Chapter 5. Issues to be aware of for lenny

Table of Contents

5.1. Potential problems
5.1.1. Problems with devices related to udev
5.1.2. Some applications may no longer work with a 2.4 kernel
5.1.3. Certain network sites cannot be reached by TCP
5.1.4. Automatic poweroff stops working
5.1.5. Asynchronous network initialization may cause unpredictable behavior
5.1.6. Trouble when using WPA secured wireless networks
5.1.7. Problems with non-ASCII characters in filenames
5.1.8. Sound stops working
5.1.9. Potential Filesystem Corruption on upgrade
5.2. NFS mounts now handled by nfs-common
5.3. Change of Romanian (ro) keyboard layout
5.4. Upgrading apache2
5.5. NIS and Network Manager
5.6. Security status of Mozilla products
5.7. Security status of OCS Inventory and SQL-Ledger
5.8. KDE desktop
5.9. GNOME desktop changes and support
5.10. No default support for Unicode in emacs21*
5.11. slurpd/replica will no longer work
5.12. Desktop not using full screen
5.13. DHCP failover issue
5.14. VServer Disk Limit

5.1. Potential problems

Sometimes, changes have side-effects we cannot reasonably avoid, or we expose bugs somewhere else. We document here the issues we are aware of. Please also read the errata, the relevant packages' documentation, bug reports and other information mentioned in Section 6.1, “Further reading”.

5.1.1. Problems with devices related to udev

Although udev has been tested extensively, you may experience minor problems with some devices that will need to be fixed. The most common problems are changed permission and/or ownership of a device. In some cases a device may not be created by default (e.g. /dev/video and /dev/radio).

udev provides configuration mechanisms to deal with these issues. See udev(8) and /etc/udev for further information.

5.1.2. Some applications may no longer work with a 2.4 kernel

Some applications in lenny may no longer work with a 2.4 kernel, for example because they require epoll() support, which is not available in 2.4 kernels. Such applications may either not work at all or not work correctly until the system has been rebooted with a 2.6 kernel.

One example is the HTTP proxy squid.

5.1.3. Certain network sites cannot be reached by TCP

Since 2.6.17, Linux aggressively uses TCP window scaling which is specified in RFC 1323. Some servers have a broken behavior, and announce wrong window sizes for themselves. For more details, please see the bug reports #381262, #395066, #401435.

There are usually two workarounds to these problems: either revert the maximum allowed TCP window sizes to a smaller value (preferable) or turn off TCP window scaling altogether (deprecated). See the example commands in the debian-installer errata page.

5.1.4. Automatic poweroff stops working

On some older systems, shutdown -h may not power off the system anymore (but just stop it). This happens because APM needs to be used there. Adding acpi=off apm=power_off to the kernel's command line, e.g. in grub or lilo configuration files should fix this issue. Please see bug #390547 for additional information.

5.1.5. Asynchronous network initialization may cause unpredictable behavior

On systems which use udev to load drivers for network interfaces, it is possible due to the asynchronous nature of udev that the network driver will not be loaded before /etc/init.d/networking runs on system boot. Although including allow-hotplug to /etc/network/interfaces (in addition to auto) will ensure that the network interface is enabled once it becomes available, there is no guarantee that this will finish before the boot sequence begins to start network services, some of which may not behave correctly in the absence of the network interface.

5.1.6. Trouble when using WPA secured wireless networks

In etch, the wpasupplicant package was set up as a system service, configured via /etc/default/wpasupplicant and a user-provided /etc/wpasupplicant.conf.

In lenny, /etc/init.d/wpasupplicant has been dropped and the Debian package now integrates with /etc/network/interfaces, similar to other packages such as wireless-tools. This means wpasupplicant no longer provides a system service directly.

For information on configuring wpasupplicant please refer to /usr/share/doc/wpasupplicant/README.modes.gz, which gives examples for /etc/network/interfaces files. Updated information about the usage of the wpasupplicant package in Debian can be found in the Debian Wiki.

5.1.7. Problems with non-ASCII characters in filenames

Mounting vfat, ntfs or iso9660 file systems with files that include non-ASCII characters in their filenames will give failures when one tries to use the filenames unless mounting is done with the utf8 option. An indication might be the following failure: “Invalid or incomplete multibyte or wide character”. A possible solution is to use defaults,utf8 as mount options for vfat, ntfs and iso9660 file systems when they contain filenames with non-ASCII characters.

Note that the Linux kernel does not support case-insensitive filename handling for vfat when the utf8 option is used.

5.1.8. Sound stops working

In rare cases, sound might stop working after the upgrade. If this happens, go through the ALSA checklist:

  • run alsaconf as root user,

  • add your user to the audio group,

  • make sure the sound channel levels are up and unmuted (using alsamixer),

  • make sure arts and esound are not running,

  • make sure no OSS modules are loaded,

  • make sure the speakers are actually switched on, and

  • check whether the command

    cat /dev/urandom > /dev/audio

    or the command

    speaker-test

    works for root.

5.1.9. Potential Filesystem Corruption on upgrade

Starting with Kernel 2.6.25, Linux on the s390 architecture running under z/VM hypervisor uses a new CCW for DASD access that triggers an error in z/VM leading to I/O errors and finally file system inconsistency.

This error could be confirmed running z/VM 5.3 with RSU (Recommended Service Update) 5304 and was fixed by IBM in RSU 5305 (service level 802).

In the IBM problem report a z/OS guest is mentioned, nevertheless this problem also affects linux guests.

5.2. NFS mounts now handled by nfs-common

Since util-linux 2.13 NFS mounts are no longer handled by util-linux itself, but by nfs-common. Since not all systems mount NFS shares and to avoid a standard portmapper installation util-linux only suggests nfs-common. If you need to mount NFS shares, make sure nfs-common is installed on your system. The preinstallation script of the mount package checks whether NFS mounts exist and aborts if /usr/sbin/mount.nfs from nfs-common is not present or if nfs-common is out-of-date. Either upgrade nfs-common or unmount any NFS mounts prior to upgrading mount.

5.3. Change of Romanian (ro) keyboard layout

Because of the upgrade to xkb-data version 1.3 in lenny the default variant for Romanian (ro) layout is now producing the correct șț characters (comma below) instead of şţ (cedilla below). Also some of the variants have been renamed. The old variant names still work, but users are encouraged to update their /etc/X11/xorg.conf. More info as well as possible side effects due to this change are available in the wiki (Romanian language only).

5.4. Upgrading apache2

The apache2 default configuration has changed in some ways that may require manual changes to your configuration. The most important changes are:

NameVirtualHost * has been changed to NameVirtualHost *:80. If you have added more name based virtual hosts, you need to change <VirtualHost *> to <VirtualHost *:80> for each of them.

The Apache User and Group and the PidFile path are now configured in /etc/apache2/envvars. If you have changed these settings from their default values, you need to change that file. This also means that starting apache2 with apache2 -k start is no longer possible, you have to use /etc/init.d/apache2 or apache2ctl.

The suexec helper program needed for mod_suexec is now shipped in a separate package, apache2-suexec, which is not installed by default.

More module specific configuration has been moved from /etc/apache2/apache2.conf to /etc/apache2/mods-available/*.conf.

For more detailed information, see /usr/share/doc/apache2.2-common/NEWS.Debian.gz and /usr/share/doc/apache2.2-common/README.Debian.gz.

5.5. NIS and Network Manager

The version of ypbind included with nis for lenny contains support for Network Manager. This support causes ypbind to disable NIS client functionality when Network Manager reports that the computer is disconnected from the network. Since Network Manager will usually report that the computer is disconnected when it is not in use, NIS users with NIS client systems should ensure that Network Manager support is disabled on those systems.

This can be done by either uninstalling the network-manager package, or editing /etc/default/nis to add -no-dbus to YPBINDARGS.

The use of -no-dbus is the default for new installs of Debian, but was not the default in previous releases.

5.6. Security status of Mozilla products

The Mozilla programs firefox, thunderbird, and sunbird (rebranded in Debian to iceweasel, icedove, and iceowl, respectively), are important tools for many users. Unfortunately the upstream security policy is to urge users to update to new upstream versions, which conflicts with Debian's policy of not shipping large functional changes in security updates. We cannot predict it today, but during the lifetime of lenny the Debian Security Team may come to a point where supporting Mozilla products is no longer feasible and announce the end of security support for Mozilla products. You should take this into account when deploying Mozilla and consider alternatives available in Debian if the absence of security support would pose a problem for you.

iceape, the unbranded version of the seamonkey internet suite has been removed from lenny (with the exception of a few internal library packages).

5.7. Security status of OCS Inventory and SQL-Ledger

The webservice packages ocsinventory-server and sql-ledger are included in the lenny release but have special security requirements that users should be aware of before deploying them. These two webservices are designed for deployment only behind an authenticated HTTP zone and should never be made available to untrusted users; and therefore they receive only limited security support from the Debian security team. Users should therefore take particular care when evaluating who to grant access to these services.

5.8. KDE desktop

There are no huge changes in the KDE Desktop Enviroment from the version shipped in etch. Lenny ships an updated translation and service release of KDE 3.5 that is a mixture of 3.5.9 and 3.5.10. Some modules are labeled as version 3.5.9, but have been updated and include most of the same changes found in 3.5.10. Overall, lenny ships 3.5.10 without the kicker improvements shipped in kdebase and some bug fixes in kdepim.

Lenny will be the last stable release including a KDE 3 series environment.

5.9. GNOME desktop changes and support

There have been many changes in the GNOME desktop environment from the version shipped in etch to the version in lenny, you can find more information in the GNOME 2.22 Release Notes.

5.10. No default support for Unicode in emacs21*

Emacs21 and emacs21-nox are not configured to use Unicode by default. For more information and a workaround please see bug #419490. Consider switching to emacs22, emacs22-gtk, or emacs22-nox.

5.11. slurpd/replica will no longer work

OpenLDAP has dropped support for LDAP replication via the slurpd service in release 2.4.7. Existing configurations need to be reconfigured for the LDAP Sync Replication engine (syncrepl). More verbose documentation can be found at http://www.openldap.org/doc/admin24/replication.html.

5.12. Desktop not using full screen

The driver for Intel Mobile GM965 may wrongly detect a VGA output and set the size of the screen to a lower value to accomodate it. The symptom of this bug is that the desktop manager will only use a fraction of the screen. Correct behaviour can be forced by adding the following lines to the /etc/X11/xorg.conf configuration file.

Section "Monitor"
  Identifier "VGA"
  Option "Ignore" "true"
EndSection

Please refer to the bug #496169 for more informations.

5.13. DHCP failover issue

When running a failover pair of DHCP servers, the peer names need to be consistent, otherwise DHCP will crash.

Please see bug #513506 and https://lists.isc.org/pipermail/dhcp-users/2007-September/004538.html for more information.

5.14. VServer Disk Limit

To use the disk limit feature of vserver in lenny, you should use the mount option tag (instead of tagxid in etch).

You should manually update /etc/fstab and/or any script which uses tagxid. Otherwise, the partition will not be mounted and thus the vservers will not start.