Bug#1057967: linux-image-6.1.0-15-amd64 renders my physical bookworm/gnome computer largely unusable
Breaking news: Am 11.12.23 um 19:14 schrieb Salvatore Bonaccorso: > I have put binary packages for amd64 built in > https://people.debian.org/~carnil/tmp/linux/1057967/ I confirm this test kernel is working fine for me, even with non-free broadcom-sta. (sent from " cat /proc/version Linux version 6.1.0-0.a.test-amd64 (debian-ker...@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC Debian 6.1.66-1a~test (2023-12-11) " through " modinfo wl filename: /lib/modules/6.1.0-0.a.test-amd64/updates/dkms/wl.ko license:MIXED/Proprietary alias: pci:v*d*sv*sd*bc02sc80i* depends:cfg80211 …" ) Thank you Salvatore. Let's get this into stable soon. -- Kevin Price
Bug#1057967: linux-image-6.1.0-15-amd64 renders my physical bookworm/gnome computer largely unusable
Control: affects -1 + src:broadcom-sta linux-image-6.1.0-15-amd64 @other affected users: What wifi drivers are you using, and do they taint your kernel? Am 11.12.23 um 13:27 schrieb Kevin Price: > Am 11.12.23 um 12:37 schrieb Salvatore Bonaccorso: > Need any more logfiles or testing? Is it syslog that might help you better, or any other log? Just let me know please. I'd love to help figure this out with mutual support. > I intend to test debian-live-12.4.0-amd64-gnome.iso *drumroll* Now this comes as a surprise to me. debian-live-12.4.0-amd64-gnome displays none of the bad behavior, even when actively using wifi. Apart from firmware, there's no non-free involved in debian-live. So could it be just some local configuration choice of mine, and of all the other affected users? Some years-old but possibly now poor choice of drivers/firmware maybe? I faintly remember having tried a free driver on this card at least two debian releases ago, but it worked so bad I had to switch to a non-free one: https://packages.debian.org/bookworm/broadcom-sta-dkms Which since has been upgraded with each debian release. Another Test: My old hardware has a physical RF kill switch. So I booted up 6.1.0-15 with it turned off: *drumroll* Works fine. So wifi seems to be singled out as the culprit in my case. (or possibly bluetooth, but I strongly doubt) See attachments regarding my wifi. Shame on me, if anyone ever suggested: "Never file a bug against a tainted kernel", because I did. But maybe it was good to do so. Because this bug is still very relevant, as it affects not only me, but renders multiple people's computers practically unusable when upgrading to 6.1.0-15. Not like "wifi gone bad", but "computer gone bad". This shouldn't happen within a stable debian release IMHO, and thus justifies some fairly high level of severity, IMHO. "critical", IDK. You own this bug, you decide. Now I conclude that 6.1.0-15 not only breaks src:broadcom-sta, but also vice versa. Are there any other wifi drivers affected? >> I'm right now curious to find out if we see the same as >> #1057969 and if the upstream commit db46c77f3d51 ("Revert "wifi: >> cfg80211: fix CQM for non-range use"") in 6.1.67 upstream fixes the >> issue. Now that sounds to me like exactly what caused this. Good to know that upstream has already reverted this regression. Please let me know what else to test or contribute, so that we can look forward to a debian stable 6.1 kernel without this bug. @Salvatore: Thanks a ton for your excellent work. Very much appreciated. HTH -- Kevin Pricesudo lspci -vvs2:0 02:00.0 Network controller: Broadcom Inc. and subsidiaries BCM4313 802.11bgn Wireless Network Adapter (rev 01) Subsystem: Broadcom Inc. and subsidiaries BCM4313 802.11bgn Wireless Network Adapter Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- Capabilities: [48] MSI: Enable- Count=1/1 Maskable- 64bit+ Address: Data: Capabilities: [d0] Express (v1) Endpoint, MSI 00 DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <4us, L1 unlimited ExtTag+ AttnBtn- AttnInd- PwrInd- RBE+ FLReset- SlotPowerLimit 10W DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq- RlxdOrd- ExtTag+ PhantFunc- AuxPwr- NoSnoop- MaxPayload 128 bytes, MaxReadReq 128 bytes DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ TransPend- LnkCap: Port #0, Speed 2.5GT/s, Width x1, ASPM L1, Exit Latency L1 <64us ClockPM+ Surprise- LLActRep+ BwNot- ASPMOptComp- LnkCtl: ASPM L1 Enabled; RCB 64 bytes, Disabled- CommClk+ ExtSynch- ClockPM+ AutWidDis- BWInt- AutBWInt- LnkSta: Speed 2.5GT/s, Width x1 TrErr- Train- SlotClk+ DLActive+ BWMgmt- ABWMgmt- Capabilities: [100 v1] Advanced Error Reporting UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol- UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol- UESvrt: DLP+ SDES- TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol- CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr- CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+ AERCap: First Error Pointer: 00, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn- MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap- HeaderLog: 00
Bug#1057967: linux-image-6.1.0-15-amd64 renders my physical bookworm/gnome computer largely unusable
Thank you Salvatore! Am 11.12.23 um 12:37 schrieb Salvatore Bonaccorso: > It still would be helpfull if you can get to the logs of the previous > boot. After booting back in the working kernel, do you have anything > sensible logged in the previous boot log? If so can you share that > please? Sure. Here's my boot.log. The first one at "Mon Dec 11 00:54:03 CET 2023" is the faulty 6.1.0-15. The 2nd one at "Mon Dec 11 01:13:38 CET 2023" is the working 6.1.0-13. Need any more logfiles or testing? I intend to test debian-live-12.4.0-amd64-gnome.iso on my computer, IOT rule out any local config peculiarities, FWIW. > I'm right now curious to find out if we see the same as > #1057969 and if the upstream commit db46c77f3d51 ("Revert "wifi: > cfg80211: fix CQM for non-range use"") in 6.1.67 upstream fixes the > issue. Please let me know what kernel version you want me to test, if they're provides as debian binaries. I'd be glad to help, probably not only for my own sake. Bear with me I'm unwilling to build kernel packages myself, due to lack of computing resources. HTH -- Kevin Price Mon Dec 11 00:54:03 CET 2023 /: clean, 635496/28696576 files, 99342237/114756608 blocks Mounting [0;1;39mproc-sys-fs-binfmt_misc.mount[0m - Arbitrary Executable File Formats File System... [[0;32m OK [0m] Finished [0;1;39msystemd-cryptsetup@cryptswap1.service[0m - Cryptography Setup for cryptswap1. [[0;32m OK [0m] Mounted [0;1;39mproc-sys-fs-binfmt_misc.mount[0m - Arbitrary Executable File Formats File System. [[0;32m OK [0m] Reached target [0;1;39mblockdev@dev-mapper-cryptswap1.target[0m - Block Device Preparation for /dev/mapper/cryptswap1. [[0;32m OK [0m] Reached target [0;1;39mcryptsetup.target[0m - Local Encrypted Volumes. [[0;32m OK [0m] Finished [0;1;39msystemd-binfmt.service[0m - Set Up Additional Binary Formats. [[0;32m OK [0m] Finished [0;1;39msystemd-tmpfiles-setup.service[0m - Create Volatile Files and Directories. Starting [0;1;39mmodprobe@dm_mod.service[0m - Load Kernel Module dm_mod... Starting [0;1;39mmodprobe@efi_pstore.service[0m - Load Kernel Module efi_pstore... Starting [0;1;39mmodprobe@loop.service[0m - Load Kernel Module loop... Starting [0;1;39msystemd-resolved.service[0m - Network Name Resolution... Starting [0;1;39msystemd-update-utmp.service[0m - Record System Boot/Shutdown in UTMP... [[0;32m OK [0m] Finished [0;1;39mmodprobe@dm_mod.service[0m - Load Kernel Module dm_mod. [[0;32m OK [0m] Finished [0;1;39mmodprobe@efi_pstore.service[0m - Load Kernel Module efi_pstore. [[0;32m OK [0m] Finished [0;1;39mmodprobe@loop.service[0m - Load Kernel Module loop. [[0;32m OK [0m] Found device [0;1;39mdev-mapper-cryptswap1.device[0m - /dev/mapper/cryptswap1. Activating swap [0;1;39mdev-mapper-cryptswap1.swap[0m - /dev/mapper/cryptswap1... [[0;32m OK [0m] Finished [0;1;39msystemd-update-utmp.service[0m - Record System Boot/Shutdown in UTMP. [[0;32m OK [0m] Activated swap [0;1;39mdev-mapper-cryptswap1.swap[0m - /dev/mapper/cryptswap1. [[0;32m OK [0m] Reached target [0;1;39mswap.target[0m - Swaps. [[0;32m OK [0m] Finished [0;1;39mapparmor.service[0m - Load AppArmor profiles. [[0;32m OK [0m] Started [0;1;39msystemd-resolved.service[0m - Network Name Resolution. [[0;32m OK [0m] Reached target [0;1;39mnss-lookup.target[0m - Host and Network Name Lookups. [[0;32m OK [0m] Reached target [0;1;39msysinit.target[0m - System Initialization. [[0;32m OK [0m] Started [0;1;39mcups.path[0m - CUPS Scheduler. [[0;32m OK [0m] Started [0;1;39manacron.timer[0m - Trigger anacron every hour. [[0;32m OK [0m] Started [0;1;39mapt-daily.timer[0m - Daily apt download activities. [[0;32m OK [0m] Started [0;1;39mapt-daily-upgrade.timer[0m - Daily apt upgrade and clean activities. [[0;32m OK [0m] Started [0;1;39mdpkg-db-backup.timer[0m - Daily dpkg database backup timer. [[0;32m OK [0m] Started [0;1;39me2scrub_all.timer[0m - Periodic ext4 Online Metadata Check for All Filesystems. [[0;32m OK [0m] Started [0;1;39mlogrotate.timer[0m - Daily rotation of log files. [[0;32m OK [0m] Started [0;1;39mman-db.timer[0m - Daily man-db regeneration. [[0;32m OK [0m] Started [0;1;39mntpsec-rotate-stats.timer[0m - Rotate ntpd stats daily. [[0;32m OK [0m] Started [0;1;39msystemd-tmpfiles-clean.timer[0m - Daily Cleanup of Temporary Directories. [[0;32m OK [0m] Reached target [0;1;39mpaths.target[0m - Path Units. [[0;32m OK [0m] Reached target [0;1;39mtimers.target[0m - Timer Units. [[0;32m OK [0m] Listening on [0;1;39mavahi-daemon.socket[0m - Avahi mDNS/DNS-SD Stack Activation Socket. [[0;32m OK [0m] Listening on [0;1;39mcups.socket[0m - CUPS Scheduler. [[0;32m OK [0m] L
Bug#1057967: linux-image-6.1.0-15-amd64 renders my physical bookworm/gnome computer largely unusable
Package: linux-image-6.1.0-15-amd64 Version: 6.1.66-1 Severity: critical Control: -1 notfound 6.1.64-1 When booting 6.1.0-15, my physical amd64/bookworm/gnome computer misbehaves in many ways, rendering it largely unusable. With kernels up to 6.1.0-13, and even briefly with the otherwise broken 6.1.0-14, all of this seemed fine. Misbehavior includes, not limited to: 1. Most actions take considerably longer than usual. 2. The GDM greeter has an English keyboard layout, which otherwise is German. (Login works.) 3. There seems to be no network connectivity. No WiFi icon. "ping 8.8.8.8" returns IIRC network unreachable. 4. Launching Firefox does apparently nothing. 5. Launching gnome-terminal does work, but some basic commands just freeze, such as "ip a" or "sudo dmesg". sudo hangs before prompting for the passphrase. At that stage, even "sudo -i", I cannot interrupt with "^C". 6. Shutting down takes ages, with systemd waiting for a bunch of processes (sudo) and services to terminate, most of the latter seem to be somehow network-related, but you tell me which aren't. After more that 10 min I used hard power-off, leaving my ext4 dirty, but being perfectly able to boot any of 6.1.0-12 through -15, with -12 and -13 working properly, and -15 showing the exact same misbehavior reproducibly. I'll attach all I could get out of reportbug running under 6.1.0-15, and please let me know what further testing I may perform IOT help you. Please also specify whether you'd like me to do that testing under 6.1.0-15, in which I cannot even invoke sudo, or under 6.1.0-13, which will do anything fine. Thanks a lot in advance, and HTH! -- Kevin PriceContent-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Kevin Price To: Debian Bug Tracking System Subject: linux-image-6.1.0-15-amd64 makes my physical bookworm/gnome system vastly unusable Bcc: Kevin Price Package: src:linux Version: 6.1.66-1 Severity: critical -- Package-specific info: ** Version: Linux version 6.1.0-15-amd64 (debian-ker...@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC Debian 6.1.66-1 (2023-12-09) ** Command line: BOOT_IMAGE=/boot/vmlinuz-6.1.0-15-amd64 root=UUID=b1e4af52-2d43-40ab-a468-ca11bf2a3122 ro quiet ** Tainted: POE (12289) * proprietary module was loaded * externally-built ("out-of-tree") module was loaded * unsigned module was loaded ** Kernel log: Unable to read kernel log; any relevant messages should be attached ** Model information sys_vendor: LENOVO product_name: 1068FQG product_version: Lenovo B570 chassis_vendor: LENOVO chassis_version: 0.1 bios_vendor: LENOVO bios_version: 44CN41WW board_vendor: LENOVO board_name: Emerald Lake board_version: FAB1 ** Loaded modules: cts uinput rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device xt_CHECKSUM xt_MASQUERADE bridge stp llc cmac algif_hash algif_skcipher af_alg bnep ip6t_rt ip6t_REJECT nf_reject_ipv6 nft_chain_nat nf_nat xt_set ipt_REJECT nf_reject_ipv4 xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_compat nf_tables binfmt_misc ip_set_hash_ipport pktcdvd ip_set nfnetlink intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp nls_ascii nls_cp437 btusb kvm_intel btrtl btbcm vfat btintel btmtk fat kvm bluetooth irqbypass crc32_pclmul crypto_simd xts ecb jitterentropy_rng dm_crypt ghash_clmulni_intel cryptd snd_hda_codec_hdmi sha512_ssse3 sha512_generic isofs sha256_ssse3 rtsx_usb_sdmmc sha1_ssse3 snd_hda_codec_realtek wl(POE) snd_hda_codec_generic mmc_core ledtrig_audio ctr rtsx_usb_ms memstick snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi drbg snd_hda_codec iTCO_wdt intel_pmc_bxt uvcvideo iTCO_vendor_support mei_hdcp at24 watchdog videobuf2_vmalloc snd_hda_core videobuf2_memops rtsx_usb rapl videobuf2_v4l2 ansi_cprng videobuf2_common snd_hwdep intel_cstate ecdh_generic intel_uncore wmi_bmof ecc snd_pcm videodev sr_mod cdrom r8169 cfg80211 realtek i2c_i801 snd_timer mc pcspkr i2c_smbus mei_me ideapad_laptop mdio_devres platform_profile snd libphy mei lpc_ich soundcore sparse_keymap rfkill ac battery button joydev sg coretemp parport_pc ppdev lp parport loop fuse efi_pstore dm_mod configfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 efivarfs raid10 raid456 libcrc32c crc32c_generic async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 raid0 multipath linear md_mod sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic hid_generic usbhid hid i915 i2c_algo_bit drm_buddy drm_display_helper ahci libahci drm_kms_helper libata cec rc_core ehci_pci ehci_hcd ttm scsi_mod usbcore crct10dif_pclmul crct10dif_common drm psmouse evdev crc32c_intel scsi_common serio_raw usb_common video wmi ** PCI devices: 00:00.0 Host bridge [0600]: Intel Corporation 2nd Generation Core Processor Family DRAM Controller [80
Bug#947745: recent version for stable-(updates|backports)
Package: youtube-dl Version: 2019.01.17-1.1 Severity: grave Justification: renders package unusable Dear maintainer, the buster version has quit working with yt. The error message is: "YouTube said: This video is unavailable." 2019.09.28-1 works. Due to the package's volatility (which causes this grave bug) and given its fairly stable dependencies, migrating recent versions into stable-updates might well be the neatest fix to this, imho. See also #908947. Cheers Kevin -- System Information: Debian Release: 10.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages youtube-dl depends on: ii python33.7.3-1 ii python3-pkg-resources 40.8.0-1 Versions of packages youtube-dl recommends: ii aria21.34.0-4 ii ca-certificates 20190110 ii curl 7.64.0-4 ii ffmpeg 7:4.1.4-1~deb10u1 ii mpv 0.29.1-1 ii phantomjs2.1.1+dfsg-2 ii python3-pyxattr 0.6.1-1 ii rtmpdump 2.4+20151223.gitfa8646d.1-2 ii wget 1.20.1-1.1 youtube-dl suggests no packages. -- no debconf information
Bug#730012: nginx: CVE-2013-4547
Hi Christos: Am 25.11.2013 21:07, schrieb Christos Trochalakis: > We are going to backport 1.4.4 as soon as it migrates to testing. Thanks even more. :) FYI: One serious data retention issue is a prime reason for using nginx >= 1.3.7, thus bpo: OCSP stapling. (rfc4366) So presumably there are many more users thankfully looking forward to this update. cheers -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#730012: nginx: CVE-2013-4547
Hi! Thanks a lot for fixing this issue! Is there a chance that the still vulnerable wheezy-backports will soon be either patched or updated? (I know, security does not include bpo.) patch: http://nginx.org/download/patch.2013.space.txt update: 1.4.4 or 1.5.7 will do. (reference: http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html ) brgds -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#602313: ZDI-CAN-925: proftpd TELNET_IAC processing stack overflow vulnerability
Package: proftpd Version: 1.3.1-17lenny4 Severity: critical Tags: security fixed-upstream Hi! Upstream released 1.3.3c on 29-Oct-2010, fixing upsteam bug 3521, which is said to allow remote arbitrary code execution without the need of authentication. For more information, please see http://www.zerodayinitiative.com/advisories/ZDI-10-229/ best regards -- Kevin Price http://www.kevin-price.de/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#502444: sshd fails at boot-time following reload by /etc/network/if-up.d/openssh-server presumably due to race condition
Thanks Colin, that was really 'sharpish' ! Version 5.1p1-5 works fine, as expected. After compiling it for amd64 and purging/reinstalling, I rebooted several times just to make sure. Let's hope this change will make it into lenny. I wouldn't be too concerned about any performance loss caused by 'restart' rather than reload. I'm curious if upstream/openBSD has anything like debian's /etc/network/if-up.d/openssh-server script, and how they solved this issue. All the best! -- Kevin Price http://www.kevin-price.de/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#502444: sshd fails at boot-time following reload by /etc/network/if-up.d/openssh-server presumably due to race condition
Sorry even debug level 3 does not seem to help us any further: Jan 13 22:52:30 leeloo3 sshd[2057]: debug2: fd 3 setting O_NONBLOCK Jan 13 22:52:30 leeloo3 sshd[2057]: debug1: Bind to port 22 on 0.0.0.0. Jan 13 22:52:30 leeloo3 sshd[2057]: Server listening on 0.0.0.0 port 22. Jan 13 22:52:30 leeloo3 sshd[2057]: socket: Address family not supported by protocol Jan 13 22:52:30 leeloo3 sshd[2057]: Received SIGHUP; restarting. That's all process 2057 ever logged before dying. Is there anything else I can do? Please let me know what and whether to leave your patch in /etc/network/if-up.d/openssh-server or to revert it to original. We do have some other lenny servers that don't do this. The difference is that they are already productive and start varios applications, while this one is pretty much naked lenny. Apart from the fact that all our lenny servers run etch kernels (2.6.18-6-amd64) for the time being, for some of the HP server management interfaces to work properly. -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#502444: sshd fails at boot-time following reload by /etc/network/if-up.d/openssh-server presumably due to race condition
I caught it dying under new circumstances this time: /etc/modules is in its original state (no bnx2) /etc/network/if-up.d/openssh-server contains only your patch LogLevel is DEBUG1 Oh and by the way, the ipv6 kernel module is disabled, FWIW. This is where it first starts in the boot process: Jan 13 22:32:45 leeloo3 sshd[2028]: debug1: Bind to port 22 on 0.0.0.0. Jan 13 22:32:45 leeloo3 sshd[2028]: Server listening on 0.0.0.0 port 22. Jan 13 22:32:45 leeloo3 sshd[2028]: socket: Address family not supported by protocol Jan 13 22:32:45 leeloo3 sshd[2028]: Received SIGHUP; restarting. And that was the last message when it died. The next message is when I log onto a console and manually /etc/init.d/ssh start. I'll try to increase the debug level some more. Just let's be patient because of all those reboots I need to go through. Those new generation servers with 8 CPU cores boot debian at ultra speed, but the BIOS takes ages... -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#502444: sshd fails at boot-time following reload by /etc/network/if-up.d/openssh-server presumably due to race condition
Thanks for the patch. It doesn't solve the problem. I reverted my changes back to the original state, and then rebooted to make sure the problem occurs. Then I applied your patch and rebooted, but the error occurred again, but only sometimes. Before your patch, when it failed, it logged this: Jan 13 23:56:50 leeloo3 sshd[2052]: Server listening on 0.0.0.0 port 22. Jan 13 23:56:50 leeloo3 sshd[2052]: Received SIGHUP; restarting. or that: Jan 13 23:46:40 leeloo3 sshd[2323]: Server listening on 0.0.0.0 port 22. Jan 13 23:46:50 leeloo3 sshd[2323]: Received signal 15; terminating. or that: Jan 13 22:16:51 leeloo3 sshd[2134]: Server listening on 0.0.0.0 port 22. Jan 13 22:16:51 leeloo3 sshd[2142]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use. When it worked, it just logged the first line of those. Now after applying your patch, it still logs the "SIGHUP" message and fails, or it logs only the first message and then works. Note that during this boot process the driver for the built-in NICs, bnx2, loads pretty late. Its last ready messages come even after the login prompt: bnx2: eth1 NIC Link is Up, 1000 Mbps full duplex bnx2: eth0 NIC Link is Up, 1000 Mbps full duplex The /etc/network/interfaces contains "allow-hotplug" for eth0 and eth1. I tried adding bnx2 to /etc/modules, causing the module to be loaded sooner, and couldn't seem to make it fail that way. But I'm still rebooting that machine over and over, trying to get somewhat reliable information. (race condition) -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#495581: this is fixed
Thijs Kinkhorst schrieb: > I'm specifically concerned about this statement of yours: > >>> Justification: introduces a security hole on systems where you install >>> the packages > > That definately does not hold, but it may give the impression to users that > all systems running Postfix are vulnerable, which is very far from reality. > I'm not quite concerned about which exact severity level a given bug has, > since that's quite abstract, but I am advocating to be careful with factual > statements about the impact of the vulnerability as you did above. Ah thank you. I had borrowed the words from the possible justifications of "critical" at http://release.debian.org/etch/rc_policy.txt and ment this only as distinction from grave being "introduces a security hole allowing access to the accounts of users who use the package" which applies much less. I know that most postfix users were not affected. So it would have been better to leave that line away, or to add a limitation like "under certain circumstances". cheers -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#495581: this is fixed
Thijs Kinkhorst schrieb: > Version: 2.3.8-2etch1 Ah, thank you. >> Justification: introduces a security hole on systems where you install >> the packages > > Huh? Have you read the author's announcement? It does no such thing on Debian > systems - it only introduces a local security hole on systems where you > (quite specifically) change the shipped configuration. Sure I read it. That's why I forwarded it to you. > The issue is now fixed in all distributions, so no need to argue over > severity - I'm rather closing this bug. FACK > But in the future please be more > careful when making statements about the impact of vulnerabilities. Please help me understand how you would have preferred me to report this, so next time I can do it right. From what I understand, security holes are critical or grave bugs, depending on whether a local account or the system are affected (can possibly be modified/compromised) In this case, it is the whole system, provided that the mail system is configured in a specific way, because not only a user using postfix may be affected, but also files belonging to other users or root. Why does this not justify critical? Would you really believe that grave would be more appropriate? Why? -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#495581: Acknowledgement (Postfix local privilege escalation via hardlinked symlinks)
tags 495581 - lenny sid fixed 495581 2.5.2-2lenny1 fixed 495581 2.5.4-1 thanks -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#480310: [ixp4xx] armel NSLU2 fails to boot with 2.6.25
Martin Michlmayr schrieb: > This has been fixed in version 2.6.25-3 of linux-image-2.6.25-2-ixp4xx > which is now in unstable. Would be great if you (Paul, Kevin) could > confirm it works. Yes, confirmed. It works nicely for me. I re-flashed the old apex from debian, and set modules=most in initramfs.conf. before installing 2.6.25-3. The initrd became 3840262 bytes small, which is fine. All the necessary modules are there too. Thanks a lot for that good piece of work! -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#480310: [ixp4xx] armel NSLU2 fails to boot with 2.6.25
Kevin Price schrieb: > Martin Michlmayr schrieb: >> The 2.6.26-rc2 test image is available from >> http://people.debian.org/~tbm/armel/kernel/r11383/ >> The fixed 2.6.25 package will be uploaded in the near future. > > At least the 2.6.26-rc2 makes my slug unbootable. Again, I need some > time to hook the serial console up to figure out why. (Wish I had a > USB/RS232 adaptor around) I'll let you know as soon as I can. Your 2.6.26-rc2 works. The reason it didn't boot seems to have been a wrong combination of apex / initramfs-configuration, my fault. It's OK. (Thanks for|Keep up) the great work. Kevin signature.asc Description: OpenPGP digital signature
Bug#480310: [ixp4xx] armel NSLU2 fails to boot with 2.6.25
Martin Michlmayr schrieb: > The 2.6.26-rc2 test image is available from > http://people.debian.org/~tbm/armel/kernel/r11383/ > The fixed 2.6.25 package will be uploaded in the near future. At least the 2.6.26-rc2 makes my slug unbootable. Again, I need some time to hook the serial console up to figure out why. (Wish I had a USB/RS232 adaptor around) I'll let you know as soon as I can. Kevin signature.asc Description: OpenPGP digital signature
Bug#480310: [ixp4xx] armel NSLU2 fails to boot with 2.6.25
Martin Michlmayr schrieb: > You'll also need the patch from #421359, otherwise the new APEX is not > written to flash. Yeah. I was thinking from a more low-level point of view and flashed the apex binary myself with the script. The result is good: The large initrd (modules=all) boots fine with that. That was because I dislike the idea about the imaginary version 1.5.14. Is it more appropriate to name it something like 1.5.13+gf1 ? I'll give it a try. > bugs. Another minor issue is that it would be nice to get more > feedback on the patch in #421359. I hope I can help that a little. > cross-compile would be fine. I just don't have a cross-compiler for > armel. Native or qemu would work too, but are slower. OK. Is the rc1 already debianized anywhere? Otherwise we might as well go for rc2. Kevin -- http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#480310: [ixp4xx] armel NSLU2 fails to boot with 2.6.25
Martin Michlmayr schrieb: > Kevin, since you have a serial console, are you interested in testing > the patches in #451882 and #421359? Yes. My slug is now compiling apex-1.4.15 with the patch from #451882 (CONFIG_RAMDISK_SIZE=0x0050) I am curious if this solves this bug and I will let you know. BTW: What is keeping the patches from moving into sid? I'd love to see a more current apex version in lenny. > debian-arm people in general: anyone with a armel compiler who's > interested in compiling and testing 2.6.26-rc1 on armel? Would that need to be a native or cross-compiler or is the qemu arm emulation reliable enough for such compilation jobs? Somehow I recall that the emulation was said to be unsuitable to be employed as buildds. Kevin -- http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#382767: nslu2-utils: NSLU2_IXP400_REQUIRED=true is ignored
Subject: nslu2-utils: NSLU2_IXP400_REQUIRED=true is ignored Package: nslu2-utils Version: 0.10+r58-4 Severity: critical Justification: breaks the whole system When updating from 0.10+r58-3 to 0.10+r58-4 the firmware gets flashed although the option NSLU2_IXP400_REQUIRED is set to true ans there is no ipx400 module. This breaks the slugs by making it unbootable. The user hast to flash a working firmware with upslug. * screenshot: Unpacking replacement slugimage ... Preparing to replace nslu2-utils 0.10+r58-3 (using .../nslu2-utils_0.10+r58-4_arm.deb) ... Unpacking replacement nslu2-utils ... Setting up libklibc (1.4.11-3) ... Setting up klibc-utils (1.4.11-3) ... Setting up libtiff4 (3.8.2-6) ... Setting up slugimage (0.10+r58-4) ... Setting up nslu2-utils (0.10+r58-4) ... update-initramfs: Generating /boot/initrd.img-2.6.16-2-nslu2 Warning: ixp400_eth ethernet driver not found, not included on image Error: This system has the ixp400_eth module loaded; not creating initramfs image that does not contain the module. To force creation of an image without the module, set NSLU2_IXP400_REQUIRED=false in /etc/mkinitramfs/nslu2.conf Flashing initramfs: done. Flashing kernel: done. Do you want to erase any previously downloaded .deb files? [Y/n] Press enter to continue. * See also the thread at http://lists.debian.org/debian-arm/2006/08/msg00033.html -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: arm (armv5tel) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-1-nslu2 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages nslu2-utils depends on: ii devio 1.2-1 correctly read (or write) a region ii slugimage 0.10+r58-4 NSUL2 firmware image manipulation nslu2-utils recommends no packages. -- no debconf information -- http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=214656 http://www.amazon.de/gp/registry/wishlist/1STJFWXVXM083/ ICQ#75570407 signature.asc Description: OpenPGP digital signature