Bug#496423: The possibility of attack with the help of symlinks in some Debian packages
Package: radiance Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Even if you create files or directories with help of function 'RANDOM' or pid(), then your system is not protected. Attacker can create many symlinks in order to destroy your data or create 'denial of service' for your package scripts. Even if you make rm(dir) for files/directories, then your system is not protected. Attacker can permanently create symlinks. This list is created with the help of script. This list is sorted by hand. Howewer in some cases mistake is possible. Please, Be understanding to possible mistakes. :) I set Severity into grave for this bug. The table of discovered problems is below. Discussion of this bug you can see in debian-devel@: http://lists.debian.org/debian-devel/2008/08/msg00271.html Binary-package: r-base-core-ra (1.1.1-1) file: /usr/lib/Ra/lib/R/bin/javareconf Binary-package: rccp (0.9-2) file: /usr/lib/rccp/delqueueask Binary-package: mafft (6.240-1) file: /usr/bin/mafft-homologs Binary-package: openoffice.org-common (1:2.4.1-6) file: /usr/lib/openoffice/program/senddoc Binary-package: crossfire-maps (1.11.0-1) file: /usr/share/games/crossfire/maps/Info/combine.pl Binary-package: sgml2x (1.0.0-11.1) file: /usr/bin/rlatex Binary-package: liguidsoap (0.3.6-4) file: /var/lib/liguidsoap/liguidsoap.py Binary-package: citadel-server (7.37-1) file: /usr/lib/citadel-server/migrate_aliases.sh Binary-package: ampache (3.4.1-1) file: /usr/share/ampache/www/locale/base/gather-messages.sh Binary-package: xen-utils-3.2-1 (3.2.1-2) file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug Binary-package: dtc-common (0.29.6-1) file: /usr/share/dtc/admin/accesslog.php file: /usr/share/dtc/admin/sa-wrapper Binary-package: honeyd-common (1.5c-3) file: /usr/share/honeyd/scripts/test.sh Binary-package: lustre-tests (1.6.5-1) file: /usr/lib/lustre/tests/runiozone Binary-package: linuxtrade (3.65-8+b4) file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol file: /usr/share/linuxtrade/bin/linuxtrade.wn file: /usr/share/linuxtrade/bin/moneyam.helper Binary-package: freevo (1.8.1-0) file: /usr/bin/freevo.real Binary-package: fml (4.0.3.dfsg-2) file: /usr/share/fml/libexec/mead.pl Binary-package: rkhunter (1.3.2-3) file: /usr/bin/rkhunter Binary-package: openswan (1:2.4.12+dfsg-1.1) file: /usr/lib/ipsec/livetest Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest Binary-package: aptoncd (0.1-1.1) file: /usr/share/aptoncd/xmlfile.py Binary-package: cdcontrol (1.90-1.1) file: /usr/lib/cdcontrol/writtercontrol Binary-package: newsgate (1.6-23) file: /usr/bin/mkmailpost Binary-package: gpsdrive-scripts (2.10~pre4-3) file: /usr/bin/geo-code Binary-package: impose+ (0.2-11) file: /usr/bin/impose Binary-package: mgt (2.31-5) file: /usr/games/mailgo Binary-package: audiolink (0.05-1) file: /usr/bin/audiolink Binary-package: ibackup (2.27-4.1) file: /usr/bin/ibackup Binary-package: emacspeak (26.0-3) file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl Binary-package: bk2site (1:1.1.9-3.1) file: /usr/lib/cgi-bin/bk2site/redirect.pl Binary-package: datafreedom-perl (0.1.7-1) file: /usr/bin/dfxml-invoice Binary-package: emacs-jabber (0.7.91-1) file: /usr/lib/emacsen-common/packages/install/emacs-jabber Binary-package: lmbench (3.0-a7-1) file: /usr/lib/lmbench/scripts/rccs file: /usr/lib/lmbench/scripts/STUFF Binary-package: rancid-util (2.3.2~a8-1) file: /var/lib/rancid/getipacctg Binary-package: ogle (0.9.2-5.2) file: /usr/lib/ogle/ogle_audio_debug file: /usr/lib/ogle/ogle_cli_debug file: /usr/lib/ogle/ogle_ctrl_debug file: /usr/lib/ogle/ogle_gui_debug file: /usr/lib/ogle/ogle_mpeg_ps_debug file: /usr/lib/ogle/ogle_mpeg_vs_debug file: /usr/lib/ogle/ogle_nav_debug file: /usr/lib/ogle/ogle_vout_debug Binary-package: firehol (1.256-4) file: /sbin/firehol Binary-package: aview (1.3.0rc1-8) file: /usr/bin/asciiview Binary-package: radiance (3R9+20080530-3) file: /usr/bin/optics2rad file: /usr/bin/pdelta file: /usr/bin/dayfact file: /usr/bin/raddepend Binary-package:
Bug#496400: The possibility of attack with the help of symlinks in some Debian packages
Package: aegis-web Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Even if you create files or directories with help of function 'RANDOM' or pid(), then your system is not protected. Attacker can create many symlinks in order to destroy your data or create 'denial of service' for your package scripts. Even if you make rm(dir) for files/directories, then your system is not protected. Attacker can permanently create symlinks. This list is created with the help of script. This list is sorted by hand. Howewer in some cases mistake is possible. Please, Be understanding to possible mistakes. :) I set Severity into grave for this bug. The table of discovered problems is below. Discussion of this bug you can see in debian-devel@: http://lists.debian.org/debian-devel/2008/08/msg00271.html Binary-package: r-base-core-ra (1.1.1-1) file: /usr/lib/Ra/lib/R/bin/javareconf Binary-package: rccp (0.9-2) file: /usr/lib/rccp/delqueueask Binary-package: mafft (6.240-1) file: /usr/bin/mafft-homologs Binary-package: openoffice.org-common (1:2.4.1-6) file: /usr/lib/openoffice/program/senddoc Binary-package: crossfire-maps (1.11.0-1) file: /usr/share/games/crossfire/maps/Info/combine.pl Binary-package: sgml2x (1.0.0-11.1) file: /usr/bin/rlatex Binary-package: liguidsoap (0.3.6-4) file: /var/lib/liguidsoap/liguidsoap.py Binary-package: citadel-server (7.37-1) file: /usr/lib/citadel-server/migrate_aliases.sh Binary-package: ampache (3.4.1-1) file: /usr/share/ampache/www/locale/base/gather-messages.sh Binary-package: xen-utils-3.2-1 (3.2.1-2) file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug Binary-package: dtc-common (0.29.6-1) file: /usr/share/dtc/admin/accesslog.php file: /usr/share/dtc/admin/sa-wrapper Binary-package: honeyd-common (1.5c-3) file: /usr/share/honeyd/scripts/test.sh Binary-package: lustre-tests (1.6.5-1) file: /usr/lib/lustre/tests/runiozone Binary-package: linuxtrade (3.65-8+b4) file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol file: /usr/share/linuxtrade/bin/linuxtrade.wn file: /usr/share/linuxtrade/bin/moneyam.helper Binary-package: freevo (1.8.1-0) file: /usr/bin/freevo.real Binary-package: fml (4.0.3.dfsg-2) file: /usr/share/fml/libexec/mead.pl Binary-package: rkhunter (1.3.2-3) file: /usr/bin/rkhunter Binary-package: openswan (1:2.4.12+dfsg-1.1) file: /usr/lib/ipsec/livetest Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest Binary-package: aptoncd (0.1-1.1) file: /usr/share/aptoncd/xmlfile.py Binary-package: cdcontrol (1.90-1.1) file: /usr/lib/cdcontrol/writtercontrol Binary-package: newsgate (1.6-23) file: /usr/bin/mkmailpost Binary-package: gpsdrive-scripts (2.10~pre4-3) file: /usr/bin/geo-code Binary-package: impose+ (0.2-11) file: /usr/bin/impose Binary-package: mgt (2.31-5) file: /usr/games/mailgo Binary-package: audiolink (0.05-1) file: /usr/bin/audiolink Binary-package: ibackup (2.27-4.1) file: /usr/bin/ibackup Binary-package: emacspeak (26.0-3) file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl Binary-package: bk2site (1:1.1.9-3.1) file: /usr/lib/cgi-bin/bk2site/redirect.pl Binary-package: datafreedom-perl (0.1.7-1) file: /usr/bin/dfxml-invoice Binary-package: emacs-jabber (0.7.91-1) file: /usr/lib/emacsen-common/packages/install/emacs-jabber Binary-package: lmbench (3.0-a7-1) file: /usr/lib/lmbench/scripts/rccs file: /usr/lib/lmbench/scripts/STUFF Binary-package: rancid-util (2.3.2~a8-1) file: /var/lib/rancid/getipacctg Binary-package: ogle (0.9.2-5.2) file: /usr/lib/ogle/ogle_audio_debug file: /usr/lib/ogle/ogle_cli_debug file: /usr/lib/ogle/ogle_ctrl_debug file: /usr/lib/ogle/ogle_gui_debug file: /usr/lib/ogle/ogle_mpeg_ps_debug file: /usr/lib/ogle/ogle_mpeg_vs_debug file: /usr/lib/ogle/ogle_nav_debug file: /usr/lib/ogle/ogle_vout_debug Binary-package: firehol (1.256-4) file: /sbin/firehol Binary-package: aview (1.3.0rc1-8) file: /usr/bin/asciiview Binary-package: radiance (3R9+20080530-3) file: /usr/bin/optics2rad file: /usr/bin/pdelta file: /usr/bin/dayfact file: /usr/bin/raddepend Binary-package:
Bug#496426: The possibility of attack with the help of symlinks in some Debian packages
Package: rancid-util Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Even if you create files or directories with help of function 'RANDOM' or pid(), then your system is not protected. Attacker can create many symlinks in order to destroy your data or create 'denial of service' for your package scripts. Even if you make rm(dir) for files/directories, then your system is not protected. Attacker can permanently create symlinks. This list is created with the help of script. This list is sorted by hand. Howewer in some cases mistake is possible. Please, Be understanding to possible mistakes. :) I set Severity into grave for this bug. The table of discovered problems is below. Discussion of this bug you can see in debian-devel@: http://lists.debian.org/debian-devel/2008/08/msg00271.html Binary-package: r-base-core-ra (1.1.1-1) file: /usr/lib/Ra/lib/R/bin/javareconf Binary-package: rccp (0.9-2) file: /usr/lib/rccp/delqueueask Binary-package: mafft (6.240-1) file: /usr/bin/mafft-homologs Binary-package: openoffice.org-common (1:2.4.1-6) file: /usr/lib/openoffice/program/senddoc Binary-package: crossfire-maps (1.11.0-1) file: /usr/share/games/crossfire/maps/Info/combine.pl Binary-package: sgml2x (1.0.0-11.1) file: /usr/bin/rlatex Binary-package: liguidsoap (0.3.6-4) file: /var/lib/liguidsoap/liguidsoap.py Binary-package: citadel-server (7.37-1) file: /usr/lib/citadel-server/migrate_aliases.sh Binary-package: ampache (3.4.1-1) file: /usr/share/ampache/www/locale/base/gather-messages.sh Binary-package: xen-utils-3.2-1 (3.2.1-2) file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug Binary-package: dtc-common (0.29.6-1) file: /usr/share/dtc/admin/accesslog.php file: /usr/share/dtc/admin/sa-wrapper Binary-package: honeyd-common (1.5c-3) file: /usr/share/honeyd/scripts/test.sh Binary-package: lustre-tests (1.6.5-1) file: /usr/lib/lustre/tests/runiozone Binary-package: linuxtrade (3.65-8+b4) file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol file: /usr/share/linuxtrade/bin/linuxtrade.wn file: /usr/share/linuxtrade/bin/moneyam.helper Binary-package: freevo (1.8.1-0) file: /usr/bin/freevo.real Binary-package: fml (4.0.3.dfsg-2) file: /usr/share/fml/libexec/mead.pl Binary-package: rkhunter (1.3.2-3) file: /usr/bin/rkhunter Binary-package: openswan (1:2.4.12+dfsg-1.1) file: /usr/lib/ipsec/livetest Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest Binary-package: aptoncd (0.1-1.1) file: /usr/share/aptoncd/xmlfile.py Binary-package: cdcontrol (1.90-1.1) file: /usr/lib/cdcontrol/writtercontrol Binary-package: newsgate (1.6-23) file: /usr/bin/mkmailpost Binary-package: gpsdrive-scripts (2.10~pre4-3) file: /usr/bin/geo-code Binary-package: impose+ (0.2-11) file: /usr/bin/impose Binary-package: mgt (2.31-5) file: /usr/games/mailgo Binary-package: audiolink (0.05-1) file: /usr/bin/audiolink Binary-package: ibackup (2.27-4.1) file: /usr/bin/ibackup Binary-package: emacspeak (26.0-3) file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl Binary-package: bk2site (1:1.1.9-3.1) file: /usr/lib/cgi-bin/bk2site/redirect.pl Binary-package: datafreedom-perl (0.1.7-1) file: /usr/bin/dfxml-invoice Binary-package: emacs-jabber (0.7.91-1) file: /usr/lib/emacsen-common/packages/install/emacs-jabber Binary-package: lmbench (3.0-a7-1) file: /usr/lib/lmbench/scripts/rccs file: /usr/lib/lmbench/scripts/STUFF Binary-package: rancid-util (2.3.2~a8-1) file: /var/lib/rancid/getipacctg Binary-package: ogle (0.9.2-5.2) file: /usr/lib/ogle/ogle_audio_debug file: /usr/lib/ogle/ogle_cli_debug file: /usr/lib/ogle/ogle_ctrl_debug file: /usr/lib/ogle/ogle_gui_debug file: /usr/lib/ogle/ogle_mpeg_ps_debug file: /usr/lib/ogle/ogle_mpeg_vs_debug file: /usr/lib/ogle/ogle_nav_debug file: /usr/lib/ogle/ogle_vout_debug Binary-package: firehol (1.256-4) file: /sbin/firehol Binary-package: aview (1.3.0rc1-8) file: /usr/bin/asciiview Binary-package: radiance (3R9+20080530-3) file: /usr/bin/optics2rad file: /usr/bin/pdelta file: /usr/bin/dayfact file: /usr/bin/raddepend Binary-package:
Bug#496403: The possibility of attack with the help of symlinks in some Debian packages
Package: mgetty-fax Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Even if you create files or directories with help of function 'RANDOM' or pid(), then your system is not protected. Attacker can create many symlinks in order to destroy your data or create 'denial of service' for your package scripts. Even if you make rm(dir) for files/directories, then your system is not protected. Attacker can permanently create symlinks. This list is created with the help of script. This list is sorted by hand. Howewer in some cases mistake is possible. Please, Be understanding to possible mistakes. :) I set Severity into grave for this bug. The table of discovered problems is below. Discussion of this bug you can see in debian-devel@: http://lists.debian.org/debian-devel/2008/08/msg00271.html Binary-package: r-base-core-ra (1.1.1-1) file: /usr/lib/Ra/lib/R/bin/javareconf Binary-package: rccp (0.9-2) file: /usr/lib/rccp/delqueueask Binary-package: mafft (6.240-1) file: /usr/bin/mafft-homologs Binary-package: openoffice.org-common (1:2.4.1-6) file: /usr/lib/openoffice/program/senddoc Binary-package: crossfire-maps (1.11.0-1) file: /usr/share/games/crossfire/maps/Info/combine.pl Binary-package: sgml2x (1.0.0-11.1) file: /usr/bin/rlatex Binary-package: liguidsoap (0.3.6-4) file: /var/lib/liguidsoap/liguidsoap.py Binary-package: citadel-server (7.37-1) file: /usr/lib/citadel-server/migrate_aliases.sh Binary-package: ampache (3.4.1-1) file: /usr/share/ampache/www/locale/base/gather-messages.sh Binary-package: xen-utils-3.2-1 (3.2.1-2) file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug Binary-package: dtc-common (0.29.6-1) file: /usr/share/dtc/admin/accesslog.php file: /usr/share/dtc/admin/sa-wrapper Binary-package: honeyd-common (1.5c-3) file: /usr/share/honeyd/scripts/test.sh Binary-package: lustre-tests (1.6.5-1) file: /usr/lib/lustre/tests/runiozone Binary-package: linuxtrade (3.65-8+b4) file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol file: /usr/share/linuxtrade/bin/linuxtrade.wn file: /usr/share/linuxtrade/bin/moneyam.helper Binary-package: freevo (1.8.1-0) file: /usr/bin/freevo.real Binary-package: fml (4.0.3.dfsg-2) file: /usr/share/fml/libexec/mead.pl Binary-package: rkhunter (1.3.2-3) file: /usr/bin/rkhunter Binary-package: openswan (1:2.4.12+dfsg-1.1) file: /usr/lib/ipsec/livetest Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest Binary-package: aptoncd (0.1-1.1) file: /usr/share/aptoncd/xmlfile.py Binary-package: cdcontrol (1.90-1.1) file: /usr/lib/cdcontrol/writtercontrol Binary-package: newsgate (1.6-23) file: /usr/bin/mkmailpost Binary-package: gpsdrive-scripts (2.10~pre4-3) file: /usr/bin/geo-code Binary-package: impose+ (0.2-11) file: /usr/bin/impose Binary-package: mgt (2.31-5) file: /usr/games/mailgo Binary-package: audiolink (0.05-1) file: /usr/bin/audiolink Binary-package: ibackup (2.27-4.1) file: /usr/bin/ibackup Binary-package: emacspeak (26.0-3) file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl Binary-package: bk2site (1:1.1.9-3.1) file: /usr/lib/cgi-bin/bk2site/redirect.pl Binary-package: datafreedom-perl (0.1.7-1) file: /usr/bin/dfxml-invoice Binary-package: emacs-jabber (0.7.91-1) file: /usr/lib/emacsen-common/packages/install/emacs-jabber Binary-package: lmbench (3.0-a7-1) file: /usr/lib/lmbench/scripts/rccs file: /usr/lib/lmbench/scripts/STUFF Binary-package: rancid-util (2.3.2~a8-1) file: /var/lib/rancid/getipacctg Binary-package: ogle (0.9.2-5.2) file: /usr/lib/ogle/ogle_audio_debug file: /usr/lib/ogle/ogle_cli_debug file: /usr/lib/ogle/ogle_ctrl_debug file: /usr/lib/ogle/ogle_gui_debug file: /usr/lib/ogle/ogle_mpeg_ps_debug file: /usr/lib/ogle/ogle_mpeg_vs_debug file: /usr/lib/ogle/ogle_nav_debug file: /usr/lib/ogle/ogle_vout_debug Binary-package: firehol (1.256-4) file: /sbin/firehol Binary-package: aview (1.3.0rc1-8) file: /usr/bin/asciiview Binary-package: radiance (3R9+20080530-3) file: /usr/bin/optics2rad file: /usr/bin/pdelta file: /usr/bin/dayfact file: /usr/bin/raddepend Binary-package:
Bug#496395: The possibility of attack with the help of symlinks in some Debian packages
Package: apertium Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Even if you create files or directories with help of function 'RANDOM' or pid(), then your system is not protected. Attacker can create many symlinks in order to destroy your data or create 'denial of service' for your package scripts. Even if you make rm(dir) for files/directories, then your system is not protected. Attacker can permanently create symlinks. This list is created with the help of script. This list is sorted by hand. Howewer in some cases mistake is possible. Please, Be understanding to possible mistakes. :) I set Severity into grave for this bug. The table of discovered problems is below. Discussion of this bug you can see in debian-devel@: http://lists.debian.org/debian-devel/2008/08/msg00271.html Binary-package: r-base-core-ra (1.1.1-1) file: /usr/lib/Ra/lib/R/bin/javareconf Binary-package: rccp (0.9-2) file: /usr/lib/rccp/delqueueask Binary-package: mafft (6.240-1) file: /usr/bin/mafft-homologs Binary-package: openoffice.org-common (1:2.4.1-6) file: /usr/lib/openoffice/program/senddoc Binary-package: crossfire-maps (1.11.0-1) file: /usr/share/games/crossfire/maps/Info/combine.pl Binary-package: sgml2x (1.0.0-11.1) file: /usr/bin/rlatex Binary-package: liguidsoap (0.3.6-4) file: /var/lib/liguidsoap/liguidsoap.py Binary-package: citadel-server (7.37-1) file: /usr/lib/citadel-server/migrate_aliases.sh Binary-package: ampache (3.4.1-1) file: /usr/share/ampache/www/locale/base/gather-messages.sh Binary-package: xen-utils-3.2-1 (3.2.1-2) file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug Binary-package: dtc-common (0.29.6-1) file: /usr/share/dtc/admin/accesslog.php file: /usr/share/dtc/admin/sa-wrapper Binary-package: honeyd-common (1.5c-3) file: /usr/share/honeyd/scripts/test.sh Binary-package: lustre-tests (1.6.5-1) file: /usr/lib/lustre/tests/runiozone Binary-package: linuxtrade (3.65-8+b4) file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol file: /usr/share/linuxtrade/bin/linuxtrade.wn file: /usr/share/linuxtrade/bin/moneyam.helper Binary-package: freevo (1.8.1-0) file: /usr/bin/freevo.real Binary-package: fml (4.0.3.dfsg-2) file: /usr/share/fml/libexec/mead.pl Binary-package: rkhunter (1.3.2-3) file: /usr/bin/rkhunter Binary-package: openswan (1:2.4.12+dfsg-1.1) file: /usr/lib/ipsec/livetest Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest Binary-package: aptoncd (0.1-1.1) file: /usr/share/aptoncd/xmlfile.py Binary-package: cdcontrol (1.90-1.1) file: /usr/lib/cdcontrol/writtercontrol Binary-package: newsgate (1.6-23) file: /usr/bin/mkmailpost Binary-package: gpsdrive-scripts (2.10~pre4-3) file: /usr/bin/geo-code Binary-package: impose+ (0.2-11) file: /usr/bin/impose Binary-package: mgt (2.31-5) file: /usr/games/mailgo Binary-package: audiolink (0.05-1) file: /usr/bin/audiolink Binary-package: ibackup (2.27-4.1) file: /usr/bin/ibackup Binary-package: emacspeak (26.0-3) file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl Binary-package: bk2site (1:1.1.9-3.1) file: /usr/lib/cgi-bin/bk2site/redirect.pl Binary-package: datafreedom-perl (0.1.7-1) file: /usr/bin/dfxml-invoice Binary-package: emacs-jabber (0.7.91-1) file: /usr/lib/emacsen-common/packages/install/emacs-jabber Binary-package: lmbench (3.0-a7-1) file: /usr/lib/lmbench/scripts/rccs file: /usr/lib/lmbench/scripts/STUFF Binary-package: rancid-util (2.3.2~a8-1) file: /var/lib/rancid/getipacctg Binary-package: ogle (0.9.2-5.2) file: /usr/lib/ogle/ogle_audio_debug file: /usr/lib/ogle/ogle_cli_debug file: /usr/lib/ogle/ogle_ctrl_debug file: /usr/lib/ogle/ogle_gui_debug file: /usr/lib/ogle/ogle_mpeg_ps_debug file: /usr/lib/ogle/ogle_mpeg_vs_debug file: /usr/lib/ogle/ogle_nav_debug file: /usr/lib/ogle/ogle_vout_debug Binary-package: firehol (1.256-4) file: /sbin/firehol Binary-package: aview (1.3.0rc1-8) file: /usr/bin/asciiview Binary-package: radiance (3R9+20080530-3) file: /usr/bin/optics2rad file: /usr/bin/pdelta file: /usr/bin/dayfact file: /usr/bin/raddepend Binary-package:
Bug#496434: The possibility of attack with the help of symlinks in some Debian packages
Package: mgt Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Even if you create files or directories with help of function 'RANDOM' or pid(), then your system is not protected. Attacker can create many symlinks in order to destroy your data or create 'denial of service' for your package scripts. Even if you make rm(dir) for files/directories, then your system is not protected. Attacker can permanently create symlinks. This list is created with the help of script. This list is sorted by hand. Howewer in some cases mistake is possible. Please, Be understanding to possible mistakes. :) I set Severity into grave for this bug. The table of discovered problems is below. Discussion of this bug you can see in debian-devel@: http://lists.debian.org/debian-devel/2008/08/msg00271.html Binary-package: r-base-core-ra (1.1.1-1) file: /usr/lib/Ra/lib/R/bin/javareconf Binary-package: rccp (0.9-2) file: /usr/lib/rccp/delqueueask Binary-package: mafft (6.240-1) file: /usr/bin/mafft-homologs Binary-package: openoffice.org-common (1:2.4.1-6) file: /usr/lib/openoffice/program/senddoc Binary-package: crossfire-maps (1.11.0-1) file: /usr/share/games/crossfire/maps/Info/combine.pl Binary-package: sgml2x (1.0.0-11.1) file: /usr/bin/rlatex Binary-package: liguidsoap (0.3.6-4) file: /var/lib/liguidsoap/liguidsoap.py Binary-package: citadel-server (7.37-1) file: /usr/lib/citadel-server/migrate_aliases.sh Binary-package: ampache (3.4.1-1) file: /usr/share/ampache/www/locale/base/gather-messages.sh Binary-package: xen-utils-3.2-1 (3.2.1-2) file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug Binary-package: dtc-common (0.29.6-1) file: /usr/share/dtc/admin/accesslog.php file: /usr/share/dtc/admin/sa-wrapper Binary-package: honeyd-common (1.5c-3) file: /usr/share/honeyd/scripts/test.sh Binary-package: lustre-tests (1.6.5-1) file: /usr/lib/lustre/tests/runiozone Binary-package: linuxtrade (3.65-8+b4) file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol file: /usr/share/linuxtrade/bin/linuxtrade.wn file: /usr/share/linuxtrade/bin/moneyam.helper Binary-package: freevo (1.8.1-0) file: /usr/bin/freevo.real Binary-package: fml (4.0.3.dfsg-2) file: /usr/share/fml/libexec/mead.pl Binary-package: rkhunter (1.3.2-3) file: /usr/bin/rkhunter Binary-package: openswan (1:2.4.12+dfsg-1.1) file: /usr/lib/ipsec/livetest Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest Binary-package: aptoncd (0.1-1.1) file: /usr/share/aptoncd/xmlfile.py Binary-package: cdcontrol (1.90-1.1) file: /usr/lib/cdcontrol/writtercontrol Binary-package: newsgate (1.6-23) file: /usr/bin/mkmailpost Binary-package: gpsdrive-scripts (2.10~pre4-3) file: /usr/bin/geo-code Binary-package: impose+ (0.2-11) file: /usr/bin/impose Binary-package: mgt (2.31-5) file: /usr/games/mailgo Binary-package: audiolink (0.05-1) file: /usr/bin/audiolink Binary-package: ibackup (2.27-4.1) file: /usr/bin/ibackup Binary-package: emacspeak (26.0-3) file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl Binary-package: bk2site (1:1.1.9-3.1) file: /usr/lib/cgi-bin/bk2site/redirect.pl Binary-package: datafreedom-perl (0.1.7-1) file: /usr/bin/dfxml-invoice Binary-package: emacs-jabber (0.7.91-1) file: /usr/lib/emacsen-common/packages/install/emacs-jabber Binary-package: lmbench (3.0-a7-1) file: /usr/lib/lmbench/scripts/rccs file: /usr/lib/lmbench/scripts/STUFF Binary-package: rancid-util (2.3.2~a8-1) file: /var/lib/rancid/getipacctg Binary-package: ogle (0.9.2-5.2) file: /usr/lib/ogle/ogle_audio_debug file: /usr/lib/ogle/ogle_cli_debug file: /usr/lib/ogle/ogle_ctrl_debug file: /usr/lib/ogle/ogle_gui_debug file: /usr/lib/ogle/ogle_mpeg_ps_debug file: /usr/lib/ogle/ogle_mpeg_vs_debug file: /usr/lib/ogle/ogle_nav_debug file: /usr/lib/ogle/ogle_vout_debug Binary-package: firehol (1.256-4) file: /sbin/firehol Binary-package: aview (1.3.0rc1-8) file: /usr/bin/asciiview Binary-package: radiance (3R9+20080530-3) file: /usr/bin/optics2rad file: /usr/bin/pdelta file: /usr/bin/dayfact file: /usr/bin/raddepend Binary-package: vdr-dbg
Bug#496425: The possibility of attack with the help of symlinks in some Debian packages
Package: ogle Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Even if you create files or directories with help of function 'RANDOM' or pid(), then your system is not protected. Attacker can create many symlinks in order to destroy your data or create 'denial of service' for your package scripts. Even if you make rm(dir) for files/directories, then your system is not protected. Attacker can permanently create symlinks. This list is created with the help of script. This list is sorted by hand. Howewer in some cases mistake is possible. Please, Be understanding to possible mistakes. :) I set Severity into grave for this bug. The table of discovered problems is below. Discussion of this bug you can see in debian-devel@: http://lists.debian.org/debian-devel/2008/08/msg00271.html Binary-package: r-base-core-ra (1.1.1-1) file: /usr/lib/Ra/lib/R/bin/javareconf Binary-package: rccp (0.9-2) file: /usr/lib/rccp/delqueueask Binary-package: mafft (6.240-1) file: /usr/bin/mafft-homologs Binary-package: openoffice.org-common (1:2.4.1-6) file: /usr/lib/openoffice/program/senddoc Binary-package: crossfire-maps (1.11.0-1) file: /usr/share/games/crossfire/maps/Info/combine.pl Binary-package: sgml2x (1.0.0-11.1) file: /usr/bin/rlatex Binary-package: liguidsoap (0.3.6-4) file: /var/lib/liguidsoap/liguidsoap.py Binary-package: citadel-server (7.37-1) file: /usr/lib/citadel-server/migrate_aliases.sh Binary-package: ampache (3.4.1-1) file: /usr/share/ampache/www/locale/base/gather-messages.sh Binary-package: xen-utils-3.2-1 (3.2.1-2) file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug Binary-package: dtc-common (0.29.6-1) file: /usr/share/dtc/admin/accesslog.php file: /usr/share/dtc/admin/sa-wrapper Binary-package: honeyd-common (1.5c-3) file: /usr/share/honeyd/scripts/test.sh Binary-package: lustre-tests (1.6.5-1) file: /usr/lib/lustre/tests/runiozone Binary-package: linuxtrade (3.65-8+b4) file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol file: /usr/share/linuxtrade/bin/linuxtrade.wn file: /usr/share/linuxtrade/bin/moneyam.helper Binary-package: freevo (1.8.1-0) file: /usr/bin/freevo.real Binary-package: fml (4.0.3.dfsg-2) file: /usr/share/fml/libexec/mead.pl Binary-package: rkhunter (1.3.2-3) file: /usr/bin/rkhunter Binary-package: openswan (1:2.4.12+dfsg-1.1) file: /usr/lib/ipsec/livetest Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest Binary-package: aptoncd (0.1-1.1) file: /usr/share/aptoncd/xmlfile.py Binary-package: cdcontrol (1.90-1.1) file: /usr/lib/cdcontrol/writtercontrol Binary-package: newsgate (1.6-23) file: /usr/bin/mkmailpost Binary-package: gpsdrive-scripts (2.10~pre4-3) file: /usr/bin/geo-code Binary-package: impose+ (0.2-11) file: /usr/bin/impose Binary-package: mgt (2.31-5) file: /usr/games/mailgo Binary-package: audiolink (0.05-1) file: /usr/bin/audiolink Binary-package: ibackup (2.27-4.1) file: /usr/bin/ibackup Binary-package: emacspeak (26.0-3) file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl Binary-package: bk2site (1:1.1.9-3.1) file: /usr/lib/cgi-bin/bk2site/redirect.pl Binary-package: datafreedom-perl (0.1.7-1) file: /usr/bin/dfxml-invoice Binary-package: emacs-jabber (0.7.91-1) file: /usr/lib/emacsen-common/packages/install/emacs-jabber Binary-package: lmbench (3.0-a7-1) file: /usr/lib/lmbench/scripts/rccs file: /usr/lib/lmbench/scripts/STUFF Binary-package: rancid-util (2.3.2~a8-1) file: /var/lib/rancid/getipacctg Binary-package: ogle (0.9.2-5.2) file: /usr/lib/ogle/ogle_audio_debug file: /usr/lib/ogle/ogle_cli_debug file: /usr/lib/ogle/ogle_ctrl_debug file: /usr/lib/ogle/ogle_gui_debug file: /usr/lib/ogle/ogle_mpeg_ps_debug file: /usr/lib/ogle/ogle_mpeg_vs_debug file: /usr/lib/ogle/ogle_nav_debug file: /usr/lib/ogle/ogle_vout_debug Binary-package: firehol (1.256-4) file: /sbin/firehol Binary-package: aview (1.3.0rc1-8) file: /usr/bin/asciiview Binary-package: radiance (3R9+20080530-3) file: /usr/bin/optics2rad file: /usr/bin/pdelta file: /usr/bin/dayfact file: /usr/bin/raddepend Binary-package:
Bug#496433: The possibility of attack with the help of symlinks in some Debian packages
Package: audiolink Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Even if you create files or directories with help of function 'RANDOM' or pid(), then your system is not protected. Attacker can create many symlinks in order to destroy your data or create 'denial of service' for your package scripts. Even if you make rm(dir) for files/directories, then your system is not protected. Attacker can permanently create symlinks. This list is created with the help of script. This list is sorted by hand. Howewer in some cases mistake is possible. Please, Be understanding to possible mistakes. :) I set Severity into grave for this bug. The table of discovered problems is below. Discussion of this bug you can see in debian-devel@: http://lists.debian.org/debian-devel/2008/08/msg00271.html Binary-package: r-base-core-ra (1.1.1-1) file: /usr/lib/Ra/lib/R/bin/javareconf Binary-package: rccp (0.9-2) file: /usr/lib/rccp/delqueueask Binary-package: mafft (6.240-1) file: /usr/bin/mafft-homologs Binary-package: openoffice.org-common (1:2.4.1-6) file: /usr/lib/openoffice/program/senddoc Binary-package: crossfire-maps (1.11.0-1) file: /usr/share/games/crossfire/maps/Info/combine.pl Binary-package: sgml2x (1.0.0-11.1) file: /usr/bin/rlatex Binary-package: liguidsoap (0.3.6-4) file: /var/lib/liguidsoap/liguidsoap.py Binary-package: citadel-server (7.37-1) file: /usr/lib/citadel-server/migrate_aliases.sh Binary-package: ampache (3.4.1-1) file: /usr/share/ampache/www/locale/base/gather-messages.sh Binary-package: xen-utils-3.2-1 (3.2.1-2) file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug Binary-package: dtc-common (0.29.6-1) file: /usr/share/dtc/admin/accesslog.php file: /usr/share/dtc/admin/sa-wrapper Binary-package: honeyd-common (1.5c-3) file: /usr/share/honeyd/scripts/test.sh Binary-package: lustre-tests (1.6.5-1) file: /usr/lib/lustre/tests/runiozone Binary-package: linuxtrade (3.65-8+b4) file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol file: /usr/share/linuxtrade/bin/linuxtrade.wn file: /usr/share/linuxtrade/bin/moneyam.helper Binary-package: freevo (1.8.1-0) file: /usr/bin/freevo.real Binary-package: fml (4.0.3.dfsg-2) file: /usr/share/fml/libexec/mead.pl Binary-package: rkhunter (1.3.2-3) file: /usr/bin/rkhunter Binary-package: openswan (1:2.4.12+dfsg-1.1) file: /usr/lib/ipsec/livetest Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest Binary-package: aptoncd (0.1-1.1) file: /usr/share/aptoncd/xmlfile.py Binary-package: cdcontrol (1.90-1.1) file: /usr/lib/cdcontrol/writtercontrol Binary-package: newsgate (1.6-23) file: /usr/bin/mkmailpost Binary-package: gpsdrive-scripts (2.10~pre4-3) file: /usr/bin/geo-code Binary-package: impose+ (0.2-11) file: /usr/bin/impose Binary-package: mgt (2.31-5) file: /usr/games/mailgo Binary-package: audiolink (0.05-1) file: /usr/bin/audiolink Binary-package: ibackup (2.27-4.1) file: /usr/bin/ibackup Binary-package: emacspeak (26.0-3) file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl Binary-package: bk2site (1:1.1.9-3.1) file: /usr/lib/cgi-bin/bk2site/redirect.pl Binary-package: datafreedom-perl (0.1.7-1) file: /usr/bin/dfxml-invoice Binary-package: emacs-jabber (0.7.91-1) file: /usr/lib/emacsen-common/packages/install/emacs-jabber Binary-package: lmbench (3.0-a7-1) file: /usr/lib/lmbench/scripts/rccs file: /usr/lib/lmbench/scripts/STUFF Binary-package: rancid-util (2.3.2~a8-1) file: /var/lib/rancid/getipacctg Binary-package: ogle (0.9.2-5.2) file: /usr/lib/ogle/ogle_audio_debug file: /usr/lib/ogle/ogle_cli_debug file: /usr/lib/ogle/ogle_ctrl_debug file: /usr/lib/ogle/ogle_gui_debug file: /usr/lib/ogle/ogle_mpeg_ps_debug file: /usr/lib/ogle/ogle_mpeg_vs_debug file: /usr/lib/ogle/ogle_nav_debug file: /usr/lib/ogle/ogle_vout_debug Binary-package: firehol (1.256-4) file: /sbin/firehol Binary-package: aview (1.3.0rc1-8) file: /usr/bin/asciiview Binary-package: radiance (3R9+20080530-3) file: /usr/bin/optics2rad file: /usr/bin/pdelta file: /usr/bin/dayfact file: /usr/bin/raddepend Binary-package:
Bug#496429: The possibility of attack with the help of symlinks in some Debian packages
Package: datafreedom-perl Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Even if you create files or directories with help of function 'RANDOM' or pid(), then your system is not protected. Attacker can create many symlinks in order to destroy your data or create 'denial of service' for your package scripts. Even if you make rm(dir) for files/directories, then your system is not protected. Attacker can permanently create symlinks. This list is created with the help of script. This list is sorted by hand. Howewer in some cases mistake is possible. Please, Be understanding to possible mistakes. :) I set Severity into grave for this bug. The table of discovered problems is below. Discussion of this bug you can see in debian-devel@: http://lists.debian.org/debian-devel/2008/08/msg00271.html Binary-package: r-base-core-ra (1.1.1-1) file: /usr/lib/Ra/lib/R/bin/javareconf Binary-package: rccp (0.9-2) file: /usr/lib/rccp/delqueueask Binary-package: mafft (6.240-1) file: /usr/bin/mafft-homologs Binary-package: openoffice.org-common (1:2.4.1-6) file: /usr/lib/openoffice/program/senddoc Binary-package: crossfire-maps (1.11.0-1) file: /usr/share/games/crossfire/maps/Info/combine.pl Binary-package: sgml2x (1.0.0-11.1) file: /usr/bin/rlatex Binary-package: liguidsoap (0.3.6-4) file: /var/lib/liguidsoap/liguidsoap.py Binary-package: citadel-server (7.37-1) file: /usr/lib/citadel-server/migrate_aliases.sh Binary-package: ampache (3.4.1-1) file: /usr/share/ampache/www/locale/base/gather-messages.sh Binary-package: xen-utils-3.2-1 (3.2.1-2) file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug Binary-package: dtc-common (0.29.6-1) file: /usr/share/dtc/admin/accesslog.php file: /usr/share/dtc/admin/sa-wrapper Binary-package: honeyd-common (1.5c-3) file: /usr/share/honeyd/scripts/test.sh Binary-package: lustre-tests (1.6.5-1) file: /usr/lib/lustre/tests/runiozone Binary-package: linuxtrade (3.65-8+b4) file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol file: /usr/share/linuxtrade/bin/linuxtrade.wn file: /usr/share/linuxtrade/bin/moneyam.helper Binary-package: freevo (1.8.1-0) file: /usr/bin/freevo.real Binary-package: fml (4.0.3.dfsg-2) file: /usr/share/fml/libexec/mead.pl Binary-package: rkhunter (1.3.2-3) file: /usr/bin/rkhunter Binary-package: openswan (1:2.4.12+dfsg-1.1) file: /usr/lib/ipsec/livetest Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest Binary-package: aptoncd (0.1-1.1) file: /usr/share/aptoncd/xmlfile.py Binary-package: cdcontrol (1.90-1.1) file: /usr/lib/cdcontrol/writtercontrol Binary-package: newsgate (1.6-23) file: /usr/bin/mkmailpost Binary-package: gpsdrive-scripts (2.10~pre4-3) file: /usr/bin/geo-code Binary-package: impose+ (0.2-11) file: /usr/bin/impose Binary-package: mgt (2.31-5) file: /usr/games/mailgo Binary-package: audiolink (0.05-1) file: /usr/bin/audiolink Binary-package: ibackup (2.27-4.1) file: /usr/bin/ibackup Binary-package: emacspeak (26.0-3) file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl Binary-package: bk2site (1:1.1.9-3.1) file: /usr/lib/cgi-bin/bk2site/redirect.pl Binary-package: datafreedom-perl (0.1.7-1) file: /usr/bin/dfxml-invoice Binary-package: emacs-jabber (0.7.91-1) file: /usr/lib/emacsen-common/packages/install/emacs-jabber Binary-package: lmbench (3.0-a7-1) file: /usr/lib/lmbench/scripts/rccs file: /usr/lib/lmbench/scripts/STUFF Binary-package: rancid-util (2.3.2~a8-1) file: /var/lib/rancid/getipacctg Binary-package: ogle (0.9.2-5.2) file: /usr/lib/ogle/ogle_audio_debug file: /usr/lib/ogle/ogle_cli_debug file: /usr/lib/ogle/ogle_ctrl_debug file: /usr/lib/ogle/ogle_gui_debug file: /usr/lib/ogle/ogle_mpeg_ps_debug file: /usr/lib/ogle/ogle_mpeg_vs_debug file: /usr/lib/ogle/ogle_nav_debug file: /usr/lib/ogle/ogle_vout_debug Binary-package: firehol (1.256-4) file: /sbin/firehol Binary-package: aview (1.3.0rc1-8) file: /usr/bin/asciiview Binary-package: radiance (3R9+20080530-3) file: /usr/bin/optics2rad file: /usr/bin/pdelta file: /usr/bin/dayfact file: /usr/bin/raddepend
Bug#496406: The possibility of attack with the help of symlinks in some Debian packages
Package: fwbuilder Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Even if you create files or directories with help of function 'RANDOM' or pid(), then your system is not protected. Attacker can create many symlinks in order to destroy your data or create 'denial of service' for your package scripts. Even if you make rm(dir) for files/directories, then your system is not protected. Attacker can permanently create symlinks. This list is created with the help of script. This list is sorted by hand. Howewer in some cases mistake is possible. Please, Be understanding to possible mistakes. :) I set Severity into grave for this bug. The table of discovered problems is below. Discussion of this bug you can see in debian-devel@: http://lists.debian.org/debian-devel/2008/08/msg00271.html Binary-package: r-base-core-ra (1.1.1-1) file: /usr/lib/Ra/lib/R/bin/javareconf Binary-package: rccp (0.9-2) file: /usr/lib/rccp/delqueueask Binary-package: mafft (6.240-1) file: /usr/bin/mafft-homologs Binary-package: openoffice.org-common (1:2.4.1-6) file: /usr/lib/openoffice/program/senddoc Binary-package: crossfire-maps (1.11.0-1) file: /usr/share/games/crossfire/maps/Info/combine.pl Binary-package: sgml2x (1.0.0-11.1) file: /usr/bin/rlatex Binary-package: liguidsoap (0.3.6-4) file: /var/lib/liguidsoap/liguidsoap.py Binary-package: citadel-server (7.37-1) file: /usr/lib/citadel-server/migrate_aliases.sh Binary-package: ampache (3.4.1-1) file: /usr/share/ampache/www/locale/base/gather-messages.sh Binary-package: xen-utils-3.2-1 (3.2.1-2) file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug Binary-package: dtc-common (0.29.6-1) file: /usr/share/dtc/admin/accesslog.php file: /usr/share/dtc/admin/sa-wrapper Binary-package: honeyd-common (1.5c-3) file: /usr/share/honeyd/scripts/test.sh Binary-package: lustre-tests (1.6.5-1) file: /usr/lib/lustre/tests/runiozone Binary-package: linuxtrade (3.65-8+b4) file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol file: /usr/share/linuxtrade/bin/linuxtrade.wn file: /usr/share/linuxtrade/bin/moneyam.helper Binary-package: freevo (1.8.1-0) file: /usr/bin/freevo.real Binary-package: fml (4.0.3.dfsg-2) file: /usr/share/fml/libexec/mead.pl Binary-package: rkhunter (1.3.2-3) file: /usr/bin/rkhunter Binary-package: openswan (1:2.4.12+dfsg-1.1) file: /usr/lib/ipsec/livetest Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest Binary-package: aptoncd (0.1-1.1) file: /usr/share/aptoncd/xmlfile.py Binary-package: cdcontrol (1.90-1.1) file: /usr/lib/cdcontrol/writtercontrol Binary-package: newsgate (1.6-23) file: /usr/bin/mkmailpost Binary-package: gpsdrive-scripts (2.10~pre4-3) file: /usr/bin/geo-code Binary-package: impose+ (0.2-11) file: /usr/bin/impose Binary-package: mgt (2.31-5) file: /usr/games/mailgo Binary-package: audiolink (0.05-1) file: /usr/bin/audiolink Binary-package: ibackup (2.27-4.1) file: /usr/bin/ibackup Binary-package: emacspeak (26.0-3) file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl Binary-package: bk2site (1:1.1.9-3.1) file: /usr/lib/cgi-bin/bk2site/redirect.pl Binary-package: datafreedom-perl (0.1.7-1) file: /usr/bin/dfxml-invoice Binary-package: emacs-jabber (0.7.91-1) file: /usr/lib/emacsen-common/packages/install/emacs-jabber Binary-package: lmbench (3.0-a7-1) file: /usr/lib/lmbench/scripts/rccs file: /usr/lib/lmbench/scripts/STUFF Binary-package: rancid-util (2.3.2~a8-1) file: /var/lib/rancid/getipacctg Binary-package: ogle (0.9.2-5.2) file: /usr/lib/ogle/ogle_audio_debug file: /usr/lib/ogle/ogle_cli_debug file: /usr/lib/ogle/ogle_ctrl_debug file: /usr/lib/ogle/ogle_gui_debug file: /usr/lib/ogle/ogle_mpeg_ps_debug file: /usr/lib/ogle/ogle_mpeg_vs_debug file: /usr/lib/ogle/ogle_nav_debug file: /usr/lib/ogle/ogle_vout_debug Binary-package: firehol (1.256-4) file: /sbin/firehol Binary-package: aview (1.3.0rc1-8) file: /usr/bin/asciiview Binary-package: radiance (3R9+20080530-3) file: /usr/bin/optics2rad file: /usr/bin/pdelta file: /usr/bin/dayfact file: /usr/bin/raddepend Binary-package:
Bug#496392: The possibility of attack with the help of symlinks in some Debian packages
Package: myspell-tools Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Even if you create files or directories with help of function 'RANDOM' or pid(), then your system is not protected. Attacker can create many symlinks in order to destroy your data or create 'denial of service' for your package scripts. Even if you make rm(dir) for files/directories, then your system is not protected. Attacker can permanently create symlinks. This list is created with the help of script. This list is sorted by hand. Howewer in some cases mistake is possible. Please, Be understanding to possible mistakes. :) I set Severity into grave for this bug. The table of discovered problems is below. Discussion of this bug you can see in debian-devel@: http://lists.debian.org/debian-devel/2008/08/msg00271.html Binary-package: r-base-core-ra (1.1.1-1) file: /usr/lib/Ra/lib/R/bin/javareconf Binary-package: rccp (0.9-2) file: /usr/lib/rccp/delqueueask Binary-package: mafft (6.240-1) file: /usr/bin/mafft-homologs Binary-package: openoffice.org-common (1:2.4.1-6) file: /usr/lib/openoffice/program/senddoc Binary-package: crossfire-maps (1.11.0-1) file: /usr/share/games/crossfire/maps/Info/combine.pl Binary-package: sgml2x (1.0.0-11.1) file: /usr/bin/rlatex Binary-package: liguidsoap (0.3.6-4) file: /var/lib/liguidsoap/liguidsoap.py Binary-package: citadel-server (7.37-1) file: /usr/lib/citadel-server/migrate_aliases.sh Binary-package: ampache (3.4.1-1) file: /usr/share/ampache/www/locale/base/gather-messages.sh Binary-package: xen-utils-3.2-1 (3.2.1-2) file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug Binary-package: dtc-common (0.29.6-1) file: /usr/share/dtc/admin/accesslog.php file: /usr/share/dtc/admin/sa-wrapper Binary-package: honeyd-common (1.5c-3) file: /usr/share/honeyd/scripts/test.sh Binary-package: lustre-tests (1.6.5-1) file: /usr/lib/lustre/tests/runiozone Binary-package: linuxtrade (3.65-8+b4) file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol file: /usr/share/linuxtrade/bin/linuxtrade.wn file: /usr/share/linuxtrade/bin/moneyam.helper Binary-package: freevo (1.8.1-0) file: /usr/bin/freevo.real Binary-package: fml (4.0.3.dfsg-2) file: /usr/share/fml/libexec/mead.pl Binary-package: rkhunter (1.3.2-3) file: /usr/bin/rkhunter Binary-package: openswan (1:2.4.12+dfsg-1.1) file: /usr/lib/ipsec/livetest Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest Binary-package: aptoncd (0.1-1.1) file: /usr/share/aptoncd/xmlfile.py Binary-package: cdcontrol (1.90-1.1) file: /usr/lib/cdcontrol/writtercontrol Binary-package: newsgate (1.6-23) file: /usr/bin/mkmailpost Binary-package: gpsdrive-scripts (2.10~pre4-3) file: /usr/bin/geo-code Binary-package: impose+ (0.2-11) file: /usr/bin/impose Binary-package: mgt (2.31-5) file: /usr/games/mailgo Binary-package: audiolink (0.05-1) file: /usr/bin/audiolink Binary-package: ibackup (2.27-4.1) file: /usr/bin/ibackup Binary-package: emacspeak (26.0-3) file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl Binary-package: bk2site (1:1.1.9-3.1) file: /usr/lib/cgi-bin/bk2site/redirect.pl Binary-package: datafreedom-perl (0.1.7-1) file: /usr/bin/dfxml-invoice Binary-package: emacs-jabber (0.7.91-1) file: /usr/lib/emacsen-common/packages/install/emacs-jabber Binary-package: lmbench (3.0-a7-1) file: /usr/lib/lmbench/scripts/rccs file: /usr/lib/lmbench/scripts/STUFF Binary-package: rancid-util (2.3.2~a8-1) file: /var/lib/rancid/getipacctg Binary-package: ogle (0.9.2-5.2) file: /usr/lib/ogle/ogle_audio_debug file: /usr/lib/ogle/ogle_cli_debug file: /usr/lib/ogle/ogle_ctrl_debug file: /usr/lib/ogle/ogle_gui_debug file: /usr/lib/ogle/ogle_mpeg_ps_debug file: /usr/lib/ogle/ogle_mpeg_vs_debug file: /usr/lib/ogle/ogle_nav_debug file: /usr/lib/ogle/ogle_vout_debug Binary-package: firehol (1.256-4) file: /sbin/firehol Binary-package: aview (1.3.0rc1-8) file: /usr/bin/asciiview Binary-package: radiance (3R9+20080530-3) file: /usr/bin/optics2rad file: /usr/bin/pdelta file: /usr/bin/dayfact file: /usr/bin/raddepend
Bug#496416: The possibility of attack with the help of symlinks in some Debian packages
Package: xmcd Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Even if you create files or directories with help of function 'RANDOM' or pid(), then your system is not protected. Attacker can create many symlinks in order to destroy your data or create 'denial of service' for your package scripts. Even if you make rm(dir) for files/directories, then your system is not protected. Attacker can permanently create symlinks. This list is created with the help of script. This list is sorted by hand. Howewer in some cases mistake is possible. Please, Be understanding to possible mistakes. :) I set Severity into grave for this bug. The table of discovered problems is below. Discussion of this bug you can see in debian-devel@: http://lists.debian.org/debian-devel/2008/08/msg00271.html Binary-package: r-base-core-ra (1.1.1-1) file: /usr/lib/Ra/lib/R/bin/javareconf Binary-package: rccp (0.9-2) file: /usr/lib/rccp/delqueueask Binary-package: mafft (6.240-1) file: /usr/bin/mafft-homologs Binary-package: openoffice.org-common (1:2.4.1-6) file: /usr/lib/openoffice/program/senddoc Binary-package: crossfire-maps (1.11.0-1) file: /usr/share/games/crossfire/maps/Info/combine.pl Binary-package: sgml2x (1.0.0-11.1) file: /usr/bin/rlatex Binary-package: liguidsoap (0.3.6-4) file: /var/lib/liguidsoap/liguidsoap.py Binary-package: citadel-server (7.37-1) file: /usr/lib/citadel-server/migrate_aliases.sh Binary-package: ampache (3.4.1-1) file: /usr/share/ampache/www/locale/base/gather-messages.sh Binary-package: xen-utils-3.2-1 (3.2.1-2) file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug Binary-package: dtc-common (0.29.6-1) file: /usr/share/dtc/admin/accesslog.php file: /usr/share/dtc/admin/sa-wrapper Binary-package: honeyd-common (1.5c-3) file: /usr/share/honeyd/scripts/test.sh Binary-package: lustre-tests (1.6.5-1) file: /usr/lib/lustre/tests/runiozone Binary-package: linuxtrade (3.65-8+b4) file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol file: /usr/share/linuxtrade/bin/linuxtrade.wn file: /usr/share/linuxtrade/bin/moneyam.helper Binary-package: freevo (1.8.1-0) file: /usr/bin/freevo.real Binary-package: fml (4.0.3.dfsg-2) file: /usr/share/fml/libexec/mead.pl Binary-package: rkhunter (1.3.2-3) file: /usr/bin/rkhunter Binary-package: openswan (1:2.4.12+dfsg-1.1) file: /usr/lib/ipsec/livetest Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest Binary-package: aptoncd (0.1-1.1) file: /usr/share/aptoncd/xmlfile.py Binary-package: cdcontrol (1.90-1.1) file: /usr/lib/cdcontrol/writtercontrol Binary-package: newsgate (1.6-23) file: /usr/bin/mkmailpost Binary-package: gpsdrive-scripts (2.10~pre4-3) file: /usr/bin/geo-code Binary-package: impose+ (0.2-11) file: /usr/bin/impose Binary-package: mgt (2.31-5) file: /usr/games/mailgo Binary-package: audiolink (0.05-1) file: /usr/bin/audiolink Binary-package: ibackup (2.27-4.1) file: /usr/bin/ibackup Binary-package: emacspeak (26.0-3) file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl Binary-package: bk2site (1:1.1.9-3.1) file: /usr/lib/cgi-bin/bk2site/redirect.pl Binary-package: datafreedom-perl (0.1.7-1) file: /usr/bin/dfxml-invoice Binary-package: emacs-jabber (0.7.91-1) file: /usr/lib/emacsen-common/packages/install/emacs-jabber Binary-package: lmbench (3.0-a7-1) file: /usr/lib/lmbench/scripts/rccs file: /usr/lib/lmbench/scripts/STUFF Binary-package: rancid-util (2.3.2~a8-1) file: /var/lib/rancid/getipacctg Binary-package: ogle (0.9.2-5.2) file: /usr/lib/ogle/ogle_audio_debug file: /usr/lib/ogle/ogle_cli_debug file: /usr/lib/ogle/ogle_ctrl_debug file: /usr/lib/ogle/ogle_gui_debug file: /usr/lib/ogle/ogle_mpeg_ps_debug file: /usr/lib/ogle/ogle_mpeg_vs_debug file: /usr/lib/ogle/ogle_nav_debug file: /usr/lib/ogle/ogle_vout_debug Binary-package: firehol (1.256-4) file: /sbin/firehol Binary-package: aview (1.3.0rc1-8) file: /usr/bin/asciiview Binary-package: radiance (3R9+20080530-3) file: /usr/bin/optics2rad file: /usr/bin/pdelta file: /usr/bin/dayfact file: /usr/bin/raddepend Binary-package:
Bug#495705: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages
Package: lintian Tags: patch, security Severity: wishlist Hello, lintan maintainers! please, see full discussion in -devel: http://lists.debian.org/debian-devel/2008/08/msg00271.html for example, see the bug http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648 (if attacker makes symlink from /tmp/twiki to /etc/shadow, then he takes full access to the system (when twiki installs or upgrades)) Hi all! I wrote the check script for the lintian package. This additional check verifies the debian packages for the presents of the discussed bug. Notes and additions are welcome. patch has been placed in attache PS: X11 also uses the /tmp/.X11-unix directory, which may be used for attacks, I don't known :( but many scripts (in different packages) use /tmp/.X11-unix, if this is not a security problem, may be I must add ignoring for this directory in the lintian script? I don't known yet :( DEO This message about the error concerns a few packages at once. I've DEO tested all the packages on my Debian mirror. (post|pre)(inst|rm) and DEO config scripts were tested. DEO In some packages I've discovered scripts with errors which may be used DEO by a user for damaging important system files. DEO For example if a script uses in its work a temp file which is created DEO in /tmp directory, then every user can create symlink with the same DEO name in this directory in order to destroy or rewrite some system DEO file. DEO I set Severity into grave for this bug. The table of discovered DEO problems is below. -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 --- checks/symlink_attack 1970-01-01 03:00:00.0 +0300 +++ checks/symlink_attack 2008-08-19 23:11:44.0 +0400 @@ -0,0 +1,114 @@ +# symlink_attack -- lintian check script -*- perl -*- +# +# Copyright (C) 2008 Dmitry E. Oboukhov [EMAIL PROTECTED] +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. + +package Lintian::symlink_attack; +use strict; +use Tags; + +# check file +# +# the parameters: +# 1. name of check file +# 2. error template +# 3. warning template +sub check_file($$$) +{ + my ($file_name, $err_tmpl, $warn_tmpl)[EMAIL PROTECTED]; + +open my $file, '', $file_name +or die Can not open file `$file_name': $!\n; + +$file_name =~ s/^..// if $file_name =~ m{^\./}; +$file_name =~ s{^debfiles/}{debian/}; + +# read begin of shebang +local $_; +return unless 10 == read $file, $_, 10; +return unless m{^#!\s*/}; +seek $file, 0, 0; + +$_ = $file; +return unless m{^#!\s*(?:/\S+){2,}}; + +# read all file content +# (remove comments, join backslash-ended string) +$_ = join '', map { s/#.*/\n/; s/\\$//; $_ } readline $file; + +# errors +my $errors_found; +if (m{\s*/tmp/} or m{(?:^|[|\s])tee\s+(?:-\S+\s+)*/tmp/}m) +{ +$errors_found=1; +tag $err_tmpl, $file_name (pipe); +} + +my @wh = m{(mount|mkdir|chown|chmod)\s[^;]*?/tmp/}g; +# remove dups +@wh = keys %{{ map {($_,0)} @wh }}; +if (@wh) +{ + $errors_found=1; +tag $err_tmpl, $file_name ($_) for @wh; +} + +# warnings +unless ($errors_found) +{ +tag $warn_tmpl, $file_name if m{\s+/tmp/}; +} +} + + +sub run +{ + my ($package, $type)=(@_); + +my @check_files; + +# check maintainer scripts + if ($type eq 'source') + { + @check_files= + grep /(((pre|post)(inst|rm))|(config))(?:\.in)?$/, + glob ('debfiles/*'); + } + else + { + @check_files= + grep /(((pre|post)(inst|rm))|(config))$/, glob ('control/*'); + } +check_file $_ = 'maint-scripts-uses-tmp-err', +'maint-scripts-uses-tmp-warn' for @check_files; + +# check binary all files in the package +if ($type eq 'binary') +{ + chdir 'unpacked'; + open my $dir, '-|', 'find -type f -executable' + or die Can not start find: $!; + while($dir) + { + chomp; + check_file $_ = 'scripts-uses-tmp-err', 'scripts-uses-tmp-warn'; + } + chdir '..'; +} +} + +1; + +# vim: syntax=perl ts=4 sw=4 expandtab --- checks/symlink_attack.desc 1970-01-01 03:00:00.0 +0300 +++ checks/symlink_attack.desc 2008-08-19 21:42
Bug#494648: RFS: Second try for twiki-ldapcontrib, new upstream version - Re: RFS: twiki-ldapcontrib - LDAP services for TWiki
VB frustratingly, I'm not a DD VB and Worse. I have an emergency update to TWiki for a security issue that VB needs fixing for Lenny, but I have no DD to help me upload it VB Anyone here willing to do a quick package upload of TWiki in the next VB day? VB Hi Sven! VB I would be happy to upload your fix but I disagree with it. As pointed VB by Olivier at the end of the bug report, /tmp can be flushed at boot or VB by some cronjobs. Therefore, you cannot ensure that the twiki directory VB still exists when twiki will be running. Before upload please check that twiki postinst script is save previous twiki session dir (The NEW installation may use any session dirs, upgrade must use directory of twiki-config) see my prevoius mail and (for example) my version of patch :) VB I cannot give an universal solution, but in Roundcube, we use VB /var/lib/roundcube/temp and we provide a cron job that will clean it VB every m days where m can be set by the user in /etc/default/roundcube VB (and I just noticed that this is broken... will upload a fix). This way, VB we don't fill up /var but we don't rely on anything in /tmp. Moreover, VB we don't have to handle a complex script in postinst to circumvent VB symlinks attacks. VB The problem with webapps is that we don't have a clear policy of what to VB do. You can just look at other packages, like phpmyadmin, mediawiki, VB etc. Each attempt to establish a webapps policy seems to be aborted. -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#494507: fluxbox: crash after clicking on an icon on the taskbar
tags 494507 unreproducible thanks Please, test experimental version :) -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#494648: The possibility of attack with the help of symlinks in some Debian packages
tags 494648 patch thanks Hi, Sven see my patch, please -- . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 diff -u twiki-4.1.2/debian/changelog twiki-4.1.2/debian/changelog --- twiki-4.1.2/debian/changelog +++ twiki-4.1.2/debian/changelog @@ -1,3 +1,12 @@ +twiki (1:4.1.2-3.3) unstable; urgency=low + + * Non-maintainer upload. + * Fix security hole, closes: #494648. + * Build instructions moved from section -arch to -indep (closes lintian +warning). + + -- Dmitry E. Oboukhov [EMAIL PROTECTED] Thu, 14 Aug 2008 10:23:41 +0400 + twiki (1:4.1.2-3.2) unstable; urgency=high * Non-maintainer upload. diff -u twiki-4.1.2/debian/LocalSite.cfg twiki-4.1.2/debian/LocalSite.cfg --- twiki-4.1.2/debian/LocalSite.cfg +++ twiki-4.1.2/debian/LocalSite.cfg @@ -11,8 +11,8 @@ $TWiki::cfg{Site}{CharSet} = 'iso-8859-15'; $TWiki::cfg{LoginManager} = 'TWiki::Client::ApacheLogin'; $TWiki::cfg{Plugins}{WysiwygPlugin}{Enabled} = 1; -$TWiki::cfg{RCS}{WorkAreaDir} = '/tmp/twiki'; -$TWiki::cfg{TempfileDir} = '/tmp/twiki'; +$TWiki::cfg{RCS}{WorkAreaDir} = '-UNDEFINED_TEMP_DIR-'; +$TWiki::cfg{TempfileDir} = '-UNDEFINED_TEMP_DIR-'; $TWiki::cfg{WorkingDir} = '/var/lib/twiki/working'; 1; diff -u twiki-4.1.2/debian/postinst twiki-4.1.2/debian/postinst --- twiki-4.1.2/debian/postinst +++ twiki-4.1.2/debian/postinst @@ -10,6 +10,29 @@ # Source debconf library. . /usr/share/debconf/confmodule +MAIN_CONFIG=/etc/twiki/LocalSite.cfg +CONFIG_TEMP_DIR=`cat $MAIN_CONFIG \ +|sed 's/#.*//'| grep TempfileDir | tail -n1\ +|sed s/.*\?=[[:space:]]*'\(.*\?\)'.*/\1/` +UNDEFINED_TEMP_DIR_PATTERN='-UNDEFINED_TEMP_DIR-' +TWIKI_SESSION_DIR=/tmp/twiki# first attempt to /tmp/twiki + +TWIKI_SESSION_PERMISSIONS=1770 + +create_session_dir() +{ +# We make TWIKI_SESSION_DIR +if ! mkdir $TWIKI_SESSION_DIR /dev/null; then +TWIKI_SESSION_DIR=`mktemp -d /tmp/twiki.XX` +fi +chmod $TWIKI_SESSION_PERMISSIONS $TWIKI_SESSION_DIR +chown $TWIKI_OWNER:www-data $TWIKI_SESSION_DIR + +perl -pi \ +-e s[(TempfileDir|WorkAreaDir).*][\$1} = '$TWIKI_SESSION_DIR';] \ +$MAIN_CONFIG +} + # summary of how this script can be called: #* postinst `configure' most-recently-configured-version @@ -58,7 +81,7 @@ db_get twiki/defaultUrlHost # be more robust later: -perl -pi~ -e '$U=q{'$RET'}; s{http://your.domain.com}{$U}g;' /etc/twiki/LocalSite.cfg +perl -pi~ -e '$U=q{'$RET'}; s{http://your.domain.com}{$U}g;' $MAIN_CONFIG perl -pi~ -e '$U=q{'$RET'}; s{http://your.domain.com}{$U}g;' /etc/twiki/apache.conf #remove the double //cgi-bin caused by putting a / at the end of the hostUrl perl -pi~ -e 's{/(/cgi-bin)}{$1}g;' /etc/twiki/apache.conf @@ -155,15 +178,26 @@ fi chown $TWIKI_OWNER.www-data /var/lib/twiki/working/work_areas - #, mailnotify etc may be running _not_ as www-data - #and for some reason create a session - #use 1777 to prevent third parties replacing the file with a doctored one - #put into /tmp/twiki so that the open dir can't be used by others to fill up /var, thus crashing all logging - if [ ! -e /tmp/twiki ]; then - mkdir /tmp/twiki - fi - chmod 1777 /tmp/twiki - chown $TWIKI_OWNER.www-data /tmp/twiki + +# create session dir (if needed) +if echo $CONFIG_TEMP_DIR|grep -q -- $UNDEFINED_TEMP_DIR_PATTERN; then + # NEW install + create_session_dir +else + if test -d $TWIKI_SESSION_DIR; then +found_owner=`ls -ld $TWIKI_SESSION_DIR|awk '{ print $3 }'` +found_group=`ls -ld $TWIKI_SESSION_DIR|awk '{ print $4 }'` +if ! test $found_owner = $TWIKI_OWNER -a \ + $found_group = www-data; then + # error permissions, recreate +create_session_dir +fi +else +# $TWIKI_SESSION_DIR is not a directory + create_session_dir +fi +fi + chmod $TWIKI_SESSION_PERMISSIONS $TWIKI_SESSION_DIR #add softlinks to make adding plugins easier () if [ ! -e /var/lib/twiki/lib ]; then @@ -181,7 +215,7 @@ chown -R $TWIKI_OWNER.www-data /var/log/twiki chmod -R 755 /var/log/twiki - chown $TWIKI_OWNER.www-data /etc/twiki/LocalSite.cfg + chown $TWIKI_OWNER.www-data $MAIN_CONFIG # erase configuser password db_reset twiki/adminpassword diff -u twiki-4.1.2/debian/rules twiki-4.1.2/debian/rules --- twiki-4.1.2/debian/rules +++ twiki-4.1.2/debian/rules @@ -124,10 +124,6 @@ # Build architecture-independent files here. binary-indep: build install -# We have nothing to do by default. - -# Build architecture-dependent files here. -binary-arch: build install dh_testdir dh_testroot dh_installdebconf @@ -156,6 +152,10 @@ dh_md5sums dh_builddeb
Bug#494648: closed by Sven Dowideit [EMAIL PROTECTED] (duplicate of Bug#444982, which was fixed in Oct 2007)
reopen 494648 thanks If you want, You may merge the bugs 444982 494648, dont close! $ ln -s /etc/shadow /tmp/twiki $ LANG=C sudo apt-get install twiki Reading package lists... Done Building dependency tree Reading state information... Done Setting up twiki (1:4.1.2-3.2) ... Adding password for user TWikiGuest Adding password for user admin reloading apache2 config Reloading web server config: apache2. $ ll /etc/shadow -rwxrwxrwt 1 www-data www-data 1339 Июл 28 10:26 /etc/shadow On 12:09 Wed 13 Aug , Debian Bug Tracking System wrote: DBTS This is an automatic notification regarding your Bug report DBTS which was filed against the twiki package: DBTS #494648: The possibility of attack with the help of symlinks in some Debian packages DBTS It has been closed by Sven Dowideit [EMAIL PROTECTED]. DBTS Their explanation is attached below along with your original report. DBTS If this explanation is unsatisfactory and you have not received a DBTS better one in a separate message then please contact Sven Dowideit [EMAIL PROTECTED] by DBTS replying to this email. DBTS -- DBTS 494648: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648 DBTS Debian Bug Tracking System DBTS Contact [EMAIL PROTECTED] with problems DBTS Date: Wed, 13 Aug 2008 22:06:46 +1000 DBTS From: Sven Dowideit [EMAIL PROTECTED] DBTS To: [EMAIL PROTECTED] DBTS Subject: duplicate of Bug#444982, which was fixed DBTS in Oct 2007 DBTS User-Agent: Mozilla-Thunderbird 2.0.0.16 DBTS (X11/20080724) DBTS http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444982 DBTS Implemented Joey's suggestion of 1777 O_EXCL - mostly the files in DBTS /tmp are written by CGI::Session, that takes care of things. DBTS Also moved the 1777 tmp dir back to /tmp/twiki, as per Nico's point wrt DBTS to filling /var DBTS -- DBTS Professional Wiki Innovation and Support DBTS Sven Dowideit - http://DistributedINFORMATION.com DBTS A WikiRing Partner - http://wikiring.com DBTS Public key - DBTS http://pgp.mit.edu:11371/pks/lookup?search=Sven+Dowideitop=indexexact=on DBTS Date: Mon, 11 Aug 2008 10:57:56 +0400 DBTS From: Dmitry E. Oboukhov [EMAIL PROTECTED] DBTS To: [EMAIL PROTECTED] DBTS Subject: The possibility of attack with the help of DBTS symlinks in some Debian packages DBTS Package: twiki DBTS Severity: grave DBTS Tags: security DBTS This message about the error concerns a few packages at once. I've DBTS tested all the packages on my Debian mirror. (post|pre)(inst|rm) and DBTS config scripts were tested. DBTS In some packages I've discovered scripts with errors which may be used DBTS by a user for damaging important system files. DBTS For example if a script uses in its work a temp file which is created DBTS in /tmp directory, then every user can create symlink with the same DBTS name in this directory in order to destroy or rewrite somesystem DBTS file. DBTS I set Severity into grave for this bug. The tableof discovered DBTS problems is below. DBTS +--+-+-- DBTS |package | script | file for attack DBTS +--+-+-- DBTS | mplayer-1.0~rc2 | config | /tmp/HACK (pipe) DBTS | | | DBTS | nws-2.13 | postinst | /tmp/nws.debug (cp) DBTS | | | DBTS | ppp-2.4.4rel | postinst | /tmp/probe-finished (rm -f, pipe) DBTS | | postinst | /tmp/ppp-errors (rm -f, pipe) DBTS | ppp-udeb | /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp) DBTS | | | DBTS | twiki-4.1.2 | postinst | /tmp/twiki (chmod 1777, chown) DBTS +--+-+-- -- ... mpd playing: U.D.O. - Man And Machine . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#494648: The possibility of attack with the help of symlinks in some Debian packages
On 13:57 Wed 13 Aug , Steve Kemp wrote: SK On Wed Aug 13, 2008 at 22:51:00 +1000, Sven Dowideit wrote: SK no, its got nothing to do with /var/lib/twiki/data etc, its the location SK for session data - produced by CGI::Session etc. SK Yes it does. SK The code we're talking about is contained in the file debian/postinst, SK and only executes under the following condition: SK # create initial htpasswd, if needed SK if [ -e /var/lib/twiki/data ]; then SK ... SK ... SK #create securer-twiki session dir SK mkdir ... SK fi SK My understanding of the discussion thus far is: SK a. This is a genuine bug. SK b. Which has been fixed. Where? $curl http://ftp.nl.debian.org/debian/pool/main/t/twiki/twiki_4.1.2-3.2.diff.gz 2/dev/null|gunzip|grep -A 219 '^[+]\{3\}.*postinst'|grep '/tmp/' + #put into /tmp/twiki so that the open dir can't be used by others to fill up /var, thus crashing all logging + if [ ! -e /tmp/twiki ]; then + mkdir /tmp/twiki + chmod 1777 /tmp/twiki + chown $TWIKI_OWNER.www-data /tmp/twiki http://packages.qa.debian.org/t/twiki.html Stable 1:4.0.5-9.1 Testing 1:4.1.2-3.2 Unstable 1:4.1.2-3.2 for etch: $ curl http://ftp.nl.debian.org/debian/pool/main/t/twiki/twiki_4.0.5-9.1.diff.gz 2/dev/null |gunzip|grep -A 219 '^[+]\{3\}.*postinst'|grep '/tmp/' + if [ ! -e /tmp/twiki ]; then + mkdir /tmp/twiki + chmod 777 /tmp/twiki + chown $TWIKI_OWNER.www-data /tmp/twiki SK c. Except in Etch. and lenny and sid SK Steve -- ... mpd playing: U.D.O. - Man And Machine . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#494648: The possibility of attack with the help of symlinks in some Debian packages
On 00:38 Thu 14 Aug , Sven Dowideit wrote: SD No, I was told by Nico or Joey that web apps should not be filling up SD the /var filesystem with session files. SD this is apparently also _not_ a solution. SD /tmp was determined in October 2007 as the best place Ok, Yoy can do it (in your postinst): twiki_session_dir=`mktemp -d /tmp/twiki.XX` chown www-data:www-data $twiki_session_dir # or chown $TWIKI_OWNER:www-data chmod 0750 $twiki_session_dir # or chmod 1770 if $TWIKI_OWNER != www-data perl -pi -e s/(TempfileDir).*/$1} = '$twiki_session_dir'; \ /etc/twiki/LocalSite.cfg attributes must be 0750 or 0770 or 0700 if owner==www-data or 1770 if owner != www-data ($TWIKI_OWNER) -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#494648: The possibility of attack with the help of symlinks in some Debian packages
SD On 00:38 Thu 14 Aug , Sven Dowideit wrote: SD No, I was told by Nico or Joey that web apps should not be filling up SD the /var filesystem with session files. SD SD this is apparently also _not_ a solution. SD SD /tmp was determined in October 2007 as the best place SD SD Ok, Yoy can do it (in your postinst): SD SD twiki_session_dir=`mktemp -d /tmp/twiki.XX` SD chown www-data:www-data $twiki_session_dir # or chown $TWIKI_OWNER:www-data SD chmod 0750 $twiki_session_dir # or chmod 1770 if $TWIKI_OWNER != www-data SD perl -pi -e s/(TempfileDir).*/$1} = '$twiki_session_dir'; \ SD /etc/twiki/LocalSite.cfg SD SD attributes must be 0750 or 0770 or 0700 if owner==www-data SD or 1770 if owner != www-data ($TWIKI_OWNER) SD SD and then on upgrade, create another one because the user selected to SD overwrite the cfg, and so on - sounds like its less of a solution than SD to use a predictable dir, with a more appropriate attempt to make sure SD its safe. SD it worries me that you appear to be contradicting the permissions I was SD required to set up for #444982 - I'm not quite sure who's advice should SD get priority - Joey's or yours. SD Perhaps I should set up a google fight. Full algorithm: 1. You change debian/LocalSite.cfg: s{/tmp/wiki}{#UNDEFINED_TEMP_DIR#}; 2. in postinst You do: 2.1 if grep -q #UNDEFINED_TEMP_DIR# /etc/twiki/LocalSite.cfg; then twiki_session_dir=`mktemp -d /tmp/twiki.XX` perl -pi -e \ s/(TempfileDir).*/$1} = '$twiki_session_dir';/ \ /etc/twiki/LocalSite.cfg chown $TWIKI_OWNER:www-data $twiki_session_dir else twiki_session_dir=`grep TempfileDir /etc/twiki/LocalSite.cfg \ | sed s/=[[:space:]]*'//|sed s/'.*//` fi # [1] chmod 1770 $twiki_session_dir in [1] you can insert the verification code, for example: if test -d $twiki_session_dir; then # $twiki_session_dir is directory and exists found_owner=`ls -l $twiki_session_dir|awk '{ print $3 }'` found_group=`ls -l $twiki_session_dir|awk '{ print $4 }'` if test $found_owner = $TWIKI_OWNER -a \ $found_group = www-data; then # previous install is ok (owner:group) else # unknown owner fi else # $twiki_session_dir is not directory # you can recreate it with new path fi 3. You can show errors with help of debhelper's dialogs. -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#494650: The possibility of attack with the help of symlinks in some Debian packages
Package: nws Severity: grave Tags: security This message about the error concerns a few packages at once. I've tested all the packages on my Debian mirror. (post|pre)(inst|rm) and config scripts were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system file. I set Severity into grave for this bug. The table of discovered problems is below. +--+-+-- |package | script | file for attack +--+-+-- | mplayer-1.0~rc2 | config | /tmp/HACK (pipe) | | | | nws-2.13 | postinst | /tmp/nws.debug (cp) | | | | ppp-2.4.4rel | postinst | /tmp/probe-finished (rm -f, pipe) | | postinst | /tmp/ppp-errors (rm -f, pipe) | ppp-udeb | /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp) | | | | twiki-4.1.2 | postinst | /tmp/twiki (chmod 1777, chown) +--+-+-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494648: The possibility of attack with the help of symlinks in some Debian packages
Package: twiki Severity: grave Tags: security This message about the error concerns a few packages at once. I've tested all the packages on my Debian mirror. (post|pre)(inst|rm) and config scripts were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system file. I set Severity into grave for this bug. The table of discovered problems is below. +--+-+-- |package | script | file for attack +--+-+-- | mplayer-1.0~rc2 | config | /tmp/HACK (pipe) | | | | nws-2.13 | postinst | /tmp/nws.debug (cp) | | | | ppp-2.4.4rel | postinst | /tmp/probe-finished (rm -f, pipe) | | postinst | /tmp/ppp-errors (rm -f, pipe) | ppp-udeb | /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp) | | | | twiki-4.1.2 | postinst | /tmp/twiki (chmod 1777, chown) +--+-+-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494649: The possibility of attack with the help of symlinks in some Debian packages
Package: ppp Severity: grave Tags: security This message about the error concerns a few packages at once. I've tested all the packages on my Debian mirror. (post|pre)(inst|rm) and config scripts were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system file. I set Severity into grave for this bug. The table of discovered problems is below. +--+-+-- |package | script | file for attack +--+-+-- | mplayer-1.0~rc2 | config | /tmp/HACK (pipe) | | | | nws-2.13 | postinst | /tmp/nws.debug (cp) | | | | ppp-2.4.4rel | postinst | /tmp/probe-finished (rm -f, pipe) | | postinst | /tmp/ppp-errors (rm -f, pipe) | ppp-udeb | /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp) | | | | twiki-4.1.2 | postinst | /tmp/twiki (chmod 1777, chown) +--+-+-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494647: The possibility of attack with the help of symlinks in some Debian packages
Package: mplayer Severity: grave Tags: security This message about the error concerns a few packages at once. I've tested all the packages on my Debian mirror. (post|pre)(inst|rm) and config scripts were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system file. I set Severity into grave for this bug. The table of discovered problems is below. +--+-+-- |package | script | file for attack +--+-+-- | mplayer-1.0~rc2 | config | /tmp/HACK (pipe) | | | | nws-2.13 | postinst | /tmp/nws.debug (cp) | | | | ppp-2.4.4rel | postinst | /tmp/probe-finished (rm -f, pipe) | | postinst | /tmp/ppp-errors (rm -f, pipe) | ppp-udeb | /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp) | | | | twiki-4.1.2 | postinst | /tmp/twiki (chmod 1777, chown) +--+-+-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494507: fluxbox: crash after clicking on an icon on the taskbar
Please, create backtrace report, put out the command: $ ulimit -c unlimited (for enable creating core-dumps) after crash (core file 'll be created) use $ gdb /usr/bin/fluxbox $HOME/core bt On 10:15 Sun 10 Aug , Torsten Wiebke wrote: TW Package: fluxbox TW Version: 1.0.0+deb1-8 TW Severity: important TW Hi, TW fluxbox crashes after clicking on an icon on the taskbar (I know it TW is TW not the right name). TW In my case fluxbox crashes after clicking on the icon from TW claws-mail TW and one time ofter changing the workspace by the wheel of the TW mouse. TW Thanks for Your work. Fluxbox is great. TW Thanks TW Torsten TW -- System Information: TW Debian Release: lenny/sid TW APT prefers testing TW APT policy: (990, 'testing'), (90, 'unstable') TW Architecture: i386 (i686) TW Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core) TW Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) TW Shell: /bin/sh linked to /bin/bash TW Versions of packages fluxbox depends on: TW ii libc6 2.7-13 GNU C Library: Shared libraries TW ii libfontconfig12.6.0-1generic font configuration library TW ii libgcc1 1:4.3.1-2 GCC support library TW ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library TW ii libimlib2 1.4.0-1.1 powerful image loading and renderi TW ii libsm62:1.0.3-2 X11 Session Management library TW ii libstdc++64.3.1-2The GNU Standard C++ Library v3 TW ii libx11-6 2:1.1.4-2 X11 client-side library TW ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar TW ii libxft2 2.1.12-3 FreeType-based font drawing librar TW ii libxinerama1 2:1.0.3-2 X11 Xinerama extension library TW ii libxpm4 1:3.5.7-1 X11 pixmap library TW ii libxrandr22:1.2.3-1 X11 RandR extension library TW ii libxrender1 1:0.9.4-2 X Rendering Extension client libra TW ii menu 2.1.39 generates programs menu for all me TW fluxbox recommends no packages. TW Versions of packages fluxbox suggests: TW ii fbdesk1.4.1-3Desktop icons for window managers TW ii fbpager 0.1.4-5.1 a pager application for the Fluxbo TW ii fluxconf 0.9.9-1FluxBox configuration utility TW -- no debconf information -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#494319: error indent_string
Package: mutt Tags: l10n my muttrc contains record: set indent_string=%F (or set indent_string=%f ) If I press to 'reply' on mail with header: From: Vasiliy Pupkin [EMAIL PROTECTED] then I look such text: Vasiliy Pupkin text... Vasiliy Pupkin text... Vasiliy Pupkin text... If I press to 'reply' on mail width header: From: Василий Пупкин [EMAIL PROTECTED] (encoded by RFC) then I look such text: text... text... text... 'indent_string' does not work in this case. must be: Василий Пупкин text... examples of 'From': From: =?koi8-r?Q?=F0=CF=CB=CF=D4=C9=CC=C5=CE=CB=CF_?= =?koi8-r?Q?=EB=CF=D3=D4=C9=CB?= [EMAIL PROTECTED] (Thunderbird) From: =?windows-1251?Q?=CC=E0=E9=EE=F0=EE=E2=F1=EA=E8=E9_=CC=E0=EA=F1=E8?= =?windows-1251?Q?=EC?= [EMAIL PROTECTED] (Evolution) From: =?UTF-8?B?0JHRi9C60LDQvdC+0LIg0KHQtdGA0LPQtdC5?= [EMAIL PROTECTED] (Thunderbird) -- ... mpd playing: WASP - The Headless Children . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#493966: FBFS on sparc. error: call of overloaded 'pack(uint)' is ambiguous
retitle 493966 FBFS on alpha, arm, armel, hppa, m68k, mips, mipsel, powerpc, s390, sparc error: call of overloaded 'pack(uint)' is ambiguous... tags 493966 patch thanks see attache see also patch for build on ia64 :) -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 --- plugins/icq/icqlists.cpp2008-06-27 02:38:29.0 +0400 +++ plugins/icq/icqlists.cpp2008-08-06 11:05:58.0 +0400 @@ -1078,7 +1078,7 @@ snac(ICQ_SNACxFOOD_LISTS, cmd, true); QCString sName = name.utf8(); -socket()-writeBuffer().pack(htons(sName.length())); +socket()-writeBuffer().pack((long unsigned int)htons(sName.length())); socket()-writeBuffer().pack(sName.data(), sName.length()); socket()-writeBuffer() grp_id --- debian/rules2008-08-06 11:18:41.0 +0400 +++ debian/rules2008-08-06 11:18:31.0 +0400 @@ -47,31 +47,48 @@ touch $@ binary-arch: install -# required + dh_testdir + dh_testroot + dh_installchangelogs-psim -psim-qt + dh_installdocs -psim -psim-qt + dh_installman -psim -psim-qt + dh_installmenu -psim -psim-qt + dh_install -psim -psim-qt + dh_lintian -psim -psim-qt + dh_link -psim -psim-qt + dh_strip-psim -psim-qt + dh_installdebconf -psim -psim-qt + dh_compress -psim -psim-qt + dh_fixperms -psim -psim-qt + dh_makeshlibs -psim -psim-qt + dh_installdeb -psim -psim-qt + dh_shlibdeps-psim -psim-qt + dh_gencontrol -psim -psim-qt + dh_md5sums -psim -psim-qt + dh_builddeb -psim -psim-qt -- -Z bzip2 binary-indep: install -# required - -binary: binary-arch binary-indep dh_testdir dh_testroot - dh_installchangelogs - dh_installdocs - dh_installman - dh_installmenu - dh_install - dh_lintian - dh_link - dh_strip - dh_installdebconf - dh_compress - dh_fixperms - dh_makeshlibs - dh_installdeb - dh_shlibdeps - dh_gencontrol - dh_md5sums - dh_builddeb -- -Z bzip2 + dh_installchangelogs-psim-data + dh_installdocs -psim-data + dh_installman -psim-data + dh_installmenu -psim-data + dh_install -psim-data + dh_lintian -psim-data + dh_link -psim-data + dh_strip-psim-data + dh_installdebconf -psim-data + dh_compress -psim-data + dh_fixperms -psim-data + dh_makeshlibs -psim-data + dh_installdeb -psim-data + dh_shlibdeps-psim-data + dh_gencontrol -psim-data + dh_md5sums -psim-data + dh_builddeb -psim-data -- -Z bzip2 + +binary: binary-arch binary-indep .PHONY: build \ clean \ signature.asc Description: Digital signature
Bug#309898: moving window on xinerama sometimes unexpectedly transposes window by a screenwidth
TL Please check if this bug is also contained in the current TL (1.0rc3 or 1.0rc3+svn) version ? TL I checked with the version 1.0.0+deb1-8 in Sid and the bug is still TL there (I mean the screen offset bug). Very annoying since it happens TL often in my system. please, see also fluxbox from experimental :) -- . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#492953: new upstream version available
Package: hedgewars Version: 0.9.5 Severity: normal new upstream version available -- ... mpd playing: U.D.O. - Fistful Of Anger . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#492688: mutt: cache ignoring
Package: mutt Version: 1.5.17+20080114-1+b1 I subscribed to many maillists. For example debian-devel and debian-devel-announce. debian-devel-announce has very small traffic, so I setted my procmail for both lists tol be put into one maildir. debian-devel and debian-devel-announce are kept in one maildir. I want them to differ by colors. I added to my muttrc next lines: color index red black ~h '^List-Id:.*-announce' !~U color index brightred black ~h '^List-Id:.*-announce' ~U color index red black ~h '^List-Id:.*-announce' !~N color index brightred black ~h '^List-Id:.*-announce' ~N color index brightgreen black ~N !~h '^List-Id:.*-announce' color index brightgreen black ~U !~h '^List-Id:.*-announce' Mutt has to reload mails permanently (from imap) and it takes very long time (one PgUp/PgDown refresh per 1-5 seconds). Muttrc option header_cache is ignored: set header_cache=$HOME/.mutt/cache If I do remove (or comment) for color options, then mutt works fine. -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#492037: incorrect behaviour of perldoc with UTF-8 texts
Package: perl Version: 5.10.0-10 Tags: l10n Severity: important In attache You can found pod with russian symbols in utf-8 charset. This file is showed incorrectly: =begin of cut EXAMPLE_RUSSIAN(1)User Contributed Perl Documentation EXAMPLE_RUSSIAN(1) X1 N~XX N~XN~XN~XN~ N~XXXN~XN~X N~XXN~X N~XXXN~XXX 1 N~XXXN~XN~X XN~XXXN~XN~XX =end cut Perldoc from Etch works fine. pod2text works tolerably, but letters 'Э' (1069 == ord 'Э'), 'И' (1048 == ord 'И') will be replaced to symbol 'Ð' pod2man works as perldoc pod2html works fine PS: apache:[~]$ zcat /usr/share/doc/perl/changelog.Debian.gz|dpkg-parsechangelog -l- Source: perl Version: 5.10.0-10 Distribution: unstable Urgency: low Maintainer: Niko Tyni [EMAIL PROTECTED] Date: Thu, 08 May 2008 14:32:30 +0300 Closes: 479460 479762 479863 Changes: perl (5.10.0-10) unstable; urgency=low . * Integrate NMU, thanks Bastian. * Make h2ph allow the quote mark delimiter also for those #include directives chased with h2ph -a. (Closes: #479762) * Adjust manual page sections in Module::Build::Base for the Debian Perl policy. (Closes: #479460) * Disable the v-string in use/require is non-portable warning again. (Closes: #479863) apache:[~]$ zcat /usr/share/doc/perl-doc/changelog.Debian.gz|dpkg-parsechangelog -l- Source: perl Version: 5.10.0-10 Distribution: unstable Urgency: low Maintainer: Niko Tyni [EMAIL PROTECTED] Date: Thu, 08 May 2008 14:32:30 +0300 Closes: 479460 479762 479863 Changes: perl (5.10.0-10) unstable; urgency=low . * Integrate NMU, thanks Bastian. * Make h2ph allow the quote mark delimiter also for those #include directives chased with h2ph -a. (Closes: #479762) * Adjust manual page sections in Module::Build::Base for the Debian Perl policy. (Closes: #479460) * Disable the v-string in use/require is non-portable warning again. (Closes: #479863) -- ... mpd playing: Manowar - Today Is A Good Day To Die . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 =head1 заголовок1 Это русский текст =over =item элемент списка 1 текст привязанный к элементу списка 1 =item элемент списка 2 текст привязанный к элементу списка 2 =back просто параграф текста И снова русский текст. Это опять русский текст. =head1 Это русские заглавные буквы: Й Ц У К Е Н Г Ш Щ З Х Ъ Ф Ы В А П Р О Л Д Ж Э Я Ч С М И Т Ь Б Ю =head1 А это маленькие буквы: й ц у к е н г ш щ з х ъ ф ы в а п р о л д ж э я ч с м и т ь б ю =cut signature.asc Description: Digital signature
Bug#491656: lock-on keys when using xorg
Package: xserver-xorg Severity: normal Tags: l10n I use Xorg adapted to the 2 languages: russian and english. Command line setxkbmap is: setxkbmap -model pc104 -layout us,ru -option -option \ grp:caps_toggle,grp:switch,grp_led:scroll, compose:lwin right alt uses for temporary switch over keyboard layouts. Sometimes right alt swithching causes key sealing. For example, if we press alt-comma, comma is autocycling. autocycling will continue until we press any key. I note of this bug in many hostes since Xorg appears in Debian. Discussion of this issue in debian-russian@ mailing list showes that this bug is commonly encountered. I've noted of this bug in many hosts since xorg has appeared in Debian (X of woody works fine :)). -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#490533: libupnp4: missing various dependencies
tags 490533 patch thanks see my variant of the patch (attache) You can change the description of the libupnp-dev and the urgency :) ping me if this way is well (and rebuild non-NMU):) -- ... mpd playing: WASP - The Great Misconceptions Of Me . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 diff -u libupnp-1.6.6/debian/control libupnp-1.6.6/debian/control --- libupnp-1.6.6/debian/control +++ libupnp-1.6.6/debian/control @@ -27,8 +27,22 @@ Architecture: any Depends: libupnp3 (= ${binary:Version}) Conflicts: libupnp4-dev -Provides: libupnp-dev -Replaces: libupnp-dev +Description: Portable SDK for UPnP Devices (development files) + The Portable SDK for UPnP Devices (libupnp) provides developers with an + API and open source code for building control points, devices, and + bridges that are compliant with Version 1.0 of the Universal Plug and + Play Device Architecture Specification - see http://www.upnp.org/ for + specifications. + . + The libupnp-dev package contains the header files, documentation and + debug versions of libraries needed for development of programs using + uPnP. +Section: libdevel + +Package: libupnp-dev +Priority: extra +Architecture: any +Depends: libupnp3-dev (= ${binary:Version}) Description: Portable SDK for UPnP Devices (development files) The Portable SDK for UPnP Devices (libupnp) provides developers with an API and open source code for building control points, devices, and diff -u libupnp-1.6.6/debian/changelog libupnp-1.6.6/debian/changelog --- libupnp-1.6.6/debian/changelog +++ libupnp-1.6.6/debian/changelog @@ -1,3 +1,11 @@ +libupnp (1:1.6.6-2.1) unstable; urgency=low + + * Non-maintainer upload. + * Added libupnp-dev with depends to libupnp3-dev, + really closes: #490339, #490533. + + -- Dmitry E. Oboukhov [EMAIL PROTECTED] Fri, 18 Jul 2008 12:17:20 +0400 + libupnp (1:1.6.6-2) unstable; urgency=low * Bump epoch and add Conflicts with libupnp4, to displace incorrect signature.asc Description: Digital signature
Bug#490307: closing of iceweasel leads to the loss of settings and cookies.
found 490307 3.0.1-1 found 490307 3.0~rc2-2 found 490307 3.0~rc2-1 found 490307 3.0~rc1-1 found 490307 3.0~b5-4 thanks MH Package: iceweasel MH Version: 3.0~rc2-2 MH Severity: important MH MH iceweasel 3 constantly loses cookies whilet exit/restart. MH After closing of iceweasel any cookies are lost. MH I'm forced to re-login to all the web-sites which keep authorization MH information in cookies. MH What sites ? All sites. if I do remove directory ~/.mozilla, and create new profile, then iceweasel works fine. but my profile is very dear for me (passwords, bookmarks, etc) -- ... mpd playing: WASP - The Medley . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#490860: webdeveloper: build from source
Locales are needed and I'd like to provide them again, probably by including source files too. You can replace xpi to this xpi: http://downloads.chrispederick.com/work/web-developer/web-developer-localized.xpi I overlooked this xpi, sorry. I don't like to use CVS-downloads for package building. It increases the number of build-depends and creates excess necessities of re-building. However if You think it is necessary You may do it. -- ... mpd playing: WASP - The Idol . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#490533: libupnp4: missing various dependencies
Nick, Can You make package libupnp with?: libupnp3-dev (remove Provides record) libupnp3 libupnp3-dbg and _empty_ libupnp-dev depends from libupnp3-dev If libupnp4 becames stable, then we'll move libupnp-dev into it. If You know the better variant, tell me. PS: You can set the urgency to medium or high :) -- . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#490860: webdeveloper: build from source
severity 490860 wishlist thanks webdeveloper maintainer, do you have any plan to actually build from source this add-on? wherefore? -- . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#490860: webdeveloper: build from source
extracting: locale/en-US/webdeveloper/contents.rdf extracting: locale/en-US/webdeveloper/dashboard.dtd extracting: locale/en-US/webdeveloper/dialogs.dtd extracting: locale/en-US/webdeveloper/menu.dtd extracting: locale/en-US/webdeveloper/options.dtd extracting: locale/en-US/webdeveloper/webdeveloper.properties extracting: skin/classic/webdeveloper/contents.rdf extracting: skin/classic/webdeveloper/dashboard/apply-css.png extracting: skin/classic/webdeveloper/dashboard/apply-html.png extracting: skin/classic/webdeveloper/dashboard/clear.png extracting: skin/classic/webdeveloper/dashboard/open.png extracting: skin/classic/webdeveloper/dashboard/position.png extracting: skin/classic/webdeveloper/dashboard/reset.png extracting: skin/classic/webdeveloper/dashboard/save.png extracting: skin/classic/webdeveloper/dashboard/search.png extracting: skin/classic/webdeveloper/dashboard/stick.png extracting: skin/classic/webdeveloper/dashboard/unstick.png extracting: skin/classic/webdeveloper/menu/disabled.png extracting: skin/classic/webdeveloper/options/colors-fonts.png extracting: skin/classic/webdeveloper/options/dashboard.png extracting: skin/classic/webdeveloper/options/ge -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#490533: Info received (Bug#490533: Info received (libupnp4: missing various dependencies))
reopen 490533 thanks This bug can be done after upload libupnp3* -- ... mpd playing: U.D.O. - Can't Get Enough . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#490533: Info received (libupnp4: missing various dependencies)
debdiff attached Nick, please make libupnp3 (src) package, contains: libupnp3- Conflicts: libupnp4 libupnp3-dev- Conflicts: libupnp4-dev Provides/Replases: libupnp-dev libupnp3-dbg- Conflicts: libupnp4-dbg and ping me :) Sorry, I overlooked that this src-package name is libupnp too :( -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 diff -u libupnp-1.8.0~cvs20080628/debian/changelog libupnp-1.8.0~cvs20080628/debian/changelog --- libupnp-1.8.0~cvs20080628/debian/changelog +++ libupnp-1.8.0~cvs20080628/debian/changelog @@ -1,3 +1,11 @@ +libupnp (1.8.0~cvs20080628-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Various dependencies have been fixed, closes: #490533. + * Added conflicts with libupnp3*. + + -- Dmitry E. Oboukhov [EMAIL PROTECTED] Sun, 13 Jul 2008 10:38:52 +0400 + libupnp (1.8.0~cvs20080628-1) unstable; urgency=low * New upstream release diff -u libupnp-1.8.0~cvs20080628/debian/compat libupnp-1.8.0~cvs20080628/debian/compat --- libupnp-1.8.0~cvs20080628/debian/compat +++ libupnp-1.8.0~cvs20080628/debian/compat @@ -1 +1 @@ -5 +7 diff -u libupnp-1.8.0~cvs20080628/debian/rules libupnp-1.8.0~cvs20080628/debian/rules --- libupnp-1.8.0~cvs20080628/debian/rules +++ libupnp-1.8.0~cvs20080628/debian/rules @@ -97,9 +97,7 @@ dh_fixperms dh_makeshlibs dh_installdeb - dh_shlibdeps -plibupnp4 -X /usr/lib/libupnp.so.4.0.0 - dh_shlibdeps -plibupnp4-dev - dh_shlibdeps -plibupnp4-dbg + dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb diff -u libupnp-1.8.0~cvs20080628/debian/libupnp4.install libupnp-1.8.0~cvs20080628/debian/libupnp4.install --- libupnp-1.8.0~cvs20080628/debian/libupnp4.install +++ libupnp-1.8.0~cvs20080628/debian/libupnp4.install @@ -1 +1 @@ -usr/lib/libupnp.so.* usr/lib +usr/lib/lib* usr/lib diff -u libupnp-1.8.0~cvs20080628/debian/control libupnp-1.8.0~cvs20080628/debian/control --- libupnp-1.8.0~cvs20080628/debian/control +++ libupnp-1.8.0~cvs20080628/debian/control @@ -3,10 +3,11 @@ Priority: extra Homepage: http://pupnp.sourceforge.net/ Maintainer: Nick Leverton [EMAIL PROTECTED] -Build-Depends: debhelper (= 6.0.7~), dbs, quilt, autoconf, automake, libtool +Build-Depends: debhelper, dbs, quilt, autoconf, automake, libtool Standards-Version: 3.8.0 Package: libupnp4 +Conflicts: libupnp3 Priority: extra Architecture: any Depends: ${shlibs:Depends} @@ -25,7 +26,7 @@ Architecture: any Depends: libupnp4 (= ${binary:Version}) Provides: libupnp-dev -Conflicts: libupnp-dev +Conflicts: libupnp3-dev, libupnp-dev ( ${binary:Version}) Replaces: libupnp-dev Description: Portable SDK for UPnP Devices (development files) The Portable SDK for UPnP Devices (libupnp) provides developers with an @@ -40,6 +41,7 @@ Section: libdevel Package: libupnp4-dbg +Conflicts: libupnp3-dbg Priority: extra Architecture: any Depends: libupnp4 (= ${binary:Version}) signature.asc Description: Digital signature
Bug#490533: libupnp4: missing various dependencies
tags 490533 patch thanks sorry, this is my mistake :( -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 --- debian/libupnp4.install 2008-07-12 20:26:23.0 +0400 +++ debian/libupnp4.install 2008-07-12 20:21:35.0 +0400 @@ -1 +1 @@ -usr/lib/libupnp.so.* usr/lib +usr/lib/lib* usr/lib --- debian/rules2008-07-12 20:26:23.0 +0400 +++ debian/rules2008-07-12 20:22:09.0 +0400 @@ -97,9 +97,7 @@ dh_fixperms dh_makeshlibs dh_installdeb - dh_shlibdeps -plibupnp4 -X /usr/lib/libupnp.so.4.0.0 - dh_shlibdeps -plibupnp4-dev - dh_shlibdeps -plibupnp4-dbg + dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb signature.asc Description: Digital signature
Bug#490307: closing of iceweasel leads to the loss of settings and cookies.
Package: iceweasel Version: 3.0~rc2-2 Severity: important iceweasel 3 constantly loses cookies whilet exit/restart. After closing of iceweasel any cookies are lost. I'm forced to re-login to all the web-sites which keep authorization information in cookies. iceweasel 2 started with the same profile works fine. -- ... mpd playing: Accept - Restless Wild . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#487201: MPL-license
The list of packages with full text of MPL-license: agsync: /usr/share/doc/agsync/MPL-1.1.txt.gz alexandria: /usr/share/doc/alexandria/MPL-1.1.txt.gz iceape: /usr/share/doc/iceape/MPL.gz iceape-browser: /usr/share/doc/iceape-browser/MPL.gz iceape-calendar: /usr/share/doc/iceape-calendar/MPL.gz iceape-chatzilla: /usr/share/doc/iceape-chatzilla/MPL.gz iceape-dbg: /usr/share/doc/iceape-dbg/MPL.gz iceape-dev: /usr/share/doc/iceape-dev/MPL.gz iceape-dev-bin: /usr/share/doc/iceape-dev-bin/MPL.gz iceape-dom-inspector: /usr/share/doc/iceape-dom-inspector/MPL.gz iceape-gnome-support: /usr/share/doc/iceape-gnome-support/MPL.gz iceape-mailnews: /usr/share/doc/iceape-mailnews/MPL.gz iceowl: /usr/share/doc/iceowl/MPL.gz iceweasel: /usr/share/doc/iceweasel/MPL.gz iceweasel-dom-inspector: /usr/share/doc/iceweasel-dom-inspector/MPL.gz iceweasel-gnome-support: /usr/share/doc/iceweasel-gnome-support/MPL.gz libmozillainterfaces-java: /usr/share/doc/libmozillainterfaces-java/MPL.gz libmozjs-dev: /usr/share/doc/libmozjs-dev/MPL.gz libmozjs0d: /usr/share/doc/libmozjs0d/MPL.gz libmozjs0d-dbg: /usr/share/doc/libmozjs0d-dbg/MPL.gz libmozjs1d: /usr/share/doc/libmozjs1d/MPL.gz libmozjs1d-dbg: /usr/share/doc/libmozjs1d-dbg/MPL.gz libxul-common: /usr/share/doc/libxul-common/MPL.gz libxul-dev: /usr/share/doc/libxul-dev/MPL.gz libxul0d: /usr/share/doc/libxul0d/MPL.gz libxul0d-dbg: /usr/share/doc/libxul0d-dbg/MPL.gz mozilla-bookmarksftp: /usr/share/doc/mozilla-bookmarksftp/MPL-1.1.txt.gz python-xpcom: /usr/share/doc/python-xpcom/MPL.gz spidermonkey-bin: /usr/share/doc/spidermonkey-bin/MPL.gz xine-plugin: /usr/share/doc/xine-plugin/MPL.gz xulrunner: /usr/share/doc/xulrunner/MPL.gz xulrunner-1.9: /usr/share/doc/xulrunner-1.9/MPL.gz xulrunner-1.9-dbg: /usr/share/doc/xulrunner-1.9-dbg/MPL.gz xulrunner-1.9-gnome-support: /usr/share/doc/xulrunner-1.9-gnome-support/MPL.gz xulrunner-dev: /usr/share/doc/xulrunner-dev/MPL.gz xulrunner-gnome-support: /usr/share/doc/xulrunner-gnome-support/MPL.gz -- ... mpd playing: Helloween - Lavdate Donibvm . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#487201: MPL-license
./main/b/biofox/biofox_1.1.4-2.diff.gz contains MPL ./main/b/biofox/biofox_1.1.4-3.diff.gz contains MPL ./main/b/brickos/brickos_0.9.0.dfsg-6.diff.gz contains MPL ./main/b/bonsai/bonsai_1.3+cvs20060111-2.diff.gz contains MPL ./main/b/bitlbee/bitlbee_1.0.3-1.3.diff.gz contains MPL ./main/b/bugzilla/bugzilla_3.0.4.1-1.diff.gz contains MPL ./main/b/bugzilla/bugzilla_2.22.1-2.diff.gz contains MPL ./main/b/bugzilla/bugzilla_3.0.4-4.diff.gz contains MPL ./main/a/adblock-plus/adblock-plus_0.7.5.5-2.diff.gz contains MPL ./main/a/aolserver4-nsmysql/aolserver4-nsmysql_0.6-3.diff.gz contains MPL ./main/a/alexandria/alexandria_0.6.1-1.diff.gz contains MPL ./main/a/aolserver4-nsopenssl/aolserver4-nsopenssl_3.0beta26-1.diff.gz contains MPL ./main/a/aolserver4-nsopenssl/aolserver4-nsopenssl_3.0beta22-3.diff.gz contains MPL ./main/a/aolserver4-nscache/aolserver4-nscache_1.5-2.diff.gz contains MPL ./main/a/aolserver4-nscache/aolserver4-nscache_1.5-1.diff.gz contains MPL ./main/a/aolserver4/aolserver4_4.5.0-15.diff.gz contains MPL ./main/a/aolserver4/aolserver4_4.0.10-7.diff.gz contains MPL ./main/a/agsync/agsync_0.2-pre-9.diff.gz contains MPL ./main/a/agsync/agsync_0.2-pre-9.1.diff.gz contains MPL $ curl http://www.mozilla.org/MPL/MPL-1.1.txt|wc -c 25755 $ curl http://www.mozilla.org/MPL/MPL-1.1.txt|gzip -9|wc -c 8298 $ echo '162 * 8298'|bc 1344276 $ echo '162 * 25755'|bc 4172310 ;) ... mpd playing: Helloween - Mirror Mirror . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#489682: RM: rhkbf -- RoM; obsolete package
Package: rhkbf rhkbf package is not needed any more. 69230 mozilla-bug has been corrected in ice(weasel|ape)3. Please delete the package from repositry. -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#489685: RM: uqm-music -- RoM; reorganization of src-packages
Package: ftp.debian.org Please, remove 2 packages (uqm-music and uqm-voice). I didn't perform an unification immediately because I wouldn't know if there will be new REJECT or not (these packages were rejected due the size 100Mb) and because I performed an adopt. Now the binary packages uqm-music, uqm-voice, uqm-content are united in one (it's more logical) and the necessity in SRC-packages uqm-music and uqm-voice is fell away. Please excuse me that I didn't go this way immediately. It's not possible always to think over the optimum case. :) -- ... mpd playing: А.Непомнящий - От греха . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#489686: RM: uqm-voice -- RoM; reorganization of src-packages
Package: ftp.debian.org Please, remove 2 packages (uqm-music and uqm-voice). I didn't perform an unification immediately because I wouldn't know if there will be new REJECT or not (these packages were rejected due the size 100Mb) and because I performed an adopt. Now the binary packages uqm-music, uqm-voice, uqm-content are united in one (it's more logical) and the necessity in SRC-packages uqm-music and uqm-voice is fell away. Please excuse me that I didn't go this way immediately. It's not possible always to think over the optimum case. :) -- ... mpd playing: А.Непомнящий - Ад . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#489464: rocksndiamonds: audio is scratchy
tags 489464 wontfix severity 489464 wishlist thanks On 19:06 Sat 05 Jul , Michael Gilbert wrote: MG Package: rocksndiamonds MG Version: 3.2.4+dfsg-3 MG Severity: normal MG hello, the music and sfx in rocksndiamonds are scratchy on my system. MG note that i have an onboard AC'97 sound card. i ran into the same issue MG with wesnoth, freedroidrpg, and neverball recently MG (http://bugs.debian.org/405841, http://bugs.debian.org/406437, MG http://bugs.debian.org/410489 respectively). the solution for those MG games was to set the audio sampling rate on the sound card to 44100 Hz MG (see the bug reports for more detail including patches). is there any way MG to set the audio sampling rate in rocksndiamonds? otherwise, this MG capability needs to be added in. MG this bug is confirmed to exist in rocksndiamonds running on the unstable MG linux 2.6.25-2 kernel. MG thanks for the hard work. Sorry, this bug will not be corrected. It would be correct to make reassign of this bug to AC97-driver (linux-image). Such bug was already written for about a year ago and was reassigned. The case is the following: Images and sounds are not included into the package (by licension limits) I am maintaining. So I can't set them another bitrate. Besides for using bitrate 44100 it is nessesary to patch the program code. Having incorrect driver You try to correct all the programs around you instead of writing bug-reports on this driver. I thing it is incorrect. -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#486844: avr-libc: FHS violation
OK, where to? May be so? /usr/avr/include- /usr/include/avr /usr/avr/bin- /usr/lib/binutils-avr /usr/avr/lib- /usr/lib/avr-libc -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#489239: errors in closetag
=ibm866CR menu Encoding.utf-8 :e ++enc=utf-8 CR map F8 :emenu Encoding.M-TAB set directory=~/.vimswp bufexplorer let g:bufExplorerShowDirectories = 1 let g:bufExplorerShowRelativePath = 1 let g:bufExplorerSortBy='name' let g:bufExplorerSplitBelow=1 let g:bufExplorerSplitOutPathName=0 nmap F4 :BufExplorerCR nmap \UP :bpCR nmap \LEFT :bpCR nmap \DOWN :bnCR nmap \RIGHT :bnCR taglist nnoremap silent F12 :TlistToggleCR let g:Tlist_Auto_Update = 1 let g:Tlist_GainFocus_On_ToggleOpen = 1 let g:Tlist_Use_Horiz_Window = 0 let g:Tlist_Use_Right_Window = 1 let g:Tlist_WinHeight = 20 let g:Tlist_Compact_Format = 1 let g:Tlist_Auto_Update = 1 let g:Tlist_Close_On_Select = 1 let g:Tlist_Enable_Fold_Column = 1 let g:Tlist_Exit_OnlyWindow = 1 let g:Tlist_Auto_Highlight_Tag = 1 let g:Tlist_Inc_Winwidth = 0 let g:Tlist_Show_Menu = 1 au BufNewFile,BufRead ${HOME}/work/* e ++enc=cp1251 au BufNewFile,BufRead ${HOME}/work/* syntax on closetag let b:closetag_html_style=1 :autocmd Filetype html,xml,xsl source ~/.vim/macros/closetag.vim :autocmd BufNewFile,BufRead *.sgm* source ~/.vim/macros/closetag.vim удаляем пробелы в конце строк nmap \s :%s/\s\+$//CR:echo deleted endspasesCR шаблоны для наиболее часто редактируемых файлов nmap _tp gg:0r ~/.vim/ft/template.plCR nmap _th gg:0r ~/.vim/ft/template.htmlCR au BufNewFile *.p[lm] 0read ~/.vim/ft/template.pl au BufNewFile *.htm* 0read ~/.vim/ft/template.html set keymap=russian-jcukenwin скобочки парные ставятся автоматом imap {CR {CR}EscO подсвечивать в режиме вставки красным цветом статуслайн highlight StatusLine ctermfg=grey autocmd InsertEnter * highlight StatusLine ctermfg=red autocmd InsertLeave * highlight StatusLine ctermfg=grey -- ... mpd playing: Manowar - Ride The Dragon . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Bug#489305: incorrect 'top' behavior
Package: procps Version: 1:3.2.7-8 The top command show used memory size incorrectly if an application use threads. There is a test c-file in the attachment which runs 350 threads. The top command on my system shows that compiled from this file 'test' application used in 2 times more memory than it is. And if you apply ps command to detect used memory size then you will see that really used just 0.1% of memory from available size. The top command in the %MEM field show the size correctly (0.1%), but the value in the DATA field is wrong. It's obvious that the problem is that the top command get the wrong value by the following way. It's multiply the one thread size on the threads quantity. -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 #include pthread.h #include stdio.h #include stdlib.h #include unistd.h void thread_foo(void * data) { int num=*(int *)data; int i; int pause=100+random()%1; while(1) { for (i=0; inum+10; i++) usleep(pause); } } int main(void) { int i; pthread_t h; for (i=0; i350; i++) { pthread_create (h, NULL, (void *)thread_foo, i); usleep(500); } thread_foo(i); } signature.asc Description: Digital signature
Bug#488634: bug in NEW/packages procedure?
Package: qa.debian.org Usually if the quantity of binary packages changes in an src-package then its upload leads to the fact that the package passes the NEW procedure again. However it hasn't happened in the case with greasemonkey and webdeveloper, that's why there've been hanging errors on qa.debian.org for a few days already: # out of date on i386: firefox-greasemonkey (from 0.8.20080609.0-1) # out of date on alpha: firefox-greasemonkey (from 0.8.20080609.0-1) # out of date on amd64: firefox-greasemonkey (from 0.8.20080609.0-1) # out of date on arm: firefox-greasemonkey (from 0.8.20080609.0-1) # out of date on armel: firefox-greasemonkey (from 0.8.20080609.0-1) # out of date on hppa: firefox-greasemonkey (from 0.8.20080609.0-1) # out of date on ia64: firefox-greasemonkey (from 0.8.20080609.0-1) # out of date on mips: firefox-greasemonkey (from 0.8.20080609.0-1) # out of date on mipsel: firefox-greasemonkey (from 0.8.20080609.0-1) # out of date on powerpc: firefox-greasemonkey (from 0.8.20080609.0-1) # out of date on s390: firefox-greasemonkey (from 0.8.20080609.0-1) # out of date on sparc: firefox-greasemonkey (from 0.8.20080609.0-1) # out of date on i386: firefox-webdeveloper (from 1.1.6-1) # out of date on alpha: firefox-webdeveloper (from 1.1.6-1) # out of date on amd64: firefox-webdeveloper (from 1.1.6-1) # out of date on arm: firefox-webdeveloper (from 1.1.6-1) # out of date on armel: firefox-webdeveloper (from 1.1.6-1) # out of date on hppa: firefox-webdeveloper (from 1.1.6-1) # out of date on ia64: firefox-webdeveloper (from 1.1.6-1) # out of date on mips: firefox-webdeveloper (from 1.1.6-1) # out of date on mipsel: firefox-webdeveloper (from 1.1.6-1) # out of date on powerpc: firefox-webdeveloper (from 1.1.6-1) # out of date on s390: firefox-webdeveloper (from 1.1.6-1) # out of date on sparc: firefox-webdeveloper (from 1.1.6-1) Please help to correct the situation. -- . ''`. : :’ : `. `~’ `- GPGKey: 1024D/F8E26537 2006-11-21 Dmitry E. Oboukhov [EMAIL PROTECTED] signature.asc Description: Digital signature
Bug#488110: greasemonkey: New upstream release
Package: greasemonkey Version: 0.6.6.20061017.0-2 Severity: important X-Debian-CC: [EMAIL PROTECTED] Package greasemonkey is too (2 years) old. Please make an orphan procedure for it or upload new version. If You can't support this package anymore I can do this. -- . ''`. : :’ : `. `~’ `- GPGKey: 1024D/F8E26537 2006-11-21 Dmitry E. Oboukhov [EMAIL PROTECTED] signature.asc Description: Digital signature
Bug#487201: MPL-license
Package: base-files Severity: wishlist Some of packages have contain the full text MPL-license. (Ice(weasel|ape|dove), addons...). Please, include the file http://www.mozilla.org/MPL/MPL-1.1.txt into /usr/share/common-licenses. signature.asc Description: Digital signature
Bug#487226: ITP: firebug -- web development plugin for iceweasel
Package: wnpp Severity: wishlist * Package name: firebug Version : 1.2 Upstream Author : Joe Hewitt * URL : https://addons.mozilla.org/en-US/firefox/addon/1843 * License : BSD Programming Lang: JS Description : web development plugin for iceweasel Firebug integrates with Iceweasel to put a wealth of web development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page. . Features: . * Inspect and edit HTML * Tweak CSS to perfection * Visualize CSS metrics * Monitor network activity * Debug and profile JavaScript * Quickly find errors * Explore the DOM * Execute JavaScript on the fly * Logging for JavaScript -- . ''`. : :’ : `. `~’ `- GPGKey: 1024D/F8E26537 2006-11-21 Dmitry E. Oboukhov [EMAIL PROTECTED] signature.asc Description: Digital signature
Bug#483123: Should be able to cope with out of date language packs
severity 483123 important thanks On 23:13 Thu 05 Jun , Dmitry E. Oboukhov wrote: DEO Same issue with iceweasel-l10n-ru please, add record 'Conflict: iceweasel-l10n (3.0)' to debian/control signature.asc Description: Digital signature
Bug#483123: Same with iceweasel-l10n-ru
Same issue with iceweasel-l10n-ru -- Dmitry GPG Key: 1024D/F8E26537 2006-11-21 Dmitry E. Oboukhov [EMAIL PROTECTED] signature.asc Description: Digital signature
Bug#484238: ITP: libtree-multinode-perl -- a multi node tree object
Package: wnpp Severity: wishlist * Package name: libtree-multinode-perl Version : 1.0.10 Upstream Author : Kyle R. Burton [EMAIL PROTECTED] * URL : http://search.cpan.org/~krburton/ * License : Artistic Programming Lang: Perl Description : a multi node tree object Tree::MultiNode, Tree::MultiNode::Node, and MultiNode::Handle of objects are written to model the Tree heirarchical structure. Each child object can be the tree itself. The tree has no internal sorting, though all operations perserve the order of the child nodes. signature.asc Description: Digital signature
Bug#484244: exception on ftp-disconnect
Package: dput Severity: normal Version: 0.9.2.30 python 2.5.2-3 see log: $ dput libtree-multinode-perl_1.0.10-1_i386.changes Uploading package to host ftp-master.debian.org Checking Signature on .changes ... Good signature on /home/dimka/work/deb/libtree-multinode-perl/libtree-multinode-perl_1.0.10-1.dsc. Uploading to ftp-master (via ftp to ftp-master.debian.org): libtree-multinode-perl_1.0.10-1.dsc: done. libtree-multinode-perl_1.0.10.orig.tar.gz: done. libtree-multinode-perl_1.0.10-1.diff.gz: done. libtree-multinode-perl_1.0.10-1_all.deb: done. libtree-multinode-perl_1.0.10-1_i386.changes: done. Traceback (most recent call last): File /usr/bin/dput, line 919, in module main() File /usr/bin/dput, line 868, in main files_to_upload, debug, ftp_mode, progress=progress, port=port) File /usr/share/dput/ftp.py, line 74, in upload ftp_connection.quit() File /usr/lib/python2.5/ftplib.py, line 534, in quit resp = self.voidcmd('QUIT') File /usr/lib/python2.5/ftplib.py, line 246, in voidcmd return self.voidresp() File /usr/lib/python2.5/ftplib.py, line 221, in voidresp resp = self.getresp() File /usr/lib/python2.5/ftplib.py, line 207, in getresp resp = self.getmultiline() File /usr/lib/python2.5/ftplib.py, line 193, in getmultiline line = self.getline() File /usr/lib/python2.5/ftplib.py, line 183, in getline if not line: raise EOFError EOFError signature.asc Description: Digital signature
Bug#484060: libdatapager-perl -- Data::Pager - flexible data pager
Package: wnpp Severity: wishlist * Package name: libdatapager-perl Version : 0.01 Upstream Author : Vidul Nikolaev Petrov, [EMAIL PROTECTED] * URL : http://search.cpan.org/~vidul/ * License : Perl Programming Lang: Perl Description : Data::Pager - flexible data pager This Perl-class implements the familiar pager where the current position is centered. signature.asc Description: Digital signature
Bug#483813: hedgewars: freezes mouse on crash
tags 483813 unreproducible moreinfo thanks You haven't given any info concerning conditions when you have crash, so it is impossible to analyze your bug-report. Please make bug-trace when having a crash, describe the conditions at which it is possible to reproduce crash and post them here. AH Hi. AH Hedgewars doesn't seem to be very stable at the moment. Sometimes when AH playing against the AI the game crashes, leaving the game menu still open. AH If this happens I can't move my mouse pointer at all. Killing the game AH doesn't help, switching to console and back doesn't help. I have to open a AH new game (with the help of my keyboard) and close it to control the mouse AH again. AH Regards, AH Alex signature.asc Description: Digital signature
Bug#481115: justify plug-in don't work with 2-byte's UTF-8 texts.
On 19:14 Wed 28 May , James Vega wrote: On Tue, May 13, 2008 at 11:20:17PM +0400, Dmitry E. Oboukhov wrote: It's evidently that plug-in compute words and strings length wrong.The most probability is that plug-in compute words/strings lengthin bytes but not in chars. Correct. The vimscript function strlen() simply returns the number of bytes. There are various workarounds but they don't apply to all different encodings. If you could send an example file, I'll test the workaround that should be applicable in most cases. example russian text (utf8): однажды в студеную зимнюю пору я из лесу вышел был сильный мороз гляжу поднимается медленно в гору лошадка везущая хворосту воз откуда дровишки ступай себе мимо... или вот это: царь с царицею простился в путь-дорогу снарядился и царица у окна стала ждать его одна. ждет пождет с утра до ночи смотрит в поле инда очи разболелись глядючи с белой зори до ночи не видать милого друга смотрит в поле вьется вьюга снег ложится на поля вся белешенька земля... девять месяцев проходит с поля глаз она не сводит вот в сочельник в самый в ночь бог дает царице дочь... рано утром гость желанный день и ночь так долгожданный издалече наконец воротился царь-отец на него она взглянула тяжелехонько вздохнула восхищенья не снесла и к обедне умерла. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#443167: fluxbox also doesn't notice resolution changes
On 20:06 Tue 20 May , Josef Spillner wrote: JS Just some add-on information: JS It also doesn't recognise resolution changes so that if a screen is scaled JS down from 1680x1050 to 1024x768 to accommodate a projector, then displaying JS PDF files fullscreen crops them. Happened today to me in front of my JS students, who hence collectively learned that fluxbox 1.0.0+deb1-6 is JS inferiour to state-of-the-art window managers. JS And I was about to open a new bug just to see that this one has been open for JS a long time. Before trying to do anything about it I want to see some JS feedback. Unfortunately I don't use xrandr and different screen sizes, so I can say nothing on this bug. The only thing I definitely know is the following: the developers have been informed about this bug and may be they even have already corrected it. Wouldn't it be too much trouble for You to build the git-version of fluxbox? In the neighbour bug-treads I wrote how to build it. Here for example: #375709 Some new settings are not finished yet in git-version, however it is possible to estimate if this bug declares itself or not. signature.asc Description: Digital signature
Bug#481893: in some cases it is impossible to input options for Makefile.PL
Package: cdbs Version: 0.4.52 Severity: normal Tags: patch Some Makefile.PL disassemble options with the help of Getopt::Std module, meanwhile if options are written in the end of command line, they will be ignored (because they must be declared before arguments). So the following construction (DEB_MAKEMAKER_USER_FLAGS = -n): perl Makefile.PL INSTALLDIRS=vendor -n doesn't work, but is impossible to receive the working construction perl Makefile.PL -n INSTALLDIRS=vendor with the help of cdbs without redefining the variable DEB_MAKEMAKER_INVOKE The patch in attach solves this problem. --- 1/class/perlmodule.mk.in 2007-08-13 15:58:16.0 +0400 +++ 1/class/perlmodule.mk.in 2008-05-19 15:06:23.0 +0400 @@ -43,6 +45,6 @@ common-configure-arch common-configure-indep:: Makefile Makefile: - (cd $(DEB_BUILDDIR) $(DEB_MAKEMAKER_INVOKE) $(DEB_MAKEMAKER_USER_FLAGS) ) + (cd $(DEB_BUILDDIR) $(DEB_MAKEMAKER_INVOKE) ) endif --- 1/class/perlmodule-vars.mk.in 2007-10-16 12:15:33.0 +0400 +++ 1/class/perlmodule-vars.mk.in 2008-05-19 15:04:40.0 +0400 @@ -36,7 +38,7 @@ DEB_MAKEMAKER_PACKAGE := $(firstword $(shell $(_cdbs_scripts_path)/list-packages)) endif -DEB_MAKEMAKER_INVOKE = /usr/bin/perl Makefile.PL INSTALLDIRS=vendor +DEB_MAKEMAKER_INVOKE = /usr/bin/perl Makefile.PL $(DEB_MAKEMAKER_USER_FLAGS) INSTALLDIRS=vendor # Set some MakeMaker defaults DEB_MAKE_BUILD_TARGET = all signature.asc Description: Digital signature
Bug#375709: This might be worth to merge with 477234 and 428020
On 10:05 Mon 19 May , Dami�n Viano wrote: DV This seems like the same problem of #477234 and #428020 actually. That a DV window hinting the WM for attention doesn't get it, same goes for DV #222089 and AFAIK they are all fixed upstream. DV I've only reassigned #477234 from Geany to Fluxbox and merged with DV #428020, and tag them fixed as I tested with current git and is working DV as expected. DV I leave the merge of #222089 with them to the maintainer discretion DV since the request is slightly different but is solved by the same fix, I DV think. DV Hope to help, please test fluxbox from git # apt-get build-dep fluxbox # apt-get install git-core fakeroot $ apt-get source fluxbox $ cd fluxbox-1.0.0+deb1 $ sh debian/create-git-package.sh $ cd ../fluxbox-git* $ fakeroot debian/rules binary signature.asc Description: Digital signature
Bug#480597: fluxbox: bashism in /bin/sh script
tag 480597 unreproducible thanks I think that it was not a good idea to remove unreproducible tag from the bug. I haven't found any way of running fbsetbg with error occurring. Yes, if there is not present some utility (time/echo/date) then the error will be outputted to pipe, but this error willbeapartofrandom generator. It will work even in case when 2 of 3 utilities are absent (that can't be in reality) Make *retitle bug* to 'my way of fbsetbg optimizing' ;) or give a way of using fbsetbg with which the error will appear. While you are thinking I set unreproducible tag :) PS: Of course I would write it this way: dd if=/dev/urandom bs=100 count=1 21|cksum... but for our case in my opinion it's enougth jus one variable $$ Dmitry signature.asc Description: Digital signature
Bug#481115: justify plug-in don't work with 2-byte's UTF-8 texts.
Package: vim-runtime Version: 1:7.1.293 Severity: important Tags: l10n There is no result with pressing keys _j with using the justify plug-in for aligning for example Russian text. My investigation shows that if page width (tw) set to value 50 (N) and press _j for Russian text with string lengths less than 25 (N/2) then some spaces appears between some words i.e. plug-in tries to align text. It's evidently that plug-in compute words and strings length wrong. The most probability is that plug-in compute words/strings length in bytes but not in chars. (1 Russian char takes 2 bytes in UTF-8) And because of this plug-in thinks that strings with length more than 25 (N) chars are more long then setting tw=50 (2*N) and skip such strings. signature.asc Description: Digital signature
Bug#479614: incorrect table displaying
Package: iceweasel Version: 2.0.0.14 Severity: normal Iceweasel/2.0.0.14 displays the attached html page incorrectly. There is also screenshot of this bug. Please excuse me for big html size. I've reduced it as I can. Background:black style applying even after closing /table tag. If one or some rows of the table be removed from the table then problem will disappearing. MH Can you confirm this works fine with the version of iceweasel in MH experimental ? (it looks like, to me) FTBFS: nbw:[/home/dimka]# LANG=C apt-get build-dep iceweasel Reading package lists... Done Building dependency tree Reading state information... Done E: Build-Depends dependency for iceweasel cannot be satisfied because the package xulrunner-dev cannot be found cat /etc/apt/sources.list deb http://www.debian-multimedia.org lenny main deb http://ftp.debian.org/debian/ etch main contrib non-free deb-src http://ftp.debian.org/debian/ etch main contrib non-free deb http://ftp.debian.org/debian/ lenny main contrib non-free deb-src http://ftp.debian.org/debian/ lenny main contrib non-free deb http://ftp.debian.org/debian/ sid main contrib non-free deb-src http://ftp.debian.org/debian/ sid main contrib non-free deb-src http://ftp.debian.org/debian/ experimental main contrib non-free signature.asc Description: Digital signature
Bug#479614: incorrect table displaying
Package: iceweasel Version: 2.0.0.14 Severity: normal Iceweasel/2.0.0.14 displays the attached html page incorrectly. There is also screenshot of this bug. Please excuse me for big html size. I've reduced it as I can. Background:black style applying even after closing /table tag. If one or some rows of the table be removed from the table then problem will disappearing. MH Can you confirm this works fine with the version of iceweasel in MH experimental ? (it looks like, to me) FTBFS: nbw:[/home/dimka]# LANG=C apt-get build-dep iceweasel MH Why do you try to build it ? It should already be available on most MH architectures. experimental? my system is unstable/testing )) signature.asc Description: Digital signature
Bug#479614: incorrect table displaying
tags 479614 fixed-in-experimental thanks On 13:56 Sun 11 May , Mike Hommey wrote: MH On Sun, May 11, 2008 at 03:46:34PM +0400, Dmitry E. Oboukhov wrote: Package: iceweasel Version: 2.0.0.14 Severity: normal Iceweasel/2.0.0.14 displays the attached html page incorrectly. There is also screenshot of this bug. Please excuse me for big html size. I've reduced it as I can. Background:black style applying even after closing /table tag. If one or some rows of the table be removed from the table then problem will disappearing. MH Can you confirm this works fine with the version of iceweasel in MH experimental ? (it looks like, to me) FTBFS: nbw:[/home/dimka]# LANG=C apt-get build-dep iceweasel MH Why do you try to build it ? It should already be available on most MH architectures. experimental? my system is unstable/testing )) MH You only need xulrunner and iceweasel from experimental, to test, not MH everything. MH Mike signature.asc Description: Digital signature
Bug#480699: iceweasel: Unauthorized files/directories creation
Package: iceweasel Version: 3.0~b5-3 Severity: important Tags: experimental iceweasel 3.0 creates useless empty directory Desktop in user's home directory with every run. This action can't be turned off by any settings in settings dialog. This is very irritating bug. Please fix it to previous version. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.25-1-686 (SMP w/2 CPU cores) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages iceweasel depends on: ii debianutils2.28.4Miscellaneous utilities specific t ii fontconfig 2.5.0-2 generic font configuration library ii libatk1.0-01.22.0-1 The ATK accessibility toolkit ii libc6 2.7-10GNU C Library: Shared libraries ii libcairo2 1.6.4-1+b1The Cairo 2D vector graphics libra ii libdbus-1-31.2.1-2 simple interprocess messaging syst ii libdbus-glib-1-2 0.74-2simple interprocess messaging syst ii libfontconfig1 2.5.0-2 generic font configuration library ii libfreetype6 2.3.5-1+b1FreeType 2 font engine, shared lib ii libgcc11:4.3.0-3 GCC support library ii libglib2.0-0 2.16.2-1 The GLib library of C routines ii libgtk2.0-02.12.9-3 The GTK+ graphical user interface ii libjpeg62 6b-14 The Independent JPEG Group's JPEG ii libpango1.0-0 1.20.2-2 Layout and rendering of internatio ii libstdc++6 4.3.0-3 The GNU Standard C++ Library v3 ii libx11-6 2:1.0.3-7 X11 client-side library ii libxrender11:0.9.4-1 X Rendering Extension client libra ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library ii procps 1:3.2.7-6 /proc file system utilities ii psmisc 22.6-1Utilities that use the proc filesy ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime iceweasel recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#479931: mytop: FTBFS: rmdir: failed to remove `debian/tmp/usr/lib': No such file or directory
tags 479931 patch thanks see attache --- debian/rules.old 2008-05-07 14:52:37.0 +0400 +++ debian/rules 2008-05-07 14:53:11.0 +0400 @@ -31,7 +31,7 @@ # Fix file permission chmod 755 debian/tmp/usr/bin/mytop # Remove empty directories - rmdir debian/tmp/usr/lib/perl5 debian/tmp/usr/share/perl5 debian/tmp/usr/lib + rm -fr debian/tmp/usr/lib/perl5 debian/tmp/usr/share/perl5 debian/tmp/usr/lib # Compress manual page chmod 644 debian/tmp/usr/share/man/man1/mytop.1p gzip -9 debian/tmp/usr/share/man/man1/mytop.1p signature.asc Description: Digital signature
Bug#479931: mytop: FTBFS: rmdir: failed to remove `debian/tmp/usr/lib': No such file or directory
MM -rmdir debian/tmp/usr/lib/perl5 debian/tmp/usr/share/perl5 debian/tmp/usr/lib this is lintian error )) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#479788: ITP: adblock-plus -- Extension for the Iceweasel and Iceape web browsers
Package: wnpp Severity: wishlist * Package name: adblock-plus Version : 0.7.5.4 Upstream Author : Wladimir Palant * URL : https://addons.mozilla.org/en-US/firefox/addon/1865 * License : MPL Programming Lang: JS Description : Extension for the Iceweasel and Iceape web browsers The Adblock-plus extension adds to Iceweasel and Iceape browsers an ability to filter unwanted objects on webpages. Filters can be specified using wildcards inordertoblocke.g. all images or JavaScript files from specific servers or directories. . Adblock-plus is the development of the Adblock extension. signature.asc Description: Digital signature
Bug#478281: an error in displaying of multiselect dialogues in text form
test package (demo this bug) in attache test-package.tar.gz Description: Binary data signature.asc Description: Digital signature
Bug#478281: an error in displaying of multiselect dialogues in text form
screenshots in attache attachment: screenshot_terminal_80x25.pngattachment: screenshot_terminal_140x25.png signature.asc Description: Digital signature
Bug#478646: Processed: tagging 478646
tags 478646 + fixed-upstream thanks http://git.fluxbox.org/?p=fluxbox.git;a=commit;h=f552b328bc07c3b842777d5c449febb58cd817bb On 00:54 Thu 01 May , Debian Bug Tracking System wrote: DBTS Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.26 tags 478646 + patch DBTS Bug#478646: fluxbox: fbrun.1 does not document -nearmouse DBTS There were no tags set. DBTS Tags added: patch DBTS End of message, stopping processing here. DBTS Please contact me if you need assistance. DBTS Debian bug tracking system administrator DBTS (administrator, Debian Bugs database) signature.asc Description: Digital signature
Bug#478281: an error in displaying of multiselect dialogues in text form
Package: debconf Version: 1.5.21 Severity: important There's a certain multiselect dialogue and its content is formed dynamically by config script. The content of this dialogue becomes known only when congig script is started on a users's computer, so I haven't found a better solution than that described above. In case when some items of the generated multiselect-dialogue go beyond 70-80 symbols of string length, debconf displays the dialogue incorrectly: multiselect window becomes wider than terminal width and it is impossible to use such element of tuning. Unfortunately I haven't yet had an opportunity to test if this bug declares itself in case when the symbol width is 1 byte. I'll make such a test in the nearest future. Please limit the width of the displayed dialogue window by symbols (the symbol width not always equals one byte) depending on the terminal width. signature.asc Description: Digital signature
Bug#477822: Don't print control chars to the terminal
tags 477822 patch thanks In my opinion it's enougth to replace all the characters with the codes lower than 0x20 on any charachter that could be displaed (for example '?') too fix this problem. Please test the attached patch which do this and please report if there any problems with another characters. --- mytop-1.6.orig/mytop 2008-04-27 16:23:56.0 +0400 +++ mytop-1.6/mytop 2008-04-27 16:22:32.0 +0400 @@ -1009,6 +1009,9 @@ ## collpase whitespace $thread-{Info} =~ s/\s+/ /g; + +# control symbols +$thread-{Info} =~ s/(.)/ord($1)0x20?'?':$1/eg; } ## stow it in the cache signature.asc Description: Digital signature
Bug#475140: the patch for removing the terminal flicker
reopen 475140 thanks There is a full redrawing instead a screen cleaning in the flicker.diff patch. And some points about modes switching were not taken into consideration. As the result the screen was not redrawed sometimes. This was my fault, please, excuse me :) The attached patch that will fix this problem. Please replace the file flicker.diff --- mytop-1.6.orig/mytop 2008-04-27 02:06:33.0 +0400 +++ mytop-1.6/mytop 2008-04-27 02:08:17.0 +0400 @@ -73,6 +73,7 @@ ## Default Config Values my %config = ( +vt100 = 0, batchmode = 0, color = 1, db= '', @@ -104,6 +105,15 @@ my $CLEAR = $WIN ? '': `clear`; +my %vt100_commands= +( + CURSOR_TO_START = \x1b[0;0f, + CURSOR_SAVE = \x1b[s, + CURSOR_RESTORE = \x1b[u, + EEL = \x1b[K, # Erase end of line + EEB = \x1b[J, # Erase down +); + ## Term::ReadKey values my $RM_RESET = 0; @@ -140,6 +150,7 @@ Getopt::Long::Configure('no_ignore_case', 'bundling'); GetOptions( +vt100 = \$config{vt100}, color! = \$config{color}, user|u=s= \$config{user}, pass|password|p=s = \$config{pass}, @@ -158,6 +169,9 @@ sort=s = \$config{sort}, ); +($config{batchmode} or not -t STDOUT) + and $config{vt100}=0; + ## User may have put the port with the host. if ($config{host} =~ s/:(\d+)$//) @@ -171,6 +185,7 @@ { require Term::ReadKey; Term::ReadKey-import(); +Clear(); } ## User may want to disable color. @@ -682,6 +697,14 @@ } } +sub CursorToStartNotClear() +{ + local $\; + $config{vt100} or return Clear; + $WIN and return Clear; + print $vt100_commands{CURSOR_TO_START}; +} + my $last_time; sub GetData() @@ -693,6 +716,8 @@ my ($width, $height, $wpx, $hpx, $lines_left); +local $\=$config{vt100}?$vt100_commands{EEL}\n:\n; + if (not $config{batchmode}) { ($width, $height, $wpx, $hpx) = GetTerminalSize(); @@ -810,16 +835,16 @@ my $host_width = 52; my $up_width = $width - $host_width; -Clear() unless $config{batchmode}; -print RESET(); +CursorToStartNotClear() unless $config{batchmode}; +{ local $\; print RESET(); } -printf %-${host_width}s%${up_width}s\n, +printf %-${host_width}s%${up_width}s, MySQL on $config{host} ($db_version), up $uptime $current_time; $lines_left--; -printf Queries: %-5s qps: %4.0f Slow: %7s Se/In/Up/De(%%):%02.0f/%02.0f/%02.0f/%02.0f \n, +printf Queries: %-5s qps: %4.0f Slow: %7s Se/In/Up/De(%%):%02.0f/%02.0f/%02.0f/%02.0f , make_short( $STATUS{Questions} ), # q total $STATUS{Questions} / $STATUS{Uptime}, # qps, average make_short( $STATUS{Slow_queries} ),# slow @@ -835,9 +860,9 @@ if ($t_delta) { my $q_diff = ( $STATUS{Questions} - $OLD_STATUS{Questions} ); -# print(q_diff: $STATUS{Questions} - $OLD_STATUS{Questions} / $t_delta = $q_diff\n); +# print(q_diff: $STATUS{Questions} - $OLD_STATUS{Questions} / $t_delta = $q_diff); - printf( qps now: %4.0f Slow qps: %3.1f Threads: %4.0f (%4.0f/%4.0f) %02.0f/%02.0f/%02.0f/%02.0f \n, + printf( qps now: %4.0f Slow qps: %3.1f Threads: %4.0f (%4.0f/%4.0f) %02.0f/%02.0f/%02.0f/%02.0f , ( $STATUS{Questions} - $OLD_STATUS{Questions} ) / $t_delta, ( # slow now (qps) ($STATUS{Slow_queries} ) ? @@ -860,13 +885,13 @@ } else { -print \n; +print ; } $lines_left--; if ($have_query_cache and $STATUS{Com_select} and $query_cache_hits) { - printf( Cache Hits: %-5s Hits/s: %4.1f Hits now: %5.1f Ratio: %4.1f%% Ratio now: %4.1f%% \n, + printf( Cache Hits: %-5s Hits/s: %4.1f Hits now: %5.1f Ratio: %4.1f%% Ratio now: %4.1f%% , make_short($STATUS{Qcache_hits}),# cache hits $STATUS{Qcache_hits} / $STATUS{Uptime}, # hits / sec ($t_delta) ? ($STATUS{Qcache_hits} - $OLD_STATUS{Qcache_hits}) / $t_delta : 0, # now / s @@ -889,15 +914,16 @@ make_short(($STATUS{Bytes_received} - $OLD_STATUS{Bytes_received}) / $t_delta ), make_short(($STATUS{Bytes_sent} - $OLD_STATUS{Bytes_sent}) / $t_delta )) if ($t_delta); -print \n\n; +print ; +print ; $lines_left--; } if (not $config{batchmode} and not $config{header}) { -Clear(); -print RESET(); +CursorToStartNotClear(); +local $\; print RESET(); } ## @@ -909,15 +935,15 @@ my $used = scalar(@sz) + Sum(@sz); my $free = $width - $used; -print BOLD(); +
Bug#477798: Contacts transference by the groups
Package: centerim Version: 4.22.5-1 Severity: important Contacts transference by the groups stopped to operate. i.e. if contact will moved (ICQ, i don't chek other ones untill) from group A to group B, then contact will stay in goup A after exit/new start. signature.asc Description: Digital signature
Bug#476909: suggestions on reorganisation of the stardict package.
On 02:51 Wed 23 Apr , Andrew Lee wrote: AL Dmitry E. Oboukhov wrote: But I haven't understood from Your answer what we are working on? Is it a new stardict-dicts package or shall we add the scripts into starditct? As far as contrib repository is concerned it seems to me that there's no point to move it there (if only stardict-dicts), because the script for downloading the dictionaries is only an additional function (which is partly included into stardict itself). AL Sorry, I have been very busy these days for organize a community event. AL Please feel free to start a new package now. However you have better AL idea or not, you are welcome to discuss with me. I will be available on AL IRC, my nickname is AndrewLee. Unfortunately I don't know English rather well for communicating in IRC :( I think it would be perfect to include my scripts in the package stardict itself and not to But if You are against it then well, we'll make a new package. Have You any desires or comments concerning what You've looked through? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#475140: the patch for removing the terminal flicker
DBTS Recently I've begun to use mytop. Everything is very comfortable except DBTS the fact that the terminal flickers when repainting. I've written the DBTS patch removing this effect. DBTS Unfortunately I can't test it on many platforms so I've realised it as DBTS an additional option --vt100. last version for this patch (attache) no artefacts ) --- old/mytop-1.6/mytop 2008-04-23 11:37:57.0 +0400 +++ new/mytop-1.6/mytop 2008-04-23 11:37:34.0 +0400 @@ -73,6 +73,7 @@ ## Default Config Values my %config = ( +vt100 = 0, batchmode = 0, color = 1, db= '', @@ -104,6 +105,15 @@ my $CLEAR = $WIN ? '': `clear`; +my %vt100_commands= +( + CURSOR_TO_START = \x1b[0;0f, + CURSOR_SAVE = \x1b[s, + CURSOR_RESTORE = \x1b[u, + EEL = \x1b[K, # Erase end of line + EEB = \x1b[J, # Erase down +); + ## Term::ReadKey values my $RM_RESET = 0; @@ -140,6 +150,7 @@ Getopt::Long::Configure('no_ignore_case', 'bundling'); GetOptions( +vt100 = \$config{vt100}, color! = \$config{color}, user|u=s= \$config{user}, pass|password|p=s = \$config{pass}, @@ -158,6 +169,9 @@ sort=s = \$config{sort}, ); +($config{batchmode} or not -t STDOUT) + and $config{vt100}=0; + ## User may have put the port with the host. if ($config{host} =~ s/:(\d+)$//) @@ -171,6 +185,7 @@ { require Term::ReadKey; Term::ReadKey-import(); +Clear(); } ## User may want to disable color. @@ -682,6 +697,13 @@ } } +sub CursorToStartNotClear() +{ + $config{vt100} or return Clear; + $WIN and return Clear; + print $vt100_commands{CURSOR_TO_START}; +} + my $last_time; sub GetData() @@ -693,6 +715,8 @@ my ($width, $height, $wpx, $hpx, $lines_left); +local $\=$config{vt100}?$vt100_commands{EEL}:''; + if (not $config{batchmode}) { ($width, $height, $wpx, $hpx) = GetTerminalSize(); @@ -810,7 +834,7 @@ my $host_width = 52; my $up_width = $width - $host_width; -Clear() unless $config{batchmode}; +CursorToStartNotClear() unless $config{batchmode}; print RESET(); printf %-${host_width}s%${up_width}s\n, @@ -896,7 +920,7 @@ if (not $config{batchmode} and not $config{header}) { -Clear(); +CursorToStartNotClear(); print RESET(); } @@ -1059,6 +1082,8 @@ } +$config{vt100} and + print $vt100_commands{EEL}$vt100_commands{EEB}; } ### @@ -1709,6 +1734,11 @@ Use if you'd like Bmytop to connect to a specific database by default. Default: none. +=item B--vt100 + +For screen re-drawing use esc-sequence vt100. It is remove terminal +twinkling. + =item B-b or B--batch or B--batchmode In batch mode, mytop runs only once, does not clear the screen, and signature.asc Description: Digital signature
Bug#477154: Fluxbox displays window title in Arabic and Hebrew in a wrong way
Please check if this bug is also contained in the git-version? build package from git: # - root $ - user # apt-get build-dep fluxbox # apt-get install git-core fakeroot autoconf $ apt-get source fluxbox $ cd fluxbox-1.0.0+deb1 $ sh debian/create-git-package.sh $ cd ../fluxbox-1.0.0+deb1+git... $ fakeroot debian/rules binary On 09:01 Mon 21 Apr , Oz Nahum wrote: ON Package: fluxbox ON Version: 1.0.0+deb1-6 ON Severity: important ON Tags: l10n ON When opening a text file with Hebrew or Arabic name the window title is ON displayed backwords. This is also true when using a webrowser, when browsing ON to a website with pagetitle in Arabic and Hebrew the title is dislayed ON backwords. ON Let me elaborate a little bit more: Suppose you go to Al-Jazeera.net, (see ON also my atachments), then the page title will say in English: Al Jazeera ON Englin - Front Page - Iceweasel (if you are using Iceweasel). ON If you will go to the arabic web site the page title is broken and is ON displayed backwards: from left to right instead of right to left. Hence in ON arabic letters it will be : areezaJ La. ON The same is true for Hebrew page title, see my other pictures. ON This is a BiDi issue, and might be a FluxBox upstream issue, however it is ON not hard to fix. I've seen it working OK in OpenBox under debian. ON -- System Information: ON Debian Release: lenny/sid ON Architecture: i386 (i686) ON Kernel: Linux 2.6.24.4 (SMP w/2 CPU cores; PREEMPT) ON Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to ON C) ON Shell: /bin/sh linked to /UNIONFS/bin/bash ON Versions of packages fluxbox depends on: ON ii libc6 2.7-6GNU C Library: Shared libraries ON ii libfontconfig1 2.5.0-2 generic font configuration ON library ON ii libgcc1 1:4.3.0-1GCC support library ON ii libice6 2:1.0.4-1X11 Inter-Client Exchange ON library ON ii libimlib2 1.4.0-1 powerful image loading and ON renderi ON ii libsm6 2:1.0.3-1+b1 X11 Session Management library ON ii libstdc++6 4.3.0-1 The GNU Standard C++ Library v3 ON ii libx11-62:1.0.3-7X11 client-side library ON ii libxext62:1.0.4-1X11 miscellaneous extension ON librar ON ii libxft2 2.1.12-2 FreeType-based font drawing ON librar ON ii libxinerama12:1.0.3-1X11 Xinerama extension library ON ii libxpm4 1:3.5.7-1X11 pixmap library ON ii libxrandr2 2:1.2.2-1X11 RandR extension library ON ii libxrender1 1:0.9.4-1X Rendering Extension client ON libra ON ii menu2.1.38 generates programs menu for all ON me ON fluxbox recommends no packages. ON -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#477012: ftbfs with cmake+new qt4
SV Please don't upload right now with SV added unneeded build-deps. Sorry, too late to receive Your mail. ( signature.asc Description: Digital signature
Bug#434625: A newline should be replaced by a space, not just deleted
tags 434625 patch thanks see attache --- mytop 2008-04-21 12:47:11.0 +0400 +++ mytop 2008-04-21 14:29:48.0 +0400 @@ -1475,6 +1478,9 @@ sub Execute($) { my $sql = shift; + +$sql and $sql=~s/\n/ /sg; + my $sth = $dbh-prepare($sql); if (not $sth) { ReadMode($RM_RESET); die $DBI::errstr; } signature.asc Description: Digital signature
Bug#455901: Use of uninitialized value in substitution (s///) at /usr/bin/mytop line 958.
tags 455901 patch thanks see attache --- mytop 2008-04-21 12:47:11.0 +0400 +++ mytop 2008-04-21 12:46:06.0 +0400 @@ -1,4 +1,7 @@ #!/usr/bin/perl -w + +eval 'exec /usr/bin/perl -w -S $0 ${1+$@}' +if 0; # not running under some shell # # $Id: mytop,v 1.53 2003/09/18 17:58:36 jzawodn Exp $ @@ -952,8 +955,11 @@ { $thread-{Host} =~ s/:\d+$//; my $host = gethostbyaddr(inet_aton($thread-{Host}), AF_INET); -$host =~ s/^([^.]+).*/$1/; -$thread-{Host} = $host; +if ($host) +{ + $host =~ s/^([^.]+).*/$1/; + $thread-{Host} = $host; +} } ## Fix possible undefs signature.asc Description: Digital signature
Bug#475140: NMU package prepared
http://uvw.ru/debian/unstable/mytop/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#476909: suggestions on reorganisation of the stardict package.
Package: stardict Severity: normal Hi, Andrew Lee and Anthony Fok! I use stardict, I like this dictionary very much, but there is a great discomfort: at every new installation it is necessary to download the dictionaries from the site http://stardict.sourceforge.net by hand and to install them. It would be nice if the deb-package included the dictionaries from this site, however it is most likely impossible because mostly they will not correspond to DFSG. I have a proposal to you: to modify the package thus it has configure and template scripts for debconf, which would allow users to choose and install the dictionaries automatically (dpkg-reconfigure). I've written a small script (it is attached) which creates a list of what to download and where from: according to the results of the work of this script one may generate the menu for choosing). Some time later I would be able to complete the work on this system [1]. However now I have to choose whether to make a fake package only for automatisation of downloading the dictionaries for stardict or to work further on the stardict package. Here I need your agreement or disagreement about working on the stardict package: in the first case you'll include the results of my work into package and add me to the Uploaders group and in the second one I'll make a retitle of this bug in ITP: staridct-dicts [1]. Please inform me what is your opinion on this subject. Sincerely yours, Dmitry PS: notes: [1] _example_ of staridct-dicts.deb uploaded to: http://uvw.ru/debian/unstable/stardict/ #!/usr/bin/perl use warnings; use strict; package MechUTF8; use base qw(WWW::Mechanize); use Encode qw(encode decode); sub content { my $self=shift; my $content=$self-SUPER::content(@_); $self-response-header('Content-Type')=~/charset=([\w\d\-]+)/ and $content=encode(utf8=decode($1=$content)); return $content; } package main; use URI; use File::Basename qw(basename); use Getopt::Std qw(getopts); my $server=http://stardict.sourceforge.net;; my $durl=$server/Dictionaries.php; sub die_if_error($$) { my ($browser, $errtxt)[EMAIL PROTECTED]; $browser-success and return; die sprintf $errtxt, server status: %s\n, $browser-status; } sub usage() { print endusage; usage: $0 [OPTIONS] OPTIONS: -h- this helpscreen -v- print verbose messages -o file - save list to file endusage exit -1; } getopts('o:hv', \my %opts) or usage; $opts{h} and usage; if ($opts{o}) { open STDOUT, '', $opts{o} or die Can not create file $opts{o}: $!\n; $|=1; } $|=1; select STDERR; $|=1; select STDOUT; my $browser=new MechUTF8; $opts{v} and print STDERR Getting $durl ...\n; $browser-get($durl); die_if_error $browser, Can not get categories list from $server; my %ans= map { m{href=(.*?).*?\s*(.*?)\s*}s; ($2, $server/$1) } $browser-content=~m{(a.*?/a)}sgi; for (sort keys %ans) { unless ($ans{$_}=~m{$server/Dictionaries_}) { delete $ans{$_}; next; } $opts{v} and print STDERR \tGetting $ans{$_} ...\n; $browser-get($ans{$_}); die_if_error $browser, Can not get category `$_'; my $content=$browser-content; for ($content) { s[t([rd]).*?][t$1]sig; s[\s*(?:/)?\s*(?:font|span|strong|b|b|br).*?][ ]sig; } my %dlist= map { $$_[0]=~s[td.*?\s*(.*?)\s*.*][$1]; ($$_[0], $$_[1]) } grep { $$_[1] !~ /rpm$/i } map { $$_[1]=~s/\?.*//s; $_ } map { ($$_[1]=~m[.*a\s*href=(.*?)\s*\s*tarbal]si)?[$$_[0], $1]:() } map { [ $$_[0], $$_[1] $$_[2] ] } grep { @$_ == 4 or @$_ == 3 } map { [ m[(td.*?/td)]sig ] } $content=~m{(tr.*?/tr)}sig; for my $url (values %dlist) { my $basename=basename(URI-new($url)-path); $url={file=$basename, url=$url, section=$_}; } $opts{v} and printf STDERR \t\tfound %d tarbal-links for download\n, scalar keys %dlist; unless (%dlist) { delete $ans{$_}; next; } printf %s\n, join \t, $dlist{$_}{section}, $_, $dlist{$_}{file}, $dlist{$_}{url} for sort keys %dlist; } keys %ans or die Can not find categories list in $durl\n; exit 0; signature.asc Description: Digital signature
Bug#477012: hedgewars: FTBFS: make: *** [configure-stamp] Error 255
tags 477012 patch pending thanls Thanks for You bug-report, see patch. On 17:36 Sun 20 Apr , Lucas Nussbaum wrote: LN Package: hedgewars LN Version: 0.9.2-1 LN Severity: serious LN User: [EMAIL PROTECTED] LN Usertags: qa-ftbfs-20080419 qa-ftbfs LN Justification: FTBFS on i386 LN Hi, LN During a rebuild of all packages in sid, your package failed to build on i386. LN This rebuild was done with gcc 4.3 instead of gcc 4.2, because gcc 4.3 is now LN the default on most architectures (even if it's not the case on i386 yet). LN Feel free to downgrade this bug to 'important' if your package is only built LN on i386, and this bug is specific to gcc 4.3 (i.e the package builds fine with LN gcc 4.2). LN Relevant part: /usr/bin/fakeroot debian/rules clean rm -fr build *-stamp dh_clean dpkg-source -b hedgewars-0.9.2 dpkg-source: info: using source format `1.0' dpkg-source: info: building hedgewars using existing hedgewars_0.9.2.orig.tar.gz dpkg-source: info: building hedgewars in hedgewars_0.9.2-1.diff.gz dpkg-source: info: building hedgewars in hedgewars_0.9.2-1.dsc debian/rules build mkdir build tar xjf *.tar.bz2 -C build name_top=`ls build`; \ mv build/$name_top/* build; \ rmdir build/$name_top touch unpack-stamp dh_testdir cd build \ cmake -DCMAKE_INSTALL_PREFIX=/usr/lib/hedgewars \ -DDATA_INSTALL_DIR=/usr/share/games . -- Check for working C compiler: /usr/bin/gcc -- Check for working C compiler: /usr/bin/gcc -- works -- Check size of void* -- Check size of void* - done -- Check for working CXX compiler: /usr/bin/c++ -- Check for working CXX compiler: /usr/bin/c++ -- works -- Looking for Q_WS_X11 -- Looking for Q_WS_X11 - found -- Looking for Q_WS_WIN -- Looking for Q_WS_WIN - not found. -- Looking for Q_WS_QWS -- Looking for Q_WS_QWS - not found. -- Looking for Q_WS_MAC -- Looking for Q_WS_MAC - not found. -- Found Qt-Version 4.4.0-rc1 -- Looking for _POSIX_TIMERS -- Looking for _POSIX_TIMERS - found -- Looking for pthread.h -- Looking for pthread.h - found -- Looking for pthread_create in pthreads -- Looking for pthread_create in pthreads - not found -- Looking for pthread_create in pthread -- Looking for pthread_create in pthread - found CMake Error: This project requires some variables to be set, and cmake can not find them. Please set the following variables: QT_FONTCONFIG_LIBRARY (ADVANCED) QT_X11_ICE_LIBRARY (ADVANCED) QT_X11_SM_LIBRARY (ADVANCED) QT_XI_LIBRARY (ADVANCED) QT_XRANDR_LIBRARY (ADVANCED) QT_XRENDER_LIBRARY (ADVANCED) -- Configuring done make: *** [configure-stamp] Error 255 LN The full build log is available from: LN http://people.debian.org/~lucas/logs/2008/04/19 LN A list of current common problems and possible solutions is available at LN http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute! LN About the archive rebuild: The rebuild was done on about 50 AMD64 nodes LN of the Grid'5000 platform, using a clean chroot containing a sid i386 LN environment. Internet was not accessible from the build systems. --- hedgewars-0.9.2/debian/control 2008-04-20 20:25:37.0 +0400 +++ hedgewars-0.9.2/debian/control 2008-04-20 20:16:03.0 +0400 @@ -2,7 +2,7 @@ Section: games Priority: extra Maintainer: Dmitry E. Oboukhov [EMAIL PROTECTED] -Build-Depends: debhelper (= 5), cmake, libqt4-dev (= 4.2), fp-compiler, libsdl1.2-dev, libsdl-ttf2.0-dev, libsdl-mixer1.2-dev, libsdl-image1.2-dev, libsdl-net1.2-dev, bzip2 +Build-Depends: debhelper (= 5), cmake, libqt4-dev (= 4.2), fp-compiler, libsdl1.2-dev, libsdl-ttf2.0-dev, libsdl-mixer1.2-dev, libsdl-image1.2-dev, libsdl-net1.2-dev, bzip2, libxrandr-dev, libfontconfig1-dev, libxi-dev Standards-Version: 3.7.3 Homepage: http://hedgewars.org signature.asc Description: Digital signature
Bug#476909: suggestions on reorganisation of the stardict package.
AL Well done! I'd like to do such thing for long. But it would probably AL become contrib, isn't it? AL I haven't check all dictionary on stardict's website for a long time. So AL I am curious now, does any dictionary on stardict website are DFSG? AL Maybe convert exist dictionary in debian main to stardict format is a AL better option. But I haven't understood from Your answer what we are working on? Is it a new stardict-dicts package or shall we add the scripts into starditct? As far as contrib repository is concerned it seems to me that there's no point to move it there (if only stardict-dicts), because the script for downloading the dictionaries is only an additional function (which is partly included into stardict itself). signature.asc Description: Digital signature
Bug#475140: the patch for removing the terminal flicker
Package: mytop Version: 1.6 Severity: normal Tags: patch see attache Recently I've begun to use mytop. Everything is very comfortable except the fact that the terminal flickers when repainting. I've written the patch removing this effect. Unfortunately I can't test it on many platforms so I've realised it as an additional option --vt100. --- mytop 2008-04-09 12:14:52.0 +0400 +++ mytop 2008-04-09 14:10:25.0 +0400 @@ -76,6 +76,7 @@ ## Default Config Values my %config = ( +vt100 = 0, batchmode = 0, color = 1, db= 'test', @@ -107,6 +108,13 @@ my $CLEAR = $WIN ? '': `clear`; +my %vt100_commands= +( + CURSOR_TO_START = \x1b[0;0f, + CURSOR_SAVE = \x1b[s, + CURSOR_RESTORE = \x1b[u, +); + ## Term::ReadKey values my $RM_RESET = 0; @@ -143,6 +151,7 @@ Getopt::Long::Configure('no_ignore_case', 'bundling'); GetOptions( +vt100 = \$config{vt100}, color! = \$config{color}, user|u=s= \$config{user}, pass|password|p=s = \$config{pass}, @@ -161,6 +170,8 @@ sort=s = \$config{sort}, ); +-t STDOUT or $config{vt100}=undef; + ## User may have put the port with the host. if ($config{host} =~ s/:(\d+)$//) @@ -685,6 +696,13 @@ } } +sub CursorToStartNotClear() +{ + $config{vt100} or return Clear; + $WIN and return Clear; + print $vt100_commands{CURSOR_TO_START}; +} + my $last_time; sub GetData() @@ -813,7 +831,7 @@ my $host_width = 52; my $up_width = $width - $host_width; -Clear() unless $config{batchmode}; +CursorToStartNotClear() unless $config{batchmode}; print RESET(); printf %-${host_width}s%${up_width}s\n, @@ -899,7 +917,7 @@ if (not $config{batchmode} and not $config{header}) { -Clear(); +CursorToStartNotClear(); print RESET(); } @@ -1059,6 +1077,13 @@ } + +if ($config{vt100} and not $config{batchmode}) +{ + print $vt100_commands{CURSOR_SAVE}; + print join \n, ( x$width)x($lines_left+2); + print $vt100_commands{CURSOR_RESTORE}; +} } ### @@ -1706,6 +1731,11 @@ Use if you'd like Bmytop to connect to a specific database by default. Default: ``Btest''. +=item B--vt100 + +For screen re-drawing use esc-sequence vt100. It is remove terminal +twinkling. + =item B-b or B--batch or B--batchmode In batch mode, mytop runs only once, does not clear the screen, and signature.asc Description: Digital signature
Bug#472309: debian/watch file for centerim
reopen 472309 tags 472309 patch thanks sorry, my mistake in prev version debian/watch see attache :) --- debian/watch 2008-03-30 14:12:36.0 +0400 +++ debian/watch.new 2008-03-30 14:12:52.0 +0400 @@ -1,3 +1,3 @@ version=3 http://www.centerim.org/download/releases/ \ - centerim(?:-|_)(\d+(?:\.\d+){2,3})\.t(ar\.gz|ar\.bz2|gz) + centerim(?:-|_)(\d+(?:\.\d+){2,3})\.t(?:ar\.gz|ar\.bz2|gz) signature.asc Description: Digital signature
Bug#472308: new upstream version available
Package: centerim Version: 4.22.2 Severity: normal http://www.centerim.org/index.php/Main_Page =cut Important notice: New version (4.22.3) is out! This version fixes various ICQ bugs and enables contact list synchronization. So feel to download the new version from: centerim-4.22.3.tar.gz =cut signature.asc Description: Digital signature
Bug#472309: debian/watch file for centerim
Package: centerim Version: 4.22.2 Severity: wishlist Tags: patch see attache version=3 http://www.centerim.org/download/releases/ \ centerim(?:-|_)(\d+(?:\.\d+){2,3})\.t(ar\.gz|ar\.bz2|gz) signature.asc Description: Digital signature
Bug#471880: ITP: mhddfs -- The file system combines a several mount points to the single mount point
Package: wnpp Severity: wishlist * Package name: mhddfs Version : 0.1 Upstream Author : Dmitry E. Oboukhov [EMAIL PROTECTED] * URL : http://mhddfs.uvw.ru/ * License : GPLv3 Programming Lang: C Description : The file system combines a several mount points to the single mount point The file system allows to unite a several mount points (directories) to the single one. So a one big filesystem is simulated and this makes it possible to combine a several hard drives or network file systems. This system is like unionfs but it can choose a drive with the most of free space, and move the data between drives transparently for the applications. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#465434: qa.debian.org: Uscan Errors processing Watch File
reopen 465434 thanks Other packages are processed normally. Only 'iat' consistently shows error. Perhaps the problem with the firewall (OUTPUT to https)? log http://dehs.alioth.debian.org/maintainer.php?name=iat: Uscan Errors processing Watch File: uscan.pl warning: In watchfile /tmp/iat_watchiZ02dq, reading webpage https://developer.berlios.de/project/showfiles.php?group_id=6784 failed: 500 Connect failed: connect: Connection timed out; Connection timed out signature.asc Description: Digital signature
Bug#175339: Configurable mouse buttons
tags 175339 + fixed-upstream thanks see changelog: 98* Added conditional statements to key commands (Mark) 99 - for example, this will search for an open xterm window, cycle through 100them if there are any, or else open one: 101Mod4 t :If {Some Matches (xterm)} {NextWindow (xterm)} {Exec xterm} 102 - the syntax is :If {test} {command if true} {command if false} 103 - `Matches pattern' is currently the only test you can make; when used 104alone, it tests the focused window or the clicked window for OnWindow 105mouse events 106 - there are many ways to combine tests: 107- `Some test' returns true if any open client matches test 108- `Every test' returns true if every open client matches test 109- `Not test' negates the value of test 110- `Or {test} {test} ...' returns true if any of the tests is true 111- `And {test} {test} ...' returns true if all of the tests are true 112- `Xor {test} {test} ...' returns the boolean xor of the truth values 113 FbCommandFactory.cc CurrentWindowCmd.cc/hh WorkspaceCmd.cc/hh 114 FbTk/Command.hh FbTk/SimpleCommand.hh, added files FbTk/LogicCommands.cc/hh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#222089: fluxbox: Jump to workspace where existing windows is when activating it
tags 222089 fixed-upstream thanks see changelog http://git.fluxbox.org/?p=fluxbox.git;a=blob;f=ChangeLog;h=bdf4ff92ad52db9b82037f76fef62c3ba0d9550e;hb=HEAD :) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#462914: fixed in fluxbox 1.0.0+deb1-6
Unfortunately there is no other variant. When removing the link on session manager in fluxbox, then it is impossible to choose it as a default window manager if there's at least one session manager installed. Then there appears a paradoxical situation: less functional systems like KDE/xfce will prevent from using the most comfortable window manager - fluxbox. ;) JC No, that won't prevent you from doing that. Any session manager should JC allow you to choose which window manager you're running. If it doesn't JC then that's a bug in the session manager imo (and in any case, it's just JC a matter of replacing the default window manager with fluxbox in your JC session and saving it). Or if you don't want to use any session JC manager, then you're welcome to use ~/.xsession. And in any case JC working around that in fluxbox by pretending to be a session manager is JC actively harmful. Editting of users' init-scripts is not the way of choosing default window manager. It is the way of choosing window manager by one user. In case of an absent link on x-session-manager the access to installation of fluxbox (and many other managers) as a default window manager will be disabled. Because alternatives x-session-manager have a priority. So if on my computer 20 men use fluxbox and only one uses xfce (kde etc) then all the 20 men must use personal settings instead of general-system ones. It isn't correct. May be it will be fluxbox bug but I shall not remove this link so far. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]