to be that the upper limit to the size of swap files is not correctly rounded to page size, and trips up an internal consistency check. This is odd, really odd, because max_swapsize is always truncated to page size whenever it is set. The only exception is that max_pagesize is initialized without rounding to two terabytes--which I would hope is an even multiple of the page size! I can imagine things going wrong if the system reports inconsistent page sizes (ouch), or if page sizes are not powers of two. Both seem unlikely. Most likely guess so far: an overflow in integer arithmetic. All memory sizes are supposed to be calculated in 64 bits, but perhaps there is a hole in that somewhere. I'll look for one. Meanwhile, are you setting your own max_swapsize in the configuration file? Does the problem go away if you edit /etc/swapspace.conf and set max_swapsize=1g, for example, then restart swapspace? Jeroen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#383214: swapspace: dies when memory low, killed by kernel?
On Tue, Aug 15, 2006 at 10:33:51AM -0700, Alan L. Liu wrote: I'm running swapspace because the swap partition on this box is much too small (only ~192MB). The problem is, swapspace keeps dying, without any error messages. It leaves behind the pid file, which I have to delete to restart it, but after a while it dies again. Sometimes it refuses to start, with this error: Got it. As I suspected, there was some non-64-bit arithmetic in there that overflowed. I've just released 1.10, which fixes this bug. If you don't want to wait for this to make it through the process, you can get the latest source from ftp://thaiopensource.org/software/swapspace/ Jeroen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#377449: swapspace: still does fail to parse /proc/meminfo here
On Sun, Jul 23, 2006 at 09:57:56AM +0200, Sebastian Bremicker wrote:
swapspace still does not start here, saying
Starting dynamic swap manager: swapspaceError: Parse error in /proc/meminfo:
' HugePages_Total: 0
'
Did I forget to enable something in the kernel (read the docs but did not
find a hint what that could be)?
It looks like yet another sudden change in the format of /proc/meminfo:
all lines in the kernels I've seen end with a unit. Actually, the unit
is always kB in the kernels I've seen, but swapspace was prepared for
this changing suddenly.
What it wasn't prepared for, and this is what seems to have happened, is
newly added lines not having the unit specifier at all. The program
exercises extreme care while parsing because it's better to do nothing
than to get bad data.
I've just committed a patch to make the care a bit less extreme. Could
you test this? You can get the latest source version from
svn co svn://thaiopensource.org/swapspace/trunk/ swapspace
...Or you can just apply the attached patch.
Jeroen
Index: src/memory.c
===
--- src/memory.c(revision 149)
+++ src/memory.c(working copy)
@@ -120,8 +120,14 @@
result-value,
fact);
- if (unlikely(x 3))
+ if (unlikely(x == 2))
{
+// Since Linux 2.6.18-mm4 or so, /proc/meminfo may contain lines without a
+// unit or factor attached.
+fact[0] = '\0';
+ }
+ else if (unlikely(x 2))
+ {
result-value = 0;
// In Linux 2.4, /proc/meminfo starts with a header line with leading
Bug#327505: Redirecting output
On Sat, Jun 24, 2006 at 12:10:01PM -0400, Micah Anderson wrote:
Have you tried redirecting stdout to a file in your cron/at job? Can you
please provide a copy of the cronjob or atjob that causes this problem?
It's been more than 9 months since I first reported the problem so I
don't remember all details about the situation then--but as Yitzhak
notes, redirecting stdout and stderr did not make things work. I'm not
in a position to reproduce the problem right now, but I do know that the
seeders get started when I run the cron job manually but not when it's
run by cron.
I'm attaching my cron file. It's part of some home-rolled packaging I
set up. Note that it redirects both stdout and stderr.
Jeroen
#! /bin/sh
# Keep download torrents for project ISO images up to date
BASEDIR=/srv/ftp/software
PROJECTS=`cat /etc/SIPAprojects`
DOWNLOADURL=http://thaiopensource.org/download/software;
NUMERICIP=61.19.242.42
ANNOUNCEURL=http://thaiopensource.org:6969/announce;
MINPORT=1
MAXPORT=6
BTUSER=bittorrent
DOWNLOADSTATEDIR=/var/run/bittorrents
LOGDIR=/var/log/bittorrent
ensuredir () {
DIR=$1
if ! test -d $DIR ; then
mkdir -p -- $DIR
chown $BTUSER $DIR
fi
}
if test -e /etc/default/btseed ; then
. /etc/default/btseed
fi
ensuredir $DOWNLOADSTATEDIR
ensuredir $LOGDIR/downloaders
cd $BASEDIR
# PID file name for project $1
pidfile () {
echo $DOWNLOADSTATEDIR/$1-download.pid
}
# Print PID for running downloader
pidfor () {
PIDFILE=`pidfile $1`
if test -e $PIDFILE ; then
cat $PIDFILE
fi
}
log_for () {
echo $LOGDIR/downloaders/$1.log
}
# Return true if downloader for given project exists
downloader_running () {
PID=`pidfor $1`
if test -z $PID ; then
/bin/false
else
ps $PID /dev/null 21
fi
}
# Stop downloader for project $1
stopdownload () {
PROJECT=$1
PIDFILE=`pidfile $PROJECT`
LOGFILE=`log_for $PROJECT`
echo -n Stopping downloader... $LOGFILE
date $LOGFILE
/sbin/start-stop-daemon --quiet --oknodo --pidfile $PIDFILE --user
$BTUSER --stop
rm -f $PIDFILE
}
# Start downloader for project $1 (in directory ./$1), torrent file $2
startdownload () {
PROJECT=$1
ISONAME=$2
TORRENT=$3
PIDFILE=`pidfile $PROJECT`
LOGFILE=`log_for $PROJECT`
pushd $LOGDIR/downloaders /dev/null
echo -n Starting new downloader for $PROJECT:
echo -n Starting downloader... $LOGFILE
date $LOGFILE
su - $BTUSER EOF
/usr/bin/nohup /sbin/start-stop-daemon --pidfile $PIDFILE \
--make-pidfile \
--nicelevel 10 \
--user $BTUSER \
--start \
--exec /usr/bin/btdownloadheadless \
-- \
--display_interval 600 \
--ip $NUMERICIP \
--bind $NUMERICIP \
--minport $MINPORT \
--maxport $MAXPORT \
--super_seeder 1 \
--url $DOWNLOADURL/$PROJECT/$TORRENT \
--saveas $BASEDIR/$PROJECT/$ISONAME $LOGFILE 21
EOF
echo $PROJECT.
popd /dev/null
}
# Create torrent file $2 for project $1 (in directory ./$1) and start it
maketorrent () {
PROJECT=$1
INFILE=$2
TORRENT=$3
DESC=Most recent $PROJECT CD image as of `date`
echo Updating $TORRENT...
rm -f $PROJECT/$TORRENT
btmakemetafile $ANNOUNCEURL $PROJECT/$INFILE --comment $DESC
chgrp $PROJECT $PROJECT/$TORRENT
}
for p in $PROJECTS ; do
ISONAME=$p-latest.iso
if test -e $p/$ISONAME ; then
TORRENT=$ISONAME.torrent
CHANGED=`find $p -name $TORRENT -newer $p/$ISONAME`
if test -z $CHANGED ; then
stopdownload $p
md5sum $p/$ISONAME $p/$ISONAME.md5sum
maketorrent $p $ISONAME $TORRENT
fi
if ! downloader_running $p ; then
startdownload $p $ISONAME $TORRENT
fi
fi
done
Bug#359032: galeon: Quietly deletes all bookmarks during upgrade
On Sat, May 27, 2006 at 10:18:16AM +0200, Mike Hommey wrote: At the time I figured the problem might be due to malformed XML in the bookmarks file, or something along those lines. I tried to reduce the You can easily check that with xmllint (in the libxml2-utils package) OMG. Yup: malformed XML. Worse, I introduced it myself, and in such a way that it was almost impossible for me to notice. I've been really, really stupid. Please forget about this ticket, and accept my apologies... Jeroen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#359032: galeon: Quietly deletes all bookmarks during upgrade
On Fri, May 26, 2006 at 07:05:19PM +0200, Loïc Minier wrote: From what version were you upgrading? Could you try reproducing the bug as follow: I have no idea how I could retrieve that information now! It's been months and several upgrades since I've reported the problem, and even that was after some time of trying to narrow down the problem. :-( At the time I figured the problem might be due to malformed XML in the bookmarks file, or something along those lines. I tried to reduce the file in several ways in order to pinpoint the problem, but without much luck so far. I think I'll try a bit more of that, now that I have a little more time (open-source programming is my day job--it's fun but it keeps one busy). I'll try transplanting my bookmarks into the one that Galeon keeps overwriting it with, etc. FYI, there are backups of your bookmarks generated below .galeon (bookmarks.xbel.*). And a good thing too. :-) I know, thanks. Having backups of bookmarks and session state were what made me prefer Galeon at the time. And I still greatly prefer it over Firefox; one reason being that I feel fairly strongly that Page Source should not be under the View menu! Now if only Preferences could be moved to someplace more sensible than Edit... Well, either that or change Save As to Edit Disk, Print to Edit Paper, Quit to Edit Status, and Zoom to Edit Size. :-) Jeroen
Bug#361771: moodle: security upgrade breaks unicode support
Package: moodle
Version: 1.4.4.dfsg.1-3sarge1
Severity: important
After today's security upgrade, Moodle pages contained an http-equiv header
saying, incorrectly, that the pages were in iso-8859-1. This made the
site entirely unusable on browsers that aren't set to guess the encoding
themselves (at least with the language packs we use, which are in utf-8).
I finally found a solution in the code: /usr/share/moodle/lib/weblib.php,
in a stretch of code starting with if (!empty($CFG-unicode)) {.
This is the only mention of a unicode setting anywhere in the package,
but setting this variable to 'true' in /etc/moodle/config.php solved the
problem.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (50, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages moodle depends on:
ii apache2-mpm-prefork [httpd] 2.0.54-5traditional model for Apache2
ii debconf [debconf-2.0]1.4.50 Debian configuration management sy
ii mimetex 1.50-1 LaTeX math expressions to anti-ali
ii php4 4:4.3.10-16 server-side, HTML-embedded scripti
ii php4-gd 4:4.3.10-16 GD module for php4
ii php4-mysql 4:4.3.10-16 MySQL module for php4
ii php4-pgsql 3:4.3.10-4 PostgreSQL module for php4
ii wget 1.9.1-12retrieves files from the web
ii wwwconfig-common 0.0.43 Debian web auto configuration
-- debconf information excluded
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#361765: moodle: th_utf8 language pack is NOT utf
On Mon, Apr 10, 2006 at 02:36:28PM +0800, Martin Dougiamas wrote: Hmm, something may have happened downstream. In upstream Moodle 1.5, there is no th_utf8, just th and yes, the charset is TIS-620. Then I think I see what happened: I had to convert my language packs to UTF-8 to get things to work in a multilingual environment, and probably softlinked th to th_utf8. This must have confused the package upgrade, e.g. by making it install the th files over the UTF-8 ones. My apologies for the unnecessary panic, and thanks for the fast response. http://cvs.sourceforge.net/viewcvs.py/moodle/lang/th_utf8/moodle.php?rev=1.1.1.4view=auto This still seems to have something strange in it... Galeon (a browser) gets confused halfway through the 'adminhelpsitesettings' string, as if there's some improperly encoded UTF in there. There seems to be an unknown character in 'uploadformlimit' as well; it gets interpreted as #ca29 which is definitely not in the Thai range. Jeroen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#361765: moodle: th_utf8 language pack is NOT utf
Package: moodle Version: 1.4.4.dfsg.1-3sarge1 Severity: important The Thai language pack is installed as th_utf8, but apart from the name, it still seems to be entirely in TIS-620 encoding (which is also reflected by the 'thischarset' setting). AFAICS this is likely to lead to widespread data corruption that is very hard to correct afterwards. Thai data entered by users or administrators who have their UI set to th_utf8 will be stored in TIS-620, whereas the same data entered from a UI set to, say, en_utf8 will be in UTF-8. The two classes of users will not even be able to read each other's (non-ASCII) data. In principle it should be possible to figure out whether most strings in the database are in UTF-8 or not, so it's not unthinkable that a way can be found to recover from (most of) the resulting data corruption. If that is the case, it is not technically data loss and that's why I'm not submitting this bug as grave. It should be noted, however, that the upstream developers have been working on this problem for years and last I heard, had not cracked it yet. It's a really hard problem. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages moodle depends on: ii apache2-mpm-prefork [httpd] 2.0.54-5traditional model for Apache2 ii debconf [debconf-2.0]1.4.50 Debian configuration management sy ii mimetex 1.50-1 LaTeX math expressions to anti-ali ii php4 4:4.3.10-16 server-side, HTML-embedded scripti ii php4-gd 4:4.3.10-16 GD module for php4 ii php4-mysql 4:4.3.10-16 MySQL module for php4 ii php4-pgsql 3:4.3.10-4 PostgreSQL module for php4 ii wget 1.9.1-12retrieves files from the web ii wwwconfig-common 0.0.43 Debian web auto configuration -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#359032: galeon: Quietly deletes all bookmarks during upgrade
Package: galeon Version: 2.0.1-3 Severity: important I just upgraded from a previous Galeon version, while the browser was running, and after restarting it found that all my bookmarks had gone. Instead I now have an extensive set of standard bookmarks that I don't want. Simply copying a backup of my old bookmarks file over the newly created one did the trick, so I probably haven't lost any data. But it takes time and some knowledge to do that. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-1-k7 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=UTF-8) Versions of packages galeon depends on: ii galeon-common2.0.1-3 GNOME web browser for advanced use ii libart-2.0-2 2.3.17-1Library of functions for 2D graphi ii libatk1.0-0 1.11.3-1The ATK accessibility toolkit ii libbonobo2-0 2.14.0-1Bonobo CORBA interfaces library ii libbonoboui2-0 2.10.1-2The Bonobo UI library ii libc62.3.6-4 GNU C Library: Shared libraries an ii libcairo21.0.2-3 The Cairo 2D vector graphics libra ii libfontconfig1 2.3.2-5 generic font configuration library ii libgcc1 1:4.0.3-1 GCC support library ii libgconf2-4 2.14.0-1GNOME configuration database syste ii libglade2-0 1:2.5.1-2 library to load .glade files at ru ii libglib2.0-0 2.10.1-2The GLib library of C routines ii libgnome-desktop-2 2.12.3-1Utility library for loading .deskt ii libgnome-keyring00.4.9-1 GNOME keyring services library ii libgnome2-0 2.14.0-1The GNOME 2 library - runtime file ii libgnomecanvas2-02.14.0-1A powerful object-oriented display ii libgnomeui-0 2.12.1-1The GNOME 2 libraries (User Interf ii libgnomevfs2-0 2.14.0-1GNOME virtual file-system (runtime ii libgtk2.0-0 2.8.13-1The GTK+ graphical user interface ii libice6 6.9.0.dfsg.1-5 Inter-Client Exchange library ii libmozjs0d 1.8.0.1-7 The Mozilla SpiderMonkey JavaScrip ii libnspr4-0d 1.8.0.1-7 NetScape Portable Runtime Library ii liborbit21:2.14.0-1 libraries for ORBit2 - a CORBA ORB ii libpango1.0-01.12.0-2Layout and rendering of internatio ii libpopt0 1.7-5 lib for parsing cmdline parameters ii libsm6 6.9.0.dfsg.1-5 X Window System Session Management ii libstartup-notification0 0.8-1 library for program launch feedbac ii libstdc++6 4.0.3-1 The GNU Standard C++ Library v3 ii libx11-6 6.9.0.dfsg.1-5 X Window System protocol client li ii libxcursor1 1.1.3-1 X cursor management library ii libxext6 6.9.0.dfsg.1-5 X Window System miscellaneous exte ii libxi6 6.9.0.dfsg.1-5 X Window System Input extension li ii libxinerama1 6.9.0.dfsg.1-5 X Window System multi-head display ii libxml2 2.6.23.dfsg.2-3 GNOME XML library ii libxrandr2 6.9.0.dfsg.1-5 X Window System Resize, Rotate and ii libxrender1 1:0.9.0.2-1 X Rendering Extension client libra ii libxul0d 1.8.0.1-7 Gecko engine library ii procps 1:3.2.6-2.1 /proc file system utilities ii zlib1g 1:1.2.3-11 compression library - runtime Versions of packages galeon recommends: ii gnome-control-center [capplet 1:2.12.3-2 utilities to configure the GNOME d ii gnome-icon-theme 2.12.1-2 GNOME Desktop icon theme ii iso-codes 0.49-1 ISO language, territory, currency ii scrollkeeper 0.3.14-10 A free electronic cataloging syste ii yelp 2.12.2-4 Help browser for GNOME 2 -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#359033: galeon: more XBEL import druid confusion
Package: galeon Version: 2.0.1-3 Severity: normal The XBEL bookmarks import druid concludes with a message saying that the import process has been completed, even though that may be a half-truth. The default action is not to import any bookmarks from the selected file at all, in which case completing the process means simply not doing what the user is trying to do. I wouldn't know what the best solution is here, but my first ideas would be: 1. Make that final message state unambiguously whether anything was imported; if nothing was, the message should be an eye-catcher. 2. Make the Back button in that final screen go back to a functional merge screen. Right now it takes me back to a blank screen which may seem sensible now because the process has been completed at that point. 3. On the merge screen, display a brief, clear introductory message *near the top*, not as an afterthought below the GUI elements it describes, that there are two ways to merge bookmarks. Also, it would be helpful to have the various panes for merging bookmarks greyed out if there are no bookmarks to be merged. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-1-k7 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=UTF-8) Versions of packages galeon depends on: ii galeon-common2.0.1-3 GNOME web browser for advanced use ii libart-2.0-2 2.3.17-1Library of functions for 2D graphi ii libatk1.0-0 1.11.3-1The ATK accessibility toolkit ii libbonobo2-0 2.14.0-1Bonobo CORBA interfaces library ii libbonoboui2-0 2.10.1-2The Bonobo UI library ii libc62.3.6-4 GNU C Library: Shared libraries an ii libcairo21.0.2-3 The Cairo 2D vector graphics libra ii libfontconfig1 2.3.2-5 generic font configuration library ii libgcc1 1:4.0.3-1 GCC support library ii libgconf2-4 2.14.0-1GNOME configuration database syste ii libglade2-0 1:2.5.1-2 library to load .glade files at ru ii libglib2.0-0 2.10.1-2The GLib library of C routines ii libgnome-desktop-2 2.12.3-1Utility library for loading .deskt ii libgnome-keyring00.4.9-1 GNOME keyring services library ii libgnome2-0 2.14.0-1The GNOME 2 library - runtime file ii libgnomecanvas2-02.14.0-1A powerful object-oriented display ii libgnomeui-0 2.12.1-1The GNOME 2 libraries (User Interf ii libgnomevfs2-0 2.14.0-1GNOME virtual file-system (runtime ii libgtk2.0-0 2.8.13-1The GTK+ graphical user interface ii libice6 6.9.0.dfsg.1-5 Inter-Client Exchange library ii libmozjs0d 1.8.0.1-7 The Mozilla SpiderMonkey JavaScrip ii libnspr4-0d 1.8.0.1-7 NetScape Portable Runtime Library ii liborbit21:2.14.0-1 libraries for ORBit2 - a CORBA ORB ii libpango1.0-01.12.0-2Layout and rendering of internatio ii libpopt0 1.7-5 lib for parsing cmdline parameters ii libsm6 6.9.0.dfsg.1-5 X Window System Session Management ii libstartup-notification0 0.8-1 library for program launch feedbac ii libstdc++6 4.0.3-1 The GNU Standard C++ Library v3 ii libx11-6 6.9.0.dfsg.1-5 X Window System protocol client li ii libxcursor1 1.1.3-1 X cursor management library ii libxext6 6.9.0.dfsg.1-5 X Window System miscellaneous exte ii libxi6 6.9.0.dfsg.1-5 X Window System Input extension li ii libxinerama1 6.9.0.dfsg.1-5 X Window System multi-head display ii libxml2 2.6.23.dfsg.2-3 GNOME XML library ii libxrandr2 6.9.0.dfsg.1-5 X Window System Resize, Rotate and ii libxrender1 1:0.9.0.2-1 X Rendering Extension client libra ii libxul0d 1.8.0.1-7 Gecko engine library ii procps 1:3.2.6-2.1 /proc file system utilities ii zlib1g 1:1.2.3-11 compression library - runtime Versions of packages galeon recommends: ii gnome-control-center [capplet 1:2.12.3-2 utilities to configure the GNOME d ii gnome-icon-theme 2.12.1-2 GNOME Desktop icon theme ii iso-codes 0.49-1 ISO language, territory, currency ii scrollkeeper 0.3.14-10 A free electronic cataloging syste ii yelp 2.12.2-4 Help browser for GNOME 2 -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#359034: galeon: deletes all bookmarks when crashing
Package: galeon Version: 2.0.1-3 Severity: important Galeon just crashed as I was opening a web page. This is nothing unusual in itself, but upon restarting I found that all my bookmarks were gone again. This is after importing my old Galeon bookmarks that were quietly destroyed on the upgrade, quitting, and restarting to ensure that the bookmarks really had been imported (this failed a few times before). -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-1-k7 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=UTF-8) Versions of packages galeon depends on: ii galeon-common2.0.1-3 GNOME web browser for advanced use ii libart-2.0-2 2.3.17-1Library of functions for 2D graphi ii libatk1.0-0 1.11.3-1The ATK accessibility toolkit ii libbonobo2-0 2.14.0-1Bonobo CORBA interfaces library ii libbonoboui2-0 2.10.1-2The Bonobo UI library ii libc62.3.6-4 GNU C Library: Shared libraries an ii libcairo21.0.2-3 The Cairo 2D vector graphics libra ii libfontconfig1 2.3.2-5 generic font configuration library ii libgcc1 1:4.0.3-1 GCC support library ii libgconf2-4 2.14.0-1GNOME configuration database syste ii libglade2-0 1:2.5.1-2 library to load .glade files at ru ii libglib2.0-0 2.10.1-2The GLib library of C routines ii libgnome-desktop-2 2.12.3-1Utility library for loading .deskt ii libgnome-keyring00.4.9-1 GNOME keyring services library ii libgnome2-0 2.14.0-1The GNOME 2 library - runtime file ii libgnomecanvas2-02.14.0-1A powerful object-oriented display ii libgnomeui-0 2.12.1-1The GNOME 2 libraries (User Interf ii libgnomevfs2-0 2.14.0-1GNOME virtual file-system (runtime ii libgtk2.0-0 2.8.13-1The GTK+ graphical user interface ii libice6 6.9.0.dfsg.1-5 Inter-Client Exchange library ii libmozjs0d 1.8.0.1-7 The Mozilla SpiderMonkey JavaScrip ii libnspr4-0d 1.8.0.1-7 NetScape Portable Runtime Library ii liborbit21:2.14.0-1 libraries for ORBit2 - a CORBA ORB ii libpango1.0-01.12.0-2Layout and rendering of internatio ii libpopt0 1.7-5 lib for parsing cmdline parameters ii libsm6 6.9.0.dfsg.1-5 X Window System Session Management ii libstartup-notification0 0.8-1 library for program launch feedbac ii libstdc++6 4.0.3-1 The GNU Standard C++ Library v3 ii libx11-6 6.9.0.dfsg.1-5 X Window System protocol client li ii libxcursor1 1.1.3-1 X cursor management library ii libxext6 6.9.0.dfsg.1-5 X Window System miscellaneous exte ii libxi6 6.9.0.dfsg.1-5 X Window System Input extension li ii libxinerama1 6.9.0.dfsg.1-5 X Window System multi-head display ii libxml2 2.6.23.dfsg.2-3 GNOME XML library ii libxrandr2 6.9.0.dfsg.1-5 X Window System Resize, Rotate and ii libxrender1 1:0.9.0.2-1 X Rendering Extension client libra ii libxul0d 1.8.0.1-7 Gecko engine library ii procps 1:3.2.6-2.1 /proc file system utilities ii zlib1g 1:1.2.3-11 compression library - runtime Versions of packages galeon recommends: ii gnome-control-center [capplet 1:2.12.3-2 utilities to configure the GNOME d ii gnome-icon-theme 2.12.1-2 GNOME Desktop icon theme ii iso-codes 0.49-1 ISO language, territory, currency ii scrollkeeper 0.3.14-10 A free electronic cataloging syste ii yelp 2.12.2-4 Help browser for GNOME 2 -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#354566: python2.3: strptime() and %s
Package: python2.3 Version: 2.3.5-4 Severity: wishlist strftime() supports a %s specifier for Unix time (seconds since Epoch). It would be very helpful to us if strptime() supported this as well. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages python2.3 depends on: ii libbz2-1.0 1.0.2-7 high-quality block-sorting file co ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [ ii libncurses55.4-4 Shared libraries for terminal hand ii libreadline4 4.3-15GNU readline and history libraries ii libssl0.9.70.9.7g-1 SSL shared libraries ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#351191: /usr/lib/perl5/IPTables/ChainMgr.pm: no cause given on failure
Package: psad Version: 1.4.5-1 Severity: normal File: /usr/lib/perl5/IPTables/ChainMgr.pm Another bug in psad (which I'll report separately) caused the iptables invocation(s) in add_ip_rule() to fail. The only error message reported by ChainMgr was Table: filter, chain: PSAD_BLOCK_INPUT, could not add DROP rule for [...] - [...] After hacking ChainMgr to display the command it had tried to run, I was able to reproduce the failed command line and it turns out that iptables was giving a perfectly useful error message. Is it not possible to include this in the error message returned by add_ip_table()? -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages psad depends on: ii ipchains 1.3.10-15 Network firewalling for Linux 2.2. ii iptables 1.3.1-2 Linux kernel 2.4+ iptables adminis ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libcarp-clan-perl 5.3-3 Perl enhancement to Carp error log ii libdate-calc-perl 5.4-3 Perl library for accessing dates ii libnetwork-ipv4addr-perl 0.10-1.1 The Net::IPv4Addr perl module API ii libunix-syslog-perl0.100-4 Perl interface to the UNIX syslog( ii perl 5.8.4-8sarge3 Larry Wall's Practical Extraction ii psmisc 21.6-1Utilities that use the proc filesy ii sysklogd [syslogd] 1.4.1-17 System Logging Daemon ii whois 4.7.5 the GNU whois client -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#351196: psad: IPTABLES_AUTO_RULENUM hazard
Package: psad
Version: 1.4.5-1
Severity: normal
The IPTABLES_AUTO_RULENUM is documented as follows in the default
configuration file:
### Specify the position or rule number within the iptables
### policy where auto block rules get added.
There then follows a configurable list of chains IPT_AUTO_CHAIN{n} that
can be created automatically to hold the per-host blocking rules created
by psad. Each auto-chain line has a field to specify which existing
chain should jump to that auto-chain, but no field to say where in the
calling chain the jump should be inserted.
My impression was that this was what IPTABLES_AUTO_RULENUM did. I was
wrong. It turns out that IPTABLES_AUTO_RULENUM determines where a new
blocking rule for an offensive host should be inserted into the
applicable auto-chain itself.
The real gotcha is this: IPTABLES_AUTO_RULENUM becomes a boobytrap when
auto-chains are used. If an auto-chain is empty initially, the *only*
setting for IPTABLES_AUTO_RULENUM that makes any sense at all is 1.
Anything else and rule insertion will simply not work, because the given
index will be out of range. (A log message will say that it isn't
working, but fail to give any indication of what goes wrong--that's in a
separate bug report).
Some things that I imagine could be done:
* Add a warning to the IPTABLES_AUTO_RULENUM documentation about the
dangers in combination with IPT_AUTO_CHAIN.
* Fail to start when auto-chains are used and IPTABLES_AUTO_RULENUM is
not set to 1.
* Add an optional insertion index to IPT_AUTO_CHAIN entries to take
away any confusion about what IPTABLES_AUTO_RULENUM means.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (50, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages psad depends on:
ii ipchains 1.3.10-15 Network firewalling for Linux 2.2.
ii iptables 1.3.1-2 Linux kernel 2.4+ iptables adminis
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libcarp-clan-perl 5.3-3 Perl enhancement to Carp error log
ii libdate-calc-perl 5.4-3 Perl library for accessing dates
ii libnetwork-ipv4addr-perl 0.10-1.1 The Net::IPv4Addr perl module API
ii libunix-syslog-perl0.100-4 Perl interface to the UNIX syslog(
ii perl 5.8.4-8sarge3 Larry Wall's Practical Extraction
ii psmisc 21.6-1Utilities that use the proc filesy
ii sysklogd [syslogd] 1.4.1-17 System Logging Daemon
ii whois 4.7.5 the GNU whois client
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#323203: Bug#323206: psad: iptables method fails for unclear reasons
On Fri, Feb 03, 2006 at 08:19:43AM +0100, Daniel Gubser wrote: On Mon, 2006-01-23 at 17:15 +0700, Jeroen Vermeulen wrote: Adding the setting got things to work. The daemon is running, though I haven't had any email from it yet and it hasn't banned anyone. It's set up not to be oversensitive, so that may explain it. So this is working now for you? It is, but I ran into some more problems (reported as two separate bug tickets). One of them is #351196; I don't have an acknowledgment for the other one yet. Thanks! Jeroen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#350102: moodle: wwwroot setting impossible to get right
Package: moodle Version: 1.4.4.dfsg.1-3 Severity: normal The working of Moodle's wwwroot configuration variable is causing us problems. I may be missing something, but even if I am, the default way of doing things seems unnecessarily awkward. The apparent intention is for wwroot to be set to a full base URL: $CFG-wwwroot = 'http://oursite.com/path/to/moodle/'; This base URL is then used for both internal links, i.e. from one location in the Moodle-managed site to another, and in emails and other other external references--e.g. click on this link to see your new message. However, having full URLs in internal links breaks two usage models that we need in different situations: i. The host may be known under different names or IP addresses to different clients. That's a hard problem when it comes to emails and other external references, but at least it shouldn't break the internal links. ii. In some cases it may be desirable to use https instead of http. With internal links specifying the protocol as well as the hostname, https access becomes impossible without either falling back to http, or forcing https use for everyone. In reality it may be just the admin who needs to use https, and the certificate may be self-signed. In that case it wouldn't be reasonable at all to force all users into https. These problems can be worked around by setting wwwroot to an absolute path instead of a full URL, e.g: $CFG-wwwroot = '/path/to/moodle/'; This works fine, except that the external references are now merely paths, not complete URLs! So people get emails saying click on this link: /path/to/moodle/ which of course doesn't work. A solution I hope could be relatively painless would be to split wwwroot into the http://oursite.com/ and /path/to/moodle/ parts internally on startup, keeping only the latter part in wwwroot but prepending the first part in all cases that generate external references. I'm assuming those are less common than the internal-reference cases in the code. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages moodle depends on: ii apache2-mpm-prefork [httpd] 2.0.54-5traditional model for Apache2 ii debconf [debconf-2.0]1.4.50 Debian configuration management sy ii mimetex 1.50-1 LaTeX math expressions to anti-ali ii php4 4:4.3.10-16 server-side, HTML-embedded scripti ii php4-gd 4:4.3.10-16 GD module for php4 ii php4-mysql 4:4.3.10-16 MySQL module for php4 ii php4-pgsql 3:4.3.10-4 PostgreSQL module for php4 ii wget 1.9.1-12retrieves files from the web ii wwwconfig-common 0.0.43 Debian web auto configuration -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#323203: Bug#323206: psad: iptables method fails for unclear reasons
On Mon, Jan 23, 2006 at 09:55:50AM +0100, Daniel Gubser wrote: There is a new version of PSAD out, 1.4.5, can you please try it? I just tried, but it dies with the complaint that there is no ENABLE_FW_LOGGING_CHECK variable in th config file /etc/psad/psad.conf. Hmm, what did you answer in the update when you were asked if you like to, aahh, how is it spelled: update your config file? overwrite, leave it alone, abort?? I requested a diff, updated my own config file where it made sense (adding new configuration items and updating comments, but not overwriting my own settings), then did another diff to check for mistakes. Standard procedure for this server. Adding the setting got things to work. The daemon is running, though I haven't had any email from it yet and it hasn't banned anyone. It's set up not to be oversensitive, so that may explain it. I did update the scan persistence window from 60 to 3600 though, just like the package upgrade did. That seems to have been a mistake in the old standard configuration, since the documentation always said the default was one hour and the interval was specified in seconds. Jeroen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#323203: Bug#323206: psad: iptables method fails for unclear reasons
On Fri, Jan 20, 2006 at 08:15:51AM +0100, Daniel Gubser wrote: There is a new version of PSAD out, 1.4.5, can you please try it? I just tried, but it dies with the complaint that there is no ENABLE_FW_LOGGING_CHECK variable in th config file /etc/psad/psad.conf. Jeroen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#340382: rkhunter.conf says dash (#) instead of hash (#)
Package: rkhunter Version: 1.2.7-16 Severity: minor Tags: patch Just a small typo in the config file. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages rkhunter depends on: ii debconf [debconf-2.0] 1.4.50 Debian configuration management sy ii file 4.12-1 Determines file type using magic ii mailutils [mailx] 1:0.6.90-1 GNU mailutils utilities for handli ii perl 5.8.4-8Larry Wall's Practical Extraction ii wget 1.9.1-12 retrieves files from the web -- debconf information: * rkhunter/cron_daily_run: true * rkhunter/cron_db_update: true --- rkhunter.conf.org 2005-11-23 11:05:40.0 +0700 +++ rkhunter.conf 2005-11-23 11:05:45.0 +0700 @@ -1,7 +1,7 @@ # This is the configuration file of Rootkit Hunter. Please change # it to your needs. # -# All lines beginning with a dash (#) or empty lines, will be ignored. +# All lines beginning with a hash (#) or empty lines, will be ignored. # # Links to files. Don't change if you don't need to.
Bug#337061: moodle: utf-8 conversion script
Package: moodle Version: 1.4.4.dfsg.1-3 Severity: wishlist Tags: patch The attached script (if I don't forget) converts a Moodle language pack, or set of language packs, or all language packs, to UTF-8. After conversion, real multilingual use of Moodle becomes possible. One exception on our system is the he language pack, which uses an encoding that iconv can't handle. Empty files in language packs are also reported. I found some; they may have been left over from earlier, broken conversion attempts. Where UTF-8 language packs already exist, non-UTF-8 language packs are replaced with softlinks. This script does not touch the database; if existing data is still using the old encodings, things get really difficult as the database seems to have no idea what encoding the data is really in. But use this conversion script from the start and things work just dandy across languages. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages moodle depends on: ii apache2-mpm-prefork [httpd] 2.0.54-5traditional model for Apache2 ii debconf [debconf-2.0]1.4.50 Debian configuration management sy ii mimetex 1.50-1 LaTeX math expressions to anti-ali ii php4 4:4.3.10-16 server-side, HTML-embedded scripti ii php4-gd 4:4.3.10-16 GD module for php4 ii php4-mysql 4:4.3.10-16 MySQL module for php4 ii php4-pgsql 3:4.3.10-4 PostgreSQL module for php4 ii wget 1.9.1-12retrieves files from the web ii wwwconfig-common 0.0.43 Debian web auto configuration -- debconf information: * moodle/dbu_name: moodle * moodle/db_server: mysql-server * moodle/db_host: localhost * moodle/create_tables: * moodle/webserver: apache2 moodle/notconfigured: moodle/mismatch: * moodle/dba_name: root moodle-utf Description: application/shellscript
Bug#331411: fail2ban: Rotate log
Package: fail2ban
Version: 0.5.2-1
Severity: wishlist
Tags: patch
Attached logrotate config file will cause the fail2ban log file to be
rotated like other software's log files, including compression of older
logs.
Install the file as /etc/logrotate.d/fail2ban and it should just work.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (50, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages fail2ban depends on:
ii iptables 1.3.1-2Linux kernel 2.4+ iptables adminis
ii python2.3.5-2An interactive high-level object-o
-- no debconf information
/var/log/fail2ban.log {
rotate 5
weekly
compress
missingok
postrotate
/etc/init.d/fail2ban restart
endscript
}
Bug#327803: Acknowledgement (trac: leaking temporary files)
Ah, found the source of the leaks: the files that aren't being freed are created in /usr/lib/python2.3/site-packages/svn/fs.py, not in /usr/lib/python2.3/site-packages/track/util.py as I suspected earlier. I've tested it by changing the filename prefix and waiting for the problem to occur again. The problem is definitely occurring in the context of Trac, however, and I haven't a clue which party is to blame. I've tested a patch on the theory that perhaps the object differ--the suspicious stretch of code occurs twice in that file--was sometimes garbage-collected (and the temp files deleted) before the child diff process could access them, but referencing differ after the diff has completed does not fix the problem. I'm no Python expert. There is also a security angle to this problem: the leaking files have been connected to a very nasty server outage triggered by http queries on the Trac interface. In that case, /tmp was mounted on tmpfs and filled up available memory. That would make this bug a DoS risk. Jeroen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#329304: fail2ban: fails to ban because iptables not in path
On Wed, Sep 21, 2005 at 01:38:03AM -0400, Yaroslav Halchenko wrote: nope -- I do use original script, thus I have -b as well (although it is not necessary, fail2ban detaches anyway (background config parameter in fail2ban.conf) If it's not needed, don't use it! The background option suppresses most error diagnostics you could want to look at. It's a last-ditch measure only. So as a final decision I think that adding export wouldn't harm ;-) I will add export in the next release and will close a bug. and you review carefully what the hack you've done to your poor PATH variable :-) Yay! Jeroen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#329324: moodle: Thai encoding errors
Package: moodle Version: 1.4.4.dfsg.1-3 Severity: minor Since Moodle doesn't seem to work in multi-encoding environments, I've written a script to generate UTF-8 language packs (at least for the pages where static content is mixed in with dynamic content) out of language packs in other encodings. In the process, iconv reported two encoding errors in the Thai language pack: install.php iconv: illegal input sequence at position 1170 This seems to happen just after the entry for databasesettings, between the two br / tags. I see no valid character there in any Thai encoding--it may have gone through an invalid conversion already, and perhaps become invisible in the translator's favourite editor. survey.php iconv: illegal input sequence at position 3515 This one occurs in the attlsintro entry. The last correct text was the beginning of the second paragraph in that entry: [Mai mii kaamtop thii] (which I think means something like no correct answer was given at). So the problem is likely to be that the double-quote marks used right after that are not valid TIS-620. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages moodle depends on: ii apache2-mpm-prefork [httpd] 2.0.54-5traditional model for Apache2 ii debconf [debconf-2.0]1.4.50 Debian configuration management sy ii mimetex 1.50-1 LaTeX math expressions to anti-ali ii php4 4:4.3.10-16 server-side, HTML-embedded scripti ii php4-gd 4:4.3.10-16 GD module for php4 ii php4-mysql 4:4.3.10-16 MySQL module for php4 ii php4-pgsql 3:4.3.10-4 PostgreSQL module for php4 ii wget 1.9.1-12retrieves files from the web ii wwwconfig-common 0.0.43 Debian web auto configuration -- debconf information: * moodle/dbu_name: moodle * moodle/db_server: mysql-server * moodle/db_host: localhost * moodle/create_tables: * moodle/webserver: apache2 moodle/notconfigured: moodle/mismatch: * moodle/dba_name: root -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#329324: Repetition of invalid-quotes problem
The problematic phrase in survey.php, which contains incorrectly encoded qutoes, occurs several times in the file. All of these need to be fixed; the invalid character occurs 4 times in each. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#329304: fail2ban: fails to ban because iptables not in path
Package: fail2ban Version: 0.5.2-1 Severity: grave Tags: patch Justification: renders package unusable Hope this isn't a duplicate--reportbug isn't showing me any known issues for some reason. The iptables blocking in fail2ban consistently fails to work because the iptables command is not in the execution path. This means that the package is completely inoperable when using iptables, which I believe is the most common choice for Debian systems. The patch is to edit /etc/fail2ban.conf: s/iptables/\/sbin\/iptables/g -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages fail2ban depends on: ii iptables 1.3.1-2Linux kernel 2.4+ iptables adminis ii python2.3.5-2An interactive high-level object-o -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#329304: fail2ban: fails to ban because iptables not in path
On Tue, Sep 20, 2005 at 11:11:59PM -0400, Yaroslav Halchenko wrote: Although I don't mind additing full path for the config file shipped with the package, I ask you first to verify either you have proper path setup in /etc/profile and in whatever environment you've started fail2ban from, and then decide either we should add full path or not ;-) Okay... I don't think I've modified either from a standard Debian setup, but I'll see what I can find out. Here's what I have in /etc/profile: PATH=/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games This of course does not include /sbin (and AFAICS it shouldn't). That is added in /root/.profile, which apparently is not being read in this case. Going by the bash manpage, I guess that means that fail2ban is not running in a login shell. Anything else I can check? I may well have changed something that I shouldn't have, somewhere on this system. OTOH it's also possible that most users simply don't notice they have this problem! Jeroen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#329304: fail2ban: fails to ban because iptables not in path
On Wed, Sep 21, 2005 at 12:11:14AM -0400, Yaroslav Halchenko wrote: Are you starting fail2ban manually or using /etc/init.d/fail2ban script (shipped with the package) which DOES define the PATH to include sbin in any case? I'm running the unmodified init script. Hey, I hadn't noticed that: it does add /sbin to the path. So maybe the problem is that this gets lost somewhere in start-stop-daemon. Perhaps it's the -b option that does this? It's not something I understand very well either, but adding export to the PATH variable in the init script seems to help! Jeroen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#327803: trac: leaking temporary files
Package: trac Version: 0.8.4-1 Severity: normal Some http requests for changesets leave temporary files in /tmp, and some of those are never cleaned up. The temporary files have names like /tmp/tmpXX and are always generated in pairs; one of the files in the pair is empty, and the other appears to contain a copy of a file from the repository. My amateur guess as to the cause is that perhaps NaivePopen() (in util.py) fails after creating outfile and infile, but before they can be removed. There seems to be no exception handler to catch this case. To my new-to-Python eye at least, it looks like this can be fixed by replacing the call to tempfile.mktemp() with either NamedTemporaryFile() or TemporaryFile(). That would kill two birds with one stone: it would avoid double-creation bugs (a minor security hazard) and delete the files automatically after use. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages trac depends on: ii python2.3.5-2An interactive high-level object-o ii python-clearsilver0.9.13-3.2 python bindings for clearsilver ii python-sqlite 1.0.1-2python interface to SQLite ii python2.3-subversion 1.2.0-1python modules for interfacing wit ii subversion1.1.4-2advanced version control system (a -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#327505: /usr/bin/btdownloadheadless.bittornado: btdownloadheadless fails when output redirected
Package: bittornado Version: 0.3.11-4 Severity: important File: /usr/bin/btdownloadheadless.bittornado When running seed downloads from a cron job, without stdout and stderr redirected to a log file, I now get the following error on startup: Error opening terminal: unknown. Perhaps this is because the program insists on sending control codes to the terminal--which I guess isn't such a good idea when you don't know what kind of terminal will be displaying the output. I'm filing this as important since the name btdownloadheadless implies that the program is meant to be run, well, headless--which apparently it's not capable of. My apologies if this conclusion is mistaken. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages bittornado depends on: ii python2.3.5-2An interactive high-level object-o -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#327053: moodle: installation hardcodes http://localhost
Package: moodle Version: 1.4.4.dfsg.1-3 Severity: minor As the browser-based part of the installation procedure goes through its consecutive Upgrading database pages, the Continue link refers to http://localhost/moodle/admin/index.php. Not all servers easily accomodate local browsers, so the admin may prefer a remote connection (after inserting the management machine's IP address in the webserver config of course) and/or https. A relative link simply to index.php would get around this, although the FAQ does mention that some older configurations may have problems with relative links IIRC. That may or may not be applicable to the installation procedure. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages moodle depends on: ii apache2-mpm-prefork [httpd] 2.0.54-4traditional model for Apache2 ii debconf [debconf-2.0]1.4.50 Debian configuration management sy ii mimetex 1.50-1 LaTeX math expressions to anti-ali ii php4 4:4.3.10-16 server-side, HTML-embedded scripti ii php4-gd 4:4.3.10-16 GD module for php4 ii php4-mysql 4:4.3.10-16 MySQL module for php4 ii php4-pgsql 3:4.3.10-4 PostgreSQL module for php4 ii wget 1.9.1-12retrieves files from the web ii wwwconfig-common 0.0.43 Debian web auto configuration -- debconf information: * moodle/dbu_name: moodle * moodle/db_server: mysql-server * moodle/db_host: localhost * moodle/create_tables: * moodle/webserver: apache2 moodle/notconfigured: moodle/mismatch: * moodle/dba_name: root -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#326028: /etc/logrotate.conf: should /var/log/btmp really be world-readable?
Package: logrotate Version: 3.7-5 Severity: minor File: /etc/logrotate.conf Current logrotate config defines permissions 0664 for /var/log/btmp. There is a known problem with sshd making unnecessary problems about group permissions on this file, but that aside, isn't this also a bad file to make world-readable? From what I understand, it might contain passwords that were accidentally typed at username prompts. -- Package-specific info: Contents of /etc/logrotate.d total 32 -rw-r--r-- 1 root root 240 2004-11-10 19:00 apache2 -rw-r--r-- 1 root root 384 2004-09-24 17:02 base-config -rw-r--r-- 1 root root 162 2005-03-22 08:25 checksecurity -rw-r--r-- 1 root root 209 2005-05-16 18:04 clamav-daemon -rw-r--r-- 1 root root 215 2005-05-13 05:26 clamav-freshclam -rw-r--r-- 1 root root 1272 2005-02-17 04:15 mailman -rw-r--r-- 1 root root 1116 2005-03-03 07:09 mysql-server -rw-r--r-- 1 root root 134 2004-07-12 11:08 vsftpd -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages logrotate depends on: ii base-passwd 3.5.9Debian base system master password ii cron3.0pl1-87management of regular background p ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libpopt01.7-5lib for parsing cmdline parameters -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#325547: /usr/bin/htdigest: noninteractive use of htdigest
Package: apache2-utils
Version: 2.0.54-4
Severity: wishlist
File: /usr/bin/htdigest
Tags: patch
In some cases it may be useful to manage digest files noninteractively.
The attached patch prototypes a way of doing that (well, it works, but
it doesn't use APR as extensively as it probably should). It adds an
option -f that causes the new password to be read from a file--or from
stdin if - is used as a filename--without prompting for confirmation.
Some minor cleanups were necessary; all argv arithmetic is in one
place now, as is reading of the actual password. Some buffer copying of
command line arguments looks like it may be unneeded, but I left it in
place to reduce the risk of screwups.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (50, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages apache2-utils depends on:
ii libapr02.0.54-4 the Apache Portable Runtime
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [
ii libexpat1 1.95.8-3 XML parsing C library - runtime li
ii libldap2 2.1.30-10 OpenLDAP libraries
ii libpcre3 5.0-1.1 Perl 5 Compatible Regular Expressi
ii libssl0.9.70.9.7g-1 SSL shared libraries
ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime
-- no debconf information
diff -ru httpd-2.0.54.org/docs/manual/programs/htdigest.xml
httpd-2.0.54.patch/docs/manual/programs/htdigest.xml
--- httpd-2.0.54.org/docs/manual/programs/htdigest.xml 2005-02-05
03:21:18.0 +0700
+++ httpd-2.0.54.patch/docs/manual/programs/htdigest.xml2005-08-29
14:37:12.807750434 +0700
@@ -43,7 +43,9 @@
section id=synopsistitleSynopsis/title
pcodestronghtdigest/strong [ -strongc/strong ]
varpasswdfile/var varrealm/var varusername/var/code/p
-/section
+pcodestronghtdigest/strong -strongf/strong [
-strongc/strong ]
+varpasswdfile/var varrealm/var varusername/var
varinputfile/var
+/code/p/section
section id=optionstitleOptions/title
dl
@@ -64,6 +66,14 @@
varusername/var does not exist is this file, an entry is added. If it
does exist, the password is changed./dd
/dl
+dl
+dtcode-f/code/dt
+ddDon't prompt for password; open varinputfile/var and read the new
+password from there instead. Only the first line is read, which may not be
+empty. As a special case, if varinputfile/var is just a single hyphen
+(strong-/strong), standard input will be read as if it were a regular
+file. The user is not prompted to repeat the password for
confirmation./dd
+/dl
/section
/manualpage
diff -ru httpd-2.0.54.org/support/htdigest.c
httpd-2.0.54.patch/support/htdigest.c
--- httpd-2.0.54.org/support/htdigest.c 2005-03-01 17:02:06.0 +0700
+++ httpd-2.0.54.patch/support/htdigest.c 2005-08-29 17:41:51.095844118
+0700
@@ -67,6 +67,8 @@
apr_xlate_t *to_ascii;
#endif
+
+
static void cleanup_tempfile_and_exit(int rc)
{
if (tfp) {
@@ -119,28 +121,94 @@
}
-static void add_password(const char *user, const char *realm, apr_file_t *f)
+/* Ask for password entered interactively.
+ *
+ * Returns a program exit code on failure, or 0 for success.
+ */
+static int getpw_interactive(char buf[], apr_size_t len)
+{
+char confirmbuf[MAX_STRING_LEN];
+
+apr_size_t tmplen = len;
+if (apr_password_get(New password: , buf, tmplen) != APR_SUCCESS) {
+apr_file_printf(errfile, password too long\n);
+return 5;
+}
+tmplen = sizeof(confirmbuf);
+apr_password_get(Re-type new password: , confirmbuf, tmplen);
+if (strcmp(buf, confirmbuf) != 0) {
+apr_file_printf(errfile, They don't match, sorry.\n);
+return 1;
+}
+
+return 0;
+}
+
+
+/* Read new password from file called pwfile.
+ *
+ * Returns a program exit code on failure, or 0 for success.
+ */
+static int getpw_fromfile(char buf[], apr_size_t len, const char
pw_inputfile[])
+{
+FILE *infile = NULL;
+const char *c;
+int close_infile = 0;
+int e;
+size_t s;
+
+/* TODO: So far, these return codes are entirely arbitrary. */
+
+/* Open password input file (- means standard input) */
+if (strcmp(pw_inputfile, -) == 0) {
+infile = stdin;
+if (!infile) {
+apr_file_printf(errfile, standard input not available\n);
+return 1;
+}
+}
+else {
+infile = fopen(pw_inputfile, rb);
+if (!infile) {
+const int e = errno;
+apr_file_printf(errfile,
+could not open '%s' for reading: %s\n,
+pw_inputfile,
+strerror(e));
+
Bug#323203: psad: Ignores IPTABLES_AUTO_RULENUM
On Thu, Aug 25, 2005 at 03:02:03PM +0200, Daniel Gubser wrote: Here the answer from Mike Rash: if the IPTABLES_AUTO_RULENUM keyword in psad.conf is set to, say, 3, then it should work as advertised, but I need to test this to be sure. Could you please test this? It was set to 3 all along. It's what failed in the first place. I've worked around it by manually creating the jump rule in the proper place in my INPUT chain; psad seems to pick that up correctly, without creating a new one at the beginning of the table. BTW does this question mean that there's another place where I should have set the rulenum as well? Jeroen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#323206: psad: iptables method fails for unclear reasons
On Thu, Aug 25, 2005 at 03:00:37PM +0200, Daniel Gubser wrote: Here is a quick answer from Mike Rash: try executing psad -F before starting psad. I think the reason psad could not add the blocking rule is because the IP is already blocked. Psad may have lost track of the IP because of a bug with the auto-blocking time outs. Executing psad -F should restore things to normal. Note that the upcoming psad-1.4.3 release should have much improved auto- blocking capabilities. It's probably exactly what you expected, but here's the output anyway: # psad -F [+] Flushing Netfilter IPT_AUTO_CHAIN chains... [+] Flushed: PSAD_BLOCK_INPUT. Does this solve your problem (psad -F)? It doesn't. :-( BTW there have been cases in the past where things did work. Is it possible that somehow it matters whether PSAD_BLOCK_INPUT already contains a blocking rule or not? Jeroen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#323784: bittornado: downlader --ip option does not work with dns names
Package: bittornado Version: 0.3.11-4 Severity: normal When I start an initial, complete downloader to publish a file, passing the --ip option with the server's hostname will not work--but there is no error message about this. Replacing the hostname with the numeric address it resolves to does work. It took me a long, long time to figure out why I wasn't getting any data out. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages bittornado depends on: ii python2.3.5-2An interactive high-level object-o -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#198848: bittorrent: My shot at init/config files
Package: bittorrent Version: 3.4.2-3sarge0.1 Followup-For: Bug #198848 Here's what I use as a startup script (/etc/init.d/bttrack), plus a config file (/etc/default/bttrack, so it doesn't interfere with the program itself). I haven't been able to do much testing yet, but it picks up options correctly, starts and shuts down, redirects to correct logfile etc. I'm also attaching a setup script I use to prepare my system for these changes (but not running update-rc.d, of course, since as you point out not everyone would want to run a tracker). -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages bittorrent depends on: ii python2.3.5-2An interactive high-level object-o -- no debconf information _etc_init.d_bttrack Description: application/shellscript # Default configuration for bittorrent tracker, bttrack # Set any bttrack option --foo by defining the variable FOO to the argument # you'd like to pass with the --foo option. See `man bttrack` for a detailed # discussion of the options. # Persistent state file DFILE=/var/lib/bittorrent/bttrack.state # Port defaults to 80, which tends to be inconvenient PORT=6969 # Only allow downloads for .torrent files in this directory #ALLOWED_DIR=/srv/ftp # The following options do not correspond to bttrack options; they influence how # bttrack's init script starts the daemon. # Run under this uid. Must have access to all files and directories involved, # naturally, but should otherwise have minimal privileges to minimize any # security risk. DAEMONUSER=bittorrent # chroot to this directory before starting the daemon. This can also help keep # the daemon secure, but may interact with all sorts of file locations in # unexpected ways. #DAEMONCHROOT=/var/local/lib/bttrack-sandbox # Move to this directory before starting the daemon. This may be useful in # conjunction with DAEMONCHROOT. #DAEMONCHDIR=/var/local/lib/bttrack-sandbox # Run the daemon at this nice priority. Setting a positive value here will # dissuade the system from giving all its CPU time to bttrack requests from the # network. DAEMONNICE=5 # Append log output from daemon to this file. Make sure this log is rotated # from time to time so it doesn't fill up your disk. The daemon will of course # need write access to the log file. DAEMONLOGFILE=/var/log/bittorrent/bttrack.log setup Description: application/shellscript
Bug#323203: psad: Ignores IPTABLES_AUTO_RULENUM
Package: psad Version: 1.4.1-1 Severity: minor I'm experimenting with the audo-IDS feature, and it does create the new netfilter chain and does insert a jump rule from the INPUT chain to the newly created chain. The new rule, however, is inserted at the first position--not the position I configured for it. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages psad depends on: ii ipchains1.3.10-15Network firewalling for Linux 2.2. ii iptables1.3.1-2 Linux kernel 2.4+ iptables adminis ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libcarp-clan-perl 5.3-3Perl enhancement to Carp error log ii libdate-calc-perl 5.4-3Perl library for accessing dates ii libnetwork-ipv4addr-perl0.10-1.1 The Net::IPv4Addr perl module API ii libunix-syslog-perl 0.100-4 Perl interface to the UNIX syslog( ii perl5.8.4-8 Larry Wall's Practical Extraction ii psmisc 21.6-1 Utilities that use the proc filesy ii sysklogd [syslogd] 1.4.1-17 System Logging Daemon ii whois 4.7.5the GNU whois client -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#323206: psad: iptables method fails for unclear reasons
Package: psad Version: 1.4.1-1 Severity: normal The iptables auto-IDS method does not work for me. In /var/log/messages I find that psad has logged errors of the form: could not add iptables block rule for: address Table: filter, chain: PSAD_BLOCK_INPUT, could not add DROP rule for address - 0.0.0.0/0 There's not much I can do about the problem if I have no idea what goes wrong! -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages psad depends on: ii ipchains1.3.10-15Network firewalling for Linux 2.2. ii iptables1.3.1-2 Linux kernel 2.4+ iptables adminis ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libcarp-clan-perl 5.3-3Perl enhancement to Carp error log ii libdate-calc-perl 5.4-3Perl library for accessing dates ii libnetwork-ipv4addr-perl0.10-1.1 The Net::IPv4Addr perl module API ii libunix-syslog-perl 0.100-4 Perl interface to the UNIX syslog( ii perl5.8.4-8 Larry Wall's Practical Extraction ii psmisc 21.6-1 Utilities that use the proc filesy ii sysklogd [syslogd] 1.4.1-17 System Logging Daemon ii whois 4.7.5the GNU whois client -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#322282: ITP: swapspace -- Dynamic swap space manager
On Wed, Aug 10, 2005 at 04:30:22PM +1000, Anibal Monsalve Salazar wrote: Small, stable system add-on that continuously and automatically adapts available virtual memory space to your actual memory needs. Claims disk space for use as swap space when needed; frees it up for use by the filesystem when not needed. [Jeroen, you can be the owner of this ITP, if you wish so.] Thanks for a very fast reaction! I'm not a Debian developer, so I'm probably not a useful owner. I do, however, like to integrate Debian packaging and patches as a first-class citizen in the upstream source tree. Doubly so in this case, where a number of agencies have agreed on Debian as a standard OS base. Jeroen Vermeulen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#320926: trac: Misleading error message for missing permission
Package: trac Version: 0.8.4-1 Severity: minor One of our developers got the following error when trying to create a milestone in trac-admin: # Failed to open environment. The web server user requires read _and_ # write permission # to the database [...] and the directory this file is located in. The problem was that he lacked write permission--but he is not the web server user, which does have permission. Can this error message be changed to reflect that it's the userid executing trac-admin, not necessarily the web server, that needs this permission? Ideally it would mention the effective uid so a sysadmin reading a log file won't need to guess which user is meant. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages trac depends on: ii python2.3.5-2An interactive high-level object-o ii python-clearsilver0.9.13-3.2 python bindings for clearsilver ii python-sqlite 1.0.1-2python interface to SQLite ii python2.3-subversion 1.2.0-1python modules for interfacing wit ii subversion1.1.4-2advanced version control system (a -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#320926: trac: Misleading error message for missing permission
On Tue, Aug 02, 2005 at 05:58:41AM -0300, Otavio Salvador wrote: Sorry but I failed to understand what is the problem. You want to change the error message for what? please, give a example. To something more helpful. Right now, the error message says The web server user requires read _and_ write permission to the database. But if some user is running trac-admin from the command line, or some script is invoking it, it may not be the web server user that needs this permission at all. Instead, perhaps the message could be changed to something like This operation requires read _and_ write permission to the database. Shorter and more accurate. As an extra, it would be nice if the message could mention the currently effective uid, but the main thing is that it should not say the web server user when it means the current user. Jeroen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#319846: trac: completely inoperable (missing dependency?)
Package: trac Version: 0.8.1-3sarge2 Severity: important I'm running sarge with some sid packages on this server, and have just installed trac. I can't run trac-admin to create an initial trac environment as described in README.Debian. Any attempt to run trac-admin results in the following error: : Traceback (most recent call last): : File /usr/bin/trac-admin, line 34, in ? : from trac import sync : File /usr/lib/python2.3/site-packages/trac/sync.py, line 22, in ? : from svn import fs, util, delta, repos, core : ImportError: cannot import name util I've tried this with no options, with --help, under various user identities including root, etc. All give the exact same error. This sounds like a missing dependency. I've tried installing several Python-related packages that were also installed on a somewhat similar setup where trac-admin does work, but with no luck so far. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages trac depends on: hi python2.3.5-2An interactive high-level object-o ii python-clearsilver0.9.13-3.2 python bindings for clearsilver hi python-sqlite 1.0.1-2python interface to SQLite ii python2.3-subversion 1.2.0-1python modules for interfacing wit ii subversion1.1.4-2advanced version control system (a -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#319846: trac: It's a version incompatibility
Package: trac Version: 0.8.1-3sarge2 Followup-For: Bug #319846 Found it: http://lists.edgewall.com/archive/trac-tickets/2005-May/002834.html I guess this should be reflected in the trac package's dependencies. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages trac depends on: ii python2.3.5-2An interactive high-level object-o ii python-clearsilver0.9.13-3.2 python bindings for clearsilver ii python-sqlite 1.0.1-2python interface to SQLite ii python2.3-subversion 1.2.0-1python modules for interfacing wit ii subversion1.1.4-2advanced version control system (a -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#317618: tiger: does not distinguish disabled password from disabled login
Package: tiger Version: 2.2.4-22 Severity: minor Tiger does not distinguish disabled-password users from disabled-login users. This results in the misleading complaint that such users have login disabled (which is incorrect) but still have a valid shell (which is actually appropriate). By disabled-password I mean that the user was created using adduser's --disable-password option. This turned out to be the safest thing to do on a server that only allows remote access through ssh with public key authentication. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages tiger depends on: ii coreutils [fileutils] 5.2.1-2 The GNU core utilities ii debconf 1.4.50 Debian configuration management sy ii diff2.8.1-11 File comparison utilities ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii net-tools 1.60-13 The NET-3 networking toolkit pn shellutils Not found. pn textutilsNot found. -- debconf information: * tiger/mail_rcpt: root * tiger/policy_adapt: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#316192: request-tracker3.4: automate db user creation for postgres
Package: request-tracker3.4 Version: 3.4.1-2 Severity: minor The setup procedure currently requires the dedicated database user to be created manually. For PostgreSQL (both in upstream and downstream default config) this can be done, after login details etc. have been picked, with a command along the following lines: su postgres -c psql template1 -c \ \CREATE USER rtuser WITH PASSWORD 'wibble' CREATEDB\ (Also, the CREATEDB privilege could be omitted if the setup script also ran, under the postgres user, createdb -E unicode -O rtuser rtdb request-tracker database ...instead of logging into the default database as rtuser and creating the database from there, as is currently the case.) -- Package-specific info: Changed files: etc/request-tracker3.4/RT_SiteConfig.pm -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11-1-686-smp Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages request-tracker3.4 depends on: hi apache2-mpm-prefork [apache2 2.0.54-4traditional model for Apache2 ii libapache-dbi-perl 0.94-2 Connect apache server to database ii libapache-session-perl 1.60-2 Perl modules for keeping persisten hi libapache2-mod-perl2 1.999.21-1 Integration of perl with the Apach ii libcache-cache-perl 1.04-1 Managed caches of persistent infor ii libcache-simple-timedexpiry- 0.21-1 Perl module to cache and expire ke ii libclass-returnvalue-perl0.52-1 A return-value object that lets yo ii libdbd-mysql-perl2.9006-1A Perl5 database interface to the ii libdbd-pg-perl 1.41-3 a PostgreSQL interface for Perl 5 ii libdbi-perl 1.46-6 Perl5 database interface by Tim Bu ii libdbix-searchbuilder-perl 1.26-1 Encapsulate SQL queries and rows i ii libexception-class-perl 1.20-1 a module that allows you to declar ii libfcgi-perl 0.67-1 FastCGI Perl module ii libfreezethaw-perl 0.43-2 converting Perl structures to stri ii libhtml-mason-perl 1:1.26-1HTML::Mason Perl module ii libhtml-parser-perl 3.45-2 A collection of modules that parse ii libhtml-scrubber-perl0.08-1 Perl extension for scrubbing/sanit ii liblocale-maketext-fuzzy-per 0.02-1 Maketext from already interpolated ii liblocale-maketext-lexicon-p 0.49-1 Lexicon-handling backends for Loc ii liblog-dispatch-perl 2.10-1 Dispatches messages to multiple Lo ii libmailtools-perl1.62-1 Manipulate email in perl programs ii libmime-perl 5.417-1 Perl5 modules for MIME-compliant m ii libmldbm-perl2.01-1 Store multidimensional hash struct ii libmodule-versions-report-pe 1.02-1 Report versions of all modules in ii libparams-validate-perl 0.76-1 validate parameters to Perl method ii libregexp-common-perl2.120-1 Provide commonly requested regular ii libterm-readkey-perl 2.21-1.3A perl module for simple terminal ii libtest-inline-perl 0.16-1 Embed tests and code examples in P ii libtext-autoformat-perl 1.12-3 Perl module for automatic text wra ii libtext-quoted-perl 1.8-1 Extract the structure of a quoted ii libtext-template-perl1.44-1.1Text::Template perl module ii libtext-wrapper-perl 1.000-2 Simple word wrapping routine ii libtime-modules-perl 2003.1126-2 Various Perl modules for time/date ii libtree-simple-perl 1.14-1 A simple tree object ii libxml-rss-perl 1.05-1 Perl module for managing RSS (RDF hi perl 5.8.4-8 Larry Wall's Practical Extraction ii postfix [mail-transport-agen 2.1.5-9 A high-performance mail transport ii rt3.4-clients3.4.1-2 Mail gateway and command-line inte ii sysklogd [system-log-daemon] 1.4.1-17System Logging Daemon -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#310541: tiger: encrypt vulnerability reports
Package: tiger Severity: wishlist Would it be possible to encrypt vulnerability reports so they can be read only by the designated recipient? That would allow the reports to be transmitted across the internet (which sometimes happens by accident anyway, on badly configured setups) and reduce the changes that tiger might actually help an attacker get deeper into a partially compromised system. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages tiger depends on: ii binutils2.15-5 The GNU assembler, linker and bina ii coreutils [fileutils] 5.2.1-2 The GNU core utilities ii debconf 1.4.49 Debian configuration management sy ii diff2.8.1-11 File comparison utilities ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii net-tools 1.60-13 The NET-3 networking toolkit -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#308898: backup-manager: keep some older archives
Package: backup-manager Version: 0.5.7-1 Severity: wishlist Right now, backup-manager keeps just the last n days' worth of backups. In some situations I would feel more secure if one of those n could be kept around for a bit longer, and perhaps one out of every n for longer still etc. The result would be a complete history of system backups, but with exponentially decreasing level of detail going further back in time. See it as a compromise that allows one to preserve data over longer periods without keeping ridiculous amounts of backups. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11-1-686-smp Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages backup-manager depends on: ii debconf 1.4.30.13 Debian configuration management sy ii gzip 1.3.5-9The GNU compression utility -- debconf information excluded --AACE357414F.111596/localhost.localdomain-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#308897: backup-manager: secure repository
Package: backup-manager Version: 0.5.7-1 Severity: wishlist Creating a world-readable repository would be a serious security breach. I may be mistaken, but AFAICS the installation script fails to check this or warn about it. It doesn't enforce it in any case; I just realized I had a world-readable repository in a working setup. Are there any steps that can be taken to encourage secure configuration, e.g. creating the repository at installation time with root-only access rights, or chmod'ing it if it already exists? Or alternatively, create the backups with root-only access rights and/or encrypt them. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11-1-686-smp Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages backup-manager depends on: ii debconf 1.4.30.13 Debian configuration management sy ii gzip 1.3.5-9The GNU compression utility -- debconf information excluded --D8DB857414F.1115959689/localhost.localdomain-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#303145: CA.pl: -signcert reports success when failing
Package: openssl Version: 0.9.7e-3 Severity: minor File: /usr/lib/ssl/misc/CA.pl Even when failing horrendously, CA.pl -signcert prints Signed certificate is in newcert.pem before exiting. Which of course is not true. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages openssl depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libssl0.9.7 0.9.7e-3 SSL shared libraries -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#297237: moodle: World-readable password
Package: moodle Version: 1.4.3-1 Severity: normal Configuration stored in /etc/moodle/config.php includes a database password. The file is installed as readable by all users. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.10-truffle1 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages moodle depends on: ii apache2-mpm-prefork [httpd] 2.0.53-4 traditional model for Apache2 ii debconf [debconf-2.0] 1.4.45 Debian configuration management sy ii mimetex 1.50-1 LaTeX math expressions to anti-ali ii php4 4:4.3.10-7 server-side, HTML-embedded scripti ii php4-gd 4:4.3.10-7 GD module for php4 ii php4-pgsql3:4.3.10-2 PostgreSQL module for php4 ii wget 1.9.1-10 retrieves files from the web ii wwwconfig-common 0.0.42 Debian web auto configuration -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
