Bug#724569: Virtual package linux-image should be removed
On Tue, 2013-10-29 at 21:38 +0100, Andreas Beckmann wrote: > Hi Ben, > > On Wednesday, 25. September 2013 06:42:06 Ben Hutchings wrote: > > > Further, any level of dependency (Depends, Recommends or Suggests) on > > > 'linux-image' prevents APT auto-removing any of the packages that > > > provide it, making any use of the virtual package actually harmful. > > > > I opened bugs on all the packages that do recommend or suggest > > linux-image (none depend on it): > > > I don't think they need to block this bug, as removing the Provides > > won't make them unininstallable. > > > linux (3.11.5-1) unstable; urgency=low > > [ Ben Hutchings ] > > * Stop providing virtual packages linux-image (Closes: #724569), > > linux-headers and linux-source > > Dropping the linux-headers virtual package has made several *-dkms packages > uninstallable: > > west-chamber-dkms (0, 0) (Ying-Chun Liu (PaulLiu) ) > dependency linux-headers-generic is does-not-exist > alternative dependency linux-headers is does-not-exist > > blcr-dkms (0, 0) (Alan Woodland ) > dependency linux-headers-2.6-686 is does-not-exist > alternative dependency linux-headers-2.6-amd64 is does-not-exist > alternative dependency linux-headers-generic is does-not-exist > alternative dependency linux-headers is does-not-exist > > (I just rescheduled all dkms packages in sid to see if there are more > affected.) > > > Please file RC bugs giving advice how to adjust this dependency properly. Thanks for checking this. I've opened grave bugs against these which will be uninstallable everywhere: #728264 blcr-dkms #728266 blktap-dkms #728269 est-chamber-dkms And important bugs against these which will be uninstallable on some architectures: #728267 oss4-dkms #728268 sl-modem-dkms > Or reinstate that virtual package. No, I think it has to go. Ben. -- Ben Hutchings [W]e found...that it wasn't as easy to get programs right as we had thought. ... I realized that a large part of my life from then on was going to be spent in finding mistakes in my own programs. - Maurice Wilkes, 1949 signature.asc Description: This is a digitally signed message part
Bug#728255: rpc.gssd: Cannot determine realm for numeric host address
Package: nfs-common Version: 1:1.2.6-4 This appears to be a regression caused by the fix for CVE-2013-1923. Symptoms (hostnames and IP addresses have been changed but nothing else): Oct 29 14:29:39 MYHOST rpc.gssd[15905]: ERROR: Cannot determine realm for numeric host address while getting realm(s) for host '192.0.2.34' Oct 29 14:29:39 MYHOST rpc.gssd[15905]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host 192.0.2.34 Oct 29 14:29:39 MYHOST kernel: [1321146.189554] RPC: AUTH_GSS upcall timed out. Oct 29 14:29:39 MYHOST kernel: [1321146.189557] Please check user daemon is running. Oct 29 14:29:39 MYHOST rpc.gssd[15905]: ERROR: Cannot determine realm for numeric host address while getting realm(s) for host '192.0.2.34' Oct 29 14:29:39 MYHOST rpc.gssd[15905]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host 192.0.2.34 It doesn't happen particularly often; maybe a couple of times a day on this (admittedly lightly loaded) system. What I think is happening here is that: (a) the kernel (3.2.0-4-686-pae #1 SMP Debian 3.2.51-1 i686 GNU/Linux) sometimes publishes a numeric IP address instead of the server name in the first line of /var/lib/nfs/rpc_pipefs/nfs/clnt*/info ; (b) when this happens, utils/gssd/gssd_proc.c:get_servername() (with avoid_dns==1 since the security fix) simply returns "192.0.2.34" instead of calling getnameinfo(); (c) utils/gssd/krb5_util.c:get_full_hostname() only calls getaddrinfo(), not getnameinfo(), and returns "192.0.2.34" when fed "192.0.2.34" as input; (d) krb5_get_host_realm() doesn't know the realm name for "192.0.2.34". I'll try the new -D option, but this just disables the security fix. I wonder if the security fix has been coded correctly. The associated comments say that the intent is not to do DNS lookups on server names, but "[i]f it is an IP address, do the DNS lookup". The logic, however, seems reversed. Could someone please double-check this? (I'm fairly confident that I'm not misreading the code; what I'd like a second opinion on is the coder's intent and the security implications of reversing the logic.) Another question is why the kernel upcall sometimes (not very often) refers to the server by IP address instead of by name. There may be a kernel bug lurking here. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131029230650.ga23...@hanuman.astro.su.se
Bug#724569: Virtual package linux-image should be removed
Hi Ben, On Wednesday, 25. September 2013 06:42:06 Ben Hutchings wrote: > > Further, any level of dependency (Depends, Recommends or Suggests) on > > 'linux-image' prevents APT auto-removing any of the packages that > > provide it, making any use of the virtual package actually harmful. > > I opened bugs on all the packages that do recommend or suggest > linux-image (none depend on it): > I don't think they need to block this bug, as removing the Provides > won't make them unininstallable. > linux (3.11.5-1) unstable; urgency=low > [ Ben Hutchings ] > * Stop providing virtual packages linux-image (Closes: #724569), > linux-headers and linux-source Dropping the linux-headers virtual package has made several *-dkms packages uninstallable: west-chamber-dkms (0, 0) (Ying-Chun Liu (PaulLiu) ) dependency linux-headers-generic is does-not-exist alternative dependency linux-headers is does-not-exist blcr-dkms (0, 0) (Alan Woodland ) dependency linux-headers-2.6-686 is does-not-exist alternative dependency linux-headers-2.6-amd64 is does-not-exist alternative dependency linux-headers-generic is does-not-exist alternative dependency linux-headers is does-not-exist (I just rescheduled all dkms packages in sid to see if there are more affected.) Please file RC bugs giving advice how to adjust this dependency properly. Or reinstate that virtual package. Andreas -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201310292138.12459.a...@debian.org
Bug#717805: Patch for dealing with newer initramfs images with microcode headers
Hi.
On Thu, Sep 26, 2013 at 06:19:38AM +0100, Ben Hutchings wrote:
> On Tue, 2013-09-24 at 16:11 +0100, Brett Parker wrote:
> > Hi,
> >
> > Here's a patch to lsinitramfs to deal with initramfs images that start
> > with the microcode archive and then a real archive afterwards.
>
> Thanks, Brett.
>
What do you think of the proposed version I'm attaching ?
I don't know about the +8 offset, but I do hope I have addressed the rest of
the comments.
Not tested on various compressions, but basically helps solve this bug here,
AFAICT.
I'm adding the new file as well, as it may help others without having to replay
the patch.
Na warranty whatsoever.
Hope this helps.
Best regards,
--
Olivier BERGER
http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)
--- lsinitramfs.orig 2013-07-23 19:19:27.0 +0200
+++ lsinitramfs 2013-10-29 18:51:44.0 +0100
@@ -4,7 +4,7 @@
usage()
{
- echo "Usage: $(basename $0) "
+ echo "Usage: $(basename $0) [--long] "
}
if [ "$#" -eq 0 ] ; then
@@ -40,20 +40,44 @@
esac
done
+
+listarchive()
+{
+archive="$1"
+if zcat -t "${archive}" >/dev/null 2>&1 ; then
+ zcat "${archive}" | cpio ${cpio_args}
+elif xzcat -t "${archive}" >/dev/null 2>&1 ; then
+ xzcat "${archive}" | cpio ${cpio_args}
+elif bzip2 -t "${archive}" >/dev/null 2>&1 ; then
+ bzip2 -c -d "${archive}" | cpio ${cpio_args}
+elif lzop -t "${archive}" >/dev/null 2>&1 ; then
+ lzop -c -d "${archive}" | cpio ${cpio_args}
+fi
+}
+
for initramfs in "$@" ; do
if ! [ -r "${initramfs}" ] ; then
echo "Specified file could not be read." >&2
exit 1
else
echo "${initramfs}"
- if zcat -t "${initramfs}" >/dev/null 2>&1 ; then
- zcat "${initramfs}" | cpio ${cpio_args}
- elif xzcat -t "$initramfs" >/dev/null 2>&1 ; then
- xzcat "$initramfs" | cpio ${cpio_args}
- elif bzip2 -t "$initramfs" >/dev/null 2>&1 ; then
- bzip2 -c -d "$initramfs" | cpio ${cpio_args}
- elif lzop -t "$initramfs" >/dev/null 2>&1 ; then
- lzop -c -d "$initramfs" | cpio ${cpio_args}
+ if cpio ${cpio_args} < "$initramfs" >/dev/null 2>&1; then
+ # this is a straight cpio archive followed by a compressed one, yay!
+ cpio ${cpio_args} < "$initramfs"
+
+ real_offset=$(cpio --io-size=1 --extract --list < "$initramfs" 2>&1 >/dev/null | sed -e '$ { s# .*$##; p; }; d;')
+ # now we need to find the beginning of the actual archive, this is
+ # going to be the number of bytes from above + 8
+ real_offset=$((real_offset+8))
+
+ subarchive=$(mktemp ${TMPDIR:-/var/tmp}/lsinitramfs_XX)
+dd if="$initramfs" bs=$real_offset skip=1 status=noxfer >$subarchive 2>/dev/null
+
+listarchive $subarchive
+
+rm -fr $subarchive
+else
+listarchive "${initramfs}"
fi
fi
#!/bin/sh
set -eu
usage()
{
echo "Usage: $(basename $0) [--long] "
}
if [ "$#" -eq 0 ] ; then
usage >&2
exit 1
fi
cpio_args="--extract --quiet --list"
OPTIONS=`getopt -o hl --long help,long -n "$0" -- "$@"`
# Check for non-GNU getopt
if [ $? != 0 ] ; then echo "W: non-GNU getopt" >&2 ; exit 1 ; fi
eval set -- "$OPTIONS"
while true; do
case "$1" in
-h|--help)
usage
exit 0
;;
-l|--long)
cpio_args="${cpio_args:+${cpio_args} --verbose}"
shift
;;
--)
shift
break
;;
*)
echo "Internal error!" >&2
exit 1
esac
done
listarchive()
{
archive="$1"
if zcat -t "${archive}" >/dev/null 2>&1 ; then
zcat "${archive}" | cpio ${cpio_args}
elif xzcat -t "${archive}" >/dev/null 2>&1 ; then
xzcat "${archive}" | cpio ${cpio_args}
elif bzip2 -t "${archive}" >/dev/null 2>&1 ; then
bzip2 -c -d "${archive}" | cpio ${cpio_args}
elif lzop -t "${archive}" >/dev/null 2>&1 ; then
lzop -c -d "${archive}" | cpio ${cpio_args}
fi
}
for initramfs in "$@" ; do
if ! [ -r "${initramfs}" ] ; then
echo "Specified file could not be read." >&2
exit 1
else
echo "${initramfs}"
if cpio ${cpio_args} < "$initramfs" >/dev/null 2>&1; then
# this is a straight cpio archive followed by a
compressed one, yay!
cpio ${cpio_args} < "$initramfs"
real_offset=$(cpio --io-size=1 --extract --list <
"$initramfs" 2>&1 >/dev/null | sed -e '$ { s# .*$##; p; }; d;')
# now we need to find the beginning of the actual
archive, this is
# going to be the number of bytes from above + 8
real_offset=$((real_offset+8))
subarchiv
Bug#714868: Newer versions on github
I see that the PTS page speak about a 1.0.19 version, but the newest version now is the 1.0.40. The homepage in PTS is http://stgt.sourceforge.net/releases/, but I think newer versions are now here : https://github.com/fujita/tgt/ -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/526ff44e.5010...@nuagelibre.org
Processed: tagging 717805
Processing commands for cont...@bugs.debian.org: > tags 717805 + patch Bug #717805 [initramfs-tools] initramfs-tools: lsinitramfs doesn't understand early microcode images Added tag(s) patch. > thanks Stopping processing here. Please contact me if you need assistance. -- 717805: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717805 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.138306642023336.transcr...@bugs.debian.org
linux_3.2.51-1~bpo60+1_multi.changes ACCEPTED into squeeze-backports->backports-policy
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 29 Oct 2013 01:47:37 + Source: linux Binary: linux-source-3.2 linux-doc-3.2 linux-manual-3.2 linux-support-3.2.0-0.bpo.4 linux-libc-dev linux-headers-3.2.0-0.bpo.4-all linux-headers-3.2.0-0.bpo.4-all-alpha linux-headers-3.2.0-0.bpo.4-common linux-image-3.2.0-0.bpo.4-alpha-generic linux-headers-3.2.0-0.bpo.4-alpha-generic linux-image-3.2.0-0.bpo.4-alpha-smp linux-headers-3.2.0-0.bpo.4-alpha-smp linux-image-3.2.0-0.bpo.4-alpha-legacy linux-headers-3.2.0-0.bpo.4-alpha-legacy linux-headers-3.2.0-0.bpo.4-all-amd64 linux-image-3.2.0-0.bpo.4-amd64 linux-headers-3.2.0-0.bpo.4-amd64 linux-image-3.2.0-0.bpo.4-amd64-dbg xen-linux-system-3.2.0-0.bpo.4-amd64 linux-headers-3.2.0-0.bpo.4-common-rt linux-image-3.2.0-0.bpo.4-rt-amd64 linux-headers-3.2.0-0.bpo.4-rt-amd64 linux-image-3.2.0-0.bpo.4-rt-amd64-dbg linux-headers-3.2.0-0.bpo.4-all-armel linux-image-3.2.0-0.bpo.4-iop32x linux-headers-3.2.0-0.bpo.4-iop32x linux-image-3.2.0-0.bpo.4-ixp4xx linux-headers-3.2.0-0.bpo.4-ixp4xx linux-image-3.2.0-0.bpo.4-kirkwood linux-headers-3.2.0-0.bpo.4-kirkwood linux-image-3.2.0-0.bpo.4-mv78xx0 linux-headers-3.2.0-0.bpo.4-mv78xx0 linux-image-3.2.0-0.bpo.4-orion5x linux-headers-3.2.0-0.bpo.4-orion5x linux-image-3.2.0-0.bpo.4-versatile linux-headers-3.2.0-0.bpo.4-versatile linux-headers-3.2.0-0.bpo.4-all-armhf linux-image-3.2.0-0.bpo.4-mx5 linux-headers-3.2.0-0.bpo.4-mx5 linux-image-3.2.0-0.bpo.4-omap linux-headers-3.2.0-0.bpo.4-omap linux-image-3.2.0-0.bpo.4-vexpress linux-headers-3.2.0-0.bpo.4-vexpress linux-headers-3.2.0-0.bpo.4-all-hppa linux-image-3.2.0-0.bpo.4-parisc linux-headers-3.2.0-0.bpo.4-parisc linux-image-3.2.0-0.bpo.4-parisc-smp linux-headers-3.2.0-0.bpo.4-parisc-smp linux-image-3.2.0-0.bpo.4-parisc64 linux-headers-3.2.0-0.bpo.4-parisc64 linux-image-3.2.0-0.bpo.4-parisc64-smp linux-headers-3.2.0-0.bpo.4-parisc64-smp linux-headers-3.2.0-0.bpo.4-all-i386 linux-image-3.2.0-0.bpo.4-486 linux-headers-3.2.0-0.bpo.4-486 linux-image-3.2.0-0.bpo.4-686-pae linux-headers-3.2.0-0.bpo.4-686-pae linux-image-3.2.0-0.bpo.4-686-pae-dbg xen-linux-system-3.2.0-0.bpo.4-686-pae linux-image-3.2.0-0.bpo.4-rt-686-pae linux-headers-3.2.0-0.bpo.4-rt-686-pae linux-image-3.2.0-0.bpo.4-rt-686-pae-dbg linux-headers-3.2.0-0.bpo.4-all-ia64 linux-image-3.2.0-0.bpo.4-itanium linux-headers-3.2.0-0.bpo.4-itanium linux-image-3.2.0-0.bpo.4-mckinley linux-headers-3.2.0-0.bpo.4-mckinley linux-headers-3.2.0-0.bpo.4-all-m68k linux-image-3.2.0-0.bpo.4-amiga linux-headers-3.2.0-0.bpo.4-amiga linux-image-3.2.0-0.bpo.4-atari linux-headers-3.2.0-0.bpo.4-atari linux-image-3.2.0-0.bpo.4-bvme6000 linux-headers-3.2.0-0.bpo.4-bvme6000 linux-image-3.2.0-0.bpo.4-mac linux-headers-3.2.0-0.bpo.4-mac linux-image-3.2.0-0.bpo.4-mvme147 linux-headers-3.2.0-0.bpo.4-mvme147 linux-image-3.2.0-0.bpo.4-mvme16x linux-headers-3.2.0-0.bpo.4-mvme16x linux-headers-3.2.0-0.bpo.4-all-mips linux-image-3.2.0-0.bpo.4-r4k-ip22 linux-headers-3.2.0-0.bpo.4-r4k-ip22 linux-image-3.2.0-0.bpo.4-r5k-ip32 linux-headers-3.2.0-0.bpo.4-r5k-ip32 linux-image-3.2.0-0.bpo.4-sb1-bcm91250a linux-headers-3.2.0-0.bpo.4-sb1-bcm91250a linux-image-3.2.0-0.bpo.4-sb1a-bcm91480b linux-headers-3.2.0-0.bpo.4-sb1a-bcm91480b linux-image-3.2.0-0.bpo.4-4kc-malta linux-headers-3.2.0-0.bpo.4-4kc-malta linux-image-3.2.0-0.bpo.4-5kc-malta linux-headers-3.2.0-0.bpo.4-5kc-malta linux-image-3.2.0-0.bpo.4-octeon linux-headers-3.2.0-0.bpo.4-octeon linux-headers-3.2.0-0.bpo.4-all-mipsel linux-image-3.2.0-0.bpo.4-r5k-cobalt linux-headers-3.2.0-0.bpo.4-r5k-cobalt linux-image-3.2.0-0.bpo.4-loongson-2f linux-headers-3.2.0-0.bpo.4-loongson-2f linux-headers-3.2.0-0.bpo.4-all-powerpc linux-image-3.2.0-0.bpo.4-powerpc linux-headers-3.2.0-0.bpo.4-powerpc linux-image-3.2.0-0.bpo.4-powerpc-smp linux-headers-3.2.0-0.bpo.4-powerpc-smp linux-image-3.2.0-0.bpo.4-powerpc64 linux-headers-3.2.0-0.bpo.4-powerpc64 linux-headers-3.2.0-0.bpo.4-all-ppc64 linux-headers-3.2.0-0.bpo.4-all-s390 linux-image-3.2.0-0.bpo.4-s390x linux-headers-3.2.0-0.bpo.4-s390x linux-image-3.2.0-0.bpo.4-s390x-dbg linux-image-3.2.0-0.bpo.4-s390x-tape linux-headers-3.2.0-0.bpo.4-all-s390x linux-headers-3.2.0-0.bpo.4-all-sh4 linux-image-3.2.0-0.bpo.4-sh7751r linux-headers-3.2.0-0.bpo.4-sh7751r linux-image-3.2.0-0.bpo.4-sh7785lcr linux-headers-3.2.0-0.bpo.4-sh7785lcr linux-headers-3.2.0-0.bpo.4-all-sparc linux-image-3.2.0-0.bpo.4-sparc64 linux-headers-3.2.0-0.bpo.4-sparc64 linux-image-3.2.0-0.bpo.4-sparc64-smp linux-headers-3.2.0-0.bpo.4-sparc64-smp linux-headers-3.2.0-0.bpo.4-all-sparc64 Architecture: all source Version: 3.2.51-1~bpo60+1 Distribution: squeeze-backports Urgency: low Maintainer: Debian Kernel Team Changed-By: Ben Hutchings Description: linux-doc-3.2 - Linux kernel specific documentation for version 3.2 linux-headers-3.2.0-0.bpo.4-486 - Header files for Linux 3.2.0-0.bpo.4-486 linux-headers-3.2.0-0.bpo.4-4kc-malta
Processing of linux_3.2.51-1~bpo60+1_multi.changes
linux_3.2.51-1~bpo60+1_multi.changes uploaded successfully to localhost along with the files: linux_3.2.51-1~bpo60+1.dsc linux_3.2.51-1~bpo60+1.debian.tar.xz linux-support-3.2.0-0.bpo.4_3.2.51-1~bpo60+1_all.deb linux-doc-3.2_3.2.51-1~bpo60+1_all.deb linux-manual-3.2_3.2.51-1~bpo60+1_all.deb linux-source-3.2_3.2.51-1~bpo60+1_all.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1vbaha-00071w...@franck.debian.org
