Bug#494473: severity of 494473 is serious
On Sun, Aug 10, 2008 at 07:51:31PM -0700, Paul Hardy wrote: Robert: On Sun, Aug 10, 2008 at 11:54 AM, Paul Hardy [EMAIL PROTECTED] wrote: On Sun, Aug 10, 2008 at 9:58 AM, Robert Millan [EMAIL PROTECTED] wrote: On Sun, Aug 10, 2008 at 09:04:34AM -0700, Paul Hardy wrote: I just saw from reading about Bug #494460 that it was unifont-bin that installed unifont.hex. With the package I put together last night for testing, /usr/share/unifont/unifont.hex is put in place by the unifont package, not the unifont-bin package... If it would be better, you could take the unifont source package the way I put it together and make these changes: 1) Delete the file debian/unifont.install (nothing else used it -- I just added it for this bug) 2) Add the directory usr/share/unifont to debian/unifont-bin.install I'll leave it up to your judgment. If it will be easier for GRUB to upload the above as a -3 version, please do so. When I wrote the above, I didn't have a preference one way or another. Now I do. After thinking about this, I believe the best long-term solution is to leave unifont.hex as part of the unifont package, the way it is in the -2 release, and not placing it in the unifont-bin package. This is because the nature of unifont.hex and of the unifont package in general are both Architecture: all and the nature of the unifont-bin package is definitely not Architecture: all. With unifont.hex out of the unifont-bin package, that will prevent redundant copies of a 4 Megabyte unifont.hex file (one for each architecture) from getting put in every single binary build. Ok. -- Robert Millan The DRM opt-in fallacy: Your data belongs to us. We will decide when (and how) you may access your data; but nobody's threatening your freedom: we still allow you to remove your data and not access it at all. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494544: debroster: arch-indep data in /usr/lib
Chris Lamb writes: tags 494544 + patch thanks Thanks for a very swift patch :) Regards, Matthew -- At least you know where you are with Microsoft. True. I just wish I'd brought a paddle. http://www.debian.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Fwd: Bug#494643: jags: should this package be removed?
Processing commands for controlbugs.debian.org: severity 494643 normal Bug#494643: jags: should this package be removed? Severity set to `normal' from `serious' reassign 494643 ftp.debian.org Bug#494643: jags: should this package be removed? Bug reassigned from package `jags' to `ftp.debian.org'. retitle 494643 RM: jags -- RoM; no longer maintainable Bug#494643: jags: should this package be removed? Changed Bug title to `RM: jags -- RoM; no longer maintainable' from `jags: should this package be removed?'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#493488: Updated debian_openssl_vulnkeys.patch
To upgrade the current package to rc9 the debian_openssl_vulnkeys.patch needed some work due to upstream changes. Attached is updated version on the hope it might be useful. Regards Tristan Index: trunk/init.c === --- trunk/init.c (revision 56669) +++ trunk/init.c (working copy) @@ -1513,6 +1513,23 @@ const struct options *options = c-options; ASSERT (options-shared_secret_file); + /* CVE-2008-0166 (Debian weak key checks) */ + /* Only check if we can actually read the key file. Unless the file does not + * exist in the first place, this should never happen (since static keys do + * not work with multi-client mode), but we test it anyway to be on the safe + * side and avoid wrong -vulnkey alerts. */ + if (access (options-shared_secret_file, R_OK) == 0) +{ + struct argv argv = argv_new (); + argv_printf (argv, /usr/sbin/openvpn-vulnkey -q %s, options-shared_secret_file); + argv_msg (M_INFO, argv); + if (openvpn_execve (argv, c-c2.es, 0) != 0) +{ + msg (M_WARN, *** WARNING ***: '%s' is a known vulnerable key. See 'man openvpn-vulnkey' for details., options-shared_secret_file); +} + argv_reset (argv); +} + init_crypto_pre (c, flags); /* Initialize packet ID tracking */ @@ -1598,6 +1615,7 @@ do_init_crypto_tls_c1 (struct context *c) { const struct options *options = c-options; + SSL *ssl; if (!c-c1.ks.ssl_ctx) { @@ -1634,6 +1652,53 @@ options-ciphername_defined, options-authname, options-authname_defined, options-keysize, true, true); + /* CVE-2008-0166 (Debian weak key checks) + * Obtain the modulus and bits from the certificate that was initialized, + * and send that to openssl-vulnkey. + */ + ssl = SSL_new(c-c1.ks.ssl_ctx); + if (ssl != NULL) +{ + X509* cert = NULL; + char *bn; + int bits; + + cert = SSL_get_certificate(ssl); + if (cert != NULL) +{ + EVP_PKEY *pkey = X509_get_pubkey (cert); + if (pkey != NULL) +{ + if (pkey-type == EVP_PKEY_RSA pkey-pkey.rsa != NULL + pkey-pkey.rsa-n != NULL) +{ + bits = BN_num_bits(pkey-pkey.rsa-n); + bn = BN_bn2hex(pkey-pkey.rsa-n); +} + else if (pkey-type == EVP_PKEY_DSA pkey-pkey.dsa != NULL +pkey-pkey.dsa-p != NULL) +{ + bits = BN_num_bits(pkey-pkey.dsa-p); + bn = BN_bn2hex(pkey-pkey.dsa-p); +} + if (bn != NULL) +{ + struct argv argv = argv_new (); + argv_printf (argv, /usr/bin/openssl-vulnkey -q -b %d -m %s, bits, bn); + OPENSSL_free(bn); + msg (M_INFO, /usr/bin/openssl-vulnkey -q -b %d -m modulus omitted, bits); + if (openvpn_execve (argv, NULL, 0) != 0) +{ + msg (M_WARN, *** WARNING ***: '%s' is a known vulnerable key. See 'man openvpn-vulnkey' for details., options-shared_secret_file); +} + argv_reset (argv); +} + EVP_PKEY_free (pkey); + } +} +SSL_free(ssl); + } + /* TLS handshake authentication (--tls-auth) */ if (options-tls_auth_file) {
Bug#494650: The possibility of attack with the help of symlinks in some Debian packages
Package: nws Severity: grave Tags: security This message about the error concerns a few packages at once. I've tested all the packages on my Debian mirror. (post|pre)(inst|rm) and config scripts were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system file. I set Severity into grave for this bug. The table of discovered problems is below. +--+-+-- |package | script | file for attack +--+-+-- | mplayer-1.0~rc2 | config | /tmp/HACK (pipe) | | | | nws-2.13 | postinst | /tmp/nws.debug (cp) | | | | ppp-2.4.4rel | postinst | /tmp/probe-finished (rm -f, pipe) | | postinst | /tmp/ppp-errors (rm -f, pipe) | ppp-udeb | /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp) | | | | twiki-4.1.2 | postinst | /tmp/twiki (chmod 1777, chown) +--+-+-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494191: Allowing a FTBFS-free qhull package into testing
Rafael Laboissiere [EMAIL PROTECTED] writes: Please, consider allowing this version into testing-proposed-updates. Please upload, but: | + * debian/rules: Use sed instead of eperl to generate the man pages. | +Eperl is buggy on hppa (see Bug#49419) and the package FTBFS there. Bug number looks like a typo. Marc -- Fachbegriffe der Informatik - Einfach erklärt 147: Fortran Makrosprache für ein I/O-Verhinderungssystem (Arno Eigenwillig) pgpDdEg2R44zR.pgp Description: PGP signature
Bug#494648: The possibility of attack with the help of symlinks in some Debian packages
Package: twiki Severity: grave Tags: security This message about the error concerns a few packages at once. I've tested all the packages on my Debian mirror. (post|pre)(inst|rm) and config scripts were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system file. I set Severity into grave for this bug. The table of discovered problems is below. +--+-+-- |package | script | file for attack +--+-+-- | mplayer-1.0~rc2 | config | /tmp/HACK (pipe) | | | | nws-2.13 | postinst | /tmp/nws.debug (cp) | | | | ppp-2.4.4rel | postinst | /tmp/probe-finished (rm -f, pipe) | | postinst | /tmp/ppp-errors (rm -f, pipe) | ppp-udeb | /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp) | | | | twiki-4.1.2 | postinst | /tmp/twiki (chmod 1777, chown) +--+-+-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494649: The possibility of attack with the help of symlinks in some Debian packages
Package: ppp Severity: grave Tags: security This message about the error concerns a few packages at once. I've tested all the packages on my Debian mirror. (post|pre)(inst|rm) and config scripts were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system file. I set Severity into grave for this bug. The table of discovered problems is below. +--+-+-- |package | script | file for attack +--+-+-- | mplayer-1.0~rc2 | config | /tmp/HACK (pipe) | | | | nws-2.13 | postinst | /tmp/nws.debug (cp) | | | | ppp-2.4.4rel | postinst | /tmp/probe-finished (rm -f, pipe) | | postinst | /tmp/ppp-errors (rm -f, pipe) | ppp-udeb | /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp) | | | | twiki-4.1.2 | postinst | /tmp/twiki (chmod 1777, chown) +--+-+-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494647: The possibility of attack with the help of symlinks in some Debian packages
Package: mplayer Severity: grave Tags: security This message about the error concerns a few packages at once. I've tested all the packages on my Debian mirror. (post|pre)(inst|rm) and config scripts were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system file. I set Severity into grave for this bug. The table of discovered problems is below. +--+-+-- |package | script | file for attack +--+-+-- | mplayer-1.0~rc2 | config | /tmp/HACK (pipe) | | | | nws-2.13 | postinst | /tmp/nws.debug (cp) | | | | ppp-2.4.4rel | postinst | /tmp/probe-finished (rm -f, pipe) | | postinst | /tmp/ppp-errors (rm -f, pipe) | ppp-udeb | /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp) | | | | twiki-4.1.2 | postinst | /tmp/twiki (chmod 1777, chown) +--+-+-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494544: marked as done (debroster: arch-indep data in /usr/lib)
Your message dated Mon, 11 Aug 2008 07:02:02 + with message-id [EMAIL PROTECTED] and subject line Bug#494544: fixed in debroster 1.16 has caused the Debian Bug report #494544, regarding debroster: arch-indep data in /usr/lib to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 494544: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494544 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: debroster Severity: serious Justification: FHS Hi, debroster places a jpg and a shell script into /usr/lib instead of /usr/share. please move /usr/lib/debroster completely to /usr/share/debroster. Thanks, Daniel -- Address:Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist Email: [EMAIL PROTECTED] Internet: http://people.panthera-systems.net/~daniel-baumann/ ---End Message--- ---BeginMessage--- Source: debroster Source-Version: 1.16 We believe that the bug you reported is fixed in the latest version of debroster, which is due to be installed in the Debian FTP archive: debroster_1.16.dsc to pool/main/d/debroster/debroster_1.16.dsc debroster_1.16.tar.gz to pool/main/d/debroster/debroster_1.16.tar.gz debroster_1.16_all.deb to pool/main/d/debroster/debroster_1.16_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matthew Vernon [EMAIL PROTECTED] (supplier of updated debroster package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Mon, 11 Aug 2008 07:46:27 +0100 Source: debroster Binary: debroster Architecture: source all Version: 1.16 Distribution: unstable Urgency: low Maintainer: Matthew Vernon [EMAIL PROTECTED] Changed-By: Matthew Vernon [EMAIL PROTECTED] Description: debroster - A package for use at expos. Closes: 494544 Changes: debroster (1.16) unstable; urgency=low . * Move arch-independent data from /usr/lib to /usr/share (closes: #494544) * (Thanks to Chris Lamb for a very speedy patch!) Files: 2d1285023ff2a60238845f933931a948 606 misc extra debroster_1.16.dsc a3d1aca6c2ead5fc8aee7cc22e62a85e 144021 misc extra debroster_1.16.tar.gz 0f1ed61c2002fc6ccfc6aed0b2d7f800 145586 misc extra debroster_1.16_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQCVAwUBSJ/gkbDSad4X89TRAQLFMwP/ZPpsvjkstEp/qq7E0ypuFHRRxuzFE41y 2faTcgaT4JR7vyA+S2Qv2DALajTJqqsMyyUSvKHTLcGu9lTiy/dj2IpJEBrPELNM 5xDqUILRF52vR1DMR664p92HAQlxLl4dcA7Ed8q3Q9VBVrp247TsBgYk3HRVA66/ UIjyD5lLfFM= =xVUM -END PGP SIGNATURE- ---End Message---
Processed: fix my address
Processing commands for controlbugs.debian.org: submitter 494648 ! Bug#494648: The possibility of attack with the help of symlinks in some Debian packages Changed Bug submitter from Dmitry E. Oboukhov [EMAIL PROTECTED] to Dmitry E. Oboukhov [EMAIL PROTECTED]. submitter 494650 ! Bug#494650: The possibility of attack with the help of symlinks in some Debian packages Changed Bug submitter from Dmitry E. Oboukhov [EMAIL PROTECTED] to Dmitry E. Oboukhov [EMAIL PROTECTED]. submitter 494649 ! Bug#494649: The possibility of attack with the help of symlinks in some Debian packages Changed Bug submitter from Dmitry E. Oboukhov [EMAIL PROTECTED] to Dmitry E. Oboukhov [EMAIL PROTECTED]. submitter 494647 ! Bug#494647: The possibility of attack with the help of symlinks in some Debian packages Changed Bug submitter from Dmitry E. Oboukhov [EMAIL PROTECTED] to Dmitry E. Oboukhov [EMAIL PROTECTED]. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494648: The possibility of attack with the help of symlinks in some Debian packages
ah, good find. Ardo and Christian, If I make an update to the 4.1.2 package, fixing this, and a couple of other issues that I've been told about in the next 48 days, would one of you be willing to upload it for me so it gets into Lenny? Sven Dmitry E. Oboukhov wrote: Package: twiki Severity: grave Tags: security This message about the error concerns a few packages at once. I've tested all the packages on my Debian mirror. (post|pre)(inst|rm) and config scripts were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite somesystem file. I set Severity into grave for this bug. The tableof discovered problems is below. +--+-+-- |package | script | file for attack +--+-+-- | mplayer-1.0~rc2 | config | /tmp/HACK (pipe) | | | | nws-2.13 | postinst | /tmp/nws.debug (cp) | | | | ppp-2.4.4rel | postinst | /tmp/probe-finished (rm -f, pipe) | | postinst | /tmp/ppp-errors (rm -f, pipe) | ppp-udeb | /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp) | | | | twiki-4.1.2 | postinst | /tmp/twiki (chmod 1777, chown) +--+-+-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494656: bitlbee: Runs as root
Package: bitlbee Version: 1.2.1-1 Severity: grave Tags: security Justification: user security hole Since the fix to Mickey Mouse bug report 474589, BitlBee is runing as root for most people, since the User = line is commented out by default. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.16.60-xen (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages bitlbee depends on: ii adduser 3.108 add and remove users and groups ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy ii debianutils 2.30 Miscellaneous utilities specific t ii libc6 2.7-10 GNU C Library: Shared libraries ii libevent1 1.3e-3 An asynchronous event notification ii libglib2.0-0 2.16.4-2 The GLib library of C routines ii libgnutls26 2.4.1-1the GNU TLS library - runtime libr ii net-tools 1.60-19The NET-3 networking toolkit bitlbee recommends no packages. bitlbee suggests no packages. -- debconf-show failed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#486070: speedy-cgi-perl_2.22-10 build missing on hppa
Hi release team, as the hppa buildd admins haven't reacted to my requests, could you please requeue (or whatever it should be called) speedy-cgi-perl_2.22-10 on hppa? As seen in #486070, the 2.22-9 hppa build failure should be fixed in -10, but the package seems to be in some sort of quarantine and the buildd has never tried to build it. This is preventing the RC bugfix from entering testing. Thanks, -- Niko Tyni [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494649: marked as done (The possibility of attack with the help of symlinks in some Debian packages)
Your message dated Mon, 11 Aug 2008 11:08:12 +0200 with message-id [EMAIL PROTECTED] and subject line Re: Bug#494649: The possibility of attack with the help of symlinks in some Debian packages has caused the Debian Bug report #494649, regarding The possibility of attack with the help of symlinks in some Debian packages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 494649: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494649 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: ppp Severity: grave Tags: security This message about the error concerns a few packages at once. I've tested all the packages on my Debian mirror. (post|pre)(inst|rm) and config scripts were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system file. I set Severity into grave for this bug. The table of discovered problems is below. +--+-+-- |package | script | file for attack +--+-+-- | mplayer-1.0~rc2 | config | /tmp/HACK (pipe) | | | | nws-2.13 | postinst | /tmp/nws.debug (cp) | | | | ppp-2.4.4rel | postinst | /tmp/probe-finished (rm -f, pipe) | | postinst | /tmp/ppp-errors (rm -f, pipe) | ppp-udeb | /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp) | | | | twiki-4.1.2 | postinst | /tmp/twiki (chmod 1777, chown) +--+-+-- ---End Message--- ---BeginMessage--- On Aug 11, Dmitry E. Oboukhov [EMAIL PROTECTED] wrote: In some packages I've discovered scripts with errors which may be used by a user for damaging important system files. This is not relevant for udebs since there are no users on d-i systems. -- ciao, Marco signature.asc Description: Digital signature ---End Message---
Bug#494650: marked as done (The possibility of attack with the help of symlinks in some Debian packages)
Your message dated Mon, 11 Aug 2008 11:41:04 +0400 with message-id [EMAIL PROTECTED] and subject line done, mistake has caused the Debian Bug report #494650, regarding The possibility of attack with the help of symlinks in some Debian packages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 494650: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494650 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: nws Severity: grave Tags: security This message about the error concerns a few packages at once. I've tested all the packages on my Debian mirror. (post|pre)(inst|rm) and config scripts were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system file. I set Severity into grave for this bug. The table of discovered problems is below. +--+-+-- |package | script | file for attack +--+-+-- | mplayer-1.0~rc2 | config | /tmp/HACK (pipe) | | | | nws-2.13 | postinst | /tmp/nws.debug (cp) | | | | ppp-2.4.4rel | postinst | /tmp/probe-finished (rm -f, pipe) | | postinst | /tmp/ppp-errors (rm -f, pipe) | ppp-udeb | /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp) | | | | twiki-4.1.2 | postinst | /tmp/twiki (chmod 1777, chown) +--+-+-- ---End Message--- ---BeginMessage--- line commented: # [ -e $LOCALCONF ] cp $LOCALCONF /tmp/nws.debug sorry, my script was not detected it :) -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature ---End Message---
Bug#493883: Bug still applies
found 493883 2.80-2 thanks Il giorno ven, 08/08/2008 alle 11.36 +, Debian Bug Tracking System ha scritto: This is an automatic notification regarding your Bug report which was filed against the manpages-it package: #493883: [manpages-it] Uninstallable due to overwrite try of /usr/share/man/it/man1/hman.1.gz It has been closed by Francesco Paolo Lovergine [EMAIL PROTECTED]. Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Francesco Paolo Lovergine [EMAIL PROTECTED] by replying to this email. Unfortunately this bug still applies, but with another file (/usr/share/man/it/man1/man2html.1.gz). There shouldn't be other conflicting files between these two packages. # comm -1 -2 (dpkg -L man2html | sort) (dpkg --contents /var/cache/apt/archives/manpages-it_2.80-2_all.deb | cut -b 50-200 | sort) /usr/share/man/it/man1/man2html.1.gz # LANG=C apt-get install manpages-it Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be upgraded: manpages-it 1 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. Need to get 0B/498kB of archives. After this operation, 920kB disk space will be freed. (Reading database ... 349041 files and directories currently installed.) Preparing to replace manpages-it 0.3.4-5 (using .../manpages-it_2.80-2_all.deb) ... Unpacking replacement manpages-it ... dpkg: error processing /var/cache/apt/archives/manpages-it_2.80-2_all.deb (--unpack): trying to overwrite `/usr/share/man/it/man1/man2html.1.gz', which is also in package man2html dpkg-deb: subprocess paste killed by signal (Broken pipe) Processing triggers for man-db ... Errors were encountered while processing: /var/cache/apt/archives/manpages-it_2.80-2_all.deb E: Sub-process /usr/bin/dpkg returned an error code (1) Thank you, Giovanni. -- Giovanni Mascellani [EMAIL PROTECTED] Pisa, Italy Web: http://giomasce.altervista.org SIP: [EMAIL PROTECTED] Jabber: [EMAIL PROTECTED] / [EMAIL PROTECTED] GPG: 0x5F1FBF70 (FP: 1EB6 3D43 E201 4DDF 67BD 003F FCB0 BB5C 5F1F BF70) signature.asc Description: Questa è una parte del messaggio firmata digitalmente
Bug#480154: Bug in fixed in revision 24106
tag 480154 + pending thanks Some bugs are closed in revision 24106 by Damyan Ivanov (dmn) Commit message: * add explicit build-dependency on libcgi-pm-perl (= 3.33) as the version of CGI.pm shipped in perl-modules fails with a taint failure when handling uploads. Thanks to Niko Tyni for the investigation. Closes: #480154 -- FTBFS on mips (cgiupload tests fail) - bump urgency to medium -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Bug still applies
Processing commands for controlbugs.debian.org: found 493883 2.80-2 Bug#493883: [manpages-it] Uninstallable due to overwrite try of /usr/share/man/it/man1/hman.1.gz Bug marked as found in version 2.80-2 and reopened. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494415: aswiki: package is completely unusable
On Mon, Aug 11, 2008 at 09:38:47AM +0900, TANIGUCHI Takaki wrote: IndexPage /usr/lib/ruby/1.8/aswiki/backup.rb:40:in `ci' /usr/lib/ruby/1.8/aswiki/repository.rb:31:in `save' /usr/lib/ruby/1.8/aswiki/handler.rb:155:in `initialize' /home/schm/public_html/aswiki/aswiki.cgi:50:in `new' /home/schm/public_html/aswiki/aswiki.cgi:50 on saving a page, which was when I gave up. This is not a bug. You should install rcs package or set '$USEBACKUP = false' in aswiki.conf. Ah, I see. Sorry for the false report—I only tried to check aswiki with regard to the planned libdb-ruby transition [1] and did not take myself enough time to look into this :-) [1] http://lists.debian.org/debian-release/2008/08/msg00401.html Cheers, -- Michael Schutte [EMAIL PROTECTED] signature.asc Description: Digital signature
Processed: Bug in fixed in revision 24106
Processing commands for controlbugs.debian.org: tag 480154 + pending Bug#480154: non-determistic FTBFS: cgiupload tests fail Tags were: pending patch Tags added: pending thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#480154: Bug in libapache2-mod-perl2 fixed in revision 24101
tag 480154 + pending thanks Some bugs are closed in revision 24101 by Damyan Ivanov (dmn) Commit message: * add explicit build-dependency on libcgi-pm-perl (= 3.33) as the version of CGI.pm shipped in perl-modules fails with a taint failure when handling uploads. Thanks to Niko Tyni for the investigation. Closes: #480154 -- FTBFS on mips (cgiupload tests fail) - bump urgency to medium -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Bug in libapache2-mod-perl2 fixed in revision 24101
Processing commands for controlbugs.debian.org: tag 480154 + pending Bug#480154: non-determistic FTBFS: cgiupload tests fail Tags were: patch Tags added: pending thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#493848: marked as done
Hello Jonas, The newest version is working as expected. Thank you. Yusuf. On Sun, 2008-08-10 at 14:41 +0200, Jonas Meurer wrote: On 09/08/2008 Debian Bug Tracking System wrote: Date: Sat, 09 Aug 2008 12:47:03 + From: Jonas Meurer [EMAIL PROTECTED] Subject: Bug#493848: fixed in cryptsetup 2:1.0.6-6 To: [EMAIL PROTECTED] Source: cryptsetup Source-Version: 2:1.0.6-6 We believe that the bug you reported is fixed in the latest version of cryptsetup, which is due to be installed in the Debian FTP archive: [...] Changes: cryptsetup (2:1.0.6-6) unstable; urgency=high . * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles --key-file=- different for luks and plain dm-crypt mappings. This time really (closes: #493848). Thus again upload with urgency=high. Marco, Yussuf, Sebastian, could you give cryptsetup 2:1.0.6-6 a try an report whether it really fixes the bug for you? You can find the package at http://packages.debian.org/sid/cryptsetup Thanks in advance. greetings, jonas signature.asc Description: This is a digitally signed message part
Bug#464320: The heart of Charity
Happy new day to you and the family. I am going in for a cancerous operation now. I am scared. I just willed you 5.5 million for charity work. Your name was chosen from a thousand email balloting. Contact my lawyer for more details. Mr. Francis([EMAIL PROTECTED]). pls pray for me.Felicia Happy new day to you and the family. I am going in for a cancerous operation now. I am scared. I just willed you 5.5 million for charity work. Your name was chosen from a thousand email balloting. Contact my lawyer for more details. Mr. Francis([EMAIL PROTECTED]). pls pray for me.Felicia -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: tagging 489491
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 tags 489491 + pending Bug#489491: vdr-plugin-bitstreamout FTBFS: No libasound in linkage path Tags were: sid Tags added: pending End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494658: libbotan1.7-dev: botan/build.h is included, but not installed
Package: libbotan1.7-dev Version: 1.7.8-1 Severity: grave Justification: renders package unusable bash$ g++ -o drm -lbotan -I. drm.cc 21 In file included from /usr/include/botan/exceptn.h:9, from /usr/include/botan/base.h:9, from /usr/include/botan/botan.h:6, from drm.cc:1: /usr/include/botan/types.h:9:25: error: botan/build.h: No such file or directory In /usr/include/botan/types.h we see: #include botan/build.h but /usr/include/botan/build.h is not included in libbotan1.7-dev package. The same code is compiled successfully with botan 1.6. Thank you for your work. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (900, 'testing'), (50, 'experimental'), (50, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.25-2-amd64 (SMP w/2 CPU cores) Locale: LANG=, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libbotan1.7-dev depends on: ii libbotan1.7 1.7.8-1multiplatform crypto library libbotan1.7-dev recommends no packages. libbotan1.7-dev suggests no packages. -- no debconf information -- Alexandra N. Kossovsky OKTET Labs (http://www.oktetlabs.ru/) Phones: +7(921)956-42-86(mobile) +7(812)783-21-91(office) e-mail: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#480373: marked as done (Source package contains non-free IETF RFC/I-D)
Your message dated Mon, 11 Aug 2008 12:41:04 +0200 with message-id [EMAIL PROTECTED] and subject line openldap2 removed from testing + new ia32-libs upload = problem solved has caused the Debian Bug report #480373, regarding Source package contains non-free IETF RFC/I-D to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 480373: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480373 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Severity: serious Package: ia32-libs Version: 2.4 User: [EMAIL PROTECTED] Usertags: nonfree-doc rfc Hi! This source package contains the following files from the IETF under non-free license terms: ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-legg-ldapext-component-matching-xx.txt ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-zeilenga-ldap-rfc2596-xx.txt ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-leach-uuids-guids-xx.txt ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-legg-ldap-admin-xx.txt ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-zeilenga-ldap-user-schema-xx.txt ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-lachman-laser-ldap-mail-routing-xx.txt ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-ietf-ldapext-matchedval-xx.txt ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-zeilenga-ldap-adlist-xx.txt ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-ietf-ldapext-locate-xx.txt ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-legg-ldap-gser-abnf-xx.txt ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-legg-ldap-acm-admin-xx.txt ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-legg-ldap-gser-xx.txt ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-zeilenga-ldap-features-xx.txt ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-zeilenga-ldap-authzid-xx.txt ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-zeilenga-ldap-opattrs-xx.txt ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-ietf-ldapext-ldap-c-api-xx.txt ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-zeilenga-ldap-t-f-xx.txt The bug for the openldap2 package is #463964, but the openldap2 package appear to have been removed from unstable so perhaps it is being removed altogether. If that is the case, maybe the simplest is to remove openldap2 from ia32-libs as well. The license on RFC/I-Ds is not DFSG-free, see: * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=199810 * http://release.debian.org/removing-non-free-documentation * http://wiki.debian.org/NonFreeIETFDocuments The lenny release policy says binary and source packages must each be free: * http://release.debian.org/lenny/rc_policy.txt The severity is serious, because this violates the Debian policy: * http://www.debian.org/doc/debian-policy/ch-archive.html#s-dfsg There are (at least) three ways to fix this problem. In order of preference: 1. Ask the author of the RFC to re-license the RFC under a free license. A template for this e-mail request can be found at http://wiki.debian.org/NonFreeIETFDocuments 2. Remove the non-free material from the source, e.g., by re-packaging the upstream archive and adding 'dfsg' to the Debian package version name. 3. Move the package to non-free. General discussions are kindly requested to take place on debian-legal or debian-devel in the thread with Subject: Non-free IETF RFC/I-Ds in source packages. Thanks, Simon ---End Message--- ---BeginMessage--- Closing the bug. Thanks, /Simon ---End Message---
Bug#494647: marked as done (The possibility of attack with the help of symlinks in some Debian packages)
Your message dated Mon, 11 Aug 2008 11:27:01 +0400 with message-id [EMAIL PROTECTED] and subject line mistake, sorry has caused the Debian Bug report #494647, regarding The possibility of attack with the help of symlinks in some Debian packages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 494647: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494647 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: mplayer Severity: grave Tags: security This message about the error concerns a few packages at once. I've tested all the packages on my Debian mirror. (post|pre)(inst|rm) and config scripts were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system file. I set Severity into grave for this bug. The table of discovered problems is below. +--+-+-- |package | script | file for attack +--+-+-- | mplayer-1.0~rc2 | config | /tmp/HACK (pipe) | | | | nws-2.13 | postinst | /tmp/nws.debug (cp) | | | | ppp-2.4.4rel | postinst | /tmp/probe-finished (rm -f, pipe) | | postinst | /tmp/ppp-errors (rm -f, pipe) | ppp-udeb | /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp) | | | | twiki-4.1.2 | postinst | /tmp/twiki (chmod 1777, chown) +--+-+-- ---End Message--- ---BeginMessage--- commented line (script was not detect it, sorry): #echo $DEF /tmp/HACK -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature ---End Message---
Bug#494663: Source package contains non-free IETF RFC/I-D
Severity: serious Package: wmi Version: 1:0.1.13-1 User: [EMAIL PROTECTED] Usertags: nonfree-doc rfc Hi! This source package contains the following files from the IETF under non-free license terms: + wmi-0.1.13/Samba/source/ldap_server/devdocs/draft-armijo-ldap-syntax-00.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4533.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4530.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4531.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4518.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4519.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc2696.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4524.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc2307.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4516.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc2849.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc3296.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4532.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4514.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4525.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4526.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4510.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4527.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4513.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4529.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4522.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc2891.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4523.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4517.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4515.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4528.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4520.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4512.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4511.txt + wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4521.txt The license on RFC/I-Ds is not DFSG-free, see: * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=199810 * http://release.debian.org/removing-non-free-documentation * http://wiki.debian.org/NonFreeIETFDocuments The lenny release policy says binary and source packages must each be free: * http://release.debian.org/lenny/rc_policy.txt The severity is serious, because this violates the Debian policy: * http://www.debian.org/doc/debian-policy/ch-archive.html#s-dfsg There are (at least) three ways to fix this problem. In order of preference: 1. Ask the author of the RFC to re-license the RFC under a free license. A template for this e-mail request can be found at http://wiki.debian.org/NonFreeIETFDocuments 2. Remove the non-free material from the source, e.g., by re-packaging the upstream archive and adding 'dfsg' to the Debian package version name. 3. Move the package to non-free. General discussions are kindly requested to take place on debian-legal or debian-devel in the thread with Subject: Non-free IETF RFC/I-Ds in source packages. Thanks, Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: reopening 489491
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 reopen 489491 Bug#489491: vdr-plugin-bitstreamout FTBFS: No libasound in linkage path 'reopen' may be inappropriate when a bug has been closed with a version; you may need to use 'found' to remove fixed versions. Bug reopened, originator not changed. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#480154: marked as done (non-determistic FTBFS: cgiupload tests fail)
Your message dated Mon, 11 Aug 2008 09:47:05 + with message-id [EMAIL PROTECTED] and subject line Bug#480154: fixed in libapache2-mod-perl2 2.0.4-2 has caused the Debian Bug report #480154, regarding non-determistic FTBFS: cgiupload tests fail to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 480154: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480154 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: libapache2-mod-perl2 Version: 2.0.4-1 Severity: serious 2.0.4-1 fails to build on mips[1]. [1] http://buildd.debian.org/fetch.cgi?pkg=libapache2-mod-perl2ver=2.0.4-1arch=mipsstamp=1209964732file=log t/modules/cgipost2..ok t/modules/cgiupload.# Failed test 2 in t/modules/cgiupload.t at line 36 fail #2 FAILED test 2 Failed 1/2 tests, 50.00% okay t/modules/cgiupload2# Failed test 2 in t/modules/cgiupload2.t at line 36 fail #2 FAILED test 2 Failed 1/2 tests, 50.00% okay and if this is not enough, [warning] server ball.einval.com:8529 shutdown [ error] error running tests (please examine t/logs/error_log) [ error] oh dangnabit, server dumped core [ error] for stacktrace, run: gdb /usr/sbin/apache2 -core /build/buildd/libapache2-mod-perl2-2.0.4/t/core.31268 :( 2.0.3-5 built[2] just fine on the same buildd. [2] http://buildd.debian.org/fetch.cgi?pkg=libapache2-mod-perl2ver=2.0.3-5arch=mipsstamp=1206513601file=log ---End Message--- ---BeginMessage--- Source: libapache2-mod-perl2 Source-Version: 2.0.4-2 We believe that the bug you reported is fixed in the latest version of libapache2-mod-perl2, which is due to be installed in the Debian FTP archive: libapache2-mod-perl2-dev_2.0.4-2_all.deb to pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-dev_2.0.4-2_all.deb libapache2-mod-perl2-doc_2.0.4-2_all.deb to pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-doc_2.0.4-2_all.deb libapache2-mod-perl2_2.0.4-2.diff.gz to pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.4-2.diff.gz libapache2-mod-perl2_2.0.4-2.dsc to pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.4-2.dsc libapache2-mod-perl2_2.0.4-2_amd64.deb to pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.4-2_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Damyan Ivanov [EMAIL PROTECTED] (supplier of updated libapache2-mod-perl2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 11 Aug 2008 12:27:28 +0300 Source: libapache2-mod-perl2 Binary: libapache2-mod-perl2 libapache2-mod-perl2-dev libapache2-mod-perl2-doc Architecture: source all amd64 Version: 2.0.4-2 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group [EMAIL PROTECTED] Changed-By: Damyan Ivanov [EMAIL PROTECTED] Description: libapache2-mod-perl2 - Integration of perl with the Apache2 web server libapache2-mod-perl2-dev - Integration of perl with the Apache2 web server - development fil libapache2-mod-perl2-doc - Integration of perl with the Apache2 web server - documentation Closes: 480154 Changes: libapache2-mod-perl2 (2.0.4-2) unstable; urgency=medium . * add explicit build-dependency on libcgi-pm-perl (= 3.33) as the version of CGI.pm shipped in perl-modules fails with a taint failure when handling uploads. Thanks to Niko Tyni for the investigation. Closes: #480154 -- FTBFS on mips (cgiupload tests fail) - bump urgency to medium Checksums-Sha1: 44c5fa580707aa79dab07ad9e8dff24b7687edea 1811 libapache2-mod-perl2_2.0.4-2.dsc ed2a123cb302d30a4c4fa29a8ab0fc31991e5b72 13585 libapache2-mod-perl2_2.0.4-2.diff.gz 396a96fe6e9820c005dfa38d662e5fac02b6eafc 82638 libapache2-mod-perl2-dev_2.0.4-2_all.deb 3f2b0f67b038a8a0dd4c19293f4efbbe33af9a55 3133328 libapache2-mod-perl2-doc_2.0.4-2_all.deb 583b5a4506004592f6cc5fa675aa9141a2e180bf 1154978 libapache2-mod-perl2_2.0.4-2_amd64.deb Checksums-Sha256: a2d38202565a7b3ab36859c4ddc7916a9792525cee044d00aff1ba2739b7af2a 1811 libapache2-mod-perl2_2.0.4-2.dsc
Bug#494656: tagging 494656
# Automatically generated email from bts, devscripts version 2.10.35 # not a security problem by itself tags 494656 - security -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: tagging 494656
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 # not a security problem by itself tags 494656 - security Bug#494656: bitlbee: Runs as root Tags were: security Tags removed: security End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494677: libapache2-mod-perl2: FTBFS: dpkg-checkbuilddeps: Unmet build dependencies: libcgi-pm-perl (= 3.33)
Package: libapache2-mod-perl2 Version: 2.0.4-2 Severity: serious As explained in http://lists.debian.org/debian-release/2008/08/msg00557.html 2.0.4-2 is failing on all autobuilders because of an sbuild bug. We'll have to remove the libcgi-pm-perl build-dependency and come up with something else for now. I think the next best thing is to remove the TMPDIR setting in t/conf/extra.conf.in . This means the temporary files won't stay in the build directory, but that's what /tmp is for. Patch attached, the test suite still seems to pass here with this. -- Niko Tyni [EMAIL PROTECTED] diff --git a/t/conf/extra.conf.in b/t/conf/extra.conf.in index de4796a..8e85214 100644 --- a/t/conf/extra.conf.in +++ b/t/conf/extra.conf.in @@ -71,9 +71,9 @@ PerlModule TestExit::FromPerlModule IfModule mod_cgid.c ScriptSock logs/cgisock /IfModule -IfModule mod_env.c -SetEnv TMPDIR @t_logs@ -/IfModule +#IfModule mod_env.c +#SetEnv TMPDIR @t_logs@ +#/IfModule # /sandbox-friendly Location /status/perl
Bug#494265: Possible patch
Hi, The line invoking ucf in the postinst looks like that: test -f /usr/bin/ucf ucf ${CONFFILE_NEW} ${CONFFILE} /dev/tty Now, I don't know why you would want to get it read from /dev/tty, as far as I can tell, ucf does not read anything from stdin, so this is pretty redundant. However, once I removed this redirect, it was still hanging. Eventually I traced the problem to the fact that ucf uses debconf, I can't fully understand what's happening there, but it turned out that moving db_stop, placing it *after* ucf invocation fixes the problem. I guess that once we stop debconf in the script (with db_stop) and then ucf tries to start it up again, something goes wrong with file descriptors. The candidate patch which fixes the issue is attached, however I'm reluctant to declare it a proper fix without understanding what's really going on, hence I'm not tagging it. Cheers. -- Jurij Smakov [EMAIL PROTECTED] Key: http://www.wooyd.org/pgpkey/ KeyID: C99E03CC --- dibbler-0.7.1.orig/debian/dibbler-client.postinst 2008-08-11 02:35:02.0 +0100 +++ dibbler-0.7.1/debian/dibbler-client.postinst 2008-08-11 02:38:18.0 +0100 @@ -94,10 +94,10 @@ echo ${CONFFILE_NEW} done -db_stop - # register this config -test -f /usr/bin/ucf ucf ${CONFFILE_NEW} ${CONFFILE} /dev/tty +test -x /usr/bin/ucf ucf ${CONFFILE_NEW} ${CONFFILE} + +db_stop # Start service if necessary if [ $START == true ]; then
Bug#494214: marked as done (josm-plugins: FTBFS: The return type is incompatible with Command.executeCommand())
Your message dated Mon, 11 Aug 2008 12:32:04 + with message-id [EMAIL PROTECTED] and subject line Bug#494214: fixed in josm-plugins 0.0.0.20080413-2 has caused the Debian Bug report #494214, regarding josm-plugins: FTBFS: The return type is incompatible with Command.executeCommand() to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 494214: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494214 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: josm-plugins Version: 0.0.0.20080413-1 Severity: serious User: [EMAIL PROTECTED] Usertags: qa-ftbfs-20080807 qa-ftbfs Justification: FTBFS on i386 Hi, During a rebuild of all packages in sid, your package failed to build on i386. Relevant part: make[1]: Entering directory `/build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1' make[1]: Nothing to be done for `update-config'. make[1]: Leaving directory `/build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1' touch debian/stamp-patched cd . /usr/lib/jvm/java-gcj//bin/java -classpath /usr/share/ant/lib/ant.jar:/usr/share/ant/lib/ant-launcher.jar:/usr/share/josm/josm.jar:/usr/lib/jvm/java-gcj//lib/tools.jar -Dant.home=/usr/share/ant org.apache.tools.ant.Main -Dcompile.debug=true -Dcompile.optimize=true -buildfile /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/debian/master.xml -propertyfile /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/debian/ant.properties build Buildfile: /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/debian/master.xml init: [mkdir] Created dir: /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/dist [mkdir] Created dir: /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/tmp/josm/lib build: clean: init: [mkdir] Created dir: /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/validator/build compile: [echo] creating ../dist/validator.jar [javac] Compiling 29 source files to /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/validator/build [javac] -- [javac] 1. WARNING in /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/validator/src/org/openstreetmap/josm/plugins/validator/OSMValidatorPlugin.java [javac] (at line 22) [javac] import org.openstreetmap.josm.plugins.validator.util.Util; [javac] ^^ [javac] The import org.openstreetmap.josm.plugins.validator.util.Util is never used [javac] -- [javac] 2. WARNING in /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/validator/src/org/openstreetmap/josm/plugins/validator/OSMValidatorPlugin.java [javac] (at line 45) [javac] public static Class[] allAvailableTests = new Class[] [javac] ^ [javac] Class is a raw type. References to generic type ClassT should be parameterized [javac] -- [javac] 3. WARNING in /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/validator/src/org/openstreetmap/josm/plugins/validator/OSMValidatorPlugin.java [javac] (at line 167) [javac] public static Class[] getAllAvailableTests() [javac] ^ [javac] Class is a raw type. References to generic type ClassT should be parameterized [javac] -- [javac] -- [javac] 4. WARNING in /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/validator/src/org/openstreetmap/josm/plugins/validator/Test.java (at line 3) [javac] import java.awt.event.ActionEvent; [javac] ^^ [javac] The import java.awt.event.ActionEvent is never used [javac] -- [javac] 5. WARNING in /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/validator/src/org/openstreetmap/josm/plugins/validator/Test.java [javac] (at line 4) [javac] import java.awt.event.ActionListener; [javac] ^ [javac] The import java.awt.event.ActionListener is never used [javac] -- [javac] -- [javac] 6. WARNING in
Bug#494682: citadel-common: Fails badly at handling group creation.
Package: citadel-common Version: 7.37-1 Severity: serious Justification: Policy 9.2.2 UID and GID classes 1. Debian has addgroup, why using groupadd? Note, you're using adduser already, so using addgroup might seem natural. 2. The created group isn't a system one… That pollutes the range of available GIDs. Please fix, -- Cyril Brulebois -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494340: fslview: FTBFS in lenny: CMake errors
On Mon, Aug 11, 2008 at 02:29:21PM +0900, Charles Plessy wrote: Le Fri, Aug 08, 2008 at 11:41:56AM -0300, Lucas Nussbaum a écrit : During a rebuild of all packages in a lenny chroot, your package failed CMake Error: Error required internal CMake variable not set, cmake may be not be built correctly. Missing variable is: QT_MOC_EXECUTABLE CMake Error: Error required internal CMake variable not set, cmake may be not be built correctly. Missing variable is: QT_UIC_EXECUTABLE CMake Error: Error required internal CMake variable not set, cmake may be not be built correctly. Missing variable is: QT_MOC_EXECUTABLE Bonjour Lucas, Today I built fslview fine with a Lenny cowbuilder on a powerpc platform. What should we do with this bug ? I will fix it over the next few days. (Just came back from vacation). Cheers, Michael -- GPG key: 1024D/3144BE0F Michael Hanke http://apsy.gse.uni-magdeburg.de/hanke ICQ: 48230050 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: reopen 417259
Processing commands for controlbugs.debian.org: reopen 417259 Bug#417259: depends on non-essential package wwwconfig-common in postrm 'reopen' may be inappropriate when a bug has been closed with a version; you may need to use 'found' to remove fixed versions. Bug reopened, originator not changed. quit Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494065: [Pkg-mailman-hackers] Bug#494065: Bug#494065: mailman: Incorrect properties of symbolic links makes it crash hard on startup
Hi Magnus, On Thursday 7 August 2008 15:18, Thijs Kinkhorst wrote: Thank you for your report. However, here I don't experience the problem you are sketching: doing a fresh install I can start mailman and it keeps running. The logs are there and it doesn't die. I did a completely fresh install of Mailman on a completely fresh system and it works as expected. I created mailinglists, sent and received mails without problems. I'm not denouncing your problem but I do not believe it is impacting common usage, so I don't think it's appropriate to keep it at 'grave' severity. Because I can't reproduce the problem here I have a hard time debugging it. It would be of great help if you could try to debug it on your side to see if we can get any indication on what's so specific about your situation creating the problem. cheers, Thijs pgpIjt8Ppkbbw.pgp Description: PGP signature
Processed: severity of 494065 is important
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.29~bpo40+1 severity 494065 important Bug#494065: mailman: Incorrect properties of symbolic links makes it crash hard on startup Severity set to `important' from `grave' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#417259: marked as done (depends on non-essential package wwwconfig-common in postrm)
Your message dated Mon, 11 Aug 2008 14:02:03 + with message-id [EMAIL PROTECTED] and subject line Bug#417259: fixed in zoph 0.7.1-2 has caused the Debian Bug report #417259, regarding depends on non-essential package wwwconfig-common in postrm to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 417259: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417259 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: zoph Version: 0.6-2 Severity: serious Tags: etch-ignore Usertags: postrm-depends-nonessential Justification: Policy violation, see section 7.2 hi, while running archive wide piuparts tests your package failed on purge because of wwwconfig-common beeing unavailable during postrm: Removing zoph ... Purging configuration files for zoph ... /var/lib/dpkg/info/zoph.postrm: line 36: /usr/share/wwwconfig-common/apache-uninclude_all.sh: No such file or directory dpkg: error processing zoph (--purge): subprocess post-removal script returned error exit status 1 Errors were encountered while processing: zoph the full log can be found here: http://people.debian.org/~abi/piuparts/ please be sure to use a conditional call to wwwconfig-common and its commands. bye, - michael ---End Message--- ---BeginMessage--- Source: zoph Source-Version: 0.7.1-2 We believe that the bug you reported is fixed in the latest version of zoph, which is due to be installed in the Debian FTP archive: zoph_0.7.1-2.diff.gz to pool/main/z/zoph/zoph_0.7.1-2.diff.gz zoph_0.7.1-2.dsc to pool/main/z/zoph/zoph_0.7.1-2.dsc zoph_0.7.1-2_all.deb to pool/main/z/zoph/zoph_0.7.1-2_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Edelhard Becker [EMAIL PROTECTED] (supplier of updated zoph package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 11 Aug 2008 13:27:26 +0200 Source: zoph Binary: zoph Architecture: source all Version: 0.7.1-2 Distribution: unstable Urgency: low Maintainer: Edelhard Becker [EMAIL PROTECTED] Changed-By: Edelhard Becker [EMAIL PROTECTED] Description: zoph - Web based digital image presentation and management system Closes: 417259 Changes: zoph (0.7.1-2) unstable; urgency=low . * really fix 417259 now (check for existence of wwwconfig-commen in remove *and* purge part of postrm; Closes: #417259) Checksums-Sha1: 60544690ff6111e49415b62e4acde5bafa59a3b0 954 zoph_0.7.1-2.dsc 2405c2b869c5422f079f3bb59faaa063b2f049a1 28361 zoph_0.7.1-2.diff.gz 54146f1053edb0bca0f2a9daeb63e628d6d9ad61 415804 zoph_0.7.1-2_all.deb Checksums-Sha256: 32af4648b170a29378f75e4f963760b2fd1526684041789b54923fdb1a377469 954 zoph_0.7.1-2.dsc d461f42ec5bd9c26855904aa0e0f325baf60afa0f3baa00bde7947675dcf583b 28361 zoph_0.7.1-2.diff.gz d9abfeb93b7229ffbeb5ef92e2b33b63e7e5f6ace38033b2afc7b708e57a1803 415804 zoph_0.7.1-2_all.deb Files: 368886dcc590ca13012a6f1835130283 954 web optional zoph_0.7.1-2.dsc d5b7f78a66410d04d6195d9d5200622f 28361 web optional zoph_0.7.1-2.diff.gz 3ad97c895bd6200660173edac935632e 415804 web optional zoph_0.7.1-2_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIoDdilByGkm8iLx8RAhVUAJ4v8wFWFkbBbVZjGX9ZyQQtBxa5pgCfQu11 /DLxLVgiXMDKE6AM7tqe0wY= =vttG -END PGP SIGNATURE- ---End Message---
Bug#494265: Possible patch
On Mon, 11 Aug 2008 somebody known as Jurij Smakov wrote: Hi, The line invoking ucf in the postinst looks like that: test -f /usr/bin/ucf ucf ${CONFFILE_NEW} ${CONFFILE} /dev/tty Now, I don't know why you would want to get it read from /dev/tty, as far as I can tell, ucf does not read anything from stdin, so this is pretty redundant. However, once I removed this redirect, it was still hanging. Eventually I traced the problem to the fact that ucf uses debconf, I can't fully understand what's happening there, but it turned out that moving db_stop, placing it *after* ucf invocation fixes the problem. I guess that once we stop debconf in the script (with db_stop) and then ucf tries to start it up again, something goes wrong with file descriptors. The candidate patch which fixes the issue is attached, however I'm reluctant to declare it a proper fix without understanding what's really going on, hence I'm not tagging it. Thanks for investigating this issue. Although I'm maintainer of this package, my defconf and ucf understanding is rather limited (I'm upstream author, so I eneded up as maintainer of bunch of other packages: for Gentoo, OpenWRT etc). Whould it be possible to get rid of the ucf completely? dibbler-client.postinst could generate new version (and rename old one) without any ucf invocation. As I understand it, the only flaw would be that this backed up file would not be marked as config. file for dibbler-client. Regards, -- Tomasz Mrugalski, | We all know Linux is great...it does| thomson(at)klub(dot)com(dot)pl | infinite loops in 5 seconds. | | Linus Torvalds | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: reassign 494532 to partman base
Processing commands for controlbugs.debian.org: reassign 494532 partman-base Bug#494532: lenny di-2 on dell optiplex 755 fail disk detection Bug reassigned from package `installation-reports' to `partman-base'. severity 494532 serious Bug#494532: lenny di-2 on dell optiplex 755 fail disk detection Severity set to `serious' from `important' retitle 494532 depends on non-existing library libparted1.7-udeb in lenny Bug#494532: lenny di-2 on dell optiplex 755 fail disk detection Changed Bug title to `depends on non-existing library libparted1.7-udeb in lenny' from `lenny di-2 on dell optiplex 755 fail disk detection'. Thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#488696: Fixing 488696
On Mon, Aug 11, 2008 at 06:53:17AM +0200, Gudjon I. Gudjonsson wrote: Hi Juri and Wesley Are there any plans to fix bug 488696? The comedi-source package is now affected by a freeze, so the chances to get a fix in are quickly diminishing with time. Please let me know if you would like me or someone else to prepare an NMU, if you don't have the time to do it. There is a version -2 at mentors.debian.net and Wesley will hopefully upload it next week. I added dependency on libtool 2.0 since the package doesn't compile with the experimental libtool package (version 2.2). However, I fixed the support for rtai but found out to my surprise that rtai is only compiled for arm and i386. Should I make a version only with the libtool dependency and then add the rtai support later or should I keep the package as it is with the problems of unmet dependencies on most architectures? I have already asked the maintainer of rtai to add support for some more architectures. Hi, Your package is affected by a freeze, so most likely the release team will only allow the new package into testing if it contains very conservative set of changes, fixing only the failure to build, described in the RC bug. I'd suggest to only keep these changes in the next upload, to maximize the chances to get it into testing. I'm re-adding CC to the bug so that this discussion will not get lost. Cheers. -- Jurij Smakov [EMAIL PROTECTED] Key: http://www.wooyd.org/pgpkey/ KeyID: C99E03CC -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#488082: marked as done (cxref: Install preconfiguration fails)
Your message dated Mon, 11 Aug 2008 15:46:59 +0100 with message-id [EMAIL PROTECTED] and subject line Re: Bug#488082: Unable to reproduce has caused the Debian Bug report #488082, regarding cxref: Install preconfiguration fails to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 488082: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488082 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: cxref Version: 1.6a-1.2 Severity: grave Justification: renders package unusable aptitude install cxref Reading package lists... Done Building dependency tree Reading state information... Done Reading extended state information Initializing package states... Done Reading task descriptions... Done The following NEW packages will be installed: cxref 0 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0B/392kB of archives. After unpacking 1057kB will be used. Writing extended state information... Done Preconfiguring packages ... Can't exec /tmp/cxref.config.119531: Permission denied at /usr/share/perl/5.10/IPC/Open3.pm line 168. open2: exec of /tmp/cxref.config.119531 configure failed at /usr/share/perl5/Debconf/ConfModule.pm line 59 cxref failed to preconfigure, with exit status 255 Selecting previously deselected package cxref. (Reading database ... 120336 files and directories currently installed.) Unpacking cxref (from .../cxref_1.6a-1.2_i386.deb) ... Processing triggers for man-db ... Setting up cxref (1.6a-1.2) ... Reading package lists... Done Building dependency tree Reading state information... Done Reading extended state information Initializing package states... Done Writing extended state information... Done Reading task descriptions... Done Attempts to use renders: cxref krx81.c Warning: cxref-cpp needs to be reconfigured against your latest gcc/cpp Please run 'dpkg-reconfigure cxref' as root. cxref: The preprocessor exited abnormally on 'krx81.c' After running 'dpkg-reconfigure cxref' a dialog appears and asks if the package should automatically be configured, answered 'Yes', dialog ended. Ran the above cxref command and got the same results. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.24 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages cxref depends on: ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy ii gcc 4:4.3.1-1 The GNU C compiler ii libc6 2.7-10 GNU C Library: Shared libraries cxref recommends no packages. -- debconf information: cxref/cxref-cpp-autoconf: ---End Message--- ---BeginMessage--- I'm closing this bug, please not that keeping /tmp mounted with noexec will cause future installation failures for you (namely, all packages with config maintainer scripts will fail, as they are extracted to /tmp and run from there). Cheers. On Sun, Aug 10, 2008 at 10:06:55PM -0700, Dominique Brazziel wrote: Yes, I have /tmp mounted with 'noexec' to prevent executables being run directly from that partition. You can close this I guess but I'm keeping the noexec on /tmp. Thanks. --- Jurij Smakov [EMAIL PROTECTED] wrote: tags 488082 unreproducible thanks Hi, I've tried reproducing this bug and the package installed just fine for me (and for some other people who I asked to check). Can you please verify that you do not have the /tmp partition mounted with noexec option (post the output of 'mount' command if in doubt). Thanks. -- Jurij Smakov [EMAIL PROTECTED] Key: http://www.wooyd.org/pgpkey/ KeyID: C99E03CC -- Jurij Smakov [EMAIL PROTECTED] Key: http://www.wooyd.org/pgpkey/ KeyID: C99E03CC ---End Message---
Processed: Re: kqemu-source - Fails with ARCH=x86
Processing commands for controlbugs.debian.org: severity 494479 important Bug#494479: kqemu-source - Fails with ARCH=x86 Severity set to `important' from `serious' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494479: kqemu-source - Fails with ARCH=x86
severity 494479 important thanks ...current patches breaks m-a. -- Address:Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist Email: [EMAIL PROTECTED] Internet: http://people.panthera-systems.net/~daniel-baumann/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494700: warzone2100: Package build scripts continues even after build errors occurred
Package: warzone2100 Version: 2.1.0~2.svn5088-0 Severity: serious Tags: patch Justification: no longer builds from source Due to the way how the build process is invoked using make the build script (debian/rules) continues building even after a build error occurred. Specifically the problem is that make is called manually on all subdirectories without checking its return value. This happens in the build-stamp and install rules. Attached patch fixes this problem by explicitly terminating with a non-zero return value (exit 1) as soon as a build error occurs. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.25-2-amd64 (SMP w/1 CPU core) Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages warzone2100 depends on: ii libc6 2.7-13GNU C Library: Shared libraries ii libgcc11:4.3.1-2 GCC support library ii libgl1-mesa-glx [libgl 7.0.3-5 A free implementation of the OpenG ii libglc00.7.1-2 QuesoGLC GLC implementation ii libglu1-mesa [libglu1] 7.0.3-5 The OpenGL utility library (GLU) ii libogg01.1.3-4 Ogg Bitstream Library ii libopenal0a1:0.0.8-8 OpenAL is a portable library for 3 ii libphysfs-1.0-01.0.0-5 filesystem abstraction library for ii libpng12-0 1.2.27-1 PNG library - runtime ii libpopt0 1.14-4lib for parsing cmdline parameters ii libsdl-net1.2 1.2.7-2 network library for Simple DirectM ii libsdl1.2debian1.2.13-2 Simple DirectMedia Layer ii libstdc++6 4.3.1-2 The GNU Standard C++ Library v3 ii libvorbis0a1.2.0.dfsg-3.1The Vorbis General Audio Compressi ii libvorbisfile3 1.2.0.dfsg-3.1The Vorbis General Audio Compressi ii libx11-6 2:1.1.4-2 X11 client-side library ii ttf-dejavu 2.25-1Metapackage to pull in ttf-dejavu- ii warzone2100-data 2.1.0~2.svn5088-0 data files for warzone2100 warzone2100 recommends no packages. warzone2100 suggests no packages. -- no debconf information Index: debian/rules === --- debian/rules (revision 7915) +++ debian/rules (working copy) @@ -56,7 +56,7 @@ build-stamp: config.status dh_testdir for d in $(SUBDIRS) ; do \ - $(MAKE) -C $$d ; \ + $(MAKE) -C $$d || exit 1 ; \ done touch $@ # - @@ -111,7 +111,7 @@ dh_testroot -a dh_clean -k -a for d in $(SUBDIRS) ; do \ - $(MAKE) -C $$d install DESTDIR=$(CURDIR)/debian/tmp ; \ + $(MAKE) -C $$d install DESTDIR=$(CURDIR)/debian/tmp || exit 1 ; \ done rm -rf debian/tmp/usr/share/doc/warzone2100 # -
Bug#479950: java-gcj: java alternative overwritten
tag 479950 + wontfix thanks if these are still overwritten, then update-alternatives should offer a mode to update/add/remove slave links without changing the alternative. related bugs filed on dpkg might be 342566 and 388313. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: java-gcj: java alternative overwritten
Processing commands for controlbugs.debian.org: tag 479950 + wontfix Bug#479950: java-gcj: java alternative overwritten Tags were: moreinfo Tags added: wontfix thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494702: python-pgm: installation fails due to unmet dependency libpigment0.3-4
Package: python-pgm Version: 0.3.4-1 Severity: grave Justification: renders package unusable On a sidux system, trying 'apt-get install elisa' I got unmet dependencies. Hunting down the problem I discovered that the package 'python-pgm' could not be installed because it depends on libpigment0.3-4, which is not present in Debian sid. Christoph -- System Information: Debian Release: lenny/sid Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-0.slh.8-sidux-amd64 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#432195: vgrabbj: freetype1 deprecation
[Michael Janssen] This sounds like a good solution for now. I'll implement the patch tonight and upload a new version of vgrabbj. I don't like taking features away, but holding things out of testing is another story. Your upload did not make it to the archive yet. Any news? Perhaps an NMU to solve this issue? Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: tagging 490351
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 tags 490351 - pending Bug#490351: subcommander: FTBFS: ld: cannot find -lsvn_ra_dav-1 Tags were: pending patch Tags removed: pending End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: tagging 490241
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 tags 490241 + help Bug#490241: FTBFS on hppa There were no tags set. Tags added: help End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494711: FTBFS (libprojectm_1.2.0-1/hppa): /usr/bin/ld: cannot find -lSM
Package: libprojectm Version: 1.2.0-1 Severity: serious Automatic build of libprojectm_1.2.0-1 on peri by sbuild/hppa 98 Build started at 20080725-1557 ** Checking available source versions... Fetching source files... Reading package lists... Building dependency tree... Need to get 965kB of source archives. Get:1 http://incoming.debian.org sid/main libprojectm 1.2.0-1 (dsc) [1242B] Get:2 http://incoming.debian.org sid/main libprojectm 1.2.0-1 (tar) [957kB] Get:3 http://incoming.debian.org sid/main libprojectm 1.2.0-1 (diff) [6161B] Fetched 965kB in 0s (1070kB/s) Download complete and in download only mode ** Using build dependencies supplied by package: Build-Depends: debhelper (= 7.0.0), libglew-dev, libgl1-mesa-dev | libgl-dev, libglu1-mesa-dev | libglu-dev, libx11-dev, libice-dev, pkg-config, cmake, ftgl-dev, dpatch [...] [100%] Building C object CMakeFiles/projectM.dir/stb_image_aug.o Linking CXX shared library libprojectM.so /usr/bin/ld: cannot find -lSM collect2: ld returned 1 exit status make[3]: *** [libprojectM.so.2.00] Error 1 make[3]: Leaving directory `/build/buildd/libprojectm-1.2.0' make[2]: *** [CMakeFiles/projectM.dir/all] Error 2 make[2]: Leaving directory `/build/buildd/libprojectm-1.2.0' make[1]: *** [all] Error 2 make[1]: Leaving directory `/build/buildd/libprojectm-1.2.0' make: *** [build-stamp] Error 2 dpkg-buildpackage: failure: debian/rules build gave error exit status 2 Full build log available on http://buildd.debian.org/fetch.cgi?pkg=libprojectmarch=hppaver=1.2.0-1stamp=1217001671file=logas=raw -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494648: The possibility of attack with the help of symlinks in some Debian packages
Quoting Sven Dowideit ([EMAIL PROTECTED]): ah, good find. Ardo and Christian, If I make an update to the 4.1.2 package, fixing this, and a couple of other issues that I've been told about in the next 48 days, would one of you be willing to upload it for me so it gets into Lenny? For the couple of other issues, I suggest you talk with the release team to check with them if they fit the freeze exceptions guidelines. signature.asc Description: Digital signature
Bug#492947: Info received (updates on bug)
Bug appeared to be more complicated. However, KDE folks fixed it in upstream SVN, see http://bugs.kde.org/show_bug.cgi?id=168668 for more details. Can you please cherry-pick this commits and rebuild kdebase-workspace-bin package? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494532: lenny di-2 on dell optiplex 755 fail disk detection
Stefan Alfredsson [EMAIL PROTECTED] writes: Ok - the drive is actually detected in d-i-2. I can do manual partitioning in the console with fdisk /dev/sda1. However, the installer fails at the step [!] Detect disks, and asks me to choose a driver for the disk chipset. If I continue by ignoring the drive, and try to partition, the installer log on Alt-F4 says libparted1.7-udeb does not exist. This seems to be from a dependency from partman-base. According to http://packages.debian.org/lenny/partman-base it depends on libparted1.7-udeb, and notes that the package is missing from lenny. Either partman-base should be updated to use libparted1.8-udeb, or libparted1.7-udeb should be put back in lenny (it exists in both etch and sid, so why was it removed from lenny? sid has both versions). I'll reassign this bug to partman-base, as this seems to be (atleast part of) the problem. Yes, this was my fault to not warn about the need of old udeb to be kept available until we get newer partman-base in testing. I'm handling the issue right now. -- O T A V I OS A L V A D O R - E-mail: [EMAIL PROTECTED] UIN: 5906116 GNU/Linux User: 239058 GPG ID: 49A5F855 Home Page: http://otavio.ossystems.com.br - Microsoft sells you Windows ... Linux gives you the whole house. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#492533: marked as done (Uninstallable due to dependency on libdc1394-13-dev (direct) and libdc1394-22-dev (indirect))
Your message dated Mon, 11 Aug 2008 17:02:13 + with message-id [EMAIL PROTECTED] and subject line Bug#492533: fixed in player 2.0.4-3.3 has caused the Debian Bug report #492533, regarding Uninstallable due to dependency on libdc1394-13-dev (direct) and libdc1394-22-dev (indirect) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 492533: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492533 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: libplayerdrivers2-dev Version: 2.0.4-3.2 Severity: serious Hi Your package is not installable as it depends on libdc1394-13-dev while it also depends indirectly on libdc1394-22-dev. Please consider changing the dependency to libdc1394-dev. Cheers Luk ---End Message--- ---BeginMessage--- Source: player Source-Version: 2.0.4-3.3 We believe that the bug you reported is fixed in the latest version of player, which is due to be installed in the Debian FTP archive: liblodo0-dev_2.0.4-3.3_i386.deb to pool/main/p/player/liblodo0-dev_2.0.4-3.3_i386.deb liblodo0_2.0.4-3.3_i386.deb to pool/main/p/player/liblodo0_2.0.4-3.3_i386.deb libplayerc++2-dev_2.0.4-3.3_i386.deb to pool/main/p/player/libplayerc++2-dev_2.0.4-3.3_i386.deb libplayerc++2_2.0.4-3.3_i386.deb to pool/main/p/player/libplayerc++2_2.0.4-3.3_i386.deb libplayerc2-dev_2.0.4-3.3_i386.deb to pool/main/p/player/libplayerc2-dev_2.0.4-3.3_i386.deb libplayerc2_2.0.4-3.3_i386.deb to pool/main/p/player/libplayerc2_2.0.4-3.3_i386.deb libplayercore2-dev_2.0.4-3.3_i386.deb to pool/main/p/player/libplayercore2-dev_2.0.4-3.3_i386.deb libplayercore2_2.0.4-3.3_i386.deb to pool/main/p/player/libplayercore2_2.0.4-3.3_i386.deb libplayerdrivers2-dev_2.0.4-3.3_i386.deb to pool/main/p/player/libplayerdrivers2-dev_2.0.4-3.3_i386.deb libplayerdrivers2_2.0.4-3.3_i386.deb to pool/main/p/player/libplayerdrivers2_2.0.4-3.3_i386.deb libplayererror2-dev_2.0.4-3.3_i386.deb to pool/main/p/player/libplayererror2-dev_2.0.4-3.3_i386.deb libplayererror2_2.0.4-3.3_i386.deb to pool/main/p/player/libplayererror2_2.0.4-3.3_i386.deb libplayerjpeg2-dev_2.0.4-3.3_i386.deb to pool/main/p/player/libplayerjpeg2-dev_2.0.4-3.3_i386.deb libplayerjpeg2_2.0.4-3.3_i386.deb to pool/main/p/player/libplayerjpeg2_2.0.4-3.3_i386.deb libplayertcp2-dev_2.0.4-3.3_i386.deb to pool/main/p/player/libplayertcp2-dev_2.0.4-3.3_i386.deb libplayertcp2_2.0.4-3.3_i386.deb to pool/main/p/player/libplayertcp2_2.0.4-3.3_i386.deb libplayerxdr2-dev_2.0.4-3.3_i386.deb to pool/main/p/player/libplayerxdr2-dev_2.0.4-3.3_i386.deb libplayerxdr2_2.0.4-3.3_i386.deb to pool/main/p/player/libplayerxdr2_2.0.4-3.3_i386.deb libpmap0-dev_2.0.4-3.3_i386.deb to pool/main/p/player/libpmap0-dev_2.0.4-3.3_i386.deb libpmap0_2.0.4-3.3_i386.deb to pool/main/p/player/libpmap0_2.0.4-3.3_i386.deb player_2.0.4-3.3.diff.gz to pool/main/p/player/player_2.0.4-3.3.diff.gz player_2.0.4-3.3.dsc to pool/main/p/player/player_2.0.4-3.3.dsc python-playerc_2.0.4-3.3_i386.deb to pool/main/p/player/python-playerc_2.0.4-3.3_i386.deb robot-player-dev_2.0.4-3.3_all.deb to pool/main/p/player/robot-player-dev_2.0.4-3.3_all.deb robot-player-doc_2.0.4-3.3_all.deb to pool/main/p/player/robot-player-doc_2.0.4-3.3_all.deb robot-player_2.0.4-3.3_i386.deb to pool/main/p/player/robot-player_2.0.4-3.3_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Petter Reinholdtsen [EMAIL PROTECTED] (supplier of updated player package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 11 Aug 2008 17:25:17 +0200 Source: player Binary: robot-player robot-player-doc robot-player-dev libplayererror2 libplayererror2-dev libplayercore2 libplayercore2-dev libplayertcp2 libplayertcp2-dev libplayerxdr2 libplayerxdr2-dev libplayerc2 libplayerc2-dev libplayerc++2 libplayerc++2-dev libplayerdrivers2 libplayerdrivers2-dev libplayerjpeg2 libplayerjpeg2-dev python-playerc libpmap0 libpmap0-dev liblodo0 liblodo0-dev Architecture: source i386 all Version: 2.0.4-3.3 Distribution: unstable Urgency: low Maintainer: Michael Janssen [EMAIL PROTECTED] Changed-By: Petter Reinholdtsen [EMAIL PROTECTED] Description:
Bug#494265: Possible patch
On Mon, Aug 11, 2008 at 04:09:25PM +0200, Tomasz Mrugalski wrote: Thanks for investigating this issue. Although I'm maintainer of this package, my defconf and ucf understanding is rather limited (I'm upstream author, so I eneded up as maintainer of bunch of other packages: for Gentoo, OpenWRT etc). Whould it be possible to get rid of the ucf completely? dibbler-client.postinst could generate new version (and rename old one) without any ucf invocation. As I understand it, the only flaw would be that this backed up file would not be marked as config. file for dibbler-client. No, you definitely want to use ucf, because if you will ever change the default config file created by the package, and the existing config file will have local modification, ucf will prompt user to choose what (s)he wants to do: install the new version or keep the existing version. I've asked Joey Hess (debconf author) about it, and he said that if you have db_stop before invoking ucf, then ucf will not be able to start debconf after that, and that will cause a hang we see. Please go ahead and prepare a new release using my patch, and I can sponsor it, if needed. Cheers. -- Jurij Smakov [EMAIL PROTECTED] Key: http://www.wooyd.org/pgpkey/ KeyID: C99E03CC -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#362288: marked as done (xzgv: exploitable buffer overflow with crafted JPEG images [CVE-2006-1060])
Your message dated Mon, 11 Aug 2008 19:28:23 +0200 with message-id [EMAIL PROTECTED] and subject line Closing old security bug with versioning has caused the Debian Bug report #362288, regarding xzgv: exploitable buffer overflow with crafted JPEG images [CVE-2006-1060] to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 362288: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=362288 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: xzgv Version: 0.8-5 Severity: grave Tags: security patch Hi, recently an exploitable buffer overflow was discovered in xzgv, please see here for some details and some further URLs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1060 Please mention the CVE number in the changelog when you fix this to ease tracking. I attach a test case jpg, and the patch from upstream. Thank you! Martin -- Martin Pitthttp://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates? --- xzgv-0.8-patched/src/readjpeg.c Tue Mar 21 12:16:07 2006 +++ xzgv/src/readjpeg.c Wed Sep 21 21:15:01 2005 @@ -179,11 +179,13 @@ static int have_image; static int width,height; static unsigned char *image; +static int cmyk; unsigned char *ptr,*ptr2; int chkw,chkh; int f,rec; static int greyscale; /* static to satisfy gcc -Wall */ +cmyk=0; greyscale=0; lineptrs=NULL; @@ -225,6 +227,15 @@ greyscale=1; } +if(cinfo.jpeg_color_space==JCS_CMYK) + cmyk=1; + +if(cinfo.jpeg_color_space==JCS_YCCK) + { + cmyk=1; + cinfo.out_color_space=JCS_CMYK; + } + *wp=width=cinfo.image_width; *hp=height=cinfo.image_height; @@ -266,7 +277,7 @@ /* this one shouldn't hurt */ cinfo.do_block_smoothing=FALSE; -if(WH_BAD(width,height) || (*imagep=image=malloc(width*height*3))==NULL) +if(WH_BAD(width,height) || (*imagep=image=malloc(width*(height+cmyk)*3))==NULL) longjmp(jerr.setjmp_buffer,1); jpeg_start_decompress(cinfo); @@ -279,12 +290,33 @@ for(f=0;fheight;f++,ptr+=width*3) lineptrs[f]=ptr; -rec=cinfo.rec_outbuf_height; -while(cinfo.output_scanlineheight) +if(!cmyk) { - f=height-cinfo.output_scanline; - jpeg_read_scanlines(cinfo,lineptrs+cinfo.output_scanline, - frec?rec:f); + rec=cinfo.rec_outbuf_height; + while(cinfo.output_scanlineheight) +{ +f=height-cinfo.output_scanline; +jpeg_read_scanlines(cinfo,lineptrs+cinfo.output_scanline, +frec?rec:f); +} + } +else /* cmyk output */ + { + int tmp; + + ptr=image; + while(cinfo.output_scanlineheight) +{ +jpeg_read_scanlines(cinfo,ptr,1); +ptr2=ptr; +for(f=0;fwidth;f++,ptr+=3,ptr2+=4) + { + tmp=ptr2[3]; + ptr[0]=(tmp*ptr2[0])/255; + ptr[1]=(tmp*ptr2[1])/255; + ptr[2]=(tmp*ptr2[2])/255; + } +} } free(lineptrs); attachment: xzgv.CVE-2006-1060.jpg signature.asc Description: Digital signature ---End Message--- ---BeginMessage--- Version: 0.8-5.1 ---End Message---
Processed: Re: Bug#477140: nozomi-source: Oops loading the module
Processing commands for controlbugs.debian.org: reassign 477140 ftp.debian.org Bug#477140: nozomi-source: Oops loading the module Bug reassigned from package `nozomi-source' to `ftp.debian.org'. retitle 477140 RM: nozomi-source -- Obsolete, has been merged into mainline kernel Bug#477140: nozomi-source: Oops loading the module Changed Bug title to `RM: nozomi-source -- Obsolete, has been merged into mainline kernel' from `nozomi-source: Oops loading the module'. severity 477140 normal Bug#477140: RM: nozomi-source -- Obsolete, has been merged into mainline kernel Severity set to `normal' from `grave' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#377049: marked as done (gimp: Buffer overrun in XCF reading code)
Your message dated Mon, 11 Aug 2008 19:28:18 +0200 with message-id [EMAIL PROTECTED] and subject line Closing old security bug with versioning has caused the Debian Bug report #377049, regarding gimp: Buffer overrun in XCF reading code to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 377049: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377049 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: gimp Version: 2.2.6-1 Severity: grave Tags: security patch Justification: user security hole I have reported this bug privately to the maintainer and the security team, but it turns out that the upstream developers have no way of reporting security bugs privately, so it is hereby in the open. It is #346742 in the upstream bug tracking system. The problem is in the function xcf_load_vector() in app/xcf/xcf-load.c of the source tree. For each stroke being read, the code reads an uint32 from the XCF file into the variable num_axes, and then for each control proint of the stroke reads num_axes floats from the file into the stack-allocated array coords whose size is hard-coded as 6. A malicious XCF file creater could write a large number into the num_axes position and trick the XCF reader into overwriting part of the stack with raw data read from the file. On little-endian systems, the function xcf_read_float() that actually reads the floats does a byte-order conversion on the data it reads but does not do any special float processing, so an attacker has direct control of the data written to the stack. I have not attempted to construct an working exploit (though I did verify being able to crash Gimp with a naively patched image file), but there seems to be no reason why the overrun could not be used to mount a standard arbitrary code execution attack if one can get the victim to try to load an appropriately crafted image file. The attack is in the VECTORS property of an XCF file which pure XCF _viewers_ (e.g. imagemagick or xcftools) normally skip without parsing. Thus an attack file can easily be written such that the image will display correctly with no symptoms at all in a viewer application. The same bug appears in the unstable (2.2.11) and experimental (2.3.9) versions, as well as the upsteam CVS head. The attached patch should fix it (more gracefully than the one in my earlier private report). diff -rU6 gimp-2.2.6/app/xcf/xcf-load.c gimp-2.2.6.new/app/xcf/xcf-load.c --- gimp-2.2.6/app/xcf/xcf-load.c 2004-11-03 12:50:37.0 +0100 +++ gimp-2.2.6.new/app/xcf/xcf-load.c 2006-07-06 12:27:33.982404488 +0200 @@ -1658,12 +1658,18 @@ xcf_seek_pos (info, info-cp + 4 * num_axes * num_control_points, NULL); continue; } + if (num_axes 2 || num_axes 6) +{ + g_printerr (bad number of axes in stroke description\n); + return FALSE; +} + control_points = g_value_array_new (num_control_points); anchor.selected = FALSE; for (j = 0; j num_control_points; j++) { ---End Message--- ---BeginMessage--- Version: 2.2.12-1 ---End Message---
Bug#477140: nozomi-source: Oops loading the module
reassign 477140 ftp.debian.org retitle 477140 RM: nozomi-source -- Obsolete, has been merged into mainline kernel severity 477140 normal thanks Michael Prokop wrote: * Moritz Muehlenhoff [EMAIL PROTECTED] [20080807 22:48]: Michael Prokop wrote: * Frederik Schueler [EMAIL PROTECTED] [20080428 17:50]: 2.6.25-trunk-amd64 works: I guess you are using 2.6.26[-1-amd64] already? I assume the nozomi issue is resolved for you with the kernel targeted for Lenny as well? If so I'd close this bugreport. If the regular in-tree driver works, while the one from the seperate nozomi fails to compile, we should remove nozomi-source altogether. Yes, that was and still is my plan. :) Ok, reassigning the bug to ftp.debian.org, then. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#492084: atitvout: should this package be removed?
On Wed, Jul 23, 2008 at 07:40:01PM +0200, Philippe Coval wrote: Hi, I'll try to fix this bug, see comments bellow * Fairly low popcon. 242 * Upstream has been dead since 2004. yes but It worked as expected since * RC Buggy. I'll see If I can find a workaround, actually the problem is not in ativout itself but in lrmi which is also noticed in http://bugs.debian.org/490746 BTW, would it be a good idea to package lrmi appart ? * Functionality exists in GATOS and probably now Xorg directly. I am not sure it works on all gfx adapters see : http://bugs.debian.org/481748 If you think that it should be orphaned instead of being removed from Debian, please reply to this bug and tell so. Orphaned? I just adopted it If you disagree and want to continue to maintain this package, please just close this bug and do an upload also fixing the other issues. I'll try to have a look at it before summer vacations , so I let the bug open untill a next release I think you can just as well close it right now, the FBTFS bug report was invalid, atitvout has users and you're maintaining it, so I don't see any reason to have it orphaned, it's certainly not a RC problem. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494719: kernel-patch-badram: Doesn't apply to Lenny release kernek
Package: kernel-patch-badram Severity: grave Justification: renders package unusable kernel-patch-badram is only available for kernels up to 2.6.23 and doesn't apply against later kernels due to the x86 arch unification. It should be updated to 2.6.26. Cheers, Moritz -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494720: linux-patch-gcov: Doesn't apply to Lenny release kernel
Package: linux-patch-gcov Severity: grave Justification: renders package unusable This packages only provides a patch for kernels up to 2.6.18, the patch included doesn't apply to current kernels anymore. Please the patch update to 2.6.26. Cheers, Moritz -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494721: linux-patch-skas: Doesn't apply against Lenny release kernel
Package: linux-patch-skas Severity: grave Justification: renders package unusable This package only provide a kernel patch up to 2.6.18 and doesn't apply against later kernels (especially due to the unification of the x86 architecture). Cheers, Moritz -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#493848: marked as done
Hello Jonas, Marco and Yussuf, it works now also for me on my amd64. Since it is only a matter of scripts, I should work on all plattforms, right? Thank you all for putting things right so rapidly! Best regards, Sebastian Am Montag, den 11.08.2008, 12:27 +0200 schrieb Yusuf Iskenderoglu: Hello Jonas, The newest version is working as expected. Thank you. Yusuf. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#493488: marked as done (CVE-2008-3459: Remote command execution)
Your message dated Mon, 11 Aug 2008 18:02:04 + with message-id [EMAIL PROTECTED] and subject line Bug#493488: fixed in openvpn 2.1~rc9-1 has caused the Debian Bug report #493488, regarding CVE-2008-3459: Remote command execution to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 493488: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493488 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: openvpn Version: 2.1~rc8-1 Tags: security Severity: grave | * Security Fix -- affects non-Windows OpenVPN clients running |OpenVPN 2.1-beta14 through 2.1-rc8 (OpenVPN 2.0.x clients are NOT |vulnerable nor are any versions of the OpenVPN server vulnerable). |An OpenVPN client connecting to a malicious or compromised |server could potentially receive an lladdr or iproute |configuration directive from the server which could cause arbitrary |code execution on the client. A successful attack requires that (a) |the client has agreed to allow the server to push configuration |directives to it by including pull or the macro client in its |configuration file, (b) the client successfully authenticates the |server, (c) the server is malicious or has been compromised and is |under the control of the attacker, and (d) the client is running a |non-Windows OS. Credit: David Wagner. | | * Miscellaneous defensive programming changes to multiple |areas of the code. In particular, use of the system() call |for calling executables such as ifconfig, route, and |user-defined scripts has been completely revamped in favor |of execve() on unix and CreateProcess() on Windows. http://openvpn.net/index.php/documentation/change-log/changelog-21.html CVE not yet known. ---End Message--- ---BeginMessage--- Source: openvpn Source-Version: 2.1~rc9-1 We believe that the bug you reported is fixed in the latest version of openvpn, which is due to be installed in the Debian FTP archive: openvpn_2.1~rc9-1.diff.gz to pool/main/o/openvpn/openvpn_2.1~rc9-1.diff.gz openvpn_2.1~rc9-1.dsc to pool/main/o/openvpn/openvpn_2.1~rc9-1.dsc openvpn_2.1~rc9-1_i386.deb to pool/main/o/openvpn/openvpn_2.1~rc9-1_i386.deb openvpn_2.1~rc9.orig.tar.gz to pool/main/o/openvpn/openvpn_2.1~rc9.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alberto Gonzalez Iniesta [EMAIL PROTECTED] (supplier of updated openvpn package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 11 Aug 2008 19:40:11 +0200 Source: openvpn Binary: openvpn Architecture: source i386 Version: 2.1~rc9-1 Distribution: unstable Urgency: high Maintainer: Alberto Gonzalez Iniesta [EMAIL PROTECTED] Changed-By: Alberto Gonzalez Iniesta [EMAIL PROTECTED] Description: openvpn- virtual private network daemon Closes: 493488 Changes: openvpn (2.1~rc9-1) unstable; urgency=high . * New upstream version. * Urgency high since it fixes a security bug in versions 2.1-beta14 to 2.1-rc8. CVE-2008-3459. (Closes: #493488) * Added sample-scripts/ to examples directory. * Thanks Tristan Hill for rewritten debian_openssl_vulnkeys.patch Checksums-Sha1: 0b1cf212d7ecb91bd3aae9d79ed623c156f441c4 1055 openvpn_2.1~rc9-1.dsc 56b01fd9b2cdd8bd4c2257d91b9b879a6f9db1d8 818716 openvpn_2.1~rc9.orig.tar.gz 4a5650e24c5df8bfccd81ff5e31565dd5282daf4 80393 openvpn_2.1~rc9-1.diff.gz f3f907851f171ce753fd96126d6d409a737eecbf 399642 openvpn_2.1~rc9-1_i386.deb Checksums-Sha256: eae94f704b161e37d9e2f2332a6af12ea16e039af468805e2ec71171d016136c 1055 openvpn_2.1~rc9-1.dsc f73ec227a5fb7f4c73190e7ae52a59a4db149e8d628f22e8a0a762a58fbb424d 818716 openvpn_2.1~rc9.orig.tar.gz a0c58219854712a6ec22cd49371ccb40d5a4d82c7743d12b4e35ab728dc34612 80393 openvpn_2.1~rc9-1.diff.gz 78562eda248efcf97d1eb11dd75a2ad4adc489b1b83ddc8757cdfe7826e9a739 399642 openvpn_2.1~rc9-1_i386.deb Files: 3f94ba64021aa9b6a66ee6d0ff69b44a 1055 net optional openvpn_2.1~rc9-1.dsc f435e4ad43cf4323e942da570bae4951 818716 net optional openvpn_2.1~rc9.orig.tar.gz d4429356670cff7998d9ea1bd06e4cb7 80393 net optional openvpn_2.1~rc9-1.diff.gz 2e0ee61cd74b7f6b06bb89fc127824e6 399642 net
Bug#489048: marked as done (fails to build on arm/armel)
Your message dated Mon, 11 Aug 2008 18:32:06 + with message-id [EMAIL PROTECTED] and subject line Bug#489048: fixed in openocd 0.0+r655-1.1 has caused the Debian Bug report #489048, regarding fails to build on arm/armel to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 489048: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489048 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: openocd Version: 0.0+r655-1 Severity: serious See e.g. http://buildd.debian.org/fetch.cgi?pkg=openocdver=0.0%2Br655-1arch=armstamp=1214956741file=log: Making all in helper make[4]: Entering directory `/tmp/buildd/openocd-0.0+r655/src/helper' cc -DHAVE_CONFIG_H -I. -I../.. -DPKGDATADIR=\/usr/share/openocd\ -DPKGLIBDIR=\/usr/lib/openocd\-g -O2 -g -Wall -O2 -c binarybuffer.c In file included from log.h:23, from binarybuffer.c:28: replacements.h:30:28: error: pkgconf/system.h: No such file or directory make[4]: *** [binarybuffer.o] Error 1 Since this part of the code is only enabled if BUILD_ECOSBOARD is defined, it only fails on arm* Gruesse, Frank Lichtenheld -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.25-2-686 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash ---End Message--- ---BeginMessage--- Source: openocd Source-Version: 0.0+r655-1.1 We believe that the bug you reported is fixed in the latest version of openocd, which is due to be installed in the Debian FTP archive: openocd_0.0+r655-1.1.diff.gz to pool/main/o/openocd/openocd_0.0+r655-1.1.diff.gz openocd_0.0+r655-1.1.dsc to pool/main/o/openocd/openocd_0.0+r655-1.1.dsc openocd_0.0+r655-1.1_armel.deb to pool/main/o/openocd/openocd_0.0+r655-1.1_armel.deb openocd_0.0+r655-1.1_i386.deb to pool/main/o/openocd/openocd_0.0+r655-1.1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Riku Voipio [EMAIL PROTECTED] (supplier of updated openocd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 11 Aug 2008 21:09:24 +0300 Source: openocd Binary: openocd Architecture: armel i386 source Version: 0.0+r655-1.1 Distribution: unstable Urgency: low Maintainer: Uwe Hermann [EMAIL PROTECTED] Changed-By: Riku Voipio [EMAIL PROTECTED] Closes: 489048 Description: openocd- Open on-chip JTAG debug solution for ARM7 and ARM9 systems Changes: openocd (0.0+r655-1.1) unstable; urgency=low . * Non-maintainer upload. * disable ecosboard build, closes: #489048 Checksums-Sha1: 3438c7f92bf6693f11c93830d1057c40c87f28c6 237427 openocd_0.0+r655-1.1.diff.gz 3f8346f0dc64287cfb72628e8f55cff28b4cc398 502032 openocd_0.0+r655-1.1_i386.deb 955bd97b85ab7913dac2437962d0e4ef66ad2058 517700 openocd_0.0+r655-1.1_armel.deb 1cde4fd1cc908a46f8f05fdb6ee3ea8cc8c77fda 1211 openocd_0.0+r655-1.1.dsc Checksums-Sha256: 24ffbadea8abc23aa742f4e85c372e18272fe4336dd59473e060e92ee6f5ecf0 502032 openocd_0.0+r655-1.1_i386.deb 3c615e5ed7ab01a41bb8b942ea12a09d251e65e6ca623e3f292a66d53165d354 237427 openocd_0.0+r655-1.1.diff.gz ebdb33736ba4af98b280f40f2148a4505a2d8ccf929269555e3096aa26f4b3d8 1211 openocd_0.0+r655-1.1.dsc ba90655bf9538c2ed41b69931e77400ba5839db345c6e81b79d9dabdf3cb79ff 517700 openocd_0.0+r655-1.1_armel.deb Files: 5528d1297014924d0b7ea73cf999f189 517700 embedded extra openocd_0.0+r655-1.1_armel.deb 7e1aeb5bbded909e22e2c964037dbde6 1211 embedded extra openocd_0.0+r655-1.1.dsc fbfae7571d5db550448782f1604e5b65 502032 embedded extra openocd_0.0+r655-1.1_i386.deb fff084a12e15c956b18ab342deacec91 237427 embedded extra openocd_0.0+r655-1.1.diff.gz -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIoISMibPvMsrqrwMRAowLAJ9iLKKJOCOPGhdluIg6FOXHbPsZewCfXme+ rKewAbjBQdmMImSPrMN9zlw= =DuYc -END PGP SIGNATURE- ---End Message---
Bug#494473: severity of 494473 is serious
Dear all, Thank you all for getting unifont 5.1.20080808-2 uploaded! Yes, just as Paul mentioned, I had been very busy with my work and personal life, and I would have missed the necessary Replaces: line too; thank you Robert for catching that. :-) Cheers, Anthony -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#492519: fixed in vim 2:7.2c.000-1
Hi James, On Thu, Aug 07, 2008 at 07:17:07PM +, James Vega wrote: * runtime/autoload/netrw.vim: Fix deletion of incorrect file in wide display listing. Using Jan Minář's patch from the vim-dev list. (Closes: #492519) his bug is still open in Lenny. Do you agree on the serious severity of this bug? If so, could the mentioned fix please be backported to Lenny? Kind regards, Philipp Kern signature.asc Description: Digital signature
Bug#494340: fslview: FTBFS in lenny: CMake errors
Hi, On Mon, Aug 11, 2008 at 02:40:09PM +0200, Michael Hanke wrote: On Mon, Aug 11, 2008 at 02:29:21PM +0900, Charles Plessy wrote: Le Fri, Aug 08, 2008 at 11:41:56AM -0300, Lucas Nussbaum a écrit : During a rebuild of all packages in a lenny chroot, your package failed CMake Error: Error required internal CMake variable not set, cmake may be not be built correctly. Missing variable is: QT_MOC_EXECUTABLE CMake Error: Error required internal CMake variable not set, cmake may be not be built correctly. Missing variable is: QT_UIC_EXECUTABLE CMake Error: Error required internal CMake variable not set, cmake may be not be built correctly. Missing variable is: QT_MOC_EXECUTABLE Bonjour Lucas, Today I built fslview fine with a Lenny cowbuilder on a powerpc platform. What should we do with this bug ? I will fix it over the next few days. (Just came back from vacation). I checked the package and realized that I fixed that long ago: fslview (3.0+4.0.2-5) unstable; urgency=low * Specify Qt3 dev tools explicitly to be compatible with cmake 2.6 and add missing include path (Closes: #482209). -- Michael Hanke [EMAIL PROTECTED] Wed, 21 May 2008 19:38:18 +0200 This version is sitting in unstable and I missed that it never made it into lenny, because it does not build on ARM (stupid me). However, the reason why it does not build seems to be uic-qt3 segfaulting (exclusively) on ARM. I'm a little clueless where to start looking for the bug -- help/ideas is very much appreciated. http://buildd.debian.org/~jeroen/status/package.php?p=fslview Thanks, Michael -- GPG key: 1024D/3144BE0F Michael Hanke http://apsy.gse.uni-magdeburg.de/hanke ICQ: 48230050 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#491505: [package varmon] varmon segfaults on Etch i386
Julien, there is a Release Critical bug filed against your package. Unfortunately this package (varmon) needs special hardware to test it. Could you please look if the problem the submitter faces is currently reproduceable in Lenny? (The upstream version is the same, though.) On Sun, Jul 20, 2008 at 12:58:21AM +0200, Christoph Franzen wrote: Varmon segfaults almost immediately. ~# varmon Scanning for VA safety backplane. Please wait a few moments... DAC960: Ctrlr 0, PCI 00:0b:01, IRQ 5, Channels 1 DAC960: Model DAC960PTL1, Firmware 4.08-0-37 Scanning Controller[0], Channel[0], ID[0] Segmentation fault I don't want to pull such specialised packages from testing lightly... Kind regards, Philipp Kern -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: fixed 494340 in 3.0+4.0.2-5
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 fixed 494340 3.0+4.0.2-5 Bug#494340: fslview: FTBFS in lenny: CMake errors Bug marked as fixed in version 3.0+4.0.2-5. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: fixed 486499 in 0.17.0~rc1-1
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 fixed 486499 0.17.0~rc1-1 Bug#486499: ruby-gnome2: wrong use of DEB_RUBY_LIBDIR Bug marked as fixed in version 0.17.0~rc1-1. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: fixed 486499 in ruby-gnome2/0.17.0~rc1-1
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 fixed 486499 ruby-gnome2/0.17.0~rc1-1 Bug#486499: ruby-gnome2: wrong use of DEB_RUBY_LIBDIR Bug marked as fixed in version ruby-gnome2/0.17.0~rc1-1. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: notfound 486499 in webgen/0.3.8-2
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 notfound 486499 webgen/0.3.8-2 Bug#486499: ruby-gnome2: wrong use of DEB_RUBY_LIBDIR Bug no longer marked as found in version webgen/0.3.8-2. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: reassign 486499 to ruby-gnome2
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 reassign 486499 ruby-gnome2 0.16.0-12 Bug#486499: ruby-gnome2: wrong use of DEB_RUBY_LIBDIR Bug reassigned from package `webgen' to `ruby-gnome2'. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: closing 493276
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 close 493276 Bug#493276: [powerpc] segfaults immediately 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug closed, send any further explanations to Peter De Wachter [EMAIL PROTECTED] End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: closing 493273
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 close 493273 Bug#493273: [powerpc] segfaults immediately 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug closed, send any further explanations to Peter De Wachter [EMAIL PROTECTED] End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: closing 493271
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 close 493271 Bug#493271: [powerpc] segfaults immediately 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug closed, send any further explanations to Peter De Wachter [EMAIL PROTECTED] End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: closing 493270
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 close 493270 Bug#493270: [powerpc] segfaults immediately 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug closed, send any further explanations to Peter De Wachter [EMAIL PROTECTED] End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: closing 492055
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 close 492055 Bug#492055: [powerpc] segfaults immediately 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug closed, send any further explanations to Pancho Horrillo [EMAIL PROTECTED] End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: closing 493278
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 close 493278 Bug#493278: [powerpc] segfaults immediately 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug closed, send any further explanations to Peter De Wachter [EMAIL PROTECTED] End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: closing 493274
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 close 493274 Bug#493274: [powerpc] segfaults immediately 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug closed, send any further explanations to Peter De Wachter [EMAIL PROTECTED] End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: closing 493277
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 close 493277 Bug#493277: [powerpc] segfaults immediately 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug closed, send any further explanations to Peter De Wachter [EMAIL PROTECTED] End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: closing 493279
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 close 493279 Bug#493279: [powerpc] segfaults immediately 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug closed, send any further explanations to Peter De Wachter [EMAIL PROTECTED] End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: closing 493275
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.35 close 493275 Bug#493275: [powerpc] segfaults immediately 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug closed, send any further explanations to Peter De Wachter [EMAIL PROTECTED] End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#485848: Bugs confirmed, thanks
On Mon, 2008-08-11 at 01:12 -0300, Philipp Kern wrote: On Thu, Jun 12, 2008 at 09:08:30PM +0200, Mirco Bauer wrote: On Thu, 2008-06-12 at 09:05 +0200, David Paleino wrote: Hi Mirco, I'm tagging theses bugs so that you know I've acknowledged them :) I won't be at home for two days (I'll be back tomorrow night), so I don't expect to do any work in this timeframe. Please wait at least until Saturday, I believe I'll be able to do something only then. No problem, take the time you need, there is no rush... No actually it is really late now. The bugs are open since some months and need to be acted upon. Package maintainers are expected to fix RC bugs in a timely manner, they must not leave it open for months. Please act upon them, we are going to release soon. If not, packages might be pulled from testing. There are no reverse dependency and since we are frozen there will not be any users of this library for lenny. Kind regards, Philipp Kern -- Regards, Mirco 'meebey' Bauer PGP-Key ID: 0xEEF946C8 FOSS Developer[EMAIL PROTECTED] http://www.meebey.net/ PEAR Developer[EMAIL PROTECTED] http://pear.php.net/ Debian Developer [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: This is a digitally signed message part
Bug#491984: Potential fixes
ProFont has now been removed upstream. Currently investigating options with Luxi. It's a no-mod license. It is more compressed vertically than dejavu varieties. May remove it anyway. Thanx for the notes. -- Tim Riker - http://Rikers.org/ - [EMAIL PROTECTED] Embedded Linux Technologist - http://eLinux.org/ BZFlag maintainer - http://BZFlag.org/ - for fun! ☢ ☛ ¿ǝʇɐɔıʇǝu pooƃ ǝɹnʇɐuƃıs ɹnoʎ uı 8-ɟʇn sı ☚ ☢ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: dealing with some more of the bugs lucas unarchived
Processing commands for controlbugs.debian.org: #bug about putting files in lib64 on amd64 when they should be in lib #current lenny/sid version has them correctly in lib close 461603 1.3.3.12.dfsg-1 Bug#461603: scribus: FTBFS on amd64: Uses lib64. 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 1.3.3.12.dfsg-1, send any further explanations to Kurt Roeckx [EMAIL PROTECTED] #FTBFs on i386 with gcc 4.3 bug #Current lenny/sid version builds fine in my i386 lenny and sid chroots close 474850 1.2-1 Bug#474850: libbuffy: FTBFS: mailfolder/mailbox.cc:82: error: 'strncmp' was not declared in this scope 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 1.2-1, send any further explanations to Lucas Nussbaum [EMAIL PROTECTED] #FTBFS on i386 with dpkg-buildpackage versions that set CFLAGS bug #Current lenny/sid version builds fine in my i386 lenny and sid chroots close 475985 0.2.7-2 Bug#475985: freepops: FTBFS: popserver.c:766: error: 'PROGRAMNAME' undeclared (first use in this function) 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 0.2.7-2, send any further explanations to Lucas Nussbaum [EMAIL PROTECTED] #Request for change of build dependency from pciutils-dev to libpci-dev #current lenny version is the one that closed the bug #current sid version has the dependency on libpci-dev close 478395 0.8-1 Bug#478395: uswsusp: FTBFS: libpci-dev replaced pciutils-dev 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 0.8-1, send any further explanations to AnÃbal Monsalve Salazar [EMAIL PROTECTED] #Request for correction to maintainer address #Current sid version has the correct address close 479500 0.3.0-1 Bug#479500: hippo-canvas: maintainer address bounces (simple typo) 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 0.3.0-1, send any further explanations to Lucas Nussbaum [EMAIL PROTECTED] End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#493276: Original bug in gdc fixed; binary rebuilds probably need to be requested for broken powerpc packages
On Sun, Aug 10, 2008 at 11:17:55PM -0300, Philipp Kern wrote: On Sun, Aug 10, 2008 at 08:34:04AM -0700, Don Armstrong wrote: The original bug which caused all of these blocking bugs has been fixed; rebuilds probably need to be requested for all of these packages. BinNMUs scheduled: nmu a7xpg . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: #493270)' nmu gunroar . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: #493271)' nmu ii-esu . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: #493272)' nmu mu-cade . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: #493273)' nmu parsec47 . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: #493274)' nmu projectl . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: #493275)' nmu tatan . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: #493276)' nmu titanion . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: #493277)' nmu tumiki-fighters . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: #493278)' nmu val-and-rick . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: #493279)' nmu torus-trooper . powerpc -m 'rebuild against an updated gdc-4.1 (Closes: #492055)' The bugs will need to be closed manually, though. Done so now, as the builds were uploaded. Kind regards, Philipp Kern signature.asc Description: Digital signature
Bug#493444: i810switch: FTBFS: Missing Build-Depends - intend to NMU
Hi, this bug is slightly older than a week, thus I intend to NMU it. The very small debdiff is attached. James, do you have any objections (or want to handle this on your own?) Regards Evgeni diff -u i810switch-0.6.5/debian/changelog i810switch-0.6.5/debian/changelog --- i810switch-0.6.5/debian/changelog +++ i810switch-0.6.5/debian/changelog @@ -1,3 +1,11 @@ +i810switch (0.6.5-5.1) unstable; urgency=low + + * Non-maintainer upload. + * Build-Depend on dpatch. (Closes: #493444) + * Don't export DH_VERBOSE=1 in debian/rules. + + -- Evgeni Golov [EMAIL PROTECTED] Mon, 11 Aug 2008 21:45:42 +0200 + i810switch (0.6.5-5) unstable; urgency=low * Updated to standards version 3.8.0: no changes. diff -u i810switch-0.6.5/debian/control i810switch-0.6.5/debian/control --- i810switch-0.6.5/debian/control +++ i810switch-0.6.5/debian/control @@ -2,7 +2,7 @@ Section: utils Priority: optional Maintainer: James Bromberger [EMAIL PROTECTED] -Build-Depends: debhelper ( 4.0.0) +Build-Depends: debhelper ( 4.0.0), dpatch Standards-Version: 3.8.0 Package: i810switch diff -u i810switch-0.6.5/debian/rules i810switch-0.6.5/debian/rules --- i810switch-0.6.5/debian/rules +++ i810switch-0.6.5/debian/rules @@ -3,7 +3,7 @@ # GNU copyright 1997 to 1999 by Joey Hess. # Uncomment this to turn on verbose mode. -export DH_VERBOSE=1 +#export DH_VERBOSE=1 pgpWVj6EiXF1A.pgp Description: PGP signature
Processed: tagging 486974
Processing commands for controlbugs.debian.org: # Automatically generated email from bts, devscripts version 2.10.33 tags 486974 pending Bug#486974: atlas: FTBFS: Error: symbol `dp2dpGuBLm_N_loop2dpGuBLm' is already defined Tags were: patch Tags added: pending End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#492519: fixed in vim 2:7.2c.000-1
On Mon, Aug 11, 2008 at 04:17:57PM -0300, Philipp Kern wrote: Hi James, On Thu, Aug 07, 2008 at 07:17:07PM +, James Vega wrote: * runtime/autoload/netrw.vim: Fix deletion of incorrect file in wide display listing. Using Jan Minář's patch from the vim-dev list. (Closes: #492519) his bug is still open in Lenny. Do you agree on the serious severity of this bug? If so, could the mentioned fix please be backported to Lenny? I'm a little skeptical about the severity since the user is prompted to confirm the deletion of the file and the prompt lists the actual file it is going to delete. I did want to request a freeze exception for the 7.2 final release (which I'm working on now) as there were many security-related fixes made in 7.2 as well as improvements to some of the fixes that are present in 7.1.314-3. I realize though that this exception will probably be met with resistance since it's a new upstream release. -- James GPG Key: 1024D/61326D40 2003-09-02 James Vega [EMAIL PROTECTED] signature.asc Description: Digital signature
Bug#491505: [package varmon] varmon segfaults on Etch i386
At 1218482627 time_t, Philipp Kern wrote: there is a Release Critical bug filed against your package. Unfortunately this package (varmon) needs special hardware to test it. Could you please look if the problem the submitter faces is currently reproduceable in Lenny? (The upstream version is the same, though.) No, because I don't have the hardware neither. The etch version already had this problem (segfault) and it was avoided recompiling with a different -O option to gcc, see #401236. So I've no clue on how to debug and fix, and lenny may be affected anyway. Cheers, -- Julien Danjou .''`. Debian Developer : :' : http://julien.danjou.info `. `' http://people.debian.org/~acid `- 9A0D 5FD9 EB42 22F6 8974 C95C A462 B51E C2FE E5CD signature.asc Description: Digital signature