Processed: severity of 502716 is normal
Processing commands for [EMAIL PROTECTED]: severity 502716 normal Bug#502716: RM: linux32 -- RoM; obsoleted by util-linux Severity set to `normal' from `serious' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503632: marked as done (blender: Python scripts load modules from current directory)
Your message dated Mon, 27 Oct 2008 06:32:05 + with message-id [EMAIL PROTECTED] and subject line Bug#503632: fixed in blender 2.46+dfsg-5 has caused the Debian Bug report #503632, regarding blender: Python scripts load modules from current directory to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 503632: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: blender Version: 2.46+dfsg-4 Severity: grave Tags: security Justification: user security hole Usertags: pythonpath Blender's BPY_interface calls PySys_SetArgv such that Python prepends sys.path with an empty string. This allows the possibility to run arbitrary code on the user's system if there is a python file in Blender's working directory named the same as one that Blender's python scripts try to import. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (100, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages blender depends on: ii gettext [libgettextpo0 0.17-4GNU Internationalization utilities pn libalut0 none(no description available) pn libavcodec51 | libavco none(no description available) pn libavformat52 | libavf none(no description available) pn libavutil49 | libavuti none(no description available) ii libc6 2.7-15GNU C Library: Shared libraries pn libdc1394-22 none(no description available) ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib pn libftgl2 none(no description available) ii libgcc11:4.3.2-1 GCC support library ii libgl1-mesa-glx [libgl 7.0.3-6 A free implementation of the OpenG ii libglu1-mesa [libglu1] 7.0.3-6 The OpenGL utility library (GLU) pn libgsm1none(no description available) ii libilmbase61.0.1-2+nmu2 several utility libraries from ILM ii libjpeg62 6b-14 The Independent JPEG Group's JPEG ii libogg01.1.3-4 Ogg Bitstream Library pn libopenal1 none(no description available) ii libopenexr61.6.1-3 runtime files for the OpenEXR imag ii libpng12-0 1.2.27-2 PNG library - runtime ii libraw1394-8 1.3.0-4 library for direct access to IEEE pn libsdl1.2debiannone(no description available) ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3 pn libswscale0 | libswsca none(no description available) ii libtheora0 1.0~beta3-1 The Theora Video Compression Codec ii libvorbis0a1.2.0.dfsg-3.1The Vorbis General Audio Compressi ii libvorbisenc2 1.2.0.dfsg-3.1The Vorbis General Audio Compressi ii libx11-6 2:1.1.5-2 X11 client-side library ii libxi6 2:1.1.3-1 X11 Input extension library ii python 2.5.2-2 An interactive high-level object-o ii python-support 0.8.6 automated rebuilding support for P ii python2.5 2.5.2-11.1An interactive high-level object-o ii ttf-dejavu 2.25-3Metapackage to pull in ttf-dejavu- ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime blender recommends no packages. Versions of packages blender suggests: ii libtiff4 3.8.2-11 Tag Image File Format (TIFF) libra pn yafraynone (no description available) ---End Message--- ---BeginMessage--- Source: blender Source-Version: 2.46+dfsg-5 We believe that the bug you reported is fixed in the latest version of blender, which is due to be installed in the Debian FTP archive: blender_2.46+dfsg-5.diff.gz to pool/main/b/blender/blender_2.46+dfsg-5.diff.gz blender_2.46+dfsg-5.dsc to pool/main/b/blender/blender_2.46+dfsg-5.dsc blender_2.46+dfsg-5_amd64.deb to pool/main/b/blender/blender_2.46+dfsg-5_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the
Bug#503566: desktop-base: Failed to configure splashy theme
On Sun, Oct 26, 2008 at 05:21:03PM -0700, Steve Langasek wrote: Basically, I really don't know how etch - lenny upgrades will behave. The 'splashy' package doesn't exist in etch; so if this is an issue only on upgrade, it should probably be downgraded. Hmh, yeah, good point there. But I'm still puzzled with all lenny/sid installations which still have a /etc/splashy which is not a symlink :/ The real reason here anyway is that splashy still tries to access stuff in /etc while they messed things there and can't rely on it being what they expect. -- Yves-Alexis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#479607: French translation update
Here's the updated translation, consistent with the last version of templates proposed by Paul Wise. -- fr.po Description: application/gettext signature.asc Description: Digital signature
Bug#503572: marked as done (gnash FTBFS due to boost header bug)
Your message dated Mon, 27 Oct 2008 07:02:14 + with message-id [EMAIL PROTECTED] and subject line Bug#503572: fixed in boost 1.34.1-12 has caused the Debian Bug report #503572, regarding gnash FTBFS due to boost header bug to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 503572: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503572 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: boost Version: 1.34.1-11 Severity: serious Tags: patch gnash FTBFS on arm, armel, hppa, mipsel due to a bug in boost/detail/endian.hpp. The appended patch fixes it. Thiemo --- boost-1.34.1/boost/detail/endian.hpp.orig 2008-10-26 17:35:45.0 + +++ boost-1.34.1/boost/detail/endian.hpp2008-10-26 17:50:57.0 + @@ -51,8 +51,8 @@ #elif defined(__sparc) || defined(__sparc__) \ || defined(_POWER) || defined(__powerpc__) \ || defined(__ppc__) || defined(__hpux) \ - || defined(_MIPSEB) || defined(_POWER) \ - || defined(__s390__) + || defined(__hppa) || defined(_MIPSEB) \ + || defined(__ARMEB__) || defined(__s390__) # define BOOST_BIG_ENDIAN # define BOOST_BYTE_ORDER 4321 #elif defined(__i386__) || defined(__alpha__) \ @@ -61,7 +61,8 @@ || defined(_M_ALPHA) || defined(__amd64) \ || defined(__amd64__) || defined(_M_AMD64) \ || defined(__x86_64) || defined(__x86_64__) \ - || defined(_M_X64) + || defined(_M_X64) || defined(_MIPSEL) \ + || defined(__ARMEL__) # define BOOST_LITTLE_ENDIAN # define BOOST_BYTE_ORDER 1234 ---End Message--- ---BeginMessage--- Source: boost Source-Version: 1.34.1-12 We believe that the bug you reported is fixed in the latest version of boost, which is due to be installed in the Debian FTP archive: bcp_1.34.1-12_amd64.deb to pool/main/b/boost/bcp_1.34.1-12_amd64.deb boost_1.34.1-12.diff.gz to pool/main/b/boost/boost_1.34.1-12.diff.gz boost_1.34.1-12.dsc to pool/main/b/boost/boost_1.34.1-12.dsc libboost-date-time-dev_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-date-time-dev_1.34.1-12_amd64.deb libboost-date-time1.34.1_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-date-time1.34.1_1.34.1-12_amd64.deb libboost-dbg_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-dbg_1.34.1-12_amd64.deb libboost-dev_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-dev_1.34.1-12_amd64.deb libboost-doc_1.34.1-12_all.deb to pool/main/b/boost/libboost-doc_1.34.1-12_all.deb libboost-filesystem-dev_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-filesystem-dev_1.34.1-12_amd64.deb libboost-filesystem1.34.1_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-filesystem1.34.1_1.34.1-12_amd64.deb libboost-graph-dev_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-graph-dev_1.34.1-12_amd64.deb libboost-graph1.34.1_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-graph1.34.1_1.34.1-12_amd64.deb libboost-iostreams-dev_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-iostreams-dev_1.34.1-12_amd64.deb libboost-iostreams1.34.1_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-iostreams1.34.1_1.34.1-12_amd64.deb libboost-program-options-dev_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-program-options-dev_1.34.1-12_amd64.deb libboost-program-options1.34.1_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-program-options1.34.1_1.34.1-12_amd64.deb libboost-python-dev_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-python-dev_1.34.1-12_amd64.deb libboost-python1.34.1_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-python1.34.1_1.34.1-12_amd64.deb libboost-regex-dev_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-regex-dev_1.34.1-12_amd64.deb libboost-regex1.34.1_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-regex1.34.1_1.34.1-12_amd64.deb libboost-serialization-dev_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-serialization-dev_1.34.1-12_amd64.deb libboost-serialization1.34.1_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-serialization1.34.1_1.34.1-12_amd64.deb libboost-signals-dev_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-signals-dev_1.34.1-12_amd64.deb libboost-signals1.34.1_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-signals1.34.1_1.34.1-12_amd64.deb libboost-test-dev_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-test-dev_1.34.1-12_amd64.deb libboost-test1.34.1_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-test1.34.1_1.34.1-12_amd64.deb libboost-thread-dev_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-thread-dev_1.34.1-12_amd64.deb libboost-thread1.34.1_1.34.1-12_amd64.deb to pool/main/b/boost/libboost-thread1.34.1_1.34.1-12_amd64.deb
Bug#503639: blender: FTBFS due to python ID string changes
Package: blender Version: 2.46+dfsg-5 Severity: serious Justification: FTBFS Just to keep track of it, blender at least FTBFSes on mipsel, apparently because of newer python2.5 packages, see bug #499132. Relevant build log excerpt: | config/linux2-mips-config.py doesn't exist | Using user-config file: user-config.py | Building in ./build/linux2/ | Configuring library bf_soundsystem | | scons: warning: The env.Copy() method is deprecated; use the env.Clone() method instead. | File /build/buildd/blender-2.46+dfsg/tools/Blender.py, line 394, in BlenderLib | Configuring library bf_string | Unknown window system specified. | # Build plugins by hand | ln -sf ../../../source/blender/blenpluginapi \ | install/linux2/plugins/include | ln: creating symbolic link `install/linux2/plugins/include': No such file or directory | make: *** [build-stamp] Error 1 Will be taken care of soon. Mraw, KiBi. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503458: mrpt - FTBFS: unrecognized command line option -mtune=native
Hello Bastian, Thanks for reporting me. Do you know what should be my next step with this package? I want to fix it, but then I should submit it again to mentors.d.o, right?? Thanks a lot for your time. Best, Jose Luis Bastian Blank wrote: Package: mrpt Version: 0.6.2svn476-1 Severity: serious There was an error while trying to autobuild your package: Automatic build of mrpt_0.6.2svn476-1 on debian-31.osdl.marist.edu by sbuild/s390 98 [...] make[3]: Entering directory `/build/buildd/mrpt-0.6.2svn476' [ 0%] Building CXX object otherlibs/ann/CMakeFiles/mrpt-ann.dir/ANN.o cc1plus: error: unrecognized command line option -mtune=native make[3]: *** [otherlibs/ann/CMakeFiles/mrpt-ann.dir/ANN.o] Error 1 make[3]: Leaving directory `/build/buildd/mrpt-0.6.2svn476' make[2]: *** [otherlibs/ann/CMakeFiles/mrpt-ann.dir/all] Error 2 make[2]: Leaving directory `/build/buildd/mrpt-0.6.2svn476' make[1]: *** [all] Error 2 make[1]: Leaving directory `/build/buildd/mrpt-0.6.2svn476' make: *** [install] Error 2 dpkg-buildpackage: failure: /usr/bin/fakeroot debian/rules binary-arch gave error exit status 2 ** Build finished at 20081026-0557 FAILED [dpkg-buildpackage died] Using -mtune=native is unacceptable for building Debian packages at all. Bastian -- ___ Jose-Luis Blanco-Claraco Phone: +34 952 132848 Dpto. Ingenieria de Sistemas y Automatica E.T.S.I. Telecomunicacion Fax: +34 952 133361 Universidad de Malaga Campus Universitario de Teatinos 29071 Malaga, Spain http://www.isa.uma.es/jlblanco ___ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503623: python-support: Fails during the Setting Up step of installation
Le lundi 27 octobre 2008 à 13:10 +1100, Tim Lyth a écrit : Package: python-support Version: 0.8.6 Severity: grave Justification: renders package unusable This is part of the output from doing anything with apt-get (started after I installed GIMP). Setting up python-support (0.8.6) ... Usage: update-python-modules [-v] [-c] package_directory [...] update-python-modules [-v] [-c] package.dirs [...] update-python-modules [-v] [-a|-f|-p] update-python-modules: error: Trying to overwrite pygtk.pth which is already provided by /usr/share/python-support/python-gobject dpkg: error processing python-support (--configure): subprocess post-installation script returned error exit status 2 Please show the result of: ls /usr/share/python-support/*/pygtk.pth (I should probably make the message show the infringing package now that all packages are processed together.) As a result of this, I tried to install reportbug-ng so that I could report this and now I get LOTS of dependency errors because python-support is flagged as not being configured yet. Well, since reportbug-ng is generating unusable bug reports, that’s not a big deal. -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `-our own. Resistance is futile. signature.asc Description: Ceci est une partie de message numériquement signée
Bug#494468: give back request: glibc_2.7-15_hppa
d-r, It would appear that resolution of RC #494468 is being held out of lenny by the lack of the hppa build, which appears to of been last successful on 14 Oct. Request a give back be scheduled for glibc_2.7-15_hppa Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496334: give back request: mdadm_2.6.7.1-1_hppa mdadm_2.6.7.1-1_ia64
d-r, It would appear that RC #496334 is being held out of lenny by the lack of the hppa ia64 builds which were both completed on 15 Oct, but haven't been installed. Request a give back be scheduled for mdadm_2.6.7.1-1_hppa mdadm_2.6.7.1-1_ia64. Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#487568: give back request: motion_3.2.9-7_hppa
d-r, It would appear that RC #487568 is being held out of lenny by the lack of the hppa build which was last successful on 14 Oct, but still hasn't been installed. Request a give back of motion_3.2.9-7_hppa Thanks, Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#500358: resolving X Server crashes on SPARC (bugs #488669 and #500358)
Hi Joss assigned me these two bugs[1] (currently merged) for the bug sprint[2]. As I lack proper SPARC hardware to investigate this myself, I need your help. The two bugs are about X Server Crashes on SPARCs with PCI ATI Mach64 cards. The most probable cause of the crash is an incompatible kernel change introduced with kernel 2.6.26. For #500358 I'm quite sure that it' caused by the kernel change. For #488669 I'm not quite sure if it's really the same bug, because the original reporter ran kernel 2.6.24 which predates the kernel change. For more information about the kernel change see: http://marc.info/?t=12124785781r=1w=2 If the crash is really caused by the kernel change, the real bug is in the X server. But to fix it, we would have to upgrade to xserver-xorg-core 1.5. I don't think that this is really an option. The other options would be to revert the kernel change or to release with a non-working X server for some SPARC machines. Unless of course we find someone willing and able to fix the X server in lenny to work with the kernel change. A simple backport of the changes in 1.5 doesn't seem to be possible. I would like you to test two things: 1. Install the kernel package from http://people.debian.org/~gaudenz/sparc and test if this fixes the problem. This is the same kernel as currently in unstable with the problematic change removed. Please also test this kernel if you are not affected by the change to see if the removal of the problematic change has any ill side effects. 2. Install xserver-xorg-core and xserver-xorg-video-mach64 from experimental and run this on a kernel 2.6.26 or later without removing the change. This should also fix the problem. Thanks for you help Gaudenz Please CC me on any replies to the mailinglists. [1] http://bugs.debian.org/488669 http://bugs.debian.org/500358 [2] http://wiki.debian.org/BugSprint -- Ever tried. Ever failed. No matter. Try again. Fail again. Fail better. ~ Samuel Beckett ~ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#486334: segfault in iceweasel 3.0~rc2-1
On Mon, Oct 27, 2008 at 08:56:22AM +0100, Thomas Pietrzak [EMAIL PROTECTED] wrote: --000408040802070001020501 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Moritz Muehlenhoff wrote: Please try to reproduce the problem with the current version in unstabl= e (3.0.3-3, which installs fine in Lenny), and please make sure xulrunner= is up-to-date as well (1.9.0.3-1). Hi, I still have a segfault. strace attached. Could it be a problem with the pango library? It is the last thing that iceweasel deals about before crashing. Do you have pango-graphite installed? Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#486334: segfault in iceweasel 3.0~rc2-1
Mike Hommey wrote: Do you have pango-graphite installed? No. Should I? --- Tom signature.asc Description: OpenPGP digital signature
Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command injection via filename and insecure file handling
Package: jhead Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) ids were published for jhead. CVE-2008-4641[0]: | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and | earlier allows attackers to execute arbitrary commands via shell | metacharacters in unspecified input. CVE-2008-4640[1]: | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and | earlier allows local users to delete arbitrary files via vectors | involving a modified input filename in which (1) a final z character | is replaced by a t character or (2) a final t character is | replaced by a z character. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4641 http://security-tracker.debian.net/tracker/CVE-2008-4641 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4640 http://security-tracker.debian.net/tracker/CVE-2008-4640 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpbVa7GRrku2.pgp Description: PGP signature
Bug#502375: Why not just update the modules deb?
I am sorry if this may sound naive .. but why not just update the modules package? That would get rid of all the command line stuff. I was able to build the module from source without reading this bug, but I think most users would prefer to just get updated packages along with virtualbox-ose. Is there any way I can help to get the updated modules for AMD64 into sid? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#486334: iceweasel: The program 'firefox-bin' received an X Window System error.
Package: iceweasel Version: 3.0.3-3 Followup-For: Bug #486334 [EMAIL PROTECTED]:~$ iceweasel --sync sh: acroread: command not found open dsp: No such file or directory The program 'firefox-bin' received an X Window System error. This probably reflects a bug in the program. The error was 'BadShmSeg (invalid shared segment parameter)'. (Details: serial 25 error_code 168 request_code 145 minor_code 2) (Note to programmers: normally, X errors are reported asynchronously; that is, you will receive the error a while after causing it. To debug your program, run it with the --sync command line option to change this behavior. You can then get a meaningful backtrace from your debugger if you break on the gdk_x_error() function.) The package is shipped without debugging symbols, hence a call to 'iceweasel -g' delivers no detailed information: [Thread debugging using libthread_db enabled] Error while reading shared library symbols: Cannot find new threads: generic error (no debugging symbols found) (no debugging symbols found) ---Type return to continue, or q return to quit--- -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages iceweasel depends on: ii debianutils 2.30 Miscellaneous utilities specific t ii fontconfig2.6.0-1generic font configuration library ii libc6 2.7-15 GNU C Library: Shared libraries ii libgcc1 1:4.3.2-1 GCC support library ii libglib2.0-0 2.16.6-1 The GLib library of C routines ii libgtk2.0-0 2.12.9-4 The GTK+ graphical user interface ii libnspr4-0d 4.7.1-4NetScape Portable Runtime Library ii libstdc++64.3.2-1The GNU Standard C++ Library v3 ii procps1:3.2.7-9 /proc file system utilities ii psmisc22.6-1 Utilities that use the proc filesy ii xulrunner-1.9 1.9.0.3-1 XUL + XPCOM application runner iceweasel recommends no packages. Versions of packages iceweasel suggests: ii latex-xft-fonts 0.1-8 Xft-compatible versions of some La ii libkrb53 1.6.dfsg.4~beta1-4 MIT Kerberos runtime libraries ii mozplugger1.10.2-2 Plugin allowing external viewers t ii ttf-mathematica4.15 Installer of Mathematica TrueType ii xfonts-mathml 2 Type1 Symbol font for MathML ii xprint2:1.4.2-7 X11 print system (binary) pn xulrunner-1.9-gnome-s none (no description available) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#486334: segfault in iceweasel 3.0~rc2-1
On Mon, Oct 27, 2008 at 09:45:59AM +0100, Thomas Pietrzak [EMAIL PROTECTED] wrote: Mike Hommey wrote: Do you have pango-graphite installed? No. Should I? No, but it's a known crash enhancer. Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#488669: resolving X Server crashes on SPARC (bugs #488669 and #500358)
On Mon, Oct 27, 2008 at 09:36:39AM +0100, Gaudenz Steinlin wrote: 1. Install the kernel package from http://people.debian.org/~gaudenz/sparc and test if this fixes the problem. This is the same kernel as currently in unstable with the problematic change removed. Please also test this kernel if you are not affected by the change to see if the removal of the problematic change has any ill side effects. Could you extract the relevant patch from that package and send it over? I've no idea if our modern packaged kernels work on my machine, and I don't see any point in having to test both of those at once. -- 2. That which causes joy or happiness. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#502757: nut-cgi: piuparts test fails: chmod: cannot access `/etc/nut': No such file or directory
Hi Luk, checking back, seems I've pissed on my shoes, while playing with several packages at the same time! all apologies. should I re upload 2.2.2-6.1 or .2? thanks, Arnaud -- Linux / Unix Expert RD - MGE Office Protection Systems - http://www.mgeops.com Network UPS Tools (NUT) Project Leader - http://www.networkupstools.org/ Debian Developer - http://people.debian.org/~aquette/ Free Software Developer - http://arnaud.quette.free.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503543: Simple fix?
Bill, have you tested with a simple wrapper around the missing command? - mktexlsr + if [ -x /usr/bin/mktexlsr ]; then + mktexlsr + fi etc.? Probably the same with update-texmf and update-fmtutil. I don't have a suitable test system just at the moment. Other postrm scripts in the package may also suffer the same (hidden) problem: ptex-bin-3.1.10+0.04b$ grep mktex debian/*.postrm debian/jbibtex-bin.postrm: mktexlsr debian/jmpost.postrm: if mktexlsr --help /dev/null 21; then debian/jmpost.postrm: mktexlsr debian/ptex-bin.postrm: mktexlsr Just an idea in passing - I'll see if I can arrange a suitable test later, hopefully. -- Neil Williams = http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/ signature.asc Description: This is a digitally signed message part
Processed: severity of 503566 is important
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.13~bpo40+1 # splashy is not present in etch so upgrades will behave nicely when 5.0.2 will be in testing severity 503566 important Bug#503566: desktop-base: Failed to configure splashy theme Severity set to `important' from `grave' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503070: marked as done (open-iscsi: init script not idempotent)
Your message dated Mon, 27 Oct 2008 09:32:28 + with message-id [EMAIL PROTECTED] and subject line Bug#503070: fixed in open-iscsi 2.0.870~rc3-0.3 has caused the Debian Bug report #503070, regarding open-iscsi: init script not idempotent to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 503070: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503070 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: open-iscsi Version: 2.0.870~rc3-0.2 Severity: serious Justification: Policy 9.3.2 Hi, It is debatable what must behave sensibly mean, but in case of open-iscsi repeated start shouldn't result in error in my opinion: [EMAIL PROTECTED]:~$ sudo /etc/init.d/open-iscsi start Starting iSCSI initiator service: iscsid iSCSI daemon already running [EMAIL PROTECTED]:~$ echo $? 1 This surfaced in my iSCSI rooted environments, where I had to do special measures on upgrade (manual restart of the daemon instead of doing stoptargets). After all that, it was another struggle to get the correctly running package into installed state. :( Thanks, Feri. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-xen-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages open-iscsi depends on: ii libc6 2.7-14 GNU C Library: Shared libraries open-iscsi recommends no packages. open-iscsi suggests no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: open-iscsi Source-Version: 2.0.870~rc3-0.3 We believe that the bug you reported is fixed in the latest version of open-iscsi, which is due to be installed in the Debian FTP archive: open-iscsi_2.0.870~rc3-0.3.diff.gz to pool/main/o/open-iscsi/open-iscsi_2.0.870~rc3-0.3.diff.gz open-iscsi_2.0.870~rc3-0.3.dsc to pool/main/o/open-iscsi/open-iscsi_2.0.870~rc3-0.3.dsc open-iscsi_2.0.870~rc3-0.3_i386.deb to pool/main/o/open-iscsi/open-iscsi_2.0.870~rc3-0.3_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Patrick Schoenfeld [EMAIL PROTECTED] (supplier of updated open-iscsi package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 27 Oct 2008 10:21:17 +0100 Source: open-iscsi Binary: open-iscsi Architecture: source i386 Version: 2.0.870~rc3-0.3 Distribution: unstable Urgency: low Maintainer: Philipp Hug [EMAIL PROTECTED] Changed-By: Patrick Schoenfeld [EMAIL PROTECTED] Description: open-iscsi - High performance, transport independent iSCSI implementation Closes: 503070 Changes: open-iscsi (2.0.870~rc3-0.3) unstable; urgency=low . * Non-maintainer upload. * Do not exit with return code 1 in init script, because it breaks upgrades and is a policy violation (Closes: #503070) Checksums-Sha1: 8649e00e2a83903ea9c140d8c5117cc1a60fef31 1128 open-iscsi_2.0.870~rc3-0.3.dsc 3a4a82027e46b146265500ccf1087312488b3175 107043 open-iscsi_2.0.870~rc3-0.3.diff.gz e292906ad8d2234dc464e1d9a7d9bccc467502b9 541730 open-iscsi_2.0.870~rc3-0.3_i386.deb Checksums-Sha256: e3ca802276bee4050fbb63416618a5525bb7f0ce862eafd6e1b34bd93c04713b 1128 open-iscsi_2.0.870~rc3-0.3.dsc afed656bee36e25caa1c4712efab25355ad8d07e0f763ba887ff9a3eba1d6f54 107043 open-iscsi_2.0.870~rc3-0.3.diff.gz 1b433dbbbc49d1996ee17850d6c8089e85ebec2430fc82cdbc22746db4f810d8 541730 open-iscsi_2.0.870~rc3-0.3_i386.deb Files: 6b9ee210e1a8a3e1aeaaeb25faf47d6a 1128 net optional open-iscsi_2.0.870~rc3-0.3.dsc a77d33b7fbc173402681896b0dcf6a38 107043 net optional open-iscsi_2.0.870~rc3-0.3.diff.gz d3450bb8a082bea0b44e32f759213e29 541730 net optional open-iscsi_2.0.870~rc3-0.3_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkFicAACgkQbdB4RPTVesr1vQCfWqlKInV+wxLC+42wknih51GD GYoAn3EzRPcaoKtSClwPPPZ6TSjwXoQ3 =v9xr -END PGP SIGNATURE- ---End Message---
Bug#500358: resolving X Server crashes on SPARC (bugs #488669 and #500358)
Gaudenz Steinlin writes: Hi Joss assigned me these two bugs[1] (currently merged) for the bug sprint[2]. As I lack proper SPARC hardware to investigate this myself, I need your help. The two bugs are about X Server Crashes on SPARCs with PCI ATI Mach64 cards. The most probable cause of the crash is an incompatible kernel change introduced with kernel 2.6.26. For #500358 I'm quite sure that it' caused by the kernel change. For #488669 I'm not quite sure if it's really the same bug, because the original reporter ran kernel 2.6.24 which predates the kernel change. For more information about the kernel change see: http://marc.info/?t=12124785781r=1w=2 If the crash is really caused by the kernel change, the real bug is in the X server. But to fix it, we would have to upgrade to xserver-xorg-core 1.5. I don't think that this is really an option. The other options would be to revert the kernel change or to release with a non-working X server for some SPARC machines. Unless of course we find someone willing and able to fix the X server in lenny to work with the kernel change. A simple backport of the changes in 1.5 doesn't seem to be possible. I would like you to test two things: 1. Install the kernel package from http://people.debian.org/~gaudenz/sparc and test if this fixes the problem. This is the same kernel as currently in unstable with the problematic change removed. Please also test this kernel if you are not affected by the change to see if the removal of the problematic change has any ill side effects. 2. Install xserver-xorg-core and xserver-xorg-video-mach64 from experimental and run this on a kernel 2.6.26 or later without removing the change. This should also fix the problem. I'm the one who started the kernel thread mentioned above. I run Aurora not Debian on my Ultra5 so I can't really test your Debian packages. However, I have been using a private forward-port of a patch to revert the problematic SPARC kernel change in the 2.6.26 and 2.6.27 kernels, and at least for me reverting the change fixes the X server but hasn't caused any ill effects. /Mikael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503566: severity of 503566 is important
# Automatically generated email from bts, devscripts version 2.10.13~bpo40+1 # splashy is not present in etch so upgrades will behave nicely when 5.0.2 will be in testing severity 503566 important -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed (with 1 errors): Re: Bug#503303: etch - lenny minimal chrrot upgrade fails due to Conflicts/Pre-Depends loop
Processing commands for [EMAIL PROTECTED]: tags 503303 -moreinfo -unreproducible Unknown tag/s: -unreproducible. Recognized are: patch wontfix moreinfo unreproducible fixed potato woody sid help security upstream pending sarge sarge-ignore experimental d-i confirmed ipv6 lfs fixed-in-experimental fixed-upstream l10n etch etch-ignore lenny lenny-ignore. Bug#503303: etch - lenny minimal chrrot upgrade fails due to Conflicts/Pre-Depends loop Tags were: unreproducible moreinfo Tags removed: moreinfo thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#449497: TC proposal for dispute (was: Re: foo2zjs: application depends on non-free firmware)
Hi I am upset that you again raised the severity without consulting anyone. The package as it stands is DFSG free and the getweb script is there for the convenience of the users as well as the documentation. Your arguments haven't changed my opinion. However, it doesn't look like we are finding an agreement on this issue. I have pinged the release team on IRC for a statement, but maybe this issue deserves some attention from another body of debian. Therefore, I suggest we write up a paragraph for the TC following their guidelines[0]. My proposal would be: Dear TC members Bug #449497 has reported against foo2zjs. The maintainers and the submitter do not seem to reach an agreement. The problem is as follows. The submitter sees the inclusion of the getweb script as a violation of the DFSG. The script is provided by upstream to download non-free firmware from his upstream webpage. The package includes documentation in README.Debian and a GUI interface (hannah-foo2zjs) around the getweb script for the user's convenience. Some printers need this non-free firmware to run, others don't. More information can be found in the bugreport. Could we please ask you to settle this dispute? Do you concur with this paragraph or would you like to add any adjustments? Please keep them as technical as possible. Once we can agree on such a paragraph, I am happy to send it to the committee, CC you and keep a copy in the BTS. Cheers Steffen [0]: http://www.debian.org/devel/tech-ctte signature.asc Description: This is a digitally signed message part.
Bug#503303: etch - lenny minimal chrrot upgrade fails due to Conflicts/Pre-Depends loop
tags 503303 -moreinfo -unreproducible thanks On Sun, Oct 26, 2008 at 05:15:39PM -0700, Steve Langasek wrote: tags 503303 moreinfo unreproducible thanks On Fri, Oct 24, 2008 at 04:40:38PM +0200, Bill Allombert wrote: Package: upgrade-reports Severity: serious Upgrading a clean minimal etch chroot to lenny fails with E: This installation run will require temporarily removing the essential package tzdata due to a Conflicts/Pre-Depends loop. This is often bad, but if you really want to do it, activate the APT::Force-LoopBreak option. E: Internal Error, Could not early remove tzdata This is reproducible with piuparts. This is on i386. How do you define minimal for this purpose? What command did you run for the upgrade? Creating a minimal etch i386 chroot with debootstrap and upgrading with 'apt-get dist-upgrade', I'm not able to reproduce this. Nor am I able to reproduce it using one of my configured build chroots (i.e., with build-essential and some extras installed). Well you can reproduce it with piuparts -a -d etch -d lenny gnupg ... E: This installation run will require temporarily removing the essential package tzdata due to a Conflicts/Pre-Depends loop. This is often bad, but if you really want to do it, activate the APT::Force-LoopBreak option. E: Internal Error, Could not early remove tzdata thought I hit it some other ways before. Cheers, -- Bill. [EMAIL PROTECTED] Imagine a large red swirl here. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#468793: tokyocabinet - FTBFS: pthread_mutex_lock.c:71: __pthread_mutex_lock: Assertion `mutex-__data.__owner == 0' failed.
Hi, At 1224427706 time_t, Pierre Habouzit wrote: Not that I'm aware of, and it's probably a bug in s390 assembly, and actually not a tokyocabinet bug _at all_. So unless upstream knows s390 assembly... I don't think he can help a lot :) After discussing with Pierre, it seems that #479952 (blocker of this bug) will not be fixed unless some porters move theirs asses and hunt him down, which isn't very likely to happen before Lenny got released, adding that this one has only important severity. Pierre does not want to drop build tests like I proposed, which I understand. Adding that tokyocabinet thread support is not used by any Debian application, the fact that the tests fail is not critical to us. Therefore, I suggest to make a decision and to tag this bug lenny-ignore. Cheers, -- Julien Danjou .''`. Debian Developer : :' : http://julien.danjou.info `. `' http://people.debian.org/~acid `- 9A0D 5FD9 EB42 22F6 8974 C95C A462 B51E C2FE E5CD signature.asc Description: Digital signature
Processed: tagging 503303
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.26 tags 503303 - unreproducible Bug#503303: etch - lenny minimal chrrot upgrade fails due to Conflicts/Pre-Depends loop Tags were: unreproducible Tags removed: unreproducible End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503654: Keep development version out of lenny (0.9.2)
Package: kmymoney2 Version: 0.9.2-1 Severity: serious Upstream consider 0.9.2 development release. http://kmymoney2.sourceforge.net/index-home.html Current stable release 0.8.9 should be released with lenny. Mark -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages kmymoney2 depends on: ii kdelibs4c2a4:3.5.9.dfsg.1-6 core libraries and binaries for al ii kmymoney2-common 0.9.2-1 KMyMoney architecture independent ii libart-2.0-2 2.3.20-2 Library of functions for 2D graphi ii libaudio2 1.9.1-5 Network Audio System - shared libr ii libc6 2.7-15GNU C Library: Shared libraries ii libfontconfig1 2.6.0-1 generic font configuration library ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib ii libgcc11:4.3.2-1 GCC support library ii libice62:1.0.4-1 X11 Inter-Client Exchange library ii libidn11 1.10-2.1 GNU libidn library, implementation ii libjpeg62 6b-14 The Independent JPEG Group's JPEG ii libpng12-0 1.2.27-2 PNG library - runtime ii libqt3-mt 3:3.3.8b-5Qt GUI Library (Threaded runtime v ii libsm6 2:1.0.3-2 X11 Session Management library ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3 ii libx11-6 2:1.1.5-2 X11 client-side library ii libxcursor11:1.1.9-1 X cursor management library ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar ii libxft22.1.12-3 FreeType-based font drawing librar ii libxi6 2:1.1.3-1 X11 Input extension library ii libxinerama1 2:1.0.3-2 X11 Xinerama extension library ii libxrandr2 2:1.2.3-1 X11 RandR extension library ii libxrender11:0.9.4-2 X Rendering Extension client libra ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages kmymoney2 recommends: pn kmymoney2-plugin-aqbankingnone (no description available) kmymoney2 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#501427: marked as done (make -C prepare resets utsrelease.h if it contains a custom version string)
Your message dated Mon, 27 Oct 2008 10:02:07 + with message-id [EMAIL PROTECTED] and subject line Bug#501427: fixed in lustre 1.6.5.1-4 has caused the Debian Bug report #501427, regarding make -C prepare resets utsrelease.h if it contains a custom version string to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 501427: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501427 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: module-assistant Version: 0.10.8 Severity: critical If you build a custom kernel with m-a maybe with this command: make-kpkg --initrd --append-to-version -lustre-1.6.5.1 the file include/linux/utsrelease.h contains this definition: #define UTS_RELEASE 2.6.22-lustre-1.6.5.1 /*(for a 2.6.22er kernel)*/ After building one module with m-a against this kernel with this options: m-a -l 2.6.22-lustre-1.6.5.1 -t build lustre this string is resetted to the default 2.6.22. If you now want to build another module it fails with no kernel sources available Manually resetting this string back to the correct value fixes this problem. As this prevents to build another module to a self build kernel this is a major issue in my eyes, this is the reason I chose a RC critical severity for this bug. i've not tested if thie behaviour is already fixed in lenny or in sid, so maybe this could also affect lenny. Greetings Winnie -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.22-quota-enabled-lustre-1.6.5.1 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages module-assistant depends on: ii libtext-wrapi18n-perl 0.06-5 internationalized substitute of Te ii perl5.8.8-7etch3 Larry Wall's Practical Extraction Versions of packages module-assistant recommends: ii liblocale-gettext-perl1.05-1 Using libc functions for internati -- no debconf information ---End Message--- ---BeginMessage--- Source: lustre Source-Version: 1.6.5.1-4 We believe that the bug you reported is fixed in the latest version of lustre, which is due to be installed in the Debian FTP archive: liblustre_1.6.5.1-4_i386.deb to pool/main/l/lustre/liblustre_1.6.5.1-4_i386.deb linux-patch-lustre_1.6.5.1-4_all.deb to pool/main/l/lustre/linux-patch-lustre_1.6.5.1-4_all.deb lustre-dev_1.6.5.1-4_i386.deb to pool/main/l/lustre/lustre-dev_1.6.5.1-4_i386.deb lustre-source_1.6.5.1-4_all.deb to pool/main/l/lustre/lustre-source_1.6.5.1-4_all.deb lustre-tests_1.6.5.1-4_i386.deb to pool/main/l/lustre/lustre-tests_1.6.5.1-4_i386.deb lustre-utils_1.6.5.1-4_i386.deb to pool/main/l/lustre/lustre-utils_1.6.5.1-4_i386.deb lustre_1.6.5.1-4.diff.gz to pool/main/l/lustre/lustre_1.6.5.1-4.diff.gz lustre_1.6.5.1-4.dsc to pool/main/l/lustre/lustre_1.6.5.1-4.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Patrick Winnertz [EMAIL PROTECTED] (supplier of updated lustre package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 20 Oct 2008 18:16:18 +0200 Source: lustre Binary: linux-patch-lustre lustre-source lustre-utils lustre-tests liblustre lustre-dev Architecture: source all i386 Version: 1.6.5.1-4 Distribution: unstable Urgency: low Maintainer: Debian Lustre Packaging team [EMAIL PROTECTED] Changed-By: Patrick Winnertz [EMAIL PROTECTED] Description: liblustre - Runtime library for Lustre filesystem utilities linux-patch-lustre - Linux kernel patch for the Lustre Filesystem lustre-dev - Development files for the Lustre filesystem lustre-source - source for Lustre filesystem client kernel modules lustre-tests - Test suite for the Lustre filesystem lustre-utils - Userspace utilities for the Lustre filesystem Closes: 501427 Changes: lustre (1.6.5.1-4) unstable; urgency=low . * [673c9e4] Removed obsolete svn-deblayout, since we now use git * [1923e32] Bump standards version - no other changes needed. * [089f772] Clean up TODO list * [57f3006] Fix insanity.sh script which uses functions not available in sh *
Bug#500358: resolving X Server crashes on SPARC (bugs #488669 and #500358)
Hi Josip On Mon, Oct 27, 2008 at 10:20:21AM +0100, Josip Rodin wrote: On Mon, Oct 27, 2008 at 09:36:39AM +0100, Gaudenz Steinlin wrote: 1. Install the kernel package from http://people.debian.org/~gaudenz/sparc and test if this fixes the problem. This is the same kernel as currently in unstable with the problematic change removed. Please also test this kernel if you are not affected by the change to see if the removal of the problematic change has any ill side effects. Could you extract the relevant patch from that package and send it over? I've no idea if our modern packaged kernels work on my machine, and I don't see any point in having to test both of those at once. I've attached the patch against 2.6.26 up to 2.26.5 and the patch against 2.26.6. But kernels before 2.6.26-rcX should work without any problem. So testing is only useful if you are running a modern kernel. The patch just reverts the problematic changes. Older kernels without the changes should be fine. Gaudenz -- Ever tried. Ever failed. No matter. Try again. Fail again. Fail better. ~ Samuel Beckett ~ diff --git a/arch/sparc64/kernel/pci.c b/arch/sparc64/kernel/pci.c index 2db2148..dbf2fc2 100644 --- a/arch/sparc64/kernel/pci.c +++ b/arch/sparc64/kernel/pci.c @@ -350,7 +350,8 @@ static void pci_parse_of_addrs(struct of_device *op, struct pci_dev *of_create_pci_dev(struct pci_pbm_info *pbm, struct device_node *node, - struct pci_bus *bus, int devfn) + struct pci_bus *bus, int devfn, + int host_controller) { struct dev_archdata *sd; struct pci_dev *dev; @@ -389,28 +390,43 @@ struct pci_dev *of_create_pci_dev(struct pci_pbm_info *pbm, dev-devfn = devfn; dev-multifunction = 0; /* maybe a lie? */ - dev-vendor = of_getintprop_default(node, vendor-id, 0x); - dev-device = of_getintprop_default(node, device-id, 0x); - dev-subsystem_vendor = - of_getintprop_default(node, subsystem-vendor-id, 0); - dev-subsystem_device = - of_getintprop_default(node, subsystem-id, 0); - - dev-cfg_size = pci_cfg_space_size(dev); - - /* We can't actually use the firmware value, we have - * to read what is in the register right now. One - * reason is that in the case of IDE interfaces the - * firmware can sample the value before the the IDE - * interface is programmed into native mode. - */ - pci_read_config_dword(dev, PCI_CLASS_REVISION, class); - dev-class = class 8; - dev-revision = class 0xff; - - sprintf(pci_name(dev), %04x:%02x:%02x.%d, pci_domain_nr(bus), - dev-bus-number, PCI_SLOT(devfn), PCI_FUNC(devfn)); + if (host_controller) { + if (tlb_type != hypervisor) { + pci_read_config_word(dev, PCI_VENDOR_ID, + dev-vendor); + pci_read_config_word(dev, PCI_DEVICE_ID, + dev-device); + } else { + dev-vendor = PCI_VENDOR_ID_SUN; + dev-device = 0x80f0; + } + dev-cfg_size = 256; + dev-class = PCI_CLASS_BRIDGE_HOST 8; + sprintf(pci_name(dev), %04x:%02x:%02x.%d, pci_domain_nr(bus), + 0x00, PCI_SLOT(devfn), PCI_FUNC(devfn)); + } else { + dev-vendor = of_getintprop_default(node, vendor-id, 0x); + dev-device = of_getintprop_default(node, device-id, 0x); + dev-subsystem_vendor = + of_getintprop_default(node, subsystem-vendor-id, 0); + dev-subsystem_device = + of_getintprop_default(node, subsystem-id, 0); + + dev-cfg_size = pci_cfg_space_size(dev); + + /* We can't actually use the firmware value, we have + * to read what is in the register right now. One + * reason is that in the case of IDE interfaces the + * firmware can sample the value before the the IDE + * interface is programmed into native mode. + */ + pci_read_config_dword(dev, PCI_CLASS_REVISION, class); + dev-class = class 8; + dev-revision = class 0xff; + sprintf(pci_name(dev), %04x:%02x:%02x.%d, pci_domain_nr(bus), + dev-bus-number, PCI_SLOT(devfn), PCI_FUNC(devfn)); + } if (ofpci_verbose) printk(class: 0x%x device name: %s\n, dev-class, pci_name(dev)); @@ -425,21 +441,26 @@ struct pci_dev *of_create_pci_dev(struct pci_pbm_info *pbm, dev-current_state = 4; /* unknown power state */ dev-error_state = pci_channel_io_normal; - if (!strcmp(node-name, pci)) { - /* a PCI-PCI bridge */ + if (host_controller) { dev-hdr_type = PCI_HEADER_TYPE_BRIDGE; dev-rom_base_reg = PCI_ROM_ADDRESS1; - } else if (!strcmp(type, cardbus)) { - dev-hdr_type = PCI_HEADER_TYPE_CARDBUS; + dev-irq = PCI_IRQ_NONE; } else { - dev-hdr_type = PCI_HEADER_TYPE_NORMAL; - dev-rom_base_reg = PCI_ROM_ADDRESS; + if (!strcmp(type, pci) || !strcmp(type, pciex)) { + /* a PCI-PCI bridge */ + dev-hdr_type = PCI_HEADER_TYPE_BRIDGE; + dev-rom_base_reg = PCI_ROM_ADDRESS1; + } else if (!strcmp(type, cardbus)) { + dev-hdr_type = PCI_HEADER_TYPE_CARDBUS; + } else { + dev-hdr_type = PCI_HEADER_TYPE_NORMAL; + dev-rom_base_reg = PCI_ROM_ADDRESS; - dev-irq = sd-op-irqs[0]; - if (dev-irq == 0x) - dev-irq = PCI_IRQ_NONE; + dev-irq =
Bug#482629: kmymoney2-plugin-aqbanking: FTBFS with kmymoney2 0.9-1: Missing header files
notfound 482629 0.9.6beta-4 thanks On Saturday 24 May 2008 10:56:19 Micha Lenk wrote: Version: 0.9.6beta-4 The package kmymoney2 0.9-1 ships without header files and all the other development files shipped in earlier versions (see #482625). Hence this package fails to build from source: This bug doesn't effect lenny. kmymoney2-plugin-aqbanking (0.9.6beta-4) builds with kmymoney2 (0.8.9-1) both of which are in lenny. The bug is about building kmymoney2-plugin-aqbanking with kmymoney2/sid. kmymoney2 (0.8.9-1) is the current upstream stable release and is suitable for release with lenny. Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#482629: kmymoney2-plugin-aqbanking: FTBFS with kmymoney2 0.9-1: Missing header files
Processing commands for [EMAIL PROTECTED]: notfound 482629 0.9.6beta-4 Bug#482629: kmymoney2-plugin-aqbanking: FTBFS with kmymoney2 0.9-1: Missing header files Bug no longer marked as found in version 0.9.6beta-4. (By the way, this Bug is currently marked as done.) thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503462: texlive-extra-utils must Replaces: tetex-bin
On Mon, Oct 27, 2008 at 01:03:37AM +0100, Norbert Preining wrote: On Sun, 26 Oct 2008, Bill Allombert wrote: Package: texlive-extra-utils Version: 2007.dfsg.2-3 Severity: serious When upgrading a clean Etch system to Lenny, I get Unpacking texlive-extra-utils (from .../texlive-extra-utils_2007.dfsg.2-3_i386.deb) ... dpkg: error processing /var/cache/apt/archives/texlive-extra-utils_2007.dfsg.2-3_i386.deb (--unpack): trying to overwrite `/usr/bin/patgen', which is also in package tetex-bin dpkg-deb: subprocess paste killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/texlive-extra-utils_2007.dfsg.2-3_i386.deb E: Sub-process /usr/bin/dpkg returned an error code (1) tetex-bin in Etch includes /usr/bin/patgen so texlive-extra-utils needs to Replaces: tetex-bin. That is *STRANGE*, *really* strange: We have texlive-extra-utils depends on texlive-common (= 2007) and texlive-common conflicts with tetex-bin ( 2007) How did it come that you had tetex-bin *installed* and at the same time texlive-common which is necessary for texlive-extra-utils? Or do I miss something here? Yes, Replaces are necessary at unpacking time while Conflicts and Depends need only to be satified at configure time. During an upgrade unpacking can happen before removing. Cheers, Bill. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#497789: security bug on iceweasel
Firstly, a rough translation of the previous mail for non-Italian readers: She doesn't like the fact that the report was closed as not-a-bug, stating that there are enough elements to prove it. The first point here is that she says that new fake windows/frames hijacked the workspace, interpreting that as a window spoofing attack [1]. She adds that it isn't related to single rogue site, but it happens on all sites with frames (citing gmail, yahoo, and various other webmail). The second issue she reports (maybe related) is that the flash call fscommand() could be not safe, letting a malicious app the ability to invoke program on the target host (in the first mail she report part of the log of a network sniffer, during a SMB domain enum). She suggest to fix the bug and implement an ip-based filter to avoid the attack (here descibed as a mix of Man-in-the-middle and tcp-connection injecting by a third party host). Then my comments: Firstly, the SMB enum is completely unrelated to this report, and I think the reporter just mixed what is an internal SMB traffic with which is usually called resource enumeration on an attacked host. Then, the part regarding the ip-source check could be ignored, as she's probably missing some fundamentals on the protocol (ie. here there isn't any injection at tcp-level). Coming back to browser issue, this is clearly a mixture of flash/swfdec behavior and iceweasel own rendering. Judging from the screenshot, she's using swfdec; looking at the source, both swfdec and gnash doesn't fully support fscommand(), but only a minor and safe subset (ie. quit and such). So actually this shouldn't pose a security problem (it could be relevant with the proprietary plugin, though I can't really say if fscommand() works without limits on linux, and what we could do for that). Secondly, I won't say she's experiencing a window spoofing attack. The only thing I can desume from the screenshot is a probably strange rendering and disposition of some iframed sites, which could be due to the embedded flash object, plus two unnamed windows which should be something external (swf object players or such). I really doubt that an intelligent user could be tricked this way by a specifically crafted website (or, anyway, we can't do much more to technically fix a human problem). Many details of the report are anyway obscure, so I had to add some own assumptions and interpretations to reach those conclusion. More details and specific info are welcome, if I've missed some points. I would agree with Cristoph closing this report as it isn't a bug in iceweasel, nor in any free flash player. In the end, I would agree with Luca, as I've already meet her on many mailing (eg. debian-italian, cc-italian, debian-user both under her real name and the nickname heba) and she has already proven to a be a mixture of uncollaborative troll and an egocentric security paranoid person, who is laking deep knowledge on certain fields and tends to correlate unlinked events to describe them all as a security attack in place (I could link previous threads here, but this isn't the main point of the bug report). Her second mail in italian was almost confuse as the first english one, plus adding some sarcastic comments that I personally didn't like (but I won't really engage an harsh discussion here). Nonetheless, I tried to be objective and inspected the issue from a neutral POV. Eric, please read all the above comments and decide by yourself. Cheers, Luca [1] http://www.mikx.de/firespoofing/ -- .''`. ** Debian GNU/Linux ** | Luca Bruno (kaeso) : :' : The Universal O.S.| lucab (AT) debian.org `. `'` | GPG Key ID: 3BFB9FB3 `- http://www.debian.org | Debian GNU/Linux Developer pgpjuuc98jm0Z.pgp Description: PGP signature
Bug#503462: texlive-extra-utils must Replaces: tetex-bin
On Mo, 27 Okt 2008, Bill Allombert wrote: Yes, Replaces are necessary at unpacking time while Conflicts and Depends need only to be satified at configure time. During an upgrade unpacking can happen before removing. Right, it was too late yesterday. I have already build a new package and will upload it as soon as I have a decent internet connection. Best wishes Norbert --- Dr. Norbert Preining [EMAIL PROTECTED]Vienna University of Technology Debian Developer [EMAIL PROTECTED] Debian TeX Group gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094 --- DREBLEY (n.) Name for a shop which is supposed to be witty but is in fact wearisome, e.g. 'The Frock Exchange', 'Hair Apparent', etc. --- Douglas Adams, The Meaning of Liff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#502275: give back request: pdnsd_1.2.6-par-11_hppa pdnsd_1.2.6-par-11_ia64
d-r, It would appear that RC #502275 is not resolved in lenny due to the lack of the hppa ia64 buildds, which were last successful on 15 Oct, not uploading to incoming. Thus request a give back for: pdnsd_1.2.6-par-11_hppa pdnsd_1.2.6-par-11_ia64 Thanks, Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#482629: kmymoney2-plugin-aqbanking: FTBFS with kmymoney2 0.9-1: Missing header files
Hi, Mark Purcell schrieb: On Saturday 24 May 2008 10:56:19 Micha Lenk wrote: Version: 0.9.6beta-4 The package kmymoney2 0.9-1 ships without header files and all the other development files shipped in earlier versions (see #482625). Hence this package fails to build from source: This bug doesn't effect lenny. kmymoney2-plugin-aqbanking (0.9.6beta-4) builds with kmymoney2 (0.8.9-1) both of which are in lenny. The bug is about building kmymoney2-plugin-aqbanking with kmymoney2/sid. Just for the records: I filed the bug because at that time it was not at all clear (at least not to me) that kmymoney2 0.9-2 will not make it into Lenny. But then there came the other FTBFS bug (#490241) preventing the migration of kmymoney2 0.9-2 to Lenny. This is kind of a mini transition: kmymoney2 should not get updated in Lenny/Squeeze without kmymoney2-plugin-aqbanking being updated too. But I believe we don't need to enforce it by technical means... Regards Micha -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#498679: dovecot - FTBFS: undefined reference to `sievelval'
found 498679 1:1.0.15-2.1 thanks There was an error while trying to autobuild your package: Automatic build of dovecot_1:1.0.15-2.1 on debian-31.osdl.marist.edu by sbuild/s390 98 [...] if s390-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I../../../.. -I../../../.. -I../../../../src/lib -I../ -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -DENABLE_REGEX -MT imparse.o -MD -MP -MF .deps/imparse.Tpo -c -o imparse.o `test -f '../imparse.c' || echo './'`../imparse.c; \ then mv -f .deps/imparse.Tpo .deps/imparse.Po; else rm -f .deps/imparse.Tpo; exit 1; fi /bin/sh ../../../../libtool --tag=CC --mode=link s390-linux-gnu-gcc -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -DENABLE_REGEX-o sievec sievec.o map.o imparse.o libsieve.la ../../../../src/lib/liblib.a s390-linux-gnu-gcc -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -DENABLE_REGEX -o sievec sievec.o map.o imparse.o ./.libs/libsieve.a ../../../../src/lib/liblib.a ./.libs/libsieve.a(sieve-lex.o): In function `sievelex': /build/buildd/dovecot-1.0.15/src/lib-sieve/cmu/libsieve/stdout:888: undefined reference to `sievelval' collect2: ld returned 1 exit status make[6]: *** [sievec] Error 1 make[6]: Leaving directory `/build/buildd/dovecot-1.0.15/src/lib-sieve/cmu/libsieve' make[5]: *** [all-recursive] Error 1 make[5]: Leaving directory `/build/buildd/dovecot-1.0.15/src/lib-sieve/cmu' make[4]: *** [all-recursive] Error 1 make[4]: Leaving directory `/build/buildd/dovecot-1.0.15/src/lib-sieve' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/build/buildd/dovecot-1.0.15/src' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/build/buildd/dovecot-1.0.15' make[1]: *** [all] Error 2 make[1]: Leaving directory `/build/buildd/dovecot-1.0.15' make: *** [build-stamp] Error 2 dpkg-buildpackage: failure: debian/rules build gave error exit status 2 ** Build finished at 20081022-0829 FAILED [dpkg-buildpackage died] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#449497: [Foo2zjs-maintainer] Bug#449497: TC proposal for dispute
Hi there! I put back d-release to the cc: list, since we previously asked for their help on this matter. On Mon, 27 Oct 2008 11:01:31 +0100, Steffen Joeris wrote: I am upset that you again raised the severity without consulting anyone. Which, sadly, went against my specific request to not play the severity-change game anymore [1]. The package as it stands is DFSG free and the getweb script is there for the convenience of the users as well as the documentation. Your arguments haven't changed my opinion. FWIW, I completely agree with Steffen here. However, it doesn't look like we are finding an agreement on this issue. I have pinged the release team on IRC for a statement, but maybe this issue deserves some attention from another body of debian. Therefore, I suggest we write up a paragraph for the TC following their guidelines[0]. Since the TC seems to be the only possible solution, let's go with it. If it's needed, I can go *again* through the sources, spotting the copyright owners and licenses for each file Debian ships (I, in purpose, considered only what Debian includes in its package, which is clearly marked as $UPSTREAMVERSIONdfsg-$DEBIANVERSION). My proposal would be: Dear TC members Bug #449497 has reported against foo2zjs. The maintainers and the submitter do not seem to reach an agreement. I would change that underlying that not only the foo2zjs maintainers, but also other people (including a DD) agree [2]. Moreover, you can find other DDs opinion on the thread on d-legal [3], which I looked at quickly since, frankly speaking, things got repeated and repeated again with no step forward. The problem is as follows. The submitter sees the inclusion of the getweb script as a violation of the DFSG. The script is provided by upstream to download non-free firmware from his upstream webpage. The package includes documentation in README.Debian and a GUI interface (hannah-foo2zjs) around the getweb script for the user's convenience. Some printers need this non-free firmware to run, others don't. More information can be found in the bugreport. Could we please ask you to settle this dispute? It seems OK to me. Thx, bye, Gismo / Luca Footnotes: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449497#125 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=yesbug=449497#39 [3] http://lists.debian.org/debian-legal/2007/11/msg00103.html pgpkvttQ67Dfd.pgp Description: PGP signature
Bug#503588: marked as done (mantis: CVE-2008-4689, CVE-2008-4688 multiple security issues)
Your message dated Mon, 27 Oct 2008 11:17:04 + with message-id [EMAIL PROTECTED] and subject line Bug#503588: fixed in mantis 1.1.2+dfsg-9 has caused the Debian Bug report #503588, regarding mantis: CVE-2008-4689, CVE-2008-4688 multiple security issues to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 503588: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503588 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: mantis Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities Exposures) ids were published for mantis. CVE-2008-4689[0]: | Mantis before 1.1.3 does not unset the session cookie during logout, | which makes it easier for remote attackers to hijack sessions. CVE-2008-4688[1]: | core/string_api.php in Mantis before 1.1.3 does not check the | privileges of the viewer before composing a link with issue data in | the source anchor, which allows remote attackers to discover an | issue's title and status via a request with a modified issue number. Patch for the first issue: http://www.mantisbt.org/bugs/file_download.php?file_id=1988type=bug Looks like this does not cleanly apply but the version in Debian leaks the same logic. Patch for the second issue: http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285r2=5384pathrev=5384diff_format=h If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4689 http://security-tracker.debian.net/tracker/CVE-2008-4689 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4688 http://security-tracker.debian.net/tracker/CVE-2008-4688 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpnEtsZALf3Q.pgp Description: PGP signature ---End Message--- ---BeginMessage--- Source: mantis Source-Version: 1.1.2+dfsg-9 We believe that the bug you reported is fixed in the latest version of mantis, which is due to be installed in the Debian FTP archive: mantis_1.1.2+dfsg-9.diff.gz to pool/main/m/mantis/mantis_1.1.2+dfsg-9.diff.gz mantis_1.1.2+dfsg-9.dsc to pool/main/m/mantis/mantis_1.1.2+dfsg-9.dsc mantis_1.1.2+dfsg-9_all.deb to pool/main/m/mantis/mantis_1.1.2+dfsg-9_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Patrick Schoenfeld [EMAIL PROTECTED] (supplier of updated mantis package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 27 Oct 2008 11:53:54 +0100 Source: mantis Binary: mantis Architecture: source all Version: 1.1.2+dfsg-9 Distribution: unstable Urgency: high Maintainer: Patrick Schoenfeld [EMAIL PROTECTED] Changed-By: Patrick Schoenfeld [EMAIL PROTECTED] Description: mantis - web-based bug tracking system Closes: 503588 Changes: mantis (1.1.2+dfsg-9) unstable; urgency=high . * Urgency high because it fixes security issues. * Fix security vulnerabilites by applying upstream patches: + CVE-2008-4689: Mantis does not unset the session cookie during the logout. + CVE-2008-4688: Mantis does not check the privileges of the viewer before composing a link with issue data in the source anchor. (Closes: #503588) Checksums-Sha1: b567c86dee579ff80e004fa5f927e26f87f7690b 1184 mantis_1.1.2+dfsg-9.dsc 77eecfc4f9e7f5067b2c3bd8e1a4d9ca21c5ba6b 46136 mantis_1.1.2+dfsg-9.diff.gz 0425ae0f3aca77976127b71510451963a1962561 1857684 mantis_1.1.2+dfsg-9_all.deb Checksums-Sha256: db4eb3789f7904907aefbe0af9b617de7f6c94a5af5e0206b42f01571cb6d2cb 1184 mantis_1.1.2+dfsg-9.dsc 4f390de0cbc15a081e59bddd4e95cb7edb2aa265d591b15c9dae1b8d647f3cfc 46136 mantis_1.1.2+dfsg-9.diff.gz 1fc22dbee88c825f23a8b2946fa1d040395ac9756058a93761dc8a7d4267e470 1857684 mantis_1.1.2+dfsg-9_all.deb Files: aef9b13d2a704140a25e995337fef054 1184 web optional mantis_1.1.2+dfsg-9.dsc 5e678ea6c55fa530fb02b07ccea82103 46136 web optional mantis_1.1.2+dfsg-9.diff.gz 971b47cfd6c22f76f43c44ba2bcfb6c7 1857684 web optional
Bug#503612: /usr/bin/pulseaudio: pulseaudio fails to work
Package: pulseaudio Version: 0.9.10-3 I have installed the version of Pulseaudio in experimental and, now, have no audio. experimental has 0.9.13, while your report here claims 0.9.10. What's the real version in use? If it really just affects 0.9.13, please change the version-found accordingly. Cheers, Luca -- .''`. ** Debian GNU/Linux ** | Luca Bruno (kaeso) : :' : The Universal O.S.| lucab (AT) debian.org `. `'` | GPG Key ID: 3BFB9FB3 `- http://www.debian.org | Debian GNU/Linux Developer pgpOq4ufZ5bbh.pgp Description: PGP signature
Bug#503667: request-tracker3.6 - Use debconf as registry
Package: request-tracker3.6 Version: 3.6.7-3 Severity: serious request-tracker3.6 uses debconf as a registry to detect which db informations are available. The debconf data is volatile and therefor not possible to be used in this way. Bastian -- Each kiss is as the first. -- Miramanee, Kirk's wife, The Paradise Syndrome, stardate 4842.6 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503612: /usr/bin/pulseaudio: pulseaudio fails to work
Hi, On Mon, Oct 27, 2008 at 11:32 AM, Luca Bruno [EMAIL PROTECTED] wrote: Package: pulseaudio Version: 0.9.10-3 I have installed the version of Pulseaudio in experimental and, now, have no audio. experimental has 0.9.13, while your report here claims 0.9.10. What's the real version in use? If it really just affects 0.9.13, please change the version-found accordingly. Both. [EMAIL PROTECTED]:~$ dpkg -l | grep pulse ii gstreamer0.10-pulseaudio 0.10.11-1 GStreamer plugin for PulseAudio ii libao-pulse 0.9.3-1 libao PulseAudio driver ii libpulse-browse0 0.9.13-1 PulseAudio client libraries (zeroconf support) ii libpulse-dev 0.9.13-1 PulseAudio client development headers and libraries ii libpulse-mainloop-glib0 0.9.13-1 PulseAudio client libraries (glib support) ii libpulse00.9.13-1 PulseAudio client libraries rc libpulsecore40.9.7-3 PulseAudio sound server core ii libpulsecore50.9.13-1 PulseAudio sound server core ii pulseaudio 0.9.10-3 PulseAudio sound server ii pulseaudio-esound-compat 0.9.13-1 PulseAudio ESD compatibility layer ii pulseaudio-module-gconf 0.9.13-1 GConf module for PulseAudio sound server ii pulseaudio-module-hal0.9.13-1 HAL device detection module for PulseAudio sound serve ii pulseaudio-module-x110.9.13-1 X11 module for PulseAudio sound server ii pulseaudio-module-zeroconf 0.9.13-1 Zeroconf module for PulseAudio sound server ii pulseaudio-utils 0.9.13-1 Command line tools for the PulseAudio sound server Since /usr/bin/pulseaudio was being output by totem, I just did 'reportbug binary' But as you can see, I have 0.9.13 installed for everything *except* pulseaudio (and libao-pulse for some reason). Thanks, Anand -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#502754: ucf and redirecting /dev/tty
On Sun, Oct 26, 2008 at 05:33:30PM +, Dominic Hargreaves wrote: Removing the redirections seems to work fine. I propose to NMU the attached patch to fix this problem for lenny. Uploaded to DELAYED/1-day -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: pacemaker tags 488636 488780 pending
Processing commands for [EMAIL PROTECTED]: tags 488636 + pending Bug#488636: file conflicts between packages There were no tags set. Tags added: pending tags 488780 + pending Bug#488780: pacemaker-dev: tries to overwrite file owned by heartbeat-dev There were no tags set. Tags added: pending End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503672: libsyncml_0.4.7-3(sparc/experimental): FTBFS: Error: Unknown opcode: `int'
Package: libsyncml Version: 0.4.7-3 Severity: serious Hi, your package failed to build from source. | Automatic build of libsyncml_0.4.7-3 on njoerd by sbuild/sparc 98-farm | Build started at 20081027-0156 | ** | Checking available source versions... | Fetching source files... | Reading package lists... | Building dependency tree... | Need to get 549kB of source archives. | Get:1 http://sinclair.farm.ftbfs.de experimental/main libsyncml 0.4.7-3 (dsc) [1146B] | Get:2 http://sinclair.farm.ftbfs.de experimental/main libsyncml 0.4.7-3 (tar) [543kB] | Get:3 http://sinclair.farm.ftbfs.de experimental/main libsyncml 0.4.7-3 (diff) [4848B] | Fetched 549kB in 0s (3611kB/s) | Download complete and in download only mode | ** Using build dependencies supplied by package: | Build-Depends: debhelper (= 4.0.0), quilt, cmake, check, libopenobex1-dev (= 1.2), libxml2-dev (= 2.6.16), libglib2.0-dev (= 2.6.0), libsoup2.4-dev, libwbxml2-dev (= 0.9.2-2) | Checking for already installed source dependencies... [...] | [ 72%] Building C object tests/CMakeFiles/http.dir/check_http.o | cd /build/buildd/libsyncml-0.4.7/build/tests /usr/bin/cc -g -Wall -O2 -I/build/buildd/libsyncml-0.4.7 -I/build/buildd/libsyncml-0.4.7/build -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/libxml2 -o CMakeFiles/http.dir/check_http.o -c /build/buildd/libsyncml-0.4.7/tests/check_http.c | /tmp/ccbn4jag.s: Assembler messages: | /tmp/ccbn4jag.s:4661: Error: Unknown opcode: `int' | make[3]: *** [tests/CMakeFiles/http.dir/check_http.o] Error 1 | make[3]: Leaving directory `/build/buildd/libsyncml-0.4.7/build' | make[2]: *** [tests/CMakeFiles/http.dir/all] Error 2 | make[2]: Leaving directory `/build/buildd/libsyncml-0.4.7/build' | make[1]: *** [all] Error 2 | make[1]: Leaving directory `/build/buildd/libsyncml-0.4.7/build' | make: *** [build-stamp] Error 2 | dpkg-buildpackage: failure: debian/rules build gave error exit status 2 | ** | Build finished at 20081027-0201 | FAILED [dpkg-buildpackage died] Full build log(s): http://experimental.ftbfs.de/build.php?ver=0.4.7-3pkg=libsyncmlarch=sparc Gruesse, -- Frank Lichtenheld [EMAIL PROTECTED] www: http://www.djpig.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503667: request-tracker3.6 - Use debconf as registry
On Mon, Oct 27, 2008 at 12:52:57PM +0100, Bastian Blank wrote: Package: request-tracker3.6 Version: 3.6.7-3 Severity: serious request-tracker3.6 uses debconf as a registry to detect which db informations are available. The debconf data is volatile and therefor not possible to be used in this way. Agreed. I propose to change debian/config to just check whether the rt3.6-db-* packages are installed to determine whether to support these packages (and then remove the db4.6-db-* config/postinst scripts altogether). Does this sounds reasonable? Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503667: [request-tracker-maintainers] Bug#503667: request-tracker3.6 - Use debconf as registry
On Mon, Oct 27, 2008 at 12:26:18PM +, Dominic Hargreaves wrote: I propose to change debian/config to just check whether the rt3.6-db-* packages are installed to determine whether to support these packages (and then remove the db4.6-db-* config/postinst scripts altogether). Does this sounds reasonable? On second thoughts, this isn't good enough, since the rt3.6-db-* packages won't be installed by then - unless the main package is made to Pre-Depend on the rt3.6-db-* packages... Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503675: ffmpeg-debian_3:0.svn20080925-1(ia64/experimental): FTBFS: final link failed: Nonrepresentable section on output
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Package: ffmpeg-debian Version: 3:0.svn20080925-1 Severity: serious There was an error while trying to autobuild your package: Automatic build of ffmpeg-debian_3:0.svn20080925-1 on alkman.ayous.org by sbuild/ia64 98-farm Build started at 20081026-0100 [...] ** Using build dependencies supplied by package: Build-Depends: debhelper (= 5.0.0), doxygen, libdc1394-22-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], libfaad-dev | libfaad2-dev, libfreetype6-dev, libgsm1-dev, libimlib2-dev, libraw1394-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], libsdl1.2-dev, libschroedinger-dev, libtheora-dev ( 0.0.0.alpha4), libvorbis-dev, libx11-dev, libxext-dev, quilt, texi2html, zlib1g-dev [...] gcc -DHAVE_AV_CONFIG_H -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -I. -I/build/buildd/ffmpeg-debian-0.svn20080925 -D_ISOC99_SOURCE -D_POSIX_C_SOURCE=200112 -fasm -std=c99 -fomit-frame-pointer -pthread -I/usr/include/schroedinger-1.0 -I/usr/include/liboil-0.3 -g -Wdeclaration-after-statement -Wall -Wno-switch -Wdisabled-optimization -Wpointer-arith -Wredundant-decls -Wno-pointer-sign -Wcast-qual -Wwrite-strings -Wtype-limits -O3 -fno-math-errno -fno-signed-zeros -fPIC -DPIC -c -o libavcodec/remove_extradata_bsf.o /build/buildd/ffmpeg-debian-0.svn20080925/libavcodec/remove_extradata_bsf.c /build/buildd/ffmpeg-debian-0.svn20080925/libavcodec/remove_extradata_bsf.c: In function 'remove_extradata': /build/buildd/ffmpeg-debian-0.svn20080925/libavcodec/remove_extradata_bsf.c:45: warning: cast discards qualifiers from pointer target type gcc -DHAVE_AV_CONFIG_H -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -I. -I/build/buildd/ffmpeg-debian-0.svn20080925 -D_ISOC99_SOURCE -D_POSIX_C_SOURCE=200112 -fasm -std=c99 -fomit-frame-pointer -pthread -I/usr/include/schroedinger-1.0 -I/usr/include/liboil-0.3 -g -Wdeclaration-after-statement -Wall -Wno-switch -Wdisabled-optimization -Wpointer-arith -Wredundant-decls -Wno-pointer-sign -Wcast-qual -Wwrite-strings -Wtype-limits -O3 -fno-math-errno -fno-signed-zeros -fPIC -DPIC -c -o libavcodec/pthread.o /build/buildd/ffmpeg-debian-0.svn20080925/libavcodec/pthread.c /build/buildd/ffmpeg-debian-0.svn20080925/libavcodec/pthread.c:46: warning: 'force_align_arg_pointer' attribute directive ignored gcc -shared -Wl,-soname,libavcodec.so.52 -L/build/buildd/ffmpeg-debian-0.svn20080925/debian-shared/libavutil -Wl,--warn-common -Wl,--as-needed -Wl,-rpath-link,/build/buildd/ffmpeg-debian-0.svn20080925/debian-shared/libpostproc -Wl,-rpath-link,/build/buildd/ffmpeg-debian-0.svn20080925/debian-shared/libswscale -Wl,-rpath-link,/build/buildd/ffmpeg-debian-0.svn20080925/debian-shared/libavfilter -Wl,-rpath-link,/build/buildd/ffmpeg-debian-0.svn20080925/debian-shared/libavdevice -Wl,-rpath-link,/build/buildd/ffmpeg-debian-0.svn20080925/debian-shared/libavformat -Wl,-rpath-link,/build/buildd/ffmpeg-debian-0.svn20080925/debian-shared/libavcodec -Wl,-rpath-link,/build/buildd/ffmpeg-debian-0.svn20080925/debian-shared/libavutil -Wl,-Bsymbolic -o libavcodec/libavcodec.so.52 libavcodec/allcodecs.o libavcodec/audioconvert.o libavcodec/bitstream.o libavcodec/bitstream_filter.o libavcodec/dsputil.o libavcodec/eval.o libavcodec/faanidct.o libavcodec/imgconvert.o libavcodec/jrevdct.o libavcodec/opt.o libavcodec/parser.o libavcodec/raw.o libavcodec/resample.o libavcodec/resample2.o libavcodec/simple_idct.o libavcodec/utils.o libavcodec/faandct.o libavcodec/jfdctfst.o libavcodec/jfdctint.o libavcodec/aac.o libavcodec/aactab.o libavcodec/mdct.o libavcodec/fft.o libavcodec/aasc.o libavcodec/msrledec.o libavcodec/eac3dec.o libavcodec/ac3dec.o libavcodec/ac3tab.o libavcodec/ac3dec_data.o libavcodec/ac3.o libavcodec/ac3enc.o libavcodec/alac.o libavcodec/alacenc.o libavcodec/lpc.o libavcodec/sp5xdec.o libavcodec/mjpegdec.o libavcodec/mjpeg.o libavcodec/apedec.o libavcodec/asv1.o libavcodec/mpeg12data.o libavcodec/atrac3.o libavcodec/avs.o libavcodec/bethsoftvideo.o libavcodec/bfi.o libavcodec/bmp.o libavcodec/bmpenc.o libavcodec/c93.o libavcodec/cavs.o libavcodec/cavsdec.o libavcodec/cavsdsp.o libavcodec/golomb.o libavcodec/mpegvideo.o libavcodec/cinepak.o libavcodec/cljr.o libavcodec/cook.o libavcodec/cscd.o libavcodec/cyuv.o libavcodec/dca.o libavcodec/dnxhddec.o libavcodec/dnxhddata.o libavcodec/dnxhdenc.o libavcodec/mpegvideo_enc.o libavcodec/motion_est.o libavcodec/ratecontrol.o libavcodec/dsicinav.o libavcodec/dvbsubdec.o libavcodec/dvbsub.o libavcodec/dvdsubdec.o libavcodec/dvdsubenc.o libavcodec/dv.o libavcodec/dxa.o libavcodec/eacmv.o libavcodec/eatgv.o libavcodec/8bps.o libavcodec/8svx.o libavcodec/escape124.o libavcodec/ffv1.o libavcodec/rangecoder.o libavcodec/huffyuv.o libavcodec/flac.o libavcodec/flacenc.o libavcodec/flashsv.o libavcodec/flashsvenc.o libavcodec/flicvideo.o libavcodec/h263dec.o libavcodec/h263.o
Bug#503616: libapache2-mod-ocamlnet: mod_netcgi_apache.so will not load
Dave Benjamin a écrit : I installed libapache2-mod-ocamlnet and enabled the module using a2enmod netcgi_apache. Apache 2 no longer starts, printing this message instead: [...] I tried to resolve the problem by: 1. Saving /usr/lib/ocaml/3.10.2 to /etc/ld.so.conf.d/ocaml.conf 2. Running ldconfig 3. Running /etc/init.d/apache2 start I now get this error: [...] Replacing the last line of /etc/apache2/mods-enabled/netcgi_apache.load (the one mentioning netcgi_apache.cma) to: NetcgiLoad netcgi_apache/netcgi_apache.cma makes it work. Cheers, -- Stéphane -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503676: libjogl-java_1.1.1+dak1-2(ia64/experimental): Could not find the main class: antlr.Tool.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Package: libjogl-java Version: 1.1.1+dak1-2 Severity: serious There was an error while trying to autobuild your package: Automatic build of libjogl-java_1.1.1+dak1-2 on zx6000 by sbuild/ia64 98-farm Build started at 20081027-0633 [...] ** Using build dependencies supplied by package: Build-Depends: debhelper (= 5), cdbs, quilt, openjdk-6-jdk, ant-optional, libgl1-mesa-dev, libglu1-mesa-dev, libxxf86vm-dev, x11proto-xf86vidmode-dev, libxt-dev [...] [antlr] at java.lang.ClassLoader.loadClass(ClassLoader.java:323) [antlr] at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294) [antlr] at java.lang.ClassLoader.loadClass(ClassLoader.java:268) [antlr] at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:336) [antlr] Could not find the main class: antlr.Tool. Program will exit. BUILD FAILED /build/buildd/libjogl-java-1.1.1+dak1/jogl/make/build.xml:1571: The following error occurred while executing this line: /build/buildd/libjogl-java-1.1.1+dak1/jogl/make/build.xml:497: The following error occurred while executing this line: /build/buildd/libjogl-java-1.1.1+dak1/gluegen/make/build.xml:420: The following error occurred while executing this line: /build/buildd/libjogl-java-1.1.1+dak1/gluegen/make/build.xml:100: ANTLR returned: 1 Total time: 4 seconds make: *** [debian/stamp-ant-build] Error 1 dpkg-buildpackage: failure: debian/rules build gave error exit status 2 A full build log can be found at: http://experimental.debian.net/build.php?arch=ia64pkg=libjogl-javaver=1.1.1+dak1-2 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkFt9UACgkQ7Ro5M7LPzdiWOgCfUuBvtPJ7zqcu3jHTTzlmcT51 hMgAn2fHgCfIwd7RXDubIFRreeXvKXzc =pa2V -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503667: [request-tracker-maintainers] Bug#503667: request-tracker3.6 - Use debconf as registry
On Mon, Oct 27, 2008 at 12:52:57PM +0100, Bastian Blank wrote: Package: request-tracker3.6 Version: 3.6.7-3 Severity: serious request-tracker3.6 uses debconf as a registry to detect which db informations are available. The debconf data is volatile and therefor not possible to be used in this way. The debconf information (rt3.6-db-*/available) is only used on new installations or upgrades with an unmodified /etc/request-tracker3.6/RT_SiteConfig.pm. The aim was (of course) to aid the administrator by offering only the possible database choices. This is particularly hard to do otherwise in the preconfiguration case, where there is no other information source available because the rt3.6-db-* packages are usually not installed yet, only preconfigured. I suppose it would be enough if the rt3.6-db-* postinst scripts stored the debconf setting somewhere under /var and the config scripts then parsed those in. Thanks for the bug. -- Niko Tyni [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503672: libsyncml_0.4.7-3(ia64/experimental): FTBFS: Unknown opcode `int $3'
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Package: libsyncml Version: 0.4.7-3 Severity: serious The error on ia64 is slightly different. There was an error while trying to autobuild your package: Automatic build of libsyncml_0.4.7-3 on zx6000 by sbuild/ia64 98-farm Build started at 20081026-1837 [...] ** Using build dependencies supplied by package: Build-Depends: debhelper (= 4.0.0), quilt, cmake, check, libopenobex1-dev (= 1.2), libxml2-dev (= 2.6.16), libglib2.0-dev (= 2.6.0), libsoup2.4-dev, libwbxml2-dev (= 0.9.2-2) [...] /usr/bin/make -f tests/CMakeFiles/http.dir/build.make tests/CMakeFiles/http.dir/build make[3]: Entering directory `/build/buildd/libsyncml-0.4.7/build' /usr/bin/cmake -E cmake_progress_report /build/buildd/libsyncml-0.4.7/build/CMakeFiles 33 [ 72%] Building C object tests/CMakeFiles/http.dir/check_http.o cd /build/buildd/libsyncml-0.4.7/build/tests /usr/bin/cc -g -Wall -O2 -I/build/buildd/libsyncml-0.4.7 -I/build/buildd/libsyncml-0.4.7/build -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/libxml2 -o CMakeFiles/http.dir/check_http.o -c /build/buildd/libsyncml-0.4.7/tests/check_http.c /tmp/ccRP1iN8.s: Assembler messages: /tmp/ccRP1iN8.s:10148: Error: Unknown opcode `int $3' make[3]: *** [tests/CMakeFiles/http.dir/check_http.o] Error 1 make[3]: Leaving directory `/build/buildd/libsyncml-0.4.7/build' make[2]: *** [tests/CMakeFiles/http.dir/all] Error 2 make[2]: Leaving directory `/build/buildd/libsyncml-0.4.7/build' make[1]: *** [all] Error 2 make[1]: Leaving directory `/build/buildd/libsyncml-0.4.7/build' make: *** [build-stamp] Error 2 dpkg-buildpackage: failure: debian/rules build gave error exit status 2 A full build log can be found at: http://experimental.debian.net/build.php?arch=ia64pkg=libsyncmlver=0.4.7-3 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkFuFcACgkQ7Ro5M7LPzdhzAwCfcOggpf0b+nWPE5FKO1/Iz35f 0OQAoJ8jCtV2jJe4O07OqyxxeE1Q2YoL =17ID -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503645: Fwd: Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command injection via filename and insecure file handling
From upstream author. -- Forwarded message -- From: Matthias Wandel Date: Mon, Oct 27, 2008 at 1:06 PM Subject: Re: Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command injection via filename and insecure file handling To: Ludovic Rousseau [EMAIL PROTECTED] So what is the security vulnerability? You can use it to delete files, but why not just use rm? Unless of course you run it as setuid root, but why would you go out ot your way to do that? Matthias - Original Message - From: Ludovic Rousseau [EMAIL PROTECTED] To: mwandel Sent: Monday, October 27, 2008 4:25 AM Subject: Fwd: Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command injection via filename and insecure file handling Hello Matthias, Are you aware of this new security problems? Are you working on the problem? Do you plan to release a version 2.85 of jhead with a fix? Thanks -- Forwarded message -- From: Nico Golde [EMAIL PROTECTED] Date: Mon, Oct 27, 2008 at 10:10 AM Subject: Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command injection via filename and insecure file handling To: [EMAIL PROTECTED] Package: jhead Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) ids were published for jhead. CVE-2008-4641[0]: | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and | earlier allows attackers to execute arbitrary commands via shell | metacharacters in unspecified input. CVE-2008-4640[1]: | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and | earlier allows local users to delete arbitrary files via vectors | involving a modified input filename in which (1) a final z character | is replaced by a t character or (2) a final t character is | replaced by a z character. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4641 http://security-tracker.debian.net/tracker/CVE-2008-4641 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4640 http://security-tracker.debian.net/tracker/CVE-2008-4640 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -- Dr. Ludovic Rousseau -- Dr. Ludovic Rousseau -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: 503555
Processing commands for [EMAIL PROTECTED]: severity 503555 important Bug#503555: sofa-framework - Missuse of ressources Severity set to `important' from `serious' retitle 503555 build arch all packages only in the binary-indep target Bug#503555: sofa-framework - Missuse of ressources Changed Bug title to `build arch all packages only in the binary-indep target' from `sofa-framework - Missuse of ressources'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503623: python-support: Fails during the Setting Up step of installation
Output as requested: ls /usr/share/python-support/*/pygtk.pth -lh -rw-r--r-- 1 root root 8 2008-06-07 23:41 /usr/share/python-support/python-gobject/pygtk.pth -rw-r--r-- 1 root root 8 2006-08-06 06:58 /usr/share/python-support/python-gtk2/pygtk.pth Josselin Mouette wrote: snip Please show the result of: ls /usr/share/python-support/*/pygtk.pth (I should probably make the message show the infringing package now that all packages are processed together.) As a result of this, I tried to install reportbug-ng so that I could report this and now I get LOTS of dependency errors because python-support is flagged as not being configured yet. Well, since reportbug-ng is generating unusable bug reports, that’s not a big deal. Cool, I wasn't too worried as I was able to still use reportbug to get the job done. :)
Bug#503682: network-manager-gnome: partial upgrade do not work
Package: network-manager-gnome Version: 0.6.6-2 Severity: grave Justification: renders package unusable Hi, I have upgrade to network manager in experimental, as part of that the various libnm libraries have been upgraded to version 0.7.x However neither network-manager, nor network-manager-gnome (part of network-manager-applet) were upgraded. This meant that the applet did not start. Manually starting it revealed: [EMAIL PROTECTED]:~$ which nm-applet /usr/bin/nm-applet [EMAIL PROTECTED]:~$ nm-applet nm-applet: symbol lookup error: nm-applet: undefined symbol: dbus_method_dispatcher_new This is similar to launchpad bug #193964; I think the solution is to have the various libnm components conflict with network-manager-* 0.7 so that partial upgrades are not possible. Without the conflict in place, it is not possilbe to start network-manager and thus connect to the Internet (hence the severity). Thanks, Anand -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (650, 'testing'), (600, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages network-manager-gnome depends on: ii libc62.8+20080809-1 GNU C Library: Shared libraries ii libdbus-1-3 1.2.1-4 simple interprocess messaging syst ii libdbus-glib-1-2 0.76-1 simple interprocess messaging syst ii libgconf2-4 2.22.0-1GNOME configuration database syste ii libglade2-0 1:2.6.2-1 library to load .glade files at ru ii libglib2.0-0 2.18.2-1The GLib library of C routines ii libgnome-keyring02.22.3-2GNOME keyring services library ii libgnome2-0 2.22.0-1The GNOME 2 library - runtime file ii libgnomeui-0 2.22.1-1The GNOME 2 libraries (User Interf ii libgtk2.0-0 2.12.11-4 The GTK+ graphical user interface ii libnm-util0 0.7.0~svn4191-1 network management framework (shar ii libnotify1 [libnotify1-g 0.4.4-3 sends desktop notifications to a n ii libpango1.0-01.21.6-1Layout and rendering of internatio ii libx11-6 2:1.1.5-2 X11 client-side library ii network-manager 0.6.6-2 network management framework daemo Versions of packages network-manager-gnome recommends: ii libpam-gnome-keyring [libpam- 2.22.3-2 PAM module to unlock the GNOME key pn network-manager-openvpn-gnome none (no description available) pn network-manager-vpnc-gnomenone (no description available) ii notification-daemon 0.3.7-1+b1 a daemon that displays passive pop network-manager-gnome suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#502002: marked as done (texlive-latex-extra: hilowres.sty is non-free)
Your message dated Mon, 27 Oct 2008 14:02:58 + with message-id [EMAIL PROTECTED] and subject line Bug#502002: fixed in texlive-extra 2007.dfsg.8-1 has caused the Debian Bug report #502002, regarding texlive-latex-extra: hilowres.sty is non-free to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 502002: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502002 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: texlive-latex-extra Version: 2007.dfsg.4-1 Severity: serious Dear Debian release team, in the past, license auditing of texlive has mainly been done by ourselves and the TeX Live team, but we all had many more occupations and never really got to systematically do that. In the last couple of weeks, our second-level upstream, the CTAN team, has added their efforts, and since they deal mainly with cataloguing and updating packages, we have now many more packages for which we can definitely be sure about their license - but also, non-free packages turn up continuously, as you might have noticed by our unfreeze requests. Here's one more, and a question: , | From: Robin Fairbairns [EMAIL PROTECTED] | Subject: [tex-live] hilowres package | To: [EMAIL PROTECTED] | Date: Sun, 12 Oct 2008 10:37:24 +0100 | | was unknown licence, but on examination i find it restricts | modification. | | i've therefore changed the catalogue licence to other-nonfree | | robin ` The question: If you would promise to give us a heads-up about two or three weeks before the actual release date, we would stop uploading new upstream versions for every RC bug. Instead, we would do that in one larger upload. We need some days warning in advance, however, because Norbert will be on vacation regularly, and I am very much oppupied with my paid work (and actually away from home and office regularly, without internet access). If you prefer, we can also just make upload for every non-free part that is discovered. Thanks, Frank -- Package-specific info: If you report an error when running one of the TeX-related binaries (latex, pdftex, metafont,...), or if the bug is related to bad or wrong output, please include a MINIMAL example input file that produces the error in your report. Don't forget to also include minimal examples of other files that are needed, e.g. bibtex databases. Often it also helps to include the logfile. Please, never send included pictures! If your example file isn't short or produces more than one page of output (except when multiple pages are needed to show the problem), you can probably minimize it further. Instructions on how to do that can be found at http://www.latex-einfuehrung.de/mini-en.html (english) or http://www.latex-einfuehrung.de/mini.html (german) ## minimal input file ## other files ## List of ls-R files -rw-r--r-- 1 frank frank 1858 13. Apr 2007 /home/frank/.texmf-var/ls-R -rw-r--r-- 1 root root 1804 28. Sep 18:22 /var/lib/texmf/ls-R -rw-rw-r-- 1 root staff 5883 10. Okt 22:31 /usr/local/share/texmf/ls-R lrwxrwxrwx 1 root root 29 30. Jul 22:20 /usr/share/texmf/ls-R - /var/lib/texmf/ls-R-TEXMFMAIN lrwxrwxrwx 1 root root 27 28. Sep 18:13 /usr/share/texmf-texlive/ls-R - /var/lib/texmf/ls-R-TEXLIVE lrwxrwxrwx 1 root root 27 28. Sep 18:13 /usr/share/texmf-texlive/ls-R - /var/lib/texmf/ls-R-TEXLIVE ## Config files -rw-r--r-- 1 frank frank 17 25. Jun 20:54 /home/frank/.texmf-config/web2c/texmf.cnf -rw-r--r-- 1 frank frank 0 26. Jun 21:44 /home/frank/texmf/web2c/fmtutil.cnf -rw-r--r-- 1 frank frank 20670 18. Mai 2007 /home/frank/.texmf-var/web2c/updmap.cfg -rw-r--r-- 1 root root 14538 28. Sep 18:22 /var/lib/texmf/tex/generic/config/language.dat ## Files in /etc/texmf/web2c/ insgesamt 15 -rw-r--r-- 1 root root 12304 11. Jun 2007 fmtutil.cnf_onceuponatime -rw-r--r-- 1 root root 283 4. Apr 2007 mktex.cnf ## md5sums of texmf.d 42c20d7e8bd343542772b5a145bf8ad8 /etc/texmf/texmf.d/05TeXMF.cnf 5f7f6652cc8b8071c9e4ea6ba9e9f0a1 /etc/texmf/texmf.d/15Plain.cnf d588a08518f705d06ac262acd78f2bc4 /etc/texmf/texmf.d/20xmltex.cnf 589b39396bf292237eb7ea037cf199f6 /etc/texmf/texmf.d/20xmltex.cnf.bak f68e5add6afd6585b982f2f78e2e6a92 /etc/texmf/texmf.d/45TeXinputs.cnf a97d4dac1333cedb719bc0c9402f4c88 /etc/texmf/texmf.d/45TeXinputs.cnf~ 8a26468004b5ebc7ae9884740356c1d0 /etc/texmf/texmf.d/45TeXinputs.cnf.ucf-dist 5be40776c04076dfd0a43f7ac8abd188
Bug#502515: marked as done (texlive-latex-extra: kalendar is non-free)
Your message dated Mon, 27 Oct 2008 14:02:58 + with message-id [EMAIL PROTECTED] and subject line Bug#502515: fixed in texlive-extra 2007.dfsg.8-1 has caused the Debian Bug report #502515, regarding texlive-latex-extra: kalendar is non-free to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 502515: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502515 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: texlive-latex-extra Version: 2007.dfsg.4-1 Severity: serious kalender has been removed from upstream due to being nonfree: r10993 | karl | 2008-10-17 02:12:00 +0200 (Fri, 17 Oct 2008) | 1 line rm kalender, nonfree As Frank wrote in Bug #502002: If you would promise to give us a heads-up about two or three weeks before the actual release date, we would stop uploading new upstream versions for every RC bug. Instead, we would do that in one larger So I will anyway wait a bit. Best wishes Norbert --- Dr. Norbert Preining [EMAIL PROTECTED]Vienna University of Technology Debian Developer [EMAIL PROTECTED] Debian TeX Group gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094 --- KENT (adj.) Politely determined not to help despite a violent urge to the contrary. Kent expressions are seen on the faces of people who are good at something watching someone else who can't do it at all. --- Douglas Adams, The Meaning of Liff ---End Message--- ---BeginMessage--- Source: texlive-extra Source-Version: 2007.dfsg.8-1 We believe that the bug you reported is fixed in the latest version of texlive-extra, which is due to be installed in the Debian FTP archive: texlive-bibtex-extra_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-bibtex-extra_2007.dfsg.8-1_all.deb texlive-extra_2007.dfsg.8-1.diff.gz to pool/main/t/texlive-extra/texlive-extra_2007.dfsg.8-1.diff.gz texlive-extra_2007.dfsg.8-1.dsc to pool/main/t/texlive-extra/texlive-extra_2007.dfsg.8-1.dsc texlive-extra_2007.dfsg.8.orig.tar.gz to pool/main/t/texlive-extra/texlive-extra_2007.dfsg.8.orig.tar.gz texlive-fonts-extra-doc_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-fonts-extra-doc_2007.dfsg.8-1_all.deb texlive-fonts-extra_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-fonts-extra_2007.dfsg.8-1_all.deb texlive-formats-extra_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-formats-extra_2007.dfsg.8-1_all.deb texlive-games_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-games_2007.dfsg.8-1_all.deb texlive-generic-extra_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-generic-extra_2007.dfsg.8-1_all.deb texlive-humanities-doc_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-humanities-doc_2007.dfsg.8-1_all.deb texlive-humanities_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-humanities_2007.dfsg.8-1_all.deb texlive-latex-extra-doc_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-latex-extra-doc_2007.dfsg.8-1_all.deb texlive-latex-extra_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-latex-extra_2007.dfsg.8-1_all.deb texlive-latex3_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-latex3_2007.dfsg.8-1_all.deb texlive-math-extra_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-math-extra_2007.dfsg.8-1_all.deb texlive-plain-extra_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-plain-extra_2007.dfsg.8-1_all.deb texlive-pstricks-doc_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-pstricks-doc_2007.dfsg.8-1_all.deb texlive-pstricks_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-pstricks_2007.dfsg.8-1_all.deb texlive-publishers-doc_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-publishers-doc_2007.dfsg.8-1_all.deb texlive-publishers_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-publishers_2007.dfsg.8-1_all.deb texlive-science-doc_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-science-doc_2007.dfsg.8-1_all.deb texlive-science_2007.dfsg.8-1_all.deb to pool/main/t/texlive-extra/texlive-science_2007.dfsg.8-1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if
Bug#503462: marked as done (texlive-extra-utils must Replaces: tetex-bin)
Your message dated Mon, 27 Oct 2008 14:02:17 + with message-id [EMAIL PROTECTED] and subject line Bug#503462: fixed in texlive-bin 2007.dfsg.2-4 has caused the Debian Bug report #503462, regarding texlive-extra-utils must Replaces: tetex-bin to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 503462: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503462 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: texlive-extra-utils Version: 2007.dfsg.2-3 Severity: serious When upgrading a clean Etch system to Lenny, I get Unpacking texlive-extra-utils (from .../texlive-extra-utils_2007.dfsg.2-3_i386.deb) ... dpkg: error processing /var/cache/apt/archives/texlive-extra-utils_2007.dfsg.2-3_i386.deb (--unpack): trying to overwrite `/usr/bin/patgen', which is also in package tetex-bin dpkg-deb: subprocess paste killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/texlive-extra-utils_2007.dfsg.2-3_i386.deb E: Sub-process /usr/bin/dpkg returned an error code (1) tetex-bin in Etch includes /usr/bin/patgen so texlive-extra-utils needs to Replaces: tetex-bin. Cheers, -- Bill. [EMAIL PROTECTED] Imagine a large red swirl here. ---End Message--- ---BeginMessage--- Source: texlive-bin Source-Version: 2007.dfsg.2-4 We believe that the bug you reported is fixed in the latest version of texlive-bin, which is due to be installed in the Debian FTP archive: libkpathsea-dev_2007.dfsg.2-4_amd64.deb to pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-4_amd64.deb libkpathsea4_2007.dfsg.2-4_amd64.deb to pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-4_amd64.deb texlive-base-bin-doc_2007.dfsg.2-4_amd64.deb to pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-4_amd64.deb texlive-base-bin_2007.dfsg.2-4_amd64.deb to pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-4_amd64.deb texlive-bin_2007.dfsg.2-4.diff.gz to pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2-4.diff.gz texlive-bin_2007.dfsg.2-4.dsc to pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2-4.dsc texlive-extra-utils_2007.dfsg.2-4_amd64.deb to pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-4_amd64.deb texlive-font-utils_2007.dfsg.2-4_amd64.deb to pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-4_amd64.deb texlive-lang-indic_2007.dfsg.2-4_amd64.deb to pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-4_amd64.deb texlive-metapost-doc_2007.dfsg.2-4_amd64.deb to pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-4_amd64.deb texlive-metapost_2007.dfsg.2-4_amd64.deb to pool/main/t/texlive-bin/texlive-metapost_2007.dfsg.2-4_amd64.deb texlive-music_2007.dfsg.2-4_amd64.deb to pool/main/t/texlive-bin/texlive-music_2007.dfsg.2-4_amd64.deb texlive-omega_2007.dfsg.2-4_amd64.deb to pool/main/t/texlive-bin/texlive-omega_2007.dfsg.2-4_amd64.deb texlive-xetex_2007.dfsg.2-4_amd64.deb to pool/main/t/texlive-bin/texlive-xetex_2007.dfsg.2-4_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Norbert Preining [EMAIL PROTECTED] (supplier of updated texlive-bin package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 27 Oct 2008 01:13:56 +0100 Source: texlive-bin Binary: texlive-base-bin texlive-extra-utils texlive-font-utils texlive-metapost texlive-omega texlive-xetex texlive-music texlive-lang-indic libkpathsea4 libkpathsea-dev texlive-metapost-doc texlive-base-bin-doc Architecture: source amd64 Version: 2007.dfsg.2-4 Distribution: unstable Urgency: medium Maintainer: Debian TeX Maintainers [EMAIL PROTECTED] Changed-By: Norbert Preining [EMAIL PROTECTED] Description: libkpathsea-dev - TeX Live: path search library for TeX (development part) libkpathsea4 - TeX Live: path search library for TeX (runtime part) texlive-base-bin - TeX Live: Essential binaries texlive-base-bin-doc - TeX Live: Documentation files for texlive-base-bin texlive-extra-utils - TeX Live: TeX auxiliary programs texlive-font-utils - TeX Live: TeX font-related programs texlive-lang-indic - TeX Live: Indic texlive-metapost - TeX Live: MetaPost (and Metafont) drawing packages
Bug#503623: python-support: Fails during the Setting Up step of installation
Le mardi 28 octobre 2008 à 00:50 +1100, Tim Lyth a écrit : Output as requested: ls /usr/share/python-support/*/pygtk.pth -lh -rw-r--r-- 1 root root 8 2008-06-07 23:41 /usr/share/python-support/python-gobject/pygtk.pth -rw-r--r-- 1 root root 8 2006-08-06 06:58 /usr/share/python-support/python-gtk2/pygtk.pth What are the versions of python-gobject and python-gtk2 installed on your system? Cheers, -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `-our own. Resistance is futile. signature.asc Description: Ceci est une partie de message numériquement signée
Bug#503676: marked as done (libjogl-java_1.1.1+dak1-2(ia64/experimental): Could not find the main class: antlr.Tool.)
Your message dated Mon, 27 Oct 2008 14:32:05 + with message-id [EMAIL PROTECTED] and subject line Bug#503676: fixed in libjogl-java 1.1.1+dak1-3 has caused the Debian Bug report #503676, regarding libjogl-java_1.1.1+dak1-2(ia64/experimental): Could not find the main class: antlr.Tool. to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 503676: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503676 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Package: libjogl-java Version: 1.1.1+dak1-2 Severity: serious There was an error while trying to autobuild your package: Automatic build of libjogl-java_1.1.1+dak1-2 on zx6000 by sbuild/ia64 98-farm Build started at 20081027-0633 [...] ** Using build dependencies supplied by package: Build-Depends: debhelper (= 5), cdbs, quilt, openjdk-6-jdk, ant-optional, libgl1-mesa-dev, libglu1-mesa-dev, libxxf86vm-dev, x11proto-xf86vidmode-dev, libxt-dev [...] [antlr] at java.lang.ClassLoader.loadClass(ClassLoader.java:323) [antlr] at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294) [antlr] at java.lang.ClassLoader.loadClass(ClassLoader.java:268) [antlr] at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:336) [antlr] Could not find the main class: antlr.Tool. Program will exit. BUILD FAILED /build/buildd/libjogl-java-1.1.1+dak1/jogl/make/build.xml:1571: The following error occurred while executing this line: /build/buildd/libjogl-java-1.1.1+dak1/jogl/make/build.xml:497: The following error occurred while executing this line: /build/buildd/libjogl-java-1.1.1+dak1/gluegen/make/build.xml:420: The following error occurred while executing this line: /build/buildd/libjogl-java-1.1.1+dak1/gluegen/make/build.xml:100: ANTLR returned: 1 Total time: 4 seconds make: *** [debian/stamp-ant-build] Error 1 dpkg-buildpackage: failure: debian/rules build gave error exit status 2 A full build log can be found at: http://experimental.debian.net/build.php?arch=ia64pkg=libjogl-javaver=1.1.1+dak1-2 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkFt9UACgkQ7Ro5M7LPzdiWOgCfUuBvtPJ7zqcu3jHTTzlmcT51 hMgAn2fHgCfIwd7RXDubIFRreeXvKXzc =pa2V -END PGP SIGNATURE- ---End Message--- ---BeginMessage--- Source: libjogl-java Source-Version: 1.1.1+dak1-3 We believe that the bug you reported is fixed in the latest version of libjogl-java, which is due to be installed in the Debian FTP archive: libjogl-java-doc_1.1.1+dak1-3_all.deb to pool/main/libj/libjogl-java/libjogl-java-doc_1.1.1+dak1-3_all.deb libjogl-java_1.1.1+dak1-3.diff.gz to pool/main/libj/libjogl-java/libjogl-java_1.1.1+dak1-3.diff.gz libjogl-java_1.1.1+dak1-3.dsc to pool/main/libj/libjogl-java/libjogl-java_1.1.1+dak1-3.dsc libjogl-java_1.1.1+dak1-3_all.deb to pool/main/libj/libjogl-java/libjogl-java_1.1.1+dak1-3_all.deb libjogl-jni_1.1.1+dak1-3_i386.deb to pool/main/libj/libjogl-java/libjogl-jni_1.1.1+dak1-3_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sylvestre Ledru [EMAIL PROTECTED] (supplier of updated libjogl-java package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 27 Oct 2008 15:14:48 +0100 Source: libjogl-java Binary: libjogl-java libjogl-jni libjogl-java-doc Architecture: source all i386 Version: 1.1.1+dak1-3 Distribution: experimental Urgency: low Maintainer: Sylvestre Ledru [EMAIL PROTECTED] Changed-By: Sylvestre Ledru [EMAIL PROTECTED] Description: libjogl-java - Java bindings for OpenGL API (java library) libjogl-java-doc - Documentation for the Java bindings for OpenGL libjogl-jni - Java bindings for OpenGL API (java jni library) Closes: 503676 Changes: libjogl-java (1.1.1+dak1-3) experimental; urgency=low . * Dep to antlr changed to libantlr-java and move to build-depends (instead of Build-Depends-Indep) (Closes: #503676) Checksums-Sha1: b7963c75b440c035fb7f86352f95df6a275f0771 1439 libjogl-java_1.1.1+dak1-3.dsc a9755990bf846ab07938b57342479036a85bd555 43747 libjogl-java_1.1.1+dak1-3.diff.gz fef3cea74618f9513179ef53ebfd014eff645a50
Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command injection via filename and insecure file handling
On Mon, Oct 27, 2008 at 1:06 PM, Matthias Wandel [EMAIL PROTECTED] wrote: So what is the security vulnerability? You can use it to delete files, but why not just use rm? If I understand correctly we have two problems (from [1]) 2 - unsafe temp file creation 4 - shell escapes I think unsafe temp file creation is referring to the use of unlink() at line 329 of jhead.c. I don't think it is a grave problem. shell escapes is more serious since you use system() at line 339 of jhead.c without escaping any special characters a file name could contain. For example if you have a file named foo.jpg ; rm -rf ~ you could make bad things without noticing. Yes, you should be stupid to use such a file name. Unless of course you run it as setuid root, but why would you go out ot your way to do that? A solution would be to use one of the exec(3) system calls instead of system(3). Bye [1] http://www.openwall.com/lists/oss-security/2008/10/16/3 -- Dr. Ludovic Rousseau -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503672: marked as done (libsyncml_0.4.7-3(sparc/experimental): FTBFS: Error: Unknown opcode: `int')
Your message dated Mon, 27 Oct 2008 14:47:03 + with message-id [EMAIL PROTECTED] and subject line Bug#503672: fixed in libsyncml 0.4.7-4 has caused the Debian Bug report #503672, regarding libsyncml_0.4.7-3(sparc/experimental): FTBFS: Error: Unknown opcode: `int' to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 503672: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503672 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: libsyncml Version: 0.4.7-3 Severity: serious Hi, your package failed to build from source. | Automatic build of libsyncml_0.4.7-3 on njoerd by sbuild/sparc 98-farm | Build started at 20081027-0156 | ** | Checking available source versions... | Fetching source files... | Reading package lists... | Building dependency tree... | Need to get 549kB of source archives. | Get:1 http://sinclair.farm.ftbfs.de experimental/main libsyncml 0.4.7-3 (dsc) [1146B] | Get:2 http://sinclair.farm.ftbfs.de experimental/main libsyncml 0.4.7-3 (tar) [543kB] | Get:3 http://sinclair.farm.ftbfs.de experimental/main libsyncml 0.4.7-3 (diff) [4848B] | Fetched 549kB in 0s (3611kB/s) | Download complete and in download only mode | ** Using build dependencies supplied by package: | Build-Depends: debhelper (= 4.0.0), quilt, cmake, check, libopenobex1-dev (= 1.2), libxml2-dev (= 2.6.16), libglib2.0-dev (= 2.6.0), libsoup2.4-dev, libwbxml2-dev (= 0.9.2-2) | Checking for already installed source dependencies... [...] | [ 72%] Building C object tests/CMakeFiles/http.dir/check_http.o | cd /build/buildd/libsyncml-0.4.7/build/tests /usr/bin/cc -g -Wall -O2 -I/build/buildd/libsyncml-0.4.7 -I/build/buildd/libsyncml-0.4.7/build -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/libxml2 -o CMakeFiles/http.dir/check_http.o -c /build/buildd/libsyncml-0.4.7/tests/check_http.c | /tmp/ccbn4jag.s: Assembler messages: | /tmp/ccbn4jag.s:4661: Error: Unknown opcode: `int' | make[3]: *** [tests/CMakeFiles/http.dir/check_http.o] Error 1 | make[3]: Leaving directory `/build/buildd/libsyncml-0.4.7/build' | make[2]: *** [tests/CMakeFiles/http.dir/all] Error 2 | make[2]: Leaving directory `/build/buildd/libsyncml-0.4.7/build' | make[1]: *** [all] Error 2 | make[1]: Leaving directory `/build/buildd/libsyncml-0.4.7/build' | make: *** [build-stamp] Error 2 | dpkg-buildpackage: failure: debian/rules build gave error exit status 2 | ** | Build finished at 20081027-0201 | FAILED [dpkg-buildpackage died] Full build log(s): http://experimental.ftbfs.de/build.php?ver=0.4.7-3pkg=libsyncmlarch=sparc Gruesse, -- Frank Lichtenheld [EMAIL PROTECTED] www: http://www.djpig.de/ ---End Message--- ---BeginMessage--- Source: libsyncml Source-Version: 0.4.7-4 We believe that the bug you reported is fixed in the latest version of libsyncml, which is due to be installed in the Debian FTP archive: libsyncml-dev_0.4.7-4_i386.deb to pool/main/libs/libsyncml/libsyncml-dev_0.4.7-4_i386.deb libsyncml-utils_0.4.7-4_i386.deb to pool/main/libs/libsyncml/libsyncml-utils_0.4.7-4_i386.deb libsyncml2-dbg_0.4.7-4_i386.deb to pool/main/libs/libsyncml/libsyncml2-dbg_0.4.7-4_i386.deb libsyncml2_0.4.7-4_i386.deb to pool/main/libs/libsyncml/libsyncml2_0.4.7-4_i386.deb libsyncml_0.4.7-4.diff.gz to pool/main/libs/libsyncml/libsyncml_0.4.7-4.diff.gz libsyncml_0.4.7-4.dsc to pool/main/libs/libsyncml/libsyncml_0.4.7-4.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Banck [EMAIL PROTECTED] (supplier of updated libsyncml package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 27 Oct 2008 14:35:54 +0100 Source: libsyncml Binary: libsyncml2 libsyncml-utils libsyncml-dev libsyncml2-dbg Architecture: source i386 Version: 0.4.7-4 Distribution: experimental Urgency: low Maintainer: Michael Banck [EMAIL PROTECTED] Changed-By: Michael Banck [EMAIL PROTECTED] Description: libsyncml-dev - SyncML protocol development library libsyncml-utils - SyncML protocol library utilities libsyncml2
Processed: Re: gnat-gps: FTBFS: unsat b-deps: libgnatprj-dev: Depends: gnat-4.2 (= 4.2.1-7) but it is not going to be installed
Processing commands for [EMAIL PROTECTED]: fixed 445772 4.0.1-6lenny1 Bug#445772: gnat-gps: FTBFS: unsat b-deps: libgnatprj-dev: Depends: gnat-4.2 (= 4.2.1-7) but it is not going to be installed Bug marked as fixed in version 4.0.1-6lenny1. notfound 445772 4.0.1-6lenny1 Bug#445772: gnat-gps: FTBFS: unsat b-deps: libgnatprj-dev: Depends: gnat-4.2 (= 4.2.1-7) but it is not going to be installed Bug no longer marked as found in version 4.0.1-6lenny1. (By the way, this Bug is currently marked as done.) thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503645: Fwd: Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command injection via filename and insecure file handling
Hi Ludovic, * Ludovic Rousseau [EMAIL PROTECTED] [2008-10-27 15:14]: From upstream author. -- Forwarded message -- From: Matthias Wandel Date: Mon, Oct 27, 2008 at 1:06 PM Subject: Re: Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command injection via filename and insecure file handling To: Ludovic Rousseau [EMAIL PROTECTED] So what is the security vulnerability? You can use it to delete files, but why not just use rm? Unless of course you run it as setuid root, but why would you go out ot your way to do that? Why does upstream have problems to understand an issue which he acknowledged before? https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020/comments/6 Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpH9xQ5I3HQJ.pgp Description: PGP signature
Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command injection via filename and insecure file handling
Hi Ludovic, * Ludovic Rousseau [EMAIL PROTECTED] [2008-10-27 16:47]: On Mon, Oct 27, 2008 at 1:06 PM, Matthias Wandel [EMAIL PROTECTED] wrote: So what is the security vulnerability? You can use it to delete files, but why not just use rm? If I understand correctly we have two problems (from [1]) 2 - unsafe temp file creation Yes but this is not exactly the same problem like the static name that was used before. 4 - shell escapes I think unsafe temp file creation is referring to the use of unlink() at line 329 of jhead.c. I don't think it is a grave problem. Correct. shell escapes is more serious since you use system() at line 339 of jhead.c without escaping any special characters a file name could contain. Correct, that is the problem. Crafted file names can execute commands in the shell. For example if you have a file named foo.jpg ; rm -rf ~ you could make bad things without noticing. Yes, you should be stupid to use such a file name. All the issues recently released for jhead are not really important, the problem are non-interactive setups where jhead is called from scripts. Unless of course you run it as setuid root, but why would you go out ot your way to do that? A solution would be to use one of the exec(3) system calls instead of system(3). Yes or to filter the string. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpQsr21c0Y53.pgp Description: PGP signature
Bug#503645: Fwd: Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command injection via filename and insecure file handling
From upstream. -- Forwarded message -- From: Matthias Wandel [EMAIL PROTECTED] Date: Mon, Oct 27, 2008 at 4:13 PM Subject: Re: Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command injection via filename and insecure file handling To: Ludovic Rousseau [EMAIL PROTECTED] Ah, the use of exec had been suggested before, but I didn't see a good reason for it. I suppose if its used for something that processes files from random users on a server, this could potentially be exploited. I should make that change, though I won't have time for it right away. Though if somebody had a patch, that would be quicker to integrate. The unsafe temp file creation I won't worry about for the moment. Matthias - Original Message - From: Ludovic Rousseau [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 27, 2008 9:52 AM Subject: Re: Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command injection via filename and insecure file handling On Mon, Oct 27, 2008 at 1:06 PM, Matthias Wandel [EMAIL PROTECTED] wrote: So what is the security vulnerability? You can use it to delete files, but why not just use rm? If I understand correctly we have two problems (from [1]) 2 - unsafe temp file creation 4 - shell escapes I think unsafe temp file creation is referring to the use of unlink() at line 329 of jhead.c. I don't think it is a grave problem. shell escapes is more serious since you use system() at line 339 of jhead.c without escaping any special characters a file name could contain. For example if you have a file named foo.jpg ; rm -rf ~ you could make bad things without noticing. Yes, you should be stupid to use such a file name. Unless of course you run it as setuid root, but why would you go out ot your way to do that? A solution would be to use one of the exec(3) system calls instead of system(3). Bye [1] http://www.openwall.com/lists/oss-security/2008/10/16/3 -- Dr. Ludovic Rousseau -- Dr. Ludovic Rousseau -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Cleaning up
Processing commands for [EMAIL PROTECTED]: fixed 491919 1.03-46 Bug#491919: qmail-src: Prompts should use debconf Bug marked as fixed in version 1.03-46. fixed 491916 1.03-46 Bug#491916: qmail: Preinst fails if /etc/inetd.conf does not exist Bug marked as fixed in version 1.03-46. fixed 459616 1.03-46 Bug#459616: qmail-src: Typo in package description: binary for - binary form Bug marked as fixed in version 1.03-46. fixed 478513 1.03-46 Bug#478513: qmail-src should depend on libc6-dev Bug marked as fixed in version 1.03-46. fixed 466447 1.03-46 Bug#466447: qmail-local maildir delivery race condition Bug#319518: qmail-local Maildir delivery is buggy Bug marked as fixed in version 1.03-46. fixed 485956 1.03-47 Bug number 485956 not found. (Is it archived?) fixed 439702 1.03-46 Bug number 439702 not found. (Is it archived?) stop Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#491916: marked as done (qmail: Preinst fails if /etc/inetd.conf does not exist)
Your message dated Mon, 27 Oct 2008 11:24:01 -0500 with message-id [EMAIL PROTECTED] and subject line Fixed in 1.03-46 has caused the Debian Bug report #491916, regarding qmail: Preinst fails if /etc/inetd.conf does not exist to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 491916: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491916 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: qmail Version: 1.03-45 Severity: important On a minimal system with no /etc/inetd.conf, qmail installation fails: callisto:/usr/share/doc/qmail-src# dpkg -i /tmp/qmail/qmail_1.03-45_i386.deb (Reading database ... 60331 files and directories currently installed.) Unpacking qmail (from .../qmail/qmail_1.03-45_i386.deb) ... Performing install First installation of the Debian qmail package... Checking if qmail is already installed on this computer... no. Checking group qmail (gid 64010)... ok. Checking user alias (uid 64010, gid 65534, homedir /var/qmail/alias)... ok. Checking user qmaild (uid 64011, gid 65534, homedir /var/qmail)... ok. Checking user qmails (uid 64012, gid 64010, homedir /var/qmail)... ok. Checking user qmailr (uid 64013, gid 64010, homedir /var/qmail)... ok. Checking user qmailq (uid 64014, gid 64010, homedir /var/qmail)... ok. Checking user qmaill (uid 64015, gid 65534, homedir /var/qmail)... ok. Checking user qmailp (uid 64016, gid 65534, homedir /var/qmail)... ok. Could not open /etc/inetd.conf dpkg: error processing /tmp/qmail/qmail_1.03-45_i386.deb (--install): subprocess pre-installation script returned error exit status 2 Errors were encountered while processing: /tmp/qmail/qmail_1.03-45_i386.deb Suggested fix: use update-inetd. Preferably do all this in postinst rather than preinst, then just Depend on update-inetd. Failing that, Pre-Depend on inetd. ---End Message--- ---BeginMessage--- See changelog for details. Cheers! Jon ---End Message---
Processed (with 1 errors): unarchiving 496392, notfixed 496392 in 1:3.0+pre3.1-18etch1, closing 496392, archiving 496392
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.35 unarchive 496392 Bug 496392 [myspell-tools] The possibility of attack with the help of symlinks in some Debian packages Unarchived Bug 496392 notfixed 496392 1:3.0+pre3.1-18etch1 Bug#496392: The possibility of attack with the help of symlinks in some Debian packages Bug no longer marked as fixed in version 1:3.0+pre3.1-18etch1. close 496392 myspell/1:3.0+pre3.1-21 Unknown command or malformed arguments to command. archive 496392 Bug 496392 [myspell-tools] The possibility of attack with the help of symlinks in some Debian packages archived 496392 to archive/92 (from 496392) deleted 496392 (from 496392) End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: unarchiving 496392, reassign 496392 to myspell-tools,libmyspell3c2a, closing 496392, closing 496392 ...
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.35 unarchive 496392 Bug 496392 [myspell-tools] The possibility of attack with the help of symlinks in some Debian packages Unarchived Bug 496392 reassign 496392 myspell-tools,libmyspell3c2a Bug#496392: The possibility of attack with the help of symlinks in some Debian packages Warning: Unknown package 'libmyspell3c2a' Bug reassigned from package `myspell-tools' to `myspell-tools,libmyspell3c2a'. close 496392 1:3.1-18etch1 Bug#496392: The possibility of attack with the help of symlinks in some Debian packages 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Warning: Unknown package 'libmyspell3c2a' Bug marked as fixed in version 1:3.1-18etch1, send any further explanations to Dmitry E. Oboukhov [EMAIL PROTECTED] close 496392 1:3.1-21 Bug#496392: The possibility of attack with the help of symlinks in some Debian packages 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Warning: Unknown package 'libmyspell3c2a' Bug marked as fixed in version 1:3.1-21, send any further explanations to Dmitry E. Oboukhov [EMAIL PROTECTED] archive 496392 Bug 496392 [myspell-tools,libmyspell3c2a] The possibility of attack with the help of symlinks in some Debian packages Warning: Unknown package 'libmyspell3c2a' archived 496392 to archive/92 (from 496392) deleted 496392 (from 496392) End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#502757: nut-cgi: piuparts test fails: chmod: cannot access `/etc/nut': No such file or directory
Arnaud Quette wrote: Hi Luk, checking back, seems I've pissed on my shoes, while playing with several packages at the same time! all apologies. should I re upload 2.2.2-6.1 or .2? .2 Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: unarchiving 496392, reassign 496392 to myspell-tools,libmyspell3c2a, closing 496392, closing 496392 ...
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.35 unarchive 496392 Bug 496392 [myspell-tools,libmyspell3c2a] The possibility of attack with the help of symlinks in some Debian packages Unarchived Bug 496392 Warning: Unknown package 'libmyspell3c2a' reassign 496392 myspell-tools,libmyspell3c2a Bug#496392: The possibility of attack with the help of symlinks in some Debian packages Warning: Unknown package 'libmyspell3c2a' Warning: Unknown package 'libmyspell3c2a' Bug reassigned from package `myspell-tools,libmyspell3c2a' to `myspell-tools,libmyspell3c2a'. close 496392 1:3.1-18etch1 Bug#496392: The possibility of attack with the help of symlinks in some Debian packages 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Warning: Unknown package 'libmyspell3c2a' Bug marked as fixed in version 1:3.1-18etch1, send any further explanations to Dmitry E. Oboukhov [EMAIL PROTECTED] close 496392 1:3.1-21 Bug#496392: The possibility of attack with the help of symlinks in some Debian packages 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Warning: Unknown package 'libmyspell3c2a' Bug marked as fixed in version 1:3.1-21, send any further explanations to Dmitry E. Oboukhov [EMAIL PROTECTED] archive 496392 Bug 496392 [myspell-tools,libmyspell3c2a] The possibility of attack with the help of symlinks in some Debian packages Warning: Unknown package 'libmyspell3c2a' archived 496392 to archive/92 (from 496392) deleted 496392 (from 496392) End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: unarchiving 496392, reassign 496392 to myspell-tools,libmyspell3c2, closing 496392, closing 496392 ...
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.35 unarchive 496392 Bug 496392 [myspell-tools,libmyspell3c2a] The possibility of attack with the help of symlinks in some Debian packages Unarchived Bug 496392 Warning: Unknown package 'libmyspell3c2a' reassign 496392 myspell-tools,libmyspell3c2 Bug#496392: The possibility of attack with the help of symlinks in some Debian packages Warning: Unknown package 'libmyspell3c2a' Bug reassigned from package `myspell-tools,libmyspell3c2a' to `myspell-tools,libmyspell3c2'. close 496392 1:3.1-18etch1 Bug#496392: The possibility of attack with the help of symlinks in some Debian packages 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 1:3.1-18etch1, send any further explanations to Dmitry E. Oboukhov [EMAIL PROTECTED] close 496392 1:3.1-21 Bug#496392: The possibility of attack with the help of symlinks in some Debian packages 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 1:3.1-21, send any further explanations to Dmitry E. Oboukhov [EMAIL PROTECTED] archive 496392 Bug 496392 [myspell-tools,libmyspell3c2] The possibility of attack with the help of symlinks in some Debian packages archived 496392 to archive/92 (from 496392) deleted 496392 (from 496392) End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503698: a56: alloc, fixstring implicitly converted to pointers
Package: a56 Version: 1.3-4 Severity: serious Tags: patch Our automated buildd log filter[1] detected a problem that is likely to cause your package to segfault on architectures where the size of a pointer is greater than the size of an integer, such as ia64 and amd64. Function `alloc' implicitly converted to pointer at keybld.c:76 Function `fixstring' implicitly converted to pointer at lex.c:83 This is often due to a missing function prototype definition. For more information, see [2]. Though it is guaranteed that this codepath will cause a segfault on certain architectures, it is not guaranteed that this codepath would ever be executed (e.g., if the returned pointer is never dereferenced). However, this bug does prevent the ia64 buildd from successfully building this package, resulting in a practical FTBFS issue and warranting the serious severity. [1] http://people.debian.org/~dannf/check-implicit-pointer-functions [2] http://wiki.debian.org/ImplicitPointerConversions -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: unarchiving 496392, reassign 496392 to myspell-tools,libmyspell-dev, closing 496392, closing 496392 ...
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.35 unarchive 496392 Bug 496392 [myspell-tools,libmyspell3c2] The possibility of attack with the help of symlinks in some Debian packages Unarchived Bug 496392 reassign 496392 myspell-tools,libmyspell-dev Bug#496392: The possibility of attack with the help of symlinks in some Debian packages Bug reassigned from package `myspell-tools,libmyspell3c2' to `myspell-tools,libmyspell-dev'. close 496392 1:3.1-18etch1 Bug#496392: The possibility of attack with the help of symlinks in some Debian packages 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 1:3.1-18etch1, send any further explanations to Dmitry E. Oboukhov [EMAIL PROTECTED] close 496392 1:3.1-21 Bug#496392: The possibility of attack with the help of symlinks in some Debian packages 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 1:3.1-21, send any further explanations to Dmitry E. Oboukhov [EMAIL PROTECTED] archive 496392 Bug 496392 [myspell-tools,libmyspell-dev] The possibility of attack with the help of symlinks in some Debian packages archived 496392 to archive/92 (from 496392) deleted 496392 (from 496392) End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503583: libgnokii4: should conflict with libgnokii3
Hi, Marcus Better wrote: dpkg: error processing /var/cache/apt/archives/libgnokii4_0.6.27.dfsg-1_amd64.deb (--unpack): trying to overwrite `/usr/lib/libgnokii.so.4.0.0', which is also in package libgnokii3 The current version of libgnokii3 in unstable doesn't have the file libgnokii.so.4.0.0 [0], did you perhaps compile it yourself with the newer version (0.6.27), or get it from another source? Cheers [0] http://packages.debian.org/sid/amd64/libgnokii3/filelist -- Leo costela Antunes [insert a witty retort here] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503591: Please don't include yet another copy of tzdata in the archive
Roberto C. Sánchez wrote: All that said, should I hold off uploading libactivesupport-ruby since it will depend on libtzinfo-ruby? Well, ideally, you (or upstream) would create something for ruby that works properly in the sense that it uses the tzinfo data. The timezone definitions are enough of a dance as is (because they seem to change too frequent, just look at stable,volatile,testing-updtates) and make whatever needs timezone information in ruby use that. I'm all for batteries included and all that, but for Debian users there really is no added value and enough hassle in the current approach to not want that. As for holding back stuff, I'll leave that to your judgement (and your expectation how fast you can resolve stuff with upstream). I do intend to work with upstream as suggested. Thanks! Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503702: lockvc: Segfaults.
Package: lockvc Version: 4.0.5-6 Severity: serious Hi, It seems that lockvc sometimes segfaults on me. It's not doing it all time, but atleast once a week. I'm setting it to serious since the console is unlocked at that point, and so I consider it to be not useful at all. I've switched to vlock now. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#468793: tokyocabinet - FTBFS: pthread_mutex_lock.c:71: __pthread_mutex_lock: Assertion `mutex-__data.__owner == 0' failed.
Julien Danjou wrote: At 1224427706 time_t, Pierre Habouzit wrote: Not that I'm aware of, and it's probably a bug in s390 assembly, and actually not a tokyocabinet bug _at all_. So unless upstream knows s390 assembly... I don't think he can help a lot :) After discussing with Pierre, it seems that #479952 (blocker of this bug) will not be fixed unless some porters move theirs asses and hunt him down, which isn't very likely to happen before Lenny got released, adding that this one has only important severity. Pierre does not want to drop build tests like I proposed, which I understand. Adding that tokyocabinet thread support is not used by any Debian application, the fact that the tests fail is not critical to us. Therefore, I suggest to make a decision and to tag this bug lenny-ignore. Maybe we could forward this bug to Martin Schwidefsky [EMAIL PROTECTED], who is the glibc s390 maintainer and who works for IBM on the s390 Linux port. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#499078: alignment patch
Hi Kees, On Sun, 26 Oct 2008, Kees Cook wrote: How about this patch as an alternative, which doesn't change the semantics of the array, but makes sure it is aligned. After applying only your patch, it still crashes in log_work.c. (So, I guess it works as well as my patch to super.c, although that wasn't the part I was worried about.) I did think of patching super.c by specifying alignment, but didn't think upstream would accept use of GCC extensions. Also, declaring the array as what it is used as just seems cleaner overall, although it does allocate an extra 136 bytes on the stack. (Is that the semantic change you are worried about?) Anyways, the semantic change I was worried about was the change to dip in log_work.c, since I'm not entirely sure whether something else might be changing *data. Ivan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed (with 3 errors): unarchive bugs still affecting testing or unstable.
Processing commands for [EMAIL PROTECTED]: # I'm unarchiving bugs that at some point got fixed, got archived # but the BTS now thinks are still present in testing or unstable. # Most likely those bugs got fixed in an NMU and the changelog entry # for the NMU is not in the latest version anymore. In almost all # cases the changelog entry for the version that closed the version # is now missing. Those bugs then need to get closed in the version # following the NMU. # NMU changelog missing unarchive 481393 Bug 481393 [qtractor] qtractor - FTBFS: error: '::atexit' has not been declared Unarchived Bug 481393 fixed 481393 0.2.1-1 Bug#481393: qtractor - FTBFS: error: '::atexit' has not been declared Bug marked as fixed in version 0.2.1-1. archive 481393 Bug 481393 [qtractor] qtractor - FTBFS: error: '::atexit' has not been declared archived 481393 to archive/93 (from 481393) deleted 481393 (from 481393) # changelog entry missing, but was fixed in new version anyway unarchive 477965 Bug 477965 [php-net-socket] php-net-socket: FTBFS: /bin/sh: /usr/bin/pear: No such file or directory Unarchived Bug 477965 fixed 477965 1.0.9-1 Bug#477965: php-net-socket: FTBFS: /bin/sh: /usr/bin/pear: No such file or directory Bug marked as fixed in version 1.0.9-1. archive 477965 Bug 477965 [php-net-socket] php-net-socket: FTBFS: /bin/sh: /usr/bin/pear: No such file or directory archived 477965 to archive/65 (from 477965) deleted 477965 (from 477965) # changelog entry missing, same bug fixed in 1.3.2-2 unarchive 428957 Bug 428957 [lxml] lxml - FTBFS: /usr/bin/ld: cannot find -lz Bug 428848 [lxml] lxml - FTBFS: cannot find -lz Unarchived Bug 428957 Unarchived Bug 428848 fixed 428957 1.3.2-2 Bug#428957: lxml - FTBFS: /usr/bin/ld: cannot find -lz Bug#428848: lxml - FTBFS: cannot find -lz Bug marked as fixed in version 1.3.2-2. archive 428957 Bug 428957 [lxml] lxml - FTBFS: /usr/bin/ld: cannot find -lz Bug 428848 [lxml] lxml - FTBFS: cannot find -lz archived 428957 to archive/57 (from 428957) deleted 428957 (from 428957) archived 428848 to archive/48 (from 428957) deleted 428848 (from 428957) # Conflict got added in 1 of the packages unarchive 411070 Bug 411070 [libsieve2-1,libmailutils1] libsieve2-1: Duplicate file with libmailutils1 Unarchived Bug 411070 reassign 411070 mailutils Bug#411070: libsieve2-1: Duplicate file with libmailutils1 Bug reassigned from package `libsieve2-1,libmailutils1' to `mailutils'. fixed 1:1.2+dfsg1-2 Unknown command or malformed arguments to command. archive 411070 Bug 411070 [mailutils] libsieve2-1: Duplicate file with libmailutils1 archived 411070 to archive/70 (from 411070) deleted 411070 (from 411070) # changelog has entries in wrong order. 2.4.36-1 seems to be # to also have fixed it, but never really got uploaded. unarchive 403673 Bug 403673 [libattr1] /lib/libacl.so.1: symbol getxattr, version ATTR_1.0 not defined in file libattr.so.1 with link time reference Bug 403585 [libattr1] Regression in 2.4.35-1 Bug 403587 [libattr1] libattr1: Upgrade renders ls unuseable Bug 403590 [libattr1] ls -l does not work any longer Bug 403592 [libattr1] libattr1: relocation error: /lib/libacl.so.1: Bug 403599 [libattr1] Regression in 2.2.42-1 Bug 403601 [libattr1] tex-common: unable to install because of cp Bug 403651 [libattr1] libacl1: symbol setxattr ATTR_1.0 not defined libattr.so.1 (ATTR_1.1) Unarchived Bug 403673 Unarchived Bug 403585 Unarchived Bug 403587 Unarchived Bug 403590 Unarchived Bug 403592 Unarchived Bug 403599 Unarchived Bug 403601 Unarchived Bug 403651 fixed 403673 2.4.36-1 Bug#403673: /lib/libacl.so.1: symbol getxattr, version ATTR_1.0 not defined in file libattr.so.1 with link time reference Bug#403585: Regression in 2.4.35-1 Bug#403587: libattr1: Upgrade renders ls unuseable Bug#403590: ls -l does not work any longer Bug#403592: libattr1: relocation error: /lib/libacl.so.1: Bug#403599: Regression in 2.2.42-1 Bug#403601: tex-common: unable to install because of cp Bug#403651: libacl1: symbol setxattr ATTR_1.0 not defined libattr.so.1 (ATTR_1.1) Bug marked as fixed in version 2.4.36-1. unarchive 403651 Bug [] # Package filed against and bug closed in are not the same. There # wasn't really anything that should get fixed, removing closed # version. unarchive 312584 Bug 312584 [librsvg2-bin] librsvg2-bin: current version of package depends on packages outside unstable Unarchived Bug 312584 notfixed 312584 2.10.2-2 Bug#312584: librsvg2-bin: current version of package depends on packages outside unstable Bug no longer marked as fixed in version 2.10.2-2. archive 312584 Bug 312584 [librsvg2-bin] librsvg2-bin: current version of package depends on packages outside unstable archived 312584 to archive/84 (from 312584) deleted 312584 (from 312584) # Version not in changelog, and wrong fixed version anyway unarchive 311062 Bug 311062 [liblscp] liblscp: FTBFS: ./configure: Permission denied Unarchived Bug 311062 notfixed 311062 0.2.cvs20050530-1
Processed (with 1 errors): unarchiving 411070, fixed 411070 in 1:1.2+dfsg1-2, archiving 411070
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.35 unarchive 411070 Bug 411070 [mailutils] libsieve2-1: Duplicate file with libmailutils1 Unarchived Bug 411070 fixed 411070 1:1.2+dfsg1-2 Bug#411070: libsieve2-1: Duplicate file with libmailutils1 Bug marked as fixed in version 1:1.2+dfsg1-2. archive 411070 Bug 411070 cannot be archived End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: archiving 403673
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.35 archive 403673 Bug 403673 [libattr1] /lib/libacl.so.1: symbol getxattr, version ATTR_1.0 not defined in file libattr.so.1 with link time reference Bug 403585 [libattr1] Regression in 2.4.35-1 Bug 403587 [libattr1] libattr1: Upgrade renders ls unuseable Bug 403590 [libattr1] ls -l does not work any longer Bug 403592 [libattr1] libattr1: relocation error: /lib/libacl.so.1: Bug 403599 [libattr1] Regression in 2.2.42-1 Bug 403601 [libattr1] tex-common: unable to install because of cp Bug 403651 [libattr1] libacl1: symbol setxattr ATTR_1.0 not defined libattr.so.1 (ATTR_1.1) archived 403673 to archive/73 (from 403673) deleted 403673 (from 403673) archived 403585 to archive/85 (from 403673) deleted 403585 (from 403673) archived 403587 to archive/87 (from 403673) deleted 403587 (from 403673) archived 403590 to archive/90 (from 403673) deleted 403590 (from 403673) archived 403592 to archive/92 (from 403673) deleted 403592 (from 403673) archived 403599 to archive/99 (from 403673) deleted 403599 (from 403673) archived 403601 to archive/01 (from 403673) deleted 403601 (from 403673) archived 403651 to archive/51 (from 403673) deleted 403651 (from 403673) End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503713: overwrittes manually modified /etc/default/bindgraph on upgrade
Package: bindgraph Version: 0.2a-3.1 Severity: serious Justification: Policy 10.7.3 I've just upgraded bindgraph and as all the other upgrades it is replacing the content for /etc/default/bindgraph with an automatically generated one using the debconf settings. The diff between the previous content and new one reported by logwatch is: Changes made to /etc/default/bindgraph follow: @@ -1,3 +1,3 @@ LOG_FORMAT=bind93 -DNS_LOG=/var/log/bind9/query.log +DNS_LOG=/var/log/bind9-query.log According to policy 10.7.3 [1] regarding conffiles: local changes must be preserved during a package upgrade Thanks [1] http://www.debian.org/doc/debian-policy/ch-files.html#s10.7.3 -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable'), (500, 'proposed-updates'), (500, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.24-etchnhalf.1-amd64 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages bindgraph depends on: ii debconf [debconf-2.0]1.5.11etch2 Debian configuration management sy ii libfile-tail-perl0.98-5 File::Tail perl module ii librrds-perl 1.2.15-0.3 Time-series data storage and displ Versions of packages bindgraph recommends: ii apache2-mpm-prefork [http 2.2.3-4+etch6 Traditional model for Apache HTTPD ii bind9 1:9.3.4-2etch3 Internet Domain Name Server -- debconf information: bindgraph/logfile: /var/log/bind9-query.log bindgraph/configure_bind: bindgraph/stay_on_purge: true bindgraph/start_on_boot: true -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#468793: tokyocabinet - FTBFS: pthread_mutex_lock.c:71: __pthread_mutex_lock: Assertion `mutex-__data.__owner == 0' failed.
At 1225129482 time_t, Moritz Muehlenhoff wrote: Maybe we could forward this bug to Martin Schwidefsky [EMAIL PROTECTED], who is the glibc s390 maintainer and who works for IBM on the s390 Linux port. Why not. Martin, do you have any clue about bug #479952? http://bugs.debian.org/479952 Cheers, -- Julien Danjou .''`. Debian Developer : :' : http://julien.danjou.info `. `' http://people.debian.org/~acid `- 9A0D 5FD9 EB42 22F6 8974 C95C A462 B51E C2FE E5CD signature.asc Description: Digital signature
Bug#503591: Please don't include yet another copy of tzdata in the archive
On Mon, Oct 27, 2008 at 06:29:39PM +0100, Thomas Viehmann wrote: Roberto C. Sánchez wrote: All that said, should I hold off uploading libactivesupport-ruby since it will depend on libtzinfo-ruby? Well, ideally, you (or upstream) would create something for ruby that works properly in the sense that it uses the tzinfo data. The timezone definitions are enough of a dance as is (because they seem to change too frequent, just look at stable,volatile,testing-updtates) and make whatever needs timezone information in ruby use that. I'm all for batteries included and all that, but for Debian users there really is no added value and enough hassle in the current approach to not want that. As for holding back stuff, I'll leave that to your judgement (and your expectation how fast you can resolve stuff with upstream). OK. I understand the need to get this sorted out rather quickly. However, I think that leaving the current libactivesupport-ruby as is may have the potential for more problems (using embedded sources of other packages is generally considered bad). So, I will go ahead and perform the upload. I will contact upstream and least inform them of the problem and see what can be done. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com signature.asc Description: Digital signature
Bug#501306: update-grub fails silently with wrong device.map
On Thu, Oct 23, 2008 at 05:45:40PM +0200, Felix Zielcke wrote: Attached is now an ugly patch which would display the grub-probe error Check your device.map if it fails. Else I had the idea to make an environment variable like GRUB_PROBE_HIDE_ERRORS=1 which would hide the output of grub_print_error() but then we would need to change grub-common and grub package to fix this bug. What do you think Robert? Sounds like a good idea. Except that the message in first hunk is not correct (it should say Cannot find a device for $1 or something like that). Thanks Felix for finding a way out of this! Index: update-grub === --- update-grub (revision 1080) +++ update-grub (working copy) @@ -115,7 +115,8 @@ find_device () if ! test -e ${device_map} ; then echo quit | grub --batch --no-floppy --device-map=${device_map} /dev/null fi - grub-probe --device-map=${device_map} -t device $1 2 /dev/null + grub-probe --device-map=${device_map} -t device $1 2 /dev/null || \ + (echo Cannot find a GRUB drive for $1. Check your device.map. exit 1) } # Usage: convert_raid1 os_device @@ -152,7 +153,8 @@ convert () { if ! test -e ${device_map} ; then echo quit | grub --batch --no-floppy --device-map=${device_map} /dev/null fi - GRUB_LEGACY_0_BASED_PARTITIONS=1 grub-probe --device-map=${device_map} -t drive -d $1 2 /dev/null + GRUB_LEGACY_0_BASED_PARTITIONS=1 grub-probe --device-map=${device_map} -t drive -d $1 2 /dev/null || \ +(echo Cannot find a GRUB drive for $1. Check your device.map. exit 1) } # Usage: convert_default os_device -- Robert Millan The DRM opt-in fallacy: Your data belongs to us. We will decide when (and how) you may access your data; but nobody's threatening your freedom: we still allow you to remove your data and not access it at all. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503144: marked as done (FTBFS on armel: gsf-scan, ** ERROR **: Compilation trouble with endianess.)
Your message dated Mon, 27 Oct 2008 19:02:08 + with message-id [EMAIL PROTECTED] and subject line Bug#503144: fixed in libgsf 1.14.8-1lenny1 has caused the Debian Bug report #503144, regarding FTBFS on armel: gsf-scan, ** ERROR **: Compilation trouble with endianess. to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 503144: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503144 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: libgsf Version: 1.14.9-1 Severity: serious Found on all gsf versions since 1.14.9-1: -snip- creating gsf-scan gtk-doc: Running scanner gsf-scan ** ERROR **: Compilation trouble with endianess. aborting... sh: line 1: 7588 Aborted ( ./gsf-scan ) -snip- Full build log: http://buildd.debian.org/fetch.cgi?pkg=libgsfarch=armelver=1.14.10-2stamp=1224698766file=logas=raw Looking at the error in sources, it seems like floating point issue. Armel (arm eabi) has natural floating point order. ---End Message--- ---BeginMessage--- Source: libgsf Source-Version: 1.14.8-1lenny1 We believe that the bug you reported is fixed in the latest version of libgsf, which is due to be installed in the Debian FTP archive: libgsf-1-114-dbg_1.14.8-1lenny1_amd64.deb to pool/main/libg/libgsf/libgsf-1-114-dbg_1.14.8-1lenny1_amd64.deb libgsf-1-114_1.14.8-1lenny1_amd64.deb to pool/main/libg/libgsf/libgsf-1-114_1.14.8-1lenny1_amd64.deb libgsf-1-common_1.14.8-1lenny1_all.deb to pool/main/libg/libgsf/libgsf-1-common_1.14.8-1lenny1_all.deb libgsf-1-dev_1.14.8-1lenny1_amd64.deb to pool/main/libg/libgsf/libgsf-1-dev_1.14.8-1lenny1_amd64.deb libgsf-bin_1.14.8-1lenny1_amd64.deb to pool/main/libg/libgsf/libgsf-bin_1.14.8-1lenny1_amd64.deb libgsf-gnome-1-114-dbg_1.14.8-1lenny1_amd64.deb to pool/main/libg/libgsf/libgsf-gnome-1-114-dbg_1.14.8-1lenny1_amd64.deb libgsf-gnome-1-114_1.14.8-1lenny1_amd64.deb to pool/main/libg/libgsf/libgsf-gnome-1-114_1.14.8-1lenny1_amd64.deb libgsf-gnome-1-dev_1.14.8-1lenny1_amd64.deb to pool/main/libg/libgsf/libgsf-gnome-1-dev_1.14.8-1lenny1_amd64.deb libgsf_1.14.8-1lenny1.diff.gz to pool/main/libg/libgsf/libgsf_1.14.8-1lenny1.diff.gz libgsf_1.14.8-1lenny1.dsc to pool/main/libg/libgsf/libgsf_1.14.8-1lenny1.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. J.H.M. Dassen (Ray) [EMAIL PROTECTED] (supplier of updated libgsf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 27 Oct 2008 19:26:55 +0100 Source: libgsf Binary: libgsf-gnome-1-dev libgsf-gnome-1-114-dbg libgsf-gnome-1-114 libgsf-1-114-dbg libgsf-1-dev libgsf-1-114 libgsf-1-common libgsf-bin Architecture: source all amd64 Version: 1.14.8-1lenny1 Distribution: testing Urgency: medium Maintainer: J.H.M. Dassen (Ray) [EMAIL PROTECTED] Changed-By: J.H.M. Dassen (Ray) [EMAIL PROTECTED] Description: libgsf-1-114 - Structured File Library - runtime version libgsf-1-114-dbg - Structured File Library - debugging files (basic version) libgsf-1-common - Structured File Library - common files libgsf-1-dev - Structured File Library - development files (basic version) libgsf-bin - Structured File Library - programs libgsf-gnome-1-114 - Structured File Library - runtime version for GNOME libgsf-gnome-1-114-dbg - Structured File Library - debugging files for GNOME libgsf-gnome-1-dev - Structured File Library - development files for GNOME Closes: 503144 Changes: libgsf (1.14.8-1lenny1) testing; urgency=medium . * Fix silent data corruption bug http://bugzilla.gnome.org/show_bug.cgi?id=350973: Gnumeric's import and export of floating point constants in xls files was broken on Nokia 770 / armel: [gsf/gsf-utils.c] * Natural endian doubles aren't just used on VFP enabled ARM, but on ARM with EABI as well. Adjust the logic for defining G_FLOAT_BYTE_ORDER accordingly. Patch courtesy of Riku Voipio [EMAIL PROTECTED]. (Closes: #503144) * Add self-check code for decoding of little endian doubles, taken from newer upstream releases. Checksums-Sha1: 822f8fffe1c0b4fef821f561defb3c9333e6fb32 1377 libgsf_1.14.8-1lenny1.dsc
Bug#503367: [Debian-med-packaging] Bug#503367: plink: file conflict with putty-tools
Hello, plink has just made it to the archive. Teodor happened to have nicely explained my objections to rename plink. Dear Colin, if you don't mind too much, or if you could be bribed with a few beers, please be so kind to rename the plink binary package. Many thanks and best regards, Steffen (who should have checked and asked prior to his upload) Teodor schrieb: On Sat, Oct 25, 2008 at 12:24 PM, Charles Plessy [EMAIL PROTECTED] wrote: Both programs are intended for command line, and could be used in scripts. We may even find users who want to install both at the same time. Very annoying… Since Plink is younger than Putty, I think that the burden of the renaming is for us (the Debian Med packaging team). I plan to rename /usr/bin/plink to /usr/bin/Plink, that would be a symbolic link to /usr/lib/plink/plink so that with an appropriate PATH, users can rescue their scripts. Since renaming seems to be the only solution, than IMO it is more appropriate to rename 'plink' in putty-tools than in the plink packages since this is exactly the source/binary package name. This has been done already in putty-tools for the 'puttygen' binary. Thanks piti:~# dpkg -L putty-tools [snip] /usr/bin/pscp /usr/bin/psftp /usr/bin/plink /usr/bin/puttygen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#503633: python-csoundac: Missing dependency on python-csound
Processing commands for [EMAIL PROTECTED]: found 503633 1:5.08.0.dfsg2-8 Bug#503633: python-csoundac: Missing dependency on python-csound Bug marked as found in version 1:5.08.0.dfsg2-8. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503633: python-csoundac: Missing dependency on python-csound
found 503633 1:5.08.0.dfsg2-8 thanks El 27/10/08 02:07 James Vega escribió: Package: python-csoundac Version: 1:5.08.2~dfsg-1 Severity: serious Justification: Policy 3.5 % python Python 2.5.2 (r252:60911, Sep 29 2008, 21:15:13) [GCC 4.3.2] on linux2 Type help, copyright, credits or license for more information. import CsoundAC Traceback (most recent call last): File stdin, line 1, in module File /usr/lib/python2.5/site-packages/CsoundAC.py, line 5527, in module import csnd ImportError: No module named csnd The csnd module is provided by python-csound. Duh, I thought this was supposed to be handled by ${python:Depends}. Apparently it doesn't. This may take a while to get uploaded (new upstream version with lots of changes to review), but is already fixed in git. Saludos, Felipe Sateler signature.asc Description: This is a digitally signed message part.
Bug#503303: etch - lenny minimal chroot upgrade fails due to Conflicts/Pre-Depends loop
Here is how I do to reproduce the bug: [EMAIL PROTECTED]:~$ mkdir test [EMAIL PROTECTED]:~$ sudo piuparts -m http://ftp.belnet.be/debian/ main -s \ etch_root.tar.gz -d etch -a hddtemp -t test [EMAIL PROTECTED]:~$ rm -Rf test/* [EMAIL PROTECTED]:~$ sudo tar -xzf etch_root.tar.gz -C test/ [EMAIL PROTECTED]:~$ cd test [EMAIL PROTECTED]:~/test$ sudo chroot . [EMAIL PROTECTED]:/# apt-get update [EMAIL PROTECTED]:/# apt-get dist-upgrade [EMAIL PROTECTED]:/# sed -i s/etch/lenny/ /etc/apt/sources.list [EMAIL PROTECTED]:/# apt-get update [EMAIL PROTECTED]:/# apt-get dist-upgrade Reading package lists... Done Building dependency tree... Done Calculating upgrade... Done The following NEW packages will be installed: debconf debconf-i18n gcc-4.3-base libdb4.6 liblocale-gettext-perl libtext-charwidth-perl libtext-iconv-perl libtext-wrapi18n-perl lzma passwd The following packages will be upgraded: apt base-files base-passwd bash bsdutils coreutils debian-archive-keyring debianutils diff dpkg e2fslibs e2fsprogs findutils gcc-4.1-base gnupg gpgv grep gzip hostname initscripts libacl1 libattr1 libblkid1 libbz2-1.0 libc6 libcomerr2 libdb4.2 libgcc1 libgcrypt11 libgpg-error0 libncurses5 libpam-modules libpam-runtime libpam0g libreadline5 libsasl2-2 libselinux1 libsepol1 libslang2 libss2 libstdc++6 libtasn1-3 libusb-0.1-4 libuuid1 login lsb-base makedev mawk mktemp mount ncurses-base ncurses-bin perl-base readline-common sed sysv-rc sysvinit sysvinit-utils tar tzdata util-linux zlib1g 62 upgraded, 10 newly installed, 0 to remove and 0 not upgraded. Need to get 27.4MB of archives. After unpacking 13.5MB of additional disk space will be used. Do you want to continue [Y/n]? WARNING: The following packages cannot be authenticated! gcc-4.3-base libc6 libstdc++6 lzma apt dpkg perl-base liblocale-gettext-perl libtext-iconv-perl libtext-charwidth-perl libtext-wrapi18n-perl debconf-i18n debconf tzdata libgcc1 libbz2-1.0 readline-common libncurses5 libreadline5 libusb-0.1-4 zlib1g gpgv gnupg debian-archive-keyring base-passwd base-files debianutils bash libselinux1 coreutils diff libcomerr2 libblkid1 e2fslibs e2fsprogs libpam-runtime libpam0g libdb4.6 libpam-modules passwd libuuid1 findutils grep gzip hostname login mktemp mount ncurses-bin sed libsepol1 sysvinit tar libslang2 lsb-base util-linux bsdutils ncurses-base sysvinit-utils mawk initscripts libattr1 libacl1 libss2 sysv-rc libgpg-error0 libgcrypt11 libsasl2-2 libtasn1-3 makedev gcc-4.1-base libdb4.2 Authentication warning overridden. Get:1 http://ftp.belnet.be lenny/main gcc-4.3-base 4.3.2-1 [103kB] Get:2 http://ftp.belnet.be lenny/main libc6 2.7-14 [4438kB] Get:3 http://ftp.belnet.be lenny/main libstdc++6 4.3.2-1 [333kB] Get:4 http://ftp.belnet.be lenny/main lzma 4.43-14 [57.5kB] Get:5 http://ftp.belnet.be lenny/main apt 0.7.14+b1 [1619kB] Get:6 http://ftp.belnet.be lenny/main dpkg 1.14.22 [2295kB] Get:7 http://ftp.belnet.be lenny/main perl-base 5.10.0-16 [964kB] Get:8 http://ftp.belnet.be lenny/main liblocale-gettext-perl 1.05-4 [21.0kB] Get:9 http://ftp.belnet.be lenny/main libtext-iconv-perl 1.7-1+b1 [16.9kB] Get:10 http://ftp.belnet.be lenny/main libtext-charwidth-perl 0.04-5+b1 [11.6kB] Get:11 http://ftp.belnet.be lenny/main libtext-wrapi18n-perl 0.06-6 [8828B] Get:12 http://ftp.belnet.be lenny/main debconf-i18n 1.5.22 [172kB] Get:13 http://ftp.belnet.be lenny/main debconf 1.5.22 [153kB] Get:14 http://ftp.belnet.be lenny/main tzdata 2008h-2 [742kB] Get:15 http://ftp.belnet.be lenny/main libgcc1 1:4.3.2-1 [25.7kB] Get:16 http://ftp.belnet.be lenny/main libbz2-1.0 1.0.5-1 [44.9kB] Get:17 http://ftp.belnet.be lenny/main readline-common 5.2-3 [50.8kB] Get:18 http://ftp.belnet.be lenny/main libncurses5 5.6+20080830-1 [333kB] Get:19 http://ftp.belnet.be lenny/main libreadline5 5.2-3 [129kB] Get:20 http://ftp.belnet.be lenny/main libusb-0.1-4 2:0.1.12-12 [20.1kB] Get:21 http://ftp.belnet.be lenny/main zlib1g 1:1.2.3.3.dfsg-12 [73.2kB] Get:22 http://ftp.belnet.be lenny/main gpgv 1.4.9-3 [143kB] Get:23 http://ftp.belnet.be lenny/main gnupg 1.4.9-3 [1943kB] Get:24 http://ftp.belnet.be lenny/main debian-archive-keyring 2008.04.16+nmu1 [10.8kB] Get:25 http://ftp.belnet.be lenny/main base-passwd 3.5.19 [39.3kB] Get:26 http://ftp.belnet.be lenny/main base-files 4.0.5 [61.4kB] Get:27 http://ftp.belnet.be lenny/main debianutils 2.30 [55.4kB] Get:28 http://ftp.belnet.be lenny/main bash 3.2-4 [586kB] Get:29 http://ftp.belnet.be lenny/main libselinux1 2.0.65-5 [72.5kB] Get:30 http://ftp.belnet.be lenny/main coreutils 6.10-6 [3751kB] Get:31 http://ftp.belnet.be lenny/main diff 2.8.1-12 [187kB] Get:32 http://ftp.belnet.be lenny/main libcomerr2 1.41.2-1 [41.4kB] Get:33 http://ftp.belnet.be lenny/main libblkid1 1.41.2-1 [56.4kB] Get:34 http://ftp.belnet.be lenny/main e2fslibs 1.41.2-1 [131kB] Get:35 http://ftp.belnet.be lenny/main e2fsprogs 1.41.2-1 [768kB] Get:36 http://ftp.belnet.be
Processed: Re: Bug#503583: libgnokii4: should conflict with libgnokii3
Processing commands for [EMAIL PROTECTED]: notfound 503583 0.6.27.dfsg-1 Bug#503583: libgnokii4: should conflict with libgnokii3 Bug no longer marked as found in version 0.6.27.dfsg-1. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503583: marked as done (libgnokii4: should conflict with libgnokii3)
Your message dated Mon, 27 Oct 2008 21:36:14 +0100 with message-id [EMAIL PROTECTED] and subject line Re: Bug#503583: libgnokii4: should conflict with libgnokii3 has caused the Debian Bug report #503583, regarding libgnokii4: should conflict with libgnokii3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 503583: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503583 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: libgnokii4 Severity: serious Version: 0.6.27.dfsg-1 gnokii-smsd cannot be upgraded on my system due to a conflict between libgnokii4 and libgnokii3. ~$ sudo aptitude -t unstable install libgnokii4 Reading package lists... Done Building dependency tree Reading state information... Done Reading extended state information Initializing package states... Done The following NEW packages will be installed: libgnokii4 The following partially installed packages will be configured: gnokii-smsd 0 packages upgraded, 1 newly installed, 0 to remove and 228 not upgraded. Need to get 0B/256kB of archives. After unpacking 664kB will be used. Writing extended state information... Done (Reading database ... 141666 files and directories currently installed.) Unpacking libgnokii4 (from .../libgnokii4_0.6.27.dfsg-1_amd64.deb) ... dpkg: error processing /var/cache/apt/archives/libgnokii4_0.6.27.dfsg-1_amd64.deb (--unpack): trying to overwrite `/usr/lib/libgnokii.so.4.0.0', which is also in package libgnokii3 dpkg-deb: subprocess paste killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/libgnokii4_0.6.27.dfsg-1_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) A package failed to install. Trying to recover: dpkg: dependency problems prevent configuration of gnokii-smsd: gnokii-smsd depends on libgnokii4; however: Package libgnokii4 is not installed. dpkg: error processing gnokii-smsd (--configure): dependency problems - leaving unconfigured Errors were encountered while processing: gnokii-smsd Reading package lists... Done Building dependency tree Reading state information... Done Reading extended state information Initializing package states... Done -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.27-melech (SMP w/2 CPU cores; PREEMPT) Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash ---End Message--- ---BeginMessage--- -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 notfound 503583 0.6.27.dfsg-1 thanks Leo 'costela' Antunes wrote: The current version of libgnokii3 in unstable doesn't have the file libgnokii.so.4.0.0 [0], did you perhaps compile it yourself Ah, yes! I did compile it myself. Don't know how I could forget. Very sorry about that! Thanks, Marcus -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkGJjoACgkQXjXn6TzcAQnaMACg4V7pvDDkbQgjmq95YNWILJkb WTIAnRMSeYHMtc8GlHeGXKknHlNYOxwI =Qlp/ -END PGP SIGNATURE- ---End Message---
Bug#503303: Bug#503712: etch-lenny upgrade left the system in broken state
Hi, I'm pretty sure this bug is a duplicate of 503303, which look like duplicates of #464559 (merged with #466027, #466695, #467059, #475530). Unfortunatly those bugs are closed in sid/lenny, but thats exactly the problem here (as we cannot upgrade apt in an etch pointrelease as upgrades need to work whithout applying all pointreleases), which then leads to the solution: apt has to be upgraded to lenny before the rest and this needs to be documented in the release-notes. So, forcemerge and reassign?! regards, Holger pgpWTvleDrfp3.pgp Description: PGP signature