Bug#53121: Pre-approved Application #030787243AWF Wed, 16 Mar 2005 06:50:21 -0600
Hello, We sent you an email a while ago, because you now qualify for a much lower rate based on the biggest rate drop in years. You can now get $327,000 for as little as $617 a month! Bad credit? Doesn't matter, low rates are fixed no matter what! Follow this link to process your application and a 24 hour approval: http://www.realrxmeds.net/?id=e48 Best Regards, Gwen Lindsay opt out: http://www.realrxmeds.net/byebye.php -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#65482: call me
Hello Danielle , Would you like at least $1500.00 to $3500.00 per day just for returning phone calls? I do! If you have a telephone and can return calls you are fully qualified for this program. Give Us A Call 800-671-9012 thresh paunchy neuromuscular contemporaneous cutout collier typhoon wildcat quizzical gut allegoric anglo blunt invariable altogether respectful supremacy afar cryptanalytic tigress plush metaphor academy koala chrysolite antaeus aitken anywhere afoot harvest certified seminole darken prefabricate rotate transliterate cartographer done loon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#99943: probably you
Do not ignore me plebase, I found your email somewhere and now decided to write you. I am coming to your place in few weeksa and thought we can meet each other. Let me know if you do not mbind. I aam a niace pretty girl. Don't reply to this email. Eamail me direcltby at [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#353301: podracer: configurability of the output directory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Not sure ifthis will work; it is untested. Try making your subscription line look like this: http://test.podcasts.com/podcast.xml test-podcast/$(date +%Y-%m-%d) As I said, this is untested at this time, but I see no reason why it shouldn't work. Let me know if this works for you and I will add it to the documentation. Lorenzo - -- You need no longer worry about the future. This time tomorrow you'll be dead. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD9gWBG9IpekrhBfIRArxxAKDCFJZBirp80sS2sLxiwz20Tt9+hwCfYlF1 Clilvwh1W9yXaPi/mXd0144= =1ntJ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#353301: podracer: configurability of the output directory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, the line I gave you for the subscription file has been tested and has failed. Seems I can set the poddir directory to something based on dynamic data like today's date, but a feed directory in the subscriptions file is taken literally. Back to the drawingboard for this one. Lorenzo - -- Q: What does it say on the bottom of Coke cans in North Dakota? A: Open other end. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD9rHOG9IpekrhBfIRAkcRAJ0TfyQYOw0zQUsfX1lYQufsrtpKyACgm0lY +E9jy9aO8DyMwNqBtXZN2UA= =H/uo -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#336611: shorewall: Does not disable ipv6 at boot
* Sam Morris <[EMAIL PROTECTED]>: > Lorenzo Martignoni wrote: > >but, as you can see, on my own system ipv6 seems to be disabled > >correctly. > > > >What happens on your system if you clear all firewall rules and policies > >and then issue a "shorewall start"? > > > >-- lorenzo > > Ok, the recent kernel-image-2.6.8-i386 security update gave me an > opportunity to double check this. The output of 'ip6tables --list' after > booting up shows that ACCEPT is the policy for all three chains. I am > attaching the shorewall-init.log. > > Running 'shorewall start' does not change this ("Shorewall Already > Started"). Running 'shorewall restart' does correctly set the chains' > policy to DROP. > > Is it possible that the ipv6 kernel modules are not loaded when > shorewall is started, and so shorewall doesn't bother running ip6tables > to set the default policy? I think you're right; the ipv6 module is not loaded automatically so probably the code used to detect if ipv6 is enable: disable_ipv6() { local foo="$(ip -f inet6 addr ls 2> /dev/null)" fails to detect it and consequently ip6tables is not run. On my system IPV6 is correctly disabled at boot. I don't think the cause is a different version of Shorewall (my system runs Debian Sid) because the code used to detect the presence of IPV6 is the same. Please try to add ipv6 in your /etc/modules so that the module is loaded at boot before shorewall startup and let me know what happen. Thank you. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#348423: ITP: python-pynids -- a python wrapper for libnids
Package: wnpp Severity: wishlist Owner: Lorenzo Martignoni <[EMAIL PROTECTED]> * Package name: python-pynids Version : 0.5 Upstream Author : Michael J. Pomraning <[EMAIL PROTECTED]> * URL : http://pilcrow.madison.wi.us/pynids/ * License : GPL Description : a python wrapper for libnids pynids is a python wrapper for libnids, a Network Intrusion Detection System library offering sniffing, IP defragmentation, TCP stream reassembly and TCP port scan detection. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.14 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#348726: Update overwrites shorewall.conf without detecting customizations
* Paul Gear <[EMAIL PROTECTED]>: > Johannes Graumann wrote: > > Package: shorewall > > Version: 3.0.4-1 > > Severity: normal > > > > > > The recent update to a3.0.4-1 presents the problem of installing a new > > /etc/shorewall/shorewall.conf file without making the admin aware of > > customization > > being lost as is usually done (debconf issue - I guess). > > If there were no customisations to shorewall.conf, the debconf prompt > would never appear. Whenever debconf asks about overwriting a file, it > should be the system administrator's assumption that there are > customisations. I can't see how this is a bug. Files installed by the package under /etc/ are trated as conffiles by dpkg automatically. On a package upgrade dpkg prompts you before overwriting conffile only if you have customized them; if no local customization has been made dpkg will silently replace them all. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#341942: shorewall vi again
* Clytie Siddall <[EMAIL PROTECTED]>: > Sorry, my translation program has been munging text after finishing. > The fixed file is attached below. > > from Clytie Thank you. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#338310: Solved
Hi I solved the problem by erasing .gnome and .gnome2 (and .gconf and .gconfd). I don't know if you prefeer moving this bug to gnome or closing it. Thanks. maxxer
Bug#340003: Update bogons file to reflect IANA allocs in stable branch
* FX <[EMAIL PROTECTED]>: > package: shorewall > version: 2.2.3-2 > > On 2005-07-30, the bogons file in version 2.2.6 was updated to reflect > recent IANA allocations. > > Please backport the updated bogons file, /usr/share/shorewall/bogons, to > the stable branch. In order to backport the bogons file a new package should be made. Upload of a package into stable distribution is allowed only when the current version present a vulnerability. Please consider that bogons is no longer used in the current version of shorewall as its usefulness is very very low. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#340748: shorewall: [v3] ERROR: Only one firewall zone may be defined
* Jari Aalto <[EMAIL PROTECTED]>: > Package: shorewall > Version: 3.0.1-1 > Severity: important > > After upgrade to v4 shorewall I changed the zone file to (ipsecfile is > empty): > > #ZONE TYPEOPTIONS > > fw firewall > net ipv4 > loc ipv4 > > Which is assumed to be correect according to releasenotes.txt.gz > and http://www.shorewall.net/Documentation.htm#Zones > > ZONEShort name of the zone (5 Characters or less in > length). The names "all" and "none" are > reserved and may not be used as zone names. > > TYPEipv4 - This is the standard Shorewall zone type and is > the default if the column is left empty or if > it is entered as "-". Communication with some > zone hosts may be encrypted. Encrypted hosts > are designated using the 'ipsec' option in > /etc/shorewall/hosts. > ipsec - Communication with all zone hosts is encrypted > Your kernel and iptables must include policy > match support. > firewall > - Designates the firewall itself. You must have > exactly one 'firewall' zone. No options are > permitted with a 'firewall' zone. Try to unset the variable FW in your /etc/shorewall/shorewall.conf. Let me know whether it works or not. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#344965: please produce a clearer error message when autopsy run as non-root
* Michael Gilbert <[EMAIL PROTECTED]>: > Package: autopsy > Version: 2.06-1 > Severity: wishlist > > when autopsy is run as non-root, the following error will be generated, > "Can't open log: autopsy.log at /usr/share/autopsy/lib//Print.pm line > 316". it wolud be much better if the message was something like > "autopsy: permission denied: please run autopsy as root" Ok. Thank you for your suggestion. I'm going to upload a new release. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#342608: Disable ipv6 could be harmful
* Jeroen van Wolffelaar <[EMAIL PROTECTED]>: > Package: shorewall > Version: 2.2.3-2 > > The default shorewall config says: > > | # Setting DISABLE_IPV6=Yes will cause Shorewall to disable IPV6 traffic > | # to/from and through your firewall system. This requires that you have > | # ip6tables installed. > | DISABLE_IPV6=No > > However, it lacks a strong warning that it'll *drop* ipv6 traffic (or so it > seems), causing timeouts (that take long), instead of immediate > 'unrouteable' or some such errors (or just working connection for > localhost). Also, there doesn't seem to be any direct way to log the > reject/drops from it, so you won't easily see what exactly is going on > anyway. > > I'm not entirely sure what was the reason for my application failing, but > it's something similar to that, as disabling this setting again for my > not-for-ipv6-configured host (but still having the capability because of > Sarge's default kernel) resolved it. > > I'd appreciate it if you could add a warning there so that people won't > easily make the same mistake I did :) I'm going to add a note in the README.Debian. Thank you for you report. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#346271: New version 1.0.2 available
Package: scapy Severity: wishlist According to the webpage http://www.secdev.org/projects/scapy/ the new version 1.0.2 is available. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.14 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#342609: /etc/init.d/shorewall stop doesn't undo /etc/init.d/shorewall start
* Paul Gear <[EMAIL PROTECTED]>: > Thijs Kinkhorst wrote: > >>/etc/init.d/shorewall stop will keep applied some of the shorewall settings > > > > > > I experienced a problem that I think reduces to the same issue: I executed > > "/etc/init.d/shorewall stop", thinking that it would disable the shorewall > > rules and hence enable all traffic. However, running > > "/etc/init.d/shorewall stop" left my system totally unreachable. I think > > that's undesirable behaviour. > > Lorenzo has changed the behaviour of the init script for Debian to make > this the default behaviour for the benefit of those who are used to > Debian init script behaviour. > > However, for those experienced with Shorewall, this is extremely > undesirable behaviour. Stopping shorewall is semantically equivalent to > saying "I don't want any more traffic passing through my firewall." > > The appropriate way to clear out Shorewall's rules is 'shorewall clear' > (which is now called by '/etc/init.d/shorewall stop'). If you want your > system to be reachable when you execute 'shorewall stop', then you > should put the appropriate entries in /etc/shorewall/routestopped. > > Lorenzo, i think at the very least we need a clear, prominent comment in > README.Debian that highlights the difference between 'shorewall stop' > and '/etc/init.d/shorewall stop'. I personally think the discrepancy is > undesirable and a better approach would be educating users about what > 'shorewall stop' and 'shorewall clear' are designed to do. The comment is already in NEWS.Debian. If you use apt-listchanges you'll be informed about news automatically when a new one is found. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#347578: shorewall: [INTL:sv] Swedish debconf templates translation
* Daniel Nylander <[EMAIL PROTECTED]>: > Package: shorewall > Version: 3.0.4-1 > Severity: wishlist > Tags: patch l10n > > > Here is the swedish translation of the debconf template for shorewall. > > Regards, > Daniel Thank you very much. I'll include it soon. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#348242: shorewall: leaves file behind after purged
* Lars Wirzenius <[EMAIL PROTECTED]>: > Package: shorewall > Version: 3.0.4-1 > > When testing shorewall with piuparts, I get the following error: > > 0m7.6s ERROR: Package purging left files on system: > /etc/shorewall > owned by: shorewall > /etc/shorewall/tcstart > > This is due to postinst created the tcstart file, but it not being > removed by postrm (which needs to happen when the package is removed, > not just when it is purged, or else tcstart needs to be marked as a > conffile). The tcstart is "touched" by postinst in order to avoid problems during upgrade. If your configuration has TC_ENABLED=Yes but you don't have tcstart shorewall refuses to start. Older versions worked without any problems when the tcstart file was missing. I'll add a test in order to check if that file is empty. Thank you very much. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#336611: shorewall: Does not disable ipv6 at boot
* Sam Morris <[EMAIL PROTECTED]>: > Package: shorewall > Version: 2.2.3-2 > Severity: important > > Shorewall doesn't seem to disable IPv6 during bootup. I have > DISABLE_IPV6=Yes set in /etc/shorewall/shorewall.conf, and yet, after a > reboot: > > $ sudo ip6tables --list > Password: > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > $ sudo /etc/init.d/shorewall restart > Restarting "Shorewall firewall": done. > $ sudo ip6tables --list > Chain INPUT (policy DROP) > target prot opt source destination > > Chain FORWARD (policy DROP) > target prot opt source destination > > Chain OUTPUT (policy DROP) > target prot opt source destination Hello, thank you for your report. I tried to reproduce the bug: $ sudo shorewall stop $ sudo iptables -P INPUT ACCEPT $ sudo iptables -P OUTPUT ACCEPT $ sudo iptables -P FORWARD ACCEPT $ sudo iptables -F $ sudo ip6tables -P INPUT ACCEPT $ sudo ip6tables -P OUTPUT ACCEPT $ sudo ip6tables -P FORWARD ACCEPT $ sudo ip6tables -F $ sudo shorewall start ... ... $ sudo ip6tables -L Chain INPUT (policy DROP) target prot opt source destination Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy DROP) target prot opt source destination but, as you can see, on my own system ipv6 seems to be disabled correctly. What happens on your system if you clear all firewall rules and policies and then issue a "shorewall start"? -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#336088: shorewall: Added actions (allow, reject) for Jabber protocol port 522[23]
* Jari Aalto <[EMAIL PROTECTED]>: > Package: shorewall > Version: 2.4.5-1 > Severity: wishlist > > Jabber is IM protocol that uses TCP ports: > > 5222 non-encrypted (outgoing client) > 5223 encrypted > 5269 Jabber server intercommunication > > Please add separate allow and reject rules for these ports, like: > > action.AllowJabberPlain > action.AllowJabberSecure > > action.RejectJabberPlain > action.RejectJabberSecure > > action.AllowJabberd The jabber server protocol > action.RejectJabberd The jabber server protocol Thank you for your report. I'll add these new targets in the next release of the package. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#335644: floods klogd / dmesg buffers with useless log messages
* Robert Millan <[EMAIL PROTECTED]>: > Package: shorewall > Version: 2.4.5-1 > Severity: normal > > Shorewall floods klogd / dmesg buffers with useless log messages. This makes > the console almost unusable (you can barely read what you type). > > Please see what upstream says about it: > > http://www.shorewall.net/FAQ.htm#faq16 > > I think klogd should allow importing this variable from /etc/defaults/klogd, > but > at the very least a debconf message in shorewall would help. Hello, I agree with the messages on the console render it completely unusable. I'll add a debconf messages to inform users about this issue. Thank you. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#336105: shorewall: old DNAT rules are not removed after 'restart'
* Jari Aalto <[EMAIL PROTECTED]>: > Package: shorewall > Version: 2.4.5-1 > Severity: important > > It appears that once a DNAT rule has been done, it persists even > accross 'restart' or 'force-reload'. This is a serious security hole, > because the old rules should not be there any more if chnages has been > done to the /etc/shorewall/rules file. > > HOW TO REPRODUCE > > > Have A and B host in local network, access it from external host > C. The connection happens to A, which forwards port to B's 22. > > C => ( A -> [2022:dnat:22] -> B ) > > a) initial settings in /etc/shorewall/rules > > ACCEPT net fw tcp 2022 > DNAT net loc:192.168.1.2:22 tcp Why and not 2022? > - Connect to A, which should forward to B. > - Complete login to B with ssh. > > b) change the above settings to following: > > ACCEPT net fw tcp > DNAT net loc:192.168.1.2:22 tcp > > - Restart shorewall: /etc/init.d/shorewall restart > - Connect to A, but *using* previous forward, port 2022. > > => You're forwarded to B. > > Confirm that the previous rule still exists: > > iptables -L | grep 2022 Hello, in cooperation with the upstream author we have tried to reproduce the bug you reported but we weren't able to connect th the ssh server using the old DNAT rules. Could you send me a copy of your /etc/shorewall/* of the two configurations and the output of shorewall status with the old DNAT rule and with the new one? -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#308077: shorewall: Add Allow, Drop rules for AudioItunes
* Jari Aalto <[EMAIL PROTECTED]>: > Package: shorewall > Version: 2.2.3-1 > Severity: wishlist > > Please add rules for Apple iTunes service (Linux daapd and mt-daapd servers): > > Port 3689 tcp + udp Hello, in my opinion is useless to add new actions, like this one, to Shorewall because such a rule is really trivial (just one line) and probably would be used only in a few rare situations. If you don't mind I'd prefer to add new actions only for the major and most used services in order to avoid a vicious circle in which a new action has to be created for every kind of service. If you really need such kind of action you can always create it and put into /etc/shorewall: http://www.shorewall.net/Actions.html#id2464206. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#309849: shorewall: Add Allow* Deny* rules for SMTP DCC server (Distributed Checksum Clearinghouse)
* Jari Aalto <[EMAIL PROTECTED]>: > Package: shorewall > Version: 2.2.3-1 > Severity: wishlist > > The Distributed Checksum Clearinghouse or DCC is a cooperative, dis- > tributed system intended to detect "bulk" mail or mail sent to many > peo- ple. It allows individuals receiving a single mail message to > determine that many other people have received essentially identical > copies of the message and so reject or discard the message. > >http://www.rhyolite.com/anti-spam/dcc/dcc-tree/FAQ.html >Do I need to run a DCC server? > >... When normally installed by the included Makefiles, DCC clients >are configured to use the public DCC servers without any additional >configuration, except to open firewalls to port 6277 (UDP). Hello, in my opinion is useless to add new actions, like this one, to Shorewall because such a rule is really trivial (just one line) and probably would be used only in a few rare situations. If you don't mind I'd prefer to add new actions only for the major and most used services in order to avoid a vicious circle in which a new action has to be created for every kind of service. If you really need such kind of action you can always create it and put into /etc/shorewall: http://www.shorewall.net/Actions.html#id2464206. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#333590: /var/lib/shorewall/lock bug
* matthieu castet <[EMAIL PROTECTED]>: > Package: shorewall > Version: 2.4.5-1 > Severity: important > > > Hi, > > you should add some check on /var/lib/shorewall/lock in init.d script or > add information. > > For an unknow reason (hard reset ?) /var/lib/shorewall/lock was still > here, and I didn't understand why shorewall seem to hang. > > I reboot, it changes nothing, do a ctrl+c, the there was the same > problem on the next reboot. > > yes I should have wait 60 s, but how could I know there was a timeout ? I can ask the upstream author to add a warning to inform users that the firewall is locked and that shorewall tries to wait up to 60 second to see if the lock is removed. Another solution could be to force the deletion of the lockfile in the initscript after the firewall shutdown is complete. I think I'll go for the latter and that I'll also add a warning message to inform the user that something is not working properly because after "shorewall stop" the lockfile is still present. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#307295: shorewall: Please guarantee a working firewall after upgrade
* Lorenzo Martignoni <[EMAIL PROTECTED]>: > * John Summerfield <[EMAIL PROTECTED]>: > > Package: shorewall > > Version: 2.2.3-1 > > Severity: normal > > > > I maintain the software on several systems remotely, connecting over > > they Internet. > > > > I am concerned that one day an upgrade to shorwall will leave me with a > > broken firewall and the need to visit the site or worse, find local > > hired help. > > Hi John, > > I have the same worries. > > I usually use debconf to warn users about possible problems with > configuration files but I'm aware that that couldn't be enough and > problems may arise all the same. > > Unfortunately shorewall check is almost unsupported, that would be the > best solution in my opinion. > > > Ideas that come to mind: > > Use alternatives to choose the active version. This should be in manual > > mode. Store config files in version-dependant directories - > > /etc/shorewall22 etc. > > > > Use iptables-save to save a working firewall script and make this the > > default, to be changed at a time of the sysadmin's choosing. > > I cannot understand what really is your first idea, but I believe the > second is much more insteresting: backup your current configuration > before restart the firewall and eventually restore it. > > I'll think about that... > > > This is quite a serious concern to me; I've been cracked and my firewall > > rules are part of my plan to limit (by IP address range) locations from > > which connexions can be made to sensitive services. Hello, shorewall now supports two new commands: safe-start and safe-restart that allow you to start or restart the firewall and to confirm that everything is working fine. If you do not accept the new configuration or you don't answer in a short time the old firewall configuration is restored automatically leaving your machine in a safe state. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#302723: Reserved subnetworks listed in the /etc/shorewall/rfc1918 seems to be wrong
* Patrice Weber <[EMAIL PROTECTED]>: > Package: shorewall > Version: 2.2.2-1 > Severity: important > > Hello, > > The list of subnetworks generated by the python program and present in > the rfc1918 file are not correct (for example : 83.0.0.0/8). > > This is why I went to > http://www.shorewall.net/pub/shorewall/contrib/iana_reserved/ > and used this python program to generate this new list, which seems > more correct : > > 0.0.0.0/7 logdrop # Reserved > 2.0.0.0/8 logdrop # Reserved > 5.0.0.0/8 logdrop # Reserved > 7.0.0.0/8 logdrop # Reserved > 10.0.0.0/8 logdrop # Reserved > 23.0.0.0/8 logdrop # Reserved > 27.0.0.0/8 logdrop # Reserved > 31.0.0.0/8 logdrop # Reserved > 36.0.0.0/7 logdrop # Reserved > 39.0.0.0/8 logdrop # Reserved > 41.0.0.0/8 logdrop # Reserved > 42.0.0.0/8 logdrop # Reserved > 74.0.0.0/7 logdrop # Reserved > 76.0.0.0/6 logdrop # Reserved > 89.0.0.0/8 logdrop # Reserved > 90.0.0.0/7 logdrop # Reserved > 92.0.0.0/6 logdrop # Reserved > 96.0.0.0/4 logdrop # Reserved > 112.0.0.0/5 logdrop # Reserved > 120.0.0.0/6 logdrop # Reserved > 127.0.0.0/8 logdrop # Reserved > 173.0.0.0/8 logdrop # Reserved > 174.0.0.0/7 logdrop # Reserved > 176.0.0.0/5 logdrop # Reserved > 184.0.0.0/6 logdrop # Reserved > 189.0.0.0/8 logdrop # Reserved > 190.0.0.0/8 logdrop # Reserved > 197.0.0.0/8 logdrop # Reserved > 223.0.0.0/8 logdrop # Reserved > 240.0.0.0/4 logdrop # Reserved > > Could you check this list against the packaged one ? I can update the bogons file but we will have the same problem in the future, especially when Sarge will become stable as the package will be update only for security bugs. For this reason I decided to convert the python script you used to update your bogons file into perl, include it into the debian package and add a notice into the README.Debian. Please take a look to that file and let me know if the proposed solution suits your needs, otherwise we can think about a better one. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#299602: error from cron job after Sarge upgrade
Package: rss2email Version: 1:2.54-1 Severity: grave After upgrading (Mon 14 at 20:13 UTC) a Sarge installation, this rss2email crontab: */10 * * * * if [ -x /usr/bin/r2e ]; then /usr/bin/r2e run; fi report the following output. -- === SEND THE FOLLOWING TO [EMAIL PROTECTED] === E: nonnumeric port: ' ' http://www.osvdb.org/backend/rss.php {'feed': {}, 'encoding': 'utf-8', 'bozo': 1, 'version': None, 'entries': [], 'bozo_exception': } rss2email 2.54 feedparser 3.3 html2text 2.2 Python 2.3.5 (#2, Feb 9 2005, 00:38:15) [GCC 3.3.5 (Debian 1:3.3.5-8)] === END HERE === === SEND THE FOLLOWING TO [EMAIL PROTECTED] === E: nonnumeric port: ' ' http://www.debianplanet.org/module.php?mod=node&op=feed {'feed': {}, 'encoding': 'utf-8', 'bozo': 1, 'version': None, 'entries': [], 'bozo_exception': } rss2email 2.54 feedparser 3.3 html2text 2.2 Python 2.3.5 (#2, Feb 9 2005, 00:38:15) [GCC 3.3.5 (Debian 1:3.3.5-8)] === END HERE === === SEND THE FOLLOWING TO [EMAIL PROTECTED] === E: nonnumeric port: ' ' http://lwn.net/headlines/newrss {'feed': {}, 'encoding': 'utf-8', 'bozo': 1, 'version': None, 'entries': [], 'bozo_exception': } rss2email 2.54 feedparser 3.3 html2text 2.2 Python 2.3.5 (#2, Feb 9 2005, 00:38:15) [GCC 3.3.5 (Debian 1:3.3.5-8)] === END HERE === -- Lorenzo Iannuzzi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#234134: ITP: libpam-usb -- PAM module that enables authentication using an USB-Storage device
Anibal Monsalve Salazar wrote: On Fri, Feb 18, 2005 at 03:48:51PM +1100, Anibal Monsalve Salazar wrote: >>> Package: wnpp Severity: wishlist >>> >>> * Package name: libpam-usb >>> Version : 0.2rc2 >>> Upstream Author : Andrea "scox" Luzzardi <[EMAIL PROTECTED]> >>> * URL : http://www.sig11.org/~al/pam_usb/ >>> * License : GPL >>> Description : PAM module that enables authentication using an USB-Storage >>> device > There is no answer from you for the last three weeks. I'll review the > package and uploaded under my name. If you want the package back > please let me know. Sorry for the big delay, but I have some problem with my internet connection. I think pam_usb could be useful for many people. Review it and thank you for your work. -- lorenzo gherdovich -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#299602: error from cron job after Sarge upgrade
Il giorno lun, 21-03-2005 alle 20:18 +0200, Lars Wirzenius ha scritto: > > After upgrading (Mon 14 at 20:13 UTC) a Sarge installation, this > > rss2email crontab: > > */10 * * * * if [ -x /usr/bin/r2e ]; then /usr/bin/r2e run; fi > > report the following output. > > -- > > === SEND THE FOLLOWING TO [EMAIL PROTECTED] === > > E: nonnumeric port: ' ' http://www.osvdb.org/backend/rss.php > I have had a couple of instances of the same in January, but they were > temporary problems and were fixed by the next time r2e ran from my > crontab. I suspect it may be that rss2email barfs on bad rss, but > since the feeds have been fixed by the time I look at them, I haven't > been able to debug it. It happened for a while (some days) so I disabled rss2email. Now I've restarted it, and it works. For what I know, nothing changed in his configs. -- Lorenzo Iannuzzi pgpPs3qGvAsvl.pgp Description: PGP signature
Bug#307295: shorewall: Please guarantee a working firewall after upgrade
* John Summerfield <[EMAIL PROTECTED]>: > Package: shorewall > Version: 2.2.3-1 > Severity: normal > > I maintain the software on several systems remotely, connecting over > they Internet. > > I am concerned that one day an upgrade to shorwall will leave me with a > broken firewall and the need to visit the site or worse, find local > hired help. Hi John, I have the same worries. I usually use debconf to warn users about possible problems with configuration files but I'm aware that that couldn't be enough and problems may arise all the same. Unfortunately shorewall check is almost unsupported, that would be the best solution in my opinion. > Ideas that come to mind: > Use alternatives to choose the active version. This should be in manual > mode. Store config files in version-dependant directories - > /etc/shorewall22 etc. > > Use iptables-save to save a working firewall script and make this the > default, to be changed at a time of the sysadmin's choosing. I cannot understand what really is your first idea, but I believe the second is much more insteresting: backup your current configuration before restart the firewall and eventually restore it. I'll think about that... > This is quite a serious concern to me; I've been cracked and my firewall > rules are part of my plan to limit (by IP address range) locations from > which connexions can be made to sensitive services. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#305066: shorewall: add new rule for NFS server
* Jari Aalto <[EMAIL PROTECTED]>: > Package: shorewall > Version: 2.2.3-1 > Severity: wishlist > > Please all following AllowNFS and DenyNFS rules: > > rpcinfo -p > 102 tcp111 portmapper > 102 udp111 portmapper > 134 tcp 2049 nfs > 151 udp850 mountd > 151 tcp853 mountd Mountd ports are assigned dinamically at startup so such an action would be completely useless. Take a look at: http://www.linuxdocs.org/HOWTOs/NFS-HOWTO/security.html for more informations and firewalling solutions. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#308380: shorewall: upgrade to version >= 2.0.1 leaves obsolete rfc1918 file
* Debian User <[EMAIL PROTECTED]>: > Package: shorewall > Version: 2.0.15-1 > Severity: important > > An upgrade from a version < 2.0.1 to a more recent version does not > touch the the old configuration under /etc/shorewall, in particular the > obosolete rf1918 file is left, which will then be used by the newer > shorewall version. the function of that file has been split between the > rfc1918 file and the bogons file since version 2.0.1. If the user only > uses the 'norf1918' option in the upgraded shorewall version, she/he > might expect, that this option only applies to adresses from the > 172.16.0.0/12, 192.168.0.0/16, 10.0.0.0/8, as described in the new > documentation. Since the old rfc1918 file is still left in the shorewall > configuration directory, shorewall also applies the 'norfc1918' option > to adresses from the bogon range. If the ISP of the user switches to a > new assigned IP range which has been listed in in the old outdated > rfc1918 file, the firewall might suddenly drop connection > attempts to the outside interface. > > A warning should be issued to the user to move the obsolete file out of > the way. Thank you for your report. The bug will be fixed in the next Debian release. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#312046: shorewall: [INTL:fr] French debconf templates translation
* Christian Perrier <[EMAIL PROTECTED]>: > Package: shorewall > Version: N/A > Severity: wishlist > Tags: patch l10n > > Please find attached the french debconf templates update, proofread by the > debian-l10n-french mailing list contributors. Thank you very much. > Please, for the next updates you make to this package templates, > consider warning translators before uploading the package and leave > them a delay for translation updates. > > The "podebconf-report-po" utility which is in the po-debconf package > starting from its 0.8.15 version will do this job for you. See its man > page for details. I'll do that as soon as possible. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#312196: bash: Command history search with skel/.inputrc
Package: bash Version: 2.05b-26 Severity: wishlist Hi there, I found an interesting feature of readline library which can be of help for many users. You can search back and forth in the command history by just adding the following lines to ~/.inputrc: # search back and forth in the history with up/down arrows "\e[A": history-search-backward "\e[B": history-search-forward After you login again, you can simply type the first chars of previous entered command and hit the up-arrow key to search back in the command history. Because it can be very useful, I thought to file a request as to add an .inputrc file under /etc/skel in the following release of the package. I also attach my .inputrc which contains other interesting options. Thanks. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (900, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.11.4 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages bash depends on: ii base-files 3.1.0Debian base system miscellaneous f ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an ii libncurses5 5.4-3Shared libraries for terminal hand ii passwd 1:4.0.3-17 Change and administer password and -- no debconf information -- Lorenzo Cappelletti # .inputrc - libreadline configuration file # See "man 3 readline" or "info rluserman" # don't hit TAB twice set show-all-if-ambiguous on # behave like emacs set editing-mode emacs # allow Latin 1 character set input-meta on # search back and forth in the history with up/down arrows "\e[A": history-search-backward "\e[B": history-search-forward
Bug#301136: lack of tao/sao option causes unnecessary delay before burning
Package: burn Version: 0.4.3-2 Severity: minor There is currently no option to select TAO (track at once) or SAO (session at once) burning. Cdrecord does automatically pick a default of TAO, but not having a default specified causes an unnecessary 5-second delay before burning. The best suggestion for correcting this is to add an option to burn.conf to select either TAO or SAO burning, with one of these selected and specified to cdrecord by default. This will prevent the 5-second delay in cdrecord from occurring as well as allow the user to burn audio CD's without 2-second gaps between tracks by using SAO burning mode, thus this would be a bug fix as well as a feature enhancement. Lorenzo -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.10-1-k7 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages burn depends on: ii cdrdao 1:1.1.9+cvs20040719.20-1 Disk-At-Once (DAO) recording of au ii cdrecord4:2.01+01a01-2 command line CD writing tool ii mkisofs 4:2.01+01a01-2 Creates ISO-9660 CD-ROM filesystem ii mpg321 0.2.10.3 A Free command-line mp3 player, co ii python 2.3.5-2 An interactive high-level object-o ii python-eyed30.6.3-1 Python module for id3-tags manipul ii python-pyao 0.82-1 A Python interface to the Audio Ou ii python-pymad0.5.2-1 Python wrapper to the MPEG Audio D ii python-pyvorbis 1.3-1A Python interface to the Ogg Vorb -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#301139: option to reduce "last chance to quit" delay before burning
Package: burn Version: 0.4.3-2 Severity: wishlist Cdrecord has an option called ``gracetime'' which allows to set the amount of time cdrecord displays a ``Last chance to quit'' message before actually burning a CD. By default, this time is set at 10 seconds. This makes sense when using cdrecord directly, or using a frontend that doesn't prompt before burning the CD. Burn allows the user to press a key to start the burning process, at which time a control-c may be pressed twice to abort the process, thus eliminating the need for this delay. Unfortunately, the minimum time before the CD is burned is 2 seconds, although this may be a good thing, as it gives the user a chance to press the control-c the second time. My suggestion is to either have an option in burn.conf to set the ``gracetime'' or to automatically set it to the minimum value of 2. Either way, it will greatly speed up the process of burning a CD. Lorenzo -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.10-1-k7 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages burn depends on: ii cdrdao 1:1.1.9+cvs20040719.20-1 Disk-At-Once (DAO) recording of au ii cdrecord4:2.01+01a01-2 command line CD writing tool ii mkisofs 4:2.01+01a01-2 Creates ISO-9660 CD-ROM filesystem ii mpg321 0.2.10.3 A Free command-line mp3 player, co ii python 2.3.5-2 An interactive high-level object-o ii python-eyed30.6.3-1 Python module for id3-tags manipul ii python-pyao 0.82-1 A Python interface to the Audio Ou ii python-pymad0.5.2-1 Python wrapper to the MPEG Audio D ii python-pyvorbis 1.3-1A Python interface to the Ogg Vorb -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#301622: [l10n] Initial Czech translation of shorewall debconf messages
* Miroslav Kure <[EMAIL PROTECTED]>: > Package: shorewall > Severity: wishlist > Tags: l10n, patch > > Hi, in attachement there is initial Czech translation (cs.po) of > shorewall debconf messages, please include it. Hi, thank you for the translation. It will be included in the next release of the package. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#302505: version of elinks with Spidermonkey support compiled in
Package: elinks Version: 0.10.2-2 Severity: wishlist A version of elinks for those not too concerned with number of dependencies that has spidermonkey JavaScript support builtin would be quite beneficial to those of us who use only the console environment but want to access sites that require that JavaScript be enabled. A suggestion would be that if, as per some wishlist bugs pending upload, there will be an elinks-lite or similar package, that the spidermonkey support should be built in the standard elinks package. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.10-1-k7 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages elinks depends on: ii debconf 1.4.47 Debian configuration management sy ii libbz2-1.0 1.0.2-5 high-quality block-sorting file co ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libexpat1 1.95.8-1 XML parsing C library - runtime li ii libgnutls11 1.0.16-13GNU TLS library - runtime library ii libgpmg11.19.6-19General Purpose Mouse - shared lib ii liblua505.0.2-5 Main interpreter library for the L ii liblualib50 5.0.2-5 Extension library for the Lua 5.0 ii libsmjs11.5rc6a-1The Mozilla SpiderMonkey JavaScrip ii zlib1g 1:1.2.2-4compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#314470: shorewall: fireflier should be installable at the same time
* Remi Vanicat <[EMAIL PROTECTED]>: > Package: shorewall > Severity: wishlist > > Hello, > > the fireflier documentation say that it could be used in parallel to > another firewall, fireflier using is own user-space rule, and the > other firewall ruling the iptables (who can use the QUEUE target for > packet it don't know how to handle for example), but the shorewall > debian package conflict with fireflier, making this impossible. Hello, the bug will be fixed in the next debian release of the package. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#325729: couriergraph not works with rrdtool 1.2
Package: couriergraph Version: 0.24-1 Couriergraph does not work with rrdtool version 1.2, graph images are not created and in web server log you will find: ERROR: Garbage ':22:24 2005]\l' after command: COMMENT:[Tue Aug 30 15:22:24 2005]\l [Tue Aug 30 15:22:24 2005] [error] [client ???.???.???.???] Premature end of script headers: /usr/lib/cgi-bin/couriergraph.cgi To solve this problem file /usr/lib/cgi-bin/couriergraph.cgi need to be modified (subroutines graph and graph_err): sub graph($$$) { my $range = shift; my $file = shift; my $title = shift; my $step = $range*$points_per_sample/$xpoints; my $date = localtime(time); $date =~ s|:|\\:|g unless $rrdtool_1_0; my ($graphret,$xs,$ys) = RRDs::graph($file, '--imgformat', 'PNG', '--width', $xpoints, '--height', $ypoints, '--start', "-$range", '--vertical-label', 'logins/min', '--lower-limit', 0, '--units-exponent', 0, # don't show milli-messages/s '--lazy', '--color', 'SHADEA#ff', '--color', 'SHADEB#ff', '--color', 'BACK#ff', $rrdtool_1_0 ? () : ( '--slope-mode' ), "DEF:pop3d_login=$rrd:pop3d_login:AVERAGE", "DEF:mpop3d_login=$rrd:pop3d_login:MAX", "DEF:imapd_login=$rrd:imapd_login:AVERAGE", "DEF:mimapd_login=$rrd:imapd_login:MAX", "CDEF:rpop3d_login=pop3d_login,60,*", "CDEF:vpop3d_login=pop3d_login,UN,0,pop3d_login,IF,$range,*", "CDEF:rmpop3d_login=mpop3d_login,60,*", "CDEF:rimapd_login=imapd_login,60,*", "CDEF:vimapd_login=imapd_login,UN,0,imapd_login,IF,$range,*", "CDEF:rmimapd_login=mimapd_login,60,*", 'LINE2:rpop3d_login#BB:pop3', 'GPRINT:vpop3d_login:AVERAGE:total\: %.0lf logins', 'GPRINT:rmpop3d_login:MAX:max\: %.0lf logins/min\l', 'LINE2:rimapd_login#009900:imap', 'GPRINT:vimapd_login:AVERAGE:total\: %.0lf logins', 'GPRINT:rmimapd_login:MAX:max\: %.0lf logins/min\l', 'HRULE:0#00', 'COMMENT:\s', 'COMMENT:['.$date.']\r', ); my $ERR=RRDs::error; die "ERROR: $ERR\n" if $ERR; } sub graph_err($$$) { my $range = shift; my $file = shift; my $title = shift; my $step = $range*$points_per_sample/$xpoints; my $date = localtime(time); $date =~ s|:|\\:|g unless $rrdtool_1_0; my ($graphret,$xs,$ys) = RRDs::graph($file, '--imgformat', 'PNG', '--width', $xpoints, '--height', $ypoints_err, '--start', "-$range", '--vertical-label', 'logins/min', '--lower-limit', 0, '--units-exponent', 0, # don't show milli-messages/s '--lazy', '--color', 'SHADEA#ff', '--color', 'SHADEB#ff', '--color', 'BACK#ff', $rrdtool_1_0 ? () : ( '--slope-mode' ), "DEF:pop3d_ssl_login=$rrd:pop3d_ssl_login:AVERAGE", "DEF:mpop3d_ssl_login=$rrd:pop3d_ssl_login:MAX", "DEF:imapd_ssl_login=$rrd:imapd_ssl_login:AVERAGE", "DEF:mimapd_ssl_login=$rrd:imapd_ssl_login:MAX", "CDEF:rpop3d_ssl_login=pop3d_ssl_login,3600,*", "CDEF:vpop3d_ssl_login=pop3d_ssl_login,UN,0,pop3d_ssl_login,IF,$range,*", "CDEF:rmpop3d_ssl_login=mpop3d_ssl_login,3600,*", "CDEF:rimapd_ssl_login=imapd_ssl_login,3600,*", "CDEF:rmimapd_ssl_login=mimapd_ssl_login,3600,*", "CDEF:vimapd_ssl_login=imapd_ssl_login,UN,0,imapd_ssl_login,IF,$range,*", 'LINE2:rpop3d_ssl_login#00:pop3', 'GPRINT:vpop3d_ssl_login:AVERAGE:total\: %.0lf logins', 'GPRINT:rmpop3d_ssl_login:MAX:max\: %.0lf logins/hour\l', 'LINE2:rimapd_ssl_login#99:imap', 'GPRINT:vimapd_ssl_login:AVERAGE:total\: %.0lf logins', 'GPRINT:rmimapd_ssl_login:MAX:max\: %.0lf logins/hour\l', 'HRULE:0#00', 'COMMENT:['.$date.']\r', ); my $ERR=RRDs::error; die "ERROR: $ERR\n" if $ERR; } I've "copied" these modifies from mailgraph 1.11-1 Thanks for this package, Lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#318946: more information on the bug
The bug affects Shorewall 2.2.x and 2.4.x but the only affected Debian package is shorewall_2.2.3-1 which is currently in Sarge. The problem with this bug is that clients which mac addresses are known can bypass the firewall rules and do whatever they want: if MACLIST_DISPOSITION is set to ACCEPT or MACLIST_TTL is not set to ZERO then any client which mac address is listed in /etc/shorewall/maclist is allowed to perform any kind of traffic on the network as the firewall doesn't filter its requests. In my opinion this is a vulnerability. MACLIST_DISPOSITION is set to ACCEPT to indicate that a client, which mac address is not know, is allowed to use the network and that its packets can be treated as the ones coming from any other hosts of the same network (or firewall zone). According the documentation: MACLIST_DISPOSITION determines the disposition of connection requests that fail MAC verification. MACLIST_TTL is used to set the lifetime of mac addresses cache to reduce the overhead of addresses lookup in /etc/shorewall/maclist (using ipt_recent netfilter module). I tested the bug on my home system: the desktop pc acts as firewall and the laptop was connected to it via a wireless link. The wlan interface of the firewall used the mac-filtering (i.e. maclist option is set for that interface in /etc/shorewall/interfaces) and MACLIST_DISPOSITION was set to REJECT and MACLIST_TTL to ZERO. The client traffic was perfectly allowed or rejected according the rules of the firewall. When I set to 10 MACLIST_TTL the laptop became allowed to pass silently through the firewall: traffic previously allowed was still allowed and traffic previously denied became allowed too. The same happened when I set MACLIST_DISPOSITION to ACCEPT and with other possible combinations of these options. I attached to this email a copy of the patch that fixes the security problem. It is a backport of the upstream author patch for version 2.2.5. The BTS already contains a link to an updated version of the package. -- lorenzo diff -urNad shorewall-2.2.3/firewall /tmp/dpep.v6MqTc/shorewall-2.2.3/firewall --- shorewall-2.2.3/firewall2005-04-10 23:58:12.0 +0200 +++ /tmp/dpep.v6MqTc/shorewall-2.2.3/firewall 2005-07-18 21:04:43.0 +0200 @@ -464,11 +464,6 @@ echo $(chain_base $1)_mac } -macrecent_target() # $1 - interface -{ -[ -n "$MACLIST_TTL" ] && echo $(chain_base $1)_rec || echo RETURN -} - # # Functions for creating dynamic zone rules # @@ -494,6 +489,11 @@ echo ${c}_dyni ${c}_dynf ${c}_dyno } +macrecent_target() # $1 - interface +{ +[ -n "$MACLIST_TTL" ] && echo $(chain_base $1)_rec || echo RETURN +} + # # DNAT Chain from a zone # @@ -2035,13 +2035,14 @@ for interface in $maclist_interfaces; do chain=$(mac_chain $interface) createchain $chain no - + if [ -n "$MACLIST_TTL" ]; then chain1=$(macrecent_target $interface) createchain $chain1 no - run_iptables -A $chain -m recent --rcheck --seconds $MACLIST_TTL --name $chain -j $chain1 - run_iptables -A $chain1 -m recent --update --name $chain -j ACCEPT - run_iptables -A $chain1 -m recent --set --name $chain -j ACCEPT + run_iptables -A $chain -m recent --rcheck --seconds $MACLIST_TTL --name $chain -j RETURN + run_iptables -A $chain -j $chain1 + run_iptables -A $chain -m recent --update --name $chain -j RETURN + run_iptables -A $chain -m recent --set --name $chain fi done # @@ -2061,8 +2062,7 @@ esac fi - chain=$(mac_chain $interface) - chain1=$(macrecent_target $interface) + [ -n "$MACLIST_TTL" ] && chain=$(macrecent_target $interface) || chain=$(mac_chain $interface) if ! havechain $chain ; then fatal_error "No hosts on $interface have the maclist option specified" @@ -2071,10 +2071,10 @@ macpart=$(mac_match $mac) if [ -z "$addresses" ]; then - run_iptables -A $chain $macpart $physdev_part -j $chain1 + run_iptables -A $chain $macpart $physdev_part -j RETURN else for address in $(separate_list $addresses) ; do - run_iptables2 -A $chain $macpart -s $address $physdev_part -j $chain1 + run_iptables2 -A $chain $macpart -s $address $physdev_part -j RETURN done fi done < $TMP_DIR/maclist @@ -2083,8 +2083,7 @@ # chains # for interface in $maclist_interfaces; do - chain=$(mac_chain $interface) - chain1=$(macrecent_target $interface) + [ -n "$MACLIST_TTL" ] && chain=$(macrecent_target $interface) || chain=$(mac_chain $inter
Bug#318946: User expectations and shorewall
* Florian Weimer <[EMAIL PROTECTED]>: > * Martin Schulze: > > > What was the behaviour pre-sarge? > > What is the behaviour post-sarge (or rather in sarge)? > > Do you mean "before and after the upstream security update"? The > terms pre-sarge/post-sarge do not make much sense to me in this > context, I'm afraid. > > > What do you think is the vulnerability? > > The vulnerability is that the firewall fails to enforce the security > policy the user has configured. Yes, that is the problem. You expect that certain kind of traffic is blocked but in fact it isn't. > [...] > Here's a draft, in case you want to upload a fixed package. > > (Note that I have yet to test Lorenzo's new package.) > > -- > Debian Security Advisory DSA ???-1 [EMAIL PROTECTED] > http://www.debian.org/security/ > September ???, 2005 http://www.debian.org/security/faq > -- > > Package: shorewall > Vulnerability : programming error > Problem-Type : remote > Debian-specific: no > CVE ID : CAN-2005- > Debian Bug : 318946 > > Supernaut noticed that shorewall could generate an iptables > configuration which is significantly more permissive than the rule set > given in the shorewall configuration. > [...] I think it perfectly explains the issue. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#318946: User expectations and shorewall
* Florian Weimer <[EMAIL PROTECTED]>: > * Martin Schulze: > > >> > What was the behaviour pre-sarge? > >> > What is the behaviour post-sarge (or rather in sarge)? > >> > >> Do you mean "before and after the upstream security update"? The > >> terms pre-sarge/post-sarge do not make much sense to me in this > >> context, I'm afraid. > > > > Ok, so when did the behaviour change? > > Upstream's security update changed the behavior, from "vulnerable" to > "non-vulnerable", if you want. > > > Which behaviour is documented and hence expected? > > Like most software, shorewall comes with no formalized descriptions of > its semantics. The exact behavior of the MAC verification feature is > not documented because the documentation writer seemd to assume that > it went without saying. So what goes without saying? As far as I can > see, something like this: MAC verification is a further restriction > which is performed in addition to the usual filtering rules, and not > intended to replace it. After all, it's called "verification" and not > "bypass". In my mind the semantic of MAC verification is: a further policy restriction that can be used to restrict access to a few clients based on their MAC addresses. > So, to answer your question: Users expect that MAC verification never > makes the filter policy less restrictive. This is not the case if you > set MACLIST_DISPOSITION to ACCEPT or MACLIST_TTL to a non-zero value. > > > Which behaviour is experienced by potentially buggy code? > > Buggy results? Sorry, I don't understand this question. > > >> (Note that I have yet to test Lorenzo's new package.) > > > > Are you in a position to do so? > > Sure, but the question is if you want to rely on the results. You > don't seem to trust my judgement on this matter, for reasons I don't > know. The patch has been tested by me and by Paul Gear but further tests will be better, so your feedback will be very precious. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#318946: User expectations and shorewall
* Martin Schulze <[EMAIL PROTECTED]>: > Florian Weimer wrote: > > >> (Note that I have yet to test Lorenzo's new package.) > > > > > > Are you in a position to do so? > > > > Sure, but the question is if you want to rely on the results. You > > don't seem to trust my judgement on this matter, for reasons I don't > > know. > > I simply did not understand the problem. Hence, didn't understand > the vulnerability. Hence, didn't understand what would need to be > fixed. I tried to do my best to explain the problem, but unfortunately that's not enough. If you want I can try again to describe the bug. BTW, the vulnerability is recorder in CVE: CAN-2005-2317. > If you can, please build an updated package, based on the version in > sarge and woody if that's needed as well, and place them on a .debian.org > host. I already have a fixed package. I only need to add the CVE ID. On which host of .debian.org should I upload it? -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#326899: shorewall: Providers file is missing
* Pieter Ennes <[EMAIL PROTECTED]>: > Package: shorewall > Version: 2.4.3-1 > Severity: normal > > Shorewall packages >2.4.x seem to be missing the providers file in > /usr/share/doc/shorewall/default-config. Hello, thank you for your report. I added the missing file and built a new package (2.4.3-2). -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#318946: User expectations and shorewall
* Florian Weimer <[EMAIL PROTECTED]>: > * Lorenzo Martignoni: > > > The patch has been tested by me and by Paul Gear but further tests will > > be better, so your feedback will be very precious. > > Apart from the lack of CVE entry in the changelog, the package seems > to be fine. Both problems are fixed. When I first emailed the security team and built the package I was convinced that the CVE entry was missing. It has been assigned on 20050719, one day after I opened of this bug but before my backport of the patch. I should have added it into the changelog.Debian. BTW, the CVE id is CAN-2005-2317. > There is a surprising reduction of the installation size when I > rebuild the package I could not track down, but the installed scripts > are identical. What do you mean? I rebuilt the package from sources (not using my own local copy but downloading the version I've put online) but the size of the .debs is still the same (~150Kb) and the size of the data section is the same too (~760Kb). -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#318946: shorewall: A client accepted by MAC address filtering to bypass any other rule
Package: shorewall Version: 2.4.1-2 Severity: critical Tags: security A client accepted by MAC address filtering can bypass any other rule. If MACLIST_TTL is set to a value greater than 0 or MACLIST_DISPOSITION is set to "ACCEPT" in /etc/shorewall/shorewall.conf (default is MACLIST_TTL=0 and MACLIST_DISPOSITION=REJECT), and a client is positively identified through its MAC address, it bypasses all other policies/rules in place, thus gaining access to all open services on the firewall. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.11 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages shorewall depends on: ii debconf 1.4.49 Debian configuration management sy ii iproute 20041019-3 Professional tools to control the ii iptables 1.2.11-10 Linux kernel 2.4+ iptables adminis -- debconf information: shorewall/upgrade_20_22: shorewall/upgrade_14_20: shorewall/upgrade_to_14: shorewall/warnrfc1918: * shorewall/dont_restart: shorewall/major_release: true -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#318978: Shorewall upgrade question asked prematurely, there is no way to answer the question when asked
* Manoj Srivastava <[EMAIL PROTECTED]>: > Package: shorewall > Version: 2.4.1-2 > Severity: normal > > Hi, > > On upgrade, shorewall asks the scary looking question: > "Did you check your configuration and do you want to restart > Shorewall right now?" > > Followed by: > == > This is a major release of Shorewall that introduces some changes in > the configuration files. You have to check carefully your > configuration before restarting your firewall to avoid failures and > network blackout. The changes are listed in > /usr/share/doc/shorewall/releasenotes.txt.gz. > == > > Except, of course, they are not yet: the file there is the old > file, since the package has not been unpacked. If the user is not > paying attention, they can read the file, check their configuration > find that is is fine, upgrade, and then procxeed to have holes in the > firewall or blackouts. > > There is no information yet as to what changes are going to take > place, and thus this question *MUS* be asked in the postinst, and > _NOT_ in the .config. > > I have left the severity at normal, feel free to upgrade severity > to important. I'll fix it as soon as possible moving the question to the postinst script as you suggested. I must admit that I don't like the scary question at all but it's the only way I know to inform the user about problems that may arise during the upgrade to a new major release. Have you got any suggestion about how to better handle such notification? Thank you for your report and for your help. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#289490: AMD64: same problem, not solved
Package: vlc Followup-For: Bug #289490 On AMD64 pure64 dist, there's still the problem. VLC depends on libflac4, but libflac6 is available. -- System Information: Debian Release: 3.1 Architecture: amd64 (x86_64) Kernel: Linux 2.6.10 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages vlc depends on: ii aalib1 1.4p5-22 ascii art library ii dbus-1 0.23-1simple interprocess messaging syst ii liba52-0.7.4 0.7.4-1 Library for decoding ATSC A/52 str ii libc6 2.3.2.ds1-20.0.0.1.pure64 GNU C Library: Shared libraries an ii libdvbpsi3 0.1.4-2 library for MPEG TS and DVB PSI ta ii libdvdnav4 0.1.9-3 The DVD navigation library ii libdvdread30.9.4-5 Simple foundation for reading DVDs pn libflac4 Not found. ii libfreetype6 2.1.7-2.3 FreeType 2 font engine, shared lib ii libfribidi00.10.4-6 Free Implementation of the Unicode ii libgcc11:3.4.3-7 GCC support library ii libgnutls111.0.16-13 GNU TLS library - runtime library ii libhal00.4.6-1 Hardware Abstraction Layer - share ii libid3tag0 0.15.1b-3 ID3 tag reading library from the M ii liblircclient0 0.7.0.1-2 LIRC client library ii libmad00.15.1b-1 MPEG audio decoder library ii libmodplug01:0.7-3 ModPlug mod-like music shared libr ii libmpeg2-4 0.4.0b-2 MPEG1 and MPEG2 video decoder libr ii libncurses55.4-4 Shared libraries for terminal hand ii libogg01.1.0-1 Ogg Bitstream Library ii libpng12-0 1.2.8rel-1PNG library - runtime ii libstdc++5 1:3.3.5-6 The GNU Standard C++ Library v3 ii libtar 1.2.11-2 C library for manipulating tar arc ii libtheora0 0.0.0.alpha3-1The Theora Video Compression Codec ii libvorbis0a1.0.1-1 The Vorbis General Audio Compressi ii libvorbisenc2 1.0.1-1 The Vorbis General Audio Compressi ii libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-10 X Window System miscellaneous exte ii libxml22.6.11-5 GNOME XML library ii libxosd2 2.2.14-1 X On-Screen Display library - runt ii libxv1 4.3.0.dfsg.1-10 X Window System video extension li ii slang1 1.4.9dbs-8The S-Lang programming library - r ii ttf-freefont 20031008-1.1 Freefont Serif, Sans and Mono True pn wxvlcNot found. ii xlibmesa-gl [l 4.3.0.dfsg.1-10 Mesa 3D graphics library [XFree86] ii xlibmesa-glu [ 4.3.0.dfsg.1-10 Mesa OpenGL utility library [XFree ii xlibs 4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-4 compression library - runtime -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#291548: autopsy: sleuthkit renamed dstat to datastat
* Kenny Duffus <[EMAIL PROTECTED]>: > Package: autopsy > Version: 2.03-2 > Severity: normal > Tags: patch > > In 1.73-3 the sleuthkit package renamed dstat to datastat to > solve duplicate filenames. Hello, I fixed the bugs and notified my sponsor. He will upload the new packages soon. In the meantime the package can be found here: http://idea.sec.dico.unimi.it/~lorenzo/debian/autopsy/ -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#291548: autopsy: sleuthkit renamed dstat to datastat
* Kenny Duffus <[EMAIL PROTECTED]>: > Package: autopsy > Version: 2.03-2 > Severity: normal > Tags: patch > > In 1.73-3 the sleuthkit package renamed dstat to datastat to > solve duplicate filenames. Thank you for your report and for your patch. The new version of the packages fixed the reported bug. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#291550: autopsy: defined locations of md5sum and sha1sum not always used
* Kenny Duffus <[EMAIL PROTECTED]>: > Package: autopsy > Version: 2.03-2 > Severity: normal > Tags: patch > > Autopsy defines the locations of programs to produce MD5 and SHA1 > checksums in /usr/share/autopsy/conf.pl however these variables are not > used everywhere. As a result autopsy tries to use /usr/bin/md5 and > /usr/bin/sha1. Thank you for your report and for your patch. The new version of the packages fixed the reported bug. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#292359: catdoc_0.91.5-1.woody4_i386.deb does not install on woody
Pawel Wiecek wrote: > reassign 292359 ftp.debian.org > merge 292359 290838 > thanks a lot > > On Jan 26, 3:55pm, Debian User wrote: >> Package: catdoc >> Version: N/A; reported 2005-01-26 >> Severity: grave >> Justification: renders package unusable >> >> >> >> catdoc_0.91.5-1.woody4_i386.deb from stable-proposed-updates depends on >> libc6 (>= 2.3.2.ds1-4): > > Reporting what's already reported gains nothing. oops... sorry. O8-) I filed the bugreport because I did not see it here: http://bugs.debian.org/cgi-bin/pkgreport.cgi?which=pkg&data=catdoc&archive=no -- lorenzo gherdovich - Infogroup SpA Key fingerprint = EBA2 BD77 E028 5EE7 D862 CE7E 8156 B219 7450 265E -- Internet E-mail Confidentiality Footer Any unauthorized use of this e-mail or any of its attachments is prohibited and could constitute an offence. If you are not the intended addressee, please advise immediately the sender by using the reply facility in your e-mail software and destroy the message and its attachments. The statements and opinions expressed in this e-mail message are those of the author of the message and do not necessarily represent those of Infogroup S.p.A. Besides, The contents of this message shall be understood as neither given nor endorsed by Infogroup S.p.A. Infogroup S.p.A. does not accept liability for corruption, interception or amendment, if any, or the consequences thereof. -- Internet Email Confidentiality Footer - pgpZEKhzcDg8a.pgp Description: PGP signature
Bug#293065: shorewall: Checks for invalid packages despite dropunclean not set; breaks assymetric routing
* Brian May <[EMAIL PROTECTED]>: > Package: shorewall > Version: 2.0.7-1 > Severity: important > > Hello, > > We route outgoing packets for several satellite connections. > > After a big set of upgrades (including kernel version) today, these > asymmetric connections stopped > working. > > I found the culprit: > > Chain FORWARD (policy DROP 62 packets, 3392 bytes) > pkts bytes target prot opt in out source > destination > 45 2557 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID > [...] > > This rule is the very first one listed for FORWARD, and the second one > for INPUT and OUTPUT (the first one is lo specific). > > On one hand I suspect this use to work, and with recent kernel > versions (2.6.9+) the meaning of INVALID has become more strict. > > One the other hand, I haven't set dropunclean for any of the interfaces, > and checking the value this early would seem to render LOGUNCLEAN > invalid, as any unclean packets have already been dropped before it > gets this far. > > I have already changed the newnotsyn file/rule to cope with my > asymmetric routing needs, but this isn't used until after the packets > are already dropped. Hello, I got in touch with the upstream author. A solution is proposed in the new upstream release. Quoting from the changelog: Recent 2.6 kernels include code that evaluates TCP packets based on TCP Window analysis. This can cause packets that were previously classified as NEW or ESTABLISHED to be classified as INVALID. The new kernel code can be disabled by including this command in your /etc/shorewall/init file: echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal Additional kernel logging about INVALID TCP packets may be obtained by adding this command to /etc/shorewall/init: echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid Traditionally, Shorewall has dropped INVALID TCP packets early. The new DROPINVALID option allows INVALID packets to be passed through the normal rules chains by setting DROPINVALID=No. If not specified or if specified as empty (e.g., DROPINVALID="") then DROPINVALID=Yes is assumed. The new package will be ready soon. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#294842: shorewall: Typo in firewall script breaks rejNotSyn
* Juergen Kreileder <[EMAIL PROTECTED]>: > Package: shorewall > Version: 2.0.15-1 > Severity: normal > Tags: patch > > There's a typo in /usr/share/shorewall/firewall that breaks the rejNotSyn > action. Here's a fix: > [...] Thank you for your report and for your patch. I informed the upstream author. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#297191: gnome-media: cddb-slave2 doesn't handle multiple exact CDDB matches
Package: gnome-media Version: 2.8.0-0.2 Severity: normal Tags: patch [Also submitted to GNOME as http://bugzilla.gnome.org/show_bug.cgi?id=168691 ] If I use gnome-cd to play a CD which has multiple exact matches in the CDDB database, gnome-cd does not show the name of the CD. This is because cddb-slave2 does not handle the "multiple exact matches" response (code 210 in the CDDB protocol). It handles the "multiple inexact matches" response (code 211) fine and correctly prompts the user to choose. Examples of discs affected are: Selling England by the Pound (Genesis) Fugazi(Marillion) etc. The attached patch fixes the problem for me. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11-rc4-swsusp-2.1.7 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages gnome-media depends on: ii gstreamer0.8-alsa [g 0.8.7-3 ALSA plugin for GStreamer ii gstreamer0.8-artsd [ 0.8.7-3 aRtsd plugin for GStreamer ii gstreamer0.8-esd [gs 0.8.7-3 Enlightened Sound Daemon plugin fo ii gstreamer0.8-jack [g 0.8.7-3 JACK plugin for GStreamer ii gstreamer0.8-misc0.8.7-3 Collection of various GStreamer pl ii gstreamer0.8-oss [gs 0.8.7-3 OSS plugin for GStreamer ii libart-2.0-2 2.3.17-1Library of functions for 2D graphi ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit ii libaudiofile00.2.6-5 Open-source version of SGI's audio ii libbonobo2-0 2.8.1-2 Bonobo CORBA interfaces library ii libbonoboui2-0 2.8.1-1 The Bonobo UI library ii libc62.3.2.ds1-20GNU C Library: Shared libraries an ii libesd-alsa0 [libesd 0.2.35-2Enlightened Sound Daemon (ALSA) - ii libgail-common 1.8.2-1 GNOME Accessibility Implementation ii libgail171.8.2-1 GNOME Accessibility Implementation ii libgconf2-4 2.8.1-4 GNOME configuration database syste ii libgcrypt11 1.2.0-11LGPL Crypto library - runtime libr ii libglade2-0 1:2.4.2-1 library to load .glade files at ru ii libglib2.0-0 2.6.2-1 The GLib library of C routines ii libgnome-keyring00.4.1-1 GNOME keyring services library ii libgnome2-0 2.8.1-2 The GNOME 2 library - runtime file ii libgnomecanvas2-02.8.0-1 A powerful object-oriented display ii libgnomeui-0 2.8.1-1 The GNOME 2 libraries (User Interf ii libgnomevfs2-0 2.8.4-1 The GNOME virtual file-system libr ii libgnutls11 1.0.16-13 GNU TLS library - runtime library ii libgpg-error01.0-1 library for common error values an ii libgstreamer-gconf0. 0.8.7-3 GConf support for GStreamer ii libgstreamer-plugins 0.8.7-3 Various GStreamer libraries and li ii libgstreamer0.8-00.8.9-1 Core GStreamer libraries, plugins, ii libgtk2.0-0 2.6.2-3 The GTK+ graphical user interface ii libice6 4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library ii libjpeg626b-9The Independent JPEG Group's JPEG ii liborbit21:2.10.5-0.1libraries for ORBit2 - a CORBA ORB ii libpango1.0-01.8.0-3 Layout and rendering of internatio ii libpopt0 1.7-5 lib for parsing cmdline parameters ii libsm6 4.3.0.dfsg.1-12.0.1 X Window System Session Management ii libtasn1-2 0.2.10-4Manage ASN.1 structures (runtime) ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol client li ii libxml2 2.6.16-3GNOME XML library ii xlibs4.3.0.dfsg.1-12 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-4 compression library - runtime -- no debconf information --- cddb-slave2/cddb-slave.c 2004-05-11 12:14:32.0 +0200 +++ cddb-slave2/cddb-slave.c.patched 2005-02-27 21:28:31.0 +0100 @@ -572,8 +572,8 @@ more = FALSE; break; + case 210: case 211: - /* Should this be 210 as well? */ cs_debug ("Multiple matches found\n<-- %s", response); if (response[0] == '.') {
Bug#298266: shorewall: [INTL:fr] French debconf templates translation
* Christian Perrier <[EMAIL PROTECTED]>: > Package: shorewall > Version: N/A > Severity: wishlist > Tags: patch l10n > > Please find attached the french debconf templates update, proofread by the > debian-l10n-french mailing list contributors. > > Please, for the next updates you make to this package templates, > consider warning translators before uploading the package and leave > them a delay for translation updates. > > The "podebconf-report-po" utility which is in the po-debconf package > starting from its 0.8.15 version will do this job for you. See its man > page for details. > > If you already did this, please forget about these remarks, of > courseThis message is generic..:-) Thank you for the template (it will be included in next shorewall debian release) and thank you for the suggestion, I'll look in to podebconf-report-po. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#373952: Python2.3 postconfiguration problem
Package: python2.3 Status: install ok half-configured Priority: standard Section: python Installed-Size: 9268 Maintainer: Matthias Klose <[EMAIL PROTECTED]> Architecture: i386 Version: 2.3.5-14 Config-Version: 2.3.5-9.1 Replaces: python2.3-xmlbase, python2.3-dev (<< 2.3.5-14) Provides: python2.3-xmlbase, python2.3-minimal Depends: python-central (>= 0.4.12), libbz2-1.0, libc6 (>= 2.3.6-6), libdb4.3 (>= 4.3.28-1), libncurses5 (>= 5.4-5), libreadline5 (>= 5.1), libssl0.9.8 (>= 0.9.8b-1), zlib1g (>= 1:1.2.1) Recommends: python2.3-cjkcodecs | python2.3-iconvcodec | python2.3-japanese-codecs, python2.3-cjkcodecs | python2.3-iconvcodec | python2.3-korean-codecs Suggests: python2.3-doc, python2.3-profiler Conflicts: python2.3-xmlbase, python2.3-csv, python2.3-dev (<< 2.3.5-14) Conffiles: /etc/python2.3/site.py 1025fc658d806173c5632fc97e89cdf0 Description: An interactive high-level object-oriented language (version 2.3) Version 2.3 of the high-level, interactive object oriented language, includes an extensive class library with lots of goodies for network programming, system administration, sounds and graphics. Python-Runtime: python2.3 Python-Version: 2.3 --- tere's a big postconfiguration problem with this version of python placed in the unstable branch, here's the apt output: halo:/home/arbiter# apt-get install python Reading package lists... Done Building dependency tree... Done python is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 5 not fully installed or removed. Need to get 0B of archives. After unpacking 0B of additional disk space will be used. Setting up python2.3 (2.3.5-14) ... Traceback (most recent call last): File "/usr/bin/pycentral", line 1365, in ? main() File "/usr/bin/pycentral", line 1359, in main rv = action.run(global_options) File "/usr/bin/pycentral", line 892, in run pkg.set_default_runtime_from_version_info() File "/usr/bin/pycentral", line 575, in set_default_runtime_from_version_info self.default_runtime = get_runtime_for_version(versions[0]) TypeError: unindexable object dpkg: error processing python2.3 (--configure): subprocess post-installation script returned error exit status 1 dpkg: dependency problems prevent configuration of python: python depends on python2.3 (>= 2.3.5-1); however: Package python2.3 is not configured yet. dpkg: error processing python (--configure): dependency problems - leaving unconfigured dpkg: dependency problems prevent configuration of python-minimal: python-minimal depends on python2.3 (>= 2.3.5-1); however: Package python2.3 is not configured yet. dpkg: error processing python-minimal (--configure): dependency problems - leaving unconfigured dpkg: dependency problems prevent configuration of reportbug: reportbug depends on python2.3; however: Package python2.3 is not configured yet. dpkg: error processing reportbug (--configure): dependency problems - leaving unconfigured dpkg: dependency problems prevent configuration of alsa-utils: alsa-utils depends on python-minimal; however: Package python-minimal is not configured yet. dpkg: error processing alsa-utils (--configure): dependency problems - leaving unconfigured Errors were encountered while processing: python2.3 python python-minimal reportbug alsa-utils E: Sub-process /usr/bin/dpkg returned an error code (1) halo:/home/arbiter# -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#369020: still problems
Hi I trying to upgrading to 1.2.4-6 but the problem still persists: I cannot upgrade it nor remove it: Removing imapproxy ... Stopping IMAP proxy: invoke-rc.d: initscript imapproxy, action "stop" failed. dpkg: error processing imapproxy (--remove): subprocess pre-removal script returned error exit status 1 Starting IMAP proxy: grep: /proc/27857/cmdline: No such file or directory Failed to start imapproxy. Check logs for details. Errors were encountered while processing: imapproxy E: Sub-process /usr/bin/dpkg returned an error code (1) -- +-----+ | Lorenzo Bettini ICQ# lbetto, 16080134 | | PhD in Computer Science, DSI, Univ. di Firenze | | Florence - Italy(GNU/Linux User # 158233) | | http://www.lorenzobettini.it| | http://tronprog.blogspot.com BLOG | | http://www.purplesucker.com Deep Purple Cover Band | | http://www.gnu.org/software/src-highlite| | http://www.gnu.org/software/gengetopt | | http://www.gnu.org/software/gengen | | http://doublecpp.sourceforge.net| +-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#369020: still problems
José Luis Tallón wrote: Lorenzo Bettini wrote: Hi I trying to upgrading to 1.2.4-6 but the problem still persists: I cannot upgrade it nor remove it: Removing imapproxy ... Stopping IMAP proxy: invoke-rc.d: initscript imapproxy, action "stop" failed. dpkg: error processing imapproxy (--remove): subprocess pre-removal script returned error exit status 1 Starting IMAP proxy: grep: /proc/27857/cmdline: No such file or directory Failed to start imapproxy. Check logs for details. Errors were encountered while processing: imapproxy E: Sub-process /usr/bin/dpkg returned an error code (1) try 1.2.4-7. It fixes some more problems. I'm afraid the problem's still there: apt-get -t unstable install imapproxy Reading package lists... Done Building dependency tree... Done The following packages will be upgraded: imapproxy 1 upgraded, 0 newly installed, 0 to remove and 690 not upgraded. 20 not fully installed or removed. Need to get 53.6kB of archives. After unpacking 0B of additional disk space will be used. Get: 1 http://ftp.de.debian.org unstable/main imapproxy 1.2.4-7 [53.6kB] Fetched 53.6kB in 0s (209kB/s) Preconfiguring packages ... (Reading database ... 145724 files and directories currently installed.) Preparing to replace imapproxy 1.2.4-5 (using .../imapproxy_1.2.4-7_i386.deb) ... Stopping IMAP proxy: invoke-rc.d: initscript imapproxy, action "stop" failed. dpkg: warning - old pre-removal script returned error exit status 1 dpkg - trying script from the new package instead ... Stopping IMAP proxy: invoke-rc.d: initscript imapproxy, action "stop" failed. dpkg: error processing /var/cache/apt/archives/imapproxy_1.2.4-7_i386.deb (--unpack): subprocess new pre-removal script returned error exit status 1 Starting IMAP proxy: grep: /proc/1770/cmdline: No such file or directory Failed to start imapproxy. Check logs for details. Errors were encountered while processing: /var/cache/apt/archives/imapproxy_1.2.4-7_i386.deb E: Sub-process /usr/bin/dpkg returned an error code (1) -- +-----+ | Lorenzo Bettini ICQ# lbetto, 16080134 | | PhD in Computer Science, DSI, Univ. di Firenze | | Florence - Italy(GNU/Linux User # 158233) | | http://www.lorenzobettini.it| | http://tronprog.blogspot.com BLOG | | http://www.purplesucker.com Deep Purple Cover Band | | http://www.gnu.org/software/src-highlite| | http://www.gnu.org/software/gengetopt | | http://www.gnu.org/software/gengen | | http://doublecpp.sourceforge.net| +-+
Bug#407011: autopsy should recognize ils-sleuthkit
Dr. Markus Waldeck wrote: > Package: autopsy > Version: 2.08-1 > Severity: important > > starting autopsy results in > ERROR: Sleuth Kit ils executable missing > > % dpkg -L sleuthkit| grep ils | grep bin > /usr/bin/ils-sleuthkit > > -- System Information: > Debian Release: 4.0 > APT prefers testing > APT policy: (990, 'testing') > Architecture: i386 (i686) > Shell: /bin/sh linked to /bin/bash > Kernel: Linux 2.6.18-3-686 > Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) > > Versions of packages autopsy depends on: > ii binutils 2.17-3 The GNU assembler, linker and > bina > ii perl 5.8.8-7Larry Wall's Practical > Extraction > ii sleuthkit 2.06-3 Tools for forensics analysis > > autopsy recommends no packages. On my system /usr/bin/ils is a link to /etc/alternatives/ils which is a link to /usr/bin/ils-sleuthkit. Note that my version of sleuthkit is 2.07-1. I think that your problems will be solved as soon as you upgrade sleuthkit. The point is that if /etc/alternatives/ils is pointing to somewhere else (e.g. tct) autopsy will not work. It is better to use directly ils-sleuthkit, icat-sleuthkit and mactime-sleuthkit instead of the symlinks to /etc/alternatives. Thanks for the report. -- l -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#413549: shorewall: Shorewall always spam my console despite VERBOSITY=0
Paul Gear wrote: > Aurélien Le Provost - Ribaltchenko wrote: >> Package: shorewall >> Version: 3.2.6-2 >> Severity: minor >> >> Hi, >> >> In /etc/shorewall/shorewall.conf I have >> VERBOSITY=0 >> because I don't want my console spamed by shorewall. But it has no effect... >> Don't know why. > > This is a case of Shorewall FAQ 16: http://shorewall.net/FAQ.htm#faq16 > and should not be treated as a bug in Debian or Shorewall. Also the README.Debian provides useful information about how to prevent logging to console. -- lm
Bug#413548: shorewall: NAT (masquerade) rules lost after reboot
Aurélien Le Provost - Ribaltchenko wrote: > Package: shorewall > Version: 3.2.6-2 > Severity: important > > Hi. > > Since I upgraded my server from sarge to etch, I noticed that NAT > (masquerade) rules are lost after a reboot. > > I have this line in /etc/shorewall/masq : > eth0eth2 > > The workaround is to append this lines to /etc/rc.local : > /etc/init.d/shorewall stop > /etc/init.d/shorewall start > to have Internet on the LAN normally, without worrying to know if > the server were rebooted or not. Hi, please temporarily comment the two lines you add to your /etc/rc.local, reboot your machine, and send me the content of the log file /var/log/shorewall-init.log. Thanks. -- lm
Bug#413810: [INTL:gl] Galician debconf templates translation for shorewall
Jacobo Tarrio wrote: > Package: shorewall > Severity: wishlist > Tags: l10n patch > > It is attached to this report. Thanks. It will be included in the next revision of the package. -- lm -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#412134: shorewall: Logging (ulog) of MAC address is incomplete
Jeffrey B. Green wrote: > Package: shorewall > Version: 3.2.6-2 > Severity: wishlist > > The packets being written to the ulogd log file have only the following > for the MAC address information: > > MAC=00 > > i.e. only the two digits 00. This problems shows up in the logs on Feb 9 > (to narrow down the time frame of when things changed). tcpdump does indeed > show the complete MAC addresses in the packets, but dumping the packets via > the ulogd_OPRINT.so module shows only the 00 value. > > I could not find any relevant configuration options that might affect this > behavior. I can reproduce the bug. It seems that the problem is in ulogd. See Debian bug#412499. Which version of ulogd are you using? -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#412134: shorewall: Logging (ulog) of MAC address is incomplete
Jeffrey B. Green wrote: > Good. It's always a real pain if the bug cannot be reproduced. > > Here the info on ulogd: > > ii ulogd 1.23-6The Netfilter > Userspace Logging Daemon This is the bogus version. The bug against ulogd has already been filed. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#369020: BUG prevents upgrade and removal
I tried setting foreground_mode to yes, but the problem still persists... I cannot upgrade it nor remove it... -- +-+ | Lorenzo Bettini ICQ# lbetto, 16080134 | | PhD in Computer Science, DSI, Univ. di Firenze | | Florence - Italy(GNU/Linux User # 158233) | | http://www.lorenzobettini.it| | http://tronprog.blogspot.com BLOG | | http://www.purplesucker.com Deep Purple Cover Band | | http://www.gnu.org/software/src-highlite| | http://www.gnu.org/software/gengetopt | | http://www.lorenzobettini.it/software/gengen| | http://www.lorenzobettini.it/software/doublecpp | +-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#416152: /system/checkfs start stops boot by complaining there is no device /dev/hdxx
Package: initng Version: 0.5.2-1 Severity: critical --- Please enter the report below this line. --- During booting, initng stops at this point: "/system/checkfs start" stops by complaining there is no device /dev/hdxx ("fsck.ext3: No such file or directory while trying to open /dev/hda1". The superblock could not be read or does not describe a correct ext2 fiulesystem.). The root system is mounted (read-only), there is no hdxx nor sdxx in /dev/. --- System information. --- Architecture: i386 Kernel: Linux 2.6.18 Debian Release: 4.0 990 testing www.debian-multimedia.org 990 testing security.debian.org 990 testing freedom.dicea.unifi.it 500 unstablewww.debian-multimedia.org 500 unstablefreedom.dicea.unifi.it 500 stable www.debian-multimedia.org 500 stable security.debian.org 500 stable freedom.dicea.unifi.it 1 experimentalfreedom.dicea.unifi.it --- Package information. --- Depends (Version) | Installed =-+-= libc6(>= 2.3.5-1) | 2.3.6.ds1-13 udev | 0.105-3 -- Lorenzo Bettini, PhD in Computer Science, DSI, Univ. di Firenze ICQ# lbetto, 16080134 (GNU/Linux User # 158233) HOME: http://www.lorenzobettini.it MUSIC: http://www.purplesucker.com BLOGS: http://tronprog.blogspot.com http://longlivemusic.blogspot.com http://www.gnu.org/software/src-highlite http://www.gnu.org/software/gengetopt http://www.gnu.org/software/gengen http://doublecpp.sourceforge.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#412134: shorewall: Logging (ulog) of MAC address is incomplete
Jeffrey B. Green wrote: > Package: shorewall > Version: 3.2.6-2 > Severity: wishlist > > The packets being written to the ulogd log file have only the following > for the MAC address information: > > MAC=00 > > i.e. only the two digits 00. This problems shows up in the logs on Feb 9 > (to narrow down the time frame of when things changed). tcpdump does indeed > show the complete MAC addresses in the packets, but dumping the packets via > the ulogd_OPRINT.so module shows only the 00 value. > > I could not find any relevant configuration options that might affect this > behavior. Can you please send me your configuration files so that I can reproduce the problem? Thanks. -- lm -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#394714: apache2-mpm-prefork: Apache2 child processes segfaults
I'm experiencing the same problem after upgrading to version 2.2.3-3 (unstable) the backtrace is as follows: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1215670592 (LWP 3765)] 0xb76f8d14 in zend_hash_internal_pointer_reset_ex () from /usr/lib/apache2/modules/libphp4.so (gdb) bt #0 0xb76f8d14 in zend_hash_internal_pointer_reset_ex () from /usr/lib/apache2/modules/libphp4.so #1 0xb7713788 in apply_config () from /usr/lib/apache2/modules/libphp4.so #2 0xb77127d2 in execute () from /usr/lib/apache2/modules/libphp4.so #3 0x08074587 in ap_run_handler () #4 0x08077731 in ap_invoke_handler () #5 0x08084728 in ap_process_request () #6 0x080819ce in ap_register_input_filter () #7 0x0807b3c7 in ap_run_process_connection () #8 0x08088704 in ap_graceful_stop_signalled () #9 0x08088964 in ap_graceful_stop_signalled () #10 0x0808972a in ap_mpm_run () #11 0x080621ef in main () and I don't have mod ssl... so the problem looks in libphp4? -- +-----+ | Lorenzo Bettini ICQ# lbetto, 16080134 | | PhD in Computer Science, DSI, Univ. di Firenze | | Florence - Italy(GNU/Linux User # 158233) | | http://www.lorenzobettini.it| | http://tronprog.blogspot.com BLOG | | http://www.purplesucker.com Deep Purple Cover Band | | http://www.gnu.org/software/src-highlite| | http://www.gnu.org/software/gengetopt | | http://www.lorenzobettini.it/software/gengen| | http://www.lorenzobettini.it/software/doublecpp | +-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#386042: podracer: Fails with traceback as result
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - From what I can tell, this seems to be a problem with bittorrent 3.4.2-8 and python 2.4. Bittorrent 3.4.2-8.1 is in unstable now and works with python 2.4. It should be migrating to testing shortly. HTH, Lorenzo - -- I've always found anomalies to be very relaxing. It's a curse. - --Jadzia Dax: Star Trek Deep Space Nine (The Assignment) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE/LNUG9IpekrhBfIRAjsCAJ9qywaGa19ZIHxHJCwuNp3pe6MN+wCfecVL VWi/hOt9fRFWCTmPRauZZfo= =AySc -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#384262: solution of reverting to older version not working
I downloaded the xserver-xorg-core_2:1.0.2-10_i386.deb from debian snapshot, but if I simply use dpkg -i to install it, then, when I start X I get this error: (EE) module ABI major version (1) doesn't match the server's version (0) (EE) Failed to load module "v4l" (module requirement mismatch, 0) (EE) module ABI minor version (6) is newer than the server's version (5) (EE) Failed to load module "keyboard" (module requirement mismatch, 0) (EE) module ABI minor version (6) is newer than the server's version (5) (EE) Failed to load module "mouse" (module requirement mismatch, 0) (EE) NVIDIA(0): Failed to initialize the GLX module; please check in your X (EE) NVIDIA(0): log file that the GLX module has been loaded in your X (EE) NVIDIA(0): server, and that the module is the NVIDIA GLX module. If (EE) NVIDIA(0): you continue to encounter problems, Please try (EE) NVIDIA(0): reinstalling the NVIDIA driver. (EE) No Input driver matching `keyboard' (EE) No Input driver matching `mouse' Synaptics DeviceInit called SynapticsCtrl called. Synaptics DeviceOn called No core keyboard Fatal server error: failed to initialize core devices XIO: fatal IO error 104 (Connection reset by peer) on X server ":2.0" after 0 requests (0 known processed) with 0 events remaining. so reverting does not solve the problem for me I am using unstable / sid, with a 2.6.17 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#384262: solution of reverting to older version not working [SOLVED]
concerning my previous email, I solved the problem: I kept xorg 7.1 and installed the new version of the NVIDIA driver: NVIDIA-Linux-x86-1.0-8774-pkg1.run -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#389886: installation-reports FAIL
Package: installation-reportsBoot method: CDImage version: netinst i386 etch 20060928Date: 2006-09-28Machine: DELL PE SC420Processor: Pentium 4 2.8 Memory: 1 GBBase System Installation Checklist: [O] = OK, [E] = Error (please elaborate below), [ ] = didn't try itInitial boot worked:[O]Configure network HW: [O]Config network: [O]Detect CD: [O]Load installer modules: [O] Detect hard drives: [O]Partition hard drives: [O]Create file systems:[O]Mount partitions: [O]Install base system:[E]Install boot loader:[ ]Reboot: [ ] Comments/Problems:Boot prompt: expertguiComment: in every checkbox list (ie: choose language), the option selected by mouse or cursor is not visibile.Problem: during "Install base system" installation fails: dpkg: error processing mdadm (--configure):subprocess post-installation script returned error exit status 1Installing on 2 SATA disk (software RAID 1) md0 - /boot md1 - swap md2 - root
Bug#391493: horde3: please change the default for "What path should we set cookies to"
Package: horde3 Version: 3.1.3-1 Severity: important -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) When performing the first configuration of horde3, in the "General" tab, the default in the field "What path should we set cookies to?" is "/horde", but it should be "/horde3", since this is the default installation path. If you do not change it, then after saving the configuration, you will not be able to log in horde any more (and the system always presents the login form). Thanks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#383715: Can't login to imp4 with imap, although horde works fine.
I have exactly the same problem and couldn't solve it yet. These are my packages: ii imapproxy1.2.4-5 IMAP protocol proxy ii php-net-imap 1.0.3-1 PHP PEAR module implementing IMAP protocol ii php5-imap5.1.2-1 IMAP module for php5 ii uw-imapd 2002edebian1-13 remote mail folder access server ii horde3 3.1.3-1 horde web application framework ii imp4 4.1.3-1 webmail component for horde framework for the moment I cannot change the imap server. The syntoms are exactly the same of the original post: can login through horde but when I go to imp I get, after a long wait an empty redirect. In particular, when logging to horde these are the messages in the system log: Oct 6 22:34:15 localhost imapd[10477]: connect from 127.0.0.1 (127.0.0.1) Oct 6 22:34:15 localhost imapd[10477]: imap service init from 127.0.0.1 Oct 6 22:34:15 localhost imapd[10477]: Authenticated user= host=localhost.localdomain [127.0.0.1] Oct 6 22:34:15 localhost imapd[10477]: Logout user= host=localhost.localdomain [127.0.0.1] and in the horde log: Oct 06 22:34:15 HORDE [notice] [horde] Login success for [151.37.72.107] to Horde [on line 90 of "/usr/share/horde3/login.php"] then when I log to imp I get: Oct 6 22:35:34 localhost imapd[10518]: connect from ***.***.***.*** (***.***.***.***) Oct 6 22:35:34 localhost imapd[10518]: imaps SSL service init from ***.***.***.*** Oct 6 22:35:34 localhost imapd[10518]: Authenticated user= host=***.***.***.*** [***.***.***.***] Oct 6 22:35:34 localhost imapd[10519]: connect from ***.***.***.*** (***.***.***.***) Oct 6 22:35:34 localhost imapd[10519]: imaps SSL service init from ***.***.***.*** Oct 6 22:35:34 localhost imapd[10519]: Authenticated user= host=***.***.***.*** [***.***.***.***] Oct 6 22:35:34 localhost imapd[10464]: Killed (lost mailbox lock) user= host=***.***.***.*** [***.***.***.***] I found the message Killed (lost mailbox lock) in the imap faq: http://www.washington.edu/imap/IMAP-FAQs/index.html#7.19 which I quote here: "This message only happens when either the traditional UNIX mailbox format or MMDF format is in use. This format only allows one session to have the mailbox open read/write at a time. The servers assume that if a second session attempts to open the mailbox, that means that the first session is probably owned by an abandoned client. The common scenario here is a user who leaves his client running at the office, and then tries to read his mail from home. Through an internal mechanism called kiss of death, the second session requests the first session to kill itself. When the first session receives the "kiss of death", it issues the "Killed (lost mailbox lock)" syslog message and terminates. The second session then seizes read/write access, and becomes the new "first" session. Certain poorly-designed clients routinely open multiple sessions to the same mailbox; the users of those clients tend to get this message a lot. Another cause of this message is a background "check for new mail" task which does its work by opening a POP session to server every few seconds. They do this because POP doesn't have a way to announce new mail. The solution to both situations is to replace the client with a good online IMAP client such as Pine. Life is too short to waste on POP clients and poorly-designed IMAP clients." so what could be the problem? previous versions of imp4 used to work fine (the last working version used to be imp4_4.0.2-2_all.deb) any clue please? thanks in advance -- +-+ | Lorenzo Bettini ICQ# lbetto, 16080134 | | PhD in Computer Science, DSI, Univ. di Firenze | | Florence - Italy(GNU/Linux User # 158233) | | http://www.lorenzobettini.it| | http://tronprog.blogspot.com BLOG | | http://www.purplesucker.com Deep Purple Cover Band | | http://www.gnu.org/software/src-highlite| | http://www.gnu.org/software/gengetopt | | http://www.lorenzobettini.it/software/gengen| | http://www.lorenzobettini.it/software/doublecpp | +-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#391680: centericq: Better handling of Jabber resources
Package: centericq Version: 4.21.0-16 Severity: wishlist Currently there is no way to set my resource in my Jabber account. It always shows up as centericq. Also there is no way to send a message to a specific resource if a user is logged in at more than one place. Both of these features would be beneficial. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages centericq depends on: ii centeric 4.21.0-16 A text-mode multi-protocol instant ii libc62.3.6.ds1-5 GNU C Library: Shared libraries ii libcomer 1.39+1.40-WIP-2006.10.02+dfsg-1 common error description library ii libcurl3 7.15.5-1Multi-protocol file transfer libra ii libgcc1 1:4.1.1-15 GCC support library ii libgnutl 1.4.4-1 the GNU TLS library - runtime libr ii libgpg-e 1.4-1 library for common error values an ii libgpgme 1.1.2-2 GPGME - GnuPG Made Easy ii libidn11 0.6.5-1 GNU libidn library, implementation ii libjpeg6 6b-13 The Independent JPEG Group's JPEG ii libkrb53 1.4.4-3 MIT Kerberos runtime libraries ii libncurs 5.5-4 Shared libraries for terminal hand ii libssl0. 0.9.8c-3SSL shared libraries ii libstdc+ 4.1.1-15The GNU Standard C++ Library v3 ii zlib1g 1:1.2.3-13 compression library - runtime Versions of packages centericq recommends: ii elinks [www-browser] 0.11.1-1advanced text-mode WWW browser ii elvis-console [www-browser] 2.2.0-7 powerful clone of the vi/ex text e ii epiphany-browser [www-browse 2.14.3-2Intuitive GNOME web browser ii lynx-cur [www-browser] 2.8.6pre5-1 Text-mode WWW Browser with NLS sup ii sox 12.17.9-1 A universal sound sample translato ii w3m [www-browser]0.5.1-5 WWW browsable pager with excellent -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#391679: centericq: ability to type in chat mode when chat is full screen
Package: centericq Version: 4.21.0-16 Severity: wishlist If I have chat mode configured for a protocol and am in a conversation with a person and hit f9 to make the chat window fill the screen, my ability to send messages currently goes away until I quit full screen mode. I would like the ability to continue my conversation even though my chat window is full screen without having to quit out of full screen mode. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages centericq depends on: ii centeric 4.21.0-16 A text-mode multi-protocol instant ii libc62.3.6.ds1-5 GNU C Library: Shared libraries ii libcomer 1.39+1.40-WIP-2006.10.02+dfsg-1 common error description library ii libcurl3 7.15.5-1Multi-protocol file transfer libra ii libgcc1 1:4.1.1-15 GCC support library ii libgnutl 1.4.4-1 the GNU TLS library - runtime libr ii libgpg-e 1.4-1 library for common error values an ii libgpgme 1.1.2-2 GPGME - GnuPG Made Easy ii libidn11 0.6.5-1 GNU libidn library, implementation ii libjpeg6 6b-13 The Independent JPEG Group's JPEG ii libkrb53 1.4.4-3 MIT Kerberos runtime libraries ii libncurs 5.5-4 Shared libraries for terminal hand ii libssl0. 0.9.8c-3SSL shared libraries ii libstdc+ 4.1.1-15The GNU Standard C++ Library v3 ii zlib1g 1:1.2.3-13 compression library - runtime Versions of packages centericq recommends: ii elinks [www-browser] 0.11.1-1advanced text-mode WWW browser ii elvis-console [www-browser] 2.2.0-7 powerful clone of the vi/ex text e ii epiphany-browser [www-browse 2.14.3-2Intuitive GNOME web browser ii lynx-cur [www-browser] 2.8.6pre5-1 Text-mode WWW Browser with NLS sup ii sox 12.17.9-1 A universal sound sample translato ii w3m [www-browser]0.5.1-5 WWW browsable pager with excellent -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#421715: shorewall: conflicts with several packages
On 6/16/07, Michael Prokop <[EMAIL PROTECTED]> wrote: * Michael Prokop <[EMAIL PROTECTED]> [20070501 10:15]: [...] Any chance to get an answer? The problem will be fixed by the next upload. -- l -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#422572: Process spawned by left click remains zombie
Package: xfce4-genmon-plugin Version: 3.1-1 Severity: normal --- Please enter the report below this line. --- The process spawned when the icon plugin is left clicked remains zombie because the plugin process does not wait for the termination of the child. As a workaround the following patch can be used: --- main.c.orig 2007-05-06 21:58:20.0 -0500 +++ main.c 2007-05-06 20:54:37.0 -0500 @@ -97,7 +97,8 @@ char result[256]; genmon_SpawnCmd (poMonitor->onClickCmd, result, -sizeof (poMonitor->onClickCmd), 0); +//sizeof (poMonitor->onClickCmd), 0); +sizeof (poMonitor->onClickCmd), 1); } /**/ The patch is not the ultimate solution as the plugin is blocked until the child is terminated. --- System information. --- Architecture: i386 Kernel: Linux 2.6.20-asus-s1n Debian Release: lenny/sid 500 unstableftp.debian.org 500 stable www.debian-multimedia.org 500 stable security.debian.org 500 stable ftp.debian.org 1 experimentalftp.debian.org --- Package information. --- Depends (Version) | Installed ===-+-= libatk1.0-0 (>= 1.13.2) | 1.18.0-2 libc6 (>= 2.5) | 2.5-5 libcairo2(>= 1.4.0) | 1.4.6-1 libfontconfig1 (>= 2.4.0) | 2.4.2-1.2 libglib2.0-0(>= 2.12.9) | 2.12.11-3 libgtk2.0-0 (>= 2.10.3) | 2.10.12-1 libpango1.0-0 (>= 1.16.2) | 1.16.2-2 libx11-6| 2:1.0.3-7 libxcursor1 (>> 1.1.2) | 1:1.1.8-2 libxext6| 1:1.0.3-2 libxfce4util4(>= 4.4.1) | 4.4.1-1 libxfcegui4-4(>= 4.4.1) | 4.4.1-1 libxfixes3 (>= 1:4.0.1) | 1:4.0.3-2 libxi6 | 1:1.0.1-4 libxinerama1| 1:1.0.2-1 libxrandr2 (>= 2:1.2.0) | 2:1.2.1-1 libxrender1 | 1:0.9.2-1 xfce4-panel (>= 4.4.1) | 4.4.1-1 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#425390: icedove: Mailboxes and settings lost after upgrade
Trying to revert to 1.5 did not work for me: I got a segmentation fault... the only solution was to purge icedove and then reinstall it... -- Lorenzo Bettini, PhD in Computer Science, DSI, Univ. di Firenze ICQ# lbetto, 16080134 (GNU/Linux User # 158233) HOME: http://www.lorenzobettini.it MUSIC: http://www.purplesucker.com BLOGS: http://tronprog.blogspot.com http://longlivemusic.blogspot.com http://www.gnu.org/software/src-highlite http://www.gnu.org/software/gengetopt http://www.gnu.org/software/gengen http://doublecpp.sourceforge.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#425790: icedove: clicking links does not spawn web browser
I'm using KDE too and having the same problem... I installed icedove-gnome-support but the problem still persists... -- Lorenzo Bettini, PhD in Computer Science, DSI, Univ. di Firenze ICQ# lbetto, 16080134 (GNU/Linux User # 158233) HOME: http://www.lorenzobettini.it MUSIC: http://www.purplesucker.com BLOGS: http://tronprog.blogspot.com http://longlivemusic.blogspot.com http://www.gnu.org/software/src-highlite http://www.gnu.org/software/gengetopt http://www.gnu.org/software/gengen http://doublecpp.sourceforge.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#420295: also PORT-WRITE is incorrectly parsed
cdrw-taper doesn't correctly parse also the PORT-WRITE command. An example of the command is the following: PORT-WRITE 00-00011 localhost feff9ffeff7f /home/privata/lavoro 0 20070428004502 0 NULL 10240 The regexp used is: if ($args =~ /^(\S+)\s+(\S+)\s+(\S+\s+)?(\d+)\s+(\d+)\s*$/) { ($hostname, $diskname, $level) = ($1, $2, $4); but should be: if ($args =~ /^(\S+)\s+(\S+\s+)?(\S+)\s+(\d+)\s+(\d+)\s*\d+\s+\S+\s+\d+$/) { ($hostname, $diskname, $level) = ($1, $3, $4); -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#421441: splashy: splashy->gdm hangs system randomly
Geoffrey L. Brimhall wrote: > Package: splashy > Version: 0.3.2 > Severity: important > > There is a race condition between when splashy ends and gdm starts that > happens on my system about 1 in 3 boots, when it happens the splashy > screen is just "hangs" and console switching to X doesn't work. Think it > may be related to my system being SMP (dual core ). > > This bug is really identical to #350179 - so either close this bug or > re-open that one ! > > By updating the gdm and splashy scripts I got rid of the race condition, > here's the fix ( note the fix really requires updating all display > manager scripts to be aware if a boot gui is being used, if so shut it > down ): > > REMOVE from splashy script in the "start" sequence: > > else > log_daemon_msg "Stopping $DESC" $NAME > /sbin/splashy_update exit > log_end_msg $? > # wait until splashy exits before changing tty's > while `pidof splashy > /dev/null`; do > sleep 0.2 > done > # do some magic with the TTYs > if test -z "$CHVT_TTY"; then > CHVT_TTY=1 > fi > # detect X, if not, go to CHVT_TTY > X11_RUNNING=1 > pidof X > /dev/null && X11_RUNNING=1 > if [ $X11_RUNNING -eq 1 ]; then > splashy_chvt 7 > else > splashy_chvt $CHVT_TTY > fi > > ADD to gdm script the above functionality, before the "start_daemon" > command: > > # Disable splashy if running > if `pidof splashy > /dev/null`; then > log_daemon_msg "Stopping $DESC" $NAME > /sbin/splashy_update exit > /sbin/splashy_chvt 7 > log_end_msg $? > fi I have the same problem on my laptop (splashy 0.3.2 + xdm 1:1.1.4-3): the machine hangs on the splash screen. The workaround suggested seems to solve the startup problem. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#301139: Acknowledgement (option to reduce "last chance to quit" delay before burning)
I am finally getting around to sending in this patch which adds the enhancement I suggested. It will also fix bug#301136. Lorenzo -- The mind is its own place, and in itself Can make a Heav'n of Hell, a Hell of Heav'n. -- John Milton diff -uprN burn-0.4.3/burn burn-0.4.3-patched/burn --- burn-0.4.3/burn 2005-03-21 17:07:32.0 -0500 +++ burn-0.4.3-patched/burn 2006-08-15 13:02:02.0 -0400 @@ -404,6 +404,8 @@ class CDROM: driver = config.get('CD-writer','driver') source_driver = config.get('CD-reader','driver') burnfree = config.get('CD-writer','burnfree') + sao = config.get('CD-writer','sao') + gracetime = config.get('CD-writer','gracetime') def compute_media_size(self): if config.get('Media','media-check') == 'yes': @@ -479,6 +481,14 @@ class CDROM: #for the ones who have buffer underrun protection if self.burnfree: self.cdrecord_line_append('driveropts=burnfree ') + #set write mode: TAO (track at once) or SAO (session at once) + if self.sao: + self.cdrecord_line_append('-sao ') + else: + self.cdrecord_line_append('-tao ') + #the amount of time cdrecord waits before burning + if self.gracetime: + self.cdrecord_line_append('gracetime=' + self.gracetime + ' ') #enable multisession if options.multisession: self.cdrecord_line_append('-multi ') diff -uprN burn-0.4.3/burn-configure burn-0.4.3-patched/burn-configure --- burn-0.4.3/burn-configure 2004-12-13 13:51:08.0 -0500 +++ burn-0.4.3-patched/burn-configure 2006-08-15 13:32:17.0 -0400 @@ -279,6 +279,34 @@ if 'CD-writer' in cs: if brnfr in no: config.set(section, 'burnfree', brnfr) break + if 'sao' in options: + print + current = config.get(section, 'sao') + print _('Do you want cdrecord to burn in session-at-once mode (sao)?') + print _('\tThis allows gapless recording of audio tracks and works around the readahead') + print _('\tbug on GNU/Linux systems.') + while 1: + sssntnc = ask_value('yes/no', current) + if sssntnc == '': + break + if sssntnc in yes: + config.set(section, 'sao', sssntnc) + break + if sssntnc in no: + config.set(section, 'sao', sssntnc) + break + if 'gracetime' in options: + print + current = config.get(section, 'gracetime') + print _('How long should cdrecord wait before burning?') + print _('\tNote that cdrecord always waits at least 2 to 3 seconds.') + while 1: + grctm = ask_value('gracetime', current) + if grctm == '': + break + else: + config.set(section, 'gracetime', grctm) + break if 'CD-reader' in cs: section = 'CD-reader' print diff -uprN burn-0.4.3/burn.conf burn-0.4.3-patched/burn.conf --- burn-0.4.3/burn.conf2005-03-16 14:39:07.0 -0500 +++ burn-0.4.3-patched/burn.conf2006-08-15 13:40:01.0 -0400 @@ -42,6 +42,10 @@ driver: generic-mmc #Buffer Underrun Free writing support (yes/no) #If your unit supports Buffer Underrun Free writing support say yes. burnfree: yes +# Enable this if you want to burn in session-at-once (also called disc-at-once) mode +sao: yes +# the amount of time in seconds cdrecord should display the `last chance to quit' message +gracetime: 3 [CD-reader] # this device should have the same CD-writer value if you only have one CD unit. diff -uprN burn-0.4.3/burn.conf-dist burn-0.4.3-patched/burn.conf-dist --- burn-0.4.3/burn.conf-dist 2004-04-26 17:08:38.0 -0400 +++ burn-0.4.3-patched/burn.conf-dist 2006-08-15 13:56:50.0 -0400 @@ -42,6 +42,10 @@ driver: generic-mmc #Buffer Underrun Free writing support (yes/no) #If your unit supports Buffer Underrun Free writing support say yes. burnfree: yes +# Enable this if you want cdrecord to burn in session-at-once (also called disc-at-once) mode +sao: no +# The amount of time in seconds cdrecord should display the `last chance to quit' message +gracetime: 10 [CD-reader] # this device should have the same CD-writer value if you only have one CD unit.
Bug#393452: other workaround
alternatively, run icedove instead of thunderbird (I find this quicker) -- +-+ | Lorenzo Bettini ICQ# lbetto, 16080134 | | PhD in Computer Science, DSI, Univ. di Firenze | | Florence - Italy(GNU/Linux User # 158233) | | http://www.lorenzobettini.it| | http://tronprog.blogspot.com BLOG | | http://www.purplesucker.com Deep Purple Cover Band | | http://www.gnu.org/software/src-highlite| | http://www.gnu.org/software/gengetopt | | http://www.lorenzobettini.it/software/gengen| | http://www.lorenzobettini.it/software/doublecpp | +-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#370168: this patch adds a new bug!
Hi, I'm using perl v5.8.8 and the patched squid-prefetch does not work at all! That's why: the declaration my ( $code,$mesg,%hdrs) makes the variables $code,$mesg and %hdrs local, and the subsequent if ($code != 200) { is always satisfied since $code is undefined at this point and no url is ever prefetched... I attach my simple patch, intended to be applied to version 1.1-2 in order to get 1.1-2 YOSS Happy to be useful, Lorenzo Clemente, Rome squid-prefetch-1.1-2-yoss.diff Description: Binary data
Bug#415654: shorewall / linux ip_nat_sip module breaks SIP
Ted Merrill wrote: > Package: shorewall > Version: 3.2.9-1 > Severity: normal > > > The latest debian unstable shorewall release, shorewall 3.2.9-1, > incorrectly > modifies some SIP packets during network address translation, thereby > causing > all subsequent voice packets to be lost. > Actually this may be a linux kernel issue instead since the problem is > related > to the following kernel module that was not loaded in previous release: > ip_nat_sip > Commenting out the loadmodule line in /usr/share/shorewall/modules that > loads > ip_nat_sip fixes the problem. > It's not clear to me what ip_nat_sip is needed for; perhaps something to do > with connection tracking (e.g. connected to ip_conntrack_sip module, also > recently added, which i don't seem to need either). > > The problem specifically is that in a SIP "200 OK" packet from the > registar, > the SDP connection information ('c') line is (incorrectly) modified. > It should be left alone; instead the ip address on that line is rewritten > to > be the ip address of the sender of the packet. I'm temporarily disabling the sip module. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#373722: [Pkg-cups-devel] Bug#373722: web interface doesn't show list of available cupsys-driver-gutenprint drivers when adding a new printer
I'm experiencing this problem with these versions. My printer is an Epson Stylus Color II. dpkg --list | grep cups ii cups-pdf 2.4.2-1 PDF printer for CUPS ii cupsys 1.2.5-1 Common UNIX Printing System(tm) - server ii cupsys-bsd 1.2.5-1 Common UNIX Printing System(tm) - BSD comman ii cupsys-client1.2.5-1 Common UNIX Printing System(tm) - client pro ii cupsys-common1.2.5-1 Common UNIX Printing System(tm) - common fil ii cupsys-driver-gimpprint 5.0.0-2 printer drivers for CUPS ii cupsys-driver-gutenprint 5.0.0-2 printer drivers for CUPS ii cupsys-pt1.2.4-3+b1 Tool for viewing/managing print jobs under C ii libcupsimage21.2.5-1 Common UNIX Printing System(tm) - image libs ii libcupsys2 1.2.5-1 Common UNIX Printing System(tm) - libs ii libcupsys2-dev 1.2.5-1 Common UNIX Printing System(tm) - developmen ii libcupsys2-gnutls10 1.2.5-1 Common UNIX Printing System(tm) - dummy libs ii libgnomecups1.0-10.2.2-5 GNOME library for CUPS interaction ii libgnomecupsui1.0-1 0.31-1 UI extensions to libgnomecups I also tried to select LPT#1, but gutenprint drivers do not show up: I must manually provide a ppd file (in this case, /usr/share/cups/model/gutenprint/5.0/en/stp-escp2-ii.5.0.ppd.gz, which does not even print correctly, but that's another issue). Lorenzo -- +-----+ | Lorenzo Bettini ICQ# lbetto, 16080134 | | PhD in Computer Science, DSI, Univ. di Firenze | | Florence - Italy(GNU/Linux User # 158233) | | http://www.lorenzobettini.it| | http://tronprog.blogspot.com BLOG | | http://www.purplesucker.com Deep Purple Cover Band | | http://www.gnu.org/software/src-highlite| | http://www.gnu.org/software/gengetopt | | http://www.lorenzobettini.it/software/gengen| | http://www.lorenzobettini.it/software/doublecpp | +-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#396349: cupsys-driver-gutenprint: driver stp-escp2-ii.5.0.ppd.gz for Epson Stylus Color II does not print correctly
Package: cupsys-driver-gutenprint Version: 5.0.0-2 Severity: normal After manually selecting this driver for Epson Stylus Color II, /usr/share/cups/model/gutenprint/5.0/en/stp-escp2-ii.5.0.ppd.gz, as reported in the documentatio n of gutenprint, the test page does not print correctly: e.g. instead of printing - | | | it prints _ - | | | this is only to try to make you understand the problem... it is not only skipping a line... -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages cupsys-driver-gutenprint depends on: ii cupsys 1.2.5-1 Common UNIX Printing System(tm) - ii libc62.3.6.ds1-7 GNU C Library: Shared libraries ii libcupsimage21.2.5-1 Common UNIX Printing System(tm) - ii libcupsys2 1.2.5-1 Common UNIX Printing System(tm) - ii libgnutls13 1.4.4-2 the GNU TLS library - runtime libr ii libgutenprint2 5.0.0-2 runtime for the Gutenprint printer ii libjpeg626b-13 The Independent JPEG Group's JPEG ii libpng12-0 1.2.8rel-7 PNG library - runtime ii libtiff4 3.8.2-6 Tag Image File Format (TIFF) libra ii perl 5.8.8-6.1 Larry Wall's Practical Extraction ii zlib1g 1:1.2.3-13 compression library - runtime cupsys-driver-gutenprint recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#396349: cupsys-driver-gutenprint: driver stp-escp2-ii.5.0.ppd.gz for Epson Stylus Color II does not print correctly
Roger Leigh wrote: Lorenzo Bettini <[EMAIL PROTECTED]> writes: After manually selecting this driver for Epson Stylus Color II, /usr/share/cups/model/gutenprint/5.0/en/stp-escp2-ii.5.0.ppd.gz, as reported in the documentatio n of gutenprint, the test page does not print correctly: Which test page? How did you print it? (there are several documented ways of doing this.) lpr -P /usr/share/cups/data/testprint.ps will print the CUPS test page. I used the button "Print Test Page" of CUPS web interface e.g. instead of printing - | | | it prints _ - | | | this is only to try to make you understand the problem... it is not only skipping a line... I'm not sure which part of the test page this is referring to. If you have a scanner, could you scan it in and put the image somewhere for download? Did you configure the printer to use the correct papersize etc.? yes I did. here's a scan of (part of) the test page http://rap.dsi.unifi.it/~bettini/test_page.jpg this should give an idea of the problem... thanks Lorenzo -- +---------+ | Lorenzo Bettini ICQ# lbetto, 16080134 | | PhD in Computer Science, DSI, Univ. di Firenze | | Florence - Italy(GNU/Linux User # 158233) | | http://www.lorenzobettini.it| | http://tronprog.blogspot.com BLOG | | http://www.purplesucker.com Deep Purple Cover Band | | http://www.gnu.org/software/src-highlite| | http://www.gnu.org/software/gengetopt | | http://www.lorenzobettini.it/software/gengen| | http://www.lorenzobettini.it/software/doublecpp | +-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#396349: cupsys-driver-gutenprint: driver stp-escp2-ii.5.0.ppd.gz for Epson Stylus Color II does not print correctly
Roger Leigh wrote: Lorenzo Bettini <[EMAIL PROTECTED]> writes: Roger Leigh wrote: Lorenzo Bettini <[EMAIL PROTECTED]> writes: After manually selecting this driver for Epson Stylus Color II, /usr/share/cups/model/gutenprint/5.0/en/stp-escp2-ii.5.0.ppd.gz, as reported in the documentatio n of gutenprint, the test page does not print correctly: Just to be sure, your printer model is an Epson Stylus Color II, and you are using the correct driver for this model? Yes I'm sure it's an Epson Stylus Color II, and I'm using stp-escp2-ii.5.0.ppd.gz, i.e., the one suggested in the gutenprint manual, chapter 7. cheers Lorenzo -- +---------+ | Lorenzo Bettini ICQ# lbetto, 16080134 | | PhD in Computer Science| | Dip. Sistemi e Informatica, Univ. di Firenze | | Florence - Italy(GNU/Linux User # 158233) | | Home Page: http://www.lorenzobettini.it| | http://music.dsi.unifi.it XKlaim language | | http://www.purplesucker.com Deep Purple Cover Band | | http://www.gnu.org/software/src-highlite | | http://www.gnu.org/software/gengetopt | | http://www.lorenzobettini.it/software/gengen | | http://www.lorenzobettini.it/software/doublecpp| +-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#142998: Please Review....good news
Good Morning & Good News, There are 3 Companies that are interested in offering you a Re-Fi deal as of Monday July 30th 2007. The Minimum deal offered is as follows: $225,000* Remember, this is just the lowest deal offered...the Max is yet to be determined. Simply confirm your information in our database here: http://refi-approved-client9%RNDDIGIT1884.cluzatchnbacon.com Do not worry about approval, your cr. report will not disqualify you. Have a Great Day, Looking forward to hearing from you Lorenzo Siegel Team Leader, TSD Lending Professionals - - --- * Rate & Payment To be determined after information is confirmed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#432837: Better patch
On 7/12/07, Matthew King <[EMAIL PROTECTED]> wrote: > Here's a better patch which can include directories in locations other > than /etc/shorewall Thank you. I'll update the package as soon as possible. -- lm -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#429914: when will arrive to debian package?
I had been using openfire is really stable and easy. Some friends would like to have it packaged.
Bug#441228: source highlighting works fine but for php
Tong Sun wrote: --- - Tong - <[EMAIL PROTECTED]> wrote: Package: source-highlight Version: 2.4-5 Severity: normal . . . I found that the source-highlight from my Debian package doesn't support php, although other languages works well. Most probably packaging problem. The following line solved the problem: ln -s php.lang /usr/share/source-highlight/php3.lang thanks Hi everyone actually, in the new version of source-highlight (2.7) in lang.map you read: php3 = php.lang php4 = php.lang php5 = php.lang php = php.lang since it makes more sense to have php.lang than php3.lang cheers Lorenzo -- Lorenzo Bettini, PhD in Computer Science, DSI, Univ. di Firenze ICQ# lbetto, 16080134 (GNU/Linux User # 158233) HOME: http://www.lorenzobettini.it MUSIC: http://www.purplesucker.com http://www.myspace.com/supertrouperabba BLOGS: http://tronprog.blogspot.com http://longlivemusic.blogspot.com http://www.gnu.org/software/src-highlite http://www.gnu.org/software/gengetopt http://www.gnu.org/software/gengen http://doublecpp.sourceforge.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#441228: source highlighting works fine but for php
Hi Ola I wouldn't mind to try to maintain also the debian package of source-highlight :-) However, first, I need to take a look at the packaging mechanisms since I know nothing about them; so, for the moment, I prefer not to take it over :-) cheers Lorenzo Ola Lundqvist wrote: Hi Tong Source-highlight has not been of top priority among the Debian packages that I maintain. That is the simple reason. If someone want to take it over, that person is welcome to do so. But first ask me, so I have not changed my mind. :) Best regards, // Ola On Fri, Sep 07, 2007 at 04:03:45PM -0700, Tong Sun wrote: --- Ola Lundqvist <[EMAIL PROTECTED]> wrote: ... This patch will be applied on next upload... Thanks a lot, Ola. On seeing your swift reply, I couldn't help asking a side question. Since you are currently actively maintaining the source-highlight package, what is the major reason that the source-highlight package stays at v2.4 level while upstream is already v2.7? Thanks. Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=list&sid=396545469 -- Lorenzo Bettini, PhD in Computer Science, DSI, Univ. di Firenze ICQ# lbetto, 16080134 (GNU/Linux User # 158233) HOME: http://www.lorenzobettini.it MUSIC: http://www.purplesucker.com http://www.myspace.com/supertrouperabba BLOGS: http://tronprog.blogspot.com http://longlivemusic.blogspot.com http://www.gnu.org/software/src-highlite http://www.gnu.org/software/gengetopt http://www.gnu.org/software/gengen http://doublecpp.sourceforge.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#396349: cupsys-driver-gutenprint: driver stp-escp2-ii.5.0.ppd.gz for Epson Stylus Color II does not print correctly
Roger Leigh ha scritto: Lorenzo Bettini <[EMAIL PROTECTED]> writes: Roger Leigh wrote: Lorenzo Bettini <[EMAIL PROTECTED]> writes: Roger Leigh wrote: Lorenzo Bettini <[EMAIL PROTECTED]> writes: After manually selecting this driver for Epson Stylus Color II, /usr/share/cups/model/gutenprint/5.0/en/stp-escp2-ii.5.0.ppd.gz, as reported in the documentatio n of gutenprint, the test page does not print correctly: Just to be sure, your printer model is an Epson Stylus Color II, and you are using the correct driver for this model? Yes I'm sure it's an Epson Stylus Color II, and I'm using stp-escp2-ii.5.0.ppd.gz, i.e., the one suggested in the gutenprint manual, chapter 7. Sorry for the delay in replying. A new Gutenprint release, 5.0.1 has now been uploaded to testing and unstable. Please could you try this new version to see if it fixes your problem? Note that with this release, manual PPD selection is not required--just choosing the make and model in the CUPS web interface is sufficient. I'm afraid I'm disposing my epson stylus color II: it can hardly load a sheet so I cannot use it anymore... -- Lorenzo Bettini, PhD in Computer Science, DSI, Univ. di Firenze ICQ# lbetto, 16080134 (GNU/Linux User # 158233) HOME: http://www.lorenzobettini.it MUSIC: http://www.purplesucker.com BLOGS: http://tronprog.blogspot.com http://longlivemusic.blogspot.com http://www.gnu.org/software/src-highlite http://www.gnu.org/software/gengetopt http://www.gnu.org/software/gengen http://doublecpp.sourceforge.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#408698: Bug Resolved
Flavio Visentin wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom Eastep contacted me and gave me the solution. To meke this configuration work it's enough to specify the option "routeback" on the interface definition, like the following: /etc/shorewall/interfaces #ZONE INTERFACE BROADCAST OPTIONS net eth1- blacklist lan eth0- routeback,dhcp srv veth+ - routeback - From the definition of routeback, in the interface file, it wasn't clear to me that it worked with multiple interfaces too (although now it seems obvious also to me). Maybe we should specify this case in the option's description Anyway the bug should be closed. I completely forgot the routeback option! I'm going to close the bug. Thanks. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]