Processed: Re: Bug#290826: postfix: Upgrade from Postfix 2.1.4-5 to 2.1.5-4 fails
Processing commands for [EMAIL PROTECTED]: severity 290826 important Bug#290826: postfix: Upgrade from Postfix 2.1.4-5 to 2.1.5-4 fails Severity set to `important'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290826: postfix: Upgrade from Postfix 2.1.4-5 to 2.1.5-4 fails
severity 290826 important thanks Jean-Philippe, On Mon, Jan 17, 2005 at 07:21:42AM +0100, Jean-Philippe wrote: At 19:39 16/01/2005 -0800, you wrote: Can you confirm the value of postconf alias_database on your system? I confirm the value of postconf alias_database was indeed hash:/etc/aliases.db: my apologies, /etc/postfix/main.cf was broken on my system and all is fine now after changing it to hash:/etc/aliases and restarting the upgrade process. Thanks for your help! Thanks for the quick reply. I'm going to go ahead and downgrade this bug, and leave it open for the postfix maintainer to decide if there's anything further that should be done about it. Cheers, -- Steve Langasek postmodern programmer signature.asc Description: Digital signature
Bug#290833: dbmail-pgsql: Inconsistent escaping of user supplied data in dbauthpgsql.c
Bug acknowledged. This should be fixed by the pending 2.0.3 upload. Primoz Bratanic wrote: Package: dbmail-pgsql Version: 1.2.11 Severity: grave Tags: security Justification: user security hole In pgsql/dbauthpgsql.c escaping is not consistent. Sometimes username and other user supplied values are escaped and sometimes like in: auth_check_user(...) auth_check_user_ext(...) auth_adduser(...) auth_delete_user(...) they are not. This most likely opens ways sql injection. I don't have proof of concept yet, so if this doesn't look exploitable to you at first glance, please close it and I'll resubmit it when I finish PoC. Best regards, Primoz -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.8-1-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) -- Paul Stevens [EMAIL PROTECTED] NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31 The Netherlands___www.nfg.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290495: marked as done (circular build dependency)
Your message dated Mon, 17 Jan 2005 09:59:19 +0100 with message-id [EMAIL PROTECTED] and subject line closing dup has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 14 Jan 2005 12:55:33 + From [EMAIL PROTECTED] Fri Jan 14 04:55:33 2005 Return-path: [EMAIL PROTECTED] Received: from pc004.content.piro.com (tuttle.intern.cm-ag) [195.135.144.148] by spohr.debian.org with smtp (Exim 3.35 1 (Debian)) id 1CpQzE-ij-00; Fri, 14 Jan 2005 04:55:33 -0800 Received: (qmail 21728 invoked by uid 1013); 14 Jan 2005 12:55:30 - Received: from 172.30.3.1 by tuttle (envelope-from [EMAIL PROTECTED], uid 64011) with qmail-scanner-1.24 (f-prot: 4.4.7/3.14.13. spamassassin: 2.64. Clear:RC:1(172.30.3.1):. Processed in 0.464302 secs); 14 Jan 2005 12:55:30 - Received: from unknown (HELO rabbit.intern.cm-ag) (172.30.3.1) by tuttle.intern.cm-ag with SMTP; 14 Jan 2005 12:55:29 - Received: (qmail 18300 invoked by uid 1000); 14 Jan 2005 12:56:18 - Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Max Kellermann [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: circular build dependency X-Mailer: reportbug 3.2 Date: Fri, 14 Jan 2005 13:56:18 +0100 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: mcs Version: 1.0.4-1 Severity: serious mcs build-depends on mono-utils, which in turn depends on mono-assemblies-base. mono-assemblies-base is a binary package provided by mcs itself. -- System Information: Debian Release: 3.0 Architecture: i386 (i686) Kernel: Linux 2.6.9 Locale: LANG=en_US, LC_CTYPE=de_DE (charmap=ISO-8859-1) --- Received: (at 290495-done) by bugs.debian.org; 17 Jan 2005 08:59:39 + From [EMAIL PROTECTED] Mon Jan 17 00:59:39 2005 Return-path: [EMAIL PROTECTED] Received: from mail02.hansenet.de (webmail.hansenet.de) [213.191.73.62] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CqSjb-0001IT-00; Mon, 17 Jan 2005 00:59:39 -0800 Received: from smtp.qnetp.net (213.39.214.149) by webmail.hansenet.de (7.2.034.5) (authenticated as [EMAIL PROTECTED]) id 41BFC9E300450EF8 for [EMAIL PROTECTED]; Mon, 17 Jan 2005 09:59:37 +0100 Received: from localhost (localhost [127.0.0.1]) by smtp.qnetp.net (Postfix) with ESMTP id 958957A for [EMAIL PROTECTED]; Mon, 17 Jan 2005 09:59:37 +0100 (CET) Received: from gsd-pc-23.lan.gsd-software.net (firewall.gsd-software.net [62.80.20.122]) by smtp.qnetp.net (Postfix) with ESMTP id A8C3579 for [EMAIL PROTECTED]; Mon, 17 Jan 2005 09:59:23 +0100 (CET) Subject: closing dup From: Mirco Bauer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Content-Type: multipart/signed; micalg=pgp-sha1; protocol=application/pgp-signature; boundary==-sPg634D9NMRBNusggFeP Date: Mon, 17 Jan 2005 09:59:19 +0100 Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 X-Mailer: Evolution 2.0.3 X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at meebey.net Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: --=-sPg634D9NMRBNusggFeP Content-Type: text/plain Content-Transfer-Encoding: quoted-printable this is a duplicate bug, which was already closed (bogus report btw, because circular build-dependencies are right in this case) --=20 Regards, Mirco 'meebey' Bauer PGP-Key: http://keyserver.noreply.org/pks/lookup?op=3Dgetsearch=3D0xEEF946C8 -BEGIN GEEK CODE BLOCK- Version: 3.12 GIT d s-:+ a-- C++ UL$ P L++$+++$ E- W+++$ N o? K- w++! O M- V? PS PE+ Y- PGP++ t 5+ X++ R tv+ b+ DI? D+ G++ e h! r-++ y? --END GEEK CODE BLOCK-- --=-sPg634D9NMRBNusggFeP Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) iQEVAwUAQet+ZnEn5avu+UbIAQIqjAgAjzXO+MVEmj3UMJiHBrXkqbi8mWr4bhlj
Bug#289762: [Pkg-nagios-devel] Bug#289762: nagios-mysql bugs
Hello Sean On 2005-01-16 sean finney wrote: i haven't heard back from christian yet whether or not he'd accept the patch changeset that fixes the bug or wants to wait until the next version of mysql-server comes out, but our response will largely depend on that. The patch was accepted and next version of 4.1 has also been released in the meantime. IIRC my last uploaded package should be fine. -christian- pgpEWR0ZinyCU.pgp Description: PGP signature
Bug#290855: Upgrade from Postfix 2.1.4-5 to 2.1.5-4 fails #2
Package: postfix Version: 2.1.4-5 Severity: grave Justification: renders package unusable On a uptodate Sarge box, the upgrade failed like this. Seems NOT to be the same problem as described in bug #290826 tex-mail:/etc# apt-get upgrade Reading Package Lists... Done Building Dependency Tree... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 3 not fully installed or removed. Need to get 0B of archives. After unpacking 0B of additional disk space will be used. Do you want to continue? [Y/n] Setting up postfix (2.1.5-4) ... dpkg: error processing postfix (--configure): subprocess post-installation script returned error exit status 2 dpkg: dependency problems prevent configuration of postfix-pcre: postfix-pcre depends on postfix; however: Package postfix is not configured yet. postfix-pcre depends on postfix (= 2.1.5-4); however: Package postfix is not configured yet. dpkg: error processing postfix-pcre (--configure): dependency problems - leaving unconfigured dpkg: dependency problems prevent configuration of postfix-tls: postfix-tls depends on postfix; however: Package postfix is not configured yet. postfix-tls depends on postfix (= 2.1.5-4); however: Package postfix is not configured yet. dpkg: error processing postfix-tls (--configure): dependency problems - leaving unconfigured Errors were encountered while processing: postfix postfix-pcre postfix-tls E: Sub-process /usr/bin/dpkg returned an error code (1) The problem seeems to be on this line: tex-mail:/home/sleclerc# dpkg-divert --package postfix --remove --rename --divert /usr/share/man/man8/smtpd.real.8.gz /usr/share/man/man8/smtpd.8.gz Removing `diversion of /usr/share/man/man8/smtpd.8.gz to /usr/share/man/man8/smtpd.real.8.gz by postfix' dpkg-divert: rename involves overwriting `/usr/share/man/man8/smtpd.8.gz' with different file `/usr/share/man/man8/smtpd.real.8.gz', not allowed Directory have: tex-mail:/home/sleclerc# ll /usr/share/man/man8/smtpd* -rw-r--r-- 1 root root 7460 2004-09-06 03:41 /usr/share/man/man8/smtpd.8.gz -rw-r--r-- 1 root root 7467 2005-01-04 21:05 /usr/share/man/man8/smtpd.8postfix.gz -rw-r--r-- 1 root root 1650 1999-07-19 20:53 /usr/share/man/man8/smtpd.real.8.gz -rw-r--r-- 1 root root 401 2004-08-31 19:44 /usr/share/man/man8/smtpd-setup-chroot.8.gz I solved installation, manualy removing /usr/share/man/man8/smtpd.real.8.gz. Stef... ... . Linux - Debian - php4 - JAVA/Tomcat - MySQL - Infogerance . . email: [EMAIL PROTECTED] - http://www.actionweb.fr/ . . Tel: (0)141 906 100-Fax: (0)141 906 101. ... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#278191: marked as done (xtrlock unlocks upon very long input)
Your message dated Mon, 17 Jan 2005 06:02:02 -0500 with message-id [EMAIL PROTECTED] and subject line Bug#278190: fixed in xtrlock 2.0-9 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 25 Oct 2004 12:16:52 + From [EMAIL PROTECTED] Mon Oct 25 05:16:51 2004 Return-path: [EMAIL PROTECTED] Received: from ns.ustc.edu.cn (mx1.ustc.edu.cn) [202.38.64.1] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CM3mL-00015F-00; Mon, 25 Oct 2004 05:16:50 -0700 Received: from mail.ustc.edu.cn (webmail.ustc.edu.cn [202.38.64.16]) by mx1.ustc.edu.cn (8.11.6/8.11.6) with SMTP id i9PC6QH25899 for [EMAIL PROTECTED]; Mon, 25 Oct 2004 20:06:27 +0800 Received: from 202.112.113.126 (proxying for unknown) (SquirrelMail authenticated user muec) by webmail.ustc.edu.cn with HTTP; Mon, 25 Oct 2004 20:07:03 +0800 (CST) Message-ID: [EMAIL PROTECTED] Date: Mon, 25 Oct 2004 20:07:03 +0800 (CST) Subject: xtrlock unlocks upon very long input From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Mailer: SquirrelMail (version 1.3.2) MIME-Version: 1.0 Content-Type: text/plain;charset=gb2312 X-Priority: 3 Importance: Normal Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-5.4 required=4.0 tests=BAYES_01,HAS_PACKAGE, NO_REAL_NAME autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: X-CrossAssassin-Score: 2 Package: xtrlock Version: 2.0-8 xtrlock can be bypassed by holding down any key for 1 minute and then pressing Enter. I am using Debian GNU/Linux 3.1, kernel 2.6.8-1-686, libc6 2.3.2.ds1-16, xlibs 4.3.0.dfsg.1-7 and Gnome 2. --- Received: (at 278190-close) by bugs.debian.org; 17 Jan 2005 11:05:35 + From [EMAIL PROTECTED] Mon Jan 17 03:05:35 2005 Return-path: [EMAIL PROTECTED] Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CqUhT-0001yn-00; Mon, 17 Jan 2005 03:05:35 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1CqUe2-0005sD-00; Mon, 17 Jan 2005 06:02:02 -0500 From: Matthew Vernon [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.55 $ Subject: Bug#278190: fixed in xtrlock 2.0-9 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Mon, 17 Jan 2005 06:02:02 -0500 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: X-CrossAssassin-Score: 2 Source: xtrlock Source-Version: 2.0-9 We believe that the bug you reported is fixed in the latest version of xtrlock, which is due to be installed in the Debian FTP archive: xtrlock_2.0-9.dsc to pool/main/x/xtrlock/xtrlock_2.0-9.dsc xtrlock_2.0-9.tar.gz to pool/main/x/xtrlock/xtrlock_2.0-9.tar.gz xtrlock_2.0-9_i386.deb to pool/main/x/xtrlock/xtrlock_2.0-9_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matthew Vernon [EMAIL PROTECTED] (supplier of updated xtrlock package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Format: 1.7 Date: Mon, 17 Jan 2005 10:47:09 + Source: xtrlock Binary: xtrlock Architecture: source i386 Version: 2.0-9 Distribution: unstable Urgency: high Maintainer: Debian QA Group [EMAIL PROTECTED] Changed-By: Matthew Vernon [EMAIL PROTECTED] Description: xtrlock- Minimal X display lock program Closes: 264173 278190 278191 Changes: xtrlock (2.0-9) unstable; urgency=high . * Fix the problem whereby we unlocked on long input (closes: #278191, #278190) * tidy up a switch statement (closes: #264173) Files: 2b5cb5f98847a8e37b618a95cac9f634 599 x11 optional xtrlock_2.0-9.dsc f268de7457416ba57d4b757e62e9eece 7437 x11
Bug#290841: nautilus opens connections for each file on a samba share
On 17.01.05 Charles Henderson ([EMAIL PROTECTED]) wrote: Package: nautilus Version: 2.9.2-0ubuntu1 Severity: serious That version does not exist neither in unstable nor in testing. Strangely, nautilus appears to open a different connection for every file in a samba directory when browsing directories. This becomes a huge problem for larger directories (over 600 files will make working with a directory impossible) as hundreds of connections are spawned. I have remote preview turned off in file management preferences but was curious whether that option or getting the mime information for each of the files (in this case 600 mp3 files) could be the root of the evil. Do you get the same results, when using the official Debian package? If not, please close that bug and complain at your distributors site! Thanks, Hilmar -- sigmentation fault -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#290841: nautilus opens connections for each file on a samba share
Processing commands for [EMAIL PROTECTED]: severity 290841 important Bug#290841: nautilus opens connections for each file on a samba share Severity set to `important'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: cloning 241112, reassign -1 to ftp.debian.org
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.8.5 clone 241112 -1 Bug#241112: Please remove distributed-net-pproxy. Bug 241112 cloned as bug 290890. reassign -1 ftp.debian.org Bug#290890: Please remove distributed-net-pproxy. Bug reassigned from package `distributed-net-pproxy' to `ftp.debian.org'. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: The ftpmasters have approved libnfsidmap1, prick.
Processing commands for [EMAIL PROTECTED]: close 290302 Bug#290302: nfs-common: depends on libnfsidmap1 which isn't installable 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug closed, send any further explanations to Igmar Palsenberg [EMAIL PROTECTED] thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289762: [Pkg-nagios-devel] Bug#289762: nagios-mysql bugs
hi christian, On Mon, Jan 17, 2005 at 09:36:32AM +0100, Christian Hammers wrote: On 2005-01-16 sean finney wrote: i haven't heard back from christian yet whether or not he'd accept the patch changeset that fixes the bug or wants to wait until the next version of mysql-server comes out, but our response will largely depend on that. The patch was accepted and next version of 4.1 has also been released in the meantime. IIRC my last uploaded package should be fine. taking a look at incoming.debian.org, i see some 4.1 binaries containing the fix. will these be a seperate branch of packages from 4.0.x? do you have a copy of the latter that i can test out? thanks, sean -- signature.asc Description: Digital signature
Bug#285775: marked as done (mantis: Mantis gives MySQL error upon install)
Your message dated Mon, 17 Jan 2005 17:09:09 +0100 with message-id [EMAIL PROTECTED] and subject line Fixed in 0.19.2-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 15 Dec 2004 15:02:59 + From [EMAIL PROTECTED] Wed Dec 15 07:02:59 2004 Return-path: [EMAIL PROTECTED] Received: from bgo1smout1.broadpark.no [217.13.4.94] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Ceag7-0007l8-00; Wed, 15 Dec 2004 07:02:59 -0800 Received: from bgo1sminn1.broadpark.no ([217.13.4.93]) by bgo1smout1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Wed, 15 Dec 2004 15:57:46 +0100 (CET) Received: from localhost.localdomain ([80.203.102.99]) by bgo1sminn1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Wed, 15 Dec 2004 16:05:57 +0100 (CET) Date: Wed, 15 Dec 2004 17:23:16 +0100 From: Tor Arvid Lund [EMAIL PROTECTED] Subject: mantis: Mantis gives MySQL error upon install To: Debian Bug Tracking System [EMAIL PROTECTED] Bcc: Tor Arvid Lund [EMAIL PROTECTED] Message-id: [EMAIL PROTECTED] MIME-version: 1.0 X-Mailer: reportbug 3.4 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: mantis Version: 0.19.0-1 Severity: grave Justification: renders package unusable When installing (not upgrading) mantis, I get the error: I: Backing up database to /var/backups/mantis.dump. E: DB scheme check failed: Error when trying to connect to the mysql database. This error can occur if you have no database to connect to, or if the password was incorrect. use: dpkg-reconfigure -plow packagename to reconfigure. E: DB scheme check failed: Error when trying to connect to the mysql database. This error can occur if you have no database to connect to, or if the password was incorrect. use: dpkg-reconfigure -plow packagename to reconfigure. I: Running upstream-supplied upgrade script I have tried several things; pre-creating the bugtracker database and mantis DB user (with all privileges, just to be sure). I also tried looking at the control scripts in the mantis package, but they were a little complex for me (although I _did_ notice that they sometimes said adminpassword and sometimes with a typo: adminpassoword (notice the extra 'o'). I will try to figure this out, but I don't really have any clues right now... -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.26-1-386 Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Versions of packages mantis depends on: ii apache2 2.0.52-3Next generation, scalable, extenda ii apache2-mpm-prefork [httpd] 2.0.52-3Traditional model for Apache2 ii debconf 1.4.41 Debian configuration management sy ii grep 2.5.1.ds1-4 GNU grep, egrep and fgrep ii libapache-mod-php4 4:4.3.9-2 server-side, HTML-embedded scripti ii libapache2-mod-php4 4:4.3.9-2 server-side, HTML-embedded scripti ii libphp-adodb 4.52-1 The 'adodb' database abstraction l ii mysql-client 4.0.22-6mysql database client binaries ii php4-cli 4:4.3.9-2 command-line interpreter for the p ii php4-mysql 4:4.3.9-2 MySQL module for php4 ii wwwconfig-common 0.0.41 Debian web auto configuration -- debconf information: * mantis/adminpassword: (password omitted) mantis/password: (password omitted) mantis/root_password: (password omitted) mantis/ldap_info: * mantis/title: mutex.info Bugtracker * mantis/username: mantis * mantis/webmaster: [EMAIL PROTECTED] * mantis/url: http://bugs.mutex.info/ * mantis/bounce: [EMAIL PROTECTED] * mantis/purge_db: false mantis/dn: dn= * mantis/ldap: false mantis/ldap_server: localhost mantis/version: *
Bug#290905: rsync fails with error when rsyncing to a remote host (file server) running rsyncd
Package: rsync Version: 2.6.3-2 Severity: grave Justification: causes non-serious data loss A cron job currently runs an automatic backup each night from the remote file server (running rsyncd under inetd) to the backup server which runs the following script without error: #!/bin/bash # This script is called daily from cron to perform overnight backups # The full paths of the programs used in this script rm=/bin/rm mv=/bin/mv cp=/bin/cp rsync=/usr/bin/rsync mount=/bin/mount umount=/bin/umount # Good rsync options for backups. rsync_opts=-av --delete # The name of the file containing the rsync connection password password=--password-file=/etc/.rs_pass # Move all other backups up a level. Copy previous backup to # /backup/daily. Backup file_server according to the [rsync] sections of the # rsyncd.conf files on file_server. Use the password given in /etc/.rs_pass. # Dump any output and error messages to /var/rsync/file_server rm -rf /root/backup/snapshot/month.6 mv /root/backup/snapshot/month.5 /root/backup/snapshot/month.6 mv /root/backup/snapshot/month.4 /root/backup/snapshot/month.5 mv /root/backup/snapshot/month.3 /root/backup/snapshot/month.4 mv /root/backup/snapshot/month.2 /root/backup/snapshot/month.3 mv /root/backup/snapshot/month.1 /root/backup/snapshot/month.2 mv /root/backup/snapshot/week.4 /root/backup/snapshot/month.1 mv /root/backup/snapshot/week.3 /root/backup/snapshot/week.4 mv /root/backup/snapshot/week.2 /root/backup/snapshot/week.3 mv /root/backup/snapshot/week.1 /root/backup/snapshot/week.2 mv /root/backup/snapshot/day.6 /root/backup/snapshot/week.1 mv /root/backup/snapshot/day.5 /root/backup/snapshot/day.6 mv /root/backup/snapshot/day.4 /root/backup/snapshot/day.5 mv /root/backup/snapshot/day.3 /root/backup/snapshot/day.4 mv /root/backup/snapshot/day.2 /root/backup/snapshot/day.3 mv /root/backup/snapshot/day.1 /root/backup/snapshot/day.2 cp -al /root/backup/home /root/backup/snapshot/day.1 $rsync $rsync_opts $password file_server::rsync \ /root/backup/home/ /var/rsync/file_server However, running a similar script to mirror the backups to the file server gives rise to the following error: rsync: writefd_unbuffered failed to write 4092 bytes: phase send_file_entry [sender]: Broken pipe (32) ERROR: module is read only rsync error: syntax or usage error (code 1) at main.c(555) rsync: connection unexpectedly closed (4 bytes received so far) [sender] rsync error: error in rsync protocol data stream (code 12) at io.c(359) This is the script run on the backup: #!/bin/bash # This script is called daily from cron to mirror the overnight backups # to file_server # The full paths of the programs used in this script rsync=/usr/bin/rsync mount=/bin/mount umount=/bin/umount # Good rsync options for backups. rsync_opts=-av # The name of the file containing the rsync connection password password=--password-file=/etc/.rs_pass # Mirror the contents of /root/backup folder to file_server:/root/backup_server/backup. # Dump any output and error messages to /var/rsync/backup_server $rsync $rsync_opts $password /root/backup/ \ file_server::mirror /var/rsync/backup_server The rsyncd.conf file on the file server: [rsync] path = /home use chroot = no max connections = 4 auth users = root hosts allow = backup_server secrets file = /etc/.rs_sec uid = root gid = root [mirror] path = /root/backup_server/backup use chroot = no max connections = 4 auth users = root hosts allow = backup_server secrets file = /etc/.rs_sec uid = root gid = root Let me know if you need more info Regards Clive -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-1-686 Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Versions of packages rsync depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libpopt01.7-5lib for parsing cmdline parameters -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#278191: CAN-2005-0079: authentication bypass via integer overflow
Just for references, this issue has been assigned CAN-2005-0079. A Debian advisory will follow. Regards, Joey -- MIME - broken solution for a broken design. -- Ralf Baechle Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Oops, forgot to CC: control
Processing commands for [EMAIL PROTECTED]: reopen 287043 Bug#287043: CAN-2004-1284 Buffer overflow in the find_next_file function Bug reopened, originator not changed. tags = security,woody Unknown command or malformed arguments to command. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#278190: Bug#278191: CAN-2005-0079: authentication bypass via integer overflow
Justin Pryzby wrote: reopen 278191 tag 278191 woody thanks Correct? In generall yes and only if the security team is contacted in parallel, but please close them as I surely forget this. Regards, Joey -- MIME - broken solution for a broken design. -- Ralf Baechle Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#278191: CAN-2005-0079: authentication bypass via integer overflow
Justin Pryzby wrote: Bug#278191: CAN-2005-0079: authentication bypass via integer overflow Its not an integer overflow, btw, though its not really a buffer overflow either; its an set-an-arbitrary-byte-of-memory-to-zero bug. Are you sure? My investigation showed that rlen goes from 0..49 and rbuf[rlen] is accessed then rlen grows until 2147483647 while rbuf[rlen] is not accessed due to rlen sizeof(rbuf) But then, since 2147483647 is INT_MAX, rlen will become -2147483648 and with the next character the condition rlen sizeof(rbuf) is true again, causing rbuf[rlen] = cbuf[0] to be executed, unfortunately rlen is now -2147483648 causing the program to crash rlen goes from valid to invalid positive to invalid negative -- integer overflow Regards, Joey -- MIME - broken solution for a broken design. -- Ralf Baechle Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#260808: avifile-player: Aviplay works fine in my system
I haven't isolated the bug or anything more beyond knowing that it crashed my X. If this bug report is not particularly useful, please feel free to trash it. I apologise if I'm wasting your time. Thanks much, X crash are due to X drivers bugs. Could you try with the current release of xserver-xfree86 ? Also can you tell which graphic card you have , maybe the bug is already report on xserver-xfree86. avifile use Xv (Xserver video extension) , which is not yet supported by old cards (ex. my s3 virge does not). BUt a lot of fixes for bugs with those where applied a few monthes ago (thanks Alan Cox !) Also you can check that your card support Xv yourself , using : $ xdpyinfo |grep XVideo in an X terminal (xterm, konsole,...). If nothing is outputed it does not and there is a bug in avifile-player too, as it should check if it is supported before using it. (even though X ought not to crash anyway). You could also check the newest avifile-player Please test those before reporting the bug to xserver-xfree86, their list of bug is overcrowded (though its dropping fastly). Adding those information would fastened the bug process a lot. If you do not have this video file anymore, maybe you could download the one from : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=274730 it crash avifile here (but not Xfree, i got an Xv error. I guess my driver xvideo support is stable). For example i did not have crash with applications using xv on radeon, nvidia and s3 , but had on a trident (it was around your test time, i also have to recheck with current release). Cheers Alban -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290876: marked as done (alsa-base cannot be installed after an apt-get update. Requires alsa-utils 1.0.7-2 but 1.0.7-2 is the latest version available)
Your message dated Mon, 17 Jan 2005 21:57:00 +0100 with message-id [EMAIL PROTECTED] and subject line Done today has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 17 Jan 2005 11:50:31 + From [EMAIL PROTECTED] Mon Jan 17 03:50:31 2005 Return-path: [EMAIL PROTECTED] Received: from ulysses.noc.ntua.gr [147.102.222.230] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CqVOw-0001R2-00; Mon, 17 Jan 2005 03:50:31 -0800 Received: from danaos.cslab.ece.ntua.gr (danaos.cslab.ece.ntua.gr [147.102.3.1]) by ulysses.noc.ntua.gr (8.13.1/8.13.1) with ESMTP id j0HBnneN086042 for [EMAIL PROTECTED]; Mon, 17 Jan 2005 13:49:49 +0200 (EET) (envelope-from [EMAIL PROTECTED]) Received: by cslab.ece.ntua.gr with ESMTP id j0HBnmv02843 ; Mon, 17 Jan 2005 13:49:48 +0200 (EET) Received: by daedalus.cslab.ece.ntua.gr (Postfix, from userid 1000) id CD81F1575B4; Mon, 17 Jan 2005 13:49:48 +0200 (EET) Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Vangelis Koukis [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: alsa-base cannot be installed after an apt-get update. Requires alsa-utils 1.0.7-2 but 1.0.7-2 is the latest version available X-Mailer: reportbug 3.5 Date: Mon, 17 Jan 2005 13:49:48 +0200 Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: alsa-base Version: 1.0.7-2 Severity: grave After an apt-get update, alsa-base is kept back. Trying to install it manually yields the following error: The following packages have unmet dependencies: alsa-base: Depends: alsa-utils ( 1.0.7-2) but 1.0.7-2 is to be installed It seems that the dependency information for the package is wrong, and the dependency on alsa-utils should be = 1.0.7-2. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.10-ac9-1vlk Locale: LANG=el_GR, LC_CTYPE=el_GR (charmap=ISO-8859-7) Versions of packages alsa-base depends on: ii alsa-utils1.0.7-2ALSA utilities ii debconf 1.4.42 Debian configuration management sy ii debianutils 2.11.2 Miscellaneous utilities specific t ii lsof 4.73-1 List open files. ii module-init-tools 3.1-rel-2 tools for managing Linux kernel mo ii modutils 2.4.26-1.2 Linux module utilities -- debconf information: * alsa-base/alsactl_store_on_shutdown: never autosave --- Received: (at 290876-done) by bugs.debian.org; 17 Jan 2005 20:57:37 + From [EMAIL PROTECTED] Mon Jan 17 12:57:37 2005 Return-path: [EMAIL PROTECTED] Received: from post-23.mail.nl.demon.net [194.159.73.193] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CqdwP-0002hT-00; Mon, 17 Jan 2005 12:57:37 -0800 Received: from aglu.demon.nl ([83.160.174.170]:45933 helo=localhost) by post-23.mail.nl.demon.net with esmtp (Exim 4.43) id 1CqdwM-0006Nd-HU for [EMAIL PROTECTED]; Mon, 17 Jan 2005 20:57:36 + Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with ESMTP id 4631410D612 for [EMAIL PROTECTED]; Mon, 17 Jan 2005 21:57:01 +0100 (CET) Subject: Done today From: Thomas Hood [EMAIL PROTECTED] To: [EMAIL PROTECTED] Content-Type: text/plain Date: Mon, 17 Jan 2005 21:57:00 +0100 Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 X-Mailer: Evolution 2.0.3 Content-Transfer-Encoding: 7bit Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: alsa-utils 1.0.8-1 went into sid today, thus making alsa-base 1.0.8-1 installable. -- Thomas Hood [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290905: rsync fails with error when rsyncing to a remote host (file server) running rsyncd
On (17/01/05 21:45), Thomas Wana wrote: Hi, ERROR: module is read only quick question, are the permissions correct on the other end? Hi Tom I believe so: $ ls -l /root/venus drwxr-xr-x 3 root root 4096 2005-01-03 09:46 backup Regards Clive -- www.clivemenzies.co.uk ... ...strategies for business -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: menu: patch for non-executable update-menus
Processing commands for [EMAIL PROTECTED]: tags 289702 patch Bug#289702: menu: Non-executable update-menus breaks woody ghostview postrm There were no tags set. Tags added: patch thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289702: menu: patch for non-executable update-menus
tags 289702 patch thanks Attached is a patch that adds a wrapper around update-menus so that it is always executable. The wrapper checks for the existence for /etc/menu/unconfigured, preinst creates it, postinst removes it and runs update-menus. This should fix the bug, I think. Also, eventually it should be possible to get rid of all the testing of whether update-menus is executable in postinsts of other packages. I have tested the patch by installing woody on a scratch machine (fairly minimal installation, though), then adding ghostview and menu to it, then dist-upgrading to sarge plus a menu package with this patch applied. There were no problems. Admittedly, this is not a through test. diff -ruN menu-2.1.20.orig/debian/changelog menu-2.1.20.fixed/debian/changelog --- menu-2.1.20.orig/debian/changelog 2004-12-15 01:51:07.0 +0200 +++ menu-2.1.20.fixed/debian/changelog 2005-01-17 19:42:45.0 +0200 @@ -1,3 +1,14 @@ +menu (2.1.20.0.liw.1) unstable; urgency=low + + * debian/wrapper.sh: Wrote. + * debian/rules: Install debian/wrapper.sh as /usr/bin/update-menus and +what used to be /usr/bin/update-menus as /usr/bin/update-menus.real. + * debian/postinst: When run, remove /etc/menu/unconfigured. + * debian/prerm: Don't fiddle with permission bits. + * debian/preinst: Wrote. + + -- Lars Wirzenius [EMAIL PROTECTED] Mon, 17 Jan 2005 19:21:37 +0200 + menu (2.1.20) unstable; urgency=low * The deer Rudolf release diff -ruN menu-2.1.20.orig/debian/postinst menu-2.1.20.fixed/debian/postinst --- menu-2.1.20.orig/debian/postinst 2003-10-08 17:44:22.0 +0300 +++ menu-2.1.20.fixed/debian/postinst 2005-01-17 19:43:50.0 +0200 @@ -13,7 +13,10 @@ # kill -KILL `pidof update-menus` 2 /dev/null || true #fi -chmod a+x /usr/bin/update-menus +# Remove the flag file that prevents update-menus.real from being run while +# its dependency libraries are unconfigured. +rm -f /etc/menu/unconfigured + update-menus install-info --quiet \ diff -ruN menu-2.1.20.orig/debian/preinst menu-2.1.20.fixed/debian/preinst --- menu-2.1.20.orig/debian/preinst 1970-01-01 02:00:00.0 +0200 +++ menu-2.1.20.fixed/debian/preinst 2005-01-17 19:41:04.0 +0200 @@ -0,0 +1,11 @@ +#!/bin/sh + +# Create the /etc/menu directory. If we're installing for the first time, +# it might be missing, since this script is run before the package is +# unpacked. +install -d /etc/menu + +# Create the flag file that prevents update-menus.real from being run +# by the update-menus shell script. This prevents problems when the +# package is unpacked before its library dependencies have been configured. +touch /etc/menu/unconfigured diff -ruN menu-2.1.20.orig/debian/prerm menu-2.1.20.fixed/debian/prerm --- menu-2.1.20.orig/debian/prerm 2003-10-08 17:38:00.0 +0300 +++ menu-2.1.20.fixed/debian/prerm 2005-01-17 19:37:05.0 +0200 @@ -2,8 +2,6 @@ set -e -chmod a-x /usr/bin/update-menus - install-info --quiet --remove /usr/share/info/menu.info #DEBHELPER# diff -ruN menu-2.1.20.orig/debian/rules menu-2.1.20.fixed/debian/rules --- menu-2.1.20.orig/debian/rules 2004-05-15 01:30:25.0 +0300 +++ menu-2.1.20.fixed/debian/rules 2005-01-17 19:44:53.0 +0200 @@ -54,6 +54,9 @@ # Add here commands to install the package into debian/tmp. $(MAKE) install DESTDIR=`pwd`/debian/tmp/ + mv debian/tmp/usr/bin/update-menus debian/tmp/usr/bin/update-menus.real + install debian/wrapper.sh debian/tmp/usr/bin/update-menus + cp examples/translate_menus examples/menu.h po-sections/lang.h\ examples/menu.config debian/tmp/etc/menu-methods # @@ -89,8 +92,6 @@ dh_strip dh_compress dh_fixperms - #Ensure update-menus is not shipped executable - chmod a-x debian/tmp/usr/bin/update-menus # dh_suidregister dh_installdeb dh_shlibdeps diff -ruN menu-2.1.20.orig/debian/wrapper.sh menu-2.1.20.fixed/debian/wrapper.sh --- menu-2.1.20.orig/debian/wrapper.sh 1970-01-01 02:00:00.0 +0200 +++ menu-2.1.20.fixed/debian/wrapper.sh 2005-01-17 19:39:45.0 +0200 @@ -0,0 +1,27 @@ +#!/bin/sh +# +# Wrapper script around the real update-menus command. This is necessary in +# the Debian context because when packages are updated, the menu.deb package +# may be unpacked before the libraries it is compiled against are unpacked +# and configured. This means that there is a window in time where the new +# update-menus command exists in /usr/bin, but it is not yet usable, because +# the shared libraries don't work. +# +# This wrapper script prevents that from happening: the menu.deb package +# has a pre-installation script that creates /etc/menu/unconfigured before +# the package is unpacked, and a post-installation script that removes the +# file. While the file exists, any attempt to run /usr/bin/update-menus +# (that is, this script) will be a no-op. The menu.deb post-installation +# script runs this script after the package is configured, to make sure +# all the things that should have happened
Bug#290943: cfengine2: cfagent won't run without the cfagent.conf already there.
Package: cfengine2 Version: 2.1.10-2 Severity: grave Justification: renders package unusable When I run cfagent on the client or the server it won't run unless I copy the cfagent.conf over by hand. It should work with just the update.conf in place. I emailed the [EMAIL PROTECTED] email list and Mark Burgess, the maintainer of the cfengine codebase acknowledges that there is a bug int 2.1.10 and 2.1.11. He says it's fixed in 2.1.12. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-1-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages cfengine2 depends on: ii debconf 1.4.30.11Debian configuration management sy ii debianutils 2.8.4Miscellaneous utilities specific t ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libdb4.24.2.52-17Berkeley v4.2 Database Libraries [ ii libssl0.9.7 0.9.7e-2 SSL shared libraries ii perl5.8.4-5 Larry Wall's Practical Extraction -- debconf information: * cfengine2/run_cfservd: true * cfengine2/run_cfexecd: true * cfengine2/run_cfenvd: true -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290337: abort on start
Em Qui, 2005-01-13 s 16:57 +, ROBERTOJIMENOCA escreveu: I'm using latest unstable 2005-01-13 with gtk+ and glib 2.6.1-1 and python_2.3.4-5 and python-gtk2_2.4.1-2 Hey, GTK+/Glib 2.6.x are not yet on unstable, and maybe the problem is related to them, as I can't reproduce the problem with 2.4.14, which is in unstable so I don't see this it as grave yet. Did you get the 2.6.x packages from experimental? Thanks, -- [EMAIL PROTECTED]: Gustavo Noronha http://beterraba.no-ip.org/~kov/ Debian: http://www.debian.org/ * http://www.debian-br.org/
Bug#290950: libgcj6-dev: missing conflict
Package: libgcj6-dev Severity: serious Tags: experimental [ sorry, LANG=de_DE ] Entpacke libgcj6-dev (aus .../libgcj6-dev_4.0-0pre4_i386.deb) ... dpkg: Fehler beim Bearbeiten von /var/cache/apt/archives/libgcj6-dev_4.0-0pre4_i386.deb (--unpack): versuche »/usr/lib/libgcj.a« zu überschreiben, welches auch in Paket libgcj5-dev ist dpkg-deb: Unterprozess paste getötet mit Signal (Datenübergabe unterbrochen (broken pipe)) Regards, Rene -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.10 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages libgcj6-dev depends on: pn gcj-4.0 Not found. ii libc6-dev 2.3.2.ds1-20 GNU C Library: Development Librari pn libgcj6 Not found. pn libgcj6-awt Not found. pn libgcj6-common Not found. ii zlib1g-dev 1:1.2.2-3compression library - development signature.asc Description: Digital signature
Processed: retitle 246443 to boot-floppies: Fails to advise admin of kernel vulnerabilities
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.8.5 retitle 246443 boot-floppies: Fails to advise admin of kernel vulnerabilities Bug#246443: boot-floppies: There is no indice *bf kernel has security issues Changed Bug title. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: retitle 237422 to Various security related bugs are unfixed in Debian stable
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.8.5 retitle 237422 Various security related bugs are unfixed in Debian stable Bug#237422: Various security realated Bugs are unfixed in debian stable Changed Bug title. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: tagging 290047
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.8.5 tags 290047 confirmed Bug#290047: linux-wlan-ng: insecure /tmp usage Tags were: security Tags added: confirmed End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: retitle 273826 to Horgand freeze the system when run
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.8.5 retitle 273826 Horgand freeze the system when run Bug#273826: Horgand freeze the system when runned Changed Bug title. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289702: menu: patch for non-executable update-menus
On Mon, Jan 17, 2005 at 11:18:06PM +0200, Lars Wirzenius wrote: tags 289702 patch thanks Attached is a patch that adds a wrapper around update-menus so that it is always executable. The wrapper checks for the existence for /etc/menu/unconfigured, preinst creates it, postinst removes it and runs update-menus. This should fix the bug, I think. I have a similar fix in my repository: I don't use a state file but the /usr/bin/update-menus.real x permission bit. Also, eventually it should be possible to get rid of all the testing of whether update-menus is executable in postinsts of other packages. I don't think it make any sense. We will still have to check if the file /usr/bin/update-menus exists before executing it so doing test -e instead of test -x does not give you anything. I have tested the patch by installing woody on a scratch machine (fairly minimal installation, though), then adding ghostview and menu to it, then dist-upgrading to sarge plus a menu package with this patch applied. There were no problems. Admittedly, this is not a through test. No, it is not a test at all since ghostview maintainer scripts are not run during the dist-upgrade since ghostview status does not change, so it works even with the current menu. Anyway, thanks for your efforts! They were appreciated! Cheers, -- Bill. [EMAIL PROTECTED] Imagine a large red swirl here. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290966: sffview: FTBFS: Missing build dependency?
Package: sffview Version: 0.3-2 Severity: serious Hi, Your package is failing to build with the following error: g++ -O2 -g -c `wx-config --cflags` -o sffview.o sffview.cpp In file included from sffview.cpp:36: common.h:36:37: boost/filesystem/path.hpp: No such file or directory sffview.cpp: In member function `void SffView::CalcScale()': sffview.cpp:123: warning: passing `double' for converting 4 of `virtual void wxScrolledWindow::SetScrollbars(int, int, int, int, int, int, bool)' sffview.cpp:128: warning: passing `double' for converting 3 of `virtual void wxScrolledWindow::SetScrollbars(int, int, int, int, int, int, bool)' make[1]: *** [sffview.o] Error 1 This looks like a missing build dependency on libboost-filesystem-dev. When adding it it builds fine. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290970: proxycheck: segfaults when run
Package: proxycheck Version: 0.49a-1 Severity: grave Justification: renders package unusable I can't find any way to run this utility without causing it to segfault. Example: [EMAIL PROTECTED]:~$ /usr/bin/proxycheck -d 127.0.0.1:80 -c chat 127.0.0.1 Segmentation fault gdb produces a 1451-line backtrace with little information except at the top and bottom: [EMAIL PROTECTED]:~$ gdb --args /usr/bin/proxycheck -d 127.0.0.1:80 -c chat 127.0.0.1 --snip-- (gdb) run --snip-- Program received signal SIGSEGV, Segmentation fault. 0xb7f14d03 in strchr () from /lib/tls/libc.so.6 (gdb) bt #0 0xb7f14d03 in strchr () from /lib/tls/libc.so.6 --snip-- #1451 0xb7ff815e in __tls_get_addr () from /lib/ld-linux.so.2 -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.10 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages proxycheck depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an -- no debconf information -- Jeff Bonham [EMAIL PROTECTED] PGP Public Key ID: BA289747 signature.asc Description: Digital signature
Bug#290974: apache: Temporary usage bugs that can be used in symlink attacks
Package: apache Version: 1.3.33-2 Priority: grave Tags: security sid sarge Hi, I've found unsafe uses of /tmp in some of Apache's scripts in the source, one of this (check_forensic) is installed in Debian's apache-utils package and IMHO should be fixed. They are rather low risk, but I have to set the priority to grave in any case (since they qualify) The fix is rather straightforward (use mktemp or tempfile instead of the $$ construct and add a trap to remove the temporary files) and it is needed, specially for check_forensic. In the check_forensic script, for example, an attacker could just monitor /tmp/ usage and construct symlinks to the fc-XX.$$ as soon as sees that the fc-all.$$ file is being used. I've verified that none of these issues affect woody's Apache (1.3.26-0woody6). The fnm.sh script was there but it is not installed with any package and the check_forensic script was introduced later on. The attached (untested) patch should fix these issues, hope it helps. Please fix fnm.sh even if not being installed in any Debian packages, just to ease the work of automatic source-code review tools. Regards Javier diff -Nru build-tree-apache.orig/apache_1.3.33/src/helpers/fmn.sh build-tree-apache/apache_1.3.33/src/helpers/fmn.sh --- build-tree-apache.orig/apache_1.3.33/src/helpers/fmn.sh 2004-02-16 23:23:09.0 +0100 +++ build-tree-apache/apache_1.3.33/src/helpers/fmn.sh 2005-01-18 00:51:03.0 +0100 @@ -24,8 +24,8 @@ modfile=$1 # the part from the Configure script -tmpfile=${TMPDIR-/tmp}/fmn.tmp.$$ -rm -f $tmpfile +tmpfile=`mktemp -t fmn.XX || tempfile --prefix=fmn` || { echo $0: Cannot create temporary file 2; exit 1; } +trap rm -f -- \$tmpfile\; 0 1 2 3 13 15 modname='' ext=`echo $modfile | sed 's/^.*\.//'` modbase=`echo $modfile | sed 's/\.[^.]*$//'` @@ -52,8 +52,8 @@ modname=`echo $modbase | sed 's/^.*\///' | \ sed 's/^mod_//' | sed 's/^lib//' | sed 's/$/_module/'` fi -rm -f $tmpfile # output: the name of the module structure symbol echo $modname +exit 0 diff -Nru build-tree-apache.orig/apache_1.3.33/src/support/check_forensic build-tree-apache/apache_1.3.33/src/support/check_forensic --- build-tree-apache.orig/apache_1.3.33/src/support/check_forensic 2005-01-18 00:49:23.0 +0100 +++ build-tree-apache/apache_1.3.33/src/support/check_forensic 2005-01-18 00:53:32.0 +0100 @@ -7,9 +7,14 @@ F=$1 -cut -f 1 -d '|' $F /tmp/fc-all.$$ -grep + /tmp/fc-all.$$ | cut -c2- | sort /tmp/fc-in.$$ -grep -- - /tmp/fc-all.$$ | cut -c2- | sort /tmp/fc-out.$$ +all=`mktemp -t fcall.XX || tempfile --prefix=fcall` || { echo $0: Cannot create temporary file 2; exit 1; } +in=`mktemp -t fcin.XX || tempfile --prefix=fcin` || { echo $0: Cannot create temporary file 2; exit 1; } +out=`mktemp -t fcout.XX || tempfile --prefix=fcout` || { echo $0: Cannot create temporary file 2; exit 1; } +trap rm -f -- \$all\ \$in\ \$out\; 0 1 2 3 13 15 + +cut -f 1 -d '|' $F $all +grep + $all | cut -c2- | sort $in +grep -- - $all | cut -c2- | sort $out # use -i instead of -I for GNU xargs -join -v 1 /tmp/fc-in.$$ /tmp/fc-out.$$ | xargs -ixx egrep ^\\+xx $F -rm /tmp/fc-all.$$ /tmp/fc-in.$$ /tmp/fc-out.$$ +join -v 1 $in $out | xargs -ixx egrep ^\\+xx $F +exit 0
Bug#290943: Re-classify bug
severity 290943 important The package is still usable provided you're already using it. -- Andrew Stribblehill [EMAIL PROTECTED] Systems programmer, IT Service, University of Durham, England -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290809: xscreensaver-gl: I'm also having this problem
Package: xscreensaver-gl Version: 4.16-1 Followup-For: Bug #290809 I also get this error.In the screensaver preferences for XScreensaver, if I choose GLKnots as the screensaver, I am returned to the GDM login prompt.I'm using the nVidia drivers, with the lines in /etc/X11/XF86Config-4 being: (II) LoadModule: nvidia (II) Loading /usr/X11R6/lib/modules/drivers/nvidia_drv.o (II) Module nvidia: vendor=NVIDIA Corporation compiled for 4.0.2, module version = 1.0.6111 Module class: XFree86 Video Driver Interestingly, when I log back in and open the screensaver preferences again, GLKnots appears correctly in the demo window. Last few lines of log file: GetModeLine - scrn: 0 clock: 94500 GetModeLine - hdsp: 1024 hbeg: 1072 hend: 1168 httl: 1376 vdsp: 768 vbeg: 769 vend: 772 vttl: 808 flags: 5 *** If unresolved symbols were reported above, they might not *** be the reason for the server aborting. Fatal server error: Caught signal 11. Server aborting [EMAIL PROTECTED]:~$ lspci :00:00.0 Host bridge: Advanced Micro Devices [AMD] AMD-751 [Irongate] System Controller (rev 25) :00:01.0 PCI bridge: Advanced Micro Devices [AMD] AMD-751 [Irongate] AGP Bridge (rev 01) :00:07.0 ISA bridge: Advanced Micro Devices [AMD] AMD-756 [Viper] ISA (rev 01) :00:07.1 IDE interface: Advanced Micro Devices [AMD] AMD-756 [Viper] IDE (rev 07) :00:07.3 Bridge: Advanced Micro Devices [AMD] AMD-756 [Viper] ACPI (rev 03) :00:07.4 USB Controller: Advanced Micro Devices [AMD] AMD-756 [Viper] USB (rev 06) :00:08.0 Communication controller: Motorola SM56 PCI Modem :00:09.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8029(AS) :00:0a.0 Multimedia audio controller: Ensoniq 5880 AudioPCI (rev 02) :01:05.0 VGA compatible controller: nVidia Corporation NV5M64 [RIVA TNT2 Model 64/Model 64 Pro] (rev 15) [EMAIL PROTECTED]:~$ -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.8.1-20041022 Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Versions of packages xscreensaver-gl depends on: ii libc6 2.3.2.ds1-19 GNU C Library: Shared libraries an ii libgle3 3.1.0-5OpenGL tubing and extrusion librar ii libglib2.0-0 2.4.8-1The GLib library of C routines ii libgtk2.0-0 2.4.13-1 The GTK+ graphical user interface ii libice6 4.3.0.dfsg.1-9 Inter-Client Exchange library ii libsm64.3.0.dfsg.1-9 X Window System Session Management ii libx11-6 4.3.0.dfsg.1-9 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-9 X Window System miscellaneous exte ii libxmu6 4.3.0.dfsg.1-9 X Window System miscellaneous util ii libxt64.3.0.dfsg.1-9 X Toolkit Intrinsics ii xlibmesa-gl [libgl1] 4.3.0.dfsg.1-9 Mesa 3D graphics library [XFree86] ii xlibmesa-glu [libglu1]4.3.0.dfsg.1-9 Mesa OpenGL utility library [XFree ii xlibs 4.3.0.dfsg.1-9 X Keyboard Extension (XKB) configu -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#284952: The USB block device should be disabled
On Mon, Jan 17, 2005 at 12:03:51PM +0100, Frank Lichtenheld wrote: On Sun, Jan 16, 2005 at 12:33:48PM +0100, Paul van Tilburg wrote: The USB block device is known to be experimental and buggy. CONFIG_BLK_DEV_UB=m should be set to 'n'. Since the ub modules takes preference of the old, though working usb-storage, hotplug loads ub. Blacklisting ub doesn't help, loading usb-storage doesn't work either. I really would like for UB to be disable until proven reasonably stable. Can someone merge this bug with #283852, plz? I'm unsure which of them to reassign. The merge thing doesn't work well with the way we have multiple source packages for the kernel. It seems that this problem actually effects the following source packages. kernel-image-2.6.10-alpha-2.6.10 kernel-image-2.6.10-ia64-2.6.10 kernel-image-2.6.9-amd64-2.6.9 kernel-image-2.6.9-ia64-2.6.9 kernel-image-2.6.9-sparc-2.6.9 kernel-patch-2.6.10-mips-2.6.10 kernel-patch-powerpc-2.6.10-2.6.10 kernel-patch-powerpc-2.6.9-2.6.9 Would it be of value to duplicate, say #283852, assign one copy to each of these source packages, and then merge #283852 with #284952 on one package, say kernel-patch-powerpc-2.6.9-2.6.9, where at one of the bugs originated. Also, sould I go through and fix the config in svn, even though I can't build for any of these architectures? -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#284952: The USB block device should be disabled
On Tue, Jan 18, 2005 at 12:56:51PM +0900, Horms wrote: On Mon, Jan 17, 2005 at 12:03:51PM +0100, Frank Lichtenheld wrote: On Sun, Jan 16, 2005 at 12:33:48PM +0100, Paul van Tilburg wrote: The USB block device is known to be experimental and buggy. CONFIG_BLK_DEV_UB=m should be set to 'n'. Since the ub modules takes preference of the old, though working usb-storage, hotplug loads ub. Blacklisting ub doesn't help, loading usb-storage doesn't work either. I really would like for UB to be disable until proven reasonably stable. Can someone merge this bug with #283852, plz? I'm unsure which of them to reassign. I wonder about this, would it not be enough to blacklist the UB generated modules in hotplug and/or discover ? The merge thing doesn't work well with the way we have multiple source packages for the kernel. It seems that this problem actually effects the following source packages. kernel-image-2.6.10-alpha-2.6.10 kernel-image-2.6.10-ia64-2.6.10 kernel-image-2.6.9-amd64-2.6.9 kernel-image-2.6.9-ia64-2.6.9 kernel-image-2.6.9-sparc-2.6.9 kernel-patch-2.6.10-mips-2.6.10 kernel-patch-powerpc-2.6.10-2.6.10 kernel-patch-powerpc-2.6.9-2.6.9 Would it be of value to duplicate, say #283852, assign one copy to each of these source packages, and then merge #283852 with #284952 on one package, say kernel-patch-powerpc-2.6.9-2.6.9, where at one of the bugs originated. Also, sould I go through and fix the config in svn, even though I can't build for any of these architectures? Fine with me, but see above. Friendly, Sven Luther -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#284952: The USB block device should be disabled
On Tue, Jan 18, 2005 at 04:59:04AM +0100, Sven Luther wrote: On Tue, Jan 18, 2005 at 12:56:51PM +0900, Horms wrote: On Mon, Jan 17, 2005 at 12:03:51PM +0100, Frank Lichtenheld wrote: On Sun, Jan 16, 2005 at 12:33:48PM +0100, Paul van Tilburg wrote: The USB block device is known to be experimental and buggy. CONFIG_BLK_DEV_UB=m should be set to 'n'. Since the ub modules takes preference of the old, though working usb-storage, hotplug loads ub. Blacklisting ub doesn't help, loading usb-storage doesn't work either. I really would like for UB to be disable until proven reasonably stable. Can someone merge this bug with #283852, plz? I'm unsure which of them to reassign. I wonder about this, would it not be enough to blacklist the UB generated modules in hotplug and/or discover ? According to Paul van Tilburg, in Bug#284952 this does not help. Though he didn't expand on why. The merge thing doesn't work well with the way we have multiple source packages for the kernel. It seems that this problem actually effects the following source packages. kernel-image-2.6.10-alpha-2.6.10 kernel-image-2.6.10-ia64-2.6.10 kernel-image-2.6.9-amd64-2.6.9 kernel-image-2.6.9-ia64-2.6.9 kernel-image-2.6.9-sparc-2.6.9 kernel-patch-2.6.10-mips-2.6.10 kernel-patch-powerpc-2.6.10-2.6.10 kernel-patch-powerpc-2.6.9-2.6.9 Would it be of value to duplicate, say #283852, assign one copy to each of these source packages, and then merge #283852 with #284952 on one package, say kernel-patch-powerpc-2.6.9-2.6.9, where at one of the bugs originated. Also, sould I go through and fix the config in svn, even though I can't build for any of these architectures? Fine with me, but see above. Friendly, Sven Luther -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#284952: The USB block device should be disabled
On Tue, Jan 18, 2005 at 01:13:57PM +0900, Horms wrote: On Tue, Jan 18, 2005 at 04:59:04AM +0100, Sven Luther wrote: On Tue, Jan 18, 2005 at 12:56:51PM +0900, Horms wrote: On Mon, Jan 17, 2005 at 12:03:51PM +0100, Frank Lichtenheld wrote: On Sun, Jan 16, 2005 at 12:33:48PM +0100, Paul van Tilburg wrote: The USB block device is known to be experimental and buggy. CONFIG_BLK_DEV_UB=m should be set to 'n'. Since the ub modules takes preference of the old, though working usb-storage, hotplug loads ub. Blacklisting ub doesn't help, loading usb-storage doesn't work either. I really would like for UB to be disable until proven reasonably stable. Can someone merge this bug with #283852, plz? I'm unsure which of them to reassign. I wonder about this, would it not be enough to blacklist the UB generated modules in hotplug and/or discover ? According to Paul van Tilburg, in Bug#284952 this does not help. Though he didn't expand on why. Ah, i also have some second-thoughts about this, since we cannot know exactly how the user is loading the modules. I will disable it in the ppc 2.6.9/2.6.10 kernels. Friendly, Sven Luther -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#284952: The USB block device should be disabled
On Tue, 2005-01-18 at 12:56 +0900, Horms wrote: Also, sould I go through and fix the config in svn, even though I can't build for any of these architectures? Horms - in general you are welcome to modify the ia64 configs; though you can also just dup a bug I can handle it before my next upload. I've gone ahead and fixed this one in svn. fyi, the current state of the art for ia64 config handling is to just modify the itanium config execute the sync_configs target in debian/rules. -- dann frazier [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290999: depends on wvstreams3, not wvstreams4
Package: retchmail Severity: grave libwvstreams3 seems to have disappeared from Debian unstable, but retchmail still depends on it instead of libwvstreams4: [EMAIL PROTECTED]:~$ sudo apt-get install retchmail Reading Package Lists... Done Building Dependency Tree... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. Since you only requested a single operation it is extremely likely that the package is simply not installable and a bug report against that package should be filed. The following information may help to resolve the situation: The following packages have unmet dependencies: retchmail: Depends: libwvstreams3 but it is not installable Depends: libwvstreams3-base (= 3.75+20040221-1) but it is not installable E: Broken packages [EMAIL PROTECTED]:~$ sudo apt-get install libwvstreams3 Reading Package Lists... Done Building Dependency Tree... Done Package libwvstreams3 is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package libwvstreams3 has no installation candidate -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.18-bf2.4 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#287651: [GRASS5] [bug #2877] (grass) Insecure tempfile creation
[thanks for the 5.0.3 patch Marga] Just an update re. less-insecure tempfiles .. In the upstream GRASS 5.7 CVS[*] pretty much everything in the scripts/ directory now uses g.tempfile. C modules are next. I am not sure what to do with the init scripts libs where the GRASS tempfile fn's may not be available.. These fixes are not in Steve Halasz's grass 6.0beta1 grass package[**], I'm not sure when 6beta2 will be but maybe Steve co. are willing to backport these changes to 6beta1 and push for that to get into Sarge. [*] http://freegis.org/cgi-bin/viewcvs.cgi/grass51/ [**] http://pkg-grass.alioth.debian.org/cgi-bin/wiki.pl a number of the instances on the offender list were actually commented out, etc. still to look at: lib/db/stubs/BUILD.PROTO lib/db/dbmi_driver/mk_dbstubs_h.sh lib/gis/unix_socks.c lib/gis/gislib.dox lib/gis/win32_pipes.c lib/init/init.sh lib/init/make_location_epsg_g57.sh raster/r.terraflow/description.html raster/r.terraflow/main.cc regards, Hamish -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]