Bug#991767: samba: Attempt to change password over IPv6 using kpasswd fails on AD DC server
Package: samba Version: 2:4.13.5+dfsg-2 Severity: normal Dear Maintainer, After upstream commit 43c808f2ff907497dfff0988ff90a48fdcfc16ef any attempt to change a password over IPv6 fails on the server side. Samba generates the following log entries (on the domain controller): Starting GENSEC mechanism krb5 Failed to start GENSEC server mech krb5: NT_STATUS_INTERNAL_ERROR On the client side the request to change the password results in the following message after a delay of a couple of seconds: kpasswd: Cannot contact any KDC for requested realm changing password Upstream commit 43c808f2ff907497dfff0988ff90a48fdcfc16ef changed calls to tsocket_address_bsd_sockaddr() in gensec_krb5.c such that IPv6 addresses will be rejected. Affected are all upstream releases from branches 4.14 and 4.13. Older branches / releases are not affected. On the distro side, this bug affects soon to be released Debian Bullseye, it does neither affect current stable Debian Buster nor Ubuntu Focal (LTS). Upstream bug (fixed in upstream release 4.13.10): https://bugzilla.samba.org/show_bug.cgi?id=14750 -- Package-specific info: * /etc/samba/smb.conf present, but not attached * /var/lib/samba/dhcp.conf not present -- System Information: Debian Release: 11.0 APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing'), (90, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=C.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages samba depends on: ii adduser 3.118 ii dpkg 1.20.9 ii init-system-helpers 1.60 ii libbsd0 0.11.3-1 ii libc62.31-13 ii libgnutls30 3.7.1-5 ii libldb2 2:2.2.0-3.1 ii libpam-modules 1.4.0-9 ii libpam-runtime 1.4.0-9 ii libpopt0 1.18-2 ii libpython3.9 3.9.2-1 ii libtalloc2 2.3.1-2+b1 ii libtasn1-6 4.16.0-2 ii libtdb1 1.4.3-1+b1 ii libtevent0 0.10.2-1 ii libwbclient0 2:4.13.5+dfsg-2 ii lsb-base 11.1.0 ii procps 2:3.3.17-5 ii python3 3.9.2-3 ii python3-dnspython2.0.0-1 ii python3-samba2:4.13.5+dfsg-2 ii samba-common 2:4.13.5+dfsg-2 ii samba-common-bin 2:4.13.5+dfsg-2 ii samba-libs 2:4.13.5+dfsg-2 ii tdb-tools1.4.3-1+b1 Versions of packages samba recommends: ii attr1:2.4.48-6 ii logrotate 3.18.0-2 ii python3-markdown3.3.4-1 ii samba-dsdb-modules 2:4.13.5+dfsg-2 ii samba-vfs-modules 2:4.13.5+dfsg-2 Versions of packages samba suggests: pn bind9 pn bind9utils pn ctdb ii ldb-tools 2:2.2.0-3.1 pn ntp | chrony pn smbldap-tools pn ufw pn winbind -- no debconf information
Bug#985549: golang-github-containers-dnsname: Incorrect installation path for dnsname binary
Fix submitted via MR in salsa: https://salsa.debian.org/go-team/packages/golang-github-containers-dnsname/-/merge_requests/2 pgpOadshxzZGM.pgp Description: OpenPGP digital signature
Bug#985548: (no subject)
Fix submitted via MR in salsa: https://salsa.debian.org/go-team/packages/golang-github-containers-dnsname/-/merge_requests/1 pgpbDiVKdCHTu.pgp Description: OpenPGP digital signature
Bug#985548: (no subject)
Fix submitted via MR in salsa: https://salsa.debian.org/go-team/packages/golang-github-containers-dnsname/-/merge_requests/1 pgpydNCx3xkYF.pgp Description: OpenPGP digital signature
Bug#985549: golang-github-containers-dnsname: Incorrect installation path for dnsname binary
Package: golang-github-containers-dnsname Version: 1.1.1+ds1-4 Severity: normal Dear Maintainer, The golang-github-containernetworking-plugin-dnsname package places the dnsname binary into /usr/lib/dnsname. However, it should go into /usr/lib/cni/dnsname, otherwise podman will display the following error when trying to start a container on a network with dnsname plugin enabled: WARN[] Error validating CNI config file /etc/cni/net.d/mynetwork.conflist: [failed to find plugin "dnsname" in path [/usr/libexec/cni /usr/lib/cni /usr/local/lib/cni /opt/cni/bin]] In order to work around this it is enough to symlink the binary into the correct location: ln -s /usr/lib/dnsname /usr/lib/cni/dnsname Cheers, Lorenz -- System Information: Debian Release: 10.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (90, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-14-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8 Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled pgpbNecBcZqLA.pgp Description: OpenPGP digital signature
Bug#985548: golang-github-containers-dnsname: Missing dependency dnsmasq-base
Package: golang-github-containers-dnsname Version: 1.1.1+ds1-4 Severity: normal Dear Maintainer, The dnsname cni plugin requires dnsmasq in order to work properly. Thus golang-github-containers-dnsname should depend on dnsmasq-base. -- System Information: Debian Release: 10.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (90, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-14-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_UNSIGNED_MODULE Locale: LANG=C.UTF-8 Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled pgpQZomwZ3kXF.pgp Description: OpenPGP digital signature
Bug#874759: (no subject)
First patch rewrites the URLs and updates debian/watch, second one replaces the libxml dependency with expat. https://libvips.blogspot.ch/2016/09/whats-new-in-84.htmlFrom f48c214aa77cf64adffc71ee81ecee07a3d4475c Mon Sep 17 00:00:00 2001 From: Lorenz Schori <l...@znerol.ch> Date: Sat, 9 Sep 2017 16:09:13 +0200 Subject: [PATCH 1/2] Rewrite URLs to github project --- README.Debian | 4 ++-- control | 2 +- copyright | 2 +- watch | 3 ++- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README.Debian b/README.Debian index ebfda4a..d6a6388 100644 --- a/README.Debian +++ b/README.Debian @@ -2,10 +2,10 @@ Examples -A number of vips examples are available. Please see the "Supported" +A number of vips examples are available. Please see the "Documentation" section of the vips website: -http://www.vips.ecs.soton.ac.uk/ +https://jcupitt.github.io/libvips/ General Notes = diff --git a/control b/control index f02c47b..8b8d05f 100644 --- a/control +++ b/control @@ -16,7 +16,7 @@ Build-Depends: cdbs (>= 0.4.93~), debhelper (>> 9~), dh-autoreconf, XS-Python-Version: all Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org> Standards-Version: 3.9.8 -Homepage: http://www.vips.ecs.soton.ac.uk +Homepage: https://jcupitt.github.io/libvips/ Package: libvips42 Section: libs diff --git a/copyright b/copyright index 99e1322..d6b8270 100644 --- a/copyright +++ b/copyright @@ -3,7 +3,7 @@ October 2, 2004. It was taken over by Laszlo Boszormenyi (GCS) <g...@debian.org> on March 19, 2015. -It was downloaded from http://www.vips.ecs.soton.ac.uk +It was downloaded from https://jcupitt.github.io/libvips/ Upstream Maintainers: John Cupitt <jcup...@gmail.com> diff --git a/watch b/watch index c8a0e23..c7826d3 100644 --- a/watch +++ b/watch @@ -1,2 +1,3 @@ version=3 -http://www.vips.ecs.soton.ac.uk/supported/current/vips-([\d\.]+).tar.gz +opts=filenamemangle=s/.+\/v?(\d\S+)\.tar\.gz/-$1\.tar\.gz/ \ + https://github.com/jcupitt/libvips/tags .*/v?(\d\S+)\.tar\.gz -- 2.11.0 From 27cf785f0b612664989e759cc70b2dfeba533493 Mon Sep 17 00:00:00 2001 From: Lorenz Schori <l...@znerol.ch> Date: Sat, 9 Sep 2017 16:27:47 +0200 Subject: [PATCH 2/2] 8.5: Switch from libxml2 to libexpat1 --- control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/control b/control index 8b8d05f..1dbcfda 100644 --- a/control +++ b/control @@ -10,7 +10,7 @@ Build-Depends: cdbs (>= 0.4.93~), debhelper (>> 9~), dh-autoreconf, libglib2.0-dev, libice-dev, gettext, pkg-config, libxml-parser-perl, libexif-gtk-dev, python-all-dev, python-dev (>= 2.6.6-3~), python-gi-dev (>= 3.12), - liborc-0.4-dev, libopenexr-dev (>= 1.6.1-8.1), libmatio-dev, libxml2-dev, + liborc-0.4-dev, libopenexr-dev (>= 1.6.1-8.1), libmatio-dev, libexpat1-dev, libcfitsio-dev, libopenslide-dev, libwebp-dev, libgsf-1-dev, libgirepository1.0-dev, gtk-doc-tools (>= 1.14) XS-Python-Version: all @@ -44,7 +44,7 @@ Description: image processing system good for very large ones Package: libvips-dev Section: libdevel Architecture: any -Depends: ${misc:Depends}, libvips42 (= ${binary:Version}), libjpeg-dev, libtiff-dev, zlib1g-dev, fftw3-dev | libfftw3-dev, liblcms2-dev, libpng-dev, libmagickcore-dev, libmagickwand-dev, libfreetype6-dev, libpango1.0-dev, libfontconfig1-dev, libglib2.0-dev, libice-dev, gettext, pkg-config, libexif-gtk-dev, python-all-dev, python-dev (>= 2.6.6-3~), liborc-0.4-dev, libopenexr-dev, libmatio-dev, libxml2-dev, libcfitsio-dev, libopenslide-dev, libwebp-dev, libgsf-1-dev, libgif-dev (>= 5.1), libpoppler-glib-dev, librsvg2-dev +Depends: ${misc:Depends}, libvips42 (= ${binary:Version}), libjpeg-dev, libtiff-dev, zlib1g-dev, fftw3-dev | libfftw3-dev, liblcms2-dev, libpng-dev, libmagickcore-dev, libmagickwand-dev, libfreetype6-dev, libpango1.0-dev, libfontconfig1-dev, libglib2.0-dev, libice-dev, gettext, pkg-config, libexif-gtk-dev, python-all-dev, python-dev (>= 2.6.6-3~), liborc-0.4-dev, libopenexr-dev, libmatio-dev, libexpat1-dev, libcfitsio-dev, libopenslide-dev, libwebp-dev, libgsf-1-dev, libgif-dev (>= 5.1), libpoppler-glib-dev, librsvg2-dev Recommends: libvips-doc, libvips-tools Suggests: nip2 Description: image processing system good for very large ones (dev) -- 2.11.0
Bug#874759: vips: New release 8.5 available, project relocated to github
Source: vips Severity: normal Dear Maintainer, A new major version (8.5) is available on the relocated project page: https://jcupitt.github.io/libvips/ Regrettably the old wiki/website neither mentions the new release nor redirects users to the new site. That also applies to the old release directory where debian/watch is pointing to. Note that there are new Python bindings as well using cffi: https://github.com/jcupitt/pyvips -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (990, 'stable'), (500, 'unstable')
Bug#751955: initramfs-tools: Warning: error while trying to store keymap file - ignoring request to install /etc/boottime.kmap.gz
On Fri, 18 Sep 2015 15:56:52 +0200 Clement Hermannwrote: > [...] > Not sure why this wasn't setup by default even though the other > variables where, though. > [...] In my case changing keyboard layout settings in Gnome resulted in the XKBMODEL being deleted from /etc/default/keyboard. Steps to reproduce: 1. $ gnome-control-center 2. Go to "Region & Language" 3. In the "Input Sources" section add some random keyboard layout 4. $ grep -q XKBMODEL /etc/default/keyboard && echo fine || echo broken -> broken 5. # dpkg-reconfigure keyboard-configuration 6. $ grep -q XKBMODEL /etc/default/keyboard && echo fine || echo broken -> fine HTH pgpf9OZFUnjCS.pgp Description: OpenPGP digital signature
Bug#687827: nullmailer: PID check fails on lxc host (and probably openvz and other VM)
On Sun, 16 Sep 2012 14:02:56 +0200 Martin Kos debian@koks.li wrote: I am using nullmailer on a LXC virtualized host with the guests also running nullmailer. Starting nullmailer on the by /etc/init.d/nullmailer fails because the init-script makes a check if there are other nullmailer instances running: PIDS=`pidof nullmailer-send` and this obviously fails because the nullmailer processes from the guest VMs are listed with the pidof function. I just ran into the same problem. I'm operating nullmailer within multiple chroots. I propose to reuse the pidofproc function from /lib/lsb/init-functions and rely onto the pid file instead of querying the process list. Also I propose to propagate the pid file to status_of_proc when determining the process status. Patch attached. --- debian/init.old 2012-06-16 13:41:42.0 +0200 +++ debian/init 2013-04-06 19:22:51.625413742 +0200 @@ -25,9 +25,8 @@ case $1 in start) log_begin_msg Starting $DESC: $NAME - PIDS=`pidof nullmailer-send` # don't kill trigger if daemon already running - if [ -z $PIDS ]; then + if ! pidofproc -p $PIDFILE $DAEMON; then if [ ! -p /var/spool/nullmailer/trigger ]; then rm -f /var/spool/nullmailer/trigger mkfifo /var/spool/nullmailer/trigger @@ -54,7 +53,7 @@ $0 start ;; status) - status_of_proc $DAEMON $NAME + status_of_proc -p $PIDFILE $DAEMON $NAME exit $? ;; *) signature.asc Description: PGP signature
Bug#541335: Missing check for STAT64_SUPPORT in fts_read function
Package: fakeroot Version: 1.12.5 A check for the define STAT64_SUPPORT is missing in the fts_read function, breaking fakeroot on platforms which do not have stat64 support. For example fakeroot on Mac OS X 10.4: $ fakeroot do_something dyld: lazy symbol binding failed: Symbol not found: _send_get_stat64 Referenced from: /Users/tom/prefix/lib/libfakeroot.dylib Expected in: flat namespace dyld: Symbol not found: _send_get_stat64 Referenced from: /Users/tom/prefix/lib/libfakeroot.dylib Expected in: flat namespace The following patch fixes the problem: diff -ur fakeroot-1.12.5.orig/libfakeroot.c fakeroot-1.12.5.send_get_stat64-fix/libfakeroot.c --- fakeroot-1.12.5.orig/libfakeroot.c 2009-06-18 15:19:14.0 +0200 +++ fakeroot-1.12.5.send_get_stat64-fix/libfakeroot.c 2009-08-13 14:17:06.0 +0200 @@ -1496,11 +1496,18 @@ r=next_fts_read(ftsp); if(r r-fts_statp) { /* Should we bother checking fts_info here? */ +# ifdef STAT64_SUPPORT # ifndef STUPID_ALPHA_HACK send_get_stat64(r-fts_statp); # else send_get_stat64(r-fts_statp, _STAT_VER); # endif +# else +# ifndef STUPID_ALPHA_HACK +send_get_stat(r-fts_statp); +# else +send_get_stat(r-fts_statp, _STAT_VER); +# endif } return r; -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org