Bug#1057967: linux-image-6.1.0-15-amd64 renders my physical bookworm/gnome computer largely unusable

2023-12-11 Thread Kevin Price
Breaking news:

Am 11.12.23 um 19:14 schrieb Salvatore Bonaccorso:
> I have put binary packages for amd64 built in
> https://people.debian.org/~carnil/tmp/linux/1057967/

I confirm this test kernel is working fine for me, even with non-free
broadcom-sta.

(sent from
"
cat /proc/version

Linux version 6.1.0-0.a.test-amd64 (debian-ker...@lists.debian.org)
(gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian)
2.40) #1 SMP PREEMPT_DYNAMIC Debian 6.1.66-1a~test (2023-12-11)
"

through

"
modinfo wl

filename:   /lib/modules/6.1.0-0.a.test-amd64/updates/dkms/wl.ko
license:MIXED/Proprietary
alias:  pci:v*d*sv*sd*bc02sc80i*
depends:cfg80211
…"
)

Thank you Salvatore. Let's get this into stable soon.
-- 
Kevin Price



Bug#1057967: linux-image-6.1.0-15-amd64 renders my physical bookworm/gnome computer largely unusable

2023-12-11 Thread Kevin Price
Control: affects -1 + src:broadcom-sta linux-image-6.1.0-15-amd64

@other affected users: What wifi drivers are you using, and do they
taint your kernel?

Am 11.12.23 um 13:27 schrieb Kevin Price:
> Am 11.12.23 um 12:37 schrieb Salvatore Bonaccorso:

> Need any more logfiles or testing?

Is it syslog that might help you better, or any other log? Just let me
know please. I'd love to help figure this out with mutual support.

> I intend to test debian-live-12.4.0-amd64-gnome.iso

*drumroll* Now this comes as a surprise to me.
debian-live-12.4.0-amd64-gnome displays none of the bad behavior, even
when actively using wifi. Apart from firmware, there's no non-free
involved in debian-live.

So could it be just some local configuration choice of mine, and of all
the other affected users? Some years-old but possibly now poor choice of
drivers/firmware maybe? I faintly remember having tried a free driver on
this card at least two debian releases ago, but it worked so bad I had
to switch to a non-free one:
https://packages.debian.org/bookworm/broadcom-sta-dkms

Which since has been upgraded with each debian release.

Another Test: My old hardware has a physical RF kill switch. So I booted
up 6.1.0-15 with it turned off: *drumroll* Works fine. So wifi seems to
be singled out as the culprit in my case. (or possibly bluetooth, but I
strongly doubt)

See attachments regarding my wifi. Shame on me, if anyone ever
suggested: "Never file a bug against a tainted kernel", because I did.
But maybe it was good to do so. Because this bug is still very relevant,
as it affects not only me, but renders multiple people's computers
practically unusable when upgrading to 6.1.0-15. Not like "wifi gone
bad", but "computer gone bad". This shouldn't happen within a stable
debian release IMHO, and thus justifies some fairly high level of
severity, IMHO. "critical", IDK. You own this bug, you decide.

Now I conclude that 6.1.0-15 not only breaks src:broadcom-sta, but also
vice versa. Are there any other wifi drivers affected?

>> I'm right now curious to find out if we see the same as
>> #1057969 and if the upstream commit db46c77f3d51 ("Revert "wifi:
>> cfg80211: fix CQM for non-range use"") in 6.1.67 upstream fixes the
>> issue.

Now that sounds to me like exactly what caused this. Good to know that
upstream has already reverted this regression. Please let me know what
else to test or contribute, so that we can look forward to a debian
stable 6.1 kernel without this bug.

@Salvatore: Thanks a ton for your excellent work. Very much appreciated.

HTH
-- 
Kevin Pricesudo lspci -vvs2:0
02:00.0 Network controller: Broadcom Inc. and subsidiaries BCM4313 802.11bgn 
Wireless Network Adapter (rev 01)
Subsystem: Broadcom Inc. and subsidiaries BCM4313 802.11bgn Wireless 
Network Adapter
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- 
Capabilities: [48] MSI: Enable- Count=1/1 Maskable- 64bit+
Address:   Data: 
Capabilities: [d0] Express (v1) Endpoint, MSI 00
DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <4us, L1 
unlimited
ExtTag+ AttnBtn- AttnInd- PwrInd- RBE+ FLReset- 
SlotPowerLimit 10W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag+ PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ 
TransPend-
LnkCap: Port #0, Speed 2.5GT/s, Width x1, ASPM L1, Exit Latency 
L1 <64us
ClockPM+ Surprise- LLActRep+ BwNot- ASPMOptComp-
LnkCtl: ASPM L1 Enabled; RCB 64 bytes, Disabled- CommClk+
ExtSynch- ClockPM+ AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 2.5GT/s, Width x1
TrErr- Train- SlotClk+ DLActive+ BWMgmt- ABWMgmt-
Capabilities: [100 v1] Advanced Error Reporting
UESta:  DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- 
RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk:  DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- 
RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES- TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- 
RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta:  RxErr- BadTLP- BadDLLP- Rollover- Timeout- 
AdvNonFatalErr-
CEMsk:  RxErr- BadTLP- BadDLLP- Rollover- Timeout- 
AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap+ ECRCGenEn- 
ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog:  00

Bug#1057967: linux-image-6.1.0-15-amd64 renders my physical bookworm/gnome computer largely unusable

2023-12-11 Thread Kevin Price
Thank you Salvatore!

Am 11.12.23 um 12:37 schrieb Salvatore Bonaccorso:
> It still would be helpfull if you can get to the logs of the previous
> boot. After booting back in the working kernel, do you have anything
> sensible logged in the previous boot log? If so can you share that
> please?

Sure. Here's my boot.log.

The first one at "Mon Dec 11 00:54:03 CET 2023" is the faulty 6.1.0-15.

The 2nd one at "Mon Dec 11 01:13:38 CET 2023" is the working 6.1.0-13.

Need any more logfiles or testing? I intend to test
debian-live-12.4.0-amd64-gnome.iso on my computer, IOT rule out any
local config peculiarities, FWIW.

> I'm right now curious to find out if we see the same as
> #1057969 and if the upstream commit db46c77f3d51 ("Revert "wifi:
> cfg80211: fix CQM for non-range use"") in 6.1.67 upstream fixes the
> issue.

Please let me know what kernel version you want me to test, if they're
provides as debian binaries. I'd be glad to help, probably not only for
my own sake. Bear with me I'm unwilling to build kernel packages myself,
due to lack of computing resources. HTH
-- 
Kevin Price Mon Dec 11 00:54:03 CET 2023 
/: clean, 635496/28696576 files, 99342237/114756608 blocks
 Mounting proc-sys-fs-binfmt_misc.mount - Arbitrary Executable File Formats File System...
[  OK  ] Finished systemd-cryptsetup@cryptswap1.service - Cryptography Setup for cryptswap1.
[  OK  ] Mounted proc-sys-fs-binfmt_misc.mount - Arbitrary Executable File Formats File System.
[  OK  ] Reached target blockdev@dev-mapper-cryptswap1.target - Block Device Preparation for /dev/mapper/cryptswap1.
[  OK  ] Reached target cryptsetup.target - Local Encrypted Volumes.
[  OK  ] Finished systemd-binfmt.service - Set Up Additional Binary Formats.
[  OK  ] Finished systemd-tmpfiles-setup.service - Create Volatile Files and Directories.
 Starting modprobe@dm_mod.service - Load Kernel Module dm_mod...
 Starting modprobe@efi_pstore.service - Load Kernel Module efi_pstore...
 Starting modprobe@loop.service - Load Kernel Module loop...
 Starting systemd-resolved.service - Network Name Resolution...
 Starting systemd-update-utmp.service - Record System Boot/Shutdown in UTMP...
[  OK  ] Finished modprobe@dm_mod.service - Load Kernel Module dm_mod.
[  OK  ] Finished modprobe@efi_pstore.service - Load Kernel Module efi_pstore.
[  OK  ] Finished modprobe@loop.service - Load Kernel Module loop.
[  OK  ] Found device dev-mapper-cryptswap1.device - /dev/mapper/cryptswap1.
 Activating swap dev-mapper-cryptswap1.swap - /dev/mapper/cryptswap1...
[  OK  ] Finished systemd-update-utmp.service - Record System Boot/Shutdown in UTMP.
[  OK  ] Activated swap dev-mapper-cryptswap1.swap - /dev/mapper/cryptswap1.
[  OK  ] Reached target swap.target - Swaps.
[  OK  ] Finished apparmor.service - Load AppArmor profiles.
[  OK  ] Started systemd-resolved.service - Network Name Resolution.
[  OK  ] Reached target nss-lookup.target - Host and Network Name Lookups.
[  OK  ] Reached target sysinit.target - System Initialization.
[  OK  ] Started cups.path - CUPS Scheduler.
[  OK  ] Started anacron.timer - Trigger anacron every hour.
[  OK  ] Started apt-daily.timer - Daily apt download activities.
[  OK  ] Started apt-daily-upgrade.timer - Daily apt upgrade and clean activities.
[  OK  ] Started dpkg-db-backup.timer - Daily dpkg database backup timer.
[  OK  ] Started e2scrub_all.timer - Periodic ext4 Online Metadata Check for All Filesystems.
[  OK  ] Started logrotate.timer - Daily rotation of log files.
[  OK  ] Started man-db.timer - Daily man-db regeneration.
[  OK  ] Started ntpsec-rotate-stats.timer - Rotate ntpd stats daily.
[  OK  ] Started systemd-tmpfiles-clean.timer - Daily Cleanup of Temporary Directories.
[  OK  ] Reached target paths.target - Path Units.
[  OK  ] Reached target timers.target - Timer Units.
[  OK  ] Listening on avahi-daemon.socket - Avahi mDNS/DNS-SD Stack Activation Socket.
[  OK  ] Listening on cups.socket - CUPS Scheduler.
[  OK  ] L

Bug#1057967: linux-image-6.1.0-15-amd64 renders my physical bookworm/gnome computer largely unusable

2023-12-10 Thread Kevin Price
Package: linux-image-6.1.0-15-amd64
Version: 6.1.66-1
Severity: critical
Control: -1 notfound 6.1.64-1

When booting 6.1.0-15, my physical amd64/bookworm/gnome computer
misbehaves in many ways, rendering it largely unusable. With kernels up
to 6.1.0-13, and even briefly with the otherwise broken 6.1.0-14, all of
this seemed fine.

Misbehavior includes, not limited to:

1. Most actions take considerably longer than usual.

2. The GDM greeter has an English keyboard layout, which otherwise is
German. (Login works.)

3. There seems to be no network connectivity. No WiFi icon. "ping
8.8.8.8" returns IIRC network unreachable.

4. Launching Firefox does apparently nothing.

5. Launching gnome-terminal does work, but some basic commands just
freeze, such as "ip a" or "sudo dmesg". sudo hangs before prompting for
the passphrase. At that stage, even "sudo -i", I cannot interrupt with "^C".

6. Shutting down takes ages, with systemd waiting for a bunch of
processes (sudo) and services to terminate, most of the latter seem to
be somehow network-related, but you tell me which aren't.

After more that 10 min I used hard power-off, leaving my ext4 dirty, but
being perfectly able to boot any of 6.1.0-12 through -15, with -12 and
-13 working properly, and -15 showing the exact same misbehavior
reproducibly.

I'll attach all I could get out of reportbug running under 6.1.0-15, and
please let me know what further testing I may perform IOT help you.
Please also specify whether you'd like me to do that testing under
6.1.0-15, in which I cannot even invoke sudo, or under 6.1.0-13, which
will do anything fine.

Thanks a lot in advance, and HTH!
-- 
Kevin PriceContent-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Kevin Price 
To: Debian Bug Tracking System 
Subject: linux-image-6.1.0-15-amd64 makes my physical bookworm/gnome system 
vastly unusable
Bcc: Kevin Price 

Package: src:linux
Version: 6.1.66-1
Severity: critical



-- Package-specific info:
** Version:
Linux version 6.1.0-15-amd64 (debian-ker...@lists.debian.org) (gcc-12 (Debian 
12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP 
PREEMPT_DYNAMIC Debian 6.1.66-1 (2023-12-09)

** Command line:
BOOT_IMAGE=/boot/vmlinuz-6.1.0-15-amd64 
root=UUID=b1e4af52-2d43-40ab-a468-ca11bf2a3122 ro quiet

** Tainted: POE (12289)
 * proprietary module was loaded
 * externally-built ("out-of-tree") module was loaded
 * unsigned module was loaded

** Kernel log:
Unable to read kernel log; any relevant messages should be attached

** Model information
sys_vendor: LENOVO
product_name: 1068FQG
product_version: Lenovo B570
chassis_vendor: LENOVO
chassis_version: 0.1
bios_vendor: LENOVO
bios_version: 44CN41WW
board_vendor: LENOVO
board_name: Emerald Lake
board_version: FAB1

** Loaded modules:
cts
uinput
rfcomm
snd_seq_dummy
snd_hrtimer
snd_seq
snd_seq_device
xt_CHECKSUM
xt_MASQUERADE
bridge
stp
llc
cmac
algif_hash
algif_skcipher
af_alg
bnep
ip6t_rt
ip6t_REJECT
nf_reject_ipv6
nft_chain_nat
nf_nat
xt_set
ipt_REJECT
nf_reject_ipv4
xt_tcpudp
xt_conntrack
nf_conntrack
nf_defrag_ipv6
nf_defrag_ipv4
nft_compat
nf_tables
binfmt_misc
ip_set_hash_ipport
pktcdvd
ip_set
nfnetlink
intel_rapl_msr
intel_rapl_common
x86_pkg_temp_thermal
intel_powerclamp
nls_ascii
nls_cp437
btusb
kvm_intel
btrtl
btbcm
vfat
btintel
btmtk
fat
kvm
bluetooth
irqbypass
crc32_pclmul
crypto_simd
xts
ecb
jitterentropy_rng
dm_crypt
ghash_clmulni_intel
cryptd
snd_hda_codec_hdmi
sha512_ssse3
sha512_generic
isofs
sha256_ssse3
rtsx_usb_sdmmc
sha1_ssse3
snd_hda_codec_realtek
wl(POE)
snd_hda_codec_generic
mmc_core
ledtrig_audio
ctr
rtsx_usb_ms
memstick
snd_hda_intel
snd_intel_dspcfg
snd_intel_sdw_acpi
drbg
snd_hda_codec
iTCO_wdt
intel_pmc_bxt
uvcvideo
iTCO_vendor_support
mei_hdcp
at24
watchdog
videobuf2_vmalloc
snd_hda_core
videobuf2_memops
rtsx_usb
rapl
videobuf2_v4l2
ansi_cprng
videobuf2_common
snd_hwdep
intel_cstate
ecdh_generic
intel_uncore
wmi_bmof
ecc
snd_pcm
videodev
sr_mod
cdrom
r8169
cfg80211
realtek
i2c_i801
snd_timer
mc
pcspkr
i2c_smbus
mei_me
ideapad_laptop
mdio_devres
platform_profile
snd
libphy
mei
lpc_ich
soundcore
sparse_keymap
rfkill
ac
battery
button
joydev
sg
coretemp
parport_pc
ppdev
lp
parport
loop
fuse
efi_pstore
dm_mod
configfs
ip_tables
x_tables
autofs4
ext4
crc16
mbcache
jbd2
efivarfs
raid10
raid456
libcrc32c
crc32c_generic
async_raid6_recov
async_memcpy
async_pq
async_xor
xor
async_tx
raid6_pq
raid1
raid0
multipath
linear
md_mod
sd_mod
t10_pi
crc64_rocksoft
crc64
crc_t10dif
crct10dif_generic
hid_generic
usbhid
hid
i915
i2c_algo_bit
drm_buddy
drm_display_helper
ahci
libahci
drm_kms_helper
libata
cec
rc_core
ehci_pci
ehci_hcd
ttm
scsi_mod
usbcore
crct10dif_pclmul
crct10dif_common
drm
psmouse
evdev
crc32c_intel
scsi_common
serio_raw
usb_common
video
wmi

** PCI devices:
00:00.0 Host bridge [0600]: Intel Corporation 2nd Generation Core Processor 
Family DRAM Controller [80

Bug#947745: recent version for stable-(updates|backports)

2019-12-29 Thread Kevin Price
Package: youtube-dl
Version: 2019.01.17-1.1
Severity: grave

Justification: renders package unusable

Dear maintainer,

the buster version has quit working with yt. The error message is: "YouTube
said: This video is unavailable." 2019.09.28-1 works. Due to the package's
volatility (which causes this grave bug) and given its fairly stable
dependencies, migrating recent versions into stable-updates might well be the
neatest fix to this, imho.

See also #908947.

Cheers
Kevin



-- System Information:
Debian Release: 10.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages youtube-dl depends on:
ii  python33.7.3-1
ii  python3-pkg-resources  40.8.0-1

Versions of packages youtube-dl recommends:
ii  aria21.34.0-4
ii  ca-certificates  20190110
ii  curl 7.64.0-4
ii  ffmpeg   7:4.1.4-1~deb10u1
ii  mpv  0.29.1-1
ii  phantomjs2.1.1+dfsg-2
ii  python3-pyxattr  0.6.1-1
ii  rtmpdump 2.4+20151223.gitfa8646d.1-2
ii  wget 1.20.1-1.1

youtube-dl suggests no packages.

-- no debconf information



Bug#730012: nginx: CVE-2013-4547

2013-11-25 Thread Kevin Price
Hi Christos:

Am 25.11.2013 21:07, schrieb Christos Trochalakis:
> We are going to backport 1.4.4 as soon as it migrates to testing.

Thanks even more. :)

FYI: One serious data retention issue is a prime reason for using nginx
>= 1.3.7, thus bpo: OCSP stapling. (rfc4366) So presumably there are
many more users thankfully looking forward to this update.

cheers
-- 
Kevin Price
http://www.kevin-price.de/



signature.asc
Description: OpenPGP digital signature


Bug#730012: nginx: CVE-2013-4547

2013-11-25 Thread Kevin Price
Hi!

Thanks a lot for fixing this issue! Is there a chance that the still
vulnerable wheezy-backports will soon be either patched or updated?
(I know, security does not include bpo.)

patch: http://nginx.org/download/patch.2013.space.txt

update: 1.4.4 or 1.5.7 will do.
(reference:
http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html )

brgds
-- 
Kevin Price
http://www.kevin-price.de/



signature.asc
Description: OpenPGP digital signature


Bug#602313: ZDI-CAN-925: proftpd TELNET_IAC processing stack overflow vulnerability

2010-11-03 Thread Kevin Price
Package: proftpd
Version: 1.3.1-17lenny4
Severity: critical
Tags: security fixed-upstream

Hi!

Upstream released 1.3.3c on 29-Oct-2010, fixing upsteam bug 3521, which
is said to allow remote arbitrary code execution without the need of
authentication.

For more information, please see
http://www.zerodayinitiative.com/advisories/ZDI-10-229/

best regards
-- 
Kevin Price
http://www.kevin-price.de/



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org



Bug#502444: sshd fails at boot-time following reload by /etc/network/if-up.d/openssh-server presumably due to race condition

2009-01-14 Thread Kevin Price
Thanks Colin, that was really 'sharpish' !

Version 5.1p1-5 works fine, as expected. After compiling it for amd64 and
purging/reinstalling, I rebooted several times just to make sure. Let's
hope this change will make it into lenny.

I wouldn't be too concerned about any performance loss caused by 'restart'
rather than reload. I'm curious if upstream/openBSD has anything like
debian's /etc/network/if-up.d/openssh-server script, and how they solved
this issue.

All the best!
-- 
Kevin Price
http://www.kevin-price.de/




--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org



Bug#502444: sshd fails at boot-time following reload by /etc/network/if-up.d/openssh-server presumably due to race condition

2009-01-13 Thread Kevin Price
Sorry even debug level 3 does not seem to help us any further:

Jan 13 22:52:30 leeloo3 sshd[2057]: debug2: fd 3 setting O_NONBLOCK
Jan 13 22:52:30 leeloo3 sshd[2057]: debug1: Bind to port 22 on 0.0.0.0.
Jan 13 22:52:30 leeloo3 sshd[2057]: Server listening on 0.0.0.0 port 22.
Jan 13 22:52:30 leeloo3 sshd[2057]: socket: Address family not supported
by protocol
Jan 13 22:52:30 leeloo3 sshd[2057]: Received SIGHUP; restarting.

That's all process 2057 ever logged before dying. Is there anything else
I can do? Please let me know what and whether to leave your patch in
/etc/network/if-up.d/openssh-server or to revert it to original.

We do have some other lenny servers that don't do this. The difference
is that they are already productive and start varios applications, while
this one is pretty much naked lenny. Apart from the fact that all our
lenny servers run etch kernels (2.6.18-6-amd64) for the time being, for
some of the HP server management interfaces to work properly.
-- 
Kevin Price
http://www.kevin-price.de/



signature.asc
Description: OpenPGP digital signature


Bug#502444: sshd fails at boot-time following reload by /etc/network/if-up.d/openssh-server presumably due to race condition

2009-01-13 Thread Kevin Price
I caught it dying under new circumstances this time:

/etc/modules is in its original state (no bnx2)
/etc/network/if-up.d/openssh-server contains only your patch
LogLevel is DEBUG1
Oh and by the way, the ipv6 kernel module is disabled, FWIW.

This is where it first starts in the boot process:

Jan 13 22:32:45 leeloo3 sshd[2028]: debug1: Bind to port 22 on 0.0.0.0.
Jan 13 22:32:45 leeloo3 sshd[2028]: Server listening on 0.0.0.0 port 22.
Jan 13 22:32:45 leeloo3 sshd[2028]: socket: Address family not supported
by protocol
Jan 13 22:32:45 leeloo3 sshd[2028]: Received SIGHUP; restarting.

And that was the last message when it died. The next message is when I
log onto a console and manually /etc/init.d/ssh start. I'll try to
increase the debug level some more. Just let's be patient because of all
those reboots I need to go through. Those new generation servers with 8
CPU cores boot debian at ultra speed, but the BIOS takes ages...

-- 
Kevin Price
http://www.kevin-price.de/



signature.asc
Description: OpenPGP digital signature


Bug#502444: sshd fails at boot-time following reload by /etc/network/if-up.d/openssh-server presumably due to race condition

2009-01-13 Thread Kevin Price
Thanks for the patch. It doesn't solve the problem. I reverted my
changes back to the original state, and then rebooted to make sure the
problem occurs. Then I applied your patch and rebooted, but the error
occurred again, but only sometimes.

Before your patch, when it failed, it logged this:

Jan 13 23:56:50 leeloo3 sshd[2052]: Server listening on 0.0.0.0 port 22.
Jan 13 23:56:50 leeloo3 sshd[2052]: Received SIGHUP; restarting.

or that:

Jan 13 23:46:40 leeloo3 sshd[2323]: Server listening on 0.0.0.0 port 22.
Jan 13 23:46:50 leeloo3 sshd[2323]: Received signal 15; terminating.

or that:

 Jan 13 22:16:51 leeloo3 sshd[2134]: Server listening on 0.0.0.0 port 22.
Jan 13 22:16:51 leeloo3 sshd[2142]: error: Bind to port 22 on 0.0.0.0
failed: Address already in use.

When it worked, it just logged the first line of those.

Now after applying your patch, it still logs the "SIGHUP" message and
fails, or it logs only the first message and then works.

Note that during this boot process the driver for the built-in NICs,
bnx2, loads pretty late. Its last ready messages come even after the
login prompt:

bnx2: eth1 NIC Link is Up, 1000 Mbps full duplex
bnx2: eth0 NIC Link is Up, 1000 Mbps full duplex

The /etc/network/interfaces contains "allow-hotplug" for eth0 and eth1.
I tried adding bnx2 to /etc/modules, causing the module to be loaded
sooner, and couldn't seem to make it fail that way. But I'm still
rebooting that machine over and over, trying to get somewhat reliable
information. (race condition)

-- 
Kevin Price
http://www.kevin-price.de/



signature.asc
Description: OpenPGP digital signature


Bug#495581: this is fixed

2008-08-19 Thread Kevin Price
Thijs Kinkhorst schrieb:
> I'm specifically concerned about this statement of yours:
> 
>>> Justification: introduces a security hole on systems where you install
>>>  the packages
> 
> That definately does not hold, but it may give the impression to users that 
> all systems running Postfix are vulnerable, which is very far from reality. 
> I'm not quite concerned about which exact severity level a given bug has, 
> since that's quite abstract, but I am advocating to be careful with factual 
> statements about the impact of the vulnerability as you did above.

Ah thank you. I had borrowed the words from the possible justifications
of "critical" at http://release.debian.org/etch/rc_policy.txt and ment
this only as distinction from grave being "introduces a security hole
allowing access to the accounts of users who use the package" which
applies much less.

I know that most postfix users were not affected. So it would have been
better to leave that line away, or to add a limitation like "under
certain circumstances".

cheers
-- 
Kevin Price
http://www.kevin-price.de/



signature.asc
Description: OpenPGP digital signature


Bug#495581: this is fixed

2008-08-18 Thread Kevin Price
Thijs Kinkhorst schrieb:
> Version: 2.3.8-2etch1

Ah, thank you.

>> Justification: introduces a security hole on systems where you install
>>  the packages
> 
> Huh? Have you read the author's announcement? It does no such thing on Debian 
> systems - it only introduces a local security hole on systems where you 
> (quite specifically) change the shipped configuration.

Sure I read it. That's why I forwarded it to you.

> The issue is now fixed in all distributions, so no need to argue over 
> severity - I'm rather closing this bug.

FACK

> But in the future please be more 
> careful when making statements about the impact of vulnerabilities.

Please help me understand how you would have preferred me to report
this, so next time I can do it right.

From what I understand, security holes are critical or grave bugs,
depending on whether a local account or the system are affected (can
possibly be modified/compromised) In this case, it is the whole system,
provided that the mail system is configured in a specific way, because
not only a user using postfix may be affected, but also files belonging
to other users or root.

Why does this not justify critical? Would you really believe that grave
would be more appropriate? Why?
-- 
Kevin Price
http://www.kevin-price.de/



signature.asc
Description: OpenPGP digital signature


Bug#495581: Acknowledgement (Postfix local privilege escalation via hardlinked symlinks)

2008-08-18 Thread Kevin Price
tags 495581 - lenny sid
fixed 495581 2.5.2-2lenny1
fixed 495581 2.5.4-1
thanks
-- 
Kevin Price
http://www.kevin-price.de/



signature.asc
Description: OpenPGP digital signature


Bug#480310: [ixp4xx] armel NSLU2 fails to boot with 2.6.25

2008-05-17 Thread Kevin Price
Martin Michlmayr schrieb:
> This has been fixed in version 2.6.25-3 of linux-image-2.6.25-2-ixp4xx
> which is now in unstable.  Would be great if you (Paul, Kevin) could
> confirm it works.

Yes, confirmed. It works nicely for me. I re-flashed the old apex from
debian, and set modules=most in initramfs.conf. before installing
2.6.25-3. The initrd became 3840262 bytes small, which is fine. All the
necessary modules are there too.

Thanks a lot for that good piece of work!

-- 
Kevin Price
http://www.kevin-price.de/



signature.asc
Description: OpenPGP digital signature


Bug#480310: [ixp4xx] armel NSLU2 fails to boot with 2.6.25

2008-05-15 Thread Kevin Price
Kevin Price schrieb:
> Martin Michlmayr schrieb:
>> The 2.6.26-rc2 test image is available from 
>> http://people.debian.org/~tbm/armel/kernel/r11383/
>> The fixed 2.6.25 package will be uploaded in the near future.
> 
> At least the 2.6.26-rc2 makes my slug unbootable. Again, I need some
> time to hook the serial console up to figure out why. (Wish I had a
> USB/RS232 adaptor around) I'll let you know as soon as I can.

Your 2.6.26-rc2 works. The reason it didn't boot seems to have been a
wrong combination of apex / initramfs-configuration, my fault. It's OK.

(Thanks for|Keep up) the great work.

Kevin



signature.asc
Description: OpenPGP digital signature


Bug#480310: [ixp4xx] armel NSLU2 fails to boot with 2.6.25

2008-05-14 Thread Kevin Price
Martin Michlmayr schrieb:
> The 2.6.26-rc2 test image is available from 
> http://people.debian.org/~tbm/armel/kernel/r11383/
> The fixed 2.6.25 package will be uploaded in the near future.

At least the 2.6.26-rc2 makes my slug unbootable. Again, I need some
time to hook the serial console up to figure out why. (Wish I had a
USB/RS232 adaptor around) I'll let you know as soon as I can.

Kevin



signature.asc
Description: OpenPGP digital signature


Bug#480310: [ixp4xx] armel NSLU2 fails to boot with 2.6.25

2008-05-12 Thread Kevin Price
Martin Michlmayr schrieb:
> You'll also need the patch from #421359, otherwise the new APEX is not
> written to flash.

Yeah. I was thinking from a more low-level point of view and flashed the
apex binary myself with the script. The result is good: The large initrd
(modules=all) boots fine with that.

That was because I dislike the idea about the imaginary version 1.5.14.
Is it more appropriate to name it something like 1.5.13+gf1 ? I'll give
it a try.

> bugs.  Another minor issue is that it would be nice to get more
> feedback on the patch in #421359.

I hope I can help that a little.

> cross-compile would be fine.  I just don't have a cross-compiler for
> armel.  Native or qemu would work too, but are slower.

OK. Is the rc1 already debianized anywhere? Otherwise we might as well
go for rc2.

Kevin
-- 
http://www.kevin-price.de/



signature.asc
Description: OpenPGP digital signature


Bug#480310: [ixp4xx] armel NSLU2 fails to boot with 2.6.25

2008-05-12 Thread Kevin Price
Martin Michlmayr schrieb:
> Kevin, since you have a serial console, are you interested in testing
> the patches in #451882 and #421359?

Yes. My slug is now compiling apex-1.4.15 with the patch from #451882
(CONFIG_RAMDISK_SIZE=0x0050) I am curious if this solves this bug
and I will let you know.

BTW: What is keeping the patches from moving into sid? I'd love to see a
more current apex version in lenny.

> debian-arm people in general: anyone with a armel compiler who's
> interested in compiling and testing 2.6.26-rc1 on armel?

Would that need to be a native or cross-compiler or is the qemu arm
emulation reliable enough for such compilation jobs? Somehow I recall
that the emulation was said to be unsuitable to be employed as buildds.

Kevin
-- 
http://www.kevin-price.de/



signature.asc
Description: OpenPGP digital signature


Bug#382767: nslu2-utils: NSLU2_IXP400_REQUIRED=true is ignored

2006-08-13 Thread Kevin Price
Subject: nslu2-utils: NSLU2_IXP400_REQUIRED=true is ignored
Package: nslu2-utils
Version: 0.10+r58-4
Severity: critical
Justification: breaks the whole system

When updating from 0.10+r58-3 to 0.10+r58-4 the firmware gets flashed although
the option NSLU2_IXP400_REQUIRED is set to true ans there is no ipx400 module.

This breaks the slugs by making it unbootable. The user hast to flash a working
firmware with upslug.

* screenshot:
Unpacking replacement slugimage ...
Preparing to replace nslu2-utils 0.10+r58-3 (using
.../nslu2-utils_0.10+r58-4_arm.deb) ...
Unpacking replacement nslu2-utils ...
Setting up libklibc (1.4.11-3) ...
Setting up klibc-utils (1.4.11-3) ...
Setting up libtiff4 (3.8.2-6) ...

Setting up slugimage (0.10+r58-4) ...
Setting up nslu2-utils (0.10+r58-4) ...
update-initramfs: Generating /boot/initrd.img-2.6.16-2-nslu2
Warning: ixp400_eth ethernet driver not found, not included on image
Error: This system has the ixp400_eth module loaded;
not creating initramfs image that does not contain the module.

To force creation of an image without the module, set
NSLU2_IXP400_REQUIRED=false in /etc/mkinitramfs/nslu2.conf
Flashing initramfs: done.
Flashing kernel: done.

Do you want to erase any previously downloaded .deb files? [Y/n]
Press enter to continue.

*

See also the thread at http://lists.debian.org/debian-arm/2006/08/msg00033.html

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: arm (armv5tel)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-nslu2
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages nslu2-utils depends on:
ii  devio 1.2-1  correctly read (or write) a region
ii  slugimage 0.10+r58-4 NSUL2 firmware image manipulation

nslu2-utils recommends no packages.

-- no debconf information

-- http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=214656
http://www.amazon.de/gp/registry/wishlist/1STJFWXVXM083/ ICQ#75570407


signature.asc
Description: OpenPGP digital signature