Bug#992188: alien: Fails to create packages that place files in /usr/local

2021-08-15 Thread Rob N 
Package: alien
Version: 8.95.4
Severity: normal
X-Debbugs-Cc: r...@despairlabs.com

Dear Maintainer,

Severity: normal

Dear Maintainer,

We build a number of local packages installing to /usr/local in a
chroot, creating a tarball, then running alien to produce a .deb file.

Since bullseye, packages fail to build, eg:

  # debian/rules binary
  dh binary
 dh_testroot
 dh_prep
 debian/rules override_dh_auto_install
  make[1]: Entering directory 
'/usr/src/nginx-build/nginx-fastmail-9:1fmbullseye75159-1.20.1-fastmail'
  mkdir -p debian/nginx-fastmail
  # Copy the packages's files.
  find . -maxdepth 1 -mindepth 1 -not -name debian -print0 | \
  >-sed -e s#'./'##g | \
  >-xargs -0 -r -i cp -a ./{} debian/nginx-fastmail/{}
  make[1]: Leaving directory 
'/usr/src/nginx-build/nginx-fastmail-9:1fmbullseye75159-1.20.1-fastmail'
 dh_installdocs
 dh_installchangelogs
 dh_perl
 dh_usrlocal
  dh_usrlocal: error: debian/nginx-fastmail/usr/local/nginx/conf/fastcgi.conf 
is not a directory
  make: *** [debian/rules:7: binary] Error 255

The easiest workaround seems to be to add:

  override_dh_usrlocal:

to the generated debian/rules.

I understand that files in /usr/local is against Debian policy, but
these aren't packages for Debian proper, and there's no telling what
might be included inside the source package.

Cheers,
Rob N.

-- System Information:
Debian Release: 11.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-10-cloud-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=C.UTF-8 (charmap=locale: Cannot set 
LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect

Versions of packages alien depends on:
ii  cpio   2.13+dfsg-4
ii  debhelper  13.3.4
ii  dpkg-dev   1.20.9
ii  make   4.3-4.1
ii  perl   5.32.1-4
ii  rpm4.16.1.2+dfsg1-3
ii  rpm2cpio   4.16.1.2+dfsg1-3

alien recommends no packages.

Versions of packages alien suggests:
ii  bzip21.0.8-4
ii  lintian  2.104.0
ii  patch2.7.6-7
ii  xz-utils [lzma]  5.2.5-2

-- debconf information:
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LC_CTYPE = "C.UTF-8",
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory

Bug#986135: libnet-netmask-perl: CVE-2021-29424: mis-parses IP addresses in some situations

2021-03-30 Thread Rob N 
Package: libnet-netmask-perl
Version: 1.9104-1
Severity: normal

Dear Maintainer,

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29424
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
https://metacpan.org/changes/distribution/Net-Netmask#L11-22

Fix exists upstream, and should be trivially backportable.

-- System Information:
Debian Release: 10.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-14-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libnet-netmask-perl depends on:
ii  perl  5.28.1-6+deb10u1

libnet-netmask-perl recommends no packages.

libnet-netmask-perl suggests no packages.

Bug#983286: rsyslog stops writing logs until restarted

2021-02-21 Thread Rob N 
Package: rsyslog
Version: 8.1901.0-1
Severity: important
Tags: upstream patch

Dear Maintainer,

In high-volume situations, omfile with asyncWriting enabled can stop
writing to output files and remain stuck there until rsyslog is
restarted.

I have seen this twice in the last couple of months on my buster hosts.

Upstream bug report: https://github.com/rsyslog/rsyslog/issues/1701

Upstream fix: https://github.com/rsyslog/rsyslog/pull/2794

This patch was released in upstream v8.2012, and so is likely also fixed
in Debian's rsyslog 8.2012.0-1 (testing) and 8.2102.0-2 (unstable). I
suggest a backported patch for the next stable point release and/or an
updated package on buster-backports would be nice for those who don't
have the ability to patch and build their own packages.

Thanks!
Rob N.


-- System Information:
Debian Release: 10.8
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-0.bpo.3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages rsyslog depends on:
ii  init-system-helpers  1.56+nmu1
ii  libc62.28-10
ii  libestr0 0.1.10-2.1
ii  libfastjson4 0.99.8-2
ii  liblognorm5  2.0.5-1
ii  libsystemd0  241-7~deb10u6
ii  libuuid1 2.33.1-0.1
ii  lsb-base 10.2019051400
ii  zlib1g   1:1.2.11.dfsg-1

Versions of packages rsyslog recommends:
ii  logrotate  3.14.0-4

Versions of packages rsyslog suggests:
pn  rsyslog-doc
ii  rsyslog-gnutls 8.1901.0-1
pn  rsyslog-gssapi 
pn  rsyslog-mongodb
pn  rsyslog-mysql | rsyslog-pgsql  
pn  rsyslog-relp   

-- Configuration Files:
/etc/logrotate.d/rsyslog changed [not included]
/etc/rsyslog.conf changed [not included]

-- no debconf information

Bug#888484: clamav: Security release 0.99.3 available

2018-01-26 Thread Rob N 
On Sat, Jan 27, 2018, at 11:08 AM, Sebastian Andrzej Siewior wrote:
> I **think** the crashes you obsereved might be due to FD desc
> issue. This> was fixed in Stretch by chance but not in Jessie. However the
> remaining> CVEs were not addressed yet and I'm looking into it…

Yes, I found this too after reviewing discussion on clamav-users. I've
been running the latest daily.cvd on a test server this morning without
issue, which is a good enough solution for me at the moment.
I will of course be watching for updated packages, but it's definitiely
no long urgent.
Thanks you all for the pointers; I appreciate the assist :)

Rob N.

Bug#888484: clamav: Security release 0.99.3 available

2018-01-26 Thread Rob N 
Package: clamav
Version: 0.99.2+dfsg-0+deb8u2
Severity: important

0.99.3 has been released, see 
http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html.

This fixed a number of overflow bugs, each of which has assigned CVE numbers
due to the potential for denial of service.

We've have started seeing unexpected clamd crashes on a high-traffic mail
system today, though I've been unable to isolate a test case. It's seems like
too much of a coincidence that these crashes start happening the day after a
security release was announced. We've implemented mitigations but an updated
package would be even better.

Cheers!
Rob N.


-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav

Config file: clamd.conf
---
LogFile = "/var/log/clamav/clamav.log"
StatsHostID = "auto"
StatsEnabled disabled
StatsPEDisabled = "yes"
StatsTimeout = "10"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
AllowSupplementaryGroups disabled
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "6"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
PartitionIntersection disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
OLE2BlockMacros disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
ForceToDisk disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "1"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "1"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
ScanOnAccess disabled
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeUID disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled

Config file: freshclam.conf
---
StatsHostID disabled
StatsEnabled disabled
StatsTimeout disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
AllowSupplementaryGroups disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = &q

Bug#824532: udev: Include udev rules for more U2F devices

2016-11-12 Thread Rob N 
On Sun, Nov 13, 2016, at 07:10 AM, Michael Biebl wrote:
> Hm, I'm not sure if shipping 70-debian-uaccess.rules in the udev
> package was a good idea in the first place. Imho this file should be
> maintained by the libu2f-host package, and apparently it already ships
> a rules file for that

I would argue that the rules file should be shipped wherever standard
device support stuff is shipped (I think that is udev, though anything
else installed as "standard" would be fine).

libu2f-host is not required to use U2F devices. A supporting web browser
is all that's needed, typically Chromium etc, and soon Firefox.

Including it makes these devices work out-of-the-box, which is what
people expect. Requiring a library package to be installed that isn't
even used just raises the bar unnecessarily.

(just like every other device I don't own but have udev rules
installed for).