Bug#939866: mariadb-server-10.1: replication hangs in state "Slave_IO_Running: Preparing" after upgrade from 10.1.38 to 10.1.41
Hello, We confirm this serious bug. After upgrading from 10.1.38-0+deb9u1 to 10.1.41-0+deb9u1, replication is completely broken. For the moment we `apt-mark old` mariadb package with 10.1.38-0+deb9u1 version on all our servers. Regards, -- Grégory Colpart - CEO Evolix - Clé OpenPGP : 0x44975278B8612B5D Evolix - Hébergement et Infogérance Open Source Marseille (37 rue Guibal, Pôle Média, 13003) / Aix / Paris / Montréal http://evolix.com | Twitter: @Evolix @EvolixNOC | http://blog.evolix.com
Bug#921030: Fails to import the ansible module since its migration to Python 3
Hi Samuel, On Sun, Feb 24, 2019 at 03:25:26AM +, Samuel Henrique wrote: > I'm working on this: https://salsa.debian.org/debian/ansible-lint > I think i'm close to an upload now, there's only some problems with .js > sources. I review your patches and all is right, in particular your removal of docs in upstream tarball. Thank you for your work! Regards, -- Grégory Colpart
Bug#799144: ITP: ansible-lint -- Best practices checker for Ansible
On Thu, Aug 24, 2017 at 12:06:18PM +0200, Sascha Girrulat wrote: > ok thx. This year i diddn't attend to the debconf because of lack of > time :(. If you need assistance pls tell me. ansible-lint is in NEW 14 days ago: https://ftp-master.debian.org/new/ansible-lint_3.4.13+git.20170811-1-1.html Regards, -- Grégory ColpartGnuPG:4096R/B8612B5D Evolix - Hébergement et Infogérance Open Source http://www.evolix.fr/
Bug#799144: ITP: ansible-lint -- Best practices checker for Ansible
Hi Sascha, On Wed, Aug 09, 2017 at 10:15:51PM +0200, Sascha Girrulat wrote: > sry, i thought that i moved this itp top an rfp. Feel free if you would like > to take over this itp. Of you don't want i could try it next week. I have a > short holiday and hopefully a time to do that. Thanks for you quick reply. I will take over and probably upload the package in NEW before the end of DebConf17 :) Regards, -- Grégory ColpartGnuPG:4096R/B8612B5D Evolix - Hébergement et Infogérance Open Source http://www.evolix.fr/
Bug#799144: ITP: ansible-lint -- Best practices checker for Ansible
any news? I have a package ready, I intent to take over the ITP if no answer. Regards, -- Grégory ColpartGnuPG:4096R/B8612B5D Evolix - Hébergement et Infogérance Open Source http://www.evolix.fr/
Bug#749272: varnish doesn't source /etc/default/varnish when started with systemd
tags 749272 - wontfix severity 749272 serious retitle 749272 varnish doesn't source /etc/default/varnish when started but uses it when reloaded Hello, Keeping file /etc/default/varnish when Varnish doesn't source it is confusing for users. And the worst is that the script /usr/share/varnish/reload-vcl (used by ExecReload in systemd unit) sources /etc/default/varnish ! Then users need to configure Varnish options in /etc/default/varnish *and* in varnish.service... and keep synchronized. The result is often a production failure when "systemctl reload varnish" then I consider this bug as serious severity (and it should be fixed for Stretch). There could be two bug fixes : - Using patch in this bug report to source /etc/default/varnish in varnish.service (and removing useless variables like START=yes) - Rewriting the script reload-vcl to not use /etc/default/varnish (and removing the file /etc/default/varnish) Regards, -- Grégory ColpartGnuPG:4096R/B8612B5D Evolix - Hébergement et Infogérance Open Source http://www.evolix.fr/
Bug#731076: mysql-server: query cache not used when InnoDB tables and name with special chars
Package: mysql-server Severity: important Tags: fixed-upstream Hello, MySQL has an incredible bug: if you have special chars in table or db name, Query Cache is not used with InnoDB tables. This bug affects mysql-server on squeeze/wheezy/testing/sid, but was not in lenny. Example with db name : mysql create database `foo-bar`; mysql create table `foo-bar`.baz (a int) engine=InnoDB; mysql insert into `foo-bar`.baz values (1); mysql select * from `foo-bar`.baz; mysql show status like 'Qcache_hits'; +---++ | Variable_name | Value | +---++ | Qcache_hits | 0 | +---++ mysql select * from baz; mysql show status like 'Qcache_hits'; +---++ | Variable_name | Value | +---++ | Qcache_hits | 0 | +---++ Example with table name : mysql create database foobar; mysql create table foobar.`baz-qux` (a int) engine=InnoDB; mysql insert into foobar.`baz-qux` values (1); mysql select * from foobar.`baz-qux`; mysql show status like 'Qcache_hits'; +---++ | Variable_name | Value | +---++ | Qcache_hits | 0 | +---++ mysql select * from foobar.`baz-qux`; mysql show status like 'Qcache_hits'; +---++ | Variable_name | Value | +---++ | Qcache_hits | 0 | +---++ This bug is reported and fixed upstream: http://bugs.mysql.com/bug.php?id=64821 All MySQL versions between 5.1 and 5.6.8 are affected. Fix is in 5.6.9 : http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-9.html Regards, -- Grégory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Hébergement et Infogérance Open Source http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#702004: php5: class_alias() is not taken into account by type hints
FYI we test to rebuild php5-5.3.3 with this patch, and Typo3 has always fatal error : PHP Fatal error: Cannot redeclare class Tx_Vhs_Service_AssetService in /home/foo/www/typo3conf/ext/vhs/Classes/Service/AssetService.php on line 36 Then I think this patch is not sufficient for Typo3 Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Hébergement et Infogérance Open Source http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#683554: [pkg-horde] Please unblock pear-horde-channel
Hello, On Mon, Nov 12, 2012 at 09:37:40PM +, Adam D. Barratt wrote: On Mon, 2012-11-12 at 22:36 +0100, Mathieu Parent wrote: There is a new pear-horde-channel source package which builds a pear-horde-channel binary package. The previous version of this binary package was built from the horde3 source package which we intent to remove (see #683554). Can you unblock the new pear-horde-channel to allow removal of horde3? For reference, this is #690475 ... pear-horde-channel is now on wheezy/testing, then horde3 can now be definitly removed (#683554)... at least, for wheezy/testing. FYI I will now ask to remove all php-horde-* packages from wheezy/testing because it's really not ready for stable. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694177: RM: php-horde-core/1.8.3-1.1 testing
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm X-Debbugs-CC: pkg-horde-hack...@lists.alioth.debian.org Hello, php-horde-* packages (Horde 4) are not ready for stable for several reasons: - No package for the webmail and other Horde modules, only libs with no interest itself - No real testing with all these packages - New major upstream version (security maintenance will be painful...) Then please, remove all php-horde-* packages from testing: php-horde-core and also: php-horde-activesync php-horde-alarm php-horde-argv php-horde-auth php-horde-autoloader php-horde-browser php-horde-cache php-horde-cli php-horde-compress php-horde-constraint php-horde-controller php-horde-crypt php-horde-data php-horde-date php-horde-date-parser php-horde-db php-horde-editor php-horde-exception php-horde-form php-horde-group php-horde-history php-horde-http php-horde-icalendar php-horde-image php-horde-imap-client php-horde-injector php-horde-itip php-horde-lock php-horde-log php-horde-logintasks php-horde-mail php-horde-mime php-horde-mime-viewer php-horde-nls php-horde-notification php-horde-perms php-horde-prefs php-horde-rdo php-horde-role php-horde-rpc php-horde-secret php-horde-serialize php-horde-sessionhandler php-horde-share php-horde-spellchecker php-horde-stream-filter php-horde-stream-wrapper php-horde-support php-horde-syncml php-horde-template php-horde-text-diff php-horde-text-filter php-horde-text-filter-csstidy php-horde-text-flowed php-horde-token php-horde-translation php-horde-tree php-horde-url php-horde-util php-horde-vfs php-horde-view php-horde-xml-element php-horde-xml-wbxml I will clone this bug to have bugreport for each package. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694177: [pkg-horde] Bug#694177: RM: php-horde-core/1.8.3-1.1 testing
clone 694177 -1 clone 694177 -2 clone 694177 -3 clone 694177 -4 clone 694177 -5 clone 694177 -6 clone 694177 -7 clone 694177 -8 clone 694177 -9 clone 694177 -10 clone 694177 -11 clone 694177 -12 clone 694177 -13 clone 694177 -14 clone 694177 -15 clone 694177 -16 clone 694177 -17 clone 694177 -18 clone 694177 -19 clone 694177 -20 clone 694177 -21 clone 694177 -22 clone 694177 -23 clone 694177 -24 clone 694177 -25 clone 694177 -26 clone 694177 -27 clone 694177 -28 clone 694177 -29 clone 694177 -30 clone 694177 -31 clone 694177 -32 clone 694177 -33 clone 694177 -34 clone 694177 -35 clone 694177 -36 clone 694177 -37 clone 694177 -38 clone 694177 -39 clone 694177 -40 clone 694177 -41 clone 694177 -42 clone 694177 -43 clone 694177 -44 clone 694177 -45 clone 694177 -46 clone 694177 -47 clone 694177 -48 clone 694177 -49 clone 694177 -50 clone 694177 -51 clone 694177 -52 clone 694177 -53 clone 694177 -54 clone 694177 -55 clone 694177 -56 clone 694177 -57 clone 694177 -58 clone 694177 -59 clone 694177 -60 clone 694177 -61 clone 694177 -62 clone 694177 -63 retitle -1 RM: php-horde-activesync/1.2.1-1 testing retitle -2 RM: php-horde-alarm/1.0.7-1 testing retitle -3 RM: php-horde-argv/1.0.5-1 testing retitle -4 RM: php-horde-auth/1.4.7-1.1 testing retitle -5 RM: php-horde-autoloader/1.0.1-1 testing retitle -6 RM: php-horde-browser/1.0.4-1 testing retitle -7 RM: php-horde-cache/1.0.4-1 testing retitle -8 RM: php-horde-cli/1.0.4-1 testing retitle -9 RM: php-horde-compress/1.0.6-1 testing retitle -10 RM: php-horde-constraint/1.0.1-1 testing retitle -11 RM: php-horde-controller/1.0.1-1 testing retitle -12 RM: php-horde-crypt/1.1.0-1 testing retitle -13 RM: php-horde-data/1.0.4-1 testing retitle -14 RM: php-horde-date/1.0.9-1 testing retitle -15 RM: php-horde-date-parser/1.0.2-1 testing retitle -16 RM: php-horde-db/1.2.0-1 testing retitle -17 RM: php-horde-editor/1.0.1+debian0-1 testing retitle -18 RM: php-horde-exception/1.0.8-1 testing retitle -19 RM: php-horde-form/1.0.6-1 testing retitle -20 RM: php-horde-group/1.0.4-1 testing retitle -21 RM: php-horde-history/1.0.0-1 testing retitle -22 RM: php-horde-http/1.1.0-1 testing retitle -23 RM: php-horde-icalendar/1.1.0-1 testing retitle -24 RM: php-horde-image/1.0.9-1 testing retitle -25 RM: php-horde-imap-client/1.4.4-1 testing retitle -26 RM: php-horde-injector/1.0.1-1 testing retitle -27 RM: php-horde-itip/1.0.6-1 testing retitle -28 RM: php-horde-lock/1.0.1-1 testing retitle -29 RM: php-horde-log/1.1.2-1 testing retitle -30 RM: php-horde-logintasks/1.0.3-1 testing retitle -31 RM: php-horde-mail/1.0.2-1 testing retitle -32 RM: php-horde-mime/1.4.0-1 testing retitle -33 RM: php-horde-mime-viewer/1.0.8-1.1 testing retitle -34 RM: php-horde-nls/1.1.3-1 testing retitle -35 RM: php-horde-notification/1.0.1-1 testing retitle -36 RM: php-horde-perms/1.0.6-1 testing retitle -37 RM: php-horde-prefs/1.1.7-1 testing retitle -38 RM: php-horde-rdo/1.1.0-1 testing retitle -39 RM: php-horde-role/1.0.0-1 testing retitle -40 RM: php-horde-rpc/1.0.3-1 testing retitle -41 RM: php-horde-secret/1.0.0-1 testing retitle -42 RM: php-horde-serialize/1.0.2-1 testing retitle -43 RM: php-horde-sessionhandler/1.0.2-1 testing retitle -44 RM: php-horde-share/1.2.2-1 testing retitle -45 RM: php-horde-spellchecker/1.0.0-1 testing retitle -46 RM: php-horde-stream-filter/1.1.0-1 testing retitle -47 RM: php-horde-stream-wrapper/1.0.0-1 testing retitle -48 RM: php-horde-support/1.0.1-1 testing retitle -49 RM: php-horde-syncml/1.0.8-1 testing retitle -50 RM: php-horde-template/1.0.1-1 testing retitle -51 RM: php-horde-text-diff/1.0.2-1 testing retitle -52 RM: php-horde-text-filter/1.1.2-1 testing retitle -53 RM: php-horde-text-filter-csstidy/1.0.0-1 testing retitle -54 RM: php-horde-text-flowed/1.0.0-1 testing retitle -55 RM: php-horde-token/1.1.4-1 testing retitle -56 RM: php-horde-translation/1.0.1-1 testing retitle -57 RM: php-horde-tree/1.0.0-1 testing retitle -58 RM: php-horde-url/1.0.0-1 testing retitle -59 RM: php-horde-util/1.1.0-1 testing retitle -60 RM: php-horde-vfs/1.0.8-1 testing retitle -61 RM: php-horde-view/1.0.1-1 testing retitle -62 RM: php-horde-xml-element/1.0.1-1 testing retitle -63 RM: php-horde-xml-wbxml/1.0.3-1 testing thanks Hop! -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694177: RM: php-horde-core/1.8.3-1.1 testing
On Sat, Nov 24, 2012 at 04:46:22PM +, Adam D. Barratt wrote: On Sat, 2012-11-24 at 17:24 +0100, Gregory Colpart wrote: php-horde-* packages (Horde 4) are not ready for stable for several reasons: - No package for the webmail and other Horde modules, only libs with no interest itself - No real testing with all these packages - New major upstream version (security maintenance will be painful...) Then please, remove all php-horde-* packages from testing: php-horde-core and also: [...] I will clone this bug to have bugreport for each package. Before you flood us with bug reports, what's your connection to the packages? You don't appear to be in Uploaders for at least the first couple I checked... Oops, too late :) I was not active for Horde 4 packaging but I'm member of Horde PKG Team: http://qa.debian.org/developer.php?login=reg Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694177: RM: php-horde-core/1.8.3-1.1 testing
On Sat, Nov 24, 2012 at 05:03:53PM +, Adam D. Barratt wrote: So I noticed *sigh* We didn't really need 64 RM requests. Sorry, I see Alexander Reichle-Schmehl do it with a dozen of package (#683554) and I supposed it's easier for the RT... and is this the considered view of the team, including those who /are/ involved in that packaging? The only involved is Mathieu Parent and I ask it before sending my ask for removal (see #686007). Moreover there are a lot of objective reasons to remove them from wheezy/testing as I explain in my previous message. I don't see what the point of getting php-horde-channel packaged separately and unblocked was if the result was just going to be the huge pile of RMs. We could just have done that to start with. I *fully* agree with you. Instead of unblock php-horde-channel, php-horde-* packages should be removed from testing... Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#686007: [pkg-horde] Bug#686007: RFH: Horde -- web-based groupware and other applications
Hello Mathieu, On Mon, Aug 27, 2012 at 04:47:56PM +0200, Mathieu Parent wrote: [...] As Horde 3 is not supported upstream anymore, I decided to remove it from wheezy (this is a too critical application to keep potential security holes). In the meantime, I started to package horde 4 applications. But I was too short in time to get them ready before wheezy freeze. Help is needed to finish the Horde 4 work (Horde 5 will have a similar structure). Instructions to continue the work is at http://anonscm.debian.org/gitweb/?p=pkg-horde/horde4/tools.git;a=blob;f=README. There is still a lot to do, especially about copyright (see [1], [2] and [3]). - What/Where are now the instructions to install Horde 4? - Without php-horde-imp package and other top-level applications, what is the interest to include all php-horde-* package in wheezy? Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#672957: echoping: Cannot load .so
Package: echoping Version: 6.0.2-5 Severity: important Hello, Modules are broken since 6.0.2-5 : $ echoping -m dns Cannot load .so (I tried the short name, then the complete name in /usr/lib/echoping): /usr/lib/echoping/.so: cannot open shared object file: No such file or directory With 6.0.2-4, no problem : $ echoping -m dns Error: Mandatory request missing Usage: [-?] [-t|--type=type] [--tcp] [--no-recurse] [-?|--help] [--usage] request Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#658707: samba: NTLM CRAP authentication for workstation fails with NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT
Package: samba Version: 2:3.6.3-1 Severity: important Hello, I used Samba 3.4.8 on Lenny for Wi-Fi authentification with Freeradius+EAP/MSCHAPv2+ntlm_auth. I upgraded to Squeeze friday. Firstly, I need to use samba from Sid because #612049 ; secondly, I have a bug/regression : when a workstation (XP or Seven) try to authenticate, I have this error: [2012/02/05 11:16:24.418248, 2] auth/check_samsec.c:283(sam_account_ok) sam_account_ok: Wksta trust account hostname$ denied by server [2012/02/05 11:16:24.418323, 2] winbindd/winbindd_pam.c:1883(winbindd_dual_pam_auth_crap) NTLM CRAP authentication for user [DOMAINE]\[HOSTNAME$] returned NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT (PAM: 9) Then all workstations fail to authenticate and have Wi-Fi :-( For your information, I look in Samba 3 source code, and I find this condition in auth/check_samsec.c file: if (acct_ctrl ACB_WSTRUST) { if (!(user_info-logon_parameters MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT)) { DEBUG(2,(sam_account_ok: Wksta trust account %s denied by server\n, pdb_get_username(sampass))); return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT; } } I don't think workstations stop to send MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flag, then the bug is probably with handling logon_parameters. Samba bug 8548[*] is interessant but the fix is already in 3.6.3 ! Another information, I try a crapy hack: disable this condition in source code and rebuild samba package: it works well. [*] https://bugzilla.samba.org/show_bug.cgi?id=8548 Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#633305: redmine: Internal error on show user details page
Package: redmine Version: 1.0.1-2 Severity: normal Hello, I use redmine package from Squeeze. When I click on user details page (URI = http://www.example.com/users/4 for example), I have an Internal error message. When I switch RailsEnv to test, I have more informations : --8-8---8-- Showing app/views/users/show.rhtml where line #11 raised: undefined method `html_safe' for f...@bar.com:String /usr/lib/ruby/1.8/action_view/helpers/url_helper.rb:476:in `mail_to' /usr/share/redmine/app/views/users/show.rhtml:11:in `_run_rhtml_app47views47users47show46rhtml' /usr/share/redmine/app/controllers/users_controller.rb:68:in `show' --8-8---8-- Problem seems to be with javascript encoding in mail_to() function. I don't have a real patch, but I use a *workaround* : --8-8---8-- --- show.rhtml.old 2011-07-08 21:25:50.0 +0200 +++ /usr/share/redmine/app/views/users/show.rhtml 2011-07-08 21:27:09.0 +0200 @@ -7,7 +7,7 @@ div class=splitcontentleft ul % unless @user.pref.hide_mail % - li%=l(:field_mail)%: %= mail_to(h(@user.mail), nil, :encode = 'javascript') %/li + li%=l(:field_mail)%: %= mail_to(h(@user.mail), nil, :encode = 'hex') %/li % end % % for custom_value in @custom_values % % if !custom_value.value.blank? % --8-8---8-- Note : I reproduce it with 1.0.1-1 too Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#615037: Please include pppoeconf as udeb package in default installation with netinst iso image.
tags 615037 wontfix thanks On Tue, Mar 01, 2011 at 10:00:59AM +0300, Скубриев Владимир wrote: [...] I think that debian must have this package by default install of netinst iso and others [...] I understand your arguments but I don't agree that Priority of pppoeconf should be changed to standard. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#613284: Bug#612065: Bug#613284: Please remove support for modconf
tags 562701 + pending tags 622847 + pending tags 590202 + pending thanks On Thu, Apr 14, 2011 at 12:09:24PM +0200, Gregory Colpart wrote: Thanks a lot for your patch. I will commit it on Git repository[*] this sunday, and perhaps upload it when deadline for translation updates is over, but of course don't hesitate to NMU if it's not done. Your patch and others patches (translations, ...) are now commited in Git : http://git.debian.org/?p=collab-maint/pppoeconf.git;a=summary I intent to upload pppoeconf 1.20 next week-end. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#613284: Bug#612065: Bug#613284: Please remove support for modconf
Hello, On Thu, Apr 14, 2011 at 10:42:22AM +0200, Alexander Reichle-Schmehl wrote: Okay, I found someone who could run some tests, and as the patch doesn't seem to affect the functionality of the package, I intend to upload the NMU on Sunday 24th of Apr 2011. A call for translation updates has already been sent; a full patch (including po changes) will follow, when the deadline for that call has ended. Sorry for the delay. Thanks a lot for your patch. I will commit it on Git repository[*] this sunday, and perhaps upload it when deadline for translation updates is over, but of course don't hesitate to NMU if it's not done. [*] http://git.debian.org/?p=collab-maint/pppoeconf.git;a=summary Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#615037: Please include pppoeconf as udeb package in default installation with netinst iso image.
Hello, On Fri, Feb 25, 2011 at 10:06:46AM +0300, V.Skubriev wrote: Please include pppoeconf as udeb package in default install of netinst installation. If a user have only pppoe access to the Internet he(she) mustdownload and copy an pppoeconf package into installed system separately. But this is not trivial for many users. Also this package is very very small. Why it not included in default install - i think this is not good for popularizing the world mostly distribution of GNU/Linux. pppoe possibilities are in ppp udeb. See: http://www.debian.org/releases/stable/i386/apds05.html.en Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#604076: redis-server: new upstream version (2.0.4)
Package: redis-server Severity: wishlist Hello, It could be great to have last upstream version in Debian. Do you want some help to prepare it? Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#598582: [pkg-horde] Bug#598582: horde3: Four security issues in Horde
Hello, On Wed, Nov 03, 2010 at 07:58:25PM +0100, Mehdi Dogguy wrote: On 0, Gregory Colpart r...@evolix.fr wrote: For horde3, I prepare the patches for Lenny and Squeeze/Sid. They are on http://git.debian.org/?p=pkg-horde/horde3.git;a=summary I'm waiting comments from upstream before uploading. Any news? I ping upstream on IRC and I improve my patches (commited on Git repo) ... but I'm still waiting upstream comments before uploading. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#598582: [pkg-horde] Bug#598582: horde3: Four security issues in Horde
Hello, On Thu, Sep 30, 2010 at 11:38:39AM +0200, Moritz Muehlenhoff wrote: I suppose these issues reported here refer to the horde3 source package: http://lists.horde.org/archives/announce/2010/000568.html Sorry for the delay and thanks for your upload of gollem and dimp1. For horde3, I prepare the patches for Lenny and Squeeze/Sid. They are on http://git.debian.org/?p=pkg-horde/horde3.git;a=summary I'm waiting comments from upstream before uploading. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#385545: [pkg-horde] Bug#385545: horde3: horde_sessionhandler :: duplicate key violates unique constraint horde_sessionhandler_pkey
Hello, On Fri, Sep 01, 2006 at 06:57:51AM +0200, Ola Lundqvist wrote: Thanks for the report. I'll see what I can do about it. This bug is old, and probably fixed in new versions. If nobody cries, I will close it soon... Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#350751: horde3: broken preferences storing in postgresql database
Hello, This bug is old, and probably fixed in new versions. If nobody cries, I will close it soon... Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#597603: [pkg-horde] Bug#597603: horde3: temp-cleanup.cron returns failure if last find command exits with non-zero coder
On Tue, Sep 21, 2010 at 02:17:37AM -0600, Joel Smith wrote: There is no reason for the temp-cleanup.cron script to return anything other than success in these instances, so it should be modified to exit with a 0 return code. (Like with exit 0 at the end.) Thanks for reporting this bug. I will apply your patch on next new package after the freeze. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#596646: [pkg-horde] Bug#596646: Warning: unlink(/tmp/vfs4QT1Xb) [function.unlink]: No such file or directory in /usr/share/horde3/lib/VFS/ftp.php(160) : runtime-created function on line 1
tags 596646 moreinfo unreproducible thanks Hello, On Sun, Sep 12, 2010 at 08:54:20PM -0400, root wrote: spews gibbersh at the bottom of the page: Warning: unlink(/tmp/vfsFcXvtK) [function.unlink]: No such file or directory [...] I can't reproduce your bug. Are you sure you don't have issue with /tmp ? What is your version of PHP? If you have PHP4, can you try with PHP5? Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#596644: [pkg-horde] Bug#596644: sork-passwd-h3: Spews php errors, says it successfully changes password, but does not.
severity 596644 normal tags 596644 moreinfo thanks On Sun, Sep 12, 2010 at 09:05:40PM -0400, root wrote: I need to use the expect backend. When I click Change Password, I get the following at the top of the page: Notice: Only variable references should be returned by reference in /usr/share/horde3/passwd/lib/Driver.php on line 110 Are you sure expect the script works? What is the content of your backend.php ? By default expect driver use SSH and you have output in /tmp/ Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#597747: [pkg-horde] Bug#597747: horde3: cron job fails with error level after uninstall
Hello, On Wed, Sep 22, 2010 at 07:44:33PM +0200, Michael Below wrote: Just like any other cron job, this one should fail silently when it's package is not there anymore. Thanks for your report. If I understand well, I need to add || true on these cron-job. I will apply this fix after the squeeze release. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#601186: #601186 - horde3: only shows php deprecations and a warning - no actual operational parts
severity 601186 normal tags 601186 wontfix thanks As you said above, this bug is probably for PHP4 compatibility. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#595313: nagvis: unable to read input file /etc/dbconfig-common/ndoutils-mysql.conf
Package: nagvis Version: 1:1.4.6-1 Severity: serious Hello, I try to install nagvis on squeeze without success: # aptitude install nagvis The following NEW packages will be installed: nagvis 0 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0B/616kB of archives. After unpacking 2,437kB will be used. Are you sure to have rw on /usr and exec on /tmp? Selecting previously deselected package nagvis. (Reading database ... 33117 files and directories currently installed.) Unpacking nagvis (from .../nagvis_1%3a1.4.6-1_all.deb) ... Setting up nagvis (1:1.4.6-1) ... unable to read input file /etc/dbconfig-common/ndoutils-mysql.conf dpkg: error processing nagvis (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: nagvis E: Sub-process /usr/bin/dpkg returned an error code (1) A package failed to install. Trying to recover: Setting up nagvis (1:1.4.6-1) ... unable to read input file /etc/dbconfig-common/ndoutils-mysql.conf dpkg: error processing nagvis (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: nagvis Regards, -- System Information: Debian Release: squeeze/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF8, LC_CTYPE=fr_FR.UTF8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages nagvis depends on: ii dbconfig-common 1.8.46 common framework for packaging dat ii debconf [debconf-2.0] 1.5.35 Debian configuration management sy ii graphviz 2.26.3-5 rich set of graph drawing tools ii libapache2-mod-php5 5.3.2-2server-side, HTML-embedded scripti ii php5-common 5.3.2-2Common files for packages built fr ii php5-gd 5.3.2-2GD module for php5 ii php5-mysql5.3.2-2MySQL module for php5 ii ucf 3.0025 Update Configuration File: preserv Versions of packages nagvis recommends: ii nagios3 3.2.1-2A host/service/network monitoring pn ndoutils-mysqlnone (no description available) nagvis suggests no packages. -- no debconf information -- Gregory Colpart r...@evolix.fr GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#555227: Downgrading
tags 555227 moreinfo thanks On Mon, Jul 19, 2010 at 01:32:20PM -0400, Filipus Klutiero wrote: See 3.5 Dependencies at http://www.debian.org/doc/debian-policy/ch-binary.html#s3.5 Please say which dependencie you want to add. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#585165: [pkg-horde] Bug#585165: CVE-2010-1916: Security issue in Xinha
Hi, On Thu, Jul 15, 2010 at 02:51:07PM +0200, Alexander Reichle-Schmehl wrote: * Gregory Colpart r...@evolix.fr [100622 01:48]: [..] Please check if your code copy is affected and update the internal copy. I think code copy of xinha in Horde is not affected because there is no PHP code from Xinha on it. Majority of Xinha plugins are not present. Is there a specific reason, why this bug is open, if the problem doesn't exist? I was hoping a confirmation of my analysis. But from my point of view, bug should be closed. Okay, there is still: * Moritz Muehlenhoff j...@debian.org [100609 19:05]: [..] There's already an ITP for xinha (Bug 479708) and since four packages currently in the archive use xinha (openacs, Horde, serendipity and dotlrn) it would be nice if we could migrate to a single package for Squeeze. But a the package doesn't seem to have made much progress recently, what about a: retitle 585165 Please use system xinha instead of own copy severity 585165 important block 585165 bye 479708 Ok. I do that. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#585165: [pkg-horde] Bug#585165: CVE-2010-1916: Security issue in Xinha
Hi, On Wed, Jun 09, 2010 at 07:05:51PM +0200, Moritz Muehlenhoff wrote: Horde includes a copy of Xinha, for which the following security issue was reported: http://php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.h+tml http://xinha.webfactional.com/ticket/1518 Please check if your code copy is affected and update the internal copy. I think code copy of xinha in Horde is not affected because there is no PHP code from Xinha on it. Majority of Xinha plugins are not present. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#585004: bind9: Bind9 isn't detected to be running while named process exists
Hello, I confirm this annoying bug. The reason is .pid file moved from named.pid to named/named.pid and PIDFILE must be changed in init.d file. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#558248: [pkg-horde] Bug#558248: IMP4 attachements problem on gpg signel mails
Hello, On Fri, Nov 27, 2009 at 11:25:42AM +0100, Angel Parra wrote: Package: IMP4 Version: 4.2-4 When I receive a mail GPG signed with attached files it is not possible to download files, just works properly Download All Attachments (in .zip file) I have: gnupg 1.4.9-3+lenny1 gnupg-agent 2.0.9-3.1 uw-imapd 7:2007~dfsg-4+lenny3 The mails have been send from a identical IMP4 server. As I use imap I have read the emails from thunderbird and all attachments works properly. Can you reproduce this bug with last version from unstable? Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#581905: php-date: please remove me from Uploaders
tags 581905 pending thanks Hello, On Mon, May 17, 2010 at 06:33:30AM +0200, Marcus Better wrote: I no longer have any interest in this package, please remove me from Uploaders for the next upload. Commited in SVN. It will be uploaded for the next upload... but it could be long because last stable release was on 2006-11-21! Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#568344: sympa: broken links in messages archives
Package: sympa Version: 5.3.4-6.1 Severity: important Tags: patch fixed-upstream Hello, I upgraded from Etch to Lenny, and I discover an important bug with messages archives. When I try to open a message from archives, the link is broken because HTML tag base href=... is false! Searching new upstream versions, I see a change in /usr/share/sympa/web_tt2/main.tt2 file : Line : [% IF base %] base href=[% base_url %] / [% END %] becomes: [% IF base %] base href=[% base %] / [% END %] This change fixes the problem. I know this change is not a security fix, and is probably not enough important to go to stable-proposed-updates, but I want open this bug to help people searching the same problem. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#544520: new upstream version since a while
Hello, On Thu, Nov 26, 2009 at 12:06:12PM -0600, Sukant Hajra wrote: Just a note, to help highlight priority -- Twirssi (the Twitter script I use with Irssi), now has a hard depedency on v3 of Net::Twitter. Until this library is updated I'm stuck on an older version of Twirssi (v2.3). Same here. Do you want some help for maintaining this package? Regards, -- Gregory Colpart -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#548231: [pppoeconf] menu item fails unless launched as root
severity 548231 minor thanks Hello, On Thu, Sep 24, 2009 at 02:40:01PM -0400, Filipus Klutiero wrote: In English, that would be $ LANG=C /usr/sbin/pppoeconf Please become root before running pppoeconf! Press return to continue... pppoeconf then exits. The desktop file does not indicate anywhere the requirement to run as superuser. This makes the menu item basically useless. You can see synaptic for an example of how to do menu items requiring root privileges (but note that synaptic has bug 532322). pppoeconf try to use sudo or su-to-root to become root. If you have not sudo or menu package on your system, pppoeconf warn you to become root and exit. If you have a better suggestion, don't hesitate. Perhaps add gksu support if it's installed... For example, on line 42: --8-- +elif which gksu /dev/null; then + exec gksu $0 $@ || exit 1 --8-- Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#551127: unsatisfiable Depends: pear (= 5.2.0-8)
Hello, On Thu, Oct 15, 2009 at 11:26:49PM +0200, Mathieu Parent wrote: The package depends on pear (= 5.2.0-8). This is probably a typo, it should be php-pear. I don't why there is a versioned dependency, Gregory (reg) knows. Extract from http://wiki.debian.org/GregoryColpart/PearPolicyDraft : Depends should: * have php-pear, probably versionned (See dependencies in package.xml) Note we have PEAR 1.4.11 in php-pear etch package (version 5.2.0-8*), and if could be a good idea to use (= 5.2.0-8) if possible to make backport easier. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#461762: linux-image-2.6.18-5-sparc64: Kernel unaligned access at TPC[45dc6c] handle_futex_death+0x20/0x90
Hello, On Fri, Oct 02, 2009 at 12:00:05AM +0200, Moritz Muehlenhoff wrote: Does this error still occur with more recent kernel versions? If you're running Etch, could you try to reproduce this bug with the 2.6.24 based kernel added in 4.0r4? http://packages.qa.debian.org/l/linux-2.6.24.html No further feedback, please reopen if the problem persists in more recent kernels. I'm sorry for not answering you. My Sun Ultra5 is down since one year. I'm not sure it can boot again. If I find that the problem persists later, I will reopen a bug, then no problem for closing #461762. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#547318: [pkg-horde] Bug#547318: horde3: CVE-2009-3236 possibility to overwrite arbitrary files with the permissions of the webserver
On Wed, Sep 23, 2009 at 01:51:25AM +0200, Nico Golde wrote: Yes and I confirm the vulnerability for etch. For old-security, patch is pushed: http://git.debian.org/?p=pkg-horde/horde3.git;a=commitdiff;h=0a71866537d0bd896fda156ba83be746483714a4 Now, I'm waiting upstream advice before building/uploading. Ok great. So far the diff looks good to me. Feel free to upload to security master (and additionally you might drop me a mail so I don't miss it). Thanks for your work! Patch reviewed by upstream, package buildedtested and uploaded. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#547318: [pkg-horde] Bug#547318: horde3: CVE-2009-3236 possibility to overwrite arbitrary files with the permissions of the webserver
On Mon, Sep 21, 2009 at 12:43:51PM +0200, Nico Golde wrote: Now I'm testing package and preparing upload for sid. Are you also working on etch? That would be nice, I think this deserves a DSA. Yes and I confirm the vulnerability for etch. For old-security, patch is pushed: http://git.debian.org/?p=pkg-horde/horde3.git;a=commitdiff;h=0a71866537d0bd896fda156ba83be746483714a4 Now, I'm waiting upstream advice before building/uploading. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#547318: [pkg-horde] Bug#547318: horde3: CVE-2009-3236 possibility to overwrite arbitrary files with the permissions of the webserver
Hello, On Fri, Sep 18, 2009 at 05:18:14PM +0200, Nico Golde wrote: the following CVE (Common Vulnerabilities Exposures) id was published for horde3. Work in progress. For stable-security, patches are pushed: http://git.debian.org/?p=pkg-horde/horde3.git;a=commitdiff;h=a3873329efa3ed5797678626638afbb2bb4f48d0 Now I'm testing package and preparing upload for sid. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#538066: [pkg-horde] Bug#538066: ingo1 Source filter produces bad maildrop filter lines
tags 538066 fixed-upstream thanks Hello, On Fri, Aug 14, 2009 at 12:21:06PM -0500, David Ehle wrote: I think upstream has a solution available in this thread: http://bugs.horde.org/ticket/7611 However you might want to review the suggestion made by the most recent poster on that thread and see if it makes sense and should be implemented. I've attached the published patch that does not include the numeric comparison change. Ok, thanks for this information. Then it will be fixed in next upstream release. For Lenny, it's more complex because it's not security bug or RC bug. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#540099: [pkg-horde] Bug#540099: imp4: Message option Show All Headers causes error
Hello, On Fri, Aug 14, 2009 at 11:52:53AM -0500, David Ehle wrote: Just to confirm - I have done some a lot of customization in the /etc/horde/imp4/ config files. This patch will not overwrite any of those changes, correct? Files in /etc/horde/imp4 are conffiles, then the new package will not overwrite your changes without confirmation. Also I had deployed most of the fixes described in the thread I sent you by hand already. Since they have been modified, will the package overwrite these, or not when installing? Files in /usr/share/horde3 will be overwritten. The horde/imp installation in question is in active use so I need to be extra cautious. Then I suppose you have a test machine and backups, and you will not upgrade-russian-roulette. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#540099: [pkg-horde] Bug#540099: imp4: Message option Show All Headers causes error
Hello, On Fri, Aug 14, 2009 at 11:58:38AM -0500, David Ehle wrote: Also I don't currently have a /usr/share/horde3/imp/js directory which seems to be part of the package you have sent me to test. What do these javascript(?) files do? Uh ? You have js directory! See: http://packages.debian.org/lenny/all/imp4/filelist Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#540099: [pkg-horde] Bug#540099: imp4: Message option Show All Headers causes error
Hello, On Wed, Aug 05, 2009 at 12:31:55PM -0500, David Ehle wrote: It looks like the most recent update causes a problem with viewing full headers. imp4 (4.2-4) unstable; urgency=high * Include patches from Horde upstream to fix unescaped output in several scripts (imp/{smime,pgp}.php and message.php). (Closes: #513266) -- Gregory Colpart r...@debian.org Thu, 29 Jan 2009 02:38:27 +0100 I think upstream has addressed the problem (but it may have popped back up in April). This thread contains explanation and patches. http://bugs.horde.org/ticket/7926 Thanks for your report. It will be painful to backport these changes, particularly for Etch. Anyway, I try to do it for Lenny, could you test this package ? http://people.debian.org/~reg/imp4_4.2-4lenny1_all.deb Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#513019: [pkg-horde] Bug#513019: horde3: Login (su) Authentification does not work
tags 513019 + wontfix thanks Hello, On Sun, Jan 25, 2009 at 08:02:00PM +0100, Tobias Frost wrote: it just don't work. In the http-log, there is su: must be run from a terminal Upstream says not a bug: http://bugs.horde.org/ticket/8082 Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#538066: [pkg-horde] Bug#538066: ingo1 Source filter produces bad maildrop filter lines
Hello, On Wed, Jul 22, 2009 at 03:09:49PM -0500, David Ehle wrote: This may have been addressed upstream, but it appears that the Destination and Source filter on choices in Ingo produce lines similar to this: # sourcetest # if( \ /^From,Sender,Reply-to,Resent-from:\s*.*u...@host\.some\.domain\.edu/:h \ ) exception { to ${DEFAULT}/.ttt/ } The syntax /^From,Sender,Reply-to,Resent-from: while legal appears to be trying to match that string literally rather than anything in the list. This means that it basically just doesn't work. I saw some traffic on the INGO1 mailing list about a similar problem for the Destination filter choice having the same problem. From the look of it both Destination and Participant are both effected in the Debian/Lenny release: Thanks for your report. I'm not a maildrop guru, then could you provide corrected rules? Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#529754: [pkg-horde] Bug#529754: horde3: requires missing NET/LDAP2.php
Hello, On Thu, May 21, 2009 at 12:41:33PM +0200, Lars Kruse wrote: Fatal error: require_once() [function.require]: Failed opening required 'Net/LDAP2.php' (include_path='/usr/share/horde3/lib:.:/usr/share/php:/usr/share/pear') in /usr/share/horde3/lib/Horde/Kolab/Server/ldap.php on line 1132 [...] The most obvious problem seems to be the missing NET/LDAP2.php file. I could not find any debian package providing this file, so I am a little bit confused now. Thanks for your report. I confirm. We should package php-net-ldap2 (http://pear.php.net/package/Net_LDAP2/) and add it to Recommends. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#528927: [pkg-horde] Bug#528927: horde3 should depend on php-mdb2
severity 528927 important tags 528927 pending thanks On Sat, May 16, 2009 at 03:45:17PM +0300, Delian Krustev wrote: It seems that horde3-3.3.4+debian0-1 horde3 should have a dependency to php-mdb2: /usr/share/horde3/lib/Horde/Share/sql.php (line 751): require_once 'MDB2.php'; I'm not sure whether this is caused by a change in horde or a package reorganization in the php DB packages. Thanks for your report. Bug corrected in horde3 repository: http://git.debian.org/?p=pkg-horde/horde3.git;a=commitdiff;h=fe842dcb88f1b87636c4417456826196d4163e29 Bug is also present in Lenny. Workaround: install php-mdb2 package... ! I downgrade the severity of the bug, because Horde could work without database. Then php-mdb2 should be in Recommends and not in Depends. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#525156: [pkg-horde] Bug#525156: Error in Tree.php
tags 525156 wontfix thanks Hello, On Wed, Apr 22, 2009 at 10:57:13AM -0400, Brett Charbeneau wrote: Notice: Undefined index: imap_server in /usr/share/horde3/imp/lib/IMAP/Tree.php on line 82 This warning could probably be ignored, it's only a cosmetic bug and won't be fixed in stable distribution. I recommend you to set display_errors = Off in your PHP configuration to avoid to display it. BTW I recommend to disable display_errors for all your public webapps! Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#524785: nginx: could not build the server_names_hash, you should increase server_names_hash_bucket_size: 32
Package: nginx Version: 0.6.32-3 Severity: wishlist Hello, During Etch-Lenny upgrade, nginx refused to restart: Starting nginx: 2009/04/19 20:45:26 [emerg] 28783#0: could not build the server_names_hash, you should increase server_names_hash_bucket_size: 32 I need add a new option in nginx.conf : --8-- [...] http { include /etc/nginx/mime.types; default_type application/octet-stream; +server_names_hash_bucket_size 33; [...] --8-- I think this behaviour should be documented in Lenny Releases Notes. Do you agree? Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#515892: [pkg-horde] Bug#515892: horde3: Nothing works after upgrading from 3.1.3-4etch4 to 3.2.2+debian0-2
severity 515892 wishlist Hello, thanks for your report. On Wed, Feb 18, 2009 at 08:48:50AM +0100, root wrote: Since the last upgrade, my horde3 installation is completely broken, none of the modules seems to work. Investigating in my box, I've found many problems : first the modules are nearly all set to inactive in /etc/horde/horde3/registry.php All modules are disabled by default for a *new* installation (see NEWS). But, when you are upgrading, you have the choice to keep your old registry.php as a conf file. Then I guess you choose to overwrite your old registry.php. the webroot detection that was in the same file has been removed and replaced with a hardcoded path which is false in my case. webroot detection is useless with Debian for FHS reason IIRC. Then, it's hardcoded in registry.php file. If you modify it, you will have the choice to keep your changes (as a conf file). After activating the modules in this file, it appears that the different database tables (mysql in my case) used by the modules haven't been updated according to the examples found in /usr/share/doc/ I'm trying to upgrade them by hand one by one but it's a bit boring. Database upgrades are not automatically done, and you shoud actually upgrade them by hand for now. I agree that upgrades could be less boring: ideas/patches welcome :) I keep this bug open in wishlist. On Thu, Feb 26, 2009 at 05:35:52PM +0100, t...@mediaforest.net wrote: updating database by hand seemed at first to make horde work back, but when using it, it appears that many features are broken : - All users preferences have been reset, - On any message of any account, it's no more possible to see all headers when clicking it, I always get Requested message not found. - Many messages aren't viewable online Outch. Could you open separate bug report for them? Or even open bug reports directly in upstream BTS (bugs.horde.org)? Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#515788: [pkg-horde] Bug#515788: Bug#515788: horde3: wrong file permissions on /var/log/horde
Hello, On Tue, Feb 17, 2009 at 09:45:47PM +0100, Ola Lundqvist wrote: The log location is fully configurable. I'm not sure that group writable is a good thing to have on a fresh install. /var/log/horde/ directory shouldn't be writeable by www-data (we could even think to use chmod 710 /var/log/horde/). Only /var/log/horde/horde3.log file should be. And it think like Ola Lundqvist that it should be a sysadmin choice (note logging is disable by default). Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#513266: [pkg-horde] Bug#513266: imp4: XSS via {smime,pgp}.php
Hi, On Wed, Jan 28, 2009 at 09:22:53AM +0100, Tomas Hoger wrote: Upstream changelog and announcement also mentions message.php: http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.301.2.1r2=1.699.2.301.2.4ty=h So probably this one too: http://cvs.horde.org/diff.php/imp/message.php?r1=2.560.4.56r2=2.560.4.56.4.1 Exactly, thanks! I'm preparing uploads for horde3 and imp4 packages today. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#512592: Debdiff for stable-security
Hello, Etch is also impacted by these bugs. Dediff is here: http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch4_3.1.3-4etch5.diff Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#513266: Dediff for stable-security
Hello, Etch is also impacted by this bug. Dediff is here: http://gcolpart.evolix.net/debian/imp4/imp4_4.1.3-4_4.1.3-4etch1.diff Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#513265: horde3: security issues via util/barcode.php and services/portal/cloud_search.php
Package: horde3 Version: 3.2.2+debian0-1 Severity: important Tags: patch security Hello, Infos from upstream: * File Inclusion issue via util/barcode.php The file Image.php passes an unvalidated filename to a dynamic include statement on line 559. Allowing unvalidated user input to to control files that are included dynamically in PHP can lead to malicious code execution. (fix is in the Horde_Image package) * There is a small XSS/unescaped output (only exploitable by someone who can create a contact, and requiring the victim to have access to that contact). Patches inline: Index: framework/Image/Image.php === RCS file: /repository/framework/Image/Image.php,v retrieving revision 1.39.10.17 diff -u -r1.39.10.17 Image.php --- framework/Image/Image.php 6 Jun 2008 04:17:20 - 1.39.10.17 +++ framework/Image/Image.php 21 Jan 2009 22:09:31 - @@ -551,6 +551,7 @@ list($app, $driver) = $driver; } +$driver = basename($driver); $class = 'Horde_Image_' . $driver; if (!class_exists($class)) { if (!empty($app)) { Index: services/portal/cloud_search.php === RCS file: /repository/horde/services/portal/cloud_search.php,v retrieving revision 1.1.2.2 diff -u -r1.1.2.2 cloud_search.php --- services/portal/cloud_search.php2 Jan 2008 11:32:37 - 1.1.2.2 +++ services/portal/cloud_search.php21 Jan 2009 22:09:32 - @@ -28,7 +28,7 @@ $results = array_merge($results, $registry-call('news/searchTags', array(array($tag; echo 'div class=controlstrong' -. sprintf(_(Results for %s), 'span style=font-style:italic' . $tag . '/span') +. sprintf(_(Results for %s), 'span style=font-style:italic' . htmlspecialchars($tag) . '/span') . '/strong' . Horde::link('#', '', '', '', '$(\'cloudsearch\').hide();', '', '', array('style' = 'font-size:75%;')) . '(' . _(Hide Results) . ')/a/span/divul class=linedRow'; Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#513266: imp4: XSS via {smime,pgp}.php
Package: imp4 Version: 4.2-3 Severity: important Tags: patch security Hello, Patch inline : Index: imp/pgp.php === RCS file: /repository/imp/pgp.php,v retrieving revision 2.79.6.15 diff -u -r2.79.6.15 pgp.php --- imp/pgp.php 11 Apr 2008 20:50:42 - 2.79.6.15 +++ imp/pgp.php 21 Jan 2009 21:57:31 - @@ -40,7 +40,7 @@ $t-set('symmetric', $symmetric); $t-set('submit_url', Util::addParameter(Horde::applicationUrl('pgp.php'), 'actionID', $symmetric ? +'process_symmetric_passphrase_dialog' : 'process_passphrase_dialog')); $t-set('reload', htmlspecialchars(Util::getFormData('reload'))); -$t-set('action', Util::getFormData('passphrase_action')); +$t-set('action', htmlspecialchars(Util::getFormData('passphrase_action'))); $t-set('locked_img', Horde::img('locked.png', _(PGP), null, $GLOBALS['registry']-getImageDir('horde'))); echo $t-fetch(IMP_TEMPLATES . '/pgp/passphrase.html'); } @@ -66,7 +66,7 @@ function _reloadWindow() { -Util::closeWindowJS('opener.focus();opener.location.href=' . Util::getFormData('reload') . ';'); +Util::closeWindowJS('opener.focus();opener.location.href=' . htmlspecialchars(Util::getFormData('reload')) . ';'); } function _getImportKey() Index: imp/smime.php === RCS file: /repository/imp/smime.php,v retrieving revision 2.48.4.12 diff -u -r2.48.4.12 smime.php --- imp/smime.php 8 Apr 2008 04:48:53 - 2.48.4.12 +++ imp/smime.php 21 Jan 2009 21:57:31 - @@ -63,7 +63,7 @@ $t-setOption('gettext', true); $t-set('submit_url', Util::addParameter(Horde::applicationUrl('smime.php'), 'actionID', +'process_passphrase_dialog')); $t-set('reload', htmlspecialchars(html_entity_decode(Util::getFormData('reload'; -$t-set('action', Util::getFormData('passphrase_action')); +$t-set('action', htmlspecialchars(Util::getFormData('passphrase_action'))); $t-set('locked_img', Horde::img('locked.png', _(S/MIME), null, $GLOBALS['registry']-getImageDir('horde'))); echo $t-fetch(IMP_TEMPLATES . '/smime/passphrase.html'); } @@ -79,7 +79,7 @@ function _reloadWindow() { -Util::closeWindowJS('opener.focus();opener.location.href=' . Util::getFormData('reload') . ';'); +Util::closeWindowJS('opener.focus();opener.location.href=' . htmlspecialchars(Util::getFormData('reload')) . ';'); } function _textWindowOutput($filename, $msg, $html = false) Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#513030: backport of dk-milter?
Package: dk-milter Severity: wishlist Hi Mike (dk/dkim-milter maintainer), Hi Alexander (dkim-milter backporter), Could you consider uploading dk-milter in etch-backports? I think it is useful (notably because Yahoo mail servers verify DomainKey-Signature) and backporting it is quite easy (only rebuilding)... and you are the best persons for supporting this backport! Regards, -- Gregory Colpart r...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#513015: [pkg-horde] Bug#513015: horde3: New version upstream
On Sun, Jan 25, 2009 at 06:20:38PM +0100, Tobias Frost wrote: [...] Would be nice if we could have them in sid or in expermimental... Thanks! We prefer delayed new upstream uploads while we are in deep freeze. It will be done as soon as Lenny will be released. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#512893: [pppoeconf] set proper .desktop categories
Hello, On Sat, Jan 24, 2009 at 09:32:46PM +0200, Nick Shaforostoff wrote: plase set these categories in pppoeconf].desktop file: ConsoleOnly;Settings;HardwareSettings; they comply with http://standards.freedesktop.org/menu-spec/menu-spec-1.0.html#category-registry spec. Thanks for your report. Are you sure ConsoleOnly is the relevant category for pppoeconf? even with the possibility for pppoeconf to use xdialog (it's default usage in X11 environment). Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#512893: [pppoeconf] set proper .desktop categories
On Sat, Jan 24, 2009 at 11:29:07PM +0200, Nick Shaforostoff wrote: Are you sure ConsoleOnly is the relevant category for pppoeconf? even with the possibility for pppoeconf to use xdialog (it's default usage in X11 environment). http://standards.freedesktop.org/menu-spec/menu-spec-1.0.html#category-registry : KDE Application based on KDE libraries GNOME Application based on GNOME libraries GTK Application based on GTK+ libraries QtApplication based on Qt libraries Motif Application based on Motif libraries Java Application based on Java GUI libraries, such as AWT or Swing ConsoleOnly Application that only works inside a terminal (text-based or command line application) If I'm not mistaken, then pppoeconf is text-based. By default, pppoeconf try to use xdialog: http://gcolpart.evolix.net/pics/pppoeconf-xdialog.png Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#499127: pppoeconf generates an improper iptables rule with jumbo frame LAN
Hello, On Tue, Sep 16, 2008 at 09:20:14PM +0900, Kunihiko IMAI wrote: [...] I think that this script should be fixed as: iptables -t mangle -o $PPP_IFACE --insert FORWARD 1 -p tcp \ --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:65495 -j TCPMSS \ --clamp-mss-to-pmtu This rule works well with not only jumbo frame LAN but also traditional ethernet LAN. Thanks for your report. Your patch is commited and will be included on next upload: http://git.debian.org/?p=collab-maint/pppoeconf.git;a=commitdiff;h=88e685c25e3fbbf7b4e6834226c515fa2314bb60;hp=d8678050ba2bf8a3efc24bae990504446cc80f11 Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#512893: [pppoeconf] set proper .desktop categories
On Sun, Jan 25, 2009 at 02:19:42AM +0200, Nick Shaforostoff wrote: If I'm not mistaken, then pppoeconf is text-based. By default, pppoeconf try to use xdialog: http://gcolpart.evolix.net/pics/pppoeconf-xdialog.png So I am mistaken. But please do set other categories, as they are even more important from menu hierarchy building POV. Ok, I plan to set this new Categories= line in next upload: System;Settings;HardwareSettings Comments welcome. -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510760: [pkg-horde] Bug#510760: Included PEAR packages should install in /usr/share/php
Hello Mathieu, On Sun, Jan 04, 2009 at 07:03:36PM +0100, Mathieu Parent wrote: PEAR packages are usually installed in /usr/share/php. This is needed for other packages to include Horde PEAR packages without patch as the default include_path is .:/usr/share/php:/usr/share/pear. Another solution would be to split horde framework into packages using dh-make-php. Can you list PEAR packages which you need? Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#512592: [pkg-horde] Bug#512592: CVE-2008-5917: Cross-site scripting (XSS) vulnerability in the XSS filter
Hello, On Wed, Jan 21, 2009 at 07:18:24PM -0600, Raphael Geissert wrote: The following CVE (Common Vulnerabilities Exposures) id was published for horde3. CVE-2008-5917[1]: Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes. The changes made by upstream to fix this bug are available at [2]. [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5917 http://security-tracker.debian.net/tracker/CVE-2008-5917 [2]http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17r2=1.18 Note to avoid duplicate effort: I'm preparing packages/advisory. I will request upload by debian-security next week. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#501361: pppoeconf: Please provide warning, when /e/n/i already extists.
severity 501361 wishlist thanks Hello, could you please provide a big fat warning when configuring pppoeconf and /e/n/i already exists/is already setup. Something like this. It looks like your network is already configured. Please note, that pppoeconf is currently not able to ensure to adapt this file to work properly. You are advised, to move this file. There are already a warning when /e/n/i appears to be invalid after pppoeconf modification. I agree that I could add a warning everytime before set modifications. I was using the portable system with a router before and network-manager-gnome. Wanting to access the Internet using directly a DSL modem I could not get pppoeconf to set it up to work. Please provide the broken files (/e/n/i, dsl-provider, chap-secrets, pap-secrets) and log messages about failures. I than adapted /e/n/i to proposal 1 in [1] and probably had a authentication error afterwards. Deleting chap-secrets and pap-secrets and rerunning sudo pppoeconf solved it finally for me. I don't really understand your problem: was it just a password issue? PS: Is there a possible set up to use a Router by default (with DHCP) and just when issuing pon to connect over a modem directly? (For the cases with a notebook for example.) It requires probably a complex /e/n/i or high-level tool (netconf? NetworkManager?). For sure, pppoeconf won't help you for this setup. Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#501119: webkit : new line when noscript inside p
Package: webkit Version: 1.0.1-2 Severity: minor Hi, When I use a noscript inside p, webkit adds a new line. In Firefox, Safari(Windows/Leopard), IE6, Opera(Windows), there is no new line... Example: http://gcolpart.evolix.net/debian/webkit/bug-noscript.html http://gcolpart.evolix.net/debian/webkit/bug-noscript.png Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#501119: webkit : new line when noscript inside p
On Sat, Oct 04, 2008 at 11:55:37AM +0200, Gregory Colpart wrote: When I use a noscript inside p, webkit adds a new line. In Firefox, Safari(Windows/Leopard), IE6, Opera(Windows), there is no new line... Rectification: same bug in Safari. Precision: for viewing this behaviour, Javascript must be disabled in the browser. Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#499579: [pkg-horde] Bug#499579: Bug#499579: horde3: New upstream version - includes XSS fix
Hello, On Sat, Sep 20, 2008 at 07:25:24AM +0200, Ola Lundqvist wrote: I think Gregory knows, but I assume those changes are not security related, or? It is and stable-security and testing-security packages are released: http://lists.debian.org/debian-security-announce/2008/msg00231.html For unstable, I will upload a new package soon. Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#499370: [pkg-horde] Bug#499370: horde3: HORDE [emergency] [horde] DB Error: extension not found: [DB Error: extension not found]
Hello, On Thu, Sep 18, 2008 at 09:39:02AM +0200, root wrote: I find permanently in /var/log/horde/horde3.log the following error message : HORDE [emergency] [horde] DB Error: extension not found: [DB Error: extension not found] ** Array [on line 1625 of /usr/share/horde3/lib/Horde/DataTree/sql.php] But my horde3 seems to work correctly, I don't know exactly what is going wrong and it appears regularly even when no acting in horde interface, and even when none is logged in and when horde isn't open in any web browser, as if it was a background task which caused this. It's strange because you have php-db package installed... If you don't use SQL backend, you can safely ignore this messages. Regular messages are probably caused by horde3 cron jobs. Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#499143: [pkg-horde] Bug#499143: mnemo2: incorrect definition of MNEMO_BASE in prefs.php
Hello, On Tue, Sep 16, 2008 at 04:46:42PM +0200, Matthias Rolke wrote: [...] instead of {{{ require_once dirname(__FILE__) . '/../lib/Mnemo.php'; }}} Your prefs.php file seems outdated. prefs.php file from 2.2-2 don't have this problem (see http://bugs.debian.org/496712) Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#498233: [pkg-horde] Bug#498233: marked as done (imp4 should depend on php-db)
Hello, From: Ola Lundqvist [EMAIL PROTECTED] To: Alessio Treglia [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [pkg-horde] Bug#498233: imp4 should depend on php-db Message-ID: [EMAIL PROTECTED] Hi Alessio No php-db is not in the dependency list for imp4. However it is in the recommends list for horde3 and horde3 is in the dependency line for imp4. This means that php-db is recommended, which means that you should install it unless you explictly configure it in a special way so that it is not needed. The conclusion from this is that this is not a bug and therefore I'm closing this now. Note also Debian #400277: http://bugs.debian.org/400277 Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#495728: gforge-shell-postgresql: Fail to install chroot environnement during upgrade on amd64
Package: gforge-shell-postgresql Version: 4.6.99+svn6582-1 Severity: important Hello, During upgrade 4.6.99+svn6496-1 to 4.6.99+svn6582-1, there is apparently a problem for installing chroot environnement: --8-- Setting up gforge-shell-postgresql (4.6.99+svn6582-1) ... Installing new version of config file /etc/cron.d/gforge-shell-postgresql ... Calculating defaults Reading defaults from /etc/gforge/gforge.conf Creating /etc/gforge/gforge.conf SSL Enabled Creating /etc/gforge/httpd.conf Creating /etc/gforge/httpd.secrets Creating /etc/gforge/local.inc Creating other includes Installing chroot environnement at /var/lib/gforge/chroot cpio: blank line ignored .. cp: cannot stat `/lib/ld-linux.so.*': No such file or directory dpkg: error processing gforge-shell-postgresql (--configure): subprocess post-installation script returned error exit status 1 --8-- Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.18-6-xen-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages gforge-shell-postgresql depends on: ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy ii debianutils 2.30 Miscellaneous utilities specific t ii gforge-common 4.6.99+svn6582-1 collaborative development tool - s ii gforge-db-postgresql4.6.99+svn6582-1 collaborative development tool - d ii libnss-pgsql2 1.4.0debian-2NSS module for using PostgreSQL as ii openssh-server 1:5.1p1-2secure shell server, an rshd repla ii perl5.10.0-11.1 Larry Wall's Practical Extraction ii ucf 3.007Update Configuration File: preserv Versions of packages gforge-shell-postgresql recommends: ii nscd 2.7-13 GNU C Library: Name Service Cache gforge-shell-postgresql suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#495728: gforge-shell-postgresql: Fail to install chroot environnement during upgrade on amd64
tags 495728 patch thanks Hello, On Wed, Aug 20, 2008 at 04:38:23AM +0200, Gregory Colpart (Evolix) wrote: During upgrade 4.6.99+svn6496-1 to 4.6.99+svn6582-1, there is apparently a problem for installing chroot environnement: [...] Find an (hacky) patch in attachment. Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ --- install-chroot.sh.orig 2008-08-20 04:46:33.0 +0200 +++ install-chroot.sh 2008-08-20 04:46:51.0 +0200 @@ -69,7 +69,7 @@ | cpio --quiet -pdumVLB $CHROOTDIR # cvs extra - cp /lib/ld-linux.so.* $CHROOTDIR/lib + cp /lib/ld-linux*.so.* $CHROOTDIR/lib # sshd extras # pthread cancel cp /lib/libgcc_s* $CHROOTDIR/lib
Bug#495554: [pkg-horde] Bug#495554: imp4: It can be use to inject email thought Imp
Hello, On Mon, Aug 18, 2008 at 10:39:59AM -0400, Michael wrote: Imp4 allows spammer to inject email throught it with out login. this is an example: 80.30.19.50 - - [11/Aug/2008:19:26:31 -0400] GET /imp/expand.php HTTP/1.1 200 243 http://mail.domain.tld/imp/compose.php?thismailbox=INBOXuniq=1218497650159; Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322;.NET CLR 2.0.50727) 80.30.19.50 - - [11/Aug/2008:19:31:13 -0400] GET /imp/expand.php?actionID=expand_addressesfield_name=bccfield_value=-shayna-maydle-%40excite.com%2C%2005%40hotmail.com%2C%20100.218017%40germanynet.de%2C%2012645%40msn.com%2C%201633%40hotmail.com%2C%201964%40yahoo.com%2C%201%401.com%2C%201I%40HOTMAIL.COM%2C%201ofthegoodguys%40go.com%2C%201wmrnhbus%40treddmd.com%2C%20202-0549%40mcimail.com%2C%2025%40earthlink.net%2C%2025%40yahoo.com%2C%202manyids%40corvettefun.com%2C%2031299%40yahoo.com%2C%20373%40hotmail.com%2C%2039ya7%40rocketmail.com%2C%203par%40msn.com%2C%2041392%4041392.br%2C%204kerrs%40cableregina.com%2C%20514alsoo%40alatavissta.com%2C%20517%40yahoo.com%2C%205402%40student-mail.jsu.edu%2C%2078019%40udel.edu%2C%207m%40work.com%2C%208adgihf%40maill.com%2C%208gk%40aquaed.de%2C%208rlkges%40usaa.com%2C%209loucke%40fontbonne.edu%2C%20ANNBRUCE%40SCCOAST.NET%2C%20AT..toyotaregister%40hotmail.com%2C%20Amanda090%40webtv.co%2C%20BASkeen27%40aol.com%2C%20BSGReunion58%40aol.com%2C%20BThomas688%40aol.com%2C%20Bama%40yahoo.com%2C%20Bckboys3%40aol.com%2C%20Beans%40aol.com%2C%20Benjstr%40prodigy.net%2C%20BethGerace%40aol.com%2C%20Bhand%40aol.com%2C%20Budda216%40aol.com%2C%20CBRAD1546%40AOL.COM%2C%20CDCA%40WANADOO.FR%2C%20CJM1993%40aol.com%2C%20CPANOT%40AOL.COM%2C%20CUDAGRL040872%40YAHOO.COM%2C%20DC1000%40AOL.COM%2C%20DGUMBITA%40STARPOWER.NET%2C%20Darksaber76%40hotmail.com%2C%20Datkison%40yahoo.com%2C%20Discolady1349%40cs.com%2C%20EDMR2%40WEBTV.NET%2C%20Esgstone37%40aol.Com%2C%20GARYOLSEN%40AOL.COM%2C%20GSLATER%40IPA.NET%2C%20GSRcivic7%40hotmail.com%2C%20GaMaCBaker%40cs.comWent%2C%20GoLela%40aol.com%2C%20Gsmall1835%40aol.com%2C%20HOTSUSIE%40VERIZON.NET%2C%20Hecsr5%40hotmail.com%2C%20Hermelindoperez%40msn.com%2C%20HlthSolutn%40aol.com%2C%20HolJL%40aol.com%2C%20Hotheat100%40aol.com%2C%20Hovindfam%40aol.com%2C%20JAMMYDODGERS2000%40HOTMAIL.COM%2C%20JEDRN67%40aol.com%2C%20JMRIVERA0469%40BELLSOUTH.NET%2C%20JPYTHON%40WEBTV.NET%2C%20JWeiner576%40aol.com%2C%20Jabbajar%40yahoo.com%2C%20Jadim274%40aol.com%2C%20JaysAccounts%40yahoo.com%2C%20John.p.sousa%40citigroup.com%2C%20JohnanaSyl%40pronet.ne HTTP/1.1 200 1106 - Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) So i cannot block expand.php because this is use by the user that log into the systen to send email. but besides the spammers are abusing the system. Thanks for your report. Are you sure spammers don't use a stolen login/password? Are you sure mails are really sent? Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#495554: [pkg-horde] Bug#495554: Bug#495554: imp4: It can be use to inject email thought Imp
On Mon, Aug 18, 2008 at 11:38:00AM -0400, Michael Fernández M wrote: Are you sure spammers don't use a stolen login/password? Ohhh, yea!, so much. I'm sorry to insist but are you *really* sure? Because here[*] there was a similar question and upstream author said it's from a regular user. Could you try to track him in horde's logs? Could you also give the version of your horde3 package? [*]http://marc.info/?l=hordem=120119991901767w=2 Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#492578: Fixed horde3 packages
Hi Nico, On Sun, Aug 17, 2008 at 01:36:24PM +0200, Nico Golde wrote: I prepared fixed package for etch version (source package and debdiff): http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch4.dsc http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch3_3.1.3-4etch4.diff Looks good to me. Thanks for the work. Feel free to upload this to security-master so someone from the stable team can release it. Ok but IANyADD (currently in NM), then I think it's not yet relevant. [...] For the stable distribution (etch) this problem has been fixed in version 3.1.3-4etch4. The unstable distribution (sid) is not affected. This is wrong, it is fixed in 3.2.1+debian0-1. Not affected is only used if the package in Debian was never affected because of a specific reason, like for example patched code. If a vulnerable version was never in unstable we still include version numbers for the tracker. Oops, I note that for my next draft of advisory! Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#493885: [pkg-horde] Bug#493885: Bug#493885: horde3: update to 3.2.1+debian0-2 causes imp to fail
Hello, On Sun, Aug 10, 2008 at 12:52:07PM +0200, Gregory Colpart wrote: On Sun, Aug 10, 2008 at 12:31:32PM +0200, Ola Lundqvist wrote: Ok, good. I was not aware of that. Should I contact the release team or will you do that? I think we could wait a little. Perhaps we will find a more elegant solution for not disabling components during upgrade to 3.2.1+debian0-2. A solution to avoid disabling components during upgrade should be add preinst to verify if it's an upgrade from version lesser than 3.2.1+debian0-2. If it's the case, we compare md5sum of /etc/horde/horde3/registry.php and original one[*]: if registry.php file is not modified, we add a new empty line to be sure to have the hey-modified-conffile-question... It's *very* hacky then I request your opinion :-) [*] Example here http://wiki.debian.org/DpkgConffileHandling Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#492578: horde3: Small XSS/unescaped output in services/obrowser/index.php
Hi, On Sun, Jul 27, 2008 at 05:38:20PM +0200, Nico Golde wrote: P.S. Please mention such fixes as security fixes in the changelog next time so we can get them easier on our radars. It will be on next upload in unstable: http://arch.debian.org/cgi-bin/archzoom.cgi/[EMAIL PROTECTED]/horde--sid--3--patch-116/debian/changelog Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#492578: Fixed horde3 packages
Hello, The package horde3 has a vulnerability (See CVE-2008-3330 and #492578). I prepared fixed package for etch version (source package and debdiff): http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch4.dsc http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch3_3.1.3-4etch4.diff Information for the advisory: 8-- horde3 -- cross-site scripting vulnerability Date Reported: ?? Aug 2008 Affected Packages: horde3 Vulnerable: Yes Security database references: In Mitre's CVE dictionary: CVE-2008-3330 More information: It was discovered that the Horde web application framework has insufficient input sanitising in services/obrowser/index.php (CVE-2008-3330). For the stable distribution (etch) this problem has been fixed in version 3.1.3-4etch4. The unstable distribution (sid) is not affected. We recommend that you upgrade your horde3 package. 8-- Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#493885: [pkg-horde] Bug#493885: horde3: update to 3.2.1+debian0-2 causes imp to fail
On Sun, Aug 10, 2008 at 12:31:32PM +0200, Ola Lundqvist wrote: Ok, good. I was not aware of that. Should I contact the release team or will you do that? I think we could wait a little. Perhaps we will find a more elegant solution for not disabling components during upgrade to 3.2.1+debian0-2. Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#493885: [pkg-horde] Bug#493885: horde3: update to 3.2.1+debian0-2 causes imp to fail
Hi, On Tue, Aug 05, 2008 at 08:52:31PM +0200, Ola Lundqvist wrote: I think we should consider this bug as a serious or important bug. This would mean that all existing installations of horde3 (from stable for example) will have all the applications disabled when they upgrade. I know that this is simply an effect of the configuration file handling and that people have not edited the file before in combination with that the default value for the file has been updated. I think the change is good, but we need to make something about this... Do you think it would be possible to automatically make the configuration file edited so that the configuration file handling function detect the file as changed and ask the admin if it should be replaced or not. I do not know at which stage the configuration files are replaced. What do you think? (A short answer because I've a slow Internet connection) I think it's not a bug because I was aware of these effects. See debian/NEWS: --8-- * All Horde components are now inactive by default! If you want to use a component (IMP, Turba, Kronolith, etcetera.): configure it and active it in /etc/horde/horde3/registry.php file (set 'status' = 'active'). --8-- We should also add this information in release notes for Lenny. If you find a nice way to deal with upgrade with no change in registry.php file, it could be interessant. Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#492578: [EMAIL PROTECTED]: Re: [horde-vendor] Pending release of Horde 3.2.1 and Turba 2.2.1]
Hi, I've the confirmation from upstream that horde3 from stable is affected. Regards, - Forwarded message from Chuck Hagenbuch [EMAIL PROTECTED] - Date: Mon, 28 Jul 2008 00:35:05 -0400 From: Chuck Hagenbuch [EMAIL PROTECTED] To: Gregory Colpart [EMAIL PROTECTED] Subject: Re: [horde-vendor] Pending release of Horde 3.2.1 and Turba 2.2.1 Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] [EMAIL PROTECTED] User-Agent: Internet Messaging Program (IMP) H3 (5.0-cvs) Quoting Gregory Colpart [EMAIL PROTECTED]: I'm reviewing this issue to see if Horde 3.1 and Turba 2.1 are affected. Here are the results: - Horde 3.1 seems to be concerned (your patch for 'services/obrowser/index.php' file just works). - Turba 2.1 is not. 'contact.php' file doesn't exist, code is in 'browse.php' and 'templates/browse/header.inc': browse.php: --8-- $title = sprintf(_(Contacts in list: %s), $list-getValue('name')); --8-- templates/browse/header.inc: --8-- h1 class=header ?php echo htmlspecialchars($title) ? /h1 --8-- I think Turba 2.1 is not affected. Correct. Can you confirm me this results? If yes, do you think Horde 3.1 needs be patched anyway? We released Horde 3.1.8 at the same time as 3.2.1 for this reason. -chuck - End forwarded message - -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#492578: horde3: Small XSS/unescaped output in services/obrowser/index.php
Package: horde3 Version: 3.1.3-4etch3 Severity: important Tags: patch security Hello, There is a small XSS/unescaped output (only exploitable by someone who can create a contact, and requiring the victim to have access to that contact). Patch inline: Index: services/obrowser/index.php === RCS file: /repository/horde/services/obrowser/index.php,v retrieving revision 1.18 diff -u -r1.18 index.php --- services/obrowser/index.php 2 Jan 2008 11:13:57 - 1.18 +++ services/obrowser/index.php 13 Jun 2008 21:37:43 - @@ -92,10 +92,10 @@ if (!empty($values['browseable'])) { $url = Horde::url($registry-get('webroot', 'horde') . '/services/obrowser/'); $url = Util::addParameter($url, 'path', $path); -$row['name'] = Horde::link($url) . $values['name'] . '/a'; +$row['name'] = Horde::link($url) . htmlspecialchars($values['name']) . '/a'; } else { $js = return chooseObject(' . addslashes($path) . ');; -$row['name'] = Horde::link('#', sprintf(_(Choose %s), $values['name']), '', '', $js) . $values['name'] . '/a'; +$row['name'] = Horde::link('#', sprintf(_(Choose %s), $values['name']), '', '', $js) . htmlspecialchars($values['name']) . '/a'; } $rows[] = $row; Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#492578: horde3: Small XSS/unescaped output in services/obrowser/index.php
Hi, On Sun, Jul 27, 2008 at 03:31:37PM +0200, Nico Golde wrote: This seems to be already fixed in unstable. Yes, sure! This issue is only for etch. Which version did fix this? 3.2.1+debian0-1 fixed it. I can't see an old CVE id describing this problem, is a new CVE id needed for this one? There is no CVE id for it. I'm not sure Debian needs a new CVE id because upstream said only Horde 3.2 and Turba 2.2 are affected (this versions are *not* in Debian). Today I'm reviewing old issues and I find Horde 3.1 could also be affected: I sent mail to upstream to ask confirmation. I propose you to wait his answer. Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#492578: horde3: Small XSS/unescaped output in services/obrowser/index.php
Hi, On Sun, Jul 27, 2008 at 05:38:20PM +0200, Nico Golde wrote: I can't see an old CVE id describing this problem, is a new CVE id needed for this one? There is no CVE id for it. I'm not sure Debian needs a new CVE id because upstream said only Horde 3.2 and Turba 2.2 are affected (this versions are *not* in Debian). But they were in the archive and other vendors might still have them in their archive. I also added 2.2.1-1 as the fixed version in the security tracker and requested a CVE id. No, these versions were never in the archive. But yes, other vendors could be affected. P.S. Please mention such fixes as security fixes in the changelog next time so we can get them easier on our radars. Even if the version affected was not in Debian? Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#473147: pppoeconf creates non-optimal /e/n/i
Hi, On Sun, Apr 27, 2008 at 03:14:19PM +0900, Osamu Aoki wrote: I agree that it could be the best /e/n/i. Before changing it, I must ensure: - to have a perfect transition from etch and from sarge, - to have a valid comportement with kernel_pppoe =1 and =0, - not to have conflicts with current network configuration (your proposition uses eth0 for PPPoE interface, but it's not easy to disable current eth0 configuration as I said above). If you want to do this, adding warinig when finding current eth0 configuration in /e/n/i. I'm waiting your comments before hacking... I personally think, it is best comment out current /e/n/i contents as comment and add fresh pppoe only configuration. Whoever mkes any more complicated configuration should know how to edit it. (Possibly with message displayed to the user.) We need to rotect newbie hitting problem. IMHO it's too violent to comment out /e/n/i even with a fat warning. It's a shame /e/n/i could not be easily parsed... Anyway, due to lack of time, I don't change anything for lenny (pppoeconf is well-known for just working then I don't want break it). I start a branch named experimental to apply your recommandation: http://git.debian.org/?p=collab-maint/pppoeconf.git;a=shortlog;h=refs/heads/experimental Comments or patches welcome. Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#487799: [pkg-horde] Bug#487799: Bug#487799: Bug#487799: horde3: Horde fails to configure after standard install
Hello, On Wed, Jun 25, 2008 at 06:08:02PM +0200, Nikolaus Rath wrote: = You must configured Horde *before* installing other applications. I think I will desactive all applications by default in registry.php to avoid this errors. Well, I would really like to do that, but I *couldn't*. All I ever saw (except for the menu icons) is error messages. So I can click on Administration - Setup, but as soon as I select an application I get only error messages, mostly about trying to access nonexisting hash keys. Luckily enough, I was able to trace down the cause now. After I added $conf['log']['enabled'] = false to conf.php I was at least able to configure horde. After logging out and restarting the browser, the remaining error messages disappeared as well. You *could* desactive all applications with editing registry.php file and set status=inactive on your installed applications. Anyway, the problem seems to be solved in sid, then I will close this bug. Horde seems to be a great application, thanks for packaging it. Yet I think that the installation process could be improved. Is it really not possible to get such critical bugfixes into etch? It seems to me that expecting the user to fix two major bugs before he has even seen anything from the application is quite unfortunate. You are welcome to help us :-) The best way to avoid annoying bugs is doing more and more tests with testing/unstable packages. For example, it's now the moment to look over new packages which will be in Lenny. Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#442248: [pkg-horde] Bug#442248: Bug#442248: chora2: Cannot browse local subversion repository due to locale issues
Hello, On Fri, Sep 14, 2007 at 11:14:38PM +0200, Gregory Colpart wrote: I do not know how to correct this problem. You have a classic configuration problem with your locales. I can reproduce it in my shell: % LANG=foo_BAR svn ls file:///tmp/svn/test svn: warning: cannot set LC_CTYPE locale svn: warning: environment variable LANG is foo_BAR svn: warning: please check that your locale name is correct For correcting this warnings, add nl_NL in your locales with 'dpkg-reconfigure locales' command. I intent to close this bug. Can you confirm me that your problem is solved? Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#483037: php-net-imap: Missing Necessary Parenthesis
Hello, I prepared a NMU diff: http://gcolpart.evolix.net/debian/php-net-imap/debdiff-nmu.patch Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#487799: [pkg-horde] Bug#487799: horde3: Horde fails to configure after standard install
Hello, On Tue, Jun 24, 2008 at 10:31:02AM +0200, Nikolaus Rath wrote: I have installed horde3 for the first time. I have fixed the bug with the escaped \' in the configuration and I have removed the 'echo ..' and 'exit' lines at the beginning of the configuration. I have added Thanks for your report. This bug is already reported in #452351 (http://bugs.debian.org/452351) and corrected in lenny/unstable. The workaround is also in wiki.debian.org/Horde : --8-- NOTE: There is a bug (http://bugs.debian.org/452351) in Etch packages, then you could have this errors: Warning: Unexpected character in input: '\' (ASCII=92) state=1 in /etc/horde/horde3/conf.php on line 76 Parse error: syntax error, unexpected $end in /etc/horde/horde3/conf.php on line 76 Workaround: remove backslahes from the last lines of /etc/horde/horde3/conf.php file. --8-- Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#487799: [pkg-horde] Bug#487799: Bug#487799: horde3: Horde fails to configure after standard install
Hello, On Wed, Jun 25, 2008 at 01:38:34PM +0200, Nikolaus Rath wrote: This bug is already reported in #452351 (http://bugs.debian.org/452351) and corrected in lenny/unstable. The workaround is also in wiki.debian.org/Horde : No, as I explicitly said in my bug report I already applied this fix. You can also see from the screenshots that I attached that I get very different error messages. Oops, sorry, I didn't open your screenshots. Then I see that your errors are in sidebar when Horde isn't yet configured. = You must configured Horde *before* installing other applications. I think I will desactive all applications by default in registry.php to avoid this errors. Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#487209: [pkg-horde] Bug#487209: in /etc/horde/horde3/conf.php on line 76 there are \ characters which cause an error
merge 487209 452351 thanks Hello On Fri, Jun 20, 2008 at 10:16:34AM +0200, Ariel VIVES wrote: in /etc/horde/horde3/conf.php there are \ character on the last line wich is not necessary and this cause an error message [...] Thanks for your report but this bug is already reported in #452351 (http://bugs.debian.org/452351) and corrected in lenny/unstable. Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#486724: [pkg-horde] O: dimp -- PHP-based webmail system and a component of the Horde project
retitle 486724 ITP: dimp -- dynamic webmail component for horde framework owner 486724 ! thanks Hi, On Thu, Jun 19, 2008 at 08:50:36PM +0200, Giuseppe Iuculano wrote: retitle 486724 O: dimp -- PHP-based webmail system and a component of the Horde project dimp will be packaged by pkg-horde team. FYI it's already in our ARCH repository: http://arch.debian.org/cgi-bin/archzoom.cgi/[EMAIL PROTECTED]/dimp?expand Regards, -- Gregory Colpart [EMAIL PROTECTED] GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]