date:20080811

Bug#494473: severity of 494473 is serious

2008-08-11 Thread Robert Millan

On Sun, Aug 10, 2008 at 07:51:31PM -0700, Paul Hardy wrote:
 Robert:
 
 On Sun, Aug 10, 2008 at 11:54 AM, Paul Hardy [EMAIL PROTECTED] wrote:
  On Sun, Aug 10, 2008 at 9:58 AM, Robert Millan [EMAIL PROTECTED] wrote:
  On Sun, Aug 10, 2008 at 09:04:34AM -0700, Paul Hardy wrote:
  I just saw from reading about Bug #494460 that it was unifont-bin that
  installed unifont.hex.  With the package I put together last night for
  testing, /usr/share/unifont/unifont.hex is put in place by the
  unifont package, not the unifont-bin package...
 
  If it would be better, you could take the unifont source package the
  way I put it together and make these changes:
 
  1) Delete the file debian/unifont.install (nothing else used it
  -- I just added it for this bug)
  2) Add the directory usr/share/unifont to debian/unifont-bin.install
 
  I'll leave it up to your judgment.  If it will be easier for GRUB to
  upload the above as a -3 version, please do so.
 
 When I wrote the above, I didn't have a preference one way or another.
  Now I do.
 
 After thinking about this, I believe the best long-term solution is to
 leave unifont.hex as part of the unifont package, the way it is in the
 -2 release, and not placing it in the unifont-bin package.  This is
 because the nature of unifont.hex and of the unifont package in
 general are both Architecture: all and the nature of the unifont-bin
 package is definitely not Architecture: all.  With unifont.hex out
 of the unifont-bin package, that will prevent redundant copies of a 4
 Megabyte unifont.hex file (one for each architecture) from getting put
 in every single binary build.

Ok.

-- 
Robert Millan

  The DRM opt-in fallacy: Your data belongs to us. We will decide when (and
  how) you may access your data; but nobody's threatening your freedom: we
  still allow you to remove your data and not access it at all.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494544: debroster: arch-indep data in /usr/lib

2008-08-11 Thread Matthew Vernon

Chris Lamb writes:
  tags 494544 + patch
  thanks

Thanks for a very swift patch :)

Regards,

Matthew 

-- 
At least you know where you are with Microsoft.
True. I just wish I'd brought a paddle.
http://www.debian.org



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: Fwd: Bug#494643: jags: should this package be removed?

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 severity 494643 normal
Bug#494643: jags: should this package be removed?
Severity set to `normal' from `serious'

 reassign 494643 ftp.debian.org
Bug#494643: jags: should this package be removed?
Bug reassigned from package `jags' to `ftp.debian.org'.

 retitle 494643 RM: jags -- RoM; no longer maintainable
Bug#494643: jags: should this package be removed?
Changed Bug title to `RM: jags -- RoM; no longer maintainable' from `jags: 
should this package be removed?'.

 thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#493488: Updated debian_openssl_vulnkeys.patch

2008-08-11 Thread Tristan Hill


To upgrade the current package to rc9 the debian_openssl_vulnkeys.patch
needed some work due to upstream changes.  Attached is updated version
on the hope it might be useful.

Regards
Tristan
Index: trunk/init.c
===
--- trunk/init.c	(revision 56669)
+++ trunk/init.c	(working copy)
@@ -1513,6 +1513,23 @@
   const struct options *options = c-options;
   ASSERT (options-shared_secret_file);
 
+  /* CVE-2008-0166 (Debian weak key checks) */
+  /* Only check if we can actually read the key file. Unless the file does not
+   * exist in the first place, this should never happen (since static keys do
+   * not work with multi-client mode), but we test it anyway to be on the safe
+   * side and avoid wrong -vulnkey alerts. */
+  if (access (options-shared_secret_file, R_OK) == 0)
+{
+  struct argv argv = argv_new ();
+  argv_printf (argv, /usr/sbin/openvpn-vulnkey -q %s, options-shared_secret_file);
+  argv_msg (M_INFO, argv);
+  if (openvpn_execve (argv, c-c2.es, 0) != 0)
+{
+  msg (M_WARN, *** WARNING ***: '%s' is a known vulnerable key. See 'man openvpn-vulnkey' for details., options-shared_secret_file);
+}
+  argv_reset (argv);
+}
+
   init_crypto_pre (c, flags);
 
   /* Initialize packet ID tracking */
@@ -1598,6 +1615,7 @@
 do_init_crypto_tls_c1 (struct context *c)
 {
   const struct options *options = c-options;
+  SSL *ssl;
 
   if (!c-c1.ks.ssl_ctx)
 {
@@ -1634,6 +1652,53 @@
 		 options-ciphername_defined, options-authname,
 		 options-authname_defined, options-keysize, true, true);
 
+  /* CVE-2008-0166 (Debian weak key checks)
+   * Obtain the modulus and bits from the certificate that was initialized,
+   * and send that to openssl-vulnkey.
+   */
+  ssl = SSL_new(c-c1.ks.ssl_ctx);
+  if (ssl != NULL)
+{
+  X509* cert = NULL;
+  char *bn;
+  int bits;
+
+  cert = SSL_get_certificate(ssl);
+  if (cert != NULL)
+{
+  EVP_PKEY *pkey = X509_get_pubkey (cert);
+  if (pkey != NULL)
+{
+  if (pkey-type == EVP_PKEY_RSA  pkey-pkey.rsa != NULL
+   pkey-pkey.rsa-n != NULL)
+{
+  bits = BN_num_bits(pkey-pkey.rsa-n);
+  bn = BN_bn2hex(pkey-pkey.rsa-n);
+}
+  else if (pkey-type == EVP_PKEY_DSA  pkey-pkey.dsa != NULL
+pkey-pkey.dsa-p != NULL)
+{
+  bits = BN_num_bits(pkey-pkey.dsa-p);
+  bn = BN_bn2hex(pkey-pkey.dsa-p);
+}
+  if (bn != NULL)
+{
+  struct argv argv = argv_new ();
+  argv_printf (argv, /usr/bin/openssl-vulnkey -q -b %d -m %s, bits, bn);
+  OPENSSL_free(bn);
+  msg (M_INFO, /usr/bin/openssl-vulnkey -q -b %d -m modulus omitted, bits);
+  if (openvpn_execve (argv, NULL, 0) != 0)
+{
+  msg (M_WARN, *** WARNING ***: '%s' is a known vulnerable key. See 'man openvpn-vulnkey' for details., options-shared_secret_file);
+}
+  argv_reset (argv);
+}
+  EVP_PKEY_free (pkey);
+   }
+}
+SSL_free(ssl);
+ }
+
   /* TLS handshake authentication (--tls-auth) */
   if (options-tls_auth_file)
 	{

Bug#494650: The possibility of attack with the help of symlinks in some Debian packages

2008-08-11 Thread Dmitry E. Oboukhov

Package: nws
Severity: grave
Tags: security

This message about the error concerns a few packages  at  once.   I've
tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
config scripts were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
file.

I set Severity into grave for  this  bug.   The  table  of  discovered
problems is below.

+--+-+--
|package   |  script | file for attack
+--+-+--
| mplayer-1.0~rc2  |  config | /tmp/HACK (pipe)
|  | |
| nws-2.13 |  postinst   | /tmp/nws.debug (cp)
|  | |
| ppp-2.4.4rel |  postinst   | /tmp/probe-finished (rm -f, pipe)
|  |  postinst   | /tmp/ppp-errors (rm -f, pipe)
|   ppp-udeb   |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
|  | |
| twiki-4.1.2  |  postinst   | /tmp/twiki  (chmod 1777, chown)
+--+-+--



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494191: Allowing a FTBFS-free qhull package into testing

2008-08-11 Thread Marc 'HE' Brockschmidt

Rafael Laboissiere [EMAIL PROTECTED] writes:
 Please, consider allowing this version into testing-proposed-updates.

Please upload, but:

| +  * debian/rules: Use sed instead of eperl to generate the man pages.
| +Eperl is buggy on hppa (see Bug#49419) and the package FTBFS there.

Bug number looks like a typo.

Marc
-- 
Fachbegriffe der Informatik - Einfach erklärt
147: Fortran
   Makrosprache für ein I/O-Verhinderungssystem (Arno Eigenwillig)


pgpDdEg2R44zR.pgp
Description: PGP signature

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

2008-08-11 Thread Dmitry E. Oboukhov

Package: twiki
Severity: grave
Tags: security

This message about the error concerns a few packages  at  once.   I've
tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
config scripts were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
file.

I set Severity into grave for  this  bug.   The  table  of  discovered
problems is below.

+--+-+--
|package   |  script | file for attack
+--+-+--
| mplayer-1.0~rc2  |  config | /tmp/HACK (pipe)
|  | |
| nws-2.13 |  postinst   | /tmp/nws.debug (cp)
|  | |
| ppp-2.4.4rel |  postinst   | /tmp/probe-finished (rm -f, pipe)
|  |  postinst   | /tmp/ppp-errors (rm -f, pipe)
|   ppp-udeb   |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
|  | |
| twiki-4.1.2  |  postinst   | /tmp/twiki  (chmod 1777, chown)
+--+-+--



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494649: The possibility of attack with the help of symlinks in some Debian packages

2008-08-11 Thread Dmitry E. Oboukhov

Package: ppp
Severity: grave
Tags: security

This message about the error concerns a few packages  at  once.   I've
tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
config scripts were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
file.

I set Severity into grave for  this  bug.   The  table  of  discovered
problems is below.

+--+-+--
|package   |  script | file for attack
+--+-+--
| mplayer-1.0~rc2  |  config | /tmp/HACK (pipe)
|  | |
| nws-2.13 |  postinst   | /tmp/nws.debug (cp)
|  | |
| ppp-2.4.4rel |  postinst   | /tmp/probe-finished (rm -f, pipe)
|  |  postinst   | /tmp/ppp-errors (rm -f, pipe)
|   ppp-udeb   |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
|  | |
| twiki-4.1.2  |  postinst   | /tmp/twiki  (chmod 1777, chown)
+--+-+--



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494647: The possibility of attack with the help of symlinks in some Debian packages

2008-08-11 Thread Dmitry E. Oboukhov

Package: mplayer
Severity: grave
Tags: security

This message about the error concerns a few packages  at  once.   I've
tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
config scripts were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
file.

I set Severity into grave for  this  bug.   The  table  of  discovered
problems is below.

+--+-+--
|package   |  script | file for attack
+--+-+--
| mplayer-1.0~rc2  |  config | /tmp/HACK (pipe)
|  | |
| nws-2.13 |  postinst   | /tmp/nws.debug (cp)
|  | |
| ppp-2.4.4rel |  postinst   | /tmp/probe-finished (rm -f, pipe)
|  |  postinst   | /tmp/ppp-errors (rm -f, pipe)
|   ppp-udeb   |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
|  | |
| twiki-4.1.2  |  postinst   | /tmp/twiki  (chmod 1777, chown)
+--+-+--



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494544: marked as done (debroster: arch-indep data in /usr/lib)

2008-08-11 Thread Debian Bug Tracking System


Your message dated Mon, 11 Aug 2008 07:02:02 +
with message-id [EMAIL PROTECTED]
and subject line Bug#494544: fixed in debroster 1.16
has caused the Debian Bug report #494544,
regarding debroster: arch-indep data in /usr/lib
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
494544: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494544
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
---BeginMessage---
Package: debroster
Severity: serious
Justification: FHS

Hi,

debroster places a jpg and a shell script into /usr/lib instead of
/usr/share. please move /usr/lib/debroster completely to
/usr/share/debroster.

Thanks,
Daniel

-- 
Address:Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist
Email:  [EMAIL PROTECTED]
Internet:   http://people.panthera-systems.net/~daniel-baumann/


---End Message---
---BeginMessage---
Source: debroster
Source-Version: 1.16

We believe that the bug you reported is fixed in the latest version of
debroster, which is due to be installed in the Debian FTP archive:

debroster_1.16.dsc
  to pool/main/d/debroster/debroster_1.16.dsc
debroster_1.16.tar.gz
  to pool/main/d/debroster/debroster_1.16.tar.gz
debroster_1.16_all.deb
  to pool/main/d/debroster/debroster_1.16_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthew Vernon [EMAIL PROTECTED] (supplier of updated debroster package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Mon, 11 Aug 2008 07:46:27 +0100
Source: debroster
Binary: debroster
Architecture: source all
Version: 1.16
Distribution: unstable
Urgency: low
Maintainer: Matthew Vernon [EMAIL PROTECTED]
Changed-By: Matthew Vernon [EMAIL PROTECTED]
Description: 
 debroster  - A package for use at expos.
Closes: 494544
Changes: 
 debroster (1.16) unstable; urgency=low
 .
   * Move arch-independent data from /usr/lib to /usr/share (closes: #494544)
   * (Thanks to Chris Lamb for a very speedy patch!)
Files: 
 2d1285023ff2a60238845f933931a948 606 misc extra debroster_1.16.dsc
 a3d1aca6c2ead5fc8aee7cc22e62a85e 144021 misc extra debroster_1.16.tar.gz
 0f1ed61c2002fc6ccfc6aed0b2d7f800 145586 misc extra debroster_1.16_all.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iQCVAwUBSJ/gkbDSad4X89TRAQLFMwP/ZPpsvjkstEp/qq7E0ypuFHRRxuzFE41y
2faTcgaT4JR7vyA+S2Qv2DALajTJqqsMyyUSvKHTLcGu9lTiy/dj2IpJEBrPELNM
5xDqUILRF52vR1DMR664p92HAQlxLl4dcA7Ed8q3Q9VBVrp247TsBgYk3HRVA66/
UIjyD5lLfFM=
=xVUM
-END PGP SIGNATURE-


---End Message---

Processed: fix my address

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 submitter 494648 !
Bug#494648: The possibility of attack with the help of symlinks in some Debian 
packages
Changed Bug submitter from Dmitry E. Oboukhov [EMAIL PROTECTED] to Dmitry 
E. Oboukhov [EMAIL PROTECTED].

 submitter 494650 !
Bug#494650: The possibility of attack with the help of symlinks in some Debian 
packages
Changed Bug submitter from Dmitry E. Oboukhov [EMAIL PROTECTED] to Dmitry 
E. Oboukhov [EMAIL PROTECTED].

 submitter 494649 !
Bug#494649: The possibility of attack with the help of symlinks in some Debian 
packages
Changed Bug submitter from Dmitry E. Oboukhov [EMAIL PROTECTED] to Dmitry 
E. Oboukhov [EMAIL PROTECTED].

 submitter 494647 !
Bug#494647: The possibility of attack with the help of symlinks in some Debian 
packages
Changed Bug submitter from Dmitry E. Oboukhov [EMAIL PROTECTED] to Dmitry 
E. Oboukhov [EMAIL PROTECTED].

 thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

2008-08-11 Thread Sven Dowideit

ah, good find.

Ardo and Christian,

If I make an update to the 4.1.2 package, fixing this, and a couple of
other issues that I've been told about in the next 48 days, would one of
you be willing to upload it for me so it gets into Lenny?

Sven


Dmitry E. Oboukhov wrote:
 Package: twiki
 Severity: grave
 Tags: security
 
 This message about the error concerns a few packages  at  once.   I've
 tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
 config scripts were tested.
 
 In some packages I've discovered scripts with errors which may be used
 by a user for damaging important system files.
 
 For example if a script uses in its work a temp file which is  created
 in /tmp directory, then every user can create symlink  with  the  same
 name in this directory in order to  destroy  or  rewrite  somesystem
 file.
 
 I set Severity into grave for  this  bug.   The  tableof  discovered
 problems is below.
 
 +--+-+--
 |package   |  script | file for attack
 +--+-+--
 | mplayer-1.0~rc2  |  config | /tmp/HACK (pipe)
 |  | |
 | nws-2.13 |  postinst   | /tmp/nws.debug (cp)
 |  | |
 | ppp-2.4.4rel |  postinst   | /tmp/probe-finished (rm -f, pipe)
 |  |  postinst   | /tmp/ppp-errors (rm -f, pipe)
 |   ppp-udeb   |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
 |  | |
 | twiki-4.1.2  |  postinst   | /tmp/twiki  (chmod 1777, chown)
 +--+-+--



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494656: bitlbee: Runs as root

2008-08-11 Thread Wilmer van der Gaast

Package: bitlbee
Version: 1.2.1-1
Severity: grave
Tags: security
Justification: user security hole

Since the fix to Mickey Mouse bug report 474589, BitlBee is runing as root
for most people, since the User = line is commented out by default.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.16.60-xen (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages bitlbee depends on:
ii  adduser   3.108  add and remove users and groups
ii  debconf [debconf-2.0] 1.5.22 Debian configuration management sy
ii  debianutils   2.30   Miscellaneous utilities specific t
ii  libc6 2.7-10 GNU C Library: Shared libraries
ii  libevent1 1.3e-3 An asynchronous event notification
ii  libglib2.0-0  2.16.4-2   The GLib library of C routines
ii  libgnutls26   2.4.1-1the GNU TLS library - runtime libr
ii  net-tools 1.60-19The NET-3 networking toolkit

bitlbee recommends no packages.

bitlbee suggests no packages.

-- debconf-show failed



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#486070: speedy-cgi-perl_2.22-10 build missing on hppa

2008-08-11 Thread Niko Tyni

Hi release team,

as the hppa buildd admins haven't reacted to my requests, could you please
requeue (or whatever it should be called) speedy-cgi-perl_2.22-10 on hppa?

As seen in #486070, the 2.22-9 hppa build failure should be fixed in -10,
but the package seems to be in some sort of quarantine and the buildd
has never tried to build it.

This is preventing the RC bugfix from entering testing.

Thanks,
-- 
Niko Tyni   [EMAIL PROTECTED]



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494649: marked as done (The possibility of attack with the help of symlinks in some Debian packages)

2008-08-11 Thread Debian Bug Tracking System


Your message dated Mon, 11 Aug 2008 11:08:12 +0200
with message-id [EMAIL PROTECTED]
and subject line Re: Bug#494649: The possibility of attack with the help of 
symlinks in some Debian packages
has caused the Debian Bug report #494649,
regarding The possibility of attack with the help of symlinks in some Debian 
packages
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
494649: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494649
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
---BeginMessage---
Package: ppp
Severity: grave
Tags: security

This message about the error concerns a few packages  at  once.   I've
tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
config scripts were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
file.

I set Severity into grave for  this  bug.   The  table  of  discovered
problems is below.

+--+-+--
|package   |  script | file for attack
+--+-+--
| mplayer-1.0~rc2  |  config | /tmp/HACK (pipe)
|  | |
| nws-2.13 |  postinst   | /tmp/nws.debug (cp)
|  | |
| ppp-2.4.4rel |  postinst   | /tmp/probe-finished (rm -f, pipe)
|  |  postinst   | /tmp/ppp-errors (rm -f, pipe)
|   ppp-udeb   |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
|  | |
| twiki-4.1.2  |  postinst   | /tmp/twiki  (chmod 1777, chown)
+--+-+--


---End Message---
---BeginMessage---
On Aug 11, Dmitry E. Oboukhov [EMAIL PROTECTED] wrote:

 In some packages I've discovered scripts with errors which may be used
 by a user for damaging important system files.
This is not relevant for udebs since there are no users on d-i systems.

-- 
ciao,
Marco


signature.asc
Description: Digital signature
---End Message---

Bug#494650: marked as done (The possibility of attack with the help of symlinks in some Debian packages)

2008-08-11 Thread Debian Bug Tracking System


Your message dated Mon, 11 Aug 2008 11:41:04 +0400
with message-id [EMAIL PROTECTED]
and subject line done, mistake
has caused the Debian Bug report #494650,
regarding The possibility of attack with the help of symlinks in some Debian 
packages
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
494650: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494650
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
---BeginMessage---
Package: nws
Severity: grave
Tags: security

This message about the error concerns a few packages  at  once.   I've
tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
config scripts were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
file.

I set Severity into grave for  this  bug.   The  table  of  discovered
problems is below.

+--+-+--
|package   |  script | file for attack
+--+-+--
| mplayer-1.0~rc2  |  config | /tmp/HACK (pipe)
|  | |
| nws-2.13 |  postinst   | /tmp/nws.debug (cp)
|  | |
| ppp-2.4.4rel |  postinst   | /tmp/probe-finished (rm -f, pipe)
|  |  postinst   | /tmp/ppp-errors (rm -f, pipe)
|   ppp-udeb   |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
|  | |
| twiki-4.1.2  |  postinst   | /tmp/twiki  (chmod 1777, chown)
+--+-+--


---End Message---
---BeginMessage---
line commented:

#  [ -e $LOCALCONF ]  cp $LOCALCONF /tmp/nws.debug

sorry, my script was not detected it :)

--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature
---End Message---

Bug#493883: Bug still applies

2008-08-11 Thread Giovanni Mascellani

found 493883 2.80-2
thanks

Il giorno ven, 08/08/2008 alle 11.36 +, Debian Bug Tracking System
ha scritto:
 This is an automatic notification regarding your Bug report
 which was filed against the manpages-it package:
 
 #493883: [manpages-it] Uninstallable due to overwrite try of 
 /usr/share/man/it/man1/hman.1.gz
 
 It has been closed by Francesco Paolo Lovergine [EMAIL PROTECTED].
 
 Their explanation is attached below along with your original report.
 If this explanation is unsatisfactory and you have not received a
 better one in a separate message then please contact Francesco Paolo 
 Lovergine [EMAIL PROTECTED] by
 replying to this email.

Unfortunately this bug still applies, but with another file
(/usr/share/man/it/man1/man2html.1.gz). There shouldn't be other
conflicting files between these two packages.

# comm -1 -2 (dpkg -L man2html | sort) (dpkg --contents 
/var/cache/apt/archives/manpages-it_2.80-2_all.deb | cut -b 50-200 | sort)
/usr/share/man/it/man1/man2html.1.gz

# LANG=C apt-get install manpages-it
Reading package lists... Done
Building dependency tree   
Reading state information... Done
The following packages will be upgraded:
  manpages-it
1 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Need to get 0B/498kB of archives.
After this operation, 920kB disk space will be freed.
(Reading database ... 349041 files and directories currently installed.)
Preparing to replace manpages-it 0.3.4-5 (using .../manpages-it_2.80-2_all.deb) 
...
Unpacking replacement manpages-it ...
dpkg: error processing /var/cache/apt/archives/manpages-it_2.80-2_all.deb 
(--unpack):
 trying to overwrite `/usr/share/man/it/man1/man2html.1.gz', which is also in 
package man2html
dpkg-deb: subprocess paste killed by signal (Broken pipe)
Processing triggers for man-db ...
Errors were encountered while processing:
 /var/cache/apt/archives/manpages-it_2.80-2_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Thank you, Giovanni.
-- 
Giovanni Mascellani [EMAIL PROTECTED]
Pisa, Italy

Web: http://giomasce.altervista.org
SIP: [EMAIL PROTECTED]
Jabber: [EMAIL PROTECTED] / [EMAIL PROTECTED]
GPG: 0x5F1FBF70 (FP: 1EB6 3D43 E201 4DDF 67BD  003F FCB0 BB5C 5F1F BF70)


signature.asc
Description: Questa è una parte del messaggio	firmata digitalmente

Bug#480154: Bug in fixed in revision 24106

2008-08-11 Thread pkg-perl-maintainers

tag 480154 + pending
thanks

Some bugs are closed in revision 24106
by Damyan Ivanov (dmn)

Commit message:

* add explicit build-dependency on libcgi-pm-perl (= 3.33) as the version
  of CGI.pm shipped in perl-modules fails with a taint failure when handling
  uploads. Thanks to Niko Tyni for the investigation.
  Closes: #480154 -- FTBFS on mips (cgiupload tests fail)
  - bump urgency to medium



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: Bug still applies

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 found 493883 2.80-2
Bug#493883: [manpages-it] Uninstallable due to overwrite try of 
/usr/share/man/it/man1/hman.1.gz
Bug marked as found in version 2.80-2 and reopened.

 thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494415: aswiki: package is completely unusable

2008-08-11 Thread Michael Schutte

On Mon, Aug 11, 2008 at 09:38:47AM +0900, TANIGUCHI Takaki wrote:
  IndexPage
  /usr/lib/ruby/1.8/aswiki/backup.rb:40:in `ci'
  /usr/lib/ruby/1.8/aswiki/repository.rb:31:in `save'
  /usr/lib/ruby/1.8/aswiki/handler.rb:155:in `initialize'
  /home/schm/public_html/aswiki/aswiki.cgi:50:in `new'
  /home/schm/public_html/aswiki/aswiki.cgi:50
  
  on saving a page, which was when I gave up.
 
 This is not a bug. You should install rcs package or set '$USEBACKUP =
 false' in aswiki.conf.

Ah, I see.  Sorry for the false report—I only tried to check aswiki with
regard to the planned libdb-ruby transition [1] and did not take myself
enough time to look into this :-)

[1] http://lists.debian.org/debian-release/2008/08/msg00401.html

Cheers,
-- 
Michael Schutte [EMAIL PROTECTED]


signature.asc
Description: Digital signature

Processed: Bug in fixed in revision 24106

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 tag 480154 + pending
Bug#480154: non-determistic FTBFS: cgiupload tests fail
Tags were: pending patch
Tags added: pending

 thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#480154: Bug in libapache2-mod-perl2 fixed in revision 24101

2008-08-11 Thread pkg-perl-maintainers

tag 480154 + pending
thanks

Some bugs are closed in revision 24101
by Damyan Ivanov (dmn)

Commit message:

* add explicit build-dependency on libcgi-pm-perl (= 3.33) as the version
  of CGI.pm shipped in perl-modules fails with a taint failure when handling
  uploads. Thanks to Niko Tyni for the investigation.
  Closes: #480154 -- FTBFS on mips (cgiupload tests fail)
  - bump urgency to medium



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: Bug in libapache2-mod-perl2 fixed in revision 24101

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 tag 480154 + pending
Bug#480154: non-determistic FTBFS: cgiupload tests fail
Tags were: patch
Tags added: pending

 thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#493848: marked as done

2008-08-11 Thread Yusuf Iskenderoglu

Hello Jonas,

The newest version is working as expected. Thank you.

Yusuf.

On Sun, 2008-08-10 at 14:41 +0200, Jonas Meurer wrote:
 On 09/08/2008 Debian Bug Tracking System wrote:
  Date: Sat, 09 Aug 2008 12:47:03 +
  From: Jonas Meurer [EMAIL PROTECTED]
  Subject: Bug#493848: fixed in cryptsetup 2:1.0.6-6
  To: [EMAIL PROTECTED]
  
  Source: cryptsetup
  Source-Version: 2:1.0.6-6
  
  We believe that the bug you reported is fixed in the latest version of
  cryptsetup, which is due to be installed in the Debian FTP archive:
  
  [...]
 
  Changes: 
   cryptsetup (2:1.0.6-6) unstable; urgency=high
   .
 * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles
   --key-file=- different for luks and plain dm-crypt mappings. This time
   really (closes: #493848). Thus again upload with urgency=high.
 
 Marco, Yussuf, Sebastian,
 
 could you give cryptsetup 2:1.0.6-6 a try an report whether it really
 fixes the bug for you?
 You can find the package at http://packages.debian.org/sid/cryptsetup
 
 Thanks in advance.
 
 greetings,
  jonas


signature.asc
Description: This is a digitally signed message part

Bug#464320: The heart of Charity

2008-08-11 Thread Mrs . Felicia Morgan

Happy new day to you and the family. I am going in for a cancerous operation 
now. I am scared. I just willed you 5.5 million for charity work. Your name was 
chosen from a thousand email balloting. Contact my lawyer for more details. Mr. 
Francis([EMAIL PROTECTED]). pls pray for me.Felicia

Happy new day to you and the family. I am going in for a cancerous operation 
now. I am scared. I just willed you 5.5 million for charity work. Your name was 
chosen from a thousand email balloting. Contact my lawyer for more details. Mr. 
Francis([EMAIL PROTECTED]). pls pray for me.Felicia




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 489491

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 tags 489491 + pending
Bug#489491: vdr-plugin-bitstreamout FTBFS: No libasound in linkage path
Tags were: sid
Tags added: pending


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494658: libbotan1.7-dev: botan/build.h is included, but not installed

2008-08-11 Thread Alexandra N. Kossovsky

Package: libbotan1.7-dev
Version: 1.7.8-1
Severity: grave
Justification: renders package unusable

 bash$ g++ -o drm -lbotan -I. drm.cc 21
In file included from /usr/include/botan/exceptn.h:9,
 from /usr/include/botan/base.h:9,
 from /usr/include/botan/botan.h:6,
 from drm.cc:1:
/usr/include/botan/types.h:9:25: error: botan/build.h: No such file or directory

In /usr/include/botan/types.h we see:
#include botan/build.h
but /usr/include/botan/build.h is not included in libbotan1.7-dev
package.
The same code is compiled successfully with botan 1.6.

Thank you for your work.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (900, 'testing'), (50, 'experimental'), (50, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.25-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libbotan1.7-dev depends on:
ii  libbotan1.7   1.7.8-1multiplatform crypto library

libbotan1.7-dev recommends no packages.

libbotan1.7-dev suggests no packages.

-- no debconf information

-- 
Alexandra N. Kossovsky
OKTET Labs (http://www.oktetlabs.ru/)
Phones: +7(921)956-42-86(mobile) +7(812)783-21-91(office)
e-mail: [EMAIL PROTECTED]



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#480373: marked as done (Source package contains non-free IETF RFC/I-D)

2008-08-11 Thread Debian Bug Tracking System


Your message dated Mon, 11 Aug 2008 12:41:04 +0200
with message-id [EMAIL PROTECTED]
and subject line openldap2 removed from testing + new ia32-libs upload = 
problem solved
has caused the Debian Bug report #480373,
regarding Source package contains non-free IETF RFC/I-D
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
480373: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480373
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
---BeginMessage---
Severity: serious
Package: ia32-libs
Version: 2.4
User: [EMAIL PROTECTED]
Usertags: nonfree-doc rfc

Hi!

This source package contains the following files from the
IETF under non-free license terms:

  
ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-legg-ldapext-component-matching-xx.txt
  
ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-zeilenga-ldap-rfc2596-xx.txt
  
ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-leach-uuids-guids-xx.txt
  
ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-legg-ldap-admin-xx.txt
  
ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-zeilenga-ldap-user-schema-xx.txt
  
ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-lachman-laser-ldap-mail-routing-xx.txt
  
ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-ietf-ldapext-matchedval-xx.txt
  
ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-zeilenga-ldap-adlist-xx.txt
  
ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-ietf-ldapext-locate-xx.txt
  
ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-legg-ldap-gser-abnf-xx.txt
  
ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-legg-ldap-acm-admin-xx.txt
  
ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-legg-ldap-gser-xx.txt
  
ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-zeilenga-ldap-features-xx.txt
  
ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-zeilenga-ldap-authzid-xx.txt
  
ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-zeilenga-ldap-opattrs-xx.txt
  
ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-ietf-ldapext-ldap-c-api-xx.txt
  
ia32-libs-2.4/srcs/openldap2_2.1.30.dfsg.orig.tar.gz:openldap-2.1.30/doc/drafts/draft-zeilenga-ldap-t-f-xx.txt

The bug for the openldap2 package is #463964, but the openldap2 package
appear to have been removed from unstable so perhaps it is being removed
altogether.  If that is the case, maybe the simplest is to remove
openldap2 from ia32-libs as well.

The license on RFC/I-Ds is not DFSG-free, see:
 * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=199810
 * http://release.debian.org/removing-non-free-documentation
 * http://wiki.debian.org/NonFreeIETFDocuments

The lenny release policy says binary and source packages must each be free:
 * http://release.debian.org/lenny/rc_policy.txt

The severity is serious, because this violates the Debian policy:
 * http://www.debian.org/doc/debian-policy/ch-archive.html#s-dfsg

There are (at least) three ways to fix this problem.  In order of
preference:

1. Ask the author of the RFC to re-license the RFC under a free
   license.  A template for this e-mail request can be found at
   http://wiki.debian.org/NonFreeIETFDocuments

2. Remove the non-free material from the source, e.g., by re-packaging
   the upstream archive and adding 'dfsg' to the Debian package
   version name.

3. Move the package to non-free.

General discussions are kindly requested to take place on debian-legal
or debian-devel in the thread with Subject: Non-free IETF RFC/I-Ds in
source packages.

Thanks,
Simon


---End Message---
---BeginMessage---
Closing the bug.

Thanks,
/Simon

---End Message---

Bug#494647: marked as done (The possibility of attack with the help of symlinks in some Debian packages)

2008-08-11 Thread Debian Bug Tracking System


Your message dated Mon, 11 Aug 2008 11:27:01 +0400
with message-id [EMAIL PROTECTED]
and subject line mistake, sorry
has caused the Debian Bug report #494647,
regarding The possibility of attack with the help of symlinks in some Debian 
packages
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
494647: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494647
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
---BeginMessage---
Package: mplayer
Severity: grave
Tags: security

This message about the error concerns a few packages  at  once.   I've
tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
config scripts were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
file.

I set Severity into grave for  this  bug.   The  table  of  discovered
problems is below.

+--+-+--
|package   |  script | file for attack
+--+-+--
| mplayer-1.0~rc2  |  config | /tmp/HACK (pipe)
|  | |
| nws-2.13 |  postinst   | /tmp/nws.debug (cp)
|  | |
| ppp-2.4.4rel |  postinst   | /tmp/probe-finished (rm -f, pipe)
|  |  postinst   | /tmp/ppp-errors (rm -f, pipe)
|   ppp-udeb   |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
|  | |
| twiki-4.1.2  |  postinst   | /tmp/twiki  (chmod 1777, chown)
+--+-+--


---End Message---
---BeginMessage---
commented line (script was not detect it, sorry):

#echo $DEF  /tmp/HACK


--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature
---End Message---

Bug#494663: Source package contains non-free IETF RFC/I-D

2008-08-11 Thread Simon Josefsson

Severity: serious
Package: wmi
Version: 1:0.1.13-1
User: [EMAIL PROTECTED]
Usertags: nonfree-doc rfc

Hi!

This source package contains the following files from the IETF under
non-free license terms:

+  wmi-0.1.13/Samba/source/ldap_server/devdocs/draft-armijo-ldap-syntax-00.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4533.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4530.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4531.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4518.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4519.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc2696.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4524.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc2307.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4516.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc2849.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc3296.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4532.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4514.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4525.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4526.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4510.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4527.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4513.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4529.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4522.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc2891.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4523.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4517.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4515.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4528.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4520.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4512.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4511.txt
+  wmi-0.1.13/Samba/source/ldap_server/devdocs/rfc4521.txt

The license on RFC/I-Ds is not DFSG-free, see:
 * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=199810
 * http://release.debian.org/removing-non-free-documentation
 * http://wiki.debian.org/NonFreeIETFDocuments

The lenny release policy says binary and source packages must each be free:
 * http://release.debian.org/lenny/rc_policy.txt

The severity is serious, because this violates the Debian policy:
 * http://www.debian.org/doc/debian-policy/ch-archive.html#s-dfsg

There are (at least) three ways to fix this problem.  In order of
preference:

1. Ask the author of the RFC to re-license the RFC under a free
   license.  A template for this e-mail request can be found at
   http://wiki.debian.org/NonFreeIETFDocuments

2. Remove the non-free material from the source, e.g., by re-packaging
   the upstream archive and adding 'dfsg' to the Debian package
   version name.

3. Move the package to non-free.

General discussions are kindly requested to take place on debian-legal
or debian-devel in the thread with Subject: Non-free IETF RFC/I-Ds in
source packages.

Thanks,
Simon



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: reopening 489491

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 reopen 489491
Bug#489491: vdr-plugin-bitstreamout FTBFS: No libasound in linkage path
'reopen' may be inappropriate when a bug has been closed with a version;
you may need to use 'found' to remove fixed versions.
Bug reopened, originator not changed.


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#480154: marked as done (non-determistic FTBFS: cgiupload tests fail)

2008-08-11 Thread Debian Bug Tracking System


Your message dated Mon, 11 Aug 2008 09:47:05 +
with message-id [EMAIL PROTECTED]
and subject line Bug#480154: fixed in libapache2-mod-perl2 2.0.4-2
has caused the Debian Bug report #480154,
regarding non-determistic FTBFS: cgiupload tests fail
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
480154: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480154
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
---BeginMessage---
Package: libapache2-mod-perl2
Version: 2.0.4-1
Severity: serious

2.0.4-1 fails to build on mips[1].

[1] 
http://buildd.debian.org/fetch.cgi?pkg=libapache2-mod-perl2ver=2.0.4-1arch=mipsstamp=1209964732file=log

t/modules/cgipost2..ok
t/modules/cgiupload.# Failed test 2 in
t/modules/cgiupload.t at line 36 fail #2
FAILED test 2
Failed 1/2 tests, 50.00% okay
t/modules/cgiupload2# Failed test 2 in
t/modules/cgiupload2.t at line 36 fail #2
FAILED test 2
Failed 1/2 tests, 50.00% okay

and if this is not enough,

[warning] server ball.einval.com:8529 shutdown
[  error] error running tests (please examine t/logs/error_log)
[  error] oh dangnabit, server dumped core 
[  error] for stacktrace, run: gdb /usr/sbin/apache2 -core 
/build/buildd/libapache2-mod-perl2-2.0.4/t/core.31268

:(

2.0.3-5 built[2] just fine on the same buildd.

[2] 
http://buildd.debian.org/fetch.cgi?pkg=libapache2-mod-perl2ver=2.0.3-5arch=mipsstamp=1206513601file=log


---End Message---
---BeginMessage---
Source: libapache2-mod-perl2
Source-Version: 2.0.4-2

We believe that the bug you reported is fixed in the latest version of
libapache2-mod-perl2, which is due to be installed in the Debian FTP archive:

libapache2-mod-perl2-dev_2.0.4-2_all.deb
  to 
pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-dev_2.0.4-2_all.deb
libapache2-mod-perl2-doc_2.0.4-2_all.deb
  to 
pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-doc_2.0.4-2_all.deb
libapache2-mod-perl2_2.0.4-2.diff.gz
  to pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.4-2.diff.gz
libapache2-mod-perl2_2.0.4-2.dsc
  to pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.4-2.dsc
libapache2-mod-perl2_2.0.4-2_amd64.deb
  to pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.4-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Damyan Ivanov [EMAIL PROTECTED] (supplier of updated libapache2-mod-perl2 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 11 Aug 2008 12:27:28 +0300
Source: libapache2-mod-perl2
Binary: libapache2-mod-perl2 libapache2-mod-perl2-dev libapache2-mod-perl2-doc
Architecture: source all amd64
Version: 2.0.4-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group [EMAIL PROTECTED]
Changed-By: Damyan Ivanov [EMAIL PROTECTED]
Description: 
 libapache2-mod-perl2 - Integration of perl with the Apache2 web server
 libapache2-mod-perl2-dev - Integration of perl with the Apache2 web server - 
development fil
 libapache2-mod-perl2-doc - Integration of perl with the Apache2 web server - 
documentation
Closes: 480154
Changes: 
 libapache2-mod-perl2 (2.0.4-2) unstable; urgency=medium
 .
   * add explicit build-dependency on libcgi-pm-perl (= 3.33) as the version
 of CGI.pm shipped in perl-modules fails with a taint failure when handling
 uploads. Thanks to Niko Tyni for the investigation.
 Closes: #480154 -- FTBFS on mips (cgiupload tests fail)
 - bump urgency to medium
Checksums-Sha1: 
 44c5fa580707aa79dab07ad9e8dff24b7687edea 1811 libapache2-mod-perl2_2.0.4-2.dsc
 ed2a123cb302d30a4c4fa29a8ab0fc31991e5b72 13585 
libapache2-mod-perl2_2.0.4-2.diff.gz
 396a96fe6e9820c005dfa38d662e5fac02b6eafc 82638 
libapache2-mod-perl2-dev_2.0.4-2_all.deb
 3f2b0f67b038a8a0dd4c19293f4efbbe33af9a55 3133328 
libapache2-mod-perl2-doc_2.0.4-2_all.deb
 583b5a4506004592f6cc5fa675aa9141a2e180bf 1154978 
libapache2-mod-perl2_2.0.4-2_amd64.deb
Checksums-Sha256: 
 a2d38202565a7b3ab36859c4ddc7916a9792525cee044d00aff1ba2739b7af2a 1811 
libapache2-mod-perl2_2.0.4-2.dsc

Bug#494656: tagging 494656

2008-08-11 Thread Nico Golde

# Automatically generated email from bts, devscripts version 2.10.35
# not a security problem by itself
tags 494656 - security




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 494656

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 # not a security problem by itself
 tags 494656 - security
Bug#494656: bitlbee: Runs as root
Tags were: security
Tags removed: security


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494677: libapache2-mod-perl2: FTBFS: dpkg-checkbuilddeps: Unmet build dependencies: libcgi-pm-perl (= 3.33)

2008-08-11 Thread Niko Tyni

Package: libapache2-mod-perl2
Version: 2.0.4-2
Severity: serious

As explained in 

 http://lists.debian.org/debian-release/2008/08/msg00557.html

2.0.4-2 is failing on all autobuilders because of an sbuild bug.
We'll have to remove the libcgi-pm-perl build-dependency and come up
with something else for now.

I think the next best thing is to remove the TMPDIR setting in
t/conf/extra.conf.in . This means the temporary files won't stay in the
build directory, but that's what /tmp is for.

Patch attached, the test suite still seems to pass here with this.
-- 
Niko Tyni   [EMAIL PROTECTED]
diff --git a/t/conf/extra.conf.in b/t/conf/extra.conf.in
index de4796a..8e85214 100644
--- a/t/conf/extra.conf.in
+++ b/t/conf/extra.conf.in
@@ -71,9 +71,9 @@ PerlModule TestExit::FromPerlModule
 IfModule mod_cgid.c
 ScriptSock logs/cgisock
 /IfModule
-IfModule mod_env.c
-SetEnv TMPDIR @t_logs@
-/IfModule
+#IfModule mod_env.c
+#SetEnv TMPDIR @t_logs@
+#/IfModule
 # /sandbox-friendly
 
 Location /status/perl

Bug#494265: Possible patch

2008-08-11 Thread Jurij Smakov

Hi,

The line invoking ucf in the postinst looks like that:

test -f /usr/bin/ucf  ucf ${CONFFILE_NEW} ${CONFFILE} /dev/tty

Now, I don't know why you would want to get it read from /dev/tty, as 
far as I can tell, ucf does not read anything from stdin, so this is 
pretty redundant. However, once I removed this redirect, it was still 
hanging. Eventually I traced the problem to the fact that ucf uses 
debconf, I can't fully understand what's happening there, but it 
turned out that moving db_stop, placing it *after* ucf invocation 
fixes the problem. I guess that once we stop debconf in the script 
(with db_stop) and then ucf tries to start it up again, something goes 
wrong with file descriptors. The candidate patch which fixes the issue 
is attached, however I'm reluctant to declare it a proper fix without 
understanding what's really going on, hence I'm not tagging it.

Cheers.
-- 
Jurij Smakov   [EMAIL PROTECTED]
Key: http://www.wooyd.org/pgpkey/  KeyID: C99E03CC
--- dibbler-0.7.1.orig/debian/dibbler-client.postinst	2008-08-11 02:35:02.0 +0100
+++ dibbler-0.7.1/debian/dibbler-client.postinst	2008-08-11 02:38:18.0 +0100
@@ -94,10 +94,10 @@
 echo   ${CONFFILE_NEW}
 done
 
-db_stop
-
 # register this config
-test -f /usr/bin/ucf  ucf ${CONFFILE_NEW} ${CONFFILE} /dev/tty
+test -x /usr/bin/ucf  ucf ${CONFFILE_NEW} ${CONFFILE}
+
+db_stop
 
 # Start service if necessary
 if [ $START == true ]; then

Bug#494214: marked as done (josm-plugins: FTBFS: The return type is incompatible with Command.executeCommand())

2008-08-11 Thread Debian Bug Tracking System


Your message dated Mon, 11 Aug 2008 12:32:04 +
with message-id [EMAIL PROTECTED]
and subject line Bug#494214: fixed in josm-plugins 0.0.0.20080413-2
has caused the Debian Bug report #494214,
regarding josm-plugins: FTBFS: The return type is incompatible with 
Command.executeCommand()
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
494214: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494214
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
---BeginMessage---
Package: josm-plugins
Version: 0.0.0.20080413-1
Severity: serious
User: [EMAIL PROTECTED]
Usertags: qa-ftbfs-20080807 qa-ftbfs
Justification: FTBFS on i386

Hi,

During a rebuild of all packages in sid, your package failed to build on
i386.

Relevant part:
 make[1]: Entering directory 
 `/build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1'
 make[1]: Nothing to be done for `update-config'.
 make[1]: Leaving directory 
 `/build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1'
 touch debian/stamp-patched
 cd .  /usr/lib/jvm/java-gcj//bin/java -classpath 
 /usr/share/ant/lib/ant.jar:/usr/share/ant/lib/ant-launcher.jar:/usr/share/josm/josm.jar:/usr/lib/jvm/java-gcj//lib/tools.jar
   -Dant.home=/usr/share/ant org.apache.tools.ant.Main -Dcompile.debug=true 
 -Dcompile.optimize=true   -buildfile 
 /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/debian/master.xml
  -propertyfile 
 /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/debian/ant.properties
  build
 Buildfile: 
 /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/debian/master.xml
 
 init:
 [mkdir] Created dir: 
 /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/dist
 [mkdir] Created dir: 
 /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/tmp/josm/lib
 
 build:
 
 clean:
 
 init:
 [mkdir] Created dir: 
 /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/validator/build
 
 compile:
  [echo] creating ../dist/validator.jar
 [javac] Compiling 29 source files to 
 /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/validator/build
 [javac] --
 [javac] 1. WARNING in 
 /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/validator/src/org/openstreetmap/josm/plugins/validator/OSMValidatorPlugin.java
 [javac]  (at line 22)
 [javac]   import org.openstreetmap.josm.plugins.validator.util.Util;
 [javac]  ^^
 [javac] The import org.openstreetmap.josm.plugins.validator.util.Util is 
 never used
 [javac] --
 [javac] 2. WARNING in 
 /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/validator/src/org/openstreetmap/josm/plugins/validator/OSMValidatorPlugin.java
 [javac]  (at line 45)
 [javac]   public static Class[] allAvailableTests = new Class[]
 [javac] ^
 [javac] Class is a raw type. References to generic type ClassT should 
 be parameterized
 [javac] --
 [javac] 3. WARNING in 
 /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/validator/src/org/openstreetmap/josm/plugins/validator/OSMValidatorPlugin.java
 [javac]  (at line 167)
 [javac]   public static Class[] getAllAvailableTests()
 [javac] ^
 [javac] Class is a raw type. References to generic type ClassT should 
 be parameterized
 [javac] --
 [javac] --
 [javac] 4. WARNING in 
 /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/validator/src/org/openstreetmap/josm/plugins/validator/Test.java
  (at line 3)
 [javac]   import java.awt.event.ActionEvent;
 [javac]  ^^
 [javac] The import java.awt.event.ActionEvent is never used
 [javac] --
 [javac] 5. WARNING in 
 /build/user-josm-plugins_0.0.0.20080413-1-amd64-FowLjC/josm-plugins-0.0.0.20080413-1/validator/src/org/openstreetmap/josm/plugins/validator/Test.java
 [javac]  (at line 4)
 [javac]   import java.awt.event.ActionListener;
 [javac]  ^
 [javac] The import java.awt.event.ActionListener is never used
 [javac] --
 [javac] --
 [javac] 6. WARNING in

Bug#494682: citadel-common: Fails badly at handling group creation.

2008-08-11 Thread Cyril Brulebois

Package: citadel-common
Version: 7.37-1
Severity: serious
Justification: Policy 9.2.2 UID and GID classes

1. Debian has addgroup, why using groupadd? Note, you're using adduser
   already, so using addgroup might seem natural.

2. The created group isn't a system one… That pollutes the range of
   available GIDs.

Please fix,

--
Cyril Brulebois



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494340: fslview: FTBFS in lenny: CMake errors

2008-08-11 Thread Michael Hanke


On Mon, Aug 11, 2008 at 02:29:21PM +0900, Charles Plessy wrote:
 Le Fri, Aug 08, 2008 at 11:41:56AM -0300, Lucas Nussbaum a écrit :
  
  During a rebuild of all packages in a lenny chroot, your package failed
   
   CMake Error: Error required internal CMake variable not set, cmake may be 
   not be built correctly.
   Missing variable is:
   QT_MOC_EXECUTABLE
   CMake Error: Error required internal CMake variable not set, cmake may be 
   not be built correctly.
   Missing variable is:
   QT_UIC_EXECUTABLE
   CMake Error: Error required internal CMake variable not set, cmake may be 
   not be built correctly.
   Missing variable is:
   QT_MOC_EXECUTABLE
 
 Bonjour Lucas,
 
 Today I built fslview fine with a Lenny cowbuilder on a powerpc
 platform. What should we do with this bug ?
I will fix it over the next few days. (Just came back from vacation).


Cheers,

Michael


-- 
GPG key:  1024D/3144BE0F Michael Hanke
http://apsy.gse.uni-magdeburg.de/hanke
ICQ: 48230050



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: reopen 417259

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 reopen 417259
Bug#417259: depends on non-essential package wwwconfig-common in postrm
'reopen' may be inappropriate when a bug has been closed with a version;
you may need to use 'found' to remove fixed versions.
Bug reopened, originator not changed.

 quit
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494065: [Pkg-mailman-hackers] Bug#494065: Bug#494065: mailman: Incorrect properties of symbolic links makes it crash hard on startup

2008-08-11 Thread Thijs Kinkhorst

Hi Magnus,

On Thursday 7 August 2008 15:18, Thijs Kinkhorst wrote:
 Thank you for your report. However, here I don't experience the problem you
 are sketching: doing a fresh install I can start mailman and it keeps
 running. The logs are there and it doesn't die.

I did a completely fresh install of Mailman on a completely fresh system and 
it works as expected. I created mailinglists, sent and received mails without 
problems.

I'm not denouncing your problem but I do not believe it is impacting common 
usage, so I don't think it's appropriate to keep it at 'grave' severity. 
Because I can't reproduce the problem here I have a hard time debugging it. 
It would be of great help if you could try to debug it on your side to see if 
we can get any indication on what's so specific about your situation creating 
the problem.


cheers,
Thijs


pgpIjt8Ppkbbw.pgp
Description: PGP signature

Processed: severity of 494065 is important

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.29~bpo40+1
 severity 494065 important
Bug#494065: mailman: Incorrect properties of symbolic links makes it crash hard 
on startup
Severity set to `important' from `grave'


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#417259: marked as done (depends on non-essential package wwwconfig-common in postrm)

2008-08-11 Thread Debian Bug Tracking System


Your message dated Mon, 11 Aug 2008 14:02:03 +
with message-id [EMAIL PROTECTED]
and subject line Bug#417259: fixed in zoph 0.7.1-2
has caused the Debian Bug report #417259,
regarding depends on non-essential package wwwconfig-common in postrm
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
417259: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417259
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
---BeginMessage---
Package: zoph
Version: 0.6-2
Severity: serious
Tags: etch-ignore
Usertags: postrm-depends-nonessential
Justification: Policy violation, see section 7.2

hi,

while running archive wide piuparts tests your package failed on purge
because of wwwconfig-common beeing unavailable during postrm:

   Removing zoph ...
  Purging configuration files for zoph ...
  /var/lib/dpkg/info/zoph.postrm: line 36: 
/usr/share/wwwconfig-common/apache-uninclude_all.sh: No such file or directory
  dpkg: error processing zoph (--purge):
   subprocess post-removal script returned error exit status 1
  Errors were encountered while processing:
   zoph

the full log can be found here:

 http://people.debian.org/~abi/piuparts/

please be sure to use a conditional call to wwwconfig-common and its commands.

bye,
- michael

---End Message---
---BeginMessage---
Source: zoph
Source-Version: 0.7.1-2

We believe that the bug you reported is fixed in the latest version of
zoph, which is due to be installed in the Debian FTP archive:

zoph_0.7.1-2.diff.gz
  to pool/main/z/zoph/zoph_0.7.1-2.diff.gz
zoph_0.7.1-2.dsc
  to pool/main/z/zoph/zoph_0.7.1-2.dsc
zoph_0.7.1-2_all.deb
  to pool/main/z/zoph/zoph_0.7.1-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Edelhard Becker [EMAIL PROTECTED] (supplier of updated zoph package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 11 Aug 2008 13:27:26 +0200
Source: zoph
Binary: zoph
Architecture: source all
Version: 0.7.1-2
Distribution: unstable
Urgency: low
Maintainer: Edelhard Becker [EMAIL PROTECTED]
Changed-By: Edelhard Becker [EMAIL PROTECTED]
Description: 
 zoph   - Web based digital image presentation and management system
Closes: 417259
Changes: 
 zoph (0.7.1-2) unstable; urgency=low
 .
   * really fix 417259 now (check for existence of wwwconfig-commen in remove
 *and* purge part of postrm; Closes: #417259)
Checksums-Sha1: 
 60544690ff6111e49415b62e4acde5bafa59a3b0 954 zoph_0.7.1-2.dsc
 2405c2b869c5422f079f3bb59faaa063b2f049a1 28361 zoph_0.7.1-2.diff.gz
 54146f1053edb0bca0f2a9daeb63e628d6d9ad61 415804 zoph_0.7.1-2_all.deb
Checksums-Sha256: 
 32af4648b170a29378f75e4f963760b2fd1526684041789b54923fdb1a377469 954 
zoph_0.7.1-2.dsc
 d461f42ec5bd9c26855904aa0e0f325baf60afa0f3baa00bde7947675dcf583b 28361 
zoph_0.7.1-2.diff.gz
 d9abfeb93b7229ffbeb5ef92e2b33b63e7e5f6ace38033b2afc7b708e57a1803 415804 
zoph_0.7.1-2_all.deb
Files: 
 368886dcc590ca13012a6f1835130283 954 web optional zoph_0.7.1-2.dsc
 d5b7f78a66410d04d6195d9d5200622f 28361 web optional zoph_0.7.1-2.diff.gz
 3ad97c895bd6200660173edac935632e 415804 web optional zoph_0.7.1-2_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIoDdilByGkm8iLx8RAhVUAJ4v8wFWFkbBbVZjGX9ZyQQtBxa5pgCfQu11
/DLxLVgiXMDKE6AM7tqe0wY=
=vttG
-END PGP SIGNATURE-


---End Message---

Bug#494265: Possible patch

2008-08-11 Thread Tomasz Mrugalski


On Mon, 11 Aug 2008 somebody known as Jurij Smakov wrote:


Hi,

The line invoking ucf in the postinst looks like that:

test -f /usr/bin/ucf  ucf ${CONFFILE_NEW} ${CONFFILE} /dev/tty

Now, I don't know why you would want to get it read from /dev/tty, as
far as I can tell, ucf does not read anything from stdin, so this is
pretty redundant. However, once I removed this redirect, it was still
hanging. Eventually I traced the problem to the fact that ucf uses
debconf, I can't fully understand what's happening there, but it
turned out that moving db_stop, placing it *after* ucf invocation
fixes the problem. I guess that once we stop debconf in the script
(with db_stop) and then ucf tries to start it up again, something goes
wrong with file descriptors. The candidate patch which fixes the issue
is attached, however I'm reluctant to declare it a proper fix without
understanding what's really going on, hence I'm not tagging it.
Thanks for investigating this issue. Although I'm maintainer of this 
package, my defconf and ucf understanding is rather limited (I'm upstream 
author, so I eneded up as maintainer of bunch of other packages: for 
Gentoo, OpenWRT etc).


Whould it be possible to get rid of the ucf completely?
dibbler-client.postinst could generate new version (and rename 
old one) without any ucf invocation. As I understand it, the only 
flaw would be that this backed up file would not be marked as config. file 
for dibbler-client.


Regards,
--
Tomasz Mrugalski,  | We all know Linux is great...it does|
thomson(at)klub(dot)com(dot)pl |  infinite loops in 5 seconds.   |
   |   Linus Torvalds |




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: reassign 494532 to partman base

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 reassign 494532 partman-base
Bug#494532: lenny di-2 on dell optiplex 755 fail disk detection
Bug reassigned from package `installation-reports' to `partman-base'.

 severity 494532 serious
Bug#494532: lenny di-2 on dell optiplex 755 fail disk detection
Severity set to `serious' from `important'

 retitle  494532 depends on non-existing library libparted1.7-udeb in lenny
Bug#494532: lenny di-2 on dell optiplex 755 fail disk detection
Changed Bug title to `depends on non-existing library libparted1.7-udeb in 
lenny' from `lenny di-2 on dell optiplex 755 fail disk detection'.

 Thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#488696: Fixing 488696

2008-08-11 Thread Jurij Smakov

On Mon, Aug 11, 2008 at 06:53:17AM +0200, Gudjon I. Gudjonsson wrote:
 Hi Juri and Wesley
  Are there any plans to fix bug 488696? The comedi-source package is
  now affected by a freeze, so the chances to get a fix in are quickly
  diminishing with time. Please let me know if you would like me or
  someone else to prepare an NMU, if you don't have the time to do it.
 There is a version -2 at mentors.debian.net and Wesley will hopefully upload 
 it next week.
 I added dependency on libtool 2.0 since the package doesn't compile with 
 the experimental libtool package (version 2.2). However, I fixed the support 
 for rtai but found out to my surprise that rtai is only compiled for arm and 
 i386.
 Should I make a version only with the libtool dependency and then add the 
 rtai support later or should I keep the package as it is with the problems of 
 unmet dependencies on most architectures? I have already asked the maintainer 
 of rtai to add support for some more architectures.

Hi,

Your package is affected by a freeze, so most likely the release team 
will only allow the new package into testing if it contains very 
conservative set of changes, fixing only the failure to build, 
described in the RC bug. I'd suggest to only keep these changes in the 
next upload, to maximize the chances to get it into testing.

I'm re-adding CC to the bug so that this discussion will not get lost.

Cheers.
-- 
Jurij Smakov   [EMAIL PROTECTED]
Key: http://www.wooyd.org/pgpkey/  KeyID: C99E03CC



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#488082: marked as done (cxref: Install preconfiguration fails)

2008-08-11 Thread Debian Bug Tracking System


Your message dated Mon, 11 Aug 2008 15:46:59 +0100
with message-id [EMAIL PROTECTED]
and subject line Re: Bug#488082: Unable to reproduce
has caused the Debian Bug report #488082,
regarding cxref: Install preconfiguration fails
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
488082: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488082
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
---BeginMessage---
Package: cxref
Version: 1.6a-1.2
Severity: grave
Justification: renders package unusable

aptitude install cxref
Reading package lists... Done
Building dependency tree   
Reading state information... Done
Reading extended state information   
Initializing package states... Done
Reading task descriptions... Done  
The following NEW packages will be installed:
  cxref 
  0 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
  Need to get 0B/392kB of archives. After unpacking 1057kB will be used.
  Writing extended state information... Done
  Preconfiguring packages ...
  Can't exec /tmp/cxref.config.119531: Permission denied at 
/usr/share/perl/5.10/IPC/Open3.pm line 168.
  open2: exec of /tmp/cxref.config.119531 configure  failed at 
/usr/share/perl5/Debconf/ConfModule.pm line 59
  cxref failed to preconfigure, with exit status 255
  Selecting previously deselected package cxref.
  (Reading database ... 120336 files and directories currently installed.)
  Unpacking cxref (from .../cxref_1.6a-1.2_i386.deb) ...
  Processing triggers for man-db ...
  Setting up cxref (1.6a-1.2) ...
  Reading package lists... Done 
  Building dependency tree   
  Reading state information... Done
  Reading extended state information   
  Initializing package states... Done
  Writing extended state information... Done
  Reading task descriptions... Done 
  
Attempts to use renders:

cxref krx81.c
Warning: cxref-cpp needs to be reconfigured against your latest gcc/cpp
   Please run 'dpkg-reconfigure cxref' as root.
   cxref: The preprocessor exited abnormally on 'krx81.c'
   
After running 'dpkg-reconfigure cxref' a dialog appears and asks if the package 
should automatically be configured,
answered 'Yes', dialog ended.  Ran the above cxref command and got the same 
results.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.24 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages cxref depends on:
ii  debconf [debconf-2.0] 1.5.22 Debian configuration management sy
ii  gcc   4:4.3.1-1  The GNU C compiler
ii  libc6 2.7-10 GNU C Library: Shared libraries

cxref recommends no packages.

-- debconf information:
  cxref/cxref-cpp-autoconf:


---End Message---
---BeginMessage---
I'm closing this bug, please not that keeping /tmp mounted with noexec 
will cause future installation failures for you (namely, all packages 
with config maintainer scripts will fail, as they are extracted to 
/tmp and run from there).

Cheers.

On Sun, Aug 10, 2008 at 10:06:55PM -0700, Dominique Brazziel wrote:
 Yes, I have /tmp mounted with 'noexec' to prevent
 executables being run directly from that partition.
 You can close this I guess but I'm keeping the noexec
 on /tmp.  Thanks.
 
 --- Jurij Smakov [EMAIL PROTECTED] wrote:
 
  tags 488082 unreproducible
  thanks
  
  Hi,
  
  I've tried reproducing this bug and the package
  installed just fine 
  for me (and for some other people who I asked to
  check). Can you 
  please verify that you do not have the /tmp
  partition mounted with 
  noexec option (post the output of 'mount' command if
  in doubt). 
  
  Thanks.
  -- 
  Jurij Smakov
[EMAIL PROTECTED]
  Key: http://www.wooyd.org/pgpkey/   
KeyID: C99E03CC
  
  
  

-- 
Jurij Smakov   [EMAIL PROTECTED]
Key: http://www.wooyd.org/pgpkey/  KeyID: C99E03CC

---End Message---

Processed: Re: kqemu-source - Fails with ARCH=x86

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 severity 494479 important
Bug#494479: kqemu-source - Fails with ARCH=x86
Severity set to `important' from `serious'

 thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494479: kqemu-source - Fails with ARCH=x86

2008-08-11 Thread Daniel Baumann

severity 494479 important
thanks

...current patches breaks m-a.

-- 
Address:Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist
Email:  [EMAIL PROTECTED]
Internet:   http://people.panthera-systems.net/~daniel-baumann/



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494700: warzone2100: Package build scripts continues even after build errors occurred

2008-08-11 Thread Giel van Schijndel

Package: warzone2100
Version: 2.1.0~2.svn5088-0
Severity: serious
Tags: patch
Justification: no longer builds from source

Due to the way how the build process is invoked using make the build
script (debian/rules) continues building even after a build error
occurred. Specifically the problem is that make is called manually on
all subdirectories without checking its return value. This happens in
the build-stamp and install rules.

Attached patch fixes this problem by explicitly terminating with a
non-zero return value (exit 1) as soon as a build error occurs.


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.25-2-amd64 (SMP w/1 CPU core)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages warzone2100 depends on:
ii  libc6  2.7-13GNU C Library: Shared libraries
ii  libgcc11:4.3.1-2 GCC support library
ii  libgl1-mesa-glx [libgl 7.0.3-5   A free implementation of the OpenG
ii  libglc00.7.1-2   QuesoGLC GLC implementation
ii  libglu1-mesa [libglu1] 7.0.3-5   The OpenGL utility library (GLU)
ii  libogg01.1.3-4   Ogg Bitstream Library
ii  libopenal0a1:0.0.8-8 OpenAL is a portable library for 3
ii  libphysfs-1.0-01.0.0-5   filesystem abstraction library for
ii  libpng12-0 1.2.27-1  PNG library - runtime
ii  libpopt0   1.14-4lib for parsing cmdline parameters
ii  libsdl-net1.2  1.2.7-2   network library for Simple DirectM
ii  libsdl1.2debian1.2.13-2  Simple DirectMedia Layer
ii  libstdc++6 4.3.1-2   The GNU Standard C++ Library v3
ii  libvorbis0a1.2.0.dfsg-3.1The Vorbis General Audio Compressi
ii  libvorbisfile3 1.2.0.dfsg-3.1The Vorbis General Audio Compressi
ii  libx11-6   2:1.1.4-2 X11 client-side library
ii  ttf-dejavu 2.25-1Metapackage to pull in ttf-dejavu-
ii  warzone2100-data   2.1.0~2.svn5088-0 data files for warzone2100

warzone2100 recommends no packages.

warzone2100 suggests no packages.

-- no debconf information
Index: debian/rules
===
--- debian/rules	(revision 7915)
+++ debian/rules	(working copy)
@@ -56,7 +56,7 @@
 build-stamp: config.status
 	dh_testdir
 	for d in $(SUBDIRS) ; do \
-		$(MAKE) -C $$d ; \
+		$(MAKE) -C $$d || exit 1 ; \
 	done 
 	touch $@
 # -
@@ -111,7 +111,7 @@
 	dh_testroot -a
 	dh_clean -k -a
 	for d in $(SUBDIRS) ; do \
-		$(MAKE) -C $$d install DESTDIR=$(CURDIR)/debian/tmp ; \
+		$(MAKE) -C $$d install DESTDIR=$(CURDIR)/debian/tmp || exit 1 ; \
 	done
 	rm -rf debian/tmp/usr/share/doc/warzone2100
 # -

Bug#479950: java-gcj: java alternative overwritten

2008-08-11 Thread Matthias Klose

tag 479950 + wontfix
thanks

if these are still overwritten, then update-alternatives should offer
a mode to update/add/remove slave links without changing the
alternative.

related bugs filed on dpkg might be 342566 and 388313.




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: Re: java-gcj: java alternative overwritten

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 tag 479950 + wontfix
Bug#479950: java-gcj: java alternative overwritten
Tags were: moreinfo
Tags added: wontfix

 thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494702: python-pgm: installation fails due to unmet dependency libpigment0.3-4

2008-08-11 Thread ChrDr

Package: python-pgm
Version: 0.3.4-1
Severity: grave
Justification: renders package unusable

On a sidux system, trying 'apt-get install elisa' I got unmet
dependencies. Hunting down the problem I discovered that the package
'python-pgm' could not be installed because it depends on
libpigment0.3-4, which is not present in Debian sid.

Christoph

-- System Information:
Debian Release: lenny/sid
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-0.slh.8-sidux-amd64 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#432195: vgrabbj: freetype1 deprecation

2008-08-11 Thread Petter Reinholdtsen

[Michael Janssen]
 This sounds like a good solution for now.  I'll implement the patch
 tonight and upload a new version of vgrabbj.  I don't like taking
 features away, but holding things out of testing is another story.

Your upload did not make it to the archive yet.  Any news?  Perhaps an
NMU to solve this issue?

Happy hacking,
-- 
Petter Reinholdtsen



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 490351

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 tags 490351 - pending
Bug#490351: subcommander: FTBFS: ld: cannot find -lsvn_ra_dav-1
Tags were: pending patch
Tags removed: pending


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 490241

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 tags 490241 + help
Bug#490241: FTBFS on hppa
There were no tags set.
Tags added: help


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494711: FTBFS (libprojectm_1.2.0-1/hppa): /usr/bin/ld: cannot find -lSM

2008-08-11 Thread Philipp Kern

Package: libprojectm
Version: 1.2.0-1
Severity: serious

Automatic build of libprojectm_1.2.0-1 on peri by sbuild/hppa 98
Build started at 20080725-1557
**
Checking available source versions...
Fetching source files...
Reading package lists...
Building dependency tree...
Need to get 965kB of source archives.
Get:1 http://incoming.debian.org sid/main libprojectm 1.2.0-1 (dsc) [1242B]
Get:2 http://incoming.debian.org sid/main libprojectm 1.2.0-1 (tar) [957kB]
Get:3 http://incoming.debian.org sid/main libprojectm 1.2.0-1 (diff) [6161B]
Fetched 965kB in 0s (1070kB/s)
Download complete and in download only mode
** Using build dependencies supplied by package:
Build-Depends: debhelper (= 7.0.0), libglew-dev, libgl1-mesa-dev | libgl-dev, 
libglu1-mesa-dev | libglu-dev, libx11-dev, libice-dev, pkg-config, cmake, 
ftgl-dev, dpatch
[...]
[100%] Building C object CMakeFiles/projectM.dir/stb_image_aug.o
Linking CXX shared library libprojectM.so
/usr/bin/ld: cannot find -lSM
collect2: ld returned 1 exit status
make[3]: *** [libprojectM.so.2.00] Error 1
make[3]: Leaving directory `/build/buildd/libprojectm-1.2.0'
make[2]: *** [CMakeFiles/projectM.dir/all] Error 2
make[2]: Leaving directory `/build/buildd/libprojectm-1.2.0'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/build/buildd/libprojectm-1.2.0'
make: *** [build-stamp] Error 2
dpkg-buildpackage: failure: debian/rules build gave error exit status 2

Full build log available on 
http://buildd.debian.org/fetch.cgi?pkg=libprojectmarch=hppaver=1.2.0-1stamp=1217001671file=logas=raw



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

2008-08-11 Thread Christian Perrier

Quoting Sven Dowideit ([EMAIL PROTECTED]):
 ah, good find.
 
 Ardo and Christian,
 
 If I make an update to the 4.1.2 package, fixing this, and a couple of
 other issues that I've been told about in the next 48 days, would one of
 you be willing to upload it for me so it gets into Lenny?


For the couple of other issues, I suggest you talk with the release
team to check with them if they fit the freeze exceptions guidelines.



signature.asc
Description: Digital signature

Bug#492947: Info received (updates on bug)

2008-08-11 Thread Alexander Vodomerov

Bug appeared to be more complicated. However, KDE folks fixed it in
upstream SVN, see http://bugs.kde.org/show_bug.cgi?id=168668 for more
details.
Can you please cherry-pick this commits and rebuild
kdebase-workspace-bin package?



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494532: lenny di-2 on dell optiplex 755 fail disk detection

2008-08-11 Thread Otavio Salvador

Stefan Alfredsson [EMAIL PROTECTED] writes:

 Ok - the drive is actually detected in d-i-2. I can do manual partitioning
 in the console with fdisk /dev/sda1.

 However, the installer fails at the step [!] Detect disks, and asks me
 to choose a driver for the disk chipset.

 If I continue by ignoring the drive, and try to partition, the installer
 log on Alt-F4 says libparted1.7-udeb does not exist.

 This seems to be from a dependency from partman-base. According to
 http://packages.debian.org/lenny/partman-base
 it depends on libparted1.7-udeb, and notes that the package is missing
 from lenny.

 Either partman-base should be updated to use libparted1.8-udeb, or
 libparted1.7-udeb should be put back in lenny (it exists in both etch and
 sid, so why was it removed from lenny? sid has both versions).

 I'll reassign this bug to partman-base, as this seems to be (atleast part
 of) the problem.

Yes, this was my fault to not warn about the need of old udeb to be
kept available until we get newer partman-base in testing. I'm
handling the issue right now.

-- 
O T A V I OS A L V A D O R
-
 E-mail: [EMAIL PROTECTED]  UIN: 5906116
 GNU/Linux User: 239058 GPG ID: 49A5F855
 Home Page: http://otavio.ossystems.com.br
-
Microsoft sells you Windows ... Linux gives
 you the whole house.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#492533: marked as done (Uninstallable due to dependency on libdc1394-13-dev (direct) and libdc1394-22-dev (indirect))

2008-08-11 Thread Debian Bug Tracking System


Your message dated Mon, 11 Aug 2008 17:02:13 +
with message-id [EMAIL PROTECTED]
and subject line Bug#492533: fixed in player 2.0.4-3.3
has caused the Debian Bug report #492533,
regarding Uninstallable due to dependency on libdc1394-13-dev (direct) and 
libdc1394-22-dev (indirect)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
492533: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492533
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
---BeginMessage---
Package: libplayerdrivers2-dev
Version: 2.0.4-3.2
Severity: serious

Hi

Your package is not installable as it depends on libdc1394-13-dev while
it also depends indirectly on libdc1394-22-dev.

Please consider changing the dependency to libdc1394-dev.

Cheers

Luk


---End Message---
---BeginMessage---
Source: player
Source-Version: 2.0.4-3.3

We believe that the bug you reported is fixed in the latest version of
player, which is due to be installed in the Debian FTP archive:

liblodo0-dev_2.0.4-3.3_i386.deb
  to pool/main/p/player/liblodo0-dev_2.0.4-3.3_i386.deb
liblodo0_2.0.4-3.3_i386.deb
  to pool/main/p/player/liblodo0_2.0.4-3.3_i386.deb
libplayerc++2-dev_2.0.4-3.3_i386.deb
  to pool/main/p/player/libplayerc++2-dev_2.0.4-3.3_i386.deb
libplayerc++2_2.0.4-3.3_i386.deb
  to pool/main/p/player/libplayerc++2_2.0.4-3.3_i386.deb
libplayerc2-dev_2.0.4-3.3_i386.deb
  to pool/main/p/player/libplayerc2-dev_2.0.4-3.3_i386.deb
libplayerc2_2.0.4-3.3_i386.deb
  to pool/main/p/player/libplayerc2_2.0.4-3.3_i386.deb
libplayercore2-dev_2.0.4-3.3_i386.deb
  to pool/main/p/player/libplayercore2-dev_2.0.4-3.3_i386.deb
libplayercore2_2.0.4-3.3_i386.deb
  to pool/main/p/player/libplayercore2_2.0.4-3.3_i386.deb
libplayerdrivers2-dev_2.0.4-3.3_i386.deb
  to pool/main/p/player/libplayerdrivers2-dev_2.0.4-3.3_i386.deb
libplayerdrivers2_2.0.4-3.3_i386.deb
  to pool/main/p/player/libplayerdrivers2_2.0.4-3.3_i386.deb
libplayererror2-dev_2.0.4-3.3_i386.deb
  to pool/main/p/player/libplayererror2-dev_2.0.4-3.3_i386.deb
libplayererror2_2.0.4-3.3_i386.deb
  to pool/main/p/player/libplayererror2_2.0.4-3.3_i386.deb
libplayerjpeg2-dev_2.0.4-3.3_i386.deb
  to pool/main/p/player/libplayerjpeg2-dev_2.0.4-3.3_i386.deb
libplayerjpeg2_2.0.4-3.3_i386.deb
  to pool/main/p/player/libplayerjpeg2_2.0.4-3.3_i386.deb
libplayertcp2-dev_2.0.4-3.3_i386.deb
  to pool/main/p/player/libplayertcp2-dev_2.0.4-3.3_i386.deb
libplayertcp2_2.0.4-3.3_i386.deb
  to pool/main/p/player/libplayertcp2_2.0.4-3.3_i386.deb
libplayerxdr2-dev_2.0.4-3.3_i386.deb
  to pool/main/p/player/libplayerxdr2-dev_2.0.4-3.3_i386.deb
libplayerxdr2_2.0.4-3.3_i386.deb
  to pool/main/p/player/libplayerxdr2_2.0.4-3.3_i386.deb
libpmap0-dev_2.0.4-3.3_i386.deb
  to pool/main/p/player/libpmap0-dev_2.0.4-3.3_i386.deb
libpmap0_2.0.4-3.3_i386.deb
  to pool/main/p/player/libpmap0_2.0.4-3.3_i386.deb
player_2.0.4-3.3.diff.gz
  to pool/main/p/player/player_2.0.4-3.3.diff.gz
player_2.0.4-3.3.dsc
  to pool/main/p/player/player_2.0.4-3.3.dsc
python-playerc_2.0.4-3.3_i386.deb
  to pool/main/p/player/python-playerc_2.0.4-3.3_i386.deb
robot-player-dev_2.0.4-3.3_all.deb
  to pool/main/p/player/robot-player-dev_2.0.4-3.3_all.deb
robot-player-doc_2.0.4-3.3_all.deb
  to pool/main/p/player/robot-player-doc_2.0.4-3.3_all.deb
robot-player_2.0.4-3.3_i386.deb
  to pool/main/p/player/robot-player_2.0.4-3.3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Petter Reinholdtsen [EMAIL PROTECTED] (supplier of updated player package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 11 Aug 2008 17:25:17 +0200
Source: player
Binary: robot-player robot-player-doc robot-player-dev libplayererror2 
libplayererror2-dev libplayercore2 libplayercore2-dev libplayertcp2 
libplayertcp2-dev libplayerxdr2 libplayerxdr2-dev libplayerc2 libplayerc2-dev 
libplayerc++2 libplayerc++2-dev libplayerdrivers2 libplayerdrivers2-dev 
libplayerjpeg2 libplayerjpeg2-dev python-playerc libpmap0 libpmap0-dev liblodo0 
liblodo0-dev
Architecture: source i386 all
Version: 2.0.4-3.3
Distribution: unstable
Urgency: low
Maintainer: Michael Janssen [EMAIL PROTECTED]
Changed-By: Petter Reinholdtsen [EMAIL PROTECTED]
Description:

Bug#494265: Possible patch

2008-08-11 Thread Jurij Smakov

On Mon, Aug 11, 2008 at 04:09:25PM +0200, Tomasz Mrugalski wrote:
 Thanks for investigating this issue. Although I'm maintainer of this  
 package, my defconf and ucf understanding is rather limited (I'm upstream 
 author, so I eneded up as maintainer of bunch of other packages: for  
 Gentoo, OpenWRT etc).

 Whould it be possible to get rid of the ucf completely?
 dibbler-client.postinst could generate new version (and rename old one) 
 without any ucf invocation. As I understand it, the only flaw would be 
 that this backed up file would not be marked as config. file for 
 dibbler-client.

No, you definitely want to use ucf, because if you will ever change 
the default config file created by the package, and the existing 
config file will have local modification, ucf will prompt user to 
choose what (s)he wants to do: install the new version or keep the 
existing version.

I've asked Joey Hess (debconf author) about it, and he said that if 
you have db_stop before invoking ucf, then ucf will not be able to 
start debconf after that, and that will cause a hang we see. Please go 
ahead and prepare a new release using my patch, and I can sponsor it, 
if needed.

Cheers.
-- 
Jurij Smakov   [EMAIL PROTECTED]
Key: http://www.wooyd.org/pgpkey/  KeyID: C99E03CC



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#362288: marked as done (xzgv: exploitable buffer overflow with crafted JPEG images [CVE-2006-1060])

2008-08-11 Thread Debian Bug Tracking System


Your message dated Mon, 11 Aug 2008 19:28:23 +0200
with message-id [EMAIL PROTECTED]
and subject line Closing old security bug with versioning
has caused the Debian Bug report #362288,
regarding xzgv: exploitable buffer overflow with crafted JPEG images 
[CVE-2006-1060]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
362288: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=362288
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
---BeginMessage---
Package: xzgv
Version: 0.8-5
Severity: grave
Tags: security patch

Hi,

recently an exploitable buffer overflow was discovered in xzgv, please
see here for some details and some further URLs:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1060

Please mention the CVE number in the changelog when you fix this to
ease tracking.

I attach a test case jpg, and the patch from upstream.

Thank you!

Martin
-- 
Martin Pitthttp://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?
--- xzgv-0.8-patched/src/readjpeg.c Tue Mar 21 12:16:07 2006
+++ xzgv/src/readjpeg.c Wed Sep 21 21:15:01 2005
@@ -179,11 +179,13 @@
 static int have_image;
 static int width,height;
 static unsigned char *image;
+static int cmyk;
 unsigned char *ptr,*ptr2;
 int chkw,chkh;
 int f,rec;
 static int greyscale;  /* static to satisfy gcc -Wall */
 
+cmyk=0;
 greyscale=0;
 
 lineptrs=NULL;
@@ -225,6 +227,15 @@
   greyscale=1;
   }
 
+if(cinfo.jpeg_color_space==JCS_CMYK)
+  cmyk=1;
+
+if(cinfo.jpeg_color_space==JCS_YCCK)
+  {
+  cmyk=1;
+  cinfo.out_color_space=JCS_CMYK;
+  }
+
 *wp=width=cinfo.image_width;
 *hp=height=cinfo.image_height;
 
@@ -266,7 +277,7 @@
 /* this one shouldn't hurt */
 cinfo.do_block_smoothing=FALSE;
 
-if(WH_BAD(width,height) || (*imagep=image=malloc(width*height*3))==NULL)
+if(WH_BAD(width,height) || (*imagep=image=malloc(width*(height+cmyk)*3))==NULL)
   longjmp(jerr.setjmp_buffer,1);
 
 jpeg_start_decompress(cinfo);
@@ -279,12 +290,33 @@
 for(f=0;fheight;f++,ptr+=width*3)
   lineptrs[f]=ptr;
 
-rec=cinfo.rec_outbuf_height;
-while(cinfo.output_scanlineheight)
+if(!cmyk)
   {
-  f=height-cinfo.output_scanline;
-  jpeg_read_scanlines(cinfo,lineptrs+cinfo.output_scanline,
-  frec?rec:f);
+  rec=cinfo.rec_outbuf_height;
+  while(cinfo.output_scanlineheight)
+{
+f=height-cinfo.output_scanline;
+jpeg_read_scanlines(cinfo,lineptrs+cinfo.output_scanline,
+frec?rec:f);
+}
+  }
+else   /* cmyk output */
+  {
+  int tmp;
+
+  ptr=image;
+  while(cinfo.output_scanlineheight)
+{
+jpeg_read_scanlines(cinfo,ptr,1);
+ptr2=ptr;
+for(f=0;fwidth;f++,ptr+=3,ptr2+=4)
+  {
+  tmp=ptr2[3];
+  ptr[0]=(tmp*ptr2[0])/255;
+  ptr[1]=(tmp*ptr2[1])/255;
+  ptr[2]=(tmp*ptr2[2])/255;
+  }
+}
   }
 
 free(lineptrs);
attachment: xzgv.CVE-2006-1060.jpg

signature.asc
Description: Digital signature
---End Message---
---BeginMessage---
Version: 0.8-5.1

---End Message---

Processed: Re: Bug#477140: nozomi-source: Oops loading the module

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 reassign 477140 ftp.debian.org
Bug#477140: nozomi-source: Oops loading the module
Bug reassigned from package `nozomi-source' to `ftp.debian.org'.

 retitle 477140 RM: nozomi-source -- Obsolete, has been merged into mainline 
 kernel
Bug#477140: nozomi-source: Oops loading the module
Changed Bug title to `RM: nozomi-source -- Obsolete, has been merged into 
mainline kernel' from `nozomi-source: Oops loading the module'.

 severity 477140 normal
Bug#477140: RM: nozomi-source -- Obsolete, has been merged into mainline kernel
Severity set to `normal' from `grave'

 thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#377049: marked as done (gimp: Buffer overrun in XCF reading code)

2008-08-11 Thread Debian Bug Tracking System


Your message dated Mon, 11 Aug 2008 19:28:18 +0200
with message-id [EMAIL PROTECTED]
and subject line Closing old security bug with versioning
has caused the Debian Bug report #377049,
regarding gimp: Buffer overrun in XCF reading code
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
377049: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377049
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
---BeginMessage---
Package: gimp
Version: 2.2.6-1
Severity: grave
Tags: security patch
Justification: user security hole

I have reported this bug privately to the maintainer and the security
team, but it turns out that the upstream developers have no way of
reporting security bugs privately, so it is hereby in the open. It
is #346742 in the upstream bug tracking system.

The problem is in the function xcf_load_vector() in app/xcf/xcf-load.c
of the source tree. For each stroke being read, the code reads an
uint32 from the XCF file into the variable num_axes, and then for each
control proint of the stroke reads num_axes floats from the file into
the stack-allocated array coords whose size is hard-coded as 6.

A malicious XCF file creater could write a large number into the
num_axes position and trick the XCF reader into overwriting part of
the stack with raw data read from the file. On little-endian systems,
the function xcf_read_float() that actually reads the floats does a
byte-order conversion on the data it reads but does not do any special
float processing, so an attacker has direct control of the data
written to the stack.

I have not attempted to construct an working exploit (though I did
verify being able to crash Gimp with a naively patched image file),
but there seems to be no reason why the overrun could not be used to
mount a standard arbitrary code execution attack if one can get the
victim to try to load an appropriately crafted image file.

The attack is in the VECTORS property of an XCF file which pure XCF
_viewers_ (e.g. imagemagick or xcftools) normally skip without
parsing.  Thus an attack file can easily be written such that the
image will display correctly with no symptoms at all in a viewer
application.

The same bug appears in the unstable (2.2.11) and experimental (2.3.9)
versions, as well as the upsteam CVS head.

The attached patch should fix it (more gracefully than the one in my
earlier private report).
diff -rU6 gimp-2.2.6/app/xcf/xcf-load.c gimp-2.2.6.new/app/xcf/xcf-load.c
--- gimp-2.2.6/app/xcf/xcf-load.c   2004-11-03 12:50:37.0 +0100
+++ gimp-2.2.6.new/app/xcf/xcf-load.c   2006-07-06 12:27:33.982404488 +0200
@@ -1658,12 +1658,18 @@
   xcf_seek_pos (info,
 info-cp + 4 * num_axes * num_control_points,
 NULL);
   continue;
 }
 
+  if (num_axes  2 || num_axes  6)
+{
+  g_printerr (bad number of axes in stroke description\n);
+  return FALSE;
+}
+
   control_points = g_value_array_new (num_control_points);
 
   anchor.selected = FALSE;
 
   for (j = 0; j  num_control_points; j++)
 {
---End Message---
---BeginMessage---
Version: 2.2.12-1

---End Message---

Bug#477140: nozomi-source: Oops loading the module

2008-08-11 Thread Moritz Muehlenhoff

reassign 477140 ftp.debian.org
retitle 477140 RM: nozomi-source -- Obsolete, has been merged into mainline 
kernel
severity 477140 normal
thanks

Michael Prokop wrote:
 * Moritz Muehlenhoff [EMAIL PROTECTED] [20080807 22:48]:
  Michael Prokop wrote:
   * Frederik Schueler [EMAIL PROTECTED] [20080428 17:50]:
 
2.6.25-trunk-amd64 works:
 
   I guess you are using 2.6.26[-1-amd64] already?
   I assume the nozomi issue is resolved for you with the kernel
   targeted for Lenny as well? If so I'd close this bugreport.
 
  If the regular in-tree driver works, while the one from the seperate
  nozomi fails to compile, we should remove nozomi-source altogether.
 
 Yes, that was and still is my plan. :)

Ok, reassigning the bug to ftp.debian.org, then.
 
Cheers,
Moritz



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#492084: atitvout: should this package be removed?

2008-08-11 Thread Moritz Muehlenhoff

On Wed, Jul 23, 2008 at 07:40:01PM +0200, Philippe Coval wrote:
 Hi,
 I'll try to fix this bug, see comments bellow
 
  * Fairly low popcon.
 242
  * Upstream has been dead since 2004.
 yes but It worked as expected since
  * RC Buggy.
 I'll see If I can find a workaround,
 actually the problem is not in ativout itself but in lrmi
 which is also noticed in
 http://bugs.debian.org/490746
 
 BTW, would it be a good idea to package lrmi appart ?
 
  * Functionality exists in GATOS and probably now Xorg directly.
 I am not sure it works on all gfx adapters see :
 http://bugs.debian.org/481748
 
 
  If you think that it should be orphaned instead of being removed from
  Debian, please reply to this bug and tell so.
 Orphaned? I just adopted it
  If you disagree and want to continue to maintain this package, please
  just close this bug and do an upload also fixing the other issues.
 I'll try to have a look at it before summer vacations , so I let the bug
 open untill a next release

I think you can just as well close it right now, the FBTFS bug report
was invalid, atitvout has users and you're maintaining it, so I don't
see any reason to have it orphaned, it's certainly not a RC problem.

Cheers,
Moritz






-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494719: kernel-patch-badram: Doesn't apply to Lenny release kernek

2008-08-11 Thread Moritz Muehlenhoff

Package: kernel-patch-badram
Severity: grave
Justification: renders package unusable

kernel-patch-badram is only available for kernels up to 2.6.23
and doesn't apply against later kernels due to the x86 arch
unification. It should be updated to 2.6.26.

Cheers,
Moritz

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494720: linux-patch-gcov: Doesn't apply to Lenny release kernel

2008-08-11 Thread Moritz Muehlenhoff

Package: linux-patch-gcov
Severity: grave
Justification: renders package unusable

This packages only provides a patch for kernels up to 2.6.18,
the patch included doesn't apply to current kernels anymore.
Please the patch update to 2.6.26.

Cheers,
Moritz

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#494721: linux-patch-skas: Doesn't apply against Lenny release kernel

2008-08-11 Thread Moritz Muehlenhoff

Package: linux-patch-skas
Severity: grave
Justification: renders package unusable

This package only provide a kernel patch up to 2.6.18 and doesn't
apply against later kernels (especially due to the unification
of the x86 architecture).

Cheers,
Moritz

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#493848: marked as done

2008-08-11 Thread Sebastian Moster

Hello Jonas, Marco and Yussuf,

it works now also for me on my amd64. Since it is only a matter of
scripts, I should work on all plattforms, right?

Thank you all for putting things right so rapidly!

Best regards,
Sebastian


Am Montag, den 11.08.2008, 12:27 +0200 schrieb Yusuf Iskenderoglu:
 Hello Jonas,
 
 The newest version is working as expected. Thank you.
 
 Yusuf.
 




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#493488: marked as done (CVE-2008-3459: Remote command execution)

2008-08-11 Thread Debian Bug Tracking System


Your message dated Mon, 11 Aug 2008 18:02:04 +
with message-id [EMAIL PROTECTED]
and subject line Bug#493488: fixed in openvpn 2.1~rc9-1
has caused the Debian Bug report #493488,
regarding CVE-2008-3459: Remote command execution
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
493488: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493488
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
---BeginMessage---
Package: openvpn
Version: 2.1~rc8-1
Tags: security
Severity: grave

| * Security Fix -- affects non-Windows OpenVPN clients running
|OpenVPN 2.1-beta14 through 2.1-rc8 (OpenVPN 2.0.x clients are NOT
|vulnerable nor are any versions of the OpenVPN server vulnerable).
|An OpenVPN client connecting to a malicious or compromised
|server could potentially receive an lladdr or iproute
|configuration directive from the server which could cause arbitrary
|code execution on the client. A successful attack requires that (a)
|the client has agreed to allow the server to push configuration
|directives to it by including pull or the macro client in its
|configuration file, (b) the client successfully authenticates the
|server, (c) the server is malicious or has been compromised and is
|under the control of the attacker, and (d) the client is running a
|non-Windows OS.  Credit: David Wagner.
| 
| * Miscellaneous defensive programming changes to multiple
|areas of the code.  In particular, use of the system() call
|for calling executables such as ifconfig, route, and
|user-defined scripts has been completely revamped in favor
|of execve() on unix and CreateProcess() on Windows.

http://openvpn.net/index.php/documentation/change-log/changelog-21.html

CVE not yet known.


---End Message---
---BeginMessage---
Source: openvpn
Source-Version: 2.1~rc9-1

We believe that the bug you reported is fixed in the latest version of
openvpn, which is due to be installed in the Debian FTP archive:

openvpn_2.1~rc9-1.diff.gz
  to pool/main/o/openvpn/openvpn_2.1~rc9-1.diff.gz
openvpn_2.1~rc9-1.dsc
  to pool/main/o/openvpn/openvpn_2.1~rc9-1.dsc
openvpn_2.1~rc9-1_i386.deb
  to pool/main/o/openvpn/openvpn_2.1~rc9-1_i386.deb
openvpn_2.1~rc9.orig.tar.gz
  to pool/main/o/openvpn/openvpn_2.1~rc9.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alberto Gonzalez Iniesta [EMAIL PROTECTED] (supplier of updated openvpn 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 11 Aug 2008 19:40:11 +0200
Source: openvpn
Binary: openvpn
Architecture: source i386
Version: 2.1~rc9-1
Distribution: unstable
Urgency: high
Maintainer: Alberto Gonzalez Iniesta [EMAIL PROTECTED]
Changed-By: Alberto Gonzalez Iniesta [EMAIL PROTECTED]
Description: 
 openvpn- virtual private network daemon
Closes: 493488
Changes: 
 openvpn (2.1~rc9-1) unstable; urgency=high
 .
   * New upstream version.
   * Urgency high since it fixes a security bug in versions
 2.1-beta14 to 2.1-rc8. CVE-2008-3459. (Closes: #493488)
   * Added sample-scripts/ to examples directory.
   * Thanks Tristan Hill for rewritten debian_openssl_vulnkeys.patch
Checksums-Sha1: 
 0b1cf212d7ecb91bd3aae9d79ed623c156f441c4 1055 openvpn_2.1~rc9-1.dsc
 56b01fd9b2cdd8bd4c2257d91b9b879a6f9db1d8 818716 openvpn_2.1~rc9.orig.tar.gz
 4a5650e24c5df8bfccd81ff5e31565dd5282daf4 80393 openvpn_2.1~rc9-1.diff.gz
 f3f907851f171ce753fd96126d6d409a737eecbf 399642 openvpn_2.1~rc9-1_i386.deb
Checksums-Sha256: 
 eae94f704b161e37d9e2f2332a6af12ea16e039af468805e2ec71171d016136c 1055 
openvpn_2.1~rc9-1.dsc
 f73ec227a5fb7f4c73190e7ae52a59a4db149e8d628f22e8a0a762a58fbb424d 818716 
openvpn_2.1~rc9.orig.tar.gz
 a0c58219854712a6ec22cd49371ccb40d5a4d82c7743d12b4e35ab728dc34612 80393 
openvpn_2.1~rc9-1.diff.gz
 78562eda248efcf97d1eb11dd75a2ad4adc489b1b83ddc8757cdfe7826e9a739 399642 
openvpn_2.1~rc9-1_i386.deb
Files: 
 3f94ba64021aa9b6a66ee6d0ff69b44a 1055 net optional openvpn_2.1~rc9-1.dsc
 f435e4ad43cf4323e942da570bae4951 818716 net optional 
openvpn_2.1~rc9.orig.tar.gz
 d4429356670cff7998d9ea1bd06e4cb7 80393 net optional openvpn_2.1~rc9-1.diff.gz
 2e0ee61cd74b7f6b06bb89fc127824e6 399642 net

Bug#489048: marked as done (fails to build on arm/armel)

2008-08-11 Thread Debian Bug Tracking System


Your message dated Mon, 11 Aug 2008 18:32:06 +
with message-id [EMAIL PROTECTED]
and subject line Bug#489048: fixed in openocd 0.0+r655-1.1
has caused the Debian Bug report #489048,
regarding fails to build on arm/armel
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
489048: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489048
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
---BeginMessage---
Package: openocd
Version: 0.0+r655-1
Severity: serious

See e.g. 
http://buildd.debian.org/fetch.cgi?pkg=openocdver=0.0%2Br655-1arch=armstamp=1214956741file=log:

Making all in helper
make[4]: Entering directory `/tmp/buildd/openocd-0.0+r655/src/helper'
cc -DHAVE_CONFIG_H -I. -I../..  -DPKGDATADIR=\/usr/share/openocd\ 
-DPKGLIBDIR=\/usr/lib/openocd\-g -O2 -g -Wall -O2 -c binarybuffer.c
In file included from log.h:23,
 from binarybuffer.c:28:
replacements.h:30:28: error: pkgconf/system.h: No such file or directory
make[4]: *** [binarybuffer.o] Error 1

Since this part of the code is only enabled if BUILD_ECOSBOARD is defined, it 
only fails on
arm*

Gruesse,
Frank Lichtenheld

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.25-2-686 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash


---End Message---
---BeginMessage---
Source: openocd
Source-Version: 0.0+r655-1.1

We believe that the bug you reported is fixed in the latest version of
openocd, which is due to be installed in the Debian FTP archive:

openocd_0.0+r655-1.1.diff.gz
  to pool/main/o/openocd/openocd_0.0+r655-1.1.diff.gz
openocd_0.0+r655-1.1.dsc
  to pool/main/o/openocd/openocd_0.0+r655-1.1.dsc
openocd_0.0+r655-1.1_armel.deb
  to pool/main/o/openocd/openocd_0.0+r655-1.1_armel.deb
openocd_0.0+r655-1.1_i386.deb
  to pool/main/o/openocd/openocd_0.0+r655-1.1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Riku Voipio [EMAIL PROTECTED] (supplier of updated openocd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 11 Aug 2008 21:09:24 +0300
Source: openocd
Binary: openocd
Architecture: armel i386 source 
Version: 0.0+r655-1.1
Distribution: unstable
Urgency: low
Maintainer: Uwe Hermann [EMAIL PROTECTED]
Changed-By: Riku Voipio [EMAIL PROTECTED]
Closes: 489048
Description:
 openocd- Open on-chip JTAG debug solution for ARM7 and ARM9 systems
Changes:
 openocd (0.0+r655-1.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * disable ecosboard build, closes: #489048
Checksums-Sha1: 
 3438c7f92bf6693f11c93830d1057c40c87f28c6 237427 openocd_0.0+r655-1.1.diff.gz
 3f8346f0dc64287cfb72628e8f55cff28b4cc398 502032 openocd_0.0+r655-1.1_i386.deb
 955bd97b85ab7913dac2437962d0e4ef66ad2058 517700 openocd_0.0+r655-1.1_armel.deb
 1cde4fd1cc908a46f8f05fdb6ee3ea8cc8c77fda 1211 openocd_0.0+r655-1.1.dsc
Checksums-Sha256: 
 24ffbadea8abc23aa742f4e85c372e18272fe4336dd59473e060e92ee6f5ecf0 502032 
openocd_0.0+r655-1.1_i386.deb
 3c615e5ed7ab01a41bb8b942ea12a09d251e65e6ca623e3f292a66d53165d354 237427 
openocd_0.0+r655-1.1.diff.gz
 ebdb33736ba4af98b280f40f2148a4505a2d8ccf929269555e3096aa26f4b3d8 1211 
openocd_0.0+r655-1.1.dsc
 ba90655bf9538c2ed41b69931e77400ba5839db345c6e81b79d9dabdf3cb79ff 517700 
openocd_0.0+r655-1.1_armel.deb
Files: 
 5528d1297014924d0b7ea73cf999f189 517700 embedded extra 
openocd_0.0+r655-1.1_armel.deb
 7e1aeb5bbded909e22e2c964037dbde6 1211 embedded extra openocd_0.0+r655-1.1.dsc
 fbfae7571d5db550448782f1604e5b65 502032 embedded extra 
openocd_0.0+r655-1.1_i386.deb
 fff084a12e15c956b18ab342deacec91 237427 embedded extra 
openocd_0.0+r655-1.1.diff.gz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIoISMibPvMsrqrwMRAowLAJ9iLKKJOCOPGhdluIg6FOXHbPsZewCfXme+
rKewAbjBQdmMImSPrMN9zlw=
=DuYc
-END PGP SIGNATURE-


---End Message---

Bug#494473: severity of 494473 is serious

2008-08-11 Thread Anthony Fok

Dear all,

Thank you all for getting unifont 5.1.20080808-2 uploaded!  Yes, just
as Paul mentioned, I had been very busy with my work and personal
life, and I would have missed the necessary Replaces: line too; thank
you Robert for catching that.  :-)

Cheers,

Anthony



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#492519: fixed in vim 2:7.2c.000-1

2008-08-11 Thread Philipp Kern

Hi James,

On Thu, Aug 07, 2008 at 07:17:07PM +, James Vega wrote:
* runtime/autoload/netrw.vim: Fix deletion of incorrect file in wide 
 display
  listing.  Using Jan Minář's patch from the vim-dev list.  (Closes:
  #492519)

his bug is still open in Lenny.  Do you agree on the serious severity
of this bug?  If so, could the mentioned fix please be backported to
Lenny?

Kind regards,
Philipp Kern


signature.asc
Description: Digital signature

Bug#494340: fslview: FTBFS in lenny: CMake errors

2008-08-11 Thread Michael Hanke

Hi,

On Mon, Aug 11, 2008 at 02:40:09PM +0200, Michael Hanke wrote:
 
 On Mon, Aug 11, 2008 at 02:29:21PM +0900, Charles Plessy wrote:
  Le Fri, Aug 08, 2008 at 11:41:56AM -0300, Lucas Nussbaum a écrit :
   
   During a rebuild of all packages in a lenny chroot, your package failed

CMake Error: Error required internal CMake variable not set, cmake may 
be not be built correctly.
Missing variable is:
QT_MOC_EXECUTABLE
CMake Error: Error required internal CMake variable not set, cmake may 
be not be built correctly.
Missing variable is:
QT_UIC_EXECUTABLE
CMake Error: Error required internal CMake variable not set, cmake may 
be not be built correctly.
Missing variable is:
QT_MOC_EXECUTABLE
  
  Bonjour Lucas,
  
  Today I built fslview fine with a Lenny cowbuilder on a powerpc
  platform. What should we do with this bug ?
 I will fix it over the next few days. (Just came back from vacation).
I checked the package and realized that I fixed that long ago:

  fslview (3.0+4.0.2-5) unstable; urgency=low

* Specify Qt3 dev tools explicitly to be compatible with cmake 2.6 and
  add missing include path (Closes: #482209).

   -- Michael Hanke [EMAIL PROTECTED]  Wed, 21 May 2008 19:38:18 +0200


This version is sitting in unstable and I missed that it never made it
into lenny, because it does not build on ARM (stupid me). However, the
reason why it does not build seems to be uic-qt3 segfaulting
(exclusively) on ARM. I'm a little clueless where to start looking for
the bug -- help/ideas is very much appreciated.

http://buildd.debian.org/~jeroen/status/package.php?p=fslview


Thanks,

Michael


-- 
GPG key:  1024D/3144BE0F Michael Hanke
http://apsy.gse.uni-magdeburg.de/hanke
ICQ: 48230050



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#491505: [package varmon] varmon segfaults on Etch i386

2008-08-11 Thread Philipp Kern

Julien,

there is a Release Critical bug filed against your package.
Unfortunately this package (varmon) needs special hardware to test it.
Could you please look if the problem the submitter faces is currently
reproduceable in Lenny?  (The upstream version is the same, though.)

On Sun, Jul 20, 2008 at 12:58:21AM +0200, Christoph Franzen wrote:
 Varmon segfaults almost immediately.
 
 ~# varmon
 
 Scanning for VA safety backplane.
 Please wait a few moments...
 DAC960: Ctrlr 0, PCI 00:0b:01, IRQ 5, Channels 1
 DAC960: Model DAC960PTL1, Firmware 4.08-0-37
 Scanning Controller[0], Channel[0], ID[0]  Segmentation fault

I don't want to pull such specialised packages from testing lightly...

Kind regards,
Philipp Kern



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: fixed 494340 in 3.0+4.0.2-5

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 fixed 494340 3.0+4.0.2-5
Bug#494340: fslview: FTBFS in lenny: CMake errors
Bug marked as fixed in version 3.0+4.0.2-5.


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: fixed 486499 in 0.17.0~rc1-1

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 fixed 486499 0.17.0~rc1-1
Bug#486499: ruby-gnome2: wrong use of DEB_RUBY_LIBDIR
Bug marked as fixed in version 0.17.0~rc1-1.


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: fixed 486499 in ruby-gnome2/0.17.0~rc1-1

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 fixed 486499 ruby-gnome2/0.17.0~rc1-1
Bug#486499: ruby-gnome2: wrong use of DEB_RUBY_LIBDIR
Bug marked as fixed in version ruby-gnome2/0.17.0~rc1-1.


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: notfound 486499 in webgen/0.3.8-2

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 notfound 486499 webgen/0.3.8-2
Bug#486499: ruby-gnome2: wrong use of DEB_RUBY_LIBDIR
Bug no longer marked as found in version webgen/0.3.8-2.


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: reassign 486499 to ruby-gnome2

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 reassign 486499 ruby-gnome2 0.16.0-12
Bug#486499: ruby-gnome2: wrong use of DEB_RUBY_LIBDIR
Bug reassigned from package `webgen' to `ruby-gnome2'.


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: closing 493276

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 close 493276
Bug#493276: [powerpc] segfaults immediately
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug closed, send any further explanations to Peter De Wachter [EMAIL 
PROTECTED]


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: closing 493273

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 close 493273
Bug#493273: [powerpc] segfaults immediately
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug closed, send any further explanations to Peter De Wachter [EMAIL 
PROTECTED]


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: closing 493271

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 close 493271
Bug#493271: [powerpc] segfaults immediately
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug closed, send any further explanations to Peter De Wachter [EMAIL 
PROTECTED]


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: closing 493270

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 close 493270
Bug#493270: [powerpc] segfaults immediately
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug closed, send any further explanations to Peter De Wachter [EMAIL 
PROTECTED]


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: closing 492055

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 close 492055
Bug#492055: [powerpc] segfaults immediately
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug closed, send any further explanations to Pancho Horrillo [EMAIL PROTECTED]


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: closing 493278

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 close 493278
Bug#493278: [powerpc] segfaults immediately
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug closed, send any further explanations to Peter De Wachter [EMAIL 
PROTECTED]


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: closing 493274

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 close 493274
Bug#493274: [powerpc] segfaults immediately
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug closed, send any further explanations to Peter De Wachter [EMAIL 
PROTECTED]


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: closing 493277

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 close 493277
Bug#493277: [powerpc] segfaults immediately
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug closed, send any further explanations to Peter De Wachter [EMAIL 
PROTECTED]


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: closing 493279

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 close 493279
Bug#493279: [powerpc] segfaults immediately
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug closed, send any further explanations to Peter De Wachter [EMAIL 
PROTECTED]


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: closing 493275

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.35
 close 493275
Bug#493275: [powerpc] segfaults immediately
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug closed, send any further explanations to Peter De Wachter [EMAIL 
PROTECTED]


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#485848: Bugs confirmed, thanks

2008-08-11 Thread Mirco Bauer

On Mon, 2008-08-11 at 01:12 -0300, Philipp Kern wrote:
 On Thu, Jun 12, 2008 at 09:08:30PM +0200, Mirco Bauer wrote:
  On Thu, 2008-06-12 at 09:05 +0200, David Paleino wrote:
   Hi Mirco,
   I'm tagging theses bugs so that you know I've acknowledged them :)
   I won't be at home for two days (I'll be back tomorrow night), so I
   don't expect to do any work in this timeframe. Please wait at least
   until Saturday, I believe I'll be able to do something only then.
  No problem, take the time you need, there is no rush...
 
 No actually it is really late now.  The bugs are open since some months
 and need to be acted upon.  Package maintainers are expected to fix
 RC bugs in a timely manner, they must not leave it open for months.
 
 Please act upon them, we are going to release soon.  If not, packages
 might be pulled from testing.

There are no reverse dependency and since we are frozen there will not
be any users of this library for lenny.

 
 Kind regards,
 Philipp Kern
-- 
Regards,

Mirco 'meebey' Bauer

PGP-Key ID: 0xEEF946C8

FOSS Developer[EMAIL PROTECTED]  http://www.meebey.net/
PEAR Developer[EMAIL PROTECTED] http://pear.php.net/
Debian Developer  [EMAIL PROTECTED]  http://www.debian.org/


signature.asc
Description: This is a digitally signed message part

Bug#491984: Potential fixes

2008-08-11 Thread Tim Riker


ProFont has now been removed upstream.

Currently investigating options with Luxi. It's a no-mod license. It is 
more compressed vertically than dejavu varieties. May remove it anyway.


Thanx for the notes.
--
Tim Riker - http://Rikers.org/ - [EMAIL PROTECTED]
Embedded Linux Technologist - http://eLinux.org/
BZFlag maintainer - http://BZFlag.org/ - for fun!
☢ ☛ ¿ǝʇɐɔıʇǝu pooƃ ǝɹnʇɐuƃıs ɹnoʎ uı 8-ɟʇn sı ☚ ☢



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Processed: dealing with some more of the bugs lucas unarchived

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 #bug about putting files in lib64 on amd64 when they should be in lib
 #current lenny/sid version has them correctly in lib
 close 461603 1.3.3.12.dfsg-1
Bug#461603: scribus: FTBFS on amd64: Uses lib64.
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug marked as fixed in version 1.3.3.12.dfsg-1, send any further explanations 
to Kurt Roeckx [EMAIL PROTECTED]

 #FTBFs on i386 with gcc 4.3 bug
 #Current lenny/sid version builds fine in my i386 lenny and sid chroots
 close 474850 1.2-1
Bug#474850: libbuffy: FTBFS: mailfolder/mailbox.cc:82: error: 'strncmp' was not 
declared in this scope
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug marked as fixed in version 1.2-1, send any further explanations to Lucas 
Nussbaum [EMAIL PROTECTED]

 #FTBFS on i386 with dpkg-buildpackage versions that set CFLAGS bug
 #Current lenny/sid version builds fine in my i386 lenny and sid chroots
 close 475985 0.2.7-2
Bug#475985: freepops: FTBFS: popserver.c:766: error: 'PROGRAMNAME' undeclared 
(first use in this function)
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug marked as fixed in version 0.2.7-2, send any further explanations to Lucas 
Nussbaum [EMAIL PROTECTED]

 #Request for change of build dependency from pciutils-dev to libpci-dev
 #current lenny version is the one that closed the bug
 #current sid version has the dependency on libpci-dev
 close 478395 0.8-1
Bug#478395: uswsusp: FTBFS: libpci-dev replaced pciutils-dev
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug marked as fixed in version 0.8-1, send any further explanations to AnÃbal 
Monsalve Salazar [EMAIL PROTECTED]

 #Request for correction to maintainer address
 #Current sid version has the correct address
 close 479500 0.3.0-1
Bug#479500: hippo-canvas: maintainer address bounces (simple typo)
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug marked as fixed in version 0.3.0-1, send any further explanations to Lucas 
Nussbaum [EMAIL PROTECTED]


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#493276: Original bug in gdc fixed; binary rebuilds probably need to be requested for broken powerpc packages

2008-08-11 Thread Philipp Kern

On Sun, Aug 10, 2008 at 11:17:55PM -0300, Philipp Kern wrote:
 On Sun, Aug 10, 2008 at 08:34:04AM -0700, Don Armstrong wrote:
  The original bug which caused all of these blocking bugs has been
  fixed; rebuilds probably need to be requested for all of these
  packages.
 BinNMUs scheduled:
 nmu a7xpg . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: 
 #493270)'
 nmu gunroar . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: 
 #493271)'
 nmu ii-esu . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: 
 #493272)'
 nmu mu-cade . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: 
 #493273)'
 nmu parsec47 . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: 
 #493274)'
 nmu projectl . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: 
 #493275)'
 nmu tatan . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: 
 #493276)'
 nmu titanion . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: 
 #493277)'
 nmu tumiki-fighters . powerpc . -m 'rebuild against an updated gdc-4.1 
 (Closes: #493278)'
 nmu val-and-rick . powerpc . -m 'rebuild against an updated gdc-4.1 (Closes: 
 #493279)'
 nmu torus-trooper . powerpc -m 'rebuild against an updated gdc-4.1 (Closes: 
 #492055)'
 
 The bugs will need to be closed manually, though.

Done so now, as the builds were uploaded.

Kind regards,
Philipp Kern


signature.asc
Description: Digital signature

Bug#493444: i810switch: FTBFS: Missing Build-Depends - intend to NMU

2008-08-11 Thread Evgeni Golov

Hi,

this bug is slightly older than a week, thus I intend to NMU it.
The very small debdiff is attached.
James, do you have any objections (or want to handle this on your own?)

Regards
Evgeni
diff -u i810switch-0.6.5/debian/changelog i810switch-0.6.5/debian/changelog
--- i810switch-0.6.5/debian/changelog
+++ i810switch-0.6.5/debian/changelog
@@ -1,3 +1,11 @@
+i810switch (0.6.5-5.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Build-Depend on dpatch. (Closes: #493444)
+  * Don't export DH_VERBOSE=1 in debian/rules.
+
+ -- Evgeni Golov [EMAIL PROTECTED]  Mon, 11 Aug 2008 21:45:42 +0200
+
 i810switch (0.6.5-5) unstable; urgency=low
 
   * Updated to standards version 3.8.0: no changes.
diff -u i810switch-0.6.5/debian/control i810switch-0.6.5/debian/control
--- i810switch-0.6.5/debian/control
+++ i810switch-0.6.5/debian/control
@@ -2,7 +2,7 @@
 Section: utils
 Priority: optional
 Maintainer: James Bromberger [EMAIL PROTECTED]
-Build-Depends: debhelper ( 4.0.0)
+Build-Depends: debhelper ( 4.0.0), dpatch
 Standards-Version: 3.8.0
 
 Package: i810switch
diff -u i810switch-0.6.5/debian/rules i810switch-0.6.5/debian/rules
--- i810switch-0.6.5/debian/rules
+++ i810switch-0.6.5/debian/rules
@@ -3,7 +3,7 @@
 # GNU copyright 1997 to 1999 by Joey Hess.
 
 # Uncomment this to turn on verbose mode.
-export DH_VERBOSE=1
+#export DH_VERBOSE=1
 
 
 


pgpWVj6EiXF1A.pgp
Description: PGP signature

Processed: tagging 486974

2008-08-11 Thread Debian Bug Tracking System

Processing commands for controlbugs.debian.org:

 # Automatically generated email from bts, devscripts version 2.10.33
 tags 486974 pending
Bug#486974: atlas: FTBFS: Error: symbol `dp2dpGuBLm_N_loop2dpGuBLm' is already 
defined
Tags were: patch
Tags added: pending


End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#492519: fixed in vim 2:7.2c.000-1

2008-08-11 Thread James Vega

On Mon, Aug 11, 2008 at 04:17:57PM -0300, Philipp Kern wrote:
 Hi James,
 
 On Thu, Aug 07, 2008 at 07:17:07PM +, James Vega wrote:
 * runtime/autoload/netrw.vim: Fix deletion of incorrect file in wide 
  display
   listing.  Using Jan Minář's patch from the vim-dev list.  (Closes:
   #492519)
 
 his bug is still open in Lenny.  Do you agree on the serious severity
 of this bug?  If so, could the mentioned fix please be backported to
 Lenny?

I'm a little skeptical about the severity since the user is prompted to
confirm the deletion of the file and the prompt lists the actual file it
is going to delete.

I did want to request a freeze exception for the 7.2 final release
(which I'm working on now) as there were many security-related fixes
made in 7.2 as well as improvements to some of the fixes that are
present in 7.1.314-3.  I realize though that this exception will
probably be met with resistance since it's a new upstream release.

-- 
James
GPG Key: 1024D/61326D40 2003-09-02 James Vega [EMAIL PROTECTED]


signature.asc
Description: Digital signature

Bug#491505: [package varmon] varmon segfaults on Etch i386

2008-08-11 Thread Julien Danjou

At 1218482627 time_t, Philipp Kern wrote:
 there is a Release Critical bug filed against your package.
 Unfortunately this package (varmon) needs special hardware to test it.
 Could you please look if the problem the submitter faces is currently
 reproduceable in Lenny?  (The upstream version is the same, though.)

No, because I don't have the hardware neither.

The etch version already had this problem (segfault) and it was avoided
recompiling with a different -O option to gcc, see #401236.

So I've no clue on how to debug and fix, and lenny may be affected
anyway.

Cheers,
-- 
Julien Danjou
.''`.  Debian Developer
: :' : http://julien.danjou.info
`. `'  http://people.debian.org/~acid
  `-   9A0D 5FD9 EB42 22F6 8974  C95C A462 B51E C2FE E5CD


signature.asc
Description: Digital signature

1 2 >

1 - 100 of 158 matches

Mail list logo