Bug#991767: samba: Attempt to change password over IPv6 using kpasswd fails on AD DC server

[Lorenz Schori]

Package: samba
Version: 2:4.13.5+dfsg-2
Severity: normal

Dear Maintainer,

After upstream commit 43c808f2ff907497dfff0988ff90a48fdcfc16ef any
attempt to change a password over IPv6 fails on the server side. Samba
generates the following log entries (on the domain controller):

Starting GENSEC mechanism krb5
Failed to start GENSEC server mech krb5: NT_STATUS_INTERNAL_ERROR

On the client side the request to change the password results in the
following message after a delay of a couple of seconds:

kpasswd: Cannot contact any KDC for requested realm changing
password

Upstream commit 43c808f2ff907497dfff0988ff90a48fdcfc16ef changed calls
to tsocket_address_bsd_sockaddr() in gensec_krb5.c such that IPv6
addresses will be rejected.

Affected are all upstream releases from branches 4.14 and 4.13. Older
branches / releases are not affected.

On the distro side, this bug affects soon to be released Debian
Bullseye, it does neither affect current stable Debian Buster nor Ubuntu
Focal (LTS).

Upstream bug (fixed in upstream release 4.13.10):
https://bugzilla.samba.org/show_bug.cgi?id=14750

-- Package-specific info:
* /etc/samba/smb.conf present, but not attached
* /var/lib/samba/dhcp.conf not present

-- System Information:
Debian Release: 11.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing'), (90,
'unstable'), (1, 'experimental') Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8),
LANGUAGE=C.UTF-8 Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages samba depends on:
ii  adduser  3.118
ii  dpkg 1.20.9
ii  init-system-helpers  1.60
ii  libbsd0  0.11.3-1
ii  libc62.31-13
ii  libgnutls30  3.7.1-5
ii  libldb2  2:2.2.0-3.1
ii  libpam-modules   1.4.0-9
ii  libpam-runtime   1.4.0-9
ii  libpopt0 1.18-2
ii  libpython3.9 3.9.2-1
ii  libtalloc2   2.3.1-2+b1
ii  libtasn1-6   4.16.0-2
ii  libtdb1  1.4.3-1+b1
ii  libtevent0   0.10.2-1
ii  libwbclient0 2:4.13.5+dfsg-2
ii  lsb-base 11.1.0
ii  procps   2:3.3.17-5
ii  python3  3.9.2-3
ii  python3-dnspython2.0.0-1
ii  python3-samba2:4.13.5+dfsg-2
ii  samba-common 2:4.13.5+dfsg-2
ii  samba-common-bin 2:4.13.5+dfsg-2
ii  samba-libs   2:4.13.5+dfsg-2
ii  tdb-tools1.4.3-1+b1

Versions of packages samba recommends:
ii  attr1:2.4.48-6
ii  logrotate   3.18.0-2
ii  python3-markdown3.3.4-1
ii  samba-dsdb-modules  2:4.13.5+dfsg-2
ii  samba-vfs-modules   2:4.13.5+dfsg-2

Versions of packages samba suggests:
pn  bind9  
pn  bind9utils 
pn  ctdb   
ii  ldb-tools  2:2.2.0-3.1
pn  ntp | chrony   
pn  smbldap-tools  
pn  ufw
pn  winbind

-- no debconf information

Bug#985549: golang-github-containers-dnsname: Incorrect installation path for dnsname binary

[Lorenz Schori]

Fix submitted via MR in salsa:
https://salsa.debian.org/go-team/packages/golang-github-containers-dnsname/-/merge_requests/2


pgpOadshxzZGM.pgp
Description: OpenPGP digital signature

Bug#985548: (no subject)

[Lorenz Schori]

Fix submitted via MR in salsa:
https://salsa.debian.org/go-team/packages/golang-github-containers-dnsname/-/merge_requests/1


pgpbDiVKdCHTu.pgp
Description: OpenPGP digital signature

Bug#985548: (no subject)

[Lorenz Schori]

Fix submitted via MR in salsa:
https://salsa.debian.org/go-team/packages/golang-github-containers-dnsname/-/merge_requests/1


pgpydNCx3xkYF.pgp
Description: OpenPGP digital signature

Bug#985549: golang-github-containers-dnsname: Incorrect installation path for dnsname binary

[Lorenz Schori]

Package: golang-github-containers-dnsname
Version: 1.1.1+ds1-4
Severity: normal

Dear Maintainer,

The golang-github-containernetworking-plugin-dnsname package places the
dnsname binary into /usr/lib/dnsname. However, it should go into
/usr/lib/cni/dnsname, otherwise podman will display the following error
when trying to start a container on a network with dnsname plugin
enabled:

WARN[] Error validating CNI config
file /etc/cni/net.d/mynetwork.conflist: [failed to find plugin
"dnsname" in path
[/usr/libexec/cni /usr/lib/cni /usr/local/lib/cni /opt/cni/bin]]

In order to work around this it is enough to symlink the binary into the
correct location:

ln -s /usr/lib/dnsname /usr/lib/cni/dnsname

Cheers,
Lorenz

-- System Information:
Debian Release: 10.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (90, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-14-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


pgpbNecBcZqLA.pgp
Description: OpenPGP digital signature

Bug#985548: golang-github-containers-dnsname: Missing dependency dnsmasq-base

[Lorenz Schori]

Package: golang-github-containers-dnsname
Version: 1.1.1+ds1-4
Severity: normal

Dear Maintainer,

The dnsname cni plugin requires dnsmasq in order to work properly. Thus
golang-github-containers-dnsname should depend on dnsmasq-base.

-- System Information:
Debian Release: 10.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (90, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-14-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


pgpQZomwZ3kXF.pgp
Description: OpenPGP digital signature

Bug#874759: (no subject)

[Lorenz Schori]

First patch rewrites the URLs and updates debian/watch, second one
replaces the libxml dependency with expat.
https://libvips.blogspot.ch/2016/09/whats-new-in-84.htmlFrom f48c214aa77cf64adffc71ee81ecee07a3d4475c Mon Sep 17 00:00:00 2001
From: Lorenz Schori <l...@znerol.ch>
Date: Sat, 9 Sep 2017 16:09:13 +0200
Subject: [PATCH 1/2] Rewrite URLs to github project

---
 README.Debian | 4 ++--
 control   | 2 +-
 copyright | 2 +-
 watch | 3 ++-
 4 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/README.Debian b/README.Debian
index ebfda4a..d6a6388 100644
--- a/README.Debian
+++ b/README.Debian
@@ -2,10 +2,10 @@
 Examples
 
 
-A number of vips examples are available.  Please see the "Supported"
+A number of vips examples are available.  Please see the "Documentation"
 section of the vips website:
 
-http://www.vips.ecs.soton.ac.uk/
+https://jcupitt.github.io/libvips/
 
 General Notes
 =
diff --git a/control b/control
index f02c47b..8b8d05f 100644
--- a/control
+++ b/control
@@ -16,7 +16,7 @@ Build-Depends: cdbs (>= 0.4.93~), debhelper (>> 9~), dh-autoreconf,
 XS-Python-Version: all
 Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org>
 Standards-Version: 3.9.8
-Homepage: http://www.vips.ecs.soton.ac.uk
+Homepage: https://jcupitt.github.io/libvips/
 
 Package: libvips42
 Section: libs
diff --git a/copyright b/copyright
index 99e1322..d6b8270 100644
--- a/copyright
+++ b/copyright
@@ -3,7 +3,7 @@ October 2, 2004.
 It was taken over by Laszlo Boszormenyi (GCS) <g...@debian.org> on March 19,
 2015.
 
-It was downloaded from http://www.vips.ecs.soton.ac.uk
+It was downloaded from https://jcupitt.github.io/libvips/
 
 Upstream Maintainers:
   John Cupitt <jcup...@gmail.com>
diff --git a/watch b/watch
index c8a0e23..c7826d3 100644
--- a/watch
+++ b/watch
@@ -1,2 +1,3 @@
 version=3
-http://www.vips.ecs.soton.ac.uk/supported/current/vips-([\d\.]+).tar.gz
+opts=filenamemangle=s/.+\/v?(\d\S+)\.tar\.gz/-$1\.tar\.gz/ \
+  https://github.com/jcupitt/libvips/tags .*/v?(\d\S+)\.tar\.gz
-- 
2.11.0

From 27cf785f0b612664989e759cc70b2dfeba533493 Mon Sep 17 00:00:00 2001
From: Lorenz Schori <l...@znerol.ch>
Date: Sat, 9 Sep 2017 16:27:47 +0200
Subject: [PATCH 2/2] 8.5: Switch from libxml2 to libexpat1

---
 control | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/control b/control
index 8b8d05f..1dbcfda 100644
--- a/control
+++ b/control
@@ -10,7 +10,7 @@ Build-Depends: cdbs (>= 0.4.93~), debhelper (>> 9~), dh-autoreconf,
  libglib2.0-dev, libice-dev, gettext, pkg-config, libxml-parser-perl,
  libexif-gtk-dev,
  python-all-dev, python-dev (>= 2.6.6-3~), python-gi-dev (>= 3.12),
- liborc-0.4-dev, libopenexr-dev (>= 1.6.1-8.1), libmatio-dev, libxml2-dev,
+ liborc-0.4-dev, libopenexr-dev (>= 1.6.1-8.1), libmatio-dev, libexpat1-dev,
  libcfitsio-dev, libopenslide-dev, libwebp-dev, libgsf-1-dev,
  libgirepository1.0-dev, gtk-doc-tools (>= 1.14)
 XS-Python-Version: all
@@ -44,7 +44,7 @@ Description: image processing system good for very large ones
 Package: libvips-dev
 Section: libdevel
 Architecture: any
-Depends: ${misc:Depends}, libvips42 (= ${binary:Version}), libjpeg-dev, libtiff-dev, zlib1g-dev, fftw3-dev | libfftw3-dev, liblcms2-dev, libpng-dev, libmagickcore-dev, libmagickwand-dev, libfreetype6-dev, libpango1.0-dev, libfontconfig1-dev, libglib2.0-dev, libice-dev, gettext, pkg-config, libexif-gtk-dev, python-all-dev, python-dev (>= 2.6.6-3~), liborc-0.4-dev, libopenexr-dev, libmatio-dev, libxml2-dev, libcfitsio-dev, libopenslide-dev, libwebp-dev, libgsf-1-dev, libgif-dev (>= 5.1), libpoppler-glib-dev, librsvg2-dev
+Depends: ${misc:Depends}, libvips42 (= ${binary:Version}), libjpeg-dev, libtiff-dev, zlib1g-dev, fftw3-dev | libfftw3-dev, liblcms2-dev, libpng-dev, libmagickcore-dev, libmagickwand-dev, libfreetype6-dev, libpango1.0-dev, libfontconfig1-dev, libglib2.0-dev, libice-dev, gettext, pkg-config, libexif-gtk-dev, python-all-dev, python-dev (>= 2.6.6-3~), liborc-0.4-dev, libopenexr-dev, libmatio-dev, libexpat1-dev, libcfitsio-dev, libopenslide-dev, libwebp-dev, libgsf-1-dev, libgif-dev (>= 5.1), libpoppler-glib-dev, librsvg2-dev
 Recommends: libvips-doc, libvips-tools
 Suggests: nip2
 Description: image processing system good for very large ones (dev)
-- 
2.11.0

Bug#874759: vips: New release 8.5 available, project relocated to github

[Lorenz Schori]

Source: vips
Severity: normal

Dear Maintainer,

A new major version (8.5) is available on the relocated project page:
https://jcupitt.github.io/libvips/

Regrettably the old wiki/website neither mentions the new release nor
redirects users to the new site. That also applies to the old release
directory where debian/watch is pointing to.

Note that there are new Python bindings as well using cffi:
https://github.com/jcupitt/pyvips

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable')

Bug#751955: initramfs-tools: Warning: error while trying to store keymap file - ignoring request to install /etc/boottime.kmap.gz

[Lorenz Schori]

On Fri, 18 Sep 2015 15:56:52 +0200 Clement Hermann 
wrote:
> [...]
> Not sure why this wasn't setup by default even though the other
> variables where, though.
> [...]

In my case changing keyboard layout settings in Gnome resulted in the
XKBMODEL being deleted from /etc/default/keyboard.

Steps to reproduce:
1. $ gnome-control-center
2. Go to "Region & Language"
3. In the "Input Sources" section add some random keyboard layout
4. $ grep -q XKBMODEL /etc/default/keyboard && echo fine || echo broken
   -> broken
5. # dpkg-reconfigure keyboard-configuration
6. $ grep -q XKBMODEL /etc/default/keyboard && echo fine || echo broken
   -> fine

HTH


pgpf9OZFUnjCS.pgp
Description: OpenPGP digital signature

Bug#687827: nullmailer: PID check fails on lxc host (and probably openvz and other VM)

[Lorenz Schori]

On Sun, 16 Sep 2012 14:02:56 +0200
Martin Kos debian@koks.li wrote:

 I am using nullmailer on a LXC virtualized host with the guests also
 running nullmailer. Starting nullmailer on the
 by /etc/init.d/nullmailer fails because the init-script makes a check
 if there are other nullmailer instances running: PIDS=`pidof
 nullmailer-send` and this obviously fails because the nullmailer
 processes from the guest VMs are listed with the pidof function. 

I just ran into the same problem. I'm operating nullmailer within
multiple chroots. I propose to reuse the pidofproc function
from /lib/lsb/init-functions and rely onto the pid file instead of
querying the process list. Also I propose to propagate the pid file to
status_of_proc when determining the process status. Patch attached.
--- debian/init.old	2012-06-16 13:41:42.0 +0200
+++ debian/init	2013-04-06 19:22:51.625413742 +0200
@@ -25,9 +25,8 @@
 case $1 in
   start)
 	log_begin_msg Starting $DESC: $NAME
-	PIDS=`pidof nullmailer-send`
 	# don't kill trigger if daemon already running
-	if [ -z $PIDS ]; then
+	if ! pidofproc -p $PIDFILE $DAEMON; then
 	if [ ! -p /var/spool/nullmailer/trigger ]; then
 		rm -f /var/spool/nullmailer/trigger
 		mkfifo /var/spool/nullmailer/trigger   
@@ -54,7 +53,7 @@
 	$0 start
 	;;
   status)
-	status_of_proc $DAEMON $NAME
+	status_of_proc -p $PIDFILE $DAEMON $NAME
 	exit $?
 	;;
   *)


signature.asc
Description: PGP signature

Bug#541335: Missing check for STAT64_SUPPORT in fts_read function

[lorenz schori]

Package: fakeroot
Version: 1.12.5

A check for the define STAT64_SUPPORT is missing in the fts_read  
function, breaking fakeroot on platforms which do not have stat64  
support. For example fakeroot on Mac OS X 10.4:


$ fakeroot do_something
dyld: lazy symbol binding failed: Symbol not found: _send_get_stat64
  Referenced from: /Users/tom/prefix/lib/libfakeroot.dylib
  Expected in: flat namespace

dyld: Symbol not found: _send_get_stat64
  Referenced from: /Users/tom/prefix/lib/libfakeroot.dylib
  Expected in: flat namespace

The following patch fixes the problem:

diff -ur fakeroot-1.12.5.orig/libfakeroot.c  
fakeroot-1.12.5.send_get_stat64-fix/libfakeroot.c
--- fakeroot-1.12.5.orig/libfakeroot.c	2009-06-18 15:19:14.0  
+0200
+++ fakeroot-1.12.5.send_get_stat64-fix/libfakeroot.c	2009-08-13  
14:17:06.0 +0200

@@ -1496,11 +1496,18 @@

   r=next_fts_read(ftsp);
   if(r  r-fts_statp) {  /* Should we bother checking fts_info  
here? */

+# ifdef STAT64_SUPPORT
 # ifndef STUPID_ALPHA_HACK
 send_get_stat64(r-fts_statp);
 # else
 send_get_stat64(r-fts_statp, _STAT_VER);
 # endif
+# else
+# ifndef STUPID_ALPHA_HACK
+send_get_stat(r-fts_statp);
+# else
+send_get_stat(r-fts_statp, _STAT_VER);
+# endif
   }

   return r;




--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org