Bug#1057967: linux-image-6.1.0-15-amd64 renders my physical bookworm/gnome computer largely unusable
Breaking news: Am 11.12.23 um 19:14 schrieb Salvatore Bonaccorso: > I have put binary packages for amd64 built in > https://people.debian.org/~carnil/tmp/linux/1057967/ I confirm this test kernel is working fine for me, even with non-free broadcom-sta. (sent from " cat /proc/version Linux version 6.1.0-0.a.test-amd64 (debian-ker...@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC Debian 6.1.66-1a~test (2023-12-11) " through " modinfo wl filename: /lib/modules/6.1.0-0.a.test-amd64/updates/dkms/wl.ko license:MIXED/Proprietary alias: pci:v*d*sv*sd*bc02sc80i* depends:cfg80211 …" ) Thank you Salvatore. Let's get this into stable soon. -- Kevin Price
Bug#1057967: linux-image-6.1.0-15-amd64 renders my physical bookworm/gnome computer largely unusable
Control: affects -1 + src:broadcom-sta linux-image-6.1.0-15-amd64
@other affected users: What wifi drivers are you using, and do they
taint your kernel?
Am 11.12.23 um 13:27 schrieb Kevin Price:
> Am 11.12.23 um 12:37 schrieb Salvatore Bonaccorso:
> Need any more logfiles or testing?
Is it syslog that might help you better, or any other log? Just let me
know please. I'd love to help figure this out with mutual support.
> I intend to test debian-live-12.4.0-amd64-gnome.iso
*drumroll* Now this comes as a surprise to me.
debian-live-12.4.0-amd64-gnome displays none of the bad behavior, even
when actively using wifi. Apart from firmware, there's no non-free
involved in debian-live.
So could it be just some local configuration choice of mine, and of all
the other affected users? Some years-old but possibly now poor choice of
drivers/firmware maybe? I faintly remember having tried a free driver on
this card at least two debian releases ago, but it worked so bad I had
to switch to a non-free one:
https://packages.debian.org/bookworm/broadcom-sta-dkms
Which since has been upgraded with each debian release.
Another Test: My old hardware has a physical RF kill switch. So I booted
up 6.1.0-15 with it turned off: *drumroll* Works fine. So wifi seems to
be singled out as the culprit in my case. (or possibly bluetooth, but I
strongly doubt)
See attachments regarding my wifi. Shame on me, if anyone ever
suggested: "Never file a bug against a tainted kernel", because I did.
But maybe it was good to do so. Because this bug is still very relevant,
as it affects not only me, but renders multiple people's computers
practically unusable when upgrading to 6.1.0-15. Not like "wifi gone
bad", but "computer gone bad". This shouldn't happen within a stable
debian release IMHO, and thus justifies some fairly high level of
severity, IMHO. "critical", IDK. You own this bug, you decide.
Now I conclude that 6.1.0-15 not only breaks src:broadcom-sta, but also
vice versa. Are there any other wifi drivers affected?
>> I'm right now curious to find out if we see the same as
>> #1057969 and if the upstream commit db46c77f3d51 ("Revert "wifi:
>> cfg80211: fix CQM for non-range use"") in 6.1.67 upstream fixes the
>> issue.
Now that sounds to me like exactly what caused this. Good to know that
upstream has already reverted this regression. Please let me know what
else to test or contribute, so that we can look forward to a debian
stable 6.1 kernel without this bug.
@Salvatore: Thanks a ton for your excellent work. Very much appreciated.
HTH
--
Kevin Pricesudo lspci -vvs2:0
02:00.0 Network controller: Broadcom Inc. and subsidiaries BCM4313 802.11bgn
Wireless Network Adapter (rev 01)
Subsystem: Broadcom Inc. and subsidiaries BCM4313 802.11bgn Wireless
Network Adapter
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR-
Capabilities: [48] MSI: Enable- Count=1/1 Maskable- 64bit+
Address: Data:
Capabilities: [d0] Express (v1) Endpoint, MSI 00
DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <4us, L1
unlimited
ExtTag+ AttnBtn- AttnInd- PwrInd- RBE+ FLReset-
SlotPowerLimit 10W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag+ PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+
TransPend-
LnkCap: Port #0, Speed 2.5GT/s, Width x1, ASPM L1, Exit Latency
L1 <64us
ClockPM+ Surprise- LLActRep+ BwNot- ASPMOptComp-
LnkCtl: ASPM L1 Enabled; RCB 64 bytes, Disabled- CommClk+
ExtSynch- ClockPM+ AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 2.5GT/s, Width x1
TrErr- Train- SlotClk+ DLActive+ BWMgmt- ABWMgmt-
Capabilities: [100 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt-
RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt-
RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES- TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt-
RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout-
AdvNonFatalErr-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout-
AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap+ ECRCGenEn-
ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00
Bug#1057967: linux-image-6.1.0-15-amd64 renders my physical bookworm/gnome computer largely unusable
Thank you Salvatore!
Am 11.12.23 um 12:37 schrieb Salvatore Bonaccorso:
> It still would be helpfull if you can get to the logs of the previous
> boot. After booting back in the working kernel, do you have anything
> sensible logged in the previous boot log? If so can you share that
> please?
Sure. Here's my boot.log.
The first one at "Mon Dec 11 00:54:03 CET 2023" is the faulty 6.1.0-15.
The 2nd one at "Mon Dec 11 01:13:38 CET 2023" is the working 6.1.0-13.
Need any more logfiles or testing? I intend to test
debian-live-12.4.0-amd64-gnome.iso on my computer, IOT rule out any
local config peculiarities, FWIW.
> I'm right now curious to find out if we see the same as
> #1057969 and if the upstream commit db46c77f3d51 ("Revert "wifi:
> cfg80211: fix CQM for non-range use"") in 6.1.67 upstream fixes the
> issue.
Please let me know what kernel version you want me to test, if they're
provides as debian binaries. I'd be glad to help, probably not only for
my own sake. Bear with me I'm unwilling to build kernel packages myself,
due to lack of computing resources. HTH
--
Kevin Price Mon Dec 11 00:54:03 CET 2023
/: clean, 635496/28696576 files, 99342237/114756608 blocks
Mounting [0;1;39mproc-sys-fs-binfmt_misc.mount[0m - Arbitrary Executable File Formats File System...
[[0;32m OK [0m] Finished [0;1;39msystemd-cryptsetup@cryptswap1.service[0m - Cryptography Setup for cryptswap1.
[[0;32m OK [0m] Mounted [0;1;39mproc-sys-fs-binfmt_misc.mount[0m - Arbitrary Executable File Formats File System.
[[0;32m OK [0m] Reached target [0;1;39mblockdev@dev-mapper-cryptswap1.target[0m - Block Device Preparation for /dev/mapper/cryptswap1.
[[0;32m OK [0m] Reached target [0;1;39mcryptsetup.target[0m - Local Encrypted Volumes.
[[0;32m OK [0m] Finished [0;1;39msystemd-binfmt.service[0m - Set Up Additional Binary Formats.
[[0;32m OK [0m] Finished [0;1;39msystemd-tmpfiles-setup.service[0m - Create Volatile Files and Directories.
Starting [0;1;39mmodprobe@dm_mod.service[0m - Load Kernel Module dm_mod...
Starting [0;1;39mmodprobe@efi_pstore.service[0m - Load Kernel Module efi_pstore...
Starting [0;1;39mmodprobe@loop.service[0m - Load Kernel Module loop...
Starting [0;1;39msystemd-resolved.service[0m - Network Name Resolution...
Starting [0;1;39msystemd-update-utmp.service[0m - Record System Boot/Shutdown in UTMP...
[[0;32m OK [0m] Finished [0;1;39mmodprobe@dm_mod.service[0m - Load Kernel Module dm_mod.
[[0;32m OK [0m] Finished [0;1;39mmodprobe@efi_pstore.service[0m - Load Kernel Module efi_pstore.
[[0;32m OK [0m] Finished [0;1;39mmodprobe@loop.service[0m - Load Kernel Module loop.
[[0;32m OK [0m] Found device [0;1;39mdev-mapper-cryptswap1.device[0m - /dev/mapper/cryptswap1.
Activating swap [0;1;39mdev-mapper-cryptswap1.swap[0m - /dev/mapper/cryptswap1...
[[0;32m OK [0m] Finished [0;1;39msystemd-update-utmp.service[0m - Record System Boot/Shutdown in UTMP.
[[0;32m OK [0m] Activated swap [0;1;39mdev-mapper-cryptswap1.swap[0m - /dev/mapper/cryptswap1.
[[0;32m OK [0m] Reached target [0;1;39mswap.target[0m - Swaps.
[[0;32m OK [0m] Finished [0;1;39mapparmor.service[0m - Load AppArmor profiles.
[[0;32m OK [0m] Started [0;1;39msystemd-resolved.service[0m - Network Name Resolution.
[[0;32m OK [0m] Reached target [0;1;39mnss-lookup.target[0m - Host and Network Name Lookups.
[[0;32m OK [0m] Reached target [0;1;39msysinit.target[0m - System Initialization.
[[0;32m OK [0m] Started [0;1;39mcups.path[0m - CUPS Scheduler.
[[0;32m OK [0m] Started [0;1;39manacron.timer[0m - Trigger anacron every hour.
[[0;32m OK [0m] Started [0;1;39mapt-daily.timer[0m - Daily apt download activities.
[[0;32m OK [0m] Started [0;1;39mapt-daily-upgrade.timer[0m - Daily apt upgrade and clean activities.
[[0;32m OK [0m] Started [0;1;39mdpkg-db-backup.timer[0m - Daily dpkg database backup timer.
[[0;32m OK [0m] Started [0;1;39me2scrub_all.timer[0m - Periodic ext4 Online Metadata Check for All Filesystems.
[[0;32m OK [0m] Started [0;1;39mlogrotate.timer[0m - Daily rotation of log files.
[[0;32m OK [0m] Started [0;1;39mman-db.timer[0m - Daily man-db regeneration.
[[0;32m OK [0m] Started [0;1;39mntpsec-rotate-stats.timer[0m - Rotate ntpd stats daily.
[[0;32m OK [0m] Started [0;1;39msystemd-tmpfiles-clean.timer[0m - Daily Cleanup of Temporary Directories.
[[0;32m OK [0m] Reached target [0;1;39mpaths.target[0m - Path Units.
[[0;32m OK [0m] Reached target [0;1;39mtimers.target[0m - Timer Units.
[[0;32m OK [0m] Listening on [0;1;39mavahi-daemon.socket[0m - Avahi mDNS/DNS-SD Stack Activation Socket.
[[0;32m OK [0m] Listening on [0;1;39mcups.socket[0m - CUPS Scheduler.
[[0;32m OK [0m] L
Bug#1057967: linux-image-6.1.0-15-amd64 renders my physical bookworm/gnome computer largely unusable
Package: linux-image-6.1.0-15-amd64
Version: 6.1.66-1
Severity: critical
Control: -1 notfound 6.1.64-1
When booting 6.1.0-15, my physical amd64/bookworm/gnome computer
misbehaves in many ways, rendering it largely unusable. With kernels up
to 6.1.0-13, and even briefly with the otherwise broken 6.1.0-14, all of
this seemed fine.
Misbehavior includes, not limited to:
1. Most actions take considerably longer than usual.
2. The GDM greeter has an English keyboard layout, which otherwise is
German. (Login works.)
3. There seems to be no network connectivity. No WiFi icon. "ping
8.8.8.8" returns IIRC network unreachable.
4. Launching Firefox does apparently nothing.
5. Launching gnome-terminal does work, but some basic commands just
freeze, such as "ip a" or "sudo dmesg". sudo hangs before prompting for
the passphrase. At that stage, even "sudo -i", I cannot interrupt with "^C".
6. Shutting down takes ages, with systemd waiting for a bunch of
processes (sudo) and services to terminate, most of the latter seem to
be somehow network-related, but you tell me which aren't.
After more that 10 min I used hard power-off, leaving my ext4 dirty, but
being perfectly able to boot any of 6.1.0-12 through -15, with -12 and
-13 working properly, and -15 showing the exact same misbehavior
reproducibly.
I'll attach all I could get out of reportbug running under 6.1.0-15, and
please let me know what further testing I may perform IOT help you.
Please also specify whether you'd like me to do that testing under
6.1.0-15, in which I cannot even invoke sudo, or under 6.1.0-13, which
will do anything fine.
Thanks a lot in advance, and HTH!
--
Kevin PriceContent-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Kevin Price
To: Debian Bug Tracking System
Subject: linux-image-6.1.0-15-amd64 makes my physical bookworm/gnome system
vastly unusable
Bcc: Kevin Price
Package: src:linux
Version: 6.1.66-1
Severity: critical
-- Package-specific info:
** Version:
Linux version 6.1.0-15-amd64 (debian-ker...@lists.debian.org) (gcc-12 (Debian
12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP
PREEMPT_DYNAMIC Debian 6.1.66-1 (2023-12-09)
** Command line:
BOOT_IMAGE=/boot/vmlinuz-6.1.0-15-amd64
root=UUID=b1e4af52-2d43-40ab-a468-ca11bf2a3122 ro quiet
** Tainted: POE (12289)
* proprietary module was loaded
* externally-built ("out-of-tree") module was loaded
* unsigned module was loaded
** Kernel log:
Unable to read kernel log; any relevant messages should be attached
** Model information
sys_vendor: LENOVO
product_name: 1068FQG
product_version: Lenovo B570
chassis_vendor: LENOVO
chassis_version: 0.1
bios_vendor: LENOVO
bios_version: 44CN41WW
board_vendor: LENOVO
board_name: Emerald Lake
board_version: FAB1
** Loaded modules:
cts
uinput
rfcomm
snd_seq_dummy
snd_hrtimer
snd_seq
snd_seq_device
xt_CHECKSUM
xt_MASQUERADE
bridge
stp
llc
cmac
algif_hash
algif_skcipher
af_alg
bnep
ip6t_rt
ip6t_REJECT
nf_reject_ipv6
nft_chain_nat
nf_nat
xt_set
ipt_REJECT
nf_reject_ipv4
xt_tcpudp
xt_conntrack
nf_conntrack
nf_defrag_ipv6
nf_defrag_ipv4
nft_compat
nf_tables
binfmt_misc
ip_set_hash_ipport
pktcdvd
ip_set
nfnetlink
intel_rapl_msr
intel_rapl_common
x86_pkg_temp_thermal
intel_powerclamp
nls_ascii
nls_cp437
btusb
kvm_intel
btrtl
btbcm
vfat
btintel
btmtk
fat
kvm
bluetooth
irqbypass
crc32_pclmul
crypto_simd
xts
ecb
jitterentropy_rng
dm_crypt
ghash_clmulni_intel
cryptd
snd_hda_codec_hdmi
sha512_ssse3
sha512_generic
isofs
sha256_ssse3
rtsx_usb_sdmmc
sha1_ssse3
snd_hda_codec_realtek
wl(POE)
snd_hda_codec_generic
mmc_core
ledtrig_audio
ctr
rtsx_usb_ms
memstick
snd_hda_intel
snd_intel_dspcfg
snd_intel_sdw_acpi
drbg
snd_hda_codec
iTCO_wdt
intel_pmc_bxt
uvcvideo
iTCO_vendor_support
mei_hdcp
at24
watchdog
videobuf2_vmalloc
snd_hda_core
videobuf2_memops
rtsx_usb
rapl
videobuf2_v4l2
ansi_cprng
videobuf2_common
snd_hwdep
intel_cstate
ecdh_generic
intel_uncore
wmi_bmof
ecc
snd_pcm
videodev
sr_mod
cdrom
r8169
cfg80211
realtek
i2c_i801
snd_timer
mc
pcspkr
i2c_smbus
mei_me
ideapad_laptop
mdio_devres
platform_profile
snd
libphy
mei
lpc_ich
soundcore
sparse_keymap
rfkill
ac
battery
button
joydev
sg
coretemp
parport_pc
ppdev
lp
parport
loop
fuse
efi_pstore
dm_mod
configfs
ip_tables
x_tables
autofs4
ext4
crc16
mbcache
jbd2
efivarfs
raid10
raid456
libcrc32c
crc32c_generic
async_raid6_recov
async_memcpy
async_pq
async_xor
xor
async_tx
raid6_pq
raid1
raid0
multipath
linear
md_mod
sd_mod
t10_pi
crc64_rocksoft
crc64
crc_t10dif
crct10dif_generic
hid_generic
usbhid
hid
i915
i2c_algo_bit
drm_buddy
drm_display_helper
ahci
libahci
drm_kms_helper
libata
cec
rc_core
ehci_pci
ehci_hcd
ttm
scsi_mod
usbcore
crct10dif_pclmul
crct10dif_common
drm
psmouse
evdev
crc32c_intel
scsi_common
serio_raw
usb_common
video
wmi
** PCI devices:
00:00.0 Host bridge [0600]: Intel Corporation 2nd Generation Core Processor
Family DRAM Controller [80
Bug#947745: recent version for stable-(updates|backports)
Package: youtube-dl Version: 2019.01.17-1.1 Severity: grave Justification: renders package unusable Dear maintainer, the buster version has quit working with yt. The error message is: "YouTube said: This video is unavailable." 2019.09.28-1 works. Due to the package's volatility (which causes this grave bug) and given its fairly stable dependencies, migrating recent versions into stable-updates might well be the neatest fix to this, imho. See also #908947. Cheers Kevin -- System Information: Debian Release: 10.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages youtube-dl depends on: ii python33.7.3-1 ii python3-pkg-resources 40.8.0-1 Versions of packages youtube-dl recommends: ii aria21.34.0-4 ii ca-certificates 20190110 ii curl 7.64.0-4 ii ffmpeg 7:4.1.4-1~deb10u1 ii mpv 0.29.1-1 ii phantomjs2.1.1+dfsg-2 ii python3-pyxattr 0.6.1-1 ii rtmpdump 2.4+20151223.gitfa8646d.1-2 ii wget 1.20.1-1.1 youtube-dl suggests no packages. -- no debconf information
Bug#730012: nginx: CVE-2013-4547
Hi Christos: Am 25.11.2013 21:07, schrieb Christos Trochalakis: > We are going to backport 1.4.4 as soon as it migrates to testing. Thanks even more. :) FYI: One serious data retention issue is a prime reason for using nginx >= 1.3.7, thus bpo: OCSP stapling. (rfc4366) So presumably there are many more users thankfully looking forward to this update. cheers -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#730012: nginx: CVE-2013-4547
Hi! Thanks a lot for fixing this issue! Is there a chance that the still vulnerable wheezy-backports will soon be either patched or updated? (I know, security does not include bpo.) patch: http://nginx.org/download/patch.2013.space.txt update: 1.4.4 or 1.5.7 will do. (reference: http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html ) brgds -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#602313: ZDI-CAN-925: proftpd TELNET_IAC processing stack overflow vulnerability
Package: proftpd Version: 1.3.1-17lenny4 Severity: critical Tags: security fixed-upstream Hi! Upstream released 1.3.3c on 29-Oct-2010, fixing upsteam bug 3521, which is said to allow remote arbitrary code execution without the need of authentication. For more information, please see http://www.zerodayinitiative.com/advisories/ZDI-10-229/ best regards -- Kevin Price http://www.kevin-price.de/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#502444: sshd fails at boot-time following reload by /etc/network/if-up.d/openssh-server presumably due to race condition
Thanks Colin, that was really 'sharpish' ! Version 5.1p1-5 works fine, as expected. After compiling it for amd64 and purging/reinstalling, I rebooted several times just to make sure. Let's hope this change will make it into lenny. I wouldn't be too concerned about any performance loss caused by 'restart' rather than reload. I'm curious if upstream/openBSD has anything like debian's /etc/network/if-up.d/openssh-server script, and how they solved this issue. All the best! -- Kevin Price http://www.kevin-price.de/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#502444: sshd fails at boot-time following reload by /etc/network/if-up.d/openssh-server presumably due to race condition
Sorry even debug level 3 does not seem to help us any further: Jan 13 22:52:30 leeloo3 sshd[2057]: debug2: fd 3 setting O_NONBLOCK Jan 13 22:52:30 leeloo3 sshd[2057]: debug1: Bind to port 22 on 0.0.0.0. Jan 13 22:52:30 leeloo3 sshd[2057]: Server listening on 0.0.0.0 port 22. Jan 13 22:52:30 leeloo3 sshd[2057]: socket: Address family not supported by protocol Jan 13 22:52:30 leeloo3 sshd[2057]: Received SIGHUP; restarting. That's all process 2057 ever logged before dying. Is there anything else I can do? Please let me know what and whether to leave your patch in /etc/network/if-up.d/openssh-server or to revert it to original. We do have some other lenny servers that don't do this. The difference is that they are already productive and start varios applications, while this one is pretty much naked lenny. Apart from the fact that all our lenny servers run etch kernels (2.6.18-6-amd64) for the time being, for some of the HP server management interfaces to work properly. -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#502444: sshd fails at boot-time following reload by /etc/network/if-up.d/openssh-server presumably due to race condition
I caught it dying under new circumstances this time: /etc/modules is in its original state (no bnx2) /etc/network/if-up.d/openssh-server contains only your patch LogLevel is DEBUG1 Oh and by the way, the ipv6 kernel module is disabled, FWIW. This is where it first starts in the boot process: Jan 13 22:32:45 leeloo3 sshd[2028]: debug1: Bind to port 22 on 0.0.0.0. Jan 13 22:32:45 leeloo3 sshd[2028]: Server listening on 0.0.0.0 port 22. Jan 13 22:32:45 leeloo3 sshd[2028]: socket: Address family not supported by protocol Jan 13 22:32:45 leeloo3 sshd[2028]: Received SIGHUP; restarting. And that was the last message when it died. The next message is when I log onto a console and manually /etc/init.d/ssh start. I'll try to increase the debug level some more. Just let's be patient because of all those reboots I need to go through. Those new generation servers with 8 CPU cores boot debian at ultra speed, but the BIOS takes ages... -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#502444: sshd fails at boot-time following reload by /etc/network/if-up.d/openssh-server presumably due to race condition
Thanks for the patch. It doesn't solve the problem. I reverted my changes back to the original state, and then rebooted to make sure the problem occurs. Then I applied your patch and rebooted, but the error occurred again, but only sometimes. Before your patch, when it failed, it logged this: Jan 13 23:56:50 leeloo3 sshd[2052]: Server listening on 0.0.0.0 port 22. Jan 13 23:56:50 leeloo3 sshd[2052]: Received SIGHUP; restarting. or that: Jan 13 23:46:40 leeloo3 sshd[2323]: Server listening on 0.0.0.0 port 22. Jan 13 23:46:50 leeloo3 sshd[2323]: Received signal 15; terminating. or that: Jan 13 22:16:51 leeloo3 sshd[2134]: Server listening on 0.0.0.0 port 22. Jan 13 22:16:51 leeloo3 sshd[2142]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use. When it worked, it just logged the first line of those. Now after applying your patch, it still logs the "SIGHUP" message and fails, or it logs only the first message and then works. Note that during this boot process the driver for the built-in NICs, bnx2, loads pretty late. Its last ready messages come even after the login prompt: bnx2: eth1 NIC Link is Up, 1000 Mbps full duplex bnx2: eth0 NIC Link is Up, 1000 Mbps full duplex The /etc/network/interfaces contains "allow-hotplug" for eth0 and eth1. I tried adding bnx2 to /etc/modules, causing the module to be loaded sooner, and couldn't seem to make it fail that way. But I'm still rebooting that machine over and over, trying to get somewhat reliable information. (race condition) -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#495581: this is fixed
Thijs Kinkhorst schrieb: > I'm specifically concerned about this statement of yours: > >>> Justification: introduces a security hole on systems where you install >>> the packages > > That definately does not hold, but it may give the impression to users that > all systems running Postfix are vulnerable, which is very far from reality. > I'm not quite concerned about which exact severity level a given bug has, > since that's quite abstract, but I am advocating to be careful with factual > statements about the impact of the vulnerability as you did above. Ah thank you. I had borrowed the words from the possible justifications of "critical" at http://release.debian.org/etch/rc_policy.txt and ment this only as distinction from grave being "introduces a security hole allowing access to the accounts of users who use the package" which applies much less. I know that most postfix users were not affected. So it would have been better to leave that line away, or to add a limitation like "under certain circumstances". cheers -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#495581: this is fixed
Thijs Kinkhorst schrieb: > Version: 2.3.8-2etch1 Ah, thank you. >> Justification: introduces a security hole on systems where you install >> the packages > > Huh? Have you read the author's announcement? It does no such thing on Debian > systems - it only introduces a local security hole on systems where you > (quite specifically) change the shipped configuration. Sure I read it. That's why I forwarded it to you. > The issue is now fixed in all distributions, so no need to argue over > severity - I'm rather closing this bug. FACK > But in the future please be more > careful when making statements about the impact of vulnerabilities. Please help me understand how you would have preferred me to report this, so next time I can do it right. From what I understand, security holes are critical or grave bugs, depending on whether a local account or the system are affected (can possibly be modified/compromised) In this case, it is the whole system, provided that the mail system is configured in a specific way, because not only a user using postfix may be affected, but also files belonging to other users or root. Why does this not justify critical? Would you really believe that grave would be more appropriate? Why? -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#495581: Acknowledgement (Postfix local privilege escalation via hardlinked symlinks)
tags 495581 - lenny sid fixed 495581 2.5.2-2lenny1 fixed 495581 2.5.4-1 thanks -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#480310: [ixp4xx] armel NSLU2 fails to boot with 2.6.25
Martin Michlmayr schrieb: > This has been fixed in version 2.6.25-3 of linux-image-2.6.25-2-ixp4xx > which is now in unstable. Would be great if you (Paul, Kevin) could > confirm it works. Yes, confirmed. It works nicely for me. I re-flashed the old apex from debian, and set modules=most in initramfs.conf. before installing 2.6.25-3. The initrd became 3840262 bytes small, which is fine. All the necessary modules are there too. Thanks a lot for that good piece of work! -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#480310: [ixp4xx] armel NSLU2 fails to boot with 2.6.25
Kevin Price schrieb: > Martin Michlmayr schrieb: >> The 2.6.26-rc2 test image is available from >> http://people.debian.org/~tbm/armel/kernel/r11383/ >> The fixed 2.6.25 package will be uploaded in the near future. > > At least the 2.6.26-rc2 makes my slug unbootable. Again, I need some > time to hook the serial console up to figure out why. (Wish I had a > USB/RS232 adaptor around) I'll let you know as soon as I can. Your 2.6.26-rc2 works. The reason it didn't boot seems to have been a wrong combination of apex / initramfs-configuration, my fault. It's OK. (Thanks for|Keep up) the great work. Kevin signature.asc Description: OpenPGP digital signature
Bug#480310: [ixp4xx] armel NSLU2 fails to boot with 2.6.25
Martin Michlmayr schrieb: > The 2.6.26-rc2 test image is available from > http://people.debian.org/~tbm/armel/kernel/r11383/ > The fixed 2.6.25 package will be uploaded in the near future. At least the 2.6.26-rc2 makes my slug unbootable. Again, I need some time to hook the serial console up to figure out why. (Wish I had a USB/RS232 adaptor around) I'll let you know as soon as I can. Kevin signature.asc Description: OpenPGP digital signature
Bug#480310: [ixp4xx] armel NSLU2 fails to boot with 2.6.25
Martin Michlmayr schrieb: > You'll also need the patch from #421359, otherwise the new APEX is not > written to flash. Yeah. I was thinking from a more low-level point of view and flashed the apex binary myself with the script. The result is good: The large initrd (modules=all) boots fine with that. That was because I dislike the idea about the imaginary version 1.5.14. Is it more appropriate to name it something like 1.5.13+gf1 ? I'll give it a try. > bugs. Another minor issue is that it would be nice to get more > feedback on the patch in #421359. I hope I can help that a little. > cross-compile would be fine. I just don't have a cross-compiler for > armel. Native or qemu would work too, but are slower. OK. Is the rc1 already debianized anywhere? Otherwise we might as well go for rc2. Kevin -- http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#480310: [ixp4xx] armel NSLU2 fails to boot with 2.6.25
Martin Michlmayr schrieb: > Kevin, since you have a serial console, are you interested in testing > the patches in #451882 and #421359? Yes. My slug is now compiling apex-1.4.15 with the patch from #451882 (CONFIG_RAMDISK_SIZE=0x0050) I am curious if this solves this bug and I will let you know. BTW: What is keeping the patches from moving into sid? I'd love to see a more current apex version in lenny. > debian-arm people in general: anyone with a armel compiler who's > interested in compiling and testing 2.6.26-rc1 on armel? Would that need to be a native or cross-compiler or is the qemu arm emulation reliable enough for such compilation jobs? Somehow I recall that the emulation was said to be unsuitable to be employed as buildds. Kevin -- http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature
Bug#382767: nslu2-utils: NSLU2_IXP400_REQUIRED=true is ignored
Subject: nslu2-utils: NSLU2_IXP400_REQUIRED=true is ignored Package: nslu2-utils Version: 0.10+r58-4 Severity: critical Justification: breaks the whole system When updating from 0.10+r58-3 to 0.10+r58-4 the firmware gets flashed although the option NSLU2_IXP400_REQUIRED is set to true ans there is no ipx400 module. This breaks the slugs by making it unbootable. The user hast to flash a working firmware with upslug. * screenshot: Unpacking replacement slugimage ... Preparing to replace nslu2-utils 0.10+r58-3 (using .../nslu2-utils_0.10+r58-4_arm.deb) ... Unpacking replacement nslu2-utils ... Setting up libklibc (1.4.11-3) ... Setting up klibc-utils (1.4.11-3) ... Setting up libtiff4 (3.8.2-6) ... Setting up slugimage (0.10+r58-4) ... Setting up nslu2-utils (0.10+r58-4) ... update-initramfs: Generating /boot/initrd.img-2.6.16-2-nslu2 Warning: ixp400_eth ethernet driver not found, not included on image Error: This system has the ixp400_eth module loaded; not creating initramfs image that does not contain the module. To force creation of an image without the module, set NSLU2_IXP400_REQUIRED=false in /etc/mkinitramfs/nslu2.conf Flashing initramfs: done. Flashing kernel: done. Do you want to erase any previously downloaded .deb files? [Y/n] Press enter to continue. * See also the thread at http://lists.debian.org/debian-arm/2006/08/msg00033.html -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: arm (armv5tel) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-1-nslu2 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages nslu2-utils depends on: ii devio 1.2-1 correctly read (or write) a region ii slugimage 0.10+r58-4 NSUL2 firmware image manipulation nslu2-utils recommends no packages. -- no debconf information -- http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=214656 http://www.amazon.de/gp/registry/wishlist/1STJFWXVXM083/ ICQ#75570407 signature.asc Description: OpenPGP digital signature
