Bug#496423: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

Package: radiance
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
file: /usr/share/dtc/admin/accesslog.php
file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
file: /usr/share/linuxtrade/bin/linuxtrade.wn
file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
file: /usr/bin/impose
Binary-package: mgt (2.31-5)
file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
file: /usr/lib/lmbench/scripts/rccs
file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
file: /usr/lib/ogle/ogle_audio_debug
file: /usr/lib/ogle/ogle_cli_debug
file: /usr/lib/ogle/ogle_ctrl_debug
file: /usr/lib/ogle/ogle_gui_debug
file: /usr/lib/ogle/ogle_mpeg_ps_debug
file: /usr/lib/ogle/ogle_mpeg_vs_debug
file: /usr/lib/ogle/ogle_nav_debug
file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
file: /usr/bin/optics2rad
file: /usr/bin/pdelta
file: /usr/bin/dayfact
file: /usr/bin/raddepend
Binary-package: 

Bug#496400: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

Package: aegis-web
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
file: /usr/share/dtc/admin/accesslog.php
file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
file: /usr/share/linuxtrade/bin/linuxtrade.wn
file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
file: /usr/bin/impose
Binary-package: mgt (2.31-5)
file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
file: /usr/lib/lmbench/scripts/rccs
file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
file: /usr/lib/ogle/ogle_audio_debug
file: /usr/lib/ogle/ogle_cli_debug
file: /usr/lib/ogle/ogle_ctrl_debug
file: /usr/lib/ogle/ogle_gui_debug
file: /usr/lib/ogle/ogle_mpeg_ps_debug
file: /usr/lib/ogle/ogle_mpeg_vs_debug
file: /usr/lib/ogle/ogle_nav_debug
file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
file: /usr/bin/optics2rad
file: /usr/bin/pdelta
file: /usr/bin/dayfact
file: /usr/bin/raddepend
Binary-package: 

Bug#496426: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

Package: rancid-util
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
file: /usr/share/dtc/admin/accesslog.php
file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
file: /usr/share/linuxtrade/bin/linuxtrade.wn
file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
file: /usr/bin/impose
Binary-package: mgt (2.31-5)
file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
file: /usr/lib/lmbench/scripts/rccs
file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
file: /usr/lib/ogle/ogle_audio_debug
file: /usr/lib/ogle/ogle_cli_debug
file: /usr/lib/ogle/ogle_ctrl_debug
file: /usr/lib/ogle/ogle_gui_debug
file: /usr/lib/ogle/ogle_mpeg_ps_debug
file: /usr/lib/ogle/ogle_mpeg_vs_debug
file: /usr/lib/ogle/ogle_nav_debug
file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
file: /usr/bin/optics2rad
file: /usr/bin/pdelta
file: /usr/bin/dayfact
file: /usr/bin/raddepend
Binary-package: 

Bug#496403: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

Package: mgetty-fax
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
file: /usr/share/dtc/admin/accesslog.php
file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
file: /usr/share/linuxtrade/bin/linuxtrade.wn
file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
file: /usr/bin/impose
Binary-package: mgt (2.31-5)
file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
file: /usr/lib/lmbench/scripts/rccs
file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
file: /usr/lib/ogle/ogle_audio_debug
file: /usr/lib/ogle/ogle_cli_debug
file: /usr/lib/ogle/ogle_ctrl_debug
file: /usr/lib/ogle/ogle_gui_debug
file: /usr/lib/ogle/ogle_mpeg_ps_debug
file: /usr/lib/ogle/ogle_mpeg_vs_debug
file: /usr/lib/ogle/ogle_nav_debug
file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
file: /usr/bin/optics2rad
file: /usr/bin/pdelta
file: /usr/bin/dayfact
file: /usr/bin/raddepend
Binary-package: 

Bug#496395: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

Package: apertium
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
file: /usr/share/dtc/admin/accesslog.php
file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
file: /usr/share/linuxtrade/bin/linuxtrade.wn
file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
file: /usr/bin/impose
Binary-package: mgt (2.31-5)
file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
file: /usr/lib/lmbench/scripts/rccs
file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
file: /usr/lib/ogle/ogle_audio_debug
file: /usr/lib/ogle/ogle_cli_debug
file: /usr/lib/ogle/ogle_ctrl_debug
file: /usr/lib/ogle/ogle_gui_debug
file: /usr/lib/ogle/ogle_mpeg_ps_debug
file: /usr/lib/ogle/ogle_mpeg_vs_debug
file: /usr/lib/ogle/ogle_nav_debug
file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
file: /usr/bin/optics2rad
file: /usr/bin/pdelta
file: /usr/bin/dayfact
file: /usr/bin/raddepend
Binary-package: 

Bug#496434: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

Package: mgt
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
file: /usr/share/dtc/admin/accesslog.php
file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
file: /usr/share/linuxtrade/bin/linuxtrade.wn
file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
file: /usr/bin/impose
Binary-package: mgt (2.31-5)
file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
file: /usr/lib/lmbench/scripts/rccs
file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
file: /usr/lib/ogle/ogle_audio_debug
file: /usr/lib/ogle/ogle_cli_debug
file: /usr/lib/ogle/ogle_ctrl_debug
file: /usr/lib/ogle/ogle_gui_debug
file: /usr/lib/ogle/ogle_mpeg_ps_debug
file: /usr/lib/ogle/ogle_mpeg_vs_debug
file: /usr/lib/ogle/ogle_nav_debug
file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
file: /usr/bin/optics2rad
file: /usr/bin/pdelta
file: /usr/bin/dayfact
file: /usr/bin/raddepend
Binary-package: vdr-dbg 

Bug#496425: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

Package: ogle
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
file: /usr/share/dtc/admin/accesslog.php
file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
file: /usr/share/linuxtrade/bin/linuxtrade.wn
file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
file: /usr/bin/impose
Binary-package: mgt (2.31-5)
file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
file: /usr/lib/lmbench/scripts/rccs
file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
file: /usr/lib/ogle/ogle_audio_debug
file: /usr/lib/ogle/ogle_cli_debug
file: /usr/lib/ogle/ogle_ctrl_debug
file: /usr/lib/ogle/ogle_gui_debug
file: /usr/lib/ogle/ogle_mpeg_ps_debug
file: /usr/lib/ogle/ogle_mpeg_vs_debug
file: /usr/lib/ogle/ogle_nav_debug
file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
file: /usr/bin/optics2rad
file: /usr/bin/pdelta
file: /usr/bin/dayfact
file: /usr/bin/raddepend
Binary-package: 

Bug#496433: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

Package: audiolink
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
file: /usr/share/dtc/admin/accesslog.php
file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
file: /usr/share/linuxtrade/bin/linuxtrade.wn
file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
file: /usr/bin/impose
Binary-package: mgt (2.31-5)
file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
file: /usr/lib/lmbench/scripts/rccs
file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
file: /usr/lib/ogle/ogle_audio_debug
file: /usr/lib/ogle/ogle_cli_debug
file: /usr/lib/ogle/ogle_ctrl_debug
file: /usr/lib/ogle/ogle_gui_debug
file: /usr/lib/ogle/ogle_mpeg_ps_debug
file: /usr/lib/ogle/ogle_mpeg_vs_debug
file: /usr/lib/ogle/ogle_nav_debug
file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
file: /usr/bin/optics2rad
file: /usr/bin/pdelta
file: /usr/bin/dayfact
file: /usr/bin/raddepend
Binary-package: 

Bug#496429: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

Package: datafreedom-perl
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
file: /usr/share/dtc/admin/accesslog.php
file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
file: /usr/share/linuxtrade/bin/linuxtrade.wn
file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
file: /usr/bin/impose
Binary-package: mgt (2.31-5)
file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
file: /usr/lib/lmbench/scripts/rccs
file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
file: /usr/lib/ogle/ogle_audio_debug
file: /usr/lib/ogle/ogle_cli_debug
file: /usr/lib/ogle/ogle_ctrl_debug
file: /usr/lib/ogle/ogle_gui_debug
file: /usr/lib/ogle/ogle_mpeg_ps_debug
file: /usr/lib/ogle/ogle_mpeg_vs_debug
file: /usr/lib/ogle/ogle_nav_debug
file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
file: /usr/bin/optics2rad
file: /usr/bin/pdelta
file: /usr/bin/dayfact
file: /usr/bin/raddepend

Bug#496406: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

Package: fwbuilder
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
file: /usr/share/dtc/admin/accesslog.php
file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
file: /usr/share/linuxtrade/bin/linuxtrade.wn
file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
file: /usr/bin/impose
Binary-package: mgt (2.31-5)
file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
file: /usr/lib/lmbench/scripts/rccs
file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
file: /usr/lib/ogle/ogle_audio_debug
file: /usr/lib/ogle/ogle_cli_debug
file: /usr/lib/ogle/ogle_ctrl_debug
file: /usr/lib/ogle/ogle_gui_debug
file: /usr/lib/ogle/ogle_mpeg_ps_debug
file: /usr/lib/ogle/ogle_mpeg_vs_debug
file: /usr/lib/ogle/ogle_nav_debug
file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
file: /usr/bin/optics2rad
file: /usr/bin/pdelta
file: /usr/bin/dayfact
file: /usr/bin/raddepend
Binary-package: 

Bug#496392: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

Package: myspell-tools
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
file: /usr/share/dtc/admin/accesslog.php
file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
file: /usr/share/linuxtrade/bin/linuxtrade.wn
file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
file: /usr/bin/impose
Binary-package: mgt (2.31-5)
file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
file: /usr/lib/lmbench/scripts/rccs
file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
file: /usr/lib/ogle/ogle_audio_debug
file: /usr/lib/ogle/ogle_cli_debug
file: /usr/lib/ogle/ogle_ctrl_debug
file: /usr/lib/ogle/ogle_gui_debug
file: /usr/lib/ogle/ogle_mpeg_ps_debug
file: /usr/lib/ogle/ogle_mpeg_vs_debug
file: /usr/lib/ogle/ogle_nav_debug
file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
file: /usr/bin/optics2rad
file: /usr/bin/pdelta
file: /usr/bin/dayfact
file: /usr/bin/raddepend

Bug#496416: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

Package: xmcd
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
file: /usr/share/dtc/admin/accesslog.php
file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
file: /usr/share/linuxtrade/bin/linuxtrade.wn
file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
file: /usr/bin/impose
Binary-package: mgt (2.31-5)
file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
file: /usr/lib/lmbench/scripts/rccs
file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
file: /usr/lib/ogle/ogle_audio_debug
file: /usr/lib/ogle/ogle_cli_debug
file: /usr/lib/ogle/ogle_ctrl_debug
file: /usr/lib/ogle/ogle_gui_debug
file: /usr/lib/ogle/ogle_mpeg_ps_debug
file: /usr/lib/ogle/ogle_mpeg_vs_debug
file: /usr/lib/ogle/ogle_nav_debug
file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
file: /usr/bin/optics2rad
file: /usr/bin/pdelta
file: /usr/bin/dayfact
file: /usr/bin/raddepend
Binary-package: 

Bug#495705: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

Package: lintian
Tags: patch, security
Severity: wishlist

Hello, lintan maintainers!
please, see full discussion in -devel:
http://lists.debian.org/debian-devel/2008/08/msg00271.html
for example, see the bug
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648
(if attacker makes symlink from /tmp/twiki to /etc/shadow, then
 he takes full access to the system (when twiki installs or
 upgrades))




Hi all!

I wrote the check script for the lintian package. This additional check
verifies the debian packages for the presents of the discussed bug.

Notes and additions are welcome.

patch has been placed in attache

PS: X11 also uses the /tmp/.X11-unix directory, which may  be  used  for
attacks, I don't known :(

but many scripts (in different packages) use /tmp/.X11-unix, if this  is
not a security problem, may be I must add ignoring for this directory in
the lintian script?

I don't known yet :(

DEO This message about the error concerns a few packages  at  once.   I've
DEO tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
DEO config scripts were tested.

DEO In some packages I've discovered scripts with errors which may be used
DEO by a user for damaging important system files.

DEO For example if a script uses in its work a temp file which is  created
DEO in /tmp directory, then every user can create symlink  with  the  same
DEO name in this directory in order to  destroy  or  rewrite  some system
DEO file.

DEO I set Severity into grave for  this  bug.   The  table of  discovered
DEO problems is below.
--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537
--- checks/symlink_attack	1970-01-01 03:00:00.0 +0300
+++ checks/symlink_attack	2008-08-19 23:11:44.0 +0400
@@ -0,0 +1,114 @@
+# symlink_attack -- lintian check script -*- perl -*-
+#
+# Copyright (C) 2008 Dmitry E. Oboukhov [EMAIL PROTECTED]
+# 
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see http://www.gnu.org/licenses/.
+
+package Lintian::symlink_attack;
+use strict;
+use Tags;
+
+# check file
+# 
+# the parameters:
+#   1. name of check file
+#   2. error template
+#   3. warning template
+sub check_file($$$)
+{
+	my ($file_name, $err_tmpl, $warn_tmpl)[EMAIL PROTECTED];
+
+open my $file, '', $file_name
+or die Can not open file `$file_name': $!\n;
+
+$file_name =~ s/^..// if $file_name =~ m{^\./};
+$file_name =~ s{^debfiles/}{debian/};
+
+# read begin of shebang
+local $_;
+return unless 10 == read $file, $_, 10;
+return unless m{^#!\s*/};
+seek $file, 0, 0;
+
+$_ = $file;
+return unless m{^#!\s*(?:/\S+){2,}};
+
+# read all file content
+# (remove comments, join backslash-ended string)
+$_ = join '', map { s/#.*/\n/; s/\\$//; $_ } readline $file;
+
+# errors
+my $errors_found;
+if (m{\s*/tmp/} or m{(?:^|[|\s])tee\s+(?:-\S+\s+)*/tmp/}m)
+{
+$errors_found=1;
+tag $err_tmpl, $file_name (pipe);
+}
+
+my @wh = m{(mount|mkdir|chown|chmod)\s[^;]*?/tmp/}g;
+# remove dups
+@wh = keys %{{ map {($_,0)} @wh }};
+if (@wh)
+{
+	$errors_found=1;
+tag $err_tmpl, $file_name ($_) for @wh;
+}
+
+# warnings
+unless ($errors_found)
+{
+tag $warn_tmpl, $file_name if m{\s+/tmp/};
+}
+}
+
+
+sub run 
+{
+	my ($package, $type)=(@_);
+
+my @check_files;
+
+# check maintainer scripts
+	if ($type eq 'source')
+	{
+	@check_files=
+	grep /(((pre|post)(inst|rm))|(config))(?:\.in)?$/,
+	glob ('debfiles/*');
+	}
+	else
+	{
+	@check_files=
+	grep /(((pre|post)(inst|rm))|(config))$/, glob ('control/*');
+	}
+check_file $_ = 'maint-scripts-uses-tmp-err', 
+'maint-scripts-uses-tmp-warn' for @check_files;
+
+# check binary all files in the package
+if ($type eq 'binary')
+{
+	chdir 'unpacked';
+	open my $dir, '-|', 'find -type f -executable'
+	or die Can not start find: $!;
+	while($dir)
+	{
+		chomp;
+	check_file $_ = 'scripts-uses-tmp-err', 'scripts-uses-tmp-warn';
+	}
+	chdir '..';
+}
+}
+
+1;
+
+# vim: syntax=perl ts=4 sw=4 expandtab
--- checks/symlink_attack.desc	1970-01-01 03:00:00.0 +0300
+++ checks/symlink_attack.desc	2008-08-19 21:42

Bug#494648: RFS: Second try for twiki-ldapcontrib, new upstream version - Re: RFS: twiki-ldapcontrib - LDAP services for TWiki

[Dmitry E. Oboukhov]

VB frustratingly, I'm not a DD
VB and Worse. I have an emergency update to TWiki for a security issue that
VB needs fixing for Lenny, but I have no DD to help me upload it

VB Anyone here willing to do a  quick package upload of TWiki in the next
VB day?

VB Hi Sven!

VB I would be happy  to upload your fix but I disagree  with it. As pointed
VB by Olivier at the end of the  bug report, /tmp can be flushed at boot or
VB by some cronjobs. Therefore, you  cannot ensure that the twiki directory
VB still exists when twiki will be running.

Before upload please check that twiki postinst script is save previous
twiki session dir (The NEW installation may use any session dirs,
upgrade must use directory of twiki-config)

see my prevoius mail and (for example) my version of patch :)

VB I  cannot  give  an  universal   solution,  but  in  Roundcube,  we  use
VB /var/lib/roundcube/temp and  we provide  a cron job  that will  clean it
VB every m days where m can  be set by the user in /etc/default/roundcube
VB (and I just noticed that this is broken... will upload a fix). This way,
VB we don't fill  up /var but we don't rely on  anything in /tmp. Moreover,
VB we  don't have  to handle  a complex  script in  postinst  to circumvent
VB symlinks attacks.

VB The problem with webapps is that we don't have a clear policy of what to
VB do. You  can just  look at other  packages, like  phpmyadmin, mediawiki,
VB etc. Each attempt to establish a webapps policy seems to be aborted.
--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#494507: fluxbox: crash after clicking on an icon on the taskbar

[Dmitry E. Oboukhov]

tags 494507 unreproducible
thanks

Please, test experimental version :)
--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

tags 494648 patch
thanks

Hi, Sven

see my patch, please

--

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537
diff -u twiki-4.1.2/debian/changelog twiki-4.1.2/debian/changelog
--- twiki-4.1.2/debian/changelog
+++ twiki-4.1.2/debian/changelog
@@ -1,3 +1,12 @@
+twiki (1:4.1.2-3.3) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix security hole, closes: #494648.
+  * Build instructions moved from section -arch to -indep (closes lintian
+warning).
+
+ -- Dmitry E. Oboukhov [EMAIL PROTECTED]  Thu, 14 Aug 2008 10:23:41 +0400
+
 twiki (1:4.1.2-3.2) unstable; urgency=high
 
   * Non-maintainer upload.
diff -u twiki-4.1.2/debian/LocalSite.cfg twiki-4.1.2/debian/LocalSite.cfg
--- twiki-4.1.2/debian/LocalSite.cfg
+++ twiki-4.1.2/debian/LocalSite.cfg
@@ -11,8 +11,8 @@
 $TWiki::cfg{Site}{CharSet} = 'iso-8859-15';
 $TWiki::cfg{LoginManager} = 'TWiki::Client::ApacheLogin';
 $TWiki::cfg{Plugins}{WysiwygPlugin}{Enabled} = 1;
-$TWiki::cfg{RCS}{WorkAreaDir} = '/tmp/twiki';
-$TWiki::cfg{TempfileDir} = '/tmp/twiki';
+$TWiki::cfg{RCS}{WorkAreaDir} = '-UNDEFINED_TEMP_DIR-';
+$TWiki::cfg{TempfileDir} = '-UNDEFINED_TEMP_DIR-';
 $TWiki::cfg{WorkingDir} = '/var/lib/twiki/working';
 
 1;
diff -u twiki-4.1.2/debian/postinst twiki-4.1.2/debian/postinst
--- twiki-4.1.2/debian/postinst
+++ twiki-4.1.2/debian/postinst
@@ -10,6 +10,29 @@
 # Source debconf library.
 . /usr/share/debconf/confmodule
 
+MAIN_CONFIG=/etc/twiki/LocalSite.cfg
+CONFIG_TEMP_DIR=`cat $MAIN_CONFIG \
+|sed 's/#.*//'| grep TempfileDir | tail -n1\
+|sed s/.*\?=[[:space:]]*'\(.*\?\)'.*/\1/`
+UNDEFINED_TEMP_DIR_PATTERN='-UNDEFINED_TEMP_DIR-'
+TWIKI_SESSION_DIR=/tmp/twiki# first attempt to /tmp/twiki
+
+TWIKI_SESSION_PERMISSIONS=1770
+
+create_session_dir()
+{
+# We make TWIKI_SESSION_DIR
+if ! mkdir $TWIKI_SESSION_DIR /dev/null; then
+TWIKI_SESSION_DIR=`mktemp -d /tmp/twiki.XX`
+fi
+chmod $TWIKI_SESSION_PERMISSIONS $TWIKI_SESSION_DIR
+chown $TWIKI_OWNER:www-data $TWIKI_SESSION_DIR
+
+perl -pi \
+-e s[(TempfileDir|WorkAreaDir).*][\$1} = '$TWIKI_SESSION_DIR';] \
+$MAIN_CONFIG
+}
+
 
 # summary of how this script can be called:
 #* postinst `configure' most-recently-configured-version
@@ -58,7 +81,7 @@
 
 db_get twiki/defaultUrlHost
 # be more robust later:
-perl -pi~ -e '$U=q{'$RET'}; s{http://your.domain.com}{$U}g;' 
/etc/twiki/LocalSite.cfg
+perl -pi~ -e '$U=q{'$RET'}; s{http://your.domain.com}{$U}g;' $MAIN_CONFIG
 perl -pi~ -e '$U=q{'$RET'}; s{http://your.domain.com}{$U}g;' 
/etc/twiki/apache.conf
 #remove the double //cgi-bin caused by putting a / at the end of the hostUrl
 perl -pi~ -e 's{/(/cgi-bin)}{$1}g;' /etc/twiki/apache.conf
@@ -155,15 +178,26 @@
fi
chown $TWIKI_OWNER.www-data /var/lib/twiki/working/work_areas
 
-   #, mailnotify etc may be running _not_ as www-data
-   #and for some reason create a session
-   #use 1777 to prevent third parties replacing the file with a doctored 
one
-   #put into /tmp/twiki so that the open dir can't be used by others to 
fill up /var, thus crashing all logging
-   if [ ! -e /tmp/twiki ]; then
-   mkdir /tmp/twiki
-   fi
-   chmod 1777 /tmp/twiki
-   chown $TWIKI_OWNER.www-data /tmp/twiki
+
+# create session dir (if needed)
+if echo $CONFIG_TEMP_DIR|grep -q -- $UNDEFINED_TEMP_DIR_PATTERN; then
+   # NEW install
+   create_session_dir
+else
+   if test -d $TWIKI_SESSION_DIR; then
+found_owner=`ls -ld $TWIKI_SESSION_DIR|awk '{ print $3 }'`
+found_group=`ls -ld $TWIKI_SESSION_DIR|awk '{ print $4 }'`
+if ! test $found_owner = $TWIKI_OWNER -a \
+   $found_group = www-data; then
+   # error permissions, recreate
+create_session_dir
+fi
+else
+# $TWIKI_SESSION_DIR is not a directory
+   create_session_dir
+fi
+fi
+   chmod $TWIKI_SESSION_PERMISSIONS $TWIKI_SESSION_DIR
 
#add softlinks to make adding plugins easier ()
if [ ! -e /var/lib/twiki/lib ]; then
@@ -181,7 +215,7 @@

chown -R $TWIKI_OWNER.www-data /var/log/twiki
chmod -R 755 /var/log/twiki
-   chown $TWIKI_OWNER.www-data /etc/twiki/LocalSite.cfg
+   chown $TWIKI_OWNER.www-data $MAIN_CONFIG
 
# erase configuser password
 db_reset twiki/adminpassword
diff -u twiki-4.1.2/debian/rules twiki-4.1.2/debian/rules
--- twiki-4.1.2/debian/rules
+++ twiki-4.1.2/debian/rules
@@ -124,10 +124,6 @@
 
 # Build architecture-independent files here.
 binary-indep: build install
-# We have nothing to do by default.
-
-# Build architecture-dependent files here.
-binary-arch: build install
dh_testdir
dh_testroot
dh_installdebconf   
@@ -156,6 +152,10 @@
dh_md5sums
dh_builddeb

Bug#494648: closed by Sven Dowideit [EMAIL PROTECTED] (duplicate of Bug#444982, which was fixed in Oct 2007)

[Dmitry E. Oboukhov]

reopen 494648
thanks

If you want, You may merge the bugs 444982 494648, dont close!

$ ln -s /etc/shadow /tmp/twiki
$ LANG=C sudo apt-get install twiki
Reading package lists... Done
Building dependency tree   
Reading state information... Done

Setting up twiki (1:4.1.2-3.2) ...
Adding password for user TWikiGuest
Adding password for user admin
reloading apache2 config
Reloading web server config: apache2.
$ ll /etc/shadow
-rwxrwxrwt 1 www-data www-data 1339 Июл 28 10:26 /etc/shadow



On 12:09 Wed 13 Aug , Debian Bug Tracking System wrote:

DBTS This is an automatic notification regarding your Bug report
DBTS which was filed against the twiki package:

DBTS #494648: The possibility of attack with the help of symlinks in some 
Debian packages

DBTS It has been closed by Sven Dowideit [EMAIL PROTECTED].

DBTS Their explanation is attached below along with your original report.
DBTS If this explanation is unsatisfactory and you have not received a
DBTS better one in a separate message then please contact Sven Dowideit 
[EMAIL PROTECTED] by
DBTS replying to this email.

DBTS --
DBTS 494648: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648
DBTS Debian Bug Tracking System
DBTS Contact [EMAIL PROTECTED] with problems

DBTS Date: Wed, 13 Aug 2008 22:06:46 +1000
DBTS From: Sven Dowideit [EMAIL PROTECTED]
DBTS To: [EMAIL PROTECTED]
DBTS Subject: duplicate of Bug#444982, which was fixed
DBTS in Oct 2007
DBTS User-Agent: Mozilla-Thunderbird 2.0.0.16
DBTS (X11/20080724)

DBTS http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444982

DBTS Implemented Joey's suggestion of 1777  O_EXCL - mostly the files in
DBTS /tmp are written by CGI::Session, that takes care of things.
DBTS Also moved the 1777 tmp dir back to /tmp/twiki, as per Nico's point wrt
DBTS to filling /var

DBTS --
DBTS Professional Wiki Innovation and Support
DBTS Sven Dowideit - http://DistributedINFORMATION.com
DBTS A WikiRing Partner - http://wikiring.com
DBTS Public key -
DBTS http://pgp.mit.edu:11371/pks/lookup?search=Sven+Dowideitop=indexexact=on

DBTS Date: Mon, 11 Aug 2008 10:57:56 +0400
DBTS From: Dmitry E. Oboukhov [EMAIL PROTECTED]
DBTS To: [EMAIL PROTECTED]
DBTS Subject: The possibility of attack with the help of
DBTS symlinks in some Debian packages

DBTS Package: twiki
DBTS Severity: grave
DBTS Tags: security

DBTS This message about the error concerns a few packages  at  once.   I've
DBTS tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
DBTS config scripts were tested.

DBTS In some packages I've discovered scripts with errors which may be used
DBTS by a user for damaging important system files.

DBTS For example if a script uses in its work a temp file which is  created
DBTS in /tmp directory, then every user can create symlink  with  the  same
DBTS name in this directory in order to  destroy  or  rewrite  somesystem
DBTS file.

DBTS I set Severity into grave for  this  bug.   The  tableof  discovered
DBTS problems is below.

DBTS +--+-+--
DBTS |package   |  script | file for attack
DBTS +--+-+--
DBTS | mplayer-1.0~rc2  |  config | /tmp/HACK (pipe)
DBTS |  | |
DBTS | nws-2.13 |  postinst   | /tmp/nws.debug (cp)
DBTS |  | |
DBTS | ppp-2.4.4rel |  postinst   | /tmp/probe-finished (rm -f, pipe)
DBTS |  |  postinst   | /tmp/ppp-errors (rm -f, pipe)
DBTS |   ppp-udeb   |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
DBTS |  | |
DBTS | twiki-4.1.2  |  postinst   | /tmp/twiki  (chmod 1777, chown)
DBTS +--+-+--
--
... mpd playing: U.D.O. - Man And Machine

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

On 13:57 Wed 13 Aug , Steve Kemp wrote:
SK On Wed Aug 13, 2008 at 22:51:00 +1000, Sven Dowideit wrote:

SK no, its got nothing to do with /var/lib/twiki/data etc, its the location
SK for session data - produced by CGI::Session etc.

SK Yes it does.

SK The code we're talking about is contained in the file debian/postinst,
SK and only executes under the following condition:

SK # create initial htpasswd, if needed
SK if [ -e /var/lib/twiki/data ]; then

SK ...
SK ...
SK #create securer-twiki session dir
SK mkdir ...

SK fi

SK My understanding of the discussion thus far is:

SK a.  This is a genuine bug.
SK b.  Which has been fixed.

Where?

$curl http://ftp.nl.debian.org/debian/pool/main/t/twiki/twiki_4.1.2-3.2.diff.gz 
2/dev/null|gunzip|grep -A 219 '^[+]\{3\}.*postinst'|grep '/tmp/'

+   #put into /tmp/twiki so that the open dir can't be used by others to
fill up /var, thus crashing all logging
+   if [ ! -e /tmp/twiki ]; then
+   mkdir /tmp/twiki
+   chmod 1777 /tmp/twiki
+   chown $TWIKI_OWNER.www-data /tmp/twiki

http://packages.qa.debian.org/t/twiki.html
Stable   1:4.0.5-9.1
Testing  1:4.1.2-3.2
Unstable 1:4.1.2-3.2

for etch:

$ curl
http://ftp.nl.debian.org/debian/pool/main/t/twiki/twiki_4.0.5-9.1.diff.gz 
2/dev/null |gunzip|grep -A 219 '^[+]\{3\}.*postinst'|grep '/tmp/' 
+   if [ ! -e /tmp/twiki ]; then
+   mkdir /tmp/twiki 
+   chmod 777 /tmp/twiki 
+   chown $TWIKI_OWNER.www-data /tmp/twiki

SK c.  Except in Etch. 

and lenny and sid

SK Steve
--
... mpd playing: U.D.O. - Man And Machine

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

On 00:38 Thu 14 Aug , Sven Dowideit wrote:
SD No, I was told by Nico or Joey that web apps should not be filling up
SD the /var filesystem with session files.

SD this is apparently also _not_ a solution.

SD /tmp was determined in October 2007 as the best place

Ok, Yoy can do it (in your postinst):

twiki_session_dir=`mktemp -d /tmp/twiki.XX`
chown www-data:www-data $twiki_session_dir # or chown $TWIKI_OWNER:www-data
chmod 0750 $twiki_session_dir # or chmod 1770 if $TWIKI_OWNER != www-data
perl -pi -e s/(TempfileDir).*/$1} = '$twiki_session_dir'; \
/etc/twiki/LocalSite.cfg

attributes must be 0750 or 0770 or 0700 if owner==www-data
or 1770 if owner != www-data ($TWIKI_OWNER)

--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

SD On 00:38 Thu 14 Aug , Sven Dowideit wrote:
SD No, I was told by Nico or Joey that web apps should not be filling up
SD the /var filesystem with session files.
SD 
SD this is apparently also _not_ a solution.
SD 
SD /tmp was determined in October 2007 as the best place
SD 
SD Ok, Yoy can do it (in your postinst):
SD 
SD twiki_session_dir=`mktemp -d /tmp/twiki.XX`
SD chown www-data:www-data $twiki_session_dir # or chown $TWIKI_OWNER:www-data
SD chmod 0750 $twiki_session_dir # or chmod 1770 if $TWIKI_OWNER != www-data
SD perl -pi -e s/(TempfileDir).*/$1} = '$twiki_session_dir'; \
SD /etc/twiki/LocalSite.cfg
SD 
SD attributes must be 0750 or 0770 or 0700 if owner==www-data
SD or 1770 if owner != www-data ($TWIKI_OWNER)
SD 
SD and then on upgrade, create another one because the user selected to
SD overwrite the cfg, and so on - sounds like its less of a solution than
SD to use a predictable dir, with a more appropriate attempt to make sure
SD its safe.

SD it worries me that you appear to be contradicting the permissions I was
SD required to set up for #444982 - I'm not quite sure who's advice should
SD get priority - Joey's or yours.

SD Perhaps I should set up a google fight.

Full algorithm:

1. You change debian/LocalSite.cfg: s{/tmp/wiki}{#UNDEFINED_TEMP_DIR#};

2. in postinst You do:

2.1 

if grep -q #UNDEFINED_TEMP_DIR# /etc/twiki/LocalSite.cfg; then
twiki_session_dir=`mktemp -d /tmp/twiki.XX`
perl -pi -e \
s/(TempfileDir).*/$1} = '$twiki_session_dir';/ \
/etc/twiki/LocalSite.cfg
chown $TWIKI_OWNER:www-data $twiki_session_dir
else
twiki_session_dir=`grep TempfileDir /etc/twiki/LocalSite.cfg \
| sed s/=[[:space:]]*'//|sed s/'.*//`
fi

# [1]
chmod 1770 $twiki_session_dir


in [1] you can insert the verification code, for example:

if test -d $twiki_session_dir; then
# $twiki_session_dir is directory and exists
found_owner=`ls -l $twiki_session_dir|awk '{ print $3 }'`
found_group=`ls -l $twiki_session_dir|awk '{ print $4 }'`

if test $found_owner = $TWIKI_OWNER -a \
$found_group = www-data; then
# previous install is ok (owner:group)
else
# unknown owner
fi
else
#   $twiki_session_dir is not directory
# you can recreate it with new path
fi

3. You can show errors with help of debhelper's dialogs.


--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#494650: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

Package: nws
Severity: grave
Tags: security

This message about the error concerns a few packages  at  once.   I've
tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
config scripts were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
file.

I set Severity into grave for  this  bug.   The  table  of  discovered
problems is below.

+--+-+--
|package   |  script | file for attack
+--+-+--
| mplayer-1.0~rc2  |  config | /tmp/HACK (pipe)
|  | |
| nws-2.13 |  postinst   | /tmp/nws.debug (cp)
|  | |
| ppp-2.4.4rel |  postinst   | /tmp/probe-finished (rm -f, pipe)
|  |  postinst   | /tmp/ppp-errors (rm -f, pipe)
|   ppp-udeb   |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
|  | |
| twiki-4.1.2  |  postinst   | /tmp/twiki  (chmod 1777, chown)
+--+-+--



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

Package: twiki
Severity: grave
Tags: security

This message about the error concerns a few packages  at  once.   I've
tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
config scripts were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
file.

I set Severity into grave for  this  bug.   The  table  of  discovered
problems is below.

+--+-+--
|package   |  script | file for attack
+--+-+--
| mplayer-1.0~rc2  |  config | /tmp/HACK (pipe)
|  | |
| nws-2.13 |  postinst   | /tmp/nws.debug (cp)
|  | |
| ppp-2.4.4rel |  postinst   | /tmp/probe-finished (rm -f, pipe)
|  |  postinst   | /tmp/ppp-errors (rm -f, pipe)
|   ppp-udeb   |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
|  | |
| twiki-4.1.2  |  postinst   | /tmp/twiki  (chmod 1777, chown)
+--+-+--



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494649: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

Package: ppp
Severity: grave
Tags: security

This message about the error concerns a few packages  at  once.   I've
tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
config scripts were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
file.

I set Severity into grave for  this  bug.   The  table  of  discovered
problems is below.

+--+-+--
|package   |  script | file for attack
+--+-+--
| mplayer-1.0~rc2  |  config | /tmp/HACK (pipe)
|  | |
| nws-2.13 |  postinst   | /tmp/nws.debug (cp)
|  | |
| ppp-2.4.4rel |  postinst   | /tmp/probe-finished (rm -f, pipe)
|  |  postinst   | /tmp/ppp-errors (rm -f, pipe)
|   ppp-udeb   |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
|  | |
| twiki-4.1.2  |  postinst   | /tmp/twiki  (chmod 1777, chown)
+--+-+--



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494647: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

Package: mplayer
Severity: grave
Tags: security

This message about the error concerns a few packages  at  once.   I've
tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
config scripts were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
file.

I set Severity into grave for  this  bug.   The  table  of  discovered
problems is below.

+--+-+--
|package   |  script | file for attack
+--+-+--
| mplayer-1.0~rc2  |  config | /tmp/HACK (pipe)
|  | |
| nws-2.13 |  postinst   | /tmp/nws.debug (cp)
|  | |
| ppp-2.4.4rel |  postinst   | /tmp/probe-finished (rm -f, pipe)
|  |  postinst   | /tmp/ppp-errors (rm -f, pipe)
|   ppp-udeb   |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
|  | |
| twiki-4.1.2  |  postinst   | /tmp/twiki  (chmod 1777, chown)
+--+-+--



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494507: fluxbox: crash after clicking on an icon on the taskbar

[Dmitry E. Oboukhov]

Please, create backtrace report,

put out the command:

$ ulimit -c unlimited

(for enable creating core-dumps)

after crash (core file 'll be created) use

$ gdb /usr/bin/fluxbox $HOME/core
 bt



On 10:15 Sun 10 Aug , Torsten Wiebke wrote:
TW Package: fluxbox
TW Version: 1.0.0+deb1-8
TW Severity: important

TW Hi,
TW fluxbox crashes after clicking on an icon on the taskbar (I know it
TW is
TW not the right name).
TW In my case fluxbox crashes after clicking on the icon from
TW claws-mail
TW and one time ofter changing the workspace by the wheel of the
TW mouse.
TW Thanks for Your work. Fluxbox is great.
TW Thanks
TW Torsten

TW -- System Information:
TW Debian Release: lenny/sid
TW APT prefers testing
TW APT policy: (990, 'testing'), (90, 'unstable')
TW Architecture: i386 (i686)

TW Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core)
TW Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
TW Shell: /bin/sh linked to /bin/bash

TW Versions of packages fluxbox depends on:
TW ii  libc6 2.7-13 GNU C Library: Shared libraries
TW ii  libfontconfig12.6.0-1generic font configuration 
library
TW ii  libgcc1   1:4.3.1-2  GCC support library
TW ii  libice6   2:1.0.4-1  X11 Inter-Client Exchange 
library
TW ii  libimlib2 1.4.0-1.1  powerful image loading and 
renderi
TW ii  libsm62:1.0.3-2  X11 Session Management library
TW ii  libstdc++64.3.1-2The GNU Standard C++ Library v3
TW ii  libx11-6  2:1.1.4-2  X11 client-side library
TW ii  libxext6  2:1.0.4-1  X11 miscellaneous extension 
librar
TW ii  libxft2   2.1.12-3   FreeType-based font drawing 
librar
TW ii  libxinerama1  2:1.0.3-2  X11 Xinerama extension library
TW ii  libxpm4   1:3.5.7-1  X11 pixmap library
TW ii  libxrandr22:1.2.3-1  X11 RandR extension library
TW ii  libxrender1   1:0.9.4-2  X Rendering Extension client 
libra
TW ii  menu  2.1.39 generates programs menu for 
all me

TW fluxbox recommends no packages.

TW Versions of packages fluxbox suggests:
TW ii  fbdesk1.4.1-3Desktop icons for window 
managers
TW ii  fbpager   0.1.4-5.1  a pager application for the 
Fluxbo
TW ii  fluxconf  0.9.9-1FluxBox configuration utility

TW -- no debconf information
--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#494319: error indent_string

[Dmitry E. Oboukhov]

Package: mutt
Tags: l10n

my muttrc contains record:

set indent_string=%F 

(or set indent_string=%f )

If I press to 'reply' on mail with header:

 From: Vasiliy Pupkin [EMAIL PROTECTED]

then I look such text:

 Vasiliy Pupkin text...
 Vasiliy Pupkin text...
 Vasiliy Pupkin text...

If I press to 'reply' on mail width header:

 From: Василий Пупкин [EMAIL PROTECTED]

(encoded by RFC)

then I look such text:

  text...
  text...
  text...

'indent_string' does not work in this case.

 must be:
 Василий Пупкин text...

 examples of 'From':

 From: =?koi8-r?Q?=F0=CF=CB=CF=D4=C9=CC=C5=CE=CB=CF_?= 
=?koi8-r?Q?=EB=CF=D3=D4=C9=CB?= [EMAIL PROTECTED]
 (Thunderbird)

 From: =?windows-1251?Q?=CC=E0=E9=EE=F0=EE=E2=F1=EA=E8=E9_=CC=E0=EA=F1=E8?= 
=?windows-1251?Q?=EC?= [EMAIL PROTECTED]
 (Evolution)

 From: =?UTF-8?B?0JHRi9C60LDQvdC+0LIg0KHQtdGA0LPQtdC5?= [EMAIL PROTECTED]
 (Thunderbird)

--
... mpd playing: WASP - The Headless Children

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#493966: FBFS on sparc. error: call of overloaded 'pack(uint)' is ambiguous

[Dmitry E. Oboukhov]

retitle 493966 FBFS on alpha, arm, armel, hppa, m68k, mips, mipsel, powerpc, 
s390, sparc error: call of overloaded 'pack(uint)' is ambiguous...
tags 493966 patch
thanks

see attache

see also patch for build on ia64 :)

--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537
--- plugins/icq/icqlists.cpp2008-06-27 02:38:29.0 +0400
+++ plugins/icq/icqlists.cpp2008-08-06 11:05:58.0 +0400
@@ -1078,7 +1078,7 @@
 
 snac(ICQ_SNACxFOOD_LISTS, cmd, true);
 QCString sName = name.utf8();
-socket()-writeBuffer().pack(htons(sName.length()));
+socket()-writeBuffer().pack((long unsigned int)htons(sName.length()));
 socket()-writeBuffer().pack(sName.data(), sName.length());
 socket()-writeBuffer()
  grp_id
--- debian/rules2008-08-06 11:18:41.0 +0400
+++ debian/rules2008-08-06 11:18:31.0 +0400
@@ -47,31 +47,48 @@
touch $@
 
 binary-arch: install
-# required
+   dh_testdir
+   dh_testroot
+   dh_installchangelogs-psim -psim-qt
+   dh_installdocs  -psim -psim-qt
+   dh_installman   -psim -psim-qt
+   dh_installmenu  -psim -psim-qt
+   dh_install  -psim -psim-qt
+   dh_lintian  -psim -psim-qt
+   dh_link -psim -psim-qt
+   dh_strip-psim -psim-qt
+   dh_installdebconf   -psim -psim-qt
+   dh_compress -psim -psim-qt
+   dh_fixperms -psim -psim-qt
+   dh_makeshlibs   -psim -psim-qt
+   dh_installdeb   -psim -psim-qt
+   dh_shlibdeps-psim -psim-qt
+   dh_gencontrol   -psim -psim-qt
+   dh_md5sums  -psim -psim-qt
+   dh_builddeb -psim -psim-qt -- -Z bzip2
 
 binary-indep: install
-# required
-
-binary: binary-arch binary-indep
dh_testdir
dh_testroot
-   dh_installchangelogs 
-   dh_installdocs
-   dh_installman
-   dh_installmenu
-   dh_install
-   dh_lintian
-   dh_link
-   dh_strip
-   dh_installdebconf
-   dh_compress
-   dh_fixperms
-   dh_makeshlibs
-   dh_installdeb
-   dh_shlibdeps
-   dh_gencontrol
-   dh_md5sums
-   dh_builddeb -- -Z bzip2
+   dh_installchangelogs-psim-data
+   dh_installdocs  -psim-data
+   dh_installman   -psim-data
+   dh_installmenu  -psim-data
+   dh_install  -psim-data
+   dh_lintian  -psim-data
+   dh_link -psim-data
+   dh_strip-psim-data
+   dh_installdebconf   -psim-data
+   dh_compress -psim-data
+   dh_fixperms -psim-data
+   dh_makeshlibs   -psim-data
+   dh_installdeb   -psim-data
+   dh_shlibdeps-psim-data
+   dh_gencontrol   -psim-data
+   dh_md5sums  -psim-data
+   dh_builddeb -psim-data -- -Z bzip2
+
+binary: binary-arch binary-indep
 
 .PHONY: build \
clean \


signature.asc
Description: Digital signature

Bug#309898: moving window on xinerama sometimes unexpectedly transposes window by a screenwidth

[Dmitry E. Oboukhov]

TL  Please check if this bug is also contained in the current
TL  (1.0rc3 or 1.0rc3+svn) version ?

TL I checked with the version 1.0.0+deb1-8 in Sid and the bug is still
TL there (I mean the screen offset bug). Very annoying since it happens
TL often in my system.
please, see also fluxbox from experimental :)

--

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#492953: new upstream version available

[Dmitry E. Oboukhov]

Package: hedgewars
Version: 0.9.5
Severity: normal

new upstream version available

--
... mpd playing: U.D.O. - Fistful Of Anger

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#492688: mutt: cache ignoring

[Dmitry E. Oboukhov]

Package: mutt
Version: 1.5.17+20080114-1+b1

I subscribed to many maillists.

For example debian-devel and debian-devel-announce.
debian-devel-announce has very small traffic, so I setted my procmail
for both lists tol be put into one maildir.

debian-devel and debian-devel-announce are kept in one maildir.

I want them to differ by colors.
I added to my muttrc next lines:

color index red black ~h '^List-Id:.*-announce' !~U
color index brightred black ~h '^List-Id:.*-announce' ~U
color index red black ~h '^List-Id:.*-announce' !~N
color index brightred black ~h '^List-Id:.*-announce' ~N

color index brightgreen black ~N !~h '^List-Id:.*-announce'
color index brightgreen black ~U !~h '^List-Id:.*-announce'

Mutt has to reload mails permanently (from imap) and it takes very long
time (one PgUp/PgDown refresh per 1-5 seconds).

Muttrc option header_cache is ignored:
set header_cache=$HOME/.mutt/cache

If I do remove (or comment) for color options, then mutt works fine.

--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#492037: incorrect behaviour of perldoc with UTF-8 texts

[Dmitry E. Oboukhov]

Package: perl
Version: 5.10.0-10
Tags: l10n
Severity: important

In attache You can found pod with russian symbols in utf-8 charset.
This file is showed incorrectly:

=begin of cut

EXAMPLE_RUSSIAN(1)User Contributed Perl Documentation   EXAMPLE_RUSSIAN(1)



X1
   N~XX N~XN~XN~XN~ N~XXXN~XN~X

   N~XXN~X N~XXXN~XXX 1
   N~XXXN~XN~X XN~XXXN~XN~XX

=end cut

Perldoc from Etch works fine.

pod2text works tolerably, but letters 'Э' (1069 == ord 'Э'), 
'И' (1048 == ord 'И') will be replaced to symbol 'Ð'

pod2man works as perldoc

pod2html works fine

PS:
 apache:[~]$ zcat /usr/share/doc/perl/changelog.Debian.gz|dpkg-parsechangelog 
-l-
 Source: perl
 Version: 5.10.0-10
 Distribution: unstable
 Urgency: low
 Maintainer: Niko Tyni [EMAIL PROTECTED]
 Date: Thu, 08 May 2008 14:32:30 +0300
 Closes: 479460 479762 479863
 Changes: 
  perl (5.10.0-10) unstable; urgency=low
  .
* Integrate NMU, thanks Bastian.
* Make h2ph allow the quote mark delimiter also for those #include 
directives
  chased with h2ph -a. (Closes: #479762)
* Adjust manual page sections in Module::Build::Base for the Debian Perl
  policy. (Closes: #479460)
* Disable the v-string in use/require is non-portable warning again.
  (Closes: #479863)
 apache:[~]$ zcat 
/usr/share/doc/perl-doc/changelog.Debian.gz|dpkg-parsechangelog -l- 
   
 Source: perl
 Version: 5.10.0-10
 Distribution: unstable
 Urgency: low
 Maintainer: Niko Tyni [EMAIL PROTECTED]
 Date: Thu, 08 May 2008 14:32:30 +0300
 Closes: 479460 479762 479863
 Changes: 
  perl (5.10.0-10) unstable; urgency=low
  .
* Integrate NMU, thanks Bastian.
* Make h2ph allow the quote mark delimiter also for those #include 
directives
  chased with h2ph -a. (Closes: #479762)
* Adjust manual page sections in Module::Build::Base for the Debian Perl
  policy. (Closes: #479460)
* Disable the v-string in use/require is non-portable warning again.
  (Closes: #479863)

--
... mpd playing: Manowar - Today Is A Good Day To Die

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537
=head1 заголовок1

Это русский текст

=over

=item элемент списка 1

текст привязанный к элементу списка 1

=item элемент списка 2

текст привязанный к элементу списка 2

=back

просто параграф текста

И снова русский текст. Это опять русский текст.

=head1 Это русские заглавные буквы:

Й Ц У К Е Н Г Ш Щ З Х Ъ Ф Ы В А П Р О Л Д Ж Э Я Ч С М И Т Ь Б Ю

=head1 А это маленькие буквы:

й ц у к е н г ш щ з х ъ ф ы в а п р о л д ж э я ч с м и т ь б ю

=cut


signature.asc
Description: Digital signature

Bug#491656: lock-on keys when using xorg

[Dmitry E. Oboukhov]

Package: xserver-xorg
Severity: normal
Tags: l10n

I use Xorg adapted to the 2 languages: russian and english. Command line
setxkbmap is:
setxkbmap -model pc104 -layout us,ru -option  -option \
grp:caps_toggle,grp:switch,grp_led:scroll, compose:lwin

right alt uses for temporary switch over keyboard layouts.

Sometimes right alt swithching causes key sealing.  For example,  if  we
press alt-comma, comma is autocycling. autocycling will continue until
we press any key.

I note of this  bug  in  many  hostes  since  Xorg  appears  in  Debian.
Discussion of this issue in debian-russian@ mailing list showes that this
bug is commonly encountered. I've noted of this bug in many hosts since
xorg has appeared in Debian (X of woody works fine :)).

--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#490533: libupnp4: missing various dependencies

[Dmitry E. Oboukhov]

tags 490533 patch
thanks

see my variant of the patch (attache)

You can change the description of the libupnp-dev and the urgency :)

ping me if this way is well (and rebuild non-NMU):)

--
... mpd playing: WASP - The Great Misconceptions Of Me

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537
diff -u libupnp-1.6.6/debian/control libupnp-1.6.6/debian/control
--- libupnp-1.6.6/debian/control
+++ libupnp-1.6.6/debian/control
@@ -27,8 +27,22 @@
 Architecture: any
 Depends: libupnp3 (= ${binary:Version})
 Conflicts: libupnp4-dev
-Provides: libupnp-dev
-Replaces: libupnp-dev
+Description: Portable SDK for UPnP Devices (development files)
+ The Portable SDK for UPnP Devices (libupnp) provides developers with an
+ API and open source code for building control points, devices, and
+ bridges that are compliant with Version 1.0 of the Universal Plug and
+ Play Device Architecture Specification - see http://www.upnp.org/ for
+ specifications.
+ .
+ The libupnp-dev package contains the header files, documentation and
+ debug versions of libraries needed for development of programs using
+ uPnP.
+Section: libdevel
+
+Package: libupnp-dev
+Priority: extra
+Architecture: any
+Depends: libupnp3-dev (= ${binary:Version})
 Description: Portable SDK for UPnP Devices (development files)
  The Portable SDK for UPnP Devices (libupnp) provides developers with an
  API and open source code for building control points, devices, and
diff -u libupnp-1.6.6/debian/changelog libupnp-1.6.6/debian/changelog
--- libupnp-1.6.6/debian/changelog
+++ libupnp-1.6.6/debian/changelog
@@ -1,3 +1,11 @@
+libupnp (1:1.6.6-2.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Added libupnp-dev with depends to libupnp3-dev, 
+   really closes: #490339, #490533.
+
+ -- Dmitry E. Oboukhov [EMAIL PROTECTED]  Fri, 18 Jul 2008 12:17:20 +0400
+
 libupnp (1:1.6.6-2) unstable; urgency=low
 
   * Bump epoch and add Conflicts with libupnp4, to displace incorrect


signature.asc
Description: Digital signature

Bug#490307: closing of iceweasel leads to the loss of settings and cookies.

[Dmitry E. Oboukhov]

found 490307 3.0.1-1
found 490307 3.0~rc2-2
found 490307 3.0~rc2-1
found 490307 3.0~rc1-1
found 490307 3.0~b5-4
thanks

MH Package: iceweasel
MH Version: 3.0~rc2-2
MH Severity: important
MH
MH iceweasel 3 constantly loses cookies whilet exit/restart.
MH After closing of iceweasel any cookies are lost.
MH I'm forced to re-login to all the  web-sites which keep authorization
MH information in cookies.

MH What sites ?

All sites.

if I do remove directory ~/.mozilla, and create new profile, then
iceweasel works fine.

but my profile is very dear for me (passwords, bookmarks, etc)

--
... mpd playing: WASP - The Medley

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#490860: webdeveloper: build from source

[Dmitry E. Oboukhov]

 Locales are needed and I'd like to provide them again, probably by 
 including source files too.

You can replace xpi to this xpi:
http://downloads.chrispederick.com/work/web-developer/web-developer-localized.xpi

I overlooked this xpi, sorry.


I don't like to use CVS-downloads for package building. It increases the
number of build-depends and creates excess necessities of re-building.
However if You think it is necessary You may do it.



--
... mpd playing: WASP - The Idol

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#490533: libupnp4: missing various dependencies

[Dmitry E. Oboukhov]

Nick,

Can You make package libupnp with?:
libupnp3-dev (remove Provides record)
libupnp3
libupnp3-dbg

and _empty_
libupnp-dev depends from libupnp3-dev

If libupnp4 becames stable, then we'll move libupnp-dev into it.

If You know the better variant, tell me.

PS: You can set the urgency to medium or high :)
--

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#490860: webdeveloper: build from source

[Dmitry E. Oboukhov]

severity 490860 wishlist
thanks


 webdeveloper maintainer, do you have any plan to actually build
 from source this add-on?

wherefore?


--
. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#490860: webdeveloper: build from source

[Dmitry E. Oboukhov]

  
 extracting: locale/en-US/webdeveloper/contents.rdf  
 extracting: locale/en-US/webdeveloper/dashboard.dtd  
 extracting: locale/en-US/webdeveloper/dialogs.dtd  
 extracting: locale/en-US/webdeveloper/menu.dtd  
 extracting: locale/en-US/webdeveloper/options.dtd  
 extracting: locale/en-US/webdeveloper/webdeveloper.properties  
 extracting: skin/classic/webdeveloper/contents.rdf  
 extracting: skin/classic/webdeveloper/dashboard/apply-css.png  
 extracting: skin/classic/webdeveloper/dashboard/apply-html.png  
 extracting: skin/classic/webdeveloper/dashboard/clear.png  
 extracting: skin/classic/webdeveloper/dashboard/open.png  
 extracting: skin/classic/webdeveloper/dashboard/position.png  
 extracting: skin/classic/webdeveloper/dashboard/reset.png  
 extracting: skin/classic/webdeveloper/dashboard/save.png  
 extracting: skin/classic/webdeveloper/dashboard/search.png  
 extracting: skin/classic/webdeveloper/dashboard/stick.png  
 extracting: skin/classic/webdeveloper/dashboard/unstick.png  
 extracting: skin/classic/webdeveloper/menu/disabled.png  
 extracting: skin/classic/webdeveloper/options/colors-fonts.png  
 extracting: skin/classic/webdeveloper/options/dashboard.png  
 extracting: skin/classic/webdeveloper/options/ge
--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#490533: Info received (Bug#490533: Info received (libupnp4: missing various dependencies))

[Dmitry E. Oboukhov]

reopen 490533
thanks

This bug can be done after upload libupnp3*
--
... mpd playing: U.D.O. - Can't Get Enough

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#490533: Info received (libupnp4: missing various dependencies)

[Dmitry E. Oboukhov]

debdiff attached

Nick, please make libupnp3 (src) package, contains:
libupnp3- Conflicts: libupnp4
libupnp3-dev-  Conflicts: libupnp4-dev
Provides/Replases: libupnp-dev
libupnp3-dbg- Conflicts: libupnp4-dbg

and ping me :)

Sorry, I overlooked that this src-package name is libupnp too :(

--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537
diff -u libupnp-1.8.0~cvs20080628/debian/changelog libupnp-1.8.0~cvs20080628/debian/changelog
--- libupnp-1.8.0~cvs20080628/debian/changelog
+++ libupnp-1.8.0~cvs20080628/debian/changelog
@@ -1,3 +1,11 @@
+libupnp (1.8.0~cvs20080628-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Various dependencies have been fixed, closes: #490533.
+  * Added conflicts with libupnp3*.
+
+ -- Dmitry E. Oboukhov [EMAIL PROTECTED]  Sun, 13 Jul 2008 10:38:52 +0400
+
 libupnp (1.8.0~cvs20080628-1) unstable; urgency=low
 
   * New upstream release
diff -u libupnp-1.8.0~cvs20080628/debian/compat libupnp-1.8.0~cvs20080628/debian/compat
--- libupnp-1.8.0~cvs20080628/debian/compat
+++ libupnp-1.8.0~cvs20080628/debian/compat
@@ -1 +1 @@
-5
+7
diff -u libupnp-1.8.0~cvs20080628/debian/rules libupnp-1.8.0~cvs20080628/debian/rules
--- libupnp-1.8.0~cvs20080628/debian/rules
+++ libupnp-1.8.0~cvs20080628/debian/rules
@@ -97,9 +97,7 @@
 	dh_fixperms
 	dh_makeshlibs
 	dh_installdeb
-	dh_shlibdeps -plibupnp4 -X /usr/lib/libupnp.so.4.0.0
-	dh_shlibdeps -plibupnp4-dev
-	dh_shlibdeps -plibupnp4-dbg
+	dh_shlibdeps 
 	dh_gencontrol
 	dh_md5sums
 	dh_builddeb
diff -u libupnp-1.8.0~cvs20080628/debian/libupnp4.install libupnp-1.8.0~cvs20080628/debian/libupnp4.install
--- libupnp-1.8.0~cvs20080628/debian/libupnp4.install
+++ libupnp-1.8.0~cvs20080628/debian/libupnp4.install
@@ -1 +1 @@
-usr/lib/libupnp.so.* usr/lib
+usr/lib/lib* usr/lib
diff -u libupnp-1.8.0~cvs20080628/debian/control libupnp-1.8.0~cvs20080628/debian/control
--- libupnp-1.8.0~cvs20080628/debian/control
+++ libupnp-1.8.0~cvs20080628/debian/control
@@ -3,10 +3,11 @@
 Priority: extra
 Homepage: http://pupnp.sourceforge.net/
 Maintainer: Nick Leverton [EMAIL PROTECTED]
-Build-Depends: debhelper (= 6.0.7~), dbs, quilt, autoconf, automake, libtool
+Build-Depends: debhelper, dbs, quilt, autoconf, automake, libtool
 Standards-Version: 3.8.0
 
 Package: libupnp4
+Conflicts: libupnp3
 Priority: extra
 Architecture: any
 Depends: ${shlibs:Depends}
@@ -25,7 +26,7 @@
 Architecture: any
 Depends: libupnp4 (= ${binary:Version})
 Provides: libupnp-dev
-Conflicts: libupnp-dev
+Conflicts: libupnp3-dev, libupnp-dev ( ${binary:Version})
 Replaces: libupnp-dev
 Description: Portable SDK for UPnP Devices (development files)
  The Portable SDK for UPnP Devices (libupnp) provides developers with an
@@ -40,6 +41,7 @@
 Section: libdevel
 
 Package: libupnp4-dbg
+Conflicts: libupnp3-dbg
 Priority: extra
 Architecture: any
 Depends: libupnp4 (= ${binary:Version})


signature.asc
Description: Digital signature

Bug#490533: libupnp4: missing various dependencies

[Dmitry E. Oboukhov]

tags 490533 patch
thanks

sorry, this is my mistake :(
--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537
--- debian/libupnp4.install 2008-07-12 20:26:23.0 +0400
+++ debian/libupnp4.install 2008-07-12 20:21:35.0 +0400
@@ -1 +1 @@
-usr/lib/libupnp.so.* usr/lib
+usr/lib/lib* usr/lib
--- debian/rules2008-07-12 20:26:23.0 +0400
+++ debian/rules2008-07-12 20:22:09.0 +0400
@@ -97,9 +97,7 @@
dh_fixperms
dh_makeshlibs
dh_installdeb
-   dh_shlibdeps -plibupnp4 -X /usr/lib/libupnp.so.4.0.0
-   dh_shlibdeps -plibupnp4-dev
-   dh_shlibdeps -plibupnp4-dbg
+   dh_shlibdeps 
dh_gencontrol
dh_md5sums
dh_builddeb


signature.asc
Description: Digital signature

Bug#490307: closing of iceweasel leads to the loss of settings and cookies.

[Dmitry E. Oboukhov]

Package: iceweasel
Version: 3.0~rc2-2
Severity: important

iceweasel 3 constantly loses cookies whilet exit/restart.
After closing of iceweasel any cookies are lost.
I'm forced to re-login to all the  web-sites which keep authorization
information in cookies.

iceweasel 2 started with the same profile works fine.

--
... mpd playing: Accept - Restless  Wild

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#487201: MPL-license

[Dmitry E. Oboukhov]

The list of packages with full text of MPL-license:

agsync: /usr/share/doc/agsync/MPL-1.1.txt.gz
alexandria: /usr/share/doc/alexandria/MPL-1.1.txt.gz
iceape: /usr/share/doc/iceape/MPL.gz
iceape-browser: /usr/share/doc/iceape-browser/MPL.gz
iceape-calendar: /usr/share/doc/iceape-calendar/MPL.gz
iceape-chatzilla: /usr/share/doc/iceape-chatzilla/MPL.gz
iceape-dbg: /usr/share/doc/iceape-dbg/MPL.gz
iceape-dev: /usr/share/doc/iceape-dev/MPL.gz
iceape-dev-bin: /usr/share/doc/iceape-dev-bin/MPL.gz
iceape-dom-inspector: /usr/share/doc/iceape-dom-inspector/MPL.gz
iceape-gnome-support: /usr/share/doc/iceape-gnome-support/MPL.gz
iceape-mailnews: /usr/share/doc/iceape-mailnews/MPL.gz
iceowl: /usr/share/doc/iceowl/MPL.gz
iceweasel: /usr/share/doc/iceweasel/MPL.gz
iceweasel-dom-inspector: /usr/share/doc/iceweasel-dom-inspector/MPL.gz
iceweasel-gnome-support: /usr/share/doc/iceweasel-gnome-support/MPL.gz
libmozillainterfaces-java: /usr/share/doc/libmozillainterfaces-java/MPL.gz
libmozjs-dev: /usr/share/doc/libmozjs-dev/MPL.gz
libmozjs0d: /usr/share/doc/libmozjs0d/MPL.gz
libmozjs0d-dbg: /usr/share/doc/libmozjs0d-dbg/MPL.gz
libmozjs1d: /usr/share/doc/libmozjs1d/MPL.gz
libmozjs1d-dbg: /usr/share/doc/libmozjs1d-dbg/MPL.gz
libxul-common: /usr/share/doc/libxul-common/MPL.gz
libxul-dev: /usr/share/doc/libxul-dev/MPL.gz
libxul0d: /usr/share/doc/libxul0d/MPL.gz
libxul0d-dbg: /usr/share/doc/libxul0d-dbg/MPL.gz
mozilla-bookmarksftp: /usr/share/doc/mozilla-bookmarksftp/MPL-1.1.txt.gz
python-xpcom: /usr/share/doc/python-xpcom/MPL.gz
spidermonkey-bin: /usr/share/doc/spidermonkey-bin/MPL.gz
xine-plugin: /usr/share/doc/xine-plugin/MPL.gz
xulrunner: /usr/share/doc/xulrunner/MPL.gz
xulrunner-1.9: /usr/share/doc/xulrunner-1.9/MPL.gz
xulrunner-1.9-dbg: /usr/share/doc/xulrunner-1.9-dbg/MPL.gz
xulrunner-1.9-gnome-support: /usr/share/doc/xulrunner-1.9-gnome-support/MPL.gz
xulrunner-dev: /usr/share/doc/xulrunner-dev/MPL.gz
xulrunner-gnome-support: /usr/share/doc/xulrunner-gnome-support/MPL.gz

--
... mpd playing: Helloween - Lavdate Donibvm

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#487201: MPL-license

[Dmitry E. Oboukhov]

./main/b/biofox/biofox_1.1.4-2.diff.gz contains MPL
./main/b/biofox/biofox_1.1.4-3.diff.gz contains MPL
./main/b/brickos/brickos_0.9.0.dfsg-6.diff.gz contains MPL
./main/b/bonsai/bonsai_1.3+cvs20060111-2.diff.gz contains MPL
./main/b/bitlbee/bitlbee_1.0.3-1.3.diff.gz contains MPL
./main/b/bugzilla/bugzilla_3.0.4.1-1.diff.gz contains MPL
./main/b/bugzilla/bugzilla_2.22.1-2.diff.gz contains MPL
./main/b/bugzilla/bugzilla_3.0.4-4.diff.gz contains MPL
./main/a/adblock-plus/adblock-plus_0.7.5.5-2.diff.gz contains MPL
./main/a/aolserver4-nsmysql/aolserver4-nsmysql_0.6-3.diff.gz contains MPL
./main/a/alexandria/alexandria_0.6.1-1.diff.gz contains MPL
./main/a/aolserver4-nsopenssl/aolserver4-nsopenssl_3.0beta26-1.diff.gz contains 
MPL
./main/a/aolserver4-nsopenssl/aolserver4-nsopenssl_3.0beta22-3.diff.gz contains 
MPL
./main/a/aolserver4-nscache/aolserver4-nscache_1.5-2.diff.gz contains MPL
./main/a/aolserver4-nscache/aolserver4-nscache_1.5-1.diff.gz contains MPL
./main/a/aolserver4/aolserver4_4.5.0-15.diff.gz contains MPL
./main/a/aolserver4/aolserver4_4.0.10-7.diff.gz contains MPL
./main/a/agsync/agsync_0.2-pre-9.diff.gz contains MPL
./main/a/agsync/agsync_0.2-pre-9.1.diff.gz contains MPL

$ curl http://www.mozilla.org/MPL/MPL-1.1.txt|wc -c
25755

$ curl http://www.mozilla.org/MPL/MPL-1.1.txt|gzip -9|wc -c
8298


$ echo '162 * 8298'|bc
1344276

$ echo '162 * 25755'|bc
4172310

;)

... mpd playing: Helloween - Mirror Mirror

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#489682: RM: rhkbf -- RoM; obsolete package

[Dmitry E. Oboukhov]

Package: rhkbf

rhkbf package is not needed any more. 69230 mozilla-bug has been
corrected in ice(weasel|ape)3. Please delete the package from
repositry.

--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#489685: RM: uqm-music -- RoM; reorganization of src-packages

[Dmitry E. Oboukhov]

Package: ftp.debian.org

Please, remove 2 packages (uqm-music and uqm-voice).

I didn't perform an unification immediately because I wouldn't  know  if
there will be new REJECT or not (these packages were  rejected  due  the
size 100Mb) and because I performed an adopt.   


Now the binary packages uqm-music, uqm-voice, uqm-content are united  in
one (it's more logical) and  the  necessity  in  SRC-packages  uqm-music
and uqm-voice   is fell away.   


Please excuse me that I  didn't  go  this  way  immediately.   It's  not
possible always to think over the optimum case. :) 

--
... mpd playing: А.Непомнящий - От греха

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#489686: RM: uqm-voice -- RoM; reorganization of src-packages

[Dmitry E. Oboukhov]

Package: ftp.debian.org

Please, remove 2 packages (uqm-music and uqm-voice).

I didn't perform an unification immediately because I wouldn't  know  if
there will be new REJECT or not (these packages were  rejected  due  the
size 100Mb) and because I performed an adopt.

Now the binary packages uqm-music, uqm-voice, uqm-content are united  in
one (it's more logical) and  the  necessity  in  SRC-packages  uqm-music
and uqm-voice   is fell away.

Please excuse me that I  didn't  go  this  way  immediately.   It's  not
possible always to think over the optimum case. :)

--
... mpd playing: А.Непомнящий - Ад

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#489464: rocksndiamonds: audio is scratchy

[Dmitry E. Oboukhov]

tags 489464 wontfix
severity 489464 wishlist
thanks

On 19:06 Sat 05 Jul , Michael Gilbert wrote:
MG Package: rocksndiamonds
MG Version: 3.2.4+dfsg-3
MG Severity: normal

MG hello, the music and sfx in rocksndiamonds are scratchy on my system.
MG note that i have an onboard AC'97 sound card.  i ran into the same issue
MG with wesnoth, freedroidrpg, and neverball recently
MG (http://bugs.debian.org/405841, http://bugs.debian.org/406437,
MG http://bugs.debian.org/410489 respectively).  the solution for those
MG games was to set the audio sampling rate on the sound card to 44100 Hz
MG (see the bug reports for more detail including patches).  is there any way
MG to set the audio sampling rate in rocksndiamonds?  otherwise, this
MG capability needs to be added in.

MG this bug is confirmed to exist in rocksndiamonds running on the unstable
MG linux 2.6.25-2 kernel.

MG thanks for the hard work.

Sorry, this bug will not be corrected.  It would  be  correct  to
make reassign of this bug to AC97-driver (linux-image).

Such bug was already  written  for  about  a  year  ago  and  was
reassigned.

The case is the following:

Images and sounds are not included into the package (by licension
limits) I am maintaining.  So I can't set them  another  bitrate.
Besides for using bitrate 44100 it  is  nessesary  to  patch  the
program code.

Having incorrect driver You  try  to  correct  all  the  programs
around you instead of writing bug-reports on this driver. I thing
it is incorrect.

--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#486844: avr-libc: FHS violation

[Dmitry E. Oboukhov]

OK, where to?

May be so?

/usr/avr/include- /usr/include/avr
/usr/avr/bin- /usr/lib/binutils-avr
/usr/avr/lib- /usr/lib/avr-libc

--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#489239: errors in closetag

[Dmitry E. Oboukhov]

=ibm866CR
menu Encoding.utf-8 :e ++enc=utf-8 CR
map F8 :emenu Encoding.M-TAB

set directory=~/.vimswp

 bufexplorer
let g:bufExplorerShowDirectories = 1
let g:bufExplorerShowRelativePath = 1
let g:bufExplorerSortBy='name'
let g:bufExplorerSplitBelow=1
let g:bufExplorerSplitOutPathName=0
nmap F4 :BufExplorerCR
nmap \UP :bpCR
nmap \LEFT :bpCR
nmap \DOWN :bnCR
nmap \RIGHT :bnCR

taglist
nnoremap silent F12 :TlistToggleCR
let g:Tlist_Auto_Update = 1
let g:Tlist_GainFocus_On_ToggleOpen = 1
let g:Tlist_Use_Horiz_Window = 0
let g:Tlist_Use_Right_Window = 1
let g:Tlist_WinHeight = 20
let g:Tlist_Compact_Format =  1
let g:Tlist_Auto_Update = 1
let g:Tlist_Close_On_Select = 1
let g:Tlist_Enable_Fold_Column = 1
let g:Tlist_Exit_OnlyWindow = 1
let g:Tlist_Auto_Highlight_Tag = 1
let g:Tlist_Inc_Winwidth = 0
let g:Tlist_Show_Menu = 1
 au BufNewFile,BufRead ${HOME}/work/* e ++enc=cp1251
 au BufNewFile,BufRead ${HOME}/work/* syntax on

 closetag
let b:closetag_html_style=1
:autocmd Filetype html,xml,xsl source ~/.vim/macros/closetag.vim
:autocmd BufNewFile,BufRead *.sgm* source ~/.vim/macros/closetag.vim
 удаляем пробелы в конце строк
nmap \s :%s/\s\+$//CR:echo deleted endspasesCR

 шаблоны для наиболее часто редактируемых файлов
nmap _tp gg:0r ~/.vim/ft/template.plCR
nmap _th gg:0r ~/.vim/ft/template.htmlCR

au BufNewFile *.p[lm] 0read ~/.vim/ft/template.pl
au BufNewFile *.htm*  0read ~/.vim/ft/template.html

 set keymap=russian-jcukenwin

 скобочки парные ставятся автоматом
imap {CR {CR}EscO

 подсвечивать в режиме вставки красным цветом статуслайн
highlight StatusLine ctermfg=grey
autocmd InsertEnter * highlight StatusLine ctermfg=red
autocmd InsertLeave * highlight StatusLine ctermfg=grey

--
... mpd playing: Manowar - Ride The Dragon

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#489305: incorrect 'top' behavior

[Dmitry E. Oboukhov]

Package: procps
Version: 1:3.2.7-8

The top command show used memory size incorrectly if an application  use
threads.

There is a test  c-file  in  the  attachment  which  runs  350  threads.
The top command on my system shows that compiled from this  file  'test'
application used in 2 times more memory than it is.

And if you apply ps command to detect used memory size then you will see
that  really  used  just   0.1%   of   memory   from   available   size.
The top command in the %MEM field show the size  correctly  (0.1%),  but
the value in the DATA field is wrong.

It's obvious that the problem is that the  top  command  get  the  wrong
value by the following way.

It's multiply the one thread size on the threads quantity.

--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537
#include pthread.h
#include stdio.h
#include stdlib.h
#include unistd.h

void thread_foo(void * data)
{
	int num=*(int *)data;
	int i;
	int pause=100+random()%1;
	while(1)
	{
		for (i=0; inum+10; i++) usleep(pause);
	}
}

int main(void)
{
	int i;
pthread_t h;
for (i=0; i350; i++)
{
pthread_create (h, NULL, (void *)thread_foo, i);
usleep(500);
}
thread_foo(i);
}


signature.asc
Description: Digital signature

Bug#488634: bug in NEW/packages procedure?

[Dmitry E. Oboukhov]

Package: qa.debian.org


Usually if the quantity of binary packages  changes  in  an  src-package
then its upload leads to the  fact  that  the  package  passes  the  NEW
procedure again.

However it  hasn't  happened  in  the  case  with  greasemonkey  and
webdeveloper, that's why there've been hanging errors  on  qa.debian.org
for a few days already:

# out of date on i386: firefox-greasemonkey (from 0.8.20080609.0-1)
# out of date on alpha: firefox-greasemonkey (from 0.8.20080609.0-1)
# out of date on amd64: firefox-greasemonkey (from 0.8.20080609.0-1)
# out of date on arm: firefox-greasemonkey (from 0.8.20080609.0-1)
# out of date on armel: firefox-greasemonkey (from 0.8.20080609.0-1)
# out of date on hppa: firefox-greasemonkey (from 0.8.20080609.0-1)
# out of date on ia64: firefox-greasemonkey (from 0.8.20080609.0-1)
# out of date on mips: firefox-greasemonkey (from 0.8.20080609.0-1)
# out of date on mipsel: firefox-greasemonkey (from 0.8.20080609.0-1)
# out of date on powerpc: firefox-greasemonkey (from 0.8.20080609.0-1)
# out of date on s390: firefox-greasemonkey (from 0.8.20080609.0-1)
# out of date on sparc: firefox-greasemonkey (from 0.8.20080609.0-1)

# out of date on i386: firefox-webdeveloper (from 1.1.6-1)
# out of date on alpha: firefox-webdeveloper (from 1.1.6-1)
# out of date on amd64: firefox-webdeveloper (from 1.1.6-1)
# out of date on arm: firefox-webdeveloper (from 1.1.6-1)
# out of date on armel: firefox-webdeveloper (from 1.1.6-1)
# out of date on hppa: firefox-webdeveloper (from 1.1.6-1)
# out of date on ia64: firefox-webdeveloper (from 1.1.6-1)
# out of date on mips: firefox-webdeveloper (from 1.1.6-1)
# out of date on mipsel: firefox-webdeveloper (from 1.1.6-1)
# out of date on powerpc: firefox-webdeveloper (from 1.1.6-1)
# out of date on s390: firefox-webdeveloper (from 1.1.6-1)
# out of date on sparc: firefox-webdeveloper (from 1.1.6-1)

Please help to correct the situation.


--

. ''`.
: :’  :
`. `~’
  `- GPGKey: 1024D/F8E26537 2006-11-21 Dmitry E. Oboukhov [EMAIL PROTECTED]


signature.asc
Description: Digital signature

Bug#488110: greasemonkey: New upstream release

[Dmitry E. Oboukhov]

Package: greasemonkey
Version: 0.6.6.20061017.0-2
Severity: important
X-Debian-CC: [EMAIL PROTECTED]

Package greasemonkey is too (2 years) old.
Please make an orphan procedure for it or upload new version.

If You can't support this package anymore I can do this.

--

. ''`.
: :’  :
`. `~’
  `- GPGKey: 1024D/F8E26537 2006-11-21 Dmitry E. Oboukhov [EMAIL PROTECTED]


signature.asc
Description: Digital signature

Bug#487201: MPL-license

[Dmitry E. Oboukhov]

Package: base-files
Severity: wishlist

Some of packages have contain the full text MPL-license. 
(Ice(weasel|ape|dove), addons...).
Please, include the file http://www.mozilla.org/MPL/MPL-1.1.txt
into /usr/share/common-licenses.


signature.asc
Description: Digital signature

Bug#487226: ITP: firebug -- web development plugin for iceweasel

[Dmitry E. Oboukhov]

Package: wnpp
Severity: wishlist

* Package name: firebug
  Version : 1.2
  Upstream Author : Joe Hewitt
* URL : https://addons.mozilla.org/en-US/firefox/addon/1843
* License : BSD
  Programming Lang: JS
  Description : web development plugin for iceweasel
 Firebug integrates with Iceweasel to put a wealth of web  
 development  tools at your fingertips while you browse. 
 You can edit, debug, and monitor CSS, HTML, and JavaScript
 live in any web page. 
 .
 Features:
 . 
  * Inspect and edit HTML
  * Tweak CSS to perfection
  * Visualize CSS metrics
  * Monitor network activity
  * Debug and profile JavaScript
  * Quickly find errors
  * Explore the DOM
  * Execute JavaScript on the fly
  * Logging for JavaScript
--

. ''`.
: :’  :
`. `~’
  `- GPGKey: 1024D/F8E26537 2006-11-21 Dmitry E. Oboukhov [EMAIL PROTECTED]


signature.asc
Description: Digital signature

Bug#483123: Should be able to cope with out of date language packs

[Dmitry E. Oboukhov]

severity 483123 important
thanks

On 23:13 Thu 05 Jun , Dmitry E. Oboukhov wrote:
DEO Same issue with iceweasel-l10n-ru

please, add record 'Conflict: iceweasel-l10n (3.0)'
to debian/control


signature.asc
Description: Digital signature

Bug#483123: Same with iceweasel-l10n-ru

[Dmitry E. Oboukhov]

Same issue with iceweasel-l10n-ru

--
Dmitry
GPG Key: 1024D/F8E26537 2006-11-21 Dmitry E. Oboukhov [EMAIL PROTECTED]


signature.asc
Description: Digital signature

Bug#484238: ITP: libtree-multinode-perl -- a multi node tree object

[Dmitry E. Oboukhov]

Package: wnpp
Severity: wishlist

* Package name: libtree-multinode-perl
Version : 1.0.10
Upstream Author : Kyle R. Burton [EMAIL PROTECTED]
* URL : http://search.cpan.org/~krburton/
* License : Artistic
Programming Lang: Perl
Description : a multi node tree object
 Tree::MultiNode, Tree::MultiNode::Node, and
 MultiNode::Handle of objects are written to model the Tree
 heirarchical structure. Each child object can be the tree
 itself. The tree has no internal sorting, though all
 operations perserve the order of the child nodes.


signature.asc
Description: Digital signature

Bug#484244: exception on ftp-disconnect

[Dmitry E. Oboukhov]

Package: dput
Severity: normal
Version: 0.9.2.30

python 2.5.2-3

see log:
$ dput libtree-multinode-perl_1.0.10-1_i386.changes
Uploading package to host ftp-master.debian.org Checking Signature on .changes
...
Good signature on
/home/dimka/work/deb/libtree-multinode-perl/libtree-multinode-perl_1.0.10-1.dsc.
Uploading to ftp-master (via ftp to ftp-master.debian.org):
  libtree-multinode-perl_1.0.10-1.dsc: done.
  libtree-multinode-perl_1.0.10.orig.tar.gz: done.
  libtree-multinode-perl_1.0.10-1.diff.gz: done.
  libtree-multinode-perl_1.0.10-1_all.deb: done.
  libtree-multinode-perl_1.0.10-1_i386.changes: done.
Traceback (most recent call last):
  File /usr/bin/dput, line 919, in module
main()
  File /usr/bin/dput, line 868, in main
files_to_upload, debug, ftp_mode, progress=progress, port=port)
  File /usr/share/dput/ftp.py, line 74, in upload
ftp_connection.quit()
  File /usr/lib/python2.5/ftplib.py, line 534, in quit
resp = self.voidcmd('QUIT')
  File /usr/lib/python2.5/ftplib.py, line 246, in voidcmd
return self.voidresp()
  File /usr/lib/python2.5/ftplib.py, line 221, in voidresp
resp = self.getresp()
  File /usr/lib/python2.5/ftplib.py, line 207, in getresp
resp = self.getmultiline()
  File /usr/lib/python2.5/ftplib.py, line 193, in getmultiline
line = self.getline()
  File /usr/lib/python2.5/ftplib.py, line 183, in getline
if not line: raise EOFError
EOFError


signature.asc
Description: Digital signature

Bug#484060: libdatapager-perl -- Data::Pager - flexible data pager

[Dmitry E. Oboukhov]

Package: wnpp
Severity: wishlist

* Package name: libdatapager-perl
  Version : 0.01
  Upstream Author : Vidul Nikolaev Petrov, [EMAIL PROTECTED]
* URL : http://search.cpan.org/~vidul/
* License : Perl
  Programming Lang: Perl
  Description : Data::Pager - flexible data pager

 This Perl-class implements the familiar pager where the current
 position is centered.


signature.asc
Description: Digital signature

Bug#483813: hedgewars: freezes mouse on crash

[Dmitry E. Oboukhov]

tags 483813 unreproducible moreinfo
thanks

You haven't given any info concerning conditions when you have crash, so
it is impossible to analyze your bug-report.

Please make bug-trace when having a crash, describe the conditions at
which it is possible to reproduce crash and post them here.

AH Hi.

AH Hedgewars doesn't seem to be very stable at the moment. Sometimes when
AH playing against the AI the game crashes, leaving the game menu still open.
AH If this happens I can't move my mouse pointer at all. Killing the game
AH doesn't help, switching to console and back doesn't help. I have to open a
AH new game (with the help of my keyboard) and close it to control the mouse
AH again.


AH Regards,
AH Alex



signature.asc
Description: Digital signature

Bug#481115: justify plug-in don't work with 2-byte's UTF-8 texts.

[Dmitry E. Oboukhov]

On 19:14 Wed 28 May , James Vega wrote:
 On Tue, May 13, 2008 at 11:20:17PM +0400, Dmitry E. Oboukhov wrote:
 It's evidently that plug-in compute words and strings length
 wrong.The  most  probability  is  that  plug-in   compute
 words/strings  lengthin   bytes   but   not   in   chars.

 Correct.  The vimscript function strlen() simply returns the number of
 bytes.  There are various workarounds but they don't apply to all
 different encodings.  If you could send an example file, I'll test the
 workaround that should be applicable in most cases.

example russian text (utf8):

однажды в студеную зимнюю пору я из лесу вышел был сильный мороз гляжу
поднимается медленно в гору лошадка везущая хворосту воз откуда дровишки
ступай себе мимо... или вот это: царь с царицею простился в путь-дорогу
снарядился и царица у окна стала ждать его одна. ждет пождет с утра до
ночи смотрит в поле инда очи разболелись глядючи с белой зори до ночи не
видать милого друга смотрит в поле вьется вьюга снег ложится на поля вся
белешенька земля... девять месяцев проходит с поля глаз она не сводит
вот в сочельник в самый в ночь бог дает царице дочь... рано утром гость
желанный день и ночь так долгожданный издалече наконец воротился
царь-отец на него она взглянула тяжелехонько вздохнула восхищенья не
снесла и к обедне умерла.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#443167: fluxbox also doesn't notice resolution changes

[Dmitry E. Oboukhov]

On 20:06 Tue 20 May , Josef Spillner wrote:
JS Just some add-on information:
JS It also doesn't recognise resolution changes so that if a screen is scaled
JS down from 1680x1050 to 1024x768 to accommodate a projector, then displaying
JS PDF files fullscreen crops them. Happened today to me in front of my
JS students, who hence collectively learned that fluxbox 1.0.0+deb1-6 is
JS inferiour to state-of-the-art window managers.

JS And I was about to open a new bug just to see that this one has been open 
for
JS a long time. Before trying to do anything about it I want to see some
JS feedback.

Unfortunately  I  don't  use  xrandr  and  different  screen
sizes, so I can say nothing on this  bug.   The  only  thing
I definitely know is  the  following:  the  developers  have
been informed about this bug  and  may  be  they  even  have
already  corrected it.

Wouldn't it be  too  much  trouble  for  You  to  build  the
git-version of fluxbox?  In the neighbour bug-treads I wrote
how to build it.  Here for example: #375709

Some new settings  are  not  finished  yet  in  git-version,
however it is possible to  estimate  if  this  bug  declares
itself or not.


signature.asc
Description: Digital signature

Bug#481893: in some cases it is impossible to input options for Makefile.PL

[Dmitry E. Oboukhov]

Package: cdbs
Version: 0.4.52
Severity: normal
Tags: patch

Some  Makefile.PL  disassemble  options  with  the  help  of
Getopt::Std module, meanwhile if options are written in  the
end of command line, they will be ignored (because they must
be declared before arguments).

So the following construction (DEB_MAKEMAKER_USER_FLAGS = -n):

perl Makefile.PL INSTALLDIRS=vendor -n

doesn't work,

but is impossible to receive the working construction

perl Makefile.PL -n INSTALLDIRS=vendor

with the help of cdbs without redefining the variable
DEB_MAKEMAKER_INVOKE

The patch in attach solves this problem.
--- 1/class/perlmodule.mk.in	2007-08-13 15:58:16.0 +0400
+++ 1/class/perlmodule.mk.in	2008-05-19 15:06:23.0 +0400
@@ -43,6 +45,6 @@
 
 common-configure-arch common-configure-indep:: Makefile
 Makefile:
-	(cd $(DEB_BUILDDIR)  $(DEB_MAKEMAKER_INVOKE) $(DEB_MAKEMAKER_USER_FLAGS) )
+	(cd $(DEB_BUILDDIR)  $(DEB_MAKEMAKER_INVOKE) )
 
 endif
--- 1/class/perlmodule-vars.mk.in	2007-10-16 12:15:33.0 +0400
+++ 1/class/perlmodule-vars.mk.in	2008-05-19 15:04:40.0 +0400
@@ -36,7 +38,7 @@
 DEB_MAKEMAKER_PACKAGE := $(firstword $(shell $(_cdbs_scripts_path)/list-packages))
 endif
 
-DEB_MAKEMAKER_INVOKE = /usr/bin/perl Makefile.PL INSTALLDIRS=vendor
+DEB_MAKEMAKER_INVOKE = /usr/bin/perl Makefile.PL $(DEB_MAKEMAKER_USER_FLAGS) INSTALLDIRS=vendor
 
 # Set some MakeMaker defaults
 DEB_MAKE_BUILD_TARGET = all


signature.asc
Description: Digital signature

Bug#375709: This might be worth to merge with 477234 and 428020

[Dmitry E. Oboukhov]

On 10:05 Mon 19 May , Dami�n Viano wrote:
DV This seems like the same problem of #477234 and #428020 actually. That a
DV window hinting the WM for attention doesn't get it, same goes for
DV #222089 and AFAIK they are all fixed upstream.

DV I've only reassigned #477234 from Geany to Fluxbox and merged with
DV #428020, and tag them fixed as I tested with current git and is working
DV as expected.

DV I leave the merge of #222089 with them to the maintainer discretion
DV since the request is slightly different but is solved by the same fix, I
DV think.

DV Hope to help,

please test fluxbox from git

# apt-get build-dep fluxbox
# apt-get install git-core fakeroot
$ apt-get source fluxbox
$ cd fluxbox-1.0.0+deb1
$ sh debian/create-git-package.sh
$ cd ../fluxbox-git*
$ fakeroot debian/rules binary


signature.asc
Description: Digital signature

Bug#480597: fluxbox: bashism in /bin/sh script

[Dmitry E. Oboukhov]

tag 480597 unreproducible
thanks

I think that it was not a good idea to remove unreproducible
tag from the bug.

I haven't found  any  way  of  running  fbsetbg  with  error
occurring.  Yes,  if  there  is  not  present  some  utility
(time/echo/date) then the error will be outputted  to  pipe,
but   this   error   willbeapartofrandom
generator.

It will work even in case when 2 of 3 utilities  are  absent
(that can't be in reality) Make *retitle bug* to 'my way  of
fbsetbg optimizing' ;) or give a way of using  fbsetbg  with
which the error will appear.  While you are thinking  I  set
unreproducible tag :)  

PS: Of course I would write it this way: 

dd if=/dev/urandom bs=100 count=1 21|cksum... 

but for our case in my opinion it's enougth jus one variable
$$

Dmitry


signature.asc
Description: Digital signature

Bug#481115: justify plug-in don't work with 2-byte's UTF-8 texts.

[Dmitry E. Oboukhov]

Package: vim-runtime
Version: 1:7.1.293
Severity: important
Tags: l10n

There is no result with pressing  keys  _j  with  using  the
justify plug-in  for  aligning  for  example  Russian  text.

My investigation shows that if page width (tw) set to  value
50 (N) and press _j for Russian  text  with  string  lengths
less than 25 (N/2) then some  spaces  appears  between  some
words i.e. plug-in tries to align text.

It's evidently that plug-in compute words and strings length
wrong.   The  most  probability  is  that  plug-in   compute
words/strings  length   in   bytes   but   not   in   chars.
(1 Russian char takes 2 bytes in UTF-8) And because of  this
plug-in thinks that strings with length more than  25  (N)
chars are more long then setting tw=50 (2*N) and  skip  such
strings.




signature.asc
Description: Digital signature

Bug#479614: incorrect table displaying

[Dmitry E. Oboukhov]

 Package: iceweasel
 Version: 2.0.0.14
 Severity: normal
 
 Iceweasel/2.0.0.14 displays the attached html page incorrectly.
 There is also screenshot of this bug.
 
 Please excuse me for big html size. I've reduced it as I can.
 
 Background:black style applying even after closing /table tag.
 
 If one or some rows of the table be removed from the table then problem
 will disappearing.

MH Can you confirm this works fine with the version of iceweasel in
MH experimental ? (it looks like, to me)
FTBFS:

nbw:[/home/dimka]# LANG=C apt-get build-dep iceweasel
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Build-Depends dependency for iceweasel cannot be satisfied because
the package xulrunner-dev cannot be found

cat /etc/apt/sources.list
deb http://www.debian-multimedia.org lenny main

deb http://ftp.debian.org/debian/ etch main contrib non-free
deb-src http://ftp.debian.org/debian/ etch main contrib non-free
deb http://ftp.debian.org/debian/ lenny main contrib non-free
deb-src http://ftp.debian.org/debian/ lenny main contrib non-free
deb http://ftp.debian.org/debian/ sid main contrib non-free
deb-src http://ftp.debian.org/debian/ sid main contrib non-free

deb-src http://ftp.debian.org/debian/ experimental main contrib non-free


signature.asc
Description: Digital signature

Bug#479614: incorrect table displaying

[Dmitry E. Oboukhov]

 Package: iceweasel
 Version: 2.0.0.14
 Severity: normal
 
 Iceweasel/2.0.0.14 displays the attached html page incorrectly.
 There is also screenshot of this bug.
 
 Please excuse me for big html size. I've reduced it as I can.
 
 Background:black style applying even after closing /table tag.
 
 If one or some rows of the table be removed from the table then problem
 will disappearing.
 
MH Can you confirm this works fine with the version of iceweasel in
MH experimental ? (it looks like, to me)
 FTBFS:
 
 nbw:[/home/dimka]# LANG=C apt-get build-dep iceweasel

MH Why do you try to build it ? It should already be available on most
MH architectures.
experimental? my system is unstable/testing ))


signature.asc
Description: Digital signature

Bug#479614: incorrect table displaying

[Dmitry E. Oboukhov]

tags 479614 fixed-in-experimental
thanks

On 13:56 Sun 11 May , Mike Hommey wrote:
MH On Sun, May 11, 2008 at 03:46:34PM +0400, Dmitry E. Oboukhov wrote:
 Package: iceweasel
 Version: 2.0.0.14
 Severity: normal
 
 Iceweasel/2.0.0.14 displays the attached html page incorrectly.
 There is also screenshot of this bug.
 
 Please excuse me for big html size. I've reduced it as I can.
 
 Background:black style applying even after closing /table tag.
 
 If one or some rows of the table be removed from the table then problem
 will disappearing.
 
MH Can you confirm this works fine with the version of iceweasel in
MH experimental ? (it looks like, to me)
 FTBFS:
 
 nbw:[/home/dimka]# LANG=C apt-get build-dep iceweasel
 
MH Why do you try to build it ? It should already be available on most
MH architectures.
 experimental? my system is unstable/testing ))

MH You only need xulrunner and iceweasel from experimental, to test, not
MH everything.

MH Mike


signature.asc
Description: Digital signature

Bug#480699: iceweasel: Unauthorized files/directories creation

[Dmitry E. Oboukhov]

Package: iceweasel
Version: 3.0~b5-3
Severity: important
Tags: experimental

iceweasel 3.0 creates useless empty directory Desktop in user's home
directory with every run.

This action can't be turned off by any settings in settings dialog.

This is very irritating bug. Please fix it to previous version.


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.25-1-686 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages iceweasel depends on:
ii  debianutils2.28.4Miscellaneous utilities specific t
ii  fontconfig 2.5.0-2   generic font configuration library
ii  libatk1.0-01.22.0-1  The ATK accessibility toolkit
ii  libc6  2.7-10GNU C Library: Shared libraries
ii  libcairo2  1.6.4-1+b1The Cairo 2D vector graphics libra
ii  libdbus-1-31.2.1-2   simple interprocess messaging syst
ii  libdbus-glib-1-2   0.74-2simple interprocess messaging syst
ii  libfontconfig1 2.5.0-2   generic font configuration library
ii  libfreetype6   2.3.5-1+b1FreeType 2 font engine, shared lib
ii  libgcc11:4.3.0-3 GCC support library
ii  libglib2.0-0   2.16.2-1  The GLib library of C routines
ii  libgtk2.0-02.12.9-3  The GTK+ graphical user interface 
ii  libjpeg62  6b-14 The Independent JPEG Group's JPEG 
ii  libpango1.0-0  1.20.2-2  Layout and rendering of internatio
ii  libstdc++6 4.3.0-3   The GNU Standard C++ Library v3
ii  libx11-6   2:1.0.3-7 X11 client-side library
ii  libxrender11:0.9.4-1 X Rendering Extension client libra
ii  libxt6 1:1.0.5-3 X11 toolkit intrinsics library
ii  procps 1:3.2.7-6 /proc file system utilities
ii  psmisc 22.6-1Utilities that use the proc filesy
ii  zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime

iceweasel recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#479931: mytop: FTBFS: rmdir: failed to remove `debian/tmp/usr/lib': No such file or directory

[Dmitry E. Oboukhov]

tags 479931 patch
thanks

see attache

--- debian/rules.old	2008-05-07 14:52:37.0 +0400
+++ debian/rules	2008-05-07 14:53:11.0 +0400
@@ -31,7 +31,7 @@
 	# Fix file permission
 	chmod 755 debian/tmp/usr/bin/mytop
 	# Remove empty directories
-	rmdir debian/tmp/usr/lib/perl5 debian/tmp/usr/share/perl5 debian/tmp/usr/lib
+	rm -fr debian/tmp/usr/lib/perl5 debian/tmp/usr/share/perl5 debian/tmp/usr/lib
 	# Compress manual page
 	chmod 644 debian/tmp/usr/share/man/man1/mytop.1p
 	gzip -9 debian/tmp/usr/share/man/man1/mytop.1p


signature.asc
Description: Digital signature

Bug#479931: mytop: FTBFS: rmdir: failed to remove `debian/tmp/usr/lib': No such file or directory

[Dmitry E. Oboukhov]

MM -rmdir debian/tmp/usr/lib/perl5 debian/tmp/usr/share/perl5 
debian/tmp/usr/lib
this is lintian error ))



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#479788: ITP: adblock-plus -- Extension for the Iceweasel and Iceape web browsers

[Dmitry E. Oboukhov]

Package: wnpp
Severity: wishlist

* Package name: adblock-plus
  Version : 0.7.5.4
  Upstream Author : Wladimir Palant
* URL : https://addons.mozilla.org/en-US/firefox/addon/1865
* License : MPL
  Programming Lang: JS
  Description : Extension for the Iceweasel and Iceape web browsers

 The Adblock-plus  extension  adds  to  Iceweasel  and  Iceape  browsers
 an ability  to  filter  unwanted  objects  on  webpages.   Filters  can
 be   specified   using   wildcards   inordertoblocke.g.
 all   images   or   JavaScript   files   from   specific   servers   or
 directories.
 .
 Adblock-plus   is   the   development   of   the   Adblock   extension.


signature.asc
Description: Digital signature

Bug#478281: an error in displaying of multiselect dialogues in text form

[Dmitry E. Oboukhov]

test package (demo this bug) in attache




test-package.tar.gz
Description: Binary data


signature.asc
Description: Digital signature

Bug#478281: an error in displaying of multiselect dialogues in text form

[Dmitry E. Oboukhov]

screenshots in attache




attachment: screenshot_terminal_80x25.pngattachment: screenshot_terminal_140x25.png

signature.asc
Description: Digital signature

Bug#478646: Processed: tagging 478646

[Dmitry E. Oboukhov]

tags 478646 + fixed-upstream
thanks

http://git.fluxbox.org/?p=fluxbox.git;a=commit;h=f552b328bc07c3b842777d5c449febb58cd817bb

On 00:54 Thu 01 May , Debian Bug Tracking System wrote:
DBTS Processing commands for [EMAIL PROTECTED]:

 # Automatically generated email from bts, devscripts version 2.10.26
 tags 478646 + patch
DBTS Bug#478646: fluxbox: fbrun.1 does not document -nearmouse
DBTS There were no tags set.
DBTS Tags added: patch

 
DBTS End of message, stopping processing here.

DBTS Please contact me if you need assistance.

DBTS Debian bug tracking system administrator
DBTS (administrator, Debian Bugs database)



signature.asc
Description: Digital signature

Bug#478281: an error in displaying of multiselect dialogues in text form

[Dmitry E. Oboukhov]

Package: debconf
Version: 1.5.21
Severity: important

There's a certain  multiselect dialogue and its content is formed
dynamically by config script. The content of this dialogue becomes
known only when congig script is started on a users's computer, so
I haven't found a better solution than that described above.

In case when some items of the generated multiselect-dialogue go
beyond 70-80 symbols of string length, debconf displays the dialogue
incorrectly: multiselect window becomes wider than terminal width
and it is impossible to use such element of tuning.

Unfortunately I haven't yet had an opportunity to test if this bug
declares itself in case when the symbol width is 1 byte. I'll make
such a test in the nearest future.

Please limit the width of the displayed dialogue window by symbols
(the symbol width not always equals one byte) depending on the 
terminal width.


signature.asc
Description: Digital signature

Bug#477822: Don't print control chars to the terminal

[Dmitry E. Oboukhov]

tags 477822 patch
thanks

In my opinion it's enougth to replace all the characters with the codes
lower than 0x20 on any charachter that could be displaed (for example
'?') too fix this problem.

Please test the attached patch which do this and please report if there
any problems with another characters.

--- mytop-1.6.orig/mytop	2008-04-27 16:23:56.0 +0400
+++ mytop-1.6/mytop	2008-04-27 16:22:32.0 +0400
@@ -1009,6 +1009,9 @@
 
 ## collpase whitespace
 $thread-{Info} =~ s/\s+/ /g;
+
+# control symbols
+$thread-{Info} =~ s/(.)/ord($1)0x20?'?':$1/eg;
 }
 
 ## stow it in the cache


signature.asc
Description: Digital signature

Bug#475140: the patch for removing the terminal flicker

[Dmitry E. Oboukhov]

reopen 475140
thanks

There is a full redrawing instead a screen cleaning in the flicker.diff
patch. And some points about modes switching were not taken into
consideration. As the result the screen was not redrawed sometimes.

This was my fault, please, excuse me :)

The attached patch that will fix this problem. Please replace the file
flicker.diff


--- mytop-1.6.orig/mytop	2008-04-27 02:06:33.0 +0400
+++ mytop-1.6/mytop	2008-04-27 02:08:17.0 +0400
@@ -73,6 +73,7 @@
 ## Default Config Values
 
 my %config = (
+vt100 = 0,
 batchmode = 0,
 color = 1,
 db= '',
@@ -104,6 +105,15 @@
 
 my $CLEAR = $WIN ? '': `clear`;
 
+my %vt100_commands=
+(
+  CURSOR_TO_START = \x1b[0;0f,
+  CURSOR_SAVE = \x1b[s,
+  CURSOR_RESTORE  = \x1b[u,
+  EEL = \x1b[K,  # Erase end of line
+  EEB = \x1b[J,  # Erase down
+);
+
 ## Term::ReadKey values
 
 my $RM_RESET   = 0;
@@ -140,6 +150,7 @@
 Getopt::Long::Configure('no_ignore_case', 'bundling');
 
 GetOptions(
+vt100   = \$config{vt100},
 color!  = \$config{color},
 user|u=s= \$config{user},
 pass|password|p=s   = \$config{pass},
@@ -158,6 +169,9 @@
 sort=s  = \$config{sort},
 );
 
+($config{batchmode} or not -t STDOUT)
+  and $config{vt100}=0;
+
 ## User may have put the port with the host.
 
 if ($config{host} =~ s/:(\d+)$//)
@@ -171,6 +185,7 @@
 {
 require Term::ReadKey;
 Term::ReadKey-import();
+Clear();
 }
 
 ## User may want to disable color.
@@ -682,6 +697,14 @@
 }
 }
 
+sub CursorToStartNotClear()
+{
+  local $\;
+  $config{vt100} or return Clear;
+  $WIN and return Clear;
+  print $vt100_commands{CURSOR_TO_START};
+}
+
 my $last_time;
 
 sub GetData()
@@ -693,6 +716,8 @@
 
 my ($width, $height, $wpx, $hpx, $lines_left);
 
+local $\=$config{vt100}?$vt100_commands{EEL}\n:\n;
+
 if (not $config{batchmode})
 {
 ($width, $height, $wpx, $hpx) = GetTerminalSize();
@@ -810,16 +835,16 @@
 my $host_width = 52;
 my $up_width   = $width - $host_width;
 
-Clear() unless $config{batchmode};
-print RESET();
+CursorToStartNotClear() unless $config{batchmode};
+{ local $\; print RESET(); }
 
-printf %-${host_width}s%${up_width}s\n,
+printf %-${host_width}s%${up_width}s,
MySQL on $config{host} ($db_version),
up $uptime $current_time;
 $lines_left--;
 
 
-printf  Queries: %-5s  qps: %4.0f Slow: %7s Se/In/Up/De(%%):%02.0f/%02.0f/%02.0f/%02.0f \n,
+printf  Queries: %-5s  qps: %4.0f Slow: %7s Se/In/Up/De(%%):%02.0f/%02.0f/%02.0f/%02.0f ,
make_short( $STATUS{Questions} ),  # q total
$STATUS{Questions} / $STATUS{Uptime},  # qps, average
make_short( $STATUS{Slow_queries} ),# slow
@@ -835,9 +860,9 @@
 if ($t_delta)
 {
   my $q_diff = ( $STATUS{Questions} - $OLD_STATUS{Questions} );
-#  print(q_diff: $STATUS{Questions} - $OLD_STATUS{Questions}  / $t_delta = $q_diff\n);
+#  print(q_diff: $STATUS{Questions} - $OLD_STATUS{Questions}  / $t_delta = $q_diff);
 
-  printf( qps now: %4.0f Slow qps: %3.1f  Threads: %4.0f (%4.0f/%4.0f) %02.0f/%02.0f/%02.0f/%02.0f \n,
+  printf( qps now: %4.0f Slow qps: %3.1f  Threads: %4.0f (%4.0f/%4.0f) %02.0f/%02.0f/%02.0f/%02.0f ,
  ( $STATUS{Questions} - $OLD_STATUS{Questions} ) / $t_delta,
  ( # slow now (qps)
   ($STATUS{Slow_queries} ) ?
@@ -860,13 +885,13 @@
 }
 else
 {
-print \n;
+print ;
 }
 $lines_left--;
 
 if ($have_query_cache and $STATUS{Com_select} and $query_cache_hits)
 {
-  printf( Cache Hits: %-5s Hits/s: %4.1f Hits now: %5.1f  Ratio: %4.1f%% Ratio now: %4.1f%% \n, 
+  printf( Cache Hits: %-5s Hits/s: %4.1f Hits now: %5.1f  Ratio: %4.1f%% Ratio now: %4.1f%% , 
  make_short($STATUS{Qcache_hits}),# cache hits
  $STATUS{Qcache_hits} / $STATUS{Uptime}, # hits / sec
  ($t_delta) ?  ($STATUS{Qcache_hits} - $OLD_STATUS{Qcache_hits}) / $t_delta : 0,  # now / s
@@ -889,15 +914,16 @@
make_short(($STATUS{Bytes_received} - $OLD_STATUS{Bytes_received}) / $t_delta ),
make_short(($STATUS{Bytes_sent} - $OLD_STATUS{Bytes_sent}) / $t_delta ))
   if ($t_delta);
-print \n\n;
+print ;
+print ;
 
 $lines_left--;
 }
 
 if (not $config{batchmode} and not $config{header})
 {
-Clear();
-print RESET();
+CursorToStartNotClear();
+local $\; print RESET();
 }
 
 ##
@@ -909,15 +935,15 @@
 my $used = scalar(@sz) + Sum(@sz);
 my $free = $width - $used;
 
-print BOLD();
+  

Bug#477798: Contacts transference by the groups

[Dmitry E. Oboukhov]

Package: centerim
Version: 4.22.5-1
Severity: important

Contacts transference by the groups stopped to operate. i.e. if contact
will moved (ICQ, i don't chek other ones untill) from group A to group
B, then contact will stay in goup A after exit/new start.


signature.asc
Description: Digital signature

Bug#476909: suggestions on reorganisation of the stardict package.

[Dmitry E. Oboukhov]

On 02:51 Wed 23 Apr , Andrew Lee wrote:
AL Dmitry E. Oboukhov wrote:
 But I haven't understood from Your answer what we are working on? Is it
 a new stardict-dicts package or shall we add the scripts into starditct?
 
 As far as contrib repository is concerned it seems to me that there's no
 point to move it there (if only stardict-dicts), because the script for
 downloading the dictionaries is only an additional function (which is
 partly included into stardict itself).

AL Sorry, I have been very busy these days for organize a community event.

AL Please feel free to start a new package now. However you have better
AL idea or not, you are welcome to discuss with me. I will be available on
AL IRC, my nickname is AndrewLee.

Unfortunately I don't know English rather well for communicating in IRC
:(

I think it would be perfect to include my scripts in the package
stardict itself and not to But if You are against it then well, 
we'll make a new package.

Have You any desires or comments concerning what You've looked through?





-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#475140: the patch for removing the terminal flicker

[Dmitry E. Oboukhov]

DBTS Recently I've begun to use mytop. Everything is very comfortable except
DBTS the fact that the terminal flickers when repainting. I've written the
DBTS patch removing this effect.

DBTS Unfortunately I can't test it on many platforms so I've realised it as
DBTS an additional option --vt100.

last version for this patch (attache)

no artefacts )

--- old/mytop-1.6/mytop	2008-04-23 11:37:57.0 +0400
+++ new/mytop-1.6/mytop	2008-04-23 11:37:34.0 +0400
@@ -73,6 +73,7 @@
 ## Default Config Values
 
 my %config = (
+vt100 = 0,
 batchmode = 0,
 color = 1,
 db= '',
@@ -104,6 +105,15 @@
 
 my $CLEAR = $WIN ? '': `clear`;
 
+my %vt100_commands=
+(
+  CURSOR_TO_START = \x1b[0;0f,
+  CURSOR_SAVE = \x1b[s,
+  CURSOR_RESTORE  = \x1b[u,
+  EEL = \x1b[K,  # Erase end of line
+  EEB = \x1b[J,  # Erase down
+);
+
 ## Term::ReadKey values
 
 my $RM_RESET   = 0;
@@ -140,6 +150,7 @@
 Getopt::Long::Configure('no_ignore_case', 'bundling');
 
 GetOptions(
+vt100   = \$config{vt100},
 color!  = \$config{color},
 user|u=s= \$config{user},
 pass|password|p=s   = \$config{pass},
@@ -158,6 +169,9 @@
 sort=s  = \$config{sort},
 );
 
+($config{batchmode} or not -t STDOUT)
+  and $config{vt100}=0;
+
 ## User may have put the port with the host.
 
 if ($config{host} =~ s/:(\d+)$//)
@@ -171,6 +185,7 @@
 {
 require Term::ReadKey;
 Term::ReadKey-import();
+Clear();
 }
 
 ## User may want to disable color.
@@ -682,6 +697,13 @@
 }
 }
 
+sub CursorToStartNotClear()
+{
+  $config{vt100} or return Clear;
+  $WIN and return Clear;
+  print $vt100_commands{CURSOR_TO_START};
+}
+
 my $last_time;
 
 sub GetData()
@@ -693,6 +715,8 @@
 
 my ($width, $height, $wpx, $hpx, $lines_left);
 
+local $\=$config{vt100}?$vt100_commands{EEL}:'';
+
 if (not $config{batchmode})
 {
 ($width, $height, $wpx, $hpx) = GetTerminalSize();
@@ -810,7 +834,7 @@
 my $host_width = 52;
 my $up_width   = $width - $host_width;
 
-Clear() unless $config{batchmode};
+CursorToStartNotClear() unless $config{batchmode};
 print RESET();
 
 printf %-${host_width}s%${up_width}s\n,
@@ -896,7 +920,7 @@
 
 if (not $config{batchmode} and not $config{header})
 {
-Clear();
+CursorToStartNotClear();
 print RESET();
 }
 
@@ -1059,6 +1082,8 @@
 
 }
 
+$config{vt100} and 
+  print $vt100_commands{EEL}$vt100_commands{EEB};
 }
 
 ###
@@ -1709,6 +1734,11 @@
 Use if you'd like Bmytop to connect to a specific database by
 default. Default: none.
 
+=item B--vt100
+
+For  screen re-drawing use esc-sequence vt100. It is remove terminal 
+twinkling.
+
 =item B-b or B--batch or B--batchmode
 
 In batch mode, mytop runs only once, does not clear the screen, and


signature.asc
Description: Digital signature

Bug#477154: Fluxbox displays window title in Arabic and Hebrew in a wrong way

[Dmitry E. Oboukhov]

Please check if this bug is also contained in the git-version?

build package from git:

# - root
$ - user

# apt-get build-dep fluxbox
# apt-get install git-core fakeroot autoconf
$ apt-get source fluxbox
$ cd fluxbox-1.0.0+deb1
$ sh debian/create-git-package.sh
$ cd ../fluxbox-1.0.0+deb1+git...
$ fakeroot debian/rules binary


On 09:01 Mon 21 Apr , Oz Nahum wrote:
ON Package: fluxbox
ON Version: 1.0.0+deb1-6
ON Severity: important
ON Tags: l10n

ON When opening a text file with Hebrew or Arabic name the window title is
ON displayed backwords. This is also true when using a webrowser, when browsing
ON to a website with pagetitle in Arabic and Hebrew the title is dislayed
ON backwords.
ON Let me elaborate a little bit more: Suppose you go to Al-Jazeera.net, (see
ON also my atachments), then the page title will say in English: Al Jazeera
ON Englin - Front Page - Iceweasel (if you are using Iceweasel).
ON If you will go to the arabic web site the page title is broken and is
ON displayed backwards: from left to right instead of right to left. Hence in
ON arabic letters it will be : areezaJ La.
ON The same is true for Hebrew page title, see my other pictures.
ON This is a BiDi issue, and might be a FluxBox upstream issue, however it is
ON not hard to fix. I've seen it working OK in OpenBox under debian.


ON -- System Information:
ON Debian Release: lenny/sid
ON Architecture: i386 (i686)

ON Kernel: Linux 2.6.24.4 (SMP w/2 CPU cores; PREEMPT)
ON Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to
ON C)
ON Shell: /bin/sh linked to /UNIONFS/bin/bash

ON Versions of packages fluxbox depends on:
ON ii  libc6   2.7-6GNU C Library: Shared libraries
ON ii  libfontconfig1  2.5.0-2  generic font configuration
ON library
ON ii  libgcc1 1:4.3.0-1GCC support library
ON ii  libice6 2:1.0.4-1X11 Inter-Client Exchange
ON library
ON ii  libimlib2   1.4.0-1  powerful image loading and
ON renderi
ON ii  libsm6  2:1.0.3-1+b1 X11 Session Management library
ON ii  libstdc++6  4.3.0-1  The GNU Standard C++ Library v3
ON ii  libx11-62:1.0.3-7X11 client-side library
ON ii  libxext62:1.0.4-1X11 miscellaneous extension
ON librar
ON ii  libxft2 2.1.12-2 FreeType-based font drawing
ON librar
ON ii  libxinerama12:1.0.3-1X11 Xinerama extension library
ON ii  libxpm4 1:3.5.7-1X11 pixmap library
ON ii  libxrandr2  2:1.2.2-1X11 RandR extension library
ON ii  libxrender1 1:0.9.4-1X Rendering Extension client
ON libra
ON ii  menu2.1.38   generates programs menu for all
ON me

ON fluxbox recommends no packages.

ON -- no debconf information





-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#477012: ftbfs with cmake+new qt4

[Dmitry E. Oboukhov]

SV Please don't upload right now with
SV added unneeded build-deps.

Sorry, too late to receive Your mail.
(


signature.asc
Description: Digital signature

Bug#434625: A newline should be replaced by a space, not just deleted

[Dmitry E. Oboukhov]

tags 434625 patch
thanks

see attache

--- mytop	2008-04-21 12:47:11.0 +0400
+++ mytop	2008-04-21 14:29:48.0 +0400
@@ -1475,6 +1478,9 @@
 sub Execute($)
 {
 my $sql = shift;
+
+$sql and $sql=~s/\n/ /sg;
+
 my $sth = $dbh-prepare($sql);
 
 if (not $sth) { ReadMode($RM_RESET); die $DBI::errstr; }


signature.asc
Description: Digital signature

Bug#455901: Use of uninitialized value in substitution (s///) at /usr/bin/mytop line 958.

[Dmitry E. Oboukhov]

tags 455901 patch
thanks

see attache
--- mytop	2008-04-21 12:47:11.0 +0400
+++ mytop	2008-04-21 12:46:06.0 +0400
@@ -1,4 +1,7 @@
 #!/usr/bin/perl -w
+
+eval 'exec /usr/bin/perl -w -S $0 ${1+$@}'
+if 0; # not running under some shell
 #
 # $Id: mytop,v 1.53 2003/09/18 17:58:36 jzawodn Exp $
 
@@ -952,8 +955,11 @@
 {
 $thread-{Host} =~ s/:\d+$//;
 my $host = gethostbyaddr(inet_aton($thread-{Host}), AF_INET);
-$host =~ s/^([^.]+).*/$1/;
-$thread-{Host} = $host;
+if ($host)
+{
+  $host =~ s/^([^.]+).*/$1/;
+  $thread-{Host} = $host;
+}
 }
 
 ## Fix possible undefs


signature.asc
Description: Digital signature

Bug#475140: NMU package prepared

[Dmitry E. Oboukhov]

http://uvw.ru/debian/unstable/mytop/



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#476909: suggestions on reorganisation of the stardict package.

[Dmitry E. Oboukhov]

Package: stardict
Severity: normal

Hi, Andrew Lee and Anthony Fok!

I use stardict, I like this dictionary very much, but there is a great
discomfort: at every new installation it is necessary to download the
dictionaries from the site http://stardict.sourceforge.net by hand and
to install them.

It would be nice if the deb-package included the dictionaries from this
site, however it is most likely impossible because mostly they will not
correspond to DFSG.

I have a proposal to you:

to modify the package thus it has configure and template scripts for
debconf, which would allow users to choose and install the dictionaries
automatically (dpkg-reconfigure).

I've written a small script (it is attached) which creates a list of
what to download and where from: according to the results of the work of
this script one may generate the menu for choosing). Some time later I
would be able to complete the work on this system [1].

However now I have to choose whether to make a fake package only for
automatisation of downloading the dictionaries for stardict or to work
further on the stardict package.

Here I need your agreement or disagreement about working on the stardict
package: in the first case you'll include the results of my work into
package and add me to the  Uploaders group and in the second one I'll
make a retitle of this bug in ITP: staridct-dicts [1].

Please inform me what is your opinion on this subject.

Sincerely yours, Dmitry

PS: notes:

[1] _example_ of staridct-dicts.deb uploaded to:
http://uvw.ru/debian/unstable/stardict/

#!/usr/bin/perl

use warnings;
use strict;

package MechUTF8;
use base qw(WWW::Mechanize);
use Encode qw(encode decode);

sub content
{
  my $self=shift;
  my $content=$self-SUPER::content(@_);
  
  $self-response-header('Content-Type')=~/charset=([\w\d\-]+)/
and $content=encode(utf8=decode($1=$content));
  return $content;
}


package main;
use URI;
use File::Basename qw(basename);
use Getopt::Std qw(getopts);

my $server=http://stardict.sourceforge.net;;
my $durl=$server/Dictionaries.php;

sub die_if_error($$)
{
  my ($browser, $errtxt)[EMAIL PROTECTED];
  $browser-success and return;
  die sprintf $errtxt, server status: %s\n,
$browser-status;
}

sub usage()
{
  print endusage;
  usage: $0 [OPTIONS]

  OPTIONS:
-h- this helpscreen
-v- print verbose messages
-o file   - save list to file
endusage
  exit -1;
}

getopts('o:hv', \my %opts) or usage;
$opts{h} and usage;
if ($opts{o})
{
  open STDOUT, '', $opts{o}
or die Can not create file $opts{o}: $!\n;
  $|=1;
}

$|=1; select STDERR; $|=1; select STDOUT;
my $browser=new MechUTF8;
$opts{v} and print STDERR Getting $durl ...\n;
$browser-get($durl);
die_if_error $browser, Can not get categories list from $server;

my %ans=
map { m{href=(.*?).*?\s*(.*?)\s*}s; ($2, $server/$1) }
  $browser-content=~m{(a.*?/a)}sgi;
for (sort keys %ans)
{
  unless ($ans{$_}=~m{$server/Dictionaries_})
  {
delete $ans{$_};
next;
  }

  $opts{v} and print STDERR \tGetting $ans{$_} ...\n;
  $browser-get($ans{$_});
  die_if_error $browser, Can not get category `$_';
  my $content=$browser-content;

  for ($content)
  {
s[t([rd]).*?][t$1]sig;
s[\s*(?:/)?\s*(?:font|span|strong|b|b|br).*?][ ]sig;
  }

  my %dlist=
map { $$_[0]=~s[td.*?\s*(.*?)\s*.*][$1]; ($$_[0], $$_[1]) }
grep { $$_[1] !~ /rpm$/i }
map { $$_[1]=~s/\?.*//s; $_ }
map { ($$_[1]=~m[.*a\s*href=(.*?)\s*\s*tarbal]si)?[$$_[0], $1]:() }
map { [ $$_[0], $$_[1] $$_[2] ] }
grep { @$_ == 4  or @$_ == 3 }
map { [ m[(td.*?/td)]sig ] }
  $content=~m{(tr.*?/tr)}sig;
  for my $url (values %dlist)
  {
my $basename=basename(URI-new($url)-path);
$url={file=$basename, url=$url, section=$_};
  }
  
  $opts{v} and
printf STDERR \t\tfound %d tarbal-links for download\n,
  scalar keys %dlist;
  unless (%dlist)
  {
delete $ans{$_};
next;
  }
  
  printf %s\n,
join \t, 
  $dlist{$_}{section}, 
  $_,
  $dlist{$_}{file},
  $dlist{$_}{url} for sort keys %dlist;
}

keys %ans or
  die Can not find categories list in $durl\n;

exit 0;


signature.asc
Description: Digital signature

Bug#477012: hedgewars: FTBFS: make: *** [configure-stamp] Error 255

[Dmitry E. Oboukhov]

tags 477012 patch pending
thanls


Thanks for You bug-report, see patch.

On 17:36 Sun 20 Apr , Lucas Nussbaum wrote:
LN Package: hedgewars
LN Version: 0.9.2-1
LN Severity: serious
LN User: [EMAIL PROTECTED]
LN Usertags: qa-ftbfs-20080419 qa-ftbfs
LN Justification: FTBFS on i386

LN Hi,

LN During a rebuild of all packages in sid, your package failed to build on 
i386.

LN This rebuild was done with gcc 4.3 instead of gcc 4.2, because gcc 4.3 is 
now
LN the default on most architectures (even if it's not the case on i386 yet).
LN Feel free to downgrade this bug to 'important' if your package is only built
LN on i386, and this bug is specific to gcc 4.3 (i.e the package builds fine 
with
LN gcc 4.2).

LN Relevant part:
 /usr/bin/fakeroot debian/rules clean
 rm -fr build *-stamp
 dh_clean
 dpkg-source -b hedgewars-0.9.2
 dpkg-source: info: using source format `1.0'
 dpkg-source: info: building hedgewars using existing 
 hedgewars_0.9.2.orig.tar.gz
 dpkg-source: info: building hedgewars in hedgewars_0.9.2-1.diff.gz
 dpkg-source: info: building hedgewars in hedgewars_0.9.2-1.dsc
 debian/rules build
 mkdir build
 tar xjf *.tar.bz2 -C build
 name_top=`ls build`; \
 mv build/$name_top/* build; \
 rmdir build/$name_top
 touch unpack-stamp
 dh_testdir
 cd build  \
 cmake -DCMAKE_INSTALL_PREFIX=/usr/lib/hedgewars \
 -DDATA_INSTALL_DIR=/usr/share/games .
 -- Check for working C compiler: /usr/bin/gcc
 -- Check for working C compiler: /usr/bin/gcc -- works
 -- Check size of void*
 -- Check size of void* - done
 -- Check for working CXX compiler: /usr/bin/c++
 -- Check for working CXX compiler: /usr/bin/c++ -- works
 -- Looking for Q_WS_X11
 -- Looking for Q_WS_X11 - found
 -- Looking for Q_WS_WIN
 -- Looking for Q_WS_WIN - not found.
 -- Looking for Q_WS_QWS
 -- Looking for Q_WS_QWS - not found.
 -- Looking for Q_WS_MAC
 -- Looking for Q_WS_MAC - not found.
 -- Found Qt-Version 4.4.0-rc1
 -- Looking for _POSIX_TIMERS
 -- Looking for _POSIX_TIMERS - found
 -- Looking for pthread.h
 -- Looking for pthread.h - found
 -- Looking for pthread_create in pthreads
 -- Looking for pthread_create in pthreads - not found
 -- Looking for pthread_create in pthread
 -- Looking for pthread_create in pthread - found
 CMake Error: This project requires some variables to be set,
 and cmake can not find them.
 Please set the following variables:
 QT_FONTCONFIG_LIBRARY (ADVANCED)
 QT_X11_ICE_LIBRARY (ADVANCED)
 QT_X11_SM_LIBRARY (ADVANCED)
 QT_XI_LIBRARY (ADVANCED)
 QT_XRANDR_LIBRARY (ADVANCED)
 QT_XRENDER_LIBRARY (ADVANCED)
 
 -- Configuring done
 make: *** [configure-stamp] Error 255

LN The full build log is available from:
LN http://people.debian.org/~lucas/logs/2008/04/19

LN A list of current common problems and possible solutions is available at
LN http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

LN About the archive rebuild: The rebuild was done on about 50 AMD64 nodes
LN of the Grid'5000 platform, using a clean chroot containing a sid i386
LN environment.  Internet was not accessible from the build systems.
--- hedgewars-0.9.2/debian/control	2008-04-20 20:25:37.0 +0400
+++ hedgewars-0.9.2/debian/control	2008-04-20 20:16:03.0 +0400
@@ -2,7 +2,7 @@
 Section: games
 Priority: extra
 Maintainer: Dmitry E. Oboukhov [EMAIL PROTECTED]
-Build-Depends: debhelper (= 5), cmake, libqt4-dev (= 4.2), fp-compiler, libsdl1.2-dev, libsdl-ttf2.0-dev, libsdl-mixer1.2-dev, libsdl-image1.2-dev, libsdl-net1.2-dev, bzip2
+Build-Depends: debhelper (= 5), cmake, libqt4-dev (= 4.2), fp-compiler, libsdl1.2-dev, libsdl-ttf2.0-dev, libsdl-mixer1.2-dev, libsdl-image1.2-dev, libsdl-net1.2-dev, bzip2, libxrandr-dev, libfontconfig1-dev, libxi-dev
 Standards-Version: 3.7.3
 Homepage: http://hedgewars.org
 


signature.asc
Description: Digital signature

Bug#476909: suggestions on reorganisation of the stardict package.

[Dmitry E. Oboukhov]

AL Well done! I'd like to do such thing for long. But it would probably
AL become contrib, isn't it?

AL I haven't check all dictionary on stardict's website for a long time. So
AL I am curious now, does any dictionary on stardict website are DFSG?

AL Maybe convert exist dictionary in debian main to stardict format is a
AL better option.

But I haven't understood from Your answer what we are working on? Is it
a new stardict-dicts package or shall we add the scripts into starditct?

As far as contrib repository is concerned it seems to me that there's no
point to move it there (if only stardict-dicts), because the script for
downloading the dictionaries is only an additional function (which is
partly included into stardict itself).


signature.asc
Description: Digital signature

Bug#475140: the patch for removing the terminal flicker

[Dmitry E. Oboukhov]

Package: mytop
Version: 1.6
Severity: normal
Tags: patch

see attache

Recently I've begun to use mytop. Everything is very comfortable except
the fact that the terminal flickers when repainting. I've written the
patch removing this effect.

Unfortunately I can't test it on many platforms so I've realised it as
an additional option --vt100.
--- mytop	2008-04-09 12:14:52.0 +0400
+++ mytop	2008-04-09 14:10:25.0 +0400
@@ -76,6 +76,7 @@
 ## Default Config Values
 
 my %config = (
+vt100 = 0,
 batchmode = 0,
 color = 1,
 db= 'test',
@@ -107,6 +108,13 @@
 
 my $CLEAR = $WIN ? '': `clear`;
 
+my %vt100_commands=
+(
+  CURSOR_TO_START = \x1b[0;0f,
+  CURSOR_SAVE = \x1b[s,
+  CURSOR_RESTORE  = \x1b[u,
+);
+
 ## Term::ReadKey values
 
 my $RM_RESET   = 0;
@@ -143,6 +151,7 @@
 Getopt::Long::Configure('no_ignore_case', 'bundling');
 
 GetOptions(
+vt100   = \$config{vt100},
 color!  = \$config{color},
 user|u=s= \$config{user},
 pass|password|p=s   = \$config{pass},
@@ -161,6 +170,8 @@
 sort=s  = \$config{sort},
 );
 
+-t STDOUT or $config{vt100}=undef;
+
 ## User may have put the port with the host.
 
 if ($config{host} =~ s/:(\d+)$//)
@@ -685,6 +696,13 @@
 }
 }
 
+sub CursorToStartNotClear()
+{
+  $config{vt100} or return Clear;
+  $WIN and return Clear;
+  print $vt100_commands{CURSOR_TO_START};
+}
+
 my $last_time;
 
 sub GetData()
@@ -813,7 +831,7 @@
 my $host_width = 52;
 my $up_width   = $width - $host_width;
 
-Clear() unless $config{batchmode};
+CursorToStartNotClear() unless $config{batchmode};
 print RESET();
 
 printf %-${host_width}s%${up_width}s\n,
@@ -899,7 +917,7 @@
 
 if (not $config{batchmode} and not $config{header})
 {
-Clear();
+CursorToStartNotClear();
 print RESET();
 }
 
@@ -1059,6 +1077,13 @@
 
 }
 
+
+if ($config{vt100} and not $config{batchmode})
+{
+  print $vt100_commands{CURSOR_SAVE};
+  print join \n, ( x$width)x($lines_left+2);
+  print $vt100_commands{CURSOR_RESTORE};
+}
 }
 
 ###
@@ -1706,6 +1731,11 @@
 Use if you'd like Bmytop to connect to a specific database by
 default. Default: ``Btest''.
 
+=item B--vt100
+
+For  screen re-drawing use esc-sequence vt100. It is remove terminal 
+twinkling.
+
 =item B-b or B--batch or B--batchmode
 
 In batch mode, mytop runs only once, does not clear the screen, and


signature.asc
Description: Digital signature

Bug#472309: debian/watch file for centerim

[Dmitry E. Oboukhov]

reopen 472309
tags 472309 patch
thanks

sorry, my mistake in prev version debian/watch

see attache :)


--- debian/watch	2008-03-30 14:12:36.0 +0400
+++ debian/watch.new	2008-03-30 14:12:52.0 +0400
@@ -1,3 +1,3 @@
 version=3
 http://www.centerim.org/download/releases/ \
-	centerim(?:-|_)(\d+(?:\.\d+){2,3})\.t(ar\.gz|ar\.bz2|gz)
+	centerim(?:-|_)(\d+(?:\.\d+){2,3})\.t(?:ar\.gz|ar\.bz2|gz)


signature.asc
Description: Digital signature

Bug#472308: new upstream version available

[Dmitry E. Oboukhov]

Package: centerim
Version: 4.22.2
Severity: normal

http://www.centerim.org/index.php/Main_Page

=cut

Important notice: New version (4.22.3) is out! This version fixes
various ICQ bugs and enables contact list synchronization. So feel to
download the new version from: centerim-4.22.3.tar.gz

=cut


signature.asc
Description: Digital signature

Bug#472309: debian/watch file for centerim

[Dmitry E. Oboukhov]

Package: centerim
Version: 4.22.2
Severity: wishlist
Tags: patch

see attache
version=3
http://www.centerim.org/download/releases/ \
centerim(?:-|_)(\d+(?:\.\d+){2,3})\.t(ar\.gz|ar\.bz2|gz)


signature.asc
Description: Digital signature

Bug#471880: ITP: mhddfs -- The file system combines a several mount points to the single mount point

[Dmitry E. Oboukhov]

Package: wnpp
Severity: wishlist

* Package name: mhddfs
  Version : 0.1
  Upstream Author : Dmitry E. Oboukhov [EMAIL PROTECTED]
* URL : http://mhddfs.uvw.ru/
* License : GPLv3
  Programming Lang: C
  Description : The file system combines a several mount points to the 
single mount point

  The file system allows to unite a several mount points (directories) to
  the single one. So a one big filesystem is simulated and this makes it
  possible to combine a several hard drives or network file systems. This
  system is like unionfs but it can choose a drive with the most of free
  space, and move the data between drives transparently for the applications.




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#465434: qa.debian.org: Uscan Errors processing Watch File

[Dmitry E. Oboukhov]

reopen 465434
thanks

Other packages are processed normally. Only 'iat' consistently shows
error. Perhaps the problem with the firewall (OUTPUT to https)?

log http://dehs.alioth.debian.org/maintainer.php?name=iat:

Uscan Errors processing Watch File:
uscan.pl warning: In watchfile /tmp/iat_watchiZ02dq, reading webpage
https://developer.berlios.de/project/showfiles.php?group_id=6784 failed:
500 Connect failed: connect: Connection timed out; Connection timed out





signature.asc
Description: Digital signature

Bug#175339: Configurable mouse buttons

[Dmitry E. Oboukhov]

tags 175339 + fixed-upstream
thanks

see changelog:
  98* Added conditional statements to key commands (Mark)
  99  - for example, this will search for an open xterm window, cycle 
through
 100them if there are any, or else open one:
 101Mod4 t :If {Some Matches (xterm)} {NextWindow (xterm)} {Exec xterm}
 102  - the syntax is :If {test} {command if true} {command if false}
 103  - `Matches pattern' is currently the only test you can make; when 
used
 104alone, it tests the focused window or the clicked window for 
OnWindow
 105mouse events
 106  - there are many ways to combine tests:
 107- `Some test' returns true if any open client matches test
 108- `Every test' returns true if every open client matches test
 109- `Not test' negates the value of test
 110- `Or {test} {test} ...' returns true if any of the tests is 
true
 111- `And {test} {test} ...' returns true if all of the tests are 
true
 112- `Xor {test} {test} ...' returns the boolean xor of the truth 
values
 113  FbCommandFactory.cc CurrentWindowCmd.cc/hh WorkspaceCmd.cc/hh 
 114  FbTk/Command.hh FbTk/SimpleCommand.hh, added files
FbTk/LogicCommands.cc/hh




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#222089: fluxbox: Jump to workspace where existing windows is when activating it

[Dmitry E. Oboukhov]

tags 222089 fixed-upstream
thanks

see changelog
http://git.fluxbox.org/?p=fluxbox.git;a=blob;f=ChangeLog;h=bdf4ff92ad52db9b82037f76fef62c3ba0d9550e;hb=HEAD

:)



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#462914: fixed in fluxbox 1.0.0+deb1-6

[Dmitry E. Oboukhov]

 Unfortunately there is no other variant. When removing the link on
 session manager in fluxbox, then it is impossible to choose it as a
 default window manager if there's at least one session manager
 installed.

 Then there appears a paradoxical situation: less functional systems like
 KDE/xfce will prevent from using the most comfortable window manager -
 fluxbox. ;)

JC No, that won't prevent you from doing that.  Any session manager should
JC allow you to choose which window manager you're running.  If it doesn't
JC then that's a bug in the session manager imo (and in any case, it's just
JC a matter of replacing the default window manager with fluxbox in your
JC session and saving it).  Or if you don't want to use any session
JC manager, then you're welcome to use ~/.xsession.  And in any case
JC working around that in fluxbox by pretending to be a session manager is
JC actively harmful.

Editting of users' init-scripts is not the way of choosing default
window manager. It is the way of choosing  window manager by one user.
In case of an absent link on  x-session-manager the access to installation
of fluxbox (and many other managers) as a  default window manager will
be disabled. Because alternatives x-session-manager have a priority.

So if on my computer 20 men use fluxbox and only one uses xfce (kde etc)
then all the 20 men must use personal settings instead of general-system
ones. It isn't correct. May be it will be fluxbox bug but I shall not 
remove this link so far.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]