date:20170103

Ontdek de kredietwaardigheid van Rossignol M-R

2017-01-03 Thread Creditsafe

Benieuwd naar de kredietwaardigheid van uw bedrijf?

Graag meer info:
http://www.kapamedia.eu/creditsafe/form.htm?lng=nl=creditsafe_campaign=creditsafe_source=admr_medium=email=debian-glibc@lists.debian.org

Hoe scoort uw bedrijf?

B2B bedrijven kijken steeds naar de financiële gezondheid van hun klanten,
leveranciers en concurrenten, om zo achteraf de nodige risico's te
vermijden.

Met meer dan 190 miljoen bedrijfsrapporten online en direct beschikbaar
over 52 landen, maakt van Creditsafe de meest gebruikte leverancier van
handelsinformatie.

Meer dan 90.000 klanten en 200.000 gebruikers wereldwijd maken dagelijkse
beslissingen betreft hun klanten, leveranciers en concurrenten a.d.h.v.
onze informatie.

De kans is dus zeer reëel dat uw bedrijf al verschillende keren is bekeken
door onze klanten.

Bent u ook benieuwd hoe andere bedrijven uw onderneming te zien krijgen en
hoe financieel gezond uw B2B relaties zijn?

Mijn kredietwaardigheid kennen:
http://www.kapamedia.eu/creditsafe/form.htm?lng=nl=creditsafe_campaign=creditsafe_source=admr_medium=email=debian-glibc@lists.debian.org
---
Online versie:
http://kapateco.fb.kp.kpmail.be/c73/e7282488/hdfb1a/l3130/index.html
Deze e-mail werd verstuurd naar debian-glibc@lists.debian.org.
Profiel aanpassen:
http://kapateco.fb.kp.kpmail.be/c73/e7282488/hdfb1a/l3132/index.html
Uitschrijven:
http://kapateco.fb.kp.kpmail.be/c73/e7282488/hdfb1a/l3131/index.html
Privacy policy:
http://kapateco.fb.kp.kpmail.be/c73/e7282488/hdfb1a/l3133/index.html
Powered by Addemar: http://poweredby.addemar.com/

Processed: Use jrt...@debian.org as submitter/owner everywhere

2017-01-03 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

> # bugs with submitter jrt...@jrtc27.com
> submitter 842780 !
Bug #842780 {Done: Clint Adams } [src:ghc] Fix SIGBUS on 
sparc64
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 840423 !
Bug #840423 {Done: Martín Ferrari } 
[src:golang-golang-x-sys] New upstream version with sparc64 support
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 835823 !
Bug #835823 [src:llvm-toolchain-3.8] Polly's imath assumes little-endian
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 840574 !
Bug #840574 {Done: Matthias Klose } [src:gcc-6] Please 
backport libgo fixes for sparc64
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 822175 !
Bug #822175 [src:firefox] Support for GNU/Hurd
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 823937 !
Bug #823937 [gcc-5] gcc -E has __DATE__/__TIME__ as Jan 1 1970 00:00:00
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 847073 !
Bug #847073 {Done: Timo Aaltonen } 
[xserver-xorg-video-intel] segfaults due to missing NULL check in 
has_connector_backlight
Bug #847229 {Done: Timo Aaltonen } 
[xserver-xorg-video-intel] xserver-xorg-video-intel: Xserver crashes when 
Option "AccelMethod" "sna" is enables in xorg.conf
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 816155 !
Bug #816155 [libc6] Assertion failure in gethostbyname 
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 832584 !
Bug #832584 {Done: James Clarke } [src:elfutils] Fix build 
on sparc64
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 822176 !
Bug #822176 [src:firefox-esr] Support for GNU/Hurd
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 839590 !
Bug #839590 [mdadm] Bus error when accessing MBR partition records
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 841124 !
Bug #841124 {Done: James Clarke } [src:elfutils] FTBFS on 
amd64
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 824403 !
Bug #824403 [wnpp] O: pvm -- Parallel Virtual Machine
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 835824 !
Bug #835824 [llvm-toolchain-3.9] Polly's imath assumes little-endian
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 835825 !
Bug #835825 [llvm-toolchain-snapshot] Polly's imath assumes little-endian
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 849002 !
Bug #849002 {Done: Osamu Aoki } [debian-reference] Nonsense 
after ftp.XX.d.o -> deb.d.o
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 820948 !
Bug #820948 [gitpkg] gitpkg: Please add a cowbuilder exit hook
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 829260 !
Bug #829260 [src:guile-2.0] FTCBFS for alpha
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 841310 !
Bug #841310 {Done: Norbert Preining } 
[texlive-extra-utils] Add manpage for a5toa4
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 849542 !
Bug #849542 {Done: Matthias Klose } [gcc-6] PIE specs ignored 
even with DEB_BUILD_MAINT_OPTIONS hardening
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> submitter 835606 !
Bug #835606 {Done: Sylvestre Ledru } 
[src:llvm-toolchain-3.8] polly pulls in outdated bundled jsoncpp headers
Changed Bug submitter to 'James Clarke ' from 'James Clarke 
'.
> # bugs with owner jrt...@jrtc27.com
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
816155: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816155
820948: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820948
822175: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822175
822176:

Re: Bug#849923: openssh-server: no login possible after upgrade on x32

2017-01-03 Thread Thorsten Glaser

On Mon, 2 Jan 2017, Aurelien Jarno wrote:

> Looking at the issue, it actually appears in __vdso_clock_gettime, which
> is provided by the kernel. This code handle the simple cases (REALTIME, 
> MONOTONIC, REALTIME_COARSE and _MONOTONIC_COARSE) and fallbacks to 
> the syscall in otherwise, CLOCK_BOOTTIME in the case of sshd.

Ouch – and the kernel probably thinks it’s getting away with this as
the kernel architecture is amd64…

Can you please forward this to someone at the kernel side (either Debian
or upstream) who can have a look? In the meantime, I’ll point this issue
out in #debian-x32 on IRC, so the other porters can also look.

> On 2017-01-02 17:49, Colin Watson wrote:

> > sshd's seccomp sandbox is denying a clock_gettime call.  But it's more

Probably a stupid idea, but a short-term stopgap: can we disable seccomp
on x32 for now? That needs:

• in debian/rules:
+confflags += --host=${DEB_HOST_GNU_TYPE}
  This sets $host to x86_64-pc-linux-gnux32 instead of the
  auto-detected x86_64-pc-linux-gnu (which is amd64)

• in configure.ac:
 AC_MSG_CHECKING([for seccomp architecture])
 seccomp_audit_arch=
 case "$host" in
+x86_64-*-gnux32)
+   # disabled for now, see Debian #849923
+   ;;
 x86_64-*)
seccomp_audit_arch=AUDIT_ARCH_X86_64
;;

With this, we can then also later fix the architecture, should
the kernel be fixed.

Thanks,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

Re: Bug#849923: openssh-server: no login possible after upgrade on x32

2017-01-03 Thread Colin Watson

clone 849923 -1
reassign -1 linux
retitle -1 linux: x32 __vdso_clock_gettime falls back to x86-64 syscall
thanks

On Tue, Jan 03, 2017 at 02:31:35PM +0100, Thorsten Glaser wrote:
> On Mon, 2 Jan 2017, Aurelien Jarno wrote:
> > Looking at the issue, it actually appears in __vdso_clock_gettime, which
> > is provided by the kernel. This code handle the simple cases (REALTIME, 
> > MONOTONIC, REALTIME_COARSE and _MONOTONIC_COARSE) and fallbacks to 
> > the syscall in otherwise, CLOCK_BOOTTIME in the case of sshd.
> 
> Ouch – and the kernel probably thinks it’s getting away with this as
> the kernel architecture is amd64…
> 
> Can you please forward this to someone at the kernel side (either Debian
> or upstream) who can have a look? In the meantime, I’ll point this issue
> out in #debian-x32 on IRC, so the other porters can also look.

I've cloned a kernel bug for this with this message.

> > On 2017-01-02 17:49, Colin Watson wrote:
> 
> > > sshd's seccomp sandbox is denying a clock_gettime call.  But it's more
> 
> Probably a stupid idea, but a short-term stopgap: can we disable seccomp
> on x32 for now? That needs:

Here's a better stopgap that lets us keep the sandbox enabled:

  
https://anonscm.debian.org/cgit/pkg-ssh/openssh.git/commit/?id=e346421ca6852fbf9f95cf0e764ecc345e5ce21d

> • in debian/rules:
>   +confflags += --host=${DEB_HOST_GNU_TYPE}
>   This sets $host to x86_64-pc-linux-gnux32 instead of the
>   auto-detected x86_64-pc-linux-gnu (which is amd64)

Unnecessary: the default is --build=x86_64-linux-gnux32, and --host
shouldn't be passed when not cross-compiling.

You're probably being misled by config.guess's default, but that's
already overridden appropriately by dpkg/debhelper.

Cheers,

-- 
Colin Watson   [cjwat...@debian.org]

Processed: Bug#796106 marked as pending

2017-01-03 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

> tag 796106 pending
Bug #796106 [src:glibc] CVE-2015-5180
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
796106: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796106
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

[glibc] 02/02: patches/any/cvs-resolv-internal-qtype.diff: patch from upstream to fix a NULL pointer dereference in libresolv when receiving a T_UNSPEC internal QTYPE (CVE-2015-5180). Closes: #796106.

2017-01-03 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a commit to branch sid
in repository glibc.

commit c16873aceccff7a1116adb047a47d5fb95fd461c
Author: Aurelien Jarno 
Date:   Tue Jan 3 22:51:27 2017 +0100

patches/any/cvs-resolv-internal-qtype.diff: patch from upstream to fix a 
NULL pointer dereference in libresolv when receiving a T_UNSPEC internal QTYPE 
(CVE-2015-5180).  Closes: #796106.
---
 debian/changelog  |  3 +
 debian/patches/any/cvs-resolv-internal-qtype.diff | 78 +++
 debian/patches/series |  1 +
 3 files changed, 82 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 58aaf38..2bf3ceb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -24,6 +24,9 @@ glibc (2.24-9) UNRELEASED; urgency=medium
 with the PT154 charset.  Closes: #847596.
   * debian/patches/git-updates.diff: update from upstream stable branch:
 - debian/patches/alpha/submitted-math-fixes.diff: Drop, merged upstream.
+  * patches/any/cvs-resolv-internal-qtype.diff: patch from upstream to fix a
+NULL pointer dereference in libresolv when receiving a T_UNSPEC internal
+QTYPE (CVE-2015-5180).  Closes: #796106.
 
  -- Samuel Thibault   Fri, 09 Dec 2016 01:51:00 +0100
 
diff --git a/debian/patches/any/cvs-resolv-internal-qtype.diff 
b/debian/patches/any/cvs-resolv-internal-qtype.diff
new file mode 100644
index 000..670d671
--- /dev/null
+++ b/debian/patches/any/cvs-resolv-internal-qtype.diff
@@ -0,0 +1,78 @@
+2016-12-31  Florian Weimer  
+
+   [BZ #18784]
+   CVE-2015-5180
+   * include/arpa/nameser_compat.h (T_QUERY_A_AND_): Rename from
+   T_UNSPEC.  Adjust value.
+   * resolv/nss_dns/dns-host.c (_nss_dns_gethostbyname4_r): Use it.
+   * resolv/res_query.c (__libc_res_nquery): Likewise.
+   * resolv/res_mkquery.c (res_nmkquery): Check for out-of-range
+   QTYPEs.
+
+--- a/include/arpa/nameser_compat.h
 b/include/arpa/nameser_compat.h
+@@ -1,8 +1,8 @@
+ #ifndef _ARPA_NAMESER_COMPAT_
+ #include 
+ 
+-/* Picksome unused number to represent lookups of IPv4 and IPv6 (i.e.,
+-   T_A and T_).  */
+-#define T_UNSPEC 62321
++/* The number is outside the 16-bit RR type range and is used
++   internally by the implementation.  */
++#define T_QUERY_A_AND_ 439963904
+ 
+ #endif
+--- a/resolv/nss_dns/dns-host.c
 b/resolv/nss_dns/dns-host.c
+@@ -323,7 +323,7 @@
+ 
+   int olderr = errno;
+   enum nss_status status;
+-  int n = __libc_res_nsearch (&_res, name, C_IN, T_UNSPEC,
++  int n = __libc_res_nsearch (&_res, name, C_IN, T_QUERY_A_AND_,
+ host_buffer.buf->buf, 2048, _buffer.ptr,
+ , , , _malloced);
+   if (n >= 0)
+--- a/resolv/res_mkquery.c
 b/resolv/res_mkquery.c
+@@ -103,6 +103,10 @@
+   int n;
+   u_char *dnptrs[20], **dpp, **lastdnptr;
+ 
++  if (class < 0 || class > 65535
++  || type < 0 || type > 65535)
++return -1;
++
+ #ifdef DEBUG
+   if (statp->options & RES_DEBUG)
+   printf(";; res_nmkquery(%s, %s, %s, %s)\n",
+--- a/resolv/res_query.c
 b/resolv/res_query.c
+@@ -122,7 +122,7 @@
+   int n, use_malloc = 0;
+   u_int oflags = statp->_flags;
+ 
+-  size_t bufsize = (type == T_UNSPEC ? 2 : 1) * QUERYSIZE;
++  size_t bufsize = (type == T_QUERY_A_AND_ ? 2 : 1) * QUERYSIZE;
+   u_char *buf = alloca (bufsize);
+   u_char *query1 = buf;
+   int nquery1 = -1;
+@@ -137,7 +137,7 @@
+   printf(";; res_query(%s, %d, %d)\n", name, class, type);
+ #endif
+ 
+-  if (type == T_UNSPEC)
++  if (type == T_QUERY_A_AND_)
+ {
+   n = res_nmkquery(statp, QUERY, name, class, T_A, NULL, 0, NULL,
+query1, bufsize);
+@@ -190,7 +190,7 @@
+   if (__builtin_expect (n <= 0, 0) && !use_malloc) {
+   /* Retry just in case res_nmkquery failed because of too
+  short buffer.  Shouldn't happen.  */
+-  bufsize = (type == T_UNSPEC ? 2 : 1) * MAXPACKET;
++  bufsize = (type == T_QUERY_A_AND_ ? 2 : 1) * MAXPACKET;
+   buf = malloc (bufsize);
+   if (buf != NULL) {
+   query1 = buf;
diff --git a/debian/patches/series b/debian/patches/series
index 5927826..2f9d247 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -215,3 +215,4 @@ any/local-bootstrap-headers.diff
 any/submitted-dlopen-noload.diff
 any/submitted-perl-inc.diff
 any/submitted-unicode-9.0.0.diff
+any/cvs-resolv-internal-qtype.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

[glibc] branch sid updated (60d2b4b -> c16873a)

2017-01-03 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a change to branch sid
in repository glibc.

  from  60d2b4b   libc0.3.symbols.hurd-i386: Add vm_wire_all symbols.
   new  3016f08   debian/patches/git-updates.diff: update from upstream 
stable branch:
   new  c16873a   patches/any/cvs-resolv-internal-qtype.diff: patch from 
upstream to fix a NULL pointer dereference in libresolv when receiving a 
T_UNSPEC internal QTYPE (CVE-2015-5180).  Closes: #796106.

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 debian/changelog  |   5 +
 debian/patches/alpha/submitted-math-fixes.diff| 173 
 debian/patches/any/cvs-resolv-internal-qtype.diff |  78 ++
 debian/patches/git-updates.diff   | 947 --
 debian/patches/series |   2 +-
 5 files changed, 960 insertions(+), 245 deletions(-)
 delete mode 100644 debian/patches/alpha/submitted-math-fixes.diff
 create mode 100644 debian/patches/any/cvs-resolv-internal-qtype.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

Ontdek de kredietwaardigheid van Rossignol M-R

Processed: Use jrt...@debian.org as submitter/owner everywhere

Re: Bug#849923: openssh-server: no login possible after upgrade on x32

Re: Bug#849923: openssh-server: no login possible after upgrade on x32

Processed: Bug#796106 marked as pending

[glibc] 02/02: patches/any/cvs-resolv-internal-qtype.diff: patch from upstream to fix a NULL pointer dereference in libresolv when receiving a T_UNSPEC internal QTYPE (CVE-2015-5180). Closes: #796106.

[glibc] branch sid updated (60d2b4b -> c16873a)

7 matches

Site Navigation

Mail list logo

Footer information