Bug#766475: python-xmpp: Error in SSLSocket
Hi guys. You were quick :) First of all - huge thanks for doing that! Next - re: no acks on previous NMUs - there are two possibilities - could be that I was not asked explicitly to ack (like this time) and assumed it is not needed or I was super busy or ack happened to be off thread. Or some combination of the above. In any case, I am always happy to see that someone comes to rescue of the poor package. If you want me to comment on the future plans - I'll happily do that even though I'll probably not have enough capacity to do anything more serious than that. Thanks again! Alexey Control: severity -1 serious Control: retitle -1 Connection to TLS-enabled servers is broken: Error in SSLSocket Hi, anonym wrote (19 Mar 2015 11:03:49 GMT) : Next, here's a small test case to for triggering the bug: import xmpp xmpp.Client(jabber.ccc.de).connect() This bug seems RC to me, as: 1. it's a regression from Wheezy; 2. most popular XMPP servers offer TLS these days, so it seems to be that this bug breaks break the most common use-case of this library; and also 3. python-xmpp has quite a few reverse-deps that might be affected (I didn't check, though). = bumping severity. Alexey, what do you think? (Now, I don't see any reply from Alexey to the open bugs on this package, some of them dating back to 2010. Last upload by Alexey was in 2008, and there have been 2 NMUs since then, none of them acknowledged = I won't hold my breath too long.) With the patch supplied by Vladimir Osintsev, the problem is indeed fixed. I'll try to come up with a minimal patch that satisfies the freeze policy (introducing the quilt machinery is definitely not an option at this stage of the freeze). And then I'll prepare a NMU. There are, however, other issues with xmpppy, so the python-xmpp package is in a pretty poor state [...] Indeed, it would be good if something could be done about it during the Stretch cycle. python-xmpp has quite a few reverse-dependencies, so perhaps a couple of their upstream or Debian maintainers will want to adopt xmpppy upstream. Let's say it's off-topic here, though: the discussion that was started on #592010 feels like a better place to discuss future plans. Cheers! -- intrigeri
Bug#780831: breaks if /etc/ssl/private is missing
Package: krb5-kdc Version: 1.12.1+dfsg-18 Severity: grave /lib/systemd/system/krb5-kdc.service contains: [Service] InaccessibleDirectories=/etc/ssh /etc/ssl/private /root so starting the unit will fail if one of the directories is missing: Mar 20 08:44:09 bokassa systemd[1191]: Failed at step NAMESPACE spawning /usr/sbin/krb5kdc: Operation not permitted Since none of these directories are provided by the package or one of its dependencies they should all be marked as optional. systemd.exec(5) explains how to solve this: Paths in ReadOnlyDirectories= and InaccessibleDirectories= may be prefixed with -, in which case they will be ignored when they do not exist. The same applies to krb5-admin-server.service in the krb5-admin-server package. And both packages should really switch from /var/run to /run. -- ciao, Marco pgpx8LCl1ca3c.pgp Description: PGP signature
Bug#779902: /tmp can be mounted as tmpfs against user's will
[adding the bug to CC] Am 20.03.2015 um 08:46 schrieb Didier Roche: Le 20/03/2015 08:39, Michael Biebl a écrit : thanks for the patch. I had something like this in mind. We could be extra nice and only add the After=tmp.mount if tmp.mount is actually enabled, because we only need the After ordering in this case. But that's mostly a cosmetic issue and I'm happy to ship the patch as is. That's a nice idea. It needs testing though to ensure that the fstab generator generated the right enablement for that unit (in case the tmpfs config was done in fstab). /etc/fstab entries are automatically hooked up in /run/systemd/generator/local-fs.target.requires/ unless the fstab entry uses noauto. That said, I'm not sure if we should really test the file system path. We should check if systemd offers an API for this. Also, we need to ensure that any later enablement of that unit, this is taken into account by new units. Not sure I'll have time to test this properly today, will be more early next week if needed though. As said, I'd probably be happy to ship the patch as is and would include it in the upload I plan this weekend. We can defer this to a later upload though, if you want? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#779902: /tmp can be mounted as tmpfs against user's will
Le 20/03/2015 09:03, Michael Biebl a écrit : [adding the bug to CC] Am 20.03.2015 um 08:46 schrieb Didier Roche: Le 20/03/2015 08:39, Michael Biebl a écrit : thanks for the patch. I had something like this in mind. We could be extra nice and only add the After=tmp.mount if tmp.mount is actually enabled, because we only need the After ordering in this case. But that's mostly a cosmetic issue and I'm happy to ship the patch as is. That's a nice idea. It needs testing though to ensure that the fstab generator generated the right enablement for that unit (in case the tmpfs config was done in fstab). /etc/fstab entries are automatically hooked up in /run/systemd/generator/local-fs.target.requires/ unless the fstab entry uses noauto. That said, I'm not sure if we should really test the file system path. We should check if systemd offers an API for this. Also, we need to ensure that any later enablement of that unit, this is taken into account by new units. Not sure I'll have time to test this properly today, will be more early next week if needed though. As said, I'd probably be happy to ship the patch as is and would include it in the upload I plan this weekend. We can defer this to a later upload though, if you want? Sounds the best approach: ship it as it is for this week-end upload, at least the immediate concern is addressed this way. I'm keeping in mind to check if we can request for the unit enablement for a later upload. (Note: the patch is against experimental, I can rebase on master and include the bug reference if you wish, but I guess you are going to merge other fixes as well…) Thanks for the bug triaging work btw :) Cheers, Didier -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#747863: [nut] systemd service fails by default and causes package install failure
Am 20.03.2015 um 01:03 schrieb Laurent Bigonville: Hello, Alright, I have patch here that should finally fix initial nut installation when PID1 is systemd. I did some initial testing and it seems to work. But I still really ENOTIME ATM. Could somebody have a 2nd pair of eyes on this? I'll made the upload if the patch is OK. Since you are quoting the variables, you don't need the x$foo = xbar syntax and you can drop the x prefix. That's a rather cosmetic issue though, and the patch itself looks ok to me. Regards, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#762700: systemd: journald fails to forward most boot messages to syslog
Am 2015-03-20 06:25, schrieb Michael Biebl: You can probably trigger this by putting 12 modules into /etc/modules-load.d. Each one will generate a message for the journal and after the 11th the service will hang. Jupp, just tried it, deadlocks. Will, kind-of, because after ~15s it will somehow still boot, I don't quite understand it, but I don't think this is fine the way it is. I myself couldn't reproduce the problem with putting 12 modules inot /etc/modules. Huh, weird. So I guess I'll merge your patch as is, including the upstream commit. Thanks! I've been running with both patches applied for a while and didn't have a single missed message since then. I've encountered it at one point so far (with the service, which I've been using otherwise without any problems since I've reported this bug): a daemon decided to go on a rampage (partly because of misconfiguration, partly because it doesn't handle misconfiguration well) and started to produce lots and lots of log messages, in just 1h my /var/log/syslog grew to 2.4 GiB (the journal, storage only being in /run, was rotate probably 100 times or so while this was happening). But I'd argue there that if something goes THIS crazy, all sorts of other stuff may break (most notably, /var running out of diskspace, because syslog files are only rotated daily), so I don't view this as an issue with systemd. Just wanted to mention this because the setting makes syslog forwarding robust enough from my perspective, but not bulletproof. Christian -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#779902: /tmp can be mounted as tmpfs against user's will
Hey,
Attaching the patch (which tries to be less intrusive with mounts, only
affecting /tmp) that I pinged on IRC for better tracking.
Tested under multiple configurations. /tmp isn't mounted as tmpfs
neither at boot, nor after a service restart having PrivateTmp. Enabling
the tmp mount unit now ensures that it's started at boot, before
services having PrivateTmp.
Cheers,
Didier
---
Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
http://www.avast.com
From 624f2a956a93acfd2da9132e991994c4e3218f2f Mon Sep 17 00:00:00 2001
From: Didier Roche didro...@ubuntu.com
Date: Thu, 19 Mar 2015 08:53:03 +0100
Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will
Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds
an After relationship.
---
debian/changelog | 2 ++
.../PrivateTmp-shouldn-t-require-tmpfs.patch | 24 ++
debian/patches/series | 1 +
3 files changed, 27 insertions(+)
create mode 100644 debian/patches/PrivateTmp-shouldn-t-require-tmpfs.patch
diff --git a/debian/changelog b/debian/changelog
index 9589d09..ea22101 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,8 @@ systemd (219-5) UNRELEASED; urgency=medium
* Add systemd-fsckd autopkgtest. (LP: #1427312)
* Fix mount point detection on overlayfs and similar file systems without
name_to_handle_at() and st_dev support. (LP: #1411140)
+ * Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds
+an After relationship.
[ Martin Pitt ]
* journald: Suppress expected cases of Failed to set file attributes
diff --git a/debian/patches/PrivateTmp-shouldn-t-require-tmpfs.patch b/debian/patches/PrivateTmp-shouldn-t-require-tmpfs.patch
new file mode 100644
index 000..cef5628
--- /dev/null
+++ b/debian/patches/PrivateTmp-shouldn-t-require-tmpfs.patch
@@ -0,0 +1,24 @@
+From: Didier Roche didro...@ubuntu.com
+Date: Wed, 18 Mar 2015 17:11:00 +0100
+Subject: PrivateTmp shouldn't require tmpfs
+
+As PrivateTmp is requiring tmp.mount, this one will mount (but only after boot)
+/tmp as tmpfs adding a Requires=tmp.mount to the unit. This change downgrades
+the requirements to an after relationship.
+---
+ src/core/unit.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: systemd-debian/src/core/unit.c
+===
+--- systemd-debian.orig/src/core/unit.c
systemd-debian/src/core/unit.c
+@@ -807,7 +807,7 @@ int unit_add_exec_dependencies(Unit *u,
+ return 0;
+
+ if (c-private_tmp) {
+-r = unit_require_mounts_for(u, /tmp);
++r = unit_add_dependency_by_name(u, UNIT_AFTER, tmp.mount, NULL, true);
+ if (r 0)
+ return r;
+
diff --git a/debian/patches/series b/debian/patches/series
index 0a0e482..59b3524 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -70,3 +70,4 @@ cgroup-don-t-trim-cgroup-trees-created-by-someone-el.patch
core-mount-ensure-that-we-parse-proc-self-mountinfo.patch
Revert-journald-allow-restarting-journald-without-lo.patch
path_is_mount_point-handle-false-positive-on-some-fs.patch
+PrivateTmp-shouldn-t-require-tmpfs.patch
--
2.1.4
___
Pkg-systemd-maintainers mailing list
pkg-systemd-maintain...@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#780797: openssh-server: modifies the user configuration
On 2015-03-20 05:54:03 +0100, Christoph Anton Mitterer wrote: On Fri, 2015-03-20 at 03:06 +0100, Vincent Lefevre wrote: So, it's even easier: when the admin installs some software using, say, LC_ALLOW_ARBITRARY_ACCESS, he can change the sshd config to disallow this variable. Sorry, but this is a highly disturbing and simply plain wrong approach to security. That way you could just set the default AcceptEnv * assuming that uses will find out all occurrences of software where they need to restrict something. Using * is bad because some environment variables are known to be used by the system and can affect security (e.g. LD_PRELOAD). IMHO, LC_* is an acceptable *compromise* (no known problems in practice). So, really, if you want to make sure to avoid problems with the default config, then no variables should be accepted. Well one must perhaps add, that using any non machine readable output from programs is also kinda broken (I know every one does it, including myself), since that output may change not just depending on the locale. While in turn, machine readable output should be neutral to the locale. No, this is not the practical usage. Some output are both for human and the machine (grep -r LC_ /etc can give you some idea of scripts that may depend on the locales if not set back to C). If you assume that the admin does a bit of work, then accepting LC_* should be safe. A bit of work? I guess checking all software for whether it may or may not use some variables in a certain way is more than just a bit work. No need to check all software. Just the restricted commands that can be run via SSH. Some commands might do other harm (e.g. run an interactive shell), so that the admin should check all the possibilities anyway. a) depends what you mean by per default... per default, my systems have no users after installation except root and system accounts. ;) In such a case, with such defaults, you won't be able to ssh into the machine, so that the AcceptEnv value doesn't matter. Log in via root? This is disabled by default, for security reasons! See PermitRootLogin no. By default the user doesn't have a restricted shell, so that restricting the environment variables is rather useless (except the well-known dangerous ones such as LD_PRELOAD). This is only true for normal user accounts, i.e. not system user accounts, where there are several prominent examples that actually make use of the command restriction features of OpenSSH (e.g. gitolite). For these specific case, one can check that the default AcceptEnv is safe. Uh? I haven't looked at that bug, but when I SendEnv / AcceptEnv my local variables it works just as expected, regardless of PAM. Perhaps because your system isn't configured to enforce some locales. The corresponding bugs on the Debian BTS: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=313317 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=408029 That was the only clean way to pass the charmap. Which software is using that variable? No software. This is for *private* use. The locales are set-up via my .zshenv file, using this private LC_CHARMAP variable. -- Vincent Lefèvre vinc...@vinc17.net - Web: https://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: https://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#780519: tomcat7 build failure
On 19.03.2015 21:47, Emmanuel Bourg wrote: Le 19/03/2015 19:02, Markus Koschany a écrit : What I don't understand is why this went undetected for such a long time. I mean there were numerous rebuilds so why does the test suite fail in Jessie and even stable now? I bet this was caused by the recent update of openjdk-7 (7u75). Could someone test with the version 7u71-2.5.3-2 that was in use since November? Good idea but unfortunately I can't confirm that openjdk-7 is responsible. I downloaded the sources from http://snapshot.debian.org/package/openjdk-7/7u71-2.5.3-2/ and applied Moritz Mühlenhoff's patch due to bug https://bugs.debian.org/775044 and recompiled openjdk-7 from scratch. But tomcat7 still fails to build from source even with this older openjdk-7 version. Markus signature.asc Description: OpenPGP digital signature
Bug#766475: python-xmpp: Error in SSLSocket
Please go ahead. Security is important - thus it is a major feature that is broken and that you fix - I believe, RC severity is appropriate. Thanks! Alexey 2015-03-20 8:50 GMT+01:00 intrigeri intrig...@debian.org: Hi, Alexey Nezhdanov wrote (20 Mar 2015 05:56:55 GMT) : First of all - huge thanks for doing that! Thanks for answering :) Just to be extra clear: does this implicitly mean you agree with the RC severity and the NMU I've proposed? Should I just go ahead without waiting any more time? Cheers, -- intrigeri
Processed: tagging 780650
Processing commands for cont...@bugs.debian.org: tags 780650 + fixed-upstream Bug #780650 [systemd] systemd: Sources not shipped for hwdb files Added tag(s) fixed-upstream. thanks Stopping processing here. Please contact me if you need assistance. -- 780650: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780650 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778646: Multiple issues
Here's the patch that I am planning to apply upstream. Please comment
if you see anything wrong with it.
While the general idea is similar to Tomasz's patch, I've solved the
details a bit differently.
* I prefer to use ssize_t instead of unsigned long long int for memory
manipulations. Since size_t is the type used by malloc, memcpy, etc,
it is big enough to hold the relevant values. The reason I use a
signed rather than unsigned type is that the dy field in the
potrace_bitmap_s structure may be positive or negative, depending on
whether the bitmap is stored top-to-bottom or bottom-to-top. Potrace
itself always uses a positive dy, but other applications that link
against the Potrace library may use their own convention. Tomasz's
patch used an unsigned type which would break applications that use
a negative dy.
The code now checks that the bitmap dimensions are indeed such that
all relevant values fit within ssize_t. A remaining assumption is
that ssize_t is at least as big as int, which I think is guaranteed.
* I prefer to use calloc instead of safe_malloc. Calloc is appropriate
whenever the memory to be allocated is a number of copies of items
of a given size. Unlike malloc(x*y), calloc(x, y) actually checks
that x*y does not overflow. (I checked the glibc source code for
calloc to be sure that such a check is actually performed). In the
few cases where the argument of malloc is calculated differently
(say as a product of three numbers), I have added an explicit
overflow check. This is safer, in my opinion, than safe_malloc(x*y);
in particular, there is no difference bewteen safe_malloc and
ordinary malloc when size_t = unsigned long long int.
* I also fixed analogous issues in Mkbitmap and throughout the rest of
the code.
I'll post an updated upstream package in a day or two unless there's
feedback requiring additional changes.
Thanks, -- Peter
diff -u -r potrace-1.11/src/backend_eps.c potrace-1.11-patched/src/backend_eps.c
--- potrace-1.11/src/backend_eps.c 2013-02-20 00:51:44.0 +0100
+++ potrace-1.11-patched/src/backend_eps.c 2015-03-20 23:57:39.703432480
+0100
@@ -26,8 +26,8 @@
#include config.h
#endif
-#define SAFE_MALLOC(var, n, typ) \
- if ((var = (typ *)malloc((n)*sizeof(typ))) == NULL) goto malloc_error
+#define SAFE_CALLOC(var, n, typ) \
+ if ((var = (typ *)calloc(n, sizeof(typ))) == NULL) goto calloc_error
typedef int color_t;
@@ -232,10 +232,10 @@
double M;
int m = curve-n;
- SAFE_MALLOC(bq, m, long int);
- SAFE_MALLOC(aq, m, long int);
- SAFE_MALLOC(v, m, point_t);
- SAFE_MALLOC(q, m, dpoint_t);
+ SAFE_CALLOC(bq, m, long int);
+ SAFE_CALLOC(aq, m, long int);
+ SAFE_CALLOC(v, m, point_t);
+ SAFE_CALLOC(q, m, dpoint_t);
/* quantize vertices */
for (i=0; im; i++) {
@@ -295,7 +295,7 @@
free(q);
return 0;
- malloc_error:
+ calloc_error:
free(bq);
free(aq);
free(v);
diff -u -r potrace-1.11/src/bitmap.h potrace-1.11-patched/src/bitmap.h
--- potrace-1.11/src/bitmap.h 2013-02-20 00:51:44.0 +0100
+++ potrace-1.11-patched/src/bitmap.h 2015-03-20 23:57:39.704432477 +0100
@@ -7,6 +7,7 @@
#include string.h
#include stdlib.h
+#include errno.h
/* The bitmap type is defined in potracelib.h */
#include potracelib.h
@@ -27,7 +28,7 @@
/* macros for accessing pixel at index (x,y). U* macros omit the
bounds check. */
-#define bm_scanline(bm, y) ((bm)-map + (y)*(bm)-dy)
+#define bm_scanline(bm, y) ((bm)-map + (y)*(ssize_t)(bm)-dy)
#define bm_index(bm, x, y) (bm_scanline(bm, y)[(x)/BM_WORDBITS])
#define bm_mask(x) (BM_HIBIT ((x) (BM_WORDBITS-1)))
#define bm_range(x, a) ((int)(x) = 0 (int)(x) (a))
@@ -51,10 +52,18 @@
free(bm);
}
-/* return new un-initialized bitmap. NULL with errno on error */
+/* return new un-initialized bitmap. NULL with errno on error.
+ Assumes w, h = 0. */
static inline potrace_bitmap_t *bm_new(int w, int h) {
potrace_bitmap_t *bm;
- int dy = (w + BM_WORDBITS - 1) / BM_WORDBITS;
+ int dy = w == 0 ? 0 : (w - 1) / BM_WORDBITS + 1;
+ ssize_t size = (ssize_t)dy * (ssize_t)h * (ssize_t)BM_WORDSIZE;
+
+ /* check for overflow error */
+ if (size 0 || size / h / dy != BM_WORDSIZE) {
+errno = ENOMEM;
+return NULL;
+ }
bm = (potrace_bitmap_t *) malloc(sizeof(potrace_bitmap_t));
if (!bm) {
@@ -63,7 +72,7 @@
bm-w = w;
bm-h = h;
bm-dy = dy;
- bm-map = (potrace_word *) malloc(dy * h * BM_WORDSIZE);
+ bm-map = (potrace_word *) malloc(size);
if (!bm-map) {
free(bm);
return NULL;
@@ -73,23 +82,29 @@
/* clear the given bitmap. Set all bits to c. */
static inline void bm_clear(potrace_bitmap_t *bm, int c) {
- memset(bm-map, c ? -1 : 0, bm-dy * bm-h * BM_WORDSIZE);
+ /* Note: if the bitmap was created with bm_new, then it is
+ guaranteed that size will fit into the ssize_t type. */
+ ssize_t size = (ssize_t)bm-dy * (ssize_t)bm-h * (ssize_t)BM_WORDSIZE;
+ memset(bm-map, c ? -1 : 0,
Bug#780519: tomcat7 build failure
tags 780519 + confimed owner 780519 ! thanks On Fri, Mar 20, 2015 at 11:10:28AM +0100, Markus Koschany wrote: [...] and recompiled openjdk-7 from scratch. But tomcat7 still fails to build from source even with this older openjdk-7 version. I checked the failing unit tests and all of them seem to be related with SSL features. I'll try to upload a fix during this weekend. -- Miguel Landaeta, nomadium at debian.org secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key. Faith means not wanting to know what is true. -- Nietzsche signature.asc Description: Digital signature
Processed (with 1 errors): Re: Bug#780519: tomcat7 build failure
Processing commands for cont...@bugs.debian.org: tags 780519 + confimed Unknown tag/s: confimed. Recognized are: patch wontfix moreinfo unreproducible fixed potato woody sid help security upstream pending sarge sarge-ignore experimental d-i confirmed ipv6 lfs fixed-in-experimental fixed-upstream l10n newcomer etch etch-ignore lenny lenny-ignore squeeze squeeze-ignore wheezy wheezy-ignore jessie jessie-ignore stretch stretch-ignore buster buster-ignore. Bug #780519 [src:tomcat7] tomcat7: FTBFS due to failing tests Requested to add no tags; doing nothing. owner 780519 ! Bug #780519 [src:tomcat7] tomcat7: FTBFS due to failing tests Owner recorded as Miguel Landaeta nomad...@debian.org. thanks Stopping processing here. Please contact me if you need assistance. -- 780519: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780519 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775583: fixed in lvm2 2.02.111-2.1
On Wed, 2015-03-11 at 20:41 -0400, Mike Miller wrote: On Mon, Mar 02, 2015 at 12:34:01 +, Ben Hutchings wrote: Changes: lvm2 (2.02.111-2.1) unstable; urgency=medium . * Non-maintainer upload * Add initramfs-tools boot script for preparing additional block devices (Closes: #775583) Thanks for providing a fix for this Ben. The initramfs-tools update broke my separated-/usr boot anyway, but I managed to make your fix work for me. For the benefit of others affected, the /usr entry in fstab *must* begin with /dev/mapper/. My fstab had the /dev/$VG/$LV style and the script does not know what to do with that. I've opened a new bug report for that which is #780319. Ben. -- Ben Hutchings All extremists should be taken out and shot. signature.asc Description: This is a digitally signed message part
Bug#768655: marked as done (birdfont: FTBFS on jessie - error: 1 extra arguments for `Gdk.RGBA Gtk.ColorSelection.get_current_rgba ()')
Your message dated Fri, 20 Mar 2015 22:41:22 +0900 with message-id 20150320224122.b6095196ee09aaf5dcc26...@debian.or.jp and subject line has caused the Debian Bug report #768655, regarding birdfont: FTBFS on jessie - error: 1 extra arguments for `Gdk.RGBA Gtk.ColorSelection.get_current_rgba ()' to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 768655: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768655 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: birdfont Version: 0.47-1 Severity: serious Justification: fails to build from source (but built successfully in the past) Control: fixed -1 1.7-1 Hi, The version of your package currently in testing (0.47-1) fails to build in a jessie chroot: TaskFailed - taskid:birdfont:compile_c Command failed: 'valac --ccode --save-temps --enable-experimental-non-null --enable-experimental --target-glib=2.34 --define=LINUX --vapidir ./ --basedir build/birdfont --pkg glib-2.0 --pkg libxml-2.0 --pkg gio-2.0 --pkg cairo --pkg gdk-pixbuf-2.0 --pkg webkitgtk-3.0 --pkg gee-1.0 --pkg libnotify build/birdfont.vapi birdfont/Main.vala birdfont/GtkWindow.vala' returned 1 Compilation failed: 2 error(s), 14 warning(s) warning: --save-temps has no effect when -C or --ccode is set birdfont/GtkWindow.vala:290.18-290.32: warning: deprecated syntax, don't use `new' to initialize structs Gdk.RGBA c = new Gdk.RGBA (); ^^^ birdfont/GtkWindow.vala:291.5-291.40: error: 1 extra arguments for `Gdk.RGBA Gtk.ColorSelection.get_current_rgba ()' color_selection.get_current_rgba (c); birdfont/GtkWindow.vala:774.80-774.84: warning: Gtk.Stock has been deprecated since 3.10 birdfont/GtkWindow.vala:762.59-762.63: warning: Gtk.Stock has been deprecated since 3.10 birdfont/GtkWindow.vala:764.59-764.63: warning: Gtk.Stock has been deprecated since 3.10 birdfont/GtkWindow.vala:862.10-862.39: error: Assignment: Cannot convert from `Gdk.Screen?' to `Gdk.Screen' Screen screen = Screen.get_default (); ^^ birdfont/GtkWindow.vala:885.22-885.42: warning: deprecated syntax, don't use `new' to initialize structs label_allocation = new Gtk.Allocation (); ^ birdfont/GtkWindow.vala:906.20-906.39: warning: GLib.Thread.create has been deprecated since 2.32. Use new ThreadT () birdfont/GtkWindow.vala:922.4-922.30: warning: unhandled error `GLib.Error' export_notification.show (); ^^^ birdfont/GtkWindow.vala:937.13-937.32: warning: GLib.Thread.create has been deprecated since 2.32. Use new ThreadT () birdfont/GtkWindow.vala:957.13-957.32: warning: GLib.Thread.create has been deprecated since 2.32. Use new ThreadT () birdfont/GtkWindow.vala:976.13-976.32: warning: GLib.Thread.create has been deprecated since 2.32. Use new ThreadT () birdfont/Main.vala:60.25-60.36: warning: deprecated syntax, don't use `new' to initialize structs Mutex database_mutex = new Mutex (); birdfont/Main.vala:61.24-61.34: warning: deprecated syntax, don't use `new' to initialize structs Cond main_loop_idle = new Cond (); ^^^ birdfont/Main.vala:66.15-66.47: warning: GLib.Thread.create has been deprecated since 2.32. Use new ThreadT () debian/rules:15: recipe for target 'override_dh_auto_configure' failed I managed to build the version currently in unstable (1.7-1) successfully however, so I've marked the bug fixed in that version. Thanks, James -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (100, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---End Message--- ---BeginMessage--- Now testing is frozen and it prevents migration. so, no RC is necessary. -- Regards, Hideki Yamane henrich @ debian.or.jp/org http://wiki.debian.org/HidekiYamane---End Message---
Bug#767630: marked as done (birdfont: depends on libgit2-dev which is unavailable on kfreebsd and s390x)
Your message dated Fri, 20 Mar 2015 22:23:37 +0900 with message-id 20150320222337.2e3baef174be03463468d...@debian.or.jp and subject line has caused the Debian Bug report #767630, regarding birdfont: depends on libgit2-dev which is unavailable on kfreebsd and s390x to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 767630: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767630 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- package: birdfont version: 1.7-1 severity: serious Hi, All recent uploads of birdfont build-depend on libgit2-dev, which is unavailable on kfreebsd and s390x. As birdfont built fine before on these architectures, this prevents migration to testing. This probably means the you need to request the removal from unstable of the binaries on these architectures (and close this bug at that point), to allow the package to migrate. Cheers, Ivo ---End Message--- ---BeginMessage--- rmadison libgit2-dev debian: libgit2-dev | 0.21.1-3 | jessie-p-u | amd64, arm64, armel, armhf, i386, kfreebsd-amd64, mips, mipsel, powerpc, ppc64el libgit2-dev | 0.21.1-3 | jessie | amd64, arm64, armel, armhf, i386, kfreebsd-amd64, mips, mipsel, powerpc, ppc64el libgit2-dev | 0.21.3-1.1 | sid| amd64, arm64, armel, armhf, i386, kfreebsd-amd64, mips, mipsel, powerpc, ppc64el, s390x, sparc new: seems to be okay. -- Regards, Hideki Yamane henrich @ debian.or.jp/org http://wiki.debian.org/HidekiYamane---End Message---
Bug#780797: openssh-server: modifies the user configuration
On 2015-03-20 10:03, Vincent Lefevre wrote: On 2015-03-20 05:54:03 +0100, Christoph Anton Mitterer wrote: On Fri, 2015-03-20 at 03:06 +0100, Vincent Lefevre wrote: [...] In such a case, with such defaults, you won't be able to ssh into the machine, so that the AcceptEnv value doesn't matter. Log in via root? This is disabled by default, for security reasons! See PermitRootLogin no. As a side note, the default is now PermitRootLogin without-password for new installations, starting from 6.6p1-1. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#761357: marked as done (openjp3d-tools and libopenjp3d-tools: error when trying to install together)
Your message dated Fri, 20 Mar 2015 14:12:44 +0100 with message-id CA+7wUsx8Sw9e=pcrEyw26RBJnjZ7o=+3tt8eafc9uhn+uet...@mail.gmail.com and subject line Re: openjp2 2.0 - 2.1 transition has caused the Debian Bug report #761357, regarding openjp3d-tools and libopenjp3d-tools: error when trying to install together to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 761357: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761357 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libopenjp3d-tools,openjp3d-tools Version: libopenjp3d-tools/2.1.0-1 Version: openjp3d-tools/2.0.0-1 Severity: serious User: trei...@debian.org Usertags: edos-file-overwrite Date: 2014-09-13 Architecture: amd64 Distribution: sid Hi, automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the following problem: Selecting previously unselected package libopenjp3d6:amd64. (Reading database ... 10869 files and directories currently installed.) Preparing to unpack .../libopenjp3d6_2.0.0-1_amd64.deb ... Unpacking libopenjp3d6:amd64 (2.0.0-1) ... Selecting previously unselected package libopenjp3d7:amd64. Preparing to unpack .../libopenjp3d7_2.1.0-1_amd64.deb ... Unpacking libopenjp3d7:amd64 (2.1.0-1) ... Selecting previously unselected package libopenjp3d-tools. Preparing to unpack .../libopenjp3d-tools_2.1.0-1_amd64.deb ... Unpacking libopenjp3d-tools (2.1.0-1) ... Selecting previously unselected package openjp3d-tools. Preparing to unpack .../openjp3d-tools_2.0.0-1_amd64.deb ... Unpacking openjp3d-tools (2.0.0-1) ... dpkg: error processing archive /var/cache/apt/archives/openjp3d-tools_2.0.0-1_amd64.deb (--unpack): trying to overwrite '/usr/bin/opj_jp3d_decompress', which is also in package libopenjp3d-tools 2.1.0-1 Processing triggers for man-db (2.6.7.1-1) ... Errors were encountered while processing: /var/cache/apt/archives/openjp3d-tools_2.0.0-1_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) This is a serious bug as it makes installation fail, and violates sections 7.6.1 and 10.1 of the policy. An optimal solution would consist in only one of the packages installing that file, and renaming or removing the file in the other package. Depending on the circumstances you might also consider Replace relations or file diversions. If the conflicting situation cannot be resolved then, as a last resort, the two packages have to declare a mutual Conflict. Please take into account that Replaces, Conflicts and diversions should only be used when packages provide different implementations for the same functionality. Here is a list of files that are known to be shared by both packages (according to the Contents file for sid/amd64, which may be slightly out of sync): /usr/bin/opj_jp3d_compress /usr/bin/opj_jp3d_decompress This bug has been filed against both packages. If you, the maintainers of the two packages in question, have agreed on which of the packages will resolve the problem please reassign the bug to that package. You may then also register in the BTS that the other package is affected by the bug. -Ralf. PS: for more information about the detection of file overwrite errors of this kind see http://edos.debian.net/file-overwrites/. ---End Message--- ---BeginMessage--- On Tue, Mar 17, 2015 at 12:52 PM, Andreas Beckmann a...@debian.org wrote: On 2015-03-17 09:52, Mathieu Malaterre wrote: Let me know if I misunderstood your email: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=46;bug=761355#46 These bugs were dangling around assigned to a not longer existing package. You should probably close them as well. The successor packages may need Breaks+Replaces against the obsolete packages to ensure clean upgrade paths on all cases. The issue only appeared for a very limited time within the `testing` release. I am closing these and we'll see if this is an issue for anyone but the `edos-file-overwrite` robot.---End Message---
Bug#761355: marked as done (libopenjpeg6-dev and libopenjp2-7-dev: error when trying to install together)
Your message dated Fri, 20 Mar 2015 14:12:44 +0100 with message-id CA+7wUsx8Sw9e=pcrEyw26RBJnjZ7o=+3tt8eafc9uhn+uet...@mail.gmail.com and subject line Re: openjp2 2.0 - 2.1 transition has caused the Debian Bug report #761355, regarding libopenjpeg6-dev and libopenjp2-7-dev: error when trying to install together to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 761355: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761355 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libopenjp2-7-dev,libopenjpeg6-dev Version: libopenjp2-7-dev/2.1.0-1 Version: libopenjpeg6-dev/2.0.0-1 Severity: serious User: trei...@debian.org Usertags: edos-file-overwrite Date: 2014-09-13 Architecture: amd64 Distribution: sid Hi, automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the following problem: Selecting previously unselected package libopenjp2-7:amd64. (Reading database ... 10869 files and directories currently installed.) Preparing to unpack .../libopenjp2-7_2.1.0-1_amd64.deb ... Unpacking libopenjp2-7:amd64 (2.1.0-1) ... Selecting previously unselected package libopenjpeg6:amd64. Preparing to unpack .../libopenjpeg6_2.0.0-1_amd64.deb ... Unpacking libopenjpeg6:amd64 (2.0.0-1) ... Selecting previously unselected package libopenjp2-7-dev. Preparing to unpack .../libopenjp2-7-dev_2.1.0-1_amd64.deb ... Unpacking libopenjp2-7-dev (2.1.0-1) ... Selecting previously unselected package libopenjpeg6-dev:amd64. Preparing to unpack .../libopenjpeg6-dev_2.0.0-1_amd64.deb ... Unpacking libopenjpeg6-dev:amd64 (2.0.0-1) ... dpkg: error processing archive /var/cache/apt/archives/libopenjpeg6-dev_2.0.0-1_amd64.deb (--unpack): trying to overwrite '/usr/lib/x86_64-linux-gnu/libopenjp2.so', which is also in package libopenjp2-7-dev 2.1.0-1 Errors were encountered while processing: /var/cache/apt/archives/libopenjpeg6-dev_2.0.0-1_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) This is a serious bug as it makes installation fail, and violates sections 7.6.1 and 10.1 of the policy. An optimal solution would consist in only one of the packages installing that file, and renaming or removing the file in the other package. Depending on the circumstances you might also consider Replace relations or file diversions. If the conflicting situation cannot be resolved then, as a last resort, the two packages have to declare a mutual Conflict. Please take into account that Replaces, Conflicts and diversions should only be used when packages provide different implementations for the same functionality. Here is a list of files that are known to be shared by both packages (according to the Contents file for sid/amd64, which may be slightly out of sync): /usr/lib/x86_64-linux-gnu/libopenjp2.so This bug has been filed against both packages. If you, the maintainers of the two packages in question, have agreed on which of the packages will resolve the problem please reassign the bug to that package. You may then also register in the BTS that the other package is affected by the bug. -Ralf. PS: for more information about the detection of file overwrite errors of this kind see http://edos.debian.net/file-overwrites/. ---End Message--- ---BeginMessage--- On Tue, Mar 17, 2015 at 12:52 PM, Andreas Beckmann a...@debian.org wrote: On 2015-03-17 09:52, Mathieu Malaterre wrote: Let me know if I misunderstood your email: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=46;bug=761355#46 These bugs were dangling around assigned to a not longer existing package. You should probably close them as well. The successor packages may need Breaks+Replaces against the obsolete packages to ensure clean upgrade paths on all cases. The issue only appeared for a very limited time within the `testing` release. I am closing these and we'll see if this is an issue for anyone but the `edos-file-overwrite` robot.---End Message---
Bug#780855: lacks dependency on libnl-3-dev
On Mar 20, Marco d'Itri m...@linux.it wrote: Package 'libnl-3.0', required by 'libteam', not found But then if I install it I get: libtool: link: gcc -std=gnu99 -Wall -Werror -Wformat -Wformat-security -fPIE -DPIE -D_FORTIFY_SOURCE=2 --param ssp-buffer-size=4 -fstack-protector -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -isystem /usr/include/bsd -DLIBBSD_OVERLAY -Wl,-z -Wl,relro -Wl,-z -Wl,now -pie -fPIE -pie -Wl,-z -Wl,relro -Wl,-z -Wl,now -Wl,-z -Wl,nodlopen -Wl,-u -Wl,libbsd_init_func -o ladvd main.o ./.libs/libmisc.a ./.libs/libproto.a ./.libs/libcompat.a -lbsd-ctor -lbsd -levent -lpcap -lpci /usr/lib/x86_64-linux-gnu/libcap-ng.so -lmnl -lteam -lnl-3 [...] dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/ladvd/usr/sbin/ladvd was not linked against libnl-3.so.200 (it uses none of the library's symbols) So it appears that the .pc file is also incorrect in linking the target with libnl-3. -- ciao, Marco pgprBaeKej8oI.pgp Description: PGP signature
Bug#780855: lacks dependency on libnl-3-dev
Package: libteam-dev Version: 1.12-1 Severity: serious $ pkg-config --exists --print-errors libteam Package libnl-3.0 was not found in the pkg-config search path. Perhaps you should add the directory containing `libnl-3.0.pc' to the PKG_CONFIG_PATH environment variable Package 'libnl-3.0', required by 'libteam', not found -- ciao, Marco pgpCfXXm4GqUm.pgp Description: PGP signature
Bug#780797: openssh-server: modifies the user configuration
The issue here is that the openssh-server package modifies two config files in /etc without any warning to the user, and that's a clear Policy violation IMHO: § 10.7.3 Behavior Configuration file handling must conform to the following behavior: • local changes must be preserved during a package upgrade Changing the default config file /for new installs/ is fine, but changing user-made modifications to config files is not. In this case openssh-server modifies both /etc/ssh_config and /etc/sshd_config and dpkg doesn't say a thing about it. The *particular changes made* aren't the issue at all: the issue is the slippery slope problem, and that's why I think the Policy is written exactly how it is. If it's okay to modify a user's changes here, then it's okay to do it elsewhere. -- Chris -- Chris Knadle chris.kna...@coredump.us -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#780591: ltsp-client-builder fails when installing Debian Edu combined server in virtualbox environment
Processing control commands: severity -1 serious Bug #780591 [ltsp-client-builder] ltsp-client-builder fails when installing Debian Edu combined server in virtualbox environment Severity set to 'serious' from 'important' tags -1 patch Bug #780591 [ltsp-client-builder] ltsp-client-builder fails when installing Debian Edu combined server in virtualbox environment Added tag(s) patch. -- 780591: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780591 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: xerces-c: diff for NMU version 3.1.1-5.1
Processing control commands: tags 780827 + pending Bug #780827 [src:xerces-c] xerces-c: CVE-2015-0252: Apache Xerces-C XML Parser Crashes on Malformed Input Added tag(s) pending. -- 780827: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780827 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#780827: xerces-c: diff for NMU version 3.1.1-5.1
Control: tags 780827 + pending
Hi Jay!
I've prepared an NMU for xerces-c (versioned as 3.1.1-5.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
It is the same patch as used for the wheezy-security upload.
Regards,
Salvatore
diff -Nru xerces-c-3.1.1/debian/changelog xerces-c-3.1.1/debian/changelog
--- xerces-c-3.1.1/debian/changelog 2014-01-08 21:48:52.0 +0100
+++ xerces-c-3.1.1/debian/changelog 2015-03-20 19:43:44.0 +0100
@@ -1,3 +1,12 @@
+xerces-c (3.1.1-5.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Add CVE-2015-0252.patch patch.
+CVE-2015-0252: Apache Xerces-C XML parser crashes on malformed input.
+(Closes: #780827)
+
+ -- Salvatore Bonaccorso car...@debian.org Fri, 20 Mar 2015 19:40:31 +0100
+
xerces-c (3.1.1-5) unstable; urgency=medium
* Apply upstream patch for PATH_MAX to enable compilation on GNU hurd.
diff -Nru xerces-c-3.1.1/debian/patches/CVE-2015-0252.patch xerces-c-3.1.1/debian/patches/CVE-2015-0252.patch
--- xerces-c-3.1.1/debian/patches/CVE-2015-0252.patch 1970-01-01 01:00:00.0 +0100
+++ xerces-c-3.1.1/debian/patches/CVE-2015-0252.patch 2015-03-20 19:43:44.0 +0100
@@ -0,0 +1,66 @@
+Description: CVE-2015-0252: Apache Xerces-C XML Parser Crashes on Malformed Input
+ The Xerces-C XML parser mishandles certain kinds of malformed input
+ documents, resulting in a segmentation fault during a parse operation.
+Origin: upstream, http://svn.apache.org/viewvc?view=revisionrevision=1667870
+Bug-Debian: https://bugs.debian.org/780827
+Forwarded: not-needed
+Author: Salvatore Bonaccorso car...@debian.org
+Last-Update: 2015-03-12
+Applied-Upstream: 3.1.2
+
+--- a/src/xercesc/internal/XMLReader.cpp
b/src/xercesc/internal/XMLReader.cpp
+@@ -1460,6 +1460,17 @@ void XMLReader::doInitDecode()
+
+ while (fRawBufIndex fRawBytesAvail)
+ {
++// Security fix: make sure there are at least sizeof(UCS4Ch) bytes to consume.
++if (fRawBufIndex + sizeof(UCS4Ch) fRawBytesAvail) {
++ThrowXMLwithMemMgr1
++(
++TranscodingException
++, XMLExcepts::Reader_CouldNotDecodeFirstLine
++, fSystemId
++, fMemoryManager
++);
++}
++
+ // Get out the current 4 byte value and inc our raw buf index
+ UCS4Ch curVal = *asUCS++;
+ fRawBufIndex += sizeof(UCS4Ch);
+@@ -1619,6 +1630,17 @@ void XMLReader::doInitDecode()
+
+ while (fRawBufIndex fRawBytesAvail)
+ {
++// Security fix: make sure there are at least sizeof(UTF16Ch) bytes to consume.
++if (fRawBufIndex + sizeof(UTF16Ch) fRawBytesAvail) {
++ThrowXMLwithMemMgr1
++(
++TranscodingException
++, XMLExcepts::Reader_CouldNotDecodeFirstLine
++, fSystemId
++, fMemoryManager
++);
++}
++
+ // Get out the current 2 byte value
+ UTF16Ch curVal = *asUTF16++;
+ fRawBufIndex += sizeof(UTF16Ch);
+@@ -1708,6 +1730,17 @@ void XMLReader::doInitDecode()
+ //
+ void XMLReader::refreshRawBuffer()
+ {
++// Security fix: make sure we don't underflow on the subtraction.
++if (fRawBufIndex fRawBytesAvail) {
++ThrowXMLwithMemMgr1
++(
++RuntimeException
++, XMLExcepts::Str_StartIndexPastEnd
++, fSystemId
++, fMemoryManager
++);
++}
++
+ //
+ // If there are any bytes left, move them down to the start. There
+ // should only ever be (max bytes per char - 1) at the most.
diff -Nru xerces-c-3.1.1/debian/patches/series xerces-c-3.1.1/debian/patches/series
--- xerces-c-3.1.1/debian/patches/series 2014-01-08 21:48:52.0 +0100
+++ xerces-c-3.1.1/debian/patches/series 2015-03-20 19:43:44.0 +0100
@@ -1 +1,2 @@
hurd-path-max.patch
+CVE-2015-0252.patch
Processed: fixed 780827 in 3.1.1-3+deb7u1
Processing commands for cont...@bugs.debian.org: fixed 780827 3.1.1-3+deb7u1 Bug #780827 [src:xerces-c] xerces-c: CVE-2015-0252: Apache Xerces-C XML Parser Crashes on Malformed Input The source 'xerces-c' and version '3.1.1-3+deb7u1' do not appear to match any binary packages Marked as fixed in versions xerces-c/3.1.1-3+deb7u1. thanks Stopping processing here. Please contact me if you need assistance. -- 780827: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780827 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#780858: Massive I/O data corruption on Marvell Armada XP machines
Package: src:linux Version: 3.16.7-ckt7-1 Severity: grave Tags: upstream Hi folks, We've upgraded a couple of our Marvell Armada XP based (armel/armhf) buildd machines to Jessie, and they've almost immediately fallen over with symptoms of really bad data corruption. On further investigation and discussion with some of the upstream maintainers for this hardware, this is a known issue with I/O coherency and there are patches available for testing: * 8f1e8ee28660018a935c7576b9af8ffe1feab54c is a patch to disable coherency for now, and * http://lists.infradead.org/pipermail/linux-arm-kernel/2015-March/330104.html is a second patch needed too (do not register custom DMA operations when coherency is disabled) I'm just doing a local build right now with these patches applied so I can test. More news ASAP. -- System Information: Debian Release: 7.8 APT prefers stable APT policy: (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: limit source to krb5, tagging 780831
Processing commands for cont...@bugs.debian.org: limit source krb5 Limiting to bugs with field 'source' containing at least one of 'krb5' Limit currently set to 'source':'krb5' tags 780831 + pending Bug #780831 [krb5-kdc] breaks if /etc/ssl/private is missing Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 780831: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780831 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#780756: libzip: diff for NMU version 0.11.2-1.2
Control: tags 780756 + patch
Control: tags 780756 + pending
Hi Fathi,
I've prepared an NMU for libzip (versioned as 0.11.2-1.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards,
Salvatore
diff -Nru libzip-0.11.2/debian/changelog libzip-0.11.2/debian/changelog
--- libzip-0.11.2/debian/changelog 2014-08-06 15:40:49.0 +0200
+++ libzip-0.11.2/debian/changelog 2015-03-20 20:18:20.0 +0100
@@ -1,3 +1,12 @@
+libzip (0.11.2-1.2) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Add CVE-2015-2331.patch patch.
+CVE-2015-2331: ZIP integer overflow leads to writing past heap boundary.
+(Closes: #780756)
+
+ -- Salvatore Bonaccorso car...@debian.org Fri, 20 Mar 2015 20:17:45 +0100
+
libzip (0.11.2-1.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru libzip-0.11.2/debian/patches/CVE-2015-2331.patch libzip-0.11.2/debian/patches/CVE-2015-2331.patch
--- libzip-0.11.2/debian/patches/CVE-2015-2331.patch 1970-01-01 01:00:00.0 +0100
+++ libzip-0.11.2/debian/patches/CVE-2015-2331.patch 2015-03-20 20:18:20.0 +0100
@@ -0,0 +1,18 @@
+Description: CVE-2015-2331: ZIP integer overflow
+Origin: https://github.com/php/php-src/commit/ec779124cb7279493ce1ca1088d1aaa32e82479a
+Bug-Debian: https://bugs.debian.org/780756
+Forwarded: not-needed
+Author: Salvatore Bonaccorso car...@debian.org
+Last-Update: 2015-03-20
+
+--- a/lib/zip_dirent.c
b/lib/zip_dirent.c
+@@ -110,7 +110,7 @@ _zip_cdir_new(zip_uint64_t nentry, struc
+
+ if (nentry == 0)
+ cd-entry = NULL;
+-else if ((cd-entry=(struct zip_entry *)malloc(sizeof(*(cd-entry))*(size_t)nentry)) == NULL) {
++else if (nentry ((size_t)-1)/sizeof(*(cd-entry)) || (cd-entry=(struct zip_entry *)malloc(sizeof(*(cd-entry))*(size_t)nentry)) == NULL) {
+ _zip_error_set(error, ZIP_ER_MEMORY, 0);
+ free(cd);
+ return NULL;
diff -Nru libzip-0.11.2/debian/patches/series libzip-0.11.2/debian/patches/series
--- libzip-0.11.2/debian/patches/series 1970-01-01 01:00:00.0 +0100
+++ libzip-0.11.2/debian/patches/series 2015-03-20 20:18:20.0 +0100
@@ -0,0 +1 @@
+CVE-2015-2331.patch
signature.asc
Description: Digital signature
Processed: libzip: diff for NMU version 0.11.2-1.2
Processing control commands: tags 780756 + patch Bug #780756 [src:libzip] libzip: CVE-2015-2331: ZIP integer overflow Added tag(s) patch. tags 780756 + pending Bug #780756 [src:libzip] libzip: CVE-2015-2331: ZIP integer overflow Added tag(s) pending. -- 780756: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780756 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#780875: mantis: MantisBT 1.2.19 multiple vulnerabilities (Access control bypass/XSS/SQL injection/etc)
Package: mantis Version: 1.2.18-1 Severity: grave Tags: security upstream fixed-upstream Justification: user security hole Dear Maintainer, There is an upstream security update that fixes the following security issues: * CVE-2014-9571: XSS in install.php * CVE-2014-9572: Improper Access Control in install.php * CVE-2014-9573: SQL Injection in manage_user_page.php * CVE-2014-9624: CAPTCHA bypass * CVE-2014-9701: XSS vulnerability in permalink_page.php * CVE-2015-1042: URL redirection issue Also it fixes some regressions introduced in 1.2.18: * #17993 prevents new users from signing up on systems using CAPTCHA. * #17967 which causes a PHP error when reporting issues on systems with checkbox custom fields. Especially the former is really annoying if the only choice is keeping people from signing up or having a lot of spammer accounts. Changelog is here: http://mantisbt.org/bugs/changelog_page.php?project=mantisbtversion=1.2.19 Thanks for taking care of this issue, Michael -- System Information: Debian Release: 7.8 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages mantis depends on: ii apache2 2.2.22-13+deb7u4 ii apache2-mpm-prefork [httpd] 2.2.22-13+deb7u4 ii apache2-utils2.2.22-13+deb7u4 ii debconf [debconf-2.0]1.5.49 ii libapache2-mod-php5 5.4.38-0+deb7u1 ii libjs-prototype 1.7.0-2 ii libjs-scriptaculous 1.9.0-2 ii libnusoap-php0.7.3-5 ii libphp-adodb 5.15-1 ii libphp-phpmailer 5.1-1 ii php5-cli 5.4.38-0+deb7u1 ii ucf 3.0025+nmu3 Versions of packages mantis recommends: ii mysql-client 5.5.41-0+wheezy1 ii mysql-client-5.5 [mysql-client] 5.5.41-0+wheezy1 ii php5-mysql 5.4.38-0+deb7u1 Versions of packages mantis suggests: ii mysql-server 5.5.41-0+wheezy1 ii php5-cli 5.4.38-0+deb7u1 -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: limit source to linux, tagging 780858
Processing commands for cont...@bugs.debian.org: limit source linux Limiting to bugs with field 'source' containing at least one of 'linux' Limit currently set to 'source':'linux' tags 780858 + pending Bug #780858 [src:linux] Massive I/O data corruption on Marvell Armada XP machines Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 780858: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780858 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#780831: marked as done (breaks if /etc/ssl/private is missing)
Your message dated Fri, 20 Mar 2015 21:20:12 + with message-id e1yz4ky-0001xy...@franck.debian.org and subject line Bug#780831: fixed in krb5 1.12.1+dfsg-19 has caused the Debian Bug report #780831, regarding breaks if /etc/ssl/private is missing to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 780831: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780831 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: krb5-kdc Version: 1.12.1+dfsg-18 Severity: grave /lib/systemd/system/krb5-kdc.service contains: [Service] InaccessibleDirectories=/etc/ssh /etc/ssl/private /root so starting the unit will fail if one of the directories is missing: Mar 20 08:44:09 bokassa systemd[1191]: Failed at step NAMESPACE spawning /usr/sbin/krb5kdc: Operation not permitted Since none of these directories are provided by the package or one of its dependencies they should all be marked as optional. systemd.exec(5) explains how to solve this: Paths in ReadOnlyDirectories= and InaccessibleDirectories= may be prefixed with -, in which case they will be ignored when they do not exist. The same applies to krb5-admin-server.service in the krb5-admin-server package. And both packages should really switch from /var/run to /run. -- ciao, Marco pgpAlq38Ij98l.pgp Description: PGP signature ---End Message--- ---BeginMessage--- Source: krb5 Source-Version: 1.12.1+dfsg-19 We believe that the bug you reported is fixed in the latest version of krb5, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 780...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sam Hartman hartm...@debian.org (supplier of updated krb5 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 20 Mar 2015 16:22:33 -0400 Source: krb5 Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-otp krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit9 libkadm5clnt-mit9 libk5crypto3 libkdb5-7 libkrb5support0 libkrad0 krb5-gss-samples krb5-locales libkrad-dev Architecture: source all amd64 Version: 1.12.1+dfsg-19 Distribution: unstable Urgency: medium Maintainer: Sam Hartman hartm...@debian.org Changed-By: Sam Hartman hartm...@debian.org Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-doc - Documentation for MIT Kerberos krb5-gss-samples - MIT Kerberos GSS Sample applications krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-locales - Internationalization support for MIT Kerberos krb5-multidev - Development files for MIT Kerberos without Heimdal conflict krb5-otp - OTP plugin for MIT Kerberos krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - Basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit9 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit9 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-7 - MIT Kerberos runtime libraries - Kerberos database libkrad-dev - MIT Kerberos RADIUS Library Development libkrad0 - MIT Kerberos runtime libraries - RADIUS library libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - Debugging files for MIT Kerberos libkrb5-dev - Headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Closes: 780831 Changes: krb5 (1.12.1+dfsg-19) unstable; urgency=medium . * mark systemd unit directories as optional, Closes: #780831 Checksums-Sha1: 4843a3a359c27d3d34716d0f823dbecdac21861c 3141 krb5_1.12.1+dfsg-19.dsc 406c8994ed233e69b88b47ee3f75e42f0cb2c6c3 112652 krb5_1.12.1+dfsg-19.debian.tar.xz 3f2a27646c183bec28edb2aa4868eb6014353610 4677036 krb5-doc_1.12.1+dfsg-19_all.deb d36986883200ee798f8881baddca9b7512dcc3dc 2648082 krb5-locales_1.12.1+dfsg-19_all.deb
Bug#780385: marked as done (ecryptfs-utils: CVE-2014-9687)
Your message dated Fri, 20 Mar 2015 21:48:48 + with message-id e1yz4me-0005ci...@franck.debian.org and subject line Bug#780385: fixed in ecryptfs-utils 103-4 has caused the Debian Bug report #780385, regarding ecryptfs-utils: CVE-2014-9687 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 780385: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780385 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: ecryptfs-utils Severity: grave Tags: security Justification: user security hole This has been assigned CVE-2014-9687: http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/839 Cheers, Moritz ---End Message--- ---BeginMessage--- Source: ecryptfs-utils Source-Version: 103-4 We believe that the bug you reported is fixed in the latest version of ecryptfs-utils, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 780...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laszlo Boszormenyi (GCS) g...@debian.org (supplier of updated ecryptfs-utils package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 20 Mar 2015 21:08:39 + Source: ecryptfs-utils Binary: ecryptfs-utils ecryptfs-utils-dbg libecryptfs0 libecryptfs-dev python-ecryptfs Architecture: source amd64 Version: 103-4 Distribution: unstable Urgency: high Maintainer: Filesystems Group filesystems-de...@lists.alioth.debian.org Changed-By: Laszlo Boszormenyi (GCS) g...@debian.org Description: ecryptfs-utils - ecryptfs cryptographic filesystem (utilities) ecryptfs-utils-dbg - ecryptfs cryptographic filesystem (utilities; debug) libecryptfs-dev - ecryptfs cryptographic filesystem (development) libecryptfs0 - ecryptfs cryptographic filesystem (library) python-ecryptfs - ecryptfs cryptographic filesystem (python) Closes: 780385 Changes: ecryptfs-utils (103-4) unstable; urgency=high . * Backport upstream fix for CVE-2014-9687 (closes: #780385). Checksums-Sha1: a335550904540445cfc937ebfc148ab8d36d465b 2327 ecryptfs-utils_103-4.dsc 53797af177ac0c564796e12712724dc43238f2a0 14692 ecryptfs-utils_103-4.debian.tar.xz 7b150ae0eb71863ee2b74438867c8c93a53c359e 98408 ecryptfs-utils_103-4_amd64.deb fdf081ca9ca70e5bcf43a21d0a87888b5b4fa9af 260562 ecryptfs-utils-dbg_103-4_amd64.deb 780c228ae4a7f8e5c590ecd877c73bcedadf451d 40728 libecryptfs0_103-4_amd64.deb 761a53d18d4adc79ec730705fcf8690c7e1e07b1 48292 libecryptfs-dev_103-4_amd64.deb 8d6adc839b327cb7a46d618a70747fdbe6c1eda1 18798 python-ecryptfs_103-4_amd64.deb Checksums-Sha256: 681c8715ccdcfe49561a83b4eee37043fc27f0c4a186c15e2b4d677a1c1163f8 2327 ecryptfs-utils_103-4.dsc 5fcded1f60391f0fa5ccc675097ab9a26e528949ead3820cf45085a5dda28121 14692 ecryptfs-utils_103-4.debian.tar.xz e863d2bc77e2922b0601927a9c4850ec597735159d41dff1b879100ec0312fcb 98408 ecryptfs-utils_103-4_amd64.deb 37be415b4d1247d4020f4e7dd53b5a77d0ebd29e0fbcc7871b56ad5b36538c7c 260562 ecryptfs-utils-dbg_103-4_amd64.deb ef59a9ba4ae463468d3bb895c96877c65e14bc114dacf35827f26a7bf9a6c9ce 40728 libecryptfs0_103-4_amd64.deb 8dcece9ba237af35b943cb448cf31c8ba8fd46f4a444b5830d647cdb48801d9c 48292 libecryptfs-dev_103-4_amd64.deb c51eeb32ae78106bad8a570954b59c1adb393439ed1bbd07cc14900f6b64a00b 18798 python-ecryptfs_103-4_amd64.deb Files: f5e93a296e8e5d78dee8456d3c5b8252 2327 misc optional ecryptfs-utils_103-4.dsc cf79e6f630ace7b58047409b67afebb8 14692 misc optional ecryptfs-utils_103-4.debian.tar.xz 4d2041f03f6a022613b4d85797dbd039 98408 misc optional ecryptfs-utils_103-4_amd64.deb a7a09a573d0c9d4babe9fa33660e 260562 debug extra ecryptfs-utils-dbg_103-4_amd64.deb aaad95c53ff08e91874dceed6c660de3 40728 libs optional libecryptfs0_103-4_amd64.deb 51b8d82199a41ac3c5dd481fa84e81e1 48292 libdevel optional libecryptfs-dev_103-4_amd64.deb d91d71c1961080bdf7caa331fd3e38b4 18798 python optional python-ecryptfs_103-4_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJVDJI0AAoJENzjEOeGTMi/7d8P/RQmOf4O06887S08/Toan3e3 lpYamhBBcyqpwg9a6h2LhJABH5ipJDBIZkDvoRS7+Tq+I1maCvOXSwDNu3W/t/sJ ejtwW16fzF9rnLxzhuP4TgihqaR29H0wmLK+z6u4hTEyk7sndQt5tavENzM47xnu
Bug#780880: inspircd: CVE-2012-1836 patch incorrect
Package: inspircd Version: 2.0.5-1+b1 Severity: grave Tags: security Justification: user security hole Hi, I am an upstream maintainer for InspIRCd. The patch you have for CVE-2012-1836 (patches/03_CVE-2012-1836.diff) is not the same patch we released as part of 2.0.7 (there was no 2.0.6) to address the CVE. It appears to be a a version of this commit: https://github.com/inspircd/inspircd/commit/9aa28f3730fb3dd69c1e06f78bb2bbc43d36c684. However this commit was never in a release, and was only in git for about 6 days (due to someone other than me pulling it in). I looked at the CVE and addressed it with two followup commits later. This commit and your patch do not fix the problem. You can still send maliciously crafted packets and cause remote code execution. This was fixed in https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89, prior to the 2.0.7 release. Furthermore, your patch introduces a buffer underflow where it has i =- 12 and not i -= 12. This causes it to start reading from before the packet's buffer. It is unclear to me what this can cause. Additionally, at the same time I commited 58c893e834ff20495d007709220881a3ff13f423 to prevent malicious packets from causing InspIRCd to infinite loop. This is not a part of the CVE as it does not allow remote code execution, but is still a critical problem due to the potential for denial of service. You should perhaps apply these two patches on top of your existing ones, or maybe fetch the dns.cpp file off of 2.0.7 here: https://github.com/inspircd/inspircd/blob/v2.0.7/src/dns.cpp. It does not change much. I would be willing to go through and provide a proper set of patches for this and other less-severe issues if requested. I do not want to do it up front because it would be a lot of work, and I am not sure whether or not it would be accepted. You have a very, very old InspIRCd version, and there is a lot of stuff to sift through (about 3 years). Let me know. Thanks, Adam -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#747863: marked as done (systemd service fails by default and causes package install failure)
Your message dated Fri, 20 Mar 2015 22:34:17 + with message-id e1yz5uf-0003z4...@franck.debian.org and subject line Bug#747863: fixed in nut 2.7.2-4 has caused the Debian Bug report #747863, regarding systemd service fails by default and causes package install failure to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 747863: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747863 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: nut-client Version: 2.7.1-1 Hello, nut-client's current systemd unit for upsmon is missing the init.d script's check for the unconfigured MODE=none in /etc/nut/nut.conf. This leads to a failed unit: | Apr 27 10:41:43 laptop upsmon[2856]: Fatal error: insufficient power configured! | Apr 27 10:41:43 laptop upsmon[2856]: Sum of power values: 0 | Apr 27 10:41:43 laptop upsmon[2856]: Minimum value (MINSUPPLIES): 1 | Apr 27 10:41:43 laptop upsmon[2856]: Edit your upsmon.conf and change the values. | Apr 27 10:41:43 laptop systemd[1]: nut-monitor.service: control process exited, code=exited status=1 | Apr 27 10:41:43 laptop systemd[1]: Failed to start Network UPS Tools - power device monitor and shutdown controller. | -- Subject: Unit nut-monitor.service has failed Unfortunately due to that the package installation also fails as the autogenerated postinsts assume invoke-rc.d to succeed. In other words, a clean install of nut-client under systemd fails. I see the following options: * Somehow add that startup condition to the .service. There is no ConditionCommand or similar which could hold that though, and putting the test into ExecStartPre= or similar wouldn't work either. So it would need to be something which doesn't cause the unit to fail (due to non-running daemon or non-zero exit). * In the postinst, only enable the unit if the service is configured, otherwise leave it as disabled; and add instructions how to enable it (with update-rc.d?) to nut.conf. * Drop the systemd unit entirely and continue using the init.d script for the time being (that's what I just did to the Ubuntu package for simplicity, for the record). Thanks, Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) signature.asc Description: Digital signature ---End Message--- ---BeginMessage--- Source: nut Source-Version: 2.7.2-4 We believe that the bug you reported is fixed in the latest version of nut, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 747...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laurent Bigonville bi...@debian.org (supplier of updated nut package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 20 Mar 2015 23:12:53 +0100 Source: nut Binary: nut nut-server nut-client nut-cgi nut-snmp nut-ipmi nut-xml nut-powerman-pdu nut-doc libupsclient4 libupsclient-dev python-nut nut-monitor libups-nut-perl Architecture: source all amd64 Version: 2.7.2-4 Distribution: unstable Urgency: medium Maintainer: Arnaud Quette aque...@debian.org Changed-By: Laurent Bigonville bi...@debian.org Description: libups-nut-perl - network UPS tools - Perl bindings for NUT server libupsclient-dev - network UPS tools - development files libupsclient4 - network UPS tools - client library nut- network UPS tools - metapackage nut-cgi- network UPS tools - web interface nut-client - network UPS tools - clients nut-doc- network UPS tools - documentation nut-ipmi - network UPS tools - IPMI driver nut-monitor - network UPS tools - GUI application to monitor UPS status nut-powerman-pdu - network UPS tools - PowerMan PDU driver nut-server - network UPS tools - core system nut-snmp - network UPS tools - SNMP driver nut-xml- network UPS tools - XML/HTTP driver python-nut - network UPS tools - Python bindings for NUT server Closes: 747863 Changes: nut (2.7.2-4) unstable; urgency=medium . * Really fix package initial installation when PID1 is systemd (Closes: #747863) Checksums-Sha1: ad0debbfc8d62624dfd1e6f777e5407a929dbb76 2710
Bug#773750: marked as done (nut-client: Fails to install)
Your message dated Fri, 20 Mar 2015 22:34:17 + with message-id e1yz5uf-0003z4...@franck.debian.org and subject line Bug#747863: fixed in nut 2.7.2-4 has caused the Debian Bug report #747863, regarding nut-client: Fails to install to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 747863: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747863 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: nut-client Version: 2.7.2-1+b3 Severity: serious Justification: Fails to install due to failing to start The package fails to configure on install due to ups-monitor service failing to start due to lack of configuration and failed to gracefully handle case of no valid configuration. This causes to package installation to fail which is a violation of debian packaging guidelines. -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages nut-client depends on: ii adduser 3.113+nmu3 ii init-system-helpers 1.22 ii libc62.19-13 ii libupsclient42.7.2-1+b3 ii lsb-base 4.1+Debian13+nmu1 Versions of packages nut-client recommends: ii bash-completion 1:2.1-4 Versions of packages nut-client suggests: ii nut-monitor 2.7.2-1 -- Configuration Files: /etc/nut/nut.conf [Errno 13] Permission denied: u'/etc/nut/nut.conf' /etc/nut/upsmon.conf [Errno 13] Permission denied: u'/etc/nut/upsmon.conf' /etc/nut/upssched.conf [Errno 13] Permission denied: u'/etc/nut/upssched.conf' -- no debconf information ---End Message--- ---BeginMessage--- Source: nut Source-Version: 2.7.2-4 We believe that the bug you reported is fixed in the latest version of nut, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 747...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laurent Bigonville bi...@debian.org (supplier of updated nut package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 20 Mar 2015 23:12:53 +0100 Source: nut Binary: nut nut-server nut-client nut-cgi nut-snmp nut-ipmi nut-xml nut-powerman-pdu nut-doc libupsclient4 libupsclient-dev python-nut nut-monitor libups-nut-perl Architecture: source all amd64 Version: 2.7.2-4 Distribution: unstable Urgency: medium Maintainer: Arnaud Quette aque...@debian.org Changed-By: Laurent Bigonville bi...@debian.org Description: libups-nut-perl - network UPS tools - Perl bindings for NUT server libupsclient-dev - network UPS tools - development files libupsclient4 - network UPS tools - client library nut- network UPS tools - metapackage nut-cgi- network UPS tools - web interface nut-client - network UPS tools - clients nut-doc- network UPS tools - documentation nut-ipmi - network UPS tools - IPMI driver nut-monitor - network UPS tools - GUI application to monitor UPS status nut-powerman-pdu - network UPS tools - PowerMan PDU driver nut-server - network UPS tools - core system nut-snmp - network UPS tools - SNMP driver nut-xml- network UPS tools - XML/HTTP driver python-nut - network UPS tools - Python bindings for NUT server Closes: 747863 Changes: nut (2.7.2-4) unstable; urgency=medium . * Really fix package initial installation when PID1 is systemd (Closes: #747863) Checksums-Sha1: ad0debbfc8d62624dfd1e6f777e5407a929dbb76 2710 nut_2.7.2-4.dsc f79d319e24c04c41bae0ac0c3dba9a63318566c0 53664 nut_2.7.2-4.debian.tar.xz 65cb56571c7faafb594d6ba6afb0233e537fec79 207228 nut_2.7.2-4_all.deb cfccdf9a367ec374b2aa71c780b578724c2d375d 1958828 nut-doc_2.7.2-4_all.deb 082276819b2a14a58f80eb93795eb71d9703ed73 132256 python-nut_2.7.2-4_all.deb 30b235d7e4b45349c12982f47fd77158cd147211 158148 nut-monitor_2.7.2-4_all.deb 53939d3a7ba2aa4c8c2ca41b28d73f9a67a3e23f 136956 libups-nut-perl_2.7.2-4_all.deb feba8dd8acfd1912d9976a2e921a5b2eeec75b01 750660 nut-server_2.7.2-4_amd64.deb 585a6fb6f0023b7bf487f46beb8bb6a703b4192d 215226
Bug#771887: marked as done (nut-client: Does not install cleanly)
Your message dated Fri, 20 Mar 2015 22:34:17 + with message-id e1yz5uf-0003z4...@franck.debian.org and subject line Bug#747863: fixed in nut 2.7.2-4 has caused the Debian Bug report #747863, regarding nut-client: Does not install cleanly to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 747863: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747863 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: nut-client Version: 2.7.2-1+b3 Severity: serious Justification: 10.7.3 An unconfigured package is expected to not fail installation. Setting up nut-client (2.7.2-1+b3) ... Job for nut-monitor.service failed. See systemctl status nut-monitor.service and journalctl -xe for details. invoke-rc.d: initscript nut-client, action start failed. dpkg: error processing package nut-client (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: nut-client Press Return to continue. -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (700, 'testing'), (650, 'stable'), (600, 'unstable'), (550, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.17-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---End Message--- ---BeginMessage--- Source: nut Source-Version: 2.7.2-4 We believe that the bug you reported is fixed in the latest version of nut, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 747...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laurent Bigonville bi...@debian.org (supplier of updated nut package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 20 Mar 2015 23:12:53 +0100 Source: nut Binary: nut nut-server nut-client nut-cgi nut-snmp nut-ipmi nut-xml nut-powerman-pdu nut-doc libupsclient4 libupsclient-dev python-nut nut-monitor libups-nut-perl Architecture: source all amd64 Version: 2.7.2-4 Distribution: unstable Urgency: medium Maintainer: Arnaud Quette aque...@debian.org Changed-By: Laurent Bigonville bi...@debian.org Description: libups-nut-perl - network UPS tools - Perl bindings for NUT server libupsclient-dev - network UPS tools - development files libupsclient4 - network UPS tools - client library nut- network UPS tools - metapackage nut-cgi- network UPS tools - web interface nut-client - network UPS tools - clients nut-doc- network UPS tools - documentation nut-ipmi - network UPS tools - IPMI driver nut-monitor - network UPS tools - GUI application to monitor UPS status nut-powerman-pdu - network UPS tools - PowerMan PDU driver nut-server - network UPS tools - core system nut-snmp - network UPS tools - SNMP driver nut-xml- network UPS tools - XML/HTTP driver python-nut - network UPS tools - Python bindings for NUT server Closes: 747863 Changes: nut (2.7.2-4) unstable; urgency=medium . * Really fix package initial installation when PID1 is systemd (Closes: #747863) Checksums-Sha1: ad0debbfc8d62624dfd1e6f777e5407a929dbb76 2710 nut_2.7.2-4.dsc f79d319e24c04c41bae0ac0c3dba9a63318566c0 53664 nut_2.7.2-4.debian.tar.xz 65cb56571c7faafb594d6ba6afb0233e537fec79 207228 nut_2.7.2-4_all.deb cfccdf9a367ec374b2aa71c780b578724c2d375d 1958828 nut-doc_2.7.2-4_all.deb 082276819b2a14a58f80eb93795eb71d9703ed73 132256 python-nut_2.7.2-4_all.deb 30b235d7e4b45349c12982f47fd77158cd147211 158148 nut-monitor_2.7.2-4_all.deb 53939d3a7ba2aa4c8c2ca41b28d73f9a67a3e23f 136956 libups-nut-perl_2.7.2-4_all.deb feba8dd8acfd1912d9976a2e921a5b2eeec75b01 750660 nut-server_2.7.2-4_amd64.deb 585a6fb6f0023b7bf487f46beb8bb6a703b4192d 215226 nut-client_2.7.2-4_amd64.deb 031f76bcc7cc8ca0da60919592c4de7891b9a6d2 175336 nut-cgi_2.7.2-4_amd64.deb 0cefd446b375dfd7b7776eaa85e07ec58807692b 167240 nut-snmp_2.7.2-4_amd64.deb 29c645ba87cf780cbf7af2187b8ff14cca03fe75 156166 nut-ipmi_2.7.2-4_amd64.deb 8cf77474ae14136432090605225dab50368274cb 162062 nut-xml_2.7.2-4_amd64.deb 64c5f60b6b6f297febcc761f0a2f91873a9af518 151858
