Bug#704422: dovecot-core: I know the reason why this happens
Package: dovecot-core Version: 1:2.1.7-7 Followup-For: Bug #704422 I can certainly reproduce this bug using a virtual folder that contains too many folders. There is a patch from Timo: http://hg.dovecot.org/dovecot-2.1/rev/87d0c4056b4d I think it is important to apply this patch asap. Andre Rodier Dear Maintainer, *** Please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these lines *** -- Package-specific info: -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (900, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages dovecot-core depends on: ii adduser 3.113+nmu3 ii libbz2-1.0 1.0.6-4 ii libc6 2.13-38 ii libpam-runtime 1.1.3-7.1 ii libpam0g1.1.3-7.1 ii libssl1.0.0 1.0.1e-2 ii openssl 1.0.1e-2 ii ucf 3.0025+nmu3 ii zlib1g 1:1.2.7.dfsg-13 dovecot-core recommends no packages. Versions of packages dovecot-core suggests: pn dovecot-gssapi ii dovecot-imapd 1:2.1.7-7 ii dovecot-ldap 1:2.1.7-7 ii dovecot-lmtpd 1:2.1.7-7 ii dovecot-managesieved 1:2.1.7-7 pn dovecot-mysql pn dovecot-pgsql ii dovecot-pop3d 1:2.1.7-7 ii dovecot-sieve 1:2.1.7-7 ii dovecot-solr 1:2.1.7-7 pn dovecot-sqlite ii ntp 1:4.2.6.p5+dfsg-2 Versions of packages dovecot-core is related to: ii dovecot-core [dovecot-common] 1:2.1.7-7 pn dovecot-dbg pn dovecot-dev pn dovecot-gssapi ii dovecot-imapd 1:2.1.7-7 ii dovecot-ldap 1:2.1.7-7 ii dovecot-lmtpd 1:2.1.7-7 ii dovecot-managesieved 1:2.1.7-7 pn dovecot-mysql pn dovecot-pgsql ii dovecot-pop3d 1:2.1.7-7 ii dovecot-sieve 1:2.1.7-7 pn dovecot-sqlite -- Configuration Files: /etc/default/dovecot changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#841888: libvte-2.90-9: Cannot use Shift-Home / Shift-End / etc. shortcuts inside client applications
Package: libvte-2.90-9 Version: 1:0.36.3-1 Severity: important Dear Maintainer, libvte comes with keyboard shortcuts pre-configured, even if we do not want to use them. Therefore, it is not possible to entirely use some applications shortcuts in editors, like emacs or vi. These keyboard shortcuts need to be completely disabled, and delegated to clien applications like Gnome Terminal, etc. * When using emacs (or vi) in console mode, keyboard shortcuts like Shift-Home or Shift-End are captured by the terminal, and hidden to Emacs (or vi). * Cannot use these shortcuts in any console application! * These keyboard shortcuts should be left to the users. This is already possible with Gnome Terminal, I am sure we could remove them. -- System Information: Debian Release: 8.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.6.0-0.bpo.1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libvte-2.90-9 depends on: ii libatk1.0-0 2.14.0-1 ii libc62.19-18+deb8u6 ii libcairo-gobject21.14.0-2.1+deb8u1 ii libcairo21.14.0-2.1+deb8u1 ii libgdk-pixbuf2.0-0 2.31.1-2+deb8u5 ii libglib2.0-0 2.48.0-1~bpo8+1 ii libgtk-3-0 3.14.5-1+deb8u1 ii libncurses5 5.9+20140913-1+b1 ii libpango-1.0-0 1.36.8-3 ii libpangocairo-1.0-0 1.36.8-3 ii libtinfo55.9+20140913-1+b1 ii libvte-2.90-common 1:0.36.3-1 ii libx11-6 2:1.6.2-3 ii libxext6 2:1.3.3-1 libvte-2.90-9 recommends no packages. libvte-2.90-9 suggests no packages. -- no debconf information
Bug#586480: openssh-server: chroot directive is not working when using FISH (File transfer of shell with midnight commander)
Package: openssh-server Version: 1:5.1p1-5 Severity: critical Tags: security Justification: root security hole Hello, I have successfully configured my ssh server to chroot users, by followinf the directives described here: http://www.debian-administration.org/articles/590 ie. OpenSSH SFTP chroot() with ChrootDirectory The chroot option seems to work well when I use the sftp command, ie I cannot see any directory at all. However, if I use the fish protocol [1] included in midnight commander, I can see the full filesystem hierarchy, and even transfer files from the etc folder, etc... I don't know if it's a configuration problem on my side, but if there is an option do disallow fish when using chroot, that need to be explicitly specified. Otherwise, debian users may relay on a chrooted server that can be bypassed by a simple manipulation... [1] http://en.wikipedia.org/wiki/Files_transferred_over_shell_protocol Kind regards, André Rodier. Here my ssh config: See the end for chroot config -8< # Package generated configuration file # See the sshd(8) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel DEBUG # Authentication: LoginGraceTime 120 PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords #PasswordAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* UsePAM no UseDNS no #ChrootDirectory # Subsystem sftp /usr/lib/openssh/sftp-server Subsystem sftp internal-sftp Match group sftponly ChrootDirectory /home/%u X11Forwarding no AllowTcpForwarding no AllowAgentForwarding no ForceCommand internal-sftp -8< -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages openssh-server depends on: ii adduser 3.110add and remove users and groups ii debconf [debcon 1.5.24 Debian configuration management sy ii dpkg1.14.29 Debian package management system ii libc6 2.7-18lenny4 GNU C Library: Shared libraries ii libcomerr2 1.41.3-1 common error description library ii libkrb531.6.dfsg.4~beta1-5lenny4 MIT Kerberos runtime libraries ii libpam-modules 1.0.1-5+lenny1 Pluggable Authentication Modules f ii libpam-runtime 1.0.1-5+lenny1 Runtime support for the PAM librar ii libpam0g1.0.1-5+lenny1 Pluggable Authentication Modules l ii libselinux1 2.0.65-5 SELinux shared libraries ii libssl0.9.8 0.9.8g-15+lenny6 SSL shared libraries ii libwrap07.6.q-16 Wietse Venema's TCP wrappers libra ii lsb-base3.2-20 Linux Standard Base 3.2 init scrip ii openssh-blackli 0.4.1list of default blacklisted OpenSS ii openssh-client 1:5.1p1-5secure shell client, an rlogin/rsh ii procps 1:3.2.7-11 /proc file system utilities ii zlib1g 1:1.2.3.3.dfsg-12compression library - runtime Versions of packages openssh-server recommends: pn openssh-blacklist-extra(no description
Bug#586480: openssh-server: chroot directive is not working when using FISH (File transfer of shell with midnight commander)
Hi Stephan, This morning, I am sorry, I cannot reproduce the bug anymore, but I am pretty sure to have used the same account yesterday. Since I have modified my ssh server config during the time, I'll try to reproduce it later, in the same conditions. Kind regards, André Rodier. Login process: an...@arcadia:~$ sftp -o PubkeyAuthentication=no us...@transfer.myred2.com us...@transfer.myred2.com's password: Connected to transfer.myred2.com. sftp> ls sftp> pwd Remote working directory: / Jun 20 08:53:08 transfer sshd[4968]: debug1: Forked child 4975. Jun 20 08:53:08 transfer sshd[4975]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 Jun 20 08:53:08 transfer sshd[4975]: debug1: inetd sockets after dupping: 3, 3 Jun 20 08:53:08 transfer sshd[4975]: Connection from 213.107.190.212 port 41913 Jun 20 08:53:08 transfer sshd[4975]: debug1: Client protocol version 2.0; client software version OpenSSH_5.5p1 Debian-4 Jun 20 08:53:08 transfer sshd[4975]: debug1: match: OpenSSH_5.5p1 Debian-4 pat OpenSSH* Jun 20 08:53:08 transfer sshd[4975]: debug1: Enabling compatibility mode for protocol 2.0 Jun 20 08:53:08 transfer sshd[4975]: debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5 Jun 20 08:53:08 transfer sshd[4975]: debug1: user user1 matched group list sftponly at line 81 Jun 20 08:53:08 transfer sshd[4975]: Failed none for user1 from 213.107.190.212 port 41913 ssh2 Jun 20 08:53:13 transfer sshd[4975]: Accepted password for user1 from 213.107.190.212 port 41913 ssh2 Jun 20 08:53:13 transfer sshd[4975]: debug1: monitor_child_preauth: user1 has been authenticated by privileged process Jun 20 08:53:13 transfer sshd[4977]: debug1: SELinux support disabled Jun 20 08:53:13 transfer sshd[4975]: User child is on pid 4977 Jun 20 08:54:10 transfer sshd[4975]: debug1: do_cleanup On 20/06/10 08:32, Stefan Fritsch wrote: On Saturday 19 June 2010, you wrote: However, if I use the fish protocol [1] included in midnight commander, I can see the full filesystem hierarchy, and even transfer files from the etc folder, etc... Subsystem sftp internal-sftp Match group sftponly ChrootDirectory /home/%u X11Forwarding no AllowTcpForwarding no AllowAgentForwarding no ForceCommand internal-sftp fish does not work at all with ForceCommand and it won't work with ChrootDirectory unless you copy lots of things into the chroot (/lib /bin ...). Have you used the same user for your fish and sftp tests? Please verify in /var/log/auth.log that you really did.
Bug#985654: dovecot-fts-xapian: Does not index attachments
Package: dovecot-fts-xapian Version: 1.4.7-1 Severity: important The version included (1.4.7) contains an important bug that prevents attachments to be indexed. This is now fixed in version 1.4.8. https://github.com/grosjo/fts-xapian/issues/68 > doveadm(camille): Info: FTS Xapian: Unknown header (indexing) > 'contentdescription' > doveadm(camille): Info: FTS Xapian: fts_backend_xapian_update_set_build_key > doveadm(camille): Info: FTS Xapian: New part > (Header=Content-Disposition,Type=(null),Disposition=(null)) > doveadm(camille): Info: FTS Xapian: Unknown header (indexing) > 'contentdisposition' > doveadm(camille): Info: FTS Xapian: fts_backend_xapian_update_set_build_key > doveadm(camille): Info: FTS Xapian: New part > (Header=Content-Transfer-Encoding,Type=(null),Disposition=(null)) > doveadm(camille): Info: FTS Xapian: Unknown header (indexing) > 'contenttransferencoding' > doveadm(camille): Info: FTS Xapian: fts_backend_xapian_update_set_build_key > doveadm(camille): Info: FTS Xapian: New part > (Header=(null),Type=text/csv,Disposition=attachment; filename="file.csv") > doveadm(camille): Info: FTS Xapian: Skipping part of type 'text/csv' and > disposition 'attachment; filename="file.csv"' > doveadm(camille): Info: FTS Xapian: fts_backend_xapian_update_set_mailbox > doveadm(camille): Info: FTS Xapian: Unset box 'INBOX' > (c0d4e304584e5460dae3075d7e67) > doveadm(camille): Info: FTS Xapian: fts_backend_xapian_oldbox > doveadm(camille): Info: FTS Xapian: Done indexing 'INBOX' > (c0d4e304584e5460dae3075d7e67) (13 msgs in 261 ms, rate: 49.8) > doveadm(camille): Info: FTS Xapian: fts_backend_xapian_release (unset_box) > doveadm(camille): Info: FTS Xapian: Committed 'unset_box' in 17 ms > doveadm(camille): Info: FTS Xapian: Box is empty > doveadm(camille): Info: FTS Xapian: fts_backend_xapian_update_deinit > (/home/users/camille/mails/indexes/xapian-indexes) > doveadm(camille): Info: FTS Xapian: fts_backend_xapian_release (update_deinit) > doveadm(camille): Info: FTS Xapian: Committed 'update_deinit' in 0 ms > doveadm(camille): Info: FTS Xapian: Deinit > /home/users/camille/mails/indexes/xapian-indexes) The interesting line is this one: > doveadm(camille): Info: FTS Xapian: Skipping part of type 'text/csv' and > disposition 'attachment; filename="file.csv"' -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-3-amd64 (SMP w/1 CPU thread) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages dovecot-fts-xapian depends on: ii libc62.31-9 ii libgcc-s110.2.1-6 ii libicu67 67.1-6 ii libstdc++6 10.2.1-6 ii libxapian30 1.4.18-3 dovecot-fts-xapian recommends no packages. dovecot-fts-xapian suggests no packages. -- no debconf information
Bug#878085: simple-cdd: Creating the mirror is failing due to missing files
Package: simple-cdd
Version: 0.6.5
Severity: important
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
When running simple-cdd --do-mirror, the program fails with one missing file. I
have tried with multiple mirrors, but the file is missing on all of them.
Below an example on what is happening.
---
simple-cdd --do-mirror --locale en_US --dist stable
[...]
2017-10-09 18:09:27,290 DEBUG skipping download:
/home/seequestor/Projects/simple-cdd/tmp/mirror/doc/dedication/dedication-5.0.txt
checksum matched
2017-10-09 18:09:27,290 DEBUG skipping download:
/home/seequestor/Projects/simple-cdd/tmp/mirror/doc/dedication/dedication-5.0.vi.txt
checksum matched
2017-10-09 18:09:27,290 DEBUG downloading:
/home/seequestor/Projects/simple-cdd/tmp/mirror/doc/dedication/dedication-9.0.bn.txt
Traceback (most recent call last):
File "/usr/bin/simple-cdd", line 658, in
scdd.build_mirror()
File "/usr/bin/simple-cdd", line 270, in build_mirror
self.run_tool("mirror", tool)
File "/usr/bin/simple-cdd", line 367, in run_tool
tool.run()
File "/usr/lib/python3/dist-packages/simple_cdd/tools/mirror_wget.py", line
93, in run
_download(x["url"], x["absname"], checksums=extrafile_sums,
relname=x["relname"])
File "/usr/lib/python3/dist-packages/simple_cdd/tools/mirror_wget.py", line
55, in _download
request.urlretrieve(url, filename=output)
File "/usr/lib/python3.5/urllib/request.py", line 188, in urlretrieve
with contextlib.closing(urlopen(url, data)) as fp:
File "/usr/lib/python3.5/urllib/request.py", line 163, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python3.5/urllib/request.py", line 472, in open
response = meth(req, response)
File "/usr/lib/python3.5/urllib/request.py", line 582, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib/python3.5/urllib/request.py", line 504, in error
result = self._call_chain(*args)
File "/usr/lib/python3.5/urllib/request.py", line 444, in _call_chain
result = func(*args)
File "/usr/lib/python3.5/urllib/request.py", line 696, in http_error_302
return self.parent.open(new, timeout=req.timeout)
File "/usr/lib/python3.5/urllib/request.py", line 472, in open
response = meth(req, response)
File "/usr/lib/python3.5/urllib/request.py", line 582, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib/python3.5/urllib/request.py", line 510, in error
return self._call_chain(*args)
File "/usr/lib/python3.5/urllib/request.py", line 444, in _call_chain
result = func(*args)
File "/usr/lib/python3.5/urllib/request.py", line 590, in http_error_default
raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 404: Not Found
---
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: 9.1
APT prefers stable
APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8),
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages simple-cdd depends on:
ii dctrl-tools 2.24-2+b1
ii debian-cd 3.1.20
ii lsb-release 9.20161125
ii python3 3.5.3-1
ii python3-simple-cdd 0.6.5
ii reprepro5.1.1-1
ii rsync 3.1.2-1
ii wget1.18-5
Versions of packages simple-cdd recommends:
ii dose-distcheck 5.0.1-8
Versions of packages simple-cdd suggests:
ii qemu-kvm 1:2.8+dfsg-6+deb9u3
ii qemu-system 1:2.8+dfsg-6+deb9u3
-- no debconf information
Bug#1006436: gnome-terminal: General Protection Fault in libgdk-3
Package: gnome-terminal Version: 3.38.3-1 Severity: important Dear Maintainer, I have a general protection fault in gnome-terminal wich the crashed. I checked the other bug reports, but did not found the exact same, with the same library. Here the log entries: Feb 24 08:33:35 hamilton kernel: [1205291.952664] traps: gnome-terminal-[901407] general protection fault ip:7f639df40eb5 sp:7fff8a3770b0 error:0 in libgdk-3.so.0.2404.20[7f639dede000+7f000] Feb 24 08:33:35 hamilton kernel: [1205291.952664] traps: gnome-terminal-[901407] general protection fault ip:7f639df40eb5 sp:7fff8a3770b0 error:0 in libgdk-3.so.0.2404.20[7f639dede000+7f000] Feb 24 08:33:35 hamilton systemd[1930]: gnome-terminal-server.service: Main process exited, code=killed, status=11/SEGV Feb 24 08:33:35 hamilton systemd[1930]: gnome-terminal-server.service: Failed with result 'signal'. Feb 24 08:33:35 hamilton systemd[1930]: gnome-terminal-server.service: Consumed 53min 23.367s CPU time. Feb 24 08:33:45 hamilton dbus-daemon[390908]: [session uid=1000 pid=390908] Activating via systemd: service name='org.gnome.Terminal' unit='gnome-terminal-server.service' requested by ':1.3837' (uid=1000 pid=1557711 comm="gnome-terminal ") Feb 24 08:33:45 hamilton gnome-terminal-server[1557717]: Display does not support owner-change; copy/paste will be broken! Feb 24 08:33:46 hamilton systemd[1930]: Started VTE child process 1557724 launched by gnome-terminal-server process 1557717. I hope it helps -- System Information: Debian Release: 11.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-11-amd64 (SMP w/16 CPU threads) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gnome-terminal depends on: ii dbus-user-session [default-dbus-session-bus] 1.12.20-2 ii dbus-x11 [dbus-session-bus] 1.12.20-2 ii dconf-gsettings-backend [gsettings-backend] 0.38.0-2 ii gnome-terminal-data 3.38.3-1 ii gsettings-desktop-schemas 3.38.0-2 ii libatk1.0-0 2.36.0-2 ii libc6 2.31-13+deb11u2 ii libdconf1 0.38.0-2 ii libglib2.0-0 2.66.8-1 ii libgtk-3-03.24.24-4 ii libpango-1.0-01.46.2-3 ii libuuid1 2.36.1-8+deb11u1 ii libvte-2.91-0 0.62.3-1 ii libx11-6 2:1.7.2-1 Versions of packages gnome-terminal recommends: ii gvfs 1.46.2-1 ii nautilus-extension-gnome-terminal 3.38.3-1 ii yelp 3.38.3-1 gnome-terminal suggests no packages. -- no debconf information
