Kapitola 5. Problémy vyskytujúce sa v jessie

Obsah

5.1. Obmedzenia bezpečnostnej podpory
5.1.1. Bezpečnostný status webových prehliadačov
5.1.2. Chýbajúca bezpečnostná podpora ekosystému okolo libv8 a Node.js
5.1.3. Predčasné ukončenie bezpečnostnej podpory MediaWiki
5.2. Server OpenSSH má štandardne nastavenú voľbu „PermitRootLogin without-password“
5.3. Kompatibilita Puppet 2.7 / 3.7
5.4. Aktualizácia PHP 5.6 sa prejaví zmenami v správaní
5.5. Nekompatibilné zmeny v Apache HTTPD 2.4
5.6. Aktualizácia na Jessie nainštaluje nový predvolený init systém
5.6.1. Prísnejší prístup k súborovým systémom, ktoré sa nepodarilo pripojiť počas štartu pod systemd
5.6.2. Zastaralé init skripty by ste mali odstrániť (purge)
5.6.3. Locally modified init-scripts may need to be ported to systemd
5.6.4. Výzvy počas zavádzania systému so systemd vyžadujú Plymouth
5.6.5. Interakcia medzi logind a acpid
5.6.6. Nepodporované funkcie crypttab pod systemd (napríklad „keyscript=...“)
5.6.7. systemd: issues SIGKILL too early [fixed in 8.1]
5.6.8. systemd: behavior of 'halt' command
5.7. Požadované konfiguračné voľby jadra pre Jessie
5.8. Aktualizácia hostiteľov a kontajnerov LXC
5.8.1. Aktualizácia hosťov LXC bežiacich na hostiteľoch Wheezy
5.8.2. Aktualizácia hosťov LXC bežiacich na hostiteľoch Jessie
5.8.3. Ďalšie informácie
5.9. Manual migration of disks encrypted with LUKS whirlpool (non-standard setups)
5.10. Pracovné prostredie GNOME vyžaduje základnú 3D grafiku
5.11. Pracovné prostredie GNOME nefunguje s proprietárnym ovládačom FGLRX od AMD
5.12. Zmeny predvolených klávesových skratiek v GNOME
5.13. Changes to default shell of system users provided by base-passwd
5.14. Migration to new KDE E-mail, Calendar, and Contacts (Kontact)
5.15. Missing virtual consoles ("getty"s) with multiple desktop environments
5.16. "VGA signal out of range" / blank screen during boot with grub-pc
5.17. Stricter validation of cron files in crontab
5.18. Change in handling of unreadable module paths by perl
5.19. Upgrade considerations for Ganeti clusters
5.19.1. Problem upgrading Ganeti clusters with DRBD-backed instances [fixed in 8.1]
5.19.2. General notes on upgrading Ganeti clusters
5.20. New requirements for file execution in Samba4
5.21. Cryptsetup can break boot with BUSYBOX=n
5.22. Backwards incompatible changes in the Squid webproxy

Niekedy majú zmeny zavedené v novom vydaní vedľajšie účinky, ktorým sa nedokážeme rozumne vyhnúť alebo by spôsobili objavenie chýb inde. Tu dokumentujeme problémy, ktorých sme si vedomí. Tiež si prosím prečítajte errata, dokumentáciu relevantných balíkov, hlásenia o chybách a ďalšie informácie, ktoré spomína Oddiel 6.1, “Ďalšie čítanie”.

5.1. Obmedzenia bezpečnostnej podpory

Existujú niektoré balíky, pre ktoré Debian nemôže sľúbiť poskytovanie minimálných spätných portov v prípade bezpečnostných problémov. Tieto sú popísané v nasledovných častiach.

Balík debian-security-support pridaný vo vydaní Jessie pomáha sledovať stav bezpečnostnej podpory nainštalovaných balíkov.

5.1.1. Bezpečnostný status webových prehliadačov

Debian 8 obsahuje niekoľko nových jadier prehliadačov, ktoré postihuje neustály tok nových bezpečnostných zraniteľností. Vysoký tok zraniteľností a čiastočný nedostatok podpory vo forme vetiev s dlhodobou podporou znamená, že je pre nás veľmi ťažké podporovať tieto prehliadače spätne portovanými bezpečnostnými opravami. Naviac, závislosti na knižniciach znemožňujú aktualizáciu na novšie vydania od dodávateľa. Preto sú prehliadače založené na jadrách webkit, qtwebkit a khtml súčasťou Jessie, ale nevzťahuje sa na ne bezpečnostná podpora. Tieto prehliadače by ste nemali používať na prístup k nedôveryhodným stránkam.

Ako všeobecný prehliadač odporúčame prehliadače Iceweasel alebo Chromium.

Chromium - hoci je postavený na kóde Webkit - je to tzv. listový balík, ktorý bude priebežne aktualizovaný opätovným zostavením aktuálnej verzie Chrome v prostredí stabilného vydania. Iceweasel a Icedove budú tiež udržiavané aktuálne opätovným zostavením aktuálnej ESR verzie v prostredí stabilného vydania.

5.1.2. Chýbajúca bezpečnostná podpora ekosystému okolo libv8 a Node.js

Platforma Node.js je postavená na libv8-3.14, ktoré postihuje veľké množstvo bezpečnostných problémov, ale momentálne projekt nemá žiadnych dobrovoľníkov ani bezpečnostný tím s dostatočným záujmom, ochotných stráviť veľké množstvo času riešením tohto typu problémov.

Unfortunately, this means that libv8-3.14, nodejs, and the associated node-* package ecosystem should not currently be used with untrusted content, such as unsanitized data from the Internet.

Okrem toho tieto balíky nebudú dostávať žiadne bezpečnostné aktualizácie počas životného cyklu vydania Jessie.

5.1.3. Predčasné ukončenie bezpečnostnej podpory MediaWiki

Upstream security support for the 1.19 series of mediawiki ends during the expected lifecycle of Jessie. The mediawiki package is included in Jessie to satisfy dependencies in other packages.

Security support for mediawiki will end in conjunction with support for Wheezy in April 2016.

5.2. Server OpenSSH má štandardne nastavenú voľbu „PermitRootLogin without-password“

V snahe viac zabezpečiť predvolenú konfiguráciu bude mať odteraz balík openssh-server štandardne nastavenú voľbu „PermitRootLogin without-password“. Ak potrebujete používať účet používateľa root v spojení s prihlasovaním pomocou hesla, táto zmena na vás môže mať vplyv.

openssh-server sa pokúsi takéto prípady detegovať a zvýši prioritu výzvy debconf.

Ak chcete zachovať prihlasovanie pomocou hesla pre používateľa root, môžete tiež preseed na zodpovedanie tejto otázky vopred pomocou:

# The "false" value is in fact correct despite being confusing.
$ echo 'openssh-server openssh-server/permit-root-login boolean false' | debconf-set-selections

5.3. Kompatibilita Puppet 2.7 / 3.7

If you are using Puppet, please be aware that Puppet 3.7 is not backwards compatible with Puppet 2.7. Among other things, the scoping rules have changed and many deprecated constructs have been removed. See the Puppet 3.x release notes for some of the changes, although be aware that there are further changes in 3.7.

Checking the log files of your current puppetmaster for deprecation warnings and resolving all of those warnings before proceeding with the upgrade will make it much easier to complete the upgrade. Alternatively, or additionally, testing the manifests with a tool like Puppet catalog test may also find potential issues prior to the upgrade.

When upgrading a Puppet managed system from Wheezy to Jessie, you must ensure that the corresponding puppetmaster runs at least Puppet version 3.7. If the master is running Wheezy's puppetmaster, the managed Jessie system will not be able to connect to it.

For more information on incompatability changes, please have a look at Telly upgrade issues and "The Angry Guide to Puppet 3".

5.4. Aktualizácia PHP 5.6 sa prejaví zmenami v správaní

Aktualizácia na Jessie obsahuje aktualizáciu PHP z 5.4 na 5.6. To môže maž vplyv na akékoľvek miestne skripty PHP a odporúčame vám skontrolovať tieto skripty pred vykonaním aktualizácie. Nižšie je vybraná podmnožina týchto problémov:

  • To prevent man-in-the-middle attacks against encrypted transfers, client streams now verify peer certificates by default.

    As a result of this change, existing code using ssl:// or tls:// stream wrappers (e.g. file_get_contents(), fsockopen(), stream_socket_client()) may no longer connect successfully without manually disabling peer verification via the stream context's "verify_peer" setting.

    For more information about this particular issue, please read this document.

  • PHP v mnohých prípadoch mení rozlišovanie veľkosti písmen:

    • All internal case insensitivity handling for class, function, and constant names is done according to ASCII rules. Current locale settings are ignored.

    • The keywords "self", "parent", and "static" are now always case insensitive.

    • The json_decode() function no longer accepts non-lowercase variants of "boolean" values.

  • The logo GUID functions (e.g. php_logo_guid()) have been removed.

  • It is no longer possible to overwrite keys in static scalar arrays. Please see PHP bug 66015 for an example and more information about this particular issue.

  • The mcrypt_encrypt(), mcrypt_decrypt() and mcrypt_{MODE}() functions no longer accept keys or IVs with incorrect sizes. Furthermore an IV is now required if the used block cipher mode requires it.

  • For legal reasons, the JSON implementation bundled with PHP has been replaced with the version provided by the "jsonc" PECL module. Code that makes assumptions about the finer implementation details of the PHP JSON parser may need to be reviewed.

  • The "short_open_tag" setting is now disabled by default. Short tags ("<?" and "?>") are scheduled for removal in PHP7.

For more information or the full list of potential issues, please have a look at upstream's list of backwards incompatible changes for PHP 5.5 and 5.6.

5.5. Nekompatibilné zmeny v Apache HTTPD 2.4

[Poznámka]Poznámka

This section only applies to systems which have installed an Apache HTTPD server and configured it manually.

There have been a number of changes to the configuration of the Apache HTTPD server in version 2.4. On the upstream side, the syntax has changed. Notably, the access control directives have changed considerably and will need manual migration to the new directives.

The mod_access_compat module is mentioned in the upstream upgrade guide as a possible alternative to immediate migration. However, the reports suggest it may not always work.

The managing of configuration files has also been changed in the Debian packaging. In particular, all configuration files and sites must now end with ".conf" to be parsed by default. This change also replaces the existing use of /etc/apache2/conf.d/.

[Poznámka]Poznámka

During the upgrade, you may also see warnings about configuration files placed in /etc/apache2/conf.d/, which are provided by packages from Debian. This warning is unavoidable but harmless as the affected packages will move their configuration once their upgrade completes (which will generally happen after the Apache HTTPD emits its warning).

Ďalšie informácie a úplný zoznam zmien nájdete v:

  • Upgrading to 2.4 from 2.2 document provided by Apache for the upstream side.

  • The /usr/share/doc/apache2/NEWS.Debian.gz file provided by the apache2 package.

5.6. Aktualizácia na Jessie nainštaluje nový predvolený init systém

Jessie sa dodáva s predvoleným init systémom systemd-sysv. Tento balík sa nainštaluje automaticky počas aktualizácie.

Ak preferujete iný init systém ako sysvinit-core alebo upstart, odporúča sa nastaviť APT pinning pred aktualizáciou. To môže byť nutné aj v prípade, že aktualizujete kontajnery LXC pred aktualizáciou hostiteľa. V takom prípade si prosím prečítajte Oddiel 5.8.1, “Aktualizácia hosťov LXC bežiacich na hostiteľoch Wheezy”.

Napríklad, aby ste zabránili inštalácii systemd-sysv počas aktualizácie, môžete vytvoriť súbor s názvom /etc/apt/preferences.d/local-pin-init s nasledovným obsahom:

Package: systemd-sysv
Pin: release o=Debian
Pin-Priority: -1
[Výstraha]Výstraha

Pamätajte, že niektoré balíky sa nemusia chovať úplne správne pod neštandardným init systémom.

Please note that the upgrade may install packages containing "systemd" in their name even with APT pinning. These alone do not change your init system. To use systemd as your init system, the systemd-sysv package must be installed first.

If APT or aptitude has issues computing an upgrade path with the pin in place, you may be able to help it by manually installing both sysvinit-core and systemd-shim.

5.6.1. Prísnejší prístup k súborovým systémom, ktoré sa nepodarilo pripojiť počas štartu pod systemd

The new default init system, systemd-sysv, has a stricter handling of failing "auto" mounts during boot compared to sysvinit. If it fails to mount an "auto" mount (without the "nofail" option), systemd will drop to an emergency shell rather than continuing the boot.

We recommend that all removable or "optional" mount points (e.g. non-critical network drives) listed in /etc/fstab either have the "noauto" or the "nofail" option.

5.6.2. Zastaralé init skripty by ste mali odstrániť (purge)

If you are upgrading from previous releases, your system may contain obsolete init-scripts provided by (now) removed packages. These scripts may have inaccurate or no dependency metadata, which can lead to dependency cycles in your init configuration.

To avoid this, we recommend that you go and review the list of packages that are in the "rc" ("Removed, but Config-files remain") state, and purge at least all those containing init-scripts.

Please see Oddiel 4.8.1, “Vyčistenie (purge) odstránených balíkov” for details on finding and purging removed packages.

5.6.3. Locally modified init-scripts may need to be ported to systemd

[Poznámka]Poznámka

This section only applies to systems where Debian-provided init scripts have been modified locally.

If you have modified some of the init scripts provided by Debian, please be aware that these may now have been superseded by a systemd unit file or by systemd itself. If you have debsums installed, you can check for locally modified init scripts by using the following shell command.

debsums -c -e | grep ^/etc/init.d

Alternatively, the following can be used in the absence of debsums.

dpkg-query --show -f'${Conffiles}' | sed 's, /,\n/,g' | \
  grep /etc/init.d | awk 'NF,OFS="  " {print $2, $1}' | \
  md5sum --quiet -c

If either command flags any files and their corresponding packages or the systemd now provides an systemd unit file for that service, the systemd unit file will take precedence to your locally modified init script. Depending on the nature of the change, there are different way to perform the migration.

If necessary, it is possible to override the systemd unit file to have it start the sysvinit script. For more information on systemd unit files, please have a look at the following resources.

5.6.4. Výzvy počas zavádzania systému so systemd vyžadujú Plymouth

Ak zavádzanie vášho systému prebieha interaktívne (napríklad vyžaduje zadanie hesla k šifrovanému disku), uistite sa, že máte nainštalovaný a nakonfigurovaný plymouth. Informácie o konfigurovaní plymouth nájdete na /usr/share/doc/plymouth/README.Debian.

Ak nemáte plymouth, môže sa stať, že sa výzva počas zavádzania systému nezobrazí. Hlásenia naznačujú, že cryptsetup síce prijíma vstup, no ten sa nezobrazuje. Ak narazíte na tento problém, po napísaní správneho hesla by vám malo byť umožnené normálne pokračovať ďalej.

5.6.5. Interakcia medzi logind a acpid

Udalosti ACPI môže spracovávať buď logind alebo acpid. V prípade, že sú obe služby nakonfigurované, aby spracovávali udalosti rôznymi spôsobmi, môže to viesť k nežiaducim výsledkom.

Odporúčame previesť akékoľvek neštandardné nastavenia do logind a odinštalovať acpid. Alternatívou je nastaviť logind, aby ignoroval udalosti ACPI, pridaním:

HandlePowerKey=ignore
HandleSuspendKey=ignore
HandleHibernateKey=ignore
HandleLidSwitch=ignore

do /etc/systemd/logind.conf. Všimnite si, že to môže zmeniť správanie pracovných prostredí, ktoré závisia na logind.

5.6.6. Nepodporované funkcie crypttab pod systemd (napríklad „keyscript=...“)

Niektoré funkcie cryptsetup bohužiaľ nie sú podporované, ak používate systemd ako init systém. Sú to:

  • precheck

  • check

  • checkargs

  • noearly

  • loud

  • keyscript

Ak úspešné zavedenie vášho systému spolieha na niektorú z týchto funkcií, budete musieť ako init systém použiť sysvinit (sysvinit-core). Informácie o tom, ako sa vyhnúť konkrétnemu init systému nájdete v časti Oddiel 5.6, “Aktualizácia na Jessie nainštaluje nový predvolený init systém”.

Ak chcete skontrolovať, či váš systém používa niektorú z týchto funkcií, spustite nasledovný príkaz:

grep -e precheck -e check -e checkargs -e noearly -e loud -e keyscript /etc/crypttab

Ak vyššie uvedený príkaz nič nevypíše, váš systém nepoužíva žiadnu z uvedených funkcií.

5.6.7. systemd: issues SIGKILL too early [fixed in 8.1]

[Poznámka]Poznámka

This issue was fixed in the 8.1 Jessie point release.

A regression was reported in systemd after the Jessie release. The bug occurs during shutdown or reboot, where systemd does not give any reasonable delay before issuing SIGKILL to processes. This can lead to data loss in processes that have not saved all data at the time of the reboot (e.g. running databases).

This issue is tracked in the Debian bug #784720

5.6.8. systemd: behavior of 'halt' command

The sysvinit implementation of the halt command powered off the machine as well. The systemd-sysv implementation halts the system, but does not power off the machine. To halt the machine and turn it off, use the poweroff command.

See also Debian bug #760923

5.7. Požadované konfiguračné voľby jadra pre Jessie

[Poznámka]Poznámka

Táto časť je len pre ľudí, ktorí si zostavujú vlastné jadro. Ak používate jadrá, ktoré zostavil Debian, môžete túto časť ignorovať.

The following kernel configuration options are now either required or recommended for Jessie (in addition to existing ones from previous releases):

# Voľbu vyžaduje udev
CONFIG_DEVTMPFS=y
# Voľbu vyžadujú *niektoré* služby systemd
CONFIG_DEVPTS_MULTIPLE_INSTANCES=y
# Voľbu vyžaduje "bluez" (GNOME)
CONFIG_BT=y
# Voľbu vyžaduje cups + systemd.
CONFIG_PPDEV=y

The systemd services which require CONFIG_DEVPTS_MULTIPLE_INSTANCES=y will typically contain at least one of the following directives:

PrivateTmp=yes
PrivateDevices=yes
PrivateNetwork=yes
ProtectSystem=yes

If you do not use systemd, or can assert that none of the systemd services will use the above directives, the config option might not be required for your particular system.

For more information about the requirements, please refer to the section called "REQUIREMENTS" in the README file for the package systemd.

5.8. Aktualizácia hostiteľov a kontajnerov LXC

[Poznámka]Poznámka

Táto časť sa vzťahuje len na systémy, ktoré majú kontajnery alebo hostiteľa LXC. Systémy bežných koncových používateľov ich zvyčajne nemajú.

The upgrade from Wheezy to Jessie will migrate your system to the systemd init system by default (see Oddiel 5.6, “Aktualizácia na Jessie nainštaluje nový predvolený init systém”).

When upgrading an LXC container or an LXC virtual machine, this will have different consequences depending on whether the host system has already been upgraded to Jessie or not.

5.8.1. Aktualizácia hosťov LXC bežiacich na hostiteľoch Wheezy

If you are upgrading an LXC guest container that is running on a Wheezy host system, then you will need to prevent the guest from being automatically migrated to systemd. You prevent the migration via pinning, as described in Oddiel 5.6, “Aktualizácia na Jessie nainštaluje nový predvolený init systém”.

This is required as the Wheezy host lacks functionality to boot a system running systemd.

You should be able to switch over to systemd inside the LXC guest once you have upgraded the host system to Jessie. See the next paragraph for things that need to be adapted on Jessie hosts.

5.8.2. Aktualizácia hosťov LXC bežiacich na hostiteľoch Jessie

In order to be able to boot LXC guests with systemd, you need to adapt your LXC container configuration. The container configuration can usually be found in /var/lib/lxc/CONTAINER_NAME/config You need to add the following two settings to the configuration:

lxc.autodev = 1
lxc.kmsg = 0

5.8.3. Ďalšie informácie

You can find further information on LXC in Debian in the Debian wiki.

5.9. Manual migration of disks encrypted with LUKS whirlpool (non-standard setups)

[Poznámka]Poznámka

This section is only for people who have set up LUKS encrypted disks themselves using the whirlpool hash. The debian-installer has never supported creating such disks.

If you have manually set up an encrypted disk with LUKS whirlpool, you will need to migrate it manually to a stronger hash. You can check if your disk is using whirlpool by using the following command:

# /sbin/cryptsetup luksDump <disk-device> | grep -i whirlpool

For more information on migrating, please see item "8.3 Gcrypt 1.6.x and later break Whirlpool" of the cryptsetup FAQ.

[Výstraha]Výstraha

If you have such a disk, cryptsetup will refuse to decrypt it by default. If your rootdisk or other system disks (e.g. /usr) are encrypted with whirlpool, you should migrate them prior to the first reboot after upgrading cryptsetup.

5.10. Pracovné prostredie GNOME vyžaduje základnú 3D grafiku

Pracovné prostredie GNOME 3.14 v Jessie už viac neobsahuje záložnú podporu pre počítače bez základného urýchľovania 3D grafiky. Aby správne bežalo, potrebuje buď dostatočne nové PC (potrebnú podporu SSE2 by malo mať akékoľvek PC zostavené v posledných 10 rokoch) alebo v prípade architektúr iných ako i386 a amd64, grafická karta s 3D akceleráciou a ovládačom s podporou EGL.

5.11. Pracovné prostredie GNOME nefunguje s proprietárnym ovládačom FGLRX od AMD

Na rozdiel od iných ovládačov OpenGL, ovládač AMD FGLRX pre karty Radeon nepodporuje rozhranie EGL. Z toho dôvodu sa niekoľko aplikácií GNOME vrátane jadra pracovného prostredia GNOME vôbec nespustí ak sa používa tento ovládač.

Odporúča sa namiesto neho používať slobodný ovládač radeon, ktorý je v jessie predvolený.

5.12. Zmeny predvolených klávesových skratiek v GNOME

Predvolené klávesové skratky v GNOME sa zmenili, aby lepšie zodpovedali svojim náprotivkom v niektorých iných operačných systémoch.

Shortcut settings previously modified by the user will be preserved upon upgrade. These settings can still be configured from the GNOME control center, accessible from the top right menu by clicking on the "settings" icon.

5.13. Changes to default shell of system users provided by base-passwd

The upgrade of the base-passwd package will reset the shell of some system users to the "nologin" shell. This includes the following users:

  • daemon

  • bin

  • sys

  • sync

  • games

  • man

  • lp

  • mail

  • news

  • uucp

  • proxy

  • www-data

  • backup

  • list

  • irc

  • gnats

  • nobody

If your local setup requires that any of these users have a shell, you should say no to migrating, or migrate and then change the shell of the corresponding users. Notable examples include local backups done via the "backup" user with "ssh-key" authentication.

[Výstraha]Výstraha

The migration will happen automatically if your debconf question priority is "high" or above.

If you know you want to keep the current shell of a given user, you can preseed the questions by using the following:

echo 'base-passwd base-passwd/system/username/shell/current-shell-mangled/_usr_sbin_nologin boolean false' | debconf-set-selections

Where username is the name of the user in question and current-shell-mangled is the mangled name of the shell. The mangling is done by replacing all characters other than alphanumerics, dashes, and underscores with underscores. E.g. /bin/bash becomes _bin_bash.

5.14. Migration to new KDE E-mail, Calendar, and Contacts (Kontact)

The Kontact Personal Information Management system has received a major upgrade. The new version makes much greater use of metadata indexing and each user's data must be migrated into these new indices.

E-mail, calendar events, and addressbook contacts are automatically migrated when the user logs in and the relevant component is started. Some advanced settings such as e-mail filters and custom templates require manual intervention. Further details and troubleshooting suggestions are collected on the Debian Wiki.

5.15. Missing virtual consoles ("getty"s) with multiple desktop environments

[Poznámka]Poznámka

This issue is currently reported as fixed in Jessie. Should you still be able to reproduce it, then please follow up to Debian Bug#766462. Note that you may have to unarchive the issue first (please refer to the Debian BTS control server documentation on how to unarchive bugs).

If you have multiple desktop environments installed, you may experience that none of the "virtual consoles" show a login prompt.

This issue seems to occur when plymouth, systemd, and GNOME are all installed. This issue is reported as Debian Bug#766462.

It has been reported that removing the "splash" argument from the kernel command-line may work around the issue. Please see /etc/default/grub and remember to run update-grub after updating the file.

5.16. "VGA signal out of range" / blank screen during boot with grub-pc

There is a compatibility issue in grub-pc with older graphics cards (e.g. the "ATI Rage 128 Pro Ultra TR") that can cause it to show a blank screen during boot. The display may issue a "VGA signal out of range" message (or something similar).

A simple work around is to set GRUB_TERMINAL=console in /etc/default/grub.

5.17. Stricter validation of cron files in crontab

The crontab program is now more strict and may refuse to save a changed cron file if it is invalid. If you experience issues with crontab -e, please review your crontab for existing mistakes.

5.18. Change in handling of unreadable module paths by perl

From version 5.18 (and 5.20, which is included in Jessie), Perl will exit with a fatal error if it encounters unreadable module paths in @INC. The previous behavior was to skip such entries. It is recommended to check the contents of @INC in your environment for directories which are not world-readable, and take appropriate action.

You can see the default @INC for Perl by running perl -V.

5.19. Upgrade considerations for Ganeti clusters

5.19.1. Problem upgrading Ganeti clusters with DRBD-backed instances [fixed in 8.1]

[Poznámka]Poznámka

This issue was fixed in the 8.1 Jessie point release.

The version of ganeti (2.12.0-3) released with Jessie does not support migrations from installations running 2.5 or earlier (including Wheezy) in cases where there are instances with DRBD disks. It is hoped that this issue will be fixed in a point release, and recommended that you do not upgrade affected Ganeti clusters in the meantime. You can find more information about this issue at Debian Bug#783186.

5.19.2. General notes on upgrading Ganeti clusters

The recommended procedure to upgrade a Ganeti cluster from Wheezy's ganeti version (2.5.2-1) to Jessie's (2.12.0-3) is to stop all instances and then upgrade and reboot all nodes at once. This will ensure that all instances run with Jessie's hypervisor version and that all nodes run the same versions of Ganeti and DRBD.

Note that running a cluster with mixed 2.5 and 2.12 nodes is not supported. Also note that, depending on the hypervisor, instance live migrations may not work between Wheezy and Jessie hypervisor versions.

5.20. New requirements for file execution in Samba4

If a client requests that a file should be "opened for execution", Samba4 will require the executable bit to be set on the file in addition to the regular read permissions. This also causes "netlogon" scripts to be silently ignored if they lack this executable bit.

5.21. Cryptsetup can break boot with BUSYBOX=n

[Poznámka]Poznámka

This section only applies to people that have manually changed their /etc/initramfs-tools/initramfs.conf to not use busybox.

If you have both busybox and cryptsetup installed plus configured initramfs to not use busybox, then it may render your system unbootable.

Please check the value of your BUSYBOX setting in /etc/initramfs-tools/initramfs.conf if you have both of these packages installed. At this time, known work arounds are uninstalling busybox or setting BUSYBOX=y in /etc/initramfs-tools/initramfs.conf.

[Varovanie]Varovanie

If you had to make any changes, please remember to run update-initramfs -u to update your initramfs. Otherwise, you may still end up with a broken boot.

Please see Debian Bug#783297 for more information.

5.22. Backwards incompatible changes in the Squid webproxy

[Poznámka]Poznámka

This section only applies to people that have installed the squid webproxy.

The configuration of squid has changed in an incompatible way. Notably some of the squid "helpers" have changed their name. If your configuration relies on old features no longer present or on the old names for the helpers, your squid service may fail to start after the upgrade.

Please see the upstream release notes for more information. These are: