Bug#697190: unblock: virtuoso-opensource/6.1.4+dfsg1-2
Hi, This still can't migrate due to a 'missing' armhf build (can no longer build it because mono in sid no longer supports armhf). So I think someone must ask ftpmaster to remove the virtuoso-opensource armhf packages from testing. Regards, -- Steven Chamberlain ste...@pyro.eu.org signature.asc Description: OpenPGP digital signature
Bug#697190: unblock: virtuoso-opensource/6.1.4+dfsg1-2
On 01.02.2013 13:27, Steven Chamberlain wrote: Hi, This still can't migrate due to a 'missing' armhf build (can no longer build it because mono in sid no longer supports armhf). So I think someone must ask ftpmaster to remove the virtuoso-opensource armhf packages from testing. Yes, and no. They need removing /from unstable/. (ftp-master don't remove things from testing; we don't do partial removals.) Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697190: unblock: virtuoso-opensource/6.1.4+dfsg1-2
On 2013-02-01 14:38, Adam D. Barratt wrote: On 01.02.2013 13:27, Steven Chamberlain wrote: Hi, This still can't migrate due to a 'missing' armhf build (can no longer build it because mono in sid no longer supports armhf). So I think someone must ask ftpmaster to remove the virtuoso-opensource armhf packages from testing. Yes, and no. They need removing /from unstable/. (ftp-master don't remove things from testing; we don't do partial removals.) Regards, Adam Filed as #699542. Thanks for the reminder. ~Niels -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697190: unblock: virtuoso-opensource/6.1.4+dfsg1-2
On Fri, Feb 1, 2013 at 13:27:07 +, Steven Chamberlain wrote: Hi, This still can't migrate due to a 'missing' armhf build (can no longer build it because mono in sid no longer supports armhf). So I think someone must ask ftpmaster to remove the virtuoso-opensource armhf packages from testing. There needs to be a source upload to fix #699380 first. Cheers, Julien signature.asc Description: Digital signature
Bug#697190: unblock: virtuoso-opensource/6.1.4+dfsg1-2
Control: reopen -1 On 2013-02-01 17:09, Julien Cristau wrote: On Fri, Feb 1, 2013 at 13:27:07 +, Steven Chamberlain wrote: Hi, This still can't migrate due to a 'missing' armhf build (can no longer build it because mono in sid no longer supports armhf). So I think someone must ask ftpmaster to remove the virtuoso-opensource armhf packages from testing. There needs to be a source upload to fix #699380 first. Cheers, Julien Good point, sorry for missing that. José, please prepare a version of virtuoso-opensource with #699380 fixed and ping us when it has been uploaded. ~Niels -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697190: unblock: virtuoso-opensource/6.1.4+dfsg1-2
On 29/01/13 01:45, Christoph Egger wrote: Christoph, please could you give back virtuoso-opensource on both kfreebsd-* arches for another build attempt? On the way Thank you, both builds were fine. Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697190: unblock: virtuoso-opensource/6.1.4+dfsg1-2
Steven Chamberlain ste...@pyro.eu.org writes: Hi, On 26/01/13 23:02, intrigeri wrote: José Manuel Santamaría Lema wrote (16 Jan 2013 17:33:25 GMT) : I've uploaded Virtuoso again because in the -2 revision of the package I did wrong fix for this bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677286 [...] So all in all, the proposed changes look good, and I recommend the release team grants the requested unblock. This can't migrate yet because it hasn't built on kfreebsd-* The netstat errors in buildd logs are ignored now, so that is not the problem. For some reason the service failed to start/respond, at different stages in the test suite. It builds okay for me on kfreebsd-amd64 locally. Christoph, please could you give back virtuoso-opensource on both kfreebsd-* arches for another build attempt? On the way Regards Christoph -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697190: unblock: virtuoso-opensource/6.1.4+dfsg1-2
Hi, José Manuel Santamaría Lema wrote (16 Jan 2013 17:33:25 GMT) : I've uploaded Virtuoso again because in the -2 revision of the package I did wrong fix for this bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677286 Hopefully it's now fixed correctly. I'm attaching the debdiff against the testing version. I've verified that portable-method-for-escaping-symbol-gawk.diff is indeed upstream commit b01c641b917485d0e23beb98787e43cb40baae8a, that was pointed at and successfully tested by Olivier Berger. I have *not* reviewed this (small) patch's content per se. The other changes (to fix #677286) were reviewed by Andreas Beckmann at [1], tested by himself at [2], and I do trust his opinion on such bugs discovered with piuparts. [1] http://bugs.debian.org/677286#46 [2] http://bugs.debian.org/677286#58 So all in all, the proposed changes look good, and I recommend the release team grants the requested unblock. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697190: unblock: virtuoso-opensource/6.1.4+dfsg1-2
Hi, On 26/01/13 23:02, intrigeri wrote: José Manuel Santamaría Lema wrote (16 Jan 2013 17:33:25 GMT) : I've uploaded Virtuoso again because in the -2 revision of the package I did wrong fix for this bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677286 [...] So all in all, the proposed changes look good, and I recommend the release team grants the requested unblock. This can't migrate yet because it hasn't built on kfreebsd-* The netstat errors in buildd logs are ignored now, so that is not the problem. For some reason the service failed to start/respond, at different stages in the test suite. It builds okay for me on kfreebsd-amd64 locally. Christoph, please could you give back virtuoso-opensource on both kfreebsd-* arches for another build attempt? Thank you, Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697190: unblock: virtuoso-opensource/6.1.4+dfsg1-2
retitle 697190 unblock: virtuoso-opensource/6.1.4+dfsg1-3 tags 697190 - moreinfo thanks Hello, I've uploaded Virtuoso again because in the -2 revision of the package I did wrong fix for this bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677286 Hopefully it's now fixed correctly. I'm attaching the debdiff against the testing version. diff -Nru virtuoso-opensource-6.1.4+dfsg1/debian/changelog virtuoso-opensource-6.1.4+dfsg1/debian/changelog --- virtuoso-opensource-6.1.4+dfsg1/debian/changelog 2012-06-10 23:21:10.0 +0200 +++ virtuoso-opensource-6.1.4+dfsg1/debian/changelog 2013-01-15 23:19:52.0 +0100 @@ -1,3 +1,28 @@ +virtuoso-opensource (6.1.4+dfsg1-3) unstable; urgency=low + + * The previous upload didn't actually fix the bug #677286: unowned files +after purge (/root/.odbc.ini). Looks like this is happening because of a +bug in odbcinst, which ignores the -l option (when passing -l it should +deal with /etc/odbc.ini and not touch $HOME/.odbc.ini). So I workarounded +the bug changing again virtuoso-opensource-6.1.prerm; I removed the +previous workaround and now odbinst is executed thus: +ODBCSEARCH=ODBC_SYSTEM_DSN odbcinst arguments_and_stuff +Setting that environment variable should override the arguments given in the +command line, it works both as a workaround for the unowned files after +purge problem and forces obdcinst to actually use the system DSN so it +will use /etc/odbc.ini, never $HOME/.odbc.ini (Closes: #677286). + + -- José Manuel Santamaría Lema panfa...@gmail.com Tue, 15 Jan 2013 23:19:48 +0100 + +virtuoso-opensource (6.1.4+dfsg1-2) unstable; urgency=low + + * Add portable-method-for-escaping-symbol-gawk.diff, fixes the conductor web +interface (Closes: #680764). + * Changed virtuoso-opensource-6.1.prerm to not leave an unowned file +(/root/.odbc.ini) after package removal (Closes: #677286). + + -- José Manuel Santamaría Lema panfa...@gmail.com Tue, 01 Jan 2013 22:41:57 +0100 + virtuoso-opensource (6.1.4+dfsg1-1) unstable; urgency=low * New upstream release (Closes: #650281). diff -Nru virtuoso-opensource-6.1.4+dfsg1/debian/libvirtodbc0.shlibs virtuoso-opensource-6.1.4+dfsg1/debian/libvirtodbc0.shlibs --- virtuoso-opensource-6.1.4+dfsg1/debian/libvirtodbc0.shlibs 2012-06-10 20:16:05.0 +0200 +++ virtuoso-opensource-6.1.4+dfsg1/debian/libvirtodbc0.shlibs 1970-01-01 01:00:00.0 +0100 @@ -1 +0,0 @@ -libvirtobbdc 8 libvirtodbc0 (= ) diff -Nru virtuoso-opensource-6.1.4+dfsg1/debian/patches/portable-method-for-escaping-symbol-gawk.diff virtuoso-opensource-6.1.4+dfsg1/debian/patches/portable-method-for-escaping-symbol-gawk.diff --- virtuoso-opensource-6.1.4+dfsg1/debian/patches/portable-method-for-escaping-symbol-gawk.diff 1970-01-01 01:00:00.0 +0100 +++ virtuoso-opensource-6.1.4+dfsg1/debian/patches/portable-method-for-escaping-symbol-gawk.diff 2012-11-23 14:27:51.0 +0100 @@ -0,0 +1,94 @@ +From b01c641b917485d0e23beb98787e43cb40baae8a Mon Sep 17 00:00:00 2001 +From: VOS Maintainer vos.ad...@openlinksw.com +Date: Thu, 8 Mar 2012 13:52:41 + +Subject: [PATCH] * Fixed use portable method for escaping symbol for gawk 3 + and 4 + +--- + binsrc/cached_resources/res_to_c.awk |8 +--- + binsrc/hosting/perl/pl_to_c.awk |2 +- + binsrc/hosting/python/py_to_c.awk|2 +- + binsrc/ws/wsrm/xsd2sql.awk |2 +- + libsrc/Wi/sql_to_c.awk |8 +--- + 5 files changed, 5 insertions(+), 17 deletions(-) + +diff --git a/binsrc/cached_resources/res_to_c.awk b/binsrc/cached_resources/res_to_c.awk +index 8c6ddbc..f7f4989 100644 +--- a/binsrc/cached_resources/res_to_c.awk b/binsrc/cached_resources/res_to_c.awk +@@ -30,13 +30,7 @@ BEGIN { + } + { + fun = $0 +- # was: gsub ( /\\/, , fun) +- q = +- if (PROCINFO[version] ~ /^4/) +- gsub ( q, q q, fun) +- else +- gsub ( q, q, fun) +- ++ gsub ( , , fun) + gsub ( //, \\\, fun) + gsub ( /\$/, \\044, fun) + gsub ( /.*/, \\\n\,, fun) +diff --git a/binsrc/hosting/perl/pl_to_c.awk b/binsrc/hosting/perl/pl_to_c.awk +index 9422a4c..eb4a07d 100644 +--- a/binsrc/hosting/perl/pl_to_c.awk b/binsrc/hosting/perl/pl_to_c.awk +@@ -42,7 +42,7 @@ END { + } + + x = $0 +- gsub (/\\/, , x) ++ gsub ( , , x) + gsub (/\/, \\\, x) + print \ x \\n\ + } +diff --git a/binsrc/hosting/python/py_to_c.awk b/binsrc/hosting/python/py_to_c.awk +index 7c5b529..6ce5ff4 100644 +--- a/binsrc/hosting/python/py_to_c.awk b/binsrc/hosting/python/py_to_c.awk +@@ -48,7 +48,7 @@ END { + } + + x = $0 +- gsub (/\\/, , x) ++ gsub ( , , x) + gsub (/\/, \\\, x) + print \ x \\n\ + } +diff --git a/binsrc/ws/wsrm/xsd2sql.awk b/binsrc/ws/wsrm/xsd2sql.awk +index a97aba6..4bba030 100644 +--- a/binsrc/ws/wsrm/xsd2sql.awk b/binsrc/ws/wsrm/xsd2sql.awk +@@ -54,7 +54,7 @@ BEGIN { + print ses := string_output (); + } + str = $0 +- gsub (
Bug#697190: unblock: virtuoso-opensource/6.1.4+dfsg1-2
Hi, José Manuel Santamaría Lema wrote (12 Jan 2013 23:37:41 GMT) : Just for your information, I tried to do a couple malicious things in the worst case scenario (i.e. with the unix socket enabled): [...] Thanks for checking! I doubt this can be security problem, but if you figure out a way to exploit it, please just file a bug against virtuoso explaining how you did it I'm not particularly interested in Virtuoso, so I doubt I'll take the time to seriously audit this specific potential source of issues myself. (I still see no good reason to perpetuate such bad security practices that tend to hit you by surprise sooner or later, and requires careful auditing to check version N is not affected, but well. /nitpicking :) (note that while your concerns may be reasonable, they aren't actually related to the fixes intended to be included in wheezy). Fair enough. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697190: unblock: virtuoso-opensource/6.1.4+dfsg1-2
Hello, intrigeri intrig...@debian.org Hi, José Manuel Santamaría Lema wrote (02 Jan 2013 20:22:43 GMT) : intrigeri intrig...@debian.org From a remote point-of-view, this is worrying: do you mean something during the installation will access or create a file with a fixed name in /tmp? Yes. May it have security implications? Unfortunately, yes. See http://bugs.debian.org/cgi- bin/bugreport.cgi?bug=576418 I'm tagging that one security. It's annoying, but yet another kind of security concern than the one I was afraid of and refering to... when using such predictable names, in many cases an attacker could overwrite any existing file on the system with the permissions of the process that wants to create the file. I doubt the /tmp/virt_ thing is immune to this class of attacks. Is it? Any very good reason to *both* 1. use a predictable name; and 2. use /tmp rather than a dedicated directory only writable by users that should access this file? Cheers, This what that /tmp/virt_ files are for: http://docs.openlinksw.com/virtuoso/accintudsockets.html I was wrong when I said it creates that file during the installation, I said that because during the installation the server is started and I tought the unix socket connections were enabled by default. However, they aren't, just do a virtuoso fresh installation and check how DisableUnixSocket is set to 1. What actually happens is that if there is already a /tmp/virt_ socket (created by a virtuoso instance launched by nepomuk/soprano) when starting the server it will hang (instead of failing and return), as I explained in the very first message of this bug report. Just for your information, I tried to do a couple malicious things in the worst case scenario (i.e. with the unix socket enabled): 1. I stoped the server, symlinked /tmp/virt_ to /etc/passwd and started it again. Virtuoso server removed the symlink and replaced it with a proper unix socket file. 2. As root, I disabled the sticky bit of /tmp/, then with a non-root user account I removed the /tmp/virt_ socket and replaced it with a symlink to /etc/passwd, then I did isql-vt localhost: dba passwd. It just falled back to a tcp connection, and the passwd file wasn't modified. I doubt this can be security problem, but if you figure out a way to exploit it, please just file a bug against virtuoso explaining how you did it instead of discussing it here (note that while your concerns may be reasonable, they aren't actually related to the fixes intended to be included in wheezy). That being said, looks like one of the fixes wasn't good, so I guess I will close this bug soon, upload a -3 revision and open a new one to request its unblock. Cheers. signature.asc Description: This is a digitally signed message part.
Bug#697190: unblock: virtuoso-opensource/6.1.4+dfsg1-2
Hi, José Manuel Santamaría Lema wrote (02 Jan 2013 20:22:43 GMT) : intrigeri intrig...@debian.org From a remote point-of-view, this is worrying: do you mean something during the installation will access or create a file with a fixed name in /tmp? Yes. May it have security implications? Unfortunately, yes. See http://bugs.debian.org/cgi- bin/bugreport.cgi?bug=576418 I'm tagging that one security. It's annoying, but yet another kind of security concern than the one I was afraid of and refering to... when using such predictable names, in many cases an attacker could overwrite any existing file on the system with the permissions of the process that wants to create the file. I doubt the /tmp/virt_ thing is immune to this class of attacks. Is it? Any very good reason to *both* 1. use a predictable name; and 2. use /tmp rather than a dedicated directory only writable by users that should access this file? Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697190: unblock: virtuoso-opensource/6.1.4+dfsg1-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hello, could you please unblock the virtuoso-opensource package? I have fixed a couple of important bugs which should be included in wheezy: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677286 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680764 Caveat: if you need to try to install virtuoso as a standalone server while using kde, please make sure that a virtuoso server (launched by nepomuk/soprano) isn't already using the file /tmp/virt_, it will hang the instalation. I have a fix/workaround for that[1] but I'm waiting for someone to upload it. [1]http://anonscm.debian.org/gitweb/?p=pkg-kde/kde- req/soprano.git;a=commitdiff;h=553f79d661e6e965ec947b5bd34758bc5981e5c0 Thank you. diff -Nru virtuoso-opensource-6.1.4+dfsg1/debian/changelog virtuoso-opensource-6.1.4+dfsg1/debian/changelog --- virtuoso-opensource-6.1.4+dfsg1/debian/changelog 2012-06-10 23:21:10.0 +0200 +++ virtuoso-opensource-6.1.4+dfsg1/debian/changelog 2013-01-01 22:42:04.0 +0100 @@ -1,3 +1,12 @@ +virtuoso-opensource (6.1.4+dfsg1-2) unstable; urgency=low + + * Add portable-method-for-escaping-symbol-gawk.diff, fixes the conductor web +interface (Closes: #680764). + * Changed virtuoso-opensource-6.1.prerm to not leave an unowned file +(/root/.odbc.ini) after package removal (Closes: #677286). + + -- José Manuel Santamaría Lema panfa...@gmail.com Tue, 01 Jan 2013 22:41:57 +0100 + virtuoso-opensource (6.1.4+dfsg1-1) unstable; urgency=low * New upstream release (Closes: #650281). diff -Nru virtuoso-opensource-6.1.4+dfsg1/debian/libvirtodbc0.shlibs virtuoso-opensource-6.1.4+dfsg1/debian/libvirtodbc0.shlibs --- virtuoso-opensource-6.1.4+dfsg1/debian/libvirtodbc0.shlibs 2012-06-10 20:16:05.0 +0200 +++ virtuoso-opensource-6.1.4+dfsg1/debian/libvirtodbc0.shlibs 1970-01-01 01:00:00.0 +0100 @@ -1 +0,0 @@ -libvirtobbdc 8 libvirtodbc0 (= ) diff -Nru virtuoso-opensource-6.1.4+dfsg1/debian/patches/portable-method-for-escaping-symbol-gawk.diff virtuoso-opensource-6.1.4+dfsg1/debian/patches/portable-method-for-escaping-symbol-gawk.diff --- virtuoso-opensource-6.1.4+dfsg1/debian/patches/portable-method-for-escaping-symbol-gawk.diff 1970-01-01 01:00:00.0 +0100 +++ virtuoso-opensource-6.1.4+dfsg1/debian/patches/portable-method-for-escaping-symbol-gawk.diff 2012-11-23 14:27:51.0 +0100 @@ -0,0 +1,94 @@ +From b01c641b917485d0e23beb98787e43cb40baae8a Mon Sep 17 00:00:00 2001 +From: VOS Maintainer vos.ad...@openlinksw.com +Date: Thu, 8 Mar 2012 13:52:41 + +Subject: [PATCH] * Fixed use portable method for escaping symbol for gawk 3 + and 4 + +--- + binsrc/cached_resources/res_to_c.awk |8 +--- + binsrc/hosting/perl/pl_to_c.awk |2 +- + binsrc/hosting/python/py_to_c.awk|2 +- + binsrc/ws/wsrm/xsd2sql.awk |2 +- + libsrc/Wi/sql_to_c.awk |8 +--- + 5 files changed, 5 insertions(+), 17 deletions(-) + +diff --git a/binsrc/cached_resources/res_to_c.awk b/binsrc/cached_resources/res_to_c.awk +index 8c6ddbc..f7f4989 100644 +--- a/binsrc/cached_resources/res_to_c.awk b/binsrc/cached_resources/res_to_c.awk +@@ -30,13 +30,7 @@ BEGIN { + } + { + fun = $0 +- # was: gsub ( /\\/, , fun) +- q = +- if (PROCINFO[version] ~ /^4/) +- gsub ( q, q q, fun) +- else +- gsub ( q, q, fun) +- ++ gsub ( , , fun) + gsub ( //, \\\, fun) + gsub ( /\$/, \\044, fun) + gsub ( /.*/, \\\n\,, fun) +diff --git a/binsrc/hosting/perl/pl_to_c.awk b/binsrc/hosting/perl/pl_to_c.awk +index 9422a4c..eb4a07d 100644 +--- a/binsrc/hosting/perl/pl_to_c.awk b/binsrc/hosting/perl/pl_to_c.awk +@@ -42,7 +42,7 @@ END { + } + + x = $0 +- gsub (/\\/, , x) ++ gsub ( , , x) + gsub (/\/, \\\, x) + print \ x \\n\ + } +diff --git a/binsrc/hosting/python/py_to_c.awk b/binsrc/hosting/python/py_to_c.awk +index 7c5b529..6ce5ff4 100644 +--- a/binsrc/hosting/python/py_to_c.awk b/binsrc/hosting/python/py_to_c.awk +@@ -48,7 +48,7 @@ END { + } + + x = $0 +- gsub (/\\/, , x) ++ gsub ( , , x) + gsub (/\/, \\\, x) + print \ x \\n\ + } +diff --git a/binsrc/ws/wsrm/xsd2sql.awk b/binsrc/ws/wsrm/xsd2sql.awk +index a97aba6..4bba030 100644 +--- a/binsrc/ws/wsrm/xsd2sql.awk b/binsrc/ws/wsrm/xsd2sql.awk +@@ -54,7 +54,7 @@ BEGIN { + print ses := string_output (); + } + str = $0 +- gsub ( /\\/, , str) ++ gsub ( , , str) + gsub ( /'/, \\', str) + + # +diff --git a/libsrc/Wi/sql_to_c.awk b/libsrc/Wi/sql_to_c.awk +index 01c5add..57ef36b 100644 +--- a/libsrc/Wi/sql_to_c.awk b/libsrc/Wi/sql_to_c.awk +@@ -343,13 +343,7 @@ BEGIN { + + # does escape the symbols + fun = $0 +- q = +- if (PROCINFO[version] ~ /^4/) +- gsub ( q, q q, fun) +- else +- gsub ( q, q, fun) +- +- #WAS: gsub ( /\\/, , fun) ++ gsub (, ,
Bug#697190: unblock: virtuoso-opensource/6.1.4+dfsg1-2
Control: tag -1 + moreinfo Hi, José Manuel Santamaría Lema wrote (02 Jan 2013 13:01:43 GMT) : Caveat: if you need to try to install virtuoso as a standalone server while using kde, please make sure that a virtuoso server (launched by nepomuk/soprano) isn't already using the file /tmp/virt_, it will hang the instalation. From a remote point-of-view, this is worrying: do you mean something during the installation will access or create a file with a fixed name in /tmp? May it have security implications? Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697190: unblock: virtuoso-opensource/6.1.4+dfsg1-2
intrigeri intrig...@debian.org Control: tag -1 + moreinfo Hi, José Manuel Santamaría Lema wrote (02 Jan 2013 13:01:43 GMT) : Caveat: if you need to try to install virtuoso as a standalone server while using kde, please make sure that a virtuoso server (launched by nepomuk/soprano) isn't already using the file /tmp/virt_, it will hang the instalation. From a remote point-of-view, this is worrying: do you mean something during the installation will access or create a file with a fixed name in /tmp? Yes. May it have security implications? Unfortunately, yes. See http://bugs.debian.org/cgi- bin/bugreport.cgi?bug=576418 And now that you mention it, perhaps I should try to prepare a fix for wheezy if the Release Team is on the mood to accept it. Cheers, signature.asc Description: This is a digitally signed message part.