Bug#910086: correction / additional info
Thanks again Theodore. You are absolutely right with "full disc encryption should be the best way for my usecase". "Should" because the used backup software behind samba is Microsoft's "wbadmin". I'm able to copy gb's of data through samba to an dm-crypt (LUKS/veracrypt/truecrypt) device but I'm not able to do the same using "wbadmin" without errors. The same constellation (devices, softwares, configurations) is working without any encryption or with ext4-encryption. My destination device is an md mirror of SATA and USB devices so I'm able to change the USB device weekly removing from raid an rebuilding it. This works with truecrypt for years but one day ... You know the rest of the story and I'm not able to find out what changed (perhaps an MS update I can't revert). The first step should be to make an bug report of this misbehaviour but I'm not sure where to address. Every party will show to the other. And because I need backups and like the removed devices to be encrypted I tried ext4 built-in encryption. Nice to have, because its an layer less then using dm in between. Now I know ext4 encryption workes as is and as should, also the kernel key infrastructure but in combination its a bit confusing first time. Mit freundlichen Grüßen / Kind regards Ronny Seffner -- Ronny Seffner | Alter Viehweg 1 | 01665 Klipphausen www.seffner.de | ro...@seffner.de | +49 35245 72950 7EA62E22D9CC4F0B74DCBCEA864623A568694DB8
Bug#910086: e2fsprogs: Perhaps FS-cache makes crypted content accessable for others.
Package: e2fsprogs Version: 1.43.4-2 Severity: important Dear Maintainer, I believe FS-cache is breaking ext4 crypt. - enabled crypt for a folder by user1 - created a file1 with content inside this folder by user1 - allowed user2 to read and write into this folder (simple POSIX group or others) - rebooted system = directory listing by user1 shows scrambled filenames - like expected = directory listing by user2 shows scrambled filenames - like expected - open encryption by user1 = directory listing by user2 shows scrambled filenames - like expected = directory listing by user1 shows correct filenames - like expected ! directory listing by user2 now shows correct filenames - not as expected = show file1 content as user2 shows error "key missed" - as expected = show file1 content as user1 shows content - as expected ! show file1 content as user2 showns content - not as expected ! touch file2 as user2 creates file - not expected = cat content as user2 to file2 shows error - expected = cat content as user1 to file2 edits file - expected ! cat content as user2 to file2 now edits file also - not expected I expected crypted content is only accessibla by user holding the right key, but it seems everything opened by the reight user maes things accessible by all other (POSIX allowed) users. Maybe it is a caching phenomenom? But it is not secure. -- System Information: Debian Release: 9.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages e2fsprogs depends on: ii e2fslibs1.43.4-2 ii libblkid1 2.29.2-1+deb9u1 ii libc6 2.24-11+deb9u3 ii libcomerr2 1.43.4-2 ii libss2 1.43.4-2 ii libuuid12.29.2-1+deb9u1 ii util-linux 2.29.2-1+deb9u1 e2fsprogs recommends no packages. Versions of packages e2fsprogs suggests: pn e2fsck-static pn fuse2fs pn gpart pn parted -- no debconf information
Bug#871789: postfix-policyd-spf-python: Domain_Whitelist not working
Package: postfix-policyd-spf-python
Version: 1.3.1-1
Severity: normal
Dear Maintainer,
* What led up to the situation?
Setting up "Domain_Whitelist" inside
/etc/postfix-policyd-spf-python/policyd-spf.conf.
* What exactly did you do (or not do) that was effective (or
ineffective)?
Setting up a domain name in "Domain_Whitelist" Parameter, enabling debug and
restarting postfix did not whitelist SPF checkst for mails from these domain.
root@froxlor ~ # cat /etc/postfix-policyd-spf-python/policyd-spf.conf
debugLevel = 4
defaultSeedOnly = 1
HELO_reject = SPF_Not_Pass
Mail_From_reject = Fail
PermError_reject = False
TempError_Defer = False
skip_addresses = 127.0.0.0/8,:::127.0.0.0/104,::1
Domain_Whitelist = getinternet.de
* What was the outcome of this action?
Aug 11 17:00:48 froxlor policyd-spf[19847]: Starting
Aug 11 17:00:52 froxlor policyd-spf[19847]: Read line:
"helo_name=some.domain.tld"
Aug 11 17:00:52 froxlor policyd-spf[19847]: Read line:
"sender=f...@getinternet.de"
Aug 11 17:00:52 froxlor policyd-spf[19847]: Read line:
"recipient=b...@lmv-hartmannsdorf.de"
Aug 11 17:00:52 froxlor policyd-spf[19847]: Read line: "client_address=1.2.3.4"
Aug 11 17:00:52 froxlor policyd-spf[19847]: Read line:
"client_name=another.domain.tld"
Aug 11 17:00:56 froxlor policyd-spf[19847]: Read line: ""
Aug 11 17:00:56 froxlor policyd-spf[19847]: Found the end of entry
Aug 11 17:00:56 froxlor policyd-spf[19847]: Config: {'Void_Limit': 2,
'skip_addresses': '127.0.0.0/8,:::127.0.0.0/104,::1', 'Domain_Whitelist':
'getinternet.de', 'HELO_reject': 'SPF_Not_Pass', 'Lookup_Time': 20,
'defaultSeedOnly': 1, 'Header_Type': 'SPF', 'Mail_From_reject': 'Fail',
'TempError_Defer': 'False', 'PermError_reject': 'False', 'debugLevel': 4,
'Domain_Whitelist_PTR': 'getinternet.de'}
Aug 11 17:00:56 froxlor policyd-spf[19847]: Cached data for this instance: []
Aug 11 17:00:56 froxlor policyd-spf[19847]: PTR Domain Whitelist enabled.
Aug 11 17:00:56 froxlor policyd-spf[19847]: spfcheck: pyspf result: "['None',
'', 'helo']"
Aug 11 17:00:56 froxlor policyd-spf[19847]: None; identity=helo;
client-ip=1.2.3.4; helo=some.domain.tld; envelope-from=f...@getinternet.de;
receiver=b...@lmv-hartmannsdorf.de
Aug 11 17:00:56 froxlor policyd-spf[19847]: spfcheck: pyspf result: "['Fail',
'SPF fail - not authorized', 'mailfrom']"
Aug 11 17:00:56 froxlor policyd-spf[19847]: Fail; identity=mailfrom;
client-ip=1.2.3.4; helo=some.domain.tld; envelope-from=f...@getinternet.de;
receiver=b...@lmv-hartmannsdorf.de
Aug 11 17:00:56 froxlor policyd-spf[19847]: Action: reject: Text: Message
rejected due to: SPF fail - not authorized. Please see
http://www.openspf.net/Why?s=mfrom;id=f...@getinternet.de;ip=1.2.3.4;r=b...@lmv-hartmannsdorf.de
* What outcome did you expect instead?
Result should not be "fail" or "reject".
-- System Information:
Debian Release: 8.9
APT prefers oldstable
APT policy: (990, 'oldstable'), (500, 'oldstable-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.12.5-sus (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Bug#826139: pmacct: segfaults after purging cache using postgresql
Package: pmacct Version: 1.5.0-4 Severity: normal Dear Maintainer, * What led up to the situation? running pmacct using postgresql backend * What was the outcome of this action? automatically purging cache because of sql_refresh_time is causing segfaults * What outcome did you expect instead? no segfaults -- System Information: Debian Release: 8.4 APT prefers stable APT policy: (990, 'stable'), (890, 'testing'), (790, 'unstable'), (500, 'testing-updates'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 4.6.1-SuS (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages pmacct depends on: ii dpkg 1.17.26 ii init-system-helpers 1.22 ii libc62.19-18+deb8u4 ii libgeoip11.6.2-4 ii libjansson4 2.7-1+deb8u1 ii libmysqlclient18 5.5.49-0+deb8u1 ii libpcap0.8 1.6.2-2 ii libpq5 9.4.6-0+deb8u1 ii librabbitmq1 0.5.2-2 ii libsqlite3-0 3.8.7.1-1+deb8u1 ii libstdc++6 4.9.2-10 ii lsb-base 4.1+Debian13+nmu1 ii net-tools1.60-26+b1 ii psmisc 22.21-2 ii zlib1g 1:1.2.8.dfsg-2+b1 pmacct recommends no packages. pmacct suggests no packages. -- Configuration Files: /etc/pmacct/pmacctd.conf changed: daemonize: true pidfile: /var/run/pmacctd.pid syslog: daemon aggregate: src_host,dst_host,proto,src_port,dst_port interface: eth0 ports_file: /etc/pmacct/ports.list plugins: pgsql plugin_buffer_size: 4096 plugin_pipe_size: 1024 sql_host: localhost sql_passwd: * sql_table_version: 1 sql_refresh_time: 300 sql_optimize_clauses: false sql_history: 5m sql_history_roundoff: mhd sql_recovery_logfile: /var/lib/pmacct/pmacctd_recovery_log -- no debconf information
Bug#807543: postfix-policyd-spf-python: regex syntax errors in logcheck config
Package: postfix-policyd-spf-python Version: 1.0-2 Severity: normal Dear Maintainer, I found errors in regex at /etc/logcheck/ignore.d.server/postfix-policyd-spf-python.logcheck. Remove trailing "+" and add ".*" at the end behind "receiver=". Delivered regex is NOT working. -- System Information: Debian Release: 7.9 APT prefers oldstable APT policy: (990, 'oldstable'), (500, 'oldstable-updates'), (500, 'oldoldstable-updates'), (500, 'oldoldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.3.0-SuS (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages postfix-policyd-spf-python depends on: ii adduser 3.113+nmu3 ii postfix 2.9.6-2 ii python 2.7.3-4+deb7u1 ii python-spf 2.0.7-3 ii python2.6 2.6.8-1.1 ii python2.7 2.7.3-6+deb7u2 postfix-policyd-spf-python recommends no packages. Versions of packages postfix-policyd-spf-python suggests: ii python-authres 0.402-1 -- no debconf information
Bug#790845: obnam: Since Update to obanam 1.10-1.debian7.8 the error "ImportError: No module named fmt_ga" occurs.
Package: obnam Version: 1.10-1.debian7.8 Severity: grave Justification: renders package unusable Dear Maintainer, *** Please consider answering these questions, where appropriate *** * What led up to the situation? e.g. running 'obnam forget' or 'obnam backup' * What exactly did you do (or not do) that was effective (or ineffective)? e.g. running 'obnam forget' or 'obnam backup' * What was the outcome of this action? Traceback (most recent call last): File "/usr/bin/obnam", line 18, in import obnamlib File "/usr/lib/python2.7/dist-packages/obnamlib/__init__.py", line 179, in from fmt_ga import ( ImportError: No module named fmt_ga * What outcome did you expect instead? a cleaning of backup storage or creating a new backup, every resulting in return code 0 -- System Information: Debian Release: 7.8 APT prefers oldstable APT policy: (990, 'oldstable'), (500, 'oldstable-updates'), (500, 'oldoldstable-updates'), (500, 'oldoldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.10.82-SuS (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages obnam depends on: ii libc6 2.13-38+deb7u8 ii python2.7.3-4+deb7u1 ii python-cliapp 1.20150701-1.debian7.8 ii python-fuse 2:0.2.1-7 ii python-larch 1.20131130-1.wheezy ii python-paramiko 1.7.7.1-3.1 ii python-tracing0.8-1.wheezy ii python-ttystatus 0.23-1.wheezy ii python-yaml 3.10-4+deb7u1 obnam recommends no packages. obnam suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
