Bug#684177: okular cannot search anymore

[Remi Denis-Courmont]

Package: okular
Version: 4:4.8.4-2
Severity: important

Dear Maintainer,

With recent Wheezy packages (not sure exactly which), the search
function in Okular consistently fails. The waiting spinning cursor
shows and the search never completes, nor finding any match nor
reporting search failure. However, it prints this on stderr:

QMetaObject::invokeMethod: No such method 
Okular::Document::doContinueNextMatchSearch(void *,void 
*,int,int,QString,int,bool,QColor,bool)

So it seems the meta-object compilation (moc) in the Debian i386 build
of okular went badly wrong.

Apparently, the same bug was reported on Ubuntu as well:
http://bugs.launchpad.net/ubuntu/+source/okular/+bug/1027657

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.5.0-basile-4-g2895365 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages okular depends on:
ii  kde-runtime   4:4.8.4-1
ii  libc6 2.13-35
ii  libfreetype6  2.4.9-1
ii  libgcc1   1:4.7.1-6
ii  libjpeg8  8d-1
ii  libkdecore5   4:4.8.4-3
ii  libkdeui5 4:4.8.4-3
ii  libkio5   4:4.8.4-3
ii  libkparts44:4.8.4-3
ii  libkprintutils4   4:4.8.4-3
ii  libkpty4  4:4.8.4-3
ii  libokularcore14:4.8.4-2
ii  libphonon44:4.6.0.0-2
ii  libpoppler-qt4-3  0.18.4-3
ii  libqca2   2.0.3-4
ii  libqimageblitz4   1:0.0.6-4
ii  libqt4-dbus   4:4.8.2-2
ii  libqt4-svg4:4.8.2-2
ii  libqt4-xml4:4.8.2-2
ii  libqtcore44:4.8.2-2
ii  libqtgui4 4:4.8.2-2
ii  libsolid4 4:4.8.4-3
ii  libspectre1   0.2.6-2
ii  libstdc++64.7.1-6
ii  phonon4:4.6.0.0-2
ii  zlib1g1:1.2.7.dfsg-13

okular recommends no packages.

Versions of packages okular suggests:
ii  ghostscript9.05~dfsg-6
pn  jovie  none
pn  okular-extra-backends  none
pn  poppler-data   none
ii  texlive-binaries   2012.20120628-2
ii  unrar  1:4.1.4-1

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#661983: cdbs automake rules set libexecdir incorrectly

[Remi Denis-Courmont]

Package: cdbs
Version: 0.4.105
Severity: normal

Hello,

The autotools rules in cdbs set libexecdir to /usr/lib/$pkg instead of
simply /usr/lib. As a consequence pkglibexecdir becomes
/usr/lib/$pkg/$pkg.

libexecdir and libdir are supposed to be identical in Debian.
See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541458 .

Best regards,

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

cdbs depends on no packages.

Versions of packages cdbs recommends:
ii  autotools-dev  20120210.1

Versions of packages cdbs suggests:
ii  devscripts  2.11.4

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#638620: /usr/i686-w64-mingw32/include/d2d1.h: Typing mistakes make d2d1.h unusable

[Remi Denis-Courmont]

Package: mingw-w64-dev
Version: 2.0~rc1-1
Severity: normal
File: /usr/i686-w64-mingw32/include/d2d1.h
Tags: upstream patch


   Hello,

There are two typing mistakes in d2d1.h that render the file unusable
for inclusion. Patch atteched.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.0.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- no debconf information
--- /usr/i686-w64-mingw32/include/d2d1.h2011-08-16 12:10:39.0 
+0300
--- /usr/i686-w64-mingw32/include/d2d1.h2011-08-20 12:57:26.0 
+0300
@@ -1518,7 +1518,7 @@
 STDMETHOD(CreateWicBitmapRenderTarget)(ID2D1Factory *This, IWICBitmap 
*target, const D2D1_RENDER_TARGET_PROPERTIES *renderTargetProperties, 
ID2D1RenderTarget **renderTarget) PURE;
 STDMETHOD(CreateHwndRenderTarget)(ID2D1Factory *This, const 
D2D1_RENDER_TARGET_PROPERTIES *renderTargetProperties, const 
D2D1_HWND_RENDER_TARGET_PROPERTIES *hwndRenderTargetProperties, 
ID2D1HwndRenderTarget **hwndRenderTarget) PURE;
 STDMETHOD(CreateDxgiSurfaceRenderTarget)(ID2D1Factory *This, IDXGISurface 
*dxgiSurface, const D2D1_RENDER_TARGET_PROPERTIES *renderTargetProperties, 
ID2D1RenderTarget **renderTarget) PURE;
-STDMETHOD(CreateDCRenderTarget)(D2D1Factory *This, const 
D2D1_RENDER_TARGET_PROPERTIES *renderTargetProperties, ID2D1DCRenderTarget 
**dcRenderTarget) PURE;
+STDMETHOD(CreateDCRenderTarget)(ID2D1Factory *This, const 
D2D1_RENDER_TARGET_PROPERTIES *renderTargetProperties, ID2D1DCRenderTarget 
**dcRenderTarget) PURE;
 } ID2D1FactoryVtbl;
 
 interface ID2D1Factory {
@@ -1659,7 +1659,7 @@
 ID2D1SimplifiedGeometrySinkVtbl Base;
 
 STDMETHOD_(void, AddLine)(ID2D1GeometrySink *This, D2D1_POINT_2F point) 
PURE;
-STDMETHOD_(void, AddBezier)(ID2D1GeometrySink *This, cosnt 
D2D1_BEZIER_SEGMENT *bezier) PURE;
+STDMETHOD_(void, AddBezier)(ID2D1GeometrySink *This, const 
D2D1_BEZIER_SEGMENT *bezier) PURE;
 STDMETHOD_(void, AddQuadraticBezier)(ID2D1GeometrySink *This, const 
D2D1_QUADRATIC_BEZIER_SEGMENT *bezier) PURE;
 STDMETHOD_(void, AddQuadraticBeziers)(ID2D1GeometrySink *This, const 
D2D1_QUADRATIC_BEZIER_SEGMENT *beziers, UINT beziersCount) PURE;
 STDMETHOD_(void, AddArc)(ID2D1GeometrySink *This, const D2D1_ARC_SEGMENT 
*arc) PURE;

Bug#634294: nettle-dev: please support pkg-config

[Remi Denis-Courmont]

Package: nettle-dev
Version: 2.1-2
Severity: wishlist
Tags: upstream


Hello,

nettle-dev does not provide a .pc file for use with pkg-config. This
would be much more convenient to detect the development package from
autotools and friends.

Best regards,

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.39.2-00021-g5f66958 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages nettle-dev depends on:
ii  dpkg  1.16.0.3   Debian package management system
ii  install-info  4.13a.dfsg.1-6 Manage installed documentation in 
ii  libgmp-dev [libgmp10-dev] 2:5.0.1+dfsg-7 Multiprecision arithmetic library 
ii  libhogweed2   2.1-2  low level cryptographic library (p
ii  libnettle42.1-2  low level cryptographic library (s

nettle-dev recommends no packages.

nettle-dev suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#633674: vlc: heap overflow in RealMedia plugin

[Remi Denis-Courmont]

Package: vlc-nox
Version: 1.1.10-1+b1
Severity: grave
Tags: security upstream
Justification: user security hole


See upstream advisory for details:
http://www.videolan.org/security/sa1105.html

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.39.2-00021-g5f66958 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vlc-nox depends on:
ii  liba52-0.7.40.7.4-16 library for decoding ATSC A/52 str
ii  libasound2  1.0.23-4 shared library for ALSA applicatio
ii  libass4 0.9.12-1 library for SSA/ASS subtitles rend
ii  libavahi-client30.6.30-5 Avahi client library
ii  libavahi-common30.6.30-5 Avahi common library
ii  libavc1394-00.5.3-1+b2   control IEEE 1394 audio/video devi
ii  libavcodec524:0.6.2-3Libav codec library
ii  libavformat52   4:0.6.2-3Libav file format library
ii  libavutil50 4:0.6.2-3Libav utility library
ii  libc6   2.13-10  Embedded GNU C Library: Shared lib
ii  libcaca00.99.beta17-2colour ASCII art library
ii  libcddb21.3.2-3  library to access CDDB data - runt
ii  libcdio10   0.81-4   library to read and control CD-ROM
ii  libdbus-1-3 1.4.12-4 simple interprocess messaging syst
ii  libdc1394-222.1.3-4  high level programming interface f
ii  libdca0 0.0.5-4  decoding library for DTS Coherent 
ii  libdirac-decoder0   1.0.2-4  open and royalty free high quality
ii  libdirac-encoder0   1.0.2-4  open and royalty free high quality
ii  libdvbpsi7  0.2.0-1  library for MPEG TS and DVB PSI ta
ii  libdvdnav4  4.1.3-7  DVD navigation library
ii  libdvdread4 4.1.3-10 library for reading DVDs
ii  libebml31.2.1-1  access library for the EBML format
ii  libfaad22.7-6freeware Advanced Audio Decoder - 
ii  libflac81.2.1-3  Free Lossless Audio Codec - runtim
ii  libfontconfig1  2.8.0-3  generic font configuration library
ii  libfreetype62.4.4-2  FreeType 2 font engine, shared lib
ii  libfribidi0 0.19.2-1 Free Implementation of the Unicode
ii  libgcc1 1:4.6.1-3GCC support library
ii  libgcrypt11 1.4.6-7  LGPL Crypto library - runtime libr
ii  libgnutls26 2.10.5-2 the GNU TLS library - runtime libr
ii  libgpg-error0   1.10-0.3 library for common error values an
ii  libiso9660-70.81-4   library to work with ISO9660 files
ii  libkate10.3.8-1  Kate is a codec for karaoke and te
ii  liblircclient0  0.9.0~pre1-1 infra-red remote control support -
ii  liblua5.1-0 5.1.4-5  Simple, extensible, embeddable pro
ii  libmad0 0.15.1b-6MPEG audio decoder library
ii  libmatroska41.2.0-1  extensible open standard audio/vid
ii  libmodplug1 1:0.8.8.2-3  shared libraries for mod music bas
ii  libmpcdec6  2:0.1~r459-1 MusePack decoder - library
ii  libmpeg2-4  0.4.1-3  MPEG1 and MPEG2 video decoder libr
ii  libmtp8 1.0.6-7  Media Transfer Protocol (MTP) libr
ii  libncursesw55.9-1shared libraries for terminal hand
ii  libogg0 1.2.2~dfsg-1 Ogg bitstream library
ii  libpng12-0  1.2.44-3 PNG library - runtime
ii  libpostproc51   4:0.6.2-3Libav video postprocessing library
ii  libproxy0   0.3.1-2  automatic proxy configuration mana
ii  libraw1394-11   2.0.7-1  library for direct access to IEEE 
ii  libschroedinger-1.0-0   1.0.10-2.1   library for encoding/decoding of D
ii  libshout3   2.2.2-5+b1   MP3/Ogg Vorbis broadcast streaming
ii  libsmbclient2:3.5.9~dfsg-1   shared library for communication w
ii  libspeex1   1.2~rc1-1The Speex codec runtime library
ii  libstdc++6  4.6.1-3  GNU Standard C++ Library v3
ii  libswscale0 4:0.6.2-3Libav video scaling library
ii  libtag1c2a  1.7-1audio meta-data library
ii  libtheora0  1.1.1+dfsg.1-3   The Theora Video Compression Codec
ii  libtwolame0 0.3.13-1 MPEG Audio Layer 2 encoding librar
ii  libudev0171-2libudev shared library
ii  libupnp31:1.6.6-5.1  Portable SDK for UPnP Devices, ver
ii  

Bug#633675: vlc-nox: heap overflow in AVI plugin

[Remi Denis-Courmont]

Package: vlc-nox
Version: 1.1.10-1+b1
Severity: grave
Tags: security upstream
Justification: user security hole


See upstream advisory for details:
http://www.videolan.org/security/sa1106.html

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.39.2-00021-g5f66958 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vlc-nox depends on:
ii  liba52-0.7.40.7.4-16 library for decoding ATSC A/52 str
ii  libasound2  1.0.23-4 shared library for ALSA applicatio
ii  libass4 0.9.12-1 library for SSA/ASS subtitles rend
ii  libavahi-client30.6.30-5 Avahi client library
ii  libavahi-common30.6.30-5 Avahi common library
ii  libavc1394-00.5.3-1+b2   control IEEE 1394 audio/video devi
ii  libavcodec524:0.6.2-3Libav codec library
ii  libavformat52   4:0.6.2-3Libav file format library
ii  libavutil50 4:0.6.2-3Libav utility library
ii  libc6   2.13-10  Embedded GNU C Library: Shared lib
ii  libcaca00.99.beta17-2colour ASCII art library
ii  libcddb21.3.2-3  library to access CDDB data - runt
ii  libcdio10   0.81-4   library to read and control CD-ROM
ii  libdbus-1-3 1.4.12-4 simple interprocess messaging syst
ii  libdc1394-222.1.3-4  high level programming interface f
ii  libdca0 0.0.5-4  decoding library for DTS Coherent 
ii  libdirac-decoder0   1.0.2-4  open and royalty free high quality
ii  libdirac-encoder0   1.0.2-4  open and royalty free high quality
ii  libdvbpsi7  0.2.0-1  library for MPEG TS and DVB PSI ta
ii  libdvdnav4  4.1.3-7  DVD navigation library
ii  libdvdread4 4.1.3-10 library for reading DVDs
ii  libebml31.2.1-1  access library for the EBML format
ii  libfaad22.7-6freeware Advanced Audio Decoder - 
ii  libflac81.2.1-3  Free Lossless Audio Codec - runtim
ii  libfontconfig1  2.8.0-3  generic font configuration library
ii  libfreetype62.4.4-2  FreeType 2 font engine, shared lib
ii  libfribidi0 0.19.2-1 Free Implementation of the Unicode
ii  libgcc1 1:4.6.1-3GCC support library
ii  libgcrypt11 1.4.6-7  LGPL Crypto library - runtime libr
ii  libgnutls26 2.10.5-2 the GNU TLS library - runtime libr
ii  libgpg-error0   1.10-0.3 library for common error values an
ii  libiso9660-70.81-4   library to work with ISO9660 files
ii  libkate10.3.8-1  Kate is a codec for karaoke and te
ii  liblircclient0  0.9.0~pre1-1 infra-red remote control support -
ii  liblua5.1-0 5.1.4-5  Simple, extensible, embeddable pro
ii  libmad0 0.15.1b-6MPEG audio decoder library
ii  libmatroska41.2.0-1  extensible open standard audio/vid
ii  libmodplug1 1:0.8.8.2-3  shared libraries for mod music bas
ii  libmpcdec6  2:0.1~r459-1 MusePack decoder - library
ii  libmpeg2-4  0.4.1-3  MPEG1 and MPEG2 video decoder libr
ii  libmtp8 1.0.6-7  Media Transfer Protocol (MTP) libr
ii  libncursesw55.9-1shared libraries for terminal hand
ii  libogg0 1.2.2~dfsg-1 Ogg bitstream library
ii  libpng12-0  1.2.44-3 PNG library - runtime
ii  libpostproc51   4:0.6.2-3Libav video postprocessing library
ii  libproxy0   0.3.1-2  automatic proxy configuration mana
ii  libraw1394-11   2.0.7-1  library for direct access to IEEE 
ii  libschroedinger-1.0-0   1.0.10-2.1   library for encoding/decoding of D
ii  libshout3   2.2.2-5+b1   MP3/Ogg Vorbis broadcast streaming
ii  libsmbclient2:3.5.9~dfsg-1   shared library for communication w
ii  libspeex1   1.2~rc1-1The Speex codec runtime library
ii  libstdc++6  4.6.1-3  GNU Standard C++ Library v3
ii  libswscale0 4:0.6.2-3Libav video scaling library
ii  libtag1c2a  1.7-1audio meta-data library
ii  libtheora0  1.1.1+dfsg.1-3   The Theora Video Compression Codec
ii  libtwolame0 0.3.13-1 MPEG Audio Layer 2 encoding librar
ii  libudev0171-2libudev shared library
ii  libupnp31:1.6.6-5.1  Portable SDK for UPnP Devices, ver
ii  

Bug#626522: libfuse-dev: examples file fioc.h missing

[Remi Denis-Courmont]

Package: libfuse-dev
Version: 2.8.4-1.4
Severity: minor


Hello,

Some of the example codes in libfuse-dev depend on fioc.h which is
nowhere to be found. The examples are thus unusable as is.

Best regards,

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.38-2-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libfuse-dev depends on:
ii  libfuse2 2.8.4-1.4   Filesystem in USErspace library
ii  libselinux1-dev [libselinux- 2.0.98-1+b1 SELinux development headers

libfuse-dev recommends no packages.

Versions of packages libfuse-dev suggests:
ii  fuse-utils2.8.4-1.4  Filesystem in USErspace (utilities

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#625966: libmodplug1: libmodplug = 0.8.8.2 .abc Stack-Based Buffer Overflow

[Remi Denis-Courmont]

Package: libmodplug1
Version: 1:0.8.8.1-2
Severity: grave
Tags: security upstream
Justification: user security hole


Hello,

As the security contact for VLC media player, this was brought to my
attention:  http://www.exploit-db.com/exploits/17222/
I can confirm the bug happens, but I have no further informations at
this point.

Best regards,

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.38-2-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libmodplug1 depends on:
ii  libc6 2.13-2 Embedded GNU C Library: Shared lib
ii  libgcc1   1:4.6.0-6  GCC support library
ii  libstdc++64.6.0-6The GNU Standard C++ Library v3

libmodplug1 recommends no packages.

libmodplug1 suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#622091: libmodplug ReadS3M stack overflow

[Remi Denis-Courmont]

Package: libmodplug
Version: 1:0.8.8.1-2
Severity: grave
Tags: security upstream
Justification: user security hole


Hello,

An exploitable memory corruption vulnerability has been publicized
against libmodplug 0.8.8.1:
http://seclists.org/fulldisclosure/2011/Apr/113

Upstream version 0.8.8.2 fixes the issue.

Best regards,

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.38-2-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#619963: gcc-4.6: wrongly optimizes memmove() into memcpy()

[Remi Denis-Courmont]

Package: gcc-4.6
Version: 4.6.0-1
Severity: grave
Justification: renders package unusable


Hello,

Trying to compile VLC media player using Debian gcc-4.6.
It turns out that the compiler is silently replacing memmove() calls
with memcpy() ones, when it is clearly NOT a legal optimization. The
issue was uncovered with valgrind. For instance, this one is failing,
even though both source and destination obviously overlap:

 memmove( p_aout-pp_inputs[i_input], p_aout-pp_inputs[i_input + 1],
  (AOUT_MAX_INPUTS - i_input - 1) * sizeof(aout_input_t *) );

This results in memory corruption at run-time and eventually crashes.

Compiler flags used were: -g -O2 -ffast-math -funroll-loops -fPIC
I can provide the full .i file if needed.

Best regards,

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.38-1-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gcc-4.6 depends on:
ii  binutils   2.21.0.20110327-1 The GNU assembler, linker and bina
ii  cpp-4.64.6.0-1   The GNU C preprocessor
ii  gcc-4.6-base   4.6.0-1   The GNU Compiler Collection (base 
ii  libc6  2.11.2-11 Embedded GNU C Library: Shared lib
ii  libcloog-ppl0  0.15.9-3  the Chunky Loop Generator (runtime
ii  libgcc11:4.6.0-1 GCC support library
ii  libgmp10   2:5.0.1+dfsg-7Multiprecision arithmetic library
ii  libgmpxx4ldbl  2:5.0.1+dfsg-7Multiprecision arithmetic library 
ii  libgomp1   4.6.0-1   GCC OpenMP (GOMP) support library
ii  libmpc20.9-2 multiple precision complex floatin
ii  libmpfr4   3.0.0-9   multiple precision floating-point 
ii  libppl-c4  0.11.2-3  Parma Polyhedra Library (C interfa
ii  libppl90.11.2-3  Parma Polyhedra Library (runtime l
ii  libquadmath0   4.6.0-1   GCC Quad-Precision Math Library
ii  zlib1g 1:1.2.3.4.dfsg-3  compression library - runtime

Versions of packages gcc-4.6 recommends:
ii  libc6-dev 2.11.2-11  Embedded GNU C Library: Developmen

Versions of packages gcc-4.6 suggests:
pn  binutils-gold none (no description available)
pn  gcc-4.6-doc   none (no description available)
pn  gcc-4.6-locales   none (no description available)
pn  gcc-4.6-multilib  none (no description available)
ii  libgcc1-dbg   1:4.6.0-1  GCC support library (debug symbols
pn  libgomp1-dbg  none (no description available)
pn  libmudflap0-4.6-dev   none (no description available)
pn  libmudflap0-dbg   none (no description available)
pn  libquadmath0-dbg  none (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#614835: libebml0: useless /usr/include directory

[Remi Denis-Courmont]

Package: libebml0
Version: 0.7.7-3.1
Severity: minor


Hello,

The libebml0 binary package creates /usr/include. As a run-time package
it should probably not do that. And indeed, it does not hold any file
in that directory.

Regards,


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.37.1 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libebml0 depends on:
ii  libc6 2.11.2-11  Embedded GNU C Library: Shared lib
ii  libgcc1   1:4.5.1-8  GCC support library
ii  libstdc++64.5.1-8The GNU Standard C++ Library v3

libebml0 recommends no packages.

libebml0 suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#600958: RFA: pax-utils -- Security-focused ELF files checking tool

[Remi Denis-Courmont]

Package: wnpp
Severity: normal


I request an adopter for the pax-utils package.

This package is NOT to be confused with GNU paxutils.

The package description is:
 This is a small set of various PaX aware and related utilities for ELF
 binaries. It can check ELF binary files and running processes for
 issues that might be relevant when using ELF binaries along with PaX,
 such as non-PIC code or executable stack and heap.



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#592669: vlc-nox: ID3v2 parser crash on some MP3 file (CVE-2010-2937)

[Remi Denis-Courmont]

Package: vlc-nox
Version: 1.1.1-1
Severity: important
Tags: upstream patch security


   Hello,

VLC fails to perform sufficient input validation when trying to extract some 
meta-informations about input media through ID3v2 tags. In the failure case, 
VLC attempt dereference an invalid memory address, and a crash will ensure. 

See http://www.videolan.org/security/sa1004.html
for patch and further references.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.35 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vlc-nox depends on:
ii  liba52-0.7.40.7.4-14 library for decoding ATSC A/52 str
ii  libasound2  1.0.23-1 shared library for ALSA applicatio
ii  libass4 0.9.9-1  library for SSA/ASS subtitles rend
ii  libavahi-client30.6.27-1 Avahi client library
ii  libavahi-common30.6.27-1 Avahi common library
ii  libavc1394-00.5.3-1+b2   control IEEE 1394 audio/video devi
ii  libavcodec524:0.6-2  ffmpeg codec library
ii  libavformat52   4:0.6-2  ffmpeg file format library
ii  libavutil49 4:0.5.2-2ffmpeg utility library
ii  libc6   2.11.2-2 Embedded GNU C Library: Shared lib
ii  libcaca00.99.beta17-1colour ASCII art library
ii  libcddb21.3.2-2  library to access CDDB data - runt
ii  libcdio10   0.81-4   library to read and control CD-ROM
ii  libdbus-1-3 1.2.24-3 simple interprocess messaging syst
ii  libdc1394-222.1.2-3  high level programming interface f
ii  libdca0 0.0.5-3  decoding library for DTS Coherent 
ii  libdirac-encoder0   1.0.2-3  open and royalty free high quality
ii  libdvbpsi6  0.1.7-1  library for MPEG TS and DVB PSI ta
ii  libdvdnav4  4.1.3-7  DVD navigation library
ii  libdvdread4 4.1.3-10 library for reading DVDs
ii  libebml00.7.7-3.1access library for the EBML format
ii  libfaad22.7-4freeware Advanced Audio Decoder - 
ii  libflac81.2.1-2+b1   Free Lossless Audio Codec - runtim
ii  libfontconfig1  2.8.0-2.1generic font configuration library
ii  libfreetype62.4.0-2  FreeType 2 font engine, shared lib
ii  libfribidi0 0.19.2-1 Free Implementation of the Unicode
ii  libgcc1 1:4.4.4-8GCC support library
ii  libgcrypt11 1.4.5-2  LGPL Crypto library - runtime libr
ii  libgnutls26 2.8.6-1  the GNU TLS library - runtime libr
ii  libgpg-error0   1.6-1library for common error values an
ii  libkate10.3.7-3  Kate is a codec for karaoke and te
ii  liblircclient0  0.8.3-5  infra-red remote control support -
ii  liblua5.1-0 5.1.4-5  Simple, extensible, embeddable pro
ii  libmad0 0.15.1b-5MPEG audio decoder library
ii  libmatroska00.8.1-1.1extensible open standard audio/vid
ii  libmpcdec6  2:0.1~r459-1 MusePack decoder - library
ii  libmpeg2-4  0.4.1-3  MPEG1 and MPEG2 video decoder libr
ii  libmtp8 1.0.3-1  Media Transfer Protocol (MTP) libr
ii  libncursesw55.7+20100313-2   shared libraries for terminal hand
ii  libogg0 1.2.0~dfsg-1 Ogg bitstream library
ii  libpng12-0  1.2.44-1 PNG library - runtime
ii  libpostproc51   4:0.6-2  ffmpeg video postprocessing librar
ii  libproxy0   0.3.1-1  automatic proxy configuration mana
ii  libraw1394-11   2.0.5-2  library for direct access to IEEE 
ii  libschroedinger-1.0-0   1.0.9-2  library for encoding/decoding of D
ii  libshout3   2.2.2-5+b1   MP3/Ogg Vorbis broadcast streaming
ii  libsmbclient2:3.4.8~dfsg-2   shared library for communication w
ii  libspeex1   1.2~rc1-1The Speex codec runtime library
ii  libstdc++6  4.4.4-8  The GNU Standard C++ Library v3
ii  libswscale0 4:0.6-2  ffmpeg video scaling library
ii  libtag1c2a  1.6.3-1  TagLib Audio Meta-Data Library
ii  libtheora0  1.1.1+dfsg.1-3   The Theora Video Compression Codec
ii  libtwolame0 0.3.12-1 MPEG Audio Layer 2 encoding librar
ii  libudev0160-1libudev shared library
ii  libupnp31:1.6.6-5Portable SDK for UPnP Devices, ver
ii  libv4l-00.8.0-1  

Bug#588465: libmodplug0c2: trackers become silent in VLC with 0.8.8 update

[Remi Denis-Courmont]

Package: libmodplug0c2
Version: 1:0.8.8-2
Severity: important
Tags: upstream

Hello,

libmodplug0c2 0.8.8 makes playback of MOD files completely silent with
vlc from Debian. Downgrading to libmodplug0c2 0.8.7-1 works around the
problem.




-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32.16 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libmodplug0c2 depends on:
ii  libc6 2.11.2-2   Embedded GNU C Library: Shared lib
ii  libgcc1   1:4.4.4-6  GCC support library
ii  libstdc++64.4.4-6The GNU Standard C++ Library v3

libmodplug0c2 recommends no packages.

libmodplug0c2 suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#580396: libkio5 exit handler crashes

[Remi Denis-Courmont]

Package: libkio5
Version: 4:4.4.3-1
Severity: normal
Tags: upstream


Hello,

libkio5 appears to register a buggy exit handler.
This triggers a crash after VLC returns from its main(),
if and only if the Open file dialog has been shown.
libkio is loaded by KDE dialog plugins for libQt4Gui,
as VLC does not use KDE directly in any way.

gdb:

Program received signal SIGSEGV, Segmentation fault.
0xb526dc36 in QDBusAdaptorConnector::relaySlot (this=0x83e7768, argv=0xb278)
at qdbusabstractadaptor.cpp:268
268 qdbusabstractadaptor.cpp: Aucun fichier ou dossier de ce type.
in qdbusabstractadaptor.cpp
(gdb) bt
#0  0xb526dc36 in QDBusAdaptorConnector::relaySlot (this=0x83e7768, 
argv=0xb278) at qdbusabstractadaptor.cpp:268
#1  0xb526e5d4 in QDBusAdaptorConnector::qt_metacall (this=0x83e7768, 
_c=QMetaObject::InvokeMetaMethod, _id=4, _a=0xb278)
at qdbusabstractadaptor.cpp:364
#2  0xb6eedaea in QMetaObject::metacall (object=0x83e7768, cl=3221222008, 
idx=4, 
argv=0xb278) at kernel/qmetaobject.cpp:237
#3  0xb6efc0b5 in QMetaObject::activate (sender=0x83de080, m=0xb6ff63b0, 
local_signal_index=0, argv=0xb278) at kernel/qobject.cpp:3293
#4  0xb6efc4b3 in QObject::destroyed (this=0x83de080, _t1=0x83de080)
at .moc/release-shared/moc_qobject.cpp:149
#5  0xb6efec7a in ~QObject (this=0x83de080, __in_chrg=value optimized out)
at kernel/qobject.cpp:869
#6  0xb567ae7d in KIO::Scheduler::~Scheduler() () from /usr/lib/libkio.so.5
#7  0xb567e9d1 in ?? () from /usr/lib/libkio.so.5
#8  0xb55b12fb in ?? () from /usr/lib/libkio.so.5
#9  0xb7da9481 in __run_exit_handlers (status=0, listp=0xb7ebd324, 
run_list_atexit=true) at exit.c:78
#10 0xb7da94df in *__GI_exit (status=0) at exit.c:100
#11 0xb7d90b5d in __libc_start_main (main=0x80489c0, argc=1, ubp_av=0xb414, 
init=0x8049070, fini=0x8049060, rtld_fini=0xb7ff09b0 _dl_fini, 
stack_end=0xb40c) at libc-start.c:254
#12 0x08048921 in ?? ()

valgrind:

==4170== Thread 1:
==4170== Invalid read of size 4
==4170==at 0x7FCDC36: QDBusAdaptorConnector::relaySlot(void**) 
(qdbusabstractadaptor.cpp:268)
==4170==by 0x7FCE5D3: QDBusAdaptorConnector::qt_metacall(QMetaObject::Call, 
int, void**) (qdbusabstractadaptor.cpp:364)
==4170==by 0x7468AE9: QMetaObject::metacall(QObject*, QMetaObject::Call, 
int, void**) (qmetaobject.cpp:237)
==4170==by 0x74770B4: QMetaObject::activate(QObject*, QMetaObject const*, 
int, void**) (qobject.cpp:3293)
==4170==by 0x74774B2: QObject::destroyed(QObject*) (moc_qobject.cpp:149)
==4170==by 0x7479C79: QObject::~QObject() (qobject.cpp:869)
==4170==by 0x89C8E7C: KIO::Scheduler::~Scheduler() (in 
/usr/lib/libkio.so.5.4.0)
==4170==by 0x89CC9D0: ??? (in /usr/lib/libkio.so.5.4.0)
==4170==by 0x88FF2FA: ??? (in /usr/lib/libkio.so.5.4.0)
==4170==by 0x4177480: __run_exit_handlers (exit.c:78)
==4170==by 0x41774DE: exit (exit.c:100)
==4170==by 0x415EB5C: (below main) (libc-start.c:254)
==4170==  Address 0x4 is not stack'd, malloc'd or (recently) free'd
==4170== 
==4170== 
==4170== Process terminating with default action of signal 11 (SIGSEGV): 
dumping core
==4170==  Access not within mapped region at address 0x4
==4170==at 0x7FCDC36: QDBusAdaptorConnector::relaySlot(void**) 
(qdbusabstractadaptor.cpp:268)
==4170==by 0x7FCE5D3: QDBusAdaptorConnector::qt_metacall(QMetaObject::Call, 
int, void**) (qdbusabstractadaptor.cpp:364)
==4170==by 0x7468AE9: QMetaObject::metacall(QObject*, QMetaObject::Call, 
int, void**) (qmetaobject.cpp:237)
==4170==by 0x74770B4: QMetaObject::activate(QObject*, QMetaObject const*, 
int, void**) (qobject.cpp:3293)
==4170==by 0x74774B2: QObject::destroyed(QObject*) (moc_qobject.cpp:149)
==4170==by 0x7479C79: QObject::~QObject() (qobject.cpp:869)
==4170==by 0x89C8E7C: KIO::Scheduler::~Scheduler() (in 
/usr/lib/libkio.so.5.4.0)
==4170==by 0x89CC9D0: ??? (in /usr/lib/libkio.so.5.4.0)
==4170==by 0x88FF2FA: ??? (in /usr/lib/libkio.so.5.4.0)
==4170==by 0x4177480: __run_exit_handlers (exit.c:78)
==4170==by 0x41774DE: exit (exit.c:100)
==4170==by 0x415EB5C: (below main) (libc-start.c:254)


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32.12 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libkio5 depends on:
ii  libacl1 2.2.49-2 Access control list shared library
ii  libattr11:2.4.44-1   Extended attribute shared library
ii  libc6   2.10.2-6 Embedded GNU C Library: Shared lib
ii  libfam0 2.7.0-16.1   Client library to control the FAM 
ii  libgcc1 1:4.4.4-1GCC support library
ii  libkdecore5 4:4.4.3-1the KDE Platform Core Library
ii  libkdeui5   

Bug#580257: kdelibs5: KDE desktop does not start after 4.4 upgrade

[Remi Denis-Courmont]

Package: kdelibs5
Version: 4:4.4.3-1
Severity: grave
Justification: renders package unusable


Hello,

After upgrading to KDE 4.4 from Sid, login from KDM just return a wallpaper and 
a mouse. The KDE startup progress bar is never shown. Nothing ever happens.
Invoking startx from the text mode terminal give the same result (so not a KDM 
bug).

ps shows a few KDE processes that do start, but they are all sleeping: 
kdeinit4, klauncher, kded4, kglobalaccel and knotify4.

xinit to xterm and then starting kwin and KDE applications manually does work 
fine. 'startkde' does not seem to exist anymore, so I am not sure what is the 
proper command, and I guess it would not work anyway.

Best regards,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32.12 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages kdelibs5 depends on:
ii  kdelibs5-plugins  4:4.4.3-1  core plugins for KDE Applications
ii  libkde3support4   4:4.4.3-1  the KDE 3 Support Library for the 
ii  libkdecore5   4:4.4.3-1  the KDE Platform Core Library
ii  libkdesu5 4:4.4.3-1  the Console-mode Authentication Li
ii  libkdeui5 4:4.4.3-1  the KDE Platform User Interface Li
ii  libkdnssd44:4.4.3-1  the DNS-SD Protocol Library for th
ii  libkfile4 4:4.4.3-1  the File Selection Dialog Library 
ii  libkhtml5 4:4.4.3-1  the KHTML Web Content Rendering En
ii  libkimproxy4  4:4.4.3-1  the Instant Messaging Interface Li
ii  libkio5   4:4.4.3-1  the Network-enabled File Managemen
ii  libkjsapi44:4.4.3-1  the KJS API Library for the KDE De
ii  libkjsembed4  4:4.4.3-1  library for binding JavaScript obj
ii  libkmediaplayer4  4:4.4.3-1  the KMediaPlayer Interface for the
ii  libknewstuff2-4   4:4.4.3-1  the Get Hot New Stuff v2 Library
ii  libknotifyconfig4 4:4.4.3-1  library for configuring KDE Notifi
ii  libkntlm4 4:4.4.3-1  the NTLM Authentication Library fo
ii  libkparts44:4.4.3-1  the Framework for the KDE Platform
ii  libkpty4  4:4.4.3-1  the Pseudo Terminal Library for th
ii  libkrosscore4 4:4.4.3-1  the Kross Core Library
ii  libkrossui4   4:4.4.3-1  the Kross UI Library
ii  libktexteditor4   4:4.4.3-1  the KTextEditor interfaces for the
ii  libkutils44:4.4.3-1  various utility classes for the KD
ii  libnepomuk4   4:4.4.3-1  the Nepomuk Meta Data Library
ii  libsolid4 4:4.4.3-1  Solid Library for KDE Platform
ii  libthreadweaver4  4:4.4.3-1  the ThreadWeaver Library for the K

kdelibs5 recommends no packages.

kdelibs5 suggests no packages.

-- debconf information:
  kdelibs5/upgrade_kdehome_info:
  kdelibs5/upgrade_kdehome_running: true
  kdelibs5/upgrade_kdehome_running_title:
  kdelibs5/upgrade_kdehome_info_title:



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#578273: libc6-dev: Please provide thread-safe dlerror() replacement

[Remi Denis-Courmont]

Package: libc6-dev
Version: 2.10.2-6
Severity: wishlist
Tags: upstream


Hello,

The current glibc implementation of dlerror() calls strerror(). The
current implementation of strerror() is not thread-safe. While this
is allowed by POSIX, this is quite inconvenient for thread-safe programs
or library using dlopen() and dlsym().

With dlsym(), checking dlerror() is in fact the recommended way to
detect errors. In theory anyway - NULL can be a correct succesful return
value for dlsym().

I would not hold my breath for POSIX to resolve this issue, so can glibc
please provide a proprietary replacement? We need this to fix the libvlc
package (currently wrongly calling dlerror()). It could either write
the error message to a provided buffer à la strerror_r() or allocate it
on the heap - whatever.

Best regards,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32.9 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libc6-dev depends on:
ii  libc-dev-bin  2.10.2-6   Embedded GNU C Library: Developmen
ii  libc6 2.10.2-6   Embedded GNU C Library: Shared lib
ii  linux-libc-dev2.6.32-11  Linux support headers for userspac

Versions of packages libc6-dev recommends:
ii  gcc [c-compiler]  4:4.4.3-1  The GNU C compiler
ii  gcc-4.4 [c-compiler]  4.4.3-7The GNU C compiler

Versions of packages libc6-dev suggests:
ii  glibc-doc 2.10.2-6   Embedded GNU C Library: Documentat
ii  manpages-dev  3.24-1 Manual pages about using GNU/Linux

-- no debconf information



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#578161: liblivemedia-dev: GPL patch is incompatible with LGPL distribution

[Remi Denis-Courmont]

Package: liblivemedia-dev
Version: 2010.02.10-1
Severity: serious
Justification: Policy 2.3


Hello,

The liblivemedia-dev packages applies a patch explicitly licensed under
the GPL. In my understanding, this makes the resulting binaries GPL.

Yet the copyright file claims Debian provides the package under LGPL.
Please remove the setlocale patch or fix the licensing informations.

Thanks in advance,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32.9 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#572723: manpages-fr-extra: /usr/share/man/fr/man1/rand.1SSL.gz badly encoded

[Remi Denis-Courmont]

Package: manpages-fr-extra
Version: 20090906
Severity: normal


Hello,

Accentuated characters in /usr/share/man/fr/man1/rand.1SSL.gz
(man 1 rand) are incorrectly encoded. It seems the file has been
transcoded from Latin-1 to UTF-8 *twice*.

Best regards,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32.7 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

manpages-fr-extra depends on no packages.

Versions of packages manpages-fr-extra recommends:
ii  manpages-fr   3.23.1-1   French version of the manual pages

Versions of packages manpages-fr-extra suggests:
ii  konqueror [man-browser]   4:4.3.4-1  KDE 4's advanced file manager, web
ii  man-db [man-browser]  2.5.7-2on-line manual pager
ii  manpages-fr-dev   3.23.1-1   French version of the development 

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#569835: xdg-utils: xdg-screensaver does not support KDE4/FreeDesktop screensaver

[Remi Denis-Courmont]

Package: xdg-utils
Version: 1.0.2-6.1
Severity: important


Hello,

xdg-screensaver as found in Debian does not inhibit the KDE desktop
screensaver (which uses the FreeDesktop DBus API). Nothing happens,
except for the dcop error already noted in Debian bug #557104.

The current version from upstream CVS does not seem to work either.

Best regards,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32.7 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

xdg-utils depends on no packages.

Versions of packages xdg-utils recommends:
ii  file  5.04-1 Determines file type using magic
ii  iceweasel [www-browser]   3.5.6-2Web browser based on Firefox
ii  konqueror [www-browser]   4:4.3.4-1  KDE 4's advanced file manager, web
ii  mime-support  3.48-1 MIME files 'mime.types'  'mailcap
ii  shared-mime-info  0.71-1 FreeDesktop.org shared MIME databa
ii  w3m [www-browser] 0.5.2-2.1  WWW browsable pager with excellent
ii  x11-utils 7.5+2  X11 utilities
ii  x11-xserver-utils 7.5+1+b1   X server utilities

Versions of packages xdg-utils suggests:
pn  desktop-file-utilsnone (no description available)
pn  exo-utils none (no description available)
pn  kdelibs4c2a   none (no description available)
ii  konqueror 4:4.3.4-1  KDE 4's advanced file manager, web
pn  libgnome2-0   none (no description available)
pn  libgnomevfs2-bin  none (no description available)
pn  libgtk2.0-bin none (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20100214165223.7987.65424.report...@basile.remlab.net

Bug#567186: RFH: miredo -- Teredo IPv6 tunneling through NATs

[Remi Denis-Courmont]

Package: wnpp
Severity: normal


   Hello,

I request assistance with maintaining the miredo package.

The last update has unfortunately introduced a severe regression. That
bug was upstream, but that's hardly an excuse since I am upstream too.
In the mean time, I have lost contact of my sponsor (no answer from
emails and IRC), and haven't been able to get a new on debian-mentors.

Best regards,

The package description is:
 The Teredo IPv6 tunneling protocol encapsulates IPv6 packets into UDP/IPv4
 datagrams, to allow hosts behind NAT devices to access the IPv6 Internet.
 .
 Miredo is a Teredo client (as per RFC 4380): it can provide IPv6
 connectivity to a dual-stack IPv6/IPv4 host even if it is located behind a
 NAT. It can also operate as a Teredo relay which forwards IPv6 packets
 between the IPv6 Internet and remote Teredo clients.



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#565178: mpeg2dec: fails with BadMatch XVideo error

[Remi Denis-Courmont]

Package: mpeg2dec
Version: 0.4.1-3
Severity: important


Hello,

mpeg2dec systematically crashes at start with the default settings:

0.4.1 - by Michel Lespinasse wal...@zoy.org and Aaron Holtzman
X Error of failed request:  BadMatch (invalid parameter attributes)
  Major opcode of failed request:  132 (XVideo)
  Minor opcode of failed request:  19 ()
  Serial number of failed request:  26
  Current serial number in output stream:  27

The same problem happens with xv and xv2 output. x11 works fine.

Best regards,

Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32.2 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages mpeg2dec depends on:
ii  libc6 2.10.2-5   Embedded GNU C Library: Shared lib
ii  libmpeg2-40.4.1-3MPEG1 and MPEG2 video decoder libr
ii  libsdl1.2debian   1.2.14-3   Simple DirectMedia Layer
ii  libx11-6  2:1.3.2-1  X11 client-side library
ii  libxext6  2:1.1.1-2  X11 miscellaneous extension librar
ii  libxv12:1.0.5-1  X11 Video extension library

mpeg2dec recommends no packages.

mpeg2dec suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#564610: clang: MB_LEN_MAX definition is wrong

[Remi Denis-Courmont]

Package: clang
Version: 2.6-1
Severity: grave
Justification: renders package unusable


Hello,

Debian clang's limits.h defines MB_LEN_MAX to 1.
Debian eglibc stdlib.h insists on MB_LEN_MAX being equal to 16
(/usr/include/bits/stdlib.h:89). Otherwise it fails explicitly into
an #error.

Regardless of eglibc, ISO/IEC 9899:1999 TC3 §5.2.4.2.1 defines
MB_LEN_MAX as follows:
  maximum number of bytes in a multibyte character, for any
   supported locale

With only UTF-8, which is Debian's default character encoding, then
MB_LEN_MAX must be at the very least 4 bytes for characters outside of
the Basic Multilingual Plane. So in any case, clang has it wrong.

Best regards,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32.2 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages clang depends on:
ii  libc6 2.10.2-4   Embedded GNU C Library: Shared lib
ii  libgcc1   1:4.4.2-9  GCC support library
ii  libstdc++64.4.2-9The GNU Standard C++ Library v3

Versions of packages clang recommends:
pn  llvm-dev  none (no description available)

clang suggests no packages.

-- no debconf information



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#563476: vlc: upgrade fails

[Remi Denis-Courmont]

Package: vlc
Version: 1.0.4-1
Severity: normal


   Hello,

Upgrading vlc and vlc-nox from 1.0.3-1 to 1.0.4-1 fails as the hotkeys
plugin has changed from the latter package to the former.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32.1 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vlc depends on:
ii  libaa1  1.4p5-38 ascii art library
ii  libc6   2.10.2-3 Embedded GNU C Library: Shared lib
ii  libdbus-1-3 1.2.16-2 simple interprocess messaging syst
ii  libfreetype62.3.11-1 FreeType 2 font engine, shared lib
ii  libfribidi0 0.10.9-1+b1  Free Implementation of the Unicode
ii  libgcc1 1:4.4.2-8GCC support library
ii  libgl1-mesa-glx [libgl1 7.6.1-1  A free implementation of the OpenG
ii  libglib2.0-02.22.3-2 The GLib library of C routines
ii  libgtk2.0-0 2.18.5-1 The GTK+ graphical user interface 
ii  libnotify1 [libnotify1- 0.4.5-1  sends desktop notifications to a n
ii  libqtcore4  4:4.5.3-4Qt 4 core module
ii  libqtgui4   4:4.5.3-4Qt 4 GUI module
ii  libsdl-image1.2 1.2.10-1 image loading library for Simple D
ii  libsdl1.2debian 1.2.13-5 Simple DirectMedia Layer
ii  libstdc++6  4.4.2-8  The GNU Standard C++ Library v3
ii  libtar  1.2.11-6 C library for manipulating tar arc
ii  libvlccore2 1.0.4-1  base library for VLC and its modul
ii  libx11-62:1.3.2-1X11 client-side library
ii  libxext62:1.0.4-1X11 miscellaneous extension librar
ii  libxinerama12:1.0.3-2X11 Xinerama extension library
ii  libxv1  2:1.0.5-1X11 Video extension library
ii  libxxf86vm1 1:1.0.2-1X11 XFree86 video mode extension l
ii  ttf-dejavu-core 2.30-2   Vera font family derivate with add
pn  vlc-nox none   (no description available)
ii  zlib1g  1:1.2.3.4.dfsg-3 compression library - runtime

vlc recommends no packages.

Versions of packages vlc suggests:
pn  mozilla-plugin-vlcnone (no description available)
pn  videolan-doc  none (no description available)

Versions of packages vlc-nox depends on:
ii  liba52-0.7.4  0.7.4-13   library for decoding ATSC A/52 str
ii  libasound21.0.21a-1  shared library for ALSA applicatio
ii  libass4   0.9.8-1library for SSA/ASS subtitles rend
ii  libavahi-client3  0.6.25-2   Avahi client library
ii  libavahi-common3  0.6.25-2   Avahi common library
pn  libavc1394-0  none (no description available)
ii  libavcodec52  4:0.5+svn20090706-2+b1 ffmpeg codec library
ii  libavformat52 4:0.5+svn20090706-2+b1 ffmpeg file format library
ii  libavutil49   4:0.5+svn20090706-2+b1 ffmpeg utility library
ii  libc6 2.10.2-3   Embedded GNU C Library: Shared lib
ii  libcaca0  0.99.beta16-3  colour ASCII art library
pn  libcddb2  none (no description available)
ii  libcdio10 0.81-4 library to read and control CD-ROM
ii  libdbus-1-3   1.2.16-2   simple interprocess messaging syst
ii  libdca0   0.0.5-3decoding library for DTS Coherent 
ii  libdvbpsi50.1.6-1library for MPEG TS and DVB PSI ta
ii  libdvdnav44.1.3-6DVD navigation library
ii  libdvdread4   4.1.3-7library for reading DVDs
ii  libebml0  0.7.7-3.1  access library for the EBML format
ii  libfaad2  2.7-4  freeware Advanced Audio Decoder - 
ii  libflac8  1.2.1-2+b1 Free Lossless Audio Codec - runtim
ii  libfontconfig12.8.0-2generic font configuration library
ii  libfreetype6  2.3.11-1   FreeType 2 font engine, shared lib
ii  libfribidi0   0.10.9-1+b1Free Implementation of the Unicode
ii  libgcc1   1:4.4.2-8  GCC support library
ii  libgcrypt11   1.4.5-1LGPL Crypto library - runtime libr
ii  libgnutls26   2.8.5-2the GNU TLS library - runtime libr
ii  libgpg-error0 1.6-1  library for common error values an
ii  libhal1   0.5.14-1   Hardware Abstraction Layer - share
ii  liblircclient00.8.3-5infra-red remote control support -
ii  liblua5.1-0   5.1.4-5Simple, extensible, embeddable pro
ii  libmad0   

Bug#563477: vlc-nox: hotkeys plugin needed for command line interface

[Remi Denis-Courmont]

Package: vlc-nox
Version: 1.0.4-1
Severity: normal


Hello,

Since version 1.0.4-1, the hotkeys plugin is part of vlc instead of
vlc-nox. This is quite unfortunate as the command line interface (rvlc)
does use hotkeys (with the key command) too, not just the X11 UIs.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32.1 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vlc-nox depends on:
ii  liba52-0.7.4  0.7.4-13   library for decoding ATSC A/52 str
ii  libasound21.0.21a-1  shared library for ALSA applicatio
ii  libass4   0.9.8-1library for SSA/ASS subtitles rend
ii  libavahi-client3  0.6.25-2   Avahi client library
ii  libavahi-common3  0.6.25-2   Avahi common library
pn  libavc1394-0  none (no description available)
ii  libavcodec52  4:0.5+svn20090706-2+b1 ffmpeg codec library
ii  libavformat52 4:0.5+svn20090706-2+b1 ffmpeg file format library
ii  libavutil49   4:0.5+svn20090706-2+b1 ffmpeg utility library
ii  libc6 2.10.2-3   Embedded GNU C Library: Shared lib
ii  libcaca0  0.99.beta16-3  colour ASCII art library
pn  libcddb2  none (no description available)
ii  libcdio10 0.81-4 library to read and control CD-ROM
ii  libdbus-1-3   1.2.16-2   simple interprocess messaging syst
ii  libdca0   0.0.5-3decoding library for DTS Coherent 
ii  libdvbpsi50.1.6-1library for MPEG TS and DVB PSI ta
ii  libdvdnav44.1.3-6DVD navigation library
ii  libdvdread4   4.1.3-7library for reading DVDs
ii  libebml0  0.7.7-3.1  access library for the EBML format
ii  libfaad2  2.7-4  freeware Advanced Audio Decoder - 
ii  libflac8  1.2.1-2+b1 Free Lossless Audio Codec - runtim
ii  libfontconfig12.8.0-2generic font configuration library
ii  libfreetype6  2.3.11-1   FreeType 2 font engine, shared lib
ii  libfribidi0   0.10.9-1+b1Free Implementation of the Unicode
ii  libgcc1   1:4.4.2-8  GCC support library
ii  libgcrypt11   1.4.5-1LGPL Crypto library - runtime libr
ii  libgnutls26   2.8.5-2the GNU TLS library - runtime libr
ii  libgpg-error0 1.6-1  library for common error values an
ii  libhal1   0.5.14-1   Hardware Abstraction Layer - share
ii  liblircclient00.8.3-5infra-red remote control support -
ii  liblua5.1-0   5.1.4-5Simple, extensible, embeddable pro
ii  libmad0   0.15.1b-4  MPEG audio decoder library
ii  libmatroska0  0.8.1-1.1  extensible open standard audio/vid
ii  libmodplug0c2 1:0.8.7-1  shared libraries for mod music bas
ii  libmpcdec62:0.1~r453-1   MusePack decoder - library
ii  libmpeg2-40.4.1-3MPEG1 and MPEG2 video decoder libr
ii  libncursesw5  5.7+20090803-2 shared libraries for terminal hand
ii  libogg0   1.1.4~dfsg-2   Ogg bitstream library
ii  libpng12-01.2.41-1   PNG library - runtime
ii  libpostproc51 4:0.5+svn20090706-2+b1 ffmpeg video postprocessing librar
ii  libraw1394-11 2.0.4-1library for direct access to IEEE 
ii  libschroedinger-1 1.0.8-2library for encoding/decoding of D
ii  libshout3 2.2.2-5+b1 MP3/Ogg Vorbis broadcast streaming
ii  libsmbclient  2:3.4.3-2  shared library for communication w
ii  libspeex1 1.2~rc1-1  The Speex codec runtime library
ii  libstdc++64.4.2-8The GNU Standard C++ Library v3
ii  libswscale0   4:0.5+svn20090706-2+b1 ffmpeg video scaling library
ii  libsysfs2 2.1.0-6interface library to sysfs
ii  libtag1c2a1.6.1-1TagLib Audio Meta-Data Library
ii  libtheora01.1.1+dfsg.1-3 The Theora Video Compression Codec
ii  libtwolame0   0.3.12-1   MPEG Audio Layer 2 encoding librar
ii  libudev0  149-2  libudev shared library
ii  libupnp3  1:1.6.6-3  Portable SDK for UPnP Devices (sha
ii  libv4l-0  0.6.3-1Collection of video4linux support 
ii  libvcdinfo0   0.7.23-4+b2library to extract information fro
ii  libvlc2   1.0.4-1multimedia player and streamer lib
ii  libvlccore2   1.0.4-1base library for VLC and its modul
ii  libvorbis0a   1.2.3-3The Vorbis 

Bug#557104: /usr/bin/xdg-screensaver: xdg-screensaver: wrongly complains about missing dcop

[Remi Denis-Courmont]

Package: xdg-utils
Version: 1.0.2-6.1
Severity: minor
File: /usr/bin/xdg-screensaver


Hello,

With Debian KDE 4.3, xdg-screensaver keeps complaining that dcop is not
present. In my understanding, this is a normal situation with KDE 4, so
it should not print an error.

Best regards,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30.9 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

xdg-utils depends on no packages.

Versions of packages xdg-utils recommends:
ii  file  5.03-3 Determines file type using magic
ii  iceweasel [www-browser]   3.5.5-1lightweight web browser based on M
ii  konqueror [www-browser]   4:4.3.2-1  KDE 4's advanced file manager, web
ii  mime-support  3.46-1 MIME files 'mime.types'  'mailcap
ii  shared-mime-info  0.70-1 FreeDesktop.org shared MIME databa
ii  w3m [www-browser] 0.5.2-2.1  WWW browsable pager with excellent
ii  x11-utils 7.4+1  X11 utilities
ii  x11-xserver-utils 7.4+2  X server utilities

Versions of packages xdg-utils suggests:
pn  desktop-file-utilsnone (no description available)
pn  exo-utils none (no description available)
pn  kdelibs4c2a   none (no description available)
ii  konqueror 4:4.3.2-1  KDE 4's advanced file manager, web
pn  libgnome2-0   none (no description available)
pn  libgnomevfs2-bin  none (no description available)
pn  libgtk2.0-bin none (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#551903: libc6-i686 pthread_cond_wait fails to reacquire mutex upon cancellation

[Remi Denis-Courmont]

Package: libc6-i686
Version: 2.10.1-1
Severity: critical
Justification: breaks unrelated software


Hello,

With the upgrade to 2.10.1, pthread_cond_wait() fails to re-acquire the
provided mutex when acting on a deferred cancellation event from
another thread. This is seen if (and apparently, only if) another thread
acquires the same mutex after cancellation is initiated, but before the
cancelled thread executes cancellation cleanup handlers.

I could not reproduce the problem with plain libc6. It only occurs with
libc6-i686 installed.

I wrote a simple test case at:
http://www.remlab.net/files/divers/condfail.c

This is a violation of POSIX threads semantics, and a regression from
earlier libc6-i686. This also renders VLC media player debug versions
almost completely unusable.

Best regards,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30.9 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libc6-i686 depends on:
ii  libc6 2.10.1-1   GNU C Library: Shared libraries

libc6-i686 recommends no packages.

libc6-i686 suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#551494: libc6-dev: Please define O_CLOEXEC in fcntl.h

[Remi Denis-Courmont]

Package: libc6-dev
Version: 2.9-27
Severity: wishlist


Hello,

Recent kernel versions introduced the O_CLOEXEC open() flag to support
setting the close-on-exec in a thread-safe manner (i.e. atomic w.r.t.
the process file descriptor table).

Unfortunately, the definition for O_CLOEXEC is only available through
kernel headers that conflict with fcntl.h. Please provide a definition
from the glibc headers too!

Best regards,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30.9 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libc6-dev depends on:
ii  libc-dev-bin  2.9-27 GNU C Library: Development binarie
ii  libc6 2.9-27 GNU C Library: Shared libraries
ii  linux-libc-dev2.6.30-8   Linux support headers for userspac

Versions of packages libc6-dev recommends:
ii  gcc [c-compiler]  4:4.3.3-9+nmu1 The GNU C compiler
ii  gcc-4.3 [c-compiler]  4.3.4-5The GNU C compiler
ii  gcc-4.4 [c-compiler]  4.4.1-6The GNU C compiler
ii  tcc [c-compiler]  0.9.24-1   the smallest ANSI C compiler

Versions of packages libc6-dev suggests:
ii  glibc-doc 2.9-27 GNU C Library: Documentation
ii  manpages-dev  3.22-1 Manual pages about using GNU/Linux

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#551201: /usr/share/man/man3/insque.3.gz: insque() description contradicts POSIX and actual behaviour

[Remi Denis-Courmont]

Package: manpages-dev
Version: 3.22-1
Severity: normal
File: /usr/share/man/man3/insque.3.gz


Hello,

The manual page for insque() states that
insque(elem, NULL);
is invalid. However, the POSIX standards and the actual glibc
implementation both explicitly allows this:
http://www.opengroup.org/onlinepubs/009695399/functions/remque.html

Best regards,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30.9 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages manpages-dev depends on:
ii  manpages  3.22-1 Manual pages about using a GNU/Lin

manpages-dev recommends no packages.

Versions of packages manpages-dev suggests:
ii  konqueror [man-browser]   4:4.3.2-1  KDE 4's advanced file manager, web
ii  man-db [man-browser]  2.5.6-3on-line manual pager

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#550866: kdelibs5: KDE password prompts broken, busy loops

[Remi Denis-Courmont]

Package: kdelibs5
Version: 4:4.3.2-2
Severity: important


Hello,

Since the last update, all KDE-based password prompt fields appear to
enter a busy loop when they get the focus. Pressing Enter does not work.
Clicking on the confirmation button has no effect either.

This is visible in the KDE wallet unlock prompt, the Konqueror HTTP
password prompt, and the Kmail IMAP password prompt (at least).

Best regards,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30.9 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages kdelibs5 depends on:
ii  dbus-x11   1.2.16-2  simple interprocess messaging syst
ii  debconf [debconf-2.0]  1.5.27Debian configuration management sy
ii  kdelibs-bin4:4.3.2-2 executables for all KDE 4 core app
ii  kdelibs5-data  4:4.3.2-2 core shared data for all KDE 4 app
ii  libacl12.2.48-1  Access control list shared library
ii  libaspell150.60.6-2  GNU Aspell spell-checker runtime l
ii  libattr1   1:2.4.44-1Extended attribute shared library
ii  libbz2-1.0 1.0.5-3   high-quality block-sorting file co
ii  libc6  2.9-27GNU C Library: Shared libraries
ii  libenchant1c2a 1.4.2-3.3 a wrapper library for various spel
ii  libfam02.7.0-16  Client library to control the FAM 
ii  libgcc11:4.4.1-6 GCC support library
ii  libgif44.1.6-8   library for GIF images (library)
ii  libgssapi-krb5-2   1.7dfsg~beta3-1   MIT Kerberos runtime libraries - k
ii  libice62:1.0.5-1 X11 Inter-Client Exchange library
ii  libilmbase61.0.1-3   several utility libraries from ILM
ii  libjasper1 1.900.1-6 The JasPer JPEG-2000 runtime libra
ii  libjpeg62  6b-15 The Independent JPEG Group's JPEG 
ii  libopenexr61.6.1-4   runtime files for the OpenEXR imag
ii  libpcre3   7.8-3 Perl 5 Compatible Regular Expressi
ii  libphonon4 4:4.5.3-3 Qt 4 Phonon module
ii  libpng12-0 1.2.40-1  PNG library - runtime
ii  libqt4-dbus4:4.5.3-3 Qt 4 D-Bus module
ii  libqt4-designer4:4.5.3-3 Qt 4 designer module
ii  libqt4-network 4:4.5.3-3 Qt 4 network module
ii  libqt4-qt3support  4:4.5.3-3 Qt 3 compatibility library for Qt 
ii  libqt4-script  4:4.5.3-3 Qt 4 script module
ii  libqt4-svg 4:4.5.3-3 Qt 4 SVG module
ii  libqt4-xml 4:4.5.3-3 Qt 4 XML module
ii  libqtcore4 4:4.5.3-3 Qt 4 core module
ii  libqtgui4  4:4.5.3-3 Qt 4 GUI module
ii  libsm6 2:1.1.1-1 X11 Session Management library
ii  libsoprano42.3.1+dfsg.1-1libraries for the Soprano RDF fram
ii  libstdc++6 4.4.1-6   The GNU Standard C++ Library v3
ii  libstreamanalyzer0 0.7.0-1+b2streamanalyzer library for Strigi 
ii  libutempter0   1.1.5-2   A privileged helper for utmp/wtmp 
ii  libx11-6   2:1.2.2-1 X11 client-side library
ii  libxcursor11:1.1.9-1 X cursor management library
ii  libxfixes3 1:4.0.3-2 X11 miscellaneous 'fixes' extensio
ii  libxml22.7.6.dfsg-1  GNOME XML library
ii  libxrender11:0.9.4-2 X Rendering Extension client libra
ii  libxslt1.1 1.1.26-1  XSLT processing library - runtime 
ii  libxtst6   2:1.0.3-1 X11 Testing -- Resource extension 
ii  shared-mime-info   0.60-2FreeDesktop.org shared MIME databa
ii  xauth  1:1.0.3-2 X authentication utility
ii  xdg-utils  1.0.2-6.1 desktop integration utilities from
ii  zlib1g 1:1.2.3.3.dfsg-15 compression library - runtime

Versions of packages kdelibs5 recommends:
ii  kaboom1.1.2  The Debian KDE settings migration 
ii  kdebase-runtime   4:4.3.2-1  runtime components from the offici
ii  ttf-dejavu2.30-1 Metapackage to pull in ttf-dejavu-

Versions of packages kdelibs5 suggests:
pn  hspellnone (no description available)

-- debconf information:
  kdelibs5/upgrade_kdehome_info:
  kdelibs5/upgrade_kdehome_running: true
  kdelibs5/upgrade_kdehome_running_title:
  kdelibs5/upgrade_kdehome_info_title:



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#496715: [Xcb] Bug#496715: libpthread-stubs: Should provide more pthread_* functions

[Remi Denis-Courmont]

- Message d'origine -
 Hello,

 Here is a patch that adds only pthread_condattr_init/destroy,
 pthread_cond_timedwait, pthread_exit, and makes both cond_*wait abort
 instead of just returning 0.

I would expect cond_timedwait to sleep for the specified interval rather than 
abort (though sleeping in a portable way is not completely trivial). No?

-- 
Remi



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#540109: libtheora-dev: libtheora.la refers to non-existent libogg.la

[Remi Denis-Courmont]

Package: libtheora-dev
Version: 1.0-2
Severity: grave
Justification: renders package unusable


Hello,

/usr/lib/libtheora.la refers to libogg.la which is nowhere to be found
among the dependencies of libtheora-dev. I gues libogg-dev stops
providing libtool archives.

This causes any attempt to link libtheora with libtool to fail.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30.4 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libtheora-dev depends on:
ii  libogg-dev  1.1.4~dfsg-1 Ogg bitstream library development 
ii  libtheora0  1.0-2The Theora Video Compression Codec

libtheora-dev recommends no packages.

libtheora-dev suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#532688: libxcb-randr0-dev: Please depend on libxcb-render0-dev (or do not include its header)

[Remi Denis-Courmont]

Package: libxcb-randr0-dev
Version: 1.3-2
Severity: minor


Hello,

xcb/xrandr.h from libxcb-randr0-dev includes render.h, which is part
of the libxcb-render0-dev package. Effectively, the Randr development
package is useless without the Render one. Hence, the former should
depend (Depends:) on the latter.

Regards,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.29.4 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libxcb-randr0-dev depends on:
ii  libxcb-randr0 1.3-2  X C Binding, randr extension
ii  libxcb1-dev   1.3-2  X C Binding, development files

libxcb-randr0-dev recommends no packages.

libxcb-randr0-dev suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#530560: libxcb-shm0-dev: xcb_shm_completion_event_t mislaid out

[Remi Denis-Courmont]

Package: libxcb-shm0-dev
Version: 1.2-1
Severity: important


Hello,

It would seem that the layout of the xcb_shm_completion_event_t
structure has the segment XID swapped with the event minor/major
numbers. This breaks processing of SHM completion event pretty badly
(without an ugly work around).

Best regards,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.29.3 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libxcb-shm0-dev depends on:
ii  libxcb-shm0   1.2-1  X C Binding, shm extension
ii  libxcb1-dev   1.2-1  X C Binding, development files

libxcb-shm0-dev recommends no packages.

libxcb-shm0-dev suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#529633: mozilla-plugin-vlc: Logging through Javascript hurts privacy

[Remi Denis-Courmont]

Package: mozilla-plugin-vlc
Version: 0.9.9a-2
Severity: important
Tags: security


Hello,

The logging Javascript API (vlc.log.*) provided by this plugin can leak
sensitive informations to third party websites. For instance, one can
enumerate the content of file system by opening a directory and then
watching for playlist item messages.

Please remove this mis-feature.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.29.3 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages mozilla-plugin-vlc depends on:
ii  libc6 2.9-12 GNU C Library: Shared libraries
ii  libgcc1   1:4.4.0-5  GCC support library
ii  libstdc++64.4.0-5The GNU Standard C++ Library v3
ii  libvlc2   0.9.9a-2   multimedia player and streamer lib
ii  libx11-6  2:1.2.1-1  X11 client-side library
ii  libxpm4   1:3.5.7-1  X11 pixmap library
ii  libxt61:1.0.5-3  X11 toolkit intrinsics library
ii  vlc   0.9.9a-2   multimedia player and streamer
ii  vlc-nox   0.9.9a-2   multimedia player and streamer (wi

mozilla-plugin-vlc recommends no packages.

mozilla-plugin-vlc suggests no packages.



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#528044: vlc: invalid symlink at /usr/share/vlc/http/.hosts

[Remi Denis-Courmont]

Package: vlc
Version: 0.9.9a-2
Severity: minor


The symbolic link at /usr/share/vlc/http/.hosts leads nowhere. I assume
a dot is missing in the target path. I would expect this would leave the
HTTP interface world-writable by default, but somehow it does not?

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.29.2 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vlc depends on:
ii  libaa1 1.4p5-38  ascii art library
ii  libc6  2.9-12GNU C Library: Shared libraries
ii  libdbus-1-31.2.14-2  simple interprocess messaging syst
ii  libfreetype6   2.3.9-4.1 FreeType 2 font engine, shared lib
ii  libfribidi00.10.9-1  Free Implementation of the Unicode
ii  libgcc11:4.4.0-4 GCC support library
ii  libgl1-mesa-glx [libgl 7.4.1-1   A free implementation of the OpenG
ii  libglib2.0-0   2.20.1-2  The GLib library of C routines
ii  libglu1-mesa [libglu1] 7.4.1-1   The OpenGL utility library (GLU)
ii  libgtk2.0-02.16.1-2  The GTK+ graphical user interface 
ii  libnotify1 [libnotify1 0.4.5-1   sends desktop notifications to a n
ii  libqtcore4 4.5.1-2   Qt 4 core module
ii  libqtgui4  4.5.1-2   Qt 4 GUI module
ii  libsdl-image1.21.2.6-3   image loading library for Simple D
ii  libsdl1.2debian1.2.13-4+b1   Simple DirectMedia Layer
ii  libstdc++6 4.4.0-4   The GNU Standard C++ Library v3
ii  libtar 1.2.11-6  C library for manipulating tar arc
ii  libvlccore00.9.9a-2  base library for VLC and its modul
ii  libx11-6   2:1.2.1-1 X11 client-side library
ii  libxext6   2:1.0.4-1 X11 miscellaneous extension librar
ii  libxinerama1   2:1.0.3-2 X11 Xinerama extension library
ii  libxv1 2:1.0.4-1 X11 Video extension library
ii  libxxf86vm11:1.0.2-1 X11 XFree86 video mode extension l
ii  ttf-dejavu-core2.29-2Vera font family derivate with add
ii  vlc-nox0.9.9a-2  multimedia player and streamer (wi
ii  zlib1g 1:1.2.3.3.dfsg-13 compression library - runtime

vlc recommends no packages.

Versions of packages vlc suggests:
pn  mozilla-plugin-vlcnone (no description available)
pn  videolan-doc  none (no description available)

Versions of packages vlc-nox depends on:
ii  liba52-0.7.4 0.7.4-11library for decoding ATSC A/52 str
ii  libasound2   1.0.19-1shared library for ALSA applicatio
ii  libass3  0.9.6-1 library for SSA/ASS subtitles rend
ii  libavahi-cli 0.6.25-1Avahi client library
ii  libavahi-com 0.6.25-1Avahi common library
ii  libavcodec52 4:0.5+svn20090420-2 ffmpeg codec library
ii  libavformat5 4:0.5+svn20090420-2 ffmpeg file format library
ii  libavutil49  4:0.5+svn20090420-2 ffmpeg utility library
ii  libc62.9-12  GNU C Library: Shared libraries
ii  libcaca0 0.99.beta16-1   colour ASCII art library
ii  libcdio7 0.78.2+dfsg1-3  library to read and control CD-ROM
ii  libdbus-1-3  1.2.14-2simple interprocess messaging syst
ii  libdca0  0.0.5-2 decoding library for DTS Coherent 
ii  libdvbpsi4   0.1.5-3.1   library for MPEG TS and DVB PSI ta
ii  libdvdnav4   4.1.3-3 DVD navigation library
ii  libdvdread4  4.1.3-5 library for reading DVDs
ii  libebml0 0.7.7-3.1   access library for the EBML format
ii  libfaad0 2.6.1-3.1   freeware Advanced Audio Decoder - 
ii  libflac8 1.2.1-1.2   Free Lossless Audio Codec - runtim
ii  libfontconfi 2.6.0-3 generic font configuration library
ii  libfreetype6 2.3.9-4.1   FreeType 2 font engine, shared lib
ii  libfribidi0  0.10.9-1Free Implementation of the Unicode
ii  libgcc1  1:4.4.0-4   GCC support library
ii  libgcrypt11  1.4.4-2 LGPL Crypto library - runtime libr
ii  libgnutls26  2.6.6-1 the GNU TLS library - runtime libr
ii  libhal1  0.5.12~git20090406.46dc48-2 Hardware Abstraction Layer - share
ii  libid3tag0   0.15.1b-10  ID3 tag reading library from the M
ii  liblircclien 0.8.3-3 infra-red remote control support -
ii  liblua5.1-0  5.1.4-3 Simple, extensible, embeddable pro
ii  

Bug#526979: konqueror: cannot import SSL root certificates

[Remi Denis-Courmont]

Package: konqueror
Version: 4:4.2.2-1
Severity: important


   Hello,

Since upgrading from 3.5 to 4.2, Konqueror has become completely unable
to import root certificates with the certificate manager. That makes
secure connections to, e.g. Cacert.org-certified websites _impossible_.
Needless to mention that this is a security problem. The work around
whereby the security warnings are ignored exposes the user to
man-in-the-middle attacks that SSL is supposed to protect from.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.29-1-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages konqueror depends on:
ii  kdebase-bin4:4.2.2-1 core binaries for the KDE 4 base m
ii  kdebase-data   4:4.2.2-1 shared data files for the KDE 4 ba
ii  kdebase-runtime4:4.2.2-1 runtime components from the offici
ii  kdelibs5   4:4.2.2-2 core libraries for all KDE 4 appli
ii  libc6  2.9-9 GNU C Library: Shared libraries
ii  libkonq5   4:4.2.2-1 core libraries for Konqueror
ii  libkonqsidebarplugin4  4:4.2.2-1 Konqueror sidebar plugin library
ii  libqt4-dbus4.5.1-1   Qt 4 D-Bus module
ii  libqt4-qt3support  4.5.1-1   Qt 3 compatibility library for Qt 
ii  libqt4-xml 4.5.1-1   Qt 4 XML module
ii  libqtcore4 4.5.1-1   Qt 4 core module
ii  libqtgui4  4.5.1-1   Qt 4 GUI module
ii  libstdc++6 4.4.0-3   The GNU Standard C++ Library v3
ii  libx11-6   2:1.2.1-1 X11 client-side library
ii  zlib1g 1:1.2.3.3.dfsg-13 compression library - runtime

Versions of packages konqueror recommends:
pn  dolphin   none (no description available)
ii  konqueror-nsplugins   4:4.2.2-1  Netscape plugin support for Konque

Versions of packages konqueror suggests:
ii  konq-plugins  4:4.2.2-1  plugins for Konqueror, the KDE fil

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#526985: kmail: SSL connection with CAcert cannot be secured

[Remi Denis-Courmont]

Package: kmail
Version: 4:4.2.2-1
Severity: grave
Tags: security
Justification: user security hole


Hello,

Contrary to that in KDE 3.5, kmail in KDE 4.2 is incapable of verifying
IMAP server credentials when TLS is used. This means that the user has
to decide between fetching mail at all or exposing itself to MITM
attacks. This seems like a security issue.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.29-1-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages kmail depends on:
ii  kdebase-runtime   4:4.2.2-1  runtime components from the offici
ii  kdelibs5  4:4.2.2-2  core libraries for all KDE 4 appli
ii  kdepimlibs5   4:4.2.2-1  core libraries for KDE PIM 4 appli
ii  libc6 2.9-9  GNU C Library: Shared libraries
ii  libgcc1   1:4.4.0-3  GCC support library
ii  libkdepim44:4.2.2-1  KDE PIM library
ii  libkleo4  4:4.2.2-1  certificate based crypto library f
ii  libkontactinterfaces4 4:4.2.2-1  KDE Kontact interface library
ii  libkpgp4  4:4.2.2-1  gpg based crypto library for KDE
ii  libksieve44:4.2.2-1  KDE mail/news message filtering li
ii  libmimelib4   4:4.2.2-1  KDE mime library
ii  libphonon44:4.3.1-1  Phonon multimedia framework for Qt
ii  libqt4-dbus   4.5.1-1Qt 4 D-Bus module
ii  libqt4-network4.5.1-1Qt 4 network module
ii  libqt4-qt3support 4.5.1-1Qt 3 compatibility library for Qt 
ii  libqt4-xml4.5.1-1Qt 4 XML module
ii  libqtcore44.5.1-1Qt 4 core module
ii  libqtgui4 4.5.1-1Qt 4 GUI module
ii  libstdc++64.4.0-3The GNU Standard C++ Library v3
ii  perl  5.10.0-19  Larry Wall's Practical Extraction 
ii  phonon4:4.3.1-1  metapackage for Phonon multimedia 

Versions of packages kmail recommends:
pn  procmail  none (no description available)

Versions of packages kmail suggests:
ii  clamav 0.95.1+dfsg-2 anti-virus utility for Unix - comm
ii  gnupg  1.4.9-4   GNU privacy guard - a free PGP rep
pn  gnupg-agentnone(no description available)
pn  kaddressbook   none(no description available)
pn  kleopatra  none(no description available)
pn  pinentry-qt | pinentry-x11 none(no description available)
pn  spamassassin | bogofilter  none(no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#525540: kwallnetmanager: looses pass key strokes when opening the wallet

[Remi Denis-Courmont]

Package: kwalletmanager
Version: 4:4.2.2-1
Severity: important

Hello,

Just upgraded from KDE 3.5.10 to 4.2.2 from unstable. As per my older
configuration, the KDE password widgets are printing 3 dots instead of
just 1, whenever a key is pressed.

However, this has now become horribly slow. It takes around half a
second between pressing the key, and the dots showing up on screen.
Worse, key strokes are lost altogether when if I don't pace between
key presses. For some reason, this only seem to affect password
widgets - clear text input works just fine.

Opening the wallet when KDE starts has become a huge pain.

Admittedly, this is probably a bug in an underlying library, though I
have no idea which.

Regards,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages kwalletmanager depends on:
ii  kdebase-runtime   4:4.2.2-1  runtime components from the offici
ii  kdelibs5  4:4.2.2-2  core libraries for all KDE 4 appli
ii  libc6 2.9-7  GNU C Library: Shared libraries
ii  libqt4-dbus   4.4.3-2Qt 4 D-Bus module
ii  libqt4-qt3support 4.4.3-2Qt 3 compatibility library for Qt 
ii  libqt4-xml4.4.3-2Qt 4 XML module
 ii  libqtcore44.4.3-2Qt 4 core module
ii  libqtgui4 4.4.3-2Qt 4 GUI module
ii  libstdc++64.3.3-8The GNU Standard C++ Library v3

kwalletmanager recommends no packages.

kwalletmanager suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#512564: libxcb1-dev: Please package the developper documentation

[Remi Denis-Courmont]

Package: libxcb1-dev
Version: 1.1.92-0.1
Severity: wishlist


Hello,

The libxcb source includes Doxygen documentation and a plain HTML
tutorial in the doc/ directory. It would be nice to not have to have it
in libxcb-doc or whatever, besides just the source package.

Regards,


-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.27.10 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libxcb1-dev depends on:
ii  libpthread-stubs0-dev 0.1-2  pthread stubs not provided by nati
ii  libxau-dev1:1.0.3-3  X11 authorisation library (develop
ii  libxcb1   1.1.92-0.1 X C Binding
ii  libxdmcp-dev  1:1.0.2-3  X11 authorisation library (develop

libxcb1-dev recommends no packages.

libxcb1-dev suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#504639: vlc: buffer overflow in CUE support

[Remi Denis-Courmont]

Package: vlc-nox
Version: 0.8.6.h-4.1
Severity: grave
Tags: security
Justification: user security hole


Hello,

When parsing the header of an invalid CUE image file or an invalid
RealText subtitle file, stack-based buffer overflows might occur:
http://www.videolan.org/security/sa0810.html

(I believe the RealText problem only affects experimental)

Regargs.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.27.4 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vlc-nox depends on:
ii  liba52-0.7.4   0.7.4-11  library for decoding ATSC A/52 str
ii  libasound2 1.0.16-2  ALSA library
ii  libavahi-client3   0.6.23-2  Avahi client library
ii  libavahi-common3   0.6.23-2  Avahi common library
ii  libavc1394-0   0.5.3-1+b1control IEEE 1394 audio/video devi
ii  libavcodec51   0.svn20080206-14  ffmpeg codec library
ii  libavformat52  0.svn20080206-14  ffmpeg file format library
ii  libavutil490.svn20080206-14  ffmpeg utility library
ii  libc6  2.7-15GNU C Library: Shared libraries
ii  libcdio7   0.78.2+dfsg1-3library to read and control CD-ROM
ii  libdbus-1-31.2.1-4   simple interprocess messaging syst
ii  libdvbpsi4 0.1.5-3.1 library for MPEG TS and DVB PSI ta
ii  libdvdnav4 4.1.2-3   DVD navigation library
ii  libdvdread30.9.7-11  library for reading DVDs
ii  libebml0   0.7.7-3.1 access library for the EBML format
ii  libfaad0   2.6.1-3.1 freeware Advanced Audio Decoder - 
ii  libflac8   1.2.1-1.2 Free Lossless Audio Codec - runtim
ii  libfreetype6   2.3.7-2   FreeType 2 font engine, shared lib
ii  libfribidi00.10.9-1  Free Implementation of the Unicode
ii  libgcc11:4.3.2-1 GCC support library
ii  libgcrypt111.4.1-1   LGPL Crypto library - runtime libr
ii  libgnutls262.4.2-1   the GNU TLS library - runtime libr
ii  libhal10.5.11-6  Hardware Abstraction Layer - share
ii  libid3tag0 0.15.1b-10ID3 tag reading library from the M
ii  libiso9660-5   0.78.2+dfsg1-3library to work with ISO9660 files
ii  liblircclient0 0.8.3-3   infra-red remote control support -
ii  libmad00.15.1b-3 MPEG audio decoder library
ii  libmatroska0   0.8.1-1.1 extensible open standard audio/vid
ii  libmodplug0c2  1:0.8.4-2 shared libraries for mod music bas
ii  libmpcdec3 1.2.2-1   Musepack (MPC) format library
ii  libmpeg2-4 0.4.1-3   MPEG1 and MPEG2 video decoder libr
ii  libncurses55.6+20081025-1shared libraries for terminal hand
ii  libogg01.1.3-4   Ogg Bitstream Library
ii  libpng12-0 1.2.27-2  PNG library - runtime
ii  libpostproc51  0.svn20080206-14  ffmpeg video postprocessing librar
ii  libraw1394-8   1.3.0-4   library for direct access to IEEE 
ii  libsmbclient   2:3.2.4-1 shared library that allows applica
ii  libspeex1  1.2~rc1-1 The Speex codec runtime library
ii  libstdc++6 4.3.2-1   The GNU Standard C++ Library v3
ii  libsysfs2  2.1.0-5   interface library to sysfs
ii  libtheora0 1.0~beta3-1   The Theora Video Compression Codec
ii  libtwolame00.3.12-1  MPEG Audio Layer 2 encoding librar
ii  libvcdinfo00.7.23-4  library to extract information fro
ii  libvlc00.8.6.h-4.1   multimedia player and streamer lib
ii  libvorbis0a1.2.0.dfsg-3.1The Vorbis General Audio Compressi
ii  libvorbisenc2  1.2.0.dfsg-3.1The Vorbis General Audio Compressi
ii  libxml22.6.32.dfsg-4 GNOME XML library
ii  zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime

vlc-nox recommends no packages.

vlc-nox suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#502726: libty_plugin: vlc: exploitable buffer overflow in TY demux

[Remi Denis-Courmont]

Package: vlc-nox
Version: 0.8.6.h-4
Severity: grave
File: libty_plugin
Tags: security
Justification: user security hole


VLC versions 0.8.2 through 0.9.4 are prone to an exploitable
stack-based buffer overflow in the TY (TiVo) file parser.

See also http://www.videolan.org/security/sa0809.html

N.B.: please give me the CVE ID if you allocate one.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.27 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vlc-nox depends on:
ii  liba52-0.7.4   0.7.4-11  library for decoding ATSC A/52 str
ii  libasound2 1.0.16-2  ALSA library
ii  libavahi-client3   0.6.23-2  Avahi client library
ii  libavahi-common3   0.6.23-2  Avahi common library
ii  libavc1394-0   0.5.3-1+b1control IEEE 1394 audio/video devi
ii  libavcodec51   0.svn20080206-14  ffmpeg codec library
ii  libavformat52  0.svn20080206-14  ffmpeg file format library
ii  libavutil490.svn20080206-14  ffmpeg utility library
ii  libc6  2.7-15GNU C Library: Shared libraries
ii  libcdio7   0.78.2+dfsg1-3library to read and control CD-ROM
ii  libdbus-1-31.2.1-3   simple interprocess messaging syst
ii  libdvbpsi4 0.1.5-3.1 library for MPEG TS and DVB PSI ta
ii  libdvdnav4 4.1.2-3   DVD navigation library
ii  libdvdread30.9.7-11  library for reading DVDs
ii  libebml0   0.7.7-3.1 access library for the EBML format
ii  libfaad0   2.6.1-3.1 freeware Advanced Audio Decoder - 
ii  libflac8   1.2.1-1.2 Free Lossless Audio Codec - runtim
ii  libfreetype6   2.3.7-2   FreeType 2 font engine, shared lib
ii  libfribidi00.10.9-1  Free Implementation of the Unicode
ii  libgcc11:4.3.2-1 GCC support library
ii  libgcrypt111.4.1-1   LGPL Crypto library - runtime libr
ii  libgnutls262.4.2-1   the GNU TLS library - runtime libr
ii  libhal10.5.11-5  Hardware Abstraction Layer - share
ii  libid3tag0 0.15.1b-10ID3 tag reading library from the M
ii  libiso9660-5   0.78.2+dfsg1-3library to work with ISO9660 files
ii  liblircclient0 0.8.3-3   infra-red remote control support -
ii  libmad00.15.1b-3 MPEG audio decoder library
ii  libmatroska0   0.8.1-1.1 extensible open standard audio/vid
ii  libmodplug0c2  1:0.8.4-2 shared libraries for mod music bas
ii  libmpcdec3 1.2.2-1   Musepack (MPC) format library
ii  libmpeg2-4 0.4.1-3   MPEG1 and MPEG2 video decoder libr
ii  libncurses55.6+20081011-1shared libraries for terminal hand
ii  libogg01.1.3-4   Ogg Bitstream Library
ii  libpng12-0 1.2.27-2  PNG library - runtime
ii  libpostproc51  0.svn20080206-14  ffmpeg video postprocessing librar
ii  libraw1394-8   1.3.0-4   library for direct access to IEEE 
ii  libsmbclient   2:3.2.3-3 shared library that allows applica
ii  libspeex1  1.2~rc1-1 The Speex codec runtime library
ii  libstdc++6 4.3.2-1   The GNU Standard C++ Library v3
ii  libsysfs2  2.1.0-5   interface library to sysfs
ii  libtheora0 1.0~beta3-1   The Theora Video Compression Codec
ii  libtwolame00.3.12-1  MPEG Audio Layer 2 encoding librar
ii  libvcdinfo00.7.23-4  library to extract information fro
ii  libvlc00.8.6.h-4 multimedia player and streamer lib
ii  libvorbis0a1.2.0.dfsg-3.1The Vorbis General Audio Compressi
ii  libvorbisenc2  1.2.0.dfsg-3.1The Vorbis General Audio Compressi
ii  libxml22.6.32.dfsg-4 GNOME XML library
ii  zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime

vlc-nox recommends no packages.

vlc-nox suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#495411: libtool-doc: info pages not available anymore

[Remi Denis-Courmont]

Package: libtool-doc
Version: 2.2.2-1
Severity: normal
Tags: experimental


Hello,

With libtool-doc from experimental, info libtool does not work
anymore. It brings up the shortened manual page instead of the info
pages.

Regards,

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26.2 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#493458: kopete: XMPP StartTLS not supported

[Remi Denis-Courmont]

Package: kopete
Version: 4:3.5.9-3
Severity: normal


Hello,

Kopete appears to be unable to handle StartTLS for XMPP/Jabber. If the
server requires it (e.g. ovi.com), it is entirely impossible to connect
to the service. Works fine with pidgin.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages kopete depends on:
ii  kdelibs4c2a 4:3.5.9.dfsg.1-6 core libraries and binaries for al
ii  libc6   2.7-12   GNU C Library: Shared libraries
ii  libgadu31:1.8.0+r592-2   Gadu-Gadu protocol library - runti
ii  libgcc1 1:4.3.1-8GCC support library
ii  libglib2.0-02.16.5-1 The GLib library of C routines
ii  libgsmme1c2a1.10-12.5GSM mobile phone access library
ii  libidn111.9-1GNU libidn library, implementation
ii  libmeanwhile1   1.0.2-3  open implementation of the Lotus S
ii  libqt3-mt   3:3.3.8b-5   Qt GUI Library (Threaded runtime v
ii  libstdc++6  4.3.1-8  The GNU Standard C++ Library v3
ii  libx11-62:1.1.4-2X11 client-side library
ii  libxml2 2.6.32.dfsg-2GNOME XML library
ii  libxrender1 1:0.9.4-2X Rendering Extension client libra
ii  libxslt1.1  1.1.24-1+lenny1  XSLT processing library - runtime 

Versions of packages kopete recommends:
ii  qca-tls   1.0-4  TLS plugin for the Qt Cryptographi

Versions of packages kopete suggests:
pn  ekiga   none   (no description available)
ii  gnupg   1.4.9-3  GNU privacy guard - a free PGP rep
ii  imagemagick 7:6.3.7.9.dfsg1-2+b2 image manipulation programs
pn  kdeartwork-emoticon none   (no description available)
pn  khelpcenter none   (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#493459: kopete: XMPP DNS SRV lookups

[Remi Denis-Courmont]

Package: kopete
Version: 4:3.5.9-3
Severity: wishlist


Hello,

Kopete will only try A/ DNS lookups to connect to a Jabber/XMPP
server. If the domain uses SRV records, the only way to connect is to
lookup the server manually, e.g. with dig, and hard-code it in the
Kopete configuration. This is not very convenient. Pidgin has no such
problem.


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages kopete depends on:
ii  kdelibs4c2a 4:3.5.9.dfsg.1-6 core libraries and binaries for al
ii  libc6   2.7-12   GNU C Library: Shared libraries
ii  libgadu31:1.8.0+r592-2   Gadu-Gadu protocol library - runti
ii  libgcc1 1:4.3.1-8GCC support library
ii  libglib2.0-02.16.5-1 The GLib library of C routines
ii  libgsmme1c2a1.10-12.5GSM mobile phone access library
ii  libidn111.9-1GNU libidn library, implementation
ii  libmeanwhile1   1.0.2-3  open implementation of the Lotus S
ii  libqt3-mt   3:3.3.8b-5   Qt GUI Library (Threaded runtime v
ii  libstdc++6  4.3.1-8  The GNU Standard C++ Library v3
ii  libx11-62:1.1.4-2X11 client-side library
ii  libxml2 2.6.32.dfsg-2GNOME XML library
ii  libxrender1 1:0.9.4-2X Rendering Extension client libra
ii  libxslt1.1  1.1.24-1+lenny1  XSLT processing library - runtime 

Versions of packages kopete recommends:
ii  qca-tls   1.0-4  TLS plugin for the Qt Cryptographi

Versions of packages kopete suggests:
pn  ekiga   none   (no description available)
ii  gnupg   1.4.9-3  GNU privacy guard - a free PGP rep
ii  imagemagick 7:6.3.7.9.dfsg1-2+b2 image manipulation programs
pn  kdeartwork-emoticon none   (no description available)
pn  khelpcenter none   (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#348056: tcptraceroute sees no traffic from ppp0

[Remi Denis-Courmont]

Hello,

On Tue, 24 Jun 2008 07:51:22 +0200, Daniel Baumann [EMAIL PROTECTED]
wrote:
 please retry with the current version (1.5beta7+debian-1 that is), which
 I've just uploaded to sid.

Sorry, I am not using the affected connection setup anymore, cannot test
anymore.

-- 
Rémi Denis-Courmont
http://www.remlab.net




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#485813: manpages-fr-extra: pthread_mutex_lock EDEADLK wrong

[Remi Denis-Courmont]

Package: manpages-fr-extra
Version: 20080429
Severity: normal
Tags: l10n


Hello,

The error case EDEADLK for pthread_mutex_lock is described as the
opposite of when it actually happens.
Please check the original version.

Regards

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.25.5 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

manpages-fr-extra depends on no packages.

Versions of packages manpages-fr-extra recommends:
ii  manpages-fr   2.79.4-1   French version of the manual pages

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#239073: /usr/bin/ogg123: French status translation is too wide

[Remi Denis-Courmont]

Package: vorbis-tools
Version: 1.2.0-1
Followup-For: Bug #239073


I have the same problem. Widening the console to 81 columns works around
the issue. Switching to another language also fixes the issue; it would
the French translation for the status string is one character too wide.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.25.3 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vorbis-tools depends on:
ii  libao2 0.8.8-4   Cross Platform Audio Output Librar
ii  libc6  2.7-11GNU C Library: Shared libraries
ii  libcurl3-gnutls7.18.1-1  Multi-protocol file transfer libra
ii  libflac8   1.2.1-1.2 Free Lossless Audio Codec - runtim
ii  libkrb53   1.6.dfsg.3-2  MIT Kerberos runtime libraries
ii  libogg01.1.3-3   Ogg Bitstream Library
ii  libspeex1  1.2~beta3.2-1 The Speex codec runtime library
ii  libvorbis0a1.2.0.dfsg-3  The Vorbis General Audio Compressi
ii  libvorbisenc2  1.2.0.dfsg-3  The Vorbis General Audio Compressi
ii  libvorbisfile3 1.2.0.dfsg-3  The Vorbis General Audio Compressi

vorbis-tools recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#480370: mozilla-plugin-vlc: CVE-2007-6683 is not fixed at all

[Remi Denis-Courmont]

Package: mozilla-plugin-vlc
Version: 0.8.6.e-2.1
Severity: grave
Tags: security patch
Justification: user security hole


The vlc binary package part of CVE-2007-6683 has been fixed as per
#458318. However, the issue affecting the mozilla plugin as noted here:
http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html
seems to still be wide open.

Upstream patch is here, but note that this will partially disable existing
functionality:
http://git.videolan.org/?p=vlc.git;a=commit;h=b426b192c7712eaa08c5f55d08ef648226d6d421

As far as I know affects both Etch and Lenny.

Regards,

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.25 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages mozilla-plugin-vlc depends on:
ii  libc6   2.7-10   GNU C Library: Shared libraries
ii  libgcc1 1:4.3.0-4GCC support library
ii  libice6 2:1.0.4-1X11 Inter-Client Exchange library
ii  libsm6  2:1.0.3-1+b1 X11 Session Management library
ii  libstdc++6  4.3.0-4  The GNU Standard C++ Library v3
ii  libvlc0 0.8.6.e-2.1  multimedia player and streamer lib
ii  libx11-62:1.0.3-7X11 client-side library
ii  libxt6  1:1.0.5-3X11 toolkit intrinsics library
ii  vlc 0.8.6.e-2.1  multimedia player and streamer
ii  vlc-nox 0.8.6.e-2.1  multimedia player and streamer (wi

mozilla-plugin-vlc recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#468801: libc6: RFC3484 scoping rules should only affect IPv6, not IPv4

[Remi Denis-Courmont]

Package: libc6
Version: 2.7-9
Severity: normal
Tags: patch


Hello,

Rule 2 of the Destination Address Selection algorithm in RFC3484
specifies:

| Rule 2:  Prefer matching scope.
| If Scope(DA) = Scope(Source(DA)) and Scope(DB)  Scope(Source(DB)),
| then prefer DA.  Similarly, if Scope(DA)  Scope(Source(DA)) and
| Scope(DB) = Scope(Source(DB)), then prefer DB.

This rule makes lots of sense for IPv6 addresses - hosts should not try
to use link-local destinations with global source addresses or
vice-versa.

However, glibc extends this rule to IPv4 as well: private RFC1918 IPv4
addresses are taken as a different scope from public IPv6 addresses.
This does not make much sense, especially with the widespread adoption
of Network Address Translation.

Because of this, a host with a (NATed) private IPv4 address and a 6to4
(2002::/16, global scope) or Teredo (2001:0::/32, global scope) IPv6
address will first try to use 6to4 or Teredo to reach any native IPv6
destination. Because 6to4 and especially Teredo are by design not very
reliable (depends on public relay), this often breaks connectivity
between 6to4/Teredo and native IPv6 nodes. IPv4 should be preferred.

Note that Windows (which could perhaps? be taken as the reference
implementation of RFC3484??) does prefer IPv4 in this case. Also note
that this make the separate 6to4 and Teredo _labels_ from inside the
Linux kernel and from /etc/gai.conf pretty useless. Finally, it violates
the RFC4380 requirement that Teredo be used as a last resort - i.e.
after IPv4.

Unfortunately, Rule 2 cannot even be configured or overriden in anyway.
The first configurable rule is number 5.

Trivial patch follows:

diff -Nru glibc-2.7.orig/sysdeps/posix/getaddrinfo.c
glibc-2.7/sysdeps/posix/getaddrinfo.c
--- glibc-2.7.orig/sysdeps/posix/getaddrinfo.c  2008-03-01
17:18:48.0 +0200
+++ glibc-2.7/sysdeps/posix/getaddrinfo.c   2008-03-01
17:20:20.0 +0200
@@ -1039,9 +1039,6 @@
 169.254/16 and 127/8 are link-local.  */
   if ((addr[0] == 169  addr[1] == 254) || addr[0] == 127)
scope = 2;
-  else if (addr[0] == 10 || (addr[0] == 172  (addr[1]  0xf0) ==
   16)
-  || (addr[0] == 192  addr[1] == 168))
-   scope = 5;
   else
scope = 14;
 }

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.24.2 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libc6 depends on:
ii  libgcc1 1:4.3-20080227-1 GCC support library

libc6 recommends no packages.

-- debconf information:
  glibc/upgrade: true
  glibc/restart-failed:
  glibc/restart-services:



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#467652: vlc: arbitrary memory overwrite in the MP4 demuxer

[Remi Denis-Courmont]

Package: vlc
Version: 0.8.6.c-6
Severity: grave
Tags: security
Justification: user security hole


VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
suffers from an arbitrary memory overwrite vulnerability when using
specially crafted (invalid) MP4 input files.

If successful, a malicious third party could trigger execution of
arbitrary code within the context of the VLC media player, or otherwise
crash the player instance.

Exploitation of the MP4 demuxer problem requires the user to explicitly
open a specially crafted file.

See also http://www.videolan.org/security/sa0802.html

This also affects Etch.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.24.2 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages vlc depends on:
ii  libaa1 1.4p5-34  ascii art library
ii  libatk1.0-01.20.0-1  The ATK accessibility toolkit
ii  libc6  2.7-8 GNU C Library: Shared libraries
ii  libcaca0   0.99.beta13b-4colour ASCII art library
ii  libcairo2  1.4.14-1  The Cairo 2D vector graphics libra
ii  libcdio7   0.78.2+dfsg1-2library to read and control CD-ROM
ii  libcucul0  0.99.beta13b-4low-level Unicode character drawin
ii  libdbus-1-31.1.4-1   simple interprocess messaging syst
ii  libdbus-glib-1-2   0.74-1simple interprocess messaging syst
ii  libfreetype6   2.3.5-1+b1FreeType 2 font engine, shared lib
ii  libfribidi00.10.9-1  Free Implementation of the Unicode
ii  libgcc11:4.3-20080219-1  GCC support library
ii  libgl1-mesa-glx [libgl 7.0.3~rc2-1   A free implementation of the OpenG
ii  libglib2.0-0   2.14.6-1  The GLib library of C routines
ii  libglu1-mesa [libglu1] 7.0.3~rc2-1   The OpenGL utility library (GLU)
ii  libgtk2.0-02.12.8-1  The GTK+ graphical user interface 
ii  libice62:1.0.4-1 X11 Inter-Client Exchange library
ii  libiso9660-5   0.78.2+dfsg1-2library to work with ISO9660 files
ii  libjpeg62  6b-14 The Independent JPEG Group's JPEG 
ii  libnotify1 [libnotify1 0.4.4-3   sends desktop notifications to a n
ii  libpango1.0-0  1.18.4-1  Layout and rendering of internatio
ii  libpng12-0 1.2.15~beta5-3PNG library - runtime
ii  libsdl-image1.21.2.6-3   image loading library for Simple D
ii  libsdl1.2debian1.2.13-2  Simple DirectMedia Layer
ii  libsm6 2:1.0.3-1+b1  X11 Session Management library
ii  libstdc++6 4.3-20080219-1The GNU Standard C++ Library v3
ii  libtar 1.2.11-4  C library for manipulating tar arc
ii  libtiff4   3.8.2-7   Tag Image File Format (TIFF) libra
ii  libvcdinfo00.7.23-4  library to extract information fro
ii  libvlc00.8.6.c-6 multimedia player and streamer lib
ii  libwxbase2.6-0 2.6.3.2.2-2   wxBase library (runtime) - non-GUI
ii  libwxgtk2.6-0  2.6.3.2.2-2   wxWidgets Cross-platform C++ GUI t
ii  libx11-6   2:1.0.3-7 X11 client-side library
ii  libxext6   1:1.0.3-2 X11 miscellaneous extension librar
ii  libxinerama1   1:1.0.2-1 X11 Xinerama extension library
ii  libxosd2   2.2.14-1.5X On-Screen Display library - runt
ii  libxv1 1:1.0.3-1 X11 Video extension library
ii  ttf-dejavu-core2.23-1Vera font family derivate with add
ii  vlc-nox0.8.6.c-6 multimedia player and streamer (wi
ii  zlib1g 1:1.2.3.3.dfsg-11 compression library - runtime

vlc recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#466237: xml2rfc: fails to run with tcl8.5

[Remi Denis-Courmont]

Package: xml2rfc
Version: 1.32.dfsg-1
Severity: grave
Justification: renders package unusable


Hello,

Since I switched from tcl8.4 to tcl8.5 (pulled by
planetpenguin-racer-data), xml2rfc will not work at all anymore. It
simply fails with:

xml2rfc: error: can't read counter(section): no such element in array
around input line 44

Please make sure xml2rfc uses tcl8.4, or fix it against tcl8.5.
In the mean time, xml2rfc ought to conflict with tcl8.5.

Regards,

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.24.2 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages xml2rfc depends on:
ii  sgml-base 1.26   SGML infrastructure and SGML catal
ii  tcl8.5 [tclsh]8.5.1-1Tcl (the Tool Command Language) v8

xml2rfc recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#466276: libdvbpsi4-dev: dvbpsi_SDTServiceAddDescriptor not defined

[Remi Denis-Courmont]

Package: libdvbpsi4-dev
Version: 0.1.5-3
Severity: important
Tags: fixed-upstream


Hello,

The dvbpsi_SDTServiceAddDescriptor API is not defined by sdt.h.
As such, the compiler assumes all of its parameters are interger.
This creates incorrect (segfaulting) code on 64-bits platforms,
as the pointer parameters are casted to 32-bits.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.24.2 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libdvbpsi4-dev depends on:
ii  libdvbpsi40.1.5-3library for MPEG TS and DVB PSI ta

libdvbpsi4-dev recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#464261: New linux headers?

[Remi Denis-Courmont]

tags 464261 + confirmed upstream fixed-upstream
thanks

Right.
This would be due to = 2.6.24 linux-kernel-headers, I guess.
Upstream SVN has a patch for this.

-- 
Rémi

Bug#462837: fluidsynth: heavy memory leaks

[Remi Denis-Courmont]

Package: libfluidsynth1
Version: 1.0.7a-1
Severity: normal
Tags: fixed-upstream


Hello,

Fluidsynth 1.0.7 leaks memory quite heavily (depending on the soundfonts
size, I guess) when it is initialized and deinitialized multiple times
from within the same process.

It would seem that upstream version 1.0.8 fixes this issue.


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.23.14 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libfluidsynth1 depends on:
ii  ladcca2   0.4.0-6LADCCA shared library files
ii  libasound21.0.15-3   ALSA library
ii  libc6 2.7-6  GNU C Library: Shared libraries
ii  libjack0.100.0-0  0.109.0-1  JACK Audio Connection Kit (librari
ii  libncurses5   5.6+20080119-1 Shared libraries for terminal hand
ii  libreadline5  5.2-3  GNU readline and history libraries
ii  libuuid1  1.40.4-1   universally unique id library

libfluidsynth1 recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#333418: #333418 not an iptables bug

[Remi Denis-Courmont]

retitle 333418 Undocumented owner match limitations
severity 333418 minor
thanks

   Hello,

The official kernel only supports UID and GID checks with the owner match, and
only in the POSTROUTING and the OUTPUT chains. That is not a problem with
iptables (userland) against which the bug was reported: it simply returns the
EINVAL back from the kernel.

The iptables manpage should mention the limitations though, and correctly.

-- 
Remi Denis-Courmont
http://www.simphalempin.com/home/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#338128: Plans to integrate in Debian?

[Remi Denis-Courmont]

Le Tuesday 13 June 2006 13:05, Anand Kumria a �crit :
 whilst the RFC issue is easy to fix,

I might consider removing all IETF copyrighted material from the SVN
repository, should that helps avoiding accidental re-occurence of that
mistake.

 I diagree with the interpretation of the ftp-master team (copyright is,
 according to policy, in aggregate and for the package (Section 12.5) not
 for individual files within a package).

What exactly was the problem according to ftp master? I mean, was it
incomplete debian/copyright file or something more fundamental to the package
itself?

In the first case, I doubt it's worth arguing with FTP masters on what sounds
like a pure matter of principle to me, plus I would be very surprised if that
lead to anything. Adding one line to copyright holder and a few lines at the
end of the copyright file is not going to kill anyone (I hope). If someone
has a more FTP-master-friendly implementation of anything they didn't like
(MD5?), that's a possible option as well.

-- 
Remi Denis-Courmont
http://www.simphalempin.com/home/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#338128: miredo: alternative package available

[Remi Denis-Courmont]

Selon Bernhard Schmidt [EMAIL PROTECTED]:

 JFYI, there is a package for miredo in an alternative repository:

 http://www.progsoc.uts.edu.au/~wildfire/debian.org/miredo/

AFAIK, this is the same package that's been rejected from incoming a few
months ago (and that's still at the top of backports.org own incoming), so it
would definitely need to be fixed somehow. And by this, I mean more than just
resyncing with upstream (=me). According to Anand, ftp-master rejected it
because of insufficient copyright boilerplate and non-free RFC content.

There is normally no IETF content in my automake-generated source tarballs,
though there *IS* IETF copyrighted non-packaged content in the source
repository. And as for the copyright, to the best of my knowledge, only the
MD5 implementation needs something besides my own copyright, let alone FSF
copyright on the whole autotools bloat.

 slightly outdated though. The package fires at least two of the four
 global Teredo relays at the moment (itgate.net and teleport-iabg.de)
 without a glitch. I have only tested client mode briefly (worked) and
 did not touch the server part.

I didn't know for teleport-iabg. As for the other relays, HotNIC is running
something on FreeBSD, and ConsulIntel runs miredo atop RHEL, but that's
slightly out of topic.

-- 
Remi Denis-Courmont
http://www.simphalempin.com/home/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]