Bug#368420: ftpd-ssl: RC abuse of /etc/ssl/certs
Hi, From: Richard A Nelson [EMAIL PROTECTED] Subject: Bug#368420: ftpd-ssl: RC abuse of /etc/ssl/certs Date: Sun, 21 May 2006 19:09:45 -0700 Package: ftpd-ssl Version: 0.17.18+0.3-5 Severity: critical Justification: breaks unrelated software RC abuse of /etc/ssl/certs, rendering certificate validation inoperable. There are two problems with this packages use of /etc/ssl/certs: * Files in /etc/ssl/certs must be a+r - GNUTLS reads files in /etc/ssl/certs, and will not verify a remote certificate once it encounters an unreadable file in /etc/ssl/certs. - OPENSSL also must read files in /etc/ssl/certs, but seems to be more forgiving of errors incurred in the process. * This packages combines the key and cert into one file - which of course means it can't be world readable... and there for should not be in /etc/ssl/certs. At least the key file should be in some package private /etc/ directory - with the appropriate permissions. You can still use a combined file, but it just needs to be elsewhere. I noticed this when I couldn't connect to my corporate LDAP servers using ldaps://, but the breakage is going to be further spread (likely any GNUTLS client app needing to lookup certificate chains) As there is no upstream support anymore, can you provide a simple patch for it? Thanks, Qian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#341843: gkrellmd: Problem with allow-host 127.0.0.1
Hi, OK. As far as I know, this bug will only affect 2.2.5. I'll have a look, and try to make a patch for it. Qian On 4/9/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: gkrellmd 2.2.5 is the lastest version (stable). Ciao, -- Carsten Otto [EMAIL PROTECTED] www.c-otto.de
Bug#341843: gkrellmd: Problem with allow-host 127.0.0.1
Hi, I can reproduce this bug, because every time I try to telnet remotely, it is said Connection not allowed from XX.XX.XX.XX. However, it seems most of you use old version (2.2.5), so it would be wise to try (2.2.9) instead? Qian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#341843: gkrellmd: Problem with allow-host 127.0.0.1
Sorry, I mean I can NOT reproduce this bug. Qian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339419: d4x crashes in strlen () from /lib64/libc.so.6
Hi, Stangely, last time I checked it with my LFS machine, and there is no such problem. However, today I checked with Redhat (glib 2.4.7, gtk 2.4.13), Ubuntu and Debian (both 2.8.x), and it 100% reproduces. I have enclosed a detailed backtrace log. Cai Qian Starting program: /home/caiqian/packages/d4x-2.5.6/main/nt -w ftp://a7:[EMAIL PROTECTED]/b/ba9a70b8155812b821aaf1825d4fb420/AB_091__E_.part09.rar [Thread debugging using libthread_db enabled] [New Thread 16384 (LWP 2333)] [New Thread 32769 (LWP 2336)] [New Thread 16386 (LWP 2337)] - 19:40:47 31 12 2005 ? 19:40:47 31 12 2005 WebDownloader for X 2.5.6 [New Thread 32771 (LWP 2338)] [New Thread 49156 (LWP 2339)] ? 19:40:47 31 12 2005 Loading FTP-Search engines ? 19:40:47 31 12 2005 Normally started Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 32771 (LWP 2338)] 0x407e0413 in strlen () from /usr/lib/debug/libc.so.6 Current language: auto; currently c (gdb) bt #0 0x407e0413 in strlen () from /usr/lib/debug/libc.so.6 #1 0x406f5a2f in std::string::compare () from /usr/lib/libstdc++.so.6 #2 0x080577a0 in std::operator==char, std::char_traitschar, std::allocatorchar ([EMAIL PROTECTED], __rhs=0x0) at basic_string.h:2158 #3 0x080a8f09 in tFtpDownload::get_size (this=0x819ef38) at ftpd.cc:487 #4 0x080850d3 in tDownload::download_ftp (this=0x819e640) at dlist.cc:1630 #5 0x0808a412 in download_last (nothing=0x819e640) at main.cc:1867 #6 0x4001df4c in pthread_start_thread (arg=0xbf5ffbe0) at manager.c:310 #7 0x4001dfda in pthread_start_thread_event (arg=0xbf5ffbe0) at manager.c:334 #8 0x4083298a in clone () from /usr/lib/debug/libc.so.6 (gdb) thread apply all bt full Thread 5 (Thread 49156 (LWP 2339)): #0 0x4082bc81 in select () from /usr/lib/debug/libc.so.6 No locals. #1 0x40027ff4 in ?? () from /usr/lib/debug/libpthread.so.0 No symbol table info available. #2 0x081639f0 in ?? () No symbol table info available. #3 0xbf3ff800 in ?? () No symbol table info available. #4 0x in ?? () No symbol table info available. Thread 4 (Thread 32771 (LWP 2338)): #0 0x407e0413 in strlen () from /usr/lib/debug/libc.so.6 malloc_trace_buffer = 0x0 mallstream = (FILE *) 0x0 lock = {__m_reserved = 0, __m_count = 0, __m_owner = 0x0, __m_kind = 0, __m_lock = {__status = 0, __spinlock = 0}} tr_old_free_hook = (void (*)(void *, const void *)) 0 tr_old_memalign_hook = (void *(*)(size_t, size_t, const void *)) 0 mallenv = MALLOC_TRACE tr_old_realloc_hook = (void *(*)(void *, size_t, const void *)) 0 tr_old_malloc_hook = (void *(*)(size_t, const void *)) 0 mallwatch = (void *) 0x0 #1 0x406f5a2f in std::string::compare () from /usr/lib/libstdc++.so.6 No symbol table info available. #2 0x080577a0 in std::operator==char, std::char_traitschar, std::allocatorchar ([EMAIL PROTECTED], __rhs=0x0) at basic_string.h:2158 No locals. #3 0x080a8f09 in tFtpDownload::get_size (this=0x819ef38) at ftpd.cc:487 sz = 0 a = 0 #4 0x080850d3 in tDownload::download_ftp (this=0x819e640) at dlist.cc:1630 size = 578426686599592584 s = (class tSocket *) 0x0 CurentSize = 4612389654329556992 SIZE_FOR_DOWNLOAD = 135915072 #5 0x0808a412 in download_last (nothing=0x819e640) at main.cc:1867 addr = (d4x::URL *) 0x819e688 what = (class tDownload *) 0x819e640 #6 0x4001df4c in pthread_start_thread (arg=0xbf5ffbe0) at manager.c:310 request = {req_thread = 0x0, req_kind = REQ_CREATE, req_args = {create = {attr = 0x0, fn = 0, arg = 0x0, mask = { __val = {0 repeats 27 times, 1073884766, 1073885054, 0, 0, 0}}}, free = {thread_id = 0}, exit = {code = 0}, post = 0x0, for_each = {fn = 0, arg = 0x0}}} outcome = value optimized out #7 0x4001dfda in pthread_start_thread_event (arg=0xbf5ffbe0) at manager.c:334 No locals. #8 0x4083298a in clone () from /usr/lib/debug/libc.so.6 fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, fs_passno = 0}} __elf_set___libc_subfreeres_element_fstab_free__ = (const void *) 0x4086aa10 Thread 3 (Thread 16386 (LWP 2337)): #0 0x40021184 in __pthread_sigsuspend (set=0x40027ff4) at ../linuxthreads/sysdeps/unix/sysv/linux/pt-sigsuspend.c:54 resultvar = 4294967292 #1 0x4001ff59 in __pthread_wait_for_restart_signal (self=0xbf7ffbe0) at pthread.c:1216 mask = {__val = {18946, 0, 0, 0, 0, 0, 895, 18350080, 1081883292, 115, 135569684, 123, 8064, 65535, 0, 1073884350, 0, 0, 0, 1073844060, 1073905652, 135674016, 135674096, 3212835124, 1073871588, 135674032, 1073884766, 1083541168, 1073871278, 1, 0, 7}} #2 0x4001d57c in __pthread_cond_wait (cond=0x81638f0, mutex=0x81638a0
Bug#344690: 3.1r1 netinst is uninstallable with kernel 2.6
package: debian-installer severity: critical version: 3.1r1 Hi, I have tried this image http://cdimage.debian.org/debian-cd/3.1_r1/i386/iso-cd/debian-31r1-i386-netinst.iso with parameters, kernel26 acpi=off noacpi nolacpi However, it gave a error no installable kernel found during Install base system. Cai Qian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#341843: gkrellmd: Problem with allow-host 127.0.0.1
Hi, Can you just kill the previous gkrellmd and remove all the allow-host lines in config file. Then, start a new one with gkrellmd --allow-host 127.0.0.1? If the problem is still there, try gkrellmd --allow-host :::127.0.0.1 instead. So I can check if this is a bug only affect version 2.2.5, as it works quite well in 2.2.7 Cai Qian From: Pierre Pattard [EMAIL PROTECTED] Subject: Bug#341843: gkrellmd: Problem with allow-host 127.0.0.1 Date: Sat, 03 Dec 2005 15:43:28 +0100 Package: gkrellmd Version: 2.2.5-1.3 Severity: grave Justification: user security hole When I add a allow-host 127.0.0.1 line to gkrellmd.conf I can connect to the server from anywhere included a computer which has nothing to do with the server. allow-host localhost seems ok. allow-host ip where ip127.0.0.1 seem ok as well But allow-host 127.0.0.1 makes a big hole. The server's ip is 138.195.156.146 but I can even connect from my home where I've got a dynamic ip. I use IPv6. (Does it have any relationship to the problem ?) Thx. -- System Information: Debian Release: 3.1 Architecture: i386 (i586) Kernel: Linux 2.6.14-grsec Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages gkrellmd depends on: ii gkrellm-common 2.2.5-1.3multiple stacked system monitors: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libglib2.0-02.6.4-1 The GLib library of C routines -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339419: d4x crashes in strlen () from /lib64/libc.so.6
From: Max Alekseyev [EMAIL PROTECTED] Subject: Re: d4x crashes in strlen () from /lib64/libc.so.6 Date: Sat, 19 Nov 2005 12:46:09 -0800 Cai Qian wrote: This bug is caused by mismatch versions between libgtk2.0-0 (2.8.3-1) and libglib2.0-0 (2.6.10-1) in unstable. If use both 2.8 or 2.6, d4x will not crash. Could you provide a simpler testcase? Max You can try packages in experimental. http://packages.debian.org/experimental/libs/libgtk2.0-0 Cai Qian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339419: d4x crashes in strlen () from /lib64/libc.so.6
reassign 339419 libgtk2.0-0 Hi, This bug is caused by mismatch versions between libgtk2.0-0 (2.8.3-1) and libglib2.0-0 (2.6.10-1) in unstable. If use both 2.8 or 2.6, d4x will not crash. Cai Qian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339419: d4x crashes in strlen () from /lib64/libc.so.6
Hi, From: Max [EMAIL PROTECTED] Subject: Bug#339419: d4x crashes in strlen () from /lib64/libc.so.6 Date: Tue, 15 Nov 2005 22:15:11 -0800 Package: d4x Version: 2.5.6-2 Severity: grave Justification: renders package unusable d4x on attempt to process a link like ftp://a5:[EMAIL PROTECTED]/e/edbf5d055412df097e9ab4a16a886361/AB_091__E_.part05.rar Please note that this particular link is already expired (i.e., login is incorrect and d4x survives). To get a fresh one, open http://www.filefactory.com/get/f.php?f=26f737dbc373854c4a38ac77 in a browser, wait 15 sec, click Click here to continue to the download page., wait another 15 sec and find the link under FileFactory FTP -- Click here to download. I can't reproduce it, as it is said No such file or directory. Can you check the link? Cai Qian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339419: d4x crashes in strlen () from /lib64/libc.so.6
Hi, From: Max Alekseyev [EMAIL PROTECTED] Subject: Re: Bug#339419: d4x crashes in strlen () from /lib64/libc.so.6 Date: Fri, 18 Nov 2005 11:37:58 -0800 To reproduce: 1) open http://www.filefactory.com/get/f.php?f=26f737dbc373854c4a38ac77 in a browser 2) wait 15 sec 3) click at Click here to continue to the download page. 4) wait another 15 sec 5) find a link to ftp under FileFactory FTP -- Click here to download 6) try to download this link with d4x Max I suppose this file has been removed, as I got 550 /e/edbf5d055412df097e9ab4a16a886361/AB_091__E_.part05.rar: No such file or directory Cai Qian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#336367: FTBFS: uclibc missing asm-i486/mman.h
package: uclibc severity: serious Hi, when I try to dpkg-buildpackage -rfakeroot, it failed as the following reason, In file included from ../../ldso/include/dl-syscall.h:7, from ../../ldso/include/ldso.h:26, from ldso.c:32: ../../include/asm/mman.h:8:28: error: asm-i486/mman.h: No such file or directory Cai Qian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#293624: bad dependence on fonts
package: fcitx severity: serious fcitx depends on ttf-arphic-gbsn00lp or ttf-arphic-gkai00mp ,but I am using other free Chinese fonts, so I think I don't need to install above fonts. Unfortunately, this package made those fonts unremovable. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]