Bug#997504: terminator: FTBFS: dh_auto_test: error: pybuild --test --test-pytest -i python{version} -p 3.9 returned exit code 13
Hi Jochen, On Sun, 2021-11-28 at 15:30 +0100, Jochen Sprickerhof wrote: > The actual problem is that libgtk-3-0 version 3.24.30-1 drops the > dependency on librest-0.7-0 which brought in gsettings-desktop-schemas > which seems to be the missing build dependency as this works for unstable: > > sbuild terminator --add-depends gsettings-desktop-schemas > > Assigning back, accordingly, though I'm not sure if there should be an > other bug for python3-gi or the gtk backtrace above. Thank you very much for the analysis, I'm not very deep into desktop basics around GTK yet. Will push a fix soon. Best Regards Markus Frosch
Bug#997504: marked as pending in terminator
Control: tag -1 pending Hello, Bug #997504 in terminator reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/python-team/packages/terminator/-/commit/007ce5f5390880edeea8cf8a12b00408f398b362 Add missing dependency for gsettings-desktop-schemas Closes: #997504 (this message was generated automatically) -- Greetings https://bugs.debian.org/997504
Bug#985543: yubikey-luks: after upgrade and reboot - yubikey "not detected" (but blinking)
Hi Jerome, On Sat, 2021-03-20 at 12:29 -0400, Jerome Charaoui wrote: > I've attempted, but was unable, to reproduce this bug. > > I set up the yubikey-luks challenge-response on a fresh stretch system, > and after upgrading to bullseye, it was working as before, which > suggests the package is working as intended even after a release upgrade. > > I'm wondering if your bug could actually be related to an update in the > kernel or usb subsystem itself, rather than the yubikey-luks package? > > Did you try booting up using a live system such as Grml and trying to > unlock your luks filesystem manually in that environment? Thanks for verifying, I just re-confirmed it working on my test VMs without any problems (from a fresh install). And thanks for tagging! :) Regards Markus
Bug#985543: yubikey-luks: after upgrade and reboot - yubikey "not detected" (but blinking)
Hi Daniel, On Sun, 2021-03-21 at 13:52 +0200, Daniel Hevron Pereh wrote: > I successfully managed to unlock my LUKS partition by generating the response > on a different machine (with package 'ykpersonalize' using the command > 'ykchalresp') and typing it manually. the system was updated as I thought. > > My system recognized my yubikey when it was unlocked and I could do the usual > operation I'm using it for. the chalresp OTP slot works as usual as well for > other oprations. > > Tried to do another update and rebooted the system, still no luck with the > yubikey itself. > > As for your suggestion, I'll try to unlock it with the yubikey-luks package on > a live system and report back. Sorry you are having problems with the integration. Could you share a few details? * dpkg -l "*yubi*" * dpkg -l "*cryptsetup*" * cat /etc/crypttab * Screenshots of the prompt, error messages, maybe boot in recovery mode You should always be able to unlock with any other passphrase, as long as the YubiKey is not present, I hope this works for you? Also make sure you have updated initramfs, after upgrading yubikey-luks: update- initramfs -uv Best Regards Markus Frosch
Bug#984709: yubikey-luks: Stop exposing challenge in process list
Hi Christian, On Sun, 2021-03-07 at 15:44 +0100, Christian Kastner wrote: > Looking at the upstream yubikey-luks repository, I noticed what seems to > be an important recent fix, namely for the password (used as the yubikey > challenge) being exposed in the process list: > > https://github.com/cornelinux/yubikey-luks/pull/63 > > This affects stable, too. > > The fix from the PR seems simple enough, it just changes four LOC. > > I looked at the (non-whitespace, non-documentation) diff between our > current version and HEAD, and it's not that big. Perhaps the RT would be > even be willing to ACK an update to HEAD. Thanks for reporting, haven't been following upstream for a while since I don't use the package actively anymore. Due to lack of time, I'll upload a minimal patch for now. Feel free to join in maintaining. Regards Markus
Bug#979063: php-font-lib: Useless in Debian
Package: php-font-lib Version: 0.3.1+dfsg-3.1 Severity: serious X-Debbugs-Cc: taf...@debian.org, only...@debian.org, hol...@debian.org [ Trying to remove the package from bullseye at least ] Similar to php-dompdf [1], this package is pretty useless for bullseye, since it is only needed by php-dompdf, which is not depent on by any package in testing. Only possible candidate would be civicrm [2], which seems not be able to make it to bullseye. Also see the orphan [3]. Best Regards Markus Frosch [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979022 [2] https://tracker.debian.org/pkg/civicrm [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978995
Bug#969788: Fwd: Re: Bug#969788: nextcloud-desktop: Upgrade removed part of configuration
Control: severity -1 important
Somehow this message didn't reach the BTS...
Forwarded Message
Von: Sandro Knauß
An: Tobias Frost , 969...@bugs.debian.org, Markus Frosch <
lazyfro...@debian.org>, Erwan David
Betreff: Re: Bug#969788: nextcloud-desktop: Upgrade removed part of
configuration
Datum: Thu, 24 Sep 2020 21:04:34 +0200
> Control: severity 969576 important
>
> Hey,
>
> from my side it seems like not many people have the problem that the
> configuration is lost while doing the upgrade. So I think, it is just a
> normal
> bug you found. Please report it upstream and provide us the url, so that we
> can track the upstream status.
>
> hefee
>
> --
> On Donnerstag, 10. September 2020 20:16:48 CEST you wrote:
> > On Thu, 10 Sep 2020 19:27:37 +0200 Tobias Frost wrote:
> > > I'll see if I can find some logs…
> >
> > Ok, it seems so that my instance deletes its configuration itself…
> >
> > But I think that needs a word on my configuration:
> > ~/Documents is synced with my Nextcloud intance
> > I have setup XDG_DATA and XDG_CONFIG to be on
> > ~/Documents/XDG/$hostname/{XDG_DATA XDG_CONFIG}
> > (to be able to share XDG configurations files on complicant apps more easy
> > between PCs)
> >
> > ~/Documents/XDG/isildor/XDG_CONFIG/Nextcloud is a symlink to
> > ~/.config/Nextcloud (so it is not on the share)
> >
> > It seems that nextcloud app is deleting that file, (following the symlink)
> >
> > Of course this could be a read herring, as I naively tried to reconfigure
> > the nextcloud without deleting Documents and I just got conflict everywhere
> > now.
> >
> > It is possible the the app is following the symlink and thinks, hey , file
> > not on the nextcloud server, delete it… Could be another bug though; (I
> > guess it should not follow symlinks, at least it used to ignore symlinks
> > when syncing to servers)
> >
> > Next step I'll try a fresh resync…
>
> --
> Mein öffentlicher Schlüssel / My public key: E68031D299A6527C
> Fingerabdruck / Fingerprint:
> D256 4951 1272 8840 BB5E 99F2 E680 31D2 99A6 527C
> Runterladen z.B. bei/ Get it e.g. here:
> pool.sks-keyservers.net, ...
>
> Ich habe meinen Schlüssel 2015 gewechselt / I've switched my GnuPG key 2015.
> Hier ein Dokument, was meinen Wechsel deutlich macht ( mit beiden Schlüsseln
> unterschrieben)
> Here's a document, that proves I wanted to do this switch ( it is signed by
> both keys)
> http://sandroknauss.de/files/transition2015.asc
--
mar...@lazyfrosch.de
https://lazyfrosch.de
Bug#969788: nextcloud-desktop: Upgrade removed part of configuration
tags -1 + moreinfo upstream thanks On Tue, 08 Sep 2020 08:29:17 +0200 Erwan David wrote: > Package: nextcloud-desktop > Version: 3.0.1-1 > Severity: grave > Justification: causes non-serious data loss > > I had 3 synchronized folders, after upgrade I had only the first defined, configuration of other synchronized folders was lost. I've upgraded from 2.x to 3.x yesterday, apt full-upgrade, restart client, reboot. No problems whatsoever, so I can not confirm the problem... I'm having 2 accounts configured, multiple folders, and also selective choice for which sub-folders are synchronized. Can anyone confirm the problems of Erwan? Regards Markus -- lazyfro...@debian.org https://lazyfrosch.de
Bug#968395: Stretch update of {{ package }}?
Hi Emilio,
On Fri, 2020-08-14 at 12:40 +0200, Emilio Pozuelo Monfort wrote:
> The Debian LTS team would like to fix the security issues which are
> currently open in the Stretch version of {{ package }}:
>
I'm not aware of any security issues with Terminator.
Not sure why went wrong here, apart from the template rendering.
Cheers
Markus
--
lazyfro...@debian.org
https://lazyfrosch.de
Bug#959856: [Python-apps-team] Bug#959856: terminator: ships /usr/share/icons/hicolor/icon-theme.cache
On Mon, 2020-05-18 at 19:05 +0200, Adrian Vondendriesch wrote: > I wasn't able to find any way to tell pybuild to pass any argument right > after "python3 setup.py" and the action it should call (for instance > "install"). Passing --install-args to pybuild doesn't work. Therefor I > did the same thing as in commit 2271ffc9. Overwrite dh_auto_-install. Thanks for the patch Adrian, but I think the best way for now is to purge the file after dh_auto_install. I want to remove the "feature" in 2.0 anyways: https://github.com/gnome-terminator/terminator/issues/102 Thanks Markus -- lazyfro...@debian.org https://lazyfrosch.de
Bug#959856: marked as pending in terminator
Control: tag -1 pending Hello, Bug #959856 in terminator reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/python-team/applications/terminator/-/commit/864a8b8e939ff602839f4862052ed7c5b43eecc3 rules: Remove any icon cache file after install Closes: #959856 (this message was generated automatically) -- Greetings https://bugs.debian.org/959856
Bug#959893: appstream-generator: Link against libglibd-2.0.so broken
Package: appstream-generator Version: 0.8.1-1+b1 Severity: grave Justification: renders package unusable Hi maintainer, the package possible needs rebuilding. > appstream-generator: error while loading shared libraries: libglibd-2.0.so: > cannot open shared object file: No such file or directory libglibd-2.0 now has an explicit .0 suffix version: > $ apt-file search libglibd-2.0.so > libglibd-2.0-0: /usr/lib/x86_64-linux-gnu/libglibd-2.0.so.0 > libglibd-2.0-0: /usr/lib/x86_64-linux-gnu/libglibd-2.0.so.2.1.0 > libglibd-2.0-dev: /usr/lib/x86_64-linux-gnu/libglibd-2.0.so Adding a symlink helps, but not sure why this happened. > ln -s libglibd-2.0.so.0 /usr/lib/x86_64-linux-gnu/libglibd-2.0.so Regards Markus -- System Information: Debian Release: bullseye/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.6.0-1-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_CRAP Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages appstream-generator depends on: ii libappstream40.12.10-2 ii libarchive13 3.4.0-2 ii libc62.30-4 ii libcairo21.16.0-4 ii libfontconfig1 2.13.1-4 ii libfreetype6 2.10.1-2 ii libgcc-s110-20200418-1 ii libgdk-pixbuf2.0-0 2.40.0+dfsg-4 ii libglib2.0-0 2.64.2-1 ii libjs-highlight.js 9.12.0+dfsg1-5 ii libjs-jquery-flot0.8.3+dfsg-1 ii liblmdb0 0.9.24-1 ii libpango-1.0-0 1.44.7-4 ii libphobos2-ldc-shared90 1:1.20.1-1 ii librsvg2-2 2.48.3-1 Versions of packages appstream-generator recommends: ii ffmpeg 7:4.2.2-1+b1 ii optipng 0.7.7-1+b1 appstream-generator suggests no packages. -- no debconf information
Bug#921131: taking over yum-utils
Am 22.02.19 um 10:26 schrieb Holger Levsen: > please adopt yum-utils and get the changes from experiemental into > sid/buster before the freeze is fully in effect. You still have almost a > week to do that! ;) > > Also if you do that, please dont forget to include the changes from my > NMU. > > If you need any help or advice, please shout! Hey Holger, thanks I just did so, and uploaded a new version. During testing I noticed the "refactoring" patch actually broke logging, and therefor reposync working. I fixed it with an additional patch: https://salsa.debian.org/pkg-rpm-team/yum-utils/commit/0c946a3b072b921a96d1b47a9653367db74d5cf0 Upstream has applied more refactoring, I will rebase our patches at a later point, for now it should work. Cheers Markus Frosch -- mar...@lazyfrosch.de / lazyfro...@debian.org https://lazyfrosch.de signature.asc Description: OpenPGP digital signature
Bug#921131: CVE-2018-10897
On Sat, 02 Feb 2019 00:46:12 +0100 Moritz Muehlenhoff wrote: > Package: yum-utils > Severity: grave > Tags: security > > This was assigned CVE-2018-10897: > https://bugzilla.redhat.com/show_bug.cgi?id=1600221 > https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c > https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c > https://github.com/rpm-software-management/yum-utils/pull/43 I'm not sure how active Mike is currently. Since I'm using the package in a multi distro build system, I would proceed with uploading a fix and join as co-maintainer. I already created a salsa project: https://salsa.debian.org/debian/yum-utils @Mike: Can I get a short approval? Also: Is the experimental upload ready for buster? Cheers Markus Frosch -- mar...@lazyfrosch.de / lazyfro...@debian.org https://lazyfrosch.de signature.asc Description: OpenPGP digital signature
Bug#918149: terminator in buster
Hey Julian, thanks for responding. Since testing the Python 3 patch by Emilio, I would love to push this to buster as well. I requested to join PAPT, and am waiting for an response on that. If you all agree, I will take care of that and join the maintainer team. Regards Markus P.S. If one of you can add me to PAPT, I would appreciate some help :) Am 28.01.19 um 21:55 schrieb Julián Moreno Patiño: > Hello Markus, > > This package is team maintained, you are welcome at board. > > At the moment I am a little bit busy. Just go ahead with your NMU to > fix the RC bug. > > Kind regards, > > El dom., 27 ene. 2019 a las 7:00, Markus Frosch > () escribió: >> >> Hey all, >> is anyone taking care about the RC bug [2] in terminator[1] for upcoming >> buster? >> >> I plan to do an NMU over the next days, if no one says stop. >> >> I've seen that Emilio did some Python 3 work in experimental, is that >> ready for unstable? What's the upstream work on this? >> >> Maybe I'm going to adopt the package as well, since I'm using >> terminator. Anyone opposes that? >> >> Cheers >> Markus Frosch >> >> [1] https://tracker.debian.org/pkg/terminator >> [2] https://bugs.debian.org/918149 >> >> -- >> mar...@lazyfrosch.de / lazyfro...@debian.org >> https://lazyfrosch.de >> > > -- mar...@lazyfrosch.de / lazyfro...@debian.org https://lazyfrosch.de signature.asc Description: OpenPGP digital signature
Bug#918149: terminator in buster
Hey all, is anyone taking care about the RC bug [2] in terminator[1] for upcoming buster? I plan to do an NMU over the next days, if no one says stop. I've seen that Emilio did some Python 3 work in experimental, is that ready for unstable? What's the upstream work on this? Maybe I'm going to adopt the package as well, since I'm using terminator. Anyone opposes that? Cheers Markus Frosch [1] https://tracker.debian.org/pkg/terminator [2] https://bugs.debian.org/918149 -- mar...@lazyfrosch.de / lazyfro...@debian.org https://lazyfrosch.de signature.asc Description: OpenPGP digital signature
Bug#918260: ruby-protected-attributes: Depends: ruby-activemodel (< 2:5.0) but 2:5.2.0+dfsg-2 is to be installed
Control: affects -1 redmine If I understood this right, this Gem provides extra functionality for ruby-rails, and is obsolete with rails 5.0 Problems: - rails is not migrated to testing yet - Autoremoval logic seems to want to remove way more packages than actually affected - redmine is the actual dependency as it seems Redmine (from its Gemfile) actually no longer mentions "protected_attibutes". Suggestion: Update redmine dependencies Still a problem: Why dependency resolver wants to remove seemingly unrelated packages? Anything I can help with? Cheers Markus Frosch Note from https://tracker.debian.org/pkg/ruby-protected-attributes: Version 1.1.4-2 of ruby-protected-attributes is marked for autoremoval from testing on Sun 17 Feb 2019. It is affected by #918260. The removal of ruby-protected-attributes will also cause the removal of (transitive) reverse dependencies: coquelicot, librarian-puppet, r10k, redmine, redmine-plugin-custom-css, redmine-plugin-local-avatars, redmine-plugin-pretend, ruby-fast-gettext, ruby-gettext-i18n-rails, ruby-gettext-i18n-rails-js, ruby-gettext-setup, ruby-haml-magic-translations, ruby-puppet-forge, samizdat. You should try to prevent the removal by fixing these RC bugs. -- mar...@lazyfrosch.de / lazyfro...@debian.org https://lazyfrosch.de signature.asc Description: OpenPGP digital signature
Bug#911734: yubikey-luks: enrolling yubikey does not work
Control: tags -1 + fixed pending Hey Norbert, Am 24.10.18 um 05:29 schrieb Norbert Preining: > I want to use my yubikey (Neo) for unlocking the LUKS volume > of my laptop, and did the necessary steps of initialization > as well as > yubikey-enroll-luks -d /dev/sdaN > for my luks device. > > Enrollment did not report any errors whatsoever. > > Albeit, rebooting didn't allow me to use the yubikey and only the > complete passphrase is accepted. The enroll script swallowed errors when he had access problems with the Yubikey. Should be fixed with 0.5.1+29.g5df2b95-1. Make sure to also check NEWS and README.md Cheers Markus Frosch -- mar...@lazyfrosch.de / lazyfro...@debian.org https://lazyfrosch.de
Bug#913556: apt-show-versions: Max. recursion depth with nested structures exceeded
On 12.11.18 17:16, Christoph Martin wrote: > please try for me to change the value in line 271 from 65536 to a higher > value which is high enough for your sources.list . > > What do you have in sources.list ? Interesting, so this value relates to the amount of packages? #$Storable::recursion_limit_hash = 65536; $Storable::recursion_limit_hash = 123456; $ dpkg-reconfigure apt-show-versions ** initializing cache. This may take a while ** # works! I have a "few" sources enabled, buster, debug, and third-party. (with multi-arch enabled) - Added details on repos and counts as an attachment! $ grep -r ^deb sources.list sources.list.d/*.list | wc -l 15 $ apt list | wc -l 117049 Cheers Markus Frosch -- mar...@lazyfrosch.de / lazyfro...@debian.org https://lazyfrosch.de sources.list:deb http://httpredir.debian.org/debian buster main contrib non-free sources.list:deb-src http://httpredir.debian.org/debian buster main contrib non-free sources.list.d/atom.list:deb [arch=amd64] https://packagecloud.io/AtomEditor/atom/any/ any main sources.list.d/debian-debug.list:deb http://debug.mirrors.debian.org/debian-debug/ testing-debug main sources.list.d/docker.list:deb [arch=amd64] https://download.docker.com/linux/debianstretchstable sources.list.d/enpass.list:deb http://repo.sinew.in/ stable main sources.list.d/enpass.list:deb http://repo.sinew.in/testing testing beta sources.list.d/google-chrome.list:deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main sources.list.d/insync.list:deb http://apt.insynchq.com/debian stretch non-free contrib sources.list.d/keybase.list:deb http://prerelease.keybase.io/deb stable main sources.list.d/microsoft.list:deb [arch=amd64] https://packages.microsoft.com/ubuntu/18.04/prod bionic main sources.list.d/packagecloud.list:deb https://packagecloud.io/lazyfrosch/notebook/debian/ buster main sources.list.d/spotify.list:deb http://repository.spotify.com stable non-free sources.list.d/teamviewer.list:deb http://linux.teamviewer.com/deb stable main sources.list.d/teamviewer.list:deb http://linux.teamviewer.com/deb preview main apt.insynchq.com_debian_dists_stretch_contrib_binary-amd64_Packages:7 apt.insynchq.com_debian_dists_stretch_contrib_binary-i386_Packages:7 apt.insynchq.com_debian_dists_stretch_non-free_binary-amd64_Packages:2 apt.insynchq.com_debian_dists_stretch_non-free_binary-i386_Packages:2 debug.mirrors.debian.org_debian-debug_dists_testing-debug_main_binary-amd64_Packages:16055 debug.mirrors.debian.org_debian-debug_dists_testing-debug_main_binary-i386_Packages:15907 dl.google.com_linux_chrome_deb_dists_stable_main_binary-amd64_Packages:3 download.docker.com_linux_debian_dists_stretch_stable_binary-amd64_Packages:21 httpredir.debian.org_debian_dists_buster_contrib_binary-amd64_Packages:279 httpredir.debian.org_debian_dists_buster_contrib_binary-i386_Packages:270 httpredir.debian.org_debian_dists_buster_main_binary-amd64_Packages:56046 httpredir.debian.org_debian_dists_buster_main_binary-i386_Packages:55805 httpredir.debian.org_debian_dists_buster_non-free_binary-amd64_Packages:608 httpredir.debian.org_debian_dists_buster_non-free_binary-i386_Packages:535 linux.teamviewer.com_deb_dists_preview_main_binary-amd64_Packages:14 linux.teamviewer.com_deb_dists_preview_main_binary-i386_Packages:13 linux.teamviewer.com_deb_dists_stable_main_binary-amd64_Packages:10 linux.teamviewer.com_deb_dists_stable_main_binary-i386_Packages:9 packagecloud.io_AtomEditor_atom_any_dists_any_main_binary-amd64_Packages:51 packagecloud.io_lazyfrosch_notebook_debian_dists_buster_main_binary-amd64_Packages:5 packagecloud.io_lazyfrosch_notebook_debian_dists_buster_main_binary-i386_Packages:2 packages.microsoft.com_ubuntu_18.04_prod_dists_bionic_main_binary-amd64_Packages:144 prerelease.keybase.io_deb_dists_stable_main_binary-amd64_Packages:1 prerelease.keybase.io_deb_dists_stable_main_binary-i386_Packages:1 repo.sinew.in_dists_stable_main_binary-amd64_Packages:23 repo.sinew.in_dists_stable_main_binary-i386_Packages:19 repo.sinew.in_testing_dists_testing_beta_binary-amd64_Packages:7 repo.sinew.in_testing_dists_testing_beta_binary-i386_Packages:6 repository.spotify.com_dists_stable_non-free_binary-amd64_Packages:4 repository.spotify.com_dists_stable_non-free_binary-i386_Packages:3
Bug#913556: apt-show-versions: Max. recursion depth with nested structures exceeded
Package: apt-show-versions Version: 0.22.9 Severity: grave Justification: renders package unusable Hello Maintainer, this might be connected to #913477, but I'm not sure. Since upgrading to current testing today the package broke during configure. Might be related to the latest perl transition. $ apt install -f Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libperl5.26 myspell-de-de perl-modules-5.26 Use 'sudo apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 1 not fully installed or removed. After this operation, 0 B of additional disk space will be used. Setting up apt-show-versions (0.22.9) ... ** initializing cache. This may take a while ** Max. recursion depth with nested structures exceeded at /usr/lib/x86_64-linux-gnu/perl/5.28/Storable.pm line 278, at /usr/bin/apt-show-versions line 273. dpkg: error processing package apt-show-versions (--configure): installed apt-show-versions package post-installation script subprocess returned error exit status 25 Errors were encountered while processing: apt-show-versions -- System Information: Debian Release: buster/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apt-show-versions depends on: ii apt 1.7.0 ii libapt-pkg-perl 0.1.34+b1 ii perl [libstorable-perl] 5.28.0-3 apt-show-versions recommends no packages. apt-show-versions suggests no packages. -- no debconf information
Bug#851671: icinga-web: Mysql error: Specified key was too long; max key length is 767 bytes
Control: forwarded -1 https://github.com/Icinga/icinga-web/issues/1382 On 17.01.2017 14:09, John Lines wrote: > Package: icinga-web > Version: 1.13.1-2 > Severity: normal > > Dear Maintainer, > > *** Reporter, please consider answering these questions, where appropriate *** > > On installing icinga-web, with default-mysql-server already freshly > installed I receive the message > > mysql said: ERROR 1071 (42000) at line 18: Specified key was too long; > max key length is 767 bytes > > The problem would appear to be in line 18 of > /usr/share/dbconfig-common/data/icinga-web/install/mysql > > which attempts to create the nsm_session table. > > With the default UTF encoding it seems varchar(255) is larger than > session_id is allowed to be. > > I have worked around it by specifying varchar(125) > > A dpkg-reconfigure icinga-web then succeeded Thanks for the report, I think the explicit character set would be the best solution. Testing pending. Cheers Markus Frosch -- mar...@lazyfrosch.de / lazyfro...@debian.org http://www.lazyfrosch.de
Bug#851585: [Pkg-nagios-devel] Bug#851585: icinga2-ido-mysql: fails to upgrade from 'jessie': mysql said: ERROR 1067 (42000) at line 10: Invalid default value for 'status_update_time'
Hello Release team - top post for referencing- I'd like to ask you about views of this bug. We can do the following: 1) Update icinga2 to 2.6.1 which includes some other useful changes (see below) 2) stretch-ignore the bug, since MySQL 5.7 won't be included in stretch (Problem: backports might make a problem then) I could also patch some of the crashing issues, but would rather prefer 2.6.1 as a cleaner update to maintain in stretch. Note: I'm affiliated with upstream, but want to maintain the package as conform as possible. In my perspective the cleanest way would be to use the minor release. Please advise me, I left the diff out since it won't be helpful in discussion. Interesting Icinga2 2.6.1 changes: * Fixes an internal crash bug during check execution * SIGPIPE crash (currently fixed in sysVinit script) * Timestamp problems with PostgreSQL (incorrect datetime) * Updating IDO schema to conform with MySQL >= 5.7 (big diff with lots of fields) * Documentation and project links (that might be helpful for users) Full issue list: https://github.com/Icinga/icinga2/milestone/60?closed=1 On 16.01.2017 17:33, Andreas Beckmann wrote: > Package: icinga2-ido-mysql > Version: 2.6.0-2 > Severity: serious > User: debian...@lists.debian.org > Usertags: piuparts > > Hi, > > during a test with piuparts I noticed your package fails to upgrade from > 'jessie'. > It installed fine in 'jessie', then the upgrade to 'sid' fails. > >>From the attached log (scroll to the bottom...): > > Setting up icinga2-common (2.6.0-2) ... > Installing new version of config file /etc/default/icinga2 ... > Installing new version of config file /etc/icinga2/conf.d/commands.conf ... > Installing new version of config file /etc/icinga2/conf.d/downtimes.conf ... > Installing new version of config file /etc/icinga2/conf.d/groups.conf ... > Installing new version of config file > /etc/icinga2/conf.d/notifications.conf ... > Installing new version of config file /etc/icinga2/conf.d/services.conf ... > Installing new version of config file /etc/icinga2/conf.d/templates.conf ... > Installing new version of config file /etc/icinga2/constants.conf ... > Installing new version of config file > /etc/icinga2/features-available/api.conf ... > Installing new version of config file /etc/icinga2/icinga2.conf ... > Installing new version of config file > /etc/icinga2/scripts/mail-host-notification.sh ... > Installing new version of config file > /etc/icinga2/scripts/mail-service-notification.sh ... > Installing new version of config file /etc/init.d/icinga2 ... > Installing new version of config file /etc/logrotate.d/icinga2 ... > Created symlink /etc/systemd/system/multi-user.target.wants/icinga2.service > → /lib/systemd/system/icinga2.service. > Running in chroot, ignoring request. > invoke-rc.d: policy-rc.d denied execution of start. > Setting up icinga2-bin (2.6.0-2) ... > Setting up icinga2-ido-mysql (2.6.0-2) ... > Determining localhost credentials from /etc/mysql/debian.cnf: succeeded. > dbconfig-common: writing config to > /etc/dbconfig-common/icinga2-ido-mysql.conf > Replacing config file /etc/dbconfig-common/icinga2-ido-mysql.conf with new > version > creating database backup in > /var/cache/dbconfig-common/backups/icinga2-ido-mysql_2.1.1-1.2017-01-13-09.37.09. > applying upgrade sql for 2.1.1-1 -> 2.2.0. > error encountered processing > /usr/share/dbconfig-common/data/icinga2-ido-mysql/upgrade/mysql/2.2.0: > mysql said: ERROR 1067 (42000) at line 10: Invalid default value for > 'status_update_time' > dbconfig-common: icinga2-ido-mysql configure: aborted. > dbconfig-common: flushing administrative password > dpkg: error processing package icinga2-ido-mysql (--configure): >subprocess installed post-installation script returned error exit status 1 > > This was observed during a jessie->sid upgrade which picked a mysql-5.5 -> > mysql-5.7 upgrade for the database server. > Feel free to downgrade the severity if this bug is specific to that weird > combination. > > > cheers, > > Andreas > > > > ___ > Pkg-nagios-devel mailing list > pkg-nagios-de...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-nagios-devel > Cheers Markus Frosch -- mar...@lazyfrosch.de / lazyfro...@debian.org http://www.lazyfrosch.de signature.asc Description: OpenPGP digital signature
Bug#853075: ruby-minitar: diff for NMU version 0.5.4-3.1
On 30.01.2017 07:08, Salvatore Bonaccorso wrote: > I've prepared an NMU for ruby-minitar (versioned as 0.5.4-3.1) and > uploaded it to DELAYED/5. Please feel free to tell me if I > should delay it longer. Thanks Salvatore, I'm perfectly fine with that. Should I take care about the migration to stretch? Or is there some new auto-security mechanism? :) Cheers Markus Frosch -- mar...@lazyfrosch.de / lazyfro...@debian.org http://www.lazyfrosch.de signature.asc Description: OpenPGP digital signature
Bug#850215: [pkg-php-pear] Bug#850215: zendframework: CVE-2016-10034
On 05.01.2017 07:01, Salvatore Bonaccorso wrote: > Source: zendframework > Version: 1.12.9+dfsg-1 > Severity: grave > Tags: upstream security > Justification: user security hole > > Hi, > > the following vulnerability was published for zendframework. > > CVE-2016-10034[0]: > | The setFrom function in the Sendmail adapter in the zend-mail > | component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and > | Zend Framework before 2.4.11 might allow remote attackers to pass > | extra parameters to the mail command and consequently execute > | arbitrary code via a \" (backslash double quote) in a crafted e-mail > | address. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2016-10034 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10034 > > Please adjust the affected versions in the BTS as needed. Hi Salvatore, thanks for bringing that up. I actually don't think this CVE is valid for ZendFramework 1 (Version < 2). Not only there are big differences in class structure between ZF1 and ZF >= 2.0, but many features have been introduced first in ZF > 2. I see no specific handling for a From header in Zend_Mail_Transport_Sendmail. https://github.com/zendframework/zf1/blob/master/library/Zend/Mail/Transport/Sendmail.php#L128 A user of the library would be able to insert additional parameters, and pass whatever argument to sendmail. But the user would have to care about securing / escaping then. As we currently don't have a package for Zend-Mail, and zendframework is < 2, this bug wouldn't affect Debian. Would love if someone could approve or object my analysis. Cheers Markus Frosch -- mar...@lazyfrosch.de / lazyfro...@debian.org http://www.lazyfrosch.de signature.asc Description: OpenPGP digital signature
Bug#831418: #831418 EOL: not to be released with Stretch
Control: severity -1 important On 25.07.2016 13:11, Markus Frosch wrote: > Hey all, > this is a interesting problem, while looking on the 3 dependent packages. > (see below) > > We have 3 choices to go on: > > 1. Still provide zendframework 1 in a separated path, so it won't conflict > with ZF2/3 > 2. Embed needed code into the packages, and drop the full library > 3. Remove all 3 packages from stretch > > I'd prefer to go with #1, there should not be any major security issues in > the future with the code base. > > And if so, we should be able to tackle them. > > I would love to hear the opinion of the security team on the matter. > > Regards > Markus > > > ## icingaweb2 > > The integrations of Zend in terms of controllers/templates is not that big of > a problem. Zend_Form is integrated tightly into the application. > > Any adaption to ZF2/3 will need rewriting, that is not simple and certainly > not a drop-in replacement in terms of functionality. > > ## postfixadmin > > Zend_Xmlrpc_Server is used to provide API functionality, this is not a must > for the package. > > But adapting to ZF2/3 will cause rewriting the XMLRPC interface. > > ## php-letodms-lucene > > The package is relying on Zend_Search_Lucene to index documents and search > them. > > A removal of ZF1 will cause massive problems here. Question is: who uses the > package? Until I hear other DDs opinion on my thoughts, I'd prefer not to remove zendframework from Debian. Downgrading bug to important. David: What do you think? ZF2+3 is not a drop-in replacement for ZF1. Cheers Markus Frosch -- mar...@lazyfrosch.de / lazyfro...@debian.org http://www.lazyfrosch.de signature.asc Description: OpenPGP digital signature
Bug#832118: [Pkg-puppet-devel] Bug#832118: ruby-puppet-forge: FTBFS: psych.rb:471:in `initialize': No such file or directory @ rb_sysopen - /usr/lib/ruby/locales/config.yaml (Errno::ENOENT)
Control: tags -1 + confirmed On 27.07.2016 15:49, Vincent Bernat wrote: > ❦ 22 juillet 2016 16:11 CEST, Chris Lamb : > >> ruby-puppet-forge fails to build from source in unstable/amd64: > > It also fails to run. This seems due to the introduction of > ruby-gettext-setup. The config.yaml file from locales/config.yaml should > be installed in /usr/lib/ruby/locales but it is application > specific. So, I suppose that ruby-puppet-forge should be patched as well > to search inside its own locales directory. > > The problem doesn't seem limited to > ruby-puppet-forge. ruby-semantic-puppet has the same problem. Commenting > the Gettext.initialize() call fix the problem for me. Really weird, it was building without a problem before so I didn't notice. Seems like the locale loading is not really meant to be used in a "vendor_ruby" installation. But that should be fixable to packages that use it. Regards Markus Frosch -- mar...@lazyfrosch.de / lazyfro...@debian.org http://www.lazyfrosch.de signature.asc Description: OpenPGP digital signature
Bug#831418: #831418 EOL: not to be released with Stretch
Hey all, this is a interesting problem, while looking on the 3 dependent packages. (see below) We have 3 choices to go on: 1. Still provide zendframework 1 in a separated path, so it won't conflict with ZF2/3 2. Embed needed code into the packages, and drop the full library 3. Remove all 3 packages from stretch I'd prefer to go with #1, there should not be any major security issues in the future with the code base. And if so, we should be able to tackle them. I would love to hear the opinion of the security team on the matter. Regards Markus ## icingaweb2 The integrations of Zend in terms of controllers/templates is not that big of a problem. Zend_Form is integrated tightly into the application. Any adaption to ZF2/3 will need rewriting, that is not simple and certainly not a drop-in replacement in terms of functionality. ## postfixadmin Zend_Xmlrpc_Server is used to provide API functionality, this is not a must for the package. But adapting to ZF2/3 will cause rewriting the XMLRPC interface. ## php-letodms-lucene The package is relying on Zend_Search_Lucene to index documents and search them. A removal of ZF1 will cause massive problems here. Question is: who uses the package? -- mar...@lazyfrosch.de / lazyfro...@debian.org http://www.lazyfrosch.de signature.asc Description: OpenPGP digital signature
Bug#823542: [Pkg-gmagick-im-team] Bug#823542: imagemagick-common: please mitigate CVE-2016-3714, remote arbitrary code execution during handling of delegates
I had a look on the RedHat patch for ImageMagick in RHEL 7.
Please see it attached.
Thats for Errata: https://rhn.redhat.com/errata/RHSA-2016-0726.html
It seems like the were adding the mitigation, and further path security for the
delegated actions.
Cheers
Markus Frosch
--
mar...@lazyfrosch.de / lazyfro...@debian.org
http://www.lazyfrosch.de
diff -up ImageMagick-6.7.8-9/config/delegates.xml.in.cve-2016-3717 ImageMagick-6.7.8-9/config/delegates.xml.in
--- ImageMagick-6.7.8-9/config/delegates.xml.in.cve-2016-3717 2012-06-26 14:23:25.0 +0200
+++ ImageMagick-6.7.8-9/config/delegates.xml.in 2016-05-05 13:52:30.751570145 +0200
@@ -85,11 +85,11 @@
-
+
-
+
@@ -109,11 +109,11 @@
-
+
-
+
diff -up ImageMagick-6.7.8-9/config/policy.xml.cve-2016-3717 ImageMagick-6.7.8-9/config/policy.xml
--- ImageMagick-6.7.8-9/config/policy.xml.cve-2016-3717 2012-03-03 02:18:13.0 +0100
+++ ImageMagick-6.7.8-9/config/policy.xml 2016-05-05 14:08:15.249092848 +0200
@@ -35,6 +35,10 @@
+ Let's prevent possible exploits by removing the right to use indirect reads.
+
+
+
Any large image is cached to disk rather than memory:
@@ -55,4 +59,14 @@
+
+
+
+
+
+
+
+
+
+
diff -up ImageMagick-6.7.8-9/magick/property.c.cve-2016-3717 ImageMagick-6.7.8-9/magick/property.c
--- ImageMagick-6.7.8-9/magick/property.c.cve-2016-3717 2012-08-10 13:08:37.0 +0200
+++ ImageMagick-6.7.8-9/magick/property.c 2016-05-05 13:52:30.752570145 +0200
@@ -66,6 +66,7 @@
#include "magick/monitor.h"
#include "magick/montage.h"
#include "magick/option.h"
+#include "magick/policy.h"
#include "magick/profile.h"
#include "magick/property.h"
#include "magick/quantum.h"
@@ -2357,6 +2358,29 @@ static const char *GetMagickPropertyLett
CommandOptionToMnemonic(MagickDisposeOptions,(ssize_t) image->dispose));
break;
}
+case 'F':
+{
+ const char
+*q;
+
+ register char
+*p;
+
+ static char
+whitelist[] =
+"^-ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+"+&@#/%?=~_|!:,.;()";
+
+ /*
+ * Magick filename (sanitized) - filename given incl. coder & read mods.
+ * */
+ (void) CopyMagickString(value,image->magick_filename,MaxTextExtent);
+ p=value;
+ q=value+strlen(value);
+ for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist))
+*p='_';
+ break;
+}
case 'G': /* Image size as geometry = "%wx%h" */
{
(void) FormatLocaleString(value,MaxTextExtent,"%.20gx%.20g",(double)
@@ -2943,16 +2967,23 @@ MagickExport char *InterpretImagePropert
if ((embed_text == (const char *) NULL) || (*embed_text == '\0'))
return((char *) NULL);
p=embed_text;
+ while ((isspace((int) ((unsigned char) *p)) != 0) && (*p != '\0'))
+p++;
+ if (*p == '\0')
+return(ConstantString(""));
+
+ if ((*p == '@') && (IsPathAccessible(p+1) != MagickFalse))
+ {
+/* handle a '@' replace string from file */
+if (IsRightsAuthorized(PathPolicyDomain,ReadPolicyRights,p) == MagickFalse)
+{
+ errno=EPERM;
+ (void) ThrowMagickException(&image->exception,GetMagickModule(),
+ PolicyError,"NotAuthorized","`%s'",p);
+ return(ConstantString(""));
+}
- /* handle a '@' replace string from file */
- if (*p == '@') {
- p++;
- if (*p != '-' && (IsPathAccessible(p) == MagickFalse) ) {
- (void) ThrowMagickException(&image->exception,GetMagickModule(),
- OptionError,"UnableToAccessPath","%s",p);
- return((char *) NULL);
- }
- return(FileToString(p,~0,&image->exception));
+ return(FileToString(p+1,~0,&image->exception));
}
/*
Bug#813849: Multiple security issues
Hey guys, I'm planning to ITA php-dompdf and just had a look on the relevant diff for that package. Will put it on review for stable release managers asap. Until then, please wait with efforts to RM the package, I'm using it for packages in the Icinga environment, especially icingaweb2. Cheers Markus Frosch -- mar...@lazyfrosch.de / lazyfro...@debian.org http://www.lazyfrosch.de
Bug#803676: icinga-web-config-icinga2-ido-mysql: dbconfig creates database with wrong permissions and fails because of this
Control: severity -1 important On 01.11.2015 18:43, Alexander Schier wrote: > when installing icinga-web-config-icings2-ido-mysql and configuring for > another host than localhost the dbconfig creates a user with access > icinga2_web@localhost, even when another hostname via TCP/IP is > specified. When all questions are answered, the creation of the database > fails because it does not have the rights to populate the database (and > the webinterface does not have the rights to access it). > The problem affects the icinga2-ido-mysql package as well. Thanks for reporting, I will have a detailed look tomorrow. Though this is no grave bug, but still important. Cheers Markus Frosch -- mar...@lazyfrosch.de http://www.lazyfrosch.de signature.asc Description: OpenPGP digital signature
Bug#794466: Virtualbox might not be suitable for Stretch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09.08.2015 12:51, Ritesh Raj Sarraf wrote: > Not sure about MySQL, but for Iceweasel, is it really like that ? > > From what I've known, there were trademark issues which led to the rebranding. Sorry for being unclear, I meant the usage of upstream releases directly in Debian (security) updates. > I'm not sure how they handle vulnerabilities. But their release strategy is: > ESR and Regular releases. Every security fix goes into the > next Regular release, and also the ESR release. > > ESR is supported until the next ESR (31 => 38). So usually the Debian Mozilla > team prefers the ESR branch for Debian stable. > > With VBox, they don't have an ESR model. I guess they don't call it ESR or long term support, but as Gianfranco pointed out, they seem to support a lot of major releases currently. The main problem is here, do we want to use their upstream releases? In lack of a proper patch source, the Oracle way... Cheers Markus Frosch - -- mar...@lazyfrosch.de / lazyfro...@debian.org http://www.lazyfrosch.de -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJVyDkrAAoJEPJhXZqrmHtuBtQH/3kp+00a6xaICX1Z9jiVHDa9 iXBVNiswK9QDc7L8dpvNkbF2gWI4Um3Yy8WdpOj2vlz4Mo+kJ3ShXvJS5ONnnJOY 0pxHxkLtnvbVH7eyQRBu2YFxVRmR5eM+/Q3NvF0kZGOALQH+dqgXqvHV7VjG++tm QkPO00ocMjGZsCqZY74GC1fJyfA0njQRues9qMiatY2ZoowLn6pRB8w3CFZkVmtr dDdpCsVQE5swZZG7KfCsripQ3PlJD7n1S7lEr0mYVApcvQ4AUvKqTylO7aESVV/Z XA6+nq9OezFb2PCBkDStbBPzwavfJzCXZa1nqdQ63mYNPlDlPWVgS6Rcy10tlFc= =4Ip3 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#794466: Virtualbox might not be suitable for Stretch
On Mon, 3 Aug 2015 10:47:23 + (UTC) Gianfranco Costamagna < costamagnagianfra...@yahoo.it> wrote: > Source: virtualbox > Version: 4.3.30-dfsg-1 > Severity: critical Hi Gianfranco, thanks for your summary. Although I'm not involved in maintaining virtualbox, still a few thoughts: * What would that mean for Jessie updates? * Isn't that basically the same problem we have with MySQL, or even Iceweasel? So I think the question is either drop, or work with upstream releases, from which I'd personally prefer. Even popcon isn't too bad: https://qa.debian.org/popcon.php?package=virtualbox Leaving users with the possibility to use upstream packages is also not very attractive. Just me few cents :) Markus signature.asc Description: This is a digitally signed message part
Bug#785305: Keepass would disable "Lock on suspend" when running on mono
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Control: severity -1 wishlist Control: tags -1 + wontfix upstream - security On Wed, 5 Aug 2015 08:42:24 +0200 Bernhard Schmidt wrote: > On Wed, Jun 17, 2015 at 01:28:20AM -0400, Braiam Peguero wrote: > > Hi, > >>> From version 2.30 onwards, keepass would disable those >> options while running on mono [1]. We could fix this asap if someone could >> figure out how to make a diff of the snapshot. >> >> [1]: http://sourceforge.net/p/keepass/bugs/1378/#8e7b > > So if I understand this correctly 2.30 will just not offer those options > anymore. I'd argue for downgrading the severity of this bug to > allow keepass2 back in stretch. The functionality is basically wontfix in > upstream, it will just be hidden. > > Regarding a patch, I could not find a public keepass2 repository, and the > development snapshot linked in above bug is a binary. Agreed, this feature is simply not available on Mono. Since this feature is not implemented and upstream will remove the nonavailable option, this is basically a wishlist. And even if users would try to use it they will clearly see that their workspace was not locked after resume. - -Markus - -- mar...@lazyfrosch.de / lazyfro...@debian.org http://www.lazyfrosch.de -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJVw3nNAAoJEJo1i6sEpO0niu8P/3MOBRYoGGYr5RutT+rZqvVn TklmWytjvEUykJ0EuTSO5N8iPBnxag/AAMlUw/xOauDqq0bAjkJbPu6pBcVRk5kN jRPEQKtZ8n/j0bhuPchpVev8ldS0hzt2viEjVEGj/PHFO1fi/BU6222RwV/dQes4 UFSnQHAsu2ZwHgHLJdyLtjNhjXf8IYR7asFwXbOsjt0pN/UKIUsd7hSiGJFAI6q2 sOhKuAyTzU2gW99DRHTRAvZmpnTYai+7d0azTawyZoG011qgnmHzn5MUH5qy6ZP6 6985TLFILvQZPmhNHZ381xiZb7U6hXlSAok7NgV3/OJuNDhnHNtaRmfspKWyqMMW L2SlNbtrfsK1Ia54lIJQcdpI8HayQ1zMNwFkhh3m6fBrH9iwibIWPV3SyR2bRu7a wJBwIegqKbM0K2tIB6FkOE8w0a8idrHQUa/IUW5aqMJ7hsqCewIUySVQ8Y2TUgdc bGrQDfgQkmpVqX+t3yUXx2oLwVkOqPqDijJuzoxmd+IxwhgsJZJka+VzxQFKRJUj VA8S8b+tBQNoL5X8A1UG1bG6d6nlnp3r8UbvVSrZxZKe7iAE3yybv5uiOwSz38Ob OqUBZ6yMhzkvDyNs/ZpyOyrLkwF3arg6Qok/jpFcUD9uPmP5fNFwzGGkhcVhJ7BO SDVHAhLsjxrv05upUjbm =UouL -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#785005: [Pkg-nagios-devel] Bug#785005: icinga-web: config XML parsing error and memory leak
Control: severity -1 normal
Control: tags -1 + unreproducible
On Mo, 2015-05-11 at 15:43 +0200, Dominik George wrote:
> The config parser fails when loading the Agavi configuration files:
>
> PHP Fatal error: Uncaught exception 'AgaviParseException' with
> message 'Validation of configuration file "/usr/share/icinga
> -web/app/config/config_handlers.xml" failed:\n\nSchematron validation
> of configuration file "/usr/share/icinga
> -web/app/config/config_handlers.xml" failed: Transformation failed:
> Processing using schema file "/usr/share/icinga
> -web/lib/agavi/src/config/sch/config_handlers.sch" resulted in an
> invalid stylesheet' in /usr/share/icinga
> -web/lib/agavi/src/config/AgaviXmlConfigParser.class.php:726\nStack
> trace:\n#0 /usr/share/icinga
> -web/lib/agavi/src/config/AgaviXmlConfigParser.class.php(437):
> AgaviXmlConfigParser::validate(Object(AgaviXmlConfigDomDocument),
> 'production', NULL, Array)\n#1 /usr/share/icinga
> -web/lib/agavi/src/config/AgaviXmlConfigParser.class.php(217):
> AgaviXmlConfigParser->execute(Array, Array)\n#2 /usr/share/icinga
> -web/lib/agavi/src/config/AgaviConfigCache.class.php(183):
> AgaviXmlConfigParser::run('/usr/share/icin...', 'production', NULL,
> Array, Array)\n
> #3 /usr/share/icinga-web/lib/agavi/src/config/Agavi in
> /usr/share/icinga
> -web/lib/agavi/src/config/AgaviXmlConfigParser.class.php on line 726
>
>
> This seems to be a known issue with Agavi applications, somehow
> related
> to libxml and/or PHP versions:
> https://github.com/agavi/agavi/wiki/WTF
>
> I tried and verified that the error goes away when setting the
> following
> in /usr/share/icinga-web/app/config.php:
>
> AgaviConfig::set('core.skip_config_validation', true);
>
>
> Sadly, this does not only cause an Internal Server Error to be
> thrown,
> but also makes the PHP process eat up all memory and swap, then get
> killed by the OOM killer. Please make sure to verify if this is a
> relevant bug in PHP.
I'm not sure how to address this problem, I never encountered the
problem myself, not on Debian since squeeze and not on any other
distribution.
Can you reproduce this on other systems and explain any changes you did
to XML configuration or from the user side?
I really doubt that this is a major problem, and if it can be
reproduced only
So far, sorry for the late answer...
Best Regards
Markus Frosch
--
mar...@lazyfrosch.de
http://www.lazyfrosch.de
signature.asc
Description: This is a digitally signed message part
Bug#775252: closing 775252
close 775252 thanks -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#775252: [Pkg-nagios-devel] Bug#775252: Bug#775252: icinga-web-config-icinga2-ido-mysql, icinga-web-config-icinga2-ido-pgsql: fails to install: icinga2-enable-feature: command not found
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Control: fixed 775252 1.12.0-1 I just noticed I forgot to set the BTS information in changelog. This problem has been finally fixed with 1.12.0-1. Cheers Markus Frosch - -- mar...@lazyfrosch.de / lazyfro...@debian.org http://www.lazyfrosch.de -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVAfTNAAoJEJo1i6sEpO0nYW4QAKWB0iNiBj1f0Zegirybk86p /za80M5hwER9TKKEpfaGWrHO3YzjbTgHeR9h3kccvaNLY/C7nx5bd1vJ4qsmBAgG +TPuHrx/ddU4JHJLnfeAVMvqcpM4snc/RRRsgZE740rfJxL+qDy7/P7tcqByiqZ6 3Alph01ZSJZ6FR6piCLKeU5UqZGO7E2DYe1PhIZZi1TI4e5jBcz5PoJHY1PpOwBO XD4v7gFQkMpudgTb33eFbd5q6nRiPvnEDC7rTjvzJdaw0js6thT29Vp/2NY0+EfW NMlMy3Y0NcKYWkTyk8FGg4lliIWArAGwssNrM2prOB2A0Sl16j97J1hi6HSurWMs CEImMrSnQWoqQkKjF17nItCyEOgUnhGDahNe1Fi3J9CKunwByRrnKaZmNDyZg7/Z 73vHMLbiJWWY4M3rYCLvHHvWZ+y6G+Umaip6SFFXvy797mxR/A1Lc3h1AR5cWeZu 6my2oXFbATTCZ1S7QQyzzKoQHststGQ+lx9wkbWieejQzkQu0OsDK7Ywqkt5lIMs Fp4TWdjO1dziynXN6tLrZrPHVvR1xV3Z2gYne050Z+/SqNJ7CJVBx9a2/iamnqiH gQJK7STan1B78NzWzGyffSdZ9Hvoo67vpkSne2tYYLBQPY/vxYvs0X+IZ30fzIaW xxbBFuUTskvj05pDx1BE =8hH3 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#774047: [Pkg-nagios-devel] Bug#774047: pnp4nagios FTBFS on arm64, outdated config.sub/guess
Control: -1 tags + pending
On So, 2014-12-28 at 00:11 +, peter green wrote:
> Your package FTBFS on arm64 due to outdated config.sub/guess. This is a
> regression and arm64 is now a release architecture hence the serious
> severity.
>
> Version 0.6.19-1 was the last to build successfully on arm64, Versions
> 0.6.24+dfsg1-3 was the first to fail on arm64, the intervening versions
> were not built on arm64 due to bug 769696.
Thanks for noticing.
Patch pending in GIT, will do some work on the package this week, then
upload.
--
Markus Frosch
lazyfro...@debian.org / mar...@lazyfrosch.de
http://www.lazyfrosch.de
signature.asc
Description: This is a digitally signed message part
Bug#736727: [Pkg-nagios-devel] Bug#736727: [src:icinga] Sourceless file
Hello Bastien, > I could not found the source of: > icinga 1.10.2-1 (source) > html/jquery-ui-addon/jquery.ui.timepicker-addon.min.js > html/js/jquery-1.8.0.min.js These files are not used in packaging, the features are supplied by proper dependencies on libjs-jquery and libjs-jquery-ui. Does is matter and is this really of severity serious? I don't think it would require a DFSG tarball where. Correct me if I'm wrong. Cheers Markus -- Markus Frosch mar...@lazyfrosch.de http://www.lazyfrosch.de signature.asc Description: This is a digitally signed message part
Bug#698507: nagvis: prompting due to modified conffiles which were not modified by the user: /etc/nagvis/apache.conf
Hey Andreas, > during a test with piuparts I noticed your package failed the piuparts > upgrade test because dpkg detected a conffile as being modified and then > prompted the user for an action. As there is no user input, this fails. > But this is not the real problem, the real problem is that this prompt > shows up in the first place, as there was nobody modifying this conffile > at all, the package has just been installed and upgraded... > Configuration file `/etc/nagvis/apache.conf' >==> File on system created by you or by a script. >==> File also in package provided by package maintainer. I'm working on adopting nagvis as a it's new maintainer. The mentioned file was present in squeeze, but the location changed in wheezy. A current update from wheezy to experimental package versions causes no problems. Would it be "okay" to close the bug, referencing it to be fixed in the wheezy version of nagvis? Cheers Markus -- Markus Frosch mar...@lazyfrosch.de http://www.lazyfrosch.de signature.asc Description: This is a digitally signed message part
Bug#547092: [Pkg-nagios-devel] Bug#547092: nrpe ssl security problem
Just my 2 cents (without any hat on): TLS integration in NRPE was broken from the beginning and more or less by design. The "real" and only security feature is to configure a appropriate allowed_hosts list, which might be enough security for internal networks in respect of TCP sessions. Question is: Do we really want to remove NRPE from testing because of it promising a incomplete feature? It should be pointed out that the TLS feature is broken, but still allowing users to use NRPE. Because the problem is: we (Debian) might not be able to change it - but I personally don't want users to use some self built stuff. 2013/2/7 Matt Taggart : > As pointed out in a previous message to the bug, #547092 > "nagios-nrpe-server: Insecure 'SSL' option, key identical for all > debian systems" is severity grave due to the security problem it > introduces in the service (but not critical since the problem is > limited to the nrpe service). I have adjusted it. > > This bug hasn't had any activity for almost a year and was mostly > shouting before that. This package shouldn't be in testing/stable > until this is fixed lest others (as I did) spend a bunch of effort > implementing lots of nrpe based checks before realizing they just > opened a security hole on all their systems... > > If this can't be solved, maybe we could recommend better > alternatives? -- Markus Frosch mar...@lazyfrosch.de http://www.lazyfrosch.de -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#694641: icinga-web: CVE-2012-5475
tags 694641 + pending tags 694262 + pending thanks Update to unstable coming soon. The flash component has been removed and the feature disabled. In addition a upstream patch was applied to allow the user to re-enable it when he wants -Markus -- mar...@lazyfrosch.de http://www.lazyfrosch.de -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#689764: icinga-web: includes non-free jsmin
Hi Raphael, thanks for this bug. > lib/phing/classes/phing/tasks/ext/jsmin/JsMin.php includes the > following license clause that makes it non-free: > >> The Software shall be used for Good, not Evil. I was not really aware that this clause exists and does not match with DFSG... We will discuss this with the upstream project and upload a new version with a dfsg tarball asap. Current expectations are to remove this file completely! Best Regards Markus -- Markus Frosch mar...@lazyfrosch.de http://www.lazyfrosch.de -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
