Bug#992188: alien: Fails to create packages that place files in /usr/local
Package: alien Version: 8.95.4 Severity: normal X-Debbugs-Cc: r...@despairlabs.com Dear Maintainer, Severity: normal Dear Maintainer, We build a number of local packages installing to /usr/local in a chroot, creating a tarball, then running alien to produce a .deb file. Since bullseye, packages fail to build, eg: # debian/rules binary dh binary dh_testroot dh_prep debian/rules override_dh_auto_install make[1]: Entering directory '/usr/src/nginx-build/nginx-fastmail-9:1fmbullseye75159-1.20.1-fastmail' mkdir -p debian/nginx-fastmail # Copy the packages's files. find . -maxdepth 1 -mindepth 1 -not -name debian -print0 | \ >-sed -e s#'./'##g | \ >-xargs -0 -r -i cp -a ./{} debian/nginx-fastmail/{} make[1]: Leaving directory '/usr/src/nginx-build/nginx-fastmail-9:1fmbullseye75159-1.20.1-fastmail' dh_installdocs dh_installchangelogs dh_perl dh_usrlocal dh_usrlocal: error: debian/nginx-fastmail/usr/local/nginx/conf/fastcgi.conf is not a directory make: *** [debian/rules:7: binary] Error 255 The easiest workaround seems to be to add: override_dh_usrlocal: to the generated debian/rules. I understand that files in /usr/local is against Debian policy, but these aren't packages for Debian proper, and there's no telling what might be included inside the source package. Cheers, Rob N. -- System Information: Debian Release: 11.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-10-cloud-amd64 (SMP w/2 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=C.UTF-8 (charmap=locale: Cannot set LC_MESSAGES to default locale: No such file or directory locale: Cannot set LC_ALL to default locale: No such file or directory UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: unable to detect Versions of packages alien depends on: ii cpio 2.13+dfsg-4 ii debhelper 13.3.4 ii dpkg-dev 1.20.9 ii make 4.3-4.1 ii perl 5.32.1-4 ii rpm4.16.1.2+dfsg1-3 ii rpm2cpio 4.16.1.2+dfsg1-3 alien recommends no packages. Versions of packages alien suggests: ii bzip21.0.8-4 ii lintian 2.104.0 ii patch2.7.6-7 ii xz-utils [lzma] 5.2.5-2 -- debconf information: perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), LC_CTYPE = "C.UTF-8", LANG = "en_US.UTF-8" are supported and installed on your system. perl: warning: Falling back to the standard locale ("C"). locale: Cannot set LC_MESSAGES to default locale: No such file or directory locale: Cannot set LC_ALL to default locale: No such file or directory
Bug#986135: libnet-netmask-perl: CVE-2021-29424: mis-parses IP addresses in some situations
Package: libnet-netmask-perl Version: 1.9104-1 Severity: normal Dear Maintainer, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29424 https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ https://metacpan.org/changes/distribution/Net-Netmask#L11-22 Fix exists upstream, and should be trivially backportable. -- System Information: Debian Release: 10.9 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-14-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libnet-netmask-perl depends on: ii perl 5.28.1-6+deb10u1 libnet-netmask-perl recommends no packages. libnet-netmask-perl suggests no packages.
Bug#983286: rsyslog stops writing logs until restarted
Package: rsyslog Version: 8.1901.0-1 Severity: important Tags: upstream patch Dear Maintainer, In high-volume situations, omfile with asyncWriting enabled can stop writing to output files and remain stuck there until rsyslog is restarted. I have seen this twice in the last couple of months on my buster hosts. Upstream bug report: https://github.com/rsyslog/rsyslog/issues/1701 Upstream fix: https://github.com/rsyslog/rsyslog/pull/2794 This patch was released in upstream v8.2012, and so is likely also fixed in Debian's rsyslog 8.2012.0-1 (testing) and 8.2102.0-2 (unstable). I suggest a backported patch for the next stable point release and/or an updated package on buster-backports would be nice for those who don't have the ability to patch and build their own packages. Thanks! Rob N. -- System Information: Debian Release: 10.8 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-0.bpo.3-amd64 (SMP w/2 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages rsyslog depends on: ii init-system-helpers 1.56+nmu1 ii libc62.28-10 ii libestr0 0.1.10-2.1 ii libfastjson4 0.99.8-2 ii liblognorm5 2.0.5-1 ii libsystemd0 241-7~deb10u6 ii libuuid1 2.33.1-0.1 ii lsb-base 10.2019051400 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages rsyslog recommends: ii logrotate 3.14.0-4 Versions of packages rsyslog suggests: pn rsyslog-doc ii rsyslog-gnutls 8.1901.0-1 pn rsyslog-gssapi pn rsyslog-mongodb pn rsyslog-mysql | rsyslog-pgsql pn rsyslog-relp -- Configuration Files: /etc/logrotate.d/rsyslog changed [not included] /etc/rsyslog.conf changed [not included] -- no debconf information
Bug#888484: clamav: Security release 0.99.3 available
On Sat, Jan 27, 2018, at 11:08 AM, Sebastian Andrzej Siewior wrote: > I **think** the crashes you obsereved might be due to FD desc > issue. This> was fixed in Stretch by chance but not in Jessie. However the > remaining> CVEs were not addressed yet and I'm looking into it… Yes, I found this too after reviewing discussion on clamav-users. I've been running the latest daily.cvd on a test server this morning without issue, which is a good enough solution for me at the moment. I will of course be watching for updated packages, but it's definitiely no long urgent. Thanks you all for the pointers; I appreciate the assist :) Rob N.
Bug#888484: clamav: Security release 0.99.3 available
Package: clamav Version: 0.99.2+dfsg-0+deb8u2 Severity: important 0.99.3 has been released, see http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html. This fixed a number of overflow bugs, each of which has assigned CVE numbers due to the potential for denial of service. We've have started seeing unexpected clamd crashes on a high-traffic mail system today, though I've been unable to isolate a test case. It's seems like too much of a coincidence that these crashes start happening the day after a security release was announced. We've implemented mitigations but an updated package would be even better. Cheers! Rob N. -- Package-specific info: --- configuration --- Checking configuration files in /etc/clamav Config file: clamd.conf --- LogFile = "/var/log/clamav/clamav.log" StatsHostID = "auto" StatsEnabled disabled StatsPEDisabled = "yes" StatsTimeout = "10" LogFileUnlock disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogClean disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" ExtendedDetectionInfo = "yes" PidFile disabled TemporaryDirectory disabled DatabaseDirectory = "/var/lib/clamav" OfficialDatabaseOnly disabled LocalSocket = "/var/run/clamav/clamd.ctl" LocalSocketGroup = "clamav" LocalSocketMode = "666" FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled MaxConnectionQueueLength = "15" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "12" ReadTimeout = "180" CommandReadTimeout = "5" SendBufTimeout = "200" MaxQueue = "100" IdleTimeout = "30" ExcludePath disabled MaxDirectoryRecursion = "15" FollowDirectorySymlinks disabled FollowFileSymlinks disabled CrossFilesystems = "yes" SelfCheck = "3600" DisableCache disabled VirusEvent disabled ExitOnOOM disabled AllowAllMatchScan = "yes" Foreground disabled Debug disabled LeaveTemporaryFiles disabled User = "clamav" AllowSupplementaryGroups disabled Bytecode = "yes" BytecodeSecurity = "TrustSigned" BytecodeTimeout = "6" BytecodeUnsigned disabled BytecodeMode = "Auto" DetectPUA disabled ExcludePUA disabled IncludePUA disabled AlgorithmicDetection = "yes" ScanPE = "yes" ScanELF = "yes" DetectBrokenExecutables disabled ScanMail = "yes" ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" PhishingAlwaysBlockCloak disabled PhishingAlwaysBlockSSLMismatch disabled PartitionIntersection disabled HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" OLE2BlockMacros disabled ScanPDF = "yes" ScanSWF = "yes" ScanXMLDOCS = "yes" ScanHWP3 = "yes" ScanArchive = "yes" ArchiveBlockEncrypted disabled ForceToDisk disabled MaxScanSize = "104857600" MaxFileSize = "26214400" MaxRecursion = "16" MaxFiles = "1" MaxEmbeddedPE = "10485760" MaxHTMLNormalize = "10485760" MaxHTMLNoTags = "2097152" MaxScriptNormalize = "5242880" MaxZipTypeRcg = "1048576" MaxPartitions = "50" MaxIconsPE = "100" MaxRecHWP3 = "16" PCREMatchLimit = "1" PCRERecMatchLimit = "5000" PCREMaxFileSize = "26214400" ScanOnAccess disabled OnAccessMountPath disabled OnAccessIncludePath disabled OnAccessExcludePath disabled OnAccessExcludeUID disabled OnAccessMaxFileSize = "5242880" OnAccessDisableDDD disabled OnAccessPrevention disabled OnAccessExtraScanning disabled DevACOnly disabled DevACDepth disabled DevPerformance disabled DevLiblog disabled DisableCertCheck disabled Config file: freshclam.conf --- StatsHostID disabled StatsEnabled disabled StatsTimeout disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" PidFile disabled DatabaseDirectory = "/var/lib/clamav" Foreground disabled Debug disabled AllowSupplementaryGroups disabled UpdateLogFile = "/var/log/clamav/freshclam.log" DatabaseOwner = "clamav" Checks = "24" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "db.local.clamav.net", "database.clamav.net" PrivateMirror disabled MaxAttempts = "5" ScriptedUpdates = &q
Bug#824532: udev: Include udev rules for more U2F devices
On Sun, Nov 13, 2016, at 07:10 AM, Michael Biebl wrote: > Hm, I'm not sure if shipping 70-debian-uaccess.rules in the udev > package was a good idea in the first place. Imho this file should be > maintained by the libu2f-host package, and apparently it already ships > a rules file for that I would argue that the rules file should be shipped wherever standard device support stuff is shipped (I think that is udev, though anything else installed as "standard" would be fine). libu2f-host is not required to use U2F devices. A supporting web browser is all that's needed, typically Chromium etc, and soon Firefox. Including it makes these devices work out-of-the-box, which is what people expect. Requiring a library package to be installed that isn't even used just raises the bar unnecessarily. (just like every other device I don't own but have udev rules installed for).